1. Symmetric key management. Symmetric encryption is based on synchronously keeping secrets. Trading parties using symmetric encryption technology must ensure that they use the same key, ensure that the exchange of keys between each other is safe and reliable, and also set up procedures to prevent key leaks and key changes. In this way, the management and distribution of symmetric keys becomes a potentially dangerous and cumbersome process. The management of symmetric keys through public key encryption technology makes the corresponding management simpler and more secure, and also solves the reliability problems and authentication problems existing in the pure symmetric key mode. The trading party can generate a unique symmetric key for each exchange of information (such as each EDI exchange) and encrypt the key with the public key, and then encrypt the encrypted key with the key. The information (such as EDI exchange) is sent to the corresponding trading party together. Since a unique key is generated for each information exchange, trading parties no longer need to maintain the key and worry about the leakage or expiration of the key. Another advantage of this method is that even if a key is leaked, it will only affect one transaction and will not affect all trading relationships between the trading parties. This approach also provides a secure way to distribute symmetric keys between trading partners.

2. Public key management/digital certificate. Digital certificates (public key certificates) can be used to exchange public keys between trading partners. The standard X.509 developed by the International Telecommunications Union (ITU) defines digital certificates. This standard is equivalent to the ISO/IEC 9594-8:195 standard jointly issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Digital certificates usually contain the name that uniquely identifies the owner of the certificate (i.e., the trading party), the name that uniquely identifies the issuer of the certificate, the public key of the certificate owner, the digital signature of the certificate issuer, the validity period of the certificate, and the serial number of the certificate, etc. . The certificate issuer is generally called a certificate authority (CA), which is an organization trusted by all parties in the trade. Digital certificates can play a role in identifying trading parties and are one of the technologies currently widely used in e-commerce.

3. Standards and specifications related to key management. At present, relevant international standardization organizations are beginning to formulate technical standards and specifications on key management. The Information Technology Committee (JTC1) under ISO and IEC has drafted international standards and specifications on key management. The specification mainly consists of three parts: the first is the key management framework; the second is the mechanism using symmetric technology; the third is the mechanism using asymmetric technology. This specification has now entered the international standard draft voting stage and will soon become an official international standard.

Digital signature

Digital signature is another application of public key encryption technology. Its main method is: the sender of the message generates a 128-bit hash value (or message digest) from the message text. The sender encrypts this hash value with its own private key to form the sender's digital signature. This digital signature will then be sent to the recipient of the message as an attachment to the message. The receiver of the message first calculates the 128-bit hash value (or message digest) from the original message received, and then uses the sender's public key to decrypt the digital signature attached to the message. If the two hash values ??are the same, then the receiver can confirm that the digital signature belongs to the sender. The identification and non-repudiation of the original message can be achieved through digital signatures.

ISO/IEC JTC1 is already drafting relevant international standards and specifications. The preliminary title of the standard is "Information technology security technology digital signature scheme with attachments", which consists of two parts: an overview and an identity-based mechanism. Introduction to cryptography According to records, in 400 BC, the ancient Greeks invented the substitution cipher. In 1881, the world's first telephone security patent appeared. During World War II, the German military used the "Enigma" cipher machine. Cryptography played a very important role in the war.

With the development of informatization and digital society, people's awareness of the importance of information security and confidentiality continues to increase, so in 1997, the National Bureau of Standards announced the implementation of the "American Data Encryption Standard (DES)" ”, private forces began to fully intervene in the research and application of cryptography, and the encryption algorithms used include DES, RSA, SHA, etc. As the demand for encryption strength continues to increase, AES, ECC, etc. have recently emerged.

Using cryptography can achieve the following purposes:

Confidentiality: Preventing user identification or data from being read.

Data integrity: Prevent data from being changed.

Authentication: Ensure that data is sent from a specific party.

2. Introduction to Encryption Algorithms Modern cryptography technologies are divided into two categories according to different key types: symmetric encryption algorithms (secret key encryption) and asymmetric encryption algorithms (public key encryption).

Symmetric key encryption system uses the same secret key for encryption and decryption, and both communicating parties must obtain this key and keep the key secret.

