Cryptographic Knowledge Point Collation

sequence (stream) password features: fast decryption speed, no error spread.
Group (block) password characteristics: The application Mode is flexible and diverse, the group has error diffusion.

In the traditional concept, the information is often only the secret, but in modern times, the authenticity, completeness and non-repudiation of information are often more important in application than in secrecy.

The life cycle of the key:

Key generation : The weak key should be excluded and the key should be random, and the key must be securely encapsulated and imported into the security media.
Certificate Issuance : A certificate is an appropriate way to bind a user, key, and key lifetime, etc., and the certificate must be issued by a trusted authority.
Certificate Validation: This is to verify that the certificate is legitimate and expired.
Key Usage : This is the natural function that the key should have.
Key Revocation : This must be done when the key expires or when security is suspected.
Key Update : This is necessary to maintain the system turnover.

A secure asymmetric key cryptosystem can achieve the following functions :
(1) Protection of information confidentiality: Anyone can encrypt the plaintext into ciphertext, after which only the person with the decryption key can be decrypted.
(2) The problem of its own key distribution is easy.
(3) The key allocation can be used for symmetric key cryptosystem.
(4) The identity of the sender of the direct authentication.
(5) can be achieved undeniable function
Although the public key cryptosystem has many advantages, there are still some shortcomings . The most critical aspect of this is that the encryption and decryption operations are large and slow.

To achieve the authenticity, completeness and non-repudiation of information, the use of digital signature based on public key cryptosystem;

In the secret aspect of information, the symmetric key cryptosystem is still achieved, but the key distribution problem is solved by using the public key cryptosystem.

General design principles for block cipher security:

The packet length n should be large enough to prevent a poor search attack from being effective against clear text.
The key space K should be large enough to prevent a poor search attack on the key from working.
Chaos : The dependency between ciphertext and plaintext and the key is so complicated that this dependency is not available to the cipher parser. This requires that the ciphertext depends on the plaintext and the function of the key is highly nonlinear, and is uniformly strong.
diffusion : to cause each digit of the key to affect many bits of the ciphertext to prevent the decryption of the key, and each digit of the plaintext should also affect the number of bits of the ciphertext to conceal the statistical characteristics of the plaintext numbers.

Typical block cipher introduction
United States Data Encryption Standard (DES)
European International Data Encryption Algorithm (IDEA)
US Advanced Encryption Standard (AES)

DES uses a 56-bit key , each time to encrypt a 64-bit plaintext group, and the resulting ciphertext leader is still 64 bits . That is m=f264,c= f264,k= F256.

Each S-box si (i=1,2,?, 8) takes 6bit as input and outputs 4bit.

Using S-box to realize the nonlinear transformation of small block, to achieve chaotic purpose;
The displacement p is used to realize the large linear transformation and to achieve the diffusion.

Des security is entirely dependent on the key used.

Des's encoding process allows each Milvenbuette to be a complex mixed function of all plaintext bits and all key bits, and to achieve this requires at least one iteration of des:5 rounds.

des attack methods: The main methods of attacking des are time-space tradeoff attack, differential attack, linear attack and related key attack method, in which the linear attack method is the most effective method.

Idea uses a 128-bit key, each time to encrypt a 64-bit plaintext group, and the resulting ciphertext leader is still 64 bits . That is =f264,c= f264,k= F2128.

AES Evaluation guidelines:
Security
Cost
? algorithm and implementation characteristics.

Typical block cipher introduction--aes
Rijndael uses a key that is 32*nk bits long, each time a plaintext group of 32*NB bits is encrypted, the resulting cipher leader is still 32*NB bit . That is M=F232*NB, C=f232*nb,k=f232*nk.

hash functions , also known as hash functions, are typically used to digest messages, which can be used to guarantee the integrity and digital signature of a message.

Common working modes for block ciphers:

Grouping mode
① codebook (ECB―electronic Code Book) mode: For a given key K, set {(M, C) | C=aesk (m), M? F2128} In a total of 2,128 Ming ciphertext pairs, equivalent to a decoding this, the above work mode can theoretically be based on the idea of this decoding to achieve, hence the name.
② cipher Packet link (CBC―cipher block Chaining) mode: Visible, the group I cipher CI is not only related to the current clear-text group MI, but also with the previous group of ciphertext Ci-1, thus CI history and m1,m2,?, mi are related.
The CBC mode overcomes the two drawbacks of the ECB model, but the model has an erroneous spread.

CBC mode is slower than ECB mode and requires additional memory and packet Xor, but security is enhanced; In principle both are suitable for the above applications: small size data Set (block) application of the ECB, large-size data set (block) application CBC.

