CN111600867A

CN111600867A - Data encryption method and related equipment

Info

Publication number: CN111600867A
Application number: CN202010397750.2A
Authority: CN
Inventors: 马卓; 黎烨; 戴戈
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2020-05-12
Filing date: 2020-05-12
Publication date: 2020-08-28
Anticipated expiration: 2040-05-12
Also published as: CN111600867B

Abstract

The embodiment of the application discloses a data encryption method and related equipment, and an encryption algorithm used for encrypting data to be encrypted and an encryption key corresponding to the encryption algorithm and used for constructing an encryption circuit are determined. And determining a plurality of first lookup tables according to the encryption key and the first operation logic corresponding to the encryption key in the encryption algorithm. If the first data may be data in a preset data bit interval in the data to be encrypted, and the second data may be data in a preset data bit interval in the encryption key, then, for each first lookup table, the encryption result obtained by the first data through the second data under the first operation logic may be included. And determining the corresponding encryption circuit according to the plurality of first lookup tables. Thus, in encrypting target data as data to be encrypted by an encryption algorithm, data encryption can be performed by an encryption circuit instead of an encryption key. The method improves data security.

Description

Data encryption method and related equipment

Technical Field

The present application relates to the field of data processing, and in particular, to a data encryption method and related device.

Background

In the data transmission process, data is usually encrypted through a related secret key so as to transmit the encrypted data, and the safety and the accuracy of data transmission are ensured.

At present, in some scenes, an encryption algorithm is usually designed to be in a software form to encrypt data to be encrypted, and based on an encryption key corresponding to the encryption algorithm usually stored in the software, an attacker can easily obtain the encryption key by attacking the software, so that the encrypted data is cracked.

It can be seen that this encryption scheme cannot guarantee data security.

Disclosure of Invention

In order to solve the technical problem, the application provides a data encryption method and related equipment, so that the data security is improved.

The embodiment of the application discloses the following technical scheme:

in one aspect, an embodiment of the present application provides a data encryption method, where the method includes:

determining an encryption algorithm and a corresponding encryption key for encrypting data to be encrypted;

determining a plurality of first lookup tables according to the encryption key and a first operation logic corresponding to the encryption key in the encryption algorithm; the first lookup table comprises an encryption result obtained by first data through second data under the first operation logic, the first data is data in a preset data bit interval in data to be encrypted, and the second data is data in the preset data bit interval in the encryption key; the preset data bit intervals corresponding to the first lookup tables form a complete data bit interval of the data to be encrypted;

determining a corresponding encryption circuit according to the plurality of first lookup tables;

and in the process of encrypting the target data serving as the data to be encrypted by the encryption algorithm, the encryption circuit replaces the encryption key to encrypt the data.

On the other hand, an embodiment of the present application provides a data encryption apparatus, where the apparatus includes:

the device comprises a first determining unit, a second determining unit and a third determining unit, wherein the first determining unit is used for determining an encryption algorithm and a corresponding encryption key for encrypting data to be encrypted;

a second determining unit, configured to determine a plurality of first lookup tables according to the encryption key and a first operation logic corresponding to the encryption key in the encryption algorithm; the first lookup table comprises an encryption result obtained by first data through second data under the first operation logic, the first data is data in a preset data bit interval in data to be encrypted, and the second data is data in the preset data bit interval in the encryption key; the preset data bit intervals corresponding to the first lookup tables form a complete data bit interval of the data to be encrypted;

a third determining unit, configured to determine a corresponding encryption circuit according to the plurality of first lookup tables;

and an encryption unit configured to encrypt data by the encryption circuit instead of the encryption key in a process of encrypting target data as the data to be encrypted by the encryption algorithm.

In another aspect, an embodiment of the present application provides an apparatus, where the apparatus includes a processor and a memory:

the memory is used for storing program codes and transmitting the program codes to the processor;

the processor is configured to perform the above method according to instructions in the program code.

In another aspect, an embodiment of the present application provides a computer-readable storage medium for storing a computer program, where the computer program is used to execute the above method.

According to the technical scheme, the encryption algorithm used for encrypting the data to be encrypted and the encryption key corresponding to the encryption algorithm and used for constructing the encryption circuit are determined. And determining a plurality of first lookup tables according to the encryption key and the first operation logic corresponding to the encryption key in the encryption algorithm. If the first data may be data in a preset data bit interval in the data to be encrypted, and the second data may be data in a preset data bit interval in the encryption key, then, for each first lookup table, the encryption result obtained by the first data through the second data under the first operation logic may be included. And determining the corresponding encryption circuit according to the plurality of first lookup tables. Thus, in encrypting target data as data to be encrypted by an encryption algorithm, data encryption can be performed by an encryption circuit instead of an encryption key. The method replaces an encryption key in an encryption algorithm by a hardware circuit. Based on the difficulty of attacking the hardware circuit by an attacker, the encryption key is difficult to obtain to crack encrypted data, and the data security is improved.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.

Fig. 1 is a schematic view of an application scenario of a data encryption method according to an embodiment of the present application;

fig. 2 is a flowchart of a data encryption method according to an embodiment of the present application;

FIG. 3 is a flow chart of a software algorithm provided by an embodiment of the present application;

fig. 4 is a flowchart of a method for generating an encryption circuit according to an embodiment of the present application;

FIG. 5a is a schematic diagram of a circuit unit of a T-box lookup table according to an embodiment of the present application;

FIG. 5b is a schematic diagram of another circuit unit of a T-box lookup table according to an embodiment of the present application;

FIG. 6 is a schematic diagram of a column shift circuit unit according to an embodiment of the present disclosure;

fig. 7 is a schematic diagram of an exclusive-or circuit unit according to an embodiment of the present disclosure;

FIG. 8 is a schematic diagram of a wheel computing module provided in an embodiment of the present application;

fig. 9 is a schematic view of a data encryption method scenario provided in an embodiment of the present application;

fig. 10 is a flowchart of a method for generating an encryption circuit according to an embodiment of the present application;

fig. 11 is a flowchart of an encryption circuit generation method corresponding to the AES algorithm according to an embodiment of the present application;

fig. 12 is a schematic diagram of a data encryption apparatus according to an embodiment of the present application;

fig. 13 is a block diagram of a data processing apparatus according to an embodiment of the present application;

fig. 14 is a block diagram of a server according to an embodiment of the present application.

