Summary of the invention
In order to overcome the above problems, increase software by the difficulty of decompiling, the object of the present invention is to provide and a kind of software is carried out method of encrypting and a kind of corresponding decryption method, added the thresholding encrypted feature, the address that obtains the thresholding cryptographic key factor when at every turn starting software is all different, makes the cracker can not determine which is a cipher key address.
The present invention also provides a kind of device and a kind of corresponding decryption device that software is encrypted, can at random a plurality of thresholding cryptographic key factors be stored in the different sections of software from some section, obtaining the thresholding cryptographic key factor and be used for decryption software at random during deciphering.
Step 101, utilizing first encrypting module is the first software ciphertext with the software plain text encryption in the storage medium, wherein deciphering used key is first key SK;
Step 102, second encrypting module utilizes n thresholding cryptographic key factor to generate second key, use this second key that described first key SK is encrypted as key ciphertext PSK, and described key ciphertext PSK is spliced in the described first software ciphertext, wherein the positive integer of n>1;
Step 103 utilizes package module that the described key ciphertext PSK and the first software ciphertext are divided into the n section as one, and described thresholding cryptographic key factor is spliced in described segmentation, forms the second software ciphertext, and is stored in the described storage medium.
Encryption method further aspect according to the present invention, the encryption method described in the described step 101 comprises, symmetric encipherment algorithm or rivest, shamir, adelman.
Another further aspect of encryption method according to the present invention, the thresholding key algorithm that uses in the described step 102 comprises Shamir thresholding key algorithm.
Another further aspect of encryption method according to the present invention, in the described step 103, described package module is divided into the n section with the described key ciphertext PSK and the first software ciphertext as one, and C represents any a section in the described n section, and C is by piece C for section
0, C
2..., C
M-1Constitute, be directed to each section C and corresponding k calculating:
C′
0=C
0×k (E0)
C′
1=C
1×k+C
0 (E2)
C′
2=C
2×k+C
1 (E3)
…?…?…
C′
m-1=C
m-1×k+C
m-2 (Em-1)
C′
m=C
m-1 (Em)
Above * be the arithmetic multiplication computing, calculate simultaneously thresholding cryptographic key factor k cryptographic hash h, merging C '
0To C '
mForm C ', with n section C ' and the corresponding cryptographic hash h described second software ciphertext of formation that stitchs together.
A kind of method that software is decrypted may further comprise the steps in the process of software loading:
Step 201, decapsulation module is got t thresholding cryptographic key factor at random from n of second software ciphertext section, the described second software ciphertext is reverted to the first software ciphertext and key ciphertext PSK, 1≤t≤n wherein, n is the positive integer greater than 1;
Step 202 is extracted described key ciphertext PSK, and second deciphering module generates second key according to described t thresholding cryptographic key factor, and utilizing this second key is first key SK with key ciphertext PSK deciphering;
Step 203, first deciphering module use described first key SK with the described first software decrypt ciphertext, and expressly send software to CPU, to carry out this software.
Decryption method further aspect according to the present invention, in the described step 201, described decapsulation module is calculated each section in the n section second software ciphertext respectively: according to E0 to Em cancellation C
0, C
1..., C
M-1, obtain equation 0=-C '
mk
m+ C '
M-1* k
M-1-C '
M-2* k
M-2+ ...+(1)
M-1* C '
0(P0),
Find the solution the k in this equation, when the cryptographic hash of k equals the corresponding cryptographic hash h of this C ' section, with this k with C '
0To C '
mRevert to C
0To C
M-1, with C
0To C
M-1Merging to be obtaining a section C, and this section C is that the first software ciphertext and key ciphertext are as one section in the n section of one; Obtain n k, and the second software ciphertext is reverted to the first software ciphertext and key ciphertext PSK.
The k in the described solve equation of polynomial Newton iteration method (P0) is used in another further aspect of decryption method according to the present invention.
