• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A method and apparatus for encrypting data with hardware in which an encrypted data is generated from a plain language encrypted content at a time by means of an encrypted bit or bit set (Yn) generated on a bit-by-bit or bit-by-bit basis. The cryptographic bit or bit set (Yn) of the plaintext bit or set of bits (Dn) is generated by an encryption key, which encryption key (203, 204, 300, 400) comprises at least two encryption tables (A, B, C) with different numbers of items in the encryption tables (a1 … A7, b1… b5, c1… c3) in which the elements contain randomly generated data. The plaintext bit or set of bits (Dn), the encrypting bit or set of bits (Yn) and the elements of the encryption table (a1… a7, b1… b5, c1… c3) are equal in length, e.g. one byte long. The encryption bit or set of bits (Yn) is formed by selecting one predetermined element from each encryption table (A, B, C) and performing an XOR operation between all these selected elements. In the method, an encrypted bit or set of bits (CBn) is generated by performing XOR operations between a plaintext encrypted bit or set of bits (Dn) and the generated encrypting bit or set of bits (Yn). Encryption tables proceed based on the contents of the encryption tables.
    公开号:FI20205097A1
    申请号:FI20205097
    申请日:2020-01-31
    公开日:2021-03-31
    发明作者:Sam Widlund
    申请人:Sam Widlund;
    IPC主号:
    专利说明:

    TECHNICAL FIELD The invention relates to a method and a device by means of which data is encrypted by a device and / or software on the device, e.g. for its secure transmission and / or storage.
    Background Various encryption systems are known which encrypt messages or data so that only authorized parties can read them. Encryption does not prevent messages from being intercepted, only from reading the message. The encryption system converts the clear text of the message or information into ciphertext using an encryption algorithm. The message or information can then only be read if the ciphertext is decrypted. It is basically possible to decrypt without a key, but this requires a great deal of computing power if the encryption system is well implemented. The authorized recipient can easily decrypt the message with the key given to him by the sender of the encrypted message. S One example of a prior art encryption solution is N symmetric encryption method. In symmetric encryption, both the sender and = 30 recipients have the same 5 information about the secret key. It may be that the sender and the receiver r use the secret key in a different form, but each can E, if he wishes, derive the key used by the other from his own S by an efficiently computable algorithm. £ I 35 The currently widely used cryptographic methods are based on the fact that breaking them by a non-brute-force method would require solving a certain mathematical problem. trust in encryption in current systems is thus based on the belief that no one has figured out how to solve the mathematical problem needed to break the encryption algorithm in a sensible and efficient way, i.e. in a way that it can be solved quickly enough in practice. Of the prior art encryption solutions, the one-time encryption mechanism has been proven to be a theoretically unbreakable encryption method. However, the one-time encryption mechanism has so many problems with its practical use that it is hardly used. The problem with other prior art encryption algorithms is that their reliability against hacking attempts cannot be proved mathematically, and the amount of work required to crack them is not known. Brief description The purpose is to provide a new type of method and device for arranging data encryption, with hardware and / or software executable by the device, e.g. for data storage or data transmission. This embodiment can use a mathematical model (a linear set of equations) whose solution formula is known, and we know how much work its solution requires.
    The encryption method according to the S Frä aspect is characterized by what is mentioned in the characterizing part of claim 1. = 30 In addition, some embodiments are mentioned in claims 2 to 18. The device according to one aspect is characterized by what is mentioned in the characterizing part of claim 19 for device S. In one embodiment, the data or data is encrypted by hardware on a software basis, hardware-based, or a combination thereof. In an embodiment, the encrypted data is generated at a predetermined amount of data at a time from the plaintext content to be encrypted by means of a scrambling bit or set of bits, such as a scrambling byte, to be generated bit by bit or bit set, e.g.
    The amount of data to be processed at a time (e.g., a plain language byte, an encrypting byte, and an encrypted byte) determined in the embodiment may consist of a certain number of bits or bytes.
    In one embodiment, there are randomly generated data bits or sets of bits in the encryption tables, and the algorithm proceeds systematically to obtain a sufficiently long sequence during which the encryption does not repeat itself.
    In one embodiment, in the encryption algorithm, a disposable encryption bit, or set of bits Y, is formed by computing a set of random numbers such that the same sequence is repeated so infrequently that the length of the message to be encrypted is shorter than the sequence generated by the algorithm.
    In another embodiment, the cryptographic bit or bit set Dn of the plaintext bit or bit set Dn is generated by an encryption key comprising at least two cryptographic tables having different numbers of items in the cryptographic tables, e.g. is randomly generated data.
    However, one of the boards can be of any length.
    The elements of the encryption table are the same size as each other, S for example bytes. & = The encrypting bit or set of bits Yn is formed in the solution according to the invention = 30 by selecting one predetermined T element from each encryption table and performing an XOR-E operation between all these selected elements.
    S In the method, an encrypted bit or set of bits CBn, such as a byte, 2 is generated by performing an XOR operation between a plain language O 35 encrypted bit or set of bits D, and a generated encrypting bit or set of bits Y, e.g.
    In one embodiment, after encrypting one bit or set of bits, such as a byte, the next bit or set of bits may be encrypted by selecting the next plaintext bit or set of bits and generating an encrypting bit or set of bits based on subsequent items in the encryption tables. In one embodiment, the lengths of the encryption tables are different prime numbers.
    Since the cryptographic elements are not selected from the cryptographic tables in such a way that their indices can be easily derived, for example, from the cryptographic sequence number n, the algorithm does not consist of known linear equations which are easy to solve and thus easy to crack. In one embodiment, we proceed so that the following encryption items are selected based on the values contained in the encryption tables themselves. In this case, we do not know which elements are used and linear groups of equations cannot be solved.
    In one embodiment, the content and / or size and number of key tables can also be changed as encryption progresses. Changes can also be made based on the current values in the key tables. Changes can be made in any way as long as the recipient and sender make them in the same way.
    In another embodiment, the cryptographic key cryptographic table element S is one or more randomly selected bits or one or N more randomly selected bytes, wherein the lengths of the cryptographic bit or 5-bit set, plaintext bit or bit set and / or = 30 cryptographic bits or bit sets correspond to the length of the cryptographic table element.
    a S Embodiments can be utilized in a digital 2 communication network to provide data encryption, wherein the O 35 communication network includes at least two devices, the first device being at least the sender and the second device at least the receiver. The data to be transmitted is encrypted using an encryption key, and the encrypted data is sent to another device. Correspondingly, the encrypted data received by the second device is decrypted using the same encryption key as in the data encryption.
    Some other applications of the embodiment in addition to communication 5 are mass memories, in connection with which large amounts of sensitive information are processed. In this case, the data to be stored is encrypted with the help of an encryption key before the data is stored, e.g. in mass memory.
    The advantage of the embodiment may be that it allows the encryption to be implemented efficiently and securely, whereby the solution according to the invention enables secure data storage or secure transmission of information and messages via an untrusted communication channel. One embodiment can also be used to adjust the number and length of the encryption key tables used as the encryption key of the algorithm to the desired type, whereby the efficient execution of the encryption can be adjusted compared to the computing power required to decrypt the encryption.
    BRIEF DESCRIPTION OF THE DRAWINGS In the following, the invention will be described in more detail by means of examples with reference to Figures 1 to 5, in which Fig. 1 is a functional diagram showing a solution according to an embodiment S; Fig. 2 shows the use of an x solution according to an embodiment in data transmission data encryption; and m o S Fig. 3 shows 2 examples of an encryption key according to an embodiment;
    Fig. 4 shows an example of an encryption key according to another embodiment;
    Fig. 5 shows an example of an encryption key and determination of encryption items based on the contents of the encryption tables according to an embodiment;
    Fig. 6 shows an example of changing the values of items of an encryption key as encryption progresses according to an embodiment; Figures JA and JB show the values of the simulated encrypted data of a solution according to an embodiment.
    Detailed description
    The idea of the method used in one embodiment is to use an encryption key consisting of a plurality of encryption tables whose elements contain the generated random data.
    The number of encryption tables is at least 2, in some embodiments e.g. at least 3 or 4. The number of encryption tables can also be at least 5. The sender and recipient have the same encryption keys, i.e. the same = encryption tables.
    The encryption algorithms according to the embodiment utilize the features of the encryption keys described above.
    With this embodiment, the encryption can be implemented efficiently and securely.
    In this way, it is possible to enable secure data storage or secure transmission of data and messages via untrusted communication channels. = 30 x Figure 1 is a schematic diagram of the operation related to encrypting the information E of an embodiment.
    Data or data is encrypted with> hardware based on software, hardware based 3 or a combination of these.
    The encrypted data is generated by a byte or O 35 other amount of data of a predetermined length at a time from the plaintext encrypted content by means of an encrypting byte Y, which is generated on a per-byte basis or per bit or set of bits.
    In the embodiments described below, a byte is used as an example of a predetermined length of data to be processed at one time, but in the embodiments below, the length of data to be processed at a time may be, for example, a certain number of bits or a certain number of bytes. The plaintext bit or set of bits, the encrypting bit or set of bits, the encrypted bit or set of bits, and the elements of the encryption tables are the same length, i.e., a certain number of bits or bytes.
    The encrypting byte Yn of the plaintext byte Dn is formed by an encryption key comprising at least two encryption tables in which the encryption tables have a different number of elements, for example such that the maximum common factor of any two tables is 1 ( , and which items contain randomly generated data. The encrypting byte Y, is formed by selecting one predetermined item from each encryption table and performing an XOR operation between all these selected items.
    In the method, the encrypted byte CB, is formed by performing an XOR operation between the plaintext encrypted byte D, and the generated encrypted byte Y.
    In an embodiment, the content and / or size and number of key tables can also be changed as the encryption progresses. Changes can also be made based on the current values in the key tables.
    o a After encrypting one byte, the next byte 5 can be encrypted by selecting the next plaintext byte and generating = 30 the next encrypting byte based on the next I items of the encryption tables. a S The encrypting byte Yn can be formed, for example, as follows: £ S 35 Y = A [m mod | A |] OB [m mod | B |] O ... ON [m mod | N |]], where - Alm mod | A |] is the element referred to in the order m of the first cryptographic table,
    - B [m mod | B |] is an item in the order m of the second cryptographic table byte, and - N [m modiN |] is the element in the mth order of the Nth cryptographic table byte.
    Where m is formed, for example, as follows: At the beginning of the encryption, m is zero. When forming the encrypting byte, the value of m is increased by one, the result of the tables A- N xor is calculated by this new index m of the tables, in the same way as Yj, above. Increase the value of m with the result obtained plus one, and calculate the final value of Yn with this value of m. In one embodiment, the index m may initially be different in size from one or more encryption tables. When forming the encryption byte, the index of the encryption table A may be ma, the index of the encryption table B mz, the encryption table C me, and the encryption table N my, the indices ma, Ms, mc and / or my may also be set equal. When forming a scrambling byte, the index of each table may increase equally according to the contents of the tables and / or according to a certain rule.
    To improve encryption, we can also change the values of the encryption tables. The change can be made, for example, as follows: When the value of m has been incremented and the final value of Yn calculated with a new value of m, we increment the value of m again by one. calculate the result of the elements XOR with this value of m and denote the result by the symbol K. Increase the value of m again by one. S We compute the result xor with this value m and denote the result N by the symbol L. Next, we select from each table A- N 5 elements whose index is (current m plus newly calculated = 30 K) mod table length, and update the value of these elements to I their current value XOR newly computed L. a S In the algorithm, we can either increase the value of m based on the contents of the cryptographic tables 2, or change the values of the cryptographic tables, or O 35 both. The order of the XOR operations does not matter. The mod operation used in the example above is the remainder.
    The lengths of the encryption tables can be different prime numbers.
    In one embodiment, the cryptographic key element of the cryptographic key is one or more randomly selected bits or one or more randomly selected bytes, wherein the lengths of the cryptographic byte, plaintext byte, and / or cryptographic byte correspond to the length of the cryptographic table element.
    In one embodiment, the method determines a start point, i.e. a separate start element for each encryption table, from which encryption is started. The starting point can be constant, for example index 0 in each encryption table. The starting point may also be key-specific, for example, each cryptographic table may have its own randomly drawn point known to the sender and recipient. In one embodiment, another operation combining the two bytes may be used instead of the XOR operation so that the order of the bytes does not matter and the result of the operation between the two random bytes is also random, for example 'not XOR'. In one embodiment, the encrypted data is sent from the transmitting device via a data network or communication connection S to the receiving device. The receiving device decrypts N received encrypted data one byte at a time by means of 5 encryption keys. The receiving device can decrypt = 30 bytes of received data at a time, for example as follows: = a Dp, = Y, O CB ,, where S - CBn (crypted byte) is an encrypted byte in order S n, O 35 - Yn is a byte generated from the algorithm's encryption key in order n , - D, is a plain language byte received in order n.
    In one embodiment, the encrypted information is stored on a device storage medium, such as mass storage. In this embodiment, the data can be decrypted as described above.
    The Eras aspect also applies to the device for encrypting data. the device is arranged to store and manage the encryption key, perform data encryption and decrypt with the encryption key. The device is adapted to generate the encrypted data one byte at a time from the plaintext encrypted content by means of a byte-by-byte bypassable encrypting byte Y, where the byte consists of a certain number of bits or bytes. The arrangement is adapted to form a plaintext byte D, an encrypting byte Y, by means of an encryption key comprising at least two encryption tables, the encryption tables having a different number of elements, e.g. generated data. However, in one embodiment, the length of one encryption table can be freely selected. For example, the length of one cryptographic table may be such that the common factor of that cryptographic table and the number of items in any other cryptographic table is greater than 1. the device is adapted to form an encrypting byte Y by selecting one predetermined item from each cryptographic table between all these S selected elements. The arrangement is adapted to form an encrypted byte CB, by performing XOR operations between 5 plaintext encrypted bytes D, and the generated encrypted byte = 30 Y.
    I E In one embodiment, the encryption method may be used to encrypt S communications or store data. 2 Such an arrangement may, for example, comprise devices transmitting information with each other, e.g. devices communicating with one another in a data transmission network and / or a server.
    Figure 2 is a schematic example of an embodiment of the apparatus.
    The device and method according to the invention can be used for arranging data encryption in a digital data transmission network according to a symmetric encryption model.
    The data transmission network can be wired or wireless, such as IP network, Internet, Intranet, LAN, WLAN, CDMA, TDMA, FDMA or Bluetooth.
    The communication network comprises at least two devices 201, 202 communicating with each other, one of which acts as at least a sender and the other a device at least as a receiver.
    Communication between devices takes the form of data, such as the transmission of messages, files and / or e-mail, or, for example, a video and / or audio file and / or a video and / or audio stream.
    In one embodiment, the devices 201, 202 are provided with means for storing and managing the encryption key 203, 204, means for performing data encryption and / or decryption with the selected algorithm and the encryption key.
    These means may be provided, for example, by a program or similar set of instructions executed in a processor environment to manage encryption keys, share encryption keys, and / or perform encryption and / or decryption of data.
    The device may also be provided with means for reading, storing, receiving and / or sending ES. & = The device may be any device for storing and / or transmitting data = 30 and a receiving device, for example a computer, a smartphone, T a portable device, a server or a similar device, provided with resources E for managing encryption keys, S for sharing and / or encrypting data and / or by means of the solution according to the invention.
    For encryption keys, for example, a database can be arranged in the memory area of the device with instructions executed programmatically in the processor environment of the device.
    The device contains, for example, information intended to be stored and / or transmitted, which may be, for example, a message, a file, a video and / or audio file and / or a video and / or audio stream. When the data has been generated and / or it is desired to encrypt, the device selects a predetermined starting location from the encryption key arranged in the memory and starts encrypting the message with the encryption key according to the method according to the invention. If the encryption key is stored on the device encrypted, it is decrypted. The encryption of the data to be transmitted can be performed by an encryption algorithm according to the solution of the invention driven by the processor means of the device. After encryption, the encrypted data can, if desired, be stored and / or sent to the recipient via a data network.
    If the encrypted data is sent over a data network, the device receiving the message receives the message and selects a predetermined starting location from the encryption key arranged in the memory, and then begins to decrypt the encrypted message using the encryption key.
    In one embodiment, the same encryption key is used only once, so if in the above example the receiving device wants to respond to the device that sent the encrypted message, both devices use the new encryption key when the recipient of the first message sends information to the sender of the first message.
    S S Figure 3 shows an example of an encryption key 2300, 5 formed of three encryption tables. According to one = 30 embodiment, the lengths of the tables are different from each other and here the lengths of the tables are prime numbers, & in the respective examples 7, 5 and 3 of Figure 3. Example 35 shows the basic idea of the structure of an encryption key and an encryption key encryption table. Thus, in the example of Figure 3, the encryption key 300 comprises encryption tables A, B and C. The encryption table A has seven elements al..a7,
    encryption table B has five items bl..b5 and encryption table C has three items cl..c3. The encryption key is stored on the device where you want to encrypt and / or decrypt the data. Each item in the table has a randomly generated byte. In one embodiment, each element may also have a predetermined number of randomly generated bits or bytes. Figure 4 shows another example of an encryption key 400 formed of only one table, where the location of each encryption table A, B, C in this one table is known. This embodiment otherwise corresponds to the example of Figure 3 but may be more efficient in implementation in some devices because only one table is required. The arrangement predetermines between which table items certain cryptographic tables (i.e., certain cryptographic table items) are located. In the example of Figure 4, the items in the encryption table A are located in items 1 to 7 of the encryption key table, the items in the encryption table B are located in items 8 to 12 of the encryption key table, and the items in the encryption table C are bytes, for example, four bytes at a time. In this case, the values of the elements of the encryption tables must be of corresponding length, i.e. in the case of the above-mentioned S example, each of four bytes in length. O
    N 5 Figure 5 shows an example of the operation of the encryption key 500 = 30. The encryption key is formed of three T encryption tables A, B and C of different lengths. E In Fig. 5, the lengths of the tables are prime numbers, and in this S example, the lengths are 7, 5, and 11. The number of tables and the lengths of 2 are only examples, and may be greater than O 35 or less than shown in the example. Each cryptographic table A, B, C may have its own starting point, which in this example is a cryptographic table-specific index (mai, mp1, Mey from which to encrypt). between embryos.
    The predetermined index may be a starting point (Encryption Table A Index / Item 1, Encryption Table B Index / Item 2, Encryption Table C Index / Item 7), wherein the XOR operation is in Example A of Figure 5 [al] OB [b2] OC [c7] . In one embodiment, the generation of the cryptographic byte can be initiated by a particular rule, for example, by selecting items from (start point + 1). When creating the next encryption byte, progress is made in each encryption table according to the new index determined by the contents of the encryption tables.
    In one embodiment, the new index is determined by incrementing the index of the previously selected items (al, b2, c7) based on the number determined by the contents of the previous items (al, b2, c7) of the encryption tables.
    The result of the XOR operation shown above may be, for example, 3, in which case the current index of each encryption table is increased by 3. In this case, index / item 4 for encryption table A, index / item 5 for encryption table B and index / item 10 for encryption table C are obtained. m + [A [al1] O BIb2] OC [c7]] = m, where m, is the current index of the encryption table and m, the new index from which the next encryption byte is formed.
    The cryptographic tables can be proceeded correspondingly to form the following cryptographic bytes, whereby in each round S in each cryptographic table, an equal N jump in the index of the elements takes place simultaneously.
    In Fig. 5, based on the contents of the items 5, the = 30 equal progress in each encryption table is shown by the highlighted items I and the arrows. a S Fig. 6 shows the encryption key 500 according to Fig. 5, in which 2 the values of the encryption tables A, B, C have been changed based on the contents of the encryption tables O 35.
    The encryption tables have progressed to items a4, b5, c10 in the items / indexes according to the example shown in Figure 5.
    Calculate the XOR result of the currently selected elements (A [a4] O B [b5] O C [c10]) and denote the result by the symbol K.
    Increase the index of each encryption table, for example, by 2, (m + 2), and calculate the XOR result with this value of m, whereby XOR can be Aflac] O B [b2] O Clcl]. After the last item in the cryptographic tables, the count can continue from the first item in the cryptographic table.
    Mark the XOR result obtained with the symbol L.
    Next, you can select items with an index (m, + t2 + K) and update their current value to XOR IL.
    The value of K may be, for example, 1, whereby the value of item a7 of the encryption table A is changed to a70L based on the contents of the encryption tables, the value of item Db3 of the encryption table B to b36PL and the value of item c2 of the encryption table C to c20L.
    After changing the values of the elements a7, bb, cl0, the encryption can proceed to determine the next encrypting byte.
    After the determination of the next encryption byte, the values of the elements can be changed again based on the contents of the encryption table, for example as described above.
    Changing the values of items can also be done in another way in front of the encryption, for example according to the contents of the encryption tables and a certain rule.
    When selecting items, you can add or subtract a specified or random number from the index.
    In addition, instead of an XOR operation, another operation combining two bytes can be used so that the order of the bytes does not matter and the result of the operation between two random bytes is also random, for example 'not XOR'. In addition to changing the values of the items, the number and / or length of the encryption tables 2 can be changed. Figures JA and 7B show the values of the simulated encrypted data of the = 30 solution according to one embodiment.
    The data r encrypted in this example is a mere zero.
    In the example E of Fig. 7A, 10mb of data is encrypted, and the values of S encrypted data are shown in the figure.
    In Fig. 5B, the second time 2 10mb data is encrypted with a partially different key, and the second O 35 encryption is compared with the previously encrypted data in Fig. 7B (also shown in Fig. 7A). By means of the simulations, it can be seen that the data encrypted by means of the solution according to the invention is different at different times and no correlation is visually visible between the different encryption times in the encrypted data. The following is an example of an embodiment in which the encryption key has six encryption tables (A, B, C, D, E and F). In the solution of the invention, the lengths of the encryption tables are arranged in different sizes so that the greatest common factor of the lengths of any two tables is 1. This can be implemented e.g. by the lengths of the encryption tables being different prime numbers. For example, encryption table lengths can range from a few hundred bytes to some kilobytes. The encryption method includes a predefined starting point, i.e. a separate index for each encryption key encryption table from which encryption is started. The starting point may be a constant, e.g., index 0 in each encryption table, or it may be key-specific, e.g., each randomly valued point for the encryption table that is known to both the sender and the recipient.
    From the starting point (e.g., encryption table A index / item 1, B index / item 22, CC index / item 213, etc.), one byte value is calculated in a predetermined manner, which depends on all the item values according to the starting point indices of the encryption tables A to F. In one form of the invention, 2 XOR operations are generated between the elements of the selected cryptographic tables, e.g. A [lal] D BIbl1] O c [ci] BD [a1] O Elei] a OF [f1], where al, bl, cl, dl, el and fl are the values of the starting points of these 5 encryption tables. = 30 = a S For the following, a predetermined operation is performed between the result of the XOR operation formed between the items 2 of the encryption tables and the data byte O35 to be encrypted. This can be, for example, an XOR operation, and thus, for example, an XOR operation can be formed between the result of the XOR operation formed between the elements of the encryption tables and the data byte to be encrypted. This can be done, for example, as follows: 'the result of the XOR operation formed between the elements of the encryption tables' D data byte to be encrypted'. The specified result is an encrypted byte that can be sent over an untrusted message channel or stored encrypted.
    When encrypting the next byte of data to be encrypted, we move from the starting point to the next point.
    For example, the index of each cryptographic table can be increased by one, and if the index exceeds the upper limit of the cryptographic table, it can be continued from the beginning of that cryptographic table.
    We can also increase the index based on the contents of the encryption tables.
    Since the cryptographic tables are of different lengths and the lengths do not have a common factor, in this way the next byte can be shifted forward by the product of the lengths of the cryptographic tables without reusing the same combination of the indexes of the cryptographic table tables.
    The method described above yields a sequence whose length is the product of the lengths of the tables.