Detailed Description

Embodiments of the present application are described below with reference to the accompanying drawings.

In some scenarios, the encryption algorithm is usually designed as software to encrypt data to be encrypted, and based on that an encryption key corresponding to the encryption algorithm is usually stored in the software, an attacker can easily obtain the encryption key by attacking the software, thereby cracking the encrypted data. It can be seen that this encryption scheme cannot guarantee data security.

To this end, the embodiment of the present application provides a data encryption method, which replaces an encryption key in an encryption algorithm by a hardware circuit. Based on the difficulty of attacking the hardware circuit by an attacker, the encryption key is difficult to obtain to crack encrypted data, and the data security is improved.

First, an execution body of the embodiment of the present application will be described. The data encryption method provided by the application can be executed by data processing equipment, and the data processing equipment can be terminal equipment or a server. The terminal device may be, for example, a smart phone, a computer, a Personal Digital Assistant (PDA), a tablet pc, a Point of Sales (POS), a vehicle-mounted computer, or the like. The server may be an independent server, or may be a server in a cluster, a cloud server, or the like.

The data encryption method provided by the embodiment of the application can be applied to a blockchain, including any scene about encryption in the blockchain, and the execution subject of the data encryption method can be that the data processing device can be a node in the blockchain. The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.

The block chain underlying platform can comprise processing modules such as user management, basic service, intelligent contract and operation monitoring. The user management module is responsible for identity information management of all blockchain participants, and comprises public and private key generation maintenance (account management), key management, user real identity and blockchain address corresponding relation maintenance (authority management) and the like, and under the authorization condition, the user management module supervises and audits the transaction condition of certain real identities and provides rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node equipment and used for verifying the validity of the service request, recording the service request to storage after consensus on the valid request is completed, for a new service request, the basic service firstly performs interface adaptation analysis and authentication processing (interface adaptation), then encrypts service information (consensus management) through a consensus algorithm, transmits the service information to a shared account (network communication) completely and consistently after encryption, and performs recording and storage; the intelligent contract module is responsible for registering and issuing contracts, triggering the contracts and executing the contracts, developers can define contract logics through a certain programming language, issue the contract logics to a block chain (contract registration), call keys or other event triggering and executing according to the logics of contract clauses, complete the contract logics and simultaneously provide the function of upgrading and canceling the contracts; the operation monitoring module is mainly responsible for deployment, configuration modification, contract setting, cloud adaptation in the product release process and visual output of real-time states in product operation, such as: alarm, monitoring network conditions, monitoring node equipment health status, and the like.

The platform product service layer provides basic capability and an implementation framework of typical application, and developers can complete block chain implementation of business logic based on the basic capability and the characteristics of the superposed business. The application service layer provides the application service based on the block chain scheme for the business participants to use.

In order to facilitate understanding of the technical solution of the present application, a server is taken as an execution subject, and a data encryption method provided by the embodiment of the present application is introduced in combination with an actual application scenario.

Referring to fig. 1, a schematic diagram of an application scenario of a data encryption method provided in an embodiment of the present application is shown. As shown in fig. 1, the data encryption method may be performed by the server 101 in this scenario.

In the embodiment of the application, an encryption algorithm and a corresponding encryption key for encrypting data to be encrypted can be determined. The data to be encrypted can be plaintext before encryption and intermediate results generated in the process of encrypting the plaintext through an encryption algorithm.

In the embodiment of the present application, the data to be encrypted and the encryption key may be binary data with the same number of data bits (bits), such as 128-Bit binary data. Then, the data to be encrypted may be decomposed into a plurality of predetermined data bit intervals, which together constitute a complete data bit interval of the data to be encrypted. As shown in fig. 1, for 128-bit data to be encrypted, the data bit interval can be equally divided into four identical preset data bit intervals, namely, the data bit interval from 1 st bit to 32 th bit, the data bit interval from 33 th bit to 64 th bit, the data bit interval from 65 th bit to 96 th bit, and the data bit interval from 97 th bit to 128 th bit.

As shown in fig. 1, the encryption method determined for data encryption includes three operation logics, respectively operation logic 1, operation logic 2, and operation logic 3. The encryption principle of the encryption algorithm can be that data to be encrypted is input into an arithmetic logic 1 to be calculated, and then an intermediate result 1 is obtained; then, the intermediate result 1 is calculated by the operation logic 2 through the key used for encryption to obtain an intermediate result 2; finally, the intermediate result 2 is calculated by the arithmetic logic 3 to obtain the final encrypted data.

Thus, for a plurality of preset data bit intervals for decomposing data to be encrypted, corresponding first lookup tables can be respectively determined according to an encryption key and first operation logic corresponding to the encryption key in the encryption algorithm, and then the plurality of first lookup tables are obtained. The arithmetic logic described herein embodies the flow of operations in each step of the encryption algorithm, for example, the arithmetic logic may be implemented by exchanging the 2 nd bit data with the 4 th bit data of the input 8-bit data.

It can be understood that, since the number of data bits in the predetermined data bit interval is limited between each predetermined data bit interval, based on the binary data, the data value that may occur in the predetermined data bit interval can be determined on the premise of determining the number of data bits, for example, if the number of data bits in the predetermined data bit interval is 5, the data value range of the predetermined data bit interval is 00000-11111. Therefore, for each preset data bit interval, data (in a data value range of the preset data bit interval) of the data to be encrypted in the preset data bit interval can be marked as first data, data in the encryption key in the preset data bit interval can be marked as second data, an encryption result obtained by the first data through the second data under a first operation logic, namely an operation logic corresponding to the encryption key, is determined, and a first lookup table corresponding to the preset data bit interval is formed.

That is, for a preset data bit interval, the determined corresponding first lookup table includes an encryption result obtained by the second data from any data within the data value range of the preset data bit interval under the first arithmetic logic. As shown in fig. 1, for the four preset data bit intervals, corresponding first lookup tables, that is, lookup table 1, lookup table 2, lookup table 3, and lookup table 4, are determined respectively.

