CN116595566B - Data encryption system and electronic equipment - Google Patents
Data encryption system and electronic equipment Download PDFInfo
- Publication number
- CN116595566B CN116595566B CN202310868555.7A CN202310868555A CN116595566B CN 116595566 B CN116595566 B CN 116595566B CN 202310868555 A CN202310868555 A CN 202310868555A CN 116595566 B CN116595566 B CN 116595566B
- Authority
- CN
- China
- Prior art keywords
- encrypted
- plaintext data
- key
- encryption
- data block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012545 processing Methods 0.000 claims abstract description 46
- 230000000903 blocking effect Effects 0.000 claims abstract description 9
- 239000013598 vector Substances 0.000 claims description 20
- 230000006870 function Effects 0.000 claims description 11
- 238000006467 substitution reaction Methods 0.000 claims description 5
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000002372 labelling Methods 0.000 claims 1
- 238000000034 method Methods 0.000 description 15
- 238000004364 calculation method Methods 0.000 description 2
- 238000012804 iterative process Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011478 gradient descent method Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of data processing, in particular to a data encryption system and electronic equipment, which are used for caching a plaintext data set to be encrypted through a plaintext data caching unit; the CPU performs blocking processing on the plaintext data set to be encrypted to obtain n plaintext data blocks to be encrypted, and determines attention description values between every two adjacent plaintext data blocks Bi and Bi+1 to generate attention description value sequences corresponding to the n plaintext data blocks to be encrypted; the key generation module arranged by the trusted computing module generates an encryption key sequence according to a national encryption algorithm; the GPU encrypts n plaintext data blocks to be encrypted in parallel based on n first key pairs to obtain n ciphertext data blocks, and splices the n ciphertext data blocks according to the attention description value sequence to form a ciphertext data set, so that the encryption efficiency and speed are improved.
Description
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a data encryption system and an electronic device.
Background
The rapid development of big data makes the value of the data gradually become more apparent, but the following data security problem is also receiving a great deal of attention. Once data is stolen by a malicious attack, great losses and impacts are caused to users and data managers.
For this reason, in the process of data storage and transmission, encryption processing is generally required for data. However, the encryption algorithms currently used are mostly foreign encryption algorithms, thereby causing compliance of the encryption algorithms to be challenged. In addition, encryption is performed by using a national encryption algorithm, and although the national encryption algorithm meets the compliance requirement, part of the encryption algorithm is supported by using a form of a national encryption algorithm software library, and the encryption of the algorithm in the mode can meet certain application requirements, but the encryption of the algorithm in the mode is completed by a cpu, so that the mode has low efficiency and low speed, and is difficult to meet the requirements for scenes with higher real-time requirements.
Disclosure of Invention
Based on the above problems, the embodiment of the application provides a data encryption system and electronic equipment.
The embodiment of the application discloses the following technical scheme:
a data encryption system, comprising:
the plaintext data caching unit is used for caching a plaintext data set to be encrypted;
the CPU is used for carrying out blocking processing on the plaintext data set to be encrypted to obtain n plaintext data blocks to be encrypted, determining attention description values between every two adjacent plaintext data blocks Bi and Bi+1 to generate attention description value sequences corresponding to the n plaintext data blocks to be encrypted, wherein n is an integer greater than or equal to 2, and i is greater than or equal to 1 and less than or equal to n-1;
the trusted computing module is provided with a key generation module, and is used for generating an encryption key sequence according to a cryptographic algorithm, wherein the encryption key sequence comprises n first key pairs, and the first key pair S1-i aiming at the plaintext data block Bi to be encrypted and the first key pair Si+1 aiming at the plaintext data block Bi+1 to be encrypted meet the following relation: generating the random number of the S1-i and the random number of the S1- (i+1) and selecting from a pre-constructed random number sequence, wherein the distance between the random number and the random number is equal to the projection value of the size of a single plaintext data block to be encrypted on the threshold of the random number;
the GPU is used for parallelly encrypting the n plaintext data blocks to be encrypted based on the n first key pairs to obtain n ciphertext data blocks, and splicing the n ciphertext data blocks according to the attention description value sequence to form a ciphertext data set;
and the ciphertext data transmitting unit is used for transmitting the ciphertext data set so that a data receiver generates a decryption key sequence locally based on the same cryptographic algorithm, wherein the decryption key sequence comprises n second key pairs, and one second key pair uniquely corresponds to one first key pair so as to decrypt the ciphertext data set based on the second key pairs.
