Cover the binary data communication encryption method on plaintext symbol boundaryTechnical field
The present invention relates to the binary data communication encryption methods for covering plaintext symbol boundary.
Background technique
A large amount of technology has been developed over time and has carried out encrypting traffic, and universal operating principle can be in numberIt is described as follows on.
That to be transmitted is information symbol (plaintext) s0, s1 from any alphabet S ... sequence.Message is by havingThe sender of encryption function encrypts, and is transmitted to recipient's decryption with reversed decryption function.According to Ke Ke Hough principle, thisTwo kinds of functions are usually disclosed, but are parameterized by key K, pass through secrecy and reliable channel between communication unitArrange key K.According to this key, sender and recipient can generate state by state transition function f in discrete time t > 0Sequence
σt+1=f (σt, K)
And key stream is obtained by key stream generating function g
zt=g (σt, K).
Original state σ0It can be disclosed, can also be exported from key K.Then pass through invertible mapping in plain text
ct=h (zt, st)
State is relatively connected with key stream and ciphertext, and such ciphertext can be by applying back mapping
st=h-1(zt, ct)
It is decrypted.Key stream sequence must be as similar to real random sequence as possible.In the feelings of self-synchronizing stream cryptosystemUnder condition, state σt+1Determination additionally depend on the ciphertext symbol c ultimately producedt..., ct-l+1, wherein l is fixed and l >=1,.
When each possible ciphertext can from cleartext information with identical probability encryption generation, and completely can notIt is systematically released from ciphertext in plain text, referred to as perfact secrecy.According to the philosophy of the information theory of Shannon, only when canCan number of keys at least with possible message number as many when, just think that encryption system is Perfect Secrecy.Therefore, keyQuantity also at least with the quantity of possible ciphertext as many, and the quantity that the quantity of ciphertext must at least with possible plaintextAs many.
However, encryption method used at present uses the same key, therefore password point usually in longer time sectionAnalysis is fragile on learning.Such as, it has been shown that the asymmetric cryptosystem being widely used according to the 768 of RSA method keys is at leastTheoretically it has been cracked.Even if symmetric cryptosystem data encryption standards (DES) is also considered as unsafe, it is not recommended thatFor practical application.Other methods, if Triple-DES or Advanced Encryption Standard (AES) are presently believed to be safe, onlyBecause current existing computing capability can't all try all keys one time.Common encryption method has been cracked, orPerson will be cracked within the foreseeable time, so their key generally has to be stored in government organs.Therefore, from long-range nextIt sees, due to the uniqueness that the key according to Shannon's theorems uses, only the Fu Namu enciphered method or disposal password of overall safetyOriginally it is only reasonable.
If a digital cipher be it is random and it is equally distributed selected, it is long as digital massage and only uses oneIt is secondary, it is known as disposal password sheet.This means that providing the key bit determined at random for each message bit, pass throughExclusive or generates ciphertext.Since all keys are generated with identical probability, attacker is also based on phase to the hypothesis of plaintextSame probability.Because system eavesdrops no information foundation, the chance very little of the disposal password used is guessed.Even if thisBe on rare occasion it is possible, there will not be too many harvest, because next message is added by another one time keyIt is close.
Such a fact is utilized in some nearest encryption technologies, i.e., (reversible) mapping of dijection not only can be used, andIt and can also be that the relationship of surjection mapping is encrypted using reverse-power.The two methods permission of short summary below is addingAn icon is randomly choosed when close plaintext symbol from one group of possible encryption.This increases the length of ciphertext naturally.
According to the symbol of letter in plain text by bijective map to the equivalence class of the pictorial symbol in usually bigger image collection.In order to be encrypted to plaintext symbol, pictorial symbol be it is randomly selected from the equivalence class of corresponding image collection, makeObtaining ciphertext can not be attacked as far as possible with statistical method.Plaintext symbol by pictorial symbol one-to-one correspondence be substituted for ciphertext, here it is forWhat can directly infer the boundary between plaintext symbol as every other known method from the boundary between pictorial symbolThe reason of.
