A method and device for fast encryption of phase change memory data

By combining a shared secret seed and initialization vector with the Diffie-Hellman algorithm to generate dynamic keys, the problem of static keys in phase-change memory being vulnerable to attack is solved, achieving efficient and secure data encryption that meets the security requirements of different application scenarios.

CN122179094APending Publication Date: 2026-06-09SHENZHEN MULBERRY TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHENZHEN MULBERRY TECH CO LTD
Filing Date
2026-03-11
Publication Date
2026-06-09

Smart Images

  • Figure CN122179094A_ABST
    Figure CN122179094A_ABST
Patent Text Reader

Abstract

This invention relates to the technical field of data encryption and provides a fast encryption method and apparatus for phase-change memory (PCM) data. The fast encryption method includes: the storage end acquiring a preset shared secret seed and an initialization vector; the storage end calculating a derived master seed based on the shared secret seed and the initialization vector; the storage end calculating a current key based on the derived master seed and the initialization vector; and the storage end encrypting target data in the PCM based on the current key to obtain encrypted data. Unlike traditional static key encryption methods, this scheme ensures that the key used in each encryption process is different, greatly reducing the risk of the key being captured and cracked by attackers, thereby effectively protecting sensitive data stored in the PCM.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the technical field of data encryption, and particularly relates to a method and apparatus for fast encryption of phase-change storage data. Background Technology

[0002] With the rapid development of information technology, data security and privacy protection have become crucial issues in today's society. Especially in application scenarios such as cloud computing, big data, and the Internet of Things, data storage and transmission face increasing security threats. To ensure data confidentiality and integrity, data encryption technology has emerged. Encryption technology converts plaintext data into ciphertext, preventing unauthorized users from accessing the data, thus becoming an important means of protecting sensitive information. Phase Change Memory (PCM), as a novel non-volatile storage technology, has attracted widespread attention due to its superior read / write speed and durability. PCM utilizes the phase change properties of materials to achieve data storage and retrieval, offering significant advantages in speed and energy consumption compared to traditional flash memory and hard drives. However, with the widespread adoption of PCM in data storage, its security issues have become increasingly prominent. Attackers may obtain sensitive data stored in PCM through physical or logical means, thereby threatening user privacy and data security. Therefore, encryption schemes for phase change memory have become a research hotspot. In existing technologies, although various data encryption methods have been proposed, most schemes still have limitations in terms of encryption speed, key management, and computational efficiency. Furthermore, traditional encryption methods often use static keys, which makes the keys easy for attackers to capture during use, leading to the risk of data leakage. Summary of the Invention

[0003] In view of this, embodiments of the present invention provide a fast encryption method and apparatus for phase change storage data to solve the technical problem that traditional encryption methods often use static keys, which makes the keys easy for attackers to capture during use, leading to the risk of data leakage.

[0004] A first aspect of this invention provides a fast encryption method for phase-change memory data, the fast encryption method for phase-change memory data comprising: The storage end retrieves the preset shared secret seed and initialization vector; The storage terminal calculates the derived master seed based on the shared secret seed and the initialization vector; The storage terminal calculates the current key based on the derived master seed and the initialization vector; Based on the current key, the storage device encrypts the target data of the phase-change memory to obtain encrypted data.

[0005] Furthermore, the step of obtaining the preset shared secret seed and initialization vector at the storage end includes: The reading end generates a first temporary private key and a corresponding first temporary public key, and sends the first temporary public key to the storage end; The storage end generates a second temporary private key and a corresponding second temporary public key, and sends the second temporary public key to the reading end; The reading end uses the first temporary private key and the second temporary public key to perform elliptic curve Diffie-Hellman computation to obtain the first shared secret seed; The storage end uses the second temporary private key and the first temporary public key to perform elliptic curve Diffie-Hellman calculation to obtain the second shared secret seed; wherein the first shared secret seed and the second shared secret seed are the same point on the elliptic curve. The storage end generates a random vector, encrypts the random vector based on the second temporary private key, and sends it to the reading end; After receiving the encrypted random vector, the reading end decrypts it based on the second temporary public key to obtain the random vector; Use the random vector as the initialization vector.

[0006] Further, the step of calculating the current key at the storage end based on the derived master seed and the initialization vector includes: Create an initial array containing consecutive integers from 0 to 255; The derived master seed is divided into N 8-bit bytes. The N 8-bit bytes of the derived master seed are used as a random source to confuse the initial array to obtain the target array. The initial 64-bit state value is expanded to a 128-bit intermediate value, and the intermediate value is divided into 16 8-bit bytes. For the 16 8-bit bytes, after non-linear replacement based on the target array, cyclic shifting is performed to obtain intermediate obfuscated values; Perform a first XOR operation between the derived master seed and the intermediate confusion value to obtain a first mixing value; The first mixed value is cyclically shifted to obtain the second mixed value; Perform a second XOR operation on the first mixed value and the second mixed value, and use the result as the current key.

[0007] Further, the step of dividing the derived master seed into N 8-bit bytes and using the N 8-bit bytes of the derived master seed as a random source to obfuscate the initial array to obtain the target array includes: The derived master seed is divided into N 8-bit bytes. Using the N 8-bit bytes of the derived master seed as a random source, the Fisher-Yates shuffle algorithm is executed on the initial array to obtain the target array. In the i-th iteration of the shuffle algorithm, the exchange position index j is calculated as follows: j = (MS[i % L]^S[(i + MS[(i + P) % L]) %256]) % (i + 1), where MS is the N 8-bit bytes of the derived master seed, L is the byte length of the derived master seed, S is the current array state, P is the preset prime number offset, ^ is the bitwise XOR operation, and % is the modulo operation.