    If the value of m is incremented by a maximum of 256 when creating each cipher byte, then the length of the sequence is at least the product of the lengths of the tables divided by 256.
    Each time during the sequence, there is a new encrypting byte with which the encrypted byte can be encrypted.
    The algorithm according to the invention can thus be used to encrypt a message whose length is at most the length of the sequence.
    S An example below is described using exemplary formulas N, where CB (crypted byte) is an encrypted byte, Y is an encrypted byte generated by an algorithm, and D is plain language = 30 data bytes to be encrypted.
    In the examples, the XOR-T operation (bitwise exlusive or) is used, but instead of xor, E can, if desired, use a corresponding concatenation which allows S to inverse the encryption and which maintains an even distribution of random 2 numbers.
    The algorithm works by encrypting one O 35 byte or a set of bytes of a predetermined length at a time.
    An encrypted byte of order n can thus be formed as follows:
    CBn = Yn O Dn If Y is a one-time random key, then the encryption is a one-time key encryption mechanism (onetime pad) that is proven to be unbreakable. In this encryption algorithm, Yn is formed by calculating a set of random numbers such that the same sequence is repeated so infrequently that the length of the message to be encrypted is shorter than the sequence generated by the algorithm.
    The decryption of an encrypted message can be performed e.g. in the following way when the encrypting byte Y is generated by the encryption key in the same way as at the transmitting / encrypting end: Dn = Yn O CBn means x is the length of the table and the values of the elements of the encryption table are random bytes, e.g. 0-255 or with a sign, for example -127 to 128, and where index n is how many bytes are being encrypted: Yn = fy (n, A, B, C, D, E, F) The value of the function fy depends on the number n and all encryption tables. The value of the function should use different combinations of S from the values in the tables so as to obtain a large number of N independent results. The function can be, for example: = 30 IY, = fy (m, A, B, C, D, E, F) E = Alm mod | A |] OB [m mod | B |] OC [m mod | C | ] OSD [m mod | D |] O Elm mod | E |] OF [m mod] | F |] £ S 35 Where m is incremented each time after starting based on the contents of the cryptographic tables.
    The order of the XOR operations does not matter. The mod operation used in the above examples is a remainder, and the indexes of the encryption tables start at zero.
    Instead of a mod operation, it is possible to use, for example, indexes of cryptographic tables which are incremented or pointers which are incremented in a predefined manner.
    If the encryption method is to be used for several different, possibly simultaneous, communication events (for example several sockets), then the next key to be used can be agreed at the beginning of the session. In one embodiment, it can also be agreed that only a part of the key changes each time.
    The sequence of the algorithm, i.e. the length after which it produces the same values of the encrypting byte Yn, depends on the number of tables used and their lengths, as well as on how the m index is incremented. If you want to break the algorithm by trying different options for table values, the number of experiments required depends on the total length of the encryption tables (how many random numbers there are in the encryption key). The encryption method can also be used with fairly small tables, in which case breaking by experiment is already difficult but the sequence is short. The longer sequence can be arranged in other ways, for example by generating an XOR-S operation between the N encrypting bytes generated by the algorithm according to the invention and the byte produced by some pseudo-random number generator 5 (which produces the long sequence). = 30 x Thus, by changing the number of tables used and their lengths E, both the number of combinations required to break S and the length of the 2 sequences can be freely increased or decreased. The more tables, the slower O 35 runtime performance, the longer the tables, the more memory is required.
    Instead of encrypting a single byte, a certain predetermined number of bytes can also be encrypted, for example, four bytes at a time. In this case, the values of the elements of the encryption tables must be of the same length, i.e. in the case of the above example, each of four bytes in length. An embodiment can also be used with public key systems based on the two parties agreeing on a secret key using the public key method, and this secret key is then used to encrypt the actual traffic. If the solution according to the invention is to be used in a public key system, the algorithm according to the invention can be used to encrypt the actual traffic. By means of the public key method, the encryption keys to be used are agreed in accordance with the solution of the invention. The actual traffic is then certainly encrypted. The weakness of the current systems is both the key agreement and the encryption of the traffic itself, and with the solution of the invention one of the weaknesses can be remedied.
    The symmetric encryption method can well be used in intranet-type cases without a public key, if all users are known and self-managed machines, for example in vpn networks.
