CN113852462B - A method and system for creating a symmetric key that does not require distribution or management - Google Patents

Abstract

The invention belongs to the field of passwords and provides a method and a system for creating a symmetric key which does not need to be distributed or managed. The creation method comprises the following steps: a programming tool is selected to develop a 'space-time key real-time generator', which is arranged in a memory of a sender device to provide each receiver with a generation scheme for entering a setting module thereof by a login password to set an encryption key by itself, and the setting right of a symmetric key generation scheme is given to each receiver. The key real-time generator includes n time independent variable functions, n geographical position independent variable functions, various functional expressions and rules thereof, and can automatically generate new keys corresponding to the cipher algorithm in the sender key system at any time and any place to provide real-time calling when encrypting plaintext, and besides, the key real-time generator cannot be used, especially, the key value is strictly forbidden to be checked and transmitted, and the called keys and the encrypted plaintext must be in one-to-one correspondence with the person receiving the ciphertext, thus strictly forbidden to misplacement operation. The decryption key of the receiver is calculated by the receiver according to the key generation scheme set in the real-time key generator setting module of the sender, so that the sender does not need to re-distribute the key to the receiver, as long as the receiver remembers the key generation scheme set by the receiver at the sender.

Description

A method and system for creating a symmetric key that does not require distribution or management

Technical Field

The present invention relates to the technical field of cryptography, and in particular to a new method and new manner for generating and using symmetric keys in a symmetric cryptographic system, which is a method and system for creating symmetric keys that do not require distribution or management.

Background Art

In the current symmetric cryptographic system, the key of the cryptographic algorithm is generated by the key generation system of the encryptor or the key management center (for the sake of ease of description, the encryptor and the key management center in this article are collectively referred to as the sender, and the decryptor is the receiver). No matter where the generated key comes from, the receiver does not know it. The sender must transmit it to the receiver through some information channel. That is to say, every time the sender sends a ciphertext to the receiver, it must send the corresponding key of the ciphertext to the receiver again, otherwise the receiver cannot decrypt the received ciphertext. The encryption, decryption and transmission process in the current symmetric cryptographic system is shown in Figure 1.

In reality, symmetric keys require much less computation than asymmetric keys, so their encryption speed and efficiency are far superior to asymmetric keys, making them very suitable for encrypting large amounts of information.

However, the current symmetric key has two very serious flaws:

First, the key transmission problem: the symmetric key is a single-key cryptographic system, and the same key is used for encryption and decryption. Therefore, the sender must transmit the encrypted key to the receiver, otherwise the receiver cannot decrypt the received ciphertext. The symmetric key is also called a secret key because its security depends not only on the strength of the encryption algorithm itself, but also on the security of the key. Every key transmission will have the security risk of being stolen, tampered with or leaked. Therefore, whether the key can be safely transmitted to the receiver is the primary problem facing the current symmetric key.

Second, the key management issue: When we encrypt user information, we are never allowed to encrypt all users' information with the same key. Otherwise, once the key is leaked, it is equivalent to leaking the information of all users. Therefore, a key must be generated for each user separately, and new keys must be redistributed to each pair of users each time. This will generate a huge number of keys, so the current symmetric keys must be managed and managed well. Otherwise, the continuously generated symmetric keys will have problems. Not only will the keys not correspond one to one, but they will also be chaotic. Therefore, it is inevitable that huge management resources are required to manage the current symmetric keys.

The key is the key element to ensure the security of ciphertext in the cryptographic system. The reason why a new key must be used for each encryption is that the cryptographic algorithms in the cryptographic system are limited and reuse is inevitable. At the same time, the commercialization of cryptographic algorithms inevitably requires them to be made public. Therefore, the confidentiality of ciphertext must rely on the confidentiality of the key. The key has become an essential element to ensure the security of ciphertext.

Summary of the invention

In order to solve the two major problems existing in the current symmetric keys, the present invention provides a method and system for creating symmetric keys that do not require distribution or management. Its purpose is to make up for the two serious defects of the current symmetric keys. By changing the generation source, generation scheme and generation method of the current symmetric keys, we can not only completely cancel the transmission of symmetric keys, but also exempt the management of keys.

Select a programming tool to develop a "time-space key real-time generator" and place it in the memory of the sender's device to provide each receiver with a login password to enter its setting module to set the encryption key generation plan by themselves, and give each receiver the right to set the symmetric key generation plan. The main setting items of the real-time key generator include various function expressions and rules including n time independent variable functions and n geographical location independent variable functions. It can automatically generate new keys corresponding to the cryptographic algorithm used at any time and anywhere in the sender's key system to provide real-time calls when encrypting plaintext. The keys used by the sender to encrypt each plaintext are automatically generated in real time by each receiver according to the time-space key generator set by each receiver; the keys used by the receiver to decrypt the ciphertext are calculated by themselves according to the key generation plan set in the sender's real-time key generator setting module; the encryption key generated in real time and the calculated decryption key are one-to-one corresponding, so there is no need to transmit keys between the sender and the receiver, nor is there any need to manage the generated keys, as long as the receiver remembers the key generation plan set by himself on the sender. From the logical relationship of Figure 2, we can also clearly see that although the "space-time key generator setting module" of the present invention is placed on the sender, the key generation scheme is provided by the sender to the receiver, so the receiver can calculate the decryption key according to the scheme set by itself.