Optionally, the CPU is provided with a trained attention analysis model, configured to obtain a feature vector of each plaintext data block to be encrypted, and perform weight division on a logical association between the feature vectors, and label an attention description value between each two adjacent plaintext data blocks Bi and bi+1 to be encrypted based on the weight of the division.
Optionally, the trusted computing module stores a feasible root key, and maps the feasible root key to a basic elliptic curve to obtain a base point random number sequence, wherein the base point random number sequence comprises a first elliptic curve point and a second elliptic curve point; and determining a third elliptic curve point and a fourth elliptic curve point based on the projection of the vector formed by the first elliptic curve point and the second elliptic curve point on the basic elliptic curve so as to generate a first key pair.
Optionally, the GPU is specifically configured to obtain a first index relationship between a pre-established block of plaintext data to be encrypted and a first key sequence, and a second index relationship between the block of plaintext data to be encrypted and a processing thread; based on the first index relationship, causing the processing thread to select a first key pair used to encrypt each block of plaintext data to be encrypted by accessing the n first key pairs; and determining available processing threads based on the second index relation, so that the available processing threads can encrypt the to-be-encrypted plaintext data block based on a first key pair used for encryption, and calling an encryption algorithm to encrypt the to-be-encrypted plaintext data block, wherein one available processing thread encrypts one to-be-encrypted plaintext data block.
Optionally, the GPU stores a global-declaration identifier allocated to an encryption function, stores the global-declaration identifier in a key of a pre-constructed key-value pair, and stores a call address of the encryption function in a value of the key-value pair, so that a plurality of available processing threads access the key-value pair, and calls the encryption function based on the same call address, so as to perform parallel encryption processing on a plurality of plaintext data blocks to be encrypted.
Optionally, when the GPU encrypts the n plaintext data blocks to be encrypted in parallel based on the n first keys to obtain n ciphertext data blocks, determining a value range of each plaintext data block to be encrypted respectively, when encrypting any one plaintext data block to be encrypted, judging whether the ciphertext data block obtained by current encryption is located in the value range of the corresponding plaintext data block to be encrypted, if not, re-encrypting the ciphertext data block obtained by current encryption as an encryption object, and so on until the ciphertext data block located in the value range of the plaintext data block to be encrypted is obtained.
Optionally, when encrypting any plaintext data block to be encrypted, the GPU makes the obtained ciphertext data block located in the range of the value range corresponding to the plaintext data block to be encrypted through iterative encryption, when encrypting any plaintext data block to be encrypted, determines whether the ciphertext data block obtained by current encryption is located in the range of the value range corresponding to the plaintext data block to be encrypted, if not, determines the difference between the ciphertext data block and the upper and lower boundaries of the range of the value range, takes the smallest difference, projects the smallest difference on the basis elliptic curve with the first key pair used for current encryption, regenerates the first key pair, encrypts the plaintext data block to be encrypted based on the regenerated first key pair, and analogizes the same until the ciphertext data block located in the range of the value range of the plaintext data block to be encrypted is obtained.
Optionally, the GPU is provided with a key substitution table, which is used for storing the regenerated first key pair, so that when any other plaintext data block to be encrypted is encrypted, the first key pair used for re-encryption is determined by a table look-up mode, so that the ciphertext data block obtained by encryption is located in the value range corresponding to the plaintext data block to be encrypted.
An electronic device comprising a memory, a central processor, a trusted computing module, a graphics processor, wherein:
the memory is used for caching a plaintext data set to be encrypted;
the central processing unit is used for carrying out blocking processing on the plaintext data set to be encrypted to obtain n plaintext data blocks to be encrypted, determining attention description values between every two adjacent plaintext data blocks Bi and Bi+1 to generate attention description value sequences corresponding to the n plaintext data blocks to be encrypted, wherein n is an integer greater than or equal to 2, and i is greater than or equal to 1 and less than or equal to n-1;
the trusted computing module is provided with a key generating module, and is configured to generate an encryption key sequence according to a cryptographic algorithm, where the encryption key sequence includes n first key pairs, and the following relationship is satisfied between a first key pair S1-i for the block of plaintext data Bi to be encrypted and a first key pair S1- (i+1) for the block of plaintext data bi+1 to be encrypted: generating the random number of the S1-i and the random number of the S1- (i+1) and selecting from a pre-constructed random number sequence, wherein the distance between the random number and the random number is equal to the projection value of the size of a single plaintext data block to be encrypted on the threshold of the random number;
the graphics processor is configured to encrypt the n plaintext data blocks to be encrypted in parallel based on the n first keys to obtain n ciphertext data blocks, and splice the n ciphertext data blocks according to the attention description value sequence to form a ciphertext data set.
