Symmetric and Asymmetric encryption

Source: Internet
Author: User
Tags greatest common divisor asymmetric encryption

For the addition and decryption, I have been in a knowledge of its reason why the state, the core part of the project does not rely on encryption and decryption algorithm, can reluctantly deal with the past, once the need for frequent applications such as AES/RSA algorithm, this state is quite a catch.

It 's time to get to know the principle, so I found this one . Graphic cipher Technology Give yourself a supplementary lesson:

In the book in the light of the guidance, supplemented by some common sense, here to do a comb:

symmetric encryption Algorithm (shared key)

symmetric encryption, as the name implies, is encrypted and decrypted with the same key. When it comes to symmetric encryption, xor is another concept that has to be mentioned:

xor (heterogeneous or encrypted)

The plaintext and the key make an XOR (10) operation will become ciphertext, the ciphertext and the key once the XOR operation will revert to clear text:

For example, the string "Wiki" (8-bit ascii:01010111 01101001 01101011 01101001) can be encrypted with key 11110011 as follows:

01010111 01101001 01101011 01101001
11110011 11110011 11110011 11110011
= 10100100 10011010 10011000 10011010

This method of encryption is similar to symmetric encryption, so the way to decrypt it is as follows:

10100100 10011010 10011000 10011010
11110011 11110011 11110011 11110011
= 01010111 01101001 01101011 01101001

We can also validate this feature with code:

var 0b10110010; var ; var encrypted = number ^ key;   //10 = Ciphertext 164Console.log (encrypted ^ key);   //10 = clear

By using XOR, you can achieve the most basic symmetric encryption, provided that you choose a suitable key. Other symmetric encryption algorithms, such as Des/aes, are all extensions based on XOR.

AES Symmetric encryption

AES is Advanced Encryption Standard (Advanced encryption), a symmetric encryption algorithm that replaces the previous standard (DES) as the new standard (DES is superseded because its algorithm is flawed, causing it to be violently cracked in a short time, so des is deprecated and AES is recommended). The current implementation algorithm for AES is Rijndael, which is a block cipher algorithm designed by the Belgian scientist Joan Daemen and Vincent Rijmen.

Grouping means that the input of the AES algorithm is to be grouped, the packet length can be selected in the 128/196/256 bit (that is, a cipher that can encrypt so many bits of plaintext to generate the same length of ciphertext, one time the encryption may need to iterate multiple rounds).

Mode

The Block cipher algorithm only encrypts fixed-length groupings, but we need to encrypt the length of the plaintext to exceed the packet length of the block cipher, and then iterate over the block cipher algorithm to encrypt a long plaintext. The iterative approach is called the Block cipher pattern.

There are many types of patterns, and the main patterns of block ciphers are:

    • ECB mode: Electronic Codebook mode (electronic password)
    • CBC mode: Cipher Block Channing mode (password Group link)
    • CFB mode: Cipher FeedBack mode (ciphertext feedback model)
    • OFB mode: Output FeedBack mode
    • CTR mode: CounTeR mode (counter)

The operating flow of these modes is not to be discussed here, just know:

    • The ECB is too simple to be secure and has been deprecated;
    • CFB can be applied to replay attack;
    • Both OFB and CTR can be reversed by the active attacker, and the corresponding bits in the plaintext are changed after the decryption, and the CTR is OFB to support concurrent computing, and CTR is a stream cipher;
    • Although CBC does not support parallel computing, it is the safest of these patterns

Algorithm structure diagram for CBC mode:

public key encryption algorithm

Public key encryption, also known as asymmetric encryption (asymmetric cryptography), is a cryptographic algorithm type, in which a pair of keys is required, one is a private key and the other is a public key. These two keys are mathematically related, and the information obtained by encrypting a user's key can only be decrypted with the user's decryption key. If one is known, it is not possible to calculate the other one. Therefore, if one of the two keys is exposed, it does not compromise the secret nature of the other. The public key is a public key, and the private key is not public.

