CN101311942A

Movatterモバイル変換

Info

Publication number: CN101311942A
Application number: CNA2007101076366A
Authority: CN
Inventors: 唐文; 胡建钧
Original assignee: Siemens Ltd China
Current assignee: Beijing Siemens Cerberus Electronics Ltd
Priority date: 2007-05-23
Filing date: 2007-05-23
Publication date: 2008-11-26
Anticipated expiration: 2027-05-23
Also published as: JP2010528511A; JP5167348B2; CN101311942B; WO2008141992A1; EP2150917A1

Abstract

The invention relates to the field of computer security, in particular to a method for encrypting and decrypting software and a device thereof. The decryption of the invention comprises the following steps: step 201, t threshold cryptographic key factors are taken out randomly from n sections of a second software cryptograph, and the second software cryptograph is restored to a first software cryptograph and a cryptographic key cryptograph PSK, in which n is signless integral which is more than one, and t is signless integral which is less than or equal to n; step 202, the cryptographic key cryptograph PSK is taken out, a second cryptographic key is calculated according to the t threshold cryptographic key factors, and the cryptographic key cryptograph PSK is decrypted to a first cryptographic key SK by the second cryptographic key; step 203, the first software cryptograph is decrypted by using the first cryptographic key SK, and the software plaintext is obtained. The beneficial effect of the method provided by the invention is that protection of software with cryptographic key is strengthened, which is difficult for crackers to realize the purpose of software crack by tracking the process of software load.

Description

Translated fromChinese

对软件进行加密、解密的方法及加密、解密的装置Method and device for encrypting and decrypting software

技术领域technical field

本发明涉及计算机安全领域，特别涉及计算机加密领域，具体的讲是对软件进行加密、解密的方法及加密、解密的装置。The invention relates to the field of computer security, in particular to the field of computer encryption, in particular to a method for encrypting and decrypting software and an encryption and decryption device.

背景技术Background technique

现在，软件已经成为一种具有独立的价值的商品，软件的功能、执行过程和编码等等都很可能成为竞争对手或其它组织或个人抄袭的对象。所以软件，特别是由中间语言，例如，Java，.NET等编程语言编写的软件很容易通过逆向工程被逆向编码，例如使用.NET Reflect(微软的逆向工程工具)，JAD(Java的逆向工程工具)，从而得到软件的核心算法、编码等信息，这些信息如果被破解者恶意使用会造成开发者的损失，例如，模仿软件的核心算法，绕过注册过的软件等。Now, software has become a commodity with independent value, and the functions, execution process and coding of software are likely to be copied by competitors or other organizations or individuals. So software, especially software written in intermediate languages, such as Java, .NET and other programming languages, can be easily reverse-coded by reverse engineering, such as using .NET Reflect (Microsoft’s reverse engineering tool), JAD (Java’s reverse engineering tool ), so as to obtain information such as the core algorithm and code of the software. If this information is maliciously used by the cracker, it will cause losses to the developer, for example, imitating the core algorithm of the software, bypassing the registered software, etc.

在现有技术中，通过更改程序内部函数名称，重新安排控制流程或其它方法来迷惑破解者的破解行为具有一定的效果，能够使逆向编码后的软件程序很难读懂或者无法读懂，但是这种源代码的保护机制不能避免软件程序被逆向编码，软件程序的信息还是有可能泄漏。In the prior art, changing the name of the internal function of the program, rearranging the control flow or other methods to confuse the cracking behavior of the cracker has a certain effect, which can make the reverse coded software program difficult or impossible to read, but This source code protection mechanism cannot prevent the software program from being reverse-coded, and the information of the software program may still be leaked.

在《计算机与信息技术》2005年5月刊“利用DES加密算法保护Java源代码”一文中，公开了一种将Java编辑的软件进行加密，并在运行时解密的方案。该方案使用数据加密标准(DES：Data Encryption Standard)将可执行的Java程序加密，将加密后的程序编码和密钥存储于存储器内，加载器将加密的Java程序编码和密钥加载到系统中，调出密钥并将程序编码解密，转换为可执行的编码形式，并载入Java虚拟机(JVM)中运行。In the May 2005 issue of "Computer and Information Technology", "Using the DES Encryption Algorithm to Protect the Java Source Code", a scheme for encrypting the software edited by Java and decrypting it at runtime is disclosed. This scheme uses the Data Encryption Standard (DES: Data Encryption Standard) to encrypt the executable Java program, store the encrypted program code and key in the memory, and the loader loads the encrypted Java program code and key into the system , call out the key and decrypt the program code, convert it into an executable code form, and load it into a Java virtual machine (JVM) to run.

上述方法很容易被破解者跟踪，破解者只要使用调试工具就可以跟踪程序启动的每一步。如果程序在每次运行时都访问某一个文件，从该文件中获得密钥或者获得系统符号名，这样会使破解者怀疑该文件可能为该软件的密钥文件或者系统符号名对照表，如果破解者确定了该文件就是密钥文件，则会千方百计的破解该密钥文件，如果破解了密钥文件，则就可以将密文的软件编码转换为明文的软件编码，对该软件就可以进行逆向工程以生成源代码，从而造成软件所有人的损失。The above method is easy to be tracked by the cracker, and the cracker can track every step of the program startup as long as he uses a debugging tool. If the program accesses a certain file every time it runs, and obtains the key or the system symbol name from the file, this will make the cracker suspect that the file may be the key file of the software or the system symbol name comparison table, if If the cracker determines that the file is the key file, he will do everything possible to crack the key file. If the key file is cracked, the software code of the ciphertext can be converted into the software code of the plain text, and the software can be processed. Reverse engineering to generate source code at the loss of the owner of the software.