    It will be clear to a person skilled in the art that the various embodiments of the invention are also not limited exclusively to the examples N given above, and may therefore vary within the scope of the claims set out below. = 30 If necessary, the characteristics E, which may be used in conjunction with the other symbols x in the description, may also be used separately. 5 D S OF
    权利要求:
    Claims (20)
    [1]
    A method for encrypting data on a device or apparatus, wherein the encrypted data is generated from a plaintext encrypted content by a predetermined amount of data at a time by means of a bit or bit set-specific cipher bit or bit set (Yn), wherein the plain bit or bit set (D,) bit bit or bit set Yh) is formed by means of an encryption key (203, 204, 300, 400), which encryption key comprises at least two encryption tables (A, B, C), in which the encryption tables have a different number of elements (al..a7, bl..b5, cl1l). c3), in which the elements contain randomly generated data, where the plaintext bit or set of bits (Dn), the encrypting bit or set of bits (Y,) and the elements of the encryption table (al..a7, b1..b5, c1..c3) are of equal size, e.g. one byte long, characterized in that the encrypting bit or set of bits (Yn) is formed: by selecting one element from each encryption table (A, B, C) according to a predetermined index, and su by tuning the XOR operation between all these selected elements, in which method the encrypted bit or bit set (CBn) is generated by performing XOR operations between the plaintext encrypted bit or bit set (D,) and the generated encrypted bit or bit set (Y,), and S the next encrypting bit or a bit set (Yn) N is generated in each cryptographic table 5 according to a new = 30 index determined based on the contents of the cryptographic tables.
    [2]
    I & 2. A method according to claim 1, characterized in that after encrypting one bit or set of bits 2 the next bit or set of bits is encrypted by selecting the next O 35 plaintext bit or set of bits (Dn) and generating an encrypting bit or set of bits (Ynsi) based on the following elements of the encryption tables. , which items are selected according to a new index determined by incrementing the index of the previously selected items based on the number determined by the contents of the previous items in the cryptographic tables, and performing XOR operations on the plaintext encrypted bit or bit set (Dn) and the generated encrypted bit or bit set (Yun) between.
    [3]
    A method according to claim 1 or 2, characterized in that when the index increases above the upper limit of the encryption table, the calculation of the index is continued from the beginning of said encryption table.
    [4]
    Method according to any one of the preceding claims, characterized in that the next element is an element of an encryption table determined according to a certain rule and cryptographic tables and / or other content.
    [5]
    Method according to one of the preceding claims, characterized in that the encrypting bit or set of bits (Yn) is formed as follows: Yn = Alma mod | A |] OB [ms mod | B |] O ... ON [my mod] iN] |]], where: - Alma mod |] A] |] is the element for the bit or bit set (m) of the first cryptographic table, - B [mp mMod | B |] is the element for the bit or bit set (m) of the second cryptographic table, and - N [my ModiN |] is an element for the Nth encryption table bit or S bit set (m). & =
    [6]
    Method according to any one of the preceding claims = 30, characterized in that the lengths x of the cryptographic tables (A, B, € C) are of different dimensions, so that the greatest common factor S of the number of elements of any two cryptographic tables E is 1. £ I 35
    [7]
    Method according to claim 6, characterized in that the length of one encryption table (A, B, C) can be such that the maximum common factor of the number of elements of said encryption table and at least one other encryption table is greater than 1.
    [8]
    Method according to one of the preceding claims, characterized in that all the lengths of the encryption tables (A, B, C) are different prime numbers.
    [9]
    A method according to any one of the preceding claims, characterized in that the encryption key element of the encryption key (al..a7, bl..b5, cl.c3) is one or more randomly selected bits or sets of bits or one or more randomly selected bytes, wherein the encryption bit or the lengths of the bit set (Yh), the plaintext bit or bit set (Dnr) and / or the encrypted bit or bit set (CBn) correspond to the length of the cryptographic table element (al..a7, bl.bb, cl..c3).
    [10]
    A method according to any one of the preceding claims, characterized in that the method determines a start point, i.e. a separate start element for each encryption table, from which the encryption is started.
    [11]
    Method according to Claim 10, characterized in that the starting point is constant, for example index 0 in each encryption table.
    [12]
    Method according to Claim 10, characterized in that the starting point is key-specific, for example a randomly valued point for the N encryption tables which is known to the sender and the recipient. 5 30 x
    [13]
    A method according to any one of the preceding claims, characterized in that the content, length and / or number of 2 cryptographic tables are simultaneously changed when generating the next cryptographic bit or S bit set (Yn), either for each O 35 cryptographic bit or bit set or less frequently, where the cryptographic tables change is controlled either by the contents of the cryptographic tables or by a separate system that controls the modification of the cryptographic tables.
    [14]
    Method according to any one of the preceding claims, characterized in that instead of an XOR operation, another operation combining two bits or sets of bits can be used so that the order of the bits or sets of bits is irrelevant and the result of the operation between two random bits or sets is also random.
    [15]
    A method according to any one of the preceding claims, characterized in that the encrypted data is transmitted from the transmitting device (201, 202) via a data network or a communication connection to the receiving device (201, 202).
    [16]
    A method according to claim 15, characterized in that the receiving device (201, 202) decrypts the received encrypted data with a predetermined amount of data at a time by means of an encryption key.
    [17]
    A method according to claims 15 and 16, characterized in that the receiving device (201, 202) decrypts the received data a predetermined amount of data at a time as follows: Dp, = Y, O CBn, where - CB (crypted byte) is an encrypted bit or a set of bits S in the order n, N - Yh is a bit or a set of 5 bits generated from the encryption key of the algorithm, = 30 x - Dn, is a plain language a bit or a set of bits received in the order n. 5 2
    [18]
    An O 35 method according to any one of the preceding claims, characterized in that the encrypted information is stored on a memory medium of the device (201, 202), such as a mass memory.
    [19]
    An apparatus or apparatus for encrypting data, wherein the device (201, 202) is arranged to store and manage the encryption key (203, 204, 300, 400), perform data encryption, and decrypt with the encryption key, and wherein the device is adapted to generate encrypted data of a predetermined amount of data. one by one of the plaintext encrypted content by means of a bit or bit set-specific encryption bit or bit set (Yn), wherein the device is adapted to generate a plain language bit or bit set (D 1) by encrypting a bit or bit set (Y 1) by means of an encryption key, 3004, 204, , 400) comprises at least two encryption tables (A, B, C), in which the encryption tables have a different number of elements (al..a7, bl.b5, cl..c3), in which the elements contain randomly generated data, where the plaintext bit or set of bits (Dn), the encrypting bit or set of bits (Y,) and the elements of the encryption table (al..a7, b1..b5, c1..c3) are of equal size, e.g. bytes in length, characterized in that the device is adapted to generate an encrypting bit or set of bits (Yn) by selecting one item from each encryption table (A, B, C) based on a predetermined index and performing an XOR operation between all these selected items, where the device is adapted to generate an encrypted bit or S bit set (CB,) by performing XOR operations between the plaintext N encrypted bit or bit set (D,) and the generated encrypted 5 bit or bit set (Y,), and = 30 further encrypting bits or bit sets (Yn) are formed in the cryptographic tables according to an index determined on the basis of the contents of the cryptographic tables E. 5 2
    [20]
    Device according to claim 19, characterized in that the device is adapted to carry out the method according to any one of claims 1 to 18.
    类似技术:
    公开号 | 公开日 | 专利标题
    US7945049B2|2011-05-17|Stream cipher using multiplication over a finite field of even characteristic
    AU2005277664B2|2010-03-04|Permutation data transform to enhance security
    Charbathia et al.2014|A comparative study of rivest cipher algorithms
    Orobosade et al.2020|Cloud application security using hybrid encryption
    Aung et al.2019|A Complex Polyalphabetic Cipher Technique Myanmar Polyalphabetic Cipher
    US20150127950A1|2015-05-07|Method of encrypting data
    Darwish et al.2017|A new hybrid cryptosystem for Internet of Things applications
    Azaim et al.2016|Design and implementation of encrypted SMS on Android smartphone combining ECDSA-ECDH and AES
    Stallings2010|NIST block cipher modes of operation for authentication and combined confidentiality and authentication
    Yusfrizal et al.2018|Key management using combination of Diffie–Hellman key exchange with AES encryption
    CN111488618B|2021-05-18|Block chain-based one-time pad encryption method, device and storage medium
    FI128939B|2021-03-31|Method and device for the encryption of data
    WO2018100246A1|2018-06-07|Method and arrangement for encrypting data
    Gupta2014|Cryptography and Network Security
    Malla et al.2018|A novel encryption scheme for secure SMS communication
    Altigani et al.2018|Key-dependent advanced encryption standard
    Siva et al.2019|Hybrid cryptography security in public cloud using TwoFish and ECC algorithm
    WO2003049363A1|2003-06-12|System and method for symmetrical cryptography
    Asafe et al.2014|Cryptography system for online communication using polyalphabetic substitution method
    Ekka et al.2019|Enrichment of security using hybrid algorithm
    WO2020085151A1|2020-04-30|Server device, communication terminal, communication system, and program
    Choi et al.2017|Design, Release, Update, Repeat: The Basic Process of a Security Protocols Evolution
    Pandey et al.2015|Data Security using Various Cryptography Techniques: A recent Survey
    VB2019|Hybrid cryptography security in public cloud using TwoFish and ECC algorithm.
    Hughes2022|Basic Cryptography: Symmetric Key Encryption
    同族专利:
    公开号 | 公开日
    WO2021152212A1|2021-08-05|
    FI128939B|2021-03-31|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US10348704B2|2015-07-30|2019-07-09|Helder Silvestre Paiva Figueira|Method for a dynamic perpetual encryption cryptosystem|
    法律状态:
    2021-03-31| FG| Patent granted|Ref document number: 128939 Country of ref document: FI Kind code of ref document: B |
    优先权:
    申请号 | 申请日 | 专利标题
    FI20205097A|FI128939B|2020-01-31|2020-01-31|Method and device for the encryption of data|FI20205097A| FI128939B|2020-01-31|2020-01-31|Method and device for the encryption of data|
    PCT/FI2021/050052| WO2021152212A1|2020-01-31|2021-01-27|Method and device for encrypting data|
    [返回顶部]