HYPERSPHERE-BASED MULTIVARIABLE PUBLIC KEY ENCRYPTION/DECRYPTION SYSTEM AND METHOD

Abstract

Disclosed is a hypersphere-based multivariable public key encryption/decryption system, which is composed of an encryption module and a decryption module, wherein the encryption module comprises a processor, and a public key transformation component for transforming plaintext into ciphertext; and the decryption module comprises a processor, a first affine transformation inversion component, a trapdoor component and a second affine transformation inversion component, wherein the trapdoor component comprises a linear equation system construction component and a linear equation system solving component. All components execute corresponding operations, so that a set of data is obtained finally, and the set of data is stored and output as decrypted plaintext; and if the decryption module does not produce data, the processor outputs warning information about a decryption failure to a user. In the system and method of the present invention, the large domain technique is not used. The designed centralizing mapping contains N sets of “centre of sphere” as private keys to realize centralizing hiding. Meanwhile, the running speed is very fast, and only linear equation system solving is required to be conducted in the decryption process.

Claims

1. A hypersphere-based multivariable public key encryption/decryption system, characterized in that the system contains: A. an encryption module for performing encryption processing on plaintext to be encrypted so as to form ciphertext and complete encryption, which comprises a processor and a public key transformation component, wherein, after the plaintext to be encrypted is transmitted to the processor, the processor stores the plaintext, and then transmits plaintext data to the public key transformation component; the encrypted ciphertext is obtained by respectively substituting the plaintext data into multivariable polynomials; the ciphertext is subsequently transmitted to the processor for storage; and then the processor transmits the ciphertext to decryption modules of other users; and B. a decryption module for performing decryption processing on ciphertext data transmitted from other users so as to form plaintext and complete decryption, which comprises the processor, a first affine transformation inversion component, a trapdoor component and a second affine transformation inversion component, with the trapdoor component containing a linear equation system construction component and a linear equation system solving component, wherein, after the ciphertext data is received, the ciphertext is firstly transmitted by the processor to the first affine transformation inversion component for an affine transformation inversion computation, and then transmitted to the linear equation system construction component and the linear equation system solving component of the trapdoor component respectively for a linear equation system construction computation and a linear equation system solving computation; a group of solutions obtained through the polynomial inversion computation are transmitted to the second affine transformation inversion component for an affine transformation inversion computation and are finally transmitted to the processor; for one or more sets of data transmitted, the processor respectively calculates a hash value for each set of data, if an obtained hash value of a certain set of data is equal to plaintext hash redundant data prestored in the processor, the set of data is stored and output as decrypted plaintext; and if none of the hash values is equal to the plaintext hash redundant data, the processor outputs warning information about a decryption failure to a user.

2. The hypersphere-based multivariable public key encryption/decryption system according to claim 1, characterized in that the system further contains a selector which is connected to the processor, wherein, when the selector is in an open state, the encryption module of the system works; and when the selector is in a closed state, the decryption module of the system works.

3. The hypersphere-based multivariable public key encryption/decryption system according to claim 2, characterized in that said processor contains a scheduler connected to the selector, wherein the open state and the closed state of the selector are identified and processed by the scheduler in the processor, and data stored in the processor is controlled and scheduled by the scheduler to the corresponding components for corresponding operations.

4. The hypersphere-based multivariable public key encryption/decryption system according to claim 1, characterized in that said processor further contains a Hash detector and a memory, wherein the calculations of the hash values of the data in the processor are accomplished by the Hash detector, and the storage of the data in the processor is accomplished by the memory.

