CN119834981B

CN119834981B - File encryption transmission method, device, electronic device and computer-readable medium

Info

Publication number: CN119834981B
Application number: CN202411953171.6A
Authority: CN
Inventors: 严亚龙; 周闻博
Original assignee: Park Road Credit Information Co ltd
Current assignee: Park Road Credit Information Co ltd
Priority date: 2024-12-27
Filing date: 2024-12-27
Publication date: 2025-09-05
Anticipated expiration: 2044-12-27
Also published as: CN119834981A

Abstract

The embodiment of the disclosure discloses a file encryption transmission method, a file encryption transmission device, electronic equipment and a computer readable medium. The method comprises the steps of obtaining a file set to be transmitted, a key generation parameter set and a first user part public and private key pair, generating a second user part public and private key pair, conducting key splicing on the first user part public and private key pair and the second user part public and private key pair to obtain a user public and private key pair, determining to receive user signature information, conducting file signing on the file set to be transmitted to obtain a signed transmission file, conducting encryption on the user public and private key pair to obtain an encryption key pair, conducting segmentation on the signed transmission file to obtain a segmented signed transmission file set, generating a file transmission byte stream, and conducting hidden channel sending transmission on the file transmission byte stream. The embodiment can improve the security of file transmission by generating the public and private keys in parts and sending the fusion signcryption of the identity information of a pair of multi-user terminals.

Description

File encryption transmission method, device, electronic equipment and computer readable medium

Technical Field

Embodiments of the present disclosure relate to the field of computer technology, and in particular, to a file encryption transmission method, a file encryption transmission device, an electronic device, and a computer readable medium.

Background

With the continuous development of mobile communication technology and the increase of business demands of enterprises, how to ensure the security of the transmitted files and avoid the data leakage of private data during the transmission process is becoming an increasingly focused problem. For encrypted file transfer, the main key is typically generated using KGC (Key Generation Center, key management center). Then, a user private key and a user public key for the identity of the user are generated through the master key. And finally, carrying out bilinear pair operation encryption on the file set to be transmitted through the user public key and the user private key so as to be decrypted and received by a file receiving user side.

However, in practice, it is found that when the above manner is adopted to encrypt and transmit a file, there is a technical problem that, firstly, since the private keys of all users are generated by using the master key of KGC, once the master key of KGC is revealed, the private keys of users are all exposed, and the encryption processing of bilinear pairing operation is performed on the file set, the encryption computation complexity is higher, the encryption efficiency is lower, and the possibility of revealing the stored private key exists, thereby resulting in lower security of file transmission.

The above information disclosed in this background section is only for enhancement of understanding of the background of the disclosed concept and, therefore, it may contain information that does not form the prior art that is known to those of ordinary skill in the art in this country.

Disclosure of Invention

The disclosure is in part intended to introduce concepts in a simplified form that are further described below in the detailed description. The disclosure is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

Some embodiments of the present disclosure propose a file encryption transmission method, apparatus, electronic device, and computer readable medium to solve one or more of the technical problems mentioned in the background section above.

In a first aspect, some embodiments of the present disclosure provide a file encryption transmission method, including obtaining a file set to be transmitted, a key generation parameter set sent by a key generation server, and a first user part public-private key pair, where the key generation parameter set includes at least one of an elliptic curve non-zero multiplication group, an elliptic curve addition generator, and a system public key; generating a second user part public-private key pair according to the elliptic curve non-zero multiplication group and the elliptic curve addition generating element, performing key splicing on the first user part public-private key pair and the second user part public-private key pair according to the system public key and the key generating parameter set to obtain a user public-private key pair, determining receiving user signature information of a file receiving user terminal set, wherein the file receiving user terminal in the file receiving user terminal set is a user terminal for receiving the file set to be transmitted, performing file signing processing on the file set to be transmitted according to the user public-private key pair and the receiving user signature information to obtain a signature transmission file, performing key encryption processing on the user public-private key pair to obtain an encryption key pair, performing segmentation processing on the signature transmission file to obtain a segmented signature transmission file set, generating a file transmission byte stream according to the encryption key pair and the segmented signature transmission file set, performing channel transmission on the file transmission byte stream to perform channel transmission to receive and decrypt the file receiving user terminal set.

In a second aspect, some embodiments of the present disclosure provide a file encryption transmission apparatus, including an obtaining unit configured to obtain a file set to be transmitted, a key generation parameter set sent by a key generation server, and a first user part public-private key pair, where the key generation parameter set includes at least one of an elliptic curve non-zero multiplicative group, an elliptic curve addition generator, and a system public key; a first generating unit configured to generate a second user part public-private key pair according to the elliptic curve non-zero multiplication group and the elliptic curve addition generating element, a key splicing unit configured to generate a parameter set according to the system public key and the key, a key encrypting unit configured to encrypt the first user part public-private key pair and the second user part public-private key pair to obtain a user public-private key pair, a determining unit configured to determine the received user signature information of a file receiving user terminal set, wherein the file receiving user terminal in the file receiving user terminal set is a user terminal for receiving the file set to be transmitted, a file signing unit configured to perform file signing processing on the file set to be transmitted according to the user public-private key pair and the received user signature information to obtain a signature transmission file, a key encrypting unit configured to perform key encrypting processing on the user public-private key pair to obtain an encrypted key pair, a segmenting unit configured to perform segmentation processing on the signature transmission file to obtain a segmented secret transmission file set, a second generating unit configured to send the segmented transmission file set and the segmented transmission file set according to the user public-private key pair and the received user signature information, a file signing unit configured to generate a signature transmission file set according to the segmented transmission file set, is configured to perform hidden channel transmission on the file transmission byte stream to perform decryption reception on the file reception client set.

In a third aspect, some embodiments of the present disclosure provide an electronic device comprising one or more processors, a storage device having one or more programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement a method as described in any of the implementations of the first aspect.

In a fourth aspect, some embodiments of the present disclosure provide a computer readable medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements a method as described in any of the implementations of the first aspect.