A kind of device that software is encrypted is characterized in that comprising, first encrypting module, second encrypting module and package module; Described first encrypting module, utilizing first key SK is the first software ciphertext with the software plain text encryption; Described second encrypting module is connected with described first encrypting module, utilize n thresholding cryptographic key factor to generate second key, use this second key that described first key SK is encrypted as key ciphertext PSK, and described key ciphertext PSK is stored in the described first software ciphertext; Described package module is connected with described second encrypting module, and the described first software ciphertext is divided into the n section, and described thresholding cryptographic key factor is spliced in described segmentation, forms the second software ciphertext.
A kind of device that software is decrypted is characterized in that comprising, decapsulation module, second deciphering module and first deciphering module; Described decapsulation module is descapsulated into the first software ciphertext and key ciphertext PSK with the second software ciphertext, and gets t thresholding cryptographic key factor at random in n section of the described first software ciphertext; Described second deciphering module is connected with described decapsulation module, generates second key according to described t thresholding cryptographic key factor, and utilizing this second key is first key SK with key ciphertext PSK deciphering; Described first deciphering module is connected with described second deciphering module, uses described first key SK with the described first software decrypt ciphertext, obtains the software plaintext and sends CPU to, to carry out this software.
Beneficial effect of the present invention is; strengthened the protection of software cryptography key; the cracker is difficult to by following the tracks of the software loading process; thereby obtain the key physical address and realize that by the analysis key purpose the present invention that software cracks has strengthened existing to software cryptography, to improve the scheme of its security by the technology of dynamic memory key.
Embodiment
Below, carry out following detailed description for the present invention in conjunction with the accompanying drawings.
The theory of usage threshold key of the present invention is further protected described first key; and in the software that the splicing of thresholding cryptographic key factor is encrypted; all obtain different jump address when the each trace routine of cracker is moved, make the cracker can't determine where to seek described first key.The present invention the software that can protect be not limited only to executable program, also comprise the core algorithm of functional module and software etc.Existing thresholding encryption method is, utilizes a random number as second key described first key SK to be encrypted as key ciphertext PSK, generates n the thresholding cryptographic key factor that is used to calculate this random number simultaneously; When the needs key was decrypted, (t≤n) described second key of generation was used for deciphering only to need t thresholding cryptographic key factor.It is to disperse and the raising security for right that threshold cryptography is learned the purpose that proposes, the right dispersiveness is embodied in when the usage threshold cryptographic methods is decrypted, when everyone holds a cryptographic key factor, people's cooperation that then must reach some (threshold value t) just can be finished deciphering; Security is in order to prevent that obtaining a cryptographic key factor just makes encryption lose meaning, to be captured as long as be less than the people of threshold value in this group people, so still can't deciphering on the one hand; On the other hand, prevent that cryptographic key factor from losing the normal decryption work of influence, as long as because have more than or the people that equals threshold value have effective cryptographic key factor, still can decipher.The usage threshold cryptographic algorithm is an example with Shamir scheme (Shamir) in the specific embodiment of the invention, but is not limited to the Shamir scheme, can also use Alstonia paupera Si-Bu Long thresholding cipher key scheme (Asmuth-Bloom).
