A data storage integrity verification system and method based on special polynomial ring
By utilizing a data storage integrity verification system based on special polynomial rings, and employing data encoding, basis generation, and measurement modules, the system addresses the challenges of artificial intelligence and quantum computing attacks in data storage, achieving unconditionally secure data integrity verification.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING UNIV OF TECH
- Filing Date
- 2025-06-12
- Publication Date
- 2026-06-26
AI Technical Summary
Existing technologies are insufficient to effectively defend against attacks on cryptographic systems by artificial intelligence and quantum computing, especially in the process of data storage, where they face security threats such as forgery and tampering. Traditional cryptographic designs, which rely on mathematical problems, are ill-equipped to address emerging threats.
A data storage integrity verification system based on a special polynomial ring is adopted. By utilizing the mathematical properties of the polynomial ring and the random basis generation mechanism, data integrity verification is achieved through data encoding, basis generation and measurement modules to ensure that the data is not tampered with. The security relies on mathematical principles rather than mathematical problems.
It provides unconditional security for data integrity verification, resisting cryptographic attacks from artificial intelligence and quantum computing, and ensuring the integrity and trustworthiness of data storage.
Smart Images

Figure CN120540604B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to a data storage integrity verification system and method based on a special polynomial ring, belonging to the field of network security technology. Background Technology
[0002] Artificial intelligence (AI) and quantum computing, as the core forces of the new generation of technological revolution, are profoundly changing human society. While driving social progress, AI and quantum computing have also had a profound impact on the field of cybersecurity. AI has improved the automated defense level of information systems, while quantum computing has driven a computing revolution, enabling secure key distribution. However, while AI and quantum computing contribute to the development of cybersecurity, they also pose significant challenges. Especially in the field of cryptography, AI and quantum computing will reshape the landscape of cryptanalysis. AI, through deep learning, breaks through the limits of cryptanalysis, achieving autonomous identification of encryption mechanisms and automated discovery of vulnerabilities in cryptographic protocols. Quantum computing significantly reduces the security level of classical cryptographic systems. The quantum Shor algorithm, through the parallelism and superposition characteristics of quantum computing, can directly break RSA and elliptic curve cryptography (ECC). The quantum Grover algorithm can directly halve the security strength of symmetric encryption and hashing algorithms. Currently, a global wave of post-quantum cryptography (PQC) is sweeping the world. The United States will fully replace PQC by 2035. Meanwhile, the China Commercial Cryptography Standardization Institute officially launched a call for submissions for a new generation of quantum-resistant cryptographic algorithms in February 2025.
[0003] The nation is currently making every effort to develop a trusted data space, and trusted data storage is the foundation for ensuring data security and building a trusted data space. Because data faces numerous security threats during storage, such as forgery and tampering, establishing highly reliable integrity verification algorithms for data storage and verifying the trustworthiness of stored data in real time is of great significance.
[0004] Given the significant threats posed by artificial intelligence and quantum computing to cryptographic systems, this invention proposes a data storage integrity verification system and method based on a special polynomial ring. Unlike binary polynomial rings, the polynomial coefficients and independent variables in this ring belong to finite fields, resulting in a richer internal structure. This ring uses the input data as polynomial coefficients and employs the random selection of polynomial independent variables to resist cryptanalysis. Its security relies solely on mathematical principles and possesses unconditional security. Summary of the Invention
[0005] The technical problem to be solved by this invention is to provide a data storage integrity verification system and method based on a special polynomial ring. Unlike conventional cryptography based on mathematical problems, this invention relies solely on mathematical principles to design an integrity verification mechanism to resist various cryptographic attacks based on artificial intelligence and quantum computing. This improves the security of data integrity verification to resist security threats from artificial intelligence and quantum computing, and has unconditional security.
[0006] To solve the above-mentioned technical problems, the technical solution adopted by the present invention is as follows: the system includes a data encoding module, a base generation module, a standard value library, and a measurement module; the data encoding module, the base generation module, and the standard value library are respectively connected to the measurement module; the data involved refers to the data stored in the computing device and the network communication data;
[0007] The data encoding module transforms the input integrity verification data into a polynomial in the ring, preparing it for subsequent integrity verification by the measurement module. The basis generation module generates a basis using a random selection method for subsequent measurement by the measurement module. The measurement module completes the integrity verification of the data to be verified by calling the basis generation module and the standard value library, ensuring that the data is not tampered with. The standard value library is used to store the standard integrity verification values of the input integrity verification data.