发明内容Contents of the invention

为了解决以上问题，增加软件被反编译的难度，本发明的目的在于提供一种对软件进行加密的方法和一种相应的解密方法，加入了门限加密特征，在每次启动软件时获取门限密钥因子的地址都不一样，使破解者不能确定哪些是密钥地址。In order to solve the above problems and increase the difficulty of software decompilation, the purpose of the present invention is to provide a method for encrypting software and a corresponding decryption method, adding a threshold encryption feature, and obtaining the threshold encryption every time the software is started. The addresses of the key factors are different, so that the cracker cannot determine which are the key addresses.

本发明还提供了一种对软件进行加密的装置和一种相应的解密装置，能够随机的将多个门限密钥因子存储于软件的不同段中，解密时随机的从某些段中取得门限密钥因子用于解密软件。The present invention also provides a device for encrypting software and a corresponding decryption device, which can randomly store multiple threshold key factors in different segments of the software, and randomly obtain thresholds from certain segments when decrypting. The key factor is used to decrypt the software.

步骤101，利用第一加密模块将存储介质中的软件明文加密为第一软件密文，其中解密所用的密钥为第一密钥SK；Step 101, using the first encryption module to encrypt the software plaintext in the storage medium into a first software ciphertext, wherein the key used for decryption is the first key SK;

步骤102，第二加密模块利用n个门限密钥因子生成第二密钥，使用该第二密钥将所述第一密钥SK加密为密钥密文PSK，并将所述密钥密文PSK拼接于所述第一软件密文中，其中n＞1的正整数；Step 102, the second encryption module uses n threshold key factors to generate a second key, uses the second key to encrypt the first key SK into a key ciphertext PSK, and converts the key ciphertext PSK is spliced into the first software ciphertext, where n>1 is a positive integer;

步骤103，利用封装模块将所述密钥密文PSK和第一软件密文作为一体分为n段，将所述门限密钥因子拼接于所述分段中，形成第二软件密文，并存储于所述存储介质中。Step 103, using the encapsulation module to divide the key ciphertext PSK and the first software ciphertext into n segments, splicing the threshold key factor into the segments to form a second software ciphertext, and stored in the storage medium.

根据本发明加密方法的一个进一步的方面，所述步骤101中所述的加密方法包括，对称加密算法或非对称加密算法。According to a further aspect of the encryption method of the present invention, the encryption method described instep 101 includes a symmetric encryption algorithm or an asymmetric encryption algorithm.

根据本发明加密方法的再一个进一步的方面，所述步骤102中使用的门限密钥算法包括沙米尔门限密钥算法。According to a further aspect of the encryption method of the present invention, the threshold key algorithm used instep 102 includes a Shamir threshold key algorithm.

根据本发明加密方法的另一个进一步的方面，所述步骤103中，所述封装模块将所述密钥密文PSK和第一软件密文作为一体分为n段，C代表所述n段中的任意一段，段C由块C₀，C₂，…，C_m-1构成，针对于每一段C和相应的k计算：According to another further aspect of the encryption method of the present invention, in thestep 103, the encapsulation module divides the key ciphertext PSK and the first software ciphertext into n segments as a whole, and C represents that in the n segments Any segment of , segment C is composed of blocks C₀ , C₂ , ..., C_m-1 , for each segment C and the corresponding k calculation:

C′₀＝C₀×k (E0)C′₀ ＝C₀ ×k (E0)

C′₁＝C₁×k+C₀ (E2)C'₁ ＝C₁ ×k+C₀ (E2)

C′₂＝C₂×k+C₁ (E3)C'₂ ＝C₂ ×k+C₁ (E3)

… … …... ... ...

C′_m-1＝C_m-1×k+C_m-2 (Em-1)C'_m-1 ＝C_m-1 ×k+C_m-2 (Em-1)

C′_m＝C_m-1 (Em)C′_m ＝C_m-1 (Em)

以上的×为算术乘法运算，同时计算门限密钥因子k的的哈希值h，合并C′₀至C′_m形成C’，将n段C’和相应的哈希值h拼接到一起形成所述的第二软件密文。The above × is an arithmetic multiplication operation. At the same time, the hash value h of the threshold key factor k is calculated, and C'₀ to C'_m are combined to form C', and n segments of C' and the corresponding hash value h are spliced together to form The second software ciphertext.

一种对软件进行解密的方法，在软件加载的过程中包括以下步骤：A method for decrypting software includes the following steps in the software loading process:

步骤201，解封装模块从第二软件密文的n个段中随机取t个门限密钥因子，将所述第二软件密文恢复为第一软件密文和密钥密文PSK，其中1≤t≤n，n为大于1的正整数；Step 201, the decapsulation module randomly selects t threshold key factors from n segments of the second software ciphertext, and restores the second software ciphertext to the first software ciphertext and key ciphertext PSK, where 1 ≤t≤n, n is a positive integer greater than 1;

步骤202，提取所述密钥密文PSK，第二解密模块根据所述t个门限密钥因子生成第二密钥，利用该第二密钥将密钥密文PSK解密为第一密钥SK；Step 202, extract the key ciphertext PSK, the second decryption module generates a second key according to the t threshold key factors, and use the second key to decrypt the key ciphertext PSK into the first key SK ;

步骤203，第一解密模块使用所述第一密钥SK将所述第一软件密文解密，并将软件明文传送给CPU，以执行该软件。Step 203, the first decryption module uses the first key SK to decrypt the ciphertext of the first software, and transmits the plaintext of the software to the CPU to execute the software.