Thus, the corresponding encryption circuit is determined according to the determined plurality of first lookup tables. In encrypting target data as data to be encrypted by an encryption algorithm, data encryption is performed by an encryption circuit instead of an encryption key.

The method replaces an encryption key in an encryption algorithm by a hardware circuit. Based on the difficulty of attacking the hardware circuit by an attacker, the encryption key is difficult to obtain to crack encrypted data, and the data security is improved.

Next, a data encryption method provided in an embodiment of the present application will be described with a server as an execution subject.

Referring to fig. 2, this figure shows a flowchart of a data encryption method provided in an embodiment of the present application, where the method may include:

s201: and determining an encryption algorithm and a corresponding encryption key for encrypting data to be encrypted.

The data to be encrypted may be a plaintext before encryption and an intermediate result generated in the process of encrypting the plaintext by an encryption algorithm. The data to be encrypted may be binary data, the present embodiment does not limit the number of data bits of the data to be encrypted, and in an actual scenario, the data to be encrypted may be, for example, binary data with 128 bits, and then, the encryption key may be binary data with the same number of data bits as the data to be encrypted.

The key used for encryption in the encryption algorithm is an encryption key in an asymmetric key or a symmetric key, and the key is binary data with the same data bit number as the data to be encrypted.

The asymmetric key is applied to a scenario where keys for data encryption and decryption are different keys. The symmetric key is applied to a scenario where the key for data encryption and decryption is the same key. In the embodiment of the present application, the key used for encryption in the encryption algorithm may be an encryption key in the asymmetric keys described above or a symmetric key.

For example, if the key used for encryption in the encryption algorithm is an encryption key a among asymmetric keys, it is necessary to decrypt data encrypted with the key a with a key b used for decryption corresponding to the key a. If the key is a symmetric key c, the data obtained by encrypting the key c can be decrypted by the key c.

It should be noted that the technical solution provided in the embodiment of the present application is applicable to various types of Encryption algorithms, such as white-box Encryption algorithms, including Advanced Encryption Standard (AES) Encryption Algorithm, Data Encryption Standard (DES) Algorithm, Tiny Encryption Algorithm (TEA), International Data Encryption Algorithm (IDEA), Triple Data Encryption Standard (3 DES) Algorithm, and the like.

S202: and determining a plurality of first lookup tables according to the encryption key and a first operation logic corresponding to the encryption key in the encryption algorithm.

The first data may be data in a preset data bit interval in the data to be encrypted, and the second data may be data in a preset data bit interval in the encryption key. Then, each determined first lookup table includes an encryption result of the first data by the second data under the first operation logic. And the preset data bit intervals corresponding to the plurality of first lookup tables form a complete data bit interval of the data to be encrypted.

The AES encryption algorithm is explained as an example. Let the data to be encrypted and the encryption key be 128-bit data. The AES encryption algorithm is a widely used symmetric encryption algorithm. The AES algorithm includes multiple rounds of encryption processes. Such as 10 rounds of encryption. For each encryption process, the key to be encrypted is a round key generated by an encryption key (128 bits), and the round key for each round of encryption process can also be 128 bits of data.

Referring to fig. 3, which shows a software algorithm flowchart provided by an embodiment of the present application, as shown in fig. 3, in the first 1-9 iterations, a password replacement Box (S-Box) replacement, a line shift (ShiftRows), a column obfuscation (MixColumns), and a round key addition (AddRoundKey) may be performed on data in sequence. In round 10 encryption, S-box replacement, row shifting, and round key addition may be performed on the data.

The S-box permutation may refer to calculating each byte in the input matrix by a non-linear substitution function, and substituting the obtained result for the original byte. Row shifting may refer to cyclically shifting each row in a matrix. Column obfuscation may refer to an operation of fully mixing the columns in the matrix, and four bytes of each column may be mixed by linear transformation. Round key addition may refer to the exclusive or addition of each byte in the round key with each corresponding byte in the input matrix.

The process of encrypting the data to be encrypted by the AES algorithm is as follows:

the play in the above description may be data to be encrypted, the state is an intermediate result (which may also be denoted as newly obtained data to be encrypted) for encrypting the data to be encrypted, and the cipertext may be an intermediate result (which may also be denoted as newly obtained data to be encrypted) obtained by encrypting the data to be encrypted. In the calculation process, the data to be encrypted and the data with the encryption key of 16 bytes can be calculated in a 4 x 4 matrix form.

It will be appreciated that since S-box replacement replaces each byte in the input data one by one, regardless of the order of the bytes, the row shift and S-box replacement can swap orders. And secondly, shifting after the round key is added, namely shifting the round key and the data to be encrypted simultaneously, and then performing the process or the process. Whereby the row-shifted round key addition and row shifting can exchange order. That is, the process is as follows:

with respect to the software form described above, it will be appreciated that in each round of encryption, the round key plus S-box replacement for each round can be fused into 16T-boxes that map a byte (8-bit data) to another byte (8-bit data). The T-box is defined as follows:

T_ir(x)＝S(x XOR k_r-1(i))，for i＝0…15and r＝1…9，

T_i10(x)＝S(x XOR k₉(i))OR k₁₀(i)，for i＝0…15。

where XOR may refer to an XOR operation, for k_r-1Wherein each byte is marked as k_r-1(i)，i＝0…15。

Wherein, the array S is defined as a standard S box of the AES algorithm, and aims at data to be encrypted or intermediate results (128 bits and the numerical value of 0-256). The S box is as follows:

S[256]＝{0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,…,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16}；

for the calculation process, 10 rounds of encryption processes are involved, each round of encryption process comprises 16T boxes, and then 160T boxes are in total.