To distinguish it from the existing symmetric key generator, the key generated by the "real-time key generator" of the present invention is related to time and space, so it is temporarily called "space-time key generator" in this article.

Furthermore, the keys used by the sender to encrypt each plaintext are generated from the data provided by each receiver, including various character strings from the receiver; the keys used by the receiver to decrypt the ciphertext are all available to him or her, and there is no need to transmit keys between the sender and receiver.

The system created based on the creation method of the present invention can run a creation method of a symmetric key that does not require distribution or management, thereby realizing a symmetric key system that does not require distribution or management.

The present invention is achieved through the following technical solutions:

In terms of method, the present application provides a method for creating a symmetric key that does not require distribution or management, and the steps include:

Step 1, select a programming tool to develop a "real-time space-time key generator", as shown in Figure 3, and place it in the memory of the sender's device to provide the processor of the sender's device with a call at any time; and open the setting module of the real-time space-time key generator to the recipient with a login password, as shown in Figure 2.

The setting items include ① key expression, ② position selection rule, and ③ key string conversion rule. The key expression provides the receiver with various function formulas including time and geographic location independent variable functions, in which n time independent variable functions, n geographic location independent variable functions and n various functions can be set. When combined together, they can automatically generate the initial value of the key string at any time and anywhere. This initial value may be an irrational number, which obviously cannot be used as a key. Next, the position selection rule must be handed over to formulate a specific plan to complete it; the position selection rule is the rule for formulating the standard length of the key string. It uses n countermeasures to convert the initial value of the key string generated by the key expression into the key string determined by the receiver; the key string conversion rule is the rule for converting the key string after the position selection rule into the key corresponding to the cryptographic algorithm used.

The sub-items under the two items "key expression" and "position selection rule" and their specific setting methods and cases can be found in detail in the patent specification CN201510991027.6.

The key string generated by the "key expression" and "bit selection rule" in the scheme is in text character type, while the key K of the encryption function EK(M)=C and the decryption function DK(C)=M of the cryptographic function is in digital type, and the keys corresponding to each cryptographic algorithm also have differences in length and base. Therefore, the key string generated by the "key expression" and "bit selection rule" cannot be directly provided to the cryptographic algorithm for use. They must be converted to the corresponding format before they can be provided to the cryptographic algorithm for encryption and decryption to achieve their desired functions. The role of the "key string conversion rule" is to convert the key string generated by the "key expression" and "bit selection rule" into the key corresponding to the cryptographic algorithm used.

The setting items of "Key string conversion rule" include:

① Key length (bytes), including: 32 bits (4 bytes), 64 bits (8 bytes), 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes)......

② Base, including: binary, quaternary, octal, decimal, hexadecimal, 32-base...

③ Encoding (character set), including: UTF-8 (unicode), GB2312, GBK, GB18030, UTF-16_LE......

First, let's discuss the issue of encoding. The key string generated by the "key expression" and the "bit selection rule" is a text character type, which contains various words and symbols. It certainly cannot be directly converted into a digital type for calculation. Therefore, only by converting the generated key string into a byte sequence that can be executed by a computer through character encoding can mathematical operations be realized. Only when the generated key string has computing power can it be qualified to be provided to the cryptographic algorithm. The role of character encoding here is to convert the key string without computing power into a byte sequence with computing power, so that it is qualified to become the key of the cryptographic algorithm. It should be noted that there are many character encodings, and the key lengths and values converted by different encodings are completely different. Therefore, what kind of encoding is used to convert the encryption key must be converted to the same encoding for decryption. It cannot be confused, otherwise it cannot be decrypted.

Next, we discuss the key length and base. The key length and base are required by the cryptographic algorithm. Different cryptographic algorithms have different corresponding key lengths and bases. When converting the key string, it must accurately correspond to the key length and base of the cryptographic algorithm used. Whether it is converted into the keys of various basic transposition, substitution, dictionary, addition and subtraction or mixed cryptographic algorithms or the keys of various group and sequence cryptographic algorithms, they must accurately correspond to the key length and base.

The key that has completed the format conversion can cooperate with the encryption algorithm to encrypt the plaintext and decrypt the ciphertext conversely.

