+

CN118568753B - Decryption method and device for ciphertext data block and program product - Google Patents

Decryption method and device for ciphertext data block and program product Download PDF

Info

Publication number
CN118568753B
CN118568753B CN202411021334.7A CN202411021334A CN118568753B CN 118568753 B CN118568753 B CN 118568753B CN 202411021334 A CN202411021334 A CN 202411021334A CN 118568753 B CN118568753 B CN 118568753B
Authority
CN
China
Prior art keywords
target
data block
vector
file
ciphertext data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411021334.7A
Other languages
Chinese (zh)
Other versions
CN118568753A (en
Inventor
薛光峰
叶超
曾华安
陈琳耀
王慧
周郃
张海宾
陈梁
袁文君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dahua Technology Co Ltd
Original Assignee
Zhejiang Dahua Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dahua Technology Co Ltd filed Critical Zhejiang Dahua Technology Co Ltd
Priority to CN202411021334.7A priority Critical patent/CN118568753B/en
Publication of CN118568753A publication Critical patent/CN118568753A/en
Application granted granted Critical
Publication of CN118568753B publication Critical patent/CN118568753B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a decryption method and device for ciphertext data blocks and a program product, wherein the method comprises the following steps: obtaining target decryption parameters of a target encryption file, wherein the target decryption parameters comprise an encryption algorithm mode and an initialization vector required by encrypting an original file, and the target encryption file is a file obtained by encrypting the original file; under the condition that the encryption algorithm mode is a target mode, the operation of encrypting the initialization vector by using the target key to obtain a target vector and the operation of obtaining a target ciphertext data block included in the target encryption file are executed in parallel; and executing target operation on the target vector and the target ciphertext data block to obtain a target plaintext data block. The application solves the problems of time consumption and high cost of decryption in the related technology, and achieves the effect of improving the decryption efficiency with low cost.