5. A hypersphere-based multivariable public key encryption/decryption method, containing steps in the following order: (1) an encryption process: a. after plaintext to be encrypted is transmitted to a processor, calculating a hash value thereof by the processor to obtain plaintext hash redundant data and storing the plaintext and the plaintext hash redundant data; b. transmitting the plaintext data to a public key transformation component, and obtaining encrypted ciphertext by substituting the plaintext data into multivariable polynomials; and c. subsequently transmitting the ciphertext to the processor for storage, and transmitting, by the processor, the ciphertext together with the plaintext hash redundant data to decryption modules of other users; and (2) a decryption process: a. after ciphertext and plaintext hash redundant data transmitted from other users is received, firstly storing the plaintext hash redundant data by the processor, and then transmitting the ciphertext to a first affine transformation inversion component for an affine transformation inversion computation; b. then transmitting inverted data to a linear equation system construction component and a linear equation system solving component of a trapdoor component respectively for a linear equation system construction operation and a linear equation system solving operation, with one or more groups of solutions obtained through the linear equation system solving operation; c. transmitting the solutions obtained above to a second affine transformation inversion component for an affine transformation inversion computation; and d. finally performing transmission to the processor, and for one or more sets of data transmitted, respectively calculating a hash value for each set of data by the processor, if a hash value of a certain set of data is equal to plaintext hash redundant data prestored in the processor, storing the set of data and outputting same as decrypted plaintext; and if none of the hash values is equal to the plaintext hash redundant data, outputting, by the processor, warning information about a decryption failure to a user.