In addition, the present invention hopes to strictly prohibit the forwarding of ciphertext or unconditionally destroy the forwarded ciphertext immediately, while for the ciphertext directly sent by the sender to the receiver and the ciphertext agreed to be downloaded by the receiver, the time for automatic timing destruction or hashing can be set in advance in this setting module, and this setting right is given to the receiver, so that the receiver can fully handle his own ciphertext according to his own specific situation, because when the sender actively sends the ciphertext to the receiver or agrees that the receiver downloads the ciphertext himself, it means that the ownership of this ciphertext has been attributed to the receiver, so the receiver should be allowed to have full processing rights for this ciphertext. With this authority, the receiver can actively prevent his own ciphertext from being stolen and cracked by others to the greatest extent, and the receiver can re-download the required ciphertext anytime and anywhere.

Step 2: Each receiver enters the sender's space-time key generator setting module with the login password and sets the encryption key generation scheme.

Step 3. Each receiver completes its own key generation scheme in its own setting project. In order to improve the security of the "Real-time Space-Time Key Generator", the key generation scheme that the receiver has set up in the sender's key generator setting module should be saved with a high-level encryption scheme as far as technically possible. Otherwise, it will be difficult to control the risk of users, including the sender, snooping into the database and transmitting internal data.

Explanation on the unchanged generated key: When the recipient sets up the key generation scheme, if only constants and text characters are used, and the time and geographic location independent variable functions are not set, or existing fixed strings are used, such as login passwords, aliases, mobile phone numbers, ID numbers, and other information identification strings as keys, these intentional or unintentional operations will result in unchanged keys, but the encryption and decryption process has the following characteristics: the keys used by the sender or receiver to encrypt each plaintext are all from the receiver's data, or the keys used by the receiver to decrypt the ciphertext are all available to the receiver himself, or there is no need to transmit keys between the sender and receiver.

Step 4: The "key expression" and "bit selection rule" set by the receiver work together to automatically generate the latest key string in real time at the sender anytime and anywhere.

Step 5. Generate the latest key string and automatically convert it into the key corresponding to the encryption algorithm used through the "key string conversion rule" set by the receiver. For example, if the sender uses the AES encryption algorithm, the latest key string generated in real time will be automatically converted into the key corresponding to the AES encryption algorithm (the key length supports 128 bits, 192 bits, 256 bits, hexadecimal). If the sender uses the SM4 encryption algorithm, it will be automatically converted into the key corresponding to the SM4 encryption algorithm (key length 128 bits, hexadecimal). At this point, the latest key that can be used to encrypt the encryption algorithm is automatically generated in real time by the sender, waiting to be called in real time when the sender or receiver encrypts the plaintext.

Step 6. The sender or receiver can call the real-time generated key anytime and anywhere. It must be emphasized that this key can only be called in real time when encrypting plaintext, and cannot be used for other purposes. In particular, it is strictly forbidden to view and transmit the key value. The called key and the encrypted plaintext and the person receiving the ciphertext must correspond one to one, and misplaced operations are strictly prohibited.

Step 7: The sender or receiver provides the real-time called key to the cryptographic algorithm used to encrypt the plaintext into ciphertext.

Step 8: The sender sends the successfully encrypted ciphertext to the receiver, or the receiver downloads the successfully encrypted ciphertext to the receiver.

So far, the steps of the present invention executed on the sending module are completed, and the following steps are the steps of the present invention executed on the receiving module.

Step 9: After receiving the ciphertext, the receiver calculates the key string according to the time and location according to the scheme set by the sender.

Step 10. The recipient enters the calculated key string into the "string-base-code" conversion tool or encryption/decryption applet on his/her device, and selects the base and code options of the cryptographic algorithm key used.

Most encryption and decryption programs have a built-in "string-base-code" conversion function.

Step 11: The encryption and decryption applet or the "string-binary-code" conversion tool of the receiving device automatically converts the calculated key string into the key corresponding to the cryptographic algorithm used.

Step 12: On the receiving device, input the ciphertext received by the receiving party into the ciphertext text input of the encryption and decryption applet, and use the key successfully converted in step 11 to decrypt the received ciphertext into plaintext.

So far, the present invention develops a "real-time space-time key generator" at the sender from step 1 to step 2 that the receiver sets the encryption key generation plan at the sender, to step 5 that the latest key encrypted by the encryption algorithm used is automatically generated in real time at the sender, ready to be called in real time when the sender or receiver encrypts the plaintext, and then goes to step 7 to encrypt, step 8 to transmit, and step 12 to decrypt, and the whole process is successfully executed.

In terms of the system, the present application provides a system for creating a symmetric key that does not require distribution or management, which includes: a sender module and a receiver module as shown in FIG2

Steps 1-8 of the above method are steps executed on the sender module, and steps 9-12 are steps executed on the receiver module, wherein steps 4 and 5 are both executed by the receiver in the sender's module, the result of step 4 is automatically achieved according to the key expression and bit selection rules set by the receiver on the sender, and the result of step 5 is automatically achieved according to the key string conversion rules set by the receiver on the sender.

The key used to encrypt plaintext in the sender module is automatically generated in real time by each receiver according to the space-time key generator set by each receiver. The space-time key real-time generator is placed in the memory of the sender's device to provide each receiver with a login password to enter its setting module and set the encryption key generation scheme by themselves. This creation system gives each receiver the right to set the symmetric key generation scheme; the key used to decrypt the ciphertext in the receiver module is calculated by the receiver according to the key generation scheme set by the receiver at the sender, and corresponds one to one to the encryption key generated by the sender in real time. There is no need to transmit keys or manage the generated keys between the sender and the receiver. The receiver only needs to remember the key generation scheme set by himself at the sender.

In the creation system of the present invention, the steps of executing the creation method include: at least one memory for storing device instructions; at least one processor communicating with the above-mentioned memory, wherein when the above-mentioned at least one processor executes the above-mentioned device instructions, the above-mentioned at least one processor causes the above-mentioned system to execute: a sender module and a receiver module.

In the creation system of the present invention, a device-readable storage medium is also provided, on which a device program is stored. When the device program is executed by a processor, a method such as any one of the methods for creating a symmetric key that does not require distribution or management is implemented.

Compared with the prior art, the present invention has at least the following beneficial effects:

1. It makes up for two serious defects of the current symmetric keys. First, it can completely eliminate the transmission of symmetric keys, and second, it can exempt the management of symmetric keys, thus saving both the transmission cost of the keys and the management cost of the keys.

2. Canceling key transmission greatly reduces the security risks caused by key transmission, and eliminating key management greatly reduces man-made accidents caused by management negligence and management loopholes.

3. It limits the sender's authority over the encryption key, and strictly prohibits any authority other than real-time calls during encryption. In particular, it cancels the right to distribute and manage the key, thereby reducing the risk of key leakage from the inside and greatly improving security.

4. A new method has been added for ciphertext transmission, that is, the sender does not send the ciphertext directly to the receiver, but sends the encrypted link of the file to the receiver, and the receiver uses the login password to call the new key generated in real time to encrypt the file download. The system strictly prohibits downloading unencrypted files. The biggest advantage of this method is that the downloaded ciphertext is safer, more flexible and more convenient. First of all, the new key generated in real time in this way varies more, because the time and place of login of each receiver are different. Even if some people's key generation schemes happen to be exactly the same, the keys generated at different times and places must be varied; secondly, in this way, the receiver does not need to save the decrypted plaintext, because it can be encrypted and downloaded again anytime and anywhere.

5. Since the receiver has the right to set the time for automatic scheduled destruction or hashing of the ciphertext, and the function of strictly prohibiting the forwarding of the ciphertext or unconditionally destroying the forwarded ciphertext immediately, the receiver can actively prevent the ciphertext from being stolen and cracked by others. The receiver can re-download the required ciphertext anytime and anywhere, so the present invention does not require the receiver to save the ciphertext and the decrypted plaintext, which can prevent theft and avoid management.

6. The symmetric key of the present invention, which does not need to be distributed or managed, can be provided to any symmetric encryption algorithm to encrypt plaintext and decrypt ciphertext, whether it is the basic transposition, substitution, dictionary, addition and subtraction and hybrid encryption algorithm or the block encryption algorithm and sequence encryption algorithm according to various plaintext processing methods; whether it is an existing or future symmetric encryption algorithm, it can work with the space-time symmetric key of the present invention to encrypt and decrypt data information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG1 is a schematic diagram of the encryption, decryption and transmission process of the current symmetric cryptographic system;

FIG2 is a schematic diagram of the encryption and decryption and transmission flow of the sender module and the receiver module of the system for creating the encryption and decryption ...

3 is a schematic diagram of the process of automatically generating keys in real time by the spatiotemporal key generator of the present invention and the items and steps of the setting method;

FIG4 is a schematic diagram of a test case of encryption and decryption using a key generated by the present invention on an advanced encryption AES cryptographic algorithm;

FIG5 is a schematic diagram of a test case of the invention for generating a key for encryption and decryption on the stream cipher algorithm RC4;

FIG6 is a schematic diagram of a test case of encryption and decryption using the encryption key generated by the present invention on the Chinese national cryptographic algorithm SM4.

DETAILED DESCRIPTION

In order to make the technical means, creative features, objectives and effects of the present invention easy to understand, the present invention is further explained below with reference to specific implementation cases in conjunction with the accompanying drawings.

Since the details of the key expression and the position selection rules can be found in the specification of patent CN201510991027.6, for the convenience of explanation, the calculation and position selection of the generation scheme in the implementation case use the simplest and clearest methods.

Implementation time: 13:06, September 18, 2021

Implementation location: Somewhere in Shanghai Location: longitude, latitude, altitude are "121.388182, 31.259358, 19.6"

The encryption and decryption algorithm used is the most common Advanced Encryption Standard AES (Advanced Encryption Standard) symmetric encryption algorithm, with a block length of 128 bits (16 bytes) and key lengths of 128 bits (16 bytes), 192 bits (24 bytes), and 256 bits (32 bytes) in hexadecimal. In this case, the common key length of 128 bits (16 bytes) is selected.

Implementation steps:

Step 1: Develop a "real-time space-time key generator" in the sender's device to provide the receiver with a key generation scheme that can be set up by the receiver.

Step 2: The receiver enters the sender with the login password and sets the encryption key generation scheme, where the key string generation scheme strategy is:

Solution strategy 1: Take the last two digits of the year + month + date + hour + minute. According to the implementation time, it is: 21 years + September + 18 days + 13 hours + 06 minutes. The calculation result is: 21 + 9 + 18 + 13 + 06 = 67;

Solution Strategy 2: Add "Chinese character string + ab" to the left of the calculated "67" to get: "Chinese character string + ab67".

Step 3: After the receiver completes the settings in step 2, it encrypts and saves the set plan.

Step 4: The "key expression" and "bit selection rule" set by the receiver work together to generate the key string "Chinese character string + ab67" on the sender.

Step 5: The key string generated in step 4 is automatically converted into the key format corresponding to the AES encryption algorithm through the "key string conversion rule" set by the receiver.

The encoding of this implementation case selects the universal Unicode Utf8 encoding, and the key length selects the common 128 bits (16 bytes). When the conversion length is insufficient, it is automatically filled with 0x00, and the excess part is ignored. The hexadecimal system is selected. Then, the generated key string "Chinese character string + ab67" can be automatically converted into the key "e4 b8 ade6 96 87 e5 ad 97 e4 b8 b2 2b 61 62 36 37" that can be used for encryption by the AES encryption algorithm. This key is ready to be called in real time when the sender or receiver encrypts the plaintext.

Step 6: The sender or receiver calls the key generated in real time in step 5.

Step 7: The sender or receiver provides the key "e4 b8 ad e6 96 87 e5 ad 97 e4b8 b2 2b 61 62 36 37" called in step 6 to the AES encryption algorithm to encrypt the plaintext;

Assume that the encrypted plaintext is: "★A method and system for creating a symmetric key without distribution★";

The ciphertext encrypted by AES is: “J+MJoRn4+pc7HX8FvVkCJLdUzugRF0rsYbjBwnHkDlD84UQvP74wxcDKfgdoKQYN”.

Step 8: The sender sends the ciphertext to the receiver, or the receiver downloads the ciphertext to the receiver.

Step 9: After receiving the ciphertext, the receiver calculates the key string "Chinese character string + ab67" according to the time and place and the scheme set by the sender.

Step 10. The recipient enters the key string "Chinese character string + ab67" calculated in step 9 into the AES online encryption and decryption applet (http://tool.chacuo.net/cryptaes) used on his device, and selects Utf8 encoding.

Step 11. The AES online encryption and decryption applet automatically converts the calculated key string "Chinese character string + ab67" into "e4 b8 ad e6 96 87 e5 ad 97 e4 b8 b2 2b 61 62 36 37".

Step 12. On the receiving device, input the ciphertext received by the receiving party into the ciphertext text input of the AES online encryption and decryption applet, and use the key "e4 b8 ad e6 96 87 e5 ad 97 e4 b8 b2 2b61 62 36 37" successfully converted in step 11 to decrypt the received ciphertext into plaintext.

Enter the decrypted ciphertext: "J+MJoRn4+pc7HX8FvVkCJLdUzugRF0rsYbjBwnHkDlD84UQvP74wxcDKfgdoKQYN"

Decrypted plaintext: "★A method and system for creating a symmetric key without distribution★"

See Figure 4

Implementation time: 14:09, September 18, 2021

Implementation location: Somewhere in Shanghai Location: longitude, latitude, altitude are "121.388182, 31.259358, 19.6"

The encryption and decryption algorithm used is the serial symmetric cipher RC4. The key length is variable, ranging from 8 to 2048 bits (1 to 256 bytes) in hexadecimal. In this case, the common key length of 128 bits (16 bytes) is selected.

Implementation steps:

Step 1: Develop a "real-time space-time key generator" in the sender's device to provide the receiver with a key generation scheme that can be set up by the receiver.

Step 2: The receiver enters the sender with the login password and sets the encryption key generation scheme, where the key string generation scheme strategy is:

Solution strategy 1: Take the latitude integer of the geographic location * date + minute. According to the implementation time and location, it is: latitude integer 31*18 days + 9 minutes, and the calculation result is: 31*18+9=567;

Solution Strategy 2: Add "rs" to the left of the calculated "567" and "+Chinese character encryption" to the right to get: "rs567+Chinese character encryption".

Step 3: After the receiver completes the settings in step 2, it encrypts and saves the set plan.

Step 4: The "key expression" and "bit selection rule" set by the receiver work together, and the key string generated by the sender is: "rs567+Chinese character encryption".

Step 5: The key string generated in step 4 is automatically converted into the key format corresponding to the RC4 encryption algorithm through the "key string conversion rule" set by the receiver.

In this implementation case, the universal Unicode Utf8 encoding is selected for the encoding, and the common 128 bits (16 bytes) are selected for the key length. When the conversion length is insufficient, it is automatically filled with 0x00, and the excess part is ignored. The hexadecimal system is selected. Then, the generated key string "rs567+Chinese character encryption" can be automatically converted into the key "72 7335 36 37 2B E4 B8 AD E6 96 87 E5 AD 97 E7 AC A6 E5 8A A0 E5 AF 86" that can be encrypted by the RC4 encryption algorithm. This key is ready to be called in real time when the sender or receiver encrypts the plaintext.

Step 6: The sender or receiver calls the key generated in real time in step 5.

Step 7: The sender or receiver provides the key "72 73 35 36 37 2B E4 B8 AD E696 87 E5 AD 97 E7 AC A6 E5 8A A0 E5 AF 86" called in step 6 to the RC4 encryption algorithm to encrypt the plaintext;

Assume that the encrypted plaintext is: "Symmetric key that does not need to be distributed or managed";

The ciphertext encrypted by RC4 is: "qjVLd7nrGFlk1043XYomqSBCZehZ7z1X0ScAlUd4pmtHuXS3gDiK/ze7"

Step 8: The sender sends the ciphertext to the receiver, or the receiver downloads the ciphertext to the receiver.

Step 9. After receiving the ciphertext, the receiver calculates the key string "rs567+Chinese character encryption" according to the time and place and the scheme set by the sender.

Step 10. The recipient enters the key string "rs567+Chinese character encryption" calculated in step 9 into the RC4 online encryption and decryption applet (http://tool.chacuo.net/cryptrc4) used on his device, and selects Utf8 encoding.

Step 11. The RC4 online encryption and decryption applet automatically converts the calculated key string "rs567+Chinese character encryption" into "72 73 35 36 37 2B E4 B8 AD E6 96 87 E5 AD 97 E7 AC A6 E5 8A A0 E5AF 86".

Step 12. On the receiving device, input the ciphertext received by the receiving party into the ciphertext text input of the RC4 online encryption and decryption applet, and use the key "72 73 35 36 37 2B E4 B8 AD E6 96 87 E5AD 97 E7 AC A6 E5 8A A0 E5 AF 86" successfully converted in step 11 to decrypt the received ciphertext into plaintext.

Enter the decrypted ciphertext: "qjVLd7nrGFlk1043XYomqSBCZehZ7z1X0ScAlUd4pmtHuXS3gDiK/ze7"

Decrypted plaintext: "Symmetric keys that do not need to be distributed or managed"

See Figure 5

Implementation time: 15:32, September 18, 2021

Implementation location: Somewhere in Shanghai Location: longitude, latitude, altitude are "121.388182, 31.259358, 19.6"

The cryptographic algorithm used for encryption and decryption is China's national cryptographic algorithm SM4, with a block length of 128 bits (16 bytes), a key length of 128 bits (16 bytes), and hexadecimal.

Implementation steps:

Step 1: Develop a "real-time space-time key generator" in the sender's device to provide the receiver with a key generation scheme that can be set up by the receiver.

Step 2: The receiver enters the sender with the login password and sets the encryption key generation scheme, where the key string generation scheme strategy is:

Solution strategy 1: Take the integer of the longitude of the geographical location * month - take the rounded-up altitude of the geographical location * hour. According to the implementation time and location, it is: the integer of the longitude 121 * 9 months - the rounded-up altitude 20 * 15 hours. The calculation result is: 121 * 9 - 20 * 15 = 789;

Solution Strategy 2: Add "Chinese characters + abc-" on the left side of the calculated "789" and "#%" on the right side to get: "Chinese characters + abc-789#%".

Step 3: After the receiver completes the settings in step 2, it encrypts and saves the set plan.

Step 4: The "key expression" and "position selection rule" set by the receiver work together to generate a key string of "Chinese characters + abc-789#%" on the sender.

Step 5: The key string generated in step 4 is automatically converted into the key format corresponding to the SM4 cryptographic algorithm through the "key string conversion rule" set by the receiver.

In this implementation case, the universal Unicode Utf8 encoding is selected for the encoding, and the key length is selected as 128 bits (16 bytes). When the conversion length is insufficient, it is automatically filled with 0x00, and the excess part is ignored. The hexadecimal system is selected. Then, the generated key string "Chinese characters + abc-789#%" can be automatically converted into the key "e4 b8 ad e6 9687 e5 ad 97 e7 ac a6 2b 61 62 63 2d 37 38 39 23 25" that can be encrypted by the SM4 cipher algorithm. This key is ready to be called in real time when the sender or receiver encrypts the plaintext.

Step 6: The sender or receiver calls the key generated in real time in step 5.

Step 7: The sender or receiver provides the key "e4 b8 ad e6 96 87 e5 ad 97 e7ac a6 2b 61 62 63 2d 37 3839 23 25" called in step 6 to the SM4 cryptographic algorithm to encrypt the plaintext;

Assume that the encrypted plaintext is: "Please encrypt and decrypt "a method for creating a symmetric key that does not require distribution or management" using the SM4 encryption algorithm.";

The ciphertext encrypted by SM4 is: “9rj6oHdRWiTMcZ4cv3VtSK1Hqec/KKFhPZ6NOJfW99BObOmo4Yy4XqyvmI9EH/OKbfgvfuzQ/5SBcuZYOmb6T9EPXYZSVUkdizTWq+XTcEJbbuX+9aGyXCVg6U+FGSBAtkjt4Aw/Ez/b6loQMTP7o8eE/yWFYYxfb8Dmgs/xcB4=”;

Step 8: The sender sends the ciphertext to the receiver, or the receiver downloads the ciphertext to the receiver.

Step 9. After receiving the ciphertext, the receiver calculates the key string "Chinese characters + abc-789#%" according to the time and place and the scheme set by the sender.

Step 10. The recipient enters the key string "Chinese characters + abc-789#%" calculated in step 9 into the SM4 online encryption and decryption applet (https://the-x.cn/cryptography/Sm4.aspx) used on his device, and selects Utf8 encoding.

Step 11. The SM4 online encryption and decryption applet automatically converts the calculated key string "Chinese characters + abc-789#%" into "e4 b8 ad e6 96 87 e5 ad 97 e7 ac a6 2b 61 62 63 2d 37 38 39 2325".

Step 12. On the receiving device, input the ciphertext received by the receiving party into the ciphertext text input of the SM4 online encryption and decryption applet, and use the key "e4 b8 ad e6 96 87 e5 ad 97 e7 ac a6 2b61 62 63 2d 37 38 39 23 25" successfully converted in step 11 to decrypt the received ciphertext into plaintext.

Enter the decrypted ciphertext: "9rj6oHdRWiTMcZ4cv3VtSK1Hqec/KKFhPZ6NOJfW99BObOmo4Yy4XqyvmI9EH/OKbfgvfuzQ/5SBcuZYOmb6T9EPXYZSVUkdizTWq+XTcEJbbuX+9aGyXCVg6U+FGSBAtkjt4Aw/Ez/b6loQMTP7o8eE/yWFYYxfb8Dmgs/xcB4="

Decrypted plaintext: "Please encrypt and decrypt "A method for creating a symmetric key that does not require distribution or management" using the SM4 encryption algorithm."

See Figure 6

It can be seen from step 10 of the above three implementation cases that in actual decryption, the receiver only needs to calculate the key string and does not need to further convert the format by himself. At present, most encryption and decryption applets already have very intelligent key conversion functions. The receiver only needs to input the calculated key string, and the conversion and the following things will be done for you very beautifully. Just leave it to it.

From these three implementation cases, it can be further confirmed and proved in actual use that when the space-time symmetric key of the present invention is provided to various different cryptographic algorithms for use, it is not necessary to pay attention to the internal logic and algorithm of each cryptographic algorithm. As long as the key string generated in real time is converted into the key format corresponding to the cryptographic algorithm used through the "key string conversion rule" in the space-time key generator of the present invention, it can be provided to any symmetric cryptographic algorithm to encrypt plaintext and decrypt ciphertext, whether it is basic transposition, substitution, dictionary, addition and subtraction and hybrid cryptographic algorithms or block cipher algorithms and sequence cipher algorithms according to various plaintext processing methods; whether it is an existing symmetric cryptographic algorithm or a future symmetric cryptographic algorithm, it can work together with the symmetric key of the present invention that does not need to be distributed or managed to contribute to the encryption and decryption of data information.

The above shows and describes the basic principles, main features and advantages of the present invention. Those skilled in the art should understand that the above is only an embodiment of the present invention, and does not limit the patent scope of the present invention. Any equivalent transformation made by using the contents of the present invention specification and drawings based on the spirit and principle of the present invention, directly or indirectly applied in any form or on any device in this field or other related technical fields, is also included in the patent protection scope of the present invention.

Claims (10)

1. A method of creating a symmetric key that does not require distribution nor management, comprising:

Selecting a programming tool to develop a space-time key real-time generator, installing the programming tool in a memory of a sender device, providing a generation scheme for setting an encryption key for a setting module of the space-time key generator of a sender entering a login password by each receiver, giving a setting right of a symmetric key generation scheme to each receiver, enabling the setting item of the key real-time generator to comprise a function expression comprising n time independent variable functions and n geographic position independent variable functions and rules thereof, and automatically generating a new key corresponding to a used encryption algorithm in a key system of the sender at any time and any place so as to provide real-time calling when encrypting plaintext;

generating the latest key character string in real time at a sender, encrypting the plaintext into ciphertext according to a key and a cipher algorithm which are called in real time by the sender, sending the ciphertext which is successfully encrypted to a receiver by the sender, calculating the key according to a scheme set by the sender according to time and place after the receiver receives the ciphertext, and decrypting the received ciphertext into plaintext according to the key at a receiver device.

2. The method for creating a symmetric key that does not require distribution nor management as claimed in claim 1, further comprising:

The secret key used by the sender for encrypting each plaintext is automatically generated in real time by each receiver according to the encryption key generation scheme set by each receiver in the space-time key generator of the sender; the secret key used by the receiving party for decrypting the ciphertext is calculated by the receiving party according to the secret key generation scheme set in the real-time secret key generator setting module of the sending party; the encryption key generated in real time and the calculated decryption key are in one-to-one correspondence, the transmission key is not needed between the sender and the receiver, and the generated key is not needed to be managed, so long as the receiver remembers the key generation scheme set by the sender.

3. A method of creating a symmetric key that does not require distribution nor management as defined in claim 2, further comprising:

The key used by the sender to encrypt each plaintext is generated from the data provided by the respective receiver, including various strings from the receiver; the secret key used by the receiving party for decrypting the ciphertext is available by the receiving party, and the secret key is not required to be transmitted between the sending party and the receiving party.

4. The method for creating a symmetric key that does not require distribution nor management as claimed in claim 1, further comprising:

The sender does not directly send the ciphertext, the encrypted link of the file is sent to the receiver, the receiver calls the new key generated in real time by the space-time key generator by the login password to encrypt the file for downloading, and the system forbids downloading the unencrypted file.

5. A method of creating a symmetric key that does not require distribution nor management as claimed in any one of claims 2 to 4, further comprising:

the key provided for the sender or the receiver to encrypt the plaintext can only be called in real time, and besides, the key cannot be used, the key value is strictly forbidden to be checked and transmitted, the called key and the encrypted plaintext are in one-to-one correspondence with the person receiving the ciphertext, and the dislocation operation is strictly forbidden.

6. The method for creating a symmetric key that does not require distribution nor management as claimed in claim 1, wherein the spatio-temporal key real-time generator setting items include: key expression, bit-taking rule, key string conversion rule.

7. The method for creating a symmetric key that does not require distribution nor management as claimed in claim 1, further comprising:

The key generation scheme which is automatically set by the receiver in the sender key generator setting module is stored by adopting a high-level encryption scheme.

8. The method for creating a symmetric key that does not require distribution nor management as claimed in claim 1, further comprising:

The ciphertext is strictly forbidden to be forwarded or the forwarded ciphertext is unconditionally destroyed immediately, and the ciphertext directly sent to the receiver by the sender and the ciphertext which is agreed to be downloaded by the receiver are set in advance in the setting module, so that the receiver processes the ciphertext according to specific conditions, and the ciphertext is prevented from being stolen and broken after being stolen by other people.

9. A system for creating a symmetric key that does not require distribution nor management, comprising:

The method comprises the steps that keys for encrypting plaintext in a sender module are automatically generated in real time by each receiver according to a space-time key generator respectively arranged, the space-time key real-time generator is arranged in a memory of a sender device, a generation scheme of the encryption keys is set by a setting module of the space-time key generator, which is provided for each receiver and enters the sender through a login password, the setting right of a symmetric key generation scheme is given to each receiver, and the setting items of the key real-time generator comprise function expressions and rules of n time independent variable functions and n geographic position independent variable functions; generating the latest secret key in real time at a sender, encrypting the plaintext into ciphertext by the sender according to the secret key and the cryptographic algorithm which are called in real time, and transmitting the successfully encrypted ciphertext to a receiver;

The secret key used for decrypting the ciphertext in the receiver module is calculated by the receiver according to a secret key generation scheme set by the receiver at the sender, corresponds to the encryption secret key generated by the sender in real time one by one, and after the receiver receives the ciphertext, the secret key is calculated according to the scheme set by the sender according to time and place, and the received ciphertext is decrypted into plaintext according to the secret key at the receiver device.

10. A readable storage medium having a program stored thereon, characterized in that: the program, when executed by a processor, implements the method of any of claims 1-8.