根据本发明解密方法的一个进一步的方面，所述步骤201中，所述解封装模块分别对n段第二软件密文中的每一段计算：根据E0至Em消去C₀，C₁，…，C_m-1，得到等式0＝-C′_mk^m+C′_m-1×k^m-1-C′_m-2×k^m-2+...+(-1)^m-1×C′₀ (P0)，According to a further aspect of the decryption method of the present invention, in thestep 201, the decapsulation module calculates for each segment of n segments of the second software ciphertext: eliminate C₀ , C₁ , ..., C according to E0 to Em_m-1 , resulting in the equation 0=-C′_m k^m +C′_m-1 ×k^m-1 -C′_m-2 ×k^m-2 +...+(-1)^m-1 × C′₀ (P0),

求解该等式中的k，当k的哈希值等于该C’段相应的哈希值h时，用该k将C′₀至C′_m恢复为C₀至C_m-1，将C₀至C_m-1合并以获得段C，该段C为第一软件密文和密钥密文作为一体的n段中的一段；求出n个k，并将第二软件密文恢复为第一软件密文和密钥密文PSK。Solve the k in the equation, when the hash value of k is equal to the corresponding hash value h of the C' segment, use this k to restore C'₀ to C'_m to C₀ to C_m-1 , and C₀ to C_m-1 are merged to obtain segment C, and this segment C is a segment in the n segments in which the first software ciphertext and the key ciphertext are integrated; find n k, and recover the second software ciphertext as A first software ciphertext and a key ciphertext PSK.

根据本发明解密方法的再一个进一步的方面，使用多项式的牛顿迭代法所述求解等式(P0)中的k。According to yet a further aspect of the decryption method of the present invention, equation (P0) is solved for k using the polynomial Newton iterative method.

一种对软件进行加密的装置，其特征在于包括，第一加密模块，第二加密模块和封装模块；所述第一加密模块，利用第一密钥SK将软件明文加密为第一软件密文；所述第二加密模块与所述第一加密模块相连接，利用n个门限密钥因子生成第二密钥，使用该第二密钥将所述第一密钥SK加密为密钥密文PSK，并将所述密钥密文PSK存储于所述第一软件密文中；所述封装模块与所述第二加密模块相连接，将所述第一软件密文分为n段，将所述门限密钥因子拼接于所述分段中，形成第二软件密文。A device for encrypting software, characterized in that it includes a first encryption module, a second encryption module and an encapsulation module; the first encryption module uses a first key SK to encrypt software plaintext into a first software ciphertext ; The second encryption module is connected to the first encryption module, using n threshold key factors to generate a second key, using the second key to encrypt the first key SK into a key ciphertext PSK, and store the key ciphertext PSK in the first software ciphertext; the encapsulation module is connected to the second encryption module, divides the first software ciphertext into n sections, and divides the The threshold key factor is spliced into the segment to form the second software ciphertext.

一种对软件进行解密的装置，其特征在于包括，解封装模块，第二解密模块和第一解密模块；所述解封装模块将第二软件密文解封装为第一软件密文和密钥密文PSK，并在所述第一软件密文的n个段中随机取t个门限密钥因子；所述第二解密模块与所述解封装模块相连接，根据所述t个门限密钥因子生成第二密钥，利用该第二密钥将密钥密文PSK解密为第一密钥SK；所述第一解密模块与所述第二解密模块相连接，使用所述第一密钥SK将所述第一软件密文解密，获得软件明文并传送给CPU，以执行该软件。A device for decrypting software, characterized in that it includes a decapsulation module, a second decryption module and a first decryption module; the decapsulation module decapsulates the second software ciphertext into the first software ciphertext and a key Ciphertext PSK, and randomly select t threshold key factors in the n segments of the first software ciphertext; the second decryption module is connected to the decapsulation module, and according to the t threshold key factors factor to generate a second key, and use the second key to decrypt the key ciphertext PSK into a first key SK; the first decryption module is connected to the second decryption module, and the first key is used The SK decrypts the first software ciphertext, obtains the software plaintext and sends it to the CPU to execute the software.

本发明的有益效果在于，加强了软件加密密钥的保护，使破解者很难通过跟踪软件加载过程，获得密钥物理地址从而通过分析密钥实现软件破解的目的本发明通过动态存储密钥的技术加强了现有给软件加密，以提高其安全性的方案。The beneficial effect of the present invention is that the protection of the software encryption key is strengthened, making it difficult for crackers to obtain the physical address of the key by tracking the software loading process, thereby realizing the purpose of software cracking by analyzing the key. The technology enhances existing schemes for encrypting software to increase its security.

附图说明Description of drawings

图1为本发明进行软件加密的流程图；Fig. 1 is the flow chart that the present invention carries out software encryption;

图2为本发明进行软件解密的流程图；Fig. 2 is the flow chart that the present invention carries out software decryption;

图3为本发明进行软件加密的装置结构示意图；Fig. 3 is a schematic structural diagram of a device for encrypting software in the present invention;

图4为本发明进行软件解密的装置结构示意图；Fig. 4 is a schematic structural diagram of a device for decrypting software according to the present invention;

图5为实施本发明时的装置结构示意图。Fig. 5 is a schematic diagram of the device structure when implementing the present invention.

