The use of elliptic curve encryption algorithm in Go language

Source: Internet
Author: User
Tags crypt
This is a creation in Article, where the information may have evolved or changed.

Elliptic curve encryption algorithm, using the implementation of Golang!
Recently looking at something about Bitcoin, inside there is an elliptic curve encryption algorithm, check the next, feel very good!

Compared with the classic RSA,DSA and other public key cryptography, the elliptic cryptosystem has the following advantages:
1. High Security: A study indicates that the 160-bit ellipse key is the same as the 1024-bit RSA key security.
2. Fast processing speed: The ECC algorithm is faster than RSA and DSA on the encryption and decryption speed of the private key.
3. Storage space consumption is small.
4. Low bandwidth requirements.

Elliptic Curve cryptosystem is a kind of system which has the highest encryption intensity for each bit in the public key system known today. The best algorithm for solving the discrete logarithm problem on elliptic curves is the Pollard Rho method, which has a time complexity of full exponential order. where n is the number of bits represented by the binary representation of M in equation (2). When n=234, approx. 2117, requires 1.6x1023 MIPS years of time. What we know of RSA is the difficult problem of large integer decomposition, at present, the time complexity of the best algorithm for factorization is sub-exponential, when n=2048, it takes 2x1020mips years. In other words, when RSA's key uses 2048-bit, ECC's key uses 234 bits to obtain the security strength to be much higher. The key lengths between them are 9 times times different, and the gap between them will be greater when ECC keys are larger. The advantage of shorter ECC key is very obvious, with the increase of encryption strength, the key length changes little.

Sixth session of the International Conference on cryptography The encryption algorithm for the public key cryptography system recommends two kinds: RSA algorithm based on large integer factorization problem (IFP) and ECC algorithm based on discrete logarithm computation problem (ECDLP) on elliptic curve. One of the characteristics of RSA algorithm is that the mathematical principle is simple, it is easy to realize in engineering application, but its unit security strength is relatively low. At present, the most effective attack method of RSA algorithm-General number domain Sieve (NFS) method is used internationally to decipher and attack the RSA algorithm, its decoding or solving difficulty is sub-exponential. The mathematical theory of ECC algorithm is very abstruse and complex, it is difficult to realize in engineering application, but its unit security strength is relatively high. The most effective attack method for ECC algorithm is--pollard Rho method to decipher and attack ECC algorithm, its decoding or solving difficulty basically refers to a number of levels. It is due to the RSA algorithm and ECC algorithm this obvious difference, make ECC algorithm unit security strength is higher than RSA algorithm, that is, to achieve the same security strength, ECC algorithm required key length is far lower than the RSA algorithm (see table 1 and Figure 1). This effectively solves the difficulty of engineering implementation to increase the key length in order to improve the safety intensity.

The following code, originally used to encrypt and verify the password of the website user, of course, can also be used in other places!

Import ("bytes" "Compress/gzip" "Crypto/ecdsa" "crypto/elliptic" "Encoding/hex" "Errors" "FMT" "M      Ath/big "" Strings "" Github.com/astaxie/beego "" Github.com/astaxie/beego/config ") var (runmode string cfg Config. Configer//Global configuration file Randkey string randsign string PRK *ECDSA. Privatekey PUK ECDSA. PublicKey curve elliptic. Curve) Func init () {var err error cfg, err = config. Newconfig ("INI", "conf/app.conf") if err! = nil {return} randsign = cfg. String ("Randsign") If Len (randsign) = = 0 {return} Randkey = cfg. String ("Randkey") If Len (randkey) = = 0 {return} beego. Trace ("Rand Key =", Randkey) Beego. Trace ("Rand sign =", randsign)//According to Rand length, use the corresponding cryptographic ellipse parameter length: = Len ([]byte (Randkey)) if length < 224/8 {Beego.        Error ("The length of Rand Key is too small, Crypt init failed, please reset it again!") return} if length >= 521/8+8 {Beego.        Notice ("Rand length =", Length, "Using 521 level!") Curve = elliptic. P521 ()} else if length >= 384/8+8 {beego.        Notice ("Rand length =", Length, "Using 384 level!") Curve = elliptic. P384 ()} else if length >= 256/8+8 {beego.        Notice ("Rand length =", Length, "Using the level!") Curve = elliptic. P256 ()} else if length >= 224/8+8 {beego.        Notice ("Rand length =", Length, "Using 244 level!") Curve = elliptic. P224 ()}//Create key pair PRK, err = ECDSA. GenerateKey (Curve, strings. Newreader (Randkey)) if err! = Nil {Beego. Error ("Crypt init fail,", err, "need =", curve. Params (). bitsize) return} PUK = PRK. Publickey}//encrypt encrypts the text, returns the encrypted byte stream, func sign (string, error) {R, S, err: = Ecdsa. Sign (strings. Newreader (randsign), PRK, []byte (text)) If err! = Nil {return "", err} RT, Err: = R.marshaltext () if  Err! = Nil {return "", err  } St, err: = S.marshaltext () if err! = Nil {return "", err} var b bytes. Buffer w: = gzip.        Newwriter (&b) Defer w.close () _, Err = W.write ([]byte (+ string (RT) + "+" + string (ST))) if err! = Nil { Return "", Err} w.flush () return hex. Encodetostring (B.bytes ()), nil}//decrypt func getsign (text, Byterun []byte) (Rint, Sint Big. Int, err Error) {r, Err: = gzip. Newreader (bytes. Newbuffer (Byterun)) if err! = Nil {err = errors. New ("Decode error," + Err. Error ()) return} defer R.close () BUF: = Make ([]byte, 1024x768) count, err: = R.read (BUF) if err! = Nil {FMT. Println ("decode =", err) Err = errors. New ("Decode read error," + Err.) Error ()) return} rs: = Strings. Split (String (Buf[:count]), "+") If Len (rs)! = 2 {err = errors. New ("decode fail") return} err = Rint. Unmarshaltext ([]byte (Rs[0])) if err! = Nil {err = errors. New ("Decrypt rint fail," + Err. Error ())        return} err = Sint. Unmarshaltext ([]byte (Rs[1])) if err! = Nil {err = errors. New ("Decrypt Sint fail," + Err. Error ()) return} return}//verify for ciphertext and plaintext to match check func Verify (text, passwd string) (bool, error) {byterun, er r: = Hex.     Decodestring (passwd) if err! = Nil {return false, err} rint, Sint, Err: = Getsign ([]byte (text), Byterun) If err! = Nil {return false, err} result: = Ecdsa. Verify (&puk, []byte (text), &rint, &sint) return result, nil}

Reproduced in original text from: https://www.urecv.com/archives/135

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.