[0008] Further, the step of performing non-linear replacement on the 16 8-bit bytes based on the target array, followed by cyclic shifting to obtain intermediate obfuscated values ​​includes: For the 16 8-bit bytes, after performing a non-linear replacement based on the target array, the current obfuscation value is obtained; Based on the 8-bit byte, calculate the number of bits to be shifted; where the number of bits to be shifted = (V'[0] + V'[7]) % 128, V'[0] represents the first byte in the 8-bit byte, V'[7] represents the last byte in the 8-bit byte, and % represents the modulo operation; Based on the number of shift bits, the current obfuscated value is cyclically shifted to obtain an intermediate obfuscated value.

[0009] Furthermore, the step of calculating the derived master seed based on the shared secret seed and the initialization vector at the storage end includes: The initial string is obtained by concatenating the shared secret seed and the initialization vector. The initial string is hashed to obtain the intermediate root key; The intermediate root key is split into left chain data and right chain data; The right chain data is used as the key for the HMAC algorithm, and the concatenation result of the left chain data and the initialization vector is used as the message for the HMAC algorithm. The HMAC-SHA256 operation is performed, and a 256-bit first digest result is output. The left chain data is used as the key for the HMAC algorithm, and the concatenation result of the right chain data and the initialization vector is used as the message for the HMAC algorithm. The HMAC-SHA256 operation is performed, and a 256-bit second digest result is output. The first summary result and the second summary result are concatenated to obtain the derived master seed.

[0010] Furthermore, the storage terminal encrypts the target data based on the current key to obtain encrypted data, including the following steps: The reading end generates a key to be verified based on the same processing flow used by the storage end to generate the current key. The storage terminal encrypts the preset confirmation information based on the current key and sends it to the reading terminal; After receiving the encrypted confirmation information, the reading end decrypts the encrypted confirmation information based on the key to be verified to obtain the current information; If the reading end determines that the current information is the confirmation information, it sends an encrypted response information to the storage end; After receiving the encrypted response information, the storage device encrypts the target data based on the current key to obtain encrypted data. If the reading end determines that the current information is not the confirmation information, it sends a reset message to the storage end; the reset message is used to prompt the storage end to regenerate a new key.

[0011] A second aspect of the present invention provides a fast encryption device for phase-change storage data, comprising: The acquisition unit is used to acquire the preset shared secret seed and initialization vector from the storage end; The first computing unit is used to calculate the derived master seed based on the shared secret seed and the initialization vector at the storage end; The second calculation unit is used by the storage terminal to calculate the current key based on the derived master seed and the initialization vector; The encryption unit is used by the storage end to encrypt the target data of the phase change memory based on the current key to obtain encrypted data.

[0012] A third aspect of the present invention provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps in the phase-change storage data fast encryption method described in the first aspect.

[0013] A fourth aspect of the present invention provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the steps of the phase-change storage data fast encryption method described in the first aspect.

[0014] The beneficial effects of this invention compared to existing technologies are as follows: by using a preset shared secret seed and initialization vector, combined with the calculation of the derived master seed, a dynamic current key can be generated. Unlike traditional static key encryption methods, this scheme ensures that the key used in each encryption process is different, greatly reducing the risk of the key being captured and cracked by attackers, thereby effectively protecting sensitive data stored in the phase-change memory. The encryption method of this invention can calculate the derived master seed and the current key based on the shared secret seed and initialization vector, making key management more flexible. Users can periodically change the shared secret seed as needed, thereby further improving system security. This dynamic key generation mechanism can adapt to the security requirements of different application scenarios, enhancing the applicability of the encryption scheme. Phase-change memory has a fast read / write speed; combined with the method of this invention, encryption processing can be completed in a relatively short time. Attached Figure Description

[0015] To more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0016] Figure 1 A schematic flowchart of a fast encryption method for phase-change storage data provided by the present invention is shown; Figure 2 This diagram illustrates a phase-change storage data fast encryption device according to an embodiment of the present invention; Figure 3 A schematic diagram of a terminal device provided in an embodiment of the present invention is shown. Detailed Implementation

[0017] In the following description, specific details such as particular system architectures and techniques are set forth for illustrative purposes and not for limitation, in order to provide a thorough understanding of the embodiments of the invention. However, those skilled in the art will understand that the invention can be implemented in other embodiments without these specific details. In other instances, detailed descriptions of well-known systems, apparatuses, circuits, and methods are omitted so as not to obscure the description of the invention with unnecessary detail.

[0018] This invention provides a method and apparatus for fast encryption of phase-change storage data, which addresses the technical problem that the variability and diversity of environmental noise make it difficult for fixed algorithms to effectively suppress noise in certain situations.

[0019] First, this invention provides a fast encryption method for phase-change storage data. Please refer to [link / reference]. Figure 1 , Figure 1 A schematic flowchart of a fast encryption method for phase-change storage data provided by the present invention is shown. Figure 1 As shown, the fast encryption method for phase-change storage data may include the following steps: Step 101: The storage end obtains the preset shared secret seed and initialization vector; This step is the input preparation stage for key derivation and encryption, ensuring that the encryption process is reproducible (by sharing a seed) and random / unique (by initialization vectors).

[0020] The shared secret seed is a pre-negotiated base key material used for subsequent key derivation. The initialization vector is a random or non-repeating value used to ensure that the same plaintext produces different ciphertexts in different encryption operations, preventing repetitive patterns from leaking information. In key derivation, the initialization vector is also used to increase the entropy value or distinguish different derivation paths.

[0021] Specifically, step 101 includes steps 1011 to 1017: Step 1011: The reading end generates a first temporary private key and a corresponding first temporary public key, and sends the first temporary public key to the storage end; The reading end (such as a host or controller) generates a local ephemeral elliptic curve key pair (the private key is kept secret, while the public key can be published) and sends the public key to the storage end. This is the initiation step of key exchange, providing the foundation for subsequent computations. The use of ephemeral keys enhances forward security—even if long-term keys are compromised, past sessions remain secure.

[0022] Step 1012: The storage end generates a second temporary private key and a corresponding second temporary public key, and sends the second temporary public key to the reading end; The storage end also generates its own temporary elliptic curve key pair and sends its public key to the reading end. Both parties exchange public keys, preparing for subsequent shared secret computations. The temporary key pair ensures that the key material is new for each session.

[0023] Step 1013: The reading end uses the first temporary private key and the second temporary public key to perform elliptic curve Diffie-Hellman calculation to obtain the first shared secret seed; The reading end uses its private key and the storage end's public key to calculate a shared secret value (a point on an elliptic curve) using the ECDH algorithm. Due to the difficulty of solving the elliptic curve discrete logarithm problem, even if an attacker intercepts both parties' public keys, they cannot deduce the shared secret.

[0024] Step 1014: The storage end uses the second temporary private key and the first temporary public key to perform elliptic curve Diffie-Hellman calculation to obtain the second shared secret seed; wherein, the first shared secret seed and the second shared secret seed are the same point on the elliptic curve; The storage end uses its own private key and the reading end's public key to perform the same ECDH calculation, obtaining the same shared secret point. This is the core characteristic of ECDH—both parties can independently calculate the same shared secret without exchanging private keys. This shared secret will serve as the basis for subsequent key derivation.

[0025] Step 1015: The storage end generates a random vector, encrypts the random vector based on the second temporary private key, and sends it to the reading end; The storage terminal generates a random number as an initialization vector. This initialization vector is then encrypted using the user's second temporary private key (either using asymmetric encryption or a combination of symmetric encryption and a shared secret).

[0026] Step 1016: After receiving the encrypted random vector, the reading end decrypts it based on the second temporary public key to obtain the random vector; The reading end uses the storage end's public key (second temporary public key) to decrypt the received ciphertext and reconstruct the random vector. Only the storage end with the corresponding private key can encrypt, and only the reading end with the public key can decrypt (or verify), ensuring the integrity and source authentication of the random vector during transmission.

[0027] Step 1017: Use the random vector as the initialization vector.

[0028] The decrypted random vector is then used as the random vector in the encryption process. This random vector possesses freshness (generated randomly each time) and uniqueness (generated at the storage end and transmitted through a secure channel), effectively preventing replay attacks and pattern analysis.

[0029] In the embodiments corresponding to steps 1011 to 1017, a new shared secret seed is generated for each session through ECDH temporary key exchange, avoiding the risk of using a fixed seed for a long time. The temporary key is used to encrypt the transmitted initialization vector, ensuring the confidentiality of the initialization vector without requiring additional key distribution steps, achieving integrated secure negotiation of the key and initialization vector. The temporary key is discarded after the session, so even if the private key is subsequently leaked, attackers cannot decrypt historical sessions. The entire process is completed directly between the reading and storage ends without third-party involvement, making it suitable for scenarios such as embedded storage systems.

[0030] Step 102: The storage end calculates the derived master seed based on the shared secret seed and the initialization vector; By combining the shared secret seed with the initialization vector through a key derivation function, a more secure and random intermediate seed value is generated. The inclusion of the initialization vector prevents the same seed from generating the same derived key in different environments. Key differentiation is achieved through the initialization vector; even with the same shared seed, different initialization vectors will produce different master seeds.

[0031] Specifically, step 102 includes steps 1021 to 1026: Step 1021: Concatenate the shared secret seed and the initialization vector to obtain the initial string; Concatenate the shared secret seed and initialization vector in a specific order (e.g., seed||initialization vector or initialization vector||seed). Ensure that the derived master seed depends on both inputs simultaneously to prevent leakage of a single input from exposing the derived seed.

[0032] Step 1022: Hash the initial string to obtain the intermediate root key; Apply a hash function (such as SHA-256) to the concatenated initial string, and output a fixed-length hash value as the intermediate root key. Regardless of the input length, the output is of fixed length (256 bits) for easier subsequent processing.

[0033] Step 1023: Divide the intermediate root key into left chain data and right chain data; The intermediate root key (assuming 256 bits) is divided into two parts, each 128 bits long, referred to as the left chain data and the right chain data, respectively. This provides a symmetrical input structure for subsequent bidirectional HMAC calculations.

[0034] Step 1024: Use the right chain data as the key for the HMAC algorithm, and the concatenation result of the left chain data and the initialization vector as the message for the HMAC algorithm. Perform the HMAC-SHA256 operation and output a 256-bit first digest result. HMAC ensures that the same message produces different outputs under different keys. The HMAC algorithm is a traditional technique and will not be elaborated upon here.

[0035] Step 1025: Using the left chain data as the key for the HMAC algorithm, and the concatenation result of the right chain data and the initialization vector as the message for the HMAC algorithm, perform the HMAC-SHA256 operation and output a 256-bit second digest result; Step 1026: Concatenate the first summary result and the second summary result to obtain the derived master seed.

[0036] In the embodiments corresponding to steps 1021 to 1026, bidirectional HMAC cross-computation is used to deeply mix the shared secret seed, initialization vector, and left and right chains, ensuring that any input change will propagate to the entire output. The structure is similar to a double-chain hash, enhancing collision and prediction resistance. The left and right chains serve as HMAC keys respectively, achieving key separation. Even if the same initialization vector is used for different seeds, the derivation results will be completely different due to the different intermediate root keys. Based on SHA-256 and HMAC, the algorithm undergoes thorough cryptographic analysis, avoiding the security vulnerabilities of custom algorithms.

[0037] Step 103: The storage terminal calculates the current key based on the derived master seed and the initialization vector; The current key is a symmetric key (such as an AES key) used to encrypt data. The final working key is generated by inputting the derived master seed and initialization vector into the key derivation function again.

[0038] Specifically, step 103 includes steps 1031 to 1037: Step 1031: Create an initial array containing consecutive integers from 0 to 255; Create an array of length 256, filled with elements in the order 0, 1, 2, …, 255. This is essentially an initial permutation table, providing a deterministic starting state for subsequent obfuscation processing. Such arrays are commonly used in the initialization phase of stream ciphers or pseudo-random number generators.

[0039] Step 1032: Divide the derived master seed into N 8-bit bytes, use the N 8-bit bytes of the derived master seed as a random source, and perform obfuscation on the initial array to obtain the target array; Specifically, step 1032 includes: dividing the derived master seed into N 8-bit bytes, using the N 8-bit bytes of the derived master seed as a random source, and performing the Fisher-Yates shuffle algorithm on the initial array to obtain the target array; wherein, in the i-th iteration of the shuffle algorithm, the exchange position index j is calculated as follows: j = (MS[i % L]^S[(i + MS[(i + P) % L]) % 256]) % (i + 1), where MS is the N 8-bit bytes of the derived master seed, L is the byte length of the derived master seed, S is the current array state, P is the preset prime number offset, ^ is the bitwise XOR operation, and % is the modulo operation.

[0040] The derived master seed (e.g., 128-bit or 256-bit) is divided into a continuous sequence of bytes, denoted as MS[0] to MS[L-1], where L = N is the byte length. The seed is then converted into a byte array that can be directly used in the calculation, serving as the source of randomness in the shuffling algorithm.

[0041] The Fisher-Yates algorithm is used to randomly shuffle an array. Its core is to randomly select a j (0 ≤ j ≤ i) in the i-th iteration (i decreases from 255 to 1) and swap it with the element at position i. In this embodiment, the formula for calculating the swap position j is defined as: j = (MS[i % L] ^ S[(i + MS[(i + P) % L]) % 256]) % (i + 1).

[0042] `(i + MS[(i + P) % L]) % 256` calculates the inner index. The specific logic is as follows: `(i + P) % L` adds the iterative index `i` to the prime number offset `P`, modulo the seed length `L`, to obtain a dynamic index of the seed array. `MS[(i + P) % L]` is used to retrieve the byte value at that index position in the seed. `i + MS[...]` adds the iterative index `i` to the seed byte. `%256` is used to take the modulo of 256, ensuring the result is between 0 and 255, and serves as the index of array `S`.

[0043] S[(i + MS[(i + P) % L]) % 256] represents the array state. Using the index calculated in the previous step, retrieve a byte value from the current array S.

[0044] MS[i % L] ^ S[...] performs an XOR operation. MS[i % L] directly retrieves the i % L-th byte from the seed array (using the seed cyclically). The seed byte is then XORed bitwise with the byte retrieved from array S.

[0045] % (i + 1) represents the modulo constraint range. The XOR result is modulo (i + 1) to ensure that j falls within the range [0, i], which meets the requirements of the Fisher-Yates algorithm.

[0046] Overall shuffling process: For i decreasing from 255 to 1, calculate the swap position j according to the formula, swap array S[i] and S[j], continue the next iteration, and the final array S is the target array.

[0047] The computational depth of swapping position j depends on the seed byte MS, and by cyclically using the seed (i % L) and prime number offset P, it ensures that every byte of the seed participates in influencing the shuffling process. The formula introduces the array state S itself as input, forming a non-linear feedback system that makes the shuffling process more difficult to analyze or predict. The prime number offset P disrupts the simple cyclical pattern of the seed index. The XOR operation combines the static seed with dynamic array values, enhancing the obfuscation effect.

[0048] Step 1033: Expand the 64-bit initial state value to a 128-bit intermediate value, and divide the intermediate value into 16 8-bit bytes; It is expanded to 128 bits using expansion rules such as padding, hashing, or simple copying, and then divided into 16 bytes.

[0049] Step 1034: For the 16 8-bit bytes, after performing non-linear replacement based on the target array, perform cyclic shift processing to obtain intermediate obfuscated values; The non-linear transformation is achieved by performing a lookup and replacement on each byte using the target array (i.e., the obfuscated substitution table).

[0050] The replaced 16 bytes are cyclically shifted (e.g., shifted left or right by a certain number of bits) to increase the bit spread effect.

[0051] Replacement operations disrupt the linear relationship between byte values. Shift operations spread bits across different bytes, enhancing the avalanche effect.

