CN108848073A - The data of real-time data acquisition system are carried out with the method and system of encrypting and decrypting - Google Patents
The data of real-time data acquisition system are carried out with the method and system of encrypting and decrypting Download PDFInfo
- Publication number
- CN108848073A CN108848073A CN201810548763.8A CN201810548763A CN108848073A CN 108848073 A CN108848073 A CN 108848073A CN 201810548763 A CN201810548763 A CN 201810548763A CN 108848073 A CN108848073 A CN 108848073A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- map table
- encryption
- real
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Algebra (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides the method and system of the data ciphering and deciphering of a kind of pair of real-time data acquisition system, the data of real-time data acquisition system are divided into the block of 64 sizes by DES algorithm by the method, 64 keys are stacked with 16 key reconsuls to encrypt each 64 data blocks, but only 16 keys are re-encrypted when data are packaged and transmit and are packaged transmission together with the data of encryption, greatly improve the speed of cryptographic calculation, not only meet the real-time property demand of data real-time collecting system, and meet to processor speed, the requirement of power consumption and stability, effectively save Installed System Memory and processing time.The present invention is by improveing standard encryption algorithms; it realizes simple; it can apply in most ARM hardware platforms and whole DSP hardwares; described method and system is in addition to for the protecting data encryption acquired in real time based on wireless internet of things, it may also be used for other have the protecting data encryption occasion of requirement of real-time.
Description
Technical field
The present invention relates to data acquisition and information security fields, and more particularly, to a kind of pair of real-time data acquisition
The data of system carry out the method and system of encrypting and decrypting.
Background technique
The data acquisition of industry spot is all based on field bus technique realization all the time, can not be answered based on security consideration
Use technology of Internet of things.Currently, there is many Encryption Algorithm, but can be used for algorithm such as ECC, RC of data encryption, AES, IDEA, DES,
3DES, RSA, SHA etc. are unable to satisfy and are acquired in real time and what is encrypted wants due to being limited by embeded processor arithmetic speed
It asks.
Therefore, it is necessary to it is a kind of meet quickly the data of acquisition are carried out during real-time data collection with the side of encrypting and decrypting
Method and system,.
Summary of the invention
In order to solve of the existing technology be unable to satisfy in industry spot real-time data collection and to its quick encryption solution
Close technical problem, the present invention provide the method that the data of a kind of pair of real-time data acquisition system are encrypted, the method packet
It includes:
14 random numbers are selected, and according to sequence from left to right at the 7th and the 14th of 14 random numbers
1 parity bit is added after position respectively to generate key k 16 shortE, it is overlapped and uses code key k 4 shortEIt is close to form 64 DES
Key, wherein the numerical digit number counted in 64 keys is successively 1 to No. 64 according to sequence from left to right;
Remove the parity check bit in 64 DES keys, replaces according to the first map table to generate 56
Key, and the C [0] and D [0] for being two 28 by 56 key decompositions, wherein first map table is the table of 8 rows 7 column
Lattice;
M iteration carried out to the C [0] and D [0], and the C [I] and D [I] of the secondary grey iterative generation of I are together in series generation
The C [I] D [I] is carried out the sub-key K that transposition generates 1 48 according to the second map table by C [I] D [I] of new 56
[I], wherein second map table is the table of 6 rows 8 column, 1≤I≤m;
The data of real-time data acquisition system are divided into several 64 blocks, according to third map table to each piece into
Row transformation, to generate 64 new bit data blocks, wherein the third map table is the table of 8 rows 8 column;
For each 64 new bit data blocks, the data block is decomposed into two 32 L [0] and R [0];
To the L [0] and R [0], using m sub- key pairs, it is encrypted to generate encryption data.
Further, it replaces to 64 DES keys according to the first map table and is referred to the key for generating 56
Parity check bit in 64 DES keys is given up, then according to the numerical digit number marked in the first map table by remaining 56
Numerical digit of key when according to it being originally 64 DES keys insert in the first map table.
Further, the C [0] and D [0] for being two 28 by 56 key decompositions refers to the 1 of 56 keys
It is used as C [0] to 28, is used as D [0] for 29 to 56.
Further, the value of the m is 16.
Further, m iteration is carried out to the C [0] and D [0], and the C [I] and D [I] of I time grey iterative generation is gone here and there
Connection gets up to generate C [I] D [I] of new 56, and the C [I] D [I] is carried out transposition according to the second map table and generates 1 48
Sub-key K [I] include:
It moves to left digit according to the number of iterations in iteration offset table is corresponding C [I-1] and D [I-1] is moved to the left to generate C
[I] and D [I], wherein the initial value of the I is 1,1≤I≤m;
The C [I] generated after each iteration and D [I] are together in series and generate C [I] D [I] of new 56, is become according to second
The numerical digit number for changing table mark will correspond to obtained in number the second map table of filling of numerical digit number in 56 digits of C [I] D [I] composition
48 data are sub-key K [I].
Further, the data of real-time data acquisition system are divided into several 64 blocks, according to third map table
Each piece is converted, includes to generate 64 new bit data blocks:
The data of real-time data acquisition system are divided into several 64 data blocks, when the number of the last one data block
When according to curtailment 64, it is extended to 64;
According to the numerical digit number that third map table marks, the number filling third that numerical digit number is corresponded in each 64 bit data block is become
It changes in table.
Further, for each 64 new bit data blocks, the data block is decomposed into two 32 L [0] and R
[0] refer to and be used as L [0] for 1 to 32 of 64 bit data blocks, be used as R [0] for 33 to 64.
Further, to the L [0] and R [0], using m sub- key pairs, it is encrypted to generate encrypted packet
It includes:
According to the numerical digit number that the 4th map table marks, the number that numerical digit number is corresponded in R [I-1] is inserted in the 4th map table,
48 new data E [I-1] are generated, wherein the initial value of the I is 1,1≤I≤m, wherein the 4th map table is 6 rows 8
The table of column;
Exclusive or E [I-1] and K [I], and the result of the exclusive or is divided into according to sequence from left to right to 86 data
B [J], wherein the initial value of J is 1,1≤J≤8;
The 1st of B [J] and the 6th hyte are combined into the variable M of 2 bit lengths, using the variable M as the S of setting
Line number in [J] table;
The 2nd of B [J] is combined into the 5th hyte the variable N of 4 bit lengths, using the variable N as the S of setting
Row number in [J] table;
Corresponding numerical value is selected according to the line number of the S [J] table and row number, and by selected line number and row number corresponding ten
Binary value is transformed to the binary number of four bit lengths, and replaces B [J] with S [J] [M] [N];
32 data, and the numerical digit marked according to the 5th map table are combined by the sequence of B [1] to B [8]
Number, by number the 5th map table of filling for corresponding to numerical digit number in 32 digit, 32 new data P [I] are generated, wherein described
5th map table is the table of 4 rows 8 column;
Exclusive or P [I] and L [I-1], and using the result of exclusive or as R [I], R [I-1] is used as L [I];
R [m] and L [m] is combined into entirety R [m] L [m] according to the sequence of from R [m] to L [m], according to the 6th transformation
The numerical digit number of table mark obtains adding for 64 bit data blocks in number the 6th map table of filling for corresponding to numerical digit number in R [m] L [m]
It is close as a result, wherein the 6th map table be 8 rows 8 column table.
Further, the method also includes to using code key k 4 shortE64 DES keys of composition are encrypted, and
Data by the DES key and real-time data acquisition system of encryption Jing Guo DES algorithm for encryption are transmitted to server, wherein:
Actual time safety data collection system determines the length of key and adds to server application according to itself processing capacity
Close parameter, and the encryption parameter of server transport is saved, wherein the encryption parameter of the transmission includes according in real time
On parameter p, a, the b for the elliptic curve Ep (a, b) that the length of secure data acquisition system request determines, elliptic curve Ep (a, b)
Basic point G, basic point G rank n and according to the private key k and basic point G of actual time safety data collection system itself determine public key K,
Wherein, K=kG;
By the short key k of 16 DES of generationEThe point M being encoded on elliptic curve Ep (a, b)E, and according to point ME, public key
The K and random number r of generation calculates point C1And C2;
Real-time data acquisition system will point C1And C2Value and by encryption data packing be transferred to server.
Further, it is determined that the parameter of elliptic curve includes:
Select the equation y of determining elliptic curve parameter2=x3+ax+b;
One is chosen according to the key length of actual time safety data collection system application and is greater than 3 prime number, and is assigned to p,
Then selection is less than the nonnegative integer a of p-1;
By meeting formula (4a3+27b2) condition of modp ≠ 0 determines b.