The technical scheme of the embodiment of the application has the following technical advantages:
(1) The CPU and the GPU are respectively used for blocking and encrypting, so that the load of the CPU is reduced, and meanwhile, the parallel encryption processing process is realized based on the GPU, so that the encryption efficiency and speed are improved.
(2) The first key pair is generated in the trusted computing module, so that the privacy and the safety of the key generation process are ensured, and the reliability of data encryption is further ensured.
(3) The random numbers for generating the first key pair are selected from a pre-constructed random number sequence, the distance between the random numbers for generating adjacent first random pairs is equal to the projection value of the size of a single plaintext data block to be encrypted on the threshold of the random numbers, and the method is equivalent to the step of increasing controllable noise associated with the plaintext data block to be encrypted in the screening process of the random numbers, so that on one hand, the encryption efficiency and speed are further improved, and on the other hand, the security of the first key pair is ensured.
(4) The same cryptographic algorithm is configured on the data receiver, and the second key pair used for decryption can be directly regenerated locally, so that the potential safety hazard of data caused by the fact that the generated first key pair needs to be transmitted to the data receiver when the ciphertext data block is decrypted is avoided.
Detailed Description
It is not necessary for any of the embodiments of the application to be practiced with all of the advantages described above.
In order to better understand the solution of the present application, the following description of the solution of the embodiment of the present application will be clear and complete, and it is obvious that the described embodiment is only a part of the embodiments of the present application, not all the embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The scheme of the embodiment of the application can be applied to encryption of document data, video data, picture data and audio data waiting for encryption of plaintext data sets, and the format and the number of the plaintext data sets are not limited. The plaintext data set to be encrypted may be defined according to the requirements of the application scenario.
The data encryption system provided by the embodiment of the application comprises:
the plaintext data caching unit is used for caching a plaintext data set to be encrypted;
the CPU is used for carrying out blocking processing on the plaintext data set to be encrypted to obtain n plaintext data blocks to be encrypted, determining attention description values between every two adjacent plaintext data blocks Bi and Bi+1 to generate attention description value sequences corresponding to the n plaintext data blocks to be encrypted, wherein n is an integer greater than or equal to 2, and i is greater than or equal to 1 and less than or equal to n-1;
the trusted computing module is provided with a key generation module, and is used for generating an encryption key sequence according to a cryptographic algorithm, wherein the encryption key sequence comprises n first key pairs, and the first key pair S1-i aiming at the plaintext data block Bi to be encrypted and the first key pair Si+1 aiming at the plaintext data block Bi+1 to be encrypted meet the following relation: generating the random number of the S1-i and the random number of the S1- (i+1) and selecting from a pre-constructed random number sequence, wherein the distance between the random number and the random number is equal to the projection value of the size of a single plaintext data block to be encrypted on the threshold of the random number;
the GPU is used for parallelly encrypting the n plaintext data blocks to be encrypted based on the n first key pairs to obtain n ciphertext data blocks, and splicing the n ciphertext data blocks according to the attention description value sequence to form a ciphertext data set;
a ciphertext data transmitting unit configured to transmit the ciphertext data set such that a data receiver locally generates a decryption key sequence based on the same cryptographic algorithm, the decryption key sequence including n second key pairs, one; the second key pair uniquely corresponds to a first key pair to decrypt the ciphertext data set based on the second key pair.
Optionally, the CPU is provided with a trained attention analysis model, configured to obtain a feature vector of each plaintext data block to be encrypted, and perform weight division on a logical association between the feature vectors, and label an attention description value between each two adjacent plaintext data blocks Bi and bi+1 to be encrypted based on the weight of the division.
Specifically, the attention model is a transducer architecture, and specifically includes an encoder layer and a decoder layer, where the encoder layer includes a plurality of encoders in cascade, the decoder layer includes a plurality of decoders in cascade, and the encoder layer is configured to obtain a Key sequence vector and a value sequence vector after a plurality of encoding processes are performed on feature vectors in cascade, and output the Key sequence vector and the value sequence vector to the plurality of decoders through a last encoder, so as to obtain a Query sequence vector, and calculate weights of logical associations between the feature vectors based on the Key sequence vector, the value sequence vector and the Query sequence vector, so that attention description values between each two adjacent plaintext data blocks Bi and bi+1 to be encrypted can be accurately marked based on the magnitudes of the weights, thereby keeping a logical relationship between the plaintext data blocks to be encrypted consistent with a state before segmentation.