[0052] Specifically, step 1034 includes steps A1 to A3: Step A1: For the 16 8-bit bytes, perform a non-linear replacement based on the target array to obtain the current obfuscation value; The input consists of 16 8-bit bytes (128 bits of data), which is a 128-bit intermediate value expanded from the 64-bit initial state value. Using the value of each byte (0-255) as an index, a table (target array) is consulted to replace the byte with the new value. The target array is a 256-bit permutation table obtained in the previous step through an improved Fisher-Yates shuffle. The replacement results in a new 16-byte sequence, called the current obfuscation value.

[0053] Step A2: Calculate the number of bits to be shifted based on the 8-bit byte; where the number of bits to be shifted = (V'[0] + V'[7]) %128, V'[0] represents the first byte in the 8-bit byte, V'[7] represents the last byte in the 8-bit byte, and % represents the modulo operation; V'[0] represents the first byte (most significant or least significant bit, depending on the byte order, usually index 0) of the current obfuscated value (after replacement). V'[7] represents the eighth byte of the current obfuscated value. The values ​​of these two bytes are added together, and then modulo 128 is taken to obtain the number of bits to be shifted (range 0-127).

[0054] In this embodiment, the number of shifts is not a fixed value, but is determined by the data content itself, which enhances the adaptability and randomness of the algorithm.

[0055] Step A3: Perform a cyclic shift process on the current obfuscated value based on the number of shift bits to obtain an intermediate obfuscated value.

[0056] Treat the current obfuscated value (128 bits of data) as a whole and perform a circular left shift or circular right shift. The number of bits shifted is the same as the shift number calculated in the previous step. Circular shifting spreads the information from the high-order bytes to the low-order bytes, and vice versa, enhancing the avalanche effect (a small change in input leading to a large change in output).

[0057] In the embodiments corresponding to steps A1 to A3, byte-level obfuscation is first achieved by replacing the target array. Then, bit-level diffusion is achieved by data-dependent cyclic shifting, forming a classic obfuscation-diffusion structure. Calculating the number of shift bits requires only two byte additions and one modulo operation, improving computational efficiency. The shift operation is easily implemented in hardware (barrel shifter). The target array is determined by the key derivation process, therefore the replacement operation is key-dependent. The number of shift bits is determined by the replaced data, so the final output is affected by both the key and the input data.

[0058] Step 1035: Perform a first XOR operation on the derived master seed and the intermediate confusion value to obtain a first mixing value; Perform a bitwise XOR operation between the derived master seed (raw or byte-based) and the intermediate obfuscation value obtained in the previous step. This ensures that the final key is directly related to the derived master seed and prevents the intermediate obfuscation value from leaking key information independently.

[0059] Step 1036: Cyclicly shift the first mixed value to obtain the second mixed value; Perform a cyclic shift on the first mixed value (using the same shift logic as in step 1034). This changes the bit positions and enhances the randomness of the key.

[0060] Step 1037: Perform a second XOR operation on the first mixed value and the second mixed value, and use the result as the current key.

[0061] XOR the first mixed value with its shifted version (the second mixed value), and output the final result as the current key. XORing the two shifted versions is equivalent to performing an autocorrelation transformation on the original value, which can further obfuscate the bit relationships. Ensure that the key length meets the requirements of the encryption algorithm (e.g., 128 bits).

[0062] In the embodiments corresponding to steps 1011 to 1017, key expansion and randomization are achieved through permutation tables, nonlinear substitution, and shift operations, making it suitable for resource-constrained storage environments. Operations are performed on a byte-by-byte basis, facilitating hardware processing. Avoiding computationally intensive algorithms (such as the SHA series) may reduce latency and power consumption. Nonlinearity is introduced through target array substitution; bit influence is diffused through cyclic shifting. The final key is deeply bound to the derived master seed, preventing key exposure due to the leakage of the initialization vector alone.

[0063] Step 104: The storage end encrypts the target data of the phase change memory based on the current key to obtain encrypted data.

[0064] Perform a symmetric encryption algorithm on the target data in the PCM using the current key.

[0065] Specifically, step 104 includes steps 1041 to 1046: Step 1041: The reading end generates a key to be verified based on the same processing flow as the storage end in generating the current key; The reading end independently executes the exact same key derivation process as the storage end (including obtaining the shared secret seed, initialization vector, calculating the derived master seed, and the current key) to generate a local key, called the key to be verified. Both parties must have the same algorithm and inputs (seed, initialization vector), and theoretically, should generate the same key.

[0066] Step 1042: The storage end encrypts the preset confirmation information based on the current key and sends it to the reading end; The storage device uses its own generated key to encrypt a preset confirmation message (such as the fixed string "OK" or a random challenge value). It then sends the encrypted result to the reading device. The storage device actively proves it possesses the current key and challenges the reading device to confirm it has the same key. The confirmation message serves as the challenge value to prevent replay attacks (if the confirmation message is different each time).

[0067] Step 1043: After receiving the encrypted confirmation information, the reading end decrypts the encrypted confirmation information based on the key to be verified to obtain the current information; The reader attempts to decrypt the received ciphertext using a locally generated key to be verified. If both keys match, decryption should yield the original confirmation message. Otherwise, the decryption result will be garbled text. The reader does not need to expose its own key; it only needs to verify the decryption result.

[0068] Step 1044: If the reading end determines that the current information is the confirmation information, it sends an encrypted response message to the storage end; The reader compares the decrypted current information with the expected confirmation message. If they match, it means both parties have the same key. The reader then encrypts a response message (such as "ACK" or another challenge value) using the key to be verified and sends it to the storage end. After confirming that the storage end's key is correct, the reader then proves to the storage end that it also possesses the same key. Both parties have completed key verification, and secure communication is possible thereafter.

[0069] Step 1045: After receiving the encrypted response information, the storage terminal encrypts the target data based on the current key to obtain encrypted data; The storage end uses the current key to decrypt the response information and verify the reader's identity. Only after successful verification is the current key used to encrypt the actual target data (such as user data in PCM). Actual data encryption is only performed after successful key negotiation to avoid using invalid or incorrect keys. Ensure that encryption operations are performed within a secure context.

[0070] Step 1046: If the reading end determines that the current information is not the confirmation information, it sends a reset message to the storage end; the reset message is used to prompt the storage end to regenerate a new key.

[0071] If the decryption results do not match, it indicates a key mismatch (possibly due to transmission errors, man-in-the-middle attacks, or state asynchrony). The reading end sends a reset command, triggering a key renegotiation to prevent the system from getting stuck in an erroneous state. This also helps resist key mismatch attacks (such as initialization vector tampering leading to different derived keys on both sides).

[0072] In the embodiments corresponding to steps 1041 to 1046, by ensuring consistency between the reading end and the storage end during the key generation process, the security and reliability of the system are enhanced, enabling the reading end to correctly verify its legitimacy. The storage end encrypts the confirmation information before sending it to the reading end, increasing communication security, protecting the confidentiality of information during transmission, and preventing the risk of unauthorized access or tampering of data. The reading end uses the key to be verified to decrypt the encrypted confirmation information, ensuring that only a legitimate reading end can obtain the current information, further improving system security. By sending encrypted response information, the legitimacy of the reading end is verified, ensuring that subsequent data encryption processing is only performed after legitimacy is confirmed, thereby reducing the risk of errors or malicious operations. The storage end only encrypts the target data after receiving a legitimate encrypted response, ensuring that the data encryption process and verification mechanism are closely integrated, thereby effectively improving data protection.

[0073] In the embodiments corresponding to steps 101 to 104, a dynamic current key can be generated by using a preset shared secret seed and initialization vector, combined with the calculation of the derived master seed. Unlike traditional static key encryption methods, this scheme ensures that the key used in each encryption process is different, greatly reducing the risk of the key being captured and cracked by attackers, thereby effectively protecting sensitive data stored in the phase-change memory. The encryption method of this invention can calculate the derived master seed and the current key based on the shared secret seed and initialization vector, making key management more flexible. Users can change the shared secret seed periodically as needed, thereby further improving the security of the system. This dynamic key generation mechanism can adapt to the security requirements of different application scenarios, enhancing the applicability of the encryption scheme. Phase-change memory has a fast read and write speed, and combined with the method of this invention, encryption processing can be completed in a relatively short time.

[0074] like Figure 2 This invention provides a fast encryption device for phase-change storage data. Please refer to [link / reference]. Figure 2 , Figure 2 A schematic diagram of a phase-change storage data fast encryption device provided by the present invention is shown, such as... Figure 2 The phase-change storage data fast encryption device shown includes: The acquisition unit 21 is used to acquire the preset shared secret seed and initialization vector at the storage end; The first computing unit 22 is used to calculate the derived master seed based on the shared secret seed and the initialization vector at the storage end; The second calculation unit 23 is used to calculate the current key at the storage end based on the derived master seed and the initialization vector; The encryption unit 24 is used by the storage end to encrypt the target data of the phase change memory based on the current key to obtain encrypted data.

[0075] This invention provides a fast encryption device for phase-change memory (PCM) data. By using a preset shared secret seed and initialization vector, combined with the calculation of a derived master seed, a dynamic current key can be generated. Unlike traditional static key encryption methods, this scheme ensures that the key used in each encryption process is different, greatly reducing the risk of the key being captured and cracked by attackers, thereby effectively protecting sensitive data stored in the PCM. The encryption method of this invention can calculate the derived master seed and the current key based on the shared secret seed and initialization vector, making key management more flexible. Users can periodically change the shared secret seed as needed, thereby further improving system security. This dynamic key generation mechanism can adapt to the security requirements of different application scenarios, enhancing the applicability of the encryption scheme. PCM has a fast read / write speed; combined with the method of this invention, encryption processing can be completed in a relatively short time.

[0076] Figure 3 This is a schematic diagram of a terminal device provided in an embodiment of the present invention. Figure 3 As shown, a terminal device 3 in this embodiment includes: a processor 30, a memory 31, and a computer program 32 stored in the memory 31 and executable on the processor 30, such as a phase-change storage data fast encryption program. When the processor 30 executes the computer program 32, it implements the steps in each of the above embodiments of the phase-change storage data fast encryption method, for example... Figure 1 Steps 101 to 104 are shown. Alternatively, when the processor 30 executes the computer program 32, it implements the functions of each unit in the above-described device embodiments, for example... Figure 2 The function of the unit shown.

[0077] For example, the computer program 32 can be divided into one or more units, which are stored in the memory 31 and executed by the processor 30 to complete the present invention. The one or more units can be a series of computer program instruction segments capable of performing a specific function, which describe the execution process of the computer program 32 in the terminal device 3. For example, the specific functions of each unit of the computer program 32 can be divided as follows: The acquisition unit is used to acquire the preset shared secret seed and initialization vector from the storage end; The first computing unit is used to calculate the derived master seed based on the shared secret seed and the initialization vector at the storage end; The second calculation unit is used by the storage terminal to calculate the current key based on the derived master seed and the initialization vector; The encryption unit is used by the storage end to encrypt the target data of the phase change memory based on the current key to obtain encrypted data.

[0078] The terminal device includes, but is not limited to, a processor 30 and a memory 31. Those skilled in the art will understand that... Figure 3 This is merely an example of a terminal device 3 and does not constitute a limitation on a terminal device 3. It may include more or fewer components than shown, or combine certain components, or different components. For example, the terminal device may also include input / output devices, network access devices, buses, etc.

[0079] The processor 30 can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or any conventional processor.

[0080] The memory 31 can be an internal storage unit of the terminal device 3, such as a hard disk or memory of the terminal device 3. The memory 31 can also be an external storage device of the terminal device 3, such as a plug-in hard disk, smart media card (SMC), secure digital card (SD), flash card, etc., equipped on the terminal device 3. Furthermore, the memory 31 can include both internal and external storage units of the terminal device 3. The memory 31 is used to store the computer program and other programs and data required by the roaming control device. The memory 31 can also be used to temporarily store data that has been output or will be output.

[0081] It should be understood that the sequence number of each step in the above embodiments does not imply the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.

[0082] It should be noted that the information interaction and execution process between the above-mentioned devices / units are based on the same concept as the method embodiments of the present invention. For details on their specific functions and technical effects, please refer to the method embodiments section, which will not be repeated here.

[0083] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the above-described division of functional units and modules is merely an example. In practical applications, the above functions can be assigned to different functional units and modules as needed, that is, the internal structure of the device can be divided into different functional units or modules to complete all or part of the functions described above. The functional units and modules in the embodiments can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit. Furthermore, the specific names of the functional units and modules are only for easy differentiation and are not intended to limit the scope of protection of this invention. The specific working process of the units and modules in the above system can be referred to the corresponding process in the foregoing method embodiments, and will not be repeated here.

[0084] This invention also provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the steps described in the various method embodiments above.

[0085] This invention provides a computer program product that, when run on a mobile terminal, enables the mobile terminal to implement the steps described in the above-described method embodiments.

[0086] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, all or part of the processes in the methods of the above embodiments of the present invention can be implemented by a computer program instructing related hardware. The computer program can be stored in a computer-readable storage medium, and when executed by a processor, it can implement the steps of the various method embodiments described above. The computer program includes computer program code, which can be in the form of source code, object code, executable files, or certain intermediate forms. The computer-readable medium can include at least: any entity or device capable of carrying the computer program code to a photographing device / terminal device, a recording medium, a computer memory, a read-only memory (ROM), a random access memory (RAM), an electrical carrier signal, a telecommunication signal, and a software distribution medium. Examples include USB flash drives, portable hard drives, magnetic disks, or optical disks.

[0087] In the above embodiments, the descriptions of each embodiment have different focuses. For parts that are not described in detail or recorded in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0088] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementations should not be considered beyond the scope of this invention.

[0089] In the embodiments provided by this invention, it should be understood that the disclosed apparatus / network devices and methods can be implemented in other ways. For example, the apparatus / network device embodiments described above are merely illustrative. For instance, the division of modules or units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between devices or units may be electrical, mechanical, or other forms.

[0090] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; they may be located in one place or distributed across multiple network units.

[0091] It should be understood that, when used in this specification and the appended claims, the term "comprising" indicates the presence of the described features, integrals, steps, operations, elements and / or components, but does not exclude the presence or addition of one or more other features, integrals, steps, operations, elements, components and / or collections thereof.

[0092] It should also be understood that the term “and / or” as used in this specification and the appended claims refers to any combination of one or more of the associated listed items and all possible combinations, and includes such combinations.

[0093] As used in this specification and the appended claims, the term "if" may be interpreted, depending on the context, as "when," "once," "in response to determination," or "in response to detection." Similarly, the phrase "if determined" or "if [the described condition or event] is detected" may be interpreted, depending on the context, as meaning "once determined," "in response to determination," "once [the described condition or event] is detected," or "in response to detection of [the described condition or event]."

[0094] Furthermore, in the description of this invention and the appended claims, the terms "first," "second," "third," etc., are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.

[0095] References to "one embodiment" or "some embodiments" as described in this specification mean that one or more embodiments of the invention include a specific feature, structure, or characteristic described in connection with that embodiment. Therefore, the phrases "in one embodiment," "in some embodiments," "in other embodiments," "in still other embodiments," etc., appearing in different parts of this specification do not necessarily refer to the same embodiment, but rather mean "one or more, but not all, embodiments," unless otherwise specifically emphasized. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless otherwise specifically emphasized.

[0096] The above-described embodiments are only used to illustrate the technical solutions of the present invention, and are not intended to limit it. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention, and should all be included within the protection scope of the present invention.

Claims

1. A fast encryption method for phase-change storage data, characterized in that, The fast encryption method for phase-change storage data includes: The storage end retrieves the preset shared secret seed and initialization vector; The storage terminal calculates the derived master seed based on the shared secret seed and the initialization vector; The storage terminal calculates the current key based on the derived master seed and the initialization vector; Based on the current key, the storage device encrypts the target data of the phase-change memory to obtain encrypted data.

