Symmetric encryption is divided into stream cipher and block cipher.
Cipher, also called block encryption (block cyphers), a first block of plaintext is encrypted. Is the plaintext packets at a certain bit length, plaintexts encrypted ciphertext operation group, the group passes the ciphertext decryption (inverse operation of encryption operation), the plaintext group.
Stream cipher, also called stream encryption (stream cyphers), a bit of a plaintext encryption. It refers to a key with a small amount (arbitrary element manufactured) by some complex operations (encryption algorithm) to generate a large number of pseudo-random bit stream for encrypting the plaintext bit stream.
Decryption means using the same key and cryptographic algorithm and the same encryption pseudo-random bit stream and for reducing the plaintext bit stream.
Block cipher, there ECB, CBC, CFB, OFB mode which these algorithms.
1) ECB (Electronic Code Book) / codebook mode
ECB (electron dense present embodiment) is very simple, is to encrypt data in accordance with Section 8/16 8/16 period or period of bytes decrypted ciphertext or plaintext, the last paragraph of bytes is less than 8/16, on demand 8/16 byte complement is calculated, then the order of the calculated data can be linked simultaneously and each segment data.
advantage:
1. Simple, conducive to parallel computing, an error is not transmitted
Disadvantages:
1. You can not hide in plain text mode
2. Possible initiative plaintext attack
2) CBC (Cipher Block Chaining) / ciphertext chaining
With the link between the CBC (cipher block chaining mode) makes realization mechanism encrypted data segments. The mechanism of its implementation is as follows:
Encrypting the following steps:
1) The first byte of data in accordance with a set of packet 8/16 to give D1D2 ...... Dn (if the data is not an integer multiple of 8, with the specified data PADDING fill bits)
2) a first set of results after the initialization vector data D1 XOR I obtained by encrypting a first set of ciphertext C1
3) with the second set of data D2 C1 XOR result after the first set of encrypted encryption result to obtain a second set of ciphertext C2
Data) after 4 and so on, to give Cn
5) the order of connection is the encryption result as C1C2C3 ...... Cn.
Decryption is the inverse of the encryption process, the following steps:
1) First, the data in accordance with a set of bytes 8/16 grouping obtained C1C2C3 ...... Cn
2) After the first set of data is decrypted with an initialization vector I XORed plaintext to obtain a first group of D1 (Note: Yes, then decrypt the exclusive-OR)
3) to obtain a second set of exclusive-OR of the second set of data decrypting data C2 of the first set of encrypted data D2
After 4) and so on, get Dn
5) the order of connection to D1D2D3 ...... Dn is the decryption result.
Note here that the decryption result is not necessarily our original encrypted data, may also contain up you get bit, sure to fill the seats removed is your original data.
Advantages:
1. active attacks is not easy, safety is better than ECB, for long transmission length of the packet, is SSL, IPSec standard
Disadvantages:
1. The sender and recipient need to know the initialization vector IV
2. encryption process is serial, can not be parallelized (For decryption, the cipher text from the two adjacent blocks to obtain a plaintext block so. decryption process can be parallelized)
3. error propagation
3) Cipher Feedback (CFB) / cipher feedback mode
Cipher feedback (CFB, Cipher feedback) mode is similar to CBC, a block cipher may become self-synchronizing stream cipher; working process is also very similar to CBC encryption process of a CFB decryption process is almost reversed:
the need to use a block a shift register of the same size, and will be initialized with the IV register. Then, the block cipher encryption using the register contents, then the highest bit of the result x of x plaintext are XORed to generate x-bit ciphertext. The next generation of the ciphertext x bits into registers, and the following x-bit plain text repeat the process. The decryption and encryption process is similar to begin IV, the encryption register, the result of the high XOR of the ciphertext x, x bits to generate the plaintext, the ciphertext and then following the displacement of the x register.
Similar to the CBC, the plaintext change will affect all of the subsequent cipher text, the encryption process and therefore can not be parallelized; the same, similar to CBC decryption process can be parallelized.
advantage:
1. hidden in plain text mode
2, into a stream cipher mode
3. timely encrypted transmission data packet is less than
Disadvantages:
1 is not conducive to parallel computing
2. The transmission error: a plurality of impact damage to the unit cells plaintext
3.唯一的IV
4)Output Feedback (OFB)/输出反馈模式
输出反馈模式(Output feedback, OFB)可以将块密码变成同步的流密码。它产生密钥流的块,然后将其与平文块进行异或,得到密文。与其它流密码一样,密文中一个位的翻转会使平文中同样位置的位也产生翻转。这种特性使得许多错误校正码,例如奇偶校验位,即使在加密前计算而在加密后进行校验也可以得出正确结果。
每个使用OFB的输出块与其前面所有的输出块相关,因此不能并行化处理。然而,由于平文和密文只在最终的异或过程中使用,因此可以事先对IV进行加密,最后并行的将平文或密文进行并行的异或处理。
可以利用输入全0的CBC模式产生OFB模式的密钥流。这种方法十分实用,因为可以利用快速的CBC硬件实现来加速OFB模式的加密过程。
优点:
1.隐藏了明文模式
2.分组密码转化为流模式
3.可以及时加密传送小于分组的数据
缺点:
1.不利于并行计算
2.对明文的主动攻击是可能的
3.误差传送:一个明文单元损坏影响多个单元