The character of (Latin) plaintext letter is mapped to one by one first on the element of another disclosed alphabet.This instituteThe element of the Denier letter of meaning is indicated by the letter of fixed quantity.If identical letter is mutually tight in Denier plaintextIt suffers, is then inserted into special letter W between them.The each letter for the Denier plaintext so modified can actual encrypted itPreceding repetition any as needed.After decryption, all duplicate letters and W letter are deleted, and reduction Denier is in plain text.With arbitrary figureAs key, node alphabetic flag.In order to carry out secret information exchange, sender and recipient agree to such oneA figure is as key and a node as starting point.Ciphertext can regard as by along have extension Denier plaintext alphabetic flagNode (or several, an if necessary) path corresponding to side flag sequence composition.Since recipient knows starting point,It can move in specified Bian Tu and read the label of arrival node to decrypt.Boundary between plaintext symbol is visibleGround travels to ciphertext, because it is the direction instruction of the regular length by being used to roam in (key) figure from node-to-nodeComposition.Regardless of start node, this is immediately arrived between the letter in extension Denier in plain text (including Denier plaintext)Boundary, element and plaintext symbol correspond.Although extending Denier in plain text on the basis of Denier plaintext with W letterIt is extended with duplicate letter and can not see whether bearing data corresponds to extra W or other are duplicate in ciphertextLetter however, the boundary of original letter and additional letter does not disappear during encryption, but is kept former in direction instructionSample, to provide the point of attack for cryptanalysis.
All other known encryption method has in common that their data elements to be transmitted, either bit,Alphanumeric symbol still includes the byte of binary data, individually or in groups, is always encrypted as unmodified unit,Therefore, can readily determine that the quantity of data item in ciphertext and between boundary.The information theory model of Shannon encryption systemIt is also using this default, restrictive basic assumption as foundation.Therefore, the number on the boundary such as between data element and theyThe information of amount etc also by observable and is unencrypted transferred in ciphertext.Under normal conditions, plaintext symbol and ciphertext symbolIt is corresponding.Even if using block cipher, also hardly using 256 data cells are greater than, in plain text with the symbol in ciphertextIt is that very close position is arranged or be at least placed in identical sequence.Therefore, in plaintext and ciphertext, corresponding symbolIt can easily be matched, this, which to crack the password used, becomes to be more easier.
All known encryption methods always always encrypt the data element of transmission as unmodified unit.It is fragrantThe information theory model of agriculture cryptographic system is also based on this restrictive basic assumption.Accordingly, with respect between plaintext symbolThe information of boundary and their quantity also by observable and is unencrypted transmitted in ciphertext: under normal conditions, plaintext symbolIt is corresponding with ciphertext symbol.Because even symbol is also arranged in plain text and in ciphertext with identical sequence using block cipher,Or their position is closer to each other, so this makes corresponding symbol can be matched easily in plain text and in ciphertextObtaining decryption becomes to be more easier.
Summary of the invention
The encryption method on the cover plaintext symbol boundary in the present invention is different from the prior art.Skill to be solved by this inventionArt problem is generally speaking to provide a kind of binary data communication encryption method for covering plaintext symbol boundary;This method is to will transmitBinary data not only carry out encryption safe in information theory but also mask the boundary between the plaintext symbol of encryption.In detailThin the technical issues of solving and acquirement beneficial effect in aftermentioned content and combine content in specific embodiment to specifically describe.
A kind of binary data communication encryption method for covering plaintext symbol boundary, by means of encryption equipment, and passes through agreementCommunication and decryption have the decipher of the algorithm of synchronous operation with encryption equipment encryption;Encryption equipment, encryption have with decryptor decryptionThere is the algorithm of synchronous operation, randomly selected parameter is m by encryption equipmentt;
This method is this assumes that the symbol of final plaintext letter and ciphertext letter all uses a little binary coding representations;It shouldMethod includes the following steps;
Step 1, firstly, determining random selection one in each state of ciphering sequence and mark encrypted simultaneouslyNumber of bits;Then, identification bit bit pattern is replaced with different identification bit digits and the encryption bit pattern that is longer than;Secondly, from true random selection encryption in the ciphertext group of the plaintext bit pattern, and the non-public affairs are connected to via public's unknown relationThe reverse-power of open relation is surjection;
Step 2, the encryption equipment and decipher being in communication with each other, which import at the time point of true random to ciphering sequence, updates shapeState, and the parameter value updated and encryption and decryption relationship are determined for ciphering sequence;
Step 3, firstly, in each state of ciphering sequence, determine any selection and be used to indicate letter in plain textThe unrelated and different number of bits of number of bits, and it is encrypted;Then Fu Namu is combined in the ciphering processMethod generates one time key.
