1. A Brief History of Asymmetric Encryption
1. Algorithm establishment
Another problem for anyone who wants to send an encrypted message is how to let the recipient know how the message was encrypted in the first place. The problem with ciphers like letter substitution ciphers is that once an eavesdropper knows the encryption scheme, subsequent information is easily accessible.
A public-key encryption (PKE for short) system can solve this problem. It uses two keys, one public and one private. Both keys are issued by a trusted certificate authority. The public key is stored as an electronic certificate, accessible to anyone who wants to communicate with its holder.
Both public and private keys are essentially mathematically related multi-digit numbers. This means that either can be used to encrypt information, as long as the other key is used to decrypt it.
GCHQ started this work in the 1970s. At the same time, Whitfield Diffe and Martin Hellman of Stanford University in the United States also independently conceived it, so sometimes this algorithm is also called Diffie-Hellman encryption.
For someone like a cracker, knowing that the two keys are mathematically related doesn't help much, deriving one from the other is very difficult.
One of the advantages of this encryption algorithm is that there is no need for a central database to verify the key, thereby reducing the chance of the key being intercepted during the verification process by an eavesdropper eavesdropping on your communication channel.
2. Apply to the real world
Research work at GCHQ and Stanford University laid the groundwork for public-key cryptography, while three researchers at MIT, Rona1d Rivest, Adi Shamir and Leonard · Adelman (Leonard Adleman's breakthrough) made it practical. The trio discovered a mathematical way to easily associate public and private keys, and it also enabled the exchange of digital signatures, an electronic method of confirming the identity of a sender. Their method involves factors and prime numbers.
For any given number, its factors are those integers that divide that number evenly (i.e. yield no remainder). For example, the factors of the number 6 are 1, 2, 3, and 6, because 6 can round each of these numbers without producing a remainder. The number 4 is not a factor of 6, because 6 divided by itself and the number 4 has a quotient of 1 and a remainder of 2. A prime number is a number that has only two factors, itself and the number 1. We can clearly see that the number 6 is not prime because it has 4 factors. In contrast, the number 5 is only divisible by itself and 1, so it is a prime number.
Keeping this definition in mind, we can list the first batch of prime numbers, 2, 3, 5, 7, 13, 17, 19, 23, 29, and 31. The number 1 is not considered prime because it has only one factor. Multiplying the two largest prime numbers in the above list, 29×31, is a quick process. On a calculator, it's a trivial thing to do in seconds. You can probably do this fairly quickly with pencil and paper, and even figure it out in your head in a not-too-long time, as long as you take the shortcut of first calculating 30 x 31 and subtracting 31 to get the number 899.
But if you want to solve this problem in reverse, it is much more difficult. If you were given the number 899 and asked what its two factors were, it might take an hour to solve with a calculator, a day with pencil and paper, and a week with a mental calculation.
As the prime numbers get larger, it takes longer and longer to solve the problem. The largest prime number discovered in 2018 has more than 24 million digits. While this means that multiplying two such numbers is not something your average desktop computer can do, you can still do it with a small amount of computing power. The time spent on the opposite process is simply unimaginable. However, as with any challenge, there are always people willing to try. A recent successful attempt to crack a 232-bit key took the equivalent of more than 2,000 years of computing time.
This mathematical property of prime numbers is the basis for the approach proposed by Levistr, Shamir, and Adelman. RSA Security, a company founded by the three, estimates that more than 1 billion copies of the RSA encryption standard are used in applications today. One of RSA's popular products is a hardware token called SecurID, which helps identify users who want to remotely access a company's IT systems. Users log into their corporate systems using a virtual private network (an electronically secure tunnel). Each user is equipped with a small key fob-shaped terminal that includes a liquid level display. A 6-digit number will appear on the display and change every 60 seconds. To access the system, users need to invoke a login page and enter a numeric code that identifies them, plus the 6-digit number displayed on the terminal screen at the time, and then enter a pre-set password. This combination of something they know (a password) and something they have (a key fob) is becoming a common method of identification. This method is commonly known as two-factor authentication (two-factor authentication). If you are familiar with it, some banks will let us spend money to buy this kind of thing, which may be relatively rare now.
2. Advanced Encryption Standard
In the mid-1970s, the National Bureau of Standards (NBS) invited ideas on how to encrypt uncensored but sensitive government data. The IBM computer company came up with the idea of using a symmetric block cipher, a cipher for fixed-length blocks of data that use the same key for encryption and decryption. It is also very familiar with whether there is a symmetric encryption algorithm.
In 1977, an upgraded version of the cipher named Data Encryption Standard (DES for short) was quickly released and adopted. DES uses a 64-bit data block size and a key of the same size, but only 56 bits of the key are directly used for the password, and the rest are used to reduce the possibility of errors during transmission. The RSA security company offered a reward to organizations and individuals who could crack the DES cipher. In response, the Electronic Frontier Foundation (EFF) specially built a machine called "Deep Crack" (Deep Crack), which can use Brute force quickly checks all 256 possible keys. In 1999, a demonstration by the EFF showed that it could complete the process in less than a day.
An upgraded version of the DES cipher, named 3DES (TripIed ES), was adopted that year, but with the increase of computer processing power, DES was finally proved to be insecure and was adopted by the Advanced Encryption Standard in 2002. (Advanced Encryption Standard, referred to as AES) replaced.
