Certification
Accreditation Focus
one-way hash function
How to guarantee "It's true?"
Now suppose that Xiao Ming wrote a file and saved it to the hard disk before, and his file may be tampered with after being attacked, so how does it prove that the file in his hand has not been tampered with? Documents are true, and the property of "being true" is called integrity, also known as consistency.
The hash value is generated by a one-way hash function, and the hash value before and after is compared to ensure the integrity and consistency of the message.
What is a one-way hash function
Input (message/preimage) - one-way hash function (message digest, hash function, hash function) - output (hash value/fingerprint)
The one-way hash function can calculate the hash value based on the content of the message, and the hash value (value) can be used to check the integrity of the message.
One-way hash functions are also known as message digests, hash functions, or hash functions.
A message fed into a one-way hash function is also called a preimage. The one-way hash function outputs a hash value also known as a message digest or fingerprint. Integrity is also known as consistency.
Note:
1. The situation where two different messages produce the same hash value is called a collision . If a one-way hash function is to be used for integrity checking, it needs to be ensured that it is virtually impossible to detect collisions by humans.
2. The nature of the one-way function:
Calculate a hash value of a fixed length according to a message of any length; b. The hash value can be quickly calculated; c. The hash value of different messages is also different (there may be two different messages here will produce the same hash value)
One-way hash functions are one-way
One-way hash function (digest algorithm)
Message Authentication (MAC)
message authorization code - MAC abbreviation
A message authorization code is a one-way hash function associated with a key.
To calculate the MAC value, a shared key must be held. People without the shared key cannot calculate the MAC value. The message authentication code uses this property to complete the authentication.
How to use the message authentication code
First share the key. Then the sender uses the message authentication code (one-way hash function + shared key) to generate the MAC value, the receiver also uses the message authentication code to generate the MAC value from the received message, and the two MAC values are compared. The same is successful, indicating the integrity and consistency of the message.
Application example of message authentication code
Implementation method of message authentication code
a. Implementation using a one-way hash function: A message authentication code can be implemented using a one-way hash function such as SHA-2.
b. Implementation using block ciphers: Message authentication codes can be implemented using block ciphers such as AES.
HMAC:
It is a method of using a one-way hash function to construct a message authentication code (RFC2104), where H of HMAC means Hash
The one-way hash function used by HMAC is not limited to one, any high-strength one-way hash function can be used for HMAC, and if a new one-way hash function is designed in the future, it can also be used.
Attacks on Message Authentication Codes
replay attack
digital signature
I have two keys, a public key and a private key.
I gave the public key to mom and dad respectively.
When my mother wants to send me a confidential message:
first encrypt it with my public key to my mother to form a ciphertext - send the ciphertext to me - I decrypt it with my own private key - generate the plaintext, you can I saw the content of the letter.
As long as my private key is not leaked, the letter is safe and cannot be decrypted even if it falls into the hands of others.
When I want to send confidential information to my mother:
(I only have the private key here)
The method of digital signature (digital signature, which can be understood as signing your name on the information)
First, the hash function (one-way hash function) generates the digest value h1 of the information (to ensure the integrity of the subsequent information) - then use your own private key to encrypt the digest to generate a digital signature - and then attach the digital signature to the message. Send it to my mother together - after my mother receives it, she first decrypts the digital signature with my public key to get the summary of the letter (big name), confirming that it was sent by me, and my name is on the letter. (First determine whether the letter was sent by me) - then to determine whether the content of the information has changed, use the hash function on the letter itself, and compare the result h2 value with the summary h1 obtained in the previous step. If the same h1=h2, it proves has not been modified.
digital certificate
The public key decrypts the digital signature.
What if I make sure that the public key in my mother's hand is mine?
My public key + the private key of the certification center - generating a digital certificate
After I get the digital certificate, I can rest assured. If you write a letter to your mother in the future, you only need to attach the digital certificate when you sign it.
The public key is contained in the digital certificate. The digital certificate is usually issued by a trusted digital certificate authority CA, after verifying the identity of the server. The certificate contains a key pair (public key and private key) and all user identification information. The digital certificate is placed on the server side and has the functions of server authentication and data transmission encryption.
Examples of digital certificates
Webpage Encryption
Let's look at an example of applying a "digital certificate": https protocol . This protocol is mainly used for web page encryption
Summarize
In fact, the digital signature guarantees the integrity of the data, but it does not guarantee the encryption of the data, and it does not guarantee that there is no sniffing and eavesdropping during the data transmission.
It is like driving a large open-top truck from A to B without spilling anything on the way, and the integrity is guaranteed. But there was something in the car that was also seen by passers-by.
Data encryption is to build a virtual tunnel from A to B, and the truck is driving in it, and no passers-by know what it is.
After the car arrives at B, the delivery person gives his ID card to prove that he is indeed from A. The recipient can choose to trust this ID. You can also put your ID card into your ID card verification machine to check whether it is a real ID card issued by the Ministry of Public Security.
If your ID Validator (CA) is already fake, don't say anything, just reinstall the system.
notes
Definition of Several Attacks
Ciphertext-only Attack.
Known-plaintext Attack.
Choose a plaintext attack (Chosen-plaintext Attack).
Choose the ciphertext attack (Chosen-ciphertext Attack).
The above attack strengths are from weak to strong from top to bottom. The difference between a chosen-ciphertext attack and a chosen-plaintext attack is the direction of encryption and decryption.
Selected plaintext attack: That is to say, if you install an undercover agent on the enemy's side, the undercover agent sends some messages and encrypts them to me. Through this encrypted message and the stolen ciphertext, I can know the other party's information through some channels. Encryption algorithm, reverse key.
Chosen ciphertext attack: You have another kind of authority, you can select a piece of ciphertext and let others decrypt it and show it to you later. This is a chosen ciphertext attack.
Multi-party secure computation
It can be roughly divided into two categories: one is noise-based and the other is not noise-based
The most important representative of noise-based secure computing methods is differential privacy, which is currently very popular. The idea of this type of method is to interfere with the calculation process with noise, so that the original data is drowned in the noise, so that those with ulterior motives cannot infer the original data from the obtained results. It's as if we got a picture with a mosaic. Although it is possible to guess what the mosaic looks like, it is difficult to know all the details behind the mosaic.
Non-noise methods generally encode or encrypt data through cryptographic methods to obtain some strange numbers, and these strange numbers have some magical properties, such as seemingly random but in fact retaining the linear relationship of the original data, or the order is clear. Disorganized but people can easily find the mapping relationship with the original data.
This class of methods mainly includes three types: Garbled Circuit, Homomorphic Encryption and Secret Sharing. These methods generally encrypt or encode the data at the source, and the computing operator sees all the ciphertext. Therefore, as long as certain assumptions are satisfied, such methods will not leak information during the computing process.
Compared with the previous type of noise-based methods, the advantage of this method is that it does not interfere with the calculation process, so what we finally get is an accurate value, which is supported by cryptography theory, and the security is guaranteed. The disadvantage is that Many cryptographic methods are used, and the amount of computation and communication in the whole process is very large. For some complex tasks (such as training dozens or hundreds of layers of CNN, etc.), it may not be completed in a short time.