Encryption equipment includes USB plug, for carrying out data transmission with external equipment and charging;Output register, length n> mt, when each cryptographic operation, the code character of corresponding ASCII fromat is used to export;Have 2 by readingnA dataThe read-only memory of word to n-bit bit length is encrypted;Microcontroller, output end are connect with USB plug, receive output depositThe code character of device output;Input register receives the random value and parameter m of microcontroller outputt;Read-only memory, inputEnd is connect with input register output end;Its storage address by input register content and n-mtThe bit of a stochastic productionConnection is formed;Shift register receives and processes the input traffic of microcontroller output, output end and input registerInput terminal connection.
In each state of ciphering sequence, identification bit digit to be encrypted redefines in any way.
Step 4 encrypts the data packet for transmitting between encryption equipment and decipher;
Step 5 uses randomness in the encryption of data communication.
In step 3, the interconnection of the binary code of plaintext symbol is established in functional relation, and close in functionIt fastens and identifies bit mode in individual step 1 for each of to be encrypted, in respective image group in a manner of true randomSelection encryption, and the gesture of the image collection is greater than 1.
Status switch σ is generated to the key K of encryption, key K transfer function ft+1=f (σt, K);
Functional relation connection is established, is included the following steps,
Step A, firstly, in each state σtIn, true random selects mtA identification bit position encrypts together, wherein parametermtIt is odd number and the number of bits k for being different from plaintext letter character coding;
Step B, for every m in streamtA bit is according to State-dependence relationship
It obtains with n > mtThe encryption of a identification bit position;{ 0,1 }nIn element pass through RtWithIn it is everyA element is associated;{ 0,1 }nEach element beAn element effective ciphertext;
Step C, the reverse-power of formula (1), which is established, which becomes surjection, maps
Underground processing is carried out to this decryption function formula (3);Uniquely disclose,It is finite aggregate { 0,1 }nTo another finite aggregateIt is all map in any one;
Step D, firstly, according to σtIn the encryption equipment of state, the lower m of plaintext symbol boundary that data flow is ignored streamt1 bit of > is sent to the position before input register;Then, after real random value being distributed to input registern-mtA position;Then, read-only memory is read using the content of input register as address;Finally, by covering and encryptingOperate implementation relation Rt;
Firstly, the bit bit pattern read from memory indicates ciphertext, and output register is written in step E;Then, joinNumber n is by the integral multiple of selection number:
N=N × l formula (4);L >=1,
6 positions are taken out from output register every time secondly, dividing l times, and are associated with one effectively by being added with 32Ascii character;Again, which is transferred to decipher using puppy parc in a data network;And then, it is decryptingIn device, corresponding reverse operating executes in reverse order, in as the received ascii character of ciphertext, subtracts 32 and extracts NA least significant bit links up the N bits in l group, passes through mappingDecrypt its result;In next step, by seekingLocation and reading are stored in the value table of read-only memory;Finally, reconfiguring plaintext symbol from the bit vectors obtained.
Step F, during operation, the length that encryption equipment arrives input register one on the time point that true random selectsChange parameter m in rangetValue, and correspondingly identify the encryption of each self application be related to the equipment and mirror image building and operation solutionClose equipment just encrypt in it is fragmentary variation reach an agreement.