The encryption key (public key) and decryption key (private key) used in the asymmetric key encryption system are different. In symmetric encryption algorithms, only one key is used to encrypt and decrypt information, that is, the same key is used for encryption and decryption.

Commonly used algorithms include: DES (Data Encryption Standard): Data encryption standard, fast, suitable for situations where large amounts of data are encrypted.

3DES (Triple DES): Based on DES, a piece of data is encrypted three times with three different keys, which is stronger.

AES (Advanced Encryption Standard): Advanced Encryption Standard, a next-generation encryption algorithm standard with fast speed and high security level;

In October 2000, NIST (American National Standard and Technology Association) announced the adoption of a new key encryption standard selected from 15 candidate algorithms. Rijndael was selected to be the future AES. Rijndael was created in the second half of 1999 by researchers Joan Daemen and Vincent Rijmen. AES is increasingly becoming the de facto standard for encrypting all forms of electronic data.

The National Institute of Standards and Technology (NIST) developed the new Advanced Encryption Standard (AES) specification on May 26, 2002.

Algorithm principle The AES algorithm is based on permutation and substitution operations. Permutation is the rearrangement of data, and permutation is the replacement of one data unit with another. AES uses several different methods to perform permutation and permutation operations.

AES is an iterative, symmetric key-blocked cipher that can use 128-, 192-, and 256-bit keys and encrypts and decrypts data in 128-bit (16-byte) blocks. Unlike public key ciphers which use key pairs, symmetric key ciphers use the same key to encrypt and decrypt data. The encrypted data returned by the block cipher has the same number of bits as the input data. Iterative encryption uses a loop structure in which the input data is repeatedly permuted and replaced.

Comparison of AES and 3DES Algorithm Name Algorithm Type Key Length Speed ??Decryption Time (Construction machine attempts 255 keys per second) Resource Consumption AES Symmetric block cipher 128, 192, 256 bits high 1490000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Mayor 2009 0000000000000000000000000000000000000000000000000000000000000 and 3DES symmetric feistel cipher 112-bit or 168-bit common asymmetric encryption algorithms are as follows:

RSA: Invented by RSA Company, it is a public key that supports variable length keys Algorithm, the length of the file block that needs to be encrypted is also variable;

DSA (Digital Signature Algorithm): Digital signature algorithm, a standard DSS (Digital Signature Standard);

ECC (Elliptic Curves Cryptography): elliptic curve cryptography.

In 1976, because symmetric encryption algorithms could no longer meet the needs, Diffie and Hellman published an article called "New Trends in Cryptozoology", which introduced the concept of public key encryption by Rivet, Shamir, Adelman proposed the RSA algorithm.

With the advancement and improvement of the method of decomposing large integers, the improvement of computer speed and the development of computer networks, in order to ensure the security of data, the number of RSA keys needs to continue to increase. However, the increase in key length leads to In addition to the greatly reduced encryption and decryption speed, the hardware implementation has become more and more unbearable, which puts a heavy burden on applications using RSA, so a new algorithm is needed to replace RSA.

In 1985, N. Koblitz and Miller proposed using elliptic curves for cryptographic algorithms, based on the discrete logarithm problem ECDLP in a point group on an elliptic curve in a finite field. ECDLP is a harder problem than the factorization problem, it is exponentially harder.

Principle - Problems on elliptic curves The discrete logarithm problem on elliptic curves ECDLP is defined as follows: given a prime number p and an elliptic curve E, for Q=kP, when P and Q are known, find Find a positive integer k less than p. It can be shown that it is easier to calculate Q from k and P, but it is more difficult to calculate k from Q and P.

Assuming that the addition operation in elliptic curves corresponds to the modular multiplication operation in discrete logarithms, and the multiplication operation in elliptic curves corresponds to the modular exponentiation operation in discrete logarithms, we can establish a Cryptosystems corresponding to elliptic curves.

For example, corresponding to the Diffie-Hellman public key system, we can implement it on the elliptic curve in the following way: select the generator P on E, requiring that the group elements generated by P are enough, and the communicating party A and B respectively select a and b, a and b are kept confidential, but aP and bP are made public, and the key used for communication between A and B is abP, which cannot be known by a third party.