Advanced Encryption Standard, designed by two Belgian cryptographers, uses 128-bit, 192-bit or 256-bit keys (named AES-128, AES-192, AES-256) to encrypt data blocks of length 128 bits. This encryption involves various cycles of shifting and swapping bits in the message, and performing exclusive-or operations on the bits.
There has never been a publicly known attack that would allow an eavesdropper to read AES-encrypted messages. Having said that, there are many theoretical attacks on AES that have been published today, and they are able to decrypt information much faster than a full brute force attack. However, the time required to complete such an attack is practically infeasible. For example, behind the so-called biclique attack is a branch of mathematical graph theory. It was discovered in 2011 that this attack method is 4 times faster than a brute force attack. Edward the Whistleblower. Snowden (Edward Snowden) broke the news that the US National Security Agency has been looking for new ways to crack AES.
Because of the extremely long keys used for public-key encryption (PKE), and the increasing complexity of the mathematics required to find them, modern cryptography is now largely beyond the reach of interested amateurs, rather Specialized activities for mathematicians. But the tantalizing possibility remains that there could be vulnerabilities in cryptographic systems that take advantage of the difficulty of factoring large numbers. Although the factorization methods discovered so far are mathematically complex, there may still be some simpler method.
3. Build a secure Internet
While many of the messages we send out via email are trivial, sometimes we want to make sure no one can snoop on what we're saying. For example, if you're applying for a new job, the last thing you want is for your current employer to find out.
One way to encrypt e-mail is to use a software package called Pretty Good Privacy (PGP), which combines elements of traditional cryptography and public-key cryptography. PGP was created by Philip R. Zimmerman and
released for free in 1991. PGP software generates random keys based on your mouse movements and typing patterns. This random key is then used to encrypt your message.
In the subsequent development stage, public key encryption is used, but what is encrypted with the public key is not the information itself, but the random key used in the previous stage, and then the random key encrypted with the public key and the encrypted key encrypted with the random key The information is sent together. When the recipient receives your message, instead of decrypting the message with the private key, they first decrypt the random key, which is then used to decrypt the accompanying message.
Encryption is also used when you visit "https" websites. You can recognize such sites by the little padlock that appears in your browser window, and their URLs start with https instead of http. Such sites use a technology called Transport Layer Security (TLS) and its The previous generation of technology Secure Sockets Layer (Secure Sockets Layer, or SSL for short) In fact, TLS and SSL use public key encryption as described earlier to secure the connection between you and the computer you are talking to. For example, 'A cryptographer trying to hack into your bank account details faces the same challenges as a cryptographer trying to crack a message sent using the same encryption scheme.
4. Mathematical example of public key encryption
The following is a simplified example of public key encryption, first choose two prime numbers P and Q. For ease of illustration, P is 11, and Q is 17. First multiply P by Q to get 181. This number is called the modulus. Then we choose a random number between 1 and the modulus, this number is called E, in this example it is 3.
Next, we need to find any number E that is
divisible evenly. In this example,
. 320 is divisible by 160, so we can find such a D value:
If , since we have chosen E to be 3, then D=107
In this very simplified example, the value of D is an integer to make the calculation as easy as possible. Note that this is not the only possible value, as we could choose some different value of E, or choose to use 480 or 640 or countless other numbers instead of 320.
While it may seem like some kind of math trick, it's almost impossible to calculate the value of D from E unless you know the respective values of P and Q, and vice versa.
Now let's return to the issue of public and private keys. The public key we share with everyone is actually two numbers modulo (P×Q) and the number E, in our case 181 and 3. The private key is the number D, in our case 107.
We don't want to reveal the respective values of P and 0, but we tell everyone the modulus (PXQ), which may seem surprising, but it is actually the core of this technique. If the values of P and Q are large enough, the time taken to find them by factoring the modulus is almost the same as flying to the end of the universe in a spaceship.
We then use these keys to encrypt and decrypt the characters in the message. Let's number the letters of the alphabet. Let A=1, z=26. To encrypt any particular character, we do more calculations on it. Suppose we want to encrypt the letter G, the seventh letter, so we will start with the number 7.
First, we calculate 7 raised to the E power. Multiply the same number E times, so the 2 power of 7 is 7×7=49, which is equal to the square of 7; the 3 power of 7 is 7×7×7=343, which is equal to the cube of 7.
We then use something called modular arithmetic, which means you wrap around after you reach a fixed value called the modulus. A good example of modular arithmetic is looking at time, which is actually based on modulo 12 (for example, 5 hours after 10 o'clock is not 15 o'clock, but 3 o'clock, because when you reach 12 o'clock, you will reset the time to zero).
We have calculated the value of the modulus P×Q which is 181. The number 343 equals 162 in modulo arithmetic using modulo 181. This number is the encrypted form of our letter G.
So, we send the number 162 and our private key D (107 in this case) to the recipient, who will perform a similar operation to decrypt the message. The recipient calculates 162 raised to the 107th power, again using the same modulo operation. As you can imagine, multiplying 162 by 107 times gives an absolutely huge number. In fact, it is approximately 2 followed by 236 zeros. But we used modulo arithmetic, and if we reset the total to zero every time we got to 181, we would end up with the number 7. The decrypted character is 7, which is the letter G. So our recipient receives the first letter of the message, and we can continue in the same way until the entire message has been sent secretly.
As above, even this greatly simplified example is elusive, and it certainly requires a powerful computer to do the math. If we used the kind of numbers that modern encryption software uses, the math would be impossible without some of the most powerful computers in the world.