Current location - Quotes Website - Personality signature - There are several modern network encryption technologies.
There are several modern network encryption technologies.
1 data encryption principle

1. 1 data encryption

The data encryption realized on the computer, its encryption or decryption conversion is realized by key control. The key is randomly selected by the user according to the cryptographic system. It is usually a random string and is the only parameter that controls the conversion between plaintext and ciphertext.

Example: plaintext is a string:

When kingfisher caught fire.

(For simplicity, it is assumed that only uppercase letters and space characters are processed).

Suppose the key is a string: Eliot.

The encryption algorithm is:

(1) Divides plaintext into blocks with multiple key string lengths (spaces are indicated by "+").

Her+is on fire.

(2) Replace each character of plaintext with an integer in the range of 00 ~ 26, with space character = 00, a = 0 1, ..., z = 26.

0 1 1900 1 109 14070609 19 0805 18 1900 030 1200308 000609 1805

(3) Replace each character of the key as in step 2:

05 1209 1520

(4) For each plaintext block, each character is replaced by the value after modulo 27 of the sum of the corresponding integer code and the integer code of the character at the corresponding position in the key:

(5) Replace the integer code in the result of step 4 with equivalent characters:

FDIZB SSOXL MQ+GT HMBRA ERRFY

Ideally, the encryption mode adopted should make the attacker pay more for cracking than he gains. In fact, this purpose applies to all security measures. The acceptable ultimate goal of this encryption mode is that even the inventor of this mode can't get the key by matching plaintext and ciphertext, so he can't crack the ciphertext.

1.2 digital signature

Cryptography not only provides the encryption and decryption of information, but also provides the functions of identifying the source of information and ensuring the integrity and non-repudiation of information, and these three functions are all realized by digital signature.

Digital signature is the result of calculation involving signature information and signer's private key. First, the signer's software generates a message digest-a unique fixed-length information representation of the sent information after hash function operation. Then, the software decrypts the digest with the signer's private key and sends the result to the intended recipient along with the information and the signer's digital certificate. The receiver's software will generate a message digest for the received message (using the same hash function) and decrypt the digest generated by the signer using the signer's public key. The receiver's software can also be configured to verify the authenticity of the signer's certificate and ensure that the certificate was issued by a trusted CA and has not been revoked by the CA. Like these two digests, it indicates that the receiver successfully verified the digital signature.

2 encryption system and its comparison

According to the different types of keys, modern cryptography can be divided into two categories: one is symmetric encryption (secret key encryption) system, and the other is public key encryption (asymmetric encryption) system.

2. 1 symmetric cryptographic system

Symmetric key encryption system uses the same key for encryption and decryption, and both parties must obtain the key to keep the key secret.

The security of symmetric cryptosystem depends on the following two factors. First, the encryption algorithm must be strong enough, and it is impossible to decrypt information only based on the ciphertext itself. Second, the security of encryption method depends on the confidentiality of key, not the confidentiality of algorithm. Because the algorithm does not need to be kept secret, manufacturers can develop low-cost chips to realize data encryption. These chips are widely used and suitable for mass production.

The biggest problem of symmetric encryption system is that the distribution and management of keys are very complicated and expensive. For example, a network with n users needs n (n- 1)/2 keys, and the symmetric encryption system is effective when the user group is not very large. However, for large-scale networks, when the user group is huge and widely distributed, the distribution and preservation of keys becomes a big problem. Another disadvantage of symmetric encryption algorithm is that it can't realize digital signature.

The most famous symmetric encryption systems are American data encryption standards DES, AES (Advanced Encryption Standard) and European data encryption standard Idea. 1977, the American National Bureau of Standards officially announced the implementation of the American data encryption standard DES, made its encryption algorithm public, and approved it for non-confidential units and commercial secret communications. DES has become the most widely used encryption standard in the world.

However, after more than 20 years of use, many shortcomings of DES have been found, and the cracking method of DES has become more and more effective. AES will replace DES as a new generation encryption standard. DES has such a characteristic that its decryption algorithm and encryption algorithm are the same, but the application order of keys is opposite.

2.2 Public key cryptosystem

The encryption key (public key) and decryption key (private key) used in public key encryption system are different. Because encryption keys are public, the distribution and management of keys are very simple, for example, for a network with n users, only 2n keys are needed. Public key encryption system can also easily realize digital signature. So it is most suitable for e-commerce applications. In practical application, public key encryption system can not completely replace symmetric key encryption system, because public key encryption system is based on a complex mathematical problem, its calculation is very complicated and its security is higher, but its implementation speed is far behind that of symmetric key encryption system. In practical application, we can use their respective advantages to encrypt files with symmetric encryption system and use public key encryption system to encrypt the key (session key) of "encrypted files". This is the hybrid encryption system, which solves the problems of operation speed and key distribution management.

According to mathematical problems, three systems are considered to be safe and effective: large integer factorization system (RSA), elliptic curve discrete logarithm system (ECC) and discrete logarithm system (DSA).

At present, RSA, the most famous and widely used public key system, was put forward by Rivet, Shamir and Adelman (RSA system for short). Its encryption algorithm uses two very large prime numbers to generate public and private keys. In reality, all encryption algorithms are based on RSA encryption algorithm. PGP algorithm (and most encryption methods based on RSA algorithm) uses public key to encrypt the key of a symmetric encryption algorithm, and then uses a fast symmetric encryption algorithm to encrypt data. The key of this symmetric algorithm is randomly generated and kept secret. Therefore, the only way to get the key is to decrypt it with the private key.

The advantages of RSA method mainly lie in its simple principle and convenient use. With the progress and perfection of large integer decomposition method, the improvement of computer speed and the development of computer network (thousands of machines can decompose large integers at the same time), the requirements of large integers as RSA encryption and decryption security are getting higher and higher. In order to ensure the security of RSA, the number of its keys has been increasing. For example, it is generally believed that RSA needs a word length of more than 1024 bits to ensure security. However, the increase of key length greatly reduces the speed of encryption and decryption, and the hardware implementation becomes more and more unbearable, which brings a heavy burden to applications using RSA, especially e-commerce that conducts a large number of secure transactions, thus limiting its application scope more and more.

DSA (data signature algorithm) is a digital signature standard based on discrete logarithm problem, which only provides digital signature and does not provide data encryption function. It is also an "uncertain" digital signature algorithm. For a message m, its signature depends on the random number r? In this way, the same message may have different signatures. In addition, when using the same modulus, DSA is slower than RSA (both of them generate signatures at the same speed, but DSA is slower than RSA when verifying signatures 10 to 40 times).

2.3 ECC technical advantages of elliptic curve encryption algorithm

ECC (Elliptic Curve Cryptography) is a public key system with higher security and better algorithm performance, which is based on the computational difficulty of discrete logarithm.