The file encryption transmission method of some embodiments of the present disclosure can generate a public key in a divided manner and send a pair of fusion signcryption of identity information of multiple users, so that the security of file transmission can be improved. Specifically, the reason why the security of the related file transfer is low is that since the private keys of all users are generated by the master key of KGC, once the master key of KGC is compromised, the private keys of users are all exposed, and the encryption processing of bilinear pair operation is performed on the file set, the signing operation is not performed, which results in higher encryption computation complexity, lower encryption efficiency, and possibility of disclosure of the stored private keys, thereby resulting in lower security of the file transfer. Based on the above, the file encryption transmission method of some embodiments of the present disclosure may first obtain a file set to be transmitted, a key generation parameter set sent by a key generation server, and a first user part public-private key pair, where the key generation parameter set includes at least one of an elliptic curve non-zero multiplication group, an elliptic curve addition generator, and a system public key. And the method is used for generating a second user distributed public and private key pair and performing signcryption processing on the file set to be transmitted. And secondly, generating a second user part public-private key pair according to the elliptic curve non-zero multiplication group and the elliptic curve addition generating element. Here, by generating part of the public and private key pairs by the user side and the key generation server side, the possibility of leakage of the key pairs can be reduced to a certain extent, the security of the part of the public and private key pairs can be improved, and the waste of key transmission resources can be reduced. And thirdly, performing key splicing on the first user part public-private key pair and the second user part public-private key pair according to the system public key and the key generation parameter set to obtain a user public-private key pair. The security and complexity of the public and private key pairs of the user can be improved, and the security of the subsequent file encryption transmission is further improved. And then determining the signature information of the receiving users of the file receiving user terminal set, wherein the file receiving user terminal in the file receiving user terminal set is the user terminal for receiving the file set to be transmitted. The identity information of the file receiving user terminals is fused, so that anonymity of file acceptors is realized, and privacy protection of the file receiving user terminals can be improved. And then, carrying out file signcryption processing on the file set to be transmitted according to the public and private key pair of the user and the received user signature information to obtain a signcryption transmission file. Here, the signcryption is to add a user signature technology on the basis of encryption, so that the security, the integrity and the non-counterfeitability of the file can be simultaneously realized, and encryption processing is performed through elliptic curve operation, so that the encryption complexity can be reduced and the encryption efficiency can be improved. And then, carrying out key encryption processing on the public and private key pairs of the user to obtain an encryption key pair. Here, the security of the public and private key pair of the user is improved. And then, carrying out segmentation processing on the signcryption transmission file to obtain a signcryption transmission file set after segmentation. Here, segmentation facilitates subsequent segmentation processing, can improve transmission efficiency and can realize breakpoint transmission. And then generating a file transmission byte stream according to the encryption key pair and the segmented signcryption transmission file set. Here, the design of the file transfer byte stream for the file transfer scene can improve the security and applicability of the file transfer. And finally, carrying out hidden channel transmission on the file transmission byte stream so as to carry out decryption and reception on the file receiving user terminal set. Here, the hidden channel transmission can improve the security of file transmission and reduce the possibility of file leakage. Therefore, the file encryption transmission method can generate the public and private key pairs of the user part respectively through the key generation server and the user side for transmitting the file set, can reduce the possibility of revealing the public and private keys of the user, and can carry out the file signcryption of identity fusion on a plurality of file receivers, is suitable for one-to-many encryption transmission scenes, improves the anonymity of the transmitting side and the receiving side, and further improves the security of file transmission.

Drawings

The above and other features, advantages, and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. The same or similar reference numbers will be used throughout the drawings to refer to the same or like elements. It should be understood that the figures are schematic and that elements and components are not necessarily drawn to scale.

FIG. 1 is a flow chart of some embodiments of a file encrypted transmission method according to the present disclosure;

FIG. 2 is a schematic diagram of the structure of some embodiments of a file encrypted transmission apparatus according to the present disclosure;

fig. 3 is a schematic structural diagram of an electronic device suitable for use in implementing some embodiments of the present disclosure.

Detailed Description

Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.

It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings. Embodiments of the present disclosure and features of embodiments may be combined with each other without conflict.

It should be noted that the terms "first," "second," and the like in this disclosure are merely used to distinguish between different devices, modules, or units and are not used to define an order or interdependence of functions performed by the devices, modules, or units.

It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.

The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.

The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.

Fig. 1 illustrates a flow 100 of some embodiments of a file encrypted transmission method according to the present disclosure. The file encryption transmission method comprises the following steps:

step 101, acquiring a file set to be transmitted, a key generation parameter set sent by a key generation server and a public and private key pair of a first user part.

In some embodiments, an executing body (e.g., an electronic device) of the file encryption transmission method may acquire a file set to be transmitted, a key generation parameter set sent by a key generation server and a first user part public-private key pair through a wired connection manner or a wireless connection manner, where the key generation parameter set includes at least one of an elliptic curve non-zero multiplication group, an elliptic curve addition generator and a system public key. The files to be transmitted in the set of files to be transmitted may be files waiting to be transmitted to other clients or servers. The key generation server may be a server for generating and managing keys. The key generation parameters in the key generation parameter set may be parameters related to a key. The elliptic curve addition generator may be a point on the elliptic curve obtained by performing integer multiple addition on the elliptic curve addition generator, the points being all points on the elliptic curve except for the infinity point. The elliptic curve non-zero multiplication group may be a non-zero multiplication cyclic group formed based on a target prime number, and the target prime number may be a prime number, and it should be noted that the target prime number may be determined according to the actual situation and is not limited herein. The non-zero multiplicative cyclic group may be a bilinear mapping of a cartesian product of an elliptic curve addition cyclic group and an elliptic curve addition cyclic group. The elliptic curve addition cyclic group may be a cyclic group composed of points on an elliptic curve, the order of which is a target prime number, and the group operation of which is addition. The elliptic curve multiplication cyclic group may be a cyclic group formed by points on an elliptic curve, the order of which is a target prime number, and the group operation being multiplication. The system public key may be a product of a value randomly selected from the elliptic curve non-zero multiplicative group and an elliptic curve additive generator. The first user part public-private key pair may be a public key and a private key generated by the key generation server. The public key may be a set of values used to encrypt the set of files to be transferred. The private key may be a set of values used to decrypt the encrypted set of transmission files.

And 102, generating a second user part public-private key pair according to the elliptic curve non-zero multiplication group and the elliptic curve addition generator.

In some embodiments, the executing entity may generate the second user part public-private key pair according to the elliptic curve non-zero multiplicative group and the elliptic curve addition generator. The second user part public-private key pair may be a public key and a private key generated by a user terminal sending the file set to be transmitted.

As an example, the executing entity may first randomly select a value from the elliptic curve non-zero multiplicative group as the second user part private key. Wherein the second user part public key is different from the first value and the second value and is a value in the elliptic curve non-zero multiplicative group. Then, a product of the second user part private key and the elliptic curve addition generator is determined as a second user part public key. And finally, determining the second user part private key and the second user part public key as a second user part public-private key pair.