Optionally, the trusted computing module stores a feasible root key, and maps the feasible root key to a basic elliptic curve to obtain a base point random number sequence, wherein the base point random number sequence comprises a first elliptic curve point and a second elliptic curve point; and determining a third elliptic curve point and a fourth elliptic curve point based on the projection representation of the vector formed by the first elliptic curve point and the second elliptic curve point on the basic elliptic curve so as to generate a first key pair.
The trusted computing module may be a hardware-based trusted computing module or a software-based trusted computing module, for example.
For a hardware-based trusted computing module, for example, TPM (Trusted Platform Module), TCM (trusted cryptography module) may be mentioned. For example TPCM (Trusted Platform Control Module), TSS (TCG SoftwareStack) etc. for software-based trusted computing modules.
For example, for a hardware-based trusted computing module, it is included in a non-volatile memory for storing a viable root key, which may be generated at the time of production and built into the non-volatile memory, while having absolute uniqueness, thereby ensuring that the viable root key is always reliable and not tampered with. Preferably, the feasible root key is 2048bits, and for this purpose, when the encryption key sequence is generated, the encryption key sequence is equivalent to being used as a father key and is directly mapped onto the basic elliptic curve to obtain the base point random number sequence. Specifically, for example, the parent key is projected along a direction tangential to the base elliptic curve to obtain Xi and Xj, and Xi is brought into Yi in the curve equation, and Xj is brought into Yi in the curve equation, so as to obtain a first elliptic curve point (Xi, yi), and a second elliptic curve point (Xj, yj). The first elliptic curve point (Xi, yi) and the second elliptic curve point (Xj, yj) form a vector, and two intersection points with the elliptic curve are determined by projection along the Y direction and are respectively used as a third elliptic curve point and a fourth elliptic curve point.
Further, after the third elliptic curve point and the fourth elliptic curve point are determined, the first elliptic curve point and the third elliptic curve point are spliced to obtain a public key, and multiples of the first elliptic curve point and the fourth elliptic curve point are used as private keys.
Specifically, when in stitching, for example, exclusive or processing is directly performed between the abscissa and the ordinate of the first elliptic curve point and the third elliptic curve point, and stitching is performed, so as to obtain the public key.
In the calculation process, the processed object can be converted into the data space of the plaintext data block to be encrypted and then processed, so that the alignment with the plaintext data block to be encrypted is realized.
Here, it should be noted that the specific equation of the basic elliptic curve may be determined according to the requirements of the national encryption algorithm.
Optionally, the GPU is specifically configured to obtain a first index relationship between a pre-established block of plaintext data to be encrypted and a first key sequence, and a second index relationship between the block of plaintext data to be encrypted and a processing thread; based on the first index relationship, causing the processing thread to select a first key pair used to encrypt each block of plaintext data to be encrypted by accessing the n first key pairs; and determining available processing threads based on the second index relation, so that the available processing threads can encrypt the to-be-encrypted plaintext data block based on a first key pair used for encryption, and calling an encryption algorithm to encrypt the to-be-encrypted plaintext data block, wherein one available processing thread encrypts one to-be-encrypted plaintext data block.
In the above embodiment, the variable Blockldx may be defined to record the first index relationship, and the Threadldx may be defined to record the second index relationship, so when executing, the variable is parsed, thereby the correspondence between the plaintext data blocks to be encrypted and the first key sequence is resolved, so that the processing threads are enabled according to the one-to-one correspondence during encryption, and the first key is used to encrypt the corresponding plaintext data blocks to be encrypted, thereby avoiding cross-talk between threads during parallel processing.
In this embodiment, the encryption algorithm used for encrypting all the plaintext data blocks to be encrypted is the same. To this end, optionally, the GPU stores a global-declaration identifier allocated to the encryption function, and stores the global-declaration identifier in a key of a key-value pair constructed in advance, and stores a call address of the encryption function in a value of the key-value pair, so that a plurality of available processing threads access the key-value pair, and calls the encryption function based on the same call address, so as to perform parallel encryption processing on a plurality of plaintext data blocks to be encrypted.
By setting the global-declaration identifier, the encryption algorithm is shared among a plurality of processing threads, so that the storage space is saved, and in addition, the processing threads can call the encryption algorithm only through the global-declaration identifier, so that the difficulty of algorithm call is reduced, the speed and efficiency of algorithm call are improved, and the encryption efficiency and speed are further ensured.
Optionally, when the GPU encrypts the n plaintext data blocks to be encrypted in parallel based on the n first keys to obtain n ciphertext data blocks, determining a value range of each plaintext data block to be encrypted respectively, when encrypting any one plaintext data block to be encrypted, judging whether the ciphertext data block obtained by current encryption is located in the value range of the corresponding plaintext data block to be encrypted, if not, re-encrypting the ciphertext data block obtained by current encryption as an encryption object, and so on until the ciphertext data block located in the value range of the plaintext data block to be encrypted is obtained.
