[go: up one dir, main page]

CN1323507C - The Processing Method of Short Packet in Block Encryption Algorithm - Google Patents

The Processing Method of Short Packet in Block Encryption Algorithm Download PDF

Info

Publication number
CN1323507C
CN1323507C CNB2005100797931A CN200510079793A CN1323507C CN 1323507 C CN1323507 C CN 1323507C CN B2005100797931 A CNB2005100797931 A CN B2005100797931A CN 200510079793 A CN200510079793 A CN 200510079793A CN 1323507 C CN1323507 C CN 1323507C
Authority
CN
China
Prior art keywords
length
ciphertext
encryption
block
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2005100797931A
Other languages
Chinese (zh)
Other versions
CN1801693A (en
Inventor
肖正飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2005100797931A priority Critical patent/CN1323507C/en
Publication of CN1801693A publication Critical patent/CN1801693A/en
Application granted granted Critical
Publication of CN1323507C publication Critical patent/CN1323507C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种在分组加密算法中对短分组的处理方法,加密过程包括:发送方将最后一个完整分组的明文进行加密后,将得到的密文分组划分成两部分,将其中一部分作为所述短分组的密文分组;使用填充部分与所述短分组进行拼接,形成一个完整分组;将所述完整分组加密,发送给接收方;解密过程包括:接收方在接收到所述最后一个完整分组的密文分组后,对该密文分组进行解密;将解密后的分组划分成两部分,其中一部分就是所述短分组的明文;将另一部分与接收到的所述短分组的密文分组进行拼接,得到完整的密文分组,再将这个分组进行解密,得到最后一个完整分组的明文。应用本发明所述的方法可以提高数据传输的安全性。

Figure 200510079793

The invention discloses a method for processing short packets in a packet encryption algorithm. The encryption process includes: after the sender encrypts the plaintext of the last complete packet, divides the obtained ciphertext packet into two parts, and uses one part as The ciphertext grouping of the short grouping; splicing the short grouping with the padding part to form a complete grouping; encrypting the complete grouping and sending it to the recipient; the decryption process includes: the recipient receives the last After the ciphertext of the complete group is grouped, the ciphertext group is decrypted; the decrypted group is divided into two parts, one of which is the plaintext of the short group; the other part is combined with the received ciphertext of the short group The groups are spliced to obtain a complete ciphertext group, and then the group is decrypted to obtain the plaintext of the last complete group. Applying the method described in the invention can improve the security of data transmission.

Figure 200510079793

Description

分组加密算法中对短分组的处理方法The Processing Method of Short Packet in Block Encryption Algorithm

技术领域technical field

本发明涉及到数据加密技术,特别涉及到在分组加密算法中对短分组的处理方法。The invention relates to data encryption technology, in particular to a processing method for short packets in packet encryption algorithms.

背景技术Background technique

在通信系统中,安全性是评价一个通信系统性能优劣的重要指标,特别是在无线通信系统中,由于无线通信系统具有开放性和移动性的特点,使得无线通信系统的安全性显得尤为重要。In a communication system, security is an important indicator to evaluate the performance of a communication system, especially in a wireless communication system, due to the characteristics of openness and mobility of a wireless communication system, the security of a wireless communication system is particularly important .

IEEE 802.16d/e系列协议定义了无线宽带固定和移动接入空口部分的协议标准。为了保证空中接口数据传输的安全性,上述系列协议定义了一个安全子层(Privacy Sublayer),用于实现对无线通信系统用户的认证、密钥的分发和管理以及后续的数据加密和认证等等。在认证完成后,MS和BS还需要通过密钥管理协议(PKM)生成、分发并管理对空中接口数据进行加密的密钥,上述PKM过程的结果就是在MS和BS之间生成一个用于派生其他密钥资源的基本密钥——鉴权密钥(AK,Authorization Key)。在通过认证获得密钥资源后,MS和BS就能通过加密算法实现空中接口数据的安全传输。The IEEE 802.16d/e series protocol defines the protocol standard for wireless broadband fixed and mobile access air interface. In order to ensure the security of air interface data transmission, the above-mentioned series of protocols define a security sublayer (Privacy Sublayer), which is used to realize the authentication of wireless communication system users, key distribution and management, subsequent data encryption and authentication, etc. . After the authentication is completed, MS and BS also need to generate, distribute and manage the key for encrypting air interface data through the key management protocol (PKM). The result of the above PKM process is to generate a key for deriving The basic key of other key resources - authentication key (AK, Authorization Key). After obtaining key resources through authentication, MS and BS can realize secure transmission of air interface data through encryption algorithms.

IEEE 802.16d/e系列协议提供了多种可供选择的加密算法,具体使用哪种加密算法,需要MS和BS在认证的消息交互过程中协商。目前常用的加密算法是分组加密算法,使用所述分组加密算法在加密前,发送方首先将需要进行加密处理的明文数据块按照固定的大小m划分成若干个分组,所述的分组加密算法就是以分组为单位进行加密的。根据协议规定,在具体应用过程中,可以使用多种不同的加密模式,例如电子密码本(ECB,ElectronicCode Book)模式及密文分组链接(CBC,Cipher Block Chaining)模式等。IEEE 802.16d/e series protocols provide a variety of optional encryption algorithms, which encryption algorithm to use needs to be negotiated between the MS and the BS during the authentication message exchange process. The currently commonly used encryption algorithm is a block encryption algorithm. Before encryption using the block encryption algorithm, the sender first divides the plaintext data block that needs to be encrypted into several groups according to a fixed size m. The block encryption algorithm is Encrypted in units of packets. According to the agreement, in the specific application process, you can use a variety of different encryption modes, such as Electronic Code Book (ECB, Electronic Code Book) mode and Cipher Block Chaining (CBC, Cipher Block Chaining) mode, etc.

其中,ECB是分组加密算法中最简单的一种模式。在这种模式下,发送方直接对每个分组独立使用相同的密钥Ki进行加密,并将加密后的结果作为密文分组发送到接收方。接收方在接收到每个密文分组后,将进行独立的解密处理,直接得到各个分组的明文。在ECB加密模式中,每个分组的加密和解密都是独立的。Among them, ECB is the simplest mode in block encryption algorithm. In this mode, the sender directly encrypts each packet independently using the same key Ki, and sends the encrypted result as a ciphertext packet to the receiver. After receiving each ciphertext packet, the receiver will perform independent decryption processing to directly obtain the plaintext of each packet. In ECB encryption mode, each packet is encrypted and decrypted independently.