And 103, performing key splicing on the first user part public-private key pair and the second user part public-private key pair according to the system public key and the key generation parameter set to obtain the user public-private key pair.

In some embodiments, the executing body may perform key concatenation on the first user part public-private key pair and the second user part public-private key pair according to the system public key and the key generation parameter set, to obtain a user public-private key pair. The public and private key pair of the user can represent a public key and a private key of user side identity information, which are used for encrypting and decrypting a file set to be transmitted.

In some optional implementations of some embodiments, the key generation parameter set further includes a first hash function and elliptic curve addition loop group, and the second user part public-private key pair includes a second user part public key and a second user part private key. The elliptic curve addition cyclic group may be a cyclic group having a target prime number in order formed of points on an elliptic curve. The target prime number may be a prime number, and it should be noted that the target prime number may be determined according to practical situations, which is not limited herein. The first hash function may be a bilinear mapping function of a byte sequence of an arbitrary length composed of 0 or 1, a domain of a cartesian product of the elliptic curve addition cyclic group and the elliptic curve addition cyclic group, and a value domain of an elliptic curve non-zero multiplication group composed based on a target prime number. The second user portion public key may be any value from the elliptic curve non-zero multiplicative group. The second user part private key may be a value of a product of the second user part public key and the elliptic curve addition generator.

Optionally, the performing key concatenation on the first user part public-private key pair and the second user part public-private key pair according to the system public key and the key generation parameter set to obtain a user public-private key pair may include the following steps:

the first step, based on the second user part private key, performs the following determination steps:

And 1, transmitting the user identity information and the second user part public key to the key generation server to generate the first user part public-private key pair by the key generation server according to the user identity information, wherein the first user part public-private key pair comprises a first user part public key and a first user part private key. The user identity information may be identification information characterizing the identity of the user terminal that sends the file set to be transmitted. For example, the user identification information may be at least one of employee numbers, email addresses, and user phone numbers of the users corresponding to the user terminal. The first user part public key may be a public key generated by the key generation server. The first user part private key may be a private key generated by the key generation server.

And 2, inputting the user identity information, a first target user part public key and a second user part public key into a first hash function to obtain a user hash byte sequence, wherein the first target user part public key is the first user part public key sent by the key generation server, and the first hash function represents a byte sequence with any length formed by 0 or 1, a definition domain of Cartesian products of the elliptic curve addition cyclic group and a mapping function of an elliptic curve non-zero multiplication group formed based on target prime numbers.

And 3, determining the product of the user hash byte sequence and the system public key and the sum of the product and the first target user part public key as a first verification byte sequence.

And step 4, determining the product of the first target user part private key and the elliptic curve addition generating element as a second verification byte sequence, wherein the first target user part private key is the first user part private key sent by the key generation server.

And step 5, in response to determining that the first verification byte sequence and the second verification byte sequence are identical, splicing the second user part public key, the first user part public key and the second verification byte sequence, and determining that the second user part public key, the first user part public key and the second verification byte sequence are the user public key.

And 6, determining the product of the user hash byte sequence and the second user part private key and the inverse element of the sum of the first user part private key as the target user part private key.

And step 7, splicing the second user part private key and the target user part private key to obtain the user private key.

And 8, determining the public key and the private key of the user as a public and private key pair of the user.

And secondly, in response to the fact that the first verification byte sequence is different from the second verification byte sequence, selecting a numerical value from the elliptic curve non-zero multiplication group again to serve as a second user part private key, and continuing to execute the determining step.

In some optional implementations of some embodiments, the first user portion public-private key pair may be obtained by:

And a first step of screening non-zero values included in the elliptic curve non-zero multiplication group to obtain a first value and a second value. Wherein the first value and the second value may be elements of different, non-zero multiplicative groups of elliptic curves. And the execution main body of the public and private key pair of the first user part is a key generation server.

And a second step of determining the product of the first numerical value and the elliptic curve addition generator as a first user part public key.

And thirdly, inputting the user identity information, the first user part public key and the second user part public key into the first hash function to obtain a first hash byte sequence.

And fourth, determining the product of the second value and the first hash byte sequence and the sum of the product and the first value as a first user part private key.

And fifthly, determining the first user part public key and the first user part private key as a first user part public-private key pair.

Step 104, determining the received user signature information of the file receiving user terminal set.

In some embodiments, the executing body may determine the received user signature information of the file receiving user set, where the file receiving user in the file receiving user set is a user that receives the file set to be transmitted. The received user signature information may represent identity information of the file receiving user terminal set and integrity authentication of the file set to be transmitted.

In some optional implementations of some embodiments, the determining the received user signature information of the file receiving client set may include the following steps:

And a first step of determining a product of a third value and the elliptic curve addition generator as a user signature parameter, wherein the third value is a value in the elliptic curve non-zero multiplication group. The third value may be a value in the elliptic curve non-zero multiplicative group different from the first value, the second value, and the second user part private key.

The second step, for each file receiving user terminal in the file receiving user terminal set, executing the following generation steps:

and 1, determining the user public key and the user identity information corresponding to the file receiving user side as the receiving user public key and the receiving user identity information. The public key of the receiving user may be a public key corresponding to the file receiving user. The method of generating the received user public key may be the same as the method of generating the user public key.

And 2, determining the product of the sum of the second user part private key and the target user part private key included in the user private key and the third numerical value as the first user signature.

And 3, determining a second receiving user part public key, a first receiving user part public key, a sum of a second receiving verification byte sequence and a sum of products of a receiving user hash byte sequence and the system public key, which are included in the receiving user public key, as a second user signature, wherein the receiving user hash byte sequence is a byte sequence obtained by inputting the first receiving user part public key, the second receiving user part public key and the receiving user identity information into the first hash function. The second receiving user part public key may be a part public key generated by the file receiving user. The first receiving user part public key may be a part public key generated by the key generation server and based on the receiving user identification information. The second sequence of received validation bytes may be a product of the first received user portion private key and the elliptic curve addition generator. The first receiving user part private key may be a part key generated by the key generation server and based on the receiving user identification information.

And a sub-step 4 of determining the product of the first user signature and the second user signature as a target user signature.

And 5, inputting the received user identity information, the target user signature and the user signature parameters into the first hash function to obtain a second hash byte sequence.

And a substep 6 of determining, as a received user signature entry, a sum of a difference between a transmitted signature parameter and the second hash byte sequence and a remainder of dividing a fourth value by the target prime number, wherein the fourth value is any value in the elliptic curve non-zero multiplicative group. The transmission signature parameter is an unknown parameter.

Thirdly, carrying out accumulation and multiplication processing on each obtained received user signature item to obtain a user signature polynomial which is used as received user signature information.

And 105, performing file signcryption processing on the file set to be transmitted according to the public and private key pair of the user and the received user signature information to obtain a signcryption transmission file.

In some embodiments, the executing body may perform file signcryption processing on the file set to be transmitted according to the public and private key pair of the user and the signature information of the receiving user, so as to obtain a signcryption transmission file. The signcryption transmission file may be a file obtained by performing user signature and encryption on each file to be transmitted in the file set to be transmitted and then performing splicing.

In some optional implementations of some embodiments, the performing file signing processing on the file set to be transmitted according to the public-private key pair of the user and the received user signature information to obtain a signed transmission file may include the following steps:

And a first step of carrying out user signature on a file sending end corresponding to the file set to be transmitted according to the third numerical value, the system public key and the user public key included in the user public-private key pair to obtain a target user signature. The target user signature can represent the self identity of the file sending end.

As an example, the execution body may first input the user identification information and the user public key into the first hash function to obtain a user signature hash byte sequence. Then, the product of the user signature hash byte sequence and the system public key is determined as a target signature hash byte sequence. And then determining the sum of the target signature hash byte sequence, the second user part public key included in the user public key, the first user part public key and the second verification value as a signature hash byte sequence. And finally, determining the product of the signcryption hash byte sequence and the third numerical value as a target user signature.

And secondly, carrying out segmentation confusion recombination on the file set to be transmitted to obtain a confusion recombination file, wherein the confusion recombination file comprises file segmentation granularity information and segmentation file position information. The obfuscated and recombined file may be a file obtained by dividing each file to be transmitted in the set of files to be transmitted into two different granularities and then recombining the divided files. The file division granularity information may characterize the number of file divisions. The position information of the divided files can represent the position information of each divided partial file in the file set to be transmitted.

As an example, the execution body may first perform first division on each file to be transmitted in the set of files to be transmitted to generate a first divided file group, to obtain a first divided file group set. Then, each first divided file in the first divided file group set is divided for the second time to generate each second divided file, and each second divided file group set is obtained. And finally, sequentially combining the second divided file group sets to obtain the confusion recombination file. The sequence combination may be that first, each second divided file group set is combined with the second divided files located at the same position in the files to obtain a first combined file set, and then, each obtained first combined file is combined with the first combined file group located at the same position in the files to obtain an obfuscated recombinant file.

And thirdly, inputting the fifth numerical value into a second hash function, and performing exclusive OR operation with the confusion reorganization file to obtain a signcryption file, wherein the second hash function represents a function of a definition domain of a byte sequence with any length formed by 0 or 1 and a mapping of an elliptic curve non-zero multiplication group formed based on a target prime number, and the second hash function is a parameter in the key generation parameter set. The fifth value may be any value in the elliptic curve non-zero multiplicative group.

And step four, inputting the signcryption file, the target user signature and the user signature parameters into the first hash function to obtain a third hash byte sequence.

And fifthly, determining the sum of the third hash byte sequence, the second user part private key included in the user private key and the target user part private key as a ciphertext validity parameter.

And sixthly, combining and splicing the signcryption file, the received user signature information, the user signature parameters, the target user signature and the ciphertext validity parameters to obtain a signcryption transmission file.

And 106, carrying out key encryption processing on the public and private key pairs of the user to obtain an encryption key pair.

In some embodiments, the executing body may perform a key encryption process on the public and private key pair of the user to obtain an encryption key pair. The encryption key pair may be a key pair obtained by asymmetrically encrypting the user public and private key pair.

And step 107, carrying out segmentation processing on the signcryption transmission file to obtain a signcryption transmission file set after segmentation.

In some embodiments, the executing body may perform a segmentation process on the signcryption transfer file to obtain a segmented signcryption transfer file set. The segmentation process described above may be segmentation in terms of 4 bytes.

And step 108, generating a file transmission byte stream according to the encryption key pair and the segmented signcryption transmission file set.

In some embodiments, the executing entity may generate a file transfer byte stream according to the encryption key pair and the segmented signcryption transfer file set. The file transmission byte stream may be a byte stream obtained by converting the encryption key pair and the segmented signcryption transmission file set into byte formats for transmission.

In some optional implementations of some embodiments, the generating a file transfer byte stream according to the encryption key pair and the segmented signcryption transfer file set may include the steps of:

the first step, for each segmented signcryption transfer file in the segmented signcryption transfer file set, the following combination steps are executed:

And 1, determining the message length, the file encryption identification information, the segmentation serial number and the receiving address information of the segmented signcryption transmission file. The message length may be the number of bytes included in the segmented signcryption transfer file. The file encryption identification information may be identification information obtained by performing numerical encoding on an adopted encryption algorithm. The segment sequence number may be a position number of the segmented signcryption transfer file in the signcryption transfer file. The received address information may be address information of a file receiving user side.

And 2, carrying out integrity check on the segmented signcryption transmission file to obtain a file check value. The file check value may be used to detect whether the file set obtained after the file set to be transmitted is the same as the file set to be transmitted. In practice, the execution body may utilize a cyclic redundancy check algorithm to perform integrity check on the segmented signcryption transmission file, so as to obtain a file check value.

And 3, combining the message length, the file encryption identification information, the encryption key pair, the file verification value and the receiving address information to obtain transmission header information. The transmission header information may be located before the segmented signcryption transmission file, and is used for guaranteeing safe and effective transmission of the segmented signcryption transmission file.

And 4, performing byte stream conversion on the transmission header information and the segmented signcryption transmission file to obtain a transmission header byte stream and a transmission body byte stream. The transport header byte stream may be a byte stream that characterizes transport header information in terms of byte types. The transport byte stream may be a byte stream that characterizes the segmented signcryption transport file in terms of byte types.

And 5, combining the transmission header byte stream and the transmission body byte stream to obtain a file segment transmission byte stream.

And secondly, sequentially combining the obtained file segment transmission byte streams according to the obtained segment sequence numbers to obtain the file transmission byte streams.

And step 109, performing hidden channel transmission on the file transmission byte stream so as to enable the file receiving user terminal set to perform decryption and reception.

In some embodiments, the execution body may perform a hidden channel transmission on the file transfer byte stream to perform decryption reception on the file reception client set. The decryption receiving user terminal set of the execution subject file can be decrypted by firstly analyzing the file transmission byte stream to obtain a target user signature, user signature parameters and a signcryption file. And secondly, determining the product of the sum of the second user part private key and the target user part private key, which is included in the receiving user private key corresponding to the file receiving user, and the target user signature as the receiving user signature. And inputting the receiving user identification information, the receiving user signature and the user signature parameter of the file receiving user end into the first hash function to obtain a receiving hash byte sequence. And substituting the received hash byte sequence into the target user signature item to solve, so as to obtain a solution result value. The target user signature item may be a signature function in which the transmission signature parameter in the reception user signature item is replaced with a reception hash byte sequence and the fourth value is used as an unknown item. And then, decrypting the signature and ciphertext files by using the solving result value to obtain each mixed transmission file group set, file segmentation granularity information and segmentation file position information. And finally, reordering the mixed transmission file group sets according to the file segmentation granularity information and the segmentation file position information to obtain the files to be transmitted.

As an example, the execution body described above may construct a temporal concealment channel. And then, using the time type hidden channel to carry out file transmission on the file transmission byte stream so as to carry out decryption receiving on the file receiving user side.

In the process of adopting the technical scheme to solve the first technical problem, the second technical problem is often accompanied by the occurrence of random quantum computers and the improvement of computer computing power, so that the attack on encryption technology is more and more, the security of only encrypting the private data in the file to be transmitted is lower and the security of the file to be transmitted is further improved on the basis of the encryption technology. Aiming at the technical problem II, the conventional solution is generally to fill the encrypted segmented file transmission byte stream into a load part in a network protocol message so as to transmit and send the segmented file transmission byte stream. However, the conventional solution still has the problems that, because the load part of the network protocol message is the key detection part for detecting the message abnormality, the original communication effect of the message is destroyed, and the data volume that the load part can be filled with is less, the safety of the encrypted segmented file transmission byte stream is lower, the possibility of exposing a hidden channel exists, the transmission efficiency and the transmission capacity are lower, and the waste of transmission resources is increased. The drawbacks considered by the inventors, combined with the encryption technology and the advantages/technical state of the art of hidden channel construction owned by the company where the inventors are located, we decided to adopt the following solutions:

in some optional implementations of some embodiments, the performing the hidden channel sending transmission on the file transfer byte stream to perform decryption reception on the file receiving client set may include the following steps:

the first step, for each file receiving user terminal in the file receiving user terminal set, the following steps of sending and transmitting are executed:

and 1, determining the network protocol address of the file receiving user side corresponding to the file transmission byte stream. The network protocol address may be a domain name or an IP (Internet Protocol Address, internet protocol) address of the file receiving user side using SSL (Secure Sockets Layer, secure socket layer protocol).

And 2, responding to the fact that the communication connection with the file receiving user terminal is established successfully, and sending a hidden handshake message to the file receiving user terminal through the network protocol address, wherein the hidden handshake message comprises the size of a file transmission byte stream, a file integrity check value, hidden channel version information and hidden channel type information. The hidden handshake message may be information for informing the file receiving user side of sending user side identity information and a hidden channel of the file set to be transmitted. The file integrity check value may be a value for checking whether the file sets to be transmitted are identical before and after transmission. The hidden channel type information may be information of the type of the hidden channel constructed with the file receiving user side. The hidden channel type information may include a storage type hidden channel, a serial type hidden channel, a time type hidden channel, and a packet long type hidden channel. The sequence type hidden channel can be a hidden channel for transmitting ciphertext through the ordering sequence among different cipher suites in a cipher suite list field in a Client Hello message which establishes first handshake connection with a file receiving user terminal. The packet long hidden channel can be a hidden channel for transmitting ciphertext through the length information of the Client Hello message.

And 3, responding to the response message of the hidden handshake message sent by the file receiving user terminal, wherein the hidden channel type information is a storage type hidden channel, and generating a first symmetric key. The first symmetric key may be a symmetric key used to encrypt and decrypt a file transfer byte stream.

Sub-step 4, based on the first symmetric key and the segmented file transfer byte stream set, performing the following encryption steps:

and a first sub-step of encrypting the segmented file transfer byte stream at the starting position in the segmented file transfer byte stream according to the first symmetric key to obtain a first encrypted file transfer byte stream.

As an example, the executing body may encrypt the segmented file transfer byte stream located at the start position in the segmented file transfer byte stream set according to the first symmetric key by using a symmetric encryption algorithm, to obtain a first encrypted file transfer byte stream.

And a second sub-step of determining the first encrypted file transfer byte stream as a second symmetric encryption key.

And a third sub-step of symmetrically encrypting the target segmented file transmission byte stream according to the second symmetrical encryption key to obtain a second encrypted file transmission byte stream, wherein the target segmented file transmission byte stream is a byte stream positioned behind the segmented file transmission byte stream at the starting position.

And a fourth sub-step of determining the first encrypted file transfer byte stream and the second encrypted file transfer byte stream as an encrypted transfer byte stream set in response to determining that the target segmented file transfer byte stream is a transfer byte stream located at a termination position of the segmented file transfer byte stream set.

In response to determining that the target segmented file transfer byte stream is not the byte stream located at the ending position in the segmented file transfer byte stream set, determining the second encrypted file transfer byte stream as a third symmetric encryption key as the first symmetric encryption key, and determining the segmented file transfer byte stream set from which the segmented file transfer byte streams corresponding to the first encrypted file transfer byte stream and the second encrypted file transfer byte stream are removed as the segmented file transfer byte stream set to execute the encrypting step again.

And step 6, embedding the encrypted transmission byte stream set and the synchronous transmission identifier information into a target field set in the handshake protocol message to obtain the handshake embedded protocol message. The synchronous transmission identifier information may be information of a sequence identifier for preventing the encrypted transmission byte stream in the encrypted transmission byte stream set from being out of order. The target field set may be a Random field and a Session ID field in a Client Hello message. The synchronous transmission identifier information is information embedded in the Session ID field. It should be noted that, since Random fields and Session ID fields in the Client Hello message store some Random fields generated by sending the file set to be transmitted in the original message, modifying the Random fields will not affect the identification of the message, so that the message can be avoided to be identified as an abnormal message to a certain extent.

And 7, carrying out flow anomaly detection on the handshake embedded protocol message to obtain a flow anomaly detection value. The traffic anomaly detection value may represent a probability value that the embedded handshake protocol packet is identified as an anomaly packet. The larger the traffic anomaly detection value is, the greater the possibility that the embedded handshake protocol message is recognized as an abnormal message. In practice, the executing body may first input the handshake embedded protocol packet to a denoising self-encoder to obtain a protocol feature vector set. And then, inputting the protocol feature vector set into a message flow anomaly detection model optimized based on a moth fire suppression optimization algorithm to obtain a flow anomaly value. The message flow abnormality detection model may be a model in which a gating circulation unit network is added to a convolutional neural network.

And step 8, in response to determining that the flow anomaly detection value is smaller than or equal to a preset abnormal value threshold, determining the sending times of the handshake embedded protocol message according to the encrypted transmission byte stream set. The preset abnormal value threshold may be a preset minimum value identified as an abnormal message. For example, the preset abnormal value threshold may be 0.85.

As an example, the executing body may determine, as the number of transmissions, the number of bytes corresponding to the encrypted transmission byte stream set divided by the number of bytes transmitted by the handshake embedded protocol packet in response to determining that the traffic anomaly value is less than or equal to a preset anomaly value threshold.

And step 9, transmitting the message of the embedded handshake protocol and the corresponding handshake ending message for the file receiving user end to decrypt and receive.

The technical scheme and related content are taken as an invention point of the embodiment of the disclosure, and the technical problem mentioned in the background art is solved, namely, the load part of the network protocol message is a key detection part for detecting abnormal messages, the original communication effect of the message is destroyed, the data volume which can be filled in the load part is less, the safety of the encrypted segmented file transmission byte stream is lower, the possibility of hidden channel exposure exists, the transmission efficiency and transmission capacity are lower, and the waste of transmission resources is increased. The encrypted segmented file transmission byte stream is low in safety, hidden channel exposure possibility exists, transmission efficiency and transmission capacity are low, and the waste of transmission resources is increased due to the fact that a load part of a network protocol message is an important detection part for detecting message abnormality, original communication effect of the message is damaged, and data volume which can be filled in the load part is small. If the above factors are solved, the effects of improving the safety of the encrypted segmented file transmission byte stream, reducing the possibility of exposure of a hidden channel, improving the transmission efficiency and the transmission capacity and reducing the waste of transmission resources can be achieved. In order to achieve the effect, the method and the device firstly determine the network protocol address of the file receiving user side, establish network connection and send a hidden handshake message, and can determine the type of a hidden channel constructed by the user side sending the file set to be transmitted, so that the file receiving user side can perform corresponding extraction and decryption operations on the specific hidden channel, and the decryption receiving efficiency of the file receiving user side is improved. And then, generating a circular symmetric key, and performing circular symmetric encryption coding on the segmented file transmission byte stream set, so that the concealment of a concealed channel can be improved, and the transmission safety can be improved. Then, adding synchronous transmission identifier information in the encrypted transmission byte stream, and embedding the encrypted transmission byte stream into a Random field and a Session ID field in a handshake protocol message can improve transmission capacity of a hidden channel, and can enhance transmission robustness of the hidden channel through embedding the synchronous transmission identifier information. Finally, the abnormal flow detection is carried out on the handshake embedded protocol message, so that the possibility that the handshake embedded protocol message is detected can be reduced, the concealment of the handshake embedded protocol message is further improved, and the safety of the encrypted segmented file transmission byte stream is improved.

With further reference to fig. 2, as an implementation of the method shown in the above figures, the present disclosure provides some embodiments of a file encryption transmission apparatus, which correspond to those method embodiments shown in fig. 1, and which are particularly applicable to various electronic devices.

As shown in fig. 2, a file encryption transmission apparatus 200 includes an acquisition unit 201, a first generation unit 202, a key concatenation unit 203, a determination unit 204, a file signcryption unit 205, a key encryption unit 206, a segmentation unit 207, a second generation unit 208, and a hidden channel transmission unit 209. The obtaining unit 201 is configured to obtain a file set to be transmitted, a key generation parameter set sent by a key generation server and a first user part public-private key pair, wherein the key generation parameter set comprises at least one of elliptic curve non-zero multiplication groups, elliptic curve addition generation elements and a system public key. The first generation unit 202 is configured to generate a second user part public-private key pair based on the elliptic curve non-zero multiplicative group and the elliptic curve addition generator. The key stitching unit 203 is configured to perform key stitching on the first user part public-private key pair and the second user part public-private key pair according to the system public key and the key generation parameter set, so as to obtain a user public-private key pair. The determining unit 204 is configured to determine receiving user signature information of a file receiving user side set, where the file receiving user side in the file receiving user side set is a user side that receives the file set to be transmitted. The file signing unit 205 is configured to perform file signing on the file set to be transmitted according to the public and private key pair of the user and the received user signature information, so as to obtain a signed transmission file. The key encryption unit 206 is configured to perform a key encryption process on the above-described user public-private key pair to obtain an encrypted key pair. The segmentation unit 207 is configured to segment the signcryption transfer file to obtain a segmented signcryption transfer file set. The second generating unit 208 is configured to generate a file transfer byte stream based on the encryption key pair and the segmented signcryption transfer file set. The hidden channel transmission unit 209 is configured to perform a hidden channel transmission on the file transfer byte stream for decryption reception by the file reception client set.

It will be appreciated that the elements described in the file encrypted transmission apparatus 200 correspond to the respective steps in the method described with reference to figure 1. Thus, the operations, features and advantages described above for the method are equally applicable to the file encryption transmission device 200 and the units contained therein, and are not described herein.

Referring now to fig. 3, a schematic diagram of an electronic device (e.g., electronic device) 300 suitable for use in implementing some embodiments of the present disclosure is shown. The electronic device shown in fig. 3 is merely an example and should not impose any limitations on the functionality and scope of use of embodiments of the present disclosure.

As shown in fig. 3, the electronic device 300 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 301 that may perform various suitable actions and processes in accordance with a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage means 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data required for the operation of the electronic apparatus 300 are also stored. The processing device 301, the ROM 302, and the RAM 303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.

In general, devices may be connected to I/O interface 305 including input devices 306 such as a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc., output devices 307 including a Liquid Crystal Display (LCD), speaker, vibrator, etc., storage devices 308 including, for example, magnetic tape, hard disk, etc., and communication devices 309. The communication means 309 may allow the electronic device 300 to communicate with other devices wirelessly or by wire to exchange data. While fig. 3 shows an electronic device 300 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead. Each block shown in fig. 3 may represent one device or a plurality of devices as needed.

In particular, according to some embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, some embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via communications device 309, or from storage device 308, or from ROM 302. The above-described functions defined in the methods of some embodiments of the present disclosure are performed when the computer program is executed by the processing means 301.

It should be noted that, in some embodiments of the present disclosure, the computer readable medium may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In some embodiments of the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In some embodiments of the present disclosure, however, the computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to electrical wiring, fiber optic cable, RF (radio frequency), and the like, or any suitable combination of the foregoing.

In some embodiments, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (Hyper Text Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.

The computer readable medium may be included in the electronic device or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to obtain a file set to be transmitted, a key generation parameter set sent by a key generation server, and a first user part public-private key pair, wherein the key generation parameter set includes at least one of an elliptic curve non-zero multiplicative group, an elliptic curve addition generator, and a system public key; generating a second user part public-private key pair according to the elliptic curve non-zero multiplication group and the elliptic curve addition generating element, performing key splicing on the first user part public-private key pair and the second user part public-private key pair according to the system public key and the key generating parameter set to obtain a user public-private key pair, determining receiving user signature information of a file receiving user terminal set, wherein the file receiving user terminal in the file receiving user terminal set is a user terminal for receiving the file set to be transmitted, performing file signing processing on the file set to be transmitted according to the user public-private key pair and the receiving user signature information to obtain a signature transmission file, performing key encryption processing on the user public-private key pair to obtain an encryption key pair, performing segmentation processing on the signature transmission file to obtain a segmented signature transmission file set, generating a file transmission byte stream according to the encryption key pair and the segmented signature transmission file set, performing channel transmission on the file transmission byte stream to perform channel transmission to receive and decrypt the file receiving user terminal set.

Computer program code for carrying out operations for some embodiments of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units described in some embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware. The described units may also be provided in a processor, for example, a processor may be described as comprising an acquisition unit, a first generation unit, a key concatenation unit, a determination unit, a file signcryption unit, a key encryption unit, a segmentation unit, a second generation unit and a covert channel transmission unit. The names of these units do not in some cases limit the unit itself, for example, the acquisition unit may also be described as "a unit that acquires a file set to be transmitted, a key generation parameter set sent by the key generation server, and a first user part public-private key pair".

The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic that may be used include Field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems-on-a-chip (SOCs), complex Programmable Logic Devices (CPLDs), and the like.

The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above technical features, but encompasses other technical features formed by any combination of the above technical features or their equivalents without departing from the spirit of the invention. Such as the above-described features, are mutually substituted with (but not limited to) the features having similar functions disclosed in the embodiments of the present disclosure.

Claims

1. A file encryption transmission method, comprising:

acquiring a file set to be transmitted, a key generation parameter set sent by a key generation server and a first user part public-private key pair, wherein the key generation parameter set comprises an elliptic curve non-zero multiplication group, an elliptic curve addition generation element, a system public key, a first hash function and an elliptic curve addition circulation group;

Generating a second user part public-private key pair according to the elliptic curve non-zero multiplication group and the elliptic curve addition generating element, wherein the second user part public-private key pair comprises a second user part public key and a second user part private key;

Based on the second user part private key, the following determination steps are performed:

The user identity information and the second user part public key are sent to the key generation server side so that the key generation server side can generate the first user part public-private key pair according to the user identity information, wherein the first user part public-private key pair comprises a first user part public key and a first user part private key;

Inputting the user identity information, a first target user part public key and a second user part public key into a first hash function to obtain a user hash byte sequence, wherein the first target user part public key is a first user part public key sent by a key generation server, and the first hash function represents a byte sequence with any length formed by 0 or 1, a definition domain of Cartesian products of the elliptic curve addition cyclic group and a mapping function of an elliptic curve non-zero multiplication group formed based on target prime numbers;

Determining the product of the user hash byte sequence and the system public key and the sum of the product and the first target user part public key as a first verification byte sequence;

Determining the product of a first target user part private key and the elliptic curve addition generating element as a second verification byte sequence, wherein the first target user part private key is a first user part private key sent by the key generation server;

In response to determining that the first verification byte sequence and the second verification byte sequence are identical, splicing the second user part public key, the first user part public key and the second verification byte sequence to determine the second user part public key and the second verification byte sequence as the user public key;

determining the product of the user hash byte sequence and the second user part private key and the inverse element of the sum of the second user part private key as the user part private key;

splicing the second user part private key and the user part private key to obtain a user private key;

Determining the public key and the private key of the user as a public-private key pair of the user;

In response to determining that the first and second sequences of validation bytes are different, reselecting a value from the elliptic curve non-zero multiplicative group as a second user portion private key to continue performing the determining step;

Determining received user signature information of a file receiving user terminal set, wherein the file receiving user terminal in the file receiving user terminal set is a user terminal for receiving the file set to be transmitted;

performing key encryption processing on the public and private key pairs of the user to obtain encrypted key pairs;

the method comprises the steps of carrying out segmentation processing on the signcryption transmission file to obtain a segmented signcryption transmission file set, and generating a file transmission byte stream according to the encryption key pair and the segmented signcryption transmission file set;

And carrying out hidden channel transmission on the file transmission byte stream so as to enable the file receiving user terminal set to carry out decryption and reception.

2. The method of claim 1, wherein the generating a file transfer byte stream from the encryption key pair and the segmented signcryption transfer file set comprises:

For each segmented signcryption transfer file in the segmented signcryption transfer file set, executing the following combination steps:

determining the message length, the file encryption identification information, the segmentation serial number and the receiving address information of the segmented signcryption transmission file;

carrying out integrity check on the segmented signcryption transmission file to obtain a file check value;

combining the message length, the file encryption identification information, the encryption key pair, the file verification value and the receiving address information to obtain transmission header information;

performing byte stream conversion on the transmission header information and the segmented signcryption transmission file to obtain a transmission header byte stream and a transmission body byte stream;

Combining the transmission header byte stream and the transmission body byte stream to obtain a file segment transmission byte stream;

And sequentially combining the obtained file segment transmission byte streams according to the obtained segment sequence numbers to obtain the file transmission byte streams.

3. The method of claim 1, wherein the first user portion public-private key pair is obtained by:

Screening non-zero values included in the elliptic curve non-zero multiplication group to obtain a first value and a second value;

Determining the product of the first numerical value and the elliptic curve addition generator as a first user part public key;

Inputting the user identity information, the first user part public key and the second user part public key into the first hash function to obtain a first hash byte sequence;

determining a sum of a product of the second value and the first hash byte sequence and the first value as a first user part private key;

And determining the first user part public key and the first user part private key as a first user part public-private key pair.

4. The method of claim 1, wherein determining the received user signature information for the set of file receiving clients comprises:

Determining a product of a third numerical value and the elliptic curve addition generator as a user signature parameter, wherein the third numerical value is a numerical value in the elliptic curve non-zero multiplicative group;

For each file receiving user terminal in the file receiving user terminal set, executing the following generation steps:

determining a user public key and user identity information corresponding to the file receiving user side as a receiving user public key and receiving user identity information;

determining a product of a sum of a second user part private key and a user part private key included in the user private key and the third numerical value as a first user signature;

Determining a second user signature, which is a sum of a second receiving user part public key, a first receiving user part public key, a second receiving verification byte sequence and a product of the receiving user hash byte sequence and the system public key, wherein the second receiving user part public key, the first receiving user part public key and the second receiving verification byte sequence are included in the receiving user public key, and the receiving user hash byte sequence is a byte sequence obtained by inputting the first receiving user part public key, the second receiving user part public key and the receiving user identity identification information into the first hash function;

determining a product of the first user signature and the second user signature as a target user signature;

Inputting the received user identity information, the target user signature and the user signature parameters into the first hash function to obtain a second hash byte sequence;

Determining a sum of a difference value between a transmitted signature parameter and the second hash byte sequence and a remainder obtained by dividing a fourth value by the target prime number as a received user signature item, wherein the fourth value is any value in the elliptic curve non-zero multiplication group, and the transmitted signature parameter is an unknown parameter;

And carrying out accumulation and multiplication processing on each obtained received user signature item to obtain a user signature polynomial which is used as received user signature information.

5. The method of claim 4, wherein the performing file signing on the file set to be transmitted according to the public-private key pair of the user and the received user signature information to obtain a signed transmission file includes:

according to the third numerical value, the system public key and the user public key included in the user public-private key pair, carrying out user signature on a file sending end corresponding to the file set to be transmitted to obtain a target user signature;

Dividing, mixing and reorganizing the file set to be transmitted to obtain mixed and reorganized files, wherein the mixed and reorganized files contain file dividing granularity information and dividing file position information;

Inputting a fifth numerical value into a second hash function, and performing exclusive or operation with the confusion reorganization file to obtain a signcryption file, wherein the second hash function represents a function of a definition domain of a byte sequence with any length formed by 0 or 1 and a mapping of an elliptic curve non-zero multiplication group formed based on a target prime number, and the fifth numerical value is any numerical value in the elliptic curve non-zero multiplication group;

inputting the signcryption file, the target user signature and the user signature parameters into the first hash function to obtain a third hash byte sequence;

determining the sum of the third hash byte sequence, the second user part private key included by the user private key and the user part private key as a ciphertext validity parameter;

And combining and splicing the signcryption file, the received user signature information, the user signature parameters, the target user signature and the ciphertext validity parameters to obtain a signcryption transmission file.

6. A file encryption transmission apparatus comprising:

The system comprises an acquisition unit, a first user part public and private key pair, a file set to be transmitted, a key generation parameter set sent by a key generation server and a first user part public and private key pair, wherein the key generation parameter set comprises an elliptic curve non-zero multiplication group, an elliptic curve addition generation element, a system public key, a first hash function and an elliptic curve addition circulation group;

The first generation unit is configured to generate a second user part public-private key pair according to the elliptic curve non-zero multiplication group and the elliptic curve addition generation element, wherein the second user part public-private key pair comprises a second user part public key and a second user part private key;

The key splicing unit is configured to send the user identity information and the second user part public key to the key generation server so that the key generation server generates the first user part public-private key pair according to the user identity information, wherein the first user part public-private key pair comprises a first user part public key and a first user part private key; inputting the user identity information, a first target user part public key and a second user part public key into a first hash function to obtain a user hash byte sequence, wherein the first target user part public key is a first user part public key which is sent by a key generation server and is used for receiving the key generation server, the first hash function characterizes a byte sequence with any length which is formed by 0 or 1, a definition domain of Cartesian products of elliptic curve addition cyclic groups and a mapping function of elliptic curve non-zero multiplication groups which is formed based on target prime numbers, a product of the user hash byte sequence and a system public key is determined, the sum of the product and the first target user part public key is used as a first verification byte sequence, a product of a first target user part private key and an elliptic curve addition generation element is determined as a second verification byte sequence, the first user part private key is sent by the key generation server and is used for receiving the key generation server, the first user part private key is determined to be a product of the second user part private key, the second user part private key is determined to be a second verification byte sequence in response to determining that the first verification byte sequence is identical to the first verification byte sequence, the second user part public key is the second user part public key, and the second user part private key is the second verification byte sequence, and the first user part private key is determined to be the second user part private byte sequence, an inverse element of the sum of the first user part private key is used as a user part private key; the method comprises the steps of determining a first verification byte sequence and a second verification byte sequence, splicing a second user part private key and a user part private key to obtain a user private key, determining the user public key and the user private key as a user public-private key pair, and re-selecting a numerical value from the elliptic curve non-zero multiplication group to serve as the second user part private key in response to the fact that the first verification byte sequence and the second verification byte sequence are different, so as to continuously execute the determining step;

the determining unit is configured to determine the received user signature information of the file receiving user terminal set, wherein the file receiving user terminal in the file receiving user terminal set is a user terminal for receiving the file set to be transmitted;

The file signcryption unit is configured to conduct file signcryption processing on the file set to be transmitted according to the user public and private key pair and the received user signature information to obtain a signcryption transmission file;

The key encryption unit is configured to perform key encryption processing on the public and private key pairs of the user to obtain an encryption key pair;

The segmentation unit is configured to segment the signcryption transmission file to obtain a segmented signcryption transmission file set;

a second generating unit configured to generate a file transfer byte stream according to the encryption key pair and the segmented signcryption transfer file set;

and the hidden channel sending and transmitting unit is configured to carry out hidden channel sending and transmitting on the file transmission byte stream so as to carry out decryption and receiving on the file receiving user terminal set.

7. An electronic device, comprising:

one or more processors;

A storage device having one or more programs stored thereon,

When executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-5.

8. A computer readable medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the method of any of claims 1-5.