Step 6 generates one time key, needs random number or random bit sequences for parameter assignment and definition encryption relationship;
Step 7, the ciphering sequence and disposal password that encryption equipment is covered to decipher transmission;
Firstly, it is m that binary data packets in step 4, which are divided into length,tData segment, true random select RtThe figure of seriesPicture, and it is connected into the image of n bit length;Then, the bit chain obtained is encrypted with the one time key of equal length.
Step 8, firstly, generating real random value;Then, the table index insertion of true random selection is covered and is addedIt is converted in close transmission data packet with starting state;Secondly, ROM module is fixedly mounted in encryption equipment and decipher;Again, index is directed toward the parameter inside read-only memory, seed and the relationship for encrypting and covering.
Beneficial effects of the present invention description without being limited thereto, in order to preferably be easy to understand, specific embodiment part intoMore detailed description is gone.
Detailed description of the invention
Fig. 1 is structural schematic diagram of the invention.
Specific embodiment
It, can be in encryption sequence due to being indicated in plain text with ciphertext symbol with binary system in the realization of the technology of cryptographic systemRandom selection one is determined in each state of column and identification bit digit encrypted simultaneously, this identification bit digit onrelevantAnd it is different from the number of bits of plaintext alpha code, thus can not be again from the boundary derived in ciphertext between plaintext symbol.
The binary data communication encryption method for covering plaintext symbol boundary by means of by means of encryption equipment, and passes through associationView communication and decryption have the decipher of the algorithm of synchronous operation with encryption equipment encryption;
Encryption equipment, encryption have the algorithm of synchronous operation with decryptor decryption, and randomly selected parameter is by encryption equipmentmt;Encryption equipment includes USB plug, for carrying out data transmission with external equipment and charging;Output register, length n > mt,When each cryptographic operation, the code character of corresponding ASCII fromat is used to export;Have 2 by readingnA data word arrivesThe read-only memory of n-bit bit length is encrypted;Microcontroller, output end are connect with USB plug, receive output registerThe code character of output;Input register receives the random value and parameter m of microcontroller outputt;Read-only memory, input terminalIt is connect with input register output end;Its storage address by input register content and n-mtThe bit of a stochastic production connectsIt connects to be formed;Shift register receives and processes the input traffic of microcontroller output, output end and input registerInput terminal connection.
This method is this assumes that the symbol of final plaintext letter and ciphertext letter all uses a little binary coding representations;CauseThis, the most common form of bit bit pattern replacement be used to encrypt, thus in this ciphering process, between plaintext symbolBoundary is to become blurred.This approach includes the following steps,
Step 1, firstly, determining random selection one in each state of ciphering sequence and mark encrypted simultaneouslyNumber of bits;Then, identification bit bit pattern is replaced with different identification bit digits and the encryption bit pattern that is longer than;Secondly, from true random selection encryption in the ciphertext group of the plaintext bit pattern, and the non-public affairs are connected to via public's unknown relationThe reverse-power of open relation is surjection;
Step 2, the encryption equipment and decipher being in communication with each other, which import at the time point of true random to ciphering sequence, updates shapeState, and the parameter value updated and encryption and decryption relationship are determined for ciphering sequence;
Step 3 determine any selection and and is used to indicate the ratio of letter in plain text in each state of ciphering sequenceThe unrelated and different number of bits of special digit, and it is encrypted.
Further, in each state of ciphering sequence, identification bit digit to be encrypted redefines in any way.
Further, Fu Namufa, the one time key of generation are combined in the ciphering process.
Step 4 encrypts the data packet for transmitting between encryption equipment and decipher, only meets in decryptionIt just can be with the content of recovery data packets when the corresponding expectation of source and ciphering sequence state.
Step 5 uses randomness in the encryption of data communication, to allow according in the above method, it is only necessary toSender determines random value.
For each plaintext bit pattern, pass through in the associated ciphertext group of the unknown and randomly selected relationship of the public from itTrue random selection encryption.This method and Fu Namu enciphered method combine, and the one time key of generation can not be cracked,That is can not be restored in plain text by generating all possible one time key.In addition, this method is used directly to disappearThe certification of breath.