具体实施方式Detailed ways

下面，结合附图对于本发明进行如下详细说明。Hereinafter, the present invention will be described in detail in conjunction with the accompanying drawings.

本发明使用门限密钥的理论对所述第一密钥进一步保护，并将门限密钥因子拼接被加密的软件中，这样使破解者每次跟踪程序运行时都获得不同的跳转地址，使破解者无法确定去哪寻找所述的第一密钥。本发明所能够保护的软件不仅限于可执行程序，还包括功能模块和软件的核心算法等。现有的门限加密方法是，利用一个随机数作为第二密钥将所述第一密钥SK加密为密钥密文PSK，同时生成用于计算该随机数的n个门限密钥因子；在需要密钥进行解密的时候，只需要t个门限密钥因子(t≤n)生成所述第二密钥用于解密。门限密码学提出的目的是为了权利分散及提高安全性，权利分散性体现于在使用门限密码方法进行解密时，当每个人都持有一个密钥因子，则必须达到一定数量(门限值t)的人合作才能完成解密；安全性，一方面是为了防止获得一个密钥因子就使加密失去意义，在这群人中只要少于门限值的人被攻陷，那么还是无法解密的；另一方面，防止密钥因子丢失影响正常的解密工作，因为只要有多于或等于门限值的人拥有有效的密钥因子，还是能够解密。本发明具体实施方式中使用门限加密算法以沙米尔方案(Shamir)为例，但不限于沙米尔方案，还可以使用阿斯木斯-布隆门限密钥方案(Asmuth-Bloom)。The present invention uses the threshold key theory to further protect the first key, and splices the threshold key factor into the encrypted software, so that the cracker can obtain different jump addresses every time the tracking program runs, so that Crackers cannot determine where to find said first key. The software protected by the present invention is not limited to executable programs, but also includes functional modules and core algorithms of the software. The existing threshold encryption method is to use a random number as the second key to encrypt the first key SK into a key ciphertext PSK, and generate n threshold key factors for calculating the random number; When a key is needed for decryption, only t threshold key factors (t≤n) are required to generate the second key for decryption. The purpose of threshold cryptography is to decentralize rights and improve security. The decentralization of rights is reflected in the use of threshold cryptographic methods for decryption. When everyone holds a key factor, it must reach a certain number (threshold value t ) people cooperate to complete the decryption; security, on the one hand, is to prevent encryption from being meaningless after obtaining a key factor. As long as people who are less than the threshold are compromised in this group of people, it is still impossible to decrypt; on the other hand, On the one hand, it prevents the loss of the key factor from affecting the normal decryption work, because as long as there are people with valid key factors greater than or equal to the threshold value, they can still decrypt. The Shamir scheme (Shamir) is used as an example of the threshold encryption algorithm used in the specific embodiment of the present invention, but it is not limited to the Shamir scheme, and the Asmuth-Bloom threshold key scheme (Asmuth-Bloom) can also be used.

在销售软件之前，软件的卖主利用加密算法对明文的软件进行加密，该加密算法为现有的对称或非对称加密算法，例如，AES，DES或RSA，ECC等。如果使用了对称加密算法，则软件加密密钥与解密密钥相同，也可用于解密，该解密密钥为密钥SK(即，第一密钥)。如果使用非对称加密算法，则加密密钥与所述非对称加密算法的解密密钥存在着对应关系，在本发明中解密密钥为密钥SK(即，第一密钥)。因为软件的密钥SK是关系到软件能否被破解的关键，所以关于该密钥SK的安全就相当重要，本发明特别使用门限加密的沙米尔方案通过n个门限密钥因子K₁，K₂，…，K_n的运算生成第二密钥，利用该第二密钥将该密钥SK加密为密钥密文PSK，将密钥密文PSK拼接到被加密的软件中，例如将其拼接于被加密软件的头部或者尾部。并且将该n个门限密钥因子由一个强壮的拼接算法(或者简单的拼接方式)拼接于被加密的软件不同的物理段落中，例如，拼接于软件的头部或尾部。本发明通过第一步，加密需要保护的软件；第二步，加密第一步中的第一密钥SK；第三步，拼接实现第二步加密的密钥因子；在软件运行需要解密时，随机地从被保护的软件密文中取得t(1≤t≤n，t和n均为正整数)个门限密钥因子，然后通过沙米尔方案就可以从密钥密文PSK中将被加密软件的第一密钥SK解出，从而对软件密文进行解密。门限密钥恢复方法使软件加载的过程产生了动态特性，每次都从软件中不同的位置获得门限密钥因子用于解密，可以有效针对跟踪软件加载的破解方法，增加破解的难度。Before selling the software, the vendor of the software encrypts the plaintext software with an encryption algorithm, which is an existing symmetric or asymmetric encryption algorithm, such as AES, DES or RSA, ECC, etc. If a symmetric encryption algorithm is used, the software encryption key is the same as the decryption key and can also be used for decryption, and the decryption key is the key SK (ie, the first key). If an asymmetric encryption algorithm is used, there is a corresponding relationship between the encryption key and the decryption key of the asymmetric encryption algorithm. In the present invention, the decryption key is the key SK (ie, the first key). Because the software key SK is the key to whether the software can be cracked, the security of the key SK is very important. The present invention especially uses the Shamir scheme of threshold encryption to pass n threshold key factors K₁ , K₂ , ..., the operation of_Kn generates the second key, and encrypts the key SK into the key ciphertext PSK by using the second key, and splicing the key ciphertext PSK into the encrypted software, for example, it Spliced at the head or tail of the encrypted software. And the n threshold key factors are spliced into different physical sections of the encrypted software by a strong splicing algorithm (or a simple splicing method), for example, spliced at the head or tail of the software. In the present invention, the first step is to encrypt the software to be protected; the second step is to encrypt the first key SK in the first step; the third step is to splicing to realize the key factor of the second step encryption; when the software operation needs to be decrypted , randomly obtain t (1≤t≤n, t and n are both positive integers) threshold key factors from the protected software ciphertext, and then use the Shamir scheme to encrypt the key ciphertext PSK The first key SK of the software is decrypted to decrypt the software ciphertext. The threshold key recovery method makes the process of software loading dynamic, and each time the threshold key factor is obtained from different positions in the software for decryption, which can effectively target the cracking method of tracking software loading and increase the difficulty of cracking.