Further, the value of a, b of the determination are the integers in [0, p-1].
Further, basic point G (x, y)=(x on the elliptic curve of the determinationG,yG), wherein the xGAnd yGIt is small
In the nonnegative integer of p-1, and infinite point O ∞ cannot be selected as basic point, be shown below:
(xG,yG)∈E(Fp),G≠O∞。
Further, the formula for calculating the rank n of the basic point G of the elliptic curve is:
NG=O ∞
In formula, n is basic point G=(xG,yG) ∈ E (Fp) rank, n must be prime number, and meet pt≠ 1 (modn), wherein
1≤t < 30 and p ≠ nh, wherein h is cofactor h=#E (Fp)/n.
Further, described according to point ME, public key K and generation random number r calculate point C1And C2Formula be:
C1=ME+rK
C2=rG
In formula, ME=(xE,yE), X-coordinate is the short key k of DESEThe decimal system or hexadecimal numerical value being converted into,
Y coordinate is the equation y by elliptic curve parameter2=x3The positive integer that+ax+b is calculated, r are random number, and r ∈ [1, n-1],
N is the rank of basic point G on the elliptic curve.
According to another aspect of the present invention, the data that the present invention provides a kind of real-time data acquisition system to encryption carry out
The method of decryption, the method includes:
The data packet that server receiving real-time data acquisition system is sent, wherein the data packet includes point C1And C2Value
With the data Jing Guo DES algorithm for encryption;
Server is according to formula METhe short key M of 16 be encoded on elliptic curve Ep (a, b) is calculated in=C1-kC2E,
In formula, k is private key, and k ∈ [1, n-2], n are the rank of basic point G on the elliptic curve;
By the short key MEMethod when according to coding, which inversely decodes, obtains 16 short key k of DESE;
Overlapping uses key k 4 shortE64 DES keys are formed, and use operation identical with ciphering process, are solved
Close operation, in calculating process the sequence of sub-key K [I] with when encryption on the contrary, sub-key sequence is K [1] K [2] ... K when encryption
[16], sub-key sequence is changed to K [16] K [15] ... K [2] K [1] when decryption.
According to another aspect of the present invention, what the data that the present invention provides a kind of pair of real-time data acquisition system were encrypted
System, the system comprises:
First key generation unit is used to select 14 random numbers, and according to sequence from left to right described
1 parity bit is added after the 7th of 14 random numbers and the 14th respectively to generate key k 16 shortE, overlapping use
Code key k 4 shortEForm 64 DES keys, wherein in 64 keys number numerical digit number according to sequence from left to right successively
It is 1 to No. 64;
Second Key generating unit is used to remove the parity check bit in 64 DES keys, according to the first transformation
Table replaces to generate 56 keys, and the C [0] and D [0] for being two 28 by 56 key decompositions, wherein described
First map table is the table of 8 rows 7 column;
Sub-key generation unit, is used to carry out the C [0] and D [0] m iteration, and by the C of the secondary grey iterative generation of I
[I] and D [I], which are together in series, generates C [I] D [I] of new 56, and the C [I] D [I] is replaced according to the second map table
1 48 sub-key K [I] are generated, wherein second map table is the table of 6 rows 8 column, 1≤I≤m;
Data block generation unit is used to for the data of real-time data acquisition system to be divided into several 64 blocks, press
Each piece is converted according to third map table, to generate 64 new bit data blocks, wherein the third map table is 8 rows 8 column
Table;
Data block decomposition unit is used to that the data block to be decomposed into two 32 for each 64 new bit data blocks
The L [0] and R [0] of position;
Encryption data generation unit is used for the L [0] and R [0], and using m sub- key pairs, it is encrypted with life
At encryption data.
Further, second cipher key unit is for giving up the parity check bit in 64 DES keys, then according to
Numerical digit filling when remaining 56 keys were 64 DES keys according to it by the numerical digit number marked in the first map table originally
In first map table.
Further, second cipher key unit is also used to be used as C [0] for 1 to 28 of 56 keys, by 29 to 56
As D [0].
Further, it is 16 that the sub-key generation unit, which is the number of iterations m assigned value,.
Further, which is characterized in that sub-key generation unit carries out m iteration to the C [0] and D [0], and by I
The C [I] and D [I] of secondary grey iterative generation, which are together in series, generates C [I] D [I] of new 56, and the C [I] D [I] is become according to second
It changes table and carries out transposition and generate 1 48 sub-key K [I] and include:
It moves to left digit according to the number of iterations in iteration offset table is corresponding C [I-1] and D [I-1] is moved to the left to generate C
[I] and D [I], wherein the initial value of the I is 1,1≤I≤m;
The C [I] generated after each iteration and D [I] are together in series and generate C [I] D [I] of new 56, is become according to second
The numerical digit number for changing table mark will correspond to obtained in number the second map table of filling of numerical digit number in 56 digits of C [I] D [I] composition
48 data are sub-key K [I].
Further, the data of real-time data acquisition system are divided into several 64 blocks by data block generation unit,
Each piece is converted according to third map table, includes to generate 64 new bit data blocks:
The data of real-time data acquisition system are divided into several 64 data blocks, when the length of the last one data block
When degree is less than 64, it is extended to 64;
According to the numerical digit number that third map table marks, the number filling third that numerical digit number is corresponded in each 64 bit data block is become
It changes in table.
Further, data block decomposition unit is directed to each 64 new bit data blocks, and the data block is decomposed into two
32 L [0] and R [0], which refer to, is used as L [0] for 1 to 32 of 64 bit data blocks, is used as R [0] for 33 to 64.
Further, encryption data generation unit includes:
First data generating unit is used for the numerical digit number marked according to the 4th map table, will correspond to numerical digit in R [I-1]
Number number the 4th map table of filling in, generate 48 new data E [I-1], wherein the initial value of the I is 1,1≤I≤m;
Second data generating unit, is used for exclusive or E [I-1] and K [I], and by the result of the exclusive or according to from a left side to
Right sequence is divided into 86 data B [J], and wherein the initial value of J is 1,1≤J≤8;
Line number determination unit is used to for the 1st of B [J] and the 6th hyte being combined into the variable M of 2 bit lengths, by institute
Variable M is stated as the line number in S [J] table of setting;
Row number determination unit is used to for the 2nd of B [J] being combined into the variable N of 4 bit lengths to the 5th hyte, by institute
Variable N is stated as the row number in S [J] table of setting;
Third data generating unit is used to select corresponding numerical value according to the line number and row number of the S [J] table, and will
Selected decimal value is transformed to the binary number of four bit lengths, and replaces B [J] with S [J] [M] [N];
4th data generating unit is used to be combined into 32 data by the sequence of B [1] to B [8], and presses
It is generated new according to the numerical digit number of the 5th map table mark by number the 5th map table of filling for corresponding to numerical digit number in 32 digit
32 data P [I], wherein the 5th map table be 4 rows 8 column table;
5th data generating unit is used for exclusive or P [I] and L [I-1], and using the result of exclusive or as R [I], by R [I-
1] it is used as L [I];
6th data generating unit, be used for by R [m] and L [m] according to the sequence of from R [m] to L [m] be combined into one it is whole
Body R [m] L [m] will correspond to the 6th transformation of number filling of numerical digit number according to the numerical digit number that the 6th map table marks in R [m] L [m]
In table, the encrypted result of 64 bit data blocks is obtained, wherein the 6th map table is the table of 8 rows 8 column.
Further, the system also includes key parameter generation unit, key coding unit and transmission units, wherein:
Key parameter generation unit is used to be determined close according to the processing capacity of actual time safety data collection system itself
The length of key and to server application encryption parameter, the encryption parameter of server transport is saved, wherein the transmission
Encryption parameter include according to actual time safety data collection system request length determine elliptic curve Ep (a, b) parameter p, a,
The rank n and server of basic point G, basic point G on b, elliptic curve Ep (a, b) are according to actual time safety data collection system application
The public key K, K=kG that the private key k and basic point G and basic point G that key length determines are determined;
Key coding unit, the short key k of 16 DES for being used to generateEOne be encoded on elliptic curve Ep (a, b)
Point ME, and according to point ME, public key K and generation random number r calculate point C1And C2;
Transmission unit, being used for will point C1And C2Value and by encryption data packing be transferred to server.
Further, it is determined that the parameter of elliptic curve includes:
Select the equation y of determining elliptic curve parameter2=x3+ax+b;
One is chosen according to the key length of actual time safety data collection system application and is greater than 3 prime number, and is assigned to p,
Then selection is less than the nonnegative integer a of p-1;
By meeting formula (4a3+27b2) condition of modp ≠ 0 determines b.
