Cryptography introduction (1)

 

This article briefly introduces some basic principles, algorithms, and concepts in the field of cryptographic coding. It is only intended for beginners who do not know much about this field.

Encryption and decryption is a basic technology in the information security field. The basic concepts in the encryption and decryption system can be found in the following simplified model of conventional encryption.

It can be seen that, under the role of key K1, plaintext input can be converted into a ciphertext through an encryption algorithm (such as des), and can be sent to the recipient of the communication; the receiver can use the decryption algorithm and key K2 to restore the ciphertext to a plaintext.
Note that after the communication content is encrypted, public channels (such as the Internet) can be used for transmission. It should also be noted that keys play a key role in the encryption and decryption system. Keys themselves cannot be transmitted directly through public channels, and must be transmitted through other security channels or security mechanisms agreed by both parties.
Encryption and decryption algorithms around K1 and K2 can be divided into two categories: symmetric encryption and asymmetric encryption.

 

Symmetric encryption

The most basic encryption algorithms, such as des mentioned above, and others, such as AES, idea, RC5, RC2, cast-128, and blowfish, are symmetric encryption algorithms.
Symmetric encryption means that the encryption process and the key used in the decryption process are the same, or they can be easily derived from each other.
If you are interested in the details of an algorithm (such as des), you can read professional books such as cryptographic and network security or application cryptography. You can also take a look at the introduction on the Wiki (such as des and AES) or the picture. But don't be scared by these images. These algorithms are not very "complicated", but very "troublesome ". The complexity increases the difficulty of cracking, while the complexity increases the difficulty of security analysis.
Most symmetric encryption algorithms are even symmetric, that is, they are used for encryption and decryption at the same time (or even in the same mode. In such an algorithm, the so-called "encryption", "decryption", or "encryption key" and "decryption key" are actually just two names, because the algorithm itself is the same, the same is true for keys. The result is that the algorithm executes the output ciphertext and then the output plaintext ...... And so on ...... Execute an odd number of output ciphertext and an even number of output plaintext. The famous "3-des" encryption uses this feature cleverly, which can degrade the algorithm to DES in special circumstances.

Basic Concepts

In the field of encryption and decryption, there is an important concept: "Light algorithm, heavy key", which means that the algorithm should be made public, but the key should be kept well. Algorithms are open. People all over the world can help you analyze its security, find vulnerabilities for you, and try to crack it. If this still cannot be cracked, it means that your algorithm is basically safe. In theory, you can only crack it through methods such as brute force. The difficulty of brute force attacks depends on the length of the key. In this way, you can have confidence if the key is long enough.
On the other hand, why not "light-key, heavy-algorithm? At least one aspect is obvious: there is more room for key selection-a 64-bit key can have a 64-power combination of 2, which is about 1.8*1019. Can we have so many choices for good algorithms?
What is 1019 concept? Make a calculation. assume that you have a cluster consisting of 1000 servers, each server has 8 CPUs, each CPU has 4 cores, and the clock frequency is 2 GB, assuming that the processor can complete the calculation and determination of a key within 1000 clock cycles. In this case, 64-bit key space can take nine years. However, many modern symmetric encryption algorithms Use 128-bit keys.

An old encryption algorithm is to replace 26 English letters with another one. This is too simple and even easy to use, what's more, there are also ways to crack based on the letter probability (for example, in normal English text, the letter "E" appears most frequently, and friends who have read the sherlock holmes case set may still have an impression on it .)

Metrics

There are many indicators for judging whether an encryption algorithm is good or bad. Besides implementation details, there are at least two indicators worth understanding:
1. avalanche effect
The so-called avalanche effect means that even if the plaintext and key only change by 1 bit, the ciphertext generated will be greatly changed. This obviously helps to resist various differential analyses based on small changes.
2. Simple structure and operation
The algorithm itself is very "troublesome", but the algorithm should be as simple as possible, which is conducive to security analysis and encryption and decryption efficiency. This algorithm is even easy to implement using hardware.