如图1所示，为本发明软件加密过程的流程图。As shown in Fig. 1, it is a flow chart of the software encryption process of the present invention.

步骤101，选择合适的对称加密算法，例如AES，DES等，利用第一加密模块将软件的明文加密为第一软件密文，其所使用密钥为第一密钥SK。Step 101, select an appropriate symmetric encryption algorithm, such as AES, DES, etc., and use the first encryption module to encrypt the plaintext of the software into a first software ciphertext, and the key used is the first key SK.

步骤102，第二加密模块利用门限加密算法中的Shamir算法保护上述密钥SK，在域Zp中使用拉格朗日插值多项式算法的Shamir方案，其中Zp是由素数域，生成t-1次的多项式：Step 102, the second encryption module uses the Shamir algorithm in the threshold encryption algorithm to protect the above-mentioned key SK, and uses the Shamir scheme of the Lagrangian interpolation polynomial algorithm in the field Zp, wherein Zp is a field of prime numbers that generates t-1 times polynomial:

P_n(x)＝a₀+a₁x+a₂x²+...+a_t-1x^t-1，P_n (x)=a₀ +a₁ x+a₂ x² +...+a_t-1 x^t-1 ,

其中P_n(x)的系数a₀，…，a_n是随机生成的。The coefficients a₀ ,..., a_n of P_n (x) are randomly generated.

令x₁＝1，计算P_n(1)＝a₀+a₁+a₂+...+a_t-1，Let x₁ =1, calculate P_n (1)=a₀ +a₁ +a₂ +...+a_t-1 ,

… … …... ...

令x_n＝n，计算P_n(n)＝a₀+a₁n+a₂n²+...+a_t-1n^t-1。Let x_n =n, and calculate P_n (n)=a₀ +a₁ n+a₂ n² +...+a_t-1 n^t-1 .

其中，P_n(1)，…，P_n(n)＜2⁶⁴，n为大于1的正整数，t为大于等于1小于n的正整数。Wherein, P_n (1), ..., P_n (n)<2⁶⁴ , n is a positive integer greater than 1, and t is a positive integer greater than or equal to 1 and less than n.

然后生成了n个门限密钥因子对K₁＝(1，P_n(1))，…，K_n＝(n，P_n(n))，使用a₀为第二密钥将密钥SK加密为密钥密文PSK。并将加密后的密钥密文PSK拼接于所述第一软件密文的头部或尾部，本步骤可以使用现有技术中的存储方法。Then, n threshold key factor pairs K₁ =(1, P_n (1)),..., K_n =(n, P_n (n)) are generated, using a₀ as the second key to convert the key SK Encrypted as key ciphertext PSK. And splicing the encrypted key ciphertext PSK to the head or tail of the first software ciphertext, this step can use the storage method in the prior art.

步骤103，封装模块将第一软件密文和密钥密纹作为一体分割为n个段，将n个门限密钥因子分别拼接于n个段中。在此，可以直接将n个密钥因子分别拼接于第一软件密文每一段的头部或尾部，如图中所示黑色的部分为密钥因子，白色部分为n段，形成第二软件密文并存储于存储介质中，也可以使用下面的拼接方法，形成更加复杂的第二软件密文。Instep 103, the encapsulation module divides the first software ciphertext and the key pattern into n segments as a whole, and splices n threshold key factors into the n segments respectively. Here, n key factors can be directly spliced to the head or tail of each segment of the first software ciphertext, as shown in the figure, the black part is the key factor, and the white part is n segments to form the second software The ciphertext is stored in the storage medium, and the following splicing method can also be used to form a more complicated second software ciphertext.

C代表第一软件密文的某一段，其中每段C由块C₀，C₂，…，C_m-1构成，k代表门限密钥因子对K_i中的P_n(i)，具体拼接过程如下，C represents a certain section of the first software ciphertext, where each section C is composed of blocks C₀ , C₂ , ..., C_m-1 , k represents the P_n (i) in the threshold key factor pair K_i , the specific splicing The process is as follows,

C′₀＝C₀×k (E0)C′₀ ＝C₀ ×k (E0)

C′₁＝C₁×k+C₀ (E2)C'₁ ＝C₁ ×k+C₀ (E2)

C′₂＝C₂×k+C₁ (E3)C'₂ ＝C₂ ×k+C₁ (E3)

… … …... ... ...

C′_m-1＝C_m-1×k+C_m-2 (Em-1)C'_m-1 ＝C_m-1 ×k+C_m-2 (Em-1)

C′_m＝C_m-1 (Em)C′_m ＝C_m-1 (Em)

其中×为算术乘法运算。作为优选的实施例，每一块C_i的长度等于k的长度，即length(C_i)＝length(k)。例如，软件加密后分为n个段，其中某一段C的长度为128字节，密钥因子的长度为16字节，则将C分成8块，即m＝7，C的每一块C_i的长度为16字节。同时计算h＝hash(k)，即将门限密钥因子k的哈希值记录下来，用于解密时验证恢复的门限密钥因子是否正确。C′₀至C′_m合并成一段完整的C’后，再和哈希值h进行拼接(h加在C’段的前面或后面)，然后拼接所有段C’和相应的哈希值h形成最终存储的软件密文，即第二软件密文，并将第二软件密文存储于存储介质中。Where × is an arithmetic multiplication operation. As a preferred embodiment, the length of each block C_i is equal to the length of k, that is, length(C_i )=length(k). For example, after the software is encrypted, it is divided into n segments, and the length of a certain segment C is 128 bytes, and the length of the key factor is 16 bytes, then C is divided into 8 blocks, that is, m=7, and each block of C is C_i The length is 16 bytes. At the same time, calculate h=hash(k), that is, record the hash value of the threshold key factor k, and use it to verify whether the restored threshold key factor is correct during decryption. C'₀ to C'_m are merged into a complete C', and then spliced with the hash value h (h is added before or after the C' segment), and then spliced all segments C' and the corresponding hash value h The finally stored software ciphertext, that is, the second software ciphertext is formed, and the second software ciphertext is stored in the storage medium.

在Shamir门限密钥加密方案中，可以用任意的t个密钥因子恢复第二密钥a₀，以用于解密PSK，因此软件装载器在每次装载被加密的软件时，都将会随机的从n个密钥因子中选择t个，用于解密PSK，以提供一种高强度的防止破解者跟踪、分析软件装载过程，并具有动态特点的保护机制。In the Shamir threshold key encryption scheme, any t key factors can be used to restore the second key a₀ to decrypt the PSK, so the software loader will randomly Select t from n key factors to decrypt the PSK, so as to provide a high-strength protection mechanism that prevents crackers from tracking and analyzing the software loading process and has dynamic characteristics.

图2为本发明软件加载解密的流程图。软件的启动阶段，由加载器从存储介质中将第二软件密文加载到内存中，其中黑色部分为密钥因子，白色部分为第一软件密文和PSK，如果在加密步骤中没有使用如步骤103那样的拼接方法，而只是将n个密钥因子直接拼接于软件密文相应段落的头部或尾部，则步骤201可以通过解封装模块直接从随机选取的t段密文中直接得到t个密钥因子，并将第二软件密文恢复为第一软件密文和PSK。如果在加密时使用了如步骤103中所述那样的拼接方法，则通过解封装模块选择一段密文C’和相应的哈希值h，恢复该段密文上携带的门限密钥因子k。恢复算法如下：Fig. 2 is a flow chart of software loading and decryption in the present invention. In the startup phase of the software, the loader loads the second software ciphertext from the storage medium into the memory, wherein the black part is the key factor, and the white part is the first software ciphertext and PSK, if no such asStep 103 as in the splicing method, but only n key factors are directly spliced at the head or tail of the corresponding paragraph of the software ciphertext, then step 201 can directly obtain t pieces of ciphertext directly from randomly selected t sections of ciphertext key factor, and restore the second software ciphertext to the first software ciphertext and PSK. If the splicing method as described instep 103 is used during encryption, a piece of ciphertext C' and the corresponding hash value h are selected through the decapsulation module, and the threshold key factor k carried on the piece of ciphertext is recovered. The recovery algorithm is as follows:

消去E0至Em中的C₀至C_m-1，将C_m-1＝C′_m代入(Em-1)，获得等式C_m-2＝C′_m-1-C′_m×k+C_m×k²，将该等式代入(Em-2)……，直到代入(E0)，最后形成0＝-C′_mk^m+C′_m-1×k^m-1-C′_m-2×k^m-2+...+(-1)^m-1×C′₀，将0＝-C′_mk^m+C′_m-1×k^m-1-C′_m-2×k^m-2+...+(-1)^m-1×C′₀标记为P0，密钥因子k为上述多项式的根，通过在多项式数值域的计算找出根，可以从第二软件密文C′₀，C′₁，…，C′_m中恢复k。在本实施例中使用牛顿迭代算法寻找多项式P0的一个或多个根。C₀ to C_m-1 in E0 to Em are eliminated, C_m-1 =C'_m is substituted into (Em-1), and the equation C_m-2 =C'_m-1 -C'_m ×k+ C_m × k² , substitute this equation into (Em-2)... until it is substituted into (E0), and finally form 0=-C′_m k^m +C′_m-1 ×k^m-1 -C′_{m -2} ×k^m-2 +...+(-1)^m-1 ×C′₀ , put 0=-C′_m k^m +C′_m-1 ×k^m-1 -C′_m-2 ×k^m-2 +...+(-1)^m-1 ×C′₀ is marked as P0, and the key factor k is the root of the above polynomial. The root can be found by calculation in the polynomial value field, which can be obtained from the second Recover k from the software ciphertext C′₀ , C′₁ , . . . , C′_m . In this embodiment, the Newton iteration algorithm is used to find one or more roots of the polynomial P0.