Public-Key cryptography solves a symmetric encryption Key Distribution problem: How to safely pass the decryption key. The scheme is: do not pass, the encryption and decryption of the key is not the same, the characteristics are as follows:

    • Ciphertext sender only needs encryption key (public key
    • The ciphertext recipient only needs the decryption key (the private key
    • Decryption key can not be obtained by eavesdroppers
    • Encryption key is acquired by eavesdroppers and there is no security problem
RSA Public Key Cryptography

RSA is a public-key cryptographic algorithm whose name consists of the initials of three developers R. Rivest, A. Shamir and L. Adleman. RSA can be used for public key cryptography and digital signatures, the algorithm was patented in the United States in 1983, and the patent has expired (since the algorithm was published before the patent was filed, and in most other parts of the world this patent is not recognized).

In RSA, plaintext, keys, and ciphertext are numbers, and public private key pairs are two pairs of numbers:

    • The public key is (number E, number N)
    • The private key is (number D, number N)

Encryption is the use of clear text in the E-order to find the result of the MoD N (take the remainder), the process can be expressed by the following formula:

ciphertext = plaintext E mod N

The D-Order of the number of ciphertext can be obtained by the MoD n, and the decryption process can be expressed by the following formula:

Clear text = ciphertext D mod N

generate key Pair process

(1) Seeking N

Randomly generates two large prime numbers p and q, then N = p * Q

(2) Seeking L

The temporary amount L is only used to generate the key pair, it is the least common multiple of p-1 and q-1 (least common multiple, LCM), and with LCM (x, y) to represent "x and y least common multiple", the L can be expressed as:

L = LCM (p-1, q-1)

(3) Ask E

The following relationship exists between E and L:

1 < E < L

GCD (E, l) = 1 E and L greatest common divisor 1 (E and L coprime)

To find the number that satisfies gcd (E, L) = 1, or to use a pseudo-random number generator. The pseudo-random number generator generates a candidate for e in the range of 1 < e < L and then determines whether it satisfies the condition of gcd (E, L) = 1.

(4) Ask D

The number d is calculated from the number E. The following relationships must be between D, E and L:

1 < D < L

E * D mod L = 1

As long as the number D satisfies the above conditions, it can be decrypted by (number D, number N) through encrypted ciphertext (number E, n).

Simulation Practice

Use a smaller number to practice a RSA key generation and decryption:

(1) Seeking n

Select two prime numbers, for example: P = 17 and q = 19

N = 17 * 19 = 323

(2) Seeking L

L = LCM (p-1, q-1) = LCM (16, 18) = 144

(3) Ask E

The greatest common divisor of E and L must be 1:

GCD (E, L) = 1

There are many e-numbers that meet the criteria, and the prime numbers within 100 are:

5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97

We pick one, like 5 as E, then the public key pair is (e=5, n=323)

(4) Ask D

D must meet:

E * D mod L = 1

In the case of E = 3, D = 59 is satisfied because:

5 * MoD 144 = 1

so the private key pair is (d=29, n=323)

Both public/private key pairs are available for encryption and decryption, assuming clear text 42:

(5) encryption

ciphertext = plaintext E mod N = 5 MoD 323 = 264

(6) Decryption

Clear text = ciphertext D MoD N = + 323 mod = number ratio is larger, can be decomposed to power:

(323 MoD) * (323 MoD) * (9 mod 323) mod 323 = 42

the algorithm principle of RSA

to learn more about the math behind RSA, you can refer to the Nanyi Principles of RSA Algorithm (i.) and the (ii)

applications for AES and RSAHybrid cipher System

By comparison, we know:

    • RSA is more difficult to crack than AES, because it does not need to worry about the key in the transmission process of leakage, there is only a possibility of brute force;
    • AES has the advantage of grouping as a wheel, plus decryption speed is very fast, generally speaking, AES speed hundreds of times times the RSA

So in real-world applications, we will mix AES and RSA, for example to encrypt a file that is not small in size, and might do this:

    1. Generates a one-time random key that encrypts a file using AES's CBC mode AES-256-CBC (encrypted packet 256-bit)
    2. After encryption is complete, in order to safely pass this one-time random key, we use the recipient's RSA public key to encrypt it, with the encrypted file sent together
    3. The receiver uses the private key for decryption, obtains the original AES key, and decrypts the file

Symmetric and Asymmetric encryption

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.