The corresponding ELGamal cryptosystem can be implemented on the elliptic curve in the following way:

Embed the plaintext m into point Pm on E, select a point B∈E, and each user Choose an integer a, 0

To send m to A, you can send the following pair of even numbers: [kB, Pm+k(aAB)], k is a randomly generated integer. A can find k(aAB) from kB. Restore Pm by: Pm+k(aAB)- k(aAB)=Pm. Also corresponding to DSA, consider the following equation:

K=kG [where K and G are points on Ep(a,b), k is an integer less than n (n is the order of point G)]

It is not difficult to find that given k and G, it is easy to calculate K according to the addition rule; but given K and G, it is relatively difficult to calculate k.

This is the problem with the use of elliptic curve encryption algorithms. We call point G the base point, k (k

Comparison of ECC and RSA Compared with RSA, ECC has absolute advantages in many aspects, mainly reflected in the following aspects:

Strong attack resistance. The same key length is many times more resistant to attacks.

The calculation amount is small and the processing speed is fast. The overall speed of ECC is much faster than RSA and DSA.

It takes up little storage space. The key size and system parameters of ECC are much smaller than those of RSA and DSA, which means that it takes up much less storage space. This is particularly important for the application of encryption algorithms on IC cards.

Low bandwidth requirements. When encrypting and decrypting long messages, the three types of cryptosystems have the same bandwidth requirements, but the ECC bandwidth requirements are much lower when applied to short messages. Low bandwidth requirements make ECC have broad application prospects in the field of wireless networks.

These characteristics of ECC will surely replace RSA and become a universal public key encryption algorithm. For example, the makers of the SET protocol have made it the default public key cryptographic algorithm in the next generation SET protocol.

The following two representations compare the security and speed of RSA and ECC. Breaking time (MIPS years) RSA/DSA (key length) ECC key length RSA/ECC key length ratio 10 512 106 5: 1 10 768 132 6: 1 10 1024 160 7: 1 10 2048 210 10: 1 10 21000 600 35:1 Comparison of RSA and ECC security models Function Security Builder 1.2 BSAFE 3.0 163-bit ECC (ms) 1,023-bit RSA (ms) Key pair generation 3.8 4,708.3 Signature 2.1 (ECNRA) 228.4 3.0 (ECDSA) Authentication 9.9 ( ECNRA) 12.7 10.7 (ECDSA) Diffie-Hellman Key Exchange 7.3 1,654.0 RSA and ECC speed comparison Hash algorithm is also called hash algorithm, English is Hash, which is to input any length (also called pre-mapping, pre-image), Through the hash algorithm, it is converted into a fixed-length output, and the output is the hash value. This conversion is a compressed mapping, that is, the space of hash values ??is usually much smaller than the space of inputs. Different inputs may hash into the same output, and it is impossible to uniquely determine the input value from the hash value. Simply put, it is a function that compresses a message of any length into a message digest of a certain fixed length.

HASH is mainly used as an encryption algorithm in the field of information security. It converts information of different lengths into messy 128-bit codes. These coded values ??are called HASH values. It can also be said that hash is to find a The mapping relationship between data content and data storage address hash is a refinement of information. Usually its length is much smaller than the information and is a fixed length. A cryptographically strong hash must be irreversible, which means that no part of the original information can be deduced from the hash result. Any change in the input information, even just one bit, will lead to significant changes in the hash result, which is called the avalanche effect. Hashes should also be collision-proof, meaning that two messages with the same hash result cannot be found. Hash results with these characteristics can be used to verify whether the information has been modified.

One-way hash functions are generally used to generate message digests, key encryption, etc. Common ones are:

MD5 (Message Digest Algorithm 5): developed by RSA Data Security Company A one-way hashing algorithm.

SHA (Secure Hash Algorithm): can generate a 160-bit value for data operations of any length;

In 1993, the Secure Hash Algorithm (SHA) was established by the American National Standard It was proposed by the National Institute of Standards and Technology (NIST) and published as the Federal Information Processing Standard (FIPS PUB 180); in 1995, a revised version of FIPS PUB 180-1 was released, often called SHA-1.

SHA-1 is based on the MD4 algorithm, and its design mimics MD4 to a large extent. It is now recognized as one of the most secure hashing algorithms and is widely used.