6. The hypersphere-based multivariable public key encryption/decryption method according to claim 5, characterized in that, said step (1) of encryption process contains:) a. after the plaintext to be encrypted (x.sub.1′, . . . , x.sub.n′)∈F.sup.n transmitted to the processor, calculating the hash value thereof (h.sub.1′, . . . , h.sub.j′)=Hash(x.sub.1′, . . . , x.sub.n′)by the processor to obtain the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′), with Hash(.Math.) being a cryptographically secure one-way function, and storing the plaintext and the plaintext hash redundant data; b. transmitting the plaintext (x.sub.1′, . . . , x.sub.n′) data to the public key transformation component, and substituting, by the public key transformation component, the plaintext data into a public key mapping P(x.sub.1, . . . , x.sub.n) i.e. respectively calculating the values of the multivariable polynomials p.sub.1(x.sub.1′, . . . , x.sub.n′), . . . , p.sub.m(x.sub.1′, . . . , x.sub.n′), of which the values are respectively denoted as y.sub.1′, . . . , y.sub.m′, with (y.sub.1′, . . . , y.sub.m′) being the encrypted ciphertext; and c. subsequently transmitting the ciphertext (y.sub.1′, . . . , y.sub.m′) to the processor for storage, and transmitting, by the processor, the ciphertext (y.sub.1′, . . . , y.sub.m′) together with the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′) to decryption modules of other users; and the step (2) of decryption process contains: a. after the ciphertext (y.sub.1′, . . . , y.sub.m′) and the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′) transmitted from other users is received, firstly storing the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′)by the processor, and then transmitting the ciphertext (y.sub.1′, . . . , y.sub.m′) to the first affine transformation inversion component for the affine transformation inversion computation ({tilde over (y)}.sub.1, . . . , {tilde over (y)}.sub.m)=L.sub.1.sup.−1(y.sub.1′, . . . , y.sub.m′); b. then transmitting the ({tilde over (y)}.sub.1, . . . , {tilde over (y)}.sub.m) to the trapdoor component respectively for the linear equation system construction operation and the linear equation system solving operation, i.e. constructing, by the linear equation system construction component, an equation system simultaneously using m sets of data (c.sub.i,1, c.sub.i,2, . . . , c.sub.i,n) preallocated to the trapdoor component by the scheduler as well as ({tilde over (y)}.sub.1, . . . , {tilde over (y)}.sub.m), wherein the details are as follows: $\{\begin{array}{c}{\left(-c_{1,1}\right)}^2+\mathrm{.Math.}+{\left(-c_{1,n}\right)}^2=\\ \mathrm{.Math.}\\ {\left(-c_{m,1}\right)}^2+\mathrm{.Math.}+{\left(-c_{m,n}\right)}^2=\end{array}\hspace{1em}$ is denoted as equation I, and the equation I is extended into equation II: $\{\begin{array}{c}{\left(-2.Math.c_{1,1}.Math.+c_{1,1}^2\right)}^2+\mathrm{.Math.}+\left(-2.Math.c_{1,n}.Math.+c_{1,n}^2\right)=\\ \mathrm{.Math.}\\ \left(-2.Math.c_{m,1}.Math.+c_{m,1}^2\right)+\mathrm{.Math.}+\left(-2.Math.c_{m,n}.Math.+c_{m,n}^2\right)=\end{array}\hspace{1em}$ the equation I subtracts the equation II to obtain equation III: $\{\begin{array}{c}\begin{array}{c}\left(2.Math.c_{2,1}-2.Math.c_{1,1}\right).Math.+\mathrm{.Math.}+\left(2.Math.c_{2,n}-2.Math.c_{1,n}\right).Math.+\\ \left(c_{1,1}^2-c_{2,1}^2\right)+\mathrm{.Math.}+\left(c_{1,n}^2-c_{2,n}^2\right)=-\end{array}\\ \mathrm{.Math.}\\ \begin{array}{c}\left(2.Math.c_{m,1}-2.Math.c_{m-1,1}\right).Math.+\mathrm{.Math.}+\left(2.Math.c_{m,n}-2.Math.c_{m-1,n}\right).Math.+\\ \left(c_{m-1,1}^2-c_{m,1}^2\right)+\mathrm{.Math.}+\left(c_{m-1,n}^2-c_{m,n}^2\right)=.Math.-\end{array}\end{array}\hspace{1em}$ the equation III is converted into a matrix form to obtain equation IV: $\left[\begin{array}{c}\left(2.Math.c_{2,1}-2.Math.c_{1,1}\right).Math..Math.\mathrm{.Math.}.Math..Math.\left(2.Math.c_{2,n}-2.Math.c_{1,n}\right)\\ \mathrm{.Math.}\\ \left(2.Math.c_{m,1}-2.Math.c_{m.Math..Math.1,1}\right).Math..Math.\mathrm{.Math.}.Math..Math.\left(2.Math.c_{m,n}-2.Math.c_{m.Math..Math.1,n}\right)\end{array}\right][.Math.\begin{array}{c}\\ \mathrm{.Math.}\\ \end{array}]=\hspace{1em}\left[\begin{array}{c}\left(-\right)+\underset{j=1}{\overset{n}{.Math.}}.Math.\left(c_{2,j}^2-c_{1,j}^2\right)\\ \mathrm{.Math.}\\ \left(-\right)+\underset{j=1}{\overset{n}{.Math.}}.Math.\left(c_{m,j}^2-c_{m.Math..Math.1,j}^2\right)\end{array}\right]$ and the equation IV is a linear equation system which is related to ({tilde over (x)}.sub.1, . . . , {tilde over (x)}.sub.n) and constructed by the linear equation system construction component; and then the linear equation system solving component solves the equation IV using a Gaussian elimination method, wherein there are one or more groups of solutions and the number of groups of solutions is set to d, with a solution set being denoted as ({tilde over (x)}.sub.i1, . . . , {tilde over (x)}.sub.in),(1≦i≦d); c. then transmitting the obtained data to the second affine transformation inversion component for the affine transformation inversion computation (x.sub.i1′, . . . , x.sub.in′)=S.sup.−1({tilde over (x)}.sub.i1, . . . , {tilde over (x)}.sub.in),(1≦i≦d); and d. finally transmitting (x.sub.i1′, . . . , x.sub.in′) to the processor, and calculating the hash values of (x.sub.i1′, . . . , x.sub.in′) by the processor, if the hash value of a certain ith set of data (x.sub.i1′, . . . , x.sub.in′) is equal to the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′), outputting the set of data (x.sub.i1′, . . . , x.sub.in′) as the decrypted plaintext; and if (x.sub.i1′, . . . , x.sub.in′)≠(h.sub.1′, . . . , h.sub.j′) for every i, outputting, by the processor, warning information about a decryption failure to the user.