In this embodiment, the ciphertext data block obtained by current encryption is encrypted again until the ciphertext data block located in the value range of the plaintext data block to be encrypted is obtained, which is equivalent to implementing the iterative encryption process of the ciphertext data block obtained by current encryption, thereby ensuring the format alignment between the plaintext data block to be encrypted and the ciphertext data block and ensuring the format compatibility of the ciphertext data block in subsequent applications.
Optionally, when encrypting any plaintext data block to be encrypted, the GPU makes the obtained ciphertext data block located in the range of the value range corresponding to the plaintext data block to be encrypted through iterative encryption, when encrypting any plaintext data block to be encrypted, determines whether the ciphertext data block obtained by current encryption is located in the range of the value range corresponding to the plaintext data block to be encrypted, if not, determines the difference between the ciphertext data block and the upper and lower boundaries of the range of the value range, takes the smallest difference, projects the smallest difference on the basic elliptic curve with the first key pair used for current encryption, regenerates the first key pair, encrypts the plaintext data block to be encrypted based on the regenerated first key, and then analogizes until the ciphertext data block located in the range of the value range of the plaintext data block to be encrypted is obtained.
Different from the iterative encryption process of the ciphertext data block obtained by current encryption, by determining the difference and projecting the first key pair used by current encryption on a basic elliptic curve, the first key pair can be quickly redetermined to encrypt the plaintext data block to be encrypted, which is equivalent to realizing the iterative processing of the first key pair, and the iterative process can be shortened under the constraint of the difference, so that the ciphertext data block is quickly positioned in the value range of the plaintext data block to be encrypted.
Optionally, the GPU is provided with a key substitution table, which is used for storing the regenerated first key pair, so that when any other plaintext data block to be encrypted is encrypted, the first key pair used for re-encryption is determined by a table look-up mode, so that the ciphertext data block obtained by encryption is located in the value range corresponding to the plaintext data block to be encrypted.
Further, by means of the key substitution table, in other iterative processes, a new first key pair can be determined directly by means of table lookup, so that the first key pair can be determined quickly, and encryption efficiency and encryption speed are improved. In particular, the new first key pair may be determined, for example, by a gradient descent method.
The embodiment of the application also provides electronic equipment, which comprises a memory, a central processing unit, a trusted computing module and a graphics processor, wherein:
the memory is used for caching a plaintext data set to be encrypted;
the central processing unit is used for carrying out blocking processing on the plaintext data set to be encrypted to obtain n plaintext data blocks to be encrypted, determining attention description values between every two adjacent plaintext data blocks Bi and Bi+1 to generate attention description value sequences corresponding to the n plaintext data blocks to be encrypted, wherein n is an integer greater than or equal to 2, and i is greater than or equal to 1 and less than or equal to n-1;
the trusted computing module is provided with a key generating module, and is configured to generate an encryption key sequence according to a cryptographic algorithm, where the encryption key sequence includes n first key pairs, and the following relationship is satisfied between a first key pair S1-i for the block of plaintext data Bi to be encrypted and a first key pair S1- (i+1) for the block of plaintext data bi+1 to be encrypted: generating the random number of the S1-i and the random number of the S1- (i+1) and selecting from a pre-constructed random number sequence, wherein the distance between the random number and the random number is equal to the projection value of the size of a single plaintext data block to be encrypted on the threshold of the random number;
the graphics processor is configured to encrypt the n plaintext data blocks to be encrypted in parallel based on the n first key pairs to obtain n ciphertext data blocks, and splice the n ciphertext data blocks according to the attention description value sequence to form a ciphertext data set.
The technical scheme of the embodiment of the application has the following technical advantages:
(1) The CPU and the GPU are respectively used for blocking and encrypting, so that the load of the CPU is reduced, and meanwhile, the parallel encryption processing process is realized based on the GPU, so that the encryption efficiency and speed are improved.
(2) The first key pair is generated in the trusted computing module, so that the privacy and the safety of the key generation process are ensured, and the reliability of data encryption is further ensured.
(3) The random numbers for generating the first key pair are selected from a pre-constructed random number sequence, the distance between the random numbers for generating adjacent first random pairs is equal to the projection value of the size of a single plaintext data block to be encrypted on the threshold of the random numbers, and the method is equivalent to the step of increasing controllable noise associated with the plaintext data block to be encrypted in the screening process of the random numbers, so that on one hand, the encryption efficiency and speed are further improved, and on the other hand, the security of the first key pair is ensured.