[0008] The function of the data encoding module is to transform the input data to be verified for integrity into a polynomial ring. The elements in. The number of elements in the middle is not less than Let the input integrity verification data be 1. ,in The data label for the data to be verified for integrity. The length of the data to be verified for integrity, and the content of the data to be verified for integrity. The data encoding module will Turn to medium elements At this point, a group of elements is formed. , It is an element-matter polynomial.
[0009] The base generation module is responsible for generating bases, randomly selecting them. elements in As a basis, i.e., the basis generation module randomly selects a finite field. As a base.
[0010] The standard value library stores the standard integrity check values of the input data to be checked, and it is stored by entry. The specific structure of each entry is as follows:
[0011]
[0012] Data labels for standard integrity check values, The data length of the standard integrity check value. These are the base and standard check value selected for the standard integrity check value, respectively. This represents the number of data entries in the standard value library. All data in the benchmark value library is stored confidentially and is used only within the integrity verification system of this invention.
[0013] The measurement module receives the element group ,examine Is it in the standard value library?
[0014] 1) If If the value is not in the standard value library, the base generation module is invoked. The base generation module randomly selects a base. This is used as a base and returned to the metric module. The metric module calculates...
[0015]
[0016] Will The data is stored in the baseline library. Simultaneously, the output data T=2 indicates that the input data to be verified is newly added data, and the standard integrity verification value for the data to be verified has been generated and stored.
[0017] 2) If The measurement module reads values from the standard value library. The corresponding standard integrity check value. For symbol differentiation, assume it is read from the standard value library. The corresponding standard integrity check value is .if If the output data is T=0, it indicates that the input integrity verification data has been changed relative to the standard integrity verification value. Then calculate the new standard check value.
[0018]
[0019] if If the input integrity check value is unchanged, the output data T=1, indicating that the input integrity check data has not changed relative to the standard integrity check value. Otherwise, the output data T=0, indicating that the input integrity check data has changed relative to the standard integrity check value.
[0020] The method includes the following steps:
[0021] Initialization phase: Selecting a finite field The standard value database is empty, with 0 data entries.
[0022] Step 1: Input the data to be verified for integrity. The data encoding module converts the input data into a polynomial ring. The elements in the table are processed and a group of elements is generated. The group of elements is then sent to the measurement module.
[0023] Step 2: After receiving the element group, the measurement module checks whether the data tags of the data to be verified for integrity in the element group exist in the standard value library; if they exist, proceed to step 5.
[0024] Step 3: If the data labels in the element group do not exist in the standard value library, call the base generation module to generate a base.
[0025] Step 4: The measurement module substitutes the basis into the element-wise polynomial to obtain the standard integrity check value. It then stores the data label, data length, basis, and standard check value of the standard integrity check value in the standard value library, incrementing the number of entries in the library by 1. Simultaneously, it outputs T=2, indicating that the input data to be checked for integrity is newly added data, and the standard integrity check value for the newly added data has been generated and stored.
[0026] Step 5: If the data label of the data to be verified in the element group exists in the standard value library, the measurement module will read the standard integrity verification value corresponding to this data label from the standard value library using the data label of the data to be verified as an index.
[0027] Step 6: Check if the data length of the data to be verified in the element group is equal to the data length of the standard integrity verification value. If they are not equal, output data T=0, indicating that the input data to be verified has been changed relative to the standard integrity verification value.
[0028] Step 7: If the data length of the data to be verified in the element group is equal to the data length of the standard integrity check value, then substitute the basis into the element polynomial to obtain a new standard check value. Compare the new standard check value with the standard check value of the standard integrity check value. If they are equal, output data T=1, indicating that the input data to be verified has not changed relative to the standard integrity check value.
[0029] Step 8: If the new standard check value is not equal to the standard check value of the standard integrity check value, output data T=0, indicating that the input integrity check data has been changed relative to the standard integrity check value.
[0030] The beneficial effects of this invention are as follows: Unlike conventional cryptography, which is based on mathematical problems and is therefore vulnerable to cryptanalysis based on artificial intelligence and quantum computing, this invention relies solely on mathematical principles (the mathematical properties of special polynomial rings) to design its integrity verification mechanism. The special polynomial ring uses the input data as polynomial coefficients and employs the random selection of the polynomial independent variable to resist various cryptographic attacks based on artificial intelligence and quantum computing. The security of this invention depends solely on mathematical principles and not on any mathematical problems, thus possessing unconditional security. Attached Figure Description
[0031] Figure 1 Integrity verification system based on special polynomial rings;
[0032] Figure 2 Workflow diagram of an integrity verification system based on a special polynomial ring. Detailed Implementation
[0033] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of this application.
[0034] The framework diagram of the system of this invention is as follows: Figure 1 As shown, the workflow diagram of the integrity verification system based on a special polynomial ring is as follows: Figure 2 As shown.
[0035] The following is the background mathematical knowledge of the method of this invention:
[0036] Polynomial ring Based on finite fields The following are two common finite fields. .
[0037] 1. Finite field ( (for prime numbers): set In the model A field is formed by the four arithmetic operations.
[0038] 2. Finite field Operations in First Irreducible polynomials of degree n.
[0039] The technical solution of the present invention will be explained in detail below with reference to two specific examples.
[0040] Example 1: Integrity verification of data storage in a cloud environment
[0041] In a cloud computing environment, a user needs to transfer a large amount of encrypted data from their local terminal to the cloud for storage. To ensure that the data is not maliciously tampered with or damaged after storage or during subsequent use, an integrity verification method is required. This invention focuses on solving the problem of integrity verification after data storage.
[0042] Initialization phase: Selecting a limited domain for the cloud environment = , It is a prime number. The cloud environment initializes its standard value library. The standard value library is used to store the verification information of data blocks. Initially, it is empty, containing no data entries, and the data entry counter is set to 0.
[0043] Step 1: The cloud environment receives a data block as input data. The data encoding module converts the data content of this input data into a polynomial ring. The elements in the [database]. For example, assuming the data content is 25600 bits of binary data, then each 256 bits of the data content is mapped to [a specific element]. The elements in the map map the entire data content to This requires a data length. If the data length is not divisible by 256, the data is padded according to the standard algorithm until the data content length is a multiple of 256. The data encoding module generates an element group for this data block. , representing the data block ID, data length, and transformed element-polynomial, respectively. The generated element set is then sent to the measurement module in the cloud environment.
[0044] Step 2: The measurement module in the cloud environment receives the element group sent by the user terminal. The measurement module first checks whether the data block ID in the element group exists in the standard value library.
[0045] Step 3: If the data labels in the element group do not exist in the standard value library, call the base generation module to generate a base.
[0046] Step 4: The measurement module substitutes the basis into the element-wise polynomial to obtain the check value, and stores the data label, data length, basis, and check value in the standard value library, incrementing the number of entries in the standard value library by 1. Simultaneously, it outputs the data T=2, indicating to the user terminal or other systems that the received data block is a new data block, and that its integrity check value has been generated and securely stored.
[0047] Step 5: When the cloud environment receives new data, repeat steps 1 through 4. When the cloud environment needs to verify the integrity of stored data (e.g., before the data is used, or during periodic integrity checks), the metrics module will execute the following steps.
[0048] Step Six: The measurement module uses the data block ID as an index to read the corresponding stored data entry from the standard value repository in the cloud environment. For distinction, the data entry read from the standard value repository will be denoted as... ,in It is the length of the stored data. It is the basis of storage. This is the stored verification value. The cloud environment's metrics module compares the length of the retrieved data blocks. The data length of the corresponding data entry read from the standard value library .if If the measurement module outputs data T=0, it indicates that the length of the retrieved data block has changed compared to the previously stored data block, which usually means that the data may have been tampered with.
[0049] Step 7: If the data length in the element group is equal to the data length in the entry, substitute the basis into the element polynomial to obtain a new check value. The new checksum and the standard checksum in this entry will be compared. The data is compared, and if they are equal, the output data T=1 is used to indicate that the retrieved data block is completely consistent with the previously stored data block and no changes have occurred.
[0050] Step 8: If the new checksum is not equal to the checksum in the entry, output data T=0, indicating that the content of the retrieved data block has changed compared to the previously stored data block, which usually means that the data may have been tampered with.
[0051] Example 2: Data Integrity Verification Based on TPCM
[0052] The following section introduces a trusted boot scheme based on TPCM and a special polynomial ring. TPCM stands for Integrity Verification System.
[0053] Initialization phase: TPCM selects a finite field = , It is a prime number. TPCM initializes its standard value library. The standard value library is used to store the check information of the data blocks. Initially, it is empty, containing no data entries, and the data entry counter is set to 0.
[0054] Step 1: During the verification information generation phase, critical boot components such as the BIOS firmware, bootloader, and operating system kernel are divided into different data blocks. Each data block is treated as input data. The data encoding module converts the input data into a polynomial ring. In the context of BIOS, assuming the data content is 25,600,000 bits of binary data, each 256 bits of data is mapped to... The elements in the map map the entire data content to This requires a data length. If the data length is not divisible by 256, the data is padded according to the standard algorithm until the data content length is a multiple of 256. The data encoding module generates an element group for this data block. , where represents the ID of the data block, the data length, and the transformed element polynomial, respectively.
[0055] Step 2: In the stage of generating verification information, the measurement module calls the base generation module to generate the base. The measurement module calculates the checksum of the BIOS firmware. And store it in the standard value library, with the entry value being... These represent the data tag, data length, base, and checksum, respectively. Simultaneously, the output data T=2 indicates to the user terminal or other systems that the received data is new data, and that its integrity checksum has been generated and securely stored.
[0056] Step 3: During the trusted boot phase, the integrity of the data block for each critical boot component about to be loaded and executed is verified sequentially. Taking BIOS as an example, the data encoding module receives... Encode BIOS data into a polynomial ring. For the elements in the array, perform the same operations as in step one.
[0057] Step 4: The measurement module receives the results from the data encoding module. According to data tags Retrieve the corresponding entry from the standard value database. To distinguish them, denote the data entry retrieved from the standard value database as... ,in The original length of the data. This is the verification value for the original data. If... If the data length is inconsistent, the measurement module outputs data T=0, indicating that the length of the retrieved data block has changed compared to the previously stored data block, and the trusted startup process terminates.
[0058] Step 5: If the length of the input data is equal to the length of the data in the standard value library, recalculate the checksum of the input data. , change the new check value and the standard check value in this entry The data is compared. If they are equal, the output data is T=1, indicating that the retrieved data block is completely consistent with the previously stored data block and no changes have occurred, and the trusted chain continues to pass. If the calculated checksum is not equal to the stored checksum, the output data is T=0, indicating that the content of the retrieved data block has changed compared to the previously stored data block, and the trusted startup process terminates.
[0059] The method of this invention was implemented on a Xilinx FPGA 100MHz. Comparative experiments were conducted with mainstream SM3, SHA2-256, and SHA3-256 methods without pipelined implementation. The results are as follows:
[0060] This invention SM3 SHA2-256 SHA3-256 Throughput 8Gbps 3.5Gbps 3Gbps 4Gbps
[0061] It is evident that the throughput of this invention far surpasses that of existing algorithms. The data referred to in this technical solution refers to any record of information electronically or otherwise, particularly data stored in computing devices and network communication data.
[0062] The above are merely preferred embodiments of the present invention, but the scope of protection of the present invention is not limited thereto. Any equivalent substitutions or modifications made by those skilled in the art within the scope of the technology disclosed in the present invention, based on the technical solution and inventive concept of the present invention, should be covered within the scope of protection of the present invention.
