CN111866018A

CN111866018A - Data information encryption transmission method and device, computer equipment and storage medium

Info

Publication number: CN111866018A
Application number: CN202010752346.2A
Authority: CN
Inventors: 欧钦
Original assignee: Ping An International Smart City Technology Co Ltd
Current assignee: Shenzhen Saiante Technology Service Co Ltd
Priority date: 2020-07-30
Filing date: 2020-07-30
Publication date: 2020-10-30
Anticipated expiration: 2040-07-30
Also published as: CN111866018B

Abstract

The invention discloses a data information encryption transmission method, a data information encryption transmission device, computer equipment and a storage medium. The method comprises the following steps: generating key information according to a key generation rule and generating a corresponding key array, performing parallel arrangement on the key array based on algebraic budget according to a key arrangement rule to obtain a round key array, encrypting data information to be encrypted input by a user according to an encryption rule and the round key array to obtain encrypted information, and sending the encrypted information and a public key in the key information to a management server to realize encrypted sending of the data information. The invention is based on the information encryption technology, belongs to the technical field of passwords, and adopts a parallel arrangement process based on algebraic budget to perform parallel arrangement processing with higher efficiency on a key array, thereby improving the generation efficiency of the round key array and further improving the efficiency of carrying out encryption transmission processing on data information.

Description

Data information encryption transmission method and device, computer equipment and storage medium

Technical Field

The invention relates to the technical field of information encryption, belongs to an application scene of data information encryption transmission in a smart city, and particularly relates to a data information encryption transmission method, a data information encryption transmission device, computer equipment and a storage medium.

Background

With the development of network technology, more and more data information is transmitted through the internet, in order to enhance the security of the data information in the transmission process and avoid the data information from being leaked and tampered, the data information can be encrypted in an information encryption mode, and the encrypted data information is transmitted through the internet. The SM4 algorithm is a commonly used encryption algorithm, but the conventional SM4 algorithm has a problem of low execution efficiency in the encryption process, and particularly when the SM4 algorithm is applied to a Web browser, the speed of encrypting data information is low due to the low execution efficiency, and the use requirement of rapidly encrypting and sending large quantities of data information is difficult to meet. Therefore, the existing data information encryption transmission method has the problem of low encryption transmission efficiency in the encryption process.

Disclosure of Invention

The embodiment of the invention provides a data information encryption sending method, a data information encryption sending device, computer equipment and a storage medium, and aims to solve the problem that the encryption sending efficiency is low in the encryption process of the existing data information encryption sending method.

In a first aspect, an embodiment of the present invention provides a data information encryption transmission method, which includes:

receiving data information to be encrypted input by a user, and generating secret key information according to a preset secret key generation rule;

generating a secret key array corresponding to the secret key information according to a preset secret key array generating rule;

performing parallel arrangement based on algebraic operation on the key arrays according to a preset key arrangement rule to obtain corresponding round key arrays;

encrypting the data information to be encrypted according to a preset encryption rule and the round key number to generate corresponding encrypted information;

and sending the encryption information and the public key in the secret key information to the management server.

In a second aspect, an embodiment of the present invention provides a data information encryption transmitting apparatus, including:

the device comprises a secret key information acquisition unit, a secret key information generation unit and a secret key information generation unit, wherein the secret key information acquisition unit is used for receiving data information to be encrypted input by a user and generating secret key information according to a preset secret key generation rule;

the key array generating unit is used for generating a key array corresponding to the key information according to a preset key array generating rule;

the round key array obtaining unit is used for performing parallel arrangement based on algebraic operation on the key array according to a preset key arrangement rule to obtain a corresponding round key array;

the encryption unit is used for encrypting the data information to be encrypted according to a preset encryption rule and the round key number so as to generate corresponding encryption information;

and an information sending unit, configured to send the public key in the encrypted information and the key information to the management server.

In a third aspect, an embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the data information encryption transmission method according to the first aspect when executing the computer program.

In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and the computer program, when executed by a processor, causes the processor to execute the data information encryption transmission method according to the first aspect.

