Introduction of encryption algorithm and selection of encryption algorithm

Introduction to Cryptographic algorithms

I. Cryptography INTRODUCTION

According to records, in 400 BC, the ancient Greeks invented the replacement code. 1881 the world's first telephone secrecy patent appeared. During the Second World War, the German military enabled the "Enigma" cipher Machine, which played a very important role in the war.

With the development of information and digital society, People's awareness of the importance of security and confidentiality has been increasing, so in 1997, the United States National Standards Bureau announced the implementation of the "United States Data Encryption Standard (DES)", the civil power began to fully involved in cryptography research and application, the use of encryption algorithm has DES, RSA, Sha and so on. With the increasing demand for encryption strength, AES, ECC and so on have appeared recently.

Using cryptography can achieve the following purposes:

Confidentiality: Prevents the user's identity or data from being read.

Data integrity: Prevents data from being changed.

Authentication: Ensure that the data comes from a specific party.

Two. Introduction to cryptographic algorithms

According to the different key types, modern cryptography is divided into two categories: symmetric encryption Algorithm (secret key encryption) and asymmetric encryption algorithm (public key encryption).

Symmetric key encryption systems are both encrypted and decrypted using the same secret key, and both sides of the communication must obtain the key and keep the key secret.

An asymmetric key encryption system uses a different encryption key (public key) and decryption key (private key).

Symmetric encryption Algorithm

Symmetric encryption algorithms are used to encrypt information such as sensitive data, commonly used algorithms include:

DES (Data Encryption Standard): Encryption standards, fast, suitable for encrypting large amounts of data.

3DES (Triple des): Based on DES, a piece of data is encrypted three times with three different keys, with a higher intensity.

AES (Advanced encryption): High Encryption Standard, the next generation of encryption algorithm standard, fast, high security level;

AES

In October 2000, NIST (National Institute of Standards and Technology) announced the adoption of a new cryptographic key encryption standard from 15 candidate algorithms. Rijndael is selected as the future AES. Rijndael was created in the second half of 1999 by researchers Joan Daemen and Vincent rijmen. AES is increasingly becoming the real standard for encrypting various forms of electronic data.

The new Advanced Encryption Standard (AES) specification was developed by the American Institute of Standards and Technology (NIST) on May 26, 2002.

algorithm principle

The AES algorithm is based on permutation and permutation operations. Permutations are rearranging the data, replacing one unit of data with another. AES uses several different methods to perform permutation and permutation operations.

AES is an iterative, symmetric-key grouping of passwords that can use 128, 192, and 256-bit keys and encrypt and decrypt data in 128-bit (16-byte) packets. Unlike the public key password, which uses the key pair, the symmetric key password encrypts and decrypts the data using the same key. The number of bits of encrypted data returned by a block cipher is the same as the input data. Iterative encryption uses a looping structure that repeats the substitution and substitution of input data in the loop.

Comparison of AES with 3DES

Algorithm name	Algorithm type	Key length	Speed	Decryption time (build machine tries 255 keys per second)	Resource consumption
Aes	Symmetric block cipher	128, 192, 256-bit	High	149 trillion years	Low
3DES	Symmetric Feistel Password	112-bit or 168-bit	Low	4.6 Billion years	In

Asymmetric Algorithms

The common asymmetric encryption algorithm is as follows:

RSA: Invented by RSA, is a public key algorithm that supports variable-length keys, and the length of file blocks that need to be encrypted is also variable;

DSA (Digitally Signature algorithm): Digital Signature Algorithm, is a standard DSS (digital signature standard);

ECC (Elliptic Curves cryptography): Elliptic curve cipher coding.

ECC

In 1976, because the symmetric encryption algorithm can not meet the needs, Diffie and Hellman published an article called "Cryptography New Trends", introduced the concept of public key cryptography, from Rivet, Shamir, Adelman proposed RSA algorithm.

With the improvement of the decomposition of large integer method, the improvement of computer speed and the development of network, in order to ensure the security of data, RSA key needs to be increased, but the increase of the key length leads to the speed of encryption and decryption is greatly reduced, the hardware realization becomes more and more unbearable, This poses a heavy burden on applications that use RSA, so a new algorithm is needed to replace RSA.

1985 N.koblitz and Miller proposed the use of elliptic curves for cryptographic algorithms, based on the discrete logarithm problem in the point group on elliptic curves on finite fields ECDLP. ECDLP is a more difficult problem than factor decomposition, it is the difficulty of a number of levels.

Principle--the problem on elliptic curve

The ECDLP of discrete logarithm problem on elliptic curve is defined as follows: Given prime number p and elliptic curve E, for Q=KP, a positive integer k less than P is obtained in the case of known p,q. It can be proved that it is easy to calculate Q by K and P, but it is more difficult to calculate K by Q and P.

By comparing the addition operation in the elliptic curve with the modulo multiplication operation in the discrete logarithm, the multiplication operation in the elliptic curve corresponds to the modulo exponentiation in the discrete logarithm, and we can establish a corresponding cryptosystem based on the elliptic curve.

For example, the corresponding Diffie-hellman public key system, we can be implemented in the elliptic curve by the following way: Select the generation of P on E, the number of groups generated by P is sufficient, the communication parties A and B respectively select A and b,a and B to be confidential, but the AP and BP public, The key for communication between A and B is ABP, which is unknown to a third party.

The corresponding ElGamal cipher system can be implemented on elliptic curves in the following ways:

Embed clear text m into E on PM point, select a point b∈e, each user selected an integer a,0

k=kg [where K,g is a point on EP (A, B) and K is an integer less than n (n is the order of Point G)]

It is not difficult to find that given K and G, it is easy to calculate k according to the rule of addition, but given K and G, it is relatively difficult to find K.

This is the problem that Elliptic curve encryption algorithm adopts. We refer to the point G as base Point, and K (K<n,n as the order of Base point G) is called the private key (Privte key) and K is called the public key.

the comparison between ECC and RSA

ECC and RSA have an absolute advantage over many aspects, mainly in the following areas:

Strong anti-attack ability. The same key length, its anti-attack is much better than many times.

The computation quantity is small, the processing speed is fast. ECC is much faster than RSA and DSA.

Storage footprint is small. ECC's key size and system parameters are much smaller than RSA and DSA, which means that it occupies a much smaller storage space. This is of particular importance to the application of the encryption algorithm on the IC card.

Low bandwidth requirements. When the long message is added and decrypted, the three types of cipher systems have the same bandwidth requirements, but the ECC bandwidth requirements are much lower when applied to short messages. The low bandwidth requirement makes ECC widely used in wireless network field.

These features of ECC make it a universal public-key encryption algorithm instead of RSA. For example, the set protocol's creator has used it as the default public-key cipher algorithm in the next generation set protocol.

The following two representations are comparisons of the security and speed of RSA and ECC.

Breach time (MIPS)	Rsa/dsa (key length)	ECC key length	Rsa/ecc key length ratio
104	Up	106	5:1
108	768	6:1
1011	1024x768		7:1
1020