(4) The same cryptographic algorithm is configured on the data receiver, and the second key pair used for decryption can be directly regenerated locally, so that the potential safety hazard of data caused by the fact that the generated first key pair needs to be transmitted to the data receiver when the ciphertext data block is decrypted is avoided.
The electronic device of the embodiments of the present application exists in a variety of forms including, but not limited to:
(1) Mobile communication devices, which are characterized by mobile communication functionality and are aimed at providing voice, data communication. Such terminals include smart phones (e.g., iPhone), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer equipment, which belongs to the category of personal computers, has the functions of calculation and processing and generally has the characteristic of mobile internet surfing. Such terminals include PDA, MID and UMPC devices, etc., such as iPad.
(3) Portable entertainment devices such devices can display and play multimedia content. Such devices include audio, video players (e.g., iPod), palm game consoles, electronic books, and smart toys and portable car navigation devices.
(4) The server, which is a device for providing computing services, is composed of a processor 410, a hard disk, a memory, a system bus, etc., and is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing capacity, stability, reliability, security, scalability, manageability, etc.
(5) Other electronic devices with data interaction function.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment is mainly described in a different point from other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, with reference to the description of the method embodiments in part. The above-described embodiments of the apparatus and system are merely illustrative, in which the modules illustrated as separate components may or may not be physically separate, and the components illustrated as modules may or may not be physical, i.e., may be located in one place, or may be distributed over multiple network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present application without undue burden.
The foregoing is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the technical scope of the present application should be included in the scope of the present application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.
Claims (8)
1. A data encryption system, comprising:
the plaintext data caching unit is used for caching a plaintext data set to be encrypted;
the CPU is used for carrying out blocking processing on the plaintext data set to be encrypted to obtain n plaintext data blocks to be encrypted, determining attention description values between every two adjacent plaintext data blocks Bi and Bi+1 to generate attention description value sequences corresponding to the n plaintext data blocks to be encrypted, wherein n is an integer greater than or equal to 2, and i is greater than or equal to 1 and less than or equal to n-1;
the trusted computing module is provided with a key generation module, and is used for generating an encryption key sequence according to a cryptographic algorithm, wherein the encryption key sequence comprises n first key pairs, and the first key pair S1-i aiming at the plaintext data block Bi to be encrypted and the first key pair S1- (i+1) aiming at the plaintext data block Bi+1 to be encrypted meet the following relation: generating the random number of the S1-i and the random number of the S1- (i+1) and selecting from a pre-constructed random number sequence, wherein the distance between the random number and the random number is equal to the projection value of the size of a single plaintext data block to be encrypted on the threshold of the random number;
the GPU is used for parallelly encrypting the n plaintext data blocks to be encrypted based on the n first key pairs to obtain n ciphertext data blocks, and splicing the n ciphertext data blocks according to the attention description value sequence to form a ciphertext data set;
a ciphertext data transmitting unit configured to transmit the ciphertext data set so that a data receiver generates a decryption key sequence locally based on the same cryptographic algorithm, the decryption key sequence including n second key pairs, one second key pair uniquely corresponding to one first key pair, to decrypt the ciphertext data set based on the second key pairs;
the CPU is provided with a training attention analysis model for acquiring the feature vector of each plaintext data block to be encrypted, and carrying out weight division on the logic association between the feature vectors, and labeling attention description values between every two adjacent plaintext data blocks Bi and Bi+1 to be encrypted based on the weight of the division.
2. The system of claim 1, wherein the trusted computing module has a viable root key stored thereon, and wherein the viable root key is mapped onto a base elliptic curve to obtain a base random number sequence, wherein the base random number sequence comprises a first elliptic curve point and a second elliptic curve point; and determining a third elliptic curve point and a fourth elliptic curve point based on the projection representation of the vector formed by the first elliptic curve point and the second elliptic curve point on the basic elliptic curve to generate a first key pair.
3. The system according to claim 1, wherein the GPU is specifically configured to obtain a first index relationship between a block of plaintext data to be encrypted and a first key sequence, and a second index relationship between the block of plaintext data to be encrypted and a processing thread, which are pre-established; based on the first index relationship, causing the processing thread to select a first key pair used to encrypt each block of plaintext data to be encrypted by accessing the n first key pairs; and determining available processing threads based on the second index relation, so that the available processing threads can encrypt the to-be-encrypted plaintext data block based on a first key pair used for encryption, and calling an encryption algorithm to encrypt the to-be-encrypted plaintext data block, wherein one available processing thread encrypts one to-be-encrypted plaintext data block.
4. The system of claim 1, wherein the GPU has stored thereon a global-declaration identifier assigned to an encryption function and the global-declaration identifier is stored in a key of a pre-constructed key-value pair and a call address of the encryption function is stored in a value of the key-value pair such that a plurality of available processing threads access the key-value pair and call the encryption function based on the same call address to perform parallel encryption processing on a plurality of blocks of plaintext data to be encrypted.
5. The system according to claim 1, wherein the GPU determines a value range of each plaintext data block to be encrypted when encrypting the n plaintext data blocks to be encrypted in parallel based on the n first keys to obtain n ciphertext data blocks, and when encrypting any one plaintext data block to be encrypted, determines whether the ciphertext data block obtained by current encryption is located within a value range of the corresponding plaintext data block to be encrypted, and if not, re-encrypts the ciphertext data block obtained by current encryption as an encryption object, and so on until a ciphertext data block located within the value range of the plaintext data block to be encrypted is obtained.
6. The system according to claim 1, wherein when encrypting any one of the plaintext data blocks to be encrypted, the GPU makes the obtained ciphertext data block lie within the range of the value range corresponding to the plaintext data block to be encrypted through iterative encryption, when encrypting any one of the plaintext data blocks to be encrypted, determines whether the ciphertext data block obtained by current encryption lies within the range of the value range corresponding to the plaintext data block to be encrypted, if not, determines the difference between the ciphertext data block and the upper and lower boundaries of the range of the value range, and takes the smallest difference, projects the smallest difference on the basis elliptic curve with the first key pair used for current encryption, regenerates the first key pair, encrypts the plaintext data block to be encrypted based on the regenerated first key pair, and so on until the ciphertext data block lying within the range of the value range of the plaintext data block to be encrypted is obtained.
7. The system according to claim 6, wherein the GPU is provided with a key substitution table for storing the regenerated first key pair, so that when any other plaintext data block to be encrypted is encrypted, the first key pair used for re-encryption is determined by means of table look-up, so that the ciphertext data block obtained by encryption is located in a value range corresponding to the plaintext data block to be encrypted.
8. An electronic device comprising a memory, a central processing unit, a trusted computing module, and a graphics processor, wherein:
the memory is used for caching a plaintext data set to be encrypted;
the central processing unit is used for carrying out blocking processing on the plaintext data set to be encrypted to obtain n plaintext data blocks to be encrypted, determining attention description values between every two adjacent plaintext data blocks Bi and Bi+1 to generate attention description value sequences corresponding to the n plaintext data blocks to be encrypted, wherein n is an integer greater than or equal to 2, and i is greater than or equal to 1 and less than or equal to n-1;
the trusted computing module is provided with a key generating module, and is configured to generate an encryption key sequence according to a cryptographic algorithm, where the encryption key sequence includes n first key pairs, and the following relationship is satisfied between a first key pair S1-i for the block of plaintext data Bi to be encrypted and a first key pair S1- (i+1) for the block of plaintext data bi+1 to be encrypted: generating the random number of the S1-i and the random number of the S1- (i+1) and selecting from a pre-constructed random number sequence, wherein the distance between the random number and the random number is equal to the projection value of the size of a single plaintext data block to be encrypted on the threshold of the random number;
the graphics processor is configured to encrypt the n plaintext data blocks to be encrypted in parallel based on the n first key pairs to obtain n ciphertext data blocks, and splice the n ciphertext data blocks according to the attention description value sequence to form a ciphertext data set and send the ciphertext data set by a ciphertext data sending unit, so that a data receiver locally generates a decryption key sequence based on the same cryptographic algorithm, where the decryption key sequence includes n second key pairs, and one second key pair uniquely corresponds to one first key pair to decrypt the ciphertext data set based on the second key pair.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310868555.7A CN116595566B (en) | 2023-07-17 | 2023-07-17 | Data encryption system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310868555.7A CN116595566B (en) | 2023-07-17 | 2023-07-17 | Data encryption system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116595566A CN116595566A (en) | 2023-08-15 |