Before selling software, the seller of software utilizes cryptographic algorithm that software is expressly encrypted, and this cryptographic algorithm is existing symmetry or rivest, shamir, adelman, for example, and AES, DES or RSA, ECC etc.If used symmetric encipherment algorithm, then the software cryptography key is identical with decruption key, also can be used for deciphering, and this decruption key is key SK (that is first key).If the use rivest, shamir, adelman, then the decruption key of encryption key and described rivest, shamir, adelman exists corresponding relation, and decruption key is key SK (that is first key) in the present invention.Because the key SK of software is to be related to the key that can software be cracked, so just quite important about the safety of this key SK, the Shamir scheme that the special usage threshold of the present invention is encrypted is by n thresholding cryptographic key factor K
1, K
2..., K
nComputing generate second key, utilize this second key that this key SK is encrypted as key ciphertext PSK, key ciphertext PSK is spliced in the encrypted software, for example it is spliced head or afterbody in encrypted software.And this n thresholding cryptographic key factor spliced in the different physics paragraph of encrypted software by a strong stitching algorithm (perhaps simple connecting method), for example, splice head or afterbody in software.The present invention encrypts the software that needs protection by the first step; In second step, encrypt first key SK in the first step; In the 3rd step, splicing realizes the second step encrypted secret key factor; When running software need be deciphered; from protected software ciphertext, obtain t (1≤t≤n randomly; t and n are positive integer) individual thresholding cryptographic key factor; just can be from key ciphertext PSK first key SK of encrypted software be solved by the Shamir scheme then, thereby the software ciphertext is decrypted.The thresholding key recovery method makes the process of software loading produce dynamic perfromance, each all from software different positions obtain the thresholding cryptographic key factor and be used for deciphering, can be effectively at the crack method of following the tracks of software loading, the difficulty that increase cracks.
As shown in Figure 1, be the process flow diagram of software cryptography process of the present invention.
Step 101 is selected suitable symmetric encipherment algorithm, AES for example, and DES etc., utilizing first encrypting module is the first software ciphertext with the plain text encryption of software, its key that uses is first key SK.
Step 102, second encrypting module utilize the Shamir algorithm in the thresholding cryptographic algorithm to protect above-mentioned key SK, use the Shamir scheme of Lagrange interpolation polynomial algorithm in the Zp of territory, and wherein Zp is by prime field, generates t-1 time polynomial expression:
P
n(x)=a
0+a
1x+a
2x
2+...+a
t-1x
t-1,
P wherein
n(x) coefficient a
0..., a
nGenerate at random.
Make x
1=1, calculate P
n(1)=a
0+ a
1+ a
2+ ...+a
T-1,
… … …
Make x
n=n calculates P
n(n)=a
0+ a
1N+a
2n
2+ ...+a
T-1n
T-1
Wherein, P
n(1) ..., P
n(n)<2
64, n is the positive integer greater than 1, t is more than or equal to 1 positive integer less than n.
Generated n thresholding cryptographic key factor then to K
1=(1, P
n(1)) ..., K
n=(n, P
n(n)), use a
0Be that second key is encrypted as key ciphertext PSK with key SK.And the key ciphertext PSK after will encrypting splices head or afterbody in the described first software ciphertext, and this step can be used storage means of the prior art.
Step 103, package module is divided into n section with the first software ciphertext and key fine groove as one, and n thresholding cryptographic key factor spliced respectively in n section.At this, can directly n cryptographic key factor be spliced respectively in the head or the afterbody of first each section of software ciphertext, the part of black is a cryptographic key factor as shown in FIG., white portion is the n section, form the second software ciphertext and be stored in the storage medium, also can use following joining method, form the second complicated more software ciphertext.
C represents a certain section of the first software ciphertext, and wherein every section C is by piece C
0, C
2..., C
M-1Constitute, k represents the thresholding cryptographic key factor to K
iIn P
n(i), concrete splicing is as follows,
C′
0=C
0×k (E0)
C′
1=C
1×k+C
0 (E2)
C′
2=C
2×k+C
1 (E3)
… … …
C′
m-1=C
m-1×k+C
m-2 (Em-1)
C′
m=C
m-1 (Em)
Wherein * be the arithmetic multiplication computing.As preferred embodiment, each piece C
iLength equal the length of k, i.e. length (C
i)=length (k).For example, be divided into n section after the software cryptography, the length of wherein a certain section C is 128 bytes, and the length of cryptographic key factor is 16 bytes, then C is divided into 8, i.e. m=7, each piece C of C
iLength be 16 bytes.Calculate h=hash (k) simultaneously, the cryptographic hash that is about to thresholding cryptographic key factor k is noted, and whether the thresholding cryptographic key factor that checking recovers when being used to decipher is correct.C '
0To C '
mAfter being merged into one section complete C ', splice (front or back that h is added in C ' section) again with cryptographic hash h, splice all sections C ' then and corresponding cryptographic hash h forms final saved software ciphertext, i.e. the second software ciphertext, and the second software ciphertext is stored in the storage medium.
