site: www.wendangku.net cryptography answer
basic concept
Information Systems Security = Device Security Data Security + + + content security safe behavior
Coincident index method is most effective for crack multi-table substitution cipher algorithm.
At least one encryption system plaintext, the ciphertext, encryption algorithm, keys and decryption algorithms, whose security is determined by using the key.
Replacement called transposition cipher password, password is the most common replacement column permutation and periodic replacement of turn password
A six wheel crypto period length is a multiple of a power of 6 of Table 26 in place of the password mechanism.
Password degree in the history of the first widely used in commercial data secret cryptographic algorithm is DES.
DES cryptographic keys in all weak, semi-weak keys, weak keys and a quarter of one-eighth of weak keys all together, a total of 256 Ge
less secure key
Attack
Statistical analysis attack
the so-called statistical analysis refers to the attack cryptanalyst to decipher the ciphertext and plaintext password statistical law analysis.Mathematical analysis attack
so-called mathematical analysis attack is a mathematical basis for the cryptanalyst to decipher the password encryption algorithm by solving mathematical method.Only known ciphertext attack
The so-called only known ciphertext attack is a cryptanalyst only to decipher passwords based on intercepted ciphertext. Because the cryptanalyst can use data sources only ciphertext, so this is a cryptanalyst most adverse circumstances.
- Known plaintext attack
The so-called known plaintext attack is based on the cryptanalyst already know some plaintext to ciphertext to decipher passwords.
An attacker can always obtain the ciphertext and plaintext guess
Computer file encryption program is particularly vulnerable to this attack
- Chosen plaintext attack
The so-called chosen-plaintext attack refers to the cryptanalyst can choose to obtain the corresponding plaintext and ciphertext.
- Ciphertext-only attack
For this form of cryptanalysis cryptanalyst known only two things: encryption algorithm, to be deciphered ciphertext.
- Chosen ciphertext attack
And select the corresponding plaintext attack, in addition to those who know to decipher the encryption algorithm, but also including his own chosen ciphertext and corresponding decrypted text, that knows the ciphertext and the corresponding plaintext choice.
- Select the text attack
Selecting text attack is chosen-plaintext attack and the selective binding ciphertext attack. Cryptanalyst what is known comprising: encryption algorithm, a plaintext message cryptanalyst selected and its corresponding ciphertext, and the ciphertext guess cryptanalyst has been selected and its corresponding plaintext decipher.
Obviously, ciphertext-only attack is the most difficult, because a minimum of analysts available for use of information.
Classical password
By confusion, and diffusion method to design a product code
Confusion: so that the relation between the plaintext and ciphertext, key complicated.
Diffusion: to expand its influence every key plaintext and ciphertext to as many bits.
Replacement (transposition)
Replacement password can not withstand known plaintext attack
Instead of (replacement)
Single table instead of the password: only a ciphertext alphabet, and the ciphertext alphabet with a letter in place of a letter of the plaintext alphabet. Caesar cipher Affine password brute-force attack can not withstand a single table instead of the password can be used to break the statistical analysis.
Multi-table instead of the password: Vigenere password, there are a variety of plaintext letter instead.
More than code instead of the password
Stand the statistical analysis is a basic requirement for modern password!
OF
Block ciphers : Packet Length plaintext, ciphertext, and the key is 64 bits.
- Binary for cryptographic algorithms: it is possible to add computer data decryption in any form.
- For co-operation: thus share the same encryption and decryption algorithm, the realization of the project workload in half.
- Integrated use of replacement, instead, algebra and other cryptographic techniques.
There are eight S-boxes
Each S-box with six inputs and four outputs, a non-linear compression transformation.
Input is set b1 b2 b3 b4 b5 b6, places b1b6 binary number to a line number, a binary number consisting of b2b3b4b5 column number. Number (binary) is output at the intersection of column
P is a permutation cassette cartridge to provide avalanche
In today's perspective, DES algorithm is no longer safe, mainly because of restrictions from key space, easy to be exhaustive break
DES round function F is composed of three parts: the expansion permutation, substitution nonlinear and linear displacement thereof.
AES
Overall Features
- Block ciphers: length 128 plaintext, the ciphertext length, variable key lengths (128/192/256, etc., and generally is now 128).
- Binary for cryptographic algorithms: the ability to add computer data decryption in any form.
- Not for co-operation: the encryption and decryption use different algorithms.
- The integrated use of replacement, instead, algebra and other cryptographic techniques
- Overall structure: basic plus round function iterations. Variable number of turns, ≥10
S-box transformation ByteSub (State)
①S box transformation is the only non-linear transformation of AES, AES is the key to security.
②AES using the same S-box 16, DES using eight different S-boxes.
③AES S-box has 8 input 8-bit output, DES S-boxes with a 4-bit output 6-bit input.
Line shift is a permutation
Row shift conversion line for cyclically shifting state.
Row 0 is not shifted, row 1 byte shift C1, C2 byte shift line 2, line 3 bytes shifted C3.
Column is replaced by mixed
Mix Columns transformation is regarded as the column state polynomial on GF (28) a (x), multiplied by a fixed polynomial c (x), and molded. 1 + X4:
B (X) = A (X) C (X ) mod x4 + 1
where, C (X) = 03x3 + 02 + 01x2 + 01X
Resistant to all currently known attack:
brute-force attack.
Differential attack.
Linear attack.
Square attack.
Sns4
Two, SMS4 password Profile
① block cipher:
Packet length = 128 bits key length = 128 bit
Data processing unit: byte ( 8 bits), word (32-bit)
② cryptographic algorithm structure:
The basic functions plus iteration round
Involution operation: same as the encryption algorithm and decryption algorithm
Converting an S-box byte of nonlinear components:
Four S-boxes
8-bit input, 8-bit output.
In essence, the eight non-linear displacement.
In the first half bytes of the input line number, the column number of nibbles, a data row at the intersection point is output.
Block ciphers
1. DES enacted in 1977. In 1981 the United States has developed four basic modes for the application of DES:
Electronic Codebook Mode (ECB): plaintext data exposure mode.
Link cipher feedback mode (the CBC): Ming ciphertext link: encryption and decryption error propagation unbounded
Ciphertext link: unbounded error propagation encryption, decryption error propagation bounded
Cipher Feedback Mode (CFB): error propagation unbounded
Output Feedback Mode (OFB): encryption and decryption are error propagation, but the error propagation is difficult to detect tampering with the ciphertext.
2. The packet length is less than the length of said data block to short blocks, use of appropriate technology must solve the problem of short block encryption.
Short block processing:
1, filling technique
2, misappropriation ciphertext art
3, the encryption sequence
Stream cipher
characteristic
- It mimic "one-time" password using the password sequence;
- The simplest encryption operation, and is co-operation;
- Depending on the security key sequence generation algorithm;
- Theory and technology are very mature;
- Core mainstream password password.
classification
- Synchronous stream cipher
key generation algorithm and the plaintext sequence independent, the generated key sequence is also independent of the plaintext.
If communication is lost or added a ciphertext character, it has been the recipient to decrypt the error. - Since cryptographic synchronization sequence
key generation algorithm and the plaintext sequence (ciphertext) related key stream with the plaintext (ciphertext) is produced by correlation.
When the key sequence generator having an n-bit memory, an error will affect later ciphertext n successive ciphertext is encrypted error. After this recovery is correct.
Decrypt a ciphertext error will also affect the back n consecutive plaintext wrong. After this recovery is correct.
Encryption and decryption will result in error propagation. After the mistakes of the past to recover properly.
Stream cipher structure can be divided portion driving portion, and combinations of two main components.
Linear Shift Register
Only when the connection polynomial g (x) is a primitive polynomial , the output of the linear shift register sequence of m-sequences.
Provided f (x) is a polynomial of (2) GF, so that f (x) | smallest positive integer p xp-1 is referred to as a period f (x) of. If the number of f (x) is n, and has a period of. 1-n-^ 2 , called f (x) is a primitive polynomial.
Has been demonstrated, for any positive integer n, at least n times a primitive polynomial. And there are effective generation algorithm.
Feedback shift register output sequence generating process, feedback function of the output sequence period length
plays a decisive role in the shift register of the serial output plays a decisive role
Threshold generator requirements: LFSR is odd number, the length of the LFSR sure all relatively prime, and
all the feedback polynomial is primitive, so that the cycle can be maximized.
RC4 stream cipher based password different from the shift register.
It is a stream cipher based nonlinear data conversion table.
Public Key
The basic conditions for public key encryption:
①E reciprocal and D; basic conditions, conditions of confidentiality
D (E (M)) = M
② ≠ Ke Ke and Kd of not calculated from the Kd of; security conditions
③E and D efficient. Practical conditions
④E (D (M)) = M fidelity conditions
If ① ② ③ can satisfy privacy, if satisfied may ② ③ ④ fidelity, if four conditions are met, at the same time privacy fidelity.
Ensure data confidentiality and authenticity
RSA
encryption
① randomly selects two large prime numbers p and Q , and confidential;
② calculate n = pq, the n disclosure;
③ calculating φ (n) = (p- 1) (q-1), for [Phi] (n) confidentiality;
④ randomly select a positive integer e, 1 <e <φ ( n) and (e, φ (n)) = 1, the e disclosed; // (e, F (n )) is the greatest common divisor. 1
⑤ the ed = 1 mod φ (n) , to obtain d, and d confidentiality;
⑥ encryption operation: C = M ^ E n-MOD
⑦ decryption operation: M = C ^ d mod n
(P-1) and (q-1) is the greatest common divisor is smaller.
d not be too small, large enough
p and q are large enough
p and q should be strong prime
choice of e
random Security and containing more than one, but slower encryption. Thus, some scholars recommended to take e = 216 + 1 = 65537
ELgamal
RSA cryptosystem based on the difficulty of large composite number decomposition.
ELGamal password founded on the difficulty of the discrete logarithm
General public key cryptography algorithm is based on a specific mathematical problems to solve that RSA algorithm is based on
large integer factorization difficulty , ElGamal algorithm is based on the discrete finite field multiplicative group of a few difficulties
: Discrete logarithm problem
remaining configuration finite field ① Let p be a prime number, modulo p:
Fp = {0,1,2, ..., p}. 1-
Fp nonzero element constituting the cyclic group Fp
Fp = {1,2 , ...,. 1-p}
= {[alpha], alpha] 2, cc3,, [alpha] P-}. 1,
called [alpha] is a primitive element of the generator or Fp * modulo p.
② seeking α touching exponentiation is:
Y = [alpha] x MOD P,. 1-1≤x≤p,
Preparation: randomly selects a large prime p, p-1 and requires a large prime factor. Select a primitive element α modulo p. The p and α disclosed.
⑴ key generation
user randomly selects an integer as its decryption key d secret, 2≤d≤p-2.
Computing y = αd mod p, y is taken own public encryption key.
Calculated from the public key y secret key d, we must solve the discrete logarithm, which is extremely difficult.
(2) encrypting
the (0≤M≤p-1) encrypts plaintext message M into ciphertext is as follows:
① a randomly selected integer k, 2≤k≤p-2.
② Calculation: the U-MOD P = YK;
a C1 of ak = MOD P;
C2 MOD P = the UM;
③ taken C = (C1, C2) as an encrypted text.
⑶ decrypt
the ciphertext (C1, C2) the decryption process is as follows:
① calculating a C1 D MOD P = V;
② computing M = C2 V -1 mod p.
Elliptic curve cryptography has become one of the RSA public key cryptography in addition to the password loudest voices.
It is short keys, signature short, small-scale software, hardware circuit power.
Generally it agreed that safety 160 long elliptic curve cryptography is 1024 bit RSA encryption, and the operation speed is also faster.
Elliptic Curve Cryptography
Let p be a prime number greater than 3, and 4a ^ 3 + 27b ^ 2 ≠ 0 mod p, said
y2 = x3 + ax + b, a, b∈GF (p)
of the elliptic curve (p) GF.
A congruent equation obtained by the elliptic curve:
Y2 = X3 + AX + B MOD P
which solution is a tuple <x, y>, x, y∈GF (p), this tuple to draw an elliptic curve to a point on it, so also known as the solution point.
digital signature
For a public key cryptography, if satisfied
E (D (M, Kd) , Ke) = M,
can ensure the authenticity of the data.
Confidentiality authenticity
General Procedure:
Signature communication protocols: M ---- ---- B A
① A KdA their own decryption key to sign data M:
SA = D (M, KdA)
② If not confidential, then A direct SA will be sent to the user B.
③ If necessary confidentiality, encryption keys found in the A and B KEB disclosed, and re-encrypted with the SA KEB, ciphertext C,
C = E (SA, KEB)
④ Finally, A to C transmits to B, and SA C or left at the end.
After receipt of B, if no secure communication, the first found KEA A public encryption key, and the signature verification KEA:
E (SA, KEA) = E (D (M, kdA), KEA) = M
⑥ if the secure communication, the B first with own secret decryption key to decrypt KdB to C, then a is found KEA disclosed encryption key, the signature verification KEA:
D (C, KdB) = D (E (SA, KEB), KdB) = SA
E (SA, KEA) = E (D (M, KdA), KEA) = M
if we can restore the correct M, then the SA signature a, otherwise SA not a signature.
Rational design plaintext data formats:
the sender identification number to identify the packet recipient time error correction code data
M = <A, B, I , T, DATA, CRC>
remember where H = <A, B, I , T>.
Thus, A to <H, SIG (M, KdA )> is the final packet to B, where H is in clear text.
HASH
Group: L-1 into the input of size b bits packet.
Filling: When the first L-1 packets is less than b bits, the bit b is filled.
Additional: then a total length of the additional input packet represents.
B L a total bit packet of size.
Since the length included in the input, identify the attacker must have the same Hash value and two packets of equal length, or of unequal length but the addition of two packet length Hash value to identify the same packet, thereby increasing the attack difficulty.
Most Hash functions are used in this structure
The main processing
of the main processing core is a SHA-1 HASH function.
Each treatment a packet 512 after the number of cycles to fill the packet number of packets L
SHA-1 is shorter in length than the input packet 264, 160 output the message digest, the algorithm grouped by input 512, and a packet processing units.
Brief SHA1 algorithm
(1) additional padding bits;
(2) initializes the chaining variable; // initialize the buffer
(3) to 512 units of a packet of information processing, which is a core module comprising four cycles, each cycle
consists of 20 steps;
(4) for each cycle are currently being processed, and buffer a 512bitYq value of 160bit, B, C, D and E are input,
and then update the cache contents;
(5) to give a final hash value;
PKI
Public key certificate is a PKI part of the most basic of
It is a certified public key certificate contains the main identification, the holder of the main public information, information visa authority (CA) trusted by the signature collection. Public key certificate is mainly used to ensure public safety and binding relationship with the user. The public key certificate holder body can be people, equipment, organization, or other body. Public key certificate can be stored and distributed in clear text. As long as a user knows the public key of any visa authority (CA), the certificate will be able to check the validity of signatures. If the check is correct, then the user can be confident that the certificate carried by the public is real and legitimate public key that is the subject of this public key certificate identified. Thereby ensuring the integrity of the user's public key.
Authenticate
The difference between authentication and digital signatures:
① certification is always based on some kind of sending and receiving sides shared secret data to authenticate the authenticity of the object to be identified, and the digital signature is used to verify the signature of the data is public.
② authentication allows the sender and receiver to verify its authenticity with each other, do not allow third party verification, and digital signature allows both the transceiver and a third party can validate.
③ digital signature can not deny having a sender, and the recipient can not forge public verification is possible to resolve disputes, but not necessarily provided with the authentication
The difference between authentication and encryption:
encryption to ensure the confidentiality of data, and authentication to ensure the authenticity of the message sender and recipient as well as the integrity of the message.