[go: up one dir, main page]

CN111162898B - SM4 rapid software implementation method and device based on Android terminal - Google Patents

SM4 rapid software implementation method and device based on Android terminal Download PDF

Info

Publication number
CN111162898B
CN111162898B CN201911376951.8A CN201911376951A CN111162898B CN 111162898 B CN111162898 B CN 111162898B CN 201911376951 A CN201911376951 A CN 201911376951A CN 111162898 B CN111162898 B CN 111162898B
Authority
CN
China
Prior art keywords
file
encrypted
decrypted
data
box
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201911376951.8A
Other languages
Chinese (zh)
Other versions
CN111162898A (en
Inventor
王闯
郭华
陈晨
李浩民
刘建伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201911376951.8A priority Critical patent/CN111162898B/en
Publication of CN111162898A publication Critical patent/CN111162898A/en
Application granted granted Critical
Publication of CN111162898B publication Critical patent/CN111162898B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a rapid software implementation method based on an SM4 algorithm of an Android terminal, which comprises the following steps: preprocessing a file to be encrypted or decrypted and a secret key; the file and the secret key are persisted to a database of an Android client and stored; and the Android client accesses the database and encrypts or decrypts the file to be encrypted or decrypted. Through the technical means, the invention combines Java native method technology (JNI), vectorization technology and algebra optimization technology, uses the NEON instruction set supporting Single Instruction Multiple Data (SIMD) under the ARM architecture, arranges the storage structure of the data to be processed, realizes the parallel encryption and decryption of 128 groups of data, reduces the complexity of domain operation through the algebra optimization technology, and greatly improves the software realization efficiency.

Description

一种基于Android端的SM4快速软件实现方法及装置A kind of SM4 fast software implementation method and device based on Android terminal

技术领域technical field

本发明涉及计算机安全技术领域,具体来说,涉及一种基于Android端的SM4快速软件实现方法及装置。The invention relates to the technical field of computer security, and in particular, to a method and device for implementing SM4 fast software based on an Android terminal.

背景技术Background technique

随着移动通信业务的发展,移动终端设备的功能也随之发生了巨大的变化。从最初的语音传输,发展成短消息业务和Web浏览,后来扩展成多媒体短信业务及各种无线增值业务。伴随着移动终端用户规模的继续扩大和用户对移动终端技术的了解,移动终端正面临着越来越多的威胁,大数据的热潮和5G时代的到来进一步加剧了移动终端的安全挑战。With the development of mobile communication services, the functions of mobile terminal equipment have also undergone tremendous changes. From the initial voice transmission, it developed into short message business and Web browsing, and later expanded into multimedia short message business and various wireless value-added services. With the continuous expansion of mobile terminal users and users' understanding of mobile terminal technology, mobile terminals are facing more and more threats. The boom of big data and the arrival of the 5G era have further exacerbated the security challenges of mobile terminals.

密码技术是保护移动终端安全的一种重要技术。国产密码算法是我国从根本上实现现代化产业完全自主可控的安全基础。分组对称加密技术可用于保护数据的安全性。SM4分组密码算法是我国自主设计的分组对称密码,是国内官方公布的商用密码算法行业标准,为众多信息系统提供安全、完整的数据加密方案。Cryptography is an important technology to protect the security of mobile terminals. The domestic cryptographic algorithm is the security foundation for my country to fundamentally realize the completely independent and controllable modern industry. Block symmetric encryption technology can be used to protect the security of data. The SM4 block cipher algorithm is a block symmetric cipher independently designed by my country. It is an industry standard for commercial cryptographic algorithms officially announced in China. It provides a safe and complete data encryption scheme for many information systems.

SM4算法的高效软件实现有利于SM4作为国家标准的进一步普及,并有利于SM4算法竞选国际标准。在移动终端进行快速软件实现方法的研究,具有较强的实际应用价值。The efficient software implementation of the SM4 algorithm is conducive to the further popularization of SM4 as a national standard, and is conducive to the SM4 algorithm's campaign for international standards. The research on the fast software implementation method in the mobile terminal has strong practical application value.

发明内容SUMMARY OF THE INVENTION

针对相关技术中的问题,本发明提出一种基于Android端的SM4快速软件实现方法及装置。Aiming at the problems in the related art, the present invention provides a method and device for implementing SM4 fast software based on an Android terminal.

一种基于Android端的SM4快速软件实现方法,包括:An Android-based SM4 fast software implementation method, comprising:

预处理待加密或解密的文件和密钥;Preprocessing files and keys to be encrypted or decrypted;

将所述文件和密钥持久化至Android客户端的数据库并保存;Persist the file and key to the database of the Android client and save it;

所述Android客户端访问所述数据库,对所述待加密或解密文件进行加密或解密。The Android client accesses the database, and encrypts or decrypts the to-be-encrypted or decrypted file.

其中,所述待加密或解密文件为任意可读文本文件或二进制文件。The file to be encrypted or decrypted is any readable text file or binary file.

