阅读说明：本技术 一种基于国密算法的安卓信息加密系统及方法 (A kind of Android information encryption system and method based on national secret algorithm ) 是由 王志强 池亚平 王兵 张健毅 张翼 钱榕 张南峰 张克君 董宏宇 饶晨雨 李瑞庆 于 2019-08-27 设计创作，主要内容包括：本发明涉及一种基于国密算法的安卓信息加密系统及方法,基于SM4算法与SM2算法相结合的混合密码体制,采用SM4算法对明文进行加密,提高加密效率,降低资源消耗,并用椭圆曲线加密算法对信息加密的密钥进行加密以保证明文在传送过程中的安全性,同时采用安全哈希算法对明文在收发前后进行哈希比较,验证信息完整性。(The present invention relates to a kind of Android information encryption system and method based on national secret algorithm, the mixed cipher system combined based on SM4 algorithm with SM2 algorithm, using SM4 algorithm to encrypting in plain text, improve encryption efficiency, reduce resource consumption, and the safety being encrypted to ensure that Ming Wen in transmit process is carried out to the key that information encrypts with elliptic curve encryption algorithm, while Hash comparison, verification information integrality are carried out to plaintext before and after transmitting-receiving using Secure Hash Algorithm.)

1. a kind of Android information encryption system based on national secret algorithm, it is characterised in that: including inputting information coding module, SM2 Algorithm and SM4 algorithm mixing encryption/decryption module, database import contact module and digital signature verification module；

Information coding module is inputted, for handling the Confused-code for passing through and being likely to occur when android system sends Chinese character； When handling Chinese character, Chinese character is switched to the processing of Unicode coding, English and digital ASCII character are less than 128, root Condition judges whether the character read in is Chinese character, if it is Chinese character, then converts 16 for each Chinese character accordingly Position Unicode code, and in front add Unicode escape character ' u ', then convert plaintext into corresponding hexadecimal Bit String；After recipient receives ciphertext, only need to after decryption to front with ' the part of u ' character carry out in Unicode code turn The operation of Chinese character obtains correct plaintext；

SM2 algorithm and SM4 algorithm mix encryption/decryption module, and sender inputs the content to be sent, through inputting information coding module Encryption/decryption module is mixed with SM4 algorithm to encrypt the plaintext of sender's transmission using SM2 algorithm after processing；First added with SM4 algorithm Close plaintext obtains ciphertext, then the key with SM2 algorithm for encryption SM4 algorithm；When encryption, first convert the key of SM4 algorithm to ellipse Point on circular curve, then encrypted with the public key of SM2 algorithm, obtain encrypted key；Ciphertext is decrypted after encryption When, it is the ciphertext Bit String of SM4 algorithm secret key by the coordinate transformation of elliptic curve point after encryption；When decryption, recipient is being received After the ciphertext and encryption key that are sent to sender, first the key of SM4 algorithm is decrypted according to the private key of SM2 algorithm, so Ciphertext is decrypted with the key of SM4 algorithm again afterwards, is obtained in plain text；The operation of decryption be all to sender and recipient it is transparent, connect Debit only need to select decryption oprerations according to the ciphertext and key that sender sends；

Database imports contact module, and after sender inputs plaintext, maintenance data library technology realizes quickly leading for contact person Enter；When sending plaintext, sender adds recipient from the SQLite database of storing contact information, moreover it is possible to by new connection People's information is deposited into SQLite database, and more simple and efficient interface is provided for sender；

Digital signature identification module after recipient receives ciphertext, authenticates sender's identity, verifies the safety of transmission；Sender Hash is carried out to the plaintext that needs are sent and acquires abstract, then abstract result is added with the private key of the SM2 algorithm of sender It is close, form digital signature；Sender will obtain close simultaneously after SM2 algorithm and SM4 algorithm mixing encryption/decryption module encrypting plaintext Text, SM2 algorithm and the encrypted key of SM4 algorithm mixing encryption/decryption module, digital signature are transferred to recipient, and recipient passes through Judge that digital signature verification algorithm compares whether summary info is identical, carries out the verifying of sender's identity, if they are the same then sender Authentication success, not identical, then unverified, request sender retransmits.

