B2
Introduction to asymmetric encryption
The previous traditional encryption algorithms are all symmetric encryption. It means using a key for encryption and decryption. Asymmetric encryption uses different keys and the encryption complexity is higher.
Diffie-Hellman key exchange method
A method of key exchange.
common is the public basic color, and secret is their own private color. The public color is mixed with its own private color and given to the other party. The other party then mixes it with its own private color, and both of them get a common secret color. If someone intercepts it in the middle, they won't know what the color of the key is. What he gets is orange and green. Even if he mixed the two colors, he wouldn't get the same brown color.
The specific implementation of Diffie-Hellman is through the original root. Let us first add some knowledge.
I learned it in number theory, it’s a very simple thing. For example, 13 mod 12 =1.
primitive root primitive root: if
Then a is a primitive root of p.
For example, in the picture below, 7 is the original root of 71, but 8 is not, and there is a duplication.
For Diffie-Hellman, yellow colors (common) include a and p. a is a primitive root of p.
Alice's red secret color is x, and Bob's blue secret color is y.
a x mod p is the mixed color information sent by Alice to Bob, and a y mod p is sent by Bob to Alice. After getting both, do the modulo operation.
The proof of (q) n mod p = q n mod p is as follows: DH algorithm diagram + mathematical proof-CSDN Blog
Anyway, according to the above formula, we can know that (a x mod p) y mod p = (a y mod p) x mod p = a xy mod p, both of them get the final color of brown.
Crack method: Man-in-the-middle attack, reach a DH key agreement with both parties, and then use the key agreements of both parties to encrypt and decrypt messages when sending and receiving messages. Alice Bob has not received the real key information of the other party.
Trapdoor One-Way Function
One-way trapdoor function. y=f(x) is easy to calculate, but x=f -1 (y) is difficult to calculate. If you know z, it is convenient to calculate the inverse function, then z is a trapdoor. For RSA, the private key is the trapdoor.
RSA public key encryption algorithm
First add some knowledge of number theory.
Relatively prime: Two numbers that have no common factors (except 1), such as 7 and 10, do not necessarily need both to be prime. gcd (a, b) = 1
Φ(n): The largest number less than n that is relatively prime to n. For example, for a prime number p, ϕ ( p ) = p − 1 \phi(p)=p-1ϕ ( p )=p−1 ; ϕ ( 1 ) = 1 \phi(1)=1ϕ ( 1 )=1
pq 互素,n=pq,ϕ ( n ) = ( p − 1 ) ( q − 1 ) \phi(n)=(p-1)(q-1)ϕ ( n )=(p−1)(q−1)
n=p 2 , ϕ ( n ) = ( p ) ( p − 1 ) \phi(n)=(p)(p-1)ϕ ( n )=(p)(p−1)
Congruence: If the remainders obtained by modulo a number are the same, then the two numbers are congruent. For example, 1 4 is congruent to 3. 1≡4 mod 3
Euler's theorem: If an is relatively prime, then a ϕ ( n ) ≡ 1 ( modn ) a^{\phi(n)}≡1 (mod \quad n)aϕ ( n )≡1(modn)
RSA algorithm: First, for each plaintext m processed, m<n.
Then, the public key pair is {e, n}, and the encryption method is c=m e mod n.
The private key pair is {d, n}, and the decryption method is m=c d mod n=m ed mod n.
Then there exists ed such that m mod n = m ed mod n, and it is known that en and d are difficult to find.
The commonly used algorithm is that we use two large prime numbers pq and a given e, n=p*q, ϕ ( n ) = ( p − 1 ) ( q − 1 ) \phi(n)=(p-1) (q-1)ϕ ( n )=(p−1)(q−1 ),d ≡ e − 1 mod ϕ ( n ) d≡e^{-1} mod \quad \phi(n)d≡e−1modϕ ( n ) ed≡ 1 mod ϕ ( n ) ed≡1 mod \quad \phi(n)ed≡1modϕ ( n )
Why can setting n like this make m ed mod n=m mod n?
m ed mod n = m 1+k(p-1)(q-1) mod n = m(m k(p-1)(q-1) ) mod n = m*1 k mod n=m mod n . It seems that because the prime number selected for n is very large, mn is coprime and satisfies Euler's theorem; if not, it can also be proved based on the Chinese remainder theorem. I won't waste time adding it here. I will take the qaq exam soon.
Cracking method: brute force cracking method (too slow), mathematical cracking method based on some characteristics of prime numbers, timing attack (judging key information based on input and output operation time), selected ciphertext attack (some plaintext can be solved based on the characteristics of RSA A ciphertext pair, such as c1*c2 mod n, is the encryption result of m1 * m2.
Disadvantages of public key encryption: the required key length is too large, the calculation is too slow, and if the length is too long, ECB block encryption is required. This method is not advisable and lacks a block processing method.
Hybrid Encryption Hybrid Encryption
Combines efficient symmetric encryption with complex symmetric encryption. Used when transmitting large amounts of data.
It is assumed that both parties have asymmetric encryption keys and transmit the symmetric key (session) in an asymmetric manner. The two parties then communicate using symmetric keys.
Certificates Certificates
Encryption: The other party’s public key encrypts, and the other party uses its own private key to decrypt.
Add a signature to ensure that the message is sent by yourself: encrypt it with your own private key, and decrypt it with the other party's public key.
After Alice encrypts it with her own private key, the CA certificate authority has a way to verify whether the signature was issued by Alice (the CA does not need to store the private key information, so it can have a way to verify the author of the signature). The CA's own private key encryption can also be used to verify signatures by others.
The process of sending information: Alice's signature -> CA certification is Alice's information -> CA signature -> Alice certifies the CA's signature -> CA or Alice sends information to Bob.
Authentication Authorization
Data integrity: Data has not been modified in an unauthorized manner. In other words, tampering with data, or a middleman forging a copy of the data, can all be detected. Error correction cannot be made but errors can be detected.
There is an interesting myth here, the issue of confidentiality and authenticity. Authorization simply ensures authenticity.
If traditional encryption methods are used, the method to ensure data integrity is as follows:
- Ensure that only the sending and receiving parties get the information.
- Verify with timestamp.
- Verify with debugging serial number.
However, traditional encryption cannot verify identity through signatures, which means that the middleman can forge the information himself.
Moreover, the encryption method is not suitable for authentication and authorization. It requires a lot of calculations. It is better to add an authorization tag to the information and broadcast it. Moreover, many computer programs now have their own verification authorization methods that do not require encryption.
Longitudinal redundancy check (LRC) Longitudinal redundancy check
The i-th bit of each block is taken out and XORed to obtain the check code. Good for random data, but not so good for predictably formatted data.
Hash functions
The input always gets a fixed-length output, the algorithm is public, the input is easy to calculate the output, and the output is difficult to calculate the input in turn.
-
Preimage Resistance: Given h(m)=c, it is difficult to find m based on this c. It can be used to save user passwords in the database. When the database administrator sees c, he does not know what the original password is.
-
Second Preimage Resistance: Given m and h(m), it is difficult to find n≠m and h(m)=h(n). After downloading the software, calculate the hash value to verify the integrity of the software.
-
Collision Resistance: For hash function h, it is difficult for n≠m and h(m)=h(n) to occur. For example, Bob sends a message to Alice saying to lend me 100 yuan, and Alice signs the hash of this message; but if Bob finds another message: Lend you 100,000 yuan, it also has the same hash value as "Lend you 100 yuan". Then he can say that Alice actually promised to lend me 100,000. To avoid this happening.
In this way, the sender sends its own message and the hash value of the message, and the receiver can verify the integrity (confidentiality cannot be verified).
Can also be used to generate pseudo-random numbers.
For example, SHA1: To put it simply, it is first expanded to an integer multiple of 512 bits, and then each time 512 bits are taken out and hashed with the existing hash value, and it is continuously iterated to finally obtain a 160-bit hash value.
The solution is brute force cracking or cryptanalysis.
Preimage Resistance & second Preimage Resistance: An average of 2 m-1 attempts are required .
Collision Resistance: 2 m/2 represents the strength of Collision Resistance (possibility of collision). Of course, the longer the generated hash value, the smaller the possibility of collision.
birthday attack
birthday attack. If we want at least two people in a group to have the same birthday, how many people should we select? What is very surprising is that 70 people can achieve a 90% probability (that birthdays will be repeated).
So for the hash value problem, we don’t need to try almost all combinations. For example, for a 64-bit message, if you create 232 message variants, there will be a high probability of overlapping hash values.
MAC
It is also a hashing algorithm. The message and key are hashed together and then attached to the message and sent to the other party. When the other party knows the key, calculate the message + key to see if the mac values are the same. If they are different, it means that the message has changed or the sender is wrong.
Compared with one-way functions, one-way functions can only ensure data integrity, and mac can also authenticate (because the key is only known to you and the other party, so matching mac also shows that the person sending the information does share the key with you) the other party).
HMAC
MAC is based on multiple encryption methods, and hmac is specialized in hashing. And HMAC is very convenient to replace hash functions. You only need to remove (remove) some hash function modules and insert (drop in) new ones.
digital signature
Used for:
- Ensure data integrity and the authorized identity of the signer.
- Non-repudiation: The signer cannot deny the data he sent.
The implementation feels similar to MAC, data information + secret parameter information, and the signature is obtained through a hash algorithm.