Description

Decryption method and device for ciphertext data block and program product
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a method and a device for decrypting ciphertext data blocks and a program product.
Background
In the security industry, service data with larger capacities such as audio and video are mostly stored in a mechanical hard disk, and system files with smaller occupied space are mostly stored in a solid state disk. The mechanical hard disk has slower reading speed, but longer data storage time and lower cost; the solid state disk has the advantages of high reading speed, short data storage time and high cost. However, compared with the reading speed of the memory, the reading speed of the hard disk is relatively low, so that in order to accelerate encryption and decryption, a special encryption and decryption chip is usually integrated on the hard disk, and the time consumption is reduced by the encryption and decryption chip with high throughput, but the problem of high hardware cost exists.
Disclosure of Invention
The embodiment of the application provides a method, a device and a program product for decrypting ciphertext data blocks, which at least solve the problems of time consumption and high cost of decryption in the related art.
According to an embodiment of the present application, there is provided a decryption method of ciphertext data blocks, including: obtaining target decryption parameters of a target encrypted file, wherein the target decryption parameters comprise an encryption algorithm mode and an initialization vector required by encrypting an original file, and the target encrypted file is a file obtained by encrypting the original file; the method comprises the steps of executing the operation of encrypting the initialization vector by using a target key to obtain a target vector and the operation of acquiring a target ciphertext data block included in the target encrypted file in parallel under the condition that the encryption algorithm mode is a target mode; and performing target operation on the target vector and the target ciphertext data block to obtain a target plaintext data block, wherein the target plaintext data block is a data block included in the original file, and the target ciphertext data block is a data block obtained by encrypting the target plaintext data block.
In one exemplary embodiment, before obtaining the target decryption parameters of the target encrypted file, the method includes: reading a plurality of decryption parameters of a plurality of encrypted files in advance from an initial storage space, and correspondingly caching the decryption parameters and unique identification information of the encrypted files in a target storage space, wherein the encrypted files comprise the target encrypted files, and the decryption parameters comprise the target decryption parameters; obtaining a target decryption parameter of a target encrypted file, including: and acquiring the target decryption parameters stored corresponding to the target encrypted file from the target storage space based on the target identification information of the target encrypted file.
In an exemplary embodiment, in a case where the encryption algorithm mode is the target mode, the operation of encrypting the initialization vector with a target key to obtain a target vector and the operation of obtaining a target ciphertext data block included in the target encrypted file are performed in parallel, including: determining the encryption times of the encryption operation on the initialization vector based on the position information of the target ciphertext data block in the target encryption file when the target mode is an output feedback OFB mode; executing the encryption operation on the initialization vector by using the target key according to the encryption times in the first thread to obtain the target vector; and acquiring the target ciphertext data block from the target encryption file according to the identification information of the target ciphertext data block in a second thread, wherein the first thread and the second thread are executed in parallel.
In an exemplary embodiment, in a case where the encryption algorithm mode is the target mode, the operation of encrypting the initialization vector with a target key to obtain a target vector and the operation of obtaining a target ciphertext data block included in the target encrypted file are performed in parallel, including: determining the number of the obtained plaintext data blocks in case that the target mode is a counter mode; obtaining a first initialization vector based on the number of the currently obtained plaintext data blocks and the initialization vector; in a first thread, performing encryption operation on the first initialization vector by using the target key to obtain the target vector; and acquiring the target ciphertext data block from the target encryption file according to the identification information of the target ciphertext data block in a second thread, wherein the first thread and the second thread are executed in parallel.
In an exemplary embodiment, obtaining a first initialization vector based on the number of plaintext data blocks currently obtained and the initialization vector includes: determining the initialization vector as the first initialization vector when the number of the currently obtained plaintext data blocks is 0; and under the condition that the number of the obtained plaintext data blocks is larger than 0, performing target addition operation on the initialization vector to obtain the first initialization vector.
In an exemplary embodiment, performing a target operation on the target vector and the target ciphertext data block to obtain a target plaintext data block, includes: converting the target vector and the target ciphertext data block according to a target system to obtain a target vector under the target system and a target ciphertext data block under the target system; and performing exclusive OR operation on the target vector under the target system and the target ciphertext data block under the target system to obtain the target plaintext data block.
According to an embodiment of the present application, there is provided a decryption apparatus of ciphertext data blocks, including: the first acquisition module is used for acquiring target decryption parameters of a target encrypted file, wherein the target decryption parameters comprise an encryption algorithm mode and an initialization vector required by encrypting an original file, and the target encrypted file is a file obtained by encrypting the original file; the first encryption module is used for executing the operation of encrypting the initialization vector by using a target key to obtain a target vector and the operation of acquiring a target ciphertext data block included in the target encryption file in parallel under the condition that the encryption algorithm mode is a target mode; and the first execution module is used for executing target operation on the target vector and the target ciphertext data block to obtain a target plaintext data block, wherein the target plaintext data block is a data block included in the original file, and the target ciphertext data block is a data block obtained by encrypting the target plaintext data block.