CBC是分组加密算法中常使用的一种加密模式。在这种模式下,通信双方除了拥有一个共享的数据加密密钥Ki之外,还将协商产生一个CBC初始向量(IV),该初始向量的长度等于分组的大小m,用于作为第一个分组加密时的一个输入。CBC加密模式对明文分组采用如下步骤进行处理:CBC is an encryption mode commonly used in block encryption algorithms. In this mode, in addition to having a shared data encryption key Ki, both communicating parties will also negotiate to generate a CBC initialization vector (IV), the length of which is equal to the size of the packet m, used as the first An input when encrypting a block. The CBC encryption mode uses the following steps to process plaintext packets:

1、对第一个分组而言,首先将CBC IV和第一个分组的明文数据进行异或操作,再将异或结果进行加密,将加密结果作为第一个分组的密文分组;1. For the first group, first perform an XOR operation on CBC IV and the plaintext data of the first group, then encrypt the XOR result, and use the encrypted result as the ciphertext group of the first group;

2、从第二个分组开始,对应每个分组,每次都先用前一个分组的密文分组和当前分组的明文数据进行异或操作,再将异或结果进行加密,得到相应分组的密文分组;在这里对每个分组进行加密所使用的密钥Ki均相同;2. Starting from the second group, corresponding to each group, first perform an XOR operation with the ciphertext group of the previous group and the plaintext data of the current group, and then encrypt the XOR result to obtain the encryption of the corresponding group Text grouping; here the key Ki used to encrypt each grouping is the same;

3、对于最后一个分组,如果该分组的长度刚好等于m,将采用和其他分组相同的处理;如果其长度小于m,将其称为短分组,不同的加密算法对于短分组将采用不同的处理方法。3. For the last packet, if the length of the packet is exactly equal to m, it will be treated the same as other packets; if its length is less than m, it will be called a short packet, and different encryption algorithms will use different processing for short packets method.

在以上两种加密模式下,对每个分组进行加密时所使用的加密算法也有很多种,例如,高级加密标准(AES,Advanced Encryption Standard)算法及数据加密标准(DES,Data Encryption Standard)算法等等。IEEE802.16d-2004版本规定可以使用基于CBC模式的DES算法对业务数据的每个分组进行加密。IEEE 802.16e/D7规定可以在802.16系统中采用基于CBC模式的AES算法对业务数据的每个分组进行加密。In the above two encryption modes, there are many encryption algorithms used to encrypt each packet, for example, Advanced Encryption Standard (AES, Advanced Encryption Standard) algorithm and Data Encryption Standard (DES, Data Encryption Standard) algorithm, etc. wait. The IEEE802.16d-2004 version stipulates that the DES algorithm based on the CBC mode can be used to encrypt each packet of service data. IEEE 802.16e/D7 stipulates that the AES algorithm based on CBC mode can be used in the 802.16 system to encrypt each packet of service data.

在基于CBC模式的DES算法及基于CBC模式的AES算法中,对最后一个长度小于m的短分组的处理方法是相同的,在这里将短分组的长度设为n,且n<m,主要包括:In the DES algorithm based on CBC mode and the AES algorithm based on CBC mode, the processing method for the last short packet whose length is less than m is the same. Here, the length of the short packet is set to n, and n<m, mainly including :

发送方直接将短分组前一个完整分组的密文分组再进行一次基于ECB模式的加密操作;取经过上述加密后的密文分组的左边n位,直接与所述短分组明文进行异或操作,将得到的结果作为所述短分组的密文分组。The sender directly performs an encryption operation based on the ECB mode on the ciphertext group of a complete group before the short group; takes the left n bits of the encrypted ciphertext group, and directly performs an XOR operation with the short group plaintext, The obtained result is used as the ciphertext group of the short group.

在这里所使用的加密算法与其他分组进行加密时所使用的加密算法相同,可以为DES算法或AES算法,所使用的加密密钥也和其他分组所使用的加密密钥相同。The encryption algorithm used here is the same as the encryption algorithm used when other packets are encrypted, which can be DES algorithm or AES algorithm, and the encryption key used is also the same as the encryption key used by other packets.

接收方在收到各个分组对应的密文分组后,对前面的完整分组,用相应的解密算法进行解密处理;对最后一个短分组,接收方首先将所述短分组前一个完整分组的密文分组再进行一次基于ECB模式的加密,并用加密得到的密文分组的左边n位与所述短分组的密文分组进行异或操作,从而得到所述短分组对应的明文。After receiving the ciphertext packets corresponding to each packet, the receiver uses the corresponding decryption algorithm to decrypt the previous complete packet; for the last short packet, the receiver first decrypts the ciphertext of the previous complete packet of the short packet The group is encrypted again based on the ECB mode, and the left n bits of the encrypted ciphertext group are used to perform an XOR operation with the ciphertext group of the short group, so as to obtain the plaintext corresponding to the short group.

由此可以看出,在现有的加密算法中,所有短分组的密文仅仅是该短分组明文与前一分组的密文分组中一部分密文进行简单异或操作的结果,实质上并没有对所述短分组进行加密。这样,网络攻击者可以通过改变短分组密文中的某些位,系统地改变解密后短分组明文的内容,如果最后一个短分组没有包含重要的信息,采用这种加密算法不会有什么问题,但是如果最后一个分组包含了重要的信息,将存在严重的安全隐患。It can be seen from this that in the existing encryption algorithms, the ciphertext of all short blocks is just the result of a simple XOR operation between the plaintext of the short block and a part of the ciphertext in the previous block, and there is essentially no The short packet is encrypted. In this way, network attackers can systematically change the content of the decrypted short block plaintext by changing some bits in the short block ciphertext. If the last short block does not contain important information, there will be no problem with this encryption algorithm. But if the last packet contains important information, there will be serious security risks.

此外,对于采用DES加密算法的加密方式来讲,由于DES算法是一个对称的加密算法,在对所述短分组的加密过程中,需要将最后一个完整分组的明文与倒数第二个完整分组的密文分组的异或结果进行两次DES加密,这等同于对该异或结果进行DES加密后又进行了DES解密。这样一来,对所述短分组明文进行的加密操作,等同于使用倒数第二个完整分组的密文分组的前n位与最后一个完整分组明文的前n位以及所述短分组明文进行异或操作的结果。因此,如果网络攻击者得到了所述短分组的明文,他就能反推出倒数第二个分组的某些明文位;同理,如果网络攻击者得到了最后一个完整分组的明文,他就能很容易地得到所述短分组的明文。这样,将无法实现数据的安全传输。In addition, for the encryption method using the DES encryption algorithm, since the DES algorithm is a symmetric encryption algorithm, in the process of encrypting the short packet, it is necessary to combine the plaintext of the last complete packet with that of the penultimate complete packet. The XOR result of the ciphertext block is encrypted twice with DES, which is equivalent to performing DES encryption on the XOR result and then DES decryption. In this way, the encryption operation on the plaintext of the short block is equivalent to using the first n bits of the ciphertext block of the penultimate complete block, the first n bits of the plaintext of the last complete block, and the plaintext of the short block. or the result of the operation. Therefore, if the network attacker obtains the plaintext of the short packet, he can deduce some of the plaintext bits of the penultimate packet; similarly, if the network attacker obtains the plaintext of the last complete packet, he can The plaintext of the short packet is easily obtained. In this way, secure transmission of data will not be possible.