In Shamir thresholding cipher key encryption scheme, can recover the second key a with t cryptographic key factor arbitrarily
0, being used to decipher PSK, so the software loading device is each when loading encrypted software; all will from n cryptographic key factor, select t at random; be used to decipher PSK, a kind of high-intensity cracker of preventing follows the tracks of to provide, the analysis software loading process, and has the protection mechanism of dynamic characteristic.
Fig. 2 is the process flow diagram of software loading deciphering of the present invention.Software the unloading phase, the second software ciphertext is loaded in the internal memory from storage medium by loader, wherein black part is divided into cryptographic key factor, white portion is first software ciphertext and the PSK, if at the joining method that does not have in the encrypting step to use as step 103, and the head or the afterbody that just n cryptographic key factor direct splicing are fallen in software ciphertext correspondent section, then step 201 can directly directly obtain t cryptographic key factor by decapsulation module from the t section ciphertext of picked at random, and the second software ciphertext is reverted to first software ciphertext and the PSK.If the joining method having used described in step 103 is then selected one section ciphertext C ' and corresponding cryptographic hash h by decapsulation module, recover the thresholding cryptographic key factor k that carries on this section ciphertext when encrypting.Recovery algorithms is as follows:
C among the cancellation E0 to Em
0To C
M-1, with C
M-1=C '
mSubstitution (Em-1) obtains equation C
M-2=C '
M-1-C '
m* k+C
m* k
2, with this equation substitution (Em-2) ...,, form 0=-C ' at last up to substitution (E0)
mk
m+ C '
M-1* k
M-1-C '
M-2* k
M-2+ ...+(1)
M-1* C '
0, with 0=-C '
mk
m+ C '
M-1* k
M-1-C '
M-2* k
M-2+ ...+(1)
M-1* C '
0Be labeled as P0, cryptographic key factor k is above-mentioned root of polynomial, by finding out root in the calculating of polynomial number codomain, and can be from the second software ciphertext C '
0, C '
1..., C '
mThe middle k that recovers.Use Newton iterative to seek one or more of polynomial expression P0 in the present embodiment.
(a) make y=-C '
mk
m+ C '
M-1* k
M-1-C '
M-2* k
M-2+ ...+(1)
M-1* C '
0=f (k) (P1) selects initial k arbitrarily
0, k for example
0=2
Lengh (k)-1
(b) calculate
I=0 to m, f ' are the derivative of f (k) (k), that is, f ' (k)=-C '
m* m * k
M-1+ C '
M-1* (m-1) * k
M-2-C '
M-2* (m-2) * k
M-3+ ...+(1)
M-2* C '
1
(c) repeating step b, up to | k
I+1-k
i|<1, this moment k
I+1Be approximately the root of P1.
(d) if hash is (k
I+1)=h, perhaps hash (k
I+1+ 1)=and h, hash (k
I+1-1)=and h, wherein h is the h value in the encrypting step (4), then the k that calculates of this step
I+1Just be the thresholding cryptographic key factor k in the encrypting step, jump to step (f), if unequal, then digital root k finding algorithm failure enters step (e).Hash algorithm described in the present invention, whether promptly hashing algorithm is an one-way algorithm, can't instead release former data after promptly data are calculated, thereby changed before and after the comparing data transmission as if wanting, whether the cryptographic hash before and after only needing relatively to transmit equates to get final product.
(e) if in step (d), do not find k, mean that then P0 has a plurality of real roots, other real root can obtain by following method:
Use the root k in the step (d)
I+1As new k
0
Make b
0=-C '
m, b
k=(1)
K-1* C '
M-k+ k
0* b
K-1, k=1 wherein, 2 ..., m-1 sets up a new polynomial expression then, f (k)=b
0* k
M-1+ b
1* k
M-2+ ...+b
M-1(P2);
Use above-mentioned steps b-c calculates the real root of new equation P2, obtains other real roots of P0.
Calculate all real roots of P0 by this step (e), each through after (e), rechecking step (d) judges whether to obtain real cryptographic key factor, obtains thresholding cryptographic key factor k then.
(f) obtain after one section thresholding cryptographic key factor k in the ciphertext, in generation, returned system of equations E0 to Em, with the second software ciphertext C '
0, C '
1..., C '
mRevert to the first software ciphertext C
1, C
2..., C
m
To n section C, carry out a-f respectively, draw all required thresholding cryptographic key factor k of decryption key ciphertext PSK, and utilize k to recover all ciphertext C ', form the first software ciphertext.
Step 202, after having recovered t thresholding cryptographic key factor, K
i=(x
i, P
n(x
i), 1≤i≤t, second deciphering module makes up a new polynomial expression with t k
Wherein, y
k=P
n(x
k), x
iAnd x
kX for the thresholding cryptographic key factor centering of having recovered
i, wherein i ≠ k makes x equal 0 at last, draws P
n(0)=a
0
In the first software ciphertext, extract PSK, use a
0As the key of decruption key ciphertext PSK, thus first key SK of acquisition decrypt encrypted software.
Step 203, first deciphering module use SK that encrypted software is decrypted, and obtain priginal soft expressly.
CPU expressly carries out according to this software.
As shown in Figure 3, the synoptic diagram for encryption device of the present invention comprises, first encrypting module, second encrypting module and package module; Described first encrypting module, utilizing first key SK is the first software ciphertext with the software plain text encryption; Described second encrypting module is connected with described first encrypting module, utilize n thresholding cryptographic key factor to generate second key, use this second key that described first key SK is encrypted as key ciphertext PSK, and described key ciphertext PSK is stored in the described first software ciphertext; Described package module is connected with described second encrypting module, and the described first software ciphertext is divided into the n section, and described thresholding cryptographic key factor is spliced in described segmentation, forms the second software ciphertext.
As shown in Figure 4, the synoptic diagram for decryption device of the present invention comprises, decapsulation module, second deciphering module and first deciphering module; Described decapsulation module is descapsulated into the first software ciphertext with the second software ciphertext, and gets t thresholding cryptographic key factor at random in n section of the described first software ciphertext; Described second deciphering module is connected with described decapsulation module, generates second key according to described t thresholding cryptographic key factor, and utilizing this second key is first key SK with key ciphertext PSK deciphering; Described first deciphering module is connected with described second deciphering module, uses described first key SK with the described first software decrypt ciphertext, obtains software expressly.
As shown in Figure 5, the synoptic diagram that moves for apparatus of the present invention.Comprise loader, be used for also comprising decryption device as shown in Figure 4 that same section repeats no more from the storage medium load software.Loader (for example hard disk) from the storage medium of software loads the second software ciphertext, and it is imported described decryption device, and described decryption device is converted to software expressly with the described second software ciphertext, and sends it to CPU executive software.
Beneficial effect of the present invention is, encrypts executable software, makes the software cracker can not obtain key by the simple software loading of following the tracks of, thereby prevents that this software is decrypted and by the reverse compiling of methods such as reverse-engineering.Strengthened the protection of software cryptography key; the cracker is difficult to by following the tracks of the software loading process; thereby obtain the key physical address and realize that by the analysis key purpose the present invention that software cracks has strengthened existing to software cryptography, to improve the scheme of its security by the technology of dynamic memory key.
Above embodiment only is used to illustrate the present invention, but not is used to limit the present invention.