Encryption algorithm
Encryption technology is a technology for encoding and decoding information. Encoding is to translate the original readable information (also called plaintext) into code form (also called ciphertext). , the reverse process is decoding (decryption). The key point of encryption technology is the encryption algorithm. Encryption algorithms can be divided into three types: symmetric encryption, asymmetric encryption and irreversible encryption.
Symmetric encryption algorithm Symmetric encryption algorithm is an earlier encryption algorithm with mature technology. In the symmetric encryption algorithm, the data sender processes the plaintext (original data) and encryption key together with a special encryption algorithm to turn them into complex encrypted ciphertext and send them out. After the recipient receives the ciphertext, if he wants to decipher the original text, he needs to use the key used for encryption and the inverse algorithm of the same algorithm to decrypt the ciphertext in order to restore it to readable plaintext. In the symmetric encryption algorithm, only one key is used. Both the sender and the receiver use this key to encrypt and decrypt the data. This requires the decryptor to know the encryption key in advance. The characteristics of the symmetric encryption algorithm are that the algorithm is public, the amount of calculation is small, the encryption speed is fast, and the encryption efficiency is high. The disadvantage is that both parties to the transaction use the same key, and security cannot be guaranteed. In addition, every time each pair of users uses a symmetric encryption algorithm, they need to use a unique key that is unknown to the other person. This will increase the number of keys owned by both senders and receivers exponentially, and key management becomes a burden for users. Symmetric encryption algorithms are difficult to use on distributed network systems, mainly because key management is difficult and the cost of use is high. Symmetric encryption algorithms widely used in computer private network systems include DES and IDEA. AES, advocated by the American National Bureau of Standards, will soon replace DES as a new standard.
Asymmetric encryption algorithm Asymmetric encryption algorithm uses two completely different but completely matching pairs of keys - public key and private key. When using an asymmetric encryption algorithm to encrypt a file, only a matching pair of public and private keys can be used to complete the encryption and decryption process of the plaintext. Public key encryption is used to encrypt plain text, and private key is used to decrypt cipher text. Moreover, the sender (encryptor) knows the public key of the recipient, and only the recipient (decryptor) is the only one who knows his private key. people. The basic principle of the asymmetric encryption algorithm is that if the sender wants to send encrypted information that only the recipient can interpret, the sender must first know the recipient's public key, and then use the recipient's public key to encrypt the original text; After the recipient receives the encrypted ciphertext, he can use his own private key to decrypt the ciphertext. Obviously, using an asymmetric encryption algorithm, before the sender and receiver communicate, the recipient must send its randomly generated public key to the sender, while keeping the private key. Because asymmetric algorithms have two keys, they are particularly suitable for data encryption in distributed systems. Widely used asymmetric encryption algorithms include RSA algorithm and DSA proposed by the American National Bureau of Standards. Encryption technology based on asymmetric encryption algorithms is widely used.
Irreversible encryption algorithm The characteristic of the irreversible encryption algorithm is that it does not require the use of a key during the encryption process. After the plaintext is input, the system directly processes it into ciphertext through the encryption algorithm. This encrypted data cannot be decrypted. , only after the plaintext is re-entered and processed by the same irreversible encryption algorithm again, the same encrypted ciphertext is obtained and re-recognized by the system, can it be truly decrypted. Obviously, in this type of encryption process, you have to encrypt by yourself, and you have to decrypt by yourself. The so-called decryption is actually re-encrypting, and the "password" applied is the plain text entered. Irreversible encryption algorithms do not have key storage and distribution problems and are very suitable for use on distributed network systems. However, due to the complex encryption calculations and heavy workload, they are usually only used in situations where the amount of data is limited, such as widely used in computer systems. The password encryption in , uses an irreversible encryption algorithm. In recent years, with the continuous improvement of computer system performance, the application fields of irreversible encryption are gradually increasing. Among the many irreversible encryption algorithms used in computer networks are the MD5 algorithm invented by RSA and the irreversible encryption standard SHS (Secure Hash Standard) proposed by the American National Bureau of Standards.
Encryption technology
Encryption algorithm is the basis of encryption technology. Any mature encryption technology is based on a combination of multiple encryption algorithms, or an organic combination of encryption algorithms and other application software. based on.
Below we introduce several encryption technologies that are widely used in computer network applications.
Non-repudiation technology The core of this technology is the public key technology of asymmetric encryption algorithm, which is completed by generating a digital signature related to user authentication data. When a user performs a transaction, this signature ensures that the user cannot deny the fact that the transaction occurred in the future. Since the operation process of non-repudiation technology is simple and is directly included in certain types of normal electronic transactions of users, it has become an important guarantee for current users to conduct e-commerce and gain business trust.
PGP (Pretty Good Privacy) technology PGP technology is an email encryption technology based on the asymmetric encryption algorithm RSA public key system. It is also an encryption software that is simple to operate, easy to use, and highly popular. PGP technology can not only encrypt emails to prevent unauthorized persons from reading them; it can also add digital signatures to emails so that the recipient can clearly understand the true identity of the sender; it can also be used without the need to pass the key through any confidential channels. situations, enabling people to communicate securely and confidentially. PGP technology creatively combines the convenience of the RSA asymmetric encryption algorithm with the traditional encryption system. It adopts a seamless and ingenious design in digital signature and key authentication management mechanisms, making it almost the most popular public key encryption software. Bag.
Digital Signature technology Digital signature technology is a typical application of asymmetric encryption algorithms. The application process of digital signature is that the data source sender uses its own private key to encrypt the data checksum or other variables related to the data content to complete the legal "signature" of the data, and the data receiver uses the other party's public key. Key is used to interpret the received "digital signature", and the interpretation results are used to verify the integrity of the data to confirm the legitimacy of the signature. Digital signature technology is an important technology for confirming identity in the virtual environment of network systems. It can completely replace the "handwritten signature" in the real process, and it is technically and legally guaranteed. In terms of public and private key management, digital signature applications are exactly the opposite of encrypted email PGP technology. In digital signature applications, the sender's public key can be easily obtained, but his private key needs to be kept strictly confidential.
PKI (Public Key Infrastructure) technology PKI technology is a public key infrastructure that takes asymmetric encryption technology as its core and can provide security services for the network. PKI technology was initially mainly used in the Internet environment to provide unified identity authentication, data encryption and integrity protection mechanisms for complex Internet systems. Due to the huge advantages of PKI technology in the field of network security, it is favored by core application systems such as banks, securities, and governments. PKI technology is not only the core of information security technology, but also the key and basic technology of e-commerce. Due to the lack of physical contact in e-commerce, e-government and other activities conducted through the Internet, it is crucial to use electronic means to verify trust relationships. PKI technology can effectively solve the problems of confidentiality, authenticity, integrity, etc. in e-commerce applications. Security issues such as non-repudiation and access control. A practical PKI system must also fully consider interoperability and scalability. Functional modules such as certification center (CA), registration center (RA), policy management, key and certificate management, key backup and recovery, and revocation system included in the PKI system should be organically combined.
Future Trend of Encryption
Although the dual-key cryptography system is more reliable than the single-key cryptography system, due to the complexity of the calculation, the dual-key cryptography system cannot communicate with large amounts of information. The encryption rate is only 1/100 of the single-key system, or even 1/1000. Precisely because the encryption algorithms of different systems have their own strengths, various encryption systems will develop together for a long period of time in the future. In the protocol standard SET (Secure Electronic Transaction) for e-commerce jointly launched by IBM and other companies in 1996, and in the PGP technology jointly developed by many countries in 1992, both single-key cryptography, dual-key cryptography, Judging from the trends of hybrid cryptosystems including one-way hash algorithms and random number generation algorithms, this seems to show the future of cryptographic technology applications from one side.
In the field of single-key cryptography, one-time pad is considered the most reliable mechanism. However, because the key stream generator in the stream cipher system fails to break through the finite cycle algorithmically, it has not been widely used. application. If a key stream generator that is algorithmically close to an infinite loop is found, the system will make a qualitative leap. In recent years, research on chaos theory has brought hope for breakthroughs in this direction. In addition, animated quantum cryptography is considered a potential development direction because it is based on optical and quantum mechanical theories. This theory is undoubtedly an ideal solution for strengthening information security in optical fiber communications and dealing with deciphering with quantum computing capabilities.
Due to the application needs of civil systems such as e-commerce, authentication encryption algorithms will also have greater development. In addition, in the traditional cryptography system, new members such as IDEA will also be produced. One of the main characteristics of the new members is innovation and breakthroughs in algorithms, not just modifications or improvements to traditional algorithms. Cryptography is a young discipline that is constantly developing, and any unrecognized encryption/decryption mechanism may have a place in it.
Currently, there is no very effective solution to the security issues of information systems or emails. The main reason is that due to the inherent heterogeneity of the Internet, no single trust institution can satisfy the entire Internet process. There is no single protocol that can be applied to all situations of heterogeneity throughout the Internet. The only solution is to rely on software agents, that is, use software agents to automatically manage the certificates held by the user (that is, the trust structure to which the user belongs) and all the user's behaviors. Whenever a user wants to send a message or an email, the proxy automatically negotiates with the other party's proxy to find a mutually trusted authority or a common protocol to communicate with. In the Internet environment, the next generation of secure information systems will automatically send encrypted emails to users. Similarly, when a user wants to send an email to someone, the user's local agent will first interact with the other party's agent to negotiate a certification authority suitable for both parties. . Of course, email also requires different technical support, because email is not end-to-end communication, but passes the email through multiple intermediaries to their respective communication machines, and finally reaches the destination.