The embodiment of the invention provides a data information encryption and transmission method, a data information encryption and transmission device, computer equipment and a storage medium. Generating key information according to a key generation rule and generating a corresponding key array, performing parallel arrangement on the key array based on algebraic budget according to a key arrangement rule to obtain a round key array, encrypting data information to be encrypted input by a user according to an encryption rule and the round key array to obtain encrypted information, and sending the encrypted information and a public key in the key information to a management server to realize encrypted sending of the data information. By the method, the parallel arrangement process based on the algebraic budget is adopted, the key array can be subjected to parallel arrangement processing with higher efficiency, the generation efficiency of the round key array is improved, and the efficiency of encrypting and sending data information is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic flowchart of a data information encryption transmission method according to an embodiment of the present invention;

fig. 2 is a schematic view of an application scenario of a data information encryption transmission method according to an embodiment of the present invention;

fig. 3 is a sub-flow diagram of a data information encryption transmission method according to an embodiment of the present invention;

fig. 4 is a schematic view of another sub-flow of a method for encrypting and sending data information according to an embodiment of the present invention;

fig. 5 is a schematic view of another sub-flow of a method for encrypting and sending data information according to an embodiment of the present invention;

fig. 6 is a schematic view of another sub-flow of a method for encrypting and sending data information according to an embodiment of the present invention;

fig. 7 is a schematic view of another sub-flow of a method for encrypting and sending data information according to an embodiment of the present invention;

fig. 8 is a schematic block diagram of a data information encryption transmission apparatus according to an embodiment of the present invention;

FIG. 9 is a schematic block diagram of a computer device provided by an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.

Referring to fig. 1-2, fig. 1 is a schematic flowchart of a data information encryption transmission method according to an embodiment of the present invention, and fig. 2 is a schematic view of an application scenario of the data information encryption transmission method according to the embodiment of the present invention, where the data information encryption transmission method is applied to a client 10, the data information encryption transmission method is executed by application software installed in the client 10, and the client 10 realizes data information transmission by establishing a network connection with a management server 20. The client 10 is a terminal device, such as a desktop computer, a notebook computer, a tablet computer, or a mobile phone, for performing a data information encryption transmission method to encrypt and transmit data information input by a user, and the management server 20 is a server for receiving the data information transmitted by the client 10. Fig. 2 only illustrates the client 10 and the management server 20 performing information transmission, and in practical applications, the client 10 may also perform encryption on data information and perform information transmission with other clients by using the data information encryption transmission method. As shown in fig. 1, the method includes steps S110 to S150.

S110, receiving data information to be encrypted input by a user, and generating key information according to a preset key generation rule.

And receiving data information to be encrypted input by a user, and generating key information according to a preset key generation rule. The key generation rule is a rule for generating key information, the key information includes a public key and a private key, the public key and the private key appear in pairs, the generated public key can be sent to other terminals for use, and the generated private key needs to be stored to prevent leakage. Specifically, the key generation rule includes a curve equation, a base point coordinate, and an order threshold, and the curve equation may be an elliptic curve equation: y is²＝x³+ ax + b, where a and b are parameter values in the elliptic curve equation, and the coordinate of the base point is a coordinate value of any one point on the elliptic curve equation, and the coordinate of the base point may be expressed as G ═ (Gx, Gy); the order threshold is a threshold for limiting a value range of the order, and may be represented as n-2, where n is a prime number.

In an embodiment, as shown in fig. 3, step S110 includes sub-steps S111, S112 and S113.

S111, randomly generating an order smaller than the order threshold; s112, calculating to obtain a target point coordinate according to the order and the base point coordinate; s113, taking the order as a private key in the key information, and taking the target point coordinate as a public key in the key information.

Randomly generating an order k smaller than an order threshold value, wherein the order k is a positive integer and the value range of the order k is k epsilon (0, n-2), specifically, the target point coordinate can be expressed as P ═ k × G, the point P is a point on a curve equation, the method includes the steps of obtaining a tangent line with a tangent point being the G point along the G point, obtaining a tangent line with the tangent line being the G point, obtaining a perpendicular line perpendicular to the tangent line through the G point, wherein the intersection point of the perpendicular line and a kth-order elliptic curve equation is the P point, obtaining a private key by converting an order k into a character string expressed by hexadecimal, obtaining a public key by converting a target point coordinate into the character string expressed by the hexadecimal, and obtaining the public key by converting the target point coordinate into the character string expressed by the hexadecimal, wherein the lengths of the character string of the public key and the private key can be represented by bytes, 1 byte is 8 bits, and 1bit is data represented by binary numbers.

And S120, generating a key array corresponding to the key information according to a preset key array generating rule.

And generating a key array corresponding to the key information according to a preset key array generating rule. The key array generation rule is a specific rule for generating a key array, the key array generation rule includes an interception rule, a reversal rule and a splitting rule, the generated key array includes four sub-keys, and the length of each sub-key is 4 bytes.

In an embodiment, as shown in fig. 4, step S120 includes sub-steps S121, S122 and S123.

And S121, intercepting the target secret key information from the private key of the secret key information according to the interception rule.

And intercepting the target key information from the private key of the key information according to the interception rule. The specific private key in the key information is 32 bytes, and partial bytes in the key information can be obtained according to the interception rule to obtain the target key information.

For example, the interception rule may be to obtain the target key information from the last 16 bytes of the private key in the key information.

And S122, carrying out parallel inversion on the target key information according to the inversion rule to obtain an inverted key.

And carrying out parallel inversion on the target key information according to the inversion rule to obtain an inverted key. The target key information is 16 bytes, each byte corresponds to 8 bits, and there is 128 bits of data in total, and the input data may be a [ m ], where m is 0,1,2 … 127, and a [ m ] is 0 or 1. The 128-bit data loaded in parallel is inverted in parallel to obtain an inverted key, which is also 128-bit data, and the inverted key can be represented as B [ m ], where m is 0,1,2 … 127, and B [ m ] is 0 or 1.

Specifically, the inversion rule may be implemented by a byte replacement function SHUFFLE, and the calculation process may be expressed as B [ m ] ═ SHUFFLE (a [ m ], θ), where θ is a position index, θ ∈ {0x0405060700010203,0x0C0D0E0F08090A0B,0x1415161710111213,0x1C1D1E1F18191A1B }, and the position index 0405060700010203 indicates that data of a 00 (ninth bit and tenth bit data of the position index) position is replaced with data of a position 04 (first bit and second bit data of the position index), data of a 01 (eleventh bit and twelfth bit data of the position index) position is replaced with data of a position 05 (third bit and fourth bit data of the position index), and so on.

S123, splitting the reverse secret key according to the splitting rule to obtain a secret key array.

And splitting the reverse secret key according to the splitting rule to obtain a secret key array. The specific reverse key is 128 bits (32 bytes), and the reverse key can be split into four sub-keys according to the splitting rule, each sub-key is 4 bytes, and the four sub-keys are combined to form a key array. For example, the resulting key array may be expressed as MK ═ (MK)₀，Mk₁，Mk₂，Mk₃)。

And S130, performing parallel arrangement based on algebraic operation on the key arrays according to a preset key arrangement rule to obtain corresponding round key arrays.

And performing parallel arrangement based on algebraic operation on the key arrays according to a preset key arrangement rule to obtain corresponding round key arrays. The key arrangement rule comprises an intermediate parameter calculation formula, system parameters, fixed parameters and an arrangement formula, the key array can be arranged in parallel with higher efficiency according to the key arrangement rule to obtain a corresponding round key array, the obtained round key array comprises 32 round keys, and each round key is 4 bytes.

In one embodiment, as shown in fig. 5, step S130 includes sub-steps S131 and S132.

S131, calculating the system parameter and the secret key array according to the intermediate parameter calculation formula to obtain an intermediate parameter.

And calculating the system parameters and the secret key array according to the intermediate parameter calculation formula to obtain intermediate parameters. Specifically, the intermediate parameter calculation formula includes an exclusive or operation formula, and the exclusive or operation formula may be represented by #. The system parameter may be expressed as FK ═ (FK)₀，Fk₁，Fk₂，Fk₃)，Fk_i(i is 0,1,2,3) is 4 bytes, and the parameter can be determined according to the intermediate parameterThe process of calculating the intermediate parameter by the numerical calculation formula can be expressed as (K)₀，K₁，K₂，K₃)＝(Mk₀⊕Fk₀，Mk₁⊕Fk₁，Mk₂⊕Fk₂，Mk₃⊕Fk₃) Wherein, K is_iEach of (i ═ 0,1,2, and 3) is 4 bytes.

And S132, parallelly arranging the intermediate parameters and the fixed parameters according to the arrangement formula to obtain a round key array corresponding to the intermediate parameters.

And parallelly arranging the intermediate parameters and the fixed parameters according to the arrangement formula to obtain a round key array corresponding to the intermediate parameters. Specifically, the fixed parameter may be denoted by CK ═ (CK ═ CK₀，Ck₁，Ck₂，……，Ck₃₁) Wherein Ck_i(i is 0,1,2, … …,31) is 4 bytes, then the round key array can be obtained by arranging and calculating according to the arranging formula, the intermediate parameter and the fixed parameter, the round key array comprises a plurality of round keys, the arranging formula is composed of a round key calculating formula and a transformation formula, each round key can pass through the round key calculating formula rk_i＝K_i+4＝K_i⊕T’(K_i+1⊕K_i+2⊕K_i+3⊕Ck_i) Calculated, where i is 0,1,2, … …, 31. Wherein, T' is the inverse operation process of the reversible transformation T: z₂ ³²(32bit string) → Z₂ ³²The character string with the length of 32 bits is formed by compounding nonlinear transformation tau and linear transformation L, character data x is the character string with the length of 32 bits, namely a transformation formula T (x) is L (tau (x)), and the input character data x can obtain a corresponding character output result T (x) after being calculated by the transformation formula, wherein the transformation formula specifically comprises an arrangement function and a matrix operation formula.

In one embodiment, as shown in fig. 6, step S132 includes sub-steps S1321, S1322, S1323, S1324, and S1325.

S1321, parallelly arranging character data according to the arrangement function in the conversion formula to obtain corresponding arrangement character data, wherein the arrangement function is a function which can be executed concurrently and is realized by adopting a WebAssemblySIMD instruction.

And parallelly arranging character data according to the arrangement function in the transformation formula to obtain corresponding arrangement character data. The input character data x is a character string with the length of 32 bits, the character data x is read in a 16-bit mode, the character string with the length of 4 bits is read in a 16-bit mode to obtain one-bit data, and Z is obtained₂ ³²Can be converted into C [ n ]]Wherein n is 0,1, 2. The orchestration function may be represented as W (Cn)])＝((C[n]>>>SHIFT)⊕(C[n]+ SHIFT)) · (MASK | | | MASK | |, where MASK is a MASK preset in the layout function, SHIFT is a displacement parameter preset in the layout function, and C [ n | ]]I.e. the data of the input layout function, the obtained layout character data is W (Cn)]) Wherein n is 0,1, 2. For example, the value of MASK may be represented by MASK ∈ (0x 555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555, 0x33333333333333333333333333333333333333333333, 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0 f); the value of SHIFT can be expressed as SHIFT belonging to {1, 2, 4 }; £ is an exclusive or operation formula (which can be implemented using the v128.xor method), is an and operation formula (which can be implemented using the v128.and method),<<<SHIFT denotes a continuous left SHIFT of SHIFT bits (which can be implemented using the i16x8.shl method),>>>SHIFT denotes a sequential right SHIFT of SHIFT bits (which can be implemented using the i16x8.shr _ s method).

The editing function can be realized by adopting a WebAsemblySIMD (Single instruction multiple data stream) instruction, 128-bit data is supported, the requirement of the SM4 data is consistent, encryption and decryption processing of 8 blocks, namely 8x16 bytes, can be realized, the WebAsemblySIMD instruction can be conveniently loaded and operated in a Web browser, concurrent execution of the editing function can be realized by the WebAsemblySIMD instruction, and compared with a mode realized by adopting a java instruction in a traditional technical method, the execution efficiency can be greatly improved.

The webassembyssimd instruction employed is shown in table 1.

WASM128 method	Description of functions
		v128.and	128bit logical AND
v128.xor	128bit logical XOR
		i16x8.shl	8-channel 16-position left shift
i16x8.shr_s	8-channel 16-bit right shift
		v8x16.shuffle	Byte replacement
v128.load	Loading 128 bits of data
		v128.store	Storing 128 bits of data

TABLE 1

And S1322, performing matrix operation on the arrangement character data according to a matrix operation formula in the transformation formula to obtain matrix operation character data.

And performing matrix operation on the arrangement character data according to a matrix operation formula in the transformation formula to obtain matrix operation character data. The matrix operation formula consists of affine transformation and finite field inversion, and can be specifically expressed asS(r)＝I(r·A₁+C₁)·A₂+C₂R is the entered layout character data, A₁And A₂Are all matrix parameters in a matrix operation formula, wherein A₁And A₂E.g. GL (8,2) matrix (8 x8 matrix), C₁And C₂All are row vector parameters in a matrix operation formula, and the obtained matrix operation character data is S (r), wherein C₁And C₂∈GF(2⁸) I (x) is GF (2)⁸) Multiplication inversion operation over finite fields.

For example, A in the matrix operation formula₁And A₂The values of (a) may be equal, and the specific values thereof may be: a1 ═ a2 ═ 11100101,11110010,01111001,10111100,01011110,00101111,10010111,11001011 }; c₁And C₂The value of (a) may be equal, and a specific value thereof may be C1 ═ C2 ═ (1,1,0,0,1,0,1, 1). The eight irreducible polynomials for the multiplicative inversion of the GF finite field can be expressed as: f (x) x⁸+x⁷+x⁶+x⁵+x⁴+x³+x²+ 1; finite field GF (2)⁸) The multiplication inverse of the binary polynomial α (t) above satisfies the following requirements: alpha is alpha^-1(t)α(t)＝1ModM(t)。

The traditional encryption process is realized by adopting java instructions, the table look-up of an S box is required in the process of nonlinear transformation tau in the traditional encryption process, but the table look-up operation of the S box realized based on the java instructions cannot be executed in parallel, and the inherent defect seriously limits the execution efficiency of the encryption operation by using the SM4 algorithm. In the scheme, the arrangement process and the matrix operation process based on algebraic operation are realized by adopting the WebAssembly SIMD instruction, and the concurrent execution of arrangement function and matrix operation can be realized based on the WebAssembly SIMD instruction. And the rapid SM4 algorithm encryption and decryption operation can be realized by loading the WebAssembly SIMD instruction in the Web browser.

And S1323, performing linear transformation on the matrix operation character data according to the inversion rule to obtain transformed character data.

And carrying out linear transformation on the matrix operation character data according to the inversion rule to obtain transformed character data. Specifically, binary conversion is performed on matrix operation character data to obtain a corresponding binary data string, the binary data is a character string with a length of 32 bits, the binary data string is converted to obtain conversion character data, the obtained conversion character data is a character string with a length of 32 bits, and a byte replacement function SHUFFLE in a reversal rule is required to be used in the process of converting the binary data string. Specifically, the calculation process for transforming the binary data string may be represented as E [ i ] ═ shuffre (D [ i ], θ '), D [ i ] is the input binary character string, E [ i ] is the obtained transformed character data, where i is 0,1,2 … … 31, and the parameter θ ' may be set to θ ' ∈ {0x0605040702010003,0x0E0D0C0F0a09080B,0x 05040601000302, 0x0D0C0F 09080B0A,0x0407060500030201,0x0C 0E0D080B0a09 }.

S1324, inversely arranging the transformed character data according to the arrangement function to obtain a corresponding character output result.

And inversely arranging the converted character data according to the arrangement function to obtain a corresponding character output result. Specifically, the reverse layout process is similar to the layout process described above, and the difference is that the data input by the reverse layout process is the data input by the layout process, the data output by the reverse layout process is the data input by the layout process, and the sequence of the input parameters in the reverse layout process is opposite to that in the layout process. The final character output result is a 32-bit length string, which can be expressed as Z₂ ³²。

And S1325, inputting the character output result and the intermediate parameter into the round key calculation formula to calculate to obtain the round key array.

And inputting the character output result and the intermediate parameter into the round key calculation formula, so that a corresponding round key can be calculated, and all the calculated round keys are obtained to obtain a round key array.

S140, encrypting the data information to be encrypted according to a preset encryption rule and the round key number to generate corresponding encrypted information.

And encrypting the data information to be encrypted according to a preset encryption rule and the round key number to generate corresponding encrypted information. Specifically, the data information to be encrypted may be identity information of a client, and privacy information such as business information and payment information in an information interaction process, the encryption rule is a specific rule for encrypting the data information to be encrypted by using a round key array, the encryption rule includes an encoding format and a segmentation rule, the encoding format is format information for encoding the data information to be encrypted, the segmentation rule is a rule for segmenting encoded information obtained after encoding, and information to be encrypted needs to meet a length requirement of encryption, so that the encoded information needs to be segmented to obtain an information segment with a certain length and then encrypted.

In an embodiment, as shown in fig. 7, step S140 includes sub-steps S141, S142 and S143.

S141, the data information to be encrypted is encoded according to the encoding format to obtain corresponding encoding information.

And coding the data information to be encrypted according to the coding format to obtain corresponding coding information. The data information to be encrypted, which needs to be sent to the management server, can be encoded to obtain encoded information identified by 16 systems, and the obtained encoded information is a character string represented by 16 systems. For example, the encoding format may be utf-8 or ASCII.

S142, segmenting the coded information according to the segmentation rule to obtain a plurality of corresponding information segments.

And segmenting the coded information according to the segmentation rule to obtain a plurality of corresponding information segments. The coded information is a character string expressed by a 16-system, and the coded information can be split according to a segmentation rule according to a certain byte length to obtain a plurality of corresponding information segments, for example, if the preset byte length in the segmentation rule can be 16 bytes, the coded information is split according to the 16-byte length. If the last information segment is less than 16 bytes, 0 is adopted for completion. Each of the resulting pieces of information is a 16 byte length string.

S143, encrypting each information segment according to the round key number group to obtain corresponding encrypted information.

And encrypting each information segment according to the round key number group to obtain corresponding encrypted information. For example, the original plaintext input is (X)₀，X₁，X₂，X₃)，X₀、X₁、X₂And X₃Each 4 bytes, the encryption process can be expressed as: x_i+4＝X_i⊕T(X_i+1⊕X_i+2⊕X_i+3⊕rk_i) Where i is 0,1,2, … …,31, the output ciphertext is (Y)₀，Y₁，Y₂，Y₃)＝(X₃₅，X₃₄，X₃₃，X₃₂). Wherein T is reversible transformation T: z₂ ³²(32bit string) → Z₂ ³²(32-bit length character string) composed of nonlinear transformation τ and linear transformation L, wherein the reversible transformation calculation is described in the process of calculating the round key array, the transformation formula is needed in the process of performing the reversible transformation calculation, and the transformation formula specifically comprises an arrangement function and a matrix operation formula.

S150, sending the encryption information and the public key in the key information to the management server.

And sending the encryption information and the public key in the secret key information to the management server. And after receiving the public key, the management server acquires a private key corresponding to the public key according to the method and generates a round key array corresponding to the private key, decrypts the encryption information according to the round key array to obtain corresponding decryption information, and re-encodes the decryption information according to an encoding rule to obtain the original data information to be encrypted.

For example, the process of decrypting any one of the encrypted pieces of information in the encrypted information is as follows. The input encrypted information segment is input as (X)₀，X₁，X₂，X₃)，X₀、X₁、X₂And X₃Each 4 bytes, the decryption process can be expressed as: x_i+4＝X_i⊕T(X_i+1⊕X_i+2⊕X_i+3⊕rk_31-i) Where i is 0,1,2, … …,31, that is, the sequence of the round keys used in the decryption process of the information is exactly opposite to the sequence of the round keys used in the encryption process, and the output plaintext is (Y)₀，Y₁，Y₂，Y₃)＝(X₃₅，X₃₄，X₃₃，X₃₂). The decryption process also comprises an arrangement process and a matrix operation process which are realized by adopting the WebAssemblySIMD instruction and are based on algebraic operation, and the WebAssemblySIMD instruction is adopted to realize concurrent execution of arrangement functions and matrix operation.

The technical method can be applied to application scenes including encryption processing of data information, such as intelligent government affairs, intelligent city management, intelligent community, intelligent security protection, intelligent logistics, intelligent medical treatment, intelligent education, intelligent environmental protection and intelligent traffic, and the like, so that the construction of a smart city is promoted.

In the data information encryption transmission method provided by the embodiment of the invention, key information is generated according to a key generation rule and a corresponding key array is generated, algebraic budget-based parallel arrangement is performed on the key array according to a key arrangement rule to obtain a round key array, data information to be encrypted input by a user is encrypted according to the encryption rule and the round key array to obtain encrypted information, and the encrypted information and a public key in the key information are transmitted to a management server to realize encryption transmission of the data information. By the method, the parallel arrangement process based on the algebraic budget is adopted, the key array can be subjected to parallel arrangement processing with higher efficiency, the generation efficiency of the round key array is improved, and the efficiency of encrypting and sending data information is improved.

The embodiment of the invention also provides a data information encryption and transmission device, which is used for executing any embodiment of the data information encryption and transmission method. Specifically, referring to fig. 8, fig. 8 is a schematic block diagram of a data information encryption transmitting apparatus according to an embodiment of the present invention. The data information encryption transmission apparatus may be configured in the client terminal 10.

As shown in fig. 8, the data-information-encryption transmitting apparatus 100 includes a key-information acquiring unit 110, a key-array generating unit 120, a round-key-array acquiring unit 130, an encrypting unit 140, and an information transmitting unit 150.

The key information obtaining unit 110 is configured to receive data information to be encrypted input by a user, and generate key information according to a preset key generation rule.

In one embodiment, the key information obtaining unit 110 includes sub-units: the device comprises an order generation unit, a target point coordinate calculation unit and an acquisition unit.

The order generation unit is used for randomly generating an order smaller than the order threshold value; the target point coordinate calculation unit is used for calculating to obtain a target point coordinate according to the order and the base point coordinate; and the obtaining unit is used for taking the order as a private key in the secret key information and taking the target point coordinate as a public key in the secret key information.

The key array generating unit 120 is configured to generate a key array corresponding to the key information according to a preset key array generating rule.

In one embodiment, the key array generation unit 120 includes sub-units: the device comprises a target key information acquisition unit, a reverse key acquisition unit and a splitting unit.

The target key information acquisition unit is used for intercepting target key information from a private key of the key information according to the interception rule; the reverse key obtaining unit is used for carrying out parallel reverse on the target key information according to the reverse rule to obtain a reverse key; and the splitting single key is used for splitting the reverse secret key according to the splitting rule to obtain a secret key array.

The round key array obtaining unit 130 is configured to perform parallel arrangement based on algebraic operation on the key arrays according to a preset key arrangement rule to obtain corresponding round key arrays.

In one embodiment, the round key array obtaining unit 130 includes sub-units: an intermediate parameter calculation unit and a parallel arrangement unit.

The intermediate parameter calculation unit is used for calculating the system parameters and the secret key array according to the intermediate parameter calculation formula to obtain intermediate parameters; and the parallel arrangement unit is used for performing parallel arrangement on the intermediate parameters and the fixed parameters according to the arrangement formula to obtain a wheel key array corresponding to the intermediate parameters.

In one embodiment, the parallel orchestration unit comprises a subunit: the device comprises a parallel arrangement processing unit, a matrix operation processing unit, a linear transformation processing unit, an inverse arrangement processing unit and a computing unit.

The parallel arrangement processing unit is used for carrying out parallel arrangement on the character data according to an arrangement function in the conversion formula to obtain corresponding arrangement character data, wherein the arrangement function is a function which can be executed concurrently and is realized by adopting a WebAssemblySIMD instruction; the matrix operation processing unit is used for carrying out matrix operation on the arrangement character data according to a matrix operation formula in the transformation formula to obtain matrix operation character data; the linear transformation processing unit is used for carrying out linear transformation on the matrix operation character data according to the inversion rule to obtain transformed character data; the reverse arrangement processing unit is used for performing reverse arrangement on the converted character data according to the arrangement function to obtain a corresponding character output result; and the calculation unit is used for inputting the character output result and the intermediate parameter into the round key calculation formula to calculate to obtain the round key array.

The encryption unit 140 is configured to encrypt the data information to be encrypted according to a preset encryption rule and the round key number to generate corresponding encrypted information.

In one embodiment, the encryption unit 140 includes sub-units: the device comprises an encoding information acquisition unit, an encoding information segmentation unit and an encryption information acquisition unit.

The coding information acquisition unit is used for coding the data information to be encrypted according to the coding format to obtain corresponding coding information; the coding information segmentation unit is used for segmenting the coding information according to the segmentation rule to obtain a plurality of corresponding information segments; and the encrypted information acquisition unit is used for encrypting each information segment according to the round key number group to obtain corresponding encrypted information.

An information sending unit 150, configured to send the public key in the encrypted information and the key information to the management server.

The data information encryption and transmission device provided by the embodiment of the invention applies the data information encryption and transmission method, generates key information according to a key generation rule and generates a corresponding key array, performs parallel arrangement based on algebraic budget on the key array according to the key arrangement rule to obtain a round key array, encrypts data information to be encrypted input by a user according to the encryption rule and the round key array to obtain encrypted information, and transmits the encrypted information and a public key in the key information to a management server to realize encryption and transmission of the data information. By the method, the parallel arrangement process based on the algebraic budget is adopted, the key array can be subjected to parallel arrangement processing with higher efficiency, the generation efficiency of the round key array is improved, and the efficiency of encrypting and sending data information is improved.

The data information encryption transmission apparatus may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 9.

Referring to fig. 9, fig. 9 is a schematic block diagram of a computer device according to an embodiment of the present invention. The computer device may be a client for performing a data information encryption transmission method to encrypt and transmit data information.

Referring to fig. 9, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.

The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032, when executed, causes the processor 502 to perform a data information encryption transmission method.

The processor 502 is used to provide computing and control capabilities that support the operation of the overall computer device 500.

The internal memory 504 provides an environment for running the computer program 5032 in the nonvolatile storage medium 503, and when the computer program 5032 is executed by the processor 502, the processor 502 can be caused to execute the data information encryption transmission method.

The network interface 505 is used for network communication, such as providing transmission of data information. Those skilled in the art will appreciate that the configuration shown in fig. 9 is a block diagram of only a portion of the configuration associated with aspects of the present invention and is not intended to limit the computing device 500 to which aspects of the present invention may be applied, and that a particular computing device 500 may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

The processor 502 is configured to run a computer program 5032 stored in the memory to implement the corresponding functions in the above-mentioned data information encryption transmission method.

Those skilled in the art will appreciate that the embodiment of a computer device illustrated in fig. 9 does not constitute a limitation on the specific construction of the computer device, and that in other embodiments a computer device may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components. For example, in some embodiments, the computer device may only include a memory and a processor, and in such embodiments, the structures and functions of the memory and the processor are consistent with those of the embodiment shown in fig. 9, and are not described herein again.

It should be understood that, in the embodiment of the present invention, the Processor 502 may be a Central Processing Unit (CPU), and the Processor 502 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

In another embodiment of the invention, a computer-readable storage medium is provided. The computer readable storage medium may be a non-volatile computer readable storage medium. The computer-readable storage medium stores a computer program, wherein the computer program, when executed by a processor, implements the steps included in the above-described data-information encryption transmission method.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses, devices and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

In the embodiments provided by the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only a logical division, and there may be other divisions when the actual implementation is performed, or units having the same function may be grouped into one unit, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a computer-readable storage medium, which includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned computer-readable storage media comprise: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk.

While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. A data information encryption sending method is applied to a client, the client communicates with a management server, and the method is characterized by comprising the following steps:

2. The method according to claim 1, wherein the key generation rule includes a curve equation, base point coordinates, and an order threshold, and the generating key information according to a preset key generation rule includes:

randomly generating an order smaller than the order threshold;

calculating to obtain a target point coordinate according to the order and the base point coordinate;

and taking the order as a private key in the secret key information, and taking the target point coordinate as a public key in the secret key information.

3. The method according to claim 1, wherein the key array generation rule includes an interception rule, a reversal rule, and a splitting rule, and the generating a key array corresponding to the key information according to a preset key array generation rule includes:

intercepting target key information from a private key of the key information according to the interception rule;

carrying out parallel inversion on the target key information according to the inversion rule to obtain an inverted key;

and splitting the reverse secret key according to the splitting rule to obtain a secret key array.

4. The data information encryption transmission method according to claim 3, wherein the key arrangement rule includes an intermediate parameter calculation formula, a system parameter, a fixed parameter and an arrangement formula, and the parallel arrangement based on algebraic operation is performed on the key array according to a preset key arrangement rule to obtain a corresponding round key array, including:

calculating the system parameters and the secret key array according to the intermediate parameter calculation formula to obtain intermediate parameters;

and parallelly arranging the intermediate parameters and the fixed parameters according to the arrangement formula to obtain a round key array corresponding to the intermediate parameters.

5. The method according to claim 4, wherein the arrangement formula includes a round key calculation formula and a transformation formula, and the parallel arrangement of the intermediate parameter and the fixed parameter according to the arrangement formula to obtain a round key array corresponding to the intermediate parameter includes:

performing parallel arrangement on character data according to an arrangement function in the conversion formula to obtain corresponding arrangement character data, wherein the arrangement function is a function which can be executed concurrently and is realized by adopting a WebAssembly SIMD instruction;

performing matrix operation on the arrangement character data according to a matrix operation formula in the transformation formula to obtain matrix operation character data;

carrying out linear transformation on the matrix operation character data according to the inversion rule to obtain transformed character data;

inversely arranging the converted character data according to the arrangement function to obtain a corresponding character output result;

and inputting the character output result and the intermediate parameter into the round key calculation formula to calculate to obtain the round key array.

6. The method according to claim 5, wherein the layout function is W (C [ n ]) ((C [ n > > > SHIFT) < (C [ n ] + SHIFT) · (MASK | | | MASK), where MASK is a MASK preset in the layout function, SHIFT is a displacement parameter preset in the layout function, C [ n ] is the character data, W (C [ n ]) is the layout character data, and n ═ 0,1,2,. 7.

7. The method for encrypting and sending the data information according to claim 1, wherein the encryption rule includes an encoding format and a segmentation rule, and the encrypting the data information to be encrypted according to a preset encryption rule and the round key number to generate corresponding encryption information includes:

coding the data information to be encrypted according to the coding format to obtain corresponding coding information;

segmenting the coded information according to the segmentation rule to obtain a plurality of corresponding information segments;

and encrypting each information segment according to the round key number group to obtain corresponding encrypted information.

8.A data information encryption transmission apparatus, comprising:

9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method for encrypting and transmitting data information according to any one of claims 1 to 7 when executing the computer program.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, causes the processor to execute the data-information encryption transmission method according to any one of claims 1 to 7.