Principle SHA-1 is a data encryption algorithm. The idea of ??the algorithm is to receive a piece of plaintext and then convert it into a piece of (usually smaller) ciphertext in an irreversible way. It can also be simple It is understood as the process of taking a string of input codes (called pre-mapping or information) and converting them into a short-length, fixed-digit output sequence, that is, a hash value (also called a message digest or information authentication code).

The security of the one-way hash function lies in the strong one-way nature of the operation process to generate the hash value. If the password is embedded in the input sequence, then no one can produce the correct hash value without knowing the password, thus ensuring its security. SHA divides the input stream into chunks of 512 bits (64 bytes) and produces a 20-byte output called a message authentication code or message digest.

The maximum length of the input message of this algorithm does not exceed 264 bits, and the output generated is a 160-bit message digest. Input is processed in 512-bit blocks. SHA-1 is irreversible, collision-proof, and has good avalanche effects.

Digital signatures can be implemented through hashing algorithms. The principle of digital signatures is to convert the plaintext to be transmitted into a message digest through a functional operation (Hash) (different plaintexts correspond to different message digests) , the message digest is encrypted and sent to the recipient together with the plain text. The recipient will generate a new message digest from the accepted plain text and compare it with the decrypted digest of the message sent by the sender. If the comparison result is consistent, it means that the plain text has not been changed. If it is inconsistent, it means that the plain text has not been changed. The plaintext has been tampered with.

MAC (Message Authentication Code) is a hash result, in which part of the input information is a password. Only participants who know this password can calculate and verify the legitimacy of the MAC code again. See the figure below for the generation of MAC. Input message Password Hash function Message authentication code Comparison of SHA-1 and MD5 Because both are derived from MD4, SHA-1 and MD5 are very similar to each other. Accordingly, their strengths and other characteristics are similar, but there are several differences:

Security against force supply: The most significant and important difference is that the SHA-1 digest is longer than the MD5 digest 32 bits. Using brute force techniques, the difficulty of generating any message whose digest is equal to a given message digest is an operation of 2 orders of magnitude for MD5, and an operation of 2 orders of magnitude for SHA-1. In this way, SHA-1 has greater strength against brute force attacks.

Security against cryptanalysis: Due to the design of MD5, it is vulnerable to cryptanalysis attacks, while SHA-1 appears to be less susceptible to such attacks.

Speed: SHA-1 runs slower than MD5 on the same hardware. Comparison of symmetric and asymmetric algorithms

The above summarizes the principles of the two encryption methods. Generally speaking, there are main differences in the following aspects:

1. In terms of management: public key Cryptographic algorithms only require fewer resources to achieve their goals. In terms of key distribution, there is an exponential difference between the two (one is n and the other is n). Therefore, the private key cryptographic algorithm is not suitable for use in wide area networks, and more importantly, it does not support digital signatures.

2. In terms of security: Since the public key cryptographic algorithm is based on unsolved mathematical problems, it is almost impossible to crack. As for the private key cryptographic algorithm, although AES is theoretically impossible to crack, from the perspective of computer development. Public keys are more advantageous.

3. From the perspective of speed: the software implementation speed of AES has reached several megabits or tens of megabits per second. It is 100 times that of the public key. If implemented in hardware, this ratio will be expanded to 1000 times.

Selection of encryption algorithm The previous chapter has introduced the symmetric decryption algorithm and the asymmetric encryption algorithm. Many people are wondering: Which one should we use in actual use?

We should determine based on our own usage characteristics. Since asymmetric encryption algorithms run much slower than symmetric encryption algorithms, when we need to encrypt a large amount of data, it is recommended to use symmetric encryption algorithms to improve Encryption and decryption speed.

Symmetric encryption algorithms cannot implement signatures, so signatures can only be asymmetric algorithms.

Since the key management of the symmetric encryption algorithm is a complex process, the management of the key directly determines its security. Therefore, when the amount of data is small, we can consider using an asymmetric encryption algorithm.

In the actual operation process, the way we usually use is: using an asymmetric encryption algorithm to manage the key of a symmetric algorithm, and then using a symmetric encryption algorithm to encrypt the data, so that we integrate two types of encryption algorithms The advantage is that it not only realizes the advantages of fast encryption speed, but also realizes the advantages of safe and convenient key management.

If the encryption algorithm is selected, how many bits of the key will be used? Generally speaking, the longer the key, the slower it runs. It should be selected according to the security level we actually need. Generally speaking, RSA recommends using 1024-bit numbers, ECC recommends using 160-bit numbers, and AES uses 128-bit numbers. That’s it.

The application of cryptography in modern times. With the popularity of commercial applications of cryptography, public key cryptography has received unprecedented attention. In addition to traditional cryptographic application systems, PKI systems are based on public key cryptography technology and provide encryption, signature, authentication, key management, distribution and other functions.

Confidential communication: Confidential communication is the motivation for the emergence of cryptography. When using public-private key cryptography for confidential communication, the recipient of the information can decrypt the information only if he knows the corresponding key.

Digital signature: Digital signature technology can replace traditional handwritten signatures, and from a security perspective, digital signatures have good anti-forgery capabilities. It has a wide range of application environments in government agencies, military fields, and commercial fields.

Secret sharing: Secret sharing technology refers to using cryptographic technology to split a secret information into n pieces of information called sharing factors, and distribute them to n members. Only Only the maximum sharing factor of k (k ≤ n) legal members can recover the secret information. No one of them or m (m ≤ k) members cooperate and know the secret information. Use secret sharing technology to control any secret information, commands, etc. that require simultaneous control by multiple individuals.

Authentication function: Transmit sensitive information on an open channel, use signature technology to verify the authenticity and integrity of the message, and verify the identity of the communication subject by verifying the public key certificate.

Key management: The key is the more fragile and important link in the security system. The public key cryptography system is a powerful tool to solve the key management work; the public key cryptography system is used for key negotiation and generation. , the two parties of confidential communication do not need to share secret information in advance; the public key cryptography system is used for key distribution, protection, key custody, key recovery, etc.

In addition to the above general functions based on the public key cryptography system, the following systems can also be designed and implemented: secure e-commerce systems, electronic cash systems, electronic election systems, electronic bidding systems, electronic lottery systems, etc.

The emergence of the public key cryptography system is the basis for cryptography to move from traditional government, military and other application fields to commercial and civilian applications. At the same time, the development of the Internet and e-commerce has opened up a broader field for the development of cryptography. prospect.

The future of encryption algorithms With the improvement of computing methods, the acceleration of computer operation speed, and the development of the network, more and more algorithms have been cracked.

At the 2004 International Cryptozoology Conference (Crypto'2004), Professor Wang Xiaoyun from Shandong University in China gave a report on deciphering the MD5, HAVAL-128, MD4 and RIPEMD algorithms, which made the top international cryptographers present present. Scientific experts are shocked by this, which means that these algorithms will be eliminated from application. Subsequently, SHA-1 was also declared to be cracked.

There have been three attack experiments that had an impact on DES in history. In 1997, 70,000 computers from various countries were used to crack the DES key in 96 days. In 1998, the Electronic Frontier Foundation (EFF) used a special computer built for $250,000 to crack the DES key in 56 hours. In 1999, EFF completed the cracking work in 22 hours and 15 minutes. therefore. DES, which once made outstanding contributions, can no longer meet our growing needs.

Recently, a group of researchers successfully factored a 512-bit integer, announcing the crack of RSA.

We say that data security is relative. It can be said that it is safe under certain conditions in a certain period of time. With the development of hardware and networks, or the emergence of another Wang Xiaoyun, currently commonly used encryption algorithms have become It may be cracked in a short time. At that time, we have to use longer keys or more advanced algorithms to ensure data security. Therefore, encryption algorithms still need to be continuously developed and improved to provide higher encryption security strength and Operation speed.

Looking at these two algorithms, one goes from DES to 3DES to AES, and the other goes from RSA to ECC. Its development perspective is all considered from the aspects of simplicity of the key, low cost, ease of management, complexity of the algorithm, security of confidentiality and speed of calculation. Therefore, the development of future algorithms must be based on these perspectives, and in actual operations these two algorithms are often combined. A new algorithm that combines the advantages of the two algorithms will appear in the future. By that time, the implementation of e-commerce will be faster and safer.