Encryption technology has a long history. Since ancient times, there has been information transmission and storage, and encryption technology has been used. Since then, for a long period of time, encryption and decryption technologies have been widely adopted in special fields such as military, politics, diplomacy, and finance. After a long period of research and development, a relatively complete discipline-cryptography has been formed. Cryptography is a science that studies encryption methods, the principles of secret communication, as well as decryption methods and methods of deciphering codes.
The process of encryption and decryption is roughly as follows: First, the sender of the information is ready to send the original form of the information, called plaintext. Then, after a series of transformations to the plaintext, another form of information that cannot directly reflect the meaning of the plaintext is called ciphertext. The process of converting plaintext to ciphertext is called encryption. The set of rules or methods used in encryption is called encryption algorithm. After receiving the ciphertext, the receiver restores the ciphertext to plaintext to obtain the specific content of the information. This process is called decryption. When decrypting, a series of methods or rules corresponding to the encryption algorithm are also used. This method or rule is called a decryption algorithm.
In the process of encryption and decryption, the parameter information mastered by the communicating parties controls the specific encryption and decryption process. This parameter is called the key. The key is divided into an encryption key and a decryption key, which are used in the encryption process and the decryption process respectively. In the process of encryption and decryption, if the encryption key used is the same as the decryption key, or the other can be easily calculated from one, this method is called a symmetric key cryptosystem, or a single key cryptosystem. Conversely, if the encryption and decryption keys are not the same, or it is difficult to calculate one from the other, it is called an asymmetric key cryptosystem or a public key cryptosystem, or a dual-key cryptosystem.
1 Symmetric key encryption algorithm
For a long period of time in the past, people have always used symmetric key cryptography to encrypt and decrypt information. Until now, symmetric key cryptography is still a very important common encryption method. In a symmetric key cryptosystem, the same key is used in the encryption and decryption processes, or even if the encryption key and the decryption key are different, it is easy to calculate one from the other. Obviously, in this cryptosystem, the key becomes the core of the entire secret communication, and the security of the entire encryption system is completely based on the secrecy of the key. If the key is exposed, the entire cryptosystem will completely lose its confidentiality. Therefore, the confidentiality of the key is the key to the security and confidentiality of the symmetric key encryption system, and it must be properly stored and transmitted through a reliable channel.
There are many symmetric key encryption algorithms, such as DES (Data Encryption Standard), IDEA (International Data Encryption Algorithm), Skipjack, 3DES, GDES, New DES, Lucifer, FEARN, LOKI91, RC4, RC5, etc.
1.1 DES algorithm
The DES algorithm is an encryption algorithm published by the US government in 1977. Because of its simple implementation and good encryption effect, it has been widely used all over the world for a long time. It encrypts data through very complex iterations and permutations, so that an attempt to decipher cannot obtain any effective information from the encrypted ciphertext. For this encryption method, if an exhaustive method is used to attack, it will take more than 200 years to be cracked by a computer that can perform 10,000 deciphering per second. It can be seen that the DES algorithm has a good confidentiality effect. . In addition, the DES algorithm is not complicated to implement. Not only can it be easily implemented in software, but it has already been implemented on the chip, making it very convenient to use.
The process of the DES algorithm, in simple terms, is to divide the plaintext to be encrypted into 64-bit data segments as input, and then use 52 sub-keys generated according to the 64-bit key change to perform initial replacement and 16 Iterate rounds, reverse the initial permutation, and then get the 64-bit ciphertext. The decryption process of DES is almost the same as the encryption process, but the order in which the subkeys are used is different. Part of the parameters K1K2K3...K16 used in sequence during encryption are used in sequence K16K15K14...K1 during decryption. The other algorithms are exactly the same, which is also an aspect that DES is easy to use.
1.2 IDEA algorithm
The size of the data segment processed by IDEA in the encryption operation is also 64 bits, but the key length used is 128 bits, and a more complex encryption algorithm is used to ensure that it will not be easily deciphered.
IDEA is an encryption algorithm with high encryption strength, and there has been no effective attack on this algorithm so far. If a computer can generate and run 1 billion keys per second, it will take 1013 years to guess the IDEA key, which shows that the encryption strength of IDEA is very high.
In addition, IDEA is very convenient to implement, either through software or hardware. The IDEA algorithm processes data in 64-bit units. Before encryption, the plaintext to be encrypted is divided into 64-bit data segments and then encrypted separately. The decryption process of IDEA is basically the same as the encryption process. The difference is that the generation method of the decryption subkey is different from the generation method of the encryption subkey. The other operation process of decryption is the same as that of encryption, which also divides the 64-bit data segment into four. 16-bit data segment, and then through eight rounds of iterative transformation and one round of output transformation, the corresponding plaintext result can be obtained.
2 Asymmetric key encryption algorithm
The symmetric key encryption method uses the same key for encryption and decryption, which is saved by the sender and receiver at the same time, and the same key is used for encryption and decryption. The main problem with this method is that the process of generating, importing, storing, managing, and distributing keys is relatively complicated, especially as the number of users increases, the demand for keys increases exponentially. In a large-scale information system, the distribution and management of a large number of keys is a difficult problem to solve. For example, if there are n users in the system, and password communication needs to be established between every two users, each user in the system must master (n -1)/2 keys, and the total number of keys required in the system is n *( n -1)/2. In the case of 10 users, each user must have 9 keys, and the total number of keys in the system is 45. For 100 users, each user must have 99 keys, and the total number of keys in the system is 4950. This also only considers the situation where only one session key is used for communication between users. If different sessions need to change different keys, the total number of keys will be more. The generation, management, and distribution of such a large number of keys is a difficult problem to deal with.
Different from the symmetric key encryption method, the asymmetric key encryption technology needs to use two different keys when encrypting and decrypting information, so it is also called a dual-key encryption method. In its operation, it first generates a pair of keys, one of which is a secret key, which is kept by the user and cannot be leaked to the outside world, referred to as the private key; the other is a public key, which can be disclosed to the outside world, even in public directories Listed in, referred to as public key, so it is also called public key encryption method. Only the private key can decrypt the data encrypted with the public key, and the data encrypted with the private key can only be decrypted with the public key. In the communication process, if the sender wants to send confidential information to the receiver, the information needs to be encrypted with the receiver’s public key first, and then sent to the receiver. The receiver can decrypt it smoothly with its private key. However, even if other people receive the encrypted ciphertext, they cannot correctly interpret, so as to achieve the purpose of confidential communication.
In the public key encryption method, in order to achieve a good encryption effect, the algorithm must be: it is very easy to generate the key in calculation; it is easy to realize the encryption of the plaintext in the case of known public key; It is computationally easy to decrypt the ciphertext in the case of the key; although the two keys used for encryption and decryption are mathematically related, when the public key is known, it is necessary to obtain the private key It is computationally infeasible; if the public key and ciphertext are known, it is computationally infeasible to obtain the plaintext. Only by doing the above points can the attacker's deciphering of the algorithm be effectively prevented.
There are many asymmetric key encryption algorithms, such as RSA, backpack cipher, McEliece, Diffe Hellman, Rabin, Ong Fiat Shamir, zero-knowledge proof algorithm, elliptic curve, EIGamal, etc. Here we mainly introduce the encryption principle of RSA.
Among the many public key encryption algorithms, the RSA encryption algorithm named after them proposed by Ron Rivest, Adi Shamir and Leonard Adleman in 1977 is the most famous. And it is the first algorithm that can be used for both data encryption and digital signature. It has been more than 20 years since RSA was proposed. It has undergone various attacks and has gradually been accepted by people. It is generally regarded as one of the current excellent public key encryption methods. Because it is easy to understand and operate, it has been widely used. However, the security of RSA has not been proved theoretically.
The security of RSA relies on the decomposition of large numbers, that is, it is very easy to obtain the product of two large numbers (for example, a decimal number greater than 100 digits), but it is very difficult to decompose a large number into two prime numbers.
In the RSA encryption system, each user has a public key PK=( N, e) and a private key SK=( N, d ), where N is the product of two large prime numbers. For better confidentiality, generally Both take two large prime numbers with more than 100 digits and multiply it to get N. e and d are calculated according to a certain algorithm. Although there is a certain calculation relationship between N, e, and d, the attacker cannot solve d according to N and e, so as to realize asymmetric encryption.
The RS A encryption algorithm can be used not only for the encryption of information, but also for the identity verification or digital signature of the sender. For example, user B wants to send a message m to A, and A must be assured that the message was sent by B himself. To this end, B uses its own private key SK=(N, d) to encrypt the information to obtain the ciphertext c, and then sends c to A. After A receives the ciphertext, it uses B's public key PK=(N, e) to decrypt the ciphertext to obtain the plaintext. In this way, after verification, A can confirm that the message m is indeed sent by B, because only B has the private key corresponding to the public key. Even if other people know the public key, they cannot guess or calculate B’s private key. Impersonate him to send encrypted messages.