Further, in step 3, the interconnection of the binary code of plaintext symbol is established in functional relation, andBit mode is identified in individual step 1 for each of to be encrypted in functional relation, corresponding in a manner of true randomImage group selection encryption, and the gesture of the image collection is greater than 1;So ciphertext number of bits has also exceeded the bit bit pattern of encryptionLength, this method changes that bandwidth is rare and message should example as short as possible.Due to such cover, thus by closeThe point of attack of code analysis has been eliminated.
Specifically, key K transfer function f generates status switch σ based on the key K to encryptiont+1=f (σt, K);
It establishes in functional relation connection and includes the following steps,
Step A, firstly, in each state σtIn, true random selects mtA identification bit position encrypts together, wherein parametermtIt is odd number and the number of bits k for being different from plaintext letter character coding;Thus eliminating the need the boundaries between plaintext symbol.
Step B, for every m in streamtA bit is according to State-dependence relationship
It obtains with n > mtThe encryption of a identification bit position;Parameter n is not less than mt, avoiding information can lose, also etc.In mt, to solve the disadvantage that the above-mentioned prior art.And function h is compared, relationship RtNeed not be mapping.{ 0,1 }nIn element it is logicalCross RtWithIn each element it is associated, exist in this wayIn can be encrypted with the selection of true random.ThisOutside, { 0,1 }nEach element beAn element effective ciphertext, to make full use of existing encryption mayProperty.
Step C, the reverse-power of formula (1), which is established, which becomes surjection, maps
In the presence of decryption property.With Ke Ke Hough principle on the contrary, carrying out underground processing to this decryption function formula (3),It is accordingly used in the relationship R of encryptiontIt is not only not well known, nor is function.Uniquely disclose,It is finite aggregateIt closes { 0,1 }nTo another finite aggregateIt is all map in any one;
Burst of data stream is made of the information symbol that length is k bit.In general, in current information technology, k ginsengSeveral values is 8, and a symbol is a byte, it is comprising binary data or at ASCII (ASCII)In by 7 bits indicate an alphanumeric character and a parity check bit.
Step D, firstly, according to σtIn the encryption equipment of state, the lower m of plaintext symbol boundary that data flow is ignored streamt1 bit of > is sent to the position before input register;Then, after real random value being distributed to input registern-mtA position;Then, read-only memory is read using the content of input register as address;Finally, by covering and encryptingOperate implementation relation Rt;
Firstly, the bit bit pattern read from memory indicates ciphertext, and output register is written in step E;Then, outIn actually consideration and without general limitation, parameter n is by the integral multiple of selection number (such as 6):
N=N × l formula (4);L >=1,
6 positions are taken out from output register every time secondly, dividing l times, and are associated with one effectively by being added with 32Ascii character;Again, which is transferred to decipher using puppy parc in a data network;And then, it is decryptingIn device, corresponding reverse operating executes in reverse order, in as the received ascii character of ciphertext, subtracts 32 and extracts NA least significant bit links up the N bits in l group, passes through mappingDecrypt its result;In next step, by seekingLocation and reading are stored in the value table of read-only memory;Finally, reconfiguring plaintext symbol from the bit vectors obtained.
Further, above situation has made data encryption of the invention is very difficult to be cracked.Only attacker possesses oneDetermine the ciphertext of degree and carry out analysis appropriate (computing capability necessary to ignoring completely thus) could to decrypt.Through the inventionThe appearance arranged below that can prevent the sufficiently long ciphertext generated by selection parameter and encryption relationship.Step F, in the operation phaseBetween, encryption equipment changes parameter m on the time point that true random selects in one to input register length rangetValue,And correspondingly identify the encryption of each self application be related to the equipment and mirror image building and operation decryption device just encrypt in it is fragmentaryVariation is reached an agreement.