发明内容Contents of the invention

为了解决上述技术问题,本发明提供了一种对短分组进行加密的方法,以提高数据传输的安全性,消除现有技术存在的安全隐患。In order to solve the above technical problems, the present invention provides a method for encrypting short packets, so as to improve the security of data transmission and eliminate the potential safety hazards in the prior art.

本发明所述在分组加密算法中对短分组的处理方法,包括加密和解密两个过程,所述分组包括长度为n的短分组和长度为m的完整分组,并且有n小于m;The method for processing short packets in the packet encryption algorithm of the present invention includes two processes of encryption and decryption, the packets include a short packet with a length of n and a complete packet with a length of m, and n is less than m;

所述加密过程包括:The encryption process includes:

A、发送方将最后一个完整分组的明文进行加密后,将得到的密文分组划分成长度为n和长度为m减n的两部分;A. After encrypting the plaintext of the last complete block, the sender divides the obtained ciphertext block into two parts whose length is n and whose length is m minus n;

B、使用长度为m减n的填充部分与所述短分组明文进行拼接,形成一个长度为m的完整分组,将所述完整分组进行加密,作为所述最后一个完整分组的密文分组,发送给接收方;B. Use the padding part whose length is m minus n to splice with the plaintext of the short block to form a complete block with a length of m, encrypt the complete block as the ciphertext block of the last complete block, and send to the recipient;

C、将步骤A中得到的长度为n的密文分组部分作为所述短分组的密文分组,发送给接收方;C, using the ciphertext grouping part of length n obtained in step A as the ciphertext grouping of the short grouping, and sending it to the receiver;

所述解密过程包括:The decryption process includes:

a、接收方在接收到所述最后一个完整分组的密文分组后,对该密文分组进行解密;a. After receiving the ciphertext packet of the last complete packet, the receiver decrypts the ciphertext packet;

b、将解密后的分组对应步骤B所述的拼接方式划分成长度为n和长度为m减n的两部分,其中所述长度为n的部分为所述短分组的明文;B, dividing the deciphered grouping corresponding to the splicing method described in step B into two parts with a length of n and a length of m minus n, wherein the part with the length of n is the plaintext of the short group;

c、将步骤b中长度为m减n的部分对应步骤A所述的划分方式与接收到的所述短分组的密文分组进行拼接,得到长度为m的密文分组,再将该密文分组进行解密处理,得到所述最后一个完整分组的明文。c. Splicing the part whose length is m minus n in step b corresponding to the division method described in step A and the received ciphertext group of the short group to obtain a ciphertext group with a length of m, and then the ciphertext The packet is decrypted to obtain the plaintext of the last complete packet.

步骤A所述的加密为采用基于密文分组链接模式的数据加密标准算法进行加密;The encryption described in step A is to use the data encryption standard algorithm based on the ciphertext block chain mode to encrypt;

步骤c所述的解密处理为采用基于密文分组链接模式的数据加密标准算法进行解密。The decryption process described in step c is to use the data encryption standard algorithm based on the ciphertext block chaining mode for decryption.

步骤A所述的加密为采用基于密文分组链接模式的高级加密标准算法进行加密;The encryption described in step A is to adopt the Advanced Encryption Standard algorithm based on the ciphertext block chaining mode to encrypt;

步骤c所述的解密处理为采用基于密文分组链接模式的高级加密标准算法进行解密。The decryption process described in step c is to use the Advanced Encryption Standard algorithm based on the ciphertext block chaining mode for decryption.

步骤A所述的划分为:将所述密文分组的前n位作为一部分,而将剩下m-n位作为另一部分,或者将所述密文分组的前m-n位作为一部分,而将剩下n位作为另一部分。The division described in step A is as follows: taking the first n bits of the ciphertext group as a part, and taking the remaining m-n bits as another part, or taking the first m-n bits of the ciphertext grouping as a part, and leaving n bit as another part.

步骤B所述的填充部分为步骤A所述的由密文分组划分出的长度为m-n的部分;The padding part described in step B is the part of length m-n divided by the ciphertext grouping described in step A;

步骤B所述的拼接为:将所述短分组明文放在所述填充部分前面,或将所述填充部分放在所述短分组明文的前面;The splicing described in step B is: placing the short packet plaintext in front of the padding part, or placing the padding part in front of the short packet plaintext;

步骤B所述加密为采用基于电子密码本模式加密算法进行加密;The encryption described in step B is encrypted by using an encryption algorithm based on the electronic codebook mode;

步骤a所述的解密为采用基于电子密码本模式解密算法进行解密。The decryption described in step a is to use a decryption algorithm based on the electronic codebook mode for decryption.

本发明所述基于电子密码本模式加密算法为基于电子密码本模式的高级加密标准算法;所述基于电子密码本模式解密算法为基于电子密码本模式的高级加密标准算法。The encryption algorithm based on the electronic codebook mode in the present invention is the advanced encryption standard algorithm based on the electronic codebook mode; the decryption algorithm based on the electronic codebook mode is the advanced encryption standard algorithm based on the electronic codebook mode.

本发明所述基于电子密码本模式加密算法为基于电子密码本模式的数据加密标准算法;所述基于电子密码本模式解密算法为基于电子密码本模式的数据加密标准算法。The encryption algorithm based on the electronic codebook mode in the present invention is a standard data encryption algorithm based on the electronic codebook mode; the decryption algorithm based on the electronic codebook mode is a standard data encryption algorithm based on the electronic codebook mode.

在加密时使用的加密密钥与加密其他分组所使用的加密密钥相同;The encryption key used when encrypting is the same encryption key used to encrypt other packets;

在解密时所使用的解密密钥与解密其他分组所使用的解密密钥相同。The decryption key used for decryption is the same as the decryption key used for decrypting other packets.

步骤B所述的填充部分为长度为m-n的任意数值;The padding part described in step B is any value whose length is m-n;

步骤B所述的拼接为:按照步骤A所述的划分方式,将所述短分组明文与所述填充部分进行拼接,令所述短分组明文的位置与所述密文分组中长度为n部分的位置对应;The splicing described in step B is: according to the division method described in step A, splicing the plaintext of the short block and the filling part, so that the position of the plaintext of the short block and the part of length n in the ciphertext block corresponding to the location;

步骤B所述加密为采用基于密文分组链接模式加密算法进行加密;The encryption described in step B is encrypted by using an encryption algorithm based on ciphertext block chaining mode;

步骤a所述的解密为采用基于密文分组链接模式解密算法进行解密。The decryption described in step a is to use a decryption algorithm based on ciphertext block chaining mode for decryption.

本发明所述采用基于密文分组链接模式加密算法进行加密包括:According to the present invention, adopting encryption algorithm based on ciphertext grouping link mode to encrypt comprises:

B1、使用步骤A所述的密文分组与步骤B所述的完整分组进行异或操作;B1, using the ciphertext group described in step A and the complete group described in step B to perform an XOR operation;

B2、使用与加密其他分组所使用的加密密钥相同的加密密钥对上述异或结果进行加密,得到步骤B所述最后一个完整分组的密文分组。B2. Encrypt the XOR result above using the same encryption key as that used to encrypt other packets, to obtain the ciphertext packet of the last complete packet described in step B.

本发明所述基于密文分组链接模式解密算法包括:The decryption algorithm based on the ciphertext grouping link mode of the present invention comprises:

a1、使用与解密其他分组所使用的解密密钥相同的解密密钥对步骤a所述最后一个完整分组的密文分组进行解密;a1. Decrypt the ciphertext block of the last complete block described in step a using the same decryption key as the decryption key used to decrypt other blocks;

a2、按照与步骤B相同的拼接方法,将所述填充部分与接收到的所述短分组的密文分组拼接为长度为m的完整密文分组;a2. According to the same splicing method as step B, splicing the padding part and the received ciphertext packet of the short packet into a complete ciphertext packet with a length of m;

a3、将步骤a1得到的解密结果与步骤a2得到的完整密文分组进行异或操作,将异或结果作为所述最后一个完整分组的密文分组的解密结果。a3. Perform an XOR operation on the decryption result obtained in step a1 and the complete ciphertext group obtained in step a2, and use the XOR result as the decryption result of the ciphertext group of the last complete group.

本发明所述基于密文分组链接模式加密算法为基于密文分组链接模式的高级加密标准算法;所述基于密文分组链接模式解密算法为基于密文分组链接模式的高级加密标准算法。The encryption algorithm based on the ciphertext block chaining mode in the present invention is an advanced encryption standard algorithm based on the ciphertext block chaining mode; the decryption algorithm based on the ciphertext block chaining mode is the advanced encryption standard algorithm based on the ciphertext block chaining mode.

本发明所述基于密文分组链接模式加密算法为基于密文分组链接模式的数据加密标准算法;所述基于密文分组链接模式解密算法为基于密文分组链接模式的数据加密标准算法。The encryption algorithm based on the ciphertext grouping chaining mode in the present invention is a data encryption standard algorithm based on the ciphertext grouping chaining mode; the decryption algorithm based on the ciphertext grouping chaining mode is a data encryption standard algorithm based on the ciphertext grouping chaining mode.

由此可以看出,应用本发明所述的方法可以对短分组进行加密处理,保证了数据传输的安全性,消除了现有技术的安全隐患。另外,本发明所述的方法,在对所述短分组进行加密的过程中没有改变数据的长度,从而也保证了数据的传输效率。It can be seen that the application of the method described in the present invention can encrypt the short packet, which ensures the security of data transmission and eliminates the potential safety hazards of the prior art. In addition, the method of the present invention does not change the length of the data during the process of encrypting the short packet, thereby ensuring the transmission efficiency of the data.

附图说明Description of drawings

图1为本发明一个优选实施例所述的发送方对短分组进行加密处理的方法流程图;Fig. 1 is the flow chart of the method for encrypting short packets by the sender described in a preferred embodiment of the present invention;

图2为本发明一个优选实施例所述的接收方对短分组进行解密处理的方法流程图;Fig. 2 is a flow chart of a method for decrypting a short packet by the receiver according to a preferred embodiment of the present invention;

图3为本发明另一个优选实施例所述的发送方对短分组进行加密处理的方法流程图;FIG. 3 is a flow chart of a method for encrypting a short packet by a sender according to another preferred embodiment of the present invention;

图4为本发明另一个优选实施例所述的接收方对短分组进行加密处理的方法流程图。Fig. 4 is a flowchart of a method for encrypting a short packet by a receiver according to another preferred embodiment of the present invention.

具体实施方式Detailed ways

为了解决现有技术存在的问题,本发明提供了一种在分组加密算法中对短分组的处理方法,该方法的主要思想是:通过密文挪用方法(CTS)将所述短分组填充成一个完整的分组,然后再使用现有的加密算法对该完整分组进行加密,从而保证发送方所发送的所有数据明文均是经过加密的,提高系统数据传输的可靠性。In order to solve the problems existing in the prior art, the present invention provides a method for processing short packets in a packet encryption algorithm. The main idea of the method is: fill the short packets into a Complete group, and then use the existing encryption algorithm to encrypt the complete group, so as to ensure that all plaintext data sent by the sender is encrypted, and improve the reliability of system data transmission.

本发明所述的方法适用于需要加密的数据块的明文长度大于完整分组长度m的情况,即在分组后所述分组中至少包含一个长度为m的完整分组。The method of the present invention is applicable to the situation that the length of the plaintext of the data block to be encrypted is greater than the length m of the complete group, that is, the group contains at least one complete group with the length m after grouping.

图1显示了本发明一个优选实施例所述的发送方对短分组进行加密处理的流程图。在这里,假设将需要进行加密的数据块按照完整分组的大小m分成k组,最后一个短分组的长度为n,并且有n<m,如图1所示,在该实施例中,发送方对所述短分组的加密处理过程主要包括:Fig. 1 shows a flow chart of a sender encrypting a short packet according to a preferred embodiment of the present invention. Here, it is assumed that the data blocks that need to be encrypted are divided into k groups according to the size m of the complete group, and the length of the last short group is n, and n<m, as shown in Figure 1, in this embodiment, the sender The encryption process of the short packet mainly includes:

步骤101:发送方将最后一个完整分组的明文Pk-1进行加密后,将得到的密文分组C划分成两部分,一部分长度为n,记为Ck,另一部分长度为m-n,记为C’。Step 101: After encrypting the plaintext P k-1 of the last complete block, the sender divides the obtained ciphertext block C into two parts. One part has a length of n and is denoted as C k , and the other part has a length of mn and is denoted as C'.

该步骤所述加密可以采用基于CBC模式的DES算法,也可以采用基于CBC模式的AES算法。并且加密时所使用的加密密钥与加密其他分组时所使用的加密密钥相同。The encryption in this step may adopt the DES algorithm based on the CBC mode, or the AES algorithm based on the CBC mode. And the encryption key used when encrypting is the same as the encryption key used when encrypting other packets.

所述将得到的密文分组划分成两部分的方法也是任意的,例如,可以将C的前n位作为Ck,而将剩下的部分作为C’,或者将Ci的前m-n位作为C’,而将剩下的部分作为Ck;另外,采用其他的划分方式也是可以的,而不会超出本发明的范围。The method of dividing the obtained ciphertext group into two parts is also arbitrary. For example, the first n bits of C can be used as C k , and the remaining part can be used as C', or the first mn bits of C i can be used as C', and use the remaining part as C k ; in addition, it is also possible to use other division methods without going beyond the scope of the present invention.

步骤102:将长度为m-n的C’部分作为填充部分与所述短分组Pk的明文进行拼接,形成一个长度为m的完整分组Pk’,对所述完整分组Pk’进行加密,得到一个完整的密文分组Ck-1,作为最后一个完整分组Pk-1的密文分组发送给接收方。Step 102: splicing the C' part with a length of mn as the padding part  with the plaintext of the short packet P k to form a complete packet P k ' with a length of m, and encrypting the complete packet P k ', A complete ciphertext block C k-1 is obtained and sent to the receiver as the ciphertext block of the last complete block P k-1 .

在该步骤中,所述的拼接方法也可以是任意的,例如可以将所述短分组明文放在C’的前面,也可以将C’部分放在所述短分组明文的前面。In this step, the splicing method can also be arbitrary, for example, the short block plaintext can be placed in front of C', and the C' part can also be placed in front of the short block plaintext.

本步骤所述的加密可以采用基于ECB模式的DES算法或者采用基于ECB模式的AES算法,所使用的加密密钥与CBC模式下加密其他分组所使用的加密密钥相同。The encryption described in this step can adopt the DES algorithm based on the ECB mode or the AES algorithm based on the ECB mode, and the encryption key used is the same as that used for encrypting other packets in the CBC mode.

步骤103:将步骤101得到的Ck作为所述短分组的密文分组,发送给接收方。Step 103: Send the C k obtained in step 101 as the ciphertext packet of the short packet to the receiver.

图2显示了根据本实施例所述的方法接收方在收到上述分组后进行解密处理的流程图,如图2所示,所述解密过程主要包括:Fig. 2 has shown the flow chart that according to the method described in this embodiment, the receiver performs decryption processing after receiving the above-mentioned grouping, as shown in Fig. 2, the described decryption process mainly includes:

步骤201:接收方在接收到最后一个完整分组的密文分组Ck-1后,对该密文分组进行解密,得到一个完整分组Pk’;Step 201: After receiving the ciphertext block C k-1 of the last complete block, the receiver decrypts the ciphertext block to obtain a complete block P k ';

与步骤102相对应,若在加密时所使用的加密算法为基于ECB的AES算法,则在该步骤应使用基于ECB模式的AES算法进行解密;如果在加密时使用的加密算法为基于ECB模式的DES算法,则在该步骤应使用基于ECB的DES算法进行解密;并且解密时所使用的解密密钥与其他分组的解密密钥相同;Corresponding to step 102, if the encryption algorithm used when encrypting is the AES algorithm based on ECB, then in this step, the AES algorithm based on the ECB mode should be used for decryption; if the encryption algorithm used when encrypting is based on the ECB mode DES algorithm, the ECB-based DES algorithm should be used for decryption in this step; and the decryption key used for decryption is the same as that of other packets;

步骤202:将所述完整分组Pk’对应步骤102所述的拼接方式划分成两部分,一部分长度为n,另一部分长度为m-n;其中,长度为n的部分就是所述短分组的明文Pk,长度为m-n的部分就是步骤101所述的C’;Step 202: Divide the complete packet P k ' into two parts corresponding to the splicing method described in step 102, one part has a length of n, and the other part has a length of mn; wherein, the part with a length of n is the plaintext P of the short packet k , the part whose length is mn is the C' described in step 101;

从步骤102可以看出,所述完整分组Pk’是由所述短分组Pk的明文和最后一个完整分组经一次加密得到的密文分组中长度为m-n的部分C’拼接而成的,因此,将Pk’对应步骤102所述的拼接方式划分成两部分,就可以直接得到所述短分组Pk的明文;It can be seen from step 102 that the complete block P k ' is spliced by the plaintext of the short block P k and the part C' of length mn in the ciphertext block obtained by one encryption of the last complete block, Therefore, the splicing method corresponding to step 102 of P k 'is divided into two parts, and the plaintext of the short packet P k can be directly obtained;

步骤203:将Pk’中长度为m-n的部分C’对应步骤101所述的划分方式与接收到的所述短分组的密文Ck拼接,得到长度为m的完整密文分组C,再将这个分组进行解密处理,得到最后一个完整分组的明文分组Pk-1Step 203: splicing the part C' of length mn in P k ' corresponding to the division method described in step 101 with the received ciphertext C k of the short group to obtain a complete ciphertext group C with a length of m, and then Decrypt the packet to obtain the plaintext packet P k-1 of the last complete packet.

其中,所述解密对应于步骤101所使用的加密算法,如果加密时采用基于CBC模式的AES算法,则解密时应当采用基于CBC模式的AES算法;如果加密时采用基于CBC模式的DES算法,则解密时应当采用基于CBC模式的DES算法。解密时所使用的解密密钥与其他分组的解密密钥也相同。Wherein, the decryption corresponds to the encryption algorithm used in step 101. If the AES algorithm based on the CBC mode is used for encryption, the AES algorithm based on the CBC mode should be used for decryption; if the DES algorithm based on the CBC mode is used for encryption, then The DES algorithm based on CBC mode should be used for decryption. The decryption key used for decryption is also the same as that of other packets.

至此,接收方可以得到最后一个完整分组及所述短分组的明文。So far, the receiver can obtain the plaintext of the last complete packet and the short packet.

图3显示了本发明另一个优选实施例所述的发送方对短分组进行加密处理的流程图。在这里,假设将需要进行加密的数据块按照完整分组的大小m分成k组,最后一个短分组的长度为n,并且有n<m,如图3所示,在该实施例中,发送方对所述短分组的加密处理过程主要包括:Fig. 3 shows a flow chart of the encryption processing of the short packet by the sender according to another preferred embodiment of the present invention. Here, it is assumed that the data blocks that need to be encrypted are divided into k groups according to the size m of the complete group, and the length of the last short group is n, and n<m, as shown in Figure 3, in this embodiment, the sender The encryption process of the short packet mainly includes:

步骤301:发送方将最后一个完整分组的明文Pk-1进行加密后,将得到的密文分组C划分成两部分,一部分长度为n,记为Ck,另一部分长度为m-n,记为C’;Step 301: After encrypting the plaintext P k-1 of the last complete block, the sender divides the obtained ciphertext block C into two parts. One part has a length of n and is denoted as C k , and the other part has a length of mn and is denoted as C';

在该步骤中,所述加密可以采用基于CBC模式的DES算法,也可以采用基于CBC模式的AES算法。加密时所使用的加密密钥与加密其他完整分组时所使用的加密密钥相同。In this step, the encryption may adopt the DES algorithm based on the CBC mode, or may adopt the AES algorithm based on the CBC mode. Encryption is done with the same encryption key that was used to encrypt other full packets.

所述将得到的密文分组划分成两部分的方法也是任意的,例如,可以将所述密文分组C的前n位作为Ck,而将剩下的部分作为C’,或者将Ci的前m-n位作为C’,而将剩下的部分作为Ck;另外,采用其他的划分方式也是可以的,而不会超出本发明的范围。The method of dividing the obtained ciphertext block into two parts is also arbitrary. For example, the first n bits of the ciphertext block C can be used as C k , and the remaining part can be used as C', or C i The first mn bits of C' are taken as C', and the remaining part is taken as Ck ; in addition, it is also possible to use other division methods without going beyond the scope of the present invention.

步骤302:使用长度为m-n的填充部分与长度n的短分组Pk的明文进行拼接,形成一个长度为m的完整分组Pk”,对所述完整分组Pk”进行加密,得到一个完整的密文分组Ck-1,作为最后一个完整分组Pk-1的密文分组发送给接收方。Step 302: Use the padding part  of length mn to splice the plaintext of the short packet P k of length n to form a complete packet P k ″ of length m, and encrypt the complete packet P k ″ to obtain a complete The ciphertext block C k-1 of is sent to the receiver as the ciphertext block of the last complete block P k-1 .

在本步骤中,所使用的填充部分可以是任意的,例如,可以是m-n个0或是其他任意数值。In this step, the padding part [phi] used can be arbitrary, for example, can be m-n 0s or other arbitrary values.

本步骤所述的拼接应对应步骤301所述的划分方式来进行,拼接后,所述完整分组Pk”中的短分组Pk应当与所述密文分组C中的Ck部分位置对应。The splicing described in this step should be carried out corresponding to the division method described in step 301. After splicing, the short packet P k in the complete packet P k ″ should correspond to the position of the C k part in the ciphertext packet C.

在本步骤中,所述的加密可以采用基于CBC模式的DES算法或者采用基于CBC模式的AES算法。In this step, the encryption may adopt the DES algorithm based on the CBC mode or the AES algorithm based on the CBC mode.

由于采用CBC模式的加密方法需要首先用上一分组的密文分组与当前分组进行异或操作,因此,在本实施例中,采用CBC模式对所述完整分组Pk”进行加密主要包括:Since the encryption method using the CBC mode needs to first use the ciphertext group of the previous group to perform an XOR operation with the current group, therefore, in this embodiment, the encryption of the complete group P k " using the CBC mode mainly includes:

步骤3021:使用步骤301所述密文分组C与步骤302所述完整分组Pk”进行异或操作;Step 3021: use the ciphertext block C described in step 301 and the complete block P k ” described in step 302 to perform an XOR operation;

步骤3022:使用与加密其他分组所使用的加密密钥相同的加密密钥对上述异或结果进行加密,得到所述完整密文分组Ck-1Step 3022: Use the same encryption key as that used to encrypt other packets to encrypt the XOR result above to obtain the complete ciphertext block C k-1 .

步骤303:将步骤301得到的Ck作为所述短分组的密文分组,发送给接收方。Step 303: Send the C k obtained in step 301 as the ciphertext packet of the short packet to the receiver.

图4显示了根据本实施例所述的方法接收方在收到上述分组后进行解密处理的流程图,如图4所示,所述解密过程主要包括:Fig. 4 has shown the flow chart that according to the method described in this embodiment, the recipient performs decryption processing after receiving the above packet, as shown in Fig. 4, the decryption process mainly includes:

步骤401:接收方在接收到最后一个完整分组的密文分组Ck-1后,对该密文分组进行解密,得到一个完整分组Pk。Step 401: After receiving the ciphertext block C k-1 of the last complete block, the receiver decrypts the ciphertext block to obtain a complete block P k .

与步骤303相对应,若在加密时所使用的加密算法为基于CBC的AES算法,则在该步骤应使用基于CBC模式的AES算法进行解密,如果在加密时使用的加密算法为基于CBC模式的DES算法,则在该步骤应使用基于CBC的DES算法进行解密。Corresponding to step 303, if the encryption algorithm used when encrypting is the AES algorithm based on CBC, then in this step, the AES algorithm based on the CBC mode should be used for decryption; if the encryption algorithm used during encryption is based on the CBC mode DES algorithm, then the CBC-based DES algorithm should be used for decryption in this step.

所述基于CBC模式的解密过程进一步包括:The decryption process based on CBC mode further includes:

步骤4011:使用与解密其他分组所使用的解密密钥相同的解密密钥对所述最后一个完整分组的密文分组Ck-1进行解密;Step 4011: Decrypt the ciphertext block C k-1 of the last complete block using the same decryption key as that used to decrypt other blocks;

步骤4012:按照与步骤302相同的拼接方法,将长度为m-n的填充部分与接收到的所述短分组的密文分组Ck拼接为一个长度为m的完整密文分组;Step 4012: According to the same splicing method as in step 302, splicing the padding part  with a length of mn and the received ciphertext block C k of the short block into a complete ciphertext block with a length of m;

步骤4013:用步骤4011得到的解密结果与步骤4012得到的完整密文分组进行异或操作,得到一个完整分组Pk。Step 4013: Perform XOR operation with the decryption result obtained in step 4011 and the complete ciphertext block obtained in step 4012 to obtain a complete block P k .

对照图3所示的加密过程,所述最后一个完整分组的密文分组Ck-1是由所述短分组明文Pk与填充部分组成的完整分组与所述Ck与C’的组成完整分组进行异或操作后再经过加密操作得到的结果。根据异或运算的特性,该结果与Pk与C’组成的完整分组与所述Ck与填充部分组成完整分组进行异或操作后再经过加密得到的结果在数学上是相等的。因此,可知步骤4013得到的完整分组Pk是由所述短分组Pk的明文与长度为m-n的密文分组部分C’组合而成的。In contrast to the encryption process shown in Figure 3, the ciphertext block C k-1 of the last complete block is a complete block composed of the short block plaintext P k and the padding part  and the composition of the C k and C' The result obtained after the XOR operation on the complete group and then the encryption operation. According to the characteristic of XOR operation, this result is mathematically equal to the result obtained by encrypting the complete group composed of P k and C' and the complete group composed of C k and the filling part  after XOR operation. Therefore, it can be seen that the complete packet P k  obtained in step 4013 is formed by combining the plaintext of the short packet P k and the ciphertext block C' of length mn.

步骤402:将所述完整分组Pk对应步骤302所述的拼接方式划分成两部分,一部分长度为n,另一部分长度为m-n;其中,长度为n的部分就是所述短分组的明文Pk,长度为m-n的部分就是步骤301所述的C’;Step 402: Divide the complete packet P k  into two parts corresponding to the splicing method described in step 302, one part has a length of n, and the other part has a length of mn; wherein, the part with a length of n is the plaintext P of the short packet k , the part whose length is mn is the C' described in step 301;

步骤403:将Pk中长度为m-n的部分C’对应步骤302所述的划分方式与接收到的所述短分组的密文Ck拼接,得到长度为m的完整密文分组C,再将这个分组进行解密,得到最后一个完整分组的明文分组Pk-1Step 403: splicing the part C' of length mn in P k  corresponding to the division method described in step 302 with the received ciphertext C k of the short group to obtain a complete ciphertext group C with a length of m, and then Decrypt this packet to obtain the plaintext packet P k-1 of the last complete packet.

其中,所述解密对应于步骤301所使用的加密算法,如果加密时采用基于CBC模式的AES算法,则解密时应当采用基于CBC模式的AES算法;如果加密时采用基于CBC模式的DES算法,则解密时应当采用基于CBC模式的DES算法。并且解密时所使用的解密密钥与解密其他分组时所使用的解密密钥相同。Wherein, the decryption corresponds to the encryption algorithm used in step 301. If the AES algorithm based on the CBC mode is used for encryption, the AES algorithm based on the CBC mode should be used for decryption; if the DES algorithm based on the CBC mode is used for encryption, then The DES algorithm based on CBC mode should be used for decryption. And the decryption key used for decryption is the same as the decryption key used for decrypting other packets.

至此,接收方可以得到最后一个完整分组及所述短分组的明文。So far, the receiver can obtain the plaintext of the last complete packet and the short packet.

从上述两个实施例所述的方法可以看出,发送方发送给接收方的所有分组,包括所述短分组的密文分组,均是经过加密的,因此,可以保证数据传输的可靠性,消除现有技术的安全隐患。并且,上述加密方法并没有增加所传输数据的长度,从而能够保证数据传输的效率。It can be seen from the methods described in the above two embodiments that all packets sent by the sender to the receiver, including the ciphertext packets of the short packets, are all encrypted, so the reliability of data transmission can be guaranteed. Eliminate security risks of existing technologies. Moreover, the above encryption method does not increase the length of the transmitted data, thereby ensuring the efficiency of data transmission.

Claims (9)

1, a kind of in block encryption algorithm to the processing method of short grouping, it is characterized in that described method comprises two processes of encryption and decryption, described grouping comprises that length is that short grouping and the length of n is the complete packet of m, and n is arranged less than m;
Described ciphering process comprises:
After A, transmit leg were encrypted the plaintext of last complete packet, it was that n and length are two parts that m subtracts n that the ciphertext block that obtains is divided into length;
B, use length to subtract the filling part of n as m and the plaintext of described short grouping splices, form the complete packet that length is m, described complete packet is encrypted, the ciphertext block as described last complete packet sends to the recipient;
C, be the ciphertext block of the ciphertext block part of n, send to the recipient as described short grouping with the length that obtains in the steps A;
Described decrypting process comprises:
A, recipient are decrypted this ciphertext block after receiving the ciphertext block of described last complete packet;
It is that n and length are two parts that m subtracts n that b, the described connecting method of the corresponding step B of the grouping after will deciphering are divided into length, and wherein said length is that the part of n is the plaintext of described short grouping;
C, be that the described dividing mode of the corresponding steps A of part that m subtracts n is spliced with the ciphertext block of the described short grouping that receives with length among the step b, obtain the ciphertext block that length is m, again this ciphertext block is decrypted processing, obtains the plaintext of described last complete packet.
2, the method for claim 1 is characterized in that, steps A is described to be encrypted as employing and to encrypt based on the data encryption standard algorithm of cipher block chaining model;
The described decryption processing of step c is decrypted for adopting the data encryption standard algorithm based on cipher block chaining model.
3, the method for claim 1 is characterized in that, steps A is described to be encrypted as employing and to encrypt based on the Advanced Encryption Standardalgorithm of cipher block chaining model;
The described decryption processing of step c is decrypted for adopting the Advanced Encryption Standardalgorithm based on cipher block chaining model.
4, the method for claim 1 is characterized in that, steps A is described to be divided into: the preceding n position of described ciphertext block as a part, is subtracted the n position as another part and will be left m; Perhaps the preceding m with described ciphertext block subtracts the n position as a part, and will be left the n position as another part.
5, the method for claim 1 is characterized in that, the described filling part of step B is that the described length that is marked off by ciphertext block of steps A is the part that m subtracts n;
Step B is described to be spliced into: described short grouping expressly is placed on described filling part front, or described filling part is placed on described short grouping front expressly;
Step B is described to be encrypted as employing and to encrypt based on electronic codebook mode pattern cryptographic algorithm;
The described deciphering of step a is decrypted based on electronic codebook mode pattern decipherment algorithm for adopting.
6, method as claimed in claim 5 is characterized in that, described is Advanced Encryption Standardalgorithm based on the electronic codebook mode pattern based on electronic codebook mode pattern cryptographic algorithm; Described is Advanced Encryption Standardalgorithm based on the electronic codebook mode pattern based on electronic codebook mode pattern decipherment algorithm.
7, method as claimed in claim 5 is characterized in that, described is data encryption standard algorithm based on the electronic codebook mode pattern based on electronic codebook mode pattern cryptographic algorithm; Described is data encryption standard algorithm based on the electronic codebook mode pattern based on electronic codebook mode pattern decipherment algorithm.
As claim 1,2,3,5,6 or 7 described methods, it is characterized in that 8, the encryption key that uses is identical with other employed encryption keys that divide into groups of encryption when encrypting;
Employed decruption key is identical with other employed decruption keys that divide into groups of deciphering when deciphering.
9, the method for claim 1 is characterized in that, the described filling part of step B is that length is any number that m subtracts n; Step B is described to be spliced into: according to the described dividing mode of steps A, described short grouping is expressly spliced with described filling part, make that length is that n position partly is corresponding in described short grouping position expressly and the described ciphertext block;
Step B is described to be encrypted as employing and to encrypt based on the cipher block chaining model cryptographic algorithm;
The described deciphering of step a is decrypted based on the cipher block chaining model decipherment algorithm for adopting.
CNB2005100797931A 2005-06-28 2005-06-28 The Processing Method of Short Packet in Block Encryption Algorithm Expired - Fee Related CN1323507C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005100797931A CN1323507C (en) 2005-06-28 2005-06-28 The Processing Method of Short Packet in Block Encryption Algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005100797931A CN1323507C (en) 2005-06-28 2005-06-28 The Processing Method of Short Packet in Block Encryption Algorithm