7. The hypersphere-based multivariable public key encryption/decryption method according to claim 5, characterized in that, prior to the step (1) of encryption process, the method further contains the following step: when the selector is in the open state, the encryption module of the system works, wherein the selector is connected to the processor; and prior to the step (2) of decryption process, the method further contains the following step: when the selector is in the closed state, the decryption module of the system works, wherein the selector is connected to the processor.

8. The hypersphere-based multivariable public key encryption/decryption method according to claim 7, characterized in that said processor contains a scheduler connected to the selector, wherein the open state and the closed state of the selector are identified and processed by the scheduler in the processor, and the data stored in the processor is controlled and scheduled by the scheduler to the corresponding components for corresponding operations.

9. The hypersphere-based multivariable public key encryption/decryption method according to claim 5, characterized in that said processor further contains a Hash detector and a memory, wherein the calculations of the hash values of the data in the processor are accomplished by the Hash detector, and the storage of the data in the processor is accomplished by the memory.

Description

DESCRIPTION OF THE DRAWING

[0048] FIG. 1 is a structural schematic diagram of a hypersphere-based multivariable public key encryption/decryption system of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

[0049] A structural schematic diagram of a hypersphere-based multivariable public key encryption/decryption system is shown in FIG. 1, containing:

[0050] A. a selector which is connected to a scheduler in a processor, wherein, when the selector is in an open state, an encryption module of the system works; and when the selector is in a closed state, a decryption module of the system works;

[0051] B. an encryption module for performing encryption processing on plaintext to be encrypted so as to form ciphertext and complete encryption, which comprises a processor and a public key transformation component, the plaintext to be encrypted being transmitted to the processor, wherein the processor contains the scheduler, a Hash detector and a memory, the Hash detector calculating a hash value for the plaintext to obtain plaintext hash redundant data and storing the plaintext and the plaintext hash redundant data thereof in the memory, and then transmitting the plaintext data to the public key transformation component; the public key transformation component substituting the plaintext data into a public key mapping, i.e. respectively calculating the values of the multivariable polynomials to obtain the encrypted ciphertext; the ciphertext being subsequently transmitted to the processor for storage; and then the processor transmits the ciphertext together with the plaintext hash redundant data to decryption modules of other users; and

[0052] C. a decryption module for performing decryption processing on ciphertext data transmitted from other users so as to form plaintext and complete decryption, which comprises the processor, a first affine transformation inversion component, a trapdoor component and a second affine transformation inversion component, with the trapdoor component containing a linear equation system construction component and a linear equation system solving component, wherein, after the ciphertext data is received, the ciphertext is firstly transmitted by the processor to the first affine transformation inversion component for an affine transformation inversion computation, and then transmitted to the linear equation system construction component and the linear equation system solving component of the trapdoor component respectively for a linear equation system construction computation and a linear equation system solving computation; a group of solutions obtained through the polynomial inversion computation are transmitted to the second affine transformation inversion component for an affine transformation inversion computation and are finally transmitted to the processor; for one or more sets of data transmitted, the processor respectively calculates a hash value for each set of data, if an obtained hash value of a certain set of data is equal to plaintext hash redundant data prestored in the processor, the set of data is stored and output as decrypted plaintext; and if none of the hash values is equal to the plaintext hash redundant data, the processor outputs warning information about a decryption failure to a user.

[0053] Initialization needs to be performed before the hypersphere-based multivariable public key encryption/decryption system is used for the first time, as shown below:

[0054] (1) Arithmetic computations of all the components of the system are on the basis of a finite field F having an order of q, where q is an odd prime.

[0055] (2) Let the number of equations of the multivariable public key cryptography system be m, and the number of variables be n.

[0056] (3) In the first affine transformation inversion component, let T(y.sub.1, . . . , y.sub.m)=(y.sub.1, . . . , y.sub.m)be a randomly selected invertible affine transformation from F.sup.m to F.sup.m; and similarly, in the second affine transformation inversion component, let S(x.sub.1, . . . , x.sub.n)=(x.sub.1, . . . , x.sub.n) be a randomly selected invertible affine transformation from F.sup.n to F.sup.n.

[0057] (4) In the trapdoor component, the system randomly selects m sets of centre of sphere data (c.sub.i,1, c.sub.i,2, . . . , c.sub.i,n) to satisfy c.sub.i,j∈F.sub.q,1≦i≦m,1≦j≦n.

[0058] (5) In the public key transformation component, the centralizing mapping is initialized F=(f.sub.1, . . . , f.sub.m), that is, m.Math.f.sub.i constitutes the centralizing mapping. Let f.sub.i=(x.sub.1−c.sub.i,1).sup.2+(x.sub.2−c.sub.i,2).sup.2+ . . . +(x.sub.n−c.sub.i,n).sup.2,1≦i≦m, where (c.sub.i,1, c.sub.i,2, . . . , c.sub.i,n) are m sets of centre of sphere data randomly selected by the system in the trapdoor component. Finally, let P=T∘F∘S(x.sub.1, . . . , x.sub.n) be the corresponding public key mapping.

[0059] (6) The data of the above relevant mapping are stored in the memory after system initialization, and in the system working process, are controlled and scheduled by the scheduler to the corresponding components for corresponding operations.

[0060] After the initialization finishes, the system can be formally used.

[0061] A hypersphere-based multivariable public key encryption/decryption method, contains steps in the following order:

[0062] (1) an encryption process:

[0063] a. when a selector is in an open state, an encryption module of a system works; the selector is connected to the scheduler of a processor, the processor containing the scheduler, a Hash detector and the memory: after the plaintext to be encrypted (x.sub.1′, . . . , x.sub.n′)∈F.sup.n transmitted to the processor, calculating the hash value thereof (h.sub.1′, . . . , h.sub.j′)=Hash(x.sub.1′, . . . , x.sub.n′) by the Hash detector to obtain the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′), with Hash(.Math.) being a cryptographically secure one-way function, and then storing the plaintext and the plaintext hash redundant data thereof in the memory;

[0064] b. transmitting the plaintext (x.sub.1′, . . . , x.sub.n′)to the public key transformation component, and substituting, by the public key transformation component, the data into a public key mapping P(x.sub.1, . . . , x.sub.n)i.e. respectively calculating the values of the multivariable polynomials p.sub.1(x.sub.1′, . . . , x.sub.n′), . . . , p.sub.m(x.sub.1′, . . . , x.sub.n′), of which the values are respectively denoted as y.sub.1′, . . . , y.sub.n′, with the data (y.sub.1′, . . . , y.sub.n′) being the encrypted ciphertext;

[0065] c. subsequently transmitting the ciphertext (y.sub.1′, . . . , y.sub.n′) to the processor for storage, and then transmitting, by the processor, the ciphertext (y.sub.1′, . . . , y.sub.n′) together with the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′) to decryption modules of other users; and

[0066] (2) a decryption process:

[0067] a. when the selector is in a closed state, the decryption module of the system works: after the ciphertext (y.sub.1′, . . . , y.sub.m′) and the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′) transmitted from other users is received, firstly storing the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′) by the processor, and then transmitting the ciphertext (y.sub.1′, . . . , y.sub.m′) to the first affine transformation inversion component for the affine transformation inversion computation ({tilde over (y)}.sub.1, . . . , {tilde over (y)}.sub.m)=L.sub.1.sup.−1(y.sub.1′, . . . , y.sub.m′);

[0068] b. then transmitting the ({tilde over (y)}.sub.1, . . . , {tilde over (y)}.sub.m) to the trapdoor component respectively for the linear equation system construction operation and the linear equation system solving operation, i.e. constructing, by the linear equation system construction component, an equation system (I) simultaneously using m sets of data (c.sub.i,1, c.sub.i,2, . . . , c.sub.i,n) preallocated to the trapdoor component as well as ({tilde over (y)}.sub.1, . . . , {tilde over (y)}.sub.m), wherein the form is as follows:

[00005]$\begin{array}{cc}\{\begin{array}{c}{\left(-c_{1,1}\right)}^2+\mathrm{.Math.}+{\left(-c_{1,n}\right)}^2=\\ \mathrm{.Math.}\\ {\left(-c_{m,1}\right)}^2+\mathrm{.Math.}+{\left(-c_{m,n}\right)}^2=\end{array}& \left(I\right)\end{array}$

the equation (I) is extended into:

[00006]$\begin{array}{cc}\{\begin{array}{c}\left(-2.Math.c_{1,1}.Math.+c_{1,1}^2\right)+\mathrm{.Math.}+\left(-2.Math.c_{1,n}.Math.+c_{1,n}^2\right)=\\ \mathrm{.Math.}\\ \left(-2.Math.c_{m-1,1}.Math.+c_{m,1}^2\right)+\mathrm{.Math.}+\left(-2.Math.c_{m,n}.Math.+c_{m,n}^2\right)=\end{array}& \left(\mathrm{II}\right)\end{array}$

for equation (II), the first equation subtracts the second equation, . . . , and the (m−1)th equation subtracts the mth equation to obtain:

[00007]$\begin{array}{cc}\{\begin{array}{c}\begin{array}{c}\left(2.Math.c_{2,1}-2.Math.c_{1,1}\right).Math.+\mathrm{.Math.}+\left(2.Math.c_{2,n}-2.Math.c_{1,n}\right).Math.+\\ \left(c_{1,1}^2-c_{2,1}^2\right)+\mathrm{.Math.}+\left(c_{1,n}^2-c_{2,n}^2\right)=-\end{array}\\ \mathrm{.Math.}\\ \begin{array}{c}\left(2.Math.c_{m,1}-2.Math.c_{m-1,1}\right).Math.+\mathrm{.Math.}+\left(2.Math.c_{m,n}-2.Math.c_{m-1,n}\right).Math.+\\ \left(c_{m-1,1}^2-c_{m,1}^2\right)+\mathrm{.Math.}-\left(c_{m-1,n}^2-c_{m,n}^2\right)=-\end{array}\end{array}& \left(\mathrm{III}\right)\end{array}$

equation (III) is written in a matrix form to obtain:

[00008]$\begin{array}{cc}\left[\begin{array}{c}\left(2.Math.c_{2,1}-2.Math.c_{1,1}\right).Math..Math.\mathrm{.Math.}.Math..Math.\left(2.Math.c_{2,n}-2.Math.c_{1,n}\right)\\ \mathrm{.Math.}\\ \left(2.Math.c_{m,1}-2.Math.c_{m-1,1}\right).Math..Math.\mathrm{.Math.}.Math..Math.\left(2.Math.c_{m,n}-2.Math.c_{m-1,n}\right)\end{array}\right][.Math.\begin{array}{c}\\ \mathrm{.Math.}\\ \end{array}]=\hspace{1em}\left[\begin{array}{c}\left(-\right)+\underset{j-1}{\overset{n}{.Math.}}.Math.\left(c_{2,j}^2-c_{1,j}^2\right)\\ \mathrm{.Math.}\\ \left(-\right)+\underset{j=1}{\overset{n}{.Math.}}.Math.\left(c_{m,j}^2-c_{m-1,j}^2\right)\end{array}\right]& \left(\mathrm{IV}\right)\end{array}$

and the equation (IV) is a linear equation system which is related to ({tilde over (x)}.sub.1, . . . , {tilde over (x)}.sub.n) and constructed by the linear equation system construction component; and then the linear equation system solving component solves the equation (IV) using a Gaussian elimination method, wherein there are one or more groups of solutions, and the number of groups of solutions is set to d, with a solution set being denoted as ({tilde over (x)}.sub.i1, . . . , {tilde over (x)}.sub.in),(1≦i≦d); c. then transmitting the obtained data to the second affine transformation inversion component for the affine transformation inversion computation (x.sub.i1′, . . . , x.sub.in′)−S.sup.−1({tilde over (x)}.sub.i1, . . . , {tilde over (x)}.sub.in),(1≦i≦d);

[0069] d. finally transmitting (x.sub.i1′, . . . , x.sub.in′) to the processor, and calculating the hash values of (x.sub.i1′, . . . , x.sub.in′) by the processor, if the hash value of a certain ith set of data (x.sub.i1′, . . . , x.sub.in′) is equal to the plaintext hash redundant data (h.sub.1′, . . . , h.sub.j′), outputting the set of data (x.sub.i1′, . . . , x.sub.in′) as the decrypted plaintext; and if (x.sub.i1′, . . . , x.sub.in′)≠(h.sub.1′, . . . , h.sub.j′) for every i, outputting, by the processor, warning information about a decryption failure to the user.

[0070] The initialization process of the system is introduced in detail with a specific example below:

[0071] (1) Computations of all the components are on the basis of a finite field F having an order q=3, where the base field F contains 3 elements, and these elements are respectively {0, 1, 2}, and the addition and the multiplication defined on the field is to mod 3 after the addition and multiplication of integers;

[0072] (2) the number of equations in the system is m=3, and the number of variables is n=2;

[0073] (3) in the first affine transformation inversion component, initialization is

performed:

[00009]$T\left(\stackrel{\_}{y_1},\stackrel{\_}{y_2},\stackrel{\_}{y_3}\right)=\left[\begin{array}{ccc}1& 2& 0\\ 0& 1& 1\\ 2& 0& 1\end{array}\right]\left[\begin{array}{c}\stackrel{\_}{y_1}\\ \stackrel{\_}{y_2}\\ \stackrel{\_}{y_3}\end{array}\right]+\left[\begin{array}{c}2\\ 0\\ 1\end{array}\right]=\left[\begin{array}{c}{y}_1\\ y_2\\ y_3\end{array}\right],$

and in the second affine transformation inversion component, initialization is performed:

[00010]$S\left(x_1,x_2\right)=\left[\begin{array}{cc}1& 1\\ 1& 2\end{array}\right]\left[\begin{array}{c}{x}_1\\ x_2\end{array}\right]+\left[\begin{array}{c}1\\ 2\end{array}\right]=\left[\begin{array}{c}\stackrel{\_}{x_1}\\ \stackrel{\_}{x_2}\end{array}\right];$

[0074] (4) in the trapdoor component, three sets of “centres of sphere” are randomly selected: (1, 2), (2, 1) and (0, 1); and

[0075] (5) in the public key transformation component, firstly, the centralizing mapping F is respectively:

f.sub.1(x.sub.1, x.sub.2)=(x.sub.1−1).sup.2+(x.sub.2−2).sup.2,

f.sub.2(x.sub.1, x.sub.2)=(x.sub.1−2).sup.2+(x.sub.2−1).sup.2,

f.sub.3(x.sub.1, x.sub.2)=(x.sub.1−0).sup.2+(x.sub.2−1).sup.2.

[0076] the specific equations of the public key transformation P is easily obtained through the equation P=T∘F∘S(x.sub.1, . . . , x.sub.n), which respectively comprise the following three equations:

p.sub.1(x.sub.1, x.sub.2)=x.sub.2

p.sub.2(x.sub.1, x.sub.2)=x.sub.1.sup.2+x.sub.1+2x.sub.2+x.sub.2.sup.2+1

p.sub.3(x.sub.1, x.sub.2)=x.sub.1.

[0077] After the system initialization, the encryption and decryption of the plaintext (1, 2) will be described in detail below. Furthermore, in order to simply illustrate the entire encryption and decryption processes, without loss of generality, the hash value of the plaintext (1, 2) can be set as (1, 1, 1).

