According to incomplete statistics, hundreds of encryption algorithms have been published so far. The following describes the simple encryption method, symmetric algorithm, Public Key algorithm, and Pgp applications.
1. Simple encryption methods: transposition and replacement
Transposition and substitution ciphers are two major encoding methods, which form the simplest cryptographic basis. Empathy is like a letter game. It breaks down the order of letters and tries to use these disrupted letters to form a word. In the change password, the data itself has not changed, but it is arranged in another different format, there are many different types of replacement passwords, one method is to use the name Julias Caesar, that is, the Caesar password. The principle is that each letter is replaced by the first third letter. If the last letter is reached, it is counted from the beginning. A letter can be replaced by the nth letter in front of it. In the password of Caesar, n is 3.
2. Key-based cryptographic algorithms
There are two types of algorithms: symmetric algorithms and public key algorithms.
(1) symmetric algorithms
The symmetric algorithm is that the encryption key can be derived from the decryption key, which is also true. In most symmetric algorithms, encryption and decryption keys are the same. These algorithms are also called secret key algorithms or single-key algorithms. It requires the sender and receiver to agree on a key before secure communication. The algorithm's security depends on the key. As long as the communication needs to be kept confidential, the key must be kept confidential.
Symmetric algorithms are divided into two types: grouping algorithms and sequence algorithms. The difference between the two is that grouping algorithms operate on a large plaintext data block (group; the sequence algorithm is used to calculate a single bit (or byte) in plaintext. The development trend of the symmetric algorithm system will focus on group passwords. The well-known symmetric cryptographic algorithms include:
1) des (Data Encryption Standard) Data Encryption Standard
Data Encryption Standard (DES) is developed by IBM in 1970s, based on
It was promulgated by the US National Bureau of Standards in 1977 and is mainly used for the protection of sensitive civil information. It was accepted by the International Organization for Standardization as an international standard. Des mainly uses replacement and shift methods, and uses 56-bit keys to process 64-bit data each time, which is fast in operation and easy to implement using software. It is also suitable for implementation on dedicated chips. Des is a world-recognized encryption algorithm that has withstood research and deciphering by many scientists since its publication, it has provided reliable communication security for global trade, finance, and other sectors. However, it also has obvious disadvantages: The Key is too short,
There are 56 digits. Currently, many des have been deciphered. To improve security, Des has developed. For example, the Triple DES uses the dual-key encryption method, that is, using two 56-bit keys K1 and K2, the sender uses K1 to encrypt, K2 to decrypt, and then K1 to encrypt. The receiver uses K1 for decryption, K2 for encryption, and K1 for decryption. The effect is equivalent to increasing the length of the key to 112 bits. There is also a triple DES deformation algorithm that uses three independent keys, which is equivalent to increasing the length of the key to 168 bits.
2) idea (International Data Encryption Algorithm) International Data Encryption Algorithm
Idea was officially announced in 1990 by xuejia LAI and James Massey in Switzerland and will be enhanced in the future. This algorithm is developed on the basis of the DES algorithm, similar to the triple DES. The development of idea is also because des uses too short keys. IDEA has a key of 128 bits. Such a long key should be secure for several years. The idea algorithm is also based on grouping. It uses both software and hardware to achieve the same speed. Currently, the idea algorithm implemented by software is twice faster than DES. Since idea was proposed and developed outside the United States, it avoided many legal restrictions on encryption technology in the United States. Therefore, information on idea algorithms and implementation technologies can be freely published and exchanged, which can greatly promote the development and improvement of idea. However, because the algorithm is a relatively new algorithm, there are not many attacks against it, and it has not been tested for a long time. Therefore, its problems and defects cannot be determined yet.
This type of algorithms has a strong confidentiality intensity and can withstand time checks and attacks. However, their keys must be transmitted through secure channels. Therefore, key management has become an important factor in system security.
(2) Public Key Algorithm
The Public Key algorithm uses a pair of keys to encrypt and decrypt information. The encryption key is different from the decryption key, and the decryption key cannot be calculated based on the key at a reasonable time and financial resources. The Public Key algorithm (hereinafter referred to as the Public Key Algorithm) is called because the encryption key can be made public and everyone can use the encryption key to encrypt the information. However, only the corresponding decryption key can be used to decrypt the information.
The famous public key algorithms include:
1) RSA Algorithm
RSA was proposed by Rivest, Shamir, and Adleman in the United States in 1978. This algorithm is based on the difficulty of big number decomposition, that is, the sum of N is known, and PQ is obtained to make n = PQ. Therefore, as the big integer decomposition algorithm and computing capability continue to improve, the ability to decrypt RSA is also increasing. It is reported that the 482-bit RSA has been decomposed by using the number field screening NFS, And the 512-bit RSA can be decomposed in several months. The 1024-bit RSA is still relatively secure. Compared with DES, RSA provides higher security. Compared with DES, RSA provides higher security, but the execution speed is slow. Because the two are often used together, DES encryption is fast and suitable for encrypting long packets.
RSA can solve the des key distribution problem. For example, if a wants to communicate with B, a first generates a des key for communication with B, encrypts the communication key with the public key of B, and then transmits it to B, B uses its private key (only owned by B) to decrypt and obtain the one-time communication des key of both parties. Then, both parties use this des for confidential communication.
2) diffe-Hellman algorithm
This algorithm is the first public key algorithm proposed by diffe and Hellman in the United States in 1976. Its security comes from the fact that it is more difficult to calculate discrete logarithm in a finite field than to calculate an index. This algorithm is mainly used for key exchange. The Protocol is as follows: first, a negotiates with B a large prime number N and G, and G is the original element of the modulo n. A selects a large random number X and sends it to B: X = GX mod n; B selects a large random number y and sends it to a: Y = Gy mod n; A calculates k2 = Yx mod n; B calculates k2 = xy mod n, both K1 and K2 are equal to gxy mod n. Even if the eavesdroppers know n, G, X, and Y, they cannot calculate k unless they calculate the discrete logarithm, therefore, k is the secret key of A and B.
3) Elliptic Curve
The elliptic curve has been studied for many years. In 1985, koblitz and Miller proposed to apply it to the public key cryptography system. The attraction of an elliptic curve is that it provides a constructor composed of elements and combination rules, that is, the Abelian addition group on an elliptic curve is used to construct the discrete logarithm. The Elliptic Curve Arithmetic Operator Based on the finite field GF (2n) is easy to construct, and the implementation of N between 130 and 200 BITs is quite simple, it provides a faster public key algorithm with a smaller key length.
The advantage of public key cryptography is that it can meet the open requirements of the network, and the key management problem is also relatively simple, especially convenient for digital signature and verification. However, the algorithm is complex and the Data Encryption rate is low. Even so, with the development of modern electronic technology and Cryptography technology, public key cryptography will be a promising network security encryption system.
Of course, in practical applications, people usually combine common passwords and Public Key passwords. For example, they use des or idea to encrypt information and RSA to transmit session keys. If the encryption algorithm is classified by the bit processed by each encryption, the encryption algorithm can be divided into sequence passwords and group passwords. The former encrypts only one bit at a time, while the latter groups the information sequence and processes one group at a time.
3. Widely used PGP
PGP (pretty good privacy) is a mail encryption software based on the RSA public key encryption system. Its founder is philzimmermann of the United States. Its creativity lies in the combination of the convenience of the RSA public key system and the high speed of the traditional encryption system. It can be used to add digital signatures to emails that are confidential, this allows the recipient to make sure that the email is sent by the user. It allows users to securely communicate with people they have never seen before, without any confidential transfer key. It adopts the following technologies: prudent key combination algorithm, emails used for digital signatures are often compressed before encryption, and a good man-machine engineering design. It is powerful and fast, and its source code is free of charge. In fact, the PGP function is not only mentioned above. PGP can be used to encrypt files. PGP can also be used to generate radix64 format instead of uencode (that is, the mime base ).
64 format.
Why is PGP using a combination of RSA and traditional encryption algorithms? Because the RSA algorithm requires a large amount of computing and is not suitable for encrypting a large amount of data at a high speed, PGP is actually used not to encrypt RSA itself, but to adopt a traditional encryption algorithm called idea, first, we will explain what traditional encryption means. Simply put, we will encrypt the plain text with a key and then decrypt it with the same key. This method is represented by DES (US Federal Data Encryption Standard), that is, multiplication encryption. The main drawback is that the transmission channel cannot solve the security problem and is not suitable for email encryption in the network environment. Idea is a patented algorithm. The patent holder is ETH and a Swiss company ASCOM-tech.
AG is not charged for non-commercial idea implementation. Idea encryption is much faster than RSA encryption. Therefore, PGP uses a random key to encrypt plaintext using the idea algorithm, and then uses the RSA algorithm to encrypt the key, in this way, the recipient uses RSA to solve the random key and then uses idea to decrypt the email itself. This chain encryption achieves the chain encryption of the RSA System and the confidentiality of the RSA System, the idea algorithm is quick.
The generation of public keys is the core of PGP security. I will not elaborate on them here. Like the traditional single-key system, private key confidentiality is decisive. As opposed to the public key, the private key is not tampered with, but leaked. The RSA private key is a long number that you cannot remember. The PGP method is to allow the user to specify a password for the randomly generated RSA private key. Only by providing a password can the private key be released for use. The encryption method of the private key with the password is the same as that of PGP. You can use the brute force method to obtain the user's password, although difficult, security is lost after all. Here, you just need to remember a little bit. To save your private key like other private keys, authentication has the opportunity to access it. It is best to save it in your brain rather than on paper.
PGP security considerations are reflected in all aspects of PGP. For example, the actual key encrypted each time is a random number. We all know that computers cannot generate real random numbers. The PGP program is very careful about the generation of random numbers. The key random numbers (such as the generation of RSA keys) are obtained from the time interval at which the user knocks the keyboard.
Here we will mention pre-compression before PGP encryption. The PGP kernel uses the PKZIP algorithm to compress the plaintext before encryption. On the one hand, for emails, the ciphertext encrypted after 7 bits encoding after compression may be shorter than the plaintext. This saves the network transmission time. On the other hand, the plaintext is converted once, the information is more disorganized, And the plaintext resistance is stronger, the compression rate of the PKZIP Algorithm Used in PGP is quite good with the consent of the original author. The PKZIP algorithm is recognized as the pkz Algorithm Used in PGP. Ip2.0 compatible algorithm.