Further, the value of a, b of the determination are the integers in [0, p-1].
Further, basic point G (x, y)=(x on the elliptic curve of the determinationG,yG), wherein the xGAnd yGIt is small
In the nonnegative integer of p-1, and infinite point O ∞ cannot be selected as basic point, be shown below:
G (x, y)=(xG,yG)∈E(Fp),G≠O∞。
Further, the formula for calculating the rank n of the basic point G of the elliptic curve is:
NG=O ∞
In formula, n is basic point G=(xG,yG) ∈ E (Fp) rank, n must be prime number, and meet pt≠ 1 (modn), wherein
1≤t < 30 and p ≠ nh, wherein h is cofactor h=#E (Fp)/n.
Further, described according to point ME, public key K and generation random number r calculate point C1And C2Formula be:
C1=ME+rK
C2=rG
In formula, ME=(xE,yE), X-coordinate is the short key k of DESEThe decimal system or hexadecimal numerical value being converted into,
Y coordinate is the equation y by elliptic curve parameter2=x3The positive integer that+ax+b is calculated, r are random number, and r ∈ [1, n-1],
N is the rank of basic point G on the elliptic curve.
According to another aspect of the present invention, the present invention also provides a kind of data of real-time data acquisition system to encryption into
The system of row decryption, the system comprises:
Data receipt unit is used for the data packet of receiving real-time data acquisition system transmission, wherein the data packet packet
Include point C1And C2Value and data Jing Guo DES algorithm for encryption;
First short key determination unit, is used for according to formula ME=C1-kC2, which is calculated, is encoded to elliptic curve Ep
16 the first short key M on (a, b)E, in formula, k is private key, and k ∈ [1, n-2], n are the rank of basic point G on the elliptic curve;
Second short key determination unit is used for the described first short key MEMethod when according to coding inversely decodes
To 16 the second short key kE;
Decryption unit is used to be overlapped using key k 4 shortEForm 64 DES keys, and using with it is described encrypted
Operation is decrypted in the identical operation of journey, in calculating process the sequence of sub-key K [I] with when encryption on the contrary, encryption when son it is close
Key sequence is K [1] K [2] ... K [16], and sub-key sequence is changed to K [16] K [15] ... K [2] K [1] when decryption.
The data of real-time data acquisition system are divided into 64 sizes by DES algorithm by technical solution provided by the present invention
Block, be stacked 64 keys with 16 key reconsuls to encrypt each 64 data blocks, but only when data are packaged and transmit
16 keys are re-encrypted and be packaged with transmission, greatly improves the speed of cryptographic calculation, not only meets data and adopts in real time
The real-time encrypted demand of the data of collecting system, and meet requirement to processor speed, power consumption and stability, effectively saves and is
It unites memory and processing time.The present invention is realized simply, can be applied in the overwhelming majority by improveing to standard encryption algorithms
In ARM hardware platform and whole DSP hardwares, described method and system is in addition to for the number acquired in real time based on wireless internet of things
According to encipherment protection, it may also be used for other have the protecting data encryption occasion of requirement of real-time.
Detailed description of the invention
By reference to the following drawings, exemplary embodiments of the present invention can be more fully understood by:
Fig. 1 is the process according to the method for the data encryption to real-time data acquisition system of the preferred embodiment for the present invention
Figure;
Fig. 2 is the process according to the method for the data deciphering to real-time data acquisition system of the preferred embodiment for the present invention
Figure;
Fig. 3 is the structure according to the system of the data encryption to real-time data acquisition system of the preferred embodiment for the present invention
Figure;
Fig. 4 is the structure according to the system of the data deciphering to real-time data acquisition system of the preferred embodiment for the present invention
Figure.
Specific embodiment
Exemplary embodiments of the present invention are introduced referring now to the drawings, however, the present invention can use many different shapes
Formula is implemented, and is not limited to the embodiment described herein, and to provide these embodiments be at large and fully disclose
The present invention, and the scope of the present invention is sufficiently conveyed to person of ordinary skill in the field.Show for what is be illustrated in the accompanying drawings
Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements use identical attached
Icon note.
Unless otherwise indicated, term (including scientific and technical terminology) used herein has person of ordinary skill in the field
It is common to understand meaning.Further it will be understood that with the term that usually used dictionary limits, should be understood as and its
The context of related fields has consistent meaning, and is not construed as Utopian or too formal meaning.
Fig. 1 is the process according to the method for the data encryption to real-time data acquisition system of the preferred embodiment for the present invention
Figure.As shown in Figure 1, the method 100 that the data of real-time data acquisition system are encrypted described in this preferred embodiment from
Step 101 starts.
In step 101,14 random numbers are selected, and according to sequence from left to right the of 14 random numbers
1 parity bit is added after 7 and the 14th respectively to generate key k 16 shortE, it is overlapped and uses code key k 4 shortEComposition
64 DES keys, wherein the numerical digit number counted in 64 keys is successively 1 to No. 64 according to sequence from left to right.
In the preferred embodiment, if 14 random numbers are k1k2k3k4 ... k14, one odd even of every 7 regenerations
Check bit is placed in the short code key kE=k1k2k3k4 ... k15k16 that the position K8 and K16 constitutes 16.Overlapping uses 4 short code keys
KE forms 64 DES code keys.
In step 102, remove the parity check bit in 64 DES keys, according to the first map table replace with
56 keys, and the C [0] and D [0] for being two 28 by 56 key decompositions are generated, wherein first map table is 8
The table that row 7 arranges.
Preferably, replace to 64 DES keys according to the first map table with generate 56 keys refer to by
Parity check bit in 64 DES keys is given up, then according to the numerical digit number marked in the first map table by remaining 56
Numerical digit when key according to it was 64 DES keys originally is inserted in the first map table.
Preferably, it is described by 56 key decompositions be two 28 C [0] and D [0] refer to by the 1 of 56 keys to
28 are used as C [0], are used as D [0] for 29 to 56.
In the preferred embodiment, first map table is as shown in table 1.
Table 1
| 57 | 49 | 41 | 33 | 25 | 17 | 9 |
| 1 | 58 | 50 | 42 | 34 | 26 | 18 |
| 10 | 2 | 59 | 51 | 43 | 35 | 27 |
| 19 | 11 | 3 | 60 | 52 | 44 | 36 |
| 63 | 55 | 47 | 39 | 31 | 23 | 15 |
| 7 | 62 | 54 | 46 | 38 | 30 | 22 |
| 14 | 6 | 61 | 53 | 45 | 37 | 29 |
| 21 | 13 | 5 | 28 | 20 | 12 | 4 |
As it can be seen from table 1 there is no the parity bit in 64 DES keys in the table, i.e., the 8th, 16,24,32,40,
48,56 and 64, therefore in the numerical digit filling table 1 when being originally 64 DES keys according to it by remaining 56 keys
Obtain transformed 56 keys.By the transformed key decomposition, can be obtained 1 to 28 C [0] and 29 to 56
D[0]
In step 103, m iteration is carried out to the C [0] and D [0], and the C [I] and D [I] of I time grey iterative generation are gone here and there
Connection gets up to generate C [I] D [I] of new 56, and the C [I] D [I] is carried out transposition according to the second map table and generates 1 48
Sub-key K [I], wherein second map table be 6 rows 8 column table, 1≤I≤m.
Preferably, the value of the m is 16.
Preferably, m iteration is carried out to the C [0] and D [0], and the C [I] and D [I] of I time grey iterative generation is connected
The C [I] D [I] is carried out transposition according to the second map table and generates 1 48 by C [I] D [I] for getting up to generate new 56
Sub-key K [I] includes:
It moves to left digit according to the number of iterations in iteration offset table is corresponding C [I-1] and D [I-1] is moved to the left to generate C
[I] and D [I], wherein the initial value of the I is 1,1≤I≤m.
The C [I] generated after each iteration and D [I] are together in series and generate C [I] D [I] of new 56, is become according to second
The numerical digit number for changing table mark will correspond to obtained in number the second map table of filling of numerical digit number in 56 digits of C [I] D [I] composition
48 data are sub-key K [I].
In the preferred embodiment, iteration offset table is as shown in table 2, and the second map table is as shown in table 3.
Table 2
Table 3
I=1 is enabled, then according to table 2, in the 1st iteration, by C [0] and D [0] to moving to left 1 generation C [1] and D
[1].C [1] and D [1] are formed a whole C [1] D [1].
By the number in 56 keys of C [1] D [1] composition according to being converted in its corresponding numerical digit filling table 3, then
48 sub-key K [1] are obtained, circulation, which executes above-mentioned steps, can be obtained 16 48 sub-keys.
In step 104, the data of real-time data acquisition system are divided into several 64 blocks, according to third map table
Each piece is converted, to generate 64 new bit data blocks, wherein the third map table is the table of 8 rows 8 column.
Preferably, the data of real-time data acquisition system are divided into several 64 blocks, according to third map table pair
Each piece is converted, and includes to generate 64 new bit data blocks:
The data of real-time data acquisition system are divided into several 64 data blocks, when the number of the last one data block
When according to curtailment 64, it is extended to 64;
According to the numerical digit number that third map table marks, the number filling third that numerical digit number is corresponded in each 64 bit data block is become
It changes in table.
In the preferred embodiment, the third map table is as shown in table 4.By the data of real-time data acquisition system point
Several 64 blocks are cut into, when the data length of the last one data block is less than 64, are expanded by way of zero padding
Exhibition is 64.It, will be in the number filling table 4 that numerical digit number be corresponded in each 64 bit data block and according to the numerical digit number marked in table 4.
The data block is decomposed into two 32 L [0] and R for each 64 new bit data blocks in step 105
[0]。
Preferably, for each 64 new bit data blocks, the data block is decomposed into two 32 L [0] and R [0]
Refer to and be used as L [0] for 1 to 32 of 64 bit data blocks, is used as R [0] for 33 to 64.
In step 106, to the L [0] and R [0], using m sub- key pairs, it is encrypted to generate encryption data.
Preferably, to the L [0] and R [0], using m sub- key pairs, it is encrypted to generate encryption data and include:
According to the numerical digit number that the 4th map table marks, the number that numerical digit number is corresponded in R [I-1] is inserted in the 4th map table,
48 new data E [I-1] are generated, wherein the initial value of the I is 1,1≤I≤m, wherein the 4th map table is 6 rows 8
The table of column;
Exclusive or E [I-1] and K [I], and the result of the exclusive or is divided into according to sequence from left to right to 86 data
B [J], wherein the initial value of J is 1,1≤J≤8;
The 1st of B [J] and the 6th hyte are combined into the variable M of 2 bit lengths, using the variable M as the S of setting
Line number in [J] table;
The 2nd of B [J] is combined into the 5th hyte the variable N of 4 bit lengths, using the variable N as the S of setting
Row number in [J] table;
Corresponding numerical value is selected according to the line number of the S [J] table and row number, and by selected line number and row number corresponding ten
Binary value is transformed to the binary number of four bit lengths, and replaces B [J] with S [J] [M] [N];
32 data, and the numerical digit marked according to the 5th map table are combined by the sequence of B [1] to B [8]
Number, by number the 5th map table of filling for corresponding to numerical digit number in 32 digit, 32 new data P [I] are generated, wherein described
5th map table is the table of 4 rows 8 column;
Exclusive or P [I] and L [I-1], and using the result of exclusive or as R [I], R [I-1] is used as L [I];
R [m] and L [m] is combined into entirety R [m] L [m] according to the sequence of from R [m] to L [m], according to the 6th transformation
The numerical digit number of table mark obtains adding for 64 bit data blocks in number the 6th map table of filling for corresponding to numerical digit number in R [m] L [m]
It is close as a result, wherein the 6th map table be 8 rows 8 column table.
In the preferred embodiment, the 4th map table is as shown in table 5.
Table 5
I=1 is enabled, generates new 48 in the number filling table 5 for corresponding to numerical digit number in R [0] according to the numerical digit number that table 5 marks
Position data E [0];
Exclusive or E [0] and K [1], and the result of the exclusive or is divided into according to sequence from left to right to 86 data B
[J], 1≤J≤8, i.e., the 1st to the 6th is known as B [1], and the 7th to the 12nd is known as B [2], and so on, the 43rd to the
48 are known as B [8];
Enable table S [J] corresponding with B [J] respectively as shown in table 6 to 13;
Table 6
| 14 | 4 | 13 | 1 | 2 | 15 | 11 | 8 | 3 | 10 | 6 | 12 | 5 | 9 | 0 | 7 |
| 0 | 15 | 7 | 4 | 14 | 2 | 13 | 1 | 10 | 6 | 12 | 11 | 9 | 5 | 3 | 8 |
| 4 | 1 | 14 | 8 | 13 | 6 | 2 | 11 | 15 | 12 | 9 | 7 | 3 | 10 | 5 | 0 |
| 15 | 12 | 8 | 2 | 4 | 9 | 1 | 7 | 5 | 11 | 3 | 14 | 10 | 0 | 6 | 13 |
Table 7
| 15 | 1 | 8 | 14 | 6 | 11 | 3 | 4 | 9 | 7 | 2 | 13 | 12 | 0 | 5 | 10 |
| 3 | 13 | 4 | 7 | 15 | 2 | 8 | 14 | 12 | 0 | 1 | 10 | 6 | 9 | 11 | 5 |
| 0 | 14 | 7 | 11 | 10 | 4 | 13 | 1 | 5 | 8 | 12 | 6 | 9 | 3 | 2 | 15 |
| 13 | 8 | 10 | 1 | 3 | 15 | 4 | 2 | 11 | 6 | 7 | 12 | 0 | 5 | 14 | 9 |
Table 8
| 10 | 0 | 9 | 14 | 6 | 3 | 15 | 5 | 1 | 13 | 12 | 7 | 11 | 4 | 2 | 8 |
| 13 | 7 | 0 | 9 | 3 | 4 | 6 | 10 | 2 | 8 | 5 | 14 | 12 | 11 | 15 | 1 |
| 13 | 6 | 4 | 9 | 8 | 15 | 3 | 0 | 11 | 1 | 2 | 12 | 5 | 10 | 14 | 7 |
| 1 | 10 | 13 | 0 | 6 | 9 | 8 | 7 | 4 | 15 | 14 | 3 | 11 | 5 | 2 | 12 |
Table 9
| 7 | 13 | 14 | 3 | 0 | 6 | 9 | 10 | 1 | 2 | 8 | 5 | 11 | 12 | 4 | 15 |
| 13 | 8 | 11 | 5 | 6 | 15 | 0 | 3 | 4 | 7 | 2 | 12 | 1 | 10 | 14 | 9 |
| 10 | 6 | 9 | 0 | 12 | 11 | 7 | 13 | 15 | 1 | 3 | 14 | 5 | 2 | 8 | 4 |
| 3 | 15 | 0 | 6 | 10 | 1 | 13 | 8 | 9 | 4 | 5 | 11 | 12 | 7 | 2 | 14 |
Table 10
| 2 | 12 | 4 | 1 | 7 | 10 | 11 | 6 | 8 | 5 | 3 | 15 | 13 | 0 | 14 | 9 |
| 14 | 11 | 2 | 12 | 4 | 7 | 13 | 1 | 5 | 0 | 15 | 10 | 3 | 9 | 8 | 6 |
| 4 | 2 | 1 | 11 | 10 | 13 | 7 | 8 | 15 | 9 | 12 | 5 | 6 | 3 | 0 | 14 |
| 11 | 8 | 12 | 7 | 1 | 14 | 2 | 13 | 6 | 15 | 0 | 9 | 10 | 4 | 5 | 3 |
Table 11
| 12 | 1 | 10 | 15 | 9 | 2 | 6 | 8 | 0 | 13 | 3 | 4 | 14 | 7 | 5 | 11 |
| 10 | 15 | 4 | 2 | 7 | 12 | 9 | 5 | 6 | 1 | 13 | 14 | 0 | 11 | 3 | 8 |
| 9 | 14 | 15 | 5 | 2 | 8 | 12 | 3 | 7 | 0 | 4 | 10 | 1 | 13 | 11 | 6 |
| 4 | 3 | 2 | 12 | 9 | 5 | 15 | 10 | 11 | 14 | 1 | 7 | 6 | 0 | 8 | 13 |
Table 12
| 4 | 11 | 2 | 14 | 15 | 0 | 8 | 13 | 3 | 12 | 9 | 7 | 5 | 10 | 6 | 1 |
| 13 | 0 | 11 | 7 | 4 | 9 | 1 | 10 | 14 | 3 | 5 | 12 | 2 | 15 | 8 | 6 |
| 1 | 4 | 11 | 13 | 12 | 3 | 7 | 14 | 10 | 15 | 6 | 8 | 0 | 5 | 9 | 2 |
| 6 | 11 | 13 | 8 | 1 | 4 | 10 | 7 | 9 | 5 | 0 | 15 | 14 | 2 | 3 | 12 |
Table 13
| 13 | 2 | 8 | 4 | 6 | 15 | 11 | 1 | 10 | 9 | 3 | 14 | 5 | 0 | 12 | 7 |
| 1 | 15 | 13 | 8 | 10 | 3 | 7 | 4 | 12 | 5 | 6 | 11 | 0 | 14 | 9 | 2 |
| 7 | 11 | 4 | 1 | 9 | 12 | 14 | 2 | 0 | 6 | 10 | 13 | 15 | 3 | 5 | 8 |
| 2 | 1 | 14 | 7 | 4 | 10 | 8 | 13 | 15 | 12 | 9 | 0 | 3 | 5 | 6 | 11 |
The 1st of B [J] and the 6th hyte are combined into the variable M of 2 bit lengths, using the variable M as the S of setting
Line number in [J] table;
The 2nd of B [J] is combined into the 5th hyte the variable N of 4 bit lengths, using the variable N as the S of setting
Row number in [J] table;
Corresponding numerical value is selected according to the line number of the S [J] table and row number, and by selected line number and row number corresponding ten
Binary value is transformed to the binary number of four bit lengths, and replaces B [J] with S [J] [M] [N].
In this preferred embodiment, the 5th map table is as shown in table 14.
Table 14
After finding out B [1] to B [8], 32 data are combined by the sequence of B [1] to B [8], and according to table 14
The numerical digit number of mark generates 32 new data P [1] in the number filling table 14 for corresponding to numerical digit number in 32 digit, wherein
5th map table is the table of 4 rows 8 column;
Exclusive or P [1] and L [0], and using the result of exclusive or as R [1], R [0] is used as L [1];
The step of seeking R [1] and [1] L, repeats to obtain R [16] and L [16], by R [16] and L [16] according to from R
[16] entirety R [16] L [16] is combined into the sequence of L [16].
In the preferred embodiment, the 6th map table is as shown in Table 15.
Table 15
| 40 | 8 | 48 | 16 | 56 | 24 | 64 | 32 |
| 39 | 7 | 47 | 15 | 55 | 23 | 63 | 31 |
| 38 | 6 | 46 | 14 | 54 | 22 | 62 | 30 |
| 37 | 5 | 45 | 13 | 53 | 21 | 61 | 29 |
| 36 | 4 | 44 | 12 | 52 | 20 | 60 | 28 |
| 35 | 3 | 43 | 11 | 51 | 19 | 59 | 27 |
| 34 | 2 | 42 | 10 | 50 | 18 | 58 | 26 |
| 33 | 1 | 41 | 9 | 49 | 17 | 57 | 25 |
The numerical digit number that R [16] L [16] is marked according to table 15 will correspond to the number filling table 15 of numerical digit number in R [16] L [16]
In, obtain the encrypted result of 64 bit data blocks.
In step 107, to using code key k 4 shortE64 DES keys of composition are encrypted, and the DES of encryption is close
The data of key and real-time data acquisition system Jing Guo DES algorithm for encryption are transmitted to server.
Preferably, code key k 4 short is used for described pairE64 DES keys of composition are encrypted, and the DES of encryption is close
The data of key and real-time data acquisition system Jing Guo DES algorithm for encryption are transmitted to server and include:
Actual time safety data collection system determines the length of key and adds to server application according to itself processing capacity
Close parameter, and the encryption parameter of server transport is saved, wherein the encryption parameter of the transmission includes according in real time
On parameter p, a, the b for the elliptic curve Ep (a, b) that the length of secure data acquisition system request determines, elliptic curve Ep (a, b)
Basic point G, basic point G rank n and according to the private key k and basic point G of actual time safety data collection system itself determine public key K,
Wherein, K=kG;
By the short key k of 16 DES of generationEThe point M being encoded on elliptic curve Ep (a, b)E, and according to point ME, public key
The K and random number r of generation calculates point C1And C2;
Real-time data acquisition system will point C1And C2Value and by encryption data packing be transferred to server.
Preferably, the parameter for determining elliptic curve includes:
Select the equation y of determining elliptic curve parameter2=x3+ax+b;
One is chosen according to the key length of actual time safety data collection system application and is greater than 3 prime number, and is assigned to p,
Then selection is less than the nonnegative integer a of p-1;
By meeting formula (4a3+27b2) condition of modp ≠ 0 determines b.
Preferably, the value of a, b of the determination are the integers in [0, p-1].
Preferably, basic point G (x, y)=(x on the elliptic curve of the determinationG,yG), wherein the xGAnd yGIt is less than
The nonnegative integer of p-1, and infinite point O ∞ cannot be selected as basic point, it is shown below:
(xG,yG)∈E(Fp),G≠O∞。
Preferably, the formula for calculating the rank n of the basic point G of the elliptic curve is:
NG=O ∞
In formula, n is basic point G=(xG,yG) ∈ E (Fp) rank, n must be prime number, and meet pt≠ 1 (modn), wherein
1≤t < 30 and p ≠ nh, wherein h is cofactor h=#E (Fp)/n.
Preferably, described according to point ME, public key K and generation random number r calculate point C1And C2Formula be:
C1=ME+rK
C2=rG
In formula, ME=(xE,yE), X-coordinate is the short key k of DESEThe decimal system or hexadecimal numerical value being converted into,
Y coordinate is the equation y by elliptic curve parameter2=x3The positive integer that+ax+b is calculated, r are random number, and r ∈ [1, n-1],
N is the rank of basic point G on the elliptic curve.
Fig. 2 is the process according to the method for the data deciphering to real-time data acquisition system of the preferred embodiment for the present invention
Figure.As shown in Fig. 2, the method 200 that is decrypted of the data of the real-time data acquisition system of the present invention to encryption is from step
Rapid 201 start.
In step 201, data packet that server receiving real-time data acquisition system is sent, wherein the data packet includes
Point C1And C2Value and data Jing Guo DES algorithm for encryption;
In step 202, server is according to formula ME16 be encoded on elliptic curve Ep (a, b) are calculated in=C1-kC2
The short key M in positionE, in formula, k is private key, and k ∈ [1, n-2], n are the rank of basic point G on the elliptic curve;
In step 203, by the short key MEMethod when according to coding, which inversely decodes, obtains 16 short key k of DESE;
In step 204, overlapping uses key k 4 shortE64 DES keys are formed, and use fortune identical with ciphering process
Calculate, operation is decrypted, in calculating process the sequence of sub-key K [I] with when encryption on the contrary, encryption when sub-key sequentially be K
[1] [2] K ... K [16], sub-key sequence is changed to K [16] K [15] ... K [2] K [1] when decryption.
Fig. 3 is the structure according to the system of the data encryption to real-time data acquisition system of the preferred embodiment for the present invention
Figure.As shown in figure 3, the system 300 that the data of the present invention to real-time data acquisition system are encrypted includes:
First key generation unit 301 is used to select 14 random numbers, and according to sequence from left to right in institute
The 7th and the 14th for stating 14 random numbers adds 1 parity bit respectively later to generate key k 16 shortE, overlapping makes
With code key k 4 shortEForm 64 DES keys, wherein in 64 keys number numerical digit number according to sequence from left to right according to
Secondary is 1 to No. 64;
Second Key generating unit 302 is used to remove the parity check bit in 64 DES keys, according to first
Map table replaces to generate 56 keys, and the C [0] and D [0] for being two 28 by 56 key decompositions, wherein
First map table is the table of 8 rows 7 column;
Sub-key generation unit 303, is used to carry out the C [0] and D [0] m iteration, and by the secondary grey iterative generation of I
C [I] and D [I] be together in series and generate C [I] D [I] of new 56, the C [I] D [I] is changed according to the second map table
Position generates 1 48 sub-key K [I], wherein second map table is the table of 6 rows 8 column, 1≤I≤m;
Data block generation unit 304 is used to for the data of real-time data acquisition system to be divided into several 64 blocks,
Each piece is converted according to third map table, to generate 64 new bit data blocks, wherein the third map table is 8 rows 8
The table of column;
Data block decomposition unit 305 is used to that the data block to be decomposed into two for each 64 new bit data blocks
32 L [0] and R [0];
Encryption data generation unit 306, is used for the L [0] and R [0], and using m sub- key pairs, it is encrypted
To generate encryption data;
Key parameter generation unit 307 is used for the processing capacity according to actual time safety data collection system itself, determines
The length of key and to server application encryption parameter, the encryption parameter of server transport is saved, wherein the transmission
Encryption parameter include according to actual time safety data collection system request length determine elliptic curve Ep (a, b) parameter p,
A, the rank n and server of basic point G, basic point G on b, elliptic curve Ep (a, b) are according to actual time safety data collection system application
Key length determine private key k and basic point G determine public key K, K=kG;
Key coding unit 308, the short key k of 16 DES for being used to generateEIt is encoded on elliptic curve Ep (a, b)
A point ME, and according to point ME, public key K and generation random number r calculate point C1And C2;
Transmission unit 309, being used for will point C1And C2Value and by encryption data packing be transferred to server.
Preferably, then second cipher key unit 301 is pressed for giving up the parity check bit in 64 DES keys
Numerical digit when according to the numerical digit number marked in the first map table by remaining 56 keys being originally 64 DES keys according to it is filled out
Enter in the first map table.
Preferably, second cipher key unit 302 is also used to be used as C [0] for 1 to 28 of 56 keys, by 29 to 56
Position is used as D [0].
Preferably, it is 16 that the sub-key generation unit 303, which is the number of iterations m assigned value,.
Preferably, which is characterized in that sub-key generation unit 303 carries out m iteration to the C [0] and D [0], and by the
The C [I] and D [I] of I grey iterative generation, which are together in series, generates C [I] D [I] of new 56, by the C [I] D [I] according to second
Map table carries out transposition and generates 1 48 sub-key K [I]:
It moves to left digit according to the number of iterations in iteration offset table is corresponding C [I-1] and D [I-1] is moved to the left to generate C
[I] and D [I], wherein the initial value of the I is 1,1≤I≤m;
The C [I] generated after each iteration and D [I] are together in series and generate C [I] D [I] of new 56, is become according to second
The numerical digit number for changing table mark will correspond to obtained in number the second map table of filling of numerical digit number in 56 digits of C [I] D [I] composition
48 data are sub-key K [I].
Preferably, the data of real-time data acquisition system are divided into several 64 blocks by data block generation unit, are pressed
Each piece is converted according to third map table, includes to generate 64 new bit data blocks:
The data of real-time data acquisition system are divided into several 64 data blocks, when the length of the last one data block
When degree is less than 64, it is extended to 64;
According to the numerical digit number that third map table marks, the number filling third that numerical digit number is corresponded in each 64 bit data block is become
It changes in table.
Preferably, data block decomposition unit 305 is directed to each 64 new bit data blocks, and the data block is decomposed into two
32 L [0] and R [0], which refer to, is used as L [0] for 1 to 32 of 64 bit data blocks, is used as R [0] for 33 to 64.
Preferably, encryption data generation unit 306 includes:
First data generating unit 361 is used for the numerical digit number marked according to the 4th map table, will correspond to number in R [I-1]
In number the 4th map table of filling of position number, 48 new data E [I-1] are generated, wherein the initial value of the I is 1,1≤I≤m;
Second data generating unit 362, is used for exclusive or E [I-1] and K [I], and by the result of the exclusive or according to from a left side
It is divided into 86 data B [J] to right sequence, wherein the initial value of J is 1,1≤J≤8;
Line number determination unit 363 is used to for the 1st of B [J] and the 6th hyte being combined into the variable M of 2 bit lengths, will
The variable M is as the line number in S [J] table of setting;
Row number determination unit 364 is used to for the 2nd of B [J] being combined into the variable N of 4 bit lengths to the 5th hyte, will
The variable N is as the row number in S [J] table of setting;
Third data generating unit 365 is used to select corresponding numerical value according to the line number and row number of the S [J] table, and
Selected decimal value is transformed to the binary number of four bit lengths, and replaces B [J] with S [J] [M] [N];
4th data generating unit 366 is used to be combined into 32 data by the sequence of B [1] to B [8], and
It is generated according to the numerical digit number that the 5th map table marks by number the 5th map table of filling for corresponding to numerical digit number in 32 digit
32 new data P [I], wherein the 5th map table is the table of 4 rows 8 column;
5th data generating unit 367 is used for exclusive or P [I] and L [I-1], and using the result of exclusive or as R [I], by R
[I-1] is used as L [I];
6th data generating unit 368 is used to R [m] and L [m] being combined into one according to the sequence of from R [m] to L [m]
A entirety R [m] L [m] will correspond to the number filling the 6th of numerical digit number according to the numerical digit number that the 6th map table marks in R [m] L [m]
In map table, the encrypted result of 64 bit data blocks is obtained, wherein the 6th map table is the table of 8 rows 8 column.
Preferably, the parameter for determining elliptic curve includes:
Select the equation y of determining elliptic curve parameter2=x3+ax+b;
One is chosen according to the key length of actual time safety data collection system application and is greater than 3 prime number, and is assigned to p,
Then selection is less than the nonnegative integer a of p-1;
By meeting formula (4a3+27b2) condition of modp ≠ 0 determines b.
Preferably, the value of a, b of the determination are the integers in [0, p-1].
Preferably, basic point G (x, y)=(x on the elliptic curve of the determinationG,yG), wherein the xGAnd yGIt is less than
The nonnegative integer of p-1, and infinite point O ∞ cannot be selected as basic point, it is shown below:
G (x, y)=(xG,yG)∈E(Fp),G≠O∞。
Preferably, the formula for calculating the rank n of the basic point G of the elliptic curve is:
NG=O ∞
In formula, n is basic point G=(xG,yG) ∈ E (Fp) rank, n must be prime number, and meet pt≠ 1 (modn), wherein
1≤t < 30 and p ≠ nh, wherein h is cofactor h=#E (Fp)/n.
Preferably, described according to point ME, public key K and generation random number r calculate point C1And C2Formula be:
C1=ME+rK
C2=rG
In formula, ME=(xE,yE), X-coordinate is the short key k of DESEThe decimal system or hexadecimal numerical value being converted into,
Y coordinate is the equation y by elliptic curve parameter2=x3The positive integer that+ax+b is calculated, r are random number, and r ∈ [1, n-1],
N is the rank of basic point G on the elliptic curve.
Fig. 4 is the structure according to the system of the data deciphering to real-time data acquisition system of the preferred embodiment for the present invention
Figure.As shown in figure 4, the system that the data of the real-time data acquisition system of encryption are decrypted described in this preferred embodiment
400 include:
Data receipt unit 401 is used for the data packet of receiving real-time data acquisition system transmission, wherein the data
Packet includes point C1And C2Value and data Jing Guo DES algorithm for encryption;
First short key determination unit 402, is used for according to formula ME=C1-kC2, which is calculated, is encoded to elliptic curve
16 the first short key M on Ep (a, b)E, in formula, k is private key, and k ∈ [1, n-2], n are basic point G on the elliptic curve
Rank;
Second short key determination unit 403 is used for the described first short key MEMethod when according to coding inversely solves
Code obtains 16 the second short key kE;
Decryption unit 404 is used to be overlapped using key k 4 shortE64 DES keys are formed, and are used and the encryption
Operation is decrypted in the identical operation of process, in calculating process the sequence of sub-key K [I] with when encryption on the contrary, encryption when son
Cipher key sequence is K [1] K [2] ... K [16], and sub-key sequence is changed to K [16] K [15] ... K [2] K [1] when decryption.
The present invention is described by reference to a small amount of embodiment.However, it is known in those skilled in the art, as
Defined by subsidiary Patent right requirement, in addition to the present invention other embodiments disclosed above equally fall in it is of the invention
In range.
Normally, all terms used in the claims are all solved according to them in the common meaning of technical field
It releases, unless in addition clearly being defined wherein.All references " one/described/be somebody's turn to do [device, component etc.] " are all opened ground
At least one example being construed in described device, component etc., unless otherwise expressly specified.Any method disclosed herein
Step need not all be run with disclosed accurate sequence, unless explicitly stated otherwise.
Claims (10)
1. the method that the data of a kind of pair of real-time data acquisition system are encrypted, which is characterized in that the method includes:
Select 14 random numbers, and according to sequence from left to right the 7th and the 14th of 14 random numbers it
Add 1 parity bit respectively afterwards to generate key k 16 shortE, it is overlapped and uses code key k 4 shortE64 DES keys are formed,
The numerical digit number wherein counted in 64 keys is successively 1 to No. 64 according to sequence from left to right;
Remove the parity check bit in 64 DES keys, replace according to the first map table to generate 56 keys,
And by 56 key decompositions be two 28 C [0] and D [0], wherein first map table is the table that 8 rows 7 arrange;
M iteration is carried out to the C [0] and D [0], and the C [I] and D [I] of the secondary grey iterative generation of I be together in series generate it is new
The C [I] D [I] is carried out the sub-key K [I] that transposition generates 1 48 according to the second map table by 56 C [I] D [I],
Described in the second map table be 6 rows 8 column table, 1≤I≤m;
The data of real-time data acquisition system are divided into several 64 blocks, each piece is become according to third map table
It changes, to generate 64 new bit data blocks, wherein the third map table is the table of 8 rows 8 column;
For each 64 new bit data blocks, the data block is decomposed into two 32 L [0] and R [0];
To the L [0] and R [0], using m sub- key pairs, it is encrypted to generate encryption data.
2. the method according to claim 1, wherein carry out m iteration to the C [0] and D [0], and by I
The C [I] and D [I] of secondary grey iterative generation, which are together in series, generates C [I] D [I] of new 56, and the C [I] D [I] is become according to second
It changes table and carries out transposition and generate 1 48 sub-key K [I] and include:
It moves to left digit according to the number of iterations in iteration offset table is corresponding C [I-1] and D [I-1] is moved to the left to generate C [I]
With D [I], wherein the initial value of the I is 1,1≤I≤m;
The C [I] generated after each iteration and D [I] are together in series and generate C [I] D [I] of new 56, according to the second map table
The numerical digit number of mark will correspond to obtained in number the second map table of filling of numerical digit number 48 in 56 digits of C [I] D [I] composition
Data are sub-key K [I].
3. the method according to claim 1, wherein the data of real-time data acquisition system are divided into several
64 blocks convert each piece according to third map table, include to generate 64 new bit data blocks:
The data of real-time data acquisition system are divided into several 64 data blocks, when the data of the last one data block are long
When degree is less than 64, it is extended to 64;
According to the numerical digit number that third map table marks, the number filling third map table of numerical digit number will be corresponded in each 64 bit data block
In.
4. the method according to claim 1, wherein to the L [0] and R [0], using m sub- key pairs its into
Row is encrypted to generate encryption data:
It is generated according to the numerical digit number that the 4th map table marks by number the 4th map table of filling for corresponding to numerical digit number in R [I-1]
48 new data E [I-1], wherein the initial value of the I is 1,1≤I≤m, wherein the 4th map table is 6 rows 8 column
Table;
Exclusive or E [I-1] and K [I], and the result of the exclusive or is divided into according to sequence from left to right to 86 data B
[J], wherein the initial value of J is 1,1≤J≤8;
The 1st of B [J] and the 6th hyte are combined into the variable M of 2 bit lengths, using the variable M as S [J] table of setting
In line number;
The 2nd of B [J] is combined into the 5th hyte the variable N of 4 bit lengths, using the variable N as S [J] table of setting
In row number;
Corresponding numerical value is selected according to the line number of the S [J] table and row number, and by selected line number and the corresponding decimal system of row number
Numerical transformation is the binary number of four bit lengths, and replaces B [J] with S [J] [M] [N];
It is combined into 32 data, and the numerical digit number marked according to the 5th map table by the sequence of B [1] to B [8], it will
It is corresponded in 32 digit in number the 5th map table of filling of numerical digit number, 32 new data P [I] is generated, wherein the described 5th
Map table is the table of 4 rows 8 column;
Exclusive or P [I] and L [I-1], and using the result of exclusive or as R [I], R [I-1] is used as L [I];
R [m] and L [m] is combined into entirety R [m] L [m] according to the sequence of from R [m] to L [m], according to the 6th map table mark
The numerical digit number of note obtains the encryption knot of 64 bit data blocks in number the 6th map table of filling for corresponding to numerical digit number in R [m] L [m]
Fruit, wherein the 6th map table is the table of 8 rows 8 column.
5. according to claim 1 to any one of method in 3, which is characterized in that the method also includes to using 4
Short code key kE64 DES keys of composition are encrypted, and the DES key and real-time data acquisition system of encryption are passed through DES
The data of algorithm for encryption are transmitted to server, wherein:
Actual time safety data collection system determines the length of key and encrypts to server application and join according to itself processing capacity
Number, and the encryption parameter of server transport is saved, wherein the encryption parameter of the transmission includes according to actual time safety
Base on parameter p, a, the b for the elliptic curve Ep (a, b) that the length of data collection system request determines, elliptic curve Ep (a, b)
The rank n and the public key K determining according to the private key k and basic point G of actual time safety data collection system itself of point G, basic point G, wherein
K=kG;
By the short key k of 16 DES of generationEThe point M being encoded on elliptic curve Ep (a, b)E, and according to point ME, public key K and
The random number r of generation calculates point C1And C2;
Real-time data acquisition system will point C1And C2Value and by encryption data packing be transferred to server.
6. a kind of data to using the real-time data acquisition system of any one method encryption in claim 1 to 5 solve
Close method, which is characterized in that the method includes:
The data packet that server receiving real-time data acquisition system is sent, wherein the data packet includes point C1And C2Value and warp
Cross the data of DES algorithm for encryption;
Server is according to formula METhe short key M of 16 be encoded on elliptic curve Ep (a, b) is calculated in=C1-kC2E, formula
In, k is private key, and k ∈ [1, n-2], n are the rank of basic point G on the elliptic curve;
By the short key MEMethod when according to coding, which inversely decodes, obtains 16 short key k of DESE;
Overlapping uses key k 4 shortE64 DES keys are formed, and use operation identical with the ciphering process, are decrypted
Operation, in calculating process the sequence of sub-key K [I] with when encryption on the contrary, sub-key sequence is K [1] K [2] ... K when encryption
[16], sub-key sequence is changed to K [16] K [15] ... K [2] K [1] when decryption.
7. the system that the data of a kind of pair of real-time data acquisition system are encrypted, which is characterized in that the system comprises:
First key generation unit is used to select 14 random numbers, and according to sequence from left to right at described 14
1 parity bit is added after the 7th of random number and the 14th respectively to generate key k 16 shortE, it is overlapped and uses 4
Short code key kE64 DES keys are formed, wherein the numerical digit number counted in 64 keys is successively 1 according to sequence from left to right
To No. 64;
Second Key generating unit is used to remove the parity check bit in 64 DES keys, according to the first map table into
Row replaces to generate 56 keys, and the C [0] and D [0] for being two 28 by 56 key decompositions, wherein described first
Map table is the table of 8 rows 7 column;
Sub-key generation unit, is used to carry out the C [0] and D [0] m iteration, and by the C [I] of the secondary grey iterative generation of I
It is together in series with D [I] and generates C [I] D [I] of new 56, the C [I] D [I] is subjected to transposition generation according to the second map table
1 48 sub-key K [I], wherein second map table is the table of 6 rows 8 column, 1≤I≤m;
Data block generation unit is used to for the data of real-time data acquisition system to be divided into several 64 blocks, according to
Three map tables convert each piece, to generate 64 new bit data blocks, wherein the third map table is the table of 8 rows 8 column
Lattice;
Data block decomposition unit is used to that the data block to be decomposed into two 32 L for each 64 new bit data blocks
[0] and R [0];
Encryption data generation unit is used for the L [0] and R [0], and using m sub- key pairs, it is encrypted to generate and add
Ciphertext data.
8. system according to claim 7, which is characterized in that encryption data generation unit includes:
First data generating unit is used for the numerical digit number marked according to the 4th map table, will correspond to numerical digit number in R [I-1]
In number the 4th map table of filling, 48 new data E [I-1] are generated, wherein the initial value of the I is 1,1≤I≤m;
Second data generating unit, be used for exclusive or E [I-1] and K [I], and by the result of the exclusive or according to from left to right
Sequence is divided into 86 data B [J], and wherein the initial value of J is 1,1≤J≤8;
Line number determination unit is used to for the 1st of B [J] and the 6th hyte being combined into the variable M of 2 bit lengths, by the change
M is measured as the line number in S [J] table of setting;
Row number determination unit is used to for the 2nd of B [J] being combined into the variable N of 4 bit lengths to the 5th hyte, by the change
N is measured as the row number in S [J] table of setting;
Third data generating unit is used to select corresponding numerical value according to the line number and row number of the S [J] table, and will be selected
The decimal value selected is transformed to the binary number of four bit lengths, and replaces B [J] with S [J] [M] [N];
4th data generating unit is used to be combined into 32 data by the sequence of B [1] to B [8], and according to
The numerical digit number of five map tables mark generates new 32 in number the 5th map table of filling for corresponding to numerical digit number in 32 digit
Position data P [I], wherein the 5th map table is the table of 4 rows 8 column;
5th data generating unit is used for exclusive or P [I] and L [I-1], and using the result of exclusive or as R [I], R [I-1] is made
For L [I];
6th data generating unit is used to R [m] and L [m] being combined into an entirety R according to the sequence of from R [m] to L [m]
[m] L [m] will correspond to number the 6th map table of filling of numerical digit number according to the numerical digit number that the 6th map table marks in R [m] L [m]
In, the encrypted result of 64 bit data blocks is obtained, wherein the 6th map table is the table of 8 rows 8 column.
9. system according to claim 6, which is characterized in that the system also includes key parameter generation units, key
Coding unit and transmission unit, wherein:
Key parameter generation unit is used to determine key according to the processing capacity of actual time safety data collection system itself
Length and to server application encryption parameter, the encryption parameter of server transport is saved, wherein the encryption of the transmission
Parameter includes parameter p, a, b of the elliptic curve Ep (a, b) determined according to the length of actual time safety data collection system request, ellipse
The rank n and server of basic point G, basic point G on circular curve Ep (a, b) are according to the key of actual time safety data collection system application
The public key K, K=kG that the private key k and basic point G that length determines are determined;
Key coding unit, the short key k of 16 DES for being used to generateEThe point M being encoded on elliptic curve Ep (a, b)E,
And according to point ME, public key K and generation random number r calculate point C1And C2;
Transmission unit, being used for will point C1And C2Value and by encryption data packing be transferred to server.
10. a kind of data to using the real-time data acquisition system of any one system encryption in claim 7 to 9 solve
Close system, which is characterized in that the system comprises:
Data receipt unit is used for the data packet of receiving real-time data acquisition system transmission, wherein the data packet includes a little
C1And C2Value and data Jing Guo DES algorithm for encryption;
First short key determination unit, is used for according to formula ME=C1-kC2, which is calculated, to be encoded on elliptic curve Ep (a, b)
16 the first short key ME, in formula, k is private key, and k ∈ [1, n-2], n are the rank of basic point G on the elliptic curve;
Second short key determination unit is used for the described first short key MEMethod when according to coding, which inversely decodes, obtains 16
Second short key k of positionE;
Decryption unit is used to be overlapped using key k 4 shortE64 DES keys are formed, and using identical as the ciphering process
Operation, operation is decrypted, in calculating process the sequence of sub-key K [I] with when encryption on the contrary, encryption when sub-key sequence
It is K [1] K [2] ... K [16], sub-key sequence is changed to K [16] K [15] ... K [2] K [1] when decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810548763.8A CN108848073B (en) | 2018-05-31 | 2018-05-31 | Method and system for encrypting and decrypting data of real-time data acquisition system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810548763.8A CN108848073B (en) | 2018-05-31 | 2018-05-31 | Method and system for encrypting and decrypting data of real-time data acquisition system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108848073A true CN108848073A (en) | 2018-11-20 |
| CN108848073B CN108848073B (en) | 2021-04-13 |
Family
ID=64210208
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810548763.8A Active CN108848073B (en) | 2018-05-31 | 2018-05-31 | Method and system for encrypting and decrypting data of real-time data acquisition system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108848073B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978679A (en) * | 2022-05-18 | 2022-08-30 | 深圳市乐凡信息科技有限公司 | Tablet-based online examination method and related equipment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE4016203A1 (en) * | 1990-05-19 | 1991-11-21 | Rolf Prof Dr Trautner | METHOD FOR BLOCK-ENCRYPTING DIGITAL DATA |
| CN1431588A (en) * | 2002-01-08 | 2003-07-23 | 北京南思达科技发展有限公司 | Logic reorganizable circuit |
| CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
| CN101707521A (en) * | 2009-12-01 | 2010-05-12 | 福州星网视易信息***有限公司 | Encryption method based on DES |
| CN102185692A (en) * | 2011-04-25 | 2011-09-14 | 北京航空航天大学 | Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm |
| CN103731257A (en) * | 2014-01-17 | 2014-04-16 | 衡阳师范学院 | Piccolo encryption algorithm hardware achieving method |
| CN105515758A (en) * | 2015-11-27 | 2016-04-20 | 桂林电子科技大学 | Data parallel cryptographic communication method and system based on Modbus protocol |
| CN105790930A (en) * | 2016-04-29 | 2016-07-20 | 南京酷派软件技术有限公司 | Information encryption method and information encryption device used for mobile terminal and mobile terminal |
| CN106529352A (en) * | 2016-10-15 | 2017-03-22 | 北海益生源农贸有限责任公司 | Computer client information safe input method |
| CN107637010A (en) * | 2015-05-19 | 2018-01-26 | 三星Sds株式会社 | Data encryption device and method and data deciphering device and method |
-
2018
- 2018-05-31 CN CN201810548763.8A patent/CN108848073B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE4016203A1 (en) * | 1990-05-19 | 1991-11-21 | Rolf Prof Dr Trautner | METHOD FOR BLOCK-ENCRYPTING DIGITAL DATA |
| CN1431588A (en) * | 2002-01-08 | 2003-07-23 | 北京南思达科技发展有限公司 | Logic reorganizable circuit |
| CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
| CN101707521A (en) * | 2009-12-01 | 2010-05-12 | 福州星网视易信息***有限公司 | Encryption method based on DES |
| CN102185692A (en) * | 2011-04-25 | 2011-09-14 | 北京航空航天大学 | Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm |
| CN103731257A (en) * | 2014-01-17 | 2014-04-16 | 衡阳师范学院 | Piccolo encryption algorithm hardware achieving method |
| CN107637010A (en) * | 2015-05-19 | 2018-01-26 | 三星Sds株式会社 | Data encryption device and method and data deciphering device and method |
| CN105515758A (en) * | 2015-11-27 | 2016-04-20 | 桂林电子科技大学 | Data parallel cryptographic communication method and system based on Modbus protocol |
| CN105790930A (en) * | 2016-04-29 | 2016-07-20 | 南京酷派软件技术有限公司 | Information encryption method and information encryption device used for mobile terminal and mobile terminal |
| CN106529352A (en) * | 2016-10-15 | 2017-03-22 | 北海益生源农贸有限责任公司 | Computer client information safe input method |
Non-Patent Citations (1)
| Title |
|---|
| 印晶: "DES的分析与改进", 《信息与电脑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978679A (en) * | 2022-05-18 | 2022-08-30 | 深圳市乐凡信息科技有限公司 | Tablet-based online examination method and related equipment |
| CN114978679B (en) * | 2022-05-18 | 2024-05-31 | 深圳市乐凡信息科技有限公司 | Online examination method based on flat plate and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108848073B (en) | 2021-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101006677B (en) | Method and device for carrying out a cryptographic calculation | |
| US8391476B2 (en) | Masking method of defending differential power analysis attack in seed encryption algorithm | |
| US10009171B2 (en) | Construction and uses of variable-input-length tweakable ciphers | |
| KR100296958B1 (en) | Apparatus for encoding block data | |
| US8553880B2 (en) | Pseudorandom number generating system, encryption system, and decryption system | |
| CN103444124B (en) | Cipher processing apparatus, cipher processing method | |
| TWI688250B (en) | Method and device for data encryption and decryption | |
| US7218735B2 (en) | Cryptography method on elliptic curves | |
| EP2742644B1 (en) | Encryption and decryption method | |
| Biham et al. | Differential-linear cryptanalysis of serpent | |
| Li et al. | Research and Realization based on hybrid encryption algorithm of improved AES and ECC | |
| US8331559B2 (en) | Diffused data encryption/decryption processing method | |
| CN111245598B (en) | Method for realizing lightweight AEROGEL block cipher | |
| US6111952A (en) | Asymmetrical cryptographic communication method and portable object therefore | |
| Shorin et al. | Linear and differential cryptanalysis of Russian GOST | |
| KR101923293B1 (en) | Apparatus and method for adding data | |
| CN108848073A (en) | The data of real-time data acquisition system are carried out with the method and system of encrypting and decrypting | |
| CN108124076A (en) | Image encryption method based on isomery chaos and keccak hash functions | |
| US7280663B1 (en) | Encryption system based on crossed inverse quasigroups | |
| JP7023584B2 (en) | Public key cryptosystem, public key cryptosystem, public key crypto program | |
| JP2001503534A (en) | Data decorrelation method | |
| US11070358B2 (en) | Computation device and method | |
| CN112866288B (en) | Data symmetric encryption method for double-plaintext transmission | |
| US20130058483A1 (en) | Public key cryptosystem and technique | |
| US20230134515A1 (en) | Authentication encryption device, authentication decryption device, authentication encryption method, authentication decryption method, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |