[go: up one dir, main page]

CN101383703A - Dynamic Encryption System and Method Based on Generalized Information Domain - Google Patents

Dynamic Encryption System and Method Based on Generalized Information Domain Download PDF

Info

Publication number
CN101383703A
CN101383703A CNA200810198491XA CN200810198491A CN101383703A CN 101383703 A CN101383703 A CN 101383703A CN A200810198491X A CNA200810198491X A CN A200810198491XA CN 200810198491 A CN200810198491 A CN 200810198491A CN 101383703 A CN101383703 A CN 101383703A
Authority
CN
China
Prior art keywords
key
encryption
module
round
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA200810198491XA
Other languages
Chinese (zh)
Other versions
CN101383703B (en
Inventor
张国基
许洁斌
黎凤鸣
刘清
丁卓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Original Assignee
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT filed Critical South China University of Technology SCUT
Priority to CN200810198491XA priority Critical patent/CN101383703B/en
Publication of CN101383703A publication Critical patent/CN101383703A/en
Application granted granted Critical
Publication of CN101383703B publication Critical patent/CN101383703B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明提供一种基于广义信息域的动态加密系统,包括相连接的基于广义信息域的伪随机码发生器、加解密子系统,该加解密子系统包括加、解密子系统;基于广义信息域的伪随机码发生器包括依次连接的初始地址信息IV生成模块、IV规格化模块、m模块、约束化处理模块、密钥长度判断模块,m模块还与活动背景生成模块相连接,活动背景生成模块包括物理重构模块、逻辑重构模块;加、解密子系统均包括分组系数与轮密钥生成模块、分组模块、位置交换模块、置换运算模块。本发明引入广义信息域,实现密钥安全性问题向广义信息域安全性问题转移,抗常规密码分析能力强。

Figure 200810198491

The present invention provides a dynamic encryption system based on the generalized information domain, which includes a connected pseudo-random code generator based on the generalized information domain, and an encryption and decryption subsystem. The encryption and decryption subsystem includes encryption and decryption subsystems; The pseudo-random code generator includes an initial address information IV generation module, an IV normalization module, an m module, a constraint processing module, and a key length judgment module connected in sequence, and the m module is also connected with the activity background generation module, and the activity background generation module The modules include a physical reconstruction module and a logical reconstruction module; both the encryption and decryption subsystems include a grouping coefficient and round key generation module, a grouping module, a position exchange module, and a replacement operation module. The invention introduces the generalized information domain, realizes the transfer of the security problem of the key to the security problem of the generalized information domain, and has strong resistance to conventional cryptographic analysis.

Figure 200810198491

Description

基于广义信息域的动态加密系统及方法 Dynamic Encryption System and Method Based on Generalized Information Domain

技术领域 technical field

本发明涉及密码学领域,具体涉及基于广义信息域的动态加密系统及方法。The invention relates to the field of cryptography, in particular to a dynamic encryption system and method based on a generalized information domain.

背景技术 Background technique

近年来,计算机网络得到了迅速的发展,被广泛应用于政治、军事、经济以及科学等各个领域,越来越多的信息得到了有效的传输和存储。由于计算机网络的开放性,使信息在传输和存储过程中有可能被盗用,信息的保密性、完整性、可用性和抗抵赖性,都需要采用密码技术来实现。现代高性能的计算机能够自动分析和截获传输的信息,每秒可以搜索数百个底码,从而对信息安全构成严重的威胁。信息领域急切希望拥有更安全、方便、有效的信息保护手段。In recent years, computer network has developed rapidly and is widely used in various fields such as politics, military affairs, economy and science, and more and more information has been effectively transmitted and stored. Due to the openness of the computer network, information may be stolen in the process of transmission and storage, and the confidentiality, integrity, availability and non-repudiation of information all need to be realized by cryptographic technology. Modern high-performance computers can automatically analyze and intercept transmitted information, and can search hundreds of bottom codes per second, thus posing a serious threat to information security. The information field is eager to have more secure, convenient and effective means of information protection.

作为网络安全基础理论之一的密码学引起了人们的极大关注,吸引着越来越多的研究人员投入到密码领域的研究当中;同时由于现实生活中的实际需要以及计算技术的发展变化,密码学的每一个研究领域都出现了许多新的课题、新的方向。例如,AES征集活动使国际密码学兴起了一次分组密码研究的高潮。同时,在公开密钥密码领域,ECC由于其安全性高、计算速度快等优点引起了人们的普遍关注。As one of the basic theories of network security, cryptography has attracted great attention and attracted more and more researchers to invest in the field of cryptography; at the same time, due to the actual needs in real life and the development and changes of computing technology, Many new topics and new directions have appeared in every research field of cryptography. For example, the AES solicitation activity led to a climax of block cipher research in international cryptography. At the same time, in the field of public key cryptography, ECC has attracted widespread attention due to its advantages of high security and fast calculation speed.

加密技术主要分为对称密码与非对称密码,其中对称密码又分为流密码和分组密码。流密码的代表是RC4算法,而分组密码的代表是DES和AES。传统分组密码通常进行确定的置乱扩散变换,使得系统具有某些特定的性质,其结果使系统在一定程度上易受到线性分析、差分分析、代数攻击等密码分析方法的攻击,从而影响其安全性。作为第一个并且也是最重要的现代对称加密算法,DES最严重的弱点就是密钥长度较短,这个弱点在20世纪90年代显得更加明显了。1998年7月,密码学研究会、高级无线技术协会和电子前沿基金会联合构造了一个称为Deep crack的密钥搜索机,搜索了56个小时后成功地找到了DES挑战密钥,这表明20世纪90年代后期的计算技术对于一个原本安全的单钥密码来说,使用56比特的密钥太短了。其后的改进是增加密钥长度的多轮DES。同样是对称加密的AES是一种明显依托于数学理论的加密算法,依靠有限域/有限环的有关性质进行加解密。目前讨论最多的就是对AES的代数攻击(XSL)。现有研究表明,若XSL攻击是算法轮数的多项式时间,则AES的安全性不随着轮数的增加呈指数级增加。AES由于其分组确定、密钥长度确定并且置乱扩散算法确定,对于大数据量且数据具有高相关性时,其效果不尽人意。对称密码系统均涉及密钥问题,通常使用伪随机码作为密钥。Encryption technology is mainly divided into symmetric cipher and asymmetric cipher, and symmetric cipher is further divided into stream cipher and block cipher. Stream ciphers are represented by the RC4 algorithm, while block ciphers are represented by DES and AES. Traditional block ciphers usually carry out definite scrambling diffusion transformation, which makes the system have some specific properties. As a result, the system is vulnerable to linear analysis, differential analysis, algebraic attack and other cryptanalysis methods to a certain extent, thus affecting its security. sex. As the first and most important modern symmetric encryption algorithm, the most serious weakness of DES is the short key length. This weakness became more obvious in the 1990s. In July 1998, the Cryptography Research Society, the Advanced Wireless Technology Association and the Electronic Frontier Foundation jointly constructed a key search machine called Deep crack, and successfully found the DES challenge key after 56 hours of searching, which shows that Computing technology in the late 1990s used 56-bit keys that were too short for an otherwise secure single-key cipher. A subsequent improvement is the multi-round DES with increased key length. AES, which is also a symmetric encryption, is an encryption algorithm obviously based on mathematical theory, relying on the relevant properties of finite fields/finite rings for encryption and decryption. Currently the most discussed is the algebraic attack on AES (XSL). Existing research shows that if the XSL attack is a polynomial time of the number of algorithm rounds, the security of AES does not increase exponentially with the number of rounds. Due to its definite grouping, definite key length and definite scrambling diffusion algorithm, AES is unsatisfactory when it comes to large amounts of data and data with high correlation. Symmetric cryptosystems all involve key issues, and pseudorandom codes are usually used as keys.

传统的加密算法存在以下问题:Traditional encryption algorithms have the following problems:

(1)传统的加密算法,如AES等,通常其密钥(即伪随机码)的产生都可以用二元组表示(1) For traditional encryption algorithms, such as AES, etc., the generation of its key (that is, pseudo-random code) can usually be represented by a two-tuple

K=(m,IV)K=(m, IV)

其中,K是密钥;m是密钥产生算法,通常难以保密;IV是初值,即算法要求的种子值,是保密的;m、IV都与密钥直接相关,密钥产生算法一般采用迭代的方式,从初值IV开始重复迭代产生密钥;传统加密算法具有确定的置乱和扩散变换,加密信息依赖密钥,另一方面,密钥需加密保管/加密传送/秘密信道传送;因此,传统算法的安全性问题的关键在于密钥;Among them, K is the key; m is the key generation algorithm, which is usually difficult to keep secret; IV is the initial value, that is, the seed value required by the algorithm, which is kept secret; m and IV are directly related to the key, and the key generation algorithm generally uses The iterative method starts from the initial value IV to iteratively generate the key; the traditional encryption algorithm has definite scrambling and diffusion transformation, and the encrypted information depends on the key. On the other hand, the key needs to be encrypted for storage/encrypted transmission/secret channel transmission; Therefore, the key to the security problem of traditional algorithms lies in the key;

(2)解密密钥需通过加密方式或秘密信道传给解密方对密文进行解密,在传输过程中,密文和解密密钥都可能被截获,这样就有可能通过唯密文攻击或密码分析破解密文,从而使得信息传送失去了安全保障,这也大大增加密钥管理的复杂度;(2) The decryption key needs to be transmitted to the decryption party through an encryption method or a secret channel to decrypt the ciphertext. During the transmission process, both the ciphertext and the decryption key may be intercepted, so it is possible to pass the ciphertext-only attack or password Analyzing and cracking the ciphertext, so that the information transmission loses the security guarantee, which also greatly increases the complexity of key management;

(3)传统加密算法由于各方面原因,一个密钥在实际使用过程中一个密钥往往被重复多次使用,存在着由于多次重用而产生的安全性问题。(3) Due to various reasons in the traditional encryption algorithm, a key is often used repeatedly in the actual use process, and there are security problems caused by multiple reuse.

发明内容 Contents of the invention

本发明的首要目的在于克服上述现有技术的缺点和不足,提供一种基于广义信息域的动态加密系统,本发明引入广义信息域概念,突破了二元组的限制,将其扩展为三元组结构,使加解密双方有共同的经广义信息域变换获得的活动背景,从加密方到解密方,密钥不显式出现,也不涉及密钥的传送,实现密钥安全性问题向广义信息域安全性问题的转移;该系统通过对广义信息域进行物理重构和逻辑重构可以获得任意个活动背景,现有研究表明这种变换复杂性是个NP难问题;加密轮次、分组长度动态可变,置乱扩散算法完全由密钥的排列特性和分段统计特性决定。The primary purpose of the present invention is to overcome the shortcomings and deficiencies of the above-mentioned prior art, and provide a dynamic encryption system based on the generalized information domain. The group structure enables the encryption and decryption parties to have a common activity background obtained through the transformation of the generalized information domain. From the encryption party to the decryption party, the key does not appear explicitly and does not involve the transmission of the key, so that the problem of key security can be extended to the generalized The transfer of security issues in the information domain; the system can obtain any activity background through physical and logical reconstruction of the generalized information domain. Existing research shows that the complexity of this transformation is an NP-hard problem; encryption rounds, packet length Dynamically variable, the scrambling diffusion algorithm is completely determined by the permutation characteristics of the key and the statistical characteristics of the segments.

本发明的目的还在于提供上述基于广义信息域的动态加密系统实现加解密的方法。The object of the present invention is also to provide a method for realizing encryption and decryption of the dynamic encryption system based on the generalized information domain.

本发明目的通过下述技术方案实现:基于广义信息域的动态加密系统包括相连接的基于广义信息域的伪随机码发生器、加解密子系统,该加解密子系统包括加密子系统、解密子系统;The purpose of the present invention is achieved through the following technical solutions: the dynamic encryption system based on the generalized information domain includes a connected pseudo-random code generator and an encryption and decryption subsystem based on the generalized information domain, and the encryption and decryption subsystem includes an encryption subsystem and a decryption subsystem. system;

其中加密子系统包括依次连接的分组系数与轮密钥生成模块、分组模块、对偶位置交换模块、置换运算模块;解密子系统包括依次连接的分组系数与轮密钥生成模块、分组模块、置换运算模块、对偶位置交换模块;且加密子系统、解密子系统共用同一个分组系数与轮密钥生成模块;The encryption subsystem includes grouping coefficients and round key generation modules, grouping modules, dual position exchange modules, and permutation operation modules that are connected in sequence; the decryption subsystem includes grouping coefficients and round key generation modules, grouping modules, and permutation operations that are connected in sequence module, dual position exchange module; and the encryption subsystem and the decryption subsystem share the same grouping coefficient and round key generation module;

其中的基于广义信息域的伪随机码发生器包括依次连接的初始地址信息(IV)生成模块、IV规格化模块、密钥产生算法(m)模块、约束化处理模块、密钥长度判断模块,所述m模块同时还与活动背景生成模块相连接;The pseudo-random code generator based on the generalized information domain includes an initial address information (IV) generation module, an IV normalization module, a key generation algorithm (m) module, a constraint processing module, and a key length judgment module connected in sequence, The m module is also connected with the active background generation module;

同时,所述基于广义信息域的伪随机码发生器分别与加密子系统、解密子系统中的分组系数与轮密钥生成模块、对偶位置交换模块、置换运算模块、相连接,分组系数与轮密钥生成模块还通过一个断点入口与m模块相连。At the same time, the pseudo-random code generator based on the generalized information domain is connected with the grouping coefficient and the round key generation module, the dual position exchange module, and the permutation operation module in the encryption subsystem and the decryption subsystem respectively. The key generation module is also connected with the m module through a breakpoint entry.

所述活动背景生成模块主要由物理重构模块、逻辑重构模块连接组成。The active background generating module is mainly composed of a physical reconstruction module and a logical reconstruction module.

计算机中任意可以表示为二进制编码的数据,称之为广义信息域(IF)。Any data that can be represented as a binary code in a computer is called the generalized information field (IF).

利用上述基于广义信息域的动态加密系统实现加解密的方法,包括加密过程和解密过程,加密过程具体如下:The method for realizing encryption and decryption using the above-mentioned dynamic encryption system based on the generalized information domain includes an encryption process and a decryption process. The encryption process is specifically as follows:

(1)活动背景生成模块通过对选定IF的物理重构获得IF的某个子空间,然后把该子空间逻辑重构成活动背景;(1) The active background generation module obtains a certain subspace of the IF through the physical reconstruction of the selected IF, and then logically reconstructs the subspace into the active background;

(2)IV生成模块产生初始地址信息(IV),IV规格化模块把IV压缩或拉伸成为确定长度的二进制地址串,并将其划分为n块:(2) The IV generation module generates initial address information (IV), and the IV normalization module compresses or stretches the IV into a binary address string of a certain length, and divides it into n blocks:

  X1 X2 ... Xn x1 x2 ... X n

作为活动背景中的n维逻辑地址;As an n-dimensional logical address in the active context;

(3)m模块对活动背景中的n维逻辑位地址与物理空间进行空间轨迹变换,并在每次的地址迁移中,从活动背景中析出k位长的位串并入密钥序列中。为了获得迁移地址,约束化处理模块根据之前k位位串值的最大值与最小值的频数之差来进行约束化处理,得到一个修正值。然后由m模块把修正值并入地址序列,经过平移获取新的n维迁移地址;(3) The m module transforms the n-dimensional logical bit address and physical space in the active background, and extracts a k-bit long bit string from the active background in each address migration and incorporates it into the key sequence. In order to obtain the migration address, the constrained processing module performs constrained processing according to the frequency difference between the maximum value and the minimum value of the previous k-bit bit string value to obtain a correction value. Then the m module incorporates the correction value into the address sequence, and obtains a new n-dimensional migration address through translation;

(4)密钥长度判断模块根据预设的参数判断密钥的长度是否足够,若不足够,则重复进行步骤(3)操作,若足够,则输出密钥;(4) the key length judging module judges whether the length of the key is sufficient according to preset parameters, if not enough, then repeat step (3) operation, if enough, then output the key;

(5)生成分组系数与轮密钥Keyr---对用户选定加密轮数,系统自动实现每轮分组系数选定与轮密钥生成,并控制各轮分组系数在一定轮数范围内不重复;由基于广义信息域的伪随机码发生器产生长度为一个字节或字的位串,并按该位串的值在分组系数集合中选取第r轮的分组系数nr,然后返回步骤(3),由基于广义信息域的伪随机码发生器继续产生长的轮密钥Keyr;重复步骤(5),直到所有的分组系数及轮密钥生成完毕,最后把各轮的轮密钥Keyr依次拼接成密钥K。此分组系数关系到步骤(6)、(7)、(8)的操作,根据置乱扩散的需要可以增加加密的轮次;(5) Generate grouping coefficient and round key Key r --- Select the number of encryption rounds for the user, the system automatically realizes the selection of each round of grouping coefficient and round key generation, and controls the grouping coefficient of each round within a certain range of rounds No repetition; the pseudo-random code generator based on the generalized information domain generates a bit string with a length of one byte or word, and selects the grouping coefficient n r of the r-th round in the grouping coefficient set according to the value of the bit string, and then returns Step (3), the pseudo-random code generator based on the generalized information domain continues to generate Long round key Key r ; repeat step (5) until all the grouping coefficients and round keys are generated, and finally the round key Key r of each round is sequentially spliced into key K. This grouping coefficient is related to the operation of steps (6), (7), and (8), and the rounds of encryption can be increased according to the needs of scrambling diffusion;

多轮加密时,记n′=max(nr),r=1,2,...,R,其中R是加密轮数,依次选取大小为

Figure A200810198491D0009153932QIETU
的块为单位,按步骤(6)、(7)、(8)进行R轮加密;For multiple rounds of encryption, record n′=max(n r ), r=1, 2, ..., R, where R is the number of encryption rounds, and the size is selected in turn as
Figure A200810198491D0009153932QIETU
The block is the unit, according to steps (6), (7), (8) to carry out R-round encryption;

(6)分组方案---对密钥K按分组系数nr进行分组,分组系数决定了明文分组置换加密的地址空间为

Figure A200810198491D0009153944QIETU
;(6) Grouping scheme --- Group the key K according to the grouping coefficient n r , and the grouping coefficient determines the address space of the plaintext group permutation encryption as
Figure A200810198491D0009153944QIETU
;

(7)对偶位置交换---密钥K分组的内容ki代表加密空间分组的组内地址,对ki按位取反得到

Figure A200810198491D00091
ki
Figure A200810198491D00092
形成对偶地址对。分析各个ki的统计特性后进行相应的移位和对偶地址对应内容的交换处理;这些处理是由密钥的排列特性决定的,因此使用不同的密钥,加密时采取的移位及交换处理是不同的;(7) Dual position exchange --- the content ki of the key K group represents the intra-group address of the encryption space group, and the bitwise inversion of ki is obtained
Figure A200810198491D00091
k i and
Figure A200810198491D00092
Form a dual address pair. After analyzing the statistical characteristics of each ki , carry out the corresponding shifting and exchange processing of the corresponding content of the dual address; these processes are determined by the arrangement characteristics of the key, so different keys are used, and the shifting and exchange processing adopted during encryption is different;

(8)置换运算---记轮密钥为Keyr=(K1,K2,...,Ki),明文加密空间分组A=(A0,A1,...,Ai),相应的密文分组为 A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) . 其中Ki,Ai

Figure A200810198491D00094
占1bit,即视为二进制流的形式。在完成位置交换后,按以下公式计算出A′值(A′作为第r+1轮的A使用):(8) Permutation operation --- the round key is Key r = (K 1 , K 2 , ..., K i ), the plaintext encryption space grouping A = (A 0 , A 1 , ..., A i ), and the corresponding ciphertext grouping is A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) . where K i , A i ,
Figure A200810198491D00094
Occupying 1 bit, it is regarded as the form of binary stream. After the position exchange is completed, the value of A' is calculated according to the following formula (A' is used as A in the r+1 round):

AA 00 ′′ == AA 00 ⊕⊕ KK 00 ⊕⊕ AA ii ,, ii == 00 AA ii ′′ == AA ii ⊕⊕ KK ii ⊕⊕ AA ii -- 11 ′′ ,, ii ≠≠ 00 ;;

上述步骤(6)至(8)当为加密算法所进行的第r轮加密过程,轮加密结束,若未完成R轮加密则重复进行步骤(6)至(8),否则转(9)。When the above steps (6) to (8) are the rth round of encryption process performed by the encryption algorithm, the round of encryption ends, if the R round of encryption is not completed, steps (6) to (8) are repeated, otherwise turn to (9).

(9)若明文未加密完毕,返回(6),否则,加密结束,返回密文。(9) If the plaintext has not been encrypted, return to (6); otherwise, the encryption is completed and the ciphertext is returned.

上述方法中,步骤(2)所述IV由系统随机数(SR)、系统内部时间(ST)、指定内容(SC)中的一项或任意多项组成,其中SR、ST通过调用函数获得,实现IV的随机性和唯一性,指定内容由用户给定实现IV的个性化。In the above method, the IV in step (2) is composed of one or more of system random number (SR), system internal time (ST), and specified content (SC), wherein SR and ST are obtained by calling a function, Realize the randomness and uniqueness of IV, and the specified content is given by the user to realize the personalization of IV.

上述方法中,步骤(1)所述物理重构的作用是把选定广义信息域(IF)构造成具有一定离散度、在物理上可见的子空间;逻辑重构则是把由物理重构得到的空间映射为n维的逻辑空间,具有离散性及随机性;规格化IV是这个高维逻辑空间中某一点的地址,也是之后进行空间轨迹变换的初始地址。In the above method, the function of the physical reconstruction in step (1) is to construct the selected generalized information domain (IF) into a physically visible subspace with a certain degree of discreteness; The obtained space is mapped into an n-dimensional logical space, which is discrete and random; the normalized IV is the address of a certain point in this high-dimensional logical space, and it is also the initial address for subsequent spatial trajectory transformation.

上述方法中,步骤(1)所述的IF可以是任意类型的数据,本质上是以字节为单位的任意长的二进制0、1位串,具有一定的随机性且可认为它是首尾相连的。IF可由算法产生,如混沌/混合混沌系统生成,也可是图像、文本文件或内存的一段代码等。可以对其标号,以便于应用。在实验时考虑使用图像、文本文件作为广义信息域,或利用混合混沌系统根据给定不同的初值,从而产生不同的广义信息域。In the above-mentioned method, the IF described in step (1) can be any type of data, and is essentially an arbitrary long binary 0, 1 bit string in bytes, which has certain randomness and can be considered end-to-end of. The IF can be generated by an algorithm, such as a chaotic/hybrid chaotic system, or it can be an image, a text file, or a piece of code in memory. It can be labeled for ease of application. Consider using images and text files as generalized information domains during experiments, or use hybrid chaotic systems to generate different generalized information domains according to different initial values.

上述方法中,步骤(1)所述的活动背景在选定广义信息领下的结构具有如下定义:In the above method, the structure of the activity background described in step (1) under the selected generalized information collar has the following definition:

  ABG-code IF-code [S1/L1][,S2/L2]…[Si/Li]… D1,D2,D3[,D4[…]] ABG-code IF-code [S 1 /L 1 ][,S 2 /L 2 ]…[Si/Li]… D 1 , D 2 , D 3 [, D 4 […]]

其中:in:

ABG-code:活动背景号,便于通过代号引用;ABG-code: activity background number, which is convenient for reference by code;

IF-code:广义信息域号;IF-code: generalized information domain number;

[S1/L1][,S2/L2]…[Si/Li]…:物理重构参数,可任意选择,其结果是产生确定的活动背景。其中Si是偏移,Li是长度,用十进制表示。物理重构时的单位是字节;[S1/L1][,S2/L2]...[Si/Li]...: Physical reconstruction parameters, which can be chosen arbitrarily, resulting in a defined active background. Where Si is the offset and Li is the length expressed in decimal. The unit of physical reconstruction is byte;

D1,D2,D3[Di[,…]]:逻辑重构参数,Di为维定义,十进制表示,给出该维最大下标值,括号内可任选,逻辑重构时其单位是位。D1, D2, D3[Di[,…]]: logic reconstruction parameters, Di is the dimension definition, expressed in decimal, gives the maximum subscript value of the dimension, optional in brackets, the unit of logic reconstruction is bit.

上述方法中,步骤(1)所述的物理重构模块对该选定的IF进行物理重构,其具体操作如下:In the above method, the physical reconstruction module described in step (1) physically reconstructs the selected IF, and its specific operations are as follows:

若物理重构参数为空,则活动背景与选定信息域等价;若物理重构参数非空,则依次选取一组物理重构参数[Si/Li],从广义信息域或中间结果的第Si字节起截取长度为Li字节长的0、1串作为有效信息。物理重构可以将一个广义信息域的信息扩展成多个不同的活动背景的物理信息块;If the physical reconstruction parameters are empty, the active background is equivalent to the selected information domain; if the physical reconstruction parameters are not empty, then a set of physical reconstruction parameters [Si/Li] is selected in turn, and the generalized information domain or the intermediate result From the fourth byte, a string of 0 and 1 with a length of Li bytes is intercepted as valid information. Physical reconstruction can expand the information of a generalized information domain into multiple physical information blocks of different activity backgrounds;

在物理重构中引入一组离散化规则、算法,达到单向可计算、高度隔离性和离散化的目标,因此,通过定义规则,使得物理重构具有以下特点:A set of discretization rules and algorithms are introduced in physical reconstruction to achieve the goal of one-way computability, high isolation and discretization. Therefore, by defining rules, physical reconstruction has the following characteristics:

a、一次重构有可能使某个字节值产生多种变化,满足单向可计算性;a. One refactoring may cause multiple changes to a certain byte value, satisfying one-way computability;

b、重构保持随机特性,如0、1的比例;b. Refactoring maintains random characteristics, such as the ratio of 0 and 1;

c、重构产生中间结果或活动背景的物理结构,满足单向可计算,但不存在反函数,无法逆向求出上层的结果,具有高度隔离性。c. Reconstruct the physical structure that produces intermediate results or activity backgrounds, satisfying one-way computability, but there is no inverse function, and it is impossible to reversely calculate the upper-level results, which has a high degree of isolation.

上述方法中,步骤(1)所述的逻辑重构模块对经物理重构的IF进行逻辑重构获取活动背景,其具体操作如下:In the above method, the logical reconstruction module described in step (1) performs logical reconstruction on the physically reconstructed IF to obtain the activity background, and its specific operations are as follows:

把一维的字节线性空间转换为任意多维的位逻辑空间,把由物理重构得到的一维数据重构为D1×D2×…×Dn的信息块,则每一位对应一个地址,且每一个地址都可用(y1,y2,…,yn)表示,而D1,D2,…,Dn是事先约定好的各维的最大下标值。Convert the one-dimensional byte linear space into any multi-dimensional bit logic space, reconstruct the one-dimensional data obtained by physical reconstruction into D1×D2×…×Dn information blocks, then each bit corresponds to an address, and Each address can be represented by (y1, y2, ..., yn), and D1, D2, ..., Dn are the maximum subscript values of each dimension agreed in advance.

上述方法中,步骤(1)、(2)、(3)所述的IF、IV、m模块的m三元协调来实现在背景空间轨迹迁移,在迁移过程中析出k位密钥,同时修改迁移轨迹,直至生成的长度满足要求为止。In the above method, the m ternary coordination of the IF, IV, and m modules described in steps (1), (2), and (3) realizes the trajectory migration in the background space, and the k-bit key is extracted during the migration process, and the key is modified simultaneously. Trajectories are migrated until the resulting length satisfies the requirement.

解密子系统的解密过程基本上是加密子系统的加密过程的逆过程,其不同之处在于:对生成的分组系数与轮密钥逆序使用;分组方案、对偶位置交换、置换运算、该三个步骤的执行顺序依次为:分组方案、置换运算、对偶位置交换。The decryption process of the decryption subsystem is basically the inverse process of the encryption process of the encryption subsystem. The execution sequence of the steps is as follows: grouping scheme, permutation operation, and dual position exchange.

解密过程具体如下:The decryption process is as follows:

(1)活动背景生成模块通过对选定IF的物理重构获得IF的某个子空间,然后把该子空间逻辑重构成活动背景;(1) The active background generation module obtains a certain subspace of the IF through the physical reconstruction of the selected IF, and then logically reconstructs the subspace into the active background;

(2)IV生成模块产生初始地址信息(IV),IV规格化模块把IV压缩或拉伸成为确定长度的二进制地址串,并将其划分为n块:(2) The IV generation module generates initial address information (IV), and the IV normalization module compresses or stretches the IV into a binary address string of a certain length, and divides it into n blocks:

  X1 X2 ... Xn x1 x2 ... X n

作为活动背景中的n维逻辑地址;As an n-dimensional logical address in the active context;

(3)m模块对活动背景中的n维逻辑位地址与物理空间进行空间轨迹变换,并在每次的地址迁移中,从活动背景中析出k位长的位串并入密钥序列中,为了获得迁移地址,约束化处理模块根据之前k位位串值的最大值与最小值的频数之差来进行约束化处理,得到一个修正值;然后由m模块把修正值并入地址序列,经过平移获取新的n维迁移地址,并保留迁移轨迹用于将来构造轨迹环变换矩阵;(3) The m module transforms the n-dimensional logical bit address and physical space in the active background, and in each address migration, extracts a k-bit long bit string from the active background and incorporates it into the key sequence, In order to obtain the migration address, the constraint processing module performs constraint processing according to the frequency difference between the maximum value and the minimum value of the previous k-bit bit string value to obtain a correction value; then the correction value is incorporated into the address sequence by the m module, through Translate to obtain a new n-dimensional migration address, and reserve the migration trajectory for future construction of the trajectory ring transformation matrix;

(4)密钥长度判断模块根据预设的参数判断密钥的长度是否足够,若不足够,则重复进行步骤(3)操作,若足够,则输出密钥;(4) the key length judging module judges whether the length of the key is sufficient according to preset parameters, if not enough, then repeat step (3) operation, if enough, then output the key;

(5)生成分组系数与轮密钥Keyr---对解密轮数,系统自动实现每轮分组系数选定与轮密钥生成,并控制各轮分组系数在一定轮数范围内不重复。由基于广义信息域的伪随机码发生器产生长度为一个字节或字的位串,并按该位串的值在分组系数集合中选取第r轮的分组系数nr,然后返回步骤(3),由基于广义信息域的伪随机码发生器继续产生

Figure A200810198491D00111
长的轮密钥Keyr;重复步骤(5),直到所有的分组系数及轮密钥生成完毕,最后把各轮的轮密钥Keyr依次拼接成密钥K。此分组系数关系到步骤(6)、(7)、(8)的操作;(5) Generation of grouping coefficients and round keys Key r --- For the number of decryption rounds, the system automatically selects the grouping coefficients and generates round keys for each round, and controls the grouping coefficients of each round to not repeat within a certain range of rounds. The pseudo-random code generator based on the generalized information domain generates a bit string with a length of one byte or word, and selects the grouping coefficient n r of the r-th round in the grouping coefficient set according to the value of the bit string, and then returns to step (3 ), continue to be generated by the pseudo-random code generator based on the generalized information domain
Figure A200810198491D00111
Long round key Key r ; repeat step (5) until all the grouping coefficients and round keys are generated, and finally the round key Key r of each round is sequentially spliced into key K. This grouping coefficient is related to the operation of steps (6), (7), (8);

多轮解密时,记n′=max(nr),r=1,2,...,R,其中R是解密轮数,依次选取大小为2n'的块为单位,按步骤(7)、(8)、(9)进行R轮解密;During multiple rounds of decryption, record n'=max(n r ), r=1, 2, ..., R, where R is the number of decryption rounds, and select blocks with a size of 2 n' as units in turn, according to step (7 ), (8), (9) carry out R round decryption;

(6)分组方案---对密钥K按分组系数nR-r+1进行分组,分组系数决定了密文分组置换解密的地址空间为 (6) Grouping scheme --- Group the key K according to the grouping coefficient n R-r+1 , and the grouping coefficient determines the address space for ciphertext group replacement and decryption as

(7)置换运算---记轮密钥为 Key r ′ = ( K 1 , K 2 , . . . , K i ) , 是由步骤(5)产生的KeyR-r+1,密文解密空间分组A=(A0,A1,...,Ai),相应的明文分组为 A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) . 其中Ki,Ai占1bit,即视为二进制流的形式,在完成位置交换后,按以下公式计算出A′值(A′作为第r+1轮的A使用):(7) Replacement operation --- the round key is key r ′ = ( K 1 , K 2 , . . . , K i ) , is the Key R-r+1 generated in step (5), the ciphertext decryption space grouping A=(A 0 , A 1 ,...,A i ), and the corresponding plaintext grouping is A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) . where K i , A i , Occupying 1 bit, it is regarded as the form of a binary stream. After the position exchange is completed, the value of A' is calculated according to the following formula (A' is used as A in the r+1 round):

AA ii == AA ii -- 11 ′′ ⊕⊕ KK ii ⊕⊕ AA ii ′′ ,, ii ≠≠ 00 AA 00 == AA 00 ′′ ⊕⊕ KK 00 ⊕⊕ AA ii ,, ii == 00 ;;

(8)对偶位置交换---密钥K分组的内容ki代表加密空间分组的组内地址,对ki按位取反得到ki

Figure A200810198491D00123
形成对偶地址对;分析各个ki的统计特性后进行相应的移位和对偶地址对应内容的交换处理;这些处理是由密钥的排列特性决定的,因此使用不同的密钥,解密时采取的移位及交换处理是不同的;(8) Dual position exchange --- the content ki of the key K group represents the intra-group address of the encryption space group, and the bitwise inversion of ki is obtained k i and
Figure A200810198491D00123
Form a pair of dual addresses; after analyzing the statistical characteristics of each ki , perform corresponding shifting and exchange processing of the corresponding content of the dual address; these processes are determined by the arrangement characteristics of the key, so different keys are used, and the method used for decryption is Shift and swap are handled differently;

上述步骤(6)至(8)当为解密算法所进行的第r轮解密过程,一轮解密结束,若未完成R轮加密则重复进行步骤(6)至(8),否则转(9);The above steps (6) to (8) are the rth round of decryption process performed by the decryption algorithm, and one round of decryption is over. If the R round of encryption is not completed, repeat steps (6) to (8), otherwise go to (9) ;

(9)若密文未解密完毕,返回(6),否则,解密结束,返回明文。(9) If the ciphertext has not been decrypted, return to (6); otherwise, the decryption is completed and the plaintext is returned.

上述方法中,步骤(2)所述IV由系统随机数(SR)、系统内部时间(ST)、指定内容(SC)中的一项或任意多项组成,其中SR、ST通过调用函数获得,实现IV的随机性和唯一性,指定内容由用户给定实现IV的个性化。In the above method, the IV in step (2) is composed of one or more of system random number (SR), system internal time (ST), and specified content (SC), wherein SR and ST are obtained by calling a function, Realize the randomness and uniqueness of IV, and the specified content is given by the user to realize the personalization of IV.

上述方法中,步骤(1)所述物理重构的作用是把选定广义信息域(IF)构造成具有一定离散度、在物理上可见的子空间;逻辑重构则是把由物理重构得到的空间映射为n维的逻辑空间,具有离散性及随机性;规格化IV是这个高维逻辑空间中某一点的地址,也是之后进行空间轨迹变换的初始地址。In the above method, the function of the physical reconstruction in step (1) is to construct the selected generalized information domain (IF) into a physically visible subspace with a certain degree of discreteness; The obtained space is mapped into an n-dimensional logical space, which is discrete and random; the normalized IV is the address of a certain point in this high-dimensional logical space, and it is also the initial address for subsequent spatial trajectory transformation.

上述方法中,步骤(1)所述的IF可以是任意类型的数据,本质上是以字节为单位的任意长的二进制0、1位串,具有一定的随机性且可认为它是首尾相连的。IF可由算法产生,如混沌/混合混沌系统生成,也可是图像、文本文件或内存的一段代码等。可以对其标号,以便于应用。在实验时考虑使用图像、文本文件作为广义信息域,或利用混合混沌系统根据给定不同的初值,从而产生不同的广义信息域。In the above-mentioned method, the IF described in step (1) can be any type of data, and is essentially an arbitrary long binary 0, 1 bit string in bytes, which has certain randomness and can be considered end-to-end of. The IF can be generated by an algorithm, such as a chaotic/hybrid chaotic system, or it can be an image, a text file, or a piece of code in memory. It can be labeled for ease of application. Consider using images and text files as generalized information domains during experiments, or use hybrid chaotic systems to generate different generalized information domains according to given different initial values.

上述方法中,步骤(1)所述的活动背景在选定广义信息领下的结构具有如下定义:In the above method, the structure of the activity background described in step (1) under the selected generalized information collar has the following definition:

  ABG-code IF-code [S1/L1][,S2/L2]…[Si/Li]… D1,D2,D3[,D4[,…]] ABG-code IF-code [S 1 /L 1 ][,S 2 /L 2 ]…[Si/Li]… D 1 , D 2 , D 3 [, D 4 [,…]]

其中:in:

ABG-code:活动背景号,便于通过代号引用;ABG-code: activity background number, which is convenient for reference by code;

IF-code:广义信息域号;IF-code: generalized information domain number;

[S1/L1][,S2/L2]…[Si/Li]…:物理重构参数,可任意选择,其结果是产生确定的活动背景。其中Si是偏移,Li是长度,用十进制表示。物理重构时的单位是字节;[S1/L1][,S2/L2]...[Si/Li]...: Physical reconstruction parameters, which can be chosen arbitrarily, resulting in a defined active background. Where Si is the offset and Li is the length expressed in decimal. The unit of physical reconstruction is byte;

D1,D2,D3[Di[,…]]:逻辑重构参数,Di为维定义,十进制表示,给出该维最大下标值,括号内可任选,逻辑重构时其单位是位。D1, D2, D3[Di[,…]]: logic reconstruction parameters, Di is the dimension definition, expressed in decimal, gives the maximum subscript value of the dimension, optional in brackets, the unit of logic reconstruction is bit.

上述方法中,步骤(1)所述的物理重构模块对该选定的IF进行物理重构,其具体操作如下:In the above method, the physical reconstruction module described in step (1) physically reconstructs the selected IF, and its specific operations are as follows:

若物理重构参数为空,则活动背景与选定信息域等价;若物理重构参数非空,则依次选取一组物理重构参数[Si/Li],从广义信息域或中间结果的第Si字节起截取长度为Li字节长的0、1串作为有效信息。物理重构可以将一个广义信息域的信息扩展成多个不同的活动背景的物理信息块;If the physical reconstruction parameters are empty, the active background is equivalent to the selected information domain; if the physical reconstruction parameters are not empty, then a set of physical reconstruction parameters [Si/Li] is selected in turn, and the generalized information domain or the intermediate result From the fourth byte, a string of 0 and 1 with a length of Li bytes is intercepted as valid information. Physical reconstruction can expand the information of a generalized information domain into multiple physical information blocks of different activity backgrounds;

在物理重构中引入一组离散化规则、算法,达到单向可计算、高度隔离性和离散化的目标,因此,通过定义规则,使得物理重构具有以下特点:A set of discretization rules and algorithms are introduced in physical reconstruction to achieve the goal of one-way computability, high isolation and discretization. Therefore, by defining rules, physical reconstruction has the following characteristics:

a、一次重构有可能使某个字节值产生多种变化,满足单向可计算性;a. One refactoring may cause multiple changes to a certain byte value, satisfying one-way computability;

b、重构保持随机特性,如0、1的比例;b. Refactoring maintains random characteristics, such as the ratio of 0 and 1;

c、重构产生中间结果或活动背景的物理结构,满足单向可计算,但不存在反函数,无法逆向求出上层的结果,具有高度隔离性。c. Reconstruct the physical structure that produces intermediate results or activity backgrounds, satisfying one-way computability, but there is no inverse function, and it is impossible to reversely calculate the upper-level results, which has a high degree of isolation.

上述方法中,步骤(1)所述的逻辑重构模块对经物理重构的IF进行逻辑重构获取活动背景,其具体操作如下:In the above method, the logical reconstruction module described in step (1) performs logical reconstruction on the physically reconstructed IF to obtain the activity background, and its specific operations are as follows:

把一维的字节线性空间转换为任意多维的位逻辑空间,把由物理重构得到的一维数据重构为D1×D2×…×Dn的信息块,则每一位对应一个地址,且每一个地址都可用(y1,y2,…,yn)表示,而D1,D2,…,Dn是事先约定好的各维的最大下标值。Convert the one-dimensional byte linear space into any multi-dimensional bit logic space, reconstruct the one-dimensional data obtained by physical reconstruction into D1×D2×…×Dn information blocks, then each bit corresponds to an address, and Each address can be represented by (y1, y2, ..., yn), and D1, D2, ..., Dn are the maximum subscript values of each dimension agreed in advance.

上述方法中,步骤(1)、(2)、(3)所述的IF、IV、m模块的m三元协调来实现在背景空间轨迹迁移,在迁移过程中析出k位密钥,同时修改迁移轨迹,直至生成的长度满足要求为止。In the above method, the m ternary coordination of the IF, IV, and m modules described in steps (1), (2), and (3) realizes the trajectory migration in the background space, and the k-bit key is extracted during the migration process, and the key is modified simultaneously. Trajectories are migrated until the resulting length satisfies the requirement.

本发明基于广义信息域的动态加密系统相对于现有技术具有以下优点:Compared with the prior art, the dynamic encryption system based on the generalized information domain of the present invention has the following advantages:

(1)引入广义信息域概念,突破了二元组的限制,扩展为广义信息域变换下的三元组(m,IV,IF),加解密双方在共同活动背景下可产生任意个数、任意长度的密钥。从加密方到解密方,只需传送IV,密钥不显式出现,也不涉及密钥的传送,这样密钥安全性问题就转移到广义信息域安全性问题上,从而大大提高了信息安全性。(1) Introduce the concept of the generalized information domain, break through the limitation of the binary group, and expand it into a triplet (m, IV, IF) under the transformation of the generalized information domain. The encryption and decryption parties can generate any number, Keys of any length. From the encrypting party to the decrypting party, only the IV needs to be transmitted, the key does not appear explicitly, and does not involve the transmission of the key, so that the security of the key is transferred to the security of the generalized information domain, thereby greatly improving information security sex.

(2)抗常规密码分析。广义信息域通过物理重构和逻辑重构可以获得任意多个活动背景,且选定使用其中一个。在重构过程中参数的可调性涉及排列组合(穷举攻击空间)问题,现有研究表明这种变换复杂性是个NP难问题。同时系统所选择的动态分组、位置交换等均为非线性变换,因此随着轮次的增加,加密时间呈线性递增,而置乱扩散复杂性呈指数级增加,因此线性分析、差分分析、代数攻击等常规密码分析方法不适用于本系统。(2) Resistance to conventional cryptanalysis. The generalized information domain can obtain any number of activity backgrounds through physical reconstruction and logical reconstruction, and select one of them. The tunability of parameters in the reconstruction process involves the permutation and combination (exhaustive attack space) problem, and existing research shows that this transformation complexity is an NP-hard problem. At the same time, the dynamic grouping and position exchange selected by the system are nonlinear transformations, so as the number of rounds increases, the encryption time increases linearly, and the complexity of scrambling diffusion increases exponentially, so linear analysis, differential analysis, algebraic analysis Conventional cryptanalysis methods such as attacks are not suitable for this system.

附图说明 Description of drawings

图1是本发明系统的结构示意图;Fig. 1 is the structural representation of the system of the present invention;

图2是本发明系统的工作流程。Fig. 2 is the workflow of the system of the present invention.

具体实施方式 Detailed ways

下面结合实施例及附图,对本发明作进一步地详细说明,但本发明的实施方式不限于此。The present invention will be described in further detail below in conjunction with the embodiments and the accompanying drawings, but the embodiments of the present invention are not limited thereto.

实施例Example

图1所示为本发明基于广义信息域的动态加密系统的具体结构,包括相连接的基于广义信息域的伪随机码发生器、加解子密系统,该加解密子系统包括加密子系统、解密子系统;Fig. 1 shows that the present invention is based on the concrete structure of the dynamic encryption system of generalized information domain, comprises the pseudo-random code generator based on generalized information domain connected, encryption and decryption subcipher system, and this encryption and decryption subsystem comprises encryption subsystem, decryption subsystem system;

其中加密子系统包括依次连接的分组系数与轮密钥生成模块、分组模块、对偶位置交换模块、置换运算模块;解密子系统包括依次连接的分组系数与轮密钥生成模块、分组模块、置换运算模块、对偶位置交换模块;且加密子系统、解密子系统共用同一个分组系数与轮密钥生成模块;The encryption subsystem includes grouping coefficients and round key generation modules, grouping modules, dual position exchange modules, and permutation operation modules that are connected in sequence; the decryption subsystem includes grouping coefficients and round key generation modules, grouping modules, and permutation operations that are connected in sequence module, dual position exchange module; and the encryption subsystem and the decryption subsystem share the same grouping coefficient and round key generation module;

其中的基于广义信息域的伪随机码发生器包括依次连接的IV生成模块、IV规格化模块、m模块、约束化处理模块、密钥长度判断模块,所述m模块同时还与活动背景生成模块相连接,所述活动背景生成模块主要由物理重构模块、逻辑重构模块连接组成;Wherein the pseudo-random code generator based on the generalized information domain includes an IV generation module, an IV normalization module, an m module, a constraint processing module, and a key length judging module connected in sequence, and the m module is also connected with the active background generation module at the same time connected, the active background generation module is mainly composed of a physical reconstruction module and a logical reconstruction module;

同时,所述基于广义信息域的伪随机码发生器分别与加密子系统、解密子系统中的分组系数与轮密钥生成模块、对偶位置交换模块、置换运算模块相连接,分组系数与轮密钥生成模块还通过一个断点入口与m模块相连。At the same time, the pseudo-random code generator based on the generalized information domain is respectively connected with the grouping coefficient in the encryption subsystem and the decryption subsystem, the round key generation module, the dual position exchange module, and the permutation operation module. The key generation module is also connected to the m module through a breakpoint entry.

计算机中任意可以表示为二进制编码的数据,称之为IF。Any data that can be represented as a binary code in a computer is called IF.

利用上述基于广义信息域的动态加密系统实现加解密的方法,如图2所示,包括加密过程和解密过程,加密过程具体如下:The method for implementing encryption and decryption using the above-mentioned dynamic encryption system based on the generalized information domain, as shown in Figure 2, includes an encryption process and a decryption process, and the encryption process is specifically as follows:

(1)活动背景生成模块通过对选定IF的物理重构获得IF的某个子空间,然后把该子空间逻辑重构成活动背景;(1) The active background generation module obtains a certain subspace of the IF through the physical reconstruction of the selected IF, and then logically reconstructs the subspace into the active background;

(2)IV生成模块产生IV,IV规格化模块把IV压缩或拉伸成为确定长度的二进制地址串,并将其划分为n块:(2) The IV generation module generates IV, and the IV normalization module compresses or stretches the IV into a binary address string of a certain length, and divides it into n blocks:

  X1 X2 ... Xn x1 x2 ... X n

作为活动背景中的n维逻辑地址;As an n-dimensional logical address in the active context;

(3)m模块对活动背景中的n维逻辑位地址与物理空间进行空间轨迹变换,并在每次的地址迁移中,从活动背景中析出k位长的位串并入密钥序列中,为了获得迁移地址,约束化处理模块根据之前k位位串值的最大值与最小值的频数之差来进行约束化处理,得到一个修正值;然后由m模块把修正值并入地址序列,经过平移获取新的n维迁移地址;(3) The m module transforms the n-dimensional logical bit address and physical space in the active background, and in each address migration, extracts a k-bit long bit string from the active background and incorporates it into the key sequence, In order to obtain the migration address, the constraint processing module performs constraint processing according to the frequency difference between the maximum value and the minimum value of the previous k-bit bit string value to obtain a correction value; then the correction value is incorporated into the address sequence by the m module, through Translate to obtain a new n-dimensional migration address;

(4)密钥长度判断模块根据预设的参数判断密钥的长度是否足够,若不足够,则重复进行步骤(3)操作,若足够,则输出密钥;(4) the key length judging module judges whether the length of the key is sufficient according to preset parameters, if not enough, then repeat step (3) operation, if enough, then output the key;

(5)生成分组系数与轮密钥Keyr---对用户选定加密轮数,系统自动实现每轮分组系数选定与轮密钥生成,并控制各轮分组系数在一定轮数范围内不重复。由基于广义信息域的伪随机码发生器产生长度为一个字节或字的位串,并按该位串的值在分组系数集合中选取第r轮的分组系数nr,然后返回步骤(3),由基于广义信息域的伪随机码发生器继续产生

Figure A200810198491D00151
长的轮密钥Keyr;重复步骤(5),直到所有的分组系数及轮密钥生成完毕,最后把各轮的轮密钥Keyr依次拼接成密钥K。此分组系数关系到步骤(6)、(7)、(8)的操作,根据置乱扩散的需要可以增加加密的轮次;(5) Generate grouping coefficient and round key Key r --- Select the number of encryption rounds for the user, the system automatically realizes the selection of each round of grouping coefficient and round key generation, and controls the grouping coefficient of each round within a certain range of rounds Not repeating. The pseudo-random code generator based on the generalized information domain generates a bit string with a length of one byte or word, and selects the grouping coefficient n r of the r-th round in the grouping coefficient set according to the value of the bit string, and then returns to step (3 ), continue to be generated by the pseudo-random code generator based on the generalized information domain
Figure A200810198491D00151
Long round key Key r ; repeat step (5) until all the grouping coefficients and round keys are generated, and finally the round key Key r of each round is sequentially spliced into key K. This grouping coefficient is related to the operation of steps (6), (7), and (8), and the rounds of encryption can be increased according to the needs of scrambling diffusion;

多轮加密时,记n′=max(nr),r=1,2,...,R,其中R是加密轮数,依次选取大小为2n'的块为单位,按步骤(6)、(7)、(8)进行R轮加密;During multiple rounds of encryption, remember n'=max(n r ), r=1, 2, ..., R, where R is the number of rounds of encryption, and select blocks with a size of 2 n' as units in turn, according to step (6 ), (7), (8) carry out R round encryption;

(6)分组方案---对密钥K按分组系数nr进行分组,分组系数决定了明文分组置换加密的地址空间为 (6) Grouping scheme --- Group the key K according to the grouping coefficient n r , and the grouping coefficient determines the address space of the plaintext group permutation encryption as

(7)对偶位置交换---密钥K分组的内容ki代表加密空间分组的组内地址,对ki按位取反得到ki

Figure A200810198491D00154
形成对偶地址对;分析各个ki的统计特性后进行相应的移位和对偶地址对应内容的交换处理;这些处理是由密钥的排列特性决定的,因此使用不同的密钥,加密时采取的移位及交换处理是不同的;(7) Dual position exchange --- the content ki of the key K group represents the intra-group address of the encryption space group, and the bitwise inversion of ki is obtained k i and
Figure A200810198491D00154
Form a dual address pair; analyze the statistical characteristics of each ki and perform corresponding shifting and exchange processing of the corresponding content of the dual address; these processes are determined by the arrangement characteristics of the key, so different keys are used, and encryption is adopted Shift and swap are handled differently;

(8)置换运算---记轮密钥为Keyr=(K1,K2,...,Ki),明文加密空间分组A=(A0,A1,...,Ai),相应的密文分组为 A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) . 其中Ki,Ai

Figure A200810198491D00156
占1bit,即视为二进制流的形式,在完成位置交换后,按以下公式计算出A′值(A′作为第r+1轮的A使用):(8) Permutation operation --- the round key is Key r = (K 1 , K 2 , ..., K i ), the plaintext encryption space grouping A = (A 0 , A 1 , ..., A i ), and the corresponding ciphertext grouping is A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) . where K i , A i ,
Figure A200810198491D00156
Occupying 1 bit, it is regarded as the form of a binary stream. After the position exchange is completed, the value of A' is calculated according to the following formula (A' is used as A in the r+1 round):

AA 00 ′′ == AA 00 ⊕⊕ KK 00 ⊕⊕ AA ii ,, ii == 00 AA ii ′′ == AA ii ⊕⊕ KK ii ⊕⊕ AA ii -- 11 ′′ ,, ii ≠≠ 00 ;;

上述步骤(6)至(8)当为加密算法所进行的第r轮加密过程,一轮加密结束,若未完成R轮加密则重复进行步骤(6)至(8),否则转(9);When the above steps (6) to (8) are the rth round encryption process performed by the encryption algorithm, one round of encryption is over, if the R round of encryption is not completed, then repeat steps (6) to (8), otherwise go to (9) ;

(9)若明文未加密完毕,返回(6),否则,加密结束,返回密文。(9) If the plaintext has not been encrypted, return to (6); otherwise, the encryption is completed and the ciphertext is returned.

上述方法中,步骤(1)、(2)、(3)所述的IF、IV、m模块的m三元协调来实现在背景空间轨迹迁移,在迁移过程中析出k位密钥,同时修改迁移轨迹,直至生成的长度满足要求为止。In the above method, the m ternary coordination of the IF, IV, and m modules described in steps (1), (2), and (3) realizes the trajectory migration in the background space, and the k-bit key is extracted during the migration process, and the key is modified simultaneously. Trajectories are migrated until the resulting length satisfies the requirement.

上述方法中,步骤(2)所述IV由SR、ST、SC中的一项或任意多项组成,其中SR、ST通过调用函数获得,实现IV的随机性和唯一性,指定内容由用户给定实现IV的个性化。In the above method, the IV in step (2) is composed of one or more of SR, ST, and SC, wherein SR, ST are obtained by calling a function to realize the randomness and uniqueness of the IV, and the specified content is given by the user. It is necessary to realize the personalization of IV.

上述方法中,步骤(1)所述物理重构的作用是把选定IF构造成具有一定离散度、在物理上可见的子空间;逻辑重构则是把由物理重构得到的空间映射为n维的逻辑空间,具有离散性及随机性;规格化IV是这个高维逻辑空间中某一点的地址,也是之后进行空间轨迹变换的初始地址。In the above-mentioned method, the effect of the physical reconstruction described in step (1) is to construct the selected IF into a physically visible subspace with a certain degree of discreteness; the logical reconstruction is to map the space obtained by the physical reconstruction into The n-dimensional logical space is discrete and random; the normalized IV is the address of a certain point in this high-dimensional logical space, and it is also the initial address for subsequent spatial trajectory transformation.

上述方法中,步骤(1)所述的IF可以是任意类型的数据,本质上是以字节为单位的任意长的二进制0、1位串,具有一定的随机性且可认为它是首尾相连的。IF可由算法产生,如混沌/混合混沌系统生成,也可是图像、文本文件或内存的一段代码等。可以对其标号,以便于应用。在实验时考虑使用图像、文本文件作为广义信息域,或利用混合混沌系统根据给定不同的初值,从而产生不同的广义信息域。In the above-mentioned method, the IF described in step (1) can be any type of data, and is essentially an arbitrary long binary 0, 1 bit string in bytes, which has certain randomness and can be considered end-to-end of. The IF can be generated by an algorithm, such as a chaotic/hybrid chaotic system, or it can be an image, a text file, or a piece of code in memory. It can be labeled for ease of application. Consider using images and text files as generalized information domains during experiments, or use hybrid chaotic systems to generate different generalized information domains according to given different initial values.

上述方法中,步骤(1)所述的活动背景在选定广义信息领下的结构具有如下定义:In the above method, the structure of the activity background described in step (1) under the selected generalized information collar has the following definition:

  ABG-code IF-code [S1/L1][,S2/L2]…[Si/Li]… D1,D2,D3[,D4[,…]] ABG-code IF-code [S 1 /L 1 ][,S 2 /L 2 ]…[Si/Li]… D 1 , D 2 , D 3 [, D 4 [,…]]

其中:in:

ABG-code:活动背景号,便于通过代号引用;ABG-code: activity background number, which is convenient for reference by code;

IF-code:广义信息域号;IF-code: generalized information domain number;

[S1/L1][,S2/L2]…[Si/Li]…:物理重构参数,可任意选择,其结果是产生确定的活动背景。其中Si是偏移,Li是长度,用十进制表示。物理重构时的单位是字节;[S1/L1][,S2/L2]...[Si/Li]...: Physical reconstruction parameters, which can be chosen arbitrarily, resulting in a defined active background. Where Si is the offset and Li is the length expressed in decimal. The unit of physical reconstruction is byte;

D1,D2,D3[Di[,…]]:逻辑重构参数,Di为维定义,十进制表示,给出该维最大下标值,括号内可任选,逻辑重构时其单位是位。D1, D2, D3[Di[,…]]: logic reconstruction parameters, Di is the dimension definition, expressed in decimal, gives the maximum subscript value of the dimension, optional in brackets, the unit of logic reconstruction is bit.

上述方法中,步骤(1)所述的物理重构模块对该选定的IF进行物理重构,其具体操作如下:In the above method, the physical reconstruction module described in step (1) physically reconstructs the selected IF, and its specific operations are as follows:

若物理重构参数为空,则活动背景与选定信息域等价;若物理重构参数非空,则依次选取一组物理重构参数[Si/Li],从广义信息域或中间结果的第Si字节起截取长度为Li字节长的0、1串作为有效信息。物理重构可以将一个广义信息域的信息扩展成多个不同的活动背景的物理信息块;If the physical reconstruction parameters are empty, the active background is equivalent to the selected information domain; if the physical reconstruction parameters are not empty, then a set of physical reconstruction parameters [Si/Li] are selected in turn, and the generalized information domain or intermediate result From the fourth byte, a string of 0 and 1 with a length of Li bytes is intercepted as valid information. Physical reconstruction can expand the information of a generalized information domain into multiple physical information blocks of different activity backgrounds;

在物理重构中引入一组离散化规则、算法,达到单向可计算、高度隔离性和离散化的目标,因此,通过定义规则,使得物理重构具有以下特点:A set of discretization rules and algorithms are introduced in physical reconstruction to achieve the goal of one-way computability, high isolation and discretization. Therefore, by defining rules, physical reconstruction has the following characteristics:

a、一次重构有可能使某个字节值产生多种变化,满足单向可计算性;a. One refactoring may cause multiple changes to a certain byte value, satisfying one-way computability;

b、重构保持随机特性,如0、1的比例;b. Refactoring maintains random characteristics, such as the ratio of 0 and 1;

c、重构产生中间结果或活动背景的物理结构,满足单向可计算,但不存在反函数,无法逆向求出上层的结果,具有高度隔离性。c. Reconstruct the physical structure that produces intermediate results or activity backgrounds, satisfying one-way computability, but there is no inverse function, and it is impossible to reversely calculate the upper-level results, which has a high degree of isolation.

上述方法中,步骤(1)所述的逻辑重构模块对经物理重构的IF进行逻辑重构获取活动背景,其具体操作如下:In the above method, the logical reconstruction module described in step (1) performs logical reconstruction on the physically reconstructed IF to obtain the activity background, and its specific operations are as follows:

把一维的字节线性空间转换为任意多维的位逻辑空间,把由物理重构得到的一维数据重构为D1×D2×…×Dn的信息块,则每一位对应一个地址,且每一个地址都可用(y1,y2,…,yn)表示,而D1,D2,…,Dn是事先约定好的各维的最大下标值。Convert the one-dimensional byte linear space into any multi-dimensional bit logic space, reconstruct the one-dimensional data obtained by physical reconstruction into D1×D2×…×Dn information blocks, then each bit corresponds to an address, and Each address can be represented by (y1, y2, ..., yn), and D1, D2, ..., Dn are the maximum subscript values of each dimension agreed in advance.

例如定义:Example definition:

  4 Sample.txt [34/256],[568/512] 456,355,756 4 Sample.txt [34/256], [568/512] 456, 355, 756

表示选取代号为4的活动背景。要获得该活动背景,需要以文件名为Sample.txt的文件作为广义信息域,然后进行物理及逻辑重构。物理重构参数[34/256],[568/512]表示从第34字节和第568字节起,分别选取256和512字节长的二进制串,并合并成一个长为768字节(6144位)的二进制串。逻辑重构把该6144位长的二进制串映射成3维的空间,每维的最大下标值分别为456,355和756。Indicates that the active background whose number is 4 is selected. To obtain the activity background, it is necessary to use the file named Sample.txt as a generalized information domain, and then perform physical and logical reconstruction. The physical reconstruction parameters [34/256], [568/512] indicate that from the 34th byte and the 568th byte, respectively select 256 and 512-byte long binary strings, and merge them into a long 768-byte ( 6144 bits) binary string. The logical reconstruction maps the 6144-bit long binary string into a 3-dimensional space, and the maximum subscript values of each dimension are 456, 355 and 756 respectively.

解密过程具体如下:The decryption process is as follows:

(1)活动背景生成模块通过对选定IF的物理重构获得IF的某个子空间,然后把该子空间逻辑重构成活动背景;(1) The active background generation module obtains a certain subspace of the IF through the physical reconstruction of the selected IF, and then logically reconstructs the subspace into the active background;

(2)IV生成模块产生IV,IV规格化模块把IV压缩或拉伸成为确定长度的二进制地址串,并将其划分为n块:(2) The IV generation module generates IV, and the IV normalization module compresses or stretches the IV into a binary address string of a certain length, and divides it into n blocks:

  X1 X2 ... Xn x1 x2 ... X n

作为活动背景中的n维逻辑地址;As an n-dimensional logical address in the active context;

(3)m模块对活动背景中的n维逻辑位地址与物理空间进行空间轨迹变换,并在每次的地址迁移中,从活动背景中析出k位长的位串并入密钥序列中,为了获得迁移地址,约束化处理模块根据之前k位位串值的最大值与最小值的频数之差来进行约束化处理,得到一个修正值;然后由m模块把修正值并入地址序列,经过平移获取新的n维迁移地址,并保留迁移轨迹用于将来构造轨迹环变换矩阵;(3) The m module transforms the n-dimensional logical bit address and physical space in the active background, and in each address migration, extracts a k-bit long bit string from the active background and incorporates it into the key sequence, In order to obtain the migration address, the constraint processing module performs constraint processing according to the frequency difference between the maximum value and the minimum value of the previous k-bit bit string value to obtain a correction value; then the correction value is incorporated into the address sequence by the m module, through Translate to obtain a new n-dimensional migration address, and reserve the migration trajectory for future construction of the trajectory ring transformation matrix;

(4)密钥长度判断模块根据预设的参数判断密钥的长度是否足够,若不足够,则重复进行步骤(3)操作,若足够,则输出密钥;(4) the key length judging module judges whether the length of the key is sufficient according to preset parameters, if not enough, then repeat step (3) operation, if enough, then output the key;

(5)生成分组系数与轮密钥Keyr---对解密轮数,系统自动实现每轮分组系数选定与轮密钥生成,并控制各轮分组系数在一定轮数范围内不重复。由基于广义信息域的伪随机码发生器产生长度为一个字节或字的位串,并按该位串的值在分组系数集合中选取第r轮的分组系数nr,然后返回步骤(3),由基于广义信息域的伪随机码发生器继续产生

Figure A200810198491D00171
长的轮密钥Keyr;重复步骤(5),直到所有的分组系数及轮密钥生成完毕,最后把各轮的轮密钥Keyr依次拼接成密钥K。此分组系数关系到步骤(6)、(7)、(8)的操作;(5) Generation of grouping coefficients and round keys Key r --- For the number of decryption rounds, the system automatically selects the grouping coefficients and generates round keys for each round, and controls the grouping coefficients of each round to not repeat within a certain range of rounds. The pseudo-random code generator based on the generalized information domain generates a bit string with a length of one byte or word, and selects the grouping coefficient n r of the r-th round in the grouping coefficient set according to the value of the bit string, and then returns to step (3 ), continue to be generated by the pseudo-random code generator based on the generalized information domain
Figure A200810198491D00171
Long round key Key r ; repeat step (5) until all the grouping coefficients and round keys are generated, and finally the round key Key r of each round is sequentially spliced into key K. This grouping coefficient is related to the operation of steps (6), (7), (8);

多轮解密时,记n′=max(nr),r=1,2,...,R,其中R是解密轮数,依次选取大小为的块为单位,按步骤(7)、(8)、(9)进行R轮解密;For multiple rounds of decryption, record n′=max(n r ), r=1, 2, ..., R, where R is the number of decryption rounds, and the size is selected in turn as The block is the unit, and R rounds of decryption are carried out according to steps (7), (8), and (9);

(6)分组方案---对密钥K按分组系数nR-r+1进行分组,分组系数决定了密文分组置换解密的地址空间为

Figure A200810198491D00182
(6) Grouping scheme --- Group the key K according to the grouping coefficient n R-r+1 , and the grouping coefficient determines the address space for ciphertext group replacement and decryption as
Figure A200810198491D00182

(7)置换运算---记轮密钥为 Key r ′ = ( K 1 , K 2 , . . . , K i ) , 是由步骤(5)产生的KeyR-r+1,密文解密空间分组A=(A0,A1,...,Ai),相应的明文分组为 A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) . 其中Ki,Ai

Figure A200810198491D00185
占1bit,即视为二进制流的形式,在完成位置交换后,按以下公式计算出A′值(A′作为第r+1轮的A使用):(7) Replacement operation --- the round key is key r ′ = ( K 1 , K 2 , . . . , K i ) , is the Key R-r+1 generated in step (5), the ciphertext decryption space grouping A=(A 0 , A 1 ,...,A i ), and the corresponding plaintext grouping is A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) . where K i , A i ,
Figure A200810198491D00185
Occupying 1 bit, it is regarded as the form of a binary stream. After the position exchange is completed, the value of A' is calculated according to the following formula (A' is used as A in the r+1 round):

AA ii == AA ii -- 11 ′′ ⊕⊕ KK ii ⊕⊕ AA ii ′′ ,, ii ≠≠ 00 AA 00 == AA 00 ′′ ⊕⊕ KK 00 ⊕⊕ AA ii ,, ii == 00 ;;

(8)对偶位置交换---密钥K分组的内容ki代表加密空间分组的组内地址,对ki按位取反得到ki

Figure A200810198491D00188
形成对偶地址对;分析各个ki的统计特性后进行相应的移位和对偶地址对应内容的交换处理;这些处理是由密钥的排列特性决定的,因此使用不同的密钥,解密时采取的移位及交换处理是不同的;(8) Dual position exchange --- the content ki of the key K group represents the intra-group address of the encryption space group, and the bitwise inversion of ki is obtained k i and
Figure A200810198491D00188
Form a pair of dual addresses; after analyzing the statistical characteristics of each ki , perform corresponding shifting and exchange processing of the corresponding content of the dual address; these processes are determined by the arrangement characteristics of the key, so different keys are used, and the method used for decryption is Shift and swap are handled differently;

上述步骤(6)至(8)当为解密算法所进行的第r轮解密过程,一轮解密结束,若未完成R轮加密则重复进行步骤(6)至(8),否则转(9);The above steps (6) to (8) are the rth round of decryption process performed by the decryption algorithm, and one round of decryption is over. If the R round of encryption is not completed, repeat steps (6) to (8), otherwise go to (9) ;

(9)若密文未解密完毕,返回(6),否则,解密结束,返回明文。(9) If the ciphertext has not been decrypted, return to (6); otherwise, the decryption is completed and the plaintext is returned.

上述方法中,步骤(1)、(2)、(3)所述的IF、IV、m模块中的m三元协调来实现在背景空间轨迹迁移,在迁移过程中析出k位密钥,同时修改迁移轨迹,直至生成的长度满足要求为止。In the above method, the m ternary coordination in the IF, IV, and m modules described in steps (1), (2), and (3) realizes the trajectory migration in the background space, and the k-bit key is extracted during the migration process, and at the same time Modify the migration trajectory until the generated length meets the requirements.

上述方法中,步骤(2)所述IV由SR、ST、SC中的一项或任意多项组成,其中SR、ST通过调用函数获得,实现IV的随机性和唯一性,指定内容由用户给定,实现IV的个性化,如:“hello,我是××”,IV并不作为算法的初值使用,包含的是在活动背景中初始地址的信息。In the above method, the IV in step (2) is composed of one or more of SR, ST, and SC, wherein SR, ST are obtained by calling a function to realize the randomness and uniqueness of the IV, and the specified content is given by the user. It is determined to realize the personalization of IV, such as: "hello, I am ××", IV is not used as the initial value of the algorithm, but contains the information of the initial address in the activity background.

上述方法中,(1)所述的物理重构的作用是把选定IF构造成具有一定离散度、在物理上可见的子空间;逻辑重构则是把由物理重构得到的空间映射为n维的逻辑空间,具有离散性及随机性;规格化IV是这个高维逻辑空间中某一点的地址,也是之后进行空间轨迹变换的初始地址。In the above method, the function of the physical reconstruction described in (1) is to construct the selected IF into a physically visible subspace with a certain degree of discreteness; the logical reconstruction is to map the space obtained by the physical reconstruction into The n-dimensional logical space is discrete and random; the normalized IV is the address of a certain point in this high-dimensional logical space, and it is also the initial address for subsequent spatial trajectory transformation.

上述方法中,步骤(1)所述的IF可以是任意类型的数据,本质上是以字节为单位的任意长的二进制0、1位串,具有一定的随机性且可认为它是首尾相连的。IF可由算法产生,如混沌/混合混沌系统生成,也可是图像、文本文件或内存的一段代码等。可以对其标号,以便于应用。在实验时考虑使用图像、文本文件作为广义信息域,或利用混合混沌系统根据给定不同的初值,从而产生不同的广义信息域。In the above-mentioned method, the IF described in step (1) can be any type of data, and is essentially an arbitrary long binary 0, 1 bit string in bytes, which has certain randomness and can be considered end-to-end of. The IF can be generated by an algorithm, such as a chaotic/hybrid chaotic system, or it can be an image, a text file, or a piece of code in memory. It can be labeled for ease of application. Consider using images and text files as generalized information domains during experiments, or use hybrid chaotic systems to generate different generalized information domains according to given different initial values.

上述方法中,步骤(1)所述的活动背景在选定广义信息领下的结构具有如下定义:In the above method, the structure of the activity background described in step (1) under the selected generalized information collar has the following definition:

  ABG-code IF-code [S1/L1][,S2/L2]…[Si/Li]… D1,D2,D3[,D4[,…]] ABG-code IF-code [S 1 /L 1 ][,S 2 /L 2 ]…[Si/Li]… D 1 , D 2 , D 3 [, D 4 [,…]]

其中:in:

ABG-code:活动背景号,便于通过代号引用;ABG-code: activity background number, which is convenient for reference by code;

IF-code:广义信息域号;IF-code: generalized information domain number;

[S1/L1][,S2/L2]…[Si/Li]…:物理重构参数,可任意选择,其结果是产生确定的活动背景。其中Si是偏移,Li是长度,十进制表示。物理重构时的单位是字节;[S1/L1][,S2/L2]...[Si/Li]...: Physical reconstruction parameters, which can be chosen arbitrarily, resulting in a defined active background. Where Si is the offset and Li is the length expressed in decimal. The unit of physical reconstruction is byte;

D1,D2,D3[Di[,…]]:逻辑重构参数,Di为维定义,十进制表示,给出该维最大下标值,括号内可任选,逻辑重构时其单位是位。D1, D2, D3[Di[,…]]: logic reconstruction parameters, Di is the dimension definition, expressed in decimal, gives the maximum subscript value of the dimension, optional in brackets, the unit of logic reconstruction is bit.

上述方法中,步骤(1)所述的物理重构模块对该选定的IF进行物理重构,其具体操作如下:In the above method, the physical reconstruction module described in step (1) physically reconstructs the selected IF, and its specific operations are as follows:

若物理重构参数为空,则活动背景与选定信息域等价;若物理重构参数非空,则依次选取一组物理重构参数[Si/Li],从广义信息域或中间结果的第Si字节起截取长度为Li字节长的0、1串作为有效信息。物理重构可以将一个广义信息域的信息扩展成多个不同的活动背景的物理信息块;If the physical reconstruction parameters are empty, the active background is equivalent to the selected information domain; if the physical reconstruction parameters are not empty, then a set of physical reconstruction parameters [Si/Li] is selected in turn, and the generalized information domain or the intermediate result From the fourth byte, a string of 0 and 1 with a length of Li bytes is intercepted as valid information. Physical reconstruction can expand the information of a generalized information domain into multiple physical information blocks of different activity backgrounds;

在物理重构中引入一组离散化规则、算法,达到单向可计算、高度隔离性和离散化的目标,因此,通过定义规则,使得物理重构具有以下特点:A set of discretization rules and algorithms are introduced in physical reconstruction to achieve the goal of one-way computability, high isolation and discretization. Therefore, by defining rules, physical reconstruction has the following characteristics:

a、一次重构有可能使某个字节值产生多种变化,满足单向可计算性;a. One refactoring may cause multiple changes to a certain byte value, satisfying one-way computability;

b、重构保持随机特性,如0、1的比例;b. Refactoring maintains random characteristics, such as the ratio of 0 and 1;

c、重构产生中间结果或活动背景的物理结构,满足单向可计算,但不存在反函数,无法逆向求出上层的结果,具有高度隔离性。c. Reconstruct the physical structure that produces intermediate results or activity backgrounds, satisfying one-way computability, but there is no inverse function, and it is impossible to reversely calculate the upper-level results, which has a high degree of isolation.

上述方法中,步骤(1)所述的逻辑重构模块对经物理重构的IF进行逻辑重构获取活动背景,其具体操作如下:In the above method, the logical reconstruction module described in step (1) performs logical reconstruction on the physically reconstructed IF to obtain the activity background, and its specific operations are as follows:

把一维的字节线性空间转换为任意多维的位逻辑空间,把由物理重构得到的一维数据重构为D1×D2×…×Dn的信息块,则每一位对应一个地址,且每一个地址都可用(y1,y2,…,yn)表示,而D1,D2,…,Dn是事先约定好的每维最大下标值。Convert the one-dimensional byte linear space into any multi-dimensional bit logic space, reconstruct the one-dimensional data obtained by physical reconstruction into D1×D2×…×Dn information blocks, then each bit corresponds to an address, and Each address can be represented by (y1, y2, ..., yn), and D1, D2, ..., Dn are the maximum subscript values of each dimension agreed in advance.

例如定义:Example definition:

  4 Sample.txt [34/256],[568/512] 456,355,756 4 Sample.txt [34/256], [568/512] 456, 355, 756

表示选取代号为4的活动背景。要获得该活动背景,需要以文件名为Sample.txt的文件作为广义信息域,然后进行物理及逻辑重构。物理重构参数[34/256],[568/512]表示从第34字节和第568字节起,分别选取256和512字节长的二进制串,并合并成一个长为768字节(6144位)的二进制串。逻辑重构把该6144位长的二进制串映射成3维的空间,每维的最大下标值分别为456,355和756。Indicates that the active background whose number is 4 is selected. To obtain the activity background, it is necessary to use the file named Sample.txt as a generalized information domain, and then perform physical and logical reconstruction. The physical reconstruction parameters [34/256], [568/512] indicate that starting from the 34th byte and the 568th byte, respectively select binary strings with a length of 256 and 512 bytes, and merge them into a length of 768 bytes ( 6144 bits) binary string. The logical reconstruction maps the 6144-bit long binary string into a 3-dimensional space, and the maximum subscript values of each dimension are 456, 355 and 756 respectively.

根据由广义信息域产生密钥的三元组可知,三元协同产生密钥,缺一不可。加/解密双方具有相同的广义信息域,是由双方事先约定的,不参与信息的传递过程。动态加密算法在封装状态下使用密钥,加密方按照事先约定好的信息域产生密钥并进行加密,之后把密文和信息头(包含ABG号和IV)传给解密方。解密方根据IV从约定的广义信息域中析出真正的解密密钥来解密。从加密方到解密方,密钥不显式出现,也不涉及密钥的传送。如果能确保广义信息域安全,IV和m即使公开也不影响安全性。此时密钥安全性问题转变为广义信息域安全性问题,密钥不再显式传送和管理,大大加强安全性。线性分析、差分分析、代数攻击等常规密码分析方法不适用于本发明系统。According to the triplets that generate keys from the generalized information domain, it can be known that triplets cooperate to generate keys, and neither of them is dispensable. The two sides of encryption/decryption have the same generalized information domain, which is agreed by both parties in advance and does not participate in the process of information transmission. The dynamic encryption algorithm uses the key in the encapsulation state. The encryption party generates the key according to the pre-agreed information field and encrypts it, and then sends the ciphertext and information header (including ABG number and IV) to the decryption party. The decryption party extracts the real decryption key from the agreed generalized information domain according to the IV to decrypt. From the encrypting party to the decrypting party, the key does not appear explicitly and does not involve the transmission of the key. If the security of the generalized information domain can be ensured, even if IV and m are disclosed, the security will not be affected. At this time, the key security problem is transformed into a generalized information domain security problem, and the key is no longer explicitly transmitted and managed, which greatly enhances security. Conventional cryptanalysis methods such as linear analysis, differential analysis, and algebraic attack are not suitable for the system of the present invention.

目前很多加密系统的密钥被多次重复使用,从而降低系统的安全性。本发明,从而大大提高系统的安全性。At present, the keys of many encryption systems are reused many times, thereby reducing the security of the system. The present invention greatly improves the security of the system.

上述实施例为本发明较佳的实施方式,但本发明的实施方式并不受上述实施例的限制,其他的任何未背离本发明的精神实质与原理下所作的改变、修饰、替代、组合、简化,均应为等效的置换方式,都包含在本发明的保护范围之内。The above-mentioned embodiment is a preferred embodiment of the present invention, but the embodiment of the present invention is not limited by the above-mentioned embodiment, and any other changes, modifications, substitutions, combinations, Simplifications should be equivalent replacement methods, and all are included in the protection scope of the present invention.

Claims (10)

1、基于广义信息域的动态加密系统,其特征在于:包括相连接的基于广义信息域的伪随机码发生器、加解密子系统,该加解密子系统包括加密子系统、解密子系统;1. The dynamic encryption system based on the generalized information domain is characterized in that: it includes a connected pseudo-random code generator and an encryption and decryption subsystem based on the generalized information domain, and the encryption and decryption subsystem includes an encryption subsystem and a decryption subsystem; 其中加密子系统包括依次连接的分组系数与轮密钥生成模块、分组模块、对偶位置交换模块、置换运算模块;解密子系统包括依次连接的分组系数与轮密钥生成模块、分组模块、置换运算模块、对偶位置交换模块;且加密子系统、解密子系统共用同一个分组系数与轮密钥生成模块;The encryption subsystem includes grouping coefficients and round key generation modules, grouping modules, dual position exchange modules, and permutation operation modules that are connected in sequence; the decryption subsystem includes grouping coefficients and round key generation modules, grouping modules, and permutation operations that are connected in sequence module, dual position exchange module; and the encryption subsystem and the decryption subsystem share the same grouping coefficient and round key generation module; 其中的基于广义信息域的伪随机码发生器包括依次连接的IV生成模块、IV规格化模块、m模块、约束化处理模块、密钥长度判断模块,所述m模块同时还与活动背景生成模块相连接;Wherein the pseudo-random code generator based on the generalized information domain includes an IV generation module, an IV normalization module, an m module, a constraint processing module, and a key length judging module connected in sequence, and the m module is also connected with the active background generation module at the same time connected; 同时,所述基于广义信息域的伪随机码发生器分别与加密子系统、解密子系统中的分组系数与轮密钥生成模块、对偶位置交换模块、置换运算模块相连接,分组系数与轮密钥生成模块还通过一个断点入口与m模块相连。At the same time, the pseudo-random code generator based on the generalized information domain is respectively connected with the grouping coefficient in the encryption subsystem and the decryption subsystem, the round key generation module, the dual position exchange module, and the permutation operation module. The key generation module is also connected to the m module through a breakpoint entry. 2、根据权利要求1所述的基于广义信息域的动态加密系统,其特征在于:所述活动背景生成模块主要由物理重构模块、逻辑重构模块连接组成。2. The dynamic encryption system based on the generalized information domain according to claim 1, characterized in that: the active background generation module is mainly composed of a physical reconstruction module and a logical reconstruction module. 3、一种利用权利要求1或2所述的基于广义信息域的动态加密系统实现加密的方法,其特征在于:包括加密过程和解密过程,加密过程具体如下:3. A method for implementing encryption using the dynamic encryption system based on the generalized information domain described in claim 1 or 2, characterized in that: it includes an encryption process and a decryption process, and the encryption process is specifically as follows: (1)活动背景生成模块通过对选定IF的物理重构获得IF的某个子空间,然后把该子空间逻辑重构成活动背景;(1) The active background generation module obtains a certain subspace of the IF through the physical reconstruction of the selected IF, and then logically reconstructs the subspace into the active background; (2)IV生成模块产生IV,IV规格化模块把IV压缩或拉伸成为确定长度的二进制地址串,并将其划分为n块:(2) The IV generation module generates IV, and the IV normalization module compresses or stretches the IV into a binary address string of a certain length, and divides it into n blocks:   XI X2 Xn
X I x2 X n
作为活动背景中的n维逻辑地址;As an n-dimensional logical address in the active context; (3)m模块对活动背景中的n维逻辑位地址与物理空间进行空间轨迹变换,并在每次的地址迁移中,从活动背景中析出k位长的位串并入密钥序列中;为了获得迁移地址,约束化处理模块根据之前k位位串值的最大值与最小值的频数之差来进行约束化处理,得到一个修正值;然后由m模块把修正值并入地址序列,经过平移获取新的n维迁移地址;(3) The m module transforms the n-dimensional logical bit address and the physical space in the active background to the space trajectory, and in each address migration, extracts a k-bit long bit string from the active background and incorporates it into the key sequence; In order to obtain the migration address, the constraint processing module performs constraint processing according to the frequency difference between the maximum value and the minimum value of the previous k-bit bit string value to obtain a correction value; then the correction value is incorporated into the address sequence by the m module, through Translate to obtain a new n-dimensional migration address; (4)密钥长度判断模块根据预设的参数判断密钥的长度是否足够,若不足够,则重复进行步骤(3)操作,若足够,则输出密钥;(4) the key length judging module judges whether the length of the key is sufficient according to preset parameters, if not enough, then repeat step (3) operation, if enough, then output the key; (5)生成分组系数与轮密钥Keyr---对用户选定加密轮数,系统自动实现每轮分组系数选定与轮密钥生成,并控制各轮分组系数在一定轮数范围内不重复;由基于广义信息域的伪随机码发生器产生长度为一个字节或字的位串,并按该位串的值在分组系数集合中选取第r轮的分组系数nr,然后返回步骤(3),由基于广义信息域的伪随机码发生器继续产生
Figure A200810198491C0003173231QIETU
长的轮密钥Keyr;重复步骤(5),直到所有的分组系数及轮密钥生成完毕,最后把各轮的轮密钥Keyr依次拼接成密钥K;(5) Generate grouping coefficient and round key Key r --- Select the number of encryption rounds for the user, the system automatically realizes the selection of each round of grouping coefficient and round key generation, and controls the grouping coefficient of each round within a certain range of rounds No repetition; the pseudo-random code generator based on the generalized information domain generates a bit string with a length of one byte or word, and selects the grouping coefficient n r of the r-th round in the grouping coefficient set according to the value of the bit string, and then returns Step (3), the pseudo-random code generator based on the generalized information domain continues to generate
Figure A200810198491C0003173231QIETU
Long round key Key r ; repeat step (5), until all grouping coefficients and round keys are generated, and finally splice the round key Key r of each round into key K; 多轮加密时,记n′=max(nr),r=1,2,...,R,其中R是加密轮数,依次选取大小为2n′的块为单位,按步骤(6)、(7)、(8)进行R轮加密;During multiple rounds of encryption, remember n'=max(n r ), r=1, 2, ..., R, where R is the number of rounds of encryption, and the blocks with a size of 2 n' are selected successively as units, and according to step (6 ), (7), (8) carry out R round encryption; (6)分组方案---对密钥K按分组系数nr进行分组,分组系数决定了明文分组置换加密的地址空间为
Figure A200810198491C0003173258QIETU
(6) Grouping scheme --- Group the key K according to the grouping coefficient n r , and the grouping coefficient determines the address space of the plaintext group permutation encryption as
Figure A200810198491C0003173258QIETU
; (7)对偶位置交换---密钥K分组的内容ki代表加密空间分组的组内地址,对ki按位取反得到
Figure A200810198491C0003173310QIETU
,ki
Figure A200810198491C0003173320QIETU
形成对偶地址对,分析各个ki的统计特性后进行相应的移位和对偶地址对应内容的交换处理;这些处理是由密钥的排列特性决定的,因此使用不同的密钥,加密时采取的移位及交换处理是不同的;(7) Dual position exchange --- the content ki of the key K group represents the intra-group address of the encryption space group, and the bitwise inversion of ki is obtained
Figure A200810198491C0003173310QIETU
, k i and
Figure A200810198491C0003173320QIETU
Form a dual address pair, analyze the statistical characteristics of each ki , and perform corresponding shifting and exchange processing of the corresponding content of the dual address; these processes are determined by the arrangement characteristics of the key, so different keys are used, and the encryption method is adopted Shift and swap are handled differently; (8)置换运算---记轮密钥为Keyr=(K1,K2,...,Ki),明文加密空间分组A=(A0,A1,...,Ai),相应的密文分组为 A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) , 其中Ki,Ai
Figure A200810198491C00032
占1bit,即视为二进制流的形式,在完成位置交换后,按以下公式计算出A′值,该A′作为第r+1轮的A使用:(8) Permutation operation --- the round key is Key r = (K 1 , K 2 , ..., K i ), the plaintext encryption space grouping A = (A 0 , A 1 , ..., A i ), and the corresponding ciphertext grouping is A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) , where K i , A i ,
Figure A200810198491C00032
Occupying 1 bit, it is regarded as the form of a binary stream. After the position exchange is completed, the A' value is calculated according to the following formula, and the A' is used as the A of the r+1 round: AA 00 ′′ == AA 00 ⊕⊕ KK 00 ⊕⊕ AA ii ,, ii == 00 AA ii ′′ == AA ii ⊕⊕ KK ii ⊕⊕ AA ii -- 11 ′′ ,, ii ≠≠ 00 ;; 上述步骤(6)至(8)当为加密算法所进行的第r轮加密过程,一轮加密结束,若未完成R轮加密则重复进行步骤(6)至(8),否则转(9);When the above steps (6) to (8) are the rth round encryption process performed by the encryption algorithm, one round of encryption is over, if the R round of encryption is not completed, then repeat steps (6) to (8), otherwise go to (9) ; (9)若明文未加密完毕,返回(6),否则,加密结束,返回密文;(9) If the plaintext has not been encrypted, return to (6), otherwise, the encryption is completed and the ciphertext is returned; 解密过程具体如下:The decryption process is as follows: (10)活动背景生成模块通过对选定IF的物理重构获得IF的某个子空间,然后把该子空间逻辑重构成活动背景;(10) The active background generation module obtains a certain subspace of the IF through the physical reconstruction of the selected IF, and then logically reconstructs the subspace into the active background; (11)IV生成模块产生IV,IV规格化模块把IV压缩或拉伸成为确定长度的二进制地址串,并将其划分为n块:(11) IV generation module produces IV, and IV normalization module compresses or stretches IV into the binary address string of definite length, and it is divided into n blocks:   X1 X2 Xn
x1 x2 X n
作为活动背景中的n维逻辑地址;As an n-dimensional logical address in the active context; (12)m模块对活动背景中的n维逻辑位地址与物理空间进行空间轨迹变换,并在每次的地址迁移中,从活动背景中析出k位长的位串并入密钥序列中,为了获得迁移地址,约束化处理模块根据之前k位位串值的最大值与最小值的频数之差来进行约束化处理,得到一个修正值;然后由m模块把修正值并入地址序列,经过平移获取新的n维迁移地址;(12) The m module transforms the n-dimensional logical bit address and the physical space in the active background to the space trajectory, and in each address migration, extracts a k-bit long bit string from the active background and incorporates it into the key sequence, In order to obtain the migration address, the constraint processing module performs constraint processing according to the frequency difference between the maximum value and the minimum value of the previous k-bit bit string value to obtain a correction value; then the correction value is incorporated into the address sequence by the m module, through Translate to obtain a new n-dimensional migration address; (13)密钥长度判断模块根据预设的参数判断密钥的长度是否足够,若不足够,则重复进行步骤(12)操作,若足够,则输出密钥;(13) The key length judging module judges whether the length of the key is sufficient according to preset parameters, if not enough, then repeat step (12) operation, if enough, then output the key; (14)生成分组系数与轮密钥Keyr---对解密轮数,系统自动实现每轮分组系数选定与轮密钥生成,并控制各轮分组系数在一定轮数范围内不重复,由基于广义信息域的伪随机码发生器产生长度为一个字节或字的位串,并按该位串的值在分组系数集合中选取第r轮的分组系数nr,然后返回步骤(12),由基于广义信息域的伪随机码发生器继续产生
Figure A200810198491C0004173422QIETU
长的轮密钥Keyr;重复步骤(14),直到所有的分组系数及轮密钥生成完毕,最后把各轮的轮密钥Keyr依次拼接成密钥K;(14) Generation of grouping coefficients and round key Key r --- For the number of decryption rounds, the system automatically realizes the selection of each round of grouping coefficients and the generation of round keys, and controls the grouping coefficients of each round to not repeat within a certain range of rounds. The pseudo-random code generator based on the generalized information domain generates a bit string with a length of one byte or word, and selects the grouping coefficient n r of the r-th round in the grouping coefficient set according to the value of the bit string, and then returns to step (12 ), continue to be generated by the pseudo-random code generator based on the generalized information domain
Figure A200810198491C0004173422QIETU
Long round key Key r ; repeat step (14), until all grouping coefficients and round keys are generated, and finally the round key Key r of each round is spliced into key K in turn; 多轮解密时,记n′=max(nr),r=1,2,...,R,其中R是解密轮数,依次选取大小为2n′的块为单位,按步骤(15)、(16)、(17)进行R轮解密;During multiple rounds of decryption, remember n'=max(n r ), r=1, 2, ..., R, where R is the number of rounds of decryption, and the blocks with a size of 2 n' are selected successively as units, and according to step (15 ), (16), (17) carry out R round decryption; (15)分组方案---对密钥K按分组系数nR-r+1进行分组,分组系数决定了密文分组置换解密的地址空间为
Figure A200810198491C00041
(15) Grouping scheme --- Group the key K according to the grouping coefficient n R-r+1 , and the grouping coefficient determines the address space for ciphertext group replacement and decryption as
Figure A200810198491C00041
 (16)置换运算---记轮密钥为 Key r ′ = ( K 1 , K 2 , . . . , K i ) , 是由步骤(14)产生的KeyR-r+1,密文解密空间分组A=(A0,A1,...,Ai),相应的明文分组为 A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) , 其中Ki,Ai
Figure A200810198491C00044
占1bit,即视为二进制流的形式,在完成位置交换后,按以下公式计算出A′值(A′作为第r+1轮的A使用):(16) Replacement operation --- the round key is key r ′ = ( K 1 , K 2 , . . . , K i ) , is the Key R-r+1 generated in step (14), the ciphertext decryption space grouping A=(A 0 , A 1 ,...,A i ), and the corresponding plaintext grouping is A ′ = ( A 0 ′ , A 1 ′ , . . . , A i ′ ) , where K i , A i ,
Figure A200810198491C00044
Occupying 1 bit, it is regarded as the form of a binary stream. After the position exchange is completed, the value of A' is calculated according to the following formula (A' is used as A in the r+1 round): AA ii == AA ii -- 11 ′′ ⊕⊕ KK ii ⊕⊕ AA ii ′′ ,, ii ≠≠ 00 AA 00 == AA 00 ′′ ⊕⊕ KK 00 ⊕⊕ AA ii ,, ii == 00 ;; (17)对偶位置交换---密钥K分组的内容ki代表加密空间分组的组内地址,对ki按位取反得到ki
Figure A200810198491C00047
形成对偶地址对;分析各个ki的统计特性后进行相应的移位和对偶地址对应内容的交换处理;这些处理是由密钥的排列特性决定的,因此使用不同的密钥,解密时采取的移位及交换处理是不同的;(17) Dual position exchange --- the content ki of the key K group represents the intra-group address of the encryption space group, and the bitwise inversion of ki is obtained k i and
Figure A200810198491C00047
Form a pair of dual addresses; after analyzing the statistical characteristics of each ki , perform corresponding shifting and exchange processing of the corresponding content of the dual address; these processes are determined by the arrangement characteristics of the key, so different keys are used, and the method used for decryption is Shift and swap are handled differently; 上述步骤(15)至(17)当为解密算法所进行的第r轮解密过程,一轮解密结束,若未完成R轮加密则重复进行步骤(15)至(17),否则转(18);When the above steps (15) to (17) are the rth round of decryption process carried out by the decryption algorithm, one round of decryption ends, if the R round of encryption is not completed, then repeat steps (15) to (17), otherwise go to (18) ; (18)若密文未解密完毕,返回(15),否则,解密结束,返回明文。(18) If the ciphertext has not been decrypted, return to (15), otherwise, the decryption is completed and the plaintext is returned. 4、根据权利要求3所述基于广义信息域的动态加解密的方法,其特征在于:步骤(2)、(11)所述IV由系统随机数、系统内部时间、指定内容中的一项或任意多项组成,其中系统随机数、系统内部时间通过调用函数获得,实现IV的随机性和唯一性,指定内容由用户给定,实现IV的个性化。4. The method for dynamic encryption and decryption based on generalized information domain according to claim 3, characterized in that: the IV in steps (2), (11) is composed of one of system random number, system internal time, specified content or It is composed of any number of items, among which the system random number and the internal time of the system are obtained by calling functions to realize the randomness and uniqueness of the IV, and the specified content is given by the user to realize the personalization of the IV. 5、根据权利要求3所述基于广义信息域的动态加解密方法,其特征在于:步骤(1)、(10)所述的IF为任意类型的数据,本质上是以字节为单位的任意长的二进制0、1位串。5. The dynamic encryption and decryption method based on the generalized information domain according to claim 3 is characterized in that: the IF described in steps (1) and (10) is data of any type, essentially any data in bytes. A long string of binary 0, 1 bits. 6、根据权利要求3所述基于广义信息域的动态加解密的方法,其特征在于:步骤(1)、(10)所述的IF由算法产生,或者为图像、文本文件或内存的一段代码。6. The method for dynamic encryption and decryption based on generalized information domain according to claim 3, characterized in that: the IF in steps (1) and (10) is generated by an algorithm, or is an image, a text file or a section of code in memory . 7、根据权利要求3所述基于广义信息域的动态加解密的方法,其特征在于:步骤(1)、(10)所述的活动背景在选定广义信息领下的结构具有如下定义:7. The method for dynamic encryption and decryption based on generalized information domain according to claim 3, characterized in that: the structure of the activity background described in steps (1), (10) under the selected generalized information domain has the following definition:   ABG-code IF-code [S1/L1][,S2/L2]…[Si/Li]… D1,D2,D3[,D4[,…]]
ABG-code IF-code [S 1 /L 1 ][,S 2 /L 2 ]…[Si/Li]… D 1 , D 2 , D 3 [, D 4 [,…]]
其中,ABG-code为活动背景号;Among them, ABG-code is the activity background number; IF-code为广义信息域号;IF-code is the generalized information domain number; [S1/L1][,S2/L2]…[Si/Li]…为物理重构参数,其中Si是偏移,Li是长度,物理重构时的单位是字节;[S1/L1][, S2/L2]...[Si/Li]...is the physical reconstruction parameter, where Si is the offset, Li is the length, and the unit of physical reconstruction is byte; D1,D2,D3[Di[,…]]为逻辑重构参数,Di为维定义。D1, D2, D3[Di[,…]] are logic reconstruction parameters, Di is dimension definition. 8、根据权利要求3所述基于广义信息域的动态加解密的方法,其特征在于:步骤(1)、(10)所述的物理重构模块对该选定的IF进行物理重构,其具体操作如下:8. The method for dynamic encryption and decryption based on generalized information domain according to claim 3, characterized in that: the physical reconstruction module described in steps (1) and (10) physically reconstructs the selected IF, wherein The specific operation is as follows: 若物理重构参数为空,则活动背景与选定信息域等价;若物理重构参数非空,则依次选取一组物理重构参数[Si/Li],从广义信息域或中间结果的第Si字节起截取长度为Li字节长的0、1串作为有效信息。If the physical reconstruction parameters are empty, the active background is equivalent to the selected information domain; if the physical reconstruction parameters are not empty, then a set of physical reconstruction parameters [Si/Li] is selected in turn, and the generalized information domain or the intermediate result From the fourth byte, a string of 0 and 1 with a length of Li bytes is intercepted as valid information. 9、根据权利要求3所述基于广义信息域的动态加解密的方法,其特征在于:步骤(1)、(10)所述的逻辑重构模块对该选定的IF进行逻辑重构获取活动背景,其具体操作如下:9. The method for dynamic encryption and decryption based on generalized information domain according to claim 3, characterized in that: the logic reconstruction module described in steps (1) and (10) performs logic reconstruction and acquisition activities on the selected IF background, the specific operations are as follows: 由物理重构得到的一维数据重构为D1×D2×…×Dn的信息块。The one-dimensional data obtained by physical reconstruction is reconstructed into information blocks of D1×D2×…×Dn. 10、根据权利要求3所述基于广义信息域的动态加解密的方法,其特征在于:步骤(1)、(2)、(3)、(10)、(11)、(12)所述的IF、IV、m模块中的m三元协调来实现在背景空间轨迹迁移,在迁移过程中析出k位密钥,同时修改迁移轨迹,直至生成的长度满足要求为止。10. The method for dynamic encryption and decryption based on generalized information domain according to claim 3, characterized in that: the steps (1), (2), (3), (10), (11), (12) described The m ternary coordination in the IF, IV, and m modules realizes the trajectory migration in the background space. During the migration process, the k-bit key is extracted, and the migration trajectory is modified at the same time until the generated length meets the requirements.
CN200810198491XA 2008-09-12 2008-09-12 Dynamic ciphering method based on broad sense information field Expired - Fee Related CN101383703B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810198491XA CN101383703B (en) 2008-09-12 2008-09-12 Dynamic ciphering method based on broad sense information field

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810198491XA CN101383703B (en) 2008-09-12 2008-09-12 Dynamic ciphering method based on broad sense information field

Publications (2)

Publication Number Publication Date
CN101383703A true CN101383703A (en) 2009-03-11
CN101383703B CN101383703B (en) 2011-04-27

Family

ID=40463344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810198491XA Expired - Fee Related CN101383703B (en) 2008-09-12 2008-09-12 Dynamic ciphering method based on broad sense information field

Country Status (1)

Country Link
CN (1) CN101383703B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101895389A (en) * 2010-07-16 2010-11-24 黑龙江大学 Methods for encrypting and decrypting combined coding based file by adopting proportion calculation
CN101938350A (en) * 2010-07-16 2011-01-05 黑龙江大学 A Method of File Encryption and Decryption Based on Combined Code
CN102075812A (en) * 2010-08-10 2011-05-25 深圳市九洲电器有限公司 Data receiving method and system of digital television
CN103684761A (en) * 2013-12-25 2014-03-26 广西宝恒电子科技有限公司 Coding and decoding method
CN104868989A (en) * 2015-06-11 2015-08-26 湘潭大学 Encryption method for image data secure transmission
CN105049176A (en) * 2015-06-11 2015-11-11 湘潭大学 Decryption method used for image data secure transmission
CN105740721A (en) * 2016-01-21 2016-07-06 浪潮电子信息产业股份有限公司 Device, method and system for encrypting and decrypting data
CN106817220A (en) * 2015-11-30 2017-06-09 北大方正集团有限公司 A kind of method of encryption of communicated data, device and encryption device
CN106921486A (en) * 2015-12-28 2017-07-04 航天信息股份有限公司 The method and apparatus of data encryption
CN107124273A (en) * 2017-05-10 2017-09-01 成都课迪科技有限公司 A kind of platform data encryption method and device based on dynamic authorization code
CN112184926A (en) * 2020-09-14 2021-01-05 南京通用电器有限公司 Method and device for preventing counter cheating based on dynamic change encryption data packet
US11418339B2 (en) * 2011-09-13 2022-08-16 Combined Conditional Access Development & Support, Llc (Ccad) Preservation of encryption

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09162859A (en) * 1995-12-07 1997-06-20 Fujitsu Ltd Scramble method and apparatus, descramble method and apparatus, and data transmission method and system

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938350A (en) * 2010-07-16 2011-01-05 黑龙江大学 A Method of File Encryption and Decryption Based on Combined Code
CN101895389B (en) * 2010-07-16 2012-06-06 黑龙江大学 Methods for encrypting and decrypting combined coding based file by adopting proportion calculation
CN101938350B (en) * 2010-07-16 2012-06-06 黑龙江大学 File encryption and decryption method based on combinatorial coding
CN101895389A (en) * 2010-07-16 2010-11-24 黑龙江大学 Methods for encrypting and decrypting combined coding based file by adopting proportion calculation
CN102075812A (en) * 2010-08-10 2011-05-25 深圳市九洲电器有限公司 Data receiving method and system of digital television
CN102075812B (en) * 2010-08-10 2013-06-19 深圳市九洲电器有限公司 Data receiving method and system of digital television
US11418339B2 (en) * 2011-09-13 2022-08-16 Combined Conditional Access Development & Support, Llc (Ccad) Preservation of encryption
CN103684761B (en) * 2013-12-25 2017-02-01 广西宝恒电子科技有限公司 Coding and decoding method
CN103684761A (en) * 2013-12-25 2014-03-26 广西宝恒电子科技有限公司 Coding and decoding method
CN105049176A (en) * 2015-06-11 2015-11-11 湘潭大学 Decryption method used for image data secure transmission
CN104868989B (en) * 2015-06-11 2017-11-17 湘潭大学 Encryption method for view data safe transmission
CN105049176B (en) * 2015-06-11 2017-12-29 湘潭大学 Decryption method for view data safe transmission
CN104868989A (en) * 2015-06-11 2015-08-26 湘潭大学 Encryption method for image data secure transmission
CN106817220A (en) * 2015-11-30 2017-06-09 北大方正集团有限公司 A kind of method of encryption of communicated data, device and encryption device
CN106921486A (en) * 2015-12-28 2017-07-04 航天信息股份有限公司 The method and apparatus of data encryption
CN105740721A (en) * 2016-01-21 2016-07-06 浪潮电子信息产业股份有限公司 Device, method and system for encrypting and decrypting data
CN107124273A (en) * 2017-05-10 2017-09-01 成都课迪科技有限公司 A kind of platform data encryption method and device based on dynamic authorization code
CN112184926A (en) * 2020-09-14 2021-01-05 南京通用电器有限公司 Method and device for preventing counter cheating based on dynamic change encryption data packet

Also Published As

Publication number Publication date
CN101383703B (en) 2011-04-27

Similar Documents

Publication Publication Date Title
CN101383703A (en) Dynamic Encryption System and Method Based on Generalized Information Domain
CN101394268B (en) Advanced ciphering system and method based on broad sense information field
Mathur et al. AES based text encryption using 12 rounds with dynamic key selection
CN107317666A (en) A kind of parallel full homomorphism encipher-decipher method for supporting floating-point operation
EP1833190A1 (en) Table splitting for cryptographic processes
CN105610793A (en) Outsourced data encrypted storage and cryptograph query system and application method therefor
Alemami et al. Advanced approach for encryption using advanced encryption standard with chaotic map
CN103051446B (en) A kind of key encrypting and storing method
Kareem et al. A modification on key stream generator for RC4 algorithm
Mewada et al. Exploration of efficient symmetric AES algorithm
Chen et al. Cryptanalysis of a chaotic image cipher based on plaintext-related permutation and lookup table
Achkoun et al. SPF-CA: A new cellular automata based block cipher using key-dependent S-boxes
CN107147626B (en) Encrypted file transmission method combining AES algorithm and ElGamal algorithm
Yang [Retracted] Application of Hybrid Encryption Algorithm in Hardware Encryption Interface Card
Bhowmik et al. A symmetric key based secret data sharing scheme
Guru et al. AES and RSA-based Hybrid Algorithms for Message Encryption & Decryption
CN101364868B (en) Pseudo-random code generator and its generation method based on generalized information domain
Blaise et al. An Understanding and Perspectives of End-To-End Encryption
CN118018659A (en) Image encryption and decryption method and system based on SM2 and DNA
CN106973061B (en) An Outgoing File Encryption Method Based on AES Based on Reversible Logic Circuit
CN112367159B (en) A hybrid encryption and decryption method and system for safe storage of medical data
CN104735652A (en) Chaotic encryption method suitable for wireless sensor network
Bao et al. Quantum Multi-Collision Distinguishers.
CN112507357B (en) Multi-stage interface design method based on key generator
CN201256392Y (en) Dynamic ciphering system based on broad sense information field

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110427

Termination date: 20140912

EXPY Termination of patent right or utility model