其中,所述Android客户端访问所述数据库,对所述待加密或解密文件及进行加密或解密,包括:Wherein, the Android client accesses the database, and encrypts or decrypts the to-be-encrypted or decrypted file, including:

所述Android客户端通过JNI接口访问所述加密或解密方法。The Android client accesses the encryption or decryption method through the JNI interface.

其中,当所述Android客户端通过JNI接口访问所述加密或解密方法时,需要验证所述待加密或解密文件是否存在,验证通过后,所述加密或解密方法开始对所述文件进行加密或解密。Wherein, when the Android client accesses the encryption or decryption method through the JNI interface, it needs to verify whether the file to be encrypted or decrypted exists. After the verification is passed, the encryption or decryption method starts to encrypt or decrypt the file. decrypt.

其中,所述加密或解密方法开始对所述文件进行加密或解密,包括:Wherein, the encryption or decryption method starts to encrypt or decrypt the file, including:

应用密钥扩展算法将初始密钥扩展为32个轮密钥;Apply the key expansion algorithm to expand the initial key into 32 round keys;

应用数据编排技术对所述文件和轮密钥的存储结构进行编排处理;The storage structure of the file and the round key is arranged and processed by applying the data arrangement technology;

应用复合域分解技术对所述编排后的数据进行32轮迭代运算;32 rounds of iterative operations are performed on the arranged data by applying the composite domain decomposition technology;

应用所述数据编排技术对所述迭代运算后的数据进行反编排处理,加密或解密计算完成。The data after the iterative operation is de-arranged by applying the data arrangement technology, and the encryption or decryption calculation is completed.

其中,所述数据编排技术预先缓存128组128比特的数据,应用矩阵转置技术对缓存数据进行转置,实现将128组数据的同一比特聚集在同一内存块中,完成比特分离操作;Wherein, the data arrangement technology caches 128 groups of 128-bit data in advance, and applies the matrix transposition technology to transpose the cached data, so that the same bits of the 128 groups of data are gathered in the same memory block to complete the bit separation operation;

其中,所述复合域分解技术使用域同构理论将S盒同构映射到复合域GF((24)2)上,将S盒的求逆运算变换到复合域上实现,之后逆映射回S盒,从而完成S盒运算。Among them, the composite domain decomposition technology uses the domain isomorphism theory to map the S box isomorphically to the composite domain GF((2 4 ) 2 ), transform the inversion operation of the S box to the composite domain, and then inversely map back to the composite domain. S box, thus completing the S box operation.

更具体地,使用NEON指令集并行实现数据编排,利用七组掩码完成比特矩阵转置,十六进制表示为:More specifically, the NEON instruction set is used to implement data arrangement in parallel, and seven sets of masks are used to complete the bit matrix transposition. The hexadecimal representation is:

MASK0=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMASK0=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

MASK1=CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCMASK1=CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

MASK2=F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0MASK2=F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0

MASK3=FF00FF00FF00FF00FF00FF00FF00FF00MASK3=FF00FF00FF00FF00FF00FF00FF00FF00

MASK4=FFFF0000FFFF0000FFFF0000FFFF0000MASK4=FFFF0000FFFF0000FFFF0000FFFF0000

MASK5=FFFFFFFF00000000FFFFFFFF00000000MASK5=FFFFFFFF00000000FFFFFFFF00000000

MASK6=FFFFFFFFFFFFFFFF0000000000000000MASK6=FFFFFFFFFFFFFFFF0000000000000000

通过选择适当的基域Q(y)和二次扩域P(x),可以将S盒的求逆运算同构映射到复合域GF((24)2)上进行。By choosing appropriate base field Q(y) and quadratic extension field P(x), the inversion operation of S-box can be isomorphically mapped to composite field GF((2 4 ) 2 ).

其中,基域为:Among them, the base domain is:

Q(y)=y4+y3+1;Q(y)=y 4 +y 3 +1;

二次扩域为:The secondary expansion domain is:

P(x)=x2+x+2;P(x)=x 2 +x+2;

同构映射矩阵为:The isomorphic mapping matrix is:

Figure GDA0003098434910000021
Figure GDA0003098434910000021

更进一步地,所述复合域GF((24)2)上的求逆为:Furthermore, the inversion on the composite field GF((2 4 ) 2 ) is:

令元素a=(a1*x+a0)∈GF((24)2),其中,a1,a0∈GF(24),则元素a的逆元素a-1可以表示为:Let element a=(a 1 *x+a 0 )∈GF((2 4 ) 2 ), where a 1 ,a 0 ∈GF(2 4 ), then the inverse element a -1 of element a can be expressed as:

a-1=(δ-1*a1)*x+(δ-1*(a1+a0))a -1 =(δ -1 *a 1 )*x+(δ -1 *(a 1 +a 0 ))

其中,

Figure GDA0003098434910000022
in,
Figure GDA0003098434910000022

根据本发明的另一方面,还提供了一种基于Android端的SM4快速软件实现装置,该装置包括:According to another aspect of the present invention, an Android-based SM4 fast software implementation device is also provided, the device comprising:

存储模块,用于将所述待加密或解密文件及密钥持久化至所述Android客户端的数据库并保存;A storage module, used to persist the file to be encrypted or decrypted and the key to the database of the Android client and save it;

编排模块,用于对所述待加密或解密文件及密钥的存储结构进行编排,实现比特分离;The arrangement module is used to arrange the storage structure of the file to be encrypted or decrypted and the key to realize bit separation;

迭代模块,用于对所述编排后的待加密或解密文件进行加密或解密An iterative module for encrypting or decrypting the arranged files to be encrypted or decrypted

其中,所述编排模块包括:Wherein, the orchestration module includes:

矩阵转置单元,使用NEON指令集作用于所述待加密或解密文件及密钥,改变所述待加密或解密文件及密钥的存储结构,实现比特分离。The matrix transposition unit uses the NEON instruction set to act on the to-be-encrypted or decrypted file and the key, changes the storage structure of the to-be-encrypted or decrypted file and the key, and realizes bit separation.

所述迭代模块包括:The iteration module includes:

复合域运算单元,使用NEON指令集完成S盒到复合域的同构映射,并在复合域中完成所述待加密或解密文件的求逆运算后逆映射回S盒,从而完成非线性变换和线性变换。The composite domain operation unit uses the NEON instruction set to complete the isomorphic mapping from the S box to the composite domain, and completes the inverse operation of the to-be-encrypted or decrypted file in the composite domain, and then inversely maps back to the S box, thereby completing the nonlinear transformation and Linear transformation.

附图说明Description of drawings

图1是根据本发明实施例的基于Android端的SM4快速软件实现方法的流程图;1 is a flowchart of an Android-based SM4 fast software implementation method according to an embodiment of the present invention;

图2是根据本发明实施例的基于Android端的SM4快速软件实现方法的系统结构示意图;2 is a schematic diagram of a system structure of an Android-based SM4 fast software implementation method according to an embodiment of the present invention;

图3是本发明一具体实施例的示意性流程图;3 is a schematic flow chart of a specific embodiment of the present invention;

图4是根据本发明实施例的基于Android端的SM4快速软件实现装置的框图。FIG. 4 is a block diagram of an Android terminal-based SM4 fast software implementation device according to an embodiment of the present invention.

具体实施方式Detailed ways

根据本发明的实施例,提供了一种基于Android端的SM4快速软件实现方法。According to an embodiment of the present invention, an Android terminal-based SM4 fast software implementation method is provided.

如图1所示,根据本发明实施例的基于Android端的SM4快速软件实现方法包括:As shown in Figure 1, the Android-based SM4 fast software implementation method according to an embodiment of the present invention includes:

步骤S101,预处理待加密或解密的文件和密钥;Step S101, preprocessing the file and key to be encrypted or decrypted;

步骤S102,将所述文件和密钥持久化至Android客户端的数据库并保存;Step S102, the file and the key are persisted to the database of the Android client and saved;

步骤S103,所述Android客户端访问所述数据库,对所述待加密或解密文件进行加密或解密。Step S103, the Android client accesses the database, and encrypts or decrypts the to-be-encrypted or decrypted file.

其中,所述待加密或解密文件为任意可读文本文件或二进制文件。The file to be encrypted or decrypted is any readable text file or binary file.

其中,所述Android客户端访问所述数据库,对所述待加密或解密文件及进行加密或解密,包括:Wherein, the Android client accesses the database, and encrypts or decrypts the to-be-encrypted or decrypted file, including:

所述Android客户端通过JNI接口访问所述加密或解密方法。The Android client accesses the encryption or decryption method through the JNI interface.

其中,当所述Android客户端通过JNI接口访问所述加密或解密方法时,需要验证所述待加密或解密文件是否存在,验证通过后,所述加密或解密方法开始对所述文件进行加密或解密。Wherein, when the Android client accesses the encryption or decryption method through the JNI interface, it needs to verify whether the file to be encrypted or decrypted exists. After the verification is passed, the encryption or decryption method starts to encrypt or decrypt the file. decrypt.

其中,所述加密或解密方法开始对所述文件进行加密或解密,包括:Wherein, the encryption or decryption method starts to encrypt or decrypt the file, including:

应用密钥扩展算法将初始密钥扩展为32个轮密钥;Apply the key expansion algorithm to expand the initial key into 32 round keys;

应用数据编排技术对所述文件和密钥的存储结构进行编排处理;The storage structure of the file and the key is arranged and processed by applying the data arrangement technology;

应用复合域分解技术对所述编排后的数据进行32轮迭代运算;32 rounds of iterative operations are performed on the arranged data by applying the composite domain decomposition technology;

应用所述数据编排技术对所述迭代运算后的数据进行反编排处理,加密或解密计算完成。The data after the iterative operation is de-arranged by applying the data arrangement technology, and the encryption or decryption calculation is completed.

其中,所述数据编排技术预先缓存128组128比特的数据,应用矩阵转置技术对缓存数据进行转置,实现将128组数据的同一比特聚集在同一内存块中,完成比特分离操作;Wherein, the data arrangement technology caches 128 groups of 128-bit data in advance, and applies the matrix transposition technology to transpose the cached data, so that the same bits of the 128 groups of data are gathered in the same memory block to complete the bit separation operation;

其中,所述复合域分解技术使用域同构理论将S盒同构映射到复合域GF((24)2)上,将S盒的求逆运算变换到复合域上实现,之后逆映射回S盒,从而完成S盒运算。Among them, the composite domain decomposition technology uses the domain isomorphism theory to map the S box isomorphically to the composite domain GF((2 4 ) 2 ), transform the inverse operation of the S box to the composite domain, and then inversely map back to the composite domain. S box, thus completing the S box operation.

加密或解密后的数据被持久化至Android客户端的数据库中,Android应用可对该数据进行读写或展示操作。The encrypted or decrypted data is persisted to the database of the Android client, and the Android application can read, write or display the data.

请参照图2及图3,图2为本发明系统的结构示意图,图3为本具体实施例的流程图。为了更清楚的理解本发明的技术方案,下面以一具体实施例进行阐述。Please refer to FIG. 2 and FIG. 3 , FIG. 2 is a schematic structural diagram of the system of the present invention, and FIG. 3 is a flowchart of a specific embodiment. For a clearer understanding of the technical solutions of the present invention, a specific embodiment is described below.

令所述待加密文件为Plain,其存储的数据为128组128比特的十六进制数据P0,P1,…,P125,初始密钥为一组128比特的十六进制数据InitKey。Let the file to be encrypted be Plain, the data stored in it is 128 groups of 128-bit hexadecimal data P 0 , P 1 ,..., P 125 , and the initial key is a group of 128-bit hexadecimal data InitKey .

其中,Pi=01 23 45 67 89AB CD EF FE DC BA 98 76 54 32 10,0≤i≤127,InitKey=01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10。Among them, P i =01 23 45 67 89AB CD EF FE DC BA 98 76 54 32 10,0≤i≤127, InitKey=01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10.

当Android客户端通过JNI接口访问所述加密方法时,首先验证Plain文件是否存在,验证通过后,所述加密方法开始对所述文件进行加密。When the Android client accesses the encryption method through the JNI interface, it first verifies whether the Plain file exists, and after the verification is passed, the encryption method starts to encrypt the file.

其中,所述加密方法开始对所述文件进行加密,包括:Wherein, the encryption method starts to encrypt the file, including:

应用密钥扩展算法将初始密钥扩展为32个轮密钥,记为rki,0≤i≤31,扩展后的轮密钥为:Apply the key expansion algorithm to expand the initial key into 32 round keys, denoted as rk i , 0≤i≤31, and the expanded round key is:

rk0=F12186F9rk 0 = F12186F9

rk1=41662B61rk 1 = 41662B61

rk2=5A6AB19Ark 2 =5A6AB19A

rk3=7BA92077rk 3 = 7BA92077

rk4=367360F4 rk4 = 367360F4

rk5=776A0C61rk 5 = 776A0C61

rk6=B6BB89B3rk 6 = B6BB89B3

rk7=24763151 rk7 = 24763151

rk8=A520307C rk8 = A520307C

rk9=B7584DBDrk 9 = B7584DBD

rk10=C30753EDrk 10 = C30753ED

rk11=7EE55B57rk 11 = 7EE55B57

rk12=6988608Crk 12 = 6988608C

rk13=30D895B7rk 13 = 30D895B7

rk14=44BA14AFrk 14 = 44BA14AF

rk15=104495A1rk 15 = 104495A1

rk16=D120B428rk 16 = D120B428

rk17=73B55FA3rk 17 = 73B55FA3

rk18=CC874966rk 18 = CC874966

rk19=92244439rk 19 = 92244439

rk20=E89E641Frk 20 = E89E641F

rk21=98CA015Ark 21 = 98CA015A

rk22=C7159060rk 22 = C7159060

rk23=99E1FD2Erk 23 = 99E1FD2E

rk24=B79BD80Crk 24 = B79BD80C

rk25=1D2115B0rk 25 = 1D2115B0

rk26=0E228AEBrk 26 = 0E228AEB

rk27=F1780C81rk 27 = F1780C81

rk28=428D3654rk 28 = 428D3654

rk29=62293496rk 29 = 62293496

rk30=01CF72E5rk 30 = 01CF72E5

rk31=9124A012rk 31 = 9124A012

应用数据编排技术对所述文件和轮密钥的存储结构进行编排,所述数据编排技术预先缓存128组128比特的数据,应用矩阵转置技术对缓存数据进行转置,实现将128组数据的同一比特聚集在同一内存块中,完成比特分离操作。记编排后的待加密数据为Pi′,0≤i≤127,编排后的轮密钥为rki′,0≤i≤31,则:The storage structure of the file and the round key is arranged by applying the data arrangement technology. The data arrangement technology caches 128 groups of 128-bit data in advance, and the matrix transposition technology is applied to transpose the cached data to realize the 128 groups of data. The same bits are gathered in the same memory block to complete the bit separation operation. Denote the arranged data to be encrypted as P i ′, 0≤i≤127, and the arranged round key as rk i ′, 0≤i≤31, then:

Pi′=(P0,iP1,i…P127,i)2,0≤i≤127P i ′=(P 0,i P 1,i …P 127,i ) 2 ,0≤i≤127

Figure GDA0003098434910000051
Figure GDA0003098434910000051

其中,Pi,j表示Pi的第j个比特,(.)2表示数据的二进制形式,(rki,j)128表示将轮密钥rki的第j个比特重复128次并拼接。Among them, P i,j represents the jth bit of P i , (.) 2 represents the binary form of the data, (rk i,j ) 128 represents that the jth bit of the round key rk i is repeated 128 times and spliced.

应用复合域分解技术对所述编排后的数据进行32轮迭代运算,所述复合域分解技术使用域同构理论将S盒同构映射到复合域GF((24)2)上,将S盒的求逆运算变换到复合域上实现,之后逆映射回S盒,从而完成S盒运算。32 rounds of iterative operations are performed on the arranged data by applying the composite domain decomposition technique. The composite domain decomposition technique uses the domain isomorphism theory to map the S box isomorphically to the composite domain GF((2 4 ) 2 ), and the S The inversion operation of the box is transformed to the composite domain, and then inversely mapped back to the S box to complete the S box operation.

迭代完成后,得到对应的输出密文,接着应用数据编排技术对迭代完成后的密文进行反编排,从而得到真正的密文Ci,0≤i≤127,其中:After the iteration is completed, the corresponding output ciphertext is obtained, and then the ciphertext after the iteration is de-arranged by applying the data arrangement technology, so as to obtain the real ciphertext C i , 0≤i≤127, where:

Ci=68 1E DF 34D2 06 96 5E 86 B3 E9 4F 53 6E 42 46C i = 68 1E DF 34D2 06 96 5E 86 B3 E9 4F 53 6E 42 46

加密后的数据被持久化至Android客户端的数据库中,Android应用可对该数据进行读写或展示操作。The encrypted data is persisted to the database of the Android client, and the Android application can read, write or display the data.

本发明主要研究在资源受限的手机等移动终端上应用SM4算法对各种类型的文件进行快速加解密。应用到的主要技术为:Android智能平台,NEON指令集,比特切片技术,Java本地方法技术,域同构技术。侧重点主要在于搭载在Android智能平台上的Java应用,使用Java通过本地方法调用C语言接口,通过复合域分解技术完成对文件的加密和解密。The present invention mainly studies the fast encryption and decryption of various types of files by applying the SM4 algorithm on mobile terminals such as mobile phones with limited resources. The main technologies applied are: Android intelligent platform, NEON instruction set, bit slicing technology, Java native method technology, and domain isomorphism technology. The focus is mainly on the Java application mounted on the Android intelligent platform, using Java to call the C language interface through the local method, and completing the encryption and decryption of the file through the composite domain decomposition technology.

1.主要应用技术点。1. Main application technology points.

本发明基于Java调用JNI技术,Android移动开发技术,Java调用执行C语言技术;The invention is based on Java calling JNI technology, Android mobile development technology, Java calling and executing C language technology;

NEON指令集;NEON instruction set;

比特切片技术;Bit slicing technology;

域同构技术。Domain isomorphism techniques.

2.本发明原理和功能详细描述。2. The principle and function of the present invention are described in detail.

Android客户端应用启动后,用户需要手动输入要进行加密或解密的文件路径,对于加密功能,用户同时需要提供密钥用于文件加密。After the Android client application is launched, the user needs to manually input the file path to be encrypted or decrypted. For the encryption function, the user also needs to provide a key for file encryption.

Android客户端应用需要验证待加密或解密文件是否存在,验证通过后,将待加密或解密文件及密钥导入到,持久到Android客户端的数据库中保存。The Android client application needs to verify whether the file to be encrypted or decrypted exists. After the verification is passed, the file to be encrypted or decrypted and the key are imported and saved in the database of the Android client.

Android客户端应用根据输入的待加密或解密文件及密钥调用相应的加密或解密方法。主要是通过JNI接口对C语言编码的SM4方法进行访问。The Android client application invokes the corresponding encryption or decryption method according to the input file to be encrypted or decrypted and the key. It mainly accesses the SM4 method encoded in C language through the JNI interface.

接口接收后,从数据库中读取待加密或解密文件及密钥数据,并执行相应的加密或解密操作,加密或解密完成后,数据存入数据库中,返回操作结果。After the interface receives it, it reads the file and key data to be encrypted or decrypted from the database, and performs the corresponding encryption or decryption operation. After the encryption or decryption is completed, the data is stored in the database and the operation result is returned.

Android客户端根据返回结果,通过Android的UI组件展示出加密或解密是否成功。According to the returned result, the Android client displays whether the encryption or decryption is successful through the Android UI components.

根据本发明的实施例,还提供了一种基于Android端的SM4快速软件实现装置,如图4所示,该装置包括:According to an embodiment of the present invention, an Android-based SM4 fast software implementation device is also provided. As shown in FIG. 4 , the device includes:

存储模块51,用于存储待加密或解密的文件及密钥;The storage module 51 is used to store the files and keys to be encrypted or decrypted;

编排模块52,用于对待加密或解密的文件及密钥的存储结构进行编排,实现比特分离;The arrangement module 52 is used to arrange the storage structure of the file to be encrypted or decrypted and the key to realize bit separation;

迭代模块53,用于对经过编排后的待加密或解密文件进行复合域运算,完成非线性和线性操作。The iterative module 53 is used to perform compound domain operations on the programmed files to be encrypted or decrypted to complete nonlinear and linear operations.

综上所述,借助于本发明的上述技术方案,本发明可以在Android端等资源受限的移动端上高效实现SM4算法,能够有效的降低计算复杂度,减少资源消耗,提供安全高效的数据保护方案。To sum up, with the help of the above technical solutions of the present invention, the present invention can efficiently implement the SM4 algorithm on resource-constrained mobile terminals such as Android terminals, can effectively reduce computational complexity, reduce resource consumption, and provide safe and efficient data protection scheme.

最后所应说明的是:以上实施例仅以说明而非限制本发明的技术方案,尽管参照上述实施例对本发明进行了详细说明,本领域的普通技术人员应当理解:依然可以对本发明进行修改后者等同替换,而不脱离本发明的精神和范围的任何修改或局部替换,其均应涵盖在本发明的权利要求范围当中。Finally, it should be noted that the above embodiments are only to illustrate rather than limit the technical solutions of the present invention. Although the present invention has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that the present invention can still be modified. Any modification or partial replacement without departing from the spirit and scope of the present invention shall be included in the scope of the claims of the present invention.

Claims (4)

1.一种基于Android端的SM4快速软件实现方法,其特征在于,包括:1. a kind of SM4 fast software realization method based on Android side, is characterized in that, comprises: 预处理待加密或解密的文件和初始密钥;Preprocessing files and initial keys to be encrypted or decrypted; 将所述文件和密钥持久化至Android客户端的数据库并保存;Persist the file and key to the database of the Android client and save it; Android客户端访问所述数据库,对所述待加密或解密文件进行加密或解密;包括:The Android client accesses the database, and encrypts or decrypts the to-be-encrypted or decrypted file; including: 所述Android客户端通过JNI接口访问加密或解密方法;The Android client accesses the encryption or decryption method through the JNI interface; 其中,当所述Android客户端通过JNI接口访问所述加密或解密方法时,需要验证所述待加密或解密文件是否存在,验证通过后,所述加密或解密方法开始对所述文件进行加密或解密;Wherein, when the Android client accesses the encryption or decryption method through the JNI interface, it needs to verify whether the file to be encrypted or decrypted exists. After the verification is passed, the encryption or decryption method starts to encrypt or decrypt the file. decrypt; 所述加密或解密方法开始对所述文件进行加密或解密,包括:The encryption or decryption method starts to encrypt or decrypt the file, including: 应用密钥扩展算法将初始密钥扩展为32个轮密钥;Apply the key expansion algorithm to expand the initial key into 32 round keys; 应用数据编排技术对所述文件和轮密钥的存储结构进行编排处理;The storage structure of the file and the round key is arranged and processed by applying the data arrangement technology; 应用复合域分解技术对所述编排后的数据进行32轮迭代运算;32 rounds of iterative operations are performed on the arranged data by applying the composite domain decomposition technology; 应用所述数据编排技术对所述迭代运算后的数据进行反编排处理,加密或解密计算完成;Applying the data arrangement technology to perform de-arrangement processing on the data after the iterative operation, and the encryption or decryption calculation is completed; 数据编排技术预先缓存128组128比特的数据,应用矩阵转置技术对缓存数据进行转置,实现将128组数据的同一比特聚集在同一内存块中,完成比特分离操作;The data arrangement technology caches 128 groups of 128-bit data in advance, and applies the matrix transposition technology to transpose the cached data, so that the same bits of the 128 groups of data are gathered in the same memory block to complete the bit separation operation; 复合域分解技术使用域同构理论将S盒同构映射到复合域GF((24)2)上,将S盒的求逆运算变换到复合域上实现,之后逆映射回S盒,从而完成S盒运算;The composite domain decomposition technique uses the domain isomorphism theory to map the S box isomorphically to the composite domain GF((2 4 ) 2 ), transform the inverse operation of the S box to the composite domain, and then inversely map it back to the S box, so that Complete the S-box operation; 使用NEON指令集并行实现数据编排,利用七组掩码完成比特矩阵转置,十六进制表示为:Use the NEON instruction set to implement data arrangement in parallel, and use seven sets of masks to complete the bit matrix transposition. The hexadecimal representation is: MASK0=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMASK0=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA MASK1=CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCMASK1=CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC MASK2=F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0MASK2=F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0 MASK3=FF00FF00FF00FF00FF00FF00FF00FF00MASK3=FF00FF00FF00FF00FF00FF00FF00FF00 MASK4=FFFF0000FFFF0000FFFF0000FFFF0000MASK4=FFFF0000FFFF0000FFFF0000FFFF0000 MASK5=FFFFFFFF00000000FFFFFFFF00000000MASK5=FFFFFFFF00000000FFFFFFFF00000000 MASK6=FFFFFFFFFFFFFFFF0000000000000000。MASK6=FFFFFFFFFFFFFFFF0000000000000000. 2.根据权利要求1所述的方法,其特征在于,通过选择适当的基域Q(y)和二次扩域P(x),可以将S盒的求逆运算同构映射到复合域GF((24)2)上进行,其中,2. The method according to claim 1, characterized in that, by selecting an appropriate base field Q(y) and a quadratic expansion field P(x), the inversion operation of the S box can be isomorphically mapped to the composite field GF ((2 4 ) 2 ), where, 基域为:The base domain is: Q(y)=y4+y3+1Q(y)=y 4 +y 3 +1 二次扩域为:The secondary expansion domain is: P(x)=x2+x+2P(x)=x 2 +x+2 同构映射矩阵为:The isomorphic mapping matrix is:
Figure FDA0003098434900000021
Figure FDA0003098434900000021
 3.根据权利要求2所述的方法,其特征在于,所述复合域GF((24)2)上的求逆为:3. The method according to claim 2, wherein the inversion on the composite field GF((2 4 ) 2 ) is: 令元素a=(a1*x+a0)∈GF((24)2),其中,a1,a0∈GF(24),则元素a的逆元素a-1可以表示为:Let element a=(a 1 *x+a 0 )∈GF((2 4 ) 2 ), where a 1 ,a 0 ∈GF(2 4 ), then the inverse element a -1 of element a can be expressed as: a-1=(δ-1*a1)*x+(δ-1*(a1+a0))a -1 =(δ -1 *a 1 )*x+(δ -1 *(a 1 +a 0 )) 其中,
Figure FDA0003098434900000022
in,
Figure FDA0003098434900000022
 4.一种基于Android端的SM4快速软件实现装置,其特征在于,包括:4. a kind of SM4 fast software implementation device based on Android side, is characterized in that, comprises: 存储模块,用于将待加密或解密文件及密钥持久化至Android客户端的数据库并保存;The storage module is used to persist and save the files and keys to be encrypted or decrypted to the database of the Android client; Android客户端访问所述数据库,对所述待加密或解密文件进行加密或解密;包括:The Android client accesses the database, and encrypts or decrypts the to-be-encrypted or decrypted file; including: Android客户端通过JNI接口访问加密或解密方法;The Android client accesses the encryption or decryption method through the JNI interface; 其中,当所述Android客户端通过JNI接口访问所述加密或解密方法时,需要验证所述待加密或解密文件是否存在,验证通过后,所述加密或解密方法开始对所述文件进行加密或解密;加密或解密方法开始对所述文件进行加密或解密,包括:Wherein, when the Android client accesses the encryption or decryption method through the JNI interface, it needs to verify whether the file to be encrypted or decrypted exists. After the verification is passed, the encryption or decryption method starts to encrypt or decrypt the file. Decryption; an encryption or decryption method begins to encrypt or decrypt the file, including: 应用密钥扩展算法将初始密钥扩展为32个轮密钥;编排模块,用于对待加密或解密文件及密钥的存储结构进行编排,实现比特分离;迭代模块,用于对编排后的待加密或解密文件进行加密或解密;The initial key is expanded into 32 round keys by applying the key expansion algorithm; the arrangement module is used to arrange the storage structure of the file to be encrypted or decrypted and the key to achieve bit separation; the iterative module is used to arrange the files to be encrypted or decrypted. Encrypt or decrypt files to encrypt or decrypt; 所述编排模块包括:The orchestration module includes: 矩阵转置单元,使用NEON指令集作用于所述待加密或解密文件及密钥,改变所述待加密或解密文件及密钥的存储结构,实现比特分离;The matrix transposition unit uses the NEON instruction set to act on the file to be encrypted or decrypted and the key, and changes the storage structure of the file to be encrypted or decrypted and the key to achieve bit separation; 迭代模块包括:Iteration modules include: 复合域运算单元,使用NEON指令集完成S盒到复合域的同构映射,并在复合域中完成所述待加密或解密文件的求逆运算后逆映射回S盒,从而完成非线性变换和线性变换;The composite domain operation unit uses the NEON instruction set to complete the isomorphic mapping from the S box to the composite domain, and completes the inverse operation of the to-be-encrypted or decrypted file in the composite domain, and then inversely maps back to the S box, thereby completing the nonlinear transformation and linear transformation; 其中数据编排技术预先缓存128组128比特的数据,应用矩阵转置技术对缓存数据进行转置,实现将128组数据的同一比特聚集在同一内存块中,完成比特分离操作;Among them, the data arrangement technology caches 128 groups of 128-bit data in advance, and applies the matrix transposition technology to transpose the cached data, so that the same bits of the 128 groups of data are gathered in the same memory block to complete the bit separation operation; 复合域分解技术使用域同构理论将S盒同构映射到复合域GF((24)2)上,将S盒的求逆运算变换到复合域上实现,之后逆映射回S盒,从而完成S盒运算;The composite domain decomposition technique uses the domain isomorphism theory to map the S box isomorphically to the composite domain GF((2 4 ) 2 ), transform the inverse operation of the S box to the composite domain, and then inversely map it back to the S box, so that Complete the S-box operation; 使用NEON指令集并行实现数据编排,利用七组掩码完成比特矩阵转置,十六进制表示为:Use the NEON instruction set to implement data arrangement in parallel, and use seven sets of masks to complete the bit matrix transposition. The hexadecimal representation is: MASK0=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMASK0=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA MASK1=CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCMASK1=CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC MASK2=F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0MASK2=F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0 MASK3=FF00FF00FF00FF00FF00FF00FF00FF00MASK3=FF00FF00FF00FF00FF00FF00FF00FF00 MASK4=FFFF0000FFFF0000FFFF0000FFFF0000MASK4=FFFF0000FFFF0000FFFF0000FFFF0000 MASK5=FFFFFFFF00000000FFFFFFFF00000000MASK5=FFFFFFFF00000000FFFFFFFF00000000 MASK6=FFFFFFFFFFFFFFFF0000000000000000。MASK6=FFFFFFFFFFFFFFFF0000000000000000.
CN201911376951.8A 2019-12-27 2019-12-27 SM4 rapid software implementation method and device based on Android terminal Expired - Fee Related CN111162898B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911376951.8A CN111162898B (en) 2019-12-27 2019-12-27 SM4 rapid software implementation method and device based on Android terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911376951.8A CN111162898B (en) 2019-12-27 2019-12-27 SM4 rapid software implementation method and device based on Android terminal

Publications (2)

Publication Number Publication Date
CN111162898A CN111162898A (en) 2020-05-15
CN111162898B true CN111162898B (en) 2022-01-28

Family

ID=70558567

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911376951.8A Expired - Fee Related CN111162898B (en) 2019-12-27 2019-12-27 SM4 rapid software implementation method and device based on Android terminal

Country Status (1)

Country Link
CN (1) CN111162898B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114091086A (en) * 2022-01-14 2022-02-25 麒麟软件有限公司 Rapid realization method of SM4 algorithm based on bit slice
CN115499152B (en) * 2022-07-27 2025-01-03 北京航空航天大学 SM4 rapid software implementation method based on register optimization

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101951314B (en) * 2010-10-12 2012-06-20 北京航空航天大学 Design method of S-box in symmetric password encryption
CN104065473A (en) * 2014-06-25 2014-09-24 成都信息工程学院 A Compact Implementation Method of SM4 Block Cipher Algorithm S-Box
CN108092760A (en) * 2016-11-22 2018-05-29 北京同方微电子有限公司 A kind of co-processor device of block cipher and non-linear transformation method
WO2018188002A1 (en) * 2017-04-12 2018-10-18 Beijing Lianshi Networks Technology Co., Ltd. Methods and apparatus for secure and efficient implementation of block ciphers
CN110505050A (en) * 2019-08-27 2019-11-26 北京电子科技学院 A kind of Android information encryption system and method based on national secret algorithm

Also Published As

Publication number Publication date
CN111162898A (en) 2020-05-15

Similar Documents

Publication Publication Date Title
CA2869404C (en) Public key encryption algorithms for hard lock file encryption
US10951595B2 (en) Method, system and apparatus for storing website private key plaintext
CN101867474B (en) Digital signature method
WO2014007296A1 (en) Order-preserving encryption system, encryption device, decryption device, encryption method, decryption method, and programs thereof
CN102006161B (en) Nonlinear transformation method for symmetric key encryption and implementation method thereof
CN115086048B (en) Data processing method, device, electronic equipment and readable storage medium
CN101304569A (en) A Mobile Authentication System Based on Smartphone
Khan et al. A study of incremental cryptography for security schemes in mobile cloud computing environments
CN108599944A (en) A kind of identifying code short message transparent encryption method based on handset identities
CN111162898B (en) SM4 rapid software implementation method and device based on Android terminal
CN117932685A (en) Privacy data processing method and related equipment based on longitudinal federal learning
CN112787820B (en) Lightweight authentication encryption and decryption implementation method suitable for hardware implementation
Mohammed et al. Secure third party auditor (tpa) for ensuring data integrity in fog computing
CN116894268A (en) High-performance privacy exchange method, system and related equipment for mass data
CN107689867B (en) A key protection method and system in an open environment
CN115580863A (en) A method and system for real-name authentication of Internet of Vehicles card
CN111651788B (en) Terminal access control system and method based on lattice code
CN113382398B (en) Server, bluetooth headset terminal and Bluetooth headset firmware updating processing system
CN106211108A (en) A kind of message encryption method based on RSA PKI
CN114417369A (en) File transmission method and device, electronic equipment and computer readable medium
TWI854336B (en) Decentralized information transmission system and method thereof
CN113179161B (en) Method and device for replacing secret key, computer equipment and storage medium
CN113993126B (en) Called terminal interface pulling method, device, equipment and storage medium
Agrawal et al. A Cloud-based System for Enhancing Security of Android Devices using Modern Encryption Standard–II Algorithm
CN119051846A (en) U shield equipment based on post quantum password

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20220128

CF01 Termination of patent right due to non-payment of annual fee