Claims
1. A data storage integrity verification system based on a special polynomial ring, characterized in that, The special polynomial ring is constructed based on a finite field. The integrity verification system includes a data encoding module, a basis generation module, a standard value library, and a measurement module. The data involved refers to the data stored in computing devices and network communication data. The data encoding module, the basis generation module, and the standard value library are connected to the measurement module. The data encoding module transforms the input data to be verified into a polynomial in the ring, preparing for the subsequent integrity verification by the measurement module. The basis generation module generates a basis using a random selection method for the measurement module to perform subsequent measurements. The measurement module completes the integrity verification of the data to be verified by calling the base generation module and the standard value library; The standard value library is used to store the standard integrity check values of the input integrity check data; the integrity check data is the data stored in the computer. The data encoding module converts the input integrity verification data into a polynomial ring. The elements in the array, where F is a finite field; let the input integrity verification data be... ,in The data label for the data to be verified for integrity. The length of the data to be verified for integrity. The data content of the data to be verified for integrity; The data encoding module will Turn to Middle elements , forming an element group , It is an element-polynomial; The measurement module receives the element group ,examine Is it in the standard value library? 1) If If the value is not in the standard value library, the base generation module is called; the base generation module randomly selects... As a base, and returned to the measurement module; The measurement module substitutes the basis into the element-wise polynomial to generate a standard check value. ,Will The data is stored in the benchmark library, and the output data T=2 indicates that the input data to be verified is newly added data, and the standard integrity verification value of the data to be verified has been generated and stored. 2) If The measurement module reads values from the standard value library. The corresponding standard integrity check value; assuming it is read from the standard value library. The corresponding standard integrity check value is ;if If the output data T=0, it indicates that the input integrity verification data has been changed relative to the standard integrity verification value; if Then, substituting the basis into the element polynomial generates a new standard check value. , if If the input integrity check value is unchanged, the output data T=1, indicating that the input integrity check value has not changed relative to the standard integrity check value; otherwise, the output data T=0, indicating that the input integrity check value has changed relative to the standard integrity check value.
2. The data storage integrity verification system based on a special polynomial ring according to claim 1, characterized in that, The basis generation module randomly selects elements from a finite field as the basis.
3. The data storage integrity verification system based on a special polynomial ring according to claim 1, characterized in that, The standard value library stores the standard integrity check values of the data to be checked according to entries. The specific structure of each entry is as follows: ; Data labels for standard integrity check values, The data length of the standard integrity check value. These are the base and standard check value selected for the standard integrity check value, respectively; This represents the number of data entries in the standard value library; all data in the benchmark value library is stored confidentially and used within the integrity verification system.
4. A data storage integrity verification method based on a special polynomial ring for implementing the system as described in any one of claims 1-3, characterized in that, Includes the following steps: Initialization phase: Selecting the domain The standard value database is empty, with 0 data entries. Step 1: Input the data to be verified for integrity. The data encoding module converts the data content of the data to be verified for integrity into a polynomial ring. The elements in the data are processed, and an element group is generated and sent to the measurement module. Step 2: After receiving the element group, the measurement module checks whether the data tags of the data to be verified for integrity in the element group exist in the standard value library; if they exist, proceed to step 5. Step 3: If the data labels in this element group do not exist in the standard value library, then call the base generation module to generate a base; Step 4: The measurement module substitutes the basis into the element-wise polynomial to generate the standard integrity check value. It stores the data label, data length, basis, and standard check value of the standard integrity check value in the standard value library, and increments the number of entries in the standard value library by 1. At the same time, it outputs data T=2, indicating that the input data to be checked for integrity is newly added data, and the standard integrity check value of the newly added data has been generated and stored. Step 5: If the data tag of the data to be verified in the received element group exists in the standard value library, the measurement module reads the standard integrity verification value corresponding to this data tag from the standard value library using the data tag of the data to be verified as an index. Step 6: Check if the data length of the data to be verified in the element group is equal to the data length of the standard integrity verification value. If they are not equal, output data T=0, indicating that the input data to be verified has been changed relative to the standard integrity verification value. Step 7: If the data length of the data to be verified in the element group is equal to the data length of the standard integrity verification value, then substitute the basis into the element polynomial to obtain a new standard verification value. The new standard check value is compared with the standard check value of the standard integrity check value. If they are equal, the data T=1 is output, indicating that the input integrity check data has not changed relative to the standard integrity check value. Step 8: If the new standard check value is not equal to the standard check value of the standard integrity check value, then output data T=0, indicating that the input integrity check data has been changed relative to the standard integrity check value.