CN114826700A - Zero-key information verification session method of one-time cryptographic algorithm - Google Patents
Zero-key information verification session method of one-time cryptographic algorithm Download PDFInfo
- Publication number
- CN114826700A CN114826700A CN202210372417.5A CN202210372417A CN114826700A CN 114826700 A CN114826700 A CN 114826700A CN 202210372417 A CN202210372417 A CN 202210372417A CN 114826700 A CN114826700 A CN 114826700A
- Authority
- CN
- China
- Prior art keywords
- key sequence
- data
- encryption
- information
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 56
- 238000000034 method Methods 0.000 title claims description 23
- 230000005540 biological transmission Effects 0.000 claims description 33
- 238000004891 communication Methods 0.000 claims description 11
- 238000006243 chemical reaction Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 8
- 230000001360 synchronised effect Effects 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 description 13
- 230000008859 change Effects 0.000 description 5
- 238000005336 cracking Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 229910002056 binary alloy Inorganic materials 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Aiming at the problems of the key sequence of the one-time pad cryptosystem, the invention sets a verification key sequence session before encryption, utilizes the functions of the verification session for prejudging and verifying the key sequence, can effectively and accurately judge whether the key sequence data intercepted by an encryption party and a decryption party in a key sequence database are the same or not and whether the key sequence data are synchronous or not, and gives an indication whether the encryption and the decryption of information are continuously carried out or not according to the verification result. The verification session information utilizes the hash function of the key sequence, does not contain specific information (zero key information) from which the key sequence can not be derived, and can effectively prevent the verification session information from being intercepted to obtain any information of the key sequence.
Description
Technical Field
The invention belongs to the field of electronic information security, relates to an electronic information security transmission technology, and particularly relates to a method for improving the reliability of information transmission, encryption and decryption by checking a key sequence in advance when a one-time pad cryptographic algorithm is used.
Background
When the transmission of the (paper or electronic carrier) files or data has high confidentiality requirements, the traditional transmission mode is that a special vehicle is dispatched to two persons for exchange or the files are exchanged through a confidential file exchange station, and the remote confidential files are delivered through a special confidential traffic or confidential communication department. The traditional mode is also influenced by unpredictable difficult factors such as complex handover procedure, reliable integrity related to people, strict regulation and execution, natural disasters, accidents, low efficiency, risk of file loss and secret loss due to accidents, time and labor consuming and expensive transmission cost.
Modern computer technology, communication technology and cipher technology change the traditional information transmission mode, and no matter in the secret information transmission mode of military, industry, business, etc., the modern information security technology of safety network and information encryption is adopted gradually to replace the traditional mode.
At present, the security of a file mainly depends on encryption and decryption of a cryptographic technology to achieve the purpose of secure and confidential transmission and storage, and the commonly used cryptographic technologies listed in the standard are divided into two categories: the asymmetric key sequence algorithm and the symmetric key sequence algorithm, and the asymmetric encryption technology and the symmetric encryption technology belong to a cryptosystem of 'computing safety'. Asymmetric cryptographic algorithm: a pair of key sequence pairs which are composed of a public key and a private key and can be mutually added and decrypted has the advantages that: the security of the key sequence is high (in reality, the key sequence needs to be changed regularly to improve the security), and the following disadvantages are that: the speed is slow, and the application of non-professionals is difficult. Symmetric cryptographic algorithm: the same key used for encryption and decryption can be used for encryption and decryption, and has the advantages that: the encryption speed is fast, the encryption efficiency is high, and the defects are that: the storage and transmission requirements for the key are high.
In addition to the above features and problems, both symmetric encryption and asymmetric encryption have an important drawback: the security of the algorithms depends on the security of the secret key, and once the secret key is leaked or obtained by an attacker in an illegal way, the whole encryption algorithm is easily cracked. In addition, the decryption mode of processing the information into the messy codes for encryption and then restoring the messy codes into the information can be cracked in theory or practice, only the cost spent on the cracking work and the consumed time are compared with the value contained in the information, the cost spent on the cracking work is cost-effective and cost-effective, the consumed time and the timeliness of the cracking are timely and the cracking result is meaningless to be comprehensively considered.
The invention adopts the one-time pad cipher algorithm for the safe transmission of information data with high confidentiality requirement, and is a symmetric cipher algorithm for generating a cipher text by using a key sequence and information 'bitwise XOR operation'. The problem of the one-time pad cipher algorithm is as follows: the encryption strength completely depends on the period, randomness, complexity, unpredictability and the like of a password sequence, a plurality of difficult and uncertain factors exist in early electronic equipment, moreover, a key sequence used by a one-time-pad password algorithm is as long as an encrypted information sequence, the key sequence can be used only once and must be destroyed immediately, namely, a very wasted password, and a generating device of an infinite-length true random sequence is a technology which is applied only recently.
The one-time-pad cipher algorithm does not implement a decryption mode of encrypting information to be encrypted by processing the information into messy codes and then restoring the messy codes into information, as in the symmetric and asymmetric encryption technologies, and converts original data into a binary data sequence by an original data/binary data conversion algorithm, and then carries out bitwise logical XOR encryption with a binary random cipher sequence, so that a basic data cipher text sequence of the binary can be obtained, and meanwhile, an encryption key is destroyed. A true and correct original data can be obtained unless the encryption and decryption key sequence of the one-time pad algorithm is used for carrying out 'logical exclusive-or' operation decryption on the ciphertext sequence and then carrying out 'binary system/original data conversion'. The one-time pad cryptosystem is absolutely safe in theory, cannot be cracked, and belongs to an unconditional safe cryptosystem.
Because the key sequence for one-time pad encryption is destroyed after carrying out encryption operation on the original data, if the ciphertext sequence is obtained by an attacker, only one key sequence can be simulated for decryption by using a 'exhaustion method' to carry out 'bit-by-bit trial and error'. After the binary/original data conversion is respectively carried out on the sequence obtained by each trial and error and the ciphertext sequence, a large number of data sequences which have no definite statistical relationship with the original data and contain random readable data and random unreadable data can be obtained, the readable part of the data sequences can possibly express a complete content and can be close to or completely opposite to the original data part, and therefore an attacker cannot determine that the content is real original data. Even if an attacker tries to "bump" the correct key sequence, he cannot be certain whether this transformed and decrypted data is the original data.
The password system of the one-time pad ensures that the security of the password system meets the following rules:
1. the encryption and decryption key sequences are the same and as long as the encrypted information.
2. The encryption and decryption key sequence is composed of truly random data.
3. The encryption and decryption key sequence can only be used once and must be destroyed.
Following these 3 rules, the encrypted information can be made unbreakable by any cryptanalyst. The ciphertext is always secure, even with unlimited computing power.
At present, compared with early encryption equipment, the computer technology, the quantum technology and the cryptography are adopted to realize the encryption transmission of the confidential documents by the one-time-pad cryptosystem, and have more excellent conditions. In the invention, a random key sequence used for encryption and decryption is generated by adopting a quantum true random key sequence generation server product, data with the same format and the same data and synchronization are simultaneously injected into key sequence databases of an encryption party and a decryption party through a safe distribution mode, when the encryption and the decryption are carried out, the encryption party and the decryption party intercept a section of key sequence data with the same length as encrypted information in the respective key sequence databases, and encryption and decryption operation is carried out to obtain a result.
The key sequence for encryption and decryption in the cryptosystem of 'one-time pad' has the following problems: the random key sequence stored in advance in the key sequence databases of the receiving and transmitting parties is required to be completely consistent, and if the random key sequence of one party has an error, even a small segment, or even a bit change, the information which is encrypted, encrypted and transmitted at this time can generate an error. More importantly, if the prejudgment verification function is not set, both the encryption and decryption parties are probably not known about the generated problems, so that error information is approved and executed, and a serious error result is formed. The cryptosystem that usually uses "one-time pad" is directed to important, confidential information, and thus the loss caused by such error accidents is immeasurable.
At present, because the key sequences of the cryptosystem implementing the one-time pad are stored by adopting an electronic storage device, the probability of the key sequence errors caused by the change of physicochemical factors such as electromagnetic interference, temperature change, mechanical collision, performance change of a storage element and the like sometimes occurs, and meanwhile, the factor of the key sequence errors caused by artificial unintentional or intentional operation cannot be eliminated.
The invention content is as follows:
the purpose of the invention is as follows: aiming at the problems of the key sequence in the one-time pad cryptosystem, a verification key sequence session function before encryption is set, the pre-judgment and verification functions of the verification session on the key sequence are utilized, whether the key sequence data intercepted by an encryption party and a decryption party in a key sequence database are the same or not and synchronous or not can be effectively and accurately judged, and an instruction of whether the encryption and the decryption of the information are continued or not is given according to a verification result. The verification session information utilizes the hash function of the key sequence, does not contain specific information (zero key information) from which the key sequence can not be derived, and can effectively prevent the verification session information from being intercepted to obtain any information of the key sequence.
The specific technical scheme is as follows:
1. the zero key information verification session method of the one-time cryptographic algorithm is characterized in that: before data information is encrypted, consistency verification is carried out on encryption and decryption key sequences of a sending party and a receiving party, and verification session information interacted through a network does not contain specific content information of any key sequence; comprises the following steps:
1) verifying the session information by using a hash function of the key sequence;
2) and verifying the session information by using the hash function and the length of the key sequence.
2. The hash function of the key sequence is used for verifying the session information, and the process is as follows:
the encryption sender A intercepts key sequence data with the same length as the data information to be encrypted and sent from an own key sequence database Akdata to serve as an encryption key sequence Kdata-a, takes a hash function Ahd of the encryption key sequence as session information, and transmits the session information to the receiving decryptor B through a secure channel to serve as a key sequence verification session; b, receiving verification session information Ahd, intercepting key sequence data Kdata-B at the starting bit of the Bkdata in a successive bit increasing mode, performing hash function operation on the key sequence data Kdata to obtain Bhd, and performing consistency verification operation on the Ahd and the Bhd:
ahd = Bhd, B informs A that the key sequence consistency check is passed, Ahd ≠ Bhd, the key sequence consistency check is not passed, B continues intercepting key sequence data Kdata-B in a successive bit increasing mode, and does logic operation of hash function operation and consistency check until the data of the key sequence database Bkdata is completely extracted, and B informs A that the negotiation is not passed.
3. The hash function and the length value of the key sequence are used as verification session information, and the process is as follows:
an encryption sender A intercepts key sequence data Kdata-a with the same length as information from an own key sequence database Akdata to serve as an encryption key sequence, takes the hash function Ahd of the encryption key sequence and the value of the data length AL as a verification session Ahd + AL, and transmits the verification session to a receiver B through a secure communication channel to serve as the key sequence verification session; the receiving party B receives the verification session information Ahd + AL, intercepts data Kdata with the same length Kdata-B in a key sequence database Bkdata owned by the receiving party B according to the value of the length AL contained in the verification session information Ahd + AL, calculates a hash function Bhd of the intercepted data, and performs a logical operation of consistency verification with the hash function Ahd in the session information:
ahd = Bhd, B notifies a that the key sequence consistency check is passed, Ahd ≠ Bhd, that the key sequence consistency check is not passed, and B notifies a that the negotiation is not passed.
4. The data information is a data file of an electronic version of characters, graphic images, forms and audio and video data; the data information is required to be converted into a data format which is the same as the encryption and decryption key sequence and can be subjected to logical exclusive-or operation according to a one-time cryptographic algorithm rule, and the default conversion data of the system is binary, namely R = 2.
5. The encryption key sequence and the decryption key sequence are true random sequence data which accord with a one-time cipher algorithm, and are generated by a random key sequence server, and data with the same format, the same data and synchronization are simultaneously injected into own key sequence databases Akdata and Bkdata of a sender A and a receiver B in a safe mode.
6. The one-time pad cipher algorithm adopts a symmetric true random sequence encryption and decryption algorithm, and is an encryption and decryption operation for carrying out logical XOR operation according to the bits or bytes of data.
7. The communication channel can adopt a special and high-level security transmission channel, and can also adopt an open wireless network channel, a public internet network and other data transmission channels which do not need special encryption to transmit the ciphertext encrypted by the one-time pad encryption algorithm.
8. The key sequence secure distribution mode can adopt a quantum key sequence distribution system to directly distribute, can also adopt a network secret transmission mode or a physical hardware distribution mode, and can also adopt a key sequence distribution mode accessed by a third party.
The beneficial effects are that: the method provided by the invention adopts the unconditionally safe one-time pad algorithm to transmit the original data safely and secretly, before the data encryption, the consistency check is carried out on the encryption and decryption key sequences of the sending party and the receiving party, and the check session does not contain and can not derive the specific content of any key sequence, thereby not only ensuring the encryption transmission process to be correct, but also effectively preventing an attacker from intercepting the check session to obtain the specific content of any key sequence.
Example (b):
the embodiment is a security transmission system of a confidential file, which comprises a user end or a file sending end A, a supervision end or a file receiving end B and a transmission channel C:
user side or file sender a: the system is responsible for the work of making, encrypting and sending original data files, and the A party is provided with a database hardware device which stores a one-time pad key sequence and is injected with a true random sequence key synchronized with the B party in advance, a cipher transmission device which can execute logical operation encryption and decryption of the files and receive and send the files, and an operator who implements the cipher transmission.
The monitor end or the file receiving end B: the system is in charge of receiving, decrypting, verifying and storing data files, the B party is provided with a database hardware device which stores a one-time pad key sequence and is injected with a true random sequence key synchronized with the A party in advance, a cipher transmission device which can execute logical operation encryption and decryption of the files, receive and send the files and an operator who implements the cipher transmission. The B party is also provided with hardware equipment such as a true random sequence generation server, a file verification server, a file storage server and the like and program software operated by the equipment.
Transmission channel C: the user end equipment and the monitoring end equipment are connected with a special channel through a safe communication channel (the cryptographic algorithm adopted by the system has low requirement on a transmission channel). The file safety transmission system is characterized in that a point-to-point data transmission system is formed by a monitoring end and a user end, and the monitoring end and distributed multiple users form a one-to-many safety communication and data transmission system.
In the embodiment, the encryption sender of the information is A, and the receiving and decryption party is B.
Before the encryption transmission of the original data file, firstly, performing key sequence verification, making verification session and verification operation:
firstly, a hash function of a key sequence is used for verifying session information, and the process is as follows:
an encryption sender A converts original data fi to be encrypted into binary data Af by using an original data/binary data conversion program, and calculates the length AL of the Af; then, A intercepts binary key data with the same length as the original data from an own key database Ak to serve as an encryption key Ka, takes a hash function ha of the encryption key as session information, and transmits the session information to a receiving decryptor B through a secure channel C to serve as a key verification session; b receives the verification session information ha, intercepts binary key data Kb in a mode of increasing bits (or bytes) from the start bit of the own key database Bk, takes the hash function hb of Kb as a comparison value, and verifies the consistency of Ka and Kb. The counting and checking process comprises the following steps: extracting an array Kbx in a bitwise chaining mode from the first bit data in the owned key database Bk of B:
(wherein: X is a data bit, N is a total length, X =1 to N, and + is a connection symbol):
Kbx = Kb1,(Kb1+Kb2),(Kb1+Kb2+Kb3),(Kb1+Kb2+Kb3+....)
......(Kb1+.....+Kbn-2+Kbn-1+Kbn)
performing hash function operation on each intercepted Kbx to obtain hbx, and performing consistency check logic operation on ha and hbx:
check operation formula: ha ≦ hbx; or ha (XOR) hbx
If: ha ≧ hbx =1 or ha (xor) hbx =1 then: ha is not equal to hb
When x is not equal to n, B continuously intercepts Kbx and the hash function hbx of the Kbx, and repeats the check operation;
when x = n, B notifies a that the key consistency check fails;
if: ha ≦ hbx =0 or ha (xor) hbx =0 then: ha = hbx
B informs A that the key consistency check passes.
Secondly, the hash function of the key and the length value of the key are used as verification session information, and the process is as follows:
the encryption sender A converts original data fi to be encrypted into binary data Af by using a program of 'original data/binary data conversion', and calculates the length AL of the Af; intercepting binary data with the same length as the original data from a self-owned key database Ak to serve as an encryption key Ka, taking a hash function ha of the encryption key and the value of the data length AL as a verification session ha + AL, and transmitting the verification session to a receiver B through a secure communication channel to serve as a key verification session; the receiving party B receives the verification session information ha + AL, intercepts data Kb with the same length as the AL from a key database Bk of the receiving party B according to the value of the length AL contained in the verification session information ha + AL, calculates a hash function hb of the Kb, and performs consistent verification logic operation with the hash function ha in the session information, and the verification process is as follows:
check operation formula: ha ^ hb or ha (XOR) hb
If: ahd ≧ Bhd =1 or Ahd (xor) Bad =1
Then: ka ≠ Kb B informs A that the key consistency check fails
B informs a that the negotiation is not passed.
If: ha ≠ hb =0 or ha (xor) hb =0
Then: ka = Kb B informs a that the key consistency check passes;
and thirdly, after the verification operation, the result is that the verification is passed, A uses Ka as an encryption key, B uses Kb as a decryption key to perform encryption and decryption operation:
a uses Ka as encryption key, and is operated with Af encryption:
an encryption operation formula: ka ^ Af or Ka (XOR) Af to obtain ciphertext sequence
B, using Kb as a decryption key; and (3) carrying out decryption operation:
kb ≦ Af or Kb (xor) { Ka (xor) = Af ≦ Ka (xor) } Af
The decrypted binary sequence Af is "binary/raw data converted" into raw data Ai.
Preprocessing the encrypted file: the original data information is a data file of an electronic version of characters, graphic images, forms and audio and video data; the data information is required to be converted into a data format which is the same as the encryption and decryption keys in type and can be subjected to logical exclusive-or operation according to a one-time cryptographic algorithm rule, and the default conversion data of the system is binary, namely R = 2. In the embodiment, programs of "binary/original data conversion" and "original data/binary data conversion" are provided.
And fifthly, the encryption and decryption key sequence is true random sequence data conforming to a one-time cryptographic algorithm, is generated by a random key server, and simultaneously injects data with the same format, the same data and synchronization into own key databases Akdata and Bkdata of a sender A and a receiver B in a safe way. The embodiment adopts a quantum random number generation server capable of outputting a continuous true random number sequence.
And sixthly, the one-time pad cipher algorithm adopts a symmetric true random sequence encryption and decryption algorithm, and is an encryption and decryption operation for carrying out logic exclusive-or operation according to the bits or bytes of data. In the embodiment, a cipher machine special for one-time pad encryption and decryption is adopted.
And seventh, the communication channel can adopt a special and high-level security transmission channel, and can also adopt an open wireless network channel, a public internet network and other data transmission channels which do not need special encryption to transmit the ciphertext encrypted by the one-time pad encryption algorithm. In the embodiment, a secure TCP/IP communication channel is adopted.
And eighthly, the key sequence secure distribution mode can adopt a quantum key distribution system to directly distribute, a network secret transmission mode or a physical hardware distribution mode, and a key distribution mode accessed by a third party. In the embodiment, a network encryption mode is adopted and a key distribution mode of physical hardware is combined.
The above embodiments are only for illustrating the technical idea and the feasibility of the invention, and the protection scope of the invention is not limited thereby, and any modifications made on the technical basis of the scheme according to the technical idea proposed by the invention are within the protection scope of the patent claims of the invention.
Claims (8)
1. The zero key information verification session method of the one-time cryptographic algorithm is characterized in that: before data information is encrypted, consistency verification is carried out on encryption and decryption key sequences of a sending party and a receiving party, and verification session information interacted through a network does not contain specific content information of any key sequence; comprises the following steps: 1) verifying the session information by using a hash function of the key sequence; 2) and verifying the session information by using the hash function and the length of the key sequence.
2. The method of claim 1, wherein: the hash function of the key sequence is used for verifying the session information, and the process is as follows: the encryption sender A intercepts key sequence data with the same length as the original data information to be encrypted and sent from an own key sequence database Akdata, and takes the key sequence data as an encryption key sequence Kdata-a, and takes a hash function Ahd of the encryption key sequence as session information to be transmitted to a receiving decryptor B through a secure channel to take a key sequence verification session; b, receiving verification session information Ahd, intercepting key sequence data Kdata-B at the starting bit of the Bkdata in a successive bit increasing mode, performing hash function operation on the key sequence data Kdata to obtain Bhd, and performing consistency verification operation on the Ahd and the Bhd: ahd = Bhd, B informs A that the key sequence consistency check is passed, Ahd ≠ Bhd, B continues intercepting the key sequence data Kdata-B in a successive bit increasing mode, and does the logical operation of hash function operation and consistency check until the data of the own key sequence database Bkdata is completely obtained, and B informs A that the negotiation is not passed.
3. The method of claim 1, wherein: the hash function and the length value of the key sequence are used as verification session information, and the process is as follows: the encryption sender A intercepts key sequence data with the same length as the original data information to be encrypted and sent from an own key sequence database Akdata to serve as an encryption key sequence Kdata-a, takes the value of a hash function Ahd and the data length AL of the encryption key sequence as a verification session Ahd + AL, and transmits the verification session to a receiver B through a secure communication channel to serve as the verification session of the key sequence; the receiving party B receives the verification session information Ahd + AL, intercepts data Kdata with the same length Kdata-B in a key sequence database Bkdata owned by the receiving party B according to the value of the length AL contained in the verification session information Ahd + AL, calculates a hash function Bhd of the intercepted data, and performs a logical operation of consistency verification with the hash function Ahd in the session information: ahd = Bhd, B notifies A that the key sequence consistency check is passed, Ahd ≠ Bhd, that the key sequence consistency check is not passed, and B notifies A that the negotiation is not passed.
4. The method of claim 1, wherein: the original data information is a data file of an electronic version of characters, graphic images, forms and audio and video data; the data information is required to be converted into a data format which is the same as the encryption and decryption key sequence and can be subjected to logical exclusive-or operation according to a one-time cryptographic algorithm rule, and the default conversion data of the system is binary, namely R = 2.
5. The method and system of claim 1, wherein: the encryption key sequence and the decryption key sequence are true random sequence data which accord with a one-time cipher algorithm, are generated by a true random key sequence server, and simultaneously distribute and inject data with the same format, the same data and synchronization into own key sequence databases Akdata and Bkdata of a party A and a receiver B in a safe way.
6. The method and system of claim 1, wherein: the one-time pad cipher algorithm adopts an encryption and decryption algorithm of a symmetrical true random sequence, and is an encryption and decryption operation of carrying out logical exclusive-or operation according to the bits or bytes of data.
7. The method and system of claim 1, wherein: the communication channel can adopt a special and high-level security transmission channel, and can also adopt an open wireless network channel, a public internet network and other data transmission channels which do not need special encryption to transmit the ciphertext encrypted by the one-time pad encryption algorithm.
8. The method and system according to claim 1 or 5, characterized by: the key sequence security distribution mode can adopt a quantum key sequence distribution system to directly distribute, can also adopt a network encryption transmission mode or a physical hardware distribution mode, and can also adopt different key sequence distribution modes accessed by a third party according to the security level of the file data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210372417.5A CN114826700A (en) | 2022-04-11 | 2022-04-11 | Zero-key information verification session method of one-time cryptographic algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210372417.5A CN114826700A (en) | 2022-04-11 | 2022-04-11 | Zero-key information verification session method of one-time cryptographic algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114826700A true CN114826700A (en) | 2022-07-29 |
Family
ID=82534953
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210372417.5A Pending CN114826700A (en) | 2022-04-11 | 2022-04-11 | Zero-key information verification session method of one-time cryptographic algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114826700A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI864705B (en) * | 2023-04-27 | 2024-12-01 | 玉山商業銀行股份有限公司 | Verification system and verification method |
-
2022
- 2022-04-11 CN CN202210372417.5A patent/CN114826700A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI864705B (en) * | 2023-04-27 | 2024-12-01 | 玉山商業銀行股份有限公司 | Verification system and verification method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8670563B2 (en) | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
| CN112702318A (en) | Communication encryption method, decryption method, client and server | |
| JP2022519688A (en) | End-to-end double ratchet encryption with epoch key exchange | |
| US7248699B2 (en) | Encryption method using synchronized continuously calculated pseudo-random key | |
| CN114499857B (en) | Method for realizing data correctness and consistency in encryption and decryption of large data quanta | |
| CN118972049A (en) | Double ratchet cryptographic communication method and system based on hybrid post-quantum and asymmetric cryptography | |
| CN112165443A (en) | Multi-key information encryption and decryption method and device and storage medium | |
| CN113630248A (en) | A session key negotiation method | |
| CN105376261A (en) | Encryption method and system for instant communication message | |
| CN107819760A (en) | Symmetric key generation and the secret signalling of distribution based on radio channel characteristic | |
| JPH09312643A (en) | Key sharing method and encryption communication method | |
| CN120710665A (en) | A secure inter-core communication method based on derived key negotiation | |
| CN109005151A (en) | A kind of encryption of information, decryption processing method and processing terminal | |
| CN117527233A (en) | A multi-layer data privacy protection method based on hybrid chain encryption protocol | |
| CN111800784A (en) | Block chain cloud service system based on cloud computing | |
| CN114826700A (en) | Zero-key information verification session method of one-time cryptographic algorithm | |
| CN115987500A (en) | Data safety transmission method and system based on industrial equipment data acquisition | |
| CN115834126A (en) | Encryption transmission method for engineering electronic files | |
| CN115834038A (en) | Encryption method and device based on national commercial cryptographic algorithm | |
| CN118659881B (en) | Quantum-resistant security enhancement method for secure shell protocol | |
| CN118694529B (en) | Quantum-resistant security enhancement method for secure channel protocol of password equipment | |
| Zhang | The application of data encryption technology in computer network information security | |
| CN119109576A (en) | A white box key processing method and terminal based on quantum key distribution | |
| CN107566119A (en) | A kind of guard method of eSIM cards data safety and system | |
| CN117714207A (en) | Encryption method for intelligent control system of power transformation and distribution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |