Encryption algorithm, decryption algorithm, train-ground data transmission method and system of train control system
By generating ciphertext for messages through an improved matching encryption algorithm, the security risks of data transmission in the CTCS-3 level train control system are resolved, ensuring data confidentiality, integrity, and authentication, and guaranteeing the safety and reliability of train operation.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CRSC RESEARCH & DESIGN INSTITUTE GROUP CO LTD
- Filing Date
- 2026-03-27
- Publication Date
- 2026-06-16
AI Technical Summary
In the existing CTCS-3 level train control system, the vehicle-to-ground wireless communication has security risks such as plaintext data transmission, easy cracking of the 3DES algorithm, lack of end-to-end encryption, and lack of two-way authentication, which makes the data vulnerable to eavesdropping and tampering.
An improved matching encryption algorithm (I-ME) is used to generate ciphertext containing a digital signature. Sub-ciphertext is generated using the encryption key, the target recipient's identity, and the message to ensure data confidentiality, integrity, and authentication. The integrity of the plaintext is verified by a decryption algorithm.
It achieves confidentiality, integrity, and authentication of data transmission, reduces the risk of the 3DES algorithm being cracked, ensures the reliability and safety of train operation, and does not require modification of existing equipment.
Smart Images

Figure CN122226421A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of data encryption transmission technology, and specifically relates to an encryption algorithm, a decryption algorithm, a train control system for vehicle-to-ground data transmission method and system. Background Technology
[0002] The existing CTCS-3 (China Train Control System Level 3) train control system uses GSM-R (Global System for Mobile Communications – Railway) for train-to-ground wireless communication. Its data transmission employs the Railway Signal Safety Protocol II (RSSP-II), a dedicated railway security protocol. RSSP-II includes a secure message authentication layer, primarily using the 3DES (Triple Data Encryption Standard) symmetric cryptographic algorithm to generate a Message Authentication Code (MAC) for data integrity protection. A secure intermediate sublayer adds sequence numbers, execution cycle counters, or triple timestamp verification identifiers to communication data to prevent threats such as duplicate, out-of-order, deletion, insertion, and delays in communication data packets. Offline distribution is based on a key management center, where administrators import 3DES keys into onboard and ground equipment via secure mobile media. The existing train control system's train-to-ground wireless data transmission presents the following security risks: 1) RSSP-II protocol application layer data is transmitted in plaintext, making the data vulnerable to eavesdropping; 2) The RSSP-II protocol uses the 3DES algorithm to generate the MAC of the message, but the DES or 3DES algorithm has the defect of short keys, which makes it easy to crack. 3) GSM-R wireless communication lacks end-to-end encryption, providing encryption only for communication between mobile vehicles and base stations. Communication between base stations or between base stations and RBCs (Radio Block Centers) is not guaranteed to be encrypted. Furthermore, GSM-R's encryption algorithm has been cracked and is therefore unable to resist eavesdropping attacks. 4) GSM-R wireless communication lacks two-way authentication, making it vulnerable to attacks from fake base stations and unable to guarantee the authentication of the data source or the data itself. Summary of the Invention
[0003] To address the aforementioned problems, this invention provides an encryption algorithm, a decryption algorithm, a method and system for data transmission between the train and the ground in a train control system, which generates a digital signature for the message in the ciphertext, ensuring the confidentiality, integrity and authentication of the data.
[0004] The purpose of this invention is to provide an encryption algorithm, including: Based on the encryption key, the target recipient's identity, and the message, a sub-ciphertext is generated. ; Calculate the signature of the message ; Based on sub-ciphertext and message signature Generate ciphertext .
[0005] Furthermore, it also includes obtaining the encryption key, including, Generate public parameters and the master private key ,in, , For modulo q, remainder class; Choose a hash function , Where P is the group Generators, public parameters include and ; An encryption key is generated based on the sender's identity and master private key.
[0006] Furthermore, based on the sender's identity and master private key, an encryption key is generated that satisfies: , in, Here, is a hash function, and s is the master private key. The sender's identity.
[0007] Furthermore, based on the encryption key, the target recipient's identity, and the message, a sub-ciphertext is generated. include, Select two random numbers ,in, ; Calculate T and U, where, ; calculate , and ; calculate Then the ciphertext (T,U,V).
[0008] Furthermore, calculate the message signature. This includes hashing message m based on the encryption key and the chosen hash function H2 to satisfy: .
[0009] Another object of the present invention is to provide a decryption algorithm for decrypting encrypted data in the above-described encryption algorithm, including, Based on the decryption key, the target sender's identity, and the ciphertext Obtain plaintext; Calculate and judge This verifies whether the plaintext has been modified during transmission. If the two are equal, the plaintext is returned. Otherwise, return failure.
[0010] Furthermore, it also includes generating a decryption key based on the recipient's identity and master private key, wherein the decryption key satisfies: , in, The decryption key consists of three parts, namely... The superscripts 1, 2, and 3 represent the first, second, and third parts of the decryption key, respectively. The receiver's identity is represented by r and s, which are the master private keys, and H is the hash function.
[0011] Another object of the present invention is to provide a method for data transmission between train control system and ground, comprising, The vehicle-mounted equipment and the ground equipment establish a communication connection and verify the identity information of both parties; The vehicle-mounted equipment and the ground equipment are each responsible for receiving their own plaintext data. They use the plaintext data, encryption key, and the ID of the target receiving device as input to call the encryption algorithm described above to generate ciphertext from the plaintext data and send it to the other party. After receiving the ciphertext from the other party, the ground equipment and the vehicle-mounted equipment use the ciphertext, the decryption key, and the identity information of the target sending device as inputs to call the decryption algorithm described above to decrypt the ciphertext.
[0012] Furthermore, establishing a communication connection between the vehicle-mounted equipment and the ground equipment also includes, The vehicle-mounted equipment and the ground equipment send a registration request to the key generation center. The request contains the identity information of the vehicle-mounted equipment or the ground equipment. The key generation center sends the encryption / decryption keys of the vehicle-mounted equipment to the vehicle-mounted equipment, and / or sends the encryption / decryption keys of the ground equipment to the ground equipment.
[0013] Furthermore, after decrypting the ciphertext using the aforementioned decryption algorithm, the process also includes verifying the integrity of the plaintext, wherein... If decryption fails or integrity verification fails, the ground equipment and vehicle-mounted equipment will report the decryption or verification results, and the vehicle-mounted equipment and ground equipment will immediately request the data again. If decryption fails again or verification fails, the onboard equipment will activate the non-stop level switching mode. When the train speed drops below the CTCS-2 level allowable speed and the driver confirms the CTCS-2 level, the system will automatically switch to CTCS-2 level operation.
[0014] Another objective of this invention is to provide a train control system-to-ground data transmission system, comprising onboard equipment, ground equipment, and a key generation center, wherein both the onboard equipment and the ground equipment include a secure computing module; wherein, The key generation center is used to generate encryption and decryption keys and send them to vehicle-mounted and ground equipment. The secure computing modules in the vehicle-mounted equipment and the ground equipment are respectively responsible for receiving their own plaintext data, and using the plaintext data, encryption key, and the ID of the target receiving device as input, calling the encryption algorithm described above to generate ciphertext from the plaintext data, and sending it to the other party; and after receiving the ciphertext from the other party, using the ciphertext from the other party, decryption key, and the identity information of the target sending device as input, calling the decryption algorithm described above to decrypt the ciphertext.
[0015] Furthermore, the vehicle-mounted equipment and ground equipment are also used to send registration requests to the key generation center, respectively. The requests include the identity information of the vehicle-mounted equipment or the ground equipment, as well as to establish a communication connection between the vehicle-mounted equipment and the ground equipment and determine the identity information of both parties.
[0016] Furthermore, both the vehicle-mounted equipment and the ground equipment include a communication interface module and an application message module; the communication interface modules of the vehicle-mounted equipment and the ground equipment, as well as the key generation center, are connected to the transmission system respectively.
[0017] The encryption algorithm of this invention generates ciphertext (including the message's digital signature) to ensure data confidentiality, integrity, and authentication. After the target receiving device receives the data, it also uses the improved-MatchMaking Encryption (I-ME) algorithm for decryption. Using the ciphertext and the sender ID as input, the ciphertext is decrypted. If decryption is successful and integrity verification passes, it indicates that the message originated from the target sending device and has not been tampered with; otherwise, it may have been forged, tampered with, or the message source may be untrustworthy.
[0018] Furthermore, for messages that fail to decrypt or fail to verify, the target receiving device reports the failure result and re-requests the message. If decryption fails or verification fails again, the onboard equipment activates a non-stop degradation mode. The aforementioned encryption and decryption algorithms ensure the reliability and security of the train during operation.
[0019] Other features and advantages of the invention will be set forth in the description which follows, and will be apparent in part from the description, or may be learned by practicing the invention. The objects and other advantages of the invention may be realized and obtained by means of the structures pointed out in the description, claims and drawings. Attached Figure Description
[0020] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0021] Figure 1 A schematic diagram of an encryption algorithm flow is shown in an embodiment of the present invention; Figure 2 A schematic diagram of a decryption algorithm flow according to an embodiment of the present invention is shown; Figure 3 A schematic flowchart of a train control system ground data transmission method according to an embodiment of the present invention is shown; Figure 4 A schematic flowchart of another train control system vehicle-to-ground data transmission method in an embodiment of the present invention is shown; Figure 5 A schematic diagram of a train control system ground data transmission system structure is shown in an embodiment of the present invention. Detailed Implementation
[0022] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0023] Matchmaking Encryption (ME) is a novel cryptographic primitive proposed by Ateniese et al. at CRYPTO 2019 to ensure data confidentiality and authenticity. Unlike traditional identity-based or attribute-based encryption, ME enables bilateral access control. The sender can specify the receiver's access structure (identity) to ensure data is only accessible to the intended receiver, guaranteeing confidentiality. The receiver can also specify the sender's access structure to ensure the ciphertext originates from the intended sender, achieving data source authentication. However, the original scheme does not generate a signature or MAC value for the message, failing to guarantee message integrity and making the message vulnerable to tampering during transmission. This invention improves the matchmaking encryption algorithm in the following embodiments: Figure 1 As shown in the figure, an encryption algorithm is disclosed in this embodiment of the invention. The algorithm includes, firstly, generating sub-ciphertext based on the encryption key, the identity of the target recipient, and the message. Then, calculate the message signature. Finally, based on the ciphertext and message signature Generate ciphertext The algorithm described above generates ciphertext (including message signature) for the message to ensure the confidentiality, integrity, and authentication of the data.
[0024] At the same time, such as Figure 2 As shown in the embodiments of the present invention, a decryption algorithm is also introduced to decrypt the encrypted data in the encryption algorithm described above. This includes, firstly, decrypting the encrypted data based on the decryption key, the target sender's identity, and the ciphertext. Obtain the plaintext; then calculate and judge. This verifies whether the plaintext has been modified during transmission. If the two are equal, the plaintext is returned. Otherwise, return failure.
[0025] Specifically, the encryption algorithm further includes generating public parameters, an encryption key, and performing encryption; the decryption algorithm includes generating a decryption key and performing decryption. Among these, public parameter generation involves generating public parameters. and the master private key ,in, That is, r and s are Any random number on the table It is a remainder class modulo q (after performing an operation on any integer, we only care about the remainder when it is divided by q).
[0026] Public parameters include and Among them, hash function , It should be noted that the publicly available parameters also include: ,in, Bilinear pairing, for generator, for and The rank, For three hash functions, satisfying , Let be a polynomial-time computable fill function, where Represents a binary string of arbitrary length. and n represent lengths of A binary string and a binary string of length n.
[0027] Encryption Key Generation: Based on the sender's identity and master private key, generate an encryption key that satisfies the following: ,in, For hash functions, This is the sender's identity ID. A decryption key is generated based on the receiver's identity and master private key. .in, The decryption key consists of three parts, namely... The superscripts 1, 2, and 3 indicate which part of the decryption key they represent. Indicate the identity of the recipient. and It is the master private key. The hash function, the decryption key generation process satisfies: = , = , = .
[0028] Encryption: Based on encryption key Target identity And news Generate sub-ciphertext Where n represents the message length, which is any number, and the target identity is the recipient's identity. The specific steps of the encryption process include: First, generate two random numbers. ; Secondly, calculate T and U. Through the group In this context, P is calculated using exponential operations.
[0029] Then, calculate , and ; Finally, calculate Then the ciphertext (T,U,V).
[0030] Then calculate the message signature. satisfy: The message m is hashed using the chosen hash function, which maps it to a remainder class modulo q. Then, perform an exponentiation operation. Further, the ciphertext output by this encryption algorithm is... .
[0031] Decryption: using the decryption key Target identity and ciphertext As input, the plaintext is first decrypted using the ME algorithm to obtain the plaintext. Then, it verifies whether the plaintext has been modified during transmission, that is, it calculates and judges. The formula performs a bilinear pairing operation, and the hash function maps an input of arbitrary length to a fixed-length output. During the comparison, if the two are equal, the plaintext is returned. Otherwise, return (Failed). The specific decryption process is as follows: First calculate and
[0032] Then calculate That is, the plaintext after padding is recovered through the same XOR operation, and the calculation and judgment are performed. If the padding is valid, return m (plaintext); otherwise, fail.
[0033] In this embodiment of the invention, the encryption and decryption algorithms described above are combined into an improved ME algorithm, which can be called the I-ME (Improved-MatchMaking Encryption) algorithm. The I-ME algorithm (including the encryption and decryption algorithms described above) generates ciphertext (including message signature) of the message to ensure the confidentiality, integrity, and authentication of the data. After the target receiving device receives the data, it also uses the I-ME algorithm to decrypt it, using the ciphertext, sender ID, and decryption key as inputs. If the decryption is successful and the integrity verification passes, it indicates that the message comes from the target sending device and has not been tampered with; otherwise, it may have been forged or tampered with, or the message source may be untrustworthy. For messages that fail to decrypt or fail verification, the target receiving device reports the failure result and re-requests the message. If the decryption fails again or the verification fails, the vehicle-mounted device activates a non-stop degradation mode. Compared to existing schemes based on the 3DES algorithm, the above algorithm reduces the possibility of weak key attacks on the 3DES algorithm, while ensuring the confidentiality, integrity, and authenticity of data transmission. It also guarantees that the target data can only be correctly decrypted by the target recipient. Existing schemes based on the 3DES algorithm can only verify integrity and authenticity, but cannot guarantee confidentiality, leading to the leakage of privacy information in the train control system. The above algorithm offers higher security. Furthermore, this method is based on a bilinear pairing identity-based encryption system. Compared to schemes based on public-key encryption algorithms, it does not require a Public Key Infrastructure (PKI) system for certificate management and authentication. Moreover, deploying this algorithm requires no equipment modification, effectively reducing deployment costs.
[0034] like Figure 3 As shown in the figure, this embodiment of the invention also introduces a train control system vehicle-to-ground data transmission method, which includes: first, the on-board equipment and the ground equipment establish a communication connection and determine the identity information of both parties; second, the on-board equipment and the ground equipment are respectively responsible for receiving their own plaintext data, and using the plaintext data, encryption key, and the ID of the target receiving device as input, calling the encryption algorithm described above to generate ciphertext from the plaintext data, and sending it to the other party; then, after the ground equipment and the on-board equipment receive the ciphertext from the other party, using the ciphertext of the other party, decryption key, and the identity information of the target sending device as input, calling the decryption algorithm described above to decrypt the ciphertext.
[0035] Specifically, such as Figure 4 As shown, establishing a communication connection between the vehicle-mounted equipment and the ground equipment also includes, Step S11: The vehicle-mounted device and the ground device send a registration request to the key generation center. The request must include the identity information of the vehicle-mounted device or the ground device, which is the ID of the vehicle-mounted device or the code of the ground device (considered as the ID). Further, the key generation center generates encryption and decryption keys for the vehicle-mounted device and the ground device, and sends the encryption and decryption key of the vehicle-mounted device to the vehicle-mounted device, and / or sends the encryption and decryption key of the ground device to the ground device. In addition, the key generation center generates a master private key and public parameters, and the master private key should be secretly stored locally by the key generation center.
[0036] Step S12: The onboard equipment and ground equipment establish a communication connection and verify each other's identity information. After the train starts, the onboard equipment and ground equipment need to establish a communication connection. During this process, the onboard equipment first receives a command from the transponder to call the Radio Block Center (RBC) of the ground equipment and obtains the RBC number from the RBC command. After receiving the train registration request, the RBC saves and obtains the ID number of the onboard equipment.
[0037] Step S13: The onboard equipment and ground equipment use the encryption algorithm in the I-ME algorithm described above to encrypt data and calculate digital signatures. Specifically, the secure computing modules of the onboard and ground equipment are responsible for receiving plaintext data from the onboard / ground equipment, respectively. Using the plaintext data, encryption key, and the target receiving device ID as input, they call the I-ME encryption algorithm to generate ciphertext (containing a digital signature) from the plaintext data. This ciphertext is then sent to the other party via the transmission system through the communication interface module, thereby achieving confidentiality, integrity, and authentication protection for the transmitted data. The ciphertext (including message signature) generated by this application does not require the simultaneous deployment of multiple algorithms such as encryption and signature (or HMAC) algorithms to simultaneously achieve data confidentiality, authenticity, and integrity. Furthermore, it ensures that the target data can only be correctly decrypted by the target recipient, solving the problem that existing train control system data transmission schemes cannot guarantee data confidentiality.
[0038] In step S14, the vehicle-mounted equipment and ground equipment use the decryption algorithm in the I-ME algorithm described above to decrypt the data and verify the signature. After receiving the ciphertext, the ground / vehicle-mounted equipment communication interface module sends the ciphertext to the ground / vehicle-mounted equipment secure computing module. The ground / vehicle-mounted equipment secure computing module takes the ciphertext, decryption key, and the identity of the target sending device as input and calls the I-ME decryption algorithm to decrypt the ciphertext. During the decryption process, the decryption algorithm first decrypts the ciphertext to obtain the plaintext.
[0039] Step S15: Determine whether decryption was successful. If decryption was successful, proceed to step S16; otherwise, proceed to step S18. Step S16: The signature verification process is further performed using the decryption algorithm in the I-ME algorithm; Step S17: Verify the integrity of the plaintext based on correct decryption and determine whether the signature verification is successful. If the signature verification is successful, proceed to step S23 to ensure that only plaintext data that has been correctly decrypted and passed the integrity verification is received; otherwise, proceed to step S18.
[0040] In step S18, the vehicle-mounted equipment and the ground equipment provide feedback on the decryption or signature verification results, and the ground equipment and the vehicle-mounted equipment re-encrypt and send the data.
[0041] In step S19, the vehicle-mounted equipment and the ground equipment use the decryption algorithm in the I-ME algorithm described above to decrypt and verify the data of the re-requested data.
[0042] Step S20: Determine whether decryption was successful. If decryption was successful, proceed to step S21; otherwise, proceed to step S24. Step S21: The signature verification process is further performed using the decryption algorithm in the I-ME algorithm; Step S22: Determine if the signature verification is successful. If successful, proceed to step S23; otherwise, proceed to step S24. Step S23: Output plaintext and end.
[0043] Step S24: Enter the non-stop level switching mode and end. Specifically, when the train speed drops below the CTCS-2 level permissible speed and the driver confirms CTCS-2 level, the system automatically switches to CTCS-2 level operation. However, this is not limited to CTCS-2 level switching; switching between other train levels also applies to this invention. A backup mode for data decryption failure or verification failure: if the first decryption or verification fails, the target receiving device reports the failure result to the target sending device, and the target sending device retransmits the data. If decryption or verification fails again, the onboard equipment activates the non-stop downgrade mode, ensuring the safety and reliability of train operation.
[0044] like Figure 5As shown in the illustration, this embodiment of the invention also introduces a train control system-to-ground data transmission system to ensure the secure transmission of train-to-ground data. The system includes onboard equipment, ground equipment, and a key generation center. Both the onboard and ground equipment include a secure computing module. The key generation center generates encryption and decryption keys and sends them to the onboard and ground equipment. The secure computing modules in the onboard and ground equipment are respectively responsible for receiving their own plaintext data, using the plaintext data, encryption key, and the target receiving device ID as input, calling the aforementioned encryption algorithm to generate ciphertext from the plaintext data, and sending it to the other party; and after receiving the ciphertext from the other party, using the received ciphertext, decryption key, and the identity information of the target sending device as input, calling the aforementioned decryption algorithm to decrypt the ciphertext.
[0045] In this embodiment of the invention, the vehicle-mounted device and the ground device are also used to send registration requests to the key generation center respectively. The requests include the identity information of the vehicle-mounted device or the ground device, as well as establishing a communication connection between the vehicle-mounted device and the ground device and determining the identity information of both parties.
[0046] In this embodiment of the invention, both the vehicle-mounted device and the ground device include a communication interface module and an application message module; wherein the communication interface modules of the vehicle-mounted device and the ground device, as well as the key generation center, are respectively connected to the transmission system.
[0047] Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims
1. An encryption algorithm, characterized in that, include, Based on the encryption key, the target recipient's identity, and the message, a sub-ciphertext is generated. ; Calculate the signature of the message ; Based on sub-ciphertext and message signature Generate ciphertext .
2. The encryption algorithm according to claim 1, characterized in that, This also includes obtaining the encryption key, which includes, Generate public parameters and the master private key ,in, , For modulo q, remainder class; Choose a hash function , Where P is the group Generators, public parameters include and ; An encryption key is generated based on the sender's identity and master private key.
3. The encryption algorithm according to claim 2, characterized in that, Based on the sender's identity and master private key, an encryption key is generated that satisfies: , in, Here, is a hash function, and s is the master private key. The sender's identity.
4. The encryption algorithm according to claim 3, characterized in that, Based on the encryption key, the target recipient's identity, and the message, a sub-ciphertext is generated. include, Select two random numbers ,in, ; Calculate T and U, where, ; calculate , and ; calculate Then the ciphertext (T,U,V).
5. The encryption algorithm according to claim 3, characterized in that, Calculate the signature of the message This includes hashing message m based on the encryption key and the chosen hash function H2 to satisfy: 。 6. A decryption algorithm, characterized in that, Decrypting encrypted data in any one of the encryption algorithms described in claims 1-5 includes, Based on the decryption key, the target sender's identity, and the ciphertext Obtain plaintext; Calculate and judge This verifies whether the plaintext has been modified during transmission. If the two are equal, the plaintext is returned. Otherwise, return failure.
7. The decryption algorithm according to claim 6, characterized in that, It also includes generating a decryption key based on the recipient's identity and master private key, wherein the decryption key satisfies: , in, The decryption key consists of three parts, namely... The superscripts 1, 2, and 3 represent the first, second, and third parts of the decryption key, respectively. The receiver's identity is represented by r and s, which are the master private keys, and H is the hash function.
8. A method for transmitting data between a train and the ground in a train control system, characterized in that, include, The vehicle-mounted equipment and the ground equipment establish a communication connection and verify the identity information of both parties; The vehicle-mounted equipment and the ground equipment are each responsible for receiving their own plaintext data, and using the plaintext data, encryption key, and the ID of the target receiving device as input, they call the encryption algorithm described in any one of claims 1-5 to generate ciphertext from the plaintext data and send it to the other party; After receiving the ciphertext from the other party, the ground equipment and the vehicle-mounted equipment use the ciphertext, the decryption key, and the identity information of the target sending device as inputs to call the decryption algorithm described in any one of claims 6-7 to decrypt the ciphertext.
9. The train control system ground data transmission method according to claim 8, characterized in that, Establishing a communication connection between vehicle-mounted equipment and ground equipment also includes, The vehicle-mounted equipment and the ground equipment send a registration request to the key generation center. The request contains the identity information of the vehicle-mounted equipment or the ground equipment. The key generation center sends the encryption / decryption keys of the vehicle-mounted equipment to the vehicle-mounted equipment, and / or sends the encryption / decryption keys of the ground equipment to the ground equipment.
10. The train control system ground data transmission method according to claim 9, characterized in that, After decrypting the ciphertext using the decryption algorithm described in any one of claims 6-7, the method further includes verifying the integrity of the plaintext, wherein... If decryption fails or integrity verification fails, the ground equipment and vehicle-mounted equipment will report the decryption or verification results, and the vehicle-mounted equipment and ground equipment will immediately request the data again. If decryption fails again or verification fails, the onboard equipment will activate the non-stop level switching mode. When the train speed drops below the CTCS-2 level allowable speed and the driver confirms the CTCS-2 level, the system will automatically switch to CTCS-2 level operation.
11. A train control system for vehicle-to-ground data transmission, characterized in that, This includes vehicle-mounted equipment, ground equipment, and a key generation center; both the vehicle-mounted and ground equipment include secure computing modules. The key generation center is used to generate encryption and decryption keys and send them to vehicle-mounted and ground equipment. The secure computing modules in the vehicle-mounted equipment and the ground equipment are respectively responsible for receiving their own plaintext data, and using the plaintext data, encryption key, and the ID of the target receiving device as input, calling the encryption algorithm described in any one of claims 1-5 to generate ciphertext from the plaintext data, and sending it to the other party; and after receiving the ciphertext from the other party, using the ciphertext from the other party, decryption key, and the identity information of the target sending device as input, calling the decryption algorithm described in any one of claims 6-7 to decrypt the ciphertext.
12. The train control system ground data transmission system according to claim 11, characterized in that, The vehicle-mounted equipment and ground equipment are also used to send registration requests to the key generation center, respectively. The requests include the identity information of the vehicle-mounted equipment or the ground equipment, as well as to establish a communication connection between the vehicle-mounted equipment and the ground equipment and determine the identity information of both parties.
13. The train control system ground data transmission system according to claim 12, characterized in that, Both the vehicle-mounted equipment and the ground equipment include a communication interface module and an application message module; the communication interface modules and the key generation center of the vehicle-mounted equipment and the ground equipment are connected to the transmission system respectively.