Cryptography introduction (4)

C ++ encryption and decryption Library

Information security has no doubt about the importance of various information systems. Therefore, various programming languages used to implement the software information system will have corresponding libraries related to encryption and decryption. Some languages (such as Java) provide basic components directly in their standard libraries, some languages (such as C ++) require third-party libraries. Modules with the "crypto-" prefix in various libraries are basically used for this purpose.

It is worth mentioning that the source code of the Linux kernel of the open-source operating system also has a decryption module, which is under the "crypto" Source code directory. This is not hard to understand: the security of the OS kernel is self-evident.

I am usually engaged in many c ++ programming, so I will mention C ++'s encryption and decryption Library: cybto ++.

The open-source and free C ++ encryption and decryption library, whose latest version is 5.6.1, can be obtained from the following URL: http://www.cryptopp.com /.

For a variety of information security needs, almost all-encompassing. From cryptographic algorithms to key negotiation, from streaming passwords to block passwords, from symmetric encryption to asymmetric encryption, from RSA to elliptic curves, from hash algorithms to Packet Authentication, there is almost everything from encoding methods to compression algorithms. Therefore, in C ++ programming, if information security needs are met, it is sufficient to introduce proxyto ++.

Crypto ++ extensively uses the C ++ template technology and policy-based design in implementation ). For beginners, this may increase the difficulty of understanding and familiarity. However, I have to admit that the template and policy-based design can be applied to the implementation of the encryption and decryption library, it exactly reflects the in-depth insights of the database implementers on encryption and decryption and the C ++ language. In the field of cryptography, there are too many different algorithms and mechanisms to achieve the same goal. The difference is that some specific mechanisms are different (for example, MD5 or Sha is used for signature hashing algorithms ), the usage is different (for example, the block cipher algorithm uses the e-password-based ECB method or the CBC method), or the configuration parameters are different (for example, the number of bit keys used by the RSA Algorithm ). These are variables, but they are also variables that can be determined during compilation. It is the application of C ++ templates and generic programming.

 

Quantum Cryptography

I think it is best to introduce quantum cryptography. Nothing else, at least it is very interesting. However, the progress of science and technology is always fast, and I have never followed up on the progress since I graduated from school. Therefore, some knowledge may be outdated. In any case, I 'd like to mention it briefly. Interested readers can gain in-depth understanding on their own. Google "quantum cryptography.

Quantum Cryptography requires new media and technologies. It is no longer just a common algorithm. The most important thing is that its security is based on the laws of physics, rather than some difficult mathematical problems.

Quantum Cryptography Basics

Electromagnetic Waves (such as light waves) exhibit polarization, where the direction of the electric field vibration remains unchanged or changes in a specific way. There is a special material called polarization filter, which only allows light passing in a certain polarization direction. If the polarization of a ray of light is random, only half of the light will pass through a certain polarization filter.

According to the quantum theory, light is transmitted in the form of discrete particles, which are called photonic or optical quantum. For a specific polarization filter, a photonic may pass through it, or may not pass through it. But once it passes through, regardless of its original polarization direction, its polarization direction will be consistent with the characteristics of this filter. For example, if a random photon emits a polarization filter, half of the photon passes through, and all the passing photon polarization directions become the same, for example, 90 degrees.

The basis of quantum cryptography is Heisenberg Uncertainty Principle ). German physicist heenburg first pointed out that in quantum mechanics, the position and momentum of particles cannot be determined at the same time. Later, this principle will be used to describe other pairs in quantum mechanics that are correlated but cannot be determined at the same time. Quantum cryptography uses the following inference: when we try to use a polarization filter to deduce the polarization direction of a photon, the result will affect the polarization of the photon, after that, the polarization direction of the photon changes, and the previous state may not be known.

For example, if a random bundle of photon passes through a horizontal polarization filter F1, then half of the photon passes and all the passing photon changes its polarization direction to the horizontal direction. Then, let the polarization direction for the horizontal direction of the photon through the polarization filter F2, then the possibility of these photon through F2 is related to the angle θ of F2, if θ is 0 degrees (horizontal ), then, the photon can still pass F2; if θ is 90 degrees, the photon cannot pass F2. From this we can see that if we call a group of orthogonal angles (such as 0 degrees and 90 degrees) a group of "bases", as long as the sender and receiver use the same "base ", the receiver can infer the original polarization state of the light receiver, regardless of whether it is 0 or 90 degrees. For example, if the sender sends a 0-degree polarized light sub and the receiver uses a 90-degree filter, the photon does not pass the filter, and the receiver knows that the sender sends a 0-degree polarized light.

If θ is greater than 0 degrees and less than 90 degrees, the F2 probability of passing through the photon is between 0 and 1. In particular, if θ is 45 degrees, in this case, the average rate of passing through or not passing through is 0.5. At this point, we can say that the photon is completely randomized and no information can be inferred.

An example of quantum key allocation

The following is an example of key distribution through quantum communication.

Following the narration habits in cryptography, we call the two sides of communication Alice and Bob. In this example, Alice only sends photon with the polarization direction of 0 degrees, 45 degrees, 90 degrees or 135 degrees; bob randomly uses two different bases according to the conventions to detect each photon, which is a vertical/horizontal base of 0 degrees/90 degrees and a diagonal base of 45 degrees/135 degrees. However, according to quantum theory, it is impossible for him to perform two types of detection at the same time, and he can only apply one group of bases at a time.

Shows the key negotiation process:

Step 1, Alice randomly sends four polarization-oriented photon.

In step 2, Bob randomly selects a detection base for each photon: Vertical Horizontal Base (+) or diagonal line base (X ).

Step 3, Bob records the results. Bob has a 50% chance to choose a benchmark for measurement. For 1st, 4th, 5th, 7th, 9th, photon, Bob just made a correct inference for the benchmark. We can also see that when the test benchmark is selected incorrectly, the inferred results are actually messy.

Step 4: after both parties send and receive data, Bob tells Alice the measurement benchmark he uses each time through public channels (such as the Internet and telephone, at the same time, Alice tells him which times is correct (that is, the correct judgment can be made ). Note that neither Alice nor Bob will mention the actual polarization state sent or detected.

Step 5: Alice and Bob keep the results that Bob can make the correct judgment at the same time, and discard the others.

Step 6: As agreed by both parties, different polarization directions can correspond to 0/1 bits.

 

Finally, the two sides can perform eavesdropping detection, such as randomly sacrificing some bits and making them public to compare the results. If they are completely consistent, it indicates that no eavesdropping has occurred. Otherwise, because when selecting the wrong benchmark, the eavesdroppers will surely change the original polarization of the photon, and will not be able to know the original State so as to replicate the same photon ("non-cloning Theory "), therefore, it is almost impossible for both parties to reach a completely consistent result.

In fact, the two sides do not necessarily need to disclose any bit information. They can use other methods, such as specifying some bits for parity verification.

Regardless of the method, as long as the number of verifications is sufficient, for example, 20, the probability of eavesdropping and untested can be completely reduced to a negligible level.

If inconsistency is detected, the communication is eavesdropped. There is no loss. After all, it's just some random information. Just discard them and try again. If no eavesdropping is detected, you can safely use these BITs as the key for subsequent regular communication.

The above demonstrates the oldest mechanism in quantum cryptography theory to implement key allocation using quantum communication. Quantum Cryptography technology developed rapidly. Later, even scientific research questioned and challenged the security of the above mechanisms. I will not go into details here because of my personal level and the topic and length of this article.

 

This is the end of the "Cryptography Introduction" series. References:
Http://www.cs.iit.edu /~ Csures/lectures/CNS-1.pdf
Http://www.tataelxsi.com/whitepapers/ECC_Tut_v1_0.pdf? Pai_id1_public_key_tel1 _
Http://en.wikipedia.org/wiki/Data_Encryption_Standard
Http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Http://en.wikipedia.org/wiki/MD5
Http://en.wikipedia.org/wiki/Secure_Hash_Algorithm
Http://en.wikipedia.org/wiki/Certificate_authority
Http://www.csa.com/discoveryguides/crypt/overview.php
Http://en.wikipedia.org/wiki/Quantum_cryptography
Cryptography and network security: Principles and Practice, 2nd edition, William Stallings, Prentice-Hall Inc. 1999