For example, the length n of output register is allowed to be fixed as 24, and allow the selection parameter m from { 1,3 ..., 19 }t.OftenA cryptographic operation can transmit the code character of 4 ASCII fromats.The relationship for realizing encryption is that have 2 by reading24A dataThe read-only memory of 24 bit lengths of word is realized.Storage address is by by input register content and 24-mtIt is a randomThe bit of generation is together in series and is formed.The read-only memory of this capacity corresponds to the prior art, and can be with micro-controlDevice processed is placed on together in light small shell.These equipment can be submitted to individual in person, and be installed by them, such as certainlyIn dynamicization equipment, one secrecy for secret information transmitting of this process description and reliable channel.The owner of equipmentThe data to be transmitted can also be encrypted from Anywhere using, for example, in bank transaction.A kind of plaintext symbol edge maskThe simplification variant of encryption is to provide R in the form of PRBS pseudo-random bit sequence and numbertContent and parameter value.It is sent out in random timeIn raw state conversion process, relationship R is redefined in sender and recipienttWith parameter mt。
With pseudo random number on the contrary, really random number sequence is uncertain.Their randomness is unrelated with initial value,And the random number for repeating to generate under identical boundary condition does not have identical value.For the purpose of encryption, really withMachine number is better than pseudo random number.The known method for generating physical randomness is usually to adopt to natural physics signal sourceIt is carried out on the basis of sample, such as radioactive decay or observes hot Johnson-in resistance, Zener diode and transistorNyquist noise.
Random value derives from chaos system, significant effort to be paid is cracked, in order to be analyzed accordingly, in addition to necessityComputing capability except, it is also necessary to largely intercept ciphertext.
In order to cope with this extremely low risk by further increasing code obfuscation and diffusion, the data to be transmitted in addition toIt covers and also needs disposal password outside encryption:
Step 6 generates one time key, needs random number or random bit sequences for parameter assignment and definition encryption relationship
Step 7, the ciphering sequence and disposal password that encryption equipment is covered to decipher transmission;
Firstly, it is m that binary data packets in step 4, which are divided into length,tData segment, true random select RtThe figure of seriesPicture, and it is connected into the image of n bit length;Then, the bit chain obtained is encrypted with the one time key of equal length;
The execution sequence of the two steps can exchange once in a while in the time that true random selects.For encrypting and coverThe various and random variations of lid, not the selection of the realization modification of the thin nothing left of hard iron includes further step below,It prevents the ciphering sequence that length is suitble to cryptanalysis and is generated by determining parameter value and relationship from the beginning.SubstantiallyTransmission cryptographic variable as few as possible and the truly random value of use as much as possible between communication equipment.
Step 8, firstly, generating real random value;Then, the table index insertion of true random selection is covered and is addedIt is converted in close transmission data packet with starting state;Secondly, ROM module is fixedly mounted in encryption equipment and decipher;Again, index is directed toward the parameter inside read-only memory, seed and the relationship for encrypting and covering.
The production of ROM module, the transmission for transporting and being installed as secret information provide secrecy and reliableChannel can correspond to the transaction verification code method of Web bank.
The present invention has the advantages that passing through selection parameter mt≠ k and n > mt, realize by the side between the symbol in ciphertextBoundary can no longer be inferred to the boundary of symbol in clear data stream easily.Due to n > mt, this organizes possible encryption element and is converted intoOne very big image set, this makes the cryptanalysis of attacker become extremely difficult.ForWhereinIt is surjection mapping, the quantity of all possible relationship isFor practical purposes, m is selectedtIt is 10 that=17 and n=24, which is exactly the order of magnitude,946.701A difference relationship, this is oneA considerable quantity.A possibility that this group of relationship includes all bit bit maps, n-mtA redundant position, each position0 or 1 can be inserted, is so inserted into output bit modelIn a position again with encryption element bitValue connect together.
By combine disposal password and cover plaintext symbol boundary encryption, password obscure and diffusion increases, can notDisposal password can be generated algorithmically by again to crack encryption, specifically be restored by generating all possible disposal passwordBecoming in plain text can not.
As another advantage, according to the method for the present invention and its and the combination of a password the instant of message may be implementedVerifying, because their high complexity is without any additional effort.In order to verify the source of the data packet received, connectDebit only needs to check whether certain data fields include desired value.If data packet is not from correct sender, or solutionIt is close to malfunction with the operand or other problems for having used mistake when going and covering, then obtained bit model can always deviate.