Abstract: This article introduces important content in cryptography. The first is encryption and decryption algorithms, which are generally divided into symmetric encryption algorithms and asymmetric encryption algorithms . The difference between the two is that the symmetric encryption algorithm uses a secret key for encryption and decryption. The communication parties need to negotiate the secret key. The Diffle-Hellman protocol is used The secret key in the symmetric encryption system is negotiated, while the asymmetric encryption algorithm uses different secret keys for encryption and decryption. Symmetric encryption algorithms are divided into stream ciphers and block ciphers . The difference between the two is whether to block the plaintext. The representative of stream cipher is RC4 . Block ciphers include DES and AES . The encryption and decryption process of DES requires 16 rounds of Feistel structure. The encryption and decryption process of AES requires byte substitution, row displacement, column mixing, and so on. The two parties of symmetric encryption have to negotiate the secret key, and the pressure of secret key management is great, so asymmetric encryption is introduced. The representative of asymmetric encryption is the RSA and ECC algorithms. RSA is based on the difficult problem of large integer decomposition, and ECC is based on the elliptic curve discrete logarithm problem. Compared with RSA, ECC has a shorter secret key, which is more suitable for small buses such as bus cards. Capacity of hardware facilities. The second part talks about the hash function . The hash function in cryptography is different from the hash function in the data structure. A secure hash function requires three characteristics: first one-way, strong non-collision, Compressibility. At present, the mainstream hash functions include MD5, SHA-0, SHA-1, etc. The third part introduces digital signature based on hash function, Its role is to perform identity authentication and protect the integrity of data. Digital signature algorithms include RSA and DSS. RSA is an algorithm that can be used for both encryption and signature. The DSS algorithm is based on the difficulty of discrete logarithms. The last part introduces digital certificates , the purpose of which is to ensure that the public key will not be forged.
table of Contents
Encryption and decryption algorithm
Encryption and decryption algorithm
1. Symmetric encryption
- In the symmetric encryption model, the same secret key is used for encryption and decryption , and there are stream ciphers and block ciphers.
- 1. Stream cipher: one time one time, bit by bit encryption
- RC4 : secret key scheduling algorithm + pseudo-random password generation algorithm
- 2. Block cipher: block encryption of plain text
- DES : Feistel structure with 16 rounds, the length of the plaintext block and the initial key length are both 64 bits
- AES : byte substitution + row shift + column mixing + round key addition
- Diffle-Hellman secret key exchange protocol: Based on a symmetric encryption algorithm, a secret key is negotiated for the sender and receiver on the Internet.
- Disadvantages of symmetric encryption: the distribution of secret keys is complicated and expensive, and a large number of secret keys need to be consumed when multiple people communicate.
2. Asymmetric encryption:
Asymmetric encryption uses different keys for encryption and decryption
RSA algorithm: based on the difficult problem of large integer factorization
ECC algorithm: Based on the difficult problem of elliptic curve discrete logarithm , compared with the large integer decomposition problem, the elliptic curve discrete logarithm problem is much more difficult. ECC is characterized by short secret keys (the advantage of short secret keys) and high security.
Hash algorithm
Hash function is the most common encryption method. Representative hash algorithms are: MD4, MD5 , SHA-0, SHA-1
- The nature of the hash function
- Strong non-collision: Two non-stop variables must correspond to two different hash function values
- One-way: It is easy to find the function value from the independent variable, but it is difficult to find the independent variable from the function value.
- • Hash function can map any length bit string to a fixed length bit string ( digest, fingerprint )
It is very difficult to construct a safe hash function!
digital signature
The role of digital signature: used to confirm the identity of the sender and protect the integrity of the data
- Process: Compare whether two message digests are equal!
- A generates a message digest through the hash function
- A uses his own private key to encrypt the message digest to generate a digital signature
- A send digital signature and message
- B uses A’s public key to process the digital signature to get the message digest (can be unlocked with A’s public key to show that the message was indeed sent by A
- B calculates the message digest through hash
- B compares these two message digests. One is the message digest obtained by decrypting the digital signature with the public key, and the other is the message digest obtained by directly hashing the message. If the same indicates that the data has not been tampered with, then the data is received.
- The previous algorithm:
- RSA ( RSA can be used for asymmetric encryption or digital signature )
- DSS (can only be used for signing, not for encryption), based on the difficulty of discrete logarithm
Digital certificate
- The role of digital certificates : to ensure that the public key has not been forged , to prove the binding relationship between the public key and the sender
- Certification Authority (CA) : a credible organization, our sender provides a digital certificate
-
Digital certificate generation:
-
A sends his identity information and public key to the certification center CA
-
CA generates a digital signature encrypted with CA's private key from A's identity information and public key, and combines it into a digital certificate to A
-
- Use of digital certificates :
- A. When sending, attach your own certificate to the letter
- After B receives it, first remove the digital signature in the certificate and decrypt it with the CA's public key to get the message digest, use the hash function to calculate other information to get another message digest, compare the two message digests, if the same, indicate the public key It is indeed A's.