2. The fast encryption method for phase-change storage data as described in claim 1, characterized in that, The steps for the storage terminal to obtain the preset shared secret seed and initialization vector include: The reading end generates a first temporary private key and a corresponding first temporary public key, and sends the first temporary public key to the storage end; The storage end generates a second temporary private key and a corresponding second temporary public key, and sends the second temporary public key to the reading end; The reading end uses the first temporary private key and the second temporary public key to perform elliptic curve Diffie-Hellman computation to obtain the first shared secret seed; The storage end uses the second temporary private key and the first temporary public key to perform elliptic curve Diffie-Hellman calculation to obtain the second shared secret seed; wherein the first shared secret seed and the second shared secret seed are the same point on the elliptic curve. The storage end generates a random vector, encrypts the random vector based on the second temporary private key, and sends it to the reading end; After receiving the encrypted random vector, the reading end decrypts it based on the second temporary public key to obtain the random vector; Use the random vector as the initialization vector.

3. The fast encryption method for phase-change storage data as described in claim 1, characterized in that, The steps for calculating the current key at the storage end based on the derived master seed and the initialization vector include: Create an initial array containing consecutive integers from 0 to 255; The derived master seed is divided into N 8-bit bytes. The N 8-bit bytes of the derived master seed are used as a random source to confuse the initial array to obtain the target array. The initial 64-bit state value is expanded to a 128-bit intermediate value, and the intermediate value is divided into 16 8-bit bytes. For the 16 8-bit bytes, after non-linear replacement based on the target array, cyclic shifting is performed to obtain intermediate obfuscated values; Perform a first XOR operation between the derived master seed and the intermediate confusion value to obtain a first mixing value; The first mixed value is cyclically shifted to obtain the second mixed value; Perform a second XOR operation on the first mixed value and the second mixed value, and use the result as the current key.

4. The fast encryption method for phase-change storage data as described in claim 3, characterized in that, The step of dividing the derived master seed into N 8-bit bytes, using the N 8-bit bytes of the derived master seed as a random source, and obfuscating the initial array to obtain the target array includes: The derived master seed is divided into N 8-bit bytes. Using the N 8-bit bytes of the derived master seed as a random source, the Fisher-Yates shuffle algorithm is executed on the initial array to obtain the target array. In the i-th iteration of the shuffle algorithm, the exchange position index j is calculated as follows: j = (MS[i % L]^S[(i + MS[(i + P) % L]) %256]) % (i + 1), where MS is the N 8-bit bytes of the derived master seed, L is the byte length of the derived master seed, S is the current array state, P is the preset prime number offset, ^ is the bitwise XOR operation, and % is the modulo operation.

5. The fast encryption method for phase-change storage data as described in claim 3, characterized in that, The step of performing non-linear replacement on the target array for the 16 8-bit bytes, followed by cyclic shifting to obtain intermediate obfuscated values ​​includes: For the 16 8-bit bytes, after performing a non-linear replacement based on the target array, the current obfuscation value is obtained; Based on the 8-bit byte, calculate the number of bits to be shifted; where the number of bits to be shifted = (V'[0] + V'[7]) % 128, V'[0] represents the first byte in the 8-bit byte, V'[7] represents the last byte in the 8-bit byte, and % represents the modulo operation; Based on the number of shift bits, the current obfuscated value is cyclically shifted to obtain an intermediate obfuscated value.

6. The fast encryption method for phase-change storage data as described in claim 1, characterized in that, The steps for calculating the derived master seed based on the shared secret seed and the initialization vector at the storage end include: The initial string is obtained by concatenating the shared secret seed and the initialization vector. The initial string is hashed to obtain the intermediate root key; The intermediate root key is split into left chain data and right chain data; The right chain data is used as the key for the HMAC algorithm, and the concatenation result of the left chain data and the initialization vector is used as the message for the HMAC algorithm. The HMAC-SHA256 operation is performed, and a 256-bit first digest result is output. The left chain data is used as the key for the HMAC algorithm, and the concatenation result of the right chain data and the initialization vector is used as the message for the HMAC algorithm. The HMAC-SHA256 operation is performed, and a 256-bit second digest result is output. The first summary result and the second summary result are concatenated to obtain the derived master seed.

7. The fast encryption method for phase-change storage data as described in claim 1, characterized in that, The storage terminal encrypts the target data based on the current key to obtain encrypted data, including the following steps: The reading end generates a key to be verified based on the same processing flow used by the storage end to generate the current key. The storage terminal encrypts the preset confirmation information based on the current key and sends it to the reading terminal; After receiving the encrypted confirmation information, the reading end decrypts the encrypted confirmation information based on the key to be verified to obtain the current information; If the reading end determines that the current information is the confirmation information, it sends an encrypted response information to the storage end; After receiving the encrypted response information, the storage device encrypts the target data based on the current key to obtain encrypted data. If the reading end determines that the current information is not the confirmation information, it sends a reset message to the storage end; the reset message is used to prompt the storage end to regenerate a new key.

8. A phase-change storage data fast encryption device, characterized in that, The phase-change storage data fast encryption device includes: The acquisition unit is used to acquire the preset shared secret seed and initialization vector from the storage end; The first computing unit is used to calculate the derived master seed based on the shared secret seed and the initialization vector at the storage end; The second calculation unit is used by the storage terminal to calculate the current key based on the derived master seed and the initialization vector; The encryption unit is used by the storage end to encrypt the target data of the phase change memory based on the current key to obtain encrypted data.

9. A terminal device, characterized in that, The terminal device includes: a memory, a processor, and a phase-change storage data fast encryption program stored in the memory and executable on the processor, the phase-change storage data fast encryption program being configured to implement the steps of the phase-change storage data fast encryption method as described in any one of claims 1 to 7.

10. A computer-readable storage medium storing a computer program, characterized in that, When the computer program is executed by the processor, it implements the steps in the fast encryption method for phase-change storage data as described in any one of claims 1 to 7.