Introduction to PKI (2)

Cryptographic algorithm encryption based on PKI)

A single-key cryptographic algorithm, also known as symmetric cryptographic algorithms, refers to encryption.KeyThe same password algorithm as the decryption key. Therefore, when transmitting and processing information, the sender and receiver of information must jointly hold this password, which is called a symmetric password ). In symmetric key cryptography algorithms, encryption and decryption operations use the same key. Generally, the encryption algorithm is simple and efficient, the key is short, and deciphering is extremely difficult. Because the confidentiality of the system depends mainly on the security of the key, securely transferring and keeping keys on open computer networks is a serious problem. The most typical isDESData Encryption Standard) algorithm.

DESData Encryption Standard, Data Encryption Standard) algorithm, which is a grouping Encryption algorithm, which uses 64-bit 8 byte) as the group for data Encryption, which has 8-bit parity, the valid key length is 56 bits. The 64-bit plaintext is input from one end of the algorithm, and the 64-bit ciphertext is output from the other end. DES is a symmetric algorithm, which uses the same algorithm for encryption and decryption. The security of DES depends on the key used.

The length of the CMK is 56 bits. A key is usually expressed as a 64-bit number, but each 8th-bit key is used for parity check, which can be ignored .) The key can be any 56-bit number and can be changed at any time. A few of them are considered weak keys, but they can be easily avoided. All confidentiality depends on keys. Simply put, algorithms are just two basic encryption technologies-a combination of chaos and diffusion.

DES basic grouping is a combination of these technologies, which is replaced first and then replaced). It acts on plaintext based on the key, which is a well-known round ). DES has 16 rounds, which means the same combination technology should be implemented 16 times on the plaintext group. This algorithm only uses standard arithmetic and logical operations, and the maximum number of operations is 64 bits.

DES performs a 64-bit plaintext grouping operation. By using an initial replacement, the plaintext grouping is divided into the left half and the right half, each 32-bit long. Then perform 16 identical operations, called function f, which combines data and keys during the operation. After 16 rounds, the left and right sides are combined and followed by an inverse replacement of the last replacement of the initial replacement), so that the algorithm is complete. In each round, the key is shifted to the position, and then 48 digits are selected from the 56-bit cluster key. By using an extended replacement, the right half of the data is extended to 48 bits and combined with a 48-bit key through an exclusive or operation, replace the 48-bit data with the new 32-bit data in the 8 s box. These four operations constitute function f. Then, through another XOR operation, the function f output is combined with the left half, and the result is the new right half. The original right half is the new left half. Repeat this operation 16 times to implement the DES 16-round operation.

Assume that Bi is the result of the I iteration, Li and Ri are the left half and right half of Bi, and Ki is the 48-bit key of the I round, f is a function that implements operations such as substitution, replacement, and key exclusive or. Then, each round is:

Two-key cryptographic algorithm encryption and Signature Based on PKI)

The two-key algorithm, also knownPublic KeyCryptographic algorithms: encryption keys and decryption keys are two different cryptographic algorithms. The public key encryption algorithm is different from the single key encryption algorithm. It uses a pair of keys: one for information encryption and the other for information decryption. Both parties can perform confidential communication without having to exchange keys in advance. The encryption key is different from the decryption key. It can be used by anyone who knows it. There is a dependency between the two keys: that is, Information encrypted with either of the keys can only be decrypted with the other key. If the public key is used as the encryption key and the private key of the user is used as the decryption key, the Information encrypted by multiple users can only be interpreted by one user. Otherwise, using the user's private key as the encryption key and the Public Key as the decryption key can be interpreted by multiple users as the Information encrypted by one user. The former can be used for digital encryption, and the latter can be used for digital signature.

When information is transmitted over the network, the public key encryption algorithm demonstrates the irreplaceable superiority of the single key encryption algorithm. For merchants who participate in electronic transactions, they want to trade with thousands of customers through a public network. If a symmetric password is used, each customer needs to assign a password directly to the merchant, and the password must be transmitted through a separate secure channel. On the contrary, in the public key cryptography algorithm, the same merchant only needs to generate a pair of keys and make public the public key. The customer only needs to encrypt the information with the public key of the merchant to ensure that the information is securely transmitted to the merchant.

In the public key cryptography algorithm, keys are classified by nature into public keys and private keys. The user generates a pair of keys, one of which is made public to the outside world, known as the public key, and the other is kept by himself, known as the private key. Anyone who has knowledge of the user's public key wants to transmit information to the user only needs to use the user's public key to encrypt the information and transmit the ciphertext information to the user. Because of the dependency between the public key and the private key, only the user can decrypt the information while the user saves the private key safely, no one without authorization from the user, including the sender of the information, can decrypt the information.

RSAThe public key cryptography algorithm is a widely recognized and secure public key cryptography algorithm. The name is taken from three founders: Rivest, Shamir, and Adelman. The RSA public key encryption algorithm is currently the most effective security algorithm for secure communication and digital signatures on the network. The security of the RSA algorithm is based on the difficulty of decomposing large prime numbers in number theory. Therefore, RSA must use an integer large enough. The more difficult the factor decomposition is, the more difficult the password is to decrypt, and the higher the encryption strength.

RSA can be used for both encryption and digital signature. Among the proposed public key algorithms, RSA is the easiest to understand and implement. This algorithm is also the most popular. RSA Security is based on the difficulty of big number decomposition. Its public key and private key are a function with a large prime number of 100 to 200 decimal digits or greater. The difficulty of recovering plain text from a public key and password is equivalent to decomposing the product of two large prime numbers. To generate two keys, select two prime numbers: p and q. For maximum security, the length of the two numbers is the same. Calculate the product:, then randomly select the encryption key e, so that e and P-1) q-1. Finally, we use Euclidean extension algorithm to calculate and decrypt the key d to meet

Note that d and n are also mutually unique. E and n are public keys, and d are private keys. The two prime numbers p and q are no longer needed. They should be discarded, but should never be leaked.

When encrypting message m, it is first divided into data groups smaller than n using the binary number, select the maximum power of 2 less than n), that is, p and q are 100-bit prime numbers, so n will have 200 BITs, and each message group should be less than 200 bits long. The encrypted ciphertext c is composed of groups of the same length. The encryption formula is simplified

When decrypting a message, retrieve each encrypted group ci and calculate:

Because:, the formula of all (mod n) can restore the plaintext.

Public Key n: the product of two prime numbers p and q must be kept confidential) e: with PM) q-1)

Private Key

Encryption

Decryption

1. PKI Basic Content 1)
2. Introduction to PKI 3)
3. Introduction to PKI 4)
4. Introduction to PKI 5)
5. Introduction to PKI 6)