In an exemplary embodiment, the above apparatus further includes: the first reading module is used for reading a plurality of decryption parameters of a plurality of encryption files in advance from an initial storage space before obtaining target decryption parameters of a target encryption file, and correspondingly caching the decryption parameters and unique identification information of the encryption files in the target storage space, wherein the encryption files comprise the target encryption file, and the decryption parameters comprise the target decryption parameters; the first obtaining module includes: and the first acquisition submodule is used for acquiring the target decryption parameters stored corresponding to the target encrypted file from the target storage space based on the target identification information of the target encrypted file.
In an exemplary embodiment, the first encryption module includes: a first determining sub-module, configured to determine, when the target mode is an output feedback OFB mode, an encryption number of times of performing an encryption operation on the initialization vector based on position information of the target ciphertext data block in the target encryption file; the first execution submodule is used for executing the encryption operation on the initialization vector by using the target key according to the encryption times in the first thread to obtain the target vector; and the second acquisition submodule is used for acquiring the target ciphertext data block from the target encryption file according to the identification information of the target ciphertext data block in a second thread, wherein the first thread and the second thread are executed in parallel.
In an exemplary embodiment, the first encryption module includes: a second determining submodule, configured to determine a number of plaintext data blocks that have been obtained at present, in the case where the target pattern is the counter pattern; a first obtaining sub-module, configured to obtain a first initialization vector based on the number of plaintext data blocks currently obtained and the initialization vector; the second execution submodule is used for executing encryption operation on the first initialization vector by using the target key in the first thread to obtain the target vector; and a third obtaining sub-module, configured to obtain, in a second thread, the target ciphertext data block from the target ciphertext file according to the identification information of the target ciphertext data block, where the first thread and the second thread execute in parallel.
In an exemplary embodiment, the first obtaining sub-module includes: a first determining unit configured to determine the initialization vector as the first initialization vector in a case where the number of the plaintext data blocks currently obtained is 0; and the first execution unit is used for executing target addition operation on the initialization vector to obtain the first initialization vector under the condition that the number of the obtained plaintext data blocks is larger than 0.
In an exemplary embodiment, the first execution module includes: the first conversion sub-module is used for converting the target vector and the target ciphertext data block according to a target system to obtain the target vector under the target system and the target ciphertext data block under the target system; and the third execution sub-module is used for performing exclusive OR operation on the target vector under the target system and the target ciphertext data block under the target system to obtain the target plaintext data block.
According to a further embodiment of the application, there is also provided a computer program product comprising a computer program arranged to be executed by a processor for performing the steps of any of the method embodiments described above.
According to a further embodiment of the present application, there is also provided a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to be executed by a processor for performing the steps of any of the method embodiments described above.
According to a further embodiment of the application there is also provided an electronic device comprising a memory, a processor and a computer program stored on and executable on said memory, said processor being arranged to execute said computer program to perform the steps of any of the method embodiments described above.
According to the method, firstly, an encryption algorithm mode of a target encryption file and an initialization vector required for encrypting an original file are obtained, then, under the condition that the encryption algorithm mode is the target mode, the operation of encrypting the initialization vector by using a target key to obtain the target vector and the operation of obtaining a target ciphertext data block included in the target encryption file are executed in parallel, and finally, the target operation is carried out on the target vector and the target ciphertext data block to obtain a target plaintext data block. The characteristics of the encryption algorithm mode of the target encrypted file are fully utilized, the acquisition operation of the target ciphertext data block and the encryption operation of the initialization vector are executed in parallel, and after the target ciphertext data block is acquired, the target operation is directly executed, so that the time consumption of decrypting the file is greatly shortened, the problems of time consumption and high cost of decrypting in the related art are solved, and the effect of improving the decryption efficiency with low cost is achieved.
Drawings
Fig. 1 is a block diagram of a hardware structure of a mobile terminal according to a decryption method of ciphertext data blocks according to an embodiment of the present application;
FIG. 2 is a flow chart of a method of decrypting a ciphertext data block in accordance with an embodiment of the application;
FIG. 3 is a schematic diagram of a method for decrypting ciphertext data blocks according to an embodiment of the application;
FIG. 4 is a schematic diagram of the format of an encrypted file or encrypted page according to an embodiment of the application;
FIG. 5 is a flow chart of a method of decrypting a ciphertext data block in accordance with an embodiment of the application;
Fig. 6 is a block diagram of a decryption apparatus for ciphertext data blocks according to an embodiment of the application.
Detailed Description
Embodiments of the present application will be described in detail below with reference to the accompanying drawings in conjunction with the embodiments.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided in the embodiments of the present application may be performed in a mobile terminal, a computer terminal or similar computing device. Taking the mobile terminal as an example, fig. 1 is a block diagram of a hardware structure of the mobile terminal according to a decryption method of ciphertext data blocks according to an embodiment of the application. As shown in fig. 1, a mobile terminal may include one or more (only one is shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 104 for storing data, wherein the mobile terminal may also include a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those skilled in the art that the structure shown in fig. 1 is merely illustrative and not limiting of the structure of the mobile terminal described above. For example, the mobile terminal may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1.
The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to a decryption method of a ciphertext data block in an embodiment of the application, and the processor 102 executes the computer program stored in the memory 104 to perform various functional applications and data processing, that is, to implement the above-mentioned method. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located relative to the processor 102, which may be connected to the mobile terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, simply referred to as a NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is configured to communicate with the internet wirelessly.
In this embodiment, a method for decrypting a ciphertext data block is provided, and fig. 2 is a flowchart of a method for decrypting a ciphertext data block according to an embodiment of the application, as shown in fig. 2, where the flowchart includes the following steps:
Step S202, obtaining target decryption parameters of a target encrypted file, wherein the target decryption parameters comprise an encryption algorithm mode and an initialization vector required by encrypting an original file, and the target encrypted file is a file obtained by encrypting the original file;
Step S204, when the encryption algorithm mode is the target mode, the operation of encrypting the initialization vector by using the target key to obtain the target vector and the operation of obtaining the target ciphertext data block included in the target encryption file are executed in parallel;
In step S206, a target operation is performed on the target vector and the target ciphertext data block to obtain a target plaintext data block, where the target plaintext data block is a data block included in the original file, and the target ciphertext data block is a data block obtained by encrypting the target plaintext data block.
The main body of execution of the steps in this embodiment may be a specific processor provided in a terminal, a server, a terminal or a server, or a processor or a processing device provided separately from the terminal or the server, but is not limited thereto.
Alternatively, the target encrypted file may be a file in text, image, form, audio, video, or the like.
Optionally, the target decryption parameters include, but are not limited to, an encryption algorithm mode and an initialization vector: the encryption algorithm type of the target encryption file and the length of the target encryption file.
Optionally, the initialization vector is a random number that meets cryptographic security requirements, such as 8D1230BC67a12D.
Through the steps, firstly, an encryption algorithm mode of a target encryption file and an initialization vector required by encrypting an original file are obtained, then, under the condition that the encryption algorithm mode is the target mode, the operation of encrypting the initialization vector by using a target key to obtain the target vector and the operation of obtaining a target ciphertext data block included in the target encryption file are executed in parallel, and finally, the target operation is carried out on the target vector and the target ciphertext data block to obtain a target plaintext data block. The characteristics of the encryption algorithm mode of the target encrypted file are fully utilized, the acquisition operation of the target ciphertext data block and the encryption operation of the initialization vector are executed in parallel, and after the target ciphertext data block is acquired, the target operation is directly executed, so that the time consumption of decrypting the file is greatly shortened, the problems of time consumption and high cost of decrypting in the related art are solved, and the effect of improving the decryption efficiency with low cost is achieved.
In one exemplary embodiment, before obtaining the target decryption parameters of the target encrypted file, the method includes: reading a plurality of decryption parameters of a plurality of encrypted files in advance from an initial storage space, and correspondingly caching the decryption parameters and unique identification information of the encrypted files in a target storage space, wherein the encrypted files comprise the target encrypted files, and the decryption parameters comprise the target decryption parameters; obtaining a target decryption parameter of a target encrypted file, including: and acquiring the target decryption parameters stored corresponding to the target encrypted file from the target storage space based on the target identification information of the target encrypted file.
Optionally, in an embodiment, the initial storage space is a storage space in a storage device, including but not limited to: mechanical hard disk, solid state hard disk, hybrid hard disk, external hard disk, network attached storage, direct connection storage, tape storage, and optical storage. The target storage space is a storage space in a memory. The unique identification information of the encrypted file is used to uniquely identify the encrypted file, including but not limited to: file name, file hash value, file sequence number, globally unique identifier of the file. For example, the following three encrypted files are stored in the mechanical hard disk: an encrypted file A, a serial number 123 and a decryption parameter D; encrypted file B, serial number 456, decryption parameter E; the method comprises the steps of (1) reading decryption parameters of three encrypted files from a mechanical hard disk in advance, namely an encrypted file C, a serial number 789 and a decryption parameter F, and correspondingly buffering the decryption parameters in a memory in the following mode: 123-decryption parameter D; 456-decryption parameter E; 789-decryption parameter F, when decryption is to be performed, the decryption parameter of the encrypted file is directly obtained from the memory according to the serial number of the encrypted file. In this embodiment, the purpose of improving the efficiency of obtaining the target decryption parameter is achieved by caching the decryption parameter of the encrypted file in the target storage space in advance.
In an exemplary embodiment, in a case where the encryption algorithm mode is the target mode, the operation of encrypting the initialization vector with a target key to obtain a target vector and the operation of obtaining a target ciphertext data block included in the target encrypted file are performed in parallel, including: determining the encryption times of the encryption operation on the initialization vector based on the position information of the target ciphertext data block in the target encryption file when the target mode is an output feedback OFB mode; executing the encryption operation on the initialization vector by using the target key according to the encryption times in the first thread to obtain the target vector; and acquiring the target ciphertext data block from the target encryption file according to the identification information of the target ciphertext data block in a second thread, wherein the first thread and the second thread are executed in parallel.
Optionally, in this embodiment, the target key may be input by a user or obtained from a hardware security device, where the encryption operation includes, but is not limited to, an encryption operation implemented using a symmetric algorithm, and the identification information of the target ciphertext block is used to obtain the target ciphertext data block from the target encrypted file, including, but not limited to: a data block sequence number, a globally unique identifier of the data block. As shown in fig. 3, fig. 3 is a schematic diagram of a method for decrypting a ciphertext data block according to an embodiment of the present application, and assuming that the location information of a target ciphertext data block in a target encrypted file is a third block, a first thread performs 3 times of encryption operations on an initialization vector by using a target key to obtain a target vector, and a second thread obtains the target ciphertext data block from the target encrypted file according to a sequence number 3. In this embodiment, the purpose of improving the decryption efficiency is achieved by executing the acquisition operation of the target ciphertext data block and the encryption operation of the initialization vector in parallel.
In an exemplary embodiment, in a case where the encryption algorithm mode is the target mode, the operation of encrypting the initialization vector with a target key to obtain a target vector and the operation of obtaining a target ciphertext data block included in the target encrypted file are performed in parallel, including: determining the number of the obtained plaintext data blocks in case that the target mode is a counter mode; obtaining a first initialization vector based on the number of the currently obtained plaintext data blocks and the initialization vector; in a first thread, performing encryption operation on the first initialization vector by using the target key to obtain the target vector; and acquiring the target ciphertext data block from the target encryption file according to the identification information of the target ciphertext data block in a second thread, wherein the first thread and the second thread are executed in parallel.
In an exemplary embodiment, obtaining a first initialization vector based on the number of plaintext data blocks currently obtained and the initialization vector includes: determining the initialization vector as the first initialization vector when the number of the currently obtained plaintext data blocks is 0; and under the condition that the number of the obtained plaintext data blocks is larger than 0, performing target addition operation on the initialization vector to obtain the first initialization vector.
Optionally, in the present embodiment, the counter mode includes, but is not limited to: counter (CTR) Mode, galois/Counter Mode (GCM) Mode. The purpose of performing the addition operation on the initialization vector is to avoid reusing the same initialization vector during decryption, and the addition value for the initialization vector can be determined based on the number of plaintext data blocks that have been obtained. For example, assuming that the initialization vector is 8D1230BC67a12D, the number of plaintext data blocks that have been obtained is 0, then the initialization vector is the first initialization vector; assuming that the number of obtained plaintext data blocks is 2, the initialization vector is subjected to a 1-addition operation to obtain a first initialization vector, 8d1230bc67a12d+1, the number of obtained plaintext data blocks is 3, the initialization vector is subjected to a 2-addition operation to obtain a first initialization vector, 8d1230bc67a12d+2, and the number of obtained plaintext data blocks is 4, the initialization vector is subjected to a 3-addition operation to obtain a first initialization vector, 8d1230bc67a12d+3. In this embodiment, the purpose of improving the decryption efficiency is achieved by executing the acquisition operation of the target ciphertext data block and the encryption operation of the initialization vector in parallel.
In an exemplary embodiment, performing a target operation on the target vector and the target ciphertext data block to obtain a target plaintext data block, includes: converting the target vector and the target ciphertext data block according to a target system to obtain a target vector under the target system and a target ciphertext data block under the target system; and performing exclusive OR operation on the target vector under the target system and the target ciphertext data block under the target system to obtain the target plaintext data block.
Alternatively, in the present embodiment, the target vector and the target ciphertext number block are generally hexadecimal, and therefore, performing an exclusive-or operation on the target vector and the target ciphertext data block requires converting the target vector and the target ciphertext number block into binary. The binary form of the result may be converted back to hexadecimal or other numerical representation, if desired. In this embodiment, the target vector and the target ciphertext data block are subjected to binary transformation, so that the purpose of accurate decryption is achieved.
The invention is illustrated below with reference to specific examples:
a format of an encrypted file or encrypted page, comprising: type of encryption algorithm: typically symmetric encryption algorithms such as advanced encryption standard (Advanced Encryption Standard, abbreviated AES), commercial cryptographic algorithm SM4 (Chinese National Commercial Encryption Standard, abbreviated SM 4); an encryption algorithm mode; typically modes of symmetric encryption algorithms such as OFB, CTR and GCM; initializing a vector: the initialization vector used for encrypting the subsequent ciphertext data can be a random number meeting the requirements of cryptographic security; ciphertext length: a length for recording ciphertext data; ciphertext data: storing the encrypted data. As shown in FIG. 4, FIG. 4 is a schematic diagram of the format of an encrypted file or encrypted page according to an embodiment of the application.
Fig. 5 is a flowchart of a decryption method for ciphertext data blocks according to an embodiment of the present application, where the output feedback OFB mode is taken as an example, as shown in fig. 5:
S502, reading decryption parameters of an encrypted file in advance: the encryption algorithm type, the encryption algorithm mode, the initialization vector and the ciphertext length are cached in the memory;
S504, starting to read the target encrypted file;
S506, searching target decryption parameters of the target encrypted file in the memory: encryption algorithm type, encryption algorithm mode, initialization vector, ciphertext length;
and S508, in the main thread, reading the target ciphertext data block from the disk, and obtaining the target ciphertext data block after a period of delay, wherein the time consumption of the step is determined by the medium type and the use condition of the hard disk, for example, the medium type of the hard disk is mainly divided into a mechanical hard disk and a solid state disk, and the reading speed of the solid state disk is higher. For another example, the use condition of the hard disk, such as temperature, disk fragments, use frequency, etc., may also affect the reading speed, for example, the disk fragments may cause the seek time to be long, thereby increasing the reading time;
S510, while reading the target ciphertext data block in the main thread, encrypting the initialization vector for a plurality of times according to the target key in the encryption thread to generate a target vector, wherein the length of the target vector is not more than the specified ciphertext length in the algorithm parameter at maximum;
S512, the target ciphertext data block is exclusive-or with the target vector, and in an extreme scene, the length of the target vector is smaller than that of the target ciphertext data block, and the target ciphertext data block can be exclusive-or with the target ciphertext data block after the target vector is enough in length, so that the target plaintext data block is obtained.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of the various embodiments of the present application.
In this embodiment, a decryption device for ciphertext data blocks is further provided, and the device is used to implement the foregoing embodiments and preferred embodiments, and is not described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the system described in the following embodiments is preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Fig. 6 is a block diagram illustrating a structure of a decryption apparatus for ciphertext data blocks according to an embodiment of the application, as shown in fig. 6, the apparatus comprising:
A first obtaining module 602, configured to obtain a target decryption parameter of a target encrypted file, where the target decryption parameter includes an encryption algorithm mode and an initialization vector required for encrypting an original file, and the target encrypted file is a file obtained by encrypting the original file;
A first encryption module 604, configured to, when the encryption algorithm mode is a target mode, perform in parallel an operation of encrypting the initialization vector with a target key to obtain a target vector and an operation of obtaining a target ciphertext data block included in the target encrypted file;
The first execution module 606 is configured to execute a target operation on the target vector and the target ciphertext data block to obtain a target plaintext data block, where the target plaintext data block is a data block included in the original file, and the target ciphertext data block is a data block obtained by encrypting the target plaintext data block.
In an exemplary embodiment, the above apparatus further includes: the first reading module is used for reading a plurality of decryption parameters of a plurality of encryption files in advance from an initial storage space before obtaining target decryption parameters of a target encryption file, and correspondingly caching the decryption parameters and unique identification information of the encryption files in the target storage space, wherein the encryption files comprise the target encryption file, and the decryption parameters comprise the target decryption parameters; the first obtaining module includes: and the first acquisition submodule is used for acquiring the target decryption parameters stored corresponding to the target encrypted file from the target storage space based on the target identification information of the target encrypted file.
In an exemplary embodiment, the first encryption module 604 includes: a first determining sub-module, configured to determine, when the target mode is an output feedback OFB mode, an encryption number of times of performing an encryption operation on the initialization vector based on position information of the target ciphertext data block in the target encryption file; the first execution submodule is used for executing the encryption operation on the initialization vector by using the target key according to the encryption times in the first thread to obtain the target vector; and the second acquisition submodule is used for acquiring the target ciphertext data block from the target encryption file according to the identification information of the target ciphertext data block in a second thread, wherein the first thread and the second thread are executed in parallel.
In an exemplary embodiment, the first encryption module 604 includes: a second determining submodule, configured to determine a number of plaintext data blocks that have been obtained at present, in the case where the target pattern is the counter pattern; a first obtaining sub-module, configured to obtain a first initialization vector based on the number of plaintext data blocks currently obtained and the initialization vector; the second execution submodule is used for executing encryption operation on the first initialization vector by using the target key in the first thread to obtain the target vector; and a third obtaining sub-module, configured to obtain, in a second thread, the target ciphertext data block from the target ciphertext file according to the identification information of the target ciphertext data block, where the first thread and the second thread execute in parallel.
In an exemplary embodiment, the first obtaining sub-module includes: a first determining unit configured to determine the initialization vector as the first initialization vector in a case where the number of the plaintext data blocks currently obtained is 0; and the first execution unit is used for executing target addition operation on the initialization vector to obtain the first initialization vector under the condition that the number of the obtained plaintext data blocks is larger than 0.
In an exemplary embodiment, the first execution module 606 includes: the first conversion sub-module is used for converting the target vector and the target ciphertext data block according to a target system to obtain the target vector under the target system and the target ciphertext data block under the target system; and the third execution sub-module is used for performing exclusive OR operation on the target vector under the target system and the target ciphertext data block under the target system to obtain the target plaintext data block.
Embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements the steps of any of the method embodiments described above.
Embodiments of the present application also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
In one exemplary embodiment, the computer readable storage medium may include, but is not limited to: a usb disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing a computer program.
An embodiment of the application also provides an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
In an exemplary embodiment, the electronic device may further include a transmission device connected to the processor, and an input/output device connected to the processor.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps of them may be fabricated into a single integrated circuit module. Thus, the present application is not limited to any specific combination of hardware and software.
The above is only a preferred embodiment of the present application, and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the principle of the present application should be included in the protection scope of the present application.

Claims (10)

1. A method of decrypting a ciphertext data block, comprising:
Obtaining target decryption parameters of a target encrypted file, wherein the target decryption parameters comprise an encryption algorithm mode and an initialization vector required by encrypting an original file, and the target encrypted file is a file obtained by encrypting the original file;
Under the condition that the encryption algorithm mode is a target mode, the operation of encrypting the initialization vector by using a target key to obtain a target vector and the operation of acquiring a target ciphertext data block included in the target encryption file are executed in parallel;
And performing target operation on the target vector and the target ciphertext data block to obtain a target plaintext data block, wherein the target plaintext data block is a data block included in the original file, and the target ciphertext data block is a data block obtained by encrypting the target plaintext data block.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
Before obtaining the target decryption parameters of the target encrypted file, the method comprises the following steps: reading a plurality of decryption parameters of a plurality of encrypted files in advance from an initial storage space, and correspondingly caching the decryption parameters and unique identification information of the encrypted files in a target storage space, wherein the encrypted files comprise the target encrypted files, and the decryption parameters comprise the target decryption parameters;
Obtaining a target decryption parameter of a target encrypted file, including: and acquiring the target decryption parameters stored corresponding to the target encrypted file from the target storage space based on the target identification information of the target encrypted file.
3. The method according to claim 1, wherein the operation of encrypting the initialization vector with a target key to obtain a target vector and the operation of acquiring a target ciphertext data block included in the target encryption file are performed in parallel in the case where the encryption algorithm mode is a target mode, comprising:
determining the encryption times of executing encryption operation on the initialization vector based on the position information of the target ciphertext data block in the target encryption file under the condition that the target mode is an output feedback OFB mode;
Executing the encryption operation on the initialization vector by using the target key according to the encryption times in a first thread to obtain the target vector;
And acquiring the target ciphertext data block from the target encrypted file according to the identification information of the target ciphertext data block in a second thread, wherein the first thread and the second thread are executed in parallel.
4. The method according to claim 1, wherein the operation of encrypting the initialization vector with a target key to obtain a target vector and the operation of acquiring a target ciphertext data block included in the target encryption file are performed in parallel in the case where the encryption algorithm mode is a target mode, comprising:
determining the number of the obtained plaintext data blocks currently in case the target pattern is a counter pattern;
obtaining a first initialization vector based on the number of the currently obtained plaintext data blocks and the initialization vector;
in a first thread, performing encryption operation on the first initialization vector by using the target key to obtain the target vector;
And acquiring the target ciphertext data block from the target encrypted file according to the identification information of the target ciphertext data block in a second thread, wherein the first thread and the second thread are executed in parallel.
5. The method of claim 4, wherein deriving a first initialization vector based on the number of blocks of plaintext data currently being acquired and the initialization vector comprises:
determining the initialization vector as the first initialization vector in the case that the number of the currently obtained plaintext data blocks is 0;
and under the condition that the number of the obtained plaintext data blocks is larger than 0, performing target addition operation on the initialization vector to obtain the first initialization vector.
6. The method of claim 1, wherein performing a target operation on the target vector and the target ciphertext data block to obtain a target plaintext data block comprises:
converting the target vector and the target ciphertext data block according to a target system to obtain a target vector under the target system and a target ciphertext data block under the target system;
And performing exclusive OR operation on the target vector under the target system and the target ciphertext data block under the target system to obtain the target plaintext data block.
7. A decryption apparatus for ciphertext data blocks, comprising:
The first acquisition module is used for acquiring target decryption parameters of a target encrypted file, wherein the target decryption parameters comprise an encryption algorithm mode and an initialization vector required by encrypting an original file, and the target encrypted file is a file obtained by encrypting the original file;
The first encryption module is used for executing the operation of encrypting the initialization vector by using a target key to obtain a target vector and the operation of acquiring a target ciphertext data block included in the target encryption file in parallel under the condition that the encryption algorithm mode is a target mode;
And the first execution module is used for executing target operation on the target vector and the target ciphertext data block to obtain a target plaintext data block, wherein the target plaintext data block is a data block included in the original file, and the target ciphertext data block is a data block obtained by encrypting the target plaintext data block.
8. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the steps of the method as claimed in any one of claims 1 to 6.
9. A computer readable storage medium, characterized in that a computer program is stored in the computer readable storage medium, wherein the computer program, when being executed by a processor, implements the steps of the method according to any of the claims 1 to 6.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 6 when the computer program is executed.
CN202411021334.7A 2024-07-29 2024-07-29 Decryption method and device for ciphertext data block and program product Active CN118568753B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411021334.7A CN118568753B (en) 2024-07-29 2024-07-29 Decryption method and device for ciphertext data block and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411021334.7A CN118568753B (en) 2024-07-29 2024-07-29 Decryption method and device for ciphertext data block and program product

Publications (2)

Publication Number Publication Date
CN118568753A CN118568753A (en) 2024-08-30
CN118568753B true CN118568753B (en) 2024-10-22

Family

ID=92469618

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411021334.7A Active CN118568753B (en) 2024-07-29 2024-07-29 Decryption method and device for ciphertext data block and program product

Country Status (1)

Country Link
CN (1) CN118568753B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103118089A (en) * 2013-01-22 2013-05-22 华中科技大学 Safe storage method based on a plurality of cloud storage systems and system thereof
CN115567189A (en) * 2022-09-06 2023-01-03 中国电信股份有限公司 Encryption method, decryption method and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102090374B1 (en) * 2018-01-29 2020-03-17 엄희정 The Method and Apparatus for File System Level Encryption Using GPU
CN109905412B (en) * 2019-04-28 2021-06-01 山东渔翁信息技术股份有限公司 Network data parallel encryption and decryption processing method, device and medium
US12432055B2 (en) * 2022-04-29 2025-09-30 SanDisk Technologies, Inc. Low latency block cipher in memory devices
CN116170180A (en) * 2022-12-27 2023-05-26 中国电信股份有限公司 Encryption method, encryption device, storage medium and electronic equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103118089A (en) * 2013-01-22 2013-05-22 华中科技大学 Safe storage method based on a plurality of cloud storage systems and system thereof
CN115567189A (en) * 2022-09-06 2023-01-03 中国电信股份有限公司 Encryption method, decryption method and device

Also Published As

Publication number Publication date
CN118568753A (en) 2024-08-30

Similar Documents

Publication Publication Date Title
US11431496B2 (en) Secret search device and secret search method
CN108038128B (en) Retrieval method, system, terminal equipment and storage medium of encrypted file
US9037870B1 (en) Method and system for providing a rotating key encrypted file system
US11888827B2 (en) Secure data transfer apparatus, system, and method
CN112217831A (en) Information interaction method, device and equipment about Internet of things equipment
CN107786331B (en) Data processing method, device, system and computer readable storage medium
CN103731258A (en) Method and device for generating secret key
CN110391895B (en) Data preprocessing method, ciphertext data acquisition method, device and electronic equipment
CN113382029A (en) File data processing method and device
JP2022058872A (en) Technologies for enhanced computer security, variable word length encoding, and variable length decoding
CN111611621A (en) Block chain based distributed data encryption storage method and electronic equipment
EP4531374A1 (en) Domain name encryption method, decryption method, and apparatus based on content delivery network
CN112883388B (en) File encryption method and device, storage medium and electronic device
CN107872315B (en) Data processing method and intelligent terminal
CN110401689B (en) File management method, device and storage medium
CN111931204A (en) Encryption and de-duplication storage method and terminal equipment for distributed system
CN118568753B (en) Decryption method and device for ciphertext data block and program product
CN113132484B (en) Data transmission method and device
US20240154785A1 (en) Data management method and apparatus using homomorphic encryption lookup table
CN112637151A (en) Data message transmission method, terminal device, server and storage medium
CN109739574A (en) Data capture method and electronic equipment, scaling method and device
CN111104648A (en) Software processing method and device, application program and electronic equipment
CN111506913B (en) Audio encryption method and device, storage medium and electronic device
CN113542377A (en) Method and system for downloading code streams of different formats to FPGA
JP2023511209A (en) In-vehicle device upgrade method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载