2. the Android information encryption system according to claim 1 based on national secret algorithm, it is characterised in that: the SM2 is calculated In method and SM4 algorithm mixing encryption/decryption module, SM4 algorithm is block cipher, and the packet size of encryption and decryption is 128bit, therefore When carrying out encryption and decryption to message, if message-length is more than 128bit, need to be grouped, if message-length less than 128bit, It is filled；Data filling for SM4 algorithm, using PKCS7 filling mode, insufficient section is filled with the word for needing to fill Joint number increases the piecemeal for being all N if size of data is the multiple of piecemeal size N, and N is greater than 1 integer.

3. a kind of Android information ciphering method based on national secret algorithm, which comprises the following steps:

The first step, sender input in plain text, input the Chinese character in information coding resume module plaintext；

Second step carries out Hash to the plaintext that needs are sent and acquires abstract, added with the private key of sender's SM2 algorithm to abstract It is close, form digital signature；

Third step, the plaintext of SM2 algorithm and the mixing encryption/decryption module encryption sender's input of SM4 algorithm, forms ciphertext；

4th step, sender import contact module by database, import contact information；

Key after ciphertext, SM4 algorithm for encryption, digital signature are transferred to recipient simultaneously by the 5th step, sender；

6th step, after recipient receives information, SM2 algorithm and SM4 algorithm mix encryption/decryption module according to the private key pair of SM2 algorithm The key of SM4 algorithm is decrypted, and then decrypts ciphertext with the key of SM4 algorithm again, obtains in plain text；

7th step, whether recipient is identical by the abstract that digital signature identification module compares plaintext, for verifying sender's body Part, then authentication success if they are the same, not identical then unverified, request repeat.

4. the Android information ciphering method according to claim 3 based on national secret algorithm, it is characterised in that: in the first step, When inputting the information that information coding resume module sender sends, to being respectively pure English containing character comprising content, pure Chinese is pure Number, English digital, Chinese figure, English Chinese, the different data of Chinese English digital mixing substitutes into Android environment to be added Close model is detected.

5. the Android information ciphering method according to claim 3 based on national secret algorithm, it is characterised in that: in second step, When with SM2 algorithm and the plaintext of SM4 algorithm mixing encryption/decryption module encryption sender's input, the algorithm of encryption is detected, Verify the performance of the Android information ciphering method based on national secret algorithm.

6. the Android information ciphering method according to claim 3 based on national secret algorithm, it is characterised in that: in the 7th step, SM2 algorithm and SM4 algorithm mixing encryption/decryption module decrypt the key of SM4 algorithm according to the private key of SM2 algorithm.

Technical field

The present invention relates to information security field, in particular to a kind of Android information encryption system and side based on national secret algorithm Method.

Background technique

Information security issue is all one of the focal issue that the whole world gives more sustained attention, the biography that can information safe all the time It passs and is related to everyone itself personal secrets.With modern communications continuous development and mobile terminal self performance it is continuous It improving, the mobile terminals such as mobile phone have come into the intelligent digital epoch, the more and more extensive of communication change is carried out by smart phone, Communication service is also more and more diversified, and wherein cellphone information service is a kind of extensive communication service of use.People pass through information The problem of transmitting-receiving is personal and business information, but the transmission of information is faced with safety, such as steal, intercept, modify, and individual is hidden The leakage of personal letter breath and business information may bring serious consequence.Therefore, the safe transmission of information is just shown between end-to-end Must be particularly important, an information encryption software is designed to ensure that the safety of information transmitting is necessary.

The operation of software be unable to do without the support of operating system, therefore, it is desirable to design information encryption software, first it is to be understood that intelligence The operating system of energy mobile phone.One of most important operating system platform is exactly android system in smart phone at present, due to it The various advantages such as open source property and ease for use, android system become the mainstream operation system of current mobile device.But The open source of android system and loose rights management mechanism make it have very big security risk again.Therefore, this system purport Realizing the information encryption system based on Android platform.

For the information encryption system of mobile phone, current research is primarily present following both sides limitation:

(1) single symmetric cryptography is used, encryption key distribution is difficult.The advantage of DSE arithmetic is that encryption system is spent Small, algorithm is simple, and efficiency is very high.The disadvantage is that key must be distributed and be exchanged in confidence in a secured manner, this makes symmetrically Often process is complicated for the distribution of the key of password, of a high price；

(2) single asymmetric cryptography is used, encryption efficiency is low.The drawbacks of in order to improve DSE arithmetic, people mention again Asymmetric cryptosystem is gone out.In asymmetric cryptosystem, encryption and decryption use two different keys, encrypt close Key is disclosed key, referred to as public key, and decruption key, only decryption people oneself are grasped, referred to as private key.Asymmetric cryptosystem Safety be that rogue attacks person can not extrapolate corresponding decruption key from disclosed encryption key, advantage is then two A user is capable of the communication of safety without passing through hidden passageway transmission key.But, although asymmetry sampling solves The problem of symmetric key cryptography system cipher key delivery, but its Encryption Algorithm is more complex, and enciphering rate is slower, therefore be not appropriate for encrypting The big information of data volume.

Summary of the invention

The present invention solves the technical problem of overcome the deficiencies in the prior art, propose a kind of based on national secret algorithm Android information encryption system and method, the mixed cipher system that the close SM2 algorithm of state, SM4 algorithm cipher system are combined are comprehensive The advantage and disadvantage of DSE arithmetic and asymmetric cryptosystem using symmetric cryptographic algorithm encrypting plaintext use asymmetric cryptography The key that algorithm for encryption symmetric cryptographic algorithm uses.Not only the fast advantage of the encryption/decryption speed of DSE arithmetic, but also solution had been utilized The problem of key secure distribution of having determined, improves enciphering rate, reduces resource consumption, further increases information transmission and key is shared Safety, realize server unified management storage key information.

The technology of the present invention solution: a kind of Android information encryption system based on national secret algorithm, novelty are embodied in:

(1) it by analysis and research theory of algorithm basis and access lot of documents, proposes a kind of by the close SM2 algorithm of state, SM4 calculation The mixed cipher system that method system combines, with safety and integrality of the enhancement information in transmission process.It is demonstrated experimentally that this The efficiency of information encryption can be improved in kind algorithm system, and occupies less mobile phone resources；

(2) plaintext for sending front and back is breathed out respectively using Secure Hash Algorithm (Secure Hash Algorithm) It is uncommon to compare, sender's identity is verified to improve the safety that information transmission is shared with key.Simultaneously design SQLite database and The interaction of mobile phone terminal solves the problems, such as that secret plaintext receiving-transmitting sides data are transmitted；

(3) it realizes private information security system, SM4 algorithm for encryption is carried out to the plaintext transmitted in a communication network, and adopt It is encrypted with key of the SM2 algorithm to SM4 algorithm, server is facilitated to realize the management and SM4 algorithm secret key of SM2 algorithm public key Exchange.

A kind of Android information encryption system based on national secret algorithm of the invention, including input information coding module, SM2 are calculated Method and SM4 algorithm mixing encryption/decryption module, database import contact module and digital signature verification module；

Information coding module is inputted, for handling the messy code for passing through and being likely to occur when android system sends Chinese character Problem；When handling Chinese character, Chinese character is switched to the processing of Unicode coding, English and digital ASCII character are less than 128, judge whether the character read in is Chinese character according to this condition, if it is Chinese character, then turns each Chinese character Turn to 16 Unicode codes, and in front plus Unicode escape character ' u ', then convert plaintext into corresponding ten Senary Bit String；After recipient receives ciphertext, only need to after decryption to front with ' u ' character part carry out Unicode The operation that code turns Chinese character obtains correct plaintext；

SM2 algorithm and SM4 algorithm mix encryption/decryption module.The content sent is wanted in sender's input, compiles through input information Encryption/decryption module is mixed with SM4 algorithm to encrypt the plaintext of sender's transmission using SM2 algorithm after code resume module；SM4 algorithm It is a grouping algorithm, data packet length 128bit, key length 128bit；Encryption Algorithm is using 32 wheel iteration knots Structure, every wheel use a round key.First in plain text with SM4 algorithm for encryption, then with the key of SM2 algorithm for encryption SM4 algorithm.It is encrypting During SM4 algorithm secret key, first convert the point on elliptic curve for the key of SM4 algorithm, then with the public key of SM2 algorithm into Row encryption, the coordinate transformation that elliptic curve point after will encrypting is decoded after encryption is the ciphertext Bit String of SM4 algorithm secret key；

Decrypting process is similar with ciphering process, and recipient is after the ciphertext and encryption key for receiving sender's transmission, first It is decrypted according to key of the private key of SM2 algorithm to SM4 algorithm, then decrypts ciphertext with the key of SM4 algorithm again, obtain bright Text.The present invention is sender and recipient provides convenience succinct interface, and the operation of decryption is transparent, reception to recipient The ciphertext received need to be only input to decrypted text frame by side, select decryption oprerations；Even if ciphertext is cut in transmit process Obtain because the private key of SM2 algorithm is stored in sender's hand, rogue attacks person can not breaking encryption key, it is even more impossible to decode Ciphertext, therefore the safety of plaintext is guaranteed；

Database imports contact module.After sender inputs plaintext, maintenance data library technology realizes that contact person's is quick It imports.When sending plaintext, sender can add recipient from the SQLite database of storing contact information, moreover it is possible to will be new Contact information is deposited into SQLite database, and more simple and efficient interface is provided for sender；

Digital signature identification module after recipient receives ciphertext, authenticates sender's identity, verifies the safety of transmission；Hair The side of sending carries out Hash to the plaintext that sends of needs and acquires abstract, then with the private key of the SM2 algorithm of sender to make a summary result into Row encryption, forms digital signature；Sender simultaneously by SM2 algorithm and SM4 algorithm mix the encrypted ciphertext of encryption/decryption module, SM2 algorithm and the encrypted key of SM4 algorithm mixing encryption/decryption module, digital signature are transferred to recipient, and recipient is by sentencing Disconnected digital signature verification algorithm compares whether summary info is identical, carries out the verifying of sender's identity, if they are the same then sender's body Part is proved to be successful, not identical, then unverified, and request sender retransmits.

In the SM2 algorithm and SM4 algorithm mixing encryption/decryption module, SM4 algorithm is block cipher, point of encryption and decryption When organizing size as 128bit, therefore carrying out encryption and decryption to plaintext, if message-length is more than 128bit, need to be grouped, if message Curtailment 128bit will be then filled；Data filling for SM4 algorithm, using PKCS7 filling mode, insufficient section It is filled with and needs byte of padding number, if size of data is the multiple of piecemeal size N, increase the piecemeal for being all N, N is Integer greater than 1.

In the SM2 algorithm and SM4 algorithm mixing encryption/decryption module, encrypted with key of the SM2 algorithm to SM4 algorithm Process are as follows: first convert the point on elliptic curve for the key of SM4 algorithm, then encrypted with the public key of SM2 algorithm, encrypt The coordinate transformation for being decoded elliptic curve point after will encrypting afterwards is the ciphertext Bit String of SM4 algorithm secret key.

A kind of Android information ciphering method based on national secret algorithm of the invention, comprising the following steps:

The first step, sender input in plain text, input the Chinese character in information coding resume module plaintext；

Second step carries out Hash to the plaintext that sends of needs and acquires abstract, with the private key of sender's SM2 algorithm to make a summary into Row encryption, forms digital signature；

Third step, the plaintext of SM2 algorithm and the mixing encryption/decryption module encryption sender's input of SM4 algorithm, forms ciphertext；

4th step, sender import contact module by database, import contact information；

Key after ciphertext, SM4 algorithm for encryption, digital signature are transferred to recipient simultaneously by the 5th step, sender；

6th step, after recipient receives information, SM2 algorithm and SM4 algorithm mix encryption/decryption module according to the private of SM2 algorithm The key of SM4 algorithm is decrypted in key, then decrypts ciphertext with the key of SM4 algorithm again, obtains in plain text；

7th step, whether recipient is identical by the abstract that digital signature identification module compares plaintext, sends for verifying Square identity, if they are the same then authentication success, not identical then unverified, request repeat；

In the above-mentioned first step, the plaintext sent using input information coding resume module sender handles text in sending Chinese character is switched to Unicode coding by the Confused-code being likely to occur when symbol.

In above-mentioned third step, with the plaintext of SM2 algorithm and the mixing encryption/decryption module encryption sender's input of SM4 algorithm；It is right The algorithm of information encryption is detected, and the performance of the Hybrid Encryption information system encryption based on national secret algorithm is verified.

In above-mentioned 6th step, mixing encryption/decryption module decrypts the key of SM4 algorithm according to the private key of SM2 algorithm.It receives The ciphertext point that the encrypted key coding received is on elliptic curve is decrypted with the private key of SM2 algorithm, is obtained ellipse by side Plaintext point on circular curve, then plaintext point is decoded as in plain text.

The advantages of the present invention over the prior art are that:

(1) present invention is using the mixed of the SM2 algorithm based on elliptic curve ECC and the SM4 algorithm based on Feistel structure The advantages of closing cipher encryption algorithm, combining DSE arithmetic and asymmetric cryptosystem realizes and adds to the quick of information Safe and convenient management close and to key, substantially increases the encryption efficiency of information, rich in novelty, while having taken into account peace again Quan Xing multi-platform can also be transplanted, easy to spread and realization；

(2) present invention verifies in terms of safety, encryption and decryption validity and encryption and decryption efficiency three.From performance evaluation and test As a result good security from the point of view of, encryption and decryption efficiency is higher, and occupied space is smaller；The content for treating encryption and decryption information multiplicity can be carried out Identifying processing simultaneously completes encryption and decryption, and encryption and decryption validity is good；

(3) research achievement of information encryption at present is mostly based on DSE arithmetic AES, DES, 3DES etc. and non-right Claim the research of cipher system such as RSA, ELGamal, ECC etc., and domesticized and applied in national secret algorithm, there are no correlations Research achievement.Encryption and decryption efficiency, compatibility about national secret algorithm such as SM2 algorithm, SM4 algorithm in encryption information transmission at present The research of property, time and space cost etc. is also seldom.

Detailed description of the invention

Fig. 1 is present system block diagram；

Fig. 2 is SM4 algorithm for encryption plaintext schematic diagram in the present invention；

Fig. 3 is that database imports contact module display diagram in the present invention；

Fig. 4 is that SM2 algorithm uses equation y²=x³- x curve graph；

Fig. 5 is SM2 algorithm encryption and decryption flow chart in the present invention；

Fig. 6 is SM4 algorithm for encryption flow chart in the present invention.

Specific embodiment

Inventive solution is realized by following scheme: sender's input in input text box wants what encryption was sent In plain text, and in the phone number of contact person region addition recipient, encrypting and transmitting button is clicked, it can be by SM4 algorithm for encryption The key of SM4 algorithm and digital signature are sent to recipient after rear ciphertext, SM2 algorithm for encryption；It, will after recipient receives ciphertext Ciphertext is input to corresponding text box field, clicks decryption button i.e. it can be seen that in plain text.

As shown in Figure 1, a kind of Android information encryption system based on national secret algorithm of the invention, including input information are compiled Code, SM2 algorithm and SM4 algorithm mixing encryption and decryption, database import contact person, digital signature identification four module.

Input information coding module.It is easily achieved the coding of English or number under android system, but is sending Chinese Confused-code is likely to occur when character.Therefore the processing in terms of encoding and decoding should being done when sending the information containing Chinese.Input letter Cease coding module in processes Chinese character problem when, using by Chinese character switch to Unicode coding processing, English and number ASCII character less than 128, can judge whether the character read in is Chinese character according to this condition, if it is Chinese character, then will Each Chinese character is converted into 16 Unicode codes, and in front plus spcial character ' u ', then convert plaintext into pair The hexadecimal Bit String answered, so that it may which correct transmission plaintext simultaneously encrypts.It, only need to be right after decryption after receiving encrypted information Front with ' the part of u ' character carry out Unicode code and turn the operation of Chinese character correct plaintext can be obtained.

SM2 algorithm and SM4 algorithm mix encryption/decryption module.Added using the Encryption Algorithm that SM2 algorithm is mixed with SM4 algorithm Close plaintext.First in plain text with SM4 algorithm for encryption, then with the key of SM2 algorithm for encryption SM4 algorithm.In the mistake of encryption SM4 algorithm secret key Cheng Zhong first converts the point on elliptic curve for the key of SM4 algorithm, then is encrypted with the public key of SM2 algorithm, encrypts laggard The coordinate transformation of elliptic curve point is the ciphertext Bit String of SM4 algorithm secret key after row decoding will encrypt；

Since SM4 algorithm is block cipher, the packet size of encryption and decryption is 128bit, therefore carries out encryption and decryption to message When, if message-length is too long, need to be grouped, if message-length is insufficient, to be filled.As shown in Fig. 2, for SM4 The data of algorithm are filled, and using PKCS7 filling mode, insufficient section, which is filled with, needs byte of padding number.If size of data is point When the multiple of block size N, then increase the piecemeal for being all N, N is greater than 1 integer.Such as 8 block of bytes, need to fill 4 bytes When, then following filling.

…|DD DD DD DD DD DD DD DD|DD DD DD DD 04 04 04 04|

Decrypting process is similar with ciphering process, and recipient is after the ciphertext and encryption key for receiving sender's transmission, first It is decrypted according to key of the private key of SM2 algorithm to SM4 algorithm, then decrypts ciphertext with the key of SM4 algorithm again, obtain bright Text.The present invention is sender and recipient provides convenience succinct interface, and the operation of decryption is transparent, reception to recipient The ciphertext received need to be only input to decrypted text frame by side, select decryption oprerations；Even if ciphertext is cut in transmit process Obtain because the private key of SM2 algorithm is stored in sender's hand, rogue attacks person can not breaking encryption key, it is even more impossible to decode Ciphertext, therefore the safety of plaintext is guaranteed；

Database imports contact module.The system has contact management's functional module, function interface such as Fig. 2 institute Show.The functional module has used database technology, realizes quickly introducing for contact person.When sending plaintext, sender can lead to Click contact icon is crossed, adds recipient from the SQLite database of storing contact information, but also can will be new Contact information is deposited into SQLite database, provides more simple and efficient interface.

Digital signature identification module.This module mainly verifies sender's identity, it is ensured that the safety of transmission.This system is first Hash first is carried out to the plaintext that needs are sent and acquires abstract, then abstract is encrypted with sender's SM2 algorithm private key, thus Form digital signature.Key after ciphertext, SM4 algorithm for encryption, digital signature are transferred to recipient, recipient simultaneously by sender By digital signature verification algorithm compare abstract it is whether identical, come carry out verifying sender's identity.If they are the same then authentication at Function, not identical then unverified, request repeat.

The present invention is realized by the Hybrid Encryption algorithm of SM2 algorithm and SM4 algorithm for encryption of plaintext.Sender is first The plaintext that the desired encryption of input is sent in input text box is clicked and is added in the phone number of contact person region addition recipient Close and send button, can be by the ciphertext sum number after the key of SM4 algorithm, SM4 algorithm for encryption after SM2 algorithm public key encryption Word signature is sent to recipient；Ciphertext and key are input to the corresponding text box field that software decrypts ciphertext, point by recipient Original plaintext can be viewed by hitting decryption button.For convenience of use, system provides contact person's import feature, while also providing Digital signature identification function, further improves the safety of information encryption transmission process.

SM2 algorithm and SM4 algorithm mixing encryption/decryption module combine SM2 algorithm, SM4 algorithm.Wherein:

SM2 algorithm is issued by national Password Management office on December 17th, 2010, and full name is elliptic curve.It is oval bent Line is not ellipse, why referred to as elliptic curve be because of them indicated with cubic equation, and the equation and meter The equation for calculating oval perimeters is similar.In general, the cubic equation shape of elliptic curve are as follows: y²+ axy+by=x³+cx²+ dx+e (its Middle a, b, c, d, e are the real numbers for meeting certain conditions, because the index in equation is up to 3, referred to as cubic equation, or Person says that the number of equation is 3) and the equation that SM2 algorithm uses are as follows: y²=x³+ ax+b, in SM2 algorithm standard rules, by specified A, b coefficient, it is determined that unique standard curve.

Fig. 4 is that SM2 algorithm uses equation y²=x³- x curve graph.

1. P point is basic point；

2. doing tangent line by P point, point 2P point is given, vertical line is done in 2P ' point, gives 2P point, 2P point is 2 times of points of P point；

3. further, doing straight line between P point and 2P point, giving 3P ' point, vertical line is done in 3P ' point, gives 3P point, 3P point is For 3 times of points of P point；

4. the 4 of P point, 5,6 ... times of points similarly, can be calculated；

In elliptic curve, using multiple d as private key, using Q as public key.The safety of SM2 algorithm is based on mathematics Problem discrete logarithm problem realizes that i.e. consideration equation Q=dP, wherein Q, P belong to same elliptic curve E_p(a, b), d < p, then Seeking d by P, Q is to calculate safety.Intuitively understand, it is readily that one point of retrospectively calculate is that forward direction, which calculates one times of point, Several times of points of P are then difficult more.

Rivest, shamir, adelman SM2 enciphering and deciphering algorithm flow chart is as shown in Figure 5:

1, sender selectes an elliptic curve Ep (a, b), and takes on elliptic curve some G as basic point, so that the rank of G N is a Big prime；

2, a sender-selected private cipher key k calculates P=kG, then discloses (p, a, b, G, P), and P is public key, secrecy K, k are private key；

3, plaintext to be transmitted is for conversion into E by sender_pA point P in (a, b)_m, random number r is then selected, is calculated close Literary C_m=(rG, P_m+ rP), if r makes rG or rP be O, to reselect r；

4, ciphertext is sent to recipient；

5, recipient calculates C_m:(P_m+ rP)-k (rG)=P_m+ rkG-krG=P_mTo get to the plaintext point on elliptic curve；

6, plaintext point obtained above is decoded again and is just obtained in plain text.

As public key algorithm, SM2 algorithm has the advantages that encryption key distribution and management are easy, and now to oval bent The time of line research is short, never finds subset index grade algorithm so far.The preferably square of ECDLP is solved just because of currently known Method be it is exponential, this to select SM2 algorithm when making encryption and decryption and digital signature, and required key length is than other public keys Cryptographic algorithm such as RSA Algorithm wants much shorter.

The SM4 algorithm is grouping symmetric cryptographic algorithm, for realizing the encryption and decryption operation of data, to guarantee data and letter The confidentiality of breath, encryption flow figure are as shown in Figure 6.

The block length of the algorithm is 128bit, key length 128bit.Encryption Algorithm and key schedule are all adopted With 32 wheel nonlinear iteration structures.Decipherment algorithm is identical as the structure of Encryption Algorithm, and only the use sequence of round key is on the contrary, solution Close round key is the backward of encryption round key.

1. key and key parameter.Encryption key lengths are 128bit, are expressed as MK=(MK₀,MK₁,MK₂,MK₃), wherein MK_iIt (i=0,1,2,3) is word.Round key is expressed as (rk₀,rk₁,…,rk₃₁), wherein rk_i(i=0 ..., 31) it is word.It takes turns close Key is generated by encryption key.FK=(FK₀,FK₁,FK₂,FK₃) it is system parameter, CK=(CK₀,CK₁,…,CK₃₁) it is fixed ginseng Number is used for key schedule, wherein FK_i(i=0 ..., 3), CK_i(i=0 ..., 31) it is word.

2. round function F uses nonlinear iteration structure, cryptographic calculation is carried out as unit of word, an iteration operation is referred to as one Round transformation.

If input isRound key isThen round function F are as follows:

F(X₀,X₁,X₂,X₃, rk) and=X₀⊕T(X₁⊕X₂⊕X₃⊕rk)

3. synthesis displacement T:An inverible transform, it is compound by nonlinear transformation τ and linear transformation L and At i.e. T ()=L (τ ()).

(a) nonlinear transformation τ.τ is made of four parallel S boxes.If input isIt is defeated It is outThen (b₀,b₁,b₂,b₃)=τ (A)=(Sbox (a₀),Sbox(a₁),Sbox(a₂), Sbox(a₃))。

Data in S box are all made of the expression of 16 systems.

(b) linear transformation L.The output of nonlinear transformation τ is the input of linear transformation L.If input isOutput isThen:

C=L (B)=B ⊕ (B < < < 2) ⊕ (B < < < 10) ⊕ (B < < < 18) ⊕ (B < < < 24).

4. the round key of Encryption Algorithm is generated by encryption key by key schedule in key schedule.

Encryption key MK=(MK₀,MK₁,MK₂,MK₃),I=0,1,2,3；

It enablesI=0,1 ..., 35, round key isI=0,1 ..., 31, then round key generation method Are as follows:

Firstly, (K₀,K₁,K₂,K₃)=(MK₀⊕FK₀,MK₁⊕FK₁,MK₂⊕FK₂,MK₃⊕FK₃)

Then, to i=0,1 ..., 31:

rk_i=K_i+4=K_i⊕T’(K_i+1⊕K_i+2⊕K_i+3⊕CK_i)

Illustrate:

(a) T ' transformation is essentially identical with the T in Encryption Algorithm round function, is only revised as linear transformation L therein following L ': L ' (B)=B ⊕ (B < < < 13) ⊕ (B < < < 23)；

(b) value of system ginseng FK, is indicated are as follows: FK using 16 systems₀=(A3B1BAC6), FK₁=(56AA3350), FK₂ =(677D9197), FK₃=(B27022DC)；

(c) obtaining value method of preset parameter CK are as follows:

If ck_i,jFor CK_iJth byte (i=0,1 ..., 31；J=0,1,2,3), i.e.,Then ck_i,j=(4i+j) × 7 (mod 256).32 preset parameter CK_i, 16 System indicates are as follows: 00070e15,1c232a31,383f464d, 545b6269,70777e85,8c939aa1, a8afb6bd, c4cbd2d9,e0e7eef5,fc030a11,181f262d,343b4249,50575e65,6c737a81,888f969d, a4abb2b9,c0c7ced5,dce3eaf1,f8ff060d,141b2229,30373e45,4c535a61,686f767d, 848b9299,a0a7aeb5,bcc3cad1,d8dfe6ed,f4fb0209,10171e25,2c333a41,484f565d, 646b7279

5. symmetric encipherment algorithm SM4 enciphering and deciphering algorithm

Define antitone mapping R are as follows: R (A₀,A₁,A₂,A₃)=(A₃,A₂,A₁,A₀),I=0,1,2,3.

If input is in plain textI=0,1 ..., 31.The enciphering transformation of algorithm is as follows:

X_i+4=F (X_i,X_i+1,X_i+2,X_i+3,rk_i)=X_i⊕T(X_i+1⊕X_i+2⊕X_i+3⊕rk_i), i=0,1 ..., 31.(Y₀, Y₁,Y₂,Y₃)=R (X₃₂,X₃₃,X₃₄,X₃₅)=(X₃₅,X₃₄,X₃₃,0)。

The decryption transformation of SM4 algorithm is identical with enciphering transformation structure, and different is only round key using sequence.

Round key uses sequence when encryption are as follows: (rk₀,rk₁,…,rk₃₁)；

Round key uses sequence when decryption are as follows: (rk₃₁,rk₃₀,…,rk₀)。

A kind of Android information ciphering method based on national secret algorithm of the present invention, comprising the following steps:

The first step, sender input in plain text, input the Chinese character in information coding resume module plaintext；

Second step carries out Hash to the plaintext that sends of needs and acquires abstract, with the private key of sender's SM2 algorithm to make a summary into Row encryption, forms digital signature；

Third step, the plaintext of SM2 algorithm and the mixing encryption/decryption module encryption sender's input of SM4 algorithm, forms ciphertext；

4th step, sender import contact module by database, import contact information；

Key after ciphertext, SM4 algorithm for encryption, digital signature are transferred to recipient simultaneously by the 5th step, sender；

6th step, after recipient receives information, SM2 algorithm and SM4 algorithm mix encryption/decryption module according to the private of SM2 algorithm The key of SM4 algorithm is decrypted in key, then decrypts ciphertext with the key of SM4 algorithm again, obtains in plain text.

7th step, whether recipient is identical by the abstract that digital signature identification module compares plaintext, sends for verifying Square identity, if they are the same then authentication success, not identical then unverified, request repeat；

The present invention from the performance of the validity of Encryption Algorithm, the validity of decipherment algorithm and algorithm come in terms of these three into Row detection, test content and its expected results are as shown in table 1.

Table 1

(1) validity of Encryption Algorithm is detected.To being respectively pure English (containing character) comprising content, pure Chinese, pure digi-tal, The different data of English digital, Chinese figure, English Chinese, Chinese English digital mixing substitutes into Encryption Model in Android environment It is detected.

(2) validity of decipherment algorithm is detected.To being respectively pure English (containing character) comprising content, pure Chinese, pure digi-tal, The different data of English digital, Chinese figure, English Chinese, Chinese English digital mixing substitutes into decrypted model in Android environment It is detected.

(3) performance of detection algorithm.In private information encryption, mainly to encryption of plaintext.It therefore, here will be main right The algorithm of information encryption carries out experimental analysis, and national secret algorithm of the verifying based on Hybrid Encryption can be preferably applied to private information and add It is close.

After tested, the present invention is in Chinese, English, number, Chinese and English mixing, Chinese figure, English digital, Chinese and English number The encryption performance of mixed aspect is good, realizes the secrecy transmission of key and the correct encryption and decryption of plaintext.

The present invention realizes the performance test on individual machine and in simulator platform, in arithmetic speed, transmission success Performance is good in terms of rate, encryption and decryption success rate, and program operation is smooth, without Caton phenomenon.

The present invention realizes the authentication of receiving-transmitting sides, it is therefore prevented that a series of attacks such as man-in-the-middle attack ensure Key is shared and the safety of information encryption.