Publications (2)

Publication Number Publication Date
CN1801693A CN1801693A (en) 2006-07-12
CN1323507C true CN1323507C (en) 2007-06-27

Family

ID=36811482

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100797931A Expired - Fee Related CN1323507C (en) 2005-06-28 2005-06-28 The Processing Method of Short Packet in Block Encryption Algorithm

Country Status (1)

Country Link
CN (1) CN1323507C (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1980122B (en) * 2006-11-16 2012-11-14 北京尧天网迅科技有限公司 Method for increasing information transmission safety
CN101355421B (en) * 2008-09-25 2011-05-11 中国电信股份有限公司 Method for adapting ciphering/deciphering data length of packet
EP2197144A1 (en) * 2008-12-15 2010-06-16 Thomson Licensing Methods and devices for a chained encryption mode
CN101488860B (en) * 2009-02-20 2011-07-27 四川长虹电器股份有限公司 File ciphering, deciphering method
CN102546156A (en) * 2012-02-01 2012-07-04 李智虎 Method, system and device for grouping encryption
CN103001766A (en) * 2012-11-26 2013-03-27 北京视博数字电视科技有限公司 Symmetrical encryption and decryption method for supporting non-aligned data and system thereof
CN103488914B (en) * 2013-09-16 2016-08-17 博隆科技有限公司 Efficient self-adaptive modular data encryption method and system
CN104683093B (en) * 2013-11-27 2018-01-26 财团法人资讯工业策进会 Block encryption device, block encryption method, block decryption device, and block decryption method capable of integrity verification
CN105873033B (en) * 2016-05-16 2019-04-30 北京鼎合信安科技有限公司 A kind of encipher-decipher method of short message communication
CN106301762A (en) * 2016-08-09 2017-01-04 杭州迪普科技有限公司 The method and device of data deciphering
CN106788982A (en) * 2017-02-22 2017-05-31 郑州云海信息技术有限公司 A kind of sectional encryption transmission method and device
CN109245881A (en) * 2018-09-14 2019-01-18 杭州嘀嗒科技有限公司 A kind of photograph video cloud encryption storage method
CN110086823A (en) * 2019-05-07 2019-08-02 山东渔翁信息技术股份有限公司 A kind of data communications method, device, equipment and medium
CN111368322B (en) * 2020-03-11 2022-04-12 中电科(天津)网络信息安全有限公司 A file decryption method, device, electronic device and storage medium
CN112866288B (en) * 2021-03-01 2022-09-06 上海海事大学 Data symmetric encryption method for double-plaintext transmission
CN115696237A (en) * 2021-07-31 2023-02-03 华为技术有限公司 Encryption method, system and related device in Beidou communication system
CN113595719A (en) * 2021-07-31 2021-11-02 中国电子科技集团公司第十五研究所 Link layer beacon encryption method based on packet CBC mode
CN113794551B (en) * 2021-09-13 2024-10-15 北京江南天安科技有限公司 Equal-length block encryption method and ciphertext decryption method for long message data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2347011A1 (en) * 1998-10-28 2000-05-04 Ellwood Mcgrogan Apparatus and methods for cryptographic synchronization in packet based communications
GB2353191A (en) * 1999-07-09 2001-02-14 Hw Comm Ltd Packet data encryption/decryption
WO2004086664A2 (en) * 2003-03-27 2004-10-07 Nds Limited Improved cfm mode system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2347011A1 (en) * 1998-10-28 2000-05-04 Ellwood Mcgrogan Apparatus and methods for cryptographic synchronization in packet based communications
GB2353191A (en) * 1999-07-09 2001-02-14 Hw Comm Ltd Packet data encryption/decryption
WO2004086664A2 (en) * 2003-03-27 2004-10-07 Nds Limited Improved cfm mode system

Also Published As

Publication number Publication date
CN1801693A (en) 2006-07-12

Similar Documents

Publication Publication Date Title
CN101188496B (en) A kind of short message encrypted transmission method
CN1323507C (en) The Processing Method of Short Packet in Block Encryption Algorithm
KR101387799B1 (en) Encryption method for message authentication
US8194858B2 (en) Chaotic cipher system and method for secure communication
KR20030085094A (en) Encrypting device
CN107534558B (en) Method for protecting the information security of data transmitted via a data bus and data bus system
CN102025505A (en) Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
JPH0918469A (en) Cryptographic communication device, system, and cryptographic device
US20110182419A1 (en) Encryption algorithm with randomized buffer
CN113015157A (en) Method, device and system for supporting multiple encryption in wireless communication system
CN1859081B (en) Immediate news enciphering transmission method and system
US7406595B1 (en) Method of packet encryption that allows for pipelining
CN104579645B (en) Key updating method based on AES encryption system
CN101420687B (en) An identity verification method based on mobile terminal payment
McGrew Low power wireless scenarios and techniques for saving bandwidth without sacrificing security
CN101496340B (en) Method for establishing a secret key between two nodes in a communication network
CN101882991B (en) Communication Data Stream Encryption Method Based on Block Cipher Algorithm
CN101262340A (en) MMS encryption method and mobile terminal for sending and receiving encrypted MMS
JP2000514934A (en) Method and apparatus for enhanced security enhancement of a private key to a lookup table to improve security of wireless telephone messages
Kato et al. The Camellia cipher algorithm and its use with IPSec
Mohamed Cryptography concepts: Confidentiality
JP2009098321A (en) Information processing device
JP4664692B2 (en) ENCRYPTION METHOD, DECRYPTION METHOD, ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION DEVICE, AND PROGRAM
Wee et al. An FPGA network architecture for accelerating 3DES-CBC
US8908861B2 (en) AES algorithm-based encryption apparatus and method for mobile communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CI03 Correction of invention patent

Correction item: Claims

Correct: Claim No. 1-13

False: Claim No. 1-9

Number: 16

Volume: 23

COR Change of bibliographic data

Free format text: CORRECT: RIGHT-CLAIMING DOCUMENT; FROM: RIGHT-CLAIMING DOCUMENT ITEM NO. 1-9 TO: RIGHT-CLAIMING DOCUMENT ITEM NO. 1-13

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20070627