| CN116595566B true CN116595566B (en) | 2023-10-20 |
Family
ID=87608525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310868555.7A Active CN116595566B (en) | 2023-07-17 | 2023-07-17 | Data encryption system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116595566B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110784304A (en) * | 2019-10-25 | 2020-02-11 | 江苏云涌电子科技股份有限公司 | Method for realizing national cryptographic algorithm through FPGA |
| CN112311528A (en) * | 2020-10-17 | 2021-02-02 | 深圳市德卡科技股份有限公司 | Data secure transmission method based on state cryptographic algorithm |
| CN113079012A (en) * | 2021-05-06 | 2021-07-06 | 中国民航大学 | Encryption/decryption technology for data protection of aviation ground-air data chain ACARS system based on state cryptographic algorithm |
| CN114297693A (en) * | 2021-12-30 | 2022-04-08 | 北京海泰方圆科技股份有限公司 | Model pre-training method and device, electronic equipment and storage medium |
| KR20220160373A (en) * | 2021-05-27 | 2022-12-06 | 재단법인대구경북과학기술원 | Electronic device for decrypting ciphertext using neural network model and controlling method thereof |
| CN116132977A (en) * | 2023-04-19 | 2023-05-16 | 深圳锐爱电子有限公司 | Mouse safety encryption authentication method |
| CN116383666A (en) * | 2023-05-23 | 2023-07-04 | 重庆大学 | Power data prediction method and device and electronic equipment |
-
2023
- 2023-07-17 CN CN202310868555.7A patent/CN116595566B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110784304A (en) * | 2019-10-25 | 2020-02-11 | 江苏云涌电子科技股份有限公司 | Method for realizing national cryptographic algorithm through FPGA |
| CN112311528A (en) * | 2020-10-17 | 2021-02-02 | 深圳市德卡科技股份有限公司 | Data secure transmission method based on state cryptographic algorithm |
| CN113079012A (en) * | 2021-05-06 | 2021-07-06 | 中国民航大学 | Encryption/decryption technology for data protection of aviation ground-air data chain ACARS system based on state cryptographic algorithm |
| KR20220160373A (en) * | 2021-05-27 | 2022-12-06 | 재단법인대구경북과학기술원 | Electronic device for decrypting ciphertext using neural network model and controlling method thereof |
| CN114297693A (en) * | 2021-12-30 | 2022-04-08 | 北京海泰方圆科技股份有限公司 | Model pre-training method and device, electronic equipment and storage medium |
| CN116132977A (en) * | 2023-04-19 | 2023-05-16 | 深圳锐爱电子有限公司 | Mouse safety encryption authentication method |
| CN116383666A (en) * | 2023-05-23 | 2023-07-04 | 重庆大学 | Power data prediction method and device and electronic equipment |
Non-Patent Citations (2)
| Title |
|---|
| Data Encryption on GPU for High-Performance Database Systems;Heeseung Jo等;《Procedia Computer Science》;第19卷;147-154 * |
| 一种基于Henon映射和Feistel结构的分组密码算法研究;张伟;韦鹏程;杨华千;;计算机科学(07);105-108页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116595566A (en) | 2023-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11750591B2 (en) | Key attestation statement generation providing device anonymity | |
| US10263962B2 (en) | User authentication over networks | |
| US10142107B2 (en) | Token binding using trust module protected keys | |
| US10320765B2 (en) | Method and system for securing communication | |
| US10263775B2 (en) | Policy-based key recovery | |
| US20120269340A1 (en) | Hierarchical encryption/decryption device and method thereof | |
| US9641328B1 (en) | Generation of public-private key pairs | |
| US11722313B2 (en) | State synchronization for post-quantum signing facilities | |
| CN113434852A (en) | Password processing method, password verification device, medium and electronic equipment | |
| CN114553590A (en) | Data transmission method and related equipment | |
| CN114499892A (en) | Firmware starting method and device, computer equipment and readable storage medium | |
| CN117134914B (en) | One-time-pad random key stream encryption algorithm and system based on hardware characteristics | |
| CN109711178A (en) | A kind of storage method of key-value pair, device, equipment and storage medium | |
| CN116595566B (en) | Data encryption system and electronic equipment | |
| US20150043731A1 (en) | Data protection method and apparatus | |
| CN117171202A (en) | Data query method and device | |
| CN115632782B (en) | Random number generation method, system and equipment based on SM4 counter mode | |
| US11876888B2 (en) | Encryption device, decryption device, encryption method, decryption method, and computer readable medium | |
| KR20220055301A (en) | Access controlling server which controls the access to the private cloud server and the operating method thereof | |
| CN116961908B (en) | Encryption method, electronic device, electronic apparatus, and computer storage medium | |
| CN117294505A (en) | Method, system and equipment for storing public verifiable encryption of private key | |
| CN112765592A (en) | Database access control method and device | |
| CN117955968A (en) | File transmission method and device, electronic equipment and storage medium | |
| CN114567425A (en) | Internet of things communication method and system, SoC Sim and Internet of things terminal | |
| CN114238996A (en) | Method and system for bypassing decryption of logging JavaScript |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |