[go: up one dir, main page]

CN114826562B - Data encryption method, device, electronic device and storage medium - Google Patents

Data encryption method, device, electronic device and storage medium Download PDF

Info

Publication number
CN114826562B
CN114826562B CN202210547596.1A CN202210547596A CN114826562B CN 114826562 B CN114826562 B CN 114826562B CN 202210547596 A CN202210547596 A CN 202210547596A CN 114826562 B CN114826562 B CN 114826562B
Authority
CN
China
Prior art keywords
data
encryption
encrypted
ciphertext
mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210547596.1A
Other languages
Chinese (zh)
Other versions
CN114826562A (en
Inventor
华伟
孔令波
郇一恒
苏帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Weina Starry Sky Technology Co ltd
Beijing Guoyu Xingkong Technology Co Ltd
Hainan Minospace Technology Co Ltd
Original Assignee
Beijing Weina Starry Sky Technology Co ltd
Beijing MinoSpace Technology Co Ltd
Anhui Minospace Technology Co Ltd
Beijing Guoyu Xingkong Technology Co Ltd
Hainan Minospace Technology Co Ltd
Shaanxi Guoyu Space Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Weina Starry Sky Technology Co ltd, Beijing MinoSpace Technology Co Ltd, Anhui Minospace Technology Co Ltd, Beijing Guoyu Xingkong Technology Co Ltd, Hainan Minospace Technology Co Ltd, Shaanxi Guoyu Space Technology Co Ltd filed Critical Beijing Weina Starry Sky Technology Co ltd
Priority to CN202210547596.1A priority Critical patent/CN114826562B/en
Publication of CN114826562A publication Critical patent/CN114826562A/en
Application granted granted Critical
Publication of CN114826562B publication Critical patent/CN114826562B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本申请提供了一种数据加密方法、装置、电子设备及存储介质,通过根据接收到的待加密数据的字节数量或加密优先级,确定待加密数据的加密模式;若确定加密模式为第一加密模式,则根据获取到的待加密数据和密钥数据,生成第一密文数据并输出;若确定加密模式为第二加密模式,则根据获取到的算子数据和密钥数据,生成第二密文数据,根据第二密文数据和待加密数据,生成第三密文数据并输出,以提高数据加密的效率和兼容性。

The present application provides a data encryption method, device, electronic device and storage medium, which determines the encryption mode of the data to be encrypted according to the number of bytes of the received data to be encrypted or the encryption priority; if the encryption mode is determined to be the first encryption mode, first ciphertext data is generated and output according to the acquired data to be encrypted and key data; if the encryption mode is determined to be the second encryption mode, second ciphertext data is generated according to the acquired operator data and key data, and third ciphertext data is generated and output according to the second ciphertext data and the data to be encrypted, so as to improve the efficiency and compatibility of data encryption.

Description

Data encryption method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of data encryption technologies, and in particular, to a data encryption method, device, electronic apparatus, and storage medium.
Background
In the prior art, when an AES encryption algorithm is realized based on an FPGA, if an AES256-ECB encryption method is adopted, the realization difficulty is low, the stability is good, but the encryption efficiency is low, and if the AES256-CTR encryption method is adopted, a CTR operator can be reused, the encryption efficiency is high, but the security is poor, and the time sequence requirements on a secret key, the CTR operator and a plaintext data stream are high. Especially, in the communication process of high-speed data, if the plaintext data stream arrives, the CTR operator does not encrypt well yet, the plaintext data stream needs to be blocked to wait for the encryption of the CTR operator to complete. The blocking of data encryption can cause a large amount of data buffering requirements, so that the existing data encryption has lower efficiency and low compatibility.
Disclosure of Invention
In view of the above, the present application is directed to a data encryption method, apparatus, electronic device and storage medium, so as to improve the efficiency and compatibility of data encryption.
The data encryption method comprises the steps of determining an encryption mode of data to be encrypted according to the number of bytes or encryption priority of the received data to be encrypted, generating first ciphertext data according to the acquired data to be encrypted and key data and outputting the first ciphertext data if the encryption mode is determined to be an AES256-ECB encryption mode, generating second ciphertext data according to the acquired operator data and key data if the encryption mode is determined to be an AES256-CTR encryption mode, and generating third ciphertext data according to the second ciphertext data and the data to be encrypted and outputting the third ciphertext data.
Preferably, the step of determining the encryption mode of the data to be encrypted according to the received byte number of the data to be encrypted specifically includes determining the size of the effective byte number and the preset byte number of the data to be encrypted, generating a first mode selection signal to indicate that the encryption mode is an AES256-CTR encryption mode if the effective byte number of the data to be encrypted is smaller than the preset byte number, and generating a second mode selection signal to indicate that the encryption mode is an AES256-ECB encryption mode if the effective byte number of the data to be encrypted is greater than the preset byte number.
Preferably, the step of determining the encryption mode of the data to be encrypted according to the received encryption priority of the data to be encrypted specifically includes determining the encryption priority of the data to be encrypted and the magnitude of a preset encryption priority, generating a second mode selection signal to indicate that the encryption mode is an AES256-ECB encryption mode if the encryption priority of the data to be encrypted is smaller than the preset encryption priority, and generating a first mode selection signal to indicate that the encryption mode is an AES256-CTR encryption mode if the encryption priority of the data to be encrypted is greater than the preset encryption priority.
Preferably, the first ciphertext data or the second ciphertext data is generated by determining an initial value and initial input data corresponding to N, wherein the initial value of N is 0, when N is 0, the input data corresponding to N is data to be encrypted or operator data, generating a first key matrix corresponding to N according to key data, calculating according to the first key matrix corresponding to N and the initial input data to obtain output data, N=N+1, taking the output data as the current initial input data corresponding to N, determining whether the current N reaches a preset value, if not, jumping to generate the first key matrix corresponding to N according to the key data, continuing to execute, and if so, taking the current output data as the first ciphertext data or the second ciphertext data.
Preferably, the third ciphertext data is generated by determining a second ciphertext matrix corresponding to each byte to be encrypted according to the second ciphertext data, encrypting each byte of the data to be encrypted according to the second ciphertext matrix corresponding to the byte to generate fourth ciphertext data corresponding to the byte, and taking the fourth ciphertext data corresponding to all bytes of the data to be encrypted as the third ciphertext data.
Preferably, each byte of the data to be encrypted includes a multi-bit first target data, the second ciphertext data includes a multi-bit second target data, and for each byte of the data to be encrypted, fourth ciphertext data corresponding to the byte is generated by xoring, for each bit of the first target data in the byte, the first target data with the second target data on the same bit in the second ciphertext data to generate fourth ciphertext data corresponding to the byte.
Preferably, the third ciphertext data is output by determining valid bytes of the data to be encrypted, and outputting data in positions corresponding to the valid bytes of the data to be encrypted in the third ciphertext data as the third ciphertext data.
In a second aspect, the present application provides a data encryption apparatus, the apparatus comprising:
The processing module is used for determining the encryption mode of the data to be encrypted according to the received byte number or encryption priority of the data to be encrypted;
the first encryption module is used for generating and outputting first ciphertext data according to the acquired data to be encrypted and key data if the encryption mode is determined to be an AES256-ECB encryption mode;
And the second encryption module is used for generating second ciphertext data according to the acquired operator data and key data if the encryption mode is determined to be the AES256-CTR encryption mode, generating third ciphertext data according to the second ciphertext data and data to be encrypted and outputting the third ciphertext data.
In a third aspect, the application also provides an electronic device comprising a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is in operation, the machine-readable instructions when executed by the processor performing the steps of a data encryption method as described above.
In a fourth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of a data encryption method as described above.
The data encryption method, the device, the electronic equipment and the storage medium provided by the application determine the encryption mode of the data to be encrypted according to the number of bytes or the encryption priority corresponding to the received data to be encrypted. If the encryption mode is determined to be an AES256-ECB encryption mode, generating first ciphertext data according to the acquired data to be encrypted and the key data and outputting the first ciphertext data. If the encryption mode is determined to be the AES256-CTR encryption mode, second ciphertext data is generated according to the acquired operator data and key data, and third ciphertext data is generated and output according to the second ciphertext data and data to be encrypted. Compared with the method using a single encryption form in the prior art, the method can encrypt by using a more proper encryption mode in a targeted way according to the attribute of different data to be encrypted, has better compatibility, shortens the encryption time and has higher data encryption efficiency.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of an AES 256 encryption algorithm according to an embodiment of the present application;
FIG. 2 is a schematic diagram of an algorithm of an AES 256-ECB encryption mode according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an algorithm of an AES 256-CTR encryption mode according to an embodiment of the present application;
FIG. 4 is a flowchart of a data encryption method according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating steps for determining an encryption mode according to an embodiment of the present application;
FIG. 6 is a flowchart illustrating another embodiment of a method for determining an encryption mode according to the present application;
FIG. 7 is a block diagram of a dual mode encryption algorithm according to an embodiment of the present application;
Fig. 8 is a schematic structural diagram of a data encryption device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. Based on the embodiments of the present application, every other embodiment obtained by a person skilled in the art without making any inventive effort falls within the scope of protection of the present application.
First, an application scenario to which the present application is applicable will be described. The application can be applied to data encryption in the FPGA chip.
The advanced encryption standard (Advanced Encryption Standard, AES) is a symmetric encryption algorithm, i.e. the encryption key is identical to the decryption key. The encryption key length can be classified into three types of AES 128, AES 192, and AES 256. The data length of the plaintext and the ciphertext of the AES 256 encryption type is 16 bytes, the key length of the AES 256 encryption mode is 32 bytes (256 bits), the encryption cycle is 14 times, and the reliability of the ciphertext is highest.
The main flow of the AES 256 encryption algorithm is shown in fig. 1. The main processes include key expansion, round key addition, S-box transformation, row shift transformation, column confusion transformation, etc. Wherein, the round key adding step is used for expanding the key K into a 60-group round key matrix through a preset algorithmEvery four groups are used as a first key matrix for a round key addition process of plaintext in one round. The plaintext P is the data to be encrypted, and the ciphertext C is the first encrypted data or the second encrypted data.
As shown in fig. 2, a schematic diagram of an algorithm of the AES 256-ECB encryption mode is shown. As shown in fig. 3, a schematic diagram of an algorithm of the AES 256-CTR encryption mode is shown. The AES 256-CTR is an application mode of AES 256 encryption, provided that the AES-256 encryption algorithm process and a changed operator CTR are already available. The operation process of the algorithm module of the AES 256-CTR is shown in fig. 3, an operator CTR is encrypted through the AES-256 algorithm, and then the plaintext P is directly subjected to exclusive OR operation with the encrypted CTR value, so that ciphertext C is obtained. Therefore, the encryption object of the AES 256-CTR is a CTR operator, and the encrypted CTR operator is subjected to exclusive OR operation with the plaintext to obtain the ciphertext.
For the AES 256-ECB mode, it is the basic process of AES 256 encryption. The method has the advantages that (1) the basic algorithm flow of the AES 256 is realized in any mode, so that the ECB mode is adopted, which is the lowest difficulty in all AES 256 encryption modes, and (2) when the AES 256-ECB encrypted data is decrypted, only one item of content is needed except ciphertext, and other variables which possibly cause decryption failure are not existed, so that the method has good stability. However, the AES 256-ECB mode has the disadvantage that the plaintext to be encrypted each time must be 16 bits, and if the valid data of the plaintext is less than 16 bits, the data of the plaintext needs to be complemented first and then encrypted, which not only increases the workload, but also affects the encryption speed.
The CTR mode design has the significance that (1) when a CTR operator is unchanged within a period of time and the value of an encrypted CTR is unchanged, the AES-256 encryption process does not need to be operated again, but the encryption efficiency is greatly improved by performing bitwise exclusive OR operation on plaintext data coming each time and the encrypted CTR, and (2) under the condition that the CTR operator and a secret key are known on the ground, the value of the encrypted CTR can be calculated in advance, and after the data is received on the ground, the decryption operation can be completed by performing one-time or calculation.
However, the mode of the CTR is also quite remarkable in disadvantages (1) if the number of the change times of the CTR operator is large, the AES 256 algorithm still needs to be operated for many times, the encryption algorithm needs to be completed before the plaintext data is ready, certain requirements are required for the cooperation of the key and the CTR operator with the plaintext data stream, (2) if the number of the change times of the CTR operator is small, the value of the exclusive-or encryption CTR of the plaintext in a period of time is kept unchanged, a part of data can be possibly reversely cracked if the ciphertext has a certain rule, and (3) when the CTR algorithm is used, besides the value of the known key, the value of the CTR key corresponding to each piece of data is known, and certain requirements are provided for the source and the data downloading of the CTR operator. However, in the AES 256-CTR mode, even if the valid data of the plaintext is less than 16 bits, the decryption party can successfully decrypt the plaintext, and the encryption process requires only one time of the synchronization clock.
Therefore, for data to be encrypted with different attributes, an appropriate encryption mode needs to be selected to improve encryption efficiency, especially in communication of high-speed data.
Based on the above, the embodiment of the application provides a data encryption method, a data encryption device, electronic equipment and a storage medium.
Referring to fig. 4, fig. 4 is a flowchart of a data encryption method according to an embodiment of the application. As shown in fig. 4, the data encryption method provided by the embodiment of the application includes:
S101, determining an encryption mode of the data to be encrypted according to the received byte number or encryption priority of the data to be encrypted.
In one embodiment, as shown in fig. 5, a flowchart of steps for determining an encryption mode is provided in an embodiment of the present application. The step of determining the encryption mode of the data to be encrypted according to the received byte number of the data to be encrypted specifically includes:
s1010, determining the size of the effective byte number and the preset byte number of the data to be encrypted.
S1030, if the effective byte number of the data to be encrypted is smaller than the preset byte number, generating a first mode selection signal to indicate that the encryption mode is an AES256-CTR encryption mode.
S1050, if the effective byte number of the data to be encrypted is greater than the preset byte number, generating a second mode selection signal to indicate that the encryption mode is an AES256-ECB encryption mode.
In this embodiment, the encryption mode may be determined based on the number of valid bytes of the received data to be encrypted. The preset number of bytes here may be 15 bytes, and when the received valid flag of the data to be encrypted (plaintext) indicates that the valid number of bytes of the data to be encrypted is 16 bytes, then the AES256-ECB encryption mode may be selected. At this time, 15 time intervals are needed to output the encryption result, the encryption result is not easy to be cracked by a third party, and the decryption party can decrypt the information of the data to be encrypted only by acquiring the corresponding key data.
If the number of the valid bytes of the received data to be encrypted is only 8 bits due to data loss and the like, the data to be encrypted can be encrypted through an AES256-CTR encryption mode, and the CTR operator can be directly used after being encrypted before the data to be encrypted arrives, so that only a time interval of one synchronous clock is needed, and an encryption result can be output.
In one embodiment, as shown in fig. 6, another step flow chart for determining an encryption mode is provided in an embodiment of the present application. The step of determining the encryption mode of the data to be encrypted according to the received encryption priority of the data to be encrypted specifically includes:
s1020, determining the encryption priority of the data to be encrypted and the preset encryption priority.
S1040, if the encryption priority of the data to be encrypted is smaller than the preset encryption priority, generating a second mode selection signal to indicate that the encryption mode is an AES256-ECB encryption mode.
S1060, if the encryption priority of the data to be encrypted is greater than the preset encryption priority, generating a first mode selection signal to indicate that the encryption mode is an AES256-CTR encryption mode.
In this embodiment, an encryption priority may be set for each data to be encrypted according to factors such as importance of the data to be encrypted, and a corresponding encryption priority identification mark may be generated on the data to be encrypted. For example, the data to be encrypted is important data, and the encryption reliability requirement is high, and the encryption priority of the data to be encrypted may be the first priority. At this time, the preset encryption priority may be the second priority, and the encryption priority of the data to be encrypted is smaller than the preset encryption priority, and the data to be encrypted is encrypted by adopting the AES256-ECB encryption mode, so as to ensure the reliability of the data encryption to be encrypted.
Specifically, the encryption mode of the data to be encrypted can be judged by combining the byte number of the plasticizer to be encrypted and the encryption priority, so that a proper encryption mode is selected for the data to be encrypted, the data encryption efficiency is further ensured, and the data encryption compatibility is improved.
The mode selection signal here is used to indicate the encryption mode of the data to be encrypted.
S102, if the encryption mode is determined to be an AES256-ECB encryption mode, generating and outputting first ciphertext data according to the acquired data to be encrypted and key data.
And S103, if the encryption mode is determined to be an AES256-CTR encryption mode, generating second ciphertext data according to the acquired operator data and key data, generating third ciphertext data according to the second ciphertext data and data to be encrypted, and outputting the third ciphertext data.
Compared with the method using a single encryption mode in the prior art, the data encryption method provided by the embodiment of the application can be used for encrypting according to different attributes of the data to be encrypted in a more proper encryption mode, has better compatibility, shortens encryption time and has higher data encryption efficiency.
In the AES256-ECB encryption mode, the first ciphertext data is generated from the data to be encrypted and the key data, and in the AES256-CTR encryption mode, the second ciphertext data is generated from the operator data and the key data, both of which may employ the encryption flow of AES256 as shown in fig. 1. Specifically, in FPGA, it can be implemented in pipeline form.
In this embodiment, a pipelined encryption algorithm module is provided for implementing pipelined AES 256 encryption. The pipeline encryption algorithm module can comprise a key expansion module and 15 loop algorithm modules, which respectively correspond to 15 loops in the encryption process.
In the pipeline encryption algorithm module, finite field addition and finite field multiplication can be realized in an FPGA for a finite field basic algorithm. This is because finite field addition is essentially an exclusive-or process, finite field multiplication is a shift, exclusive-or process with conditional decisions, which is achievable for the logic gates of FPGAs. For S-box transformations, the essence is byte manipulation. However, if a module of byte form S-box transformation is designed, 16 times of S-box addressing sub-modules need to be called each time of matrix transformation, which is disadvantageous to both algorithm design and FPGA internal register design. In addition, the S box transformation is operated on a 4-word matrix in the use process of an actual algorithm, so that the S box transformation is designed to be in the form of a 16-byte matrix in the FPGA. For row shift conversion, only the shift operation of the data is performed in the FPGA, and no other algorithm support is needed. For column-confusion transformations, finite field multiplication, which is a conditional constraint, can be implemented by a module that invokes the finite field multiplication multiple times. For round key addition, the data is bitwise exclusive or operation in the FPGA, and other algorithm support is not needed. The key expansion process and the AES-256 encryption process are realized by means of the sub-module algorithm design, so that the whole algorithm flow is feasible in the FPGA.
Specifically, the first ciphertext data or the second ciphertext data is generated by:
And determining an initial value corresponding to N and initial input data, wherein the initial value of N is 0, and when N is 0, the input data corresponding to N is data to be encrypted or operator data. Generating a first key matrix corresponding to N according to the key data, calculating according to the first key matrix corresponding to N and the initial input data to obtain output data, wherein N=N+1, and taking the output data as the current initial input data corresponding to N. And determining whether the current N reaches a preset value, if not, jumping to generate a first key matrix corresponding to the N according to the key data, and continuing to execute, and if so, taking the current output data as the first ciphertext data or the second ciphertext data.
It will be appreciated that the 60-set round key matrix is first expanded based on current key dataEvery fourth group serves as a first key matrix. Taking AES256-CTR encryption mode as an example, the current data to be encrypted is firstly added withAnd inputting a first round algorithm module, wherein the first round algorithm performs round key addition calculation according to the input data so as to output first output data. And then the first output dataAnd inputting a second cyclic algorithm module, wherein the second algorithm module respectively performs S-box transformation, row shift transformation, column confusion transformation and round key addition calculation according to the input data so as to output second output data. At this time, the first round robin algorithm module may output first output data corresponding to the next data to be encrypted according to the next data to be encrypted and the corresponding first key matrix. So that the time interval between the encryption result of the current data to be encrypted and the encryption result of the next data to be encrypted is only one synchronous clock.
Compared with the mode that the next data to be encrypted can be encrypted only after the current data to be encrypted is encrypted in the prior art, the pipeline encryption algorithm module is adopted, the shortest time interval output between the two data to be encrypted is only one synchronous clock, and the shortest time interval output between the two data to be encrypted in the prior art needs 15 synchronous clocks, so that the pipeline encryption algorithm module can be selected in the process of generating the first ciphertext data or the second ciphertext data, the data encryption efficiency is improved, the data blocking is avoided, and the data caching pressure is reduced.
In the embodiment of the application, in the AES 256-CTR mode, the CTR operator and the key may be input into the pipeline encryption algorithm module to obtain the encrypted CTR operator (i.e., the second ciphertext data), and then the second ciphertext data and the data to be encrypted are input into the exclusive-or calculation module, so as to output the final encryption result (i.e., the third ciphertext data).
Specifically, the third ciphertext data is generated by:
And determining a second ciphertext matrix corresponding to each byte to be encrypted according to the second ciphertext data. And encrypting each byte of the data to be encrypted according to the second ciphertext matrix corresponding to the byte to generate fourth ciphertext data corresponding to the byte. And taking fourth ciphertext data corresponding to all bytes of the data to be encrypted as third ciphertext data.
The exclusive or may be performed by exclusive-or calculating each byte of the second ciphertext data with a byte at a corresponding position in the second ciphertext matrix. Illustratively, CTR operator data is 128 bits wide, can be equally divided into 16 8 bits wide byte data, and is independent of each other. In the data flow algorithm, after each CTR operator (operator data) is encrypted to obtain encrypted c_ctr data (second encrypted data) with 128-bit width, if the number of valid bytes of the data to be encrypted is 8 bytes, the second encrypted data performs an exclusive-or operation with the 8-bit width of the plaintext from the lower 8 bits, and intercepts the exclusive-or object when the next plaintext arrives from the upper bits in units of each 8-bit width. That is, the CTR is encrypted by the AES 256 algorithm to obtain an encrypted c_ctr operator with a bit width of 128 bits. When P (0) [7:0] arrives, C_CTR [7:0] is selected to exclusive OR with P (0) [7:0] and C (0) [7:0] is obtained, wherein 7:0 indicates 8 bits of data in the first byte of data. When a clock arrives, P (1) 7:0 selects C_CTR 15:8 for exclusive or, then P (2) 7:0 selects C_CTR 23:16 for exclusive or, P (3) 7:0 selects C_CTR 31:24 for exclusive or, P (4) 7:0 selects C_CTR 39:32 for exclusive or, P (5) 7:0 selects C_CTR 47:40 for exclusive or, P (6) 7:0 selects C_CTR 55:48 for exclusive or, P (7) 7:0 selects C_CTR 63:56 for exclusive or, P (8) 7:0 selects C_CTR 71:64 for exclusive or, then P (9) 7:0 selects C_CTR 79:72 for exclusive or, P (10) 7:0) and C_CTR 39:32 for exclusive or, P (5) 7:0 and C_CTR 47:40 for exclusive or, P (6) 7:0 and C_CTR 55:48 for exclusive or, P (7:0) 7:0 and C_CTR 63:56 for exclusive or, P (8) 7:0 selects C_CTR 71:64 for exclusive or P (9) 7:7:0 and C_CTR 7:79 for exclusive or C_7:7:7:7 for exclusive or 3:0 and C_CTR 7:7:7:7:7 for exclusive or 3:7:7:7:7:0 and C_CTR 12 for exclusive or 95:0. Each xor corresponds to an input data clock edge. Under the action of the data input clock with the width of 8 bits for 16 times, the 128-bit width of the C_CTR is fully utilized, and then the values of the next group of CTR and the C_CTR need to be replaced.
According to the above logic, each set of CTRs may correspond to 16 encryption operations of 8-bit wide data by the encryption operator c_ctr obtained by the AES256 algorithm. In the data stream system, with the input clock of the data stream as a reference, the update frequency of the CTR operator is 1-16 times the input clock of the data stream. Setting a counter in the FPGA to trigger, and updating the values of CTR and C_CTR every time 16 data stream input clock counts are detected, wherein the effect is equivalent to one clock trigger for an encryption algorithm of AES 256.
In the AES256-CTR mode, CTR is typically used as a self-increment operator, i.e., each time CTR is entered, 1 is added to the last input. Therefore, the value of the encryption operator c_ctr is updated after passing through valid data (16 bytes) every 128 bits wide, and the validity of encryption is ensured.
Specifically, each byte of the data to be encrypted includes multi-bit first target data, the second ciphertext data includes multi-bit second target data, and for each byte of the data to be encrypted, fourth ciphertext data corresponding to the byte is generated by:
And for each first target data in the byte, exclusive-or is carried out on the first target data and second target data in the same bit in the second ciphertext data so as to generate fourth ciphertext data corresponding to the byte.
It will be appreciated that for 8-bit data in one byte of the data to be encrypted, the bit data at the corresponding position is xored with 8-bit data in the corresponding byte of the second ciphertext data.
Specifically, in the embodiment of the present application, the third ciphertext data may be further output in the following manner:
and determining the effective bytes of the data to be encrypted, and outputting the data in the position corresponding to the effective bytes of the data to be encrypted in the third ciphertext data as the third ciphertext data.
In the step, if the valid byte of the data to be encrypted is 8 bits, the decryption party can complete decryption only according to the last 8 bytes of the third ciphertext data and CTR operator data, and only the last 8 bytes can be output to the decryption party at the moment, so that the resource consumption of the system is reduced.
In one embodiment, as shown in fig. 7, a block diagram of a dual-mode encryption algorithm module according to an embodiment of the present application is provided. The dual mode encryption module (AES 256 Double Mode Module) is configured to determine an operating encryption module according to the received encryption mode selection signal, and encrypt input data to be encrypted to output an encryption result. The CLK channel is used for receiving synchronous clock signals, and the pText [127:0] channel is used for receiving data to be encrypted. Key [255:0] is used to receive Key data. pText _en is used for receiving a plaintext effective identifier, which is used for indicating the effective data quantity of the data to be processed. The CTR [127:0] channel is used to receive CTR operator data. CTR_EN is used for receiving CTR operator valid identification, wherein the CTR operator valid identification is used for indicating the valid data quantity of the CTR operator, the valid data of the CTR operator is required to be 126 bits, and otherwise, error reporting can be carried out. The Mode channel is used for receiving an encryption Mode selection signal, and specifically, a high level and a low level can be used for distinguishing two modes. The cText [127:0] channel is used for outputting the first ciphertext data or the third ciphertext data. cText _en is used for receiving a ciphertext valid identifier, where the ciphertext valid identifier is used for indicating a valid data quantity of ciphertext data or third ciphertext data.
Based on the same inventive concept, the embodiment of the present application further provides a data encryption device corresponding to the data encryption method, and since the principle of solving the problem by the device in the embodiment of the present application is similar to that of the data encryption method in the embodiment of the present application, the implementation of the device may refer to the implementation of the method, and the repetition is omitted.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a data encryption device according to an embodiment of the application. As shown in fig. 8, the data encryption apparatus 800 includes:
a processing module 810, configured to determine an encryption mode of the data to be encrypted according to the number of bytes or the encryption priority of the received data to be encrypted;
the first encryption module 820 is configured to generate and output first ciphertext data according to the obtained data to be encrypted and the key data if the encryption mode is determined to be the AES256-ECB encryption mode;
And the second encryption module 830 is configured to generate second ciphertext data according to the obtained operator data and the key data if the encryption mode is determined to be the AES256-CTR encryption mode, generate third ciphertext data according to the second ciphertext data and the data to be encrypted, and output the third ciphertext data.
In a preferred embodiment, the processing module 810 is specifically configured to determine the size of the valid byte count and the preset byte count of the data to be encrypted, generate a first mode selection signal to indicate that the encryption mode is the AES256-CTR encryption mode if the valid byte count of the data to be encrypted is less than the preset byte count, and generate a second mode selection signal to indicate that the encryption mode is the AES256-ECB encryption mode if the valid byte count of the data to be encrypted is greater than the preset byte count.
In a preferred embodiment, the processing module 810 is configured to determine the encryption priority of the data to be encrypted and the preset encryption priority, generate a third mode selection signal to indicate that the encryption mode is the AES256-CTR encryption mode if the encryption priority of the data to be encrypted is less than the preset encryption priority, and generate a fourth mode selection signal to indicate that the encryption mode is the AES256-ECB encryption mode if the encryption priority of the data to be encrypted is greater than the preset encryption priority.
In a preferred embodiment, the first encryption module 820 or the second encryption module 830 is specifically configured to determine an initial value and initial input data corresponding to N, where the initial value of N is 0, and when N is 0, the input data corresponding to N is data to be encrypted or operator data, generate a first key matrix corresponding to N according to key data, calculate according to the first key matrix corresponding to N and the initial input data to obtain output data, n=n+1, and use the output data as current initial input data corresponding to N, determine whether the current N reaches a preset value, if not, skip to generate the first key matrix corresponding to N according to the key data, and continue to execute, if yes, use the current output data as the first ciphertext data or the second ciphertext data.
In a preferred embodiment, the second encryption module 830 is specifically configured to determine a second ciphertext matrix corresponding to each byte to be encrypted according to the second ciphertext data, encrypt, for each byte of the data to be encrypted, the byte according to the second ciphertext matrix corresponding to the byte to generate fourth ciphertext data corresponding to the byte, and use the fourth ciphertext data corresponding to all bytes of the data to be encrypted as the third ciphertext data.
In a preferred embodiment, the second encryption module 830 is specifically configured to, for each byte of the data to be encrypted, include a multi-bit first target data, and the second ciphertext data includes a multi-bit second target data, and for each byte of the data to be encrypted, generate fourth ciphertext data corresponding to the byte by, for each bit of the first target data in the byte, xoring the first target data with the second target data on the same bit in the second ciphertext data to generate fourth ciphertext data corresponding to the byte.
In a preferred embodiment, the processing module 810 is specifically configured to determine a valid byte of the data to be encrypted, and output data in a position corresponding to the valid byte of the data to be encrypted in the third ciphertext data as the third ciphertext data.
Referring to fig. 9, fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the application. As shown in fig. 9, the electronic device 900 includes a processor 910, a memory 920, and a bus 930.
The memory 920 stores machine-readable instructions executable by the processor 910, when the electronic device 900 is running, the processor 910 communicates with the memory 920 through the bus 930, and when the machine-readable instructions are executed by the processor 910, the steps of the data encryption method in the above method embodiment may be executed, and the specific implementation manner may refer to the method embodiment and will not be described herein.
The embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program may execute the steps of the data encryption method in the above method embodiment when executed by a processor, and a specific implementation manner may refer to the method embodiment and will not be described herein.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. The storage medium includes a U disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
It should be noted that the foregoing embodiments are merely illustrative embodiments of the present application, and not restrictive, and the scope of the application is not limited to the embodiments, and although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that any modification, variation or substitution of some of the technical features of the embodiments described in the foregoing embodiments may be easily contemplated within the scope of the present application, and the spirit and scope of the technical solutions of the embodiments do not depart from the spirit and scope of the embodiments of the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.

Claims (6)

1.一种数据加密方法,其特征在于,所述方法包括:1. A data encryption method, characterized in that the method comprises: 模式选择器根据接收到的待加密数据对应的字节数量或加密优先级,确定所述待加密数据的加密模式并生成用于指示所述加密模式选择信号;The mode selector determines the encryption mode of the data to be encrypted according to the number of bytes or encryption priority corresponding to the received data to be encrypted and generates a signal for indicating the encryption mode selection; 模式选择器将所述加密模式选择信号发送至双模式加密算法模块的Mode通道;The mode selector sends the encryption mode selection signal to the Mode channel of the dual-mode encryption algorithm module; 若确定加密模式为AES256-ECB加密模式,双模式加密算法模块则根据获取到的待加密数据和密钥数据,生成第一密文数据并输出;If the encryption mode is determined to be the AES256-ECB encryption mode, the dual-mode encryption algorithm module generates and outputs first ciphertext data according to the acquired data to be encrypted and key data; 若确定加密模式为AES 256-CTR加密模式,双模式加密算法模块则根据获取到的算子数据和密钥数据,生成第二密文数据,根据所述第二密文数据和所述待加密数据,生成第三密文数据并输出;If the encryption mode is determined to be the AES 256-CTR encryption mode, the dual-mode encryption algorithm module generates second ciphertext data according to the acquired operator data and key data, and generates and outputs third ciphertext data according to the second ciphertext data and the data to be encrypted; 其中,通过以下方式生成所述第一密文数据或所述第二密文数据:The first ciphertext data or the second ciphertext data is generated in the following manner: 确定N对应的初始值和初始输入数据,其中,N的初始值为0,当N为0时,N对应的输入数据为所述待加密数据或所述算子数据;Determine an initial value and initial input data corresponding to N, wherein the initial value of N is 0. When N is 0, the input data corresponding to N is the data to be encrypted or the operator data; 根据所述密钥数据,生成N对应的第一密钥矩阵,并根据N对应的第一密钥矩阵和所述初始输入数据进行计算得到输出数据,N=N+1,将所述输出数据并作为当前的N对应的初始输入数据;Generate a first key matrix corresponding to N according to the key data, and calculate output data according to the first key matrix corresponding to N and the initial input data, N=N+1, and use the output data as the initial input data corresponding to the current N; 确定当前的N是否达到预设数值;Determine whether the current N reaches a preset value; 若否,则跳转到根据所述密钥数据,生成N对应的第一密钥矩阵继续执行;If not, jump to generate the first key matrix corresponding to N according to the key data and continue to execute; 若是,则将当前的输出数据作为所述第一密文数据或所述第二密文数据;If yes, the current output data is used as the first ciphertext data or the second ciphertext data; 以及,通过以下方式生成第三密文数据:And, generate the third ciphertext data in the following manner: 根据所述第二密文数据,确定与所述待加密的每个字节对应的第二密文矩阵;Determine, according to the second ciphertext data, a second ciphertext matrix corresponding to each byte to be encrypted; 针对所述待加密数据的每个字节,根据该字节对应的第二密文矩阵,对该字节进行加密,以生成该字节对应的第四密文数据;For each byte of the data to be encrypted, encrypt the byte according to the second ciphertext matrix corresponding to the byte to generate fourth ciphertext data corresponding to the byte; 将所述待加密数据的所有字节对应的第四密文数据,作为所述第三密文数据;Using the fourth ciphertext data corresponding to all bytes of the data to be encrypted as the third ciphertext data; 以及,所述待加密数据的每个字节包括多位第一目标数据,所述第二密文数据包括多位第二目标数据,针对待加密数据的每个字节,通过以下方式生成该字节对应的第四密文数据:Furthermore, each byte of the data to be encrypted includes multiple bits of first target data, the second ciphertext data includes multiple bits of second target data, and for each byte of the data to be encrypted, fourth ciphertext data corresponding to the byte is generated in the following manner: 针对该字节中的每一位第一目标数据,将该第一目标数据与所述第二密文数据中同一位上的第二目标数据进行异或,以生成该字节对应的第四密文数据。For each bit of the first target data in the byte, the first target data is XORed with the second target data at the same bit in the second ciphertext data to generate fourth ciphertext data corresponding to the byte. 2.根据权利要求1所述的方法,其特征在于,所述根据接收到的待加密数据对应的字节数量,确定所述待加密数据的加密模式的步骤,具体包括:2. The method according to claim 1, characterized in that the step of determining the encryption mode of the data to be encrypted according to the number of bytes corresponding to the received data to be encrypted specifically comprises: 确定所述待加密数据的有效字节数量与预设字节数量的大小;Determine the size of the valid byte number of the data to be encrypted and the preset byte number; 若所述待加密数据的有效字节数量小于预设字节数量,则生成第一模式选择信号,以指示加密模式为AES256-CTR加密模式;If the number of valid bytes of the data to be encrypted is less than the preset number of bytes, a first mode selection signal is generated to indicate that the encryption mode is the AES256-CTR encryption mode; 若所述待加密数据的有效字节数量大于预设字节数量,则生成第二模式选择信号,以指示加密模式为AES256-ECB加密模式。If the number of valid bytes of the data to be encrypted is greater than the preset number of bytes, a second mode selection signal is generated to indicate that the encryption mode is the AES256-ECB encryption mode. 3.根据权利要求1所述的方法,其特征在于,所述根据接收到的待加密数据对应加密优先级,确定所述待加密数据的加密模式的步骤,具体包括:3. The method according to claim 1 is characterized in that the step of determining the encryption mode of the data to be encrypted according to the encryption priority corresponding to the received data to be encrypted specifically comprises: 确定所述待加密数据的加密优先级与预设加密优先级的大小;Determine the size of the encryption priority of the data to be encrypted and the preset encryption priority; 若所述待加密数据的加密优先级小于预设加密优先级,则生成第二模式选择信号,以指示加密模式为AES256-ECB加密模式;If the encryption priority of the data to be encrypted is less than the preset encryption priority, a second mode selection signal is generated to indicate that the encryption mode is the AES256-ECB encryption mode; 若所述待加密数据的加密优先级大于预设加密优先级,则生成第一模式选择信号,以指示加密模式为AES256-CTR加密模式。If the encryption priority of the data to be encrypted is greater than the preset encryption priority, a first mode selection signal is generated to indicate that the encryption mode is the AES256-CTR encryption mode. 4.根据权利要求2所述的方法,其特征在于,通过以下方式输出所述第三密文数据:4. The method according to claim 2, characterized in that the third ciphertext data is outputted in the following manner: 确定所述待加密数据的有效字节,将所述第三密文数据中与所述待加密数据的有效字节对应位置上的数据,作为所述第三密文数据输出。Determine the valid bytes of the data to be encrypted, and output the data at the position corresponding to the valid bytes of the data to be encrypted in the third ciphertext data as the third ciphertext data. 5.一种电子设备,其特征在于,包括:处理器、存储器和总线,所述存储器存储有所述处理器可执行的机器可读指令,当电子设备运行时,所述处理器与所述存储器之间通过总线通信,所述处理器执行所述机器可读指令,以执行如权利要求1至4任一所述的数据加密方法的步骤。5. An electronic device, characterized in that it comprises: a processor, a memory and a bus, wherein the memory stores machine-readable instructions executable by the processor, and when the electronic device is running, the processor communicates with the memory through the bus, and the processor executes the machine-readable instructions to perform the steps of the data encryption method as described in any one of claims 1 to 4. 6.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器运行时执行如权利要求1至4任一所述的数据加密方法的步骤。6. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the data encryption method according to any one of claims 1 to 4 are executed.
CN202210547596.1A 2022-05-18 2022-05-18 Data encryption method, device, electronic device and storage medium Active CN114826562B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210547596.1A CN114826562B (en) 2022-05-18 2022-05-18 Data encryption method, device, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210547596.1A CN114826562B (en) 2022-05-18 2022-05-18 Data encryption method, device, electronic device and storage medium

Publications (2)

Publication Number Publication Date
CN114826562A CN114826562A (en) 2022-07-29
CN114826562B true CN114826562B (en) 2025-01-03

Family

ID=82514846

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210547596.1A Active CN114826562B (en) 2022-05-18 2022-05-18 Data encryption method, device, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN114826562B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119402297B (en) * 2024-12-30 2025-04-25 苏州元脑智能科技有限公司 Data transmission method, device, readable storage medium and program product

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103716166A (en) * 2013-12-27 2014-04-09 哈尔滨工业大学深圳研究生院 Self-adaptation hybrid encryption method and device and encryption communication system
KR20160063902A (en) * 2014-11-27 2016-06-07 에스케이텔레콤 주식회사 Security communication method and apparatus
CN112653546A (en) * 2020-12-15 2021-04-13 电子科技大学 A Fault Attack Detection Method Based on Power Analysis

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100067687A1 (en) * 2004-12-06 2010-03-18 The Trustees Of The Stevens Institute Of Technology Method and apparatus for maintaining data integrity for block-encryption algorithms
US8155306B2 (en) * 2004-12-09 2012-04-10 Intel Corporation Method and apparatus for increasing the speed of cryptographic processing
US9838388B2 (en) * 2014-08-26 2017-12-05 Veridium Ip Limited System and method for biometric protocol standards
CN110336662B (en) * 2019-06-06 2022-02-18 平安科技(深圳)有限公司 Digital information encryption method and device, computer equipment and storage medium
CN110336661B (en) * 2019-09-02 2019-12-31 灵长智能科技(杭州)有限公司 AES-GCM data processing method, device, electronic equipment and storage medium
US11283599B2 (en) * 2020-03-20 2022-03-22 Oracle International Corporation Reusable key generated ciphertext decryption

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103716166A (en) * 2013-12-27 2014-04-09 哈尔滨工业大学深圳研究生院 Self-adaptation hybrid encryption method and device and encryption communication system
KR20160063902A (en) * 2014-11-27 2016-06-07 에스케이텔레콤 주식회사 Security communication method and apparatus
CN112653546A (en) * 2020-12-15 2021-04-13 电子科技大学 A Fault Attack Detection Method Based on Power Analysis

Also Published As

Publication number Publication date
CN114826562A (en) 2022-07-29

Similar Documents

Publication Publication Date Title
US9537657B1 (en) Multipart authenticated encryption
JP6030103B2 (en) Data protection apparatus and method
CN105940439B (en) Countermeasures against side-channel attacks against cryptographic algorithms using permutations
US9515818B2 (en) Multi-block cryptographic operation
US11546135B2 (en) Key sequence generation for cryptographic operations
US20160196219A1 (en) Flexible architecture and instruction for advanced encryption standard (aes)
US20080084996A1 (en) Authenticated encryption method and apparatus
JP2010529496A (en) Encryption method and device for pseudo-random generation, data encryption, and message encryption hashing
WO2019114122A1 (en) Encryption method for login information, device, electronic device, and medium
US9565018B2 (en) Protecting cryptographic operations using conjugacy class functions
CN108141352B (en) Cryptographic apparatus, method, apparatus and computer readable medium, and encoding apparatus, method, apparatus and computer readable medium
CN105007154B (en) A kind of encrypting and decrypting device based on aes algorithm
CN111373464B9 (en) Encryption device, encryption method, decryption device and decryption method
JP6735926B2 (en) Encryption device, decryption device, encryption method, decryption method, encryption program, and decryption program
US20150200772A1 (en) Information processing apparatus and method therefor
EP3667647A1 (en) Encryption device, encryption method, decryption device, and decryption method
CN108063760B (en) Method and system for block encryption and method for block decryption
US9391770B2 (en) Method of cryption
CN114826562B (en) Data encryption method, device, electronic device and storage medium
US11886623B2 (en) Integrated communication security
CN115242393A (en) Encryption device, decryption device, encryption method, decryption method, and electronic equipment
JP6631989B2 (en) Encryption device, control method, and program
CN115277064A (en) Data encryption method, data decryption method, data encryption device, data decryption device, electronic equipment and medium
Kothandan Modified Blowfish Algorithm to Enhance its Performance and Security
US20170126399A1 (en) Encryption apparatus, storage system, decryption apparatus, encryption method, decryption method, and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Country or region after: China

Address after: Room 1101, 11 / F, building 4, zone 1, 81 Beiqing Road, Haidian District, Beijing

Applicant after: Beijing Weina Starry Sky Technology Co.,Ltd.

Applicant after: Beijing Guoyu XingKong Technology Co.,Ltd.

Applicant after: Anhui Weina XingKong Technology Co.,Ltd.

Applicant after: Hainan Weina Star Technology Co.,Ltd.

Applicant after: Shaanxi Guoyu XingKong Technology Co.,Ltd.

Address before: Room 1101, 11 / F, building 4, zone 1, 81 Beiqing Road, Haidian District, Beijing

Applicant before: BEIJING MINOSPACE TECHNOLOGY CO.,LTD.

Country or region before: China

Applicant before: Beijing Guoyu XingKong Technology Co.,Ltd.

Applicant before: Anhui Weina XingKong Technology Co.,Ltd.

Applicant before: Hainan Weina Star Technology Co.,Ltd.

Applicant before: Shaanxi Guoyu XingKong Technology Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20250902

Address after: 100094 No.81, Beiqing Road, Haidian District, Beijing Building 2, 4th Floor, 5th Floor, 6th Floor, Room 101

Patentee after: Beijing Weina Starry Sky Technology Co.,Ltd.

Country or region after: China

Patentee after: Beijing Guoyu XingKong Technology Co.,Ltd.

Patentee after: Hainan Weina Star Technology Co.,Ltd.

Address before: Room 1101, 11 / F, building 4, zone 1, 81 Beiqing Road, Haidian District, Beijing

Patentee before: Beijing Weina Starry Sky Technology Co.,Ltd.

Country or region before: China

Patentee before: Beijing Guoyu XingKong Technology Co.,Ltd.

Patentee before: Anhui Weina XingKong Technology Co.,Ltd.

Patentee before: Hainan Weina Star Technology Co.,Ltd.

Patentee before: Shaanxi Guoyu XingKong Technology Co.,Ltd.

TR01 Transfer of patent right