Article directory
1. Basic concepts and design principles of cryptography
1.1 Cryptography
Cryptology is divided intocryptography(Cryptography)和cryptanalysis(Cryptanalysis), the former seeks methods to provide information confidentiality integrity, authenticity and non-repudiation , while the latter studies methods such as the deciphering and forgery of encrypted messages that undermine the security provided by cryptographic technology.
1.2 Password scheme
A cryptographic scheme refers to the sum of a cryptographic algorithm, related parameters and their usage . The parameters mainly includeKey, plaintext and ciphertext。
1.3Kerckhoffs (Kerckhoff) criterion
- The security of the cryptographic algorithm must be based on the confidentiality of the key. Even if the adversary knows the algorithm, it should be difficult to decipher the cryptographic algorithm without mastering the specific key.
- Kerckhoffs criterion believes that the security of a security protection system is not based on its algorithm being confidential to the opponent, but should be based on the key it chooses being confidential to the opponent.
- Two common cryptographic algorithms in cryptography are symmetric cryptographic algorithms (single-key cryptographic algorithms) and asymmetric cryptographic algorithms (public-key cryptographic algorithms).
1.4 Cryptoanalysis (password attack)
- Ciphertext-only attack
definition : Ciphertext-only attack (COA) refers to a cryptanalysis method that analyzes and solves the plaintext or key when only knowing the ciphertext.
Simple understanding : only know the ciphertext, derive the plaintext or key, and generally use an exhaustive attack .
- Known plaintext attack
definition : Known plaintext attack (KPA) means that the attacker masters part of the plaintext M and the corresponding ciphertext C , so as to solve or crack the corresponding key and encryption algorithm.
Simple understanding : know part of the plaintext and ciphertext pairs, and derive the key and encryption algorithm.
- Chosen plaintext attack
definition : Chosen plaintext attack (CPA) means that in addition to knowing the encryption algorithm, the attacker can also select the plaintext message to obtain the encrypted ciphertext, that is, he knows the selected plaintext and the encrypted ciphertext, but cannot directly Break the key.
Simple understanding : if you know the plaintext, you know the ciphertext, and the goal is to derive the key. - Chosen ciphertext attack
definition : Chosen ciphertext attack (CCA) means that the attacker can choose ciphertext for decryption. In addition to knowing the known plaintext attack, the attacker can arbitrarily create or select some ciphertext and obtain the decrypted plaintext. , is a stronger attack method than known plaintext attack .
Simple understanding : if you know the ciphertext, you know the plaintext, and the goal is to derive the key.
2. Symmetric password
- Symmetric ciphers can be divided into classical ciphers, block ciphers and sequence ciphers.
- Symmetric CipherShannon Principle
- Password design must follow the principles of diffusion and confusion. The former means that the influence of each bit of plaintext encoding should be spread to as many ciphertexts as possible, while the latter means that the influence of each bit of plaintext encoding should be spread to as many ciphertexts as possible. The statistical relationship between
- Let the 26 letters be used almost equally frequently in the ciphertext to prevent reverse derivation.
- Single table substitution is too simple and easy to crack
- The design of symmetric ciphers includes block ciphers, sequence ciphers and modern symmetric ciphers
2.1 Classical cryptography (relying on codebook)
- Classification
- Single-letter substitution cipher
replaces each letter of the alphabet with another letter to form a ciphertext.
abc…z (all letters plus 4 digits) efg…d - Multi-table substitution ciphers.
In view of the shortcomings of single-table substitution ciphers being easily cracked by frequency analysis, people have proposed multi-table substitution ciphers, which use a series (more than two) substitution tables to sequentially replace
the letters of the plain text message . For example, add 1 digit to the first table, add 2 digits to the second table, add 3 digits to the third table, th/ea/ir, use the first table for th, and use the second table for ea. ir uses the third table, and so on. - Multi-character substitution cipher
is a simple improvement of single-table substitution, that is, the original substitution table is changed from a single
character to a single character mapping into a multiple character to multiple character
mapping. For example, in the original single-table substitution, the plaintext character a is replaced with b, and the character
b is replaced with d, so ab is encrypted into bd; while multi-character substitution is to
encrypt such as ab , directly replace ac with another character
to form the ciphertext ac
- Single-letter substitution cipher
- Multi-character substitution cipher-Hill (Hill) encryption
3. Conversion between byte Byte and bit bit and bit- Bit is the abbreviation of binary digit. The amount of information contained in a binary digit is called a bit. A bit is the smallest unit of data storage within a computer. The advantages of binary in terms of efficiency and cost are accepted all over the world. Now all computer information is binary, consisting of 0s and 1s.
- Byte Byte is the smallest unit of computer data processing. It is customarily represented by a capital B. Each byte has 8 binary bits, of which the rightmost bit is the lowest bit and the leftmost bit is the highest bit. Each byte has 8 binary bits. The value of a binary bit is either 0 or 1. A byte consists of 8 binary bits. That is, 1 byte Byte is equal to 8 bits.
- Bit is the abbreviation of binary digit. The amount of information contained in a binary digit is called a bit. A bit is the smallest unit of data storage within a computer. The advantages of binary in terms of efficiency and cost are accepted all over the world. Now all computer information is binary, consisting of 0s and 1s.
2.2 Block cipher
- AES encryption:
- XOR addition
XOR is also called half addition operation. Its operation rule is equivalent to binary addition without carry: 1 represents true in binary and 0 represents false. Then the operation rule of XOR is: 0⊕0=0, 1⊕ 0=1, 0⊕1=1, 1⊕1=0 (the same is 0, the difference is 1), these rules are the same as addition, but without carry, so XOR is often regarded as addition without carry.
2.3 Sequence cipher (stream cipher)
- With the help of nonlinear filtering and nonlinear combination, a linear feedback shift register is formed to update the key regularly.
- Others
1. A completely closed encryption key in the shape of a USB, with 6 digits on it, changing every 1 minute; 2.
When logging in, enter your name, followed by 6 digits, enter your password after verification, and then enter the USB key again The 6-digit code on the key
is 3. This is a total of 3 passwords.
2.4 One-way function
2.5 Trapdoor one-way function
3. Basic principles of public key cryptography and digital signature technology
3.1 Public key cryptography
- In public key cryptography, keys are divided into encryption keys and decryption keys .
- The sender uses the encryption key to encrypt the message, and the receiver uses the decryption key to decrypt the ciphertext.
- The sender only needs the encryption key.
- The recipient only needs the decryption key.
- The decryption key cannot be obtained by an eavesdropper.
- There is no problem that the encryption key can be obtained by an eavesdropper.
- In public key cryptography, the encryption key is generally public, so it is called the public key . In contrast, the decryption key must not be made public. It cannot be sent to others (nor the communication partner). It can only be used by yourself, so it is called a private key . Public keys and private keys have a one-to-one correspondence, and a pair of public keys and private keys is collectively called a key pair . There is a very close mathematical relationship between the two keys in the key pair, so the public key and private key cannot be generated separately .
3.2Hash table
Hash table is also called hash table , and is also directly translated as hash table. Hash table is a data structure that is directly accessed based on key value (key-value). It is based on arrays and speeds up search by mapping keywords to a certain subscript of the array. However, it is different from data structures such as arrays, linked lists, and trees. Searching for a keyword in these data structures usually requires traversing the entire data . structure .
3.3Hash function (typical trapdoor one-way function)
- One-way hash function refers to calculating different input values through a one-way hash function to obtain a fixed-length output value. This input value is called a message , and the output value is called a hash value .
- One-way hash functions are also called message digest functions , hash functions , or hash functions . The input message is also called the pre-image . The output hash value is also called message digest or fingerprint , which is equivalent to the ID card of the message .
- There are many implementation algorithms for one-way hash functions, the common ones are: MD5, SHA-1, SHA-2 and SHA-3.
3.4 Electronic signature
3.5HTTP/HTTPS
3.6HTTPS and SSL
3.7 Why move to HTTPS
4. Basic principles of key distribution and negotiation
4.1 Key management
4.2 Key distribution method