In the 1 st to 9 th iteration, the output data (data to be encrypted) calculated by T-boxes, i.e. a 4 x 4 matrix, may be subjected to a row-confusion transformation. Taking the first round of encryption as an example, assume that each column in the 4 × 4 matrix is T01, T11, T21, T31. Each column has 4 bytes, and each column is multiplied by a 4 x 4 matrix MC, which may be a predetermined matrix, in the form of a column vector. Assume that a column vector includes 4 bytes, x0, x1, x2, and x 3. The multiplication of the column vector by the matrix MC can be written as:

definition Tyi is:

Ty₀(x)＝x·[02 01 01 03]^T；

Ty₁(x)＝x·[03 02 01 01]^T；

Ty₂(x)＝x·[01 03 02 01]^T；

Ty₃(x)＝x·[01 01 03 02]^T；

the point multiplication here is a multiplication in the Rijndael finite field in the AES standard.

Then the operation of the column obfuscation generating a 4-byte intermediate process can be written as:

Ty₀(x₀)XOR Ty₁(x₁)XOR Ty₂(x₂)XOR Ty₃(x₃)

thus, 4 bytes are obtained, and the four bytes are obtained by x0, x1, x2 and x 3.

Each column vector is calculated in this way, resulting in an intermediate result by column aliasing, i.e. a 4 x 4 matrix, which is taken as input for the row shift in the calculation of the 2 nd round of dots.

Then, the first operation logic is the round key addition and password replacement S-box replacement in the above. The method of S202 includes:

s301: and determining a plurality of fifth lookup tables according to the ith round key and the first operation logic aiming at the ith round encryption process in the multi-round encryption processes.

Wherein the ith round key is determined according to the encryption key; the third data may be data in a preset data bit interval in the ith round key, and the fifth lookup table includes an encryption result obtained by the first data through the third data under the first arithmetic logic. That is to say, for a preset data bit interval of the data to be encrypted, the determined corresponding fifth search includes an encryption result obtained by the third data from any data within the data value range of the preset data bit interval under the first arithmetic logic.

S302: and determining the plurality of first lookup tables according to the plurality of fifth lookup tables respectively determined in the multi-round encryption process.

In this way, in each round of encryption, the plurality of fifth lookup tables determined in the plurality of rounds of encryption may be determined as the plurality of first lookup tables.

S203: and determining the corresponding encryption circuit according to the plurality of first lookup tables.

In a specific implementation, a Hardware Description Language (HDL) such as Verilog HDL, Very High speed hardware Description Language (VHDL), and the like may be generated according to the plurality of first lookup tables, so as to determine the corresponding encryption circuit.

In order to further increase the complexity of the first arithmetic logic, in a possible implementation manner, the method for determining the corresponding encryption circuit according to the plurality of first lookup tables in S203 includes:

and performing data conversion on the first lookup table through a third operation logic to determine a corresponding third lookup table.

Wherein the third arithmetic logic comprises any one or more combinations of reversible encoding and linear transformation.

That is, for a preset data bit interval, the determined corresponding third lookup table includes an encryption result obtained by passing any data within the data value range of the preset data bit interval through the second data under the first arithmetic logic, and then the encryption result is subjected to data conversion through the third arithmetic logic to obtain a corresponding result.

Thus, the corresponding encryption circuit is determined from the plurality of third lookup tables.

S204: and in the process of encrypting the target data serving as the data to be encrypted by the encryption algorithm, the encryption circuit replaces the encryption key to encrypt the data.

It should be noted that, in an actual scenario, the encryption circuit may be constructed by the methods of S201 to S203 described above. After the encryption circuit is constructed, when the encryption algorithm and the encryption key need to be applied to encrypt the data to be encrypted each time, the encryption circuit determined in S203 may be directly applied to encrypt the data, without re-determining the encryption circuit.

In a possible implementation manner, the S204, the method for encrypting data by the encryption circuit instead of the encryption key includes:

it can be understood that the encryption circuit is determined according to a plurality of first lookup tables, each first lookup table corresponds to data of a preset data bit interval in the data to be encrypted, and the encryption circuit has a corresponding sub-circuit based on each first lookup table. Therefore, when the target data is encrypted by the encryption circuit, the data in the preset data bit interval in the target data can be input into the sub-circuit corresponding to the preset data bit interval (i.e. the first lookup table) in the encryption circuit according to the preset data bit interval corresponding to the first lookup table, so as to obtain the corresponding sub-data. And respectively obtaining corresponding subdata for the data in each preset data bit interval in the target data in the mode.

Therefore, according to the sub data obtained by each sub circuit, the data generated after the target data is operated by the first operation logic is determined.

The sub-data are spliced into complete data according to the sequence of the preset data bit interval in the complete data bit interval of the target data, and the obtained complete data is the data generated after the target data is operated by the first operation logic.

The target data may be a plaintext to be encrypted or an intermediate result obtained by performing calculation through an operation logic in an encryption algorithm corresponding to the plaintext.

In order to increase the difficulty of cracking the encrypted data, in a possible implementation manner, the method further includes:

s205: determining a plurality of second lookup tables by a second operation logic of the encryption algorithm other than the first operation logic.

The second lookup table includes an operation result of the first data obtained under the second operation logic.

For the AES encryption algorithm, in one possible implementation, the second operation logic includes row shifting and column obfuscation, and the determining the plurality of second lookup tables by the second operation logic except the first operation logic in the encryption algorithm includes:

s401: and determining a plurality of sixth lookup tables according to the second operation logic aiming at the ith round of encryption process in the multiple rounds of encryption processes, wherein the sixth lookup tables comprise operation results of the first data under the second operation logic.

S402: and determining the plurality of second lookup tables according to the plurality of sixth lookup tables respectively determined in the multi-round encryption process.

In this manner, in S204, in the process of encrypting the target data as the data to be encrypted by the encryption algorithm, data encryption is performed by a plurality of second lookup tables instead of the second arithmetic logic in the encryption algorithm.

By the method, the second operation logic in the encryption algorithm is hidden, the cracking difficulty of the encrypted data is increased, and the data security is improved.

In a possible implementation manner, the determining, in S203, a manner of the corresponding encryption circuit according to the plurality of first lookup tables includes:

and determining the corresponding encryption circuit according to the plurality of first lookup tables and the plurality of second lookup tables. Thus, it is possible to prevent the occurrence of,

the above encrypting data by replacing the second operation logic in the encryption algorithm with a plurality of second lookup tables includes: and carrying out data encryption by using an encryption circuit instead of the second arithmetic logic.

Through the mode of replacing the second operation logic by the hardware circuit, the data cracking difficulty is further increased, and the data safety is improved.

Next, with respect to the AES encryption algorithm, a manner of generating an encryption circuit including a first operation logic and a second operation logic will be described. In this way, in each round of encryption, the encryption circuit can replace the operation of round key addition and S box replacement on the data to be encrypted.

The AES encryption algorithm is designed into a lookup table form and can be recorded as a white-box AES algorithm, wherein the white-box AES algorithm is a software implementation mode and aims to solve the problem of how to protect an encrypted key when data is encrypted in an unsafe environment. The design goal of the algorithm is to ensure that the secret key is not leaked under the condition that an attacker can observe and modify the running process of the encrypted program. The principle of the design is that the steps of the AES algorithm are converted into table look-up operation, the secret key is hidden in the look-up table, and then the input and output of the algorithm are mixed with the intermediate process, so that the code form becomes complicated, and an attacker is prevented from reversely cracking the secret key. When the program needs to encrypt data, only encrypted plaintext needs to be provided without providing a secret key, and the ciphertext is obtained after the encrypted plaintext is encrypted by a white-box AES algorithm.

In determining the encryption circuit, referring to fig. 4, a flowchart of a method for generating an encryption circuit according to an embodiment of the present application is shown, and as shown in fig. 4, the method includes:

first, a key for encryption may be selected and key expansion performed.

Where the key K for encryption is for 16 bytes. Carrying out key expansion on the key to obtain 10 rounds of key k_r(r 1 … 10) and the original key k₀Each round key is 16 bytes in length. Performing a line shift operation on the original key and the round key, i.e. k_r-1＝ShiftRows(kr-1)。

Then, the computation T-box computes the corresponding look-up table. And the T box calculates the corresponding lookup table to be the fifth lookup table.

The formula for calculating the T-box is as described above, and is not described herein again. For T-box computation of 10 iterations, corresponding 160 arrays Tir (i-0 … 15, r-1 … 10) may be defined. These arrays T are described using a Hardware Description Language (HDL) such as Verilog HDL, Very High speed hardware Description Language (VHDL), and the like, so as to construct circuit units corresponding to the T-boxes.

Referring to fig. 5a, which shows a schematic diagram of a T-box lookup table circuit unit provided in an embodiment of the present application, as shown in fig. 5a, an array is used as a T-box lookup table circuit unit with 8 bits, i.e., one byte input, and 8 bits, i.e., one byte output, x is input as an index of the array, and an array value T (x) corresponding to the index is used as an output of the T-box lookup table circuit unit. Referring to fig. 5b, which shows another schematic diagram of the T-box lookup table circuit unit provided in the embodiment of the present application, as shown in fig. 5b, data to be encrypted or an intermediate result, that is, data of 16 bytes, is input to the T-box lookup table circuit unit, corresponding data T (i) (i ═ 0,1, …,15) is obtained by calculation for each byte, and 16 calculation results are combined into one output data.

In addition, referring to fig. 6, which shows a schematic diagram of a row shifting circuit unit provided in an embodiment of the present application, as shown in fig. 6, for input data to be encrypted or an intermediate result (each is a 4 × 4 byte matrix corresponding to 16 bytes of data), a shifting operation of the data is completed through arrangement of data lines, the data lines in the diagram are replaced with the data lines, and the data lines are mapped into a circuit as a hardware implementation of the row shifting circuit unit.

Then, column obfuscating corresponding lookup tables may be computed, including computing Tyi a lookup table and computing Tyi an exclusive or table. The calculation formula for the Tyi lookup table is as described above, and is not described herein again. In a specific implementation, the array Tyi lookup table may be described by an HDL such as Verilog HDL, VHDL, etc., with the input x of the Tyi table being the index of the array, and the value tyi (x) corresponding to the array being the output of the Tyi lookup table. It will be appreciated that there are 4 column vectors multiplied by the predetermined matrix MC per pass, and there are 4 Tyi look-up tables per multiplication, and there are 144 Tyi look-up tables in 9 iterations (no column confusion in round 10).

Tyi the exclusive or between the output results may also be written in the form of a table. Defined as an XOR lookup table. When the 4 bytes are subjected to exclusive-or, two 4-bit numbers between the two bytes are subjected to exclusive-or respectively. Then, there are 3 XORs among the aforementioned pairs Tyi, there are 8 XOR lookup tables for each XOR, and the data to be encrypted or the intermediate result corresponds to 4 columns, so there are 96 XOR lookup tables in each iteration, and there are 864 XOR lookup tables in 9 iterations. The Tyi lookup table and the XOR lookup table are the sixth lookup table described above.

Therein, an array XOR (256) may be defined and the array calculated: xor (x) ═ x &0xF0 ^ (x &0xF), x ═ 0 … 255. The x &0xF0 may refer to the first 4 bits of x, and x &0xF may refer to the last 4 bits of x. Referring to fig. 7, which shows a schematic diagram of an exclusive-or circuit unit provided in the embodiment of the present application, as shown in fig. 7, for an exclusive-or between every four bytes, which is recorded as an exclusive-or between a (including byte 0, byte 1, byte 2, and byte 3) and B (including byte 4, byte 5, byte 6, and byte 7), the first 4 bits between 2 bytes corresponding to a and B may be taken for exclusive-or, and the last 4 bits between the corresponding 2 bytes may be taken for exclusive-or, so as to obtain an output result of 4 bytes. Byte 0 corresponds to byte 4, byte 1 corresponds to byte 5, byte 2 corresponds to byte 6, and byte 3 corresponds to byte 7.

The HDL is used for describing an exclusive-OR table, wherein the input x of the exclusive-OR table is used as an index of an array, and the corresponding value XOR (x) of the array is used as the output of the exclusive-OR table.

The round keys based on each round of iteration are different, resulting in different T-box lookup tables, and thus, the calculation modules of each round are different and cannot be shared, which is exemplified by the first round of iteration.

Referring to fig. 8, which shows a schematic diagram of a calculation module of a round provided by an embodiment of the present application, as shown in fig. 8, data to be encrypted is input into a calculation module of a first round, and a matrix (total 16 bytes) of 4 × 4 bytes of the data to be encrypted is used, where byte 0, byte 1, byte 2, and byte 3 are 4 bytes of a 1 st column. T0, T1, T2 and T3 are T-box lookup tables corresponding to these 4 bytes, and the input length is 1 byte and the output length is 1 byte. Ty0, Ty1, Ty2, Ty3 are Tyi-box lookup tables corresponding to these 4 bytes, with an input length of 1 byte and an output length of 4 bytes. The input length of the exclusive-or circuit unit is 8 bytes, and the output length is 4 bytes.

Each round of computation module consists of 16T-boxes, 16 Tyi look-up tables, 12 xor modules, 96 xor look-up tables.

After the algorithm flow is described by the HDL language, the generation of the encryption circuit can be realized by a Field Programmable Gate Array (FPGA) or an Application Specific Integrated Circuit (ASIC). At this point the AES encryption transform has the encrypted key hidden in the look-up table for several look-up table operations.

The corresponding process comprises the following steps:

and finally, realizing a corresponding AES algorithm form by using a hardware circuit.

According to the mode for constructing the encryption circuit, the encryption circuit is not constructed according to the operation logic of the encryption algorithm, so that the confidentiality of the encryption circuit for the encryption algorithm can be improved, and in addition, the number of the lookup tables constructed by the method is small, so that the generation efficiency of the encryption circuit is improved, and the complexity of the encryption circuit is reduced.

A data encryption method provided in the embodiment of the present application is introduced below with reference to specific scenarios.

The target operational logic for constructing the encryption circuit is assumed to be all the operational logic in the encryption algorithm. Referring to fig. 9, which is a schematic diagram illustrating a data encryption method scenario provided in an embodiment of the present application, as shown in fig. 9, an encryption circuit may be integrated in a System-on-a-Chip (SOC) or as a separate hardware Chip. Wherein the interaction between the processor and the encryption circuit is assumed to be performed in a peripheral access mode. The method comprises the following steps: the processor may set the corresponding encryption circuit based on the key of the processor. Then, the plaintext sent by the processor can be acquired, the processor sets the encryption to be started, the encryption circuit carries out encryption, and after the encryption is completed, the processor can be informed that the encryption is completed, so that the processor can read the ciphertext.

Referring to fig. 10, a flowchart of a method for generating an encryption circuit according to an embodiment of the present application is shown, where the method includes:

s1001: a key for encryption is selected from a preset plurality of keys.

In this example, a plurality of keys are set in advance, and a key for encrypting data to be encrypted can be selected from the keys.

S1002: and converting the operation logic related to the key in the encryption algorithm into equivalent lookup table operation.

For the AES encryption algorithm, the operation logic associated with the key may refer to the round key plus this operation logic.

S1003: the other operation logics except the operation logic related to the key in the encryption algorithm are converted into equivalent lookup table operation.

For the AES encryption algorithm, the operation logic independent of the key may be operation logic such as row shift, S-box replacement, and column obfuscation.

S1004: the look-up table is reversibly encoded and linearly varied.

Further algorithmic complications to the encryption algorithm are achieved by reversible coding and linear variation of the look-up table.

S1005: and generating an encryption circuit according to the lookup table corresponding to the encryption algorithm.

The method of generating an encryption circuit from a look-up table is described below using the AES encryption algorithm as an example. Referring to fig. 11, this figure shows a flowchart of an encryption circuit generation method corresponding to the AES algorithm provided in this embodiment of the present application, and as shown in fig. 11, the method includes:

s1101: a key for encryption is selected from a preset plurality of keys.

The description of this step is as described above in S1001, and is not repeated here.

S1102: the steps in each iteration of the encryption algorithm are determined.

For the AES encryption algorithm, 10 rounds of iterative computation are included, and the step of each round of iteration can be determined. The steps for each iteration are as described above, and are not described here again.

S1103: the round key addition and S-box replacement is translated into a T-box lookup table.

For each round of iterative computation, the round key addition and S-box replacement steps may be combined and converted into a T-box lookup table.

S1104: the column obfuscation is converted to Tyi lookup tables and xor lookup tables.

In each round, bytes in the data to be encrypted (or intermediate result) will be calculated with bytes in the corresponding round key. This type of calculation is replaced with a look-up table, i.e. based on each possible input, the corresponding output is calculated, tabulated in a one-to-one correspondence. Since the bytes in the data to be encrypted (or intermediate result) are much smaller than the complete data to be encrypted, the size of the look-up table determined in this way is made small enough to meet practical requirements. This step is referred to as converting the low order step into an equivalent look-up table operation.

Furthermore, other linear and non-linear changes to the intermediate result may be substituted with a look-up table.

Assuming that there are R iterations, there are P tables per iteration, and Q look-up tables outside the iteration. The final algorithm can be transformed into R × P + Q look-up tables.

S1105: obfuscating algorithms by reversible encoding and linear variation.

In software, the lookup operation can be implemented using a simple array index operation. If the above process is implemented by software, if the operating environment is not secure, an attacker can easily obtain the contents of a specific table through a disassembler or a debugger. For example, because the form of tboxesty tables is only related to one byte of the round key, there are only 256 possible construction forms, which can be easily exhausted, and a part of the key can be cracked by comparing the contents of a specific table.

For this purpose, an encoding may be used to map the intermediate processes to other values, and the mapping may be reversible, with the inverse mapping being used in the next step. This allows the form of the table to be changed while ensuring that the encryption is correct. In addition, reversible linear transformation can be used to increase the information diffusion.

If necessary, the intermediate process and the lookup table can be confused by reversible coding and linear transformation, which increases the difficulty of inversion of the algorithm. For a hardware circuit such as an encryption circuit, the difficulty of reverse is already large, and this step can be omitted.

S1106: and a hardware circuit for generating a lookup table corresponding to the encryption algorithm.

Finally, the algorithm in the form described above is implemented using hardware circuitry. The encryption process of the hidden key is feasible by using a circuit, and a hardware lookup table which can be configured repeatedly is widely applied to the FPGA.

The encryption process may be represented as inputting data to be encrypted, searching for a stage result according to the data to be encrypted (or an intermediate result), searching for a next stage result according to the stage result, and so on, and finally searching for a result of the last table, and outputting the result as encrypted data after encrypting the data to be encrypted.

Based on the foregoing data encryption method, an embodiment of the present application further provides a data encryption apparatus, see fig. 12, which shows a schematic diagram of the data encryption apparatus provided in the embodiment of the present application, and as shown in fig. 12, the apparatus includes:

a first determining unit 1201, configured to determine an encryption algorithm and a corresponding encryption key for encrypting data to be encrypted;

a second determining unit 1202, configured to determine a plurality of first lookup tables according to the encryption key and a first operation logic corresponding to the encryption key in the encryption algorithm; the first lookup table comprises an encryption result obtained by first data through second data under the first operation logic, the first data is data in a preset data bit interval in data to be encrypted, and the second data is data in the preset data bit interval in the encryption key; the preset data bit intervals corresponding to the first lookup tables form a complete data bit interval of the data to be encrypted;

a third determining unit 1203, configured to determine a corresponding encryption circuit according to the plurality of first lookup tables;

an encryption unit 1204, configured to encrypt data by the encryption circuit instead of the encryption key in a process of encrypting target data, which is the data to be encrypted, by the encryption algorithm.

In a possible implementation manner, the second determining unit 1202 is specifically configured to:

determining a plurality of second lookup tables by second operation logic in the encryption algorithm except the first operation logic; the second lookup table comprises an operation result of the first data under the second operation logic;

the encryption unit 1204 is specifically configured to: and in the process of encrypting the target data serving as the data to be encrypted by the encryption algorithm, replacing the second operation logic in the encryption algorithm by the plurality of second lookup tables to encrypt the data.

In a possible implementation manner, the encryption unit 1204 is specifically configured to:

determining the corresponding encryption circuit according to the plurality of first lookup tables and the plurality of second lookup tables;

the performing data encryption by replacing the second operation logic in the encryption algorithm with the plurality of second lookup tables comprises: and data encryption is carried out by the encryption circuit instead of the second arithmetic logic.

In a possible implementation manner, the third determining unit 1203 is specifically configured to:

performing data conversion on the first lookup table through a third operation logic to determine a corresponding third lookup table, wherein the third operation logic comprises any one or more combinations of reversible coding and linear transformation;

and determining the corresponding encryption circuit according to the plurality of third lookup tables.

according to the preset data bit intervals corresponding to the first lookup tables respectively, inputting the data of each preset data bit interval in the target data into the sub-circuit corresponding to each first lookup table in the encryption circuit respectively to obtain corresponding sub-data;

and determining data generated after the target data is operated by the first operation logic according to the sub-data obtained by each sub-circuit.

the encryption algorithm is an Advanced Encryption Standard (AES) algorithm, and the AES algorithm comprises a plurality of rounds of encryption processes; the first operation logic comprises round key addition and password replacement S box replacement, and aiming at the ith round encryption process in the multi-round encryption process, a plurality of fifth lookup tables are determined according to the ith round key and the first operation logic; the ith round key is determined according to the encryption key; the fifth lookup table includes an encryption result obtained by the first data through third data under the first arithmetic logic, where the third data is data in the preset data bit interval in the ith round key;

and determining the plurality of first lookup tables according to the plurality of fifth lookup tables respectively determined in the multi-round encryption process.

the second operation logic comprises row shifting and column confusion, and for the ith round of encryption process in the multiple rounds of encryption processes, a plurality of sixth lookup tables are determined according to the second operation logic, wherein the sixth lookup tables comprise operation results obtained by the first data under the second operation logic;

and determining the plurality of second lookup tables according to the plurality of sixth lookup tables respectively determined in the multi-round encryption process.

The embodiment of the present application further provides an apparatus, which may be the data processing apparatus in the foregoing, and the data processing apparatus is described below with reference to the accompanying drawings. Referring to fig. 13, an embodiment of the present application provides a structure diagram of a data processing device 1300, where the device 1300 may also be a terminal device, and the terminal device is taken as a mobile phone as an example:

fig. 13 is a block diagram illustrating a part of the structure of a mobile phone according to an embodiment of the present application. Referring to fig. 13, the handset includes: a Radio Frequency (RF) circuit 1310, a memory 1320, an input unit 1330, a display unit 1340, a sensor 1350, an audio circuit 1360, a wireless fidelity (WiFi) module 1370, a processor 1380, and a power supply 13130. Those skilled in the art will appreciate that the handset configuration shown in fig. 13 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.

The following describes each component of the mobile phone in detail with reference to fig. 13:

RF circuit 1310 may be used for receiving and transmitting signals during a message transmission or call, and in particular, for processing received downlink information of a base station by processor 1380; in addition, the data for designing uplink is transmitted to the base station. In general, the RF circuit 1310 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, RF circuit 1310 may also communicate with networks and other devices via wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Message Service (SMS), and the like.

The memory 1320 may be used to store software programs and modules, and the processor 1380 executes various functional applications and data processing of the cellular phone by operating the software programs and modules stored in the memory 1320. The memory 1320 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 1320 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The input unit 1330 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the cellular phone. Specifically, the input unit 1330 may include a touch panel 1331 and other input devices 1332. Touch panel 1331, also referred to as a touch screen, can collect touch operations by a user (e.g., operations by a user on or near touch panel 1331 using any suitable object or accessory such as a finger, a stylus, etc.) and drive the corresponding connection device according to a preset program. Alternatively, the touch panel 1331 may include two portions of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, and sends the touch point coordinates to the processor 1380, where the touch controller can receive and execute commands sent by the processor 1380. In addition, the touch panel 1331 may be implemented by various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 1330 may include other input devices 1332 in addition to the touch panel 1331. In particular, other input devices 1332 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.

The display unit 1340 may be used to display information input by a user or information provided to the user and various menus of the cellular phone. The Display unit 1340 may include a Display panel 1341, and optionally, the Display panel 1341 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, touch panel 1331 can overlay display panel 1341, and when touch panel 1331 detects a touch operation on or near touch panel 1331, processor 1380 can be configured to determine the type of touch event, and processor 1380 can then provide a corresponding visual output on display panel 1341 based on the type of touch event. Although in fig. 13, the touch panel 1331 and the display panel 1341 are two independent components to implement the input and output functions of the mobile phone, in some embodiments, the touch panel 1331 and the display panel 1341 may be integrated to implement the input and output functions of the mobile phone.

The handset may also include at least one sensor 1350, such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor that adjusts the brightness of the display panel 1341 according to the brightness of ambient light, and a proximity sensor that turns off the display panel 1341 and/or the backlight when the mobile phone is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.

The audio circuit 1360, speaker 1361, microphone 1362 may provide an audio interface between the user and the handset. The audio circuit 1360 may transmit the electrical signal converted from the received audio data to the speaker 1361, and the electrical signal is converted into a sound signal by the speaker 1361 and output; on the other hand, the microphone 1362 converts the collected sound signal into an electric signal, converts the electric signal into audio data after being received by the audio circuit 1360, and then processes the audio data by the audio data output processor 1380, and then sends the audio data to, for example, another cellular phone via the RF circuit 1310, or outputs the audio data to the memory 1320 for further processing.

WiFi belongs to short-distance wireless transmission technology, and the mobile phone can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 1370, and provides wireless broadband internet access for the user. Although fig. 13 shows the WiFi module 1370, it is understood that it does not belong to the essential constitution of the handset, and may be omitted entirely as needed within the scope not changing the essence of the invention.

The processor 1380 is a control center of the mobile phone, connects various parts of the entire mobile phone using various interfaces and lines, and performs various functions of the mobile phone and processes data by operating or executing software programs and/or modules stored in the memory 1320 and calling data stored in the memory 1320, thereby integrally monitoring the mobile phone. Optionally, processor 1380 may include one or more processing units; preferably, the processor 1380 may integrate an application processor, which handles primarily operating systems, user interfaces, application programs, etc., and a modem processor, which handles primarily wireless communications. It will be appreciated that the modem processor described above may not be integrated within processor 1380.

The handset also includes a power supply 13130 (e.g., a battery) for powering the various components, which may preferably be logically coupled to the processor 1380 via a power management system that may enable management of charging, discharging, and power consumption.

Although not shown, the mobile phone may further include a camera, a bluetooth module, etc., which are not described herein.

In this embodiment, the processor 1380 included in the terminal device further has the following functions:

The data Processing device provided in this embodiment of the present application may be a server, please refer to fig. 14, fig. 14 is a structural diagram of a server 1400 provided in this embodiment of the present application, and the server 1400 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 1422 (e.g., one or more processors) and a memory 1432, and one or more storage media 1430 (e.g., one or more mass storage devices) for storing applications 1442 or data 1444. Memory 1432 and storage media 1430, among other things, may be transient or persistent storage. The program stored on storage medium 1430 may include one or more modules (not shown), each of which may include a sequence of instructions operating on a server. Still further, a central processor 1422 may be disposed in communication with storage medium 1430 for executing a series of instruction operations on storage medium 1430 on server 1400.

The server 1400 may also include one or more power supplies 1426, one or more wired or wireless network interfaces 1450, one or more input-output interfaces 1458, and/or one or more operating systems 1441, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.

The steps in the above embodiments may also be performed by a server, which may be based on the server structure shown in fig. 14.

The embodiments of the present application further provide a computer-readable storage medium, where the computer-readable storage medium is used to store a computer program, where the computer program is used to execute the method described in the foregoing embodiments.

The embodiments of the present application also provide a computer program product including instructions, which when run on a computer, cause the computer to perform the method described in the foregoing embodiments.

The terms "first," "second," "third," "fourth," and the like in the description of the application and the above-described figures, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium may be at least one of the following media: various media that can store program codes, such as read-only memory (ROM), RAM, magnetic disk, or optical disk.

It should be noted that, in the present specification, all the embodiments are described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, they are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described embodiments of the apparatus and system are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

The above description is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method for data encryption, the method comprising:

2. The method of claim 1, further comprising:

and in the process of encrypting the target data serving as the data to be encrypted by the encryption algorithm, replacing the second operation logic in the encryption algorithm by the plurality of second lookup tables to encrypt the data.

3. The method of claim 2, wherein determining the corresponding encryption circuit from the plurality of first lookup tables comprises:

4. The method of claim 1, wherein determining the corresponding encryption circuit from the plurality of first lookup tables comprises:

5. The method of claim 1, wherein said encrypting data by said encryption circuit in place of said encryption key comprises:

6. The method according to any one of claims 2-5, wherein the encryption algorithm is the advanced encryption standard, AES, algorithm, the AES algorithm comprising a plurality of rounds of encryption; the first operation logic comprises round key addition and password replacement S box replacement, and the determining a plurality of first lookup tables according to the encryption key and the first operation logic corresponding to the encryption key in the encryption algorithm comprises:

determining a plurality of fifth lookup tables according to an ith round key and the first operation logic for an ith round encryption process in the multi-round encryption processes; the ith round key is determined according to the encryption key; the fifth lookup table includes an encryption result obtained by the first data through third data under the first arithmetic logic, where the third data is data in the preset data bit interval in the ith round key;

7. The method of claim 6, wherein the second operation logic comprises row shifting and column obfuscation, and wherein determining a plurality of second lookup tables by the second operation logic of the encryption algorithm other than the first operation logic comprises:

determining a plurality of sixth lookup tables according to the second operation logic aiming at the ith round of encryption process in the multiple rounds of encryption processes, wherein the sixth lookup tables comprise operation results of the first data under the second operation logic;

8. An apparatus for encrypting data, the apparatus comprising:

9. An apparatus, comprising a processor and a memory:

the processor is configured to perform the method of any of claims 1-7 according to instructions in the program code.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium is used to store a computer program for performing the method of any one of claims 1-7.