(a)令y＝-C′_mk^m+C′_m-1×k^m-1-C′_m-2×k^m-2+...+(-1)^m-1×C′₀＝f(k)(P1)，任意选择起始k₀，例如k₀＝2^lengh(k)-1。(a) Let y=-C′_m k^m +C′_m-1 ×k^m-1 -C′_m-2 ×k^m-2 +...+(-1)^m-1 ×C′₀ =f(k)(P1), select the starting k₀ arbitrarily, for example k₀ =2^lengh(k)-1 .

(b)计算 $k_{i + 1} = k_{i} - \frac{f (k_{i})}{f^{'} (k_{i})},$ i＝0至m，f′(k)为f(k)的导数，即，f′(k)＝-C′_m×m×k^m-1+C′_m-1×(m-1)×k^m-2-C′_m-2×(m-2)×k^m-3+...+(-1)^m-2×C′₁。(b) calculation $k_{i + 1} = k_{i} - \frac{f (k_{i})}{f^{'} (k_{i})},$ i=0 to m, f'(k) is the derivative of f(k), that is, f'(k)=-C'_m ×m×k^m-1 +C'_m-1 ×(m-1) ×k^m-2 −C′_m-2 ×(m-2)×k^m-3 + . . . +(-1)^m-2 ×C′₁ .

(c)重复步骤b，直到|k_i+1-k_i|＜1，此时k_i+1近似为P1的根。(c) Repeat step b until |k_i+1 -k_i |<1, at this time k_i+1 is approximately the root of P1.

(d)如果hash(k_i+1)＝h，或者hash(k_i+1+1)＝h，hash(k_i+1-1)＝h，其中h为加密步骤(4)中的h值，则本步骤算出的k_i+1就为加密步骤中的门限密钥因子k，跳转到步骤(f)，如果不相等，则数字根k寻找算法失败，进入步骤(e)。本发明中所述的哈希算法，即散列算法，是一个单向算法，即数据被演算后无法反推出原数据，因而若要比较数据传输前后是否被改动过，只需比较传输前后的哈希值是否相等即可。(d) If hash(k_i+1 )=h, or hash(k_i+1 +1)=h, hash(k_i+1 -1)=h, wherein h is h in the encryption step (4) value, then the k_i+1 calculated in this step is the threshold key factor k in the encryption step, jump to step (f), if not equal, the digital root k search algorithm fails, and enter step (e). The hash algorithm described in the present invention, that is, the hash algorithm, is a one-way algorithm, that is, the original data cannot be reversed after the data is calculated, so if you want to compare whether the data has been changed before and after transmission, you only need to compare the data before and after transmission The hash values are equal.

(e)如果在步骤(d)中没有找到k，则意味着P0有多个实根，其他的实根可以通过下面方法获得：(e) If k is not found in step (d), it means that P0 has multiple real roots, and other real roots can be obtained by the following methods:

使用步骤(d)中的根k_i+1作为新的k₀。Use the root k_i+1 in step (d) as new k₀ .

令b₀＝-C′_m，b_k＝(-1)^k-1×C′_m-k+k₀×b_k-1，其中k＝1，2，…，m-1，然后建立一个新的多项式，f(k)＝b₀×k^m-1+b₁×k^m-2+...+b_m-1 (P2)；Let b₀ =-C′_m , b_k =(-1)^k-1 ×C′_mk +k₀ ×b_k-1 , where k=1, 2,..., m-1, and then create a new Polynomial, f(k)=b₀ ×k^m-1 +b₁ ×k^m-2 +...+b_m-1 (P2);

使用上述步骤b-c计算新等式P2的实根，获得P0的其他实根。Compute the real roots of the new equation P2 using steps b-c above to obtain the other real roots of P0.

通过本步骤(e)计算出P0的所有实根，每次经过(e)后，重复检查步骤(d)，判断是否得到真正的密钥因子，然后得到门限密钥因子k。Calculate all the real roots of P0 through this step (e), and repeat the inspection step (d) after each pass through (e) to judge whether the real key factor is obtained, and then obtain the threshold key factor k.

(f)得到一段密文中的门限密钥因子k以后，代回方程组E0至Em，将第二软件密文C′₀，C′₁，…，C′_m恢复为第一软件密文C₁，C₂，…，C_m。(f) After obtaining the threshold key factor k in a piece of ciphertext, substitute back the equations E0 to Em, and restore the second software ciphertext C′₀ , C′₁ , ..., C′_m to the first software ciphertext C₁ , C₂ , . . . , C_m .

对n段C，分别进行a-f，得出解密钥密文PSK所需的所有门限密钥因子k，并利用k恢复所有的密文C’，形成第一软件密文。For n segments of C, perform a-f respectively to obtain all threshold key factors k required to decrypt the key ciphertext PSK, and use k to restore all ciphertexts C' to form the first software ciphertext.