 

Asymmetric encryption

Different from symmetric encryption, encryption and decryption keys in asymmetric encryption are different, and it is very difficult to export another key from a key.
An asymmetric encryption algorithm generally has a private key Kr and a Public Key Ku. The two keys are different and difficult to export from each other.
Which of the following is KR and Ku? Can be used, depending on the application scenario. For example, you can make the encryption key public (ku) and save the decryption key as a private (KR), so that anyone who wants to communicate with you can use this Ku to encrypt it and send it to you, as KR is only in your own hands and only you can decrypt it, no third party can see the communication content. You can also keep the decryption key public (ku) and the encryption key as a private (KR). In this way, other people can unlock the emails you send, but because only you can send such content, when someone else receives it, they can believe that this is what you sent. This is obviously two different purposes.
Asymmetric algorithms are used for encryption/decryption, digital signatures, and key exchange.
Because asymmetric encryption is much less efficient than symmetric encryption, an asymmetric algorithm is usually used to transmit or negotiate a temporary key for both parties. Then the two parties use this key to communicate with each other using a symmetric encryption algorithm with higher performance. Note that the negotiated secret associations can be temporary. This greatly facilitates key distribution.
Without such a mechanism, you can imagine how serious the key distribution and storage problem is: the key can ensure the security of communication. Who can ensure the security of the key? Do you still remember the "Kangxi Dictionary" written in XX years XX in the spy films? Once the enemy knows that the key is the dictionary and the page on which to use it, the consequences can be imagined ......
Careful friends will ask: how is the key used for asymmetric encryption transmitted? Do not forget that at least one key in asymmetric encryption does not need to be told, so this is relatively safe. The actual key negotiation mechanism usually uses some kind of deformation of asymmetric algorithms, which is more clever than this. You can even negotiate a temporary key between mutually untrusted parties.

RSA

When talking about asymmetric encryption, we will naturally talk about the RSA algorithm. In the information security field, the RSA algorithm is an epoch-making great invention. It's Ron from MIT.RIvest, AdiSHamir and LenADleman was developed in 1977 and first published in 1978. (Why so many 1978? Intel released 8086 to enable the x86 era, which is also 1978 ......)
The principle of the RSA algorithm is not hard to understand, but it still requires a little bit of number theory to introduce it, so we do not intend to discuss its details here. It can only be explained that its security depends on the difficulty of big integer prime factor decomposition, that is, the product N of two big prime numbers p and q is known, and it is very difficult to reverse p and q.

Elliptic Curve (ECC)

The elliptic curve algorithm is another asymmetric encryption algorithm. It is favored by its ability to provide the same security strength as RSA with a shorter key length (meaning less computing.
Note that the elliptic curve is not an ellipse. And the curves corresponding to a class of cubic equations.
The Elliptic Curve Cryptography algorithm is based on an interesting algorithm defined by humans. First, define the Infinity O and use it as the unit of addition. Then, an addition is defined based on the elliptic curve over a finite field. For example, in Figure A below, the straight line and the elliptic curve Intersect into three points, J, K, L. We define J + K + L = O, J + k =-L. In particular, when the straight line curve perpendicular to the X axis is at two points, we define the sum of the two points in Figure B below. If one point is J, the other is-J.

When a straight line is tangent to a curve at a point and another point is intersecting, we define J + L = O, that is, 2j =-l, as shown in Figure A below. In particular, if a straight line perpendicular to the X axis is tangent to a curve, we define 2j = O as shown in Figure B below.

Source: http://www.tataelxsi.com/whitepapers/ECC_Tut_v1_0.pdf? Pdf_id1_public_key_tel1_, with a slight ps.

Then we define: 3l = 2L + L = L + L, 4l = 3l + L, and so on ......
However, the elliptic curve algorithm is based on the following difficulties: it is easier to calculate q = Kp when the integers K and P are known. But if Q and P are known, it is much more difficult to reverse K.