1, symmetric encryption
Symmetric encryption means that encryption and decryption use the same key.
Represented by mathematical propaganda is:
▲ encryption: Ek(P) = C
▲ decryption: Dk(C) = P
Here e stands for encryption algorithm, d stands for decryption algorithm, p stands for plaintext and c stands for ciphertext.
Does it seem a little hard to understand? Look at the picture below:
Friends who have seen the secret service must know the role of radio and codebook. Hiding in it, Sun heard a string of numbers on the radio, then took out the codebook for comparison, found the Chinese characters corresponding to the numbers, and understood the instructions conveyed by his superiors. However, the military monitoring station has no codebook and only sees a bunch of meaningless numbers, which is the principle of symmetry algorithm.
AES belongs to symmetric encryption, and the common symmetric encryption methods are DES, 3DES, Blowfish, RC2 and state secret SM4.
2. Asymmetric encryption
Symmetric encryption is fast and convenient, but it has a disadvantage-the key is easy to be stolen or cracked. Asymmetric encryption can avoid this problem well.
Asymmetric algorithm divides the key into two parts, one is called private key, the other is sent to the other party, and it can also be made public, called public key. Data encrypted with a public key can only be decrypted with a private key.
▲ encryption: e public key (p) = C.
▲ Decryption:: d Private key (C) = P
Now don't worry about the key being stolen or cracked by the other party. Keep the private key yourself.
The core principle of asymmetric encryption algorithm is actually to design a mathematical problem, which makes it easy to derive ciphertext from public key and plaintext, but it is extremely difficult to derive private key from public key, plaintext and ciphertext.
RSA belongs to asymmetric encryption, which includes Elgamal, knapsack algorithm, Rabin, D-H, ECC (Elliptic Curve Encryption Algorithm) and SM2 algorithm.
3.AES and RSA
AES and RSA are very secure, at least under the current computer architecture, there is no effective attack method. In the era of quantum computer, RSA has some defects, because using shro algorithm, the speed of exhaustive calculation of quality factor of quantum computer can be increased by n orders of magnitude, and RSA keys can be cracked in a limited time. AES256 has no obvious loopholes at least at present.
As a symmetric encryption technology, AES has a fast encryption speed. Now higher-end CPU has AES-NI instruction, which can complete encryption and decryption very quickly.
For example, the Nut Cloud storage system uses Intel's AES-NI acceleration. When AES encryption and decryption are used,
The performance of a single core can exceed 1g byte/ second, which is very, very fast and suitable for encryption and decryption of a large number of data. ?
However, AES is a symmetric encryption technology, and how to distribute keys safely is a difficult problem. Passing keys in any way is risky. Of course, the current domestic quantum communication technology may be a good solution to this problem.
RSA, as a representative of asymmetric encryption technology, the encryption and decryption speed is actually quite slow, and it can only encrypt and decrypt small pieces of data. However, due to its asymmetric characteristics, public keys can be distributed everywhere. Only public keys can decrypt data encrypted by private keys, and only private keys can decrypt data encrypted by public keys. Therefore, it is very suitable for key distribution and authentication. These two application scenarios are just the opposite.
1) for symmetric key distribution scenarios. Others encrypt symmetric keys with public keys, so only authorized people hold private keys, so they can decrypt and obtain corresponding keys, which solves the problem of AES key distribution.
2) For the authentication scenario, the authorizer encrypts an instruction with the private key, and others decrypt the corresponding data with the public key to verify whether the corresponding instruction is consistent with some previously agreed features (for example, this paragraph must use a Sichuan accent, such as CEO of Jianguo Cloud?
Standard Sichuan accent = =), if consistent, then it can be confirmed that this instruction is issued by the authorized person.
Related anecdotes:
RSA is not only a great invention, but also free for all Internet users. Its inventor also established a network security company named RSA Security, which was eventually acquired by EMC at a high price. This is an excellent proof of virtue and art, and a model of "being both red and expert".
RSA's algorithm is named after three inventors, all of whom are successful mathematicians, scientists and entrepreneurs, among whom Ron Rivest, the number one, has made many outstanding contributions.
RSA is the foundation of the whole Internet data security, and it is in the same foundation and important position as optical fiber. Most encryption and decryption applications are RSA and AES.
abstract
The difficulty of cracking encryption is not only related to the encryption method, but also related to the key length and encryption method. Take AES as an example, there are AES 128 and AES256 (representing the key length). Obviously, the security performance of AES256 is higher than that of AES 128. AES needs four modes: ECB, CBC, CFB and OFB (for encryption mode).
RSA 1024 belongs to asymmetric encryption, which is based on the difficulty of factorization of large integers, that is, it is easy to multiply two prime numbers, but it is very difficult to find a prime factor of a large number. In the era of quantum computer, RSA has certain risks. Please refer to the hyperlink for details.
There are no obvious loopholes in AES256 at present. The only problem is how to distribute keys safely.
At present, encryption and decryption are mostly based on RSA and AES, which give full play to their respective advantages. RSA is used for key distribution and negotiation, and AES is used for business data encryption and decryption.