步骤202，当恢复完t个门限密钥因子后，K_i＝(x_i，P_n(x_i)，1≤i≤t，第二解密模块用t个k构建一个新的多项式Step 202, after recovering t threshold key factors, K_i =(_xi , P_n (_xi ), 1≤i≤t, the second decryption module constructs a new polynomial with t k

${P P}_{n no} ((x x)) = = {Σ Σ}_{i i = = 11}^{t t} (({Π Π}_{\underset{i i &NotEqual; &NotEqual; k k}{i i = = 11}}^{t t} \frac{x x - - {x x}_{i i}}{{x x}_{k k} - - {x x}_{i i}})) {y the y}_{k k},,$

其中，y_k＝P_n(x_k)，x_i和x_k为已经恢复的门限密钥因子对中的x_i，其中i≠k，最后令x等于0，得出P_n(0)＝a₀。Among them, y_k =P_n (x_k ), x_i and x_k are x_i in the recovered threshold key factor pair, where i≠k, and finally set x equal to 0, and obtain P_n (0)= a₀ .

在第一软件密文中提取PSK，使用a₀作为解密密钥密文PSK的密钥，从而获得解密被加密软件的第一密钥SK。Extract the PSK from the first software ciphertext, and use a₀ as the key to decrypt the key ciphertext PSK, so as to obtain the first key SK for decrypting the encrypted software.

步骤203，第一解密模块使用SK对被加密的软件进行解密，获得原始软件明文。Step 203, the first decryption module uses the SK to decrypt the encrypted software to obtain the plaintext of the original software.

CPU根据该软件明文执行。The CPU executes according to the software in plain text.

如图3所示，为本发明加密装置的示意图，包括，第一加密模块，第二加密模块和封装模块；所述第一加密模块，利用第一密钥SK将软件明文加密为第一软件密文；所述第二加密模块与所述第一加密模块相连接，利用n个门限密钥因子生成第二密钥，使用该第二密钥将所述第一密钥SK加密为密钥密文PSK，并将所述密钥密文PSK存储于所述第一软件密文中；所述封装模块与所述第二加密模块相连接，将所述第一软件密文分为n段，将所述门限密钥因子拼接于所述分段中，形成第二软件密文。As shown in Figure 3, it is a schematic diagram of the encryption device of the present invention, including a first encryption module, a second encryption module and an encapsulation module; the first encryption module uses the first key SK to encrypt the software plaintext into the first software Ciphertext; the second encryption module is connected to the first encryption module, and n threshold key factors are used to generate a second key, and the second key is used to encrypt the first key SK into a key ciphertext PSK, and store the key ciphertext PSK in the first software ciphertext; the encapsulation module is connected with the second encryption module, and divides the first software ciphertext into n segments, The threshold key factor is spliced into the segment to form a second software ciphertext.

如图4所示，为本发明解密装置的示意图，包括，解封装模块，第二解密模块和第一解密模块；所述解封装模块将第二软件密文解封装为第一软件密文，并在所述第一软件密文的n个段中随机取t个门限密钥因子；所述第二解密模块与所述解封装模块相连接，根据所述t个门限密钥因子生成第二密钥，利用该第二密钥将密钥密文PSK解密为第一密钥SK；所述第一解密模块与所述第二解密模块相连接，使用所述第一密钥SK将所述第一软件密文解密，获得软件明文。As shown in Figure 4, it is a schematic diagram of the decryption device of the present invention, including a decapsulation module, a second decryption module and a first decryption module; the decapsulation module decapsulates the second software ciphertext into the first software ciphertext, And randomly take t threshold key factors in the n segments of the first software ciphertext; the second decryption module is connected with the decapsulation module, and generates a second key factor according to the t threshold key factors key, using the second key to decrypt the key ciphertext PSK into a first key SK; the first decryption module is connected to the second decryption module, and uses the first key SK to decrypt the The first software ciphertext is decrypted to obtain the software plaintext.

如图5所示，为本发明装置运行的示意图。包括加载器，用于从存储介质中加载软件，还包括如图4所示的解密装置，相同部分不再赘述。加载器从软件的存储介质中(例如硬盘)加载第二软件密文，将其输入所述解密装置，所述解密装置将所述第二软件密文转换为软件明文，并将其传送给CPU执行软件。As shown in Figure 5, it is a schematic diagram of the operation of the device of the present invention. It includes a loader for loading software from a storage medium, and also includes a decryption device as shown in Figure 4, and the same parts will not be repeated. The loader loads the second software ciphertext from the software storage medium (such as a hard disk), and inputs it into the decryption device, and the decryption device converts the second software ciphertext into software plaintext, and sends it to the CPU Execute the software.

本发明的有益效果在于，加密可执行的软件，使软件破解者不会通过简单的跟踪软件加载获得密钥，从而防止该软件被解密并通过逆向工程等方法逆向编译。加强了软件加密密钥的保护，使破解者很难通过跟踪软件加载过程，获得密钥物理地址从而通过分析密钥实现软件破解的目的本发明通过动态存储密钥的技术加强了现有给软件加密，以提高其安全性的方案。The beneficial effect of the present invention is that, the encrypted executable software prevents software crackers from obtaining keys by simply tracking software loading, thereby preventing the software from being decrypted and reversely compiled through reverse engineering and other methods. The protection of the software encryption key is strengthened, making it difficult for crackers to obtain the physical address of the key by tracking the software loading process, so as to realize the purpose of software cracking by analyzing the key. Encryption to increase its security program.

以上具体实施方式仅用于说明本发明，而非用于限定本发明。The above specific embodiments are only used to illustrate the present invention, but not to limit the present invention.