Sequence pattern
① Output Feedback (OFB―output feedback) mode:
② counter (CTR―counter Register) mode:
OFB, CTR Mode has the advantage of synchronous sequence cipher: no error spread.
③ Ciphertext Feedback (CFB―cipher Feedback) mode:
There is a limited error spread in the CFB mode: the decrypted plaintext block, MI, also has a 1bit error when there is a 1 bit error in the transmitted ciphertext block CI.
Sequential application Mode of block cipher may be less efficient they (including other sequence ciphers) are generally used in lower levels of the data network and allow a certain delay in the system.
Specifically, in the character unit of the encryption of the choice of CFB mode, such as terminal-host or client-network server session encryption between, while OFB, CTR mode is often used in highly synchronous, non-error-prone systems, such as the encryption in satellite communications.

Design of encryption algorithm
The idea of designing cryptographic algorithms is often to construct a fixed structure called a certain network, and then to provide the necessary chaos and diffusion of plaintext and key data with several iterations of the network.

A complete network should make the morphological changes at least once after each input bit is transformed. In addition, the Feistel network can be divided into balanced and unbalanced according to whether M and N are equal in Feistel construction.
The most basic elements: S-box, p-permutation, and structure (round) functions

Design guidelines for S-box:
Nonlinear degree
Differential uniformity
Algebraic number and item number distribution
Complete and avalanche effects. Called S satisfies the Avalanche effect, refers to the change of its input 1 bits, about half of the output bit changes.
Diffusion characteristics
No trap door.

Design guidelines for wheel functions:
Security.
Speed
Flexibility.

How to construct a wheel function:
addition, subtraction, and XOR
Multiplication
Fixed cycle/shift
Data-dependent loops

The existing cipher algorithm can be divided into two kinds of wheel functions,
One is S-box, such as DES, E2, Rijndael and so on;
The other is not S-box, such as idea, RC6 and so on.

Design of key expansion algorithm
For the general iterative block cipher, there is a seed key generation sub-key algorithm, called the Key expansion algorithm (also known as the key expansion scheme).

The key expansion algorithm should be designed according to the following guidelines:
Simple to implement.
Speed.
There is no simple relationship
All bits of the seed key should have roughly the same effect on each sub-key bit
Obtaining additional sub-key (or seed key) bits from some sub-key bits is "difficult" to compute.
There is no weak key.

The basic idea of the differential attack is to recover some key bits by analyzing the difference of the difference between the plaintext pairs.

Public key Password (PKC)
Typical PKC Introduction
RSA System
Merkle-hellman system
Rabin System
ElGamal system
Key Infrastructure (PKI) Conceptually, PKI is the use of public key cryptography theory and technology to establish the provision of security services infrastructure.

In a system that uses a public key password, a user's public key should be passed or broadcast to other users, but if you do this directly, you will have a problem with impersonation spoofing:
User C may claim that User B is user A and let it get a public key, and User B uses the public key that he thinks is User A, but is secretly communicating with User C.
The better way to avoid this deception is to introduce a third party that is trusted by the public: the Visa Authority (CA), which is issued by the CA with the so-called public key certificate signed by it. (Of course, at the beginning of the whole system construction, a signature-verification method used by the CA should be disclosed)

Visa authorities (CAs) people set up a certificate issuing centre (the Public Trust authority) that uses a PKC system.

A user first applies to the CA, which is registered after verifying its legal nature, and gives it a pair of keys to generate such a PKC algorithm, where the decryption key is stored in a secure medium (such as an IC card or usb-key, etc.) to the user for safekeeping, Instead, the encryption key is issued as a certificate to the user or to a public server as a list of phone books, along with the corresponding user's identity number ID.
(the "certificate" or "list" must be signed by the CA to prevent forgery!)

The generic session key is generated by the KDC.

A message authentication code is a fixed-length numeric value, also known as a password checksum, that is generated by a key-controlled public function and used as an authenticator. At this point A and B are required to share a key K. Set A to send the message to B is m,a first calculate mac= CK (M), where CK is the key control of the public function; then send the m| to B | Mac,b received after doing the same calculation as a, get a new Mac and compare it with the Mac received

Mac functions are similar to cryptographic algorithms, where Mac functions do not have to be reversible and therefore less susceptible to compromise than cryptographic algorithms.
In the above process, because the message itself is in clear text during the sending process, this process only provides authentication and does not provide confidentiality. To provide confidentiality, you can encrypt it once after the Mac function (behind figure (a)) or before (b), and the encryption key must be shared by both parties.

A hash function is also called a hash function or hash function, which acts as a message digest of a fixed length (message Digest) that is formed by messages of any length.
Many of the methods of using hash functions to construct a Mac, HMAC is one of the well-known innovative design ideas for a hash function-MD4 (MD is the acronym for the first Letter of Message Digest)
The MD5 algorithm, which is processed by a 512-bit grouping , has a length of 128 bits for the output ( digest ).
Secure Hash Algorithm SHA (128-bit) April 17, 1995 announced the revised version SHA-1 (160-bit).
SHA-1 Limit the length of input message m | M|<264 is also handled in 512-bit groupings , with an output ( digest ) Length of 160 bits .
RIPEMD-160 also limits the length of the input message m | m|<264, and is processed by a 512-bit grouping, with a length of 160 bits for the output ( digest ) .

Cryptographic Knowledge Point Collation