[0078] The encryption process:

[0079] (1) the selector is in the open state;

[0080] (2) for the plaintext to be encrypted M=(1, 2), the processor calls the Hash detector to calculate its hash value (1,1,1)=Hash(M) so as to obtain the plaintext hash redundant data (1, 1, 1), and stores the plaintext data (1, 2) and its plaintext hash redundant data (1, 1, 1) in the memory, and then the memory transmits the plaintext (1, 2) to the public key transformation component;

[0081] (3) after receiving the data, the public key transformation component interacts with the processor, calls the function P and respectively calculates p.sub.1(1,2), p.sub.2(1,2), p.sub.3(1,2) to obtain a result (2, 2, 1) and returns same to the memory; and

[0082] (4) the processor uses the data (2, 2, 1) as ciphertext of the plaintext (1, 2) and transmits the ciphertext (2, 2, 1) together with its plaintext hash redundant data (1, 1, 1) to a user (or a device).

[0083] The decryption process:

[0084] (1) the selector is in the closed state;

[0085] (2) for the data to be decrypted (2, 2, 1) and its plaintext hash redundant data (1, 1, 1), an input transmits same to the memory and stores therein, and the processor transmits the ciphertext data (2, 2, 1) to the first affine transformation inversion component; (3) after receiving the data (2, 2, 1), the first affine transformation inversion component firstly interacts with the processor, calls a function and calculates T.sup.−1(2,2,1)=(1,1,1), and then transmits the result (1, 1, 1) to the trapdoor component; and

[0086] (4) after receiving the data (1, 1, 1), the trapdoor component firstly interacts with the processor, then calls a linear equation system construction sub-component, wherein the sub-component constructs an equation system, i.e.

[00011]$\{\begin{array}{c}{f}_1\left(,\right)={\left(-1\right)}^2+{\left(-2\right)}^2=1\\ f_2\left(,\right)={\left(-2\right)}^2+{\left(-1\right)}^2=1\\ f_3\left(,\right)={\left(-0\right)}^2+{\left(-1\right)}^2=1\end{array},$

simultaneously using the three sets of centre of sphere data (1, 2), (2, 1) and (0, 1) preallocated by the scheduler to the trapdoor component as well as (1, 1, 1), and after the above three equations are expanded, the following equations can be obtained:

[00012]$\{\begin{array}{c}-2.Math.+1+-4.Math.+4=1\\ -4.Math.+4+-2.Math.+1=1\\ --2.Math.+1=1\end{array},$

[0087] wherein the above-mentioned first equation subtracts the second equation and the second equation subtracts the third equation to obtain:

[00013]$\{\begin{array}{c}2.Math.-3-2.Math.+3=0\\ -4.Math.+4=0\end{array}\hspace{1em}$

[0088] is the linear equation system constructed by the sub-component, and, afterwards, the trapdoor component calls a linear equation system solving sub-component to solve the solutions as to unknown variables of the equation system, i.e.

[00014]$\{\begin{array}{c}=1\\ =1\end{array};$

and finally, the trapdoor component transmits the solution set (1, 1) to the second affine transformation inversion component;

[0089] (5) after receiving the data set (1, 1), the second affine transformation inversion component interacts with the processor, runs a program and calculates S.sup.−1(1, 1) to obtain the result (1, 2), and finally returns the data set to the memory;

[0090] (6) the processor calls the Hash detector, calculates the hash value for the data (1, 2), and discovers that the hash value of the data (1, 2) is (1, 1, 1), i.e. Hash(1,2)=(1,1,1) which is equal to the plaintext hash redundant data (1, 1, 1) in the memory; and

[0091] (7) the processor transmits the data (1, 2) as the decrypted plaintext to the user (or the device).

[0092] The above-mentioned embodiment is a simple implementation of the present invention, but the implementations of the present invention are not limited to the above-mentioned embodiment. The system parameters recommended in the present invention are: q=31, n=34 and m=35; and the security level thereof can be higher than 2.sup.80. Any other change, modification, replacement, combination, simplification made without departing from the spirit or principles of the present invention should all be equivalent substitutions and be included within the scope of the present invention.