In the process of learning, we mainly use a single module to learn and understand, including P2P, cryptography, network, protocols and so on. Directly start to summarize:
The key distribution problem is also a key transmission problem. If the key is symmetric, then the key can only be exchanged offline. If the key is transmitted online, it may be intercepted. Therefore, asymmetric encryption is adopted, and two keys, one private key is kept and the other public key is made public. Public keys can be transmitted on the Internet. There is no offline transaction. Ensure the security of data.
As shown above, Node A sends data to Node B, and at this time, it uses public key encryption. Node A obtains Node B's public key from its own public key to encrypt plaintext data, and obtains ciphertext to send to Node B ... and Node B uses its own private key to decrypt it.
2. Message tampering cannot be solved.
As shown above, Node A encrypts with B's public key, and then transmits the ciphertext to Node B. Node B decrypts the ciphertext with Node A's public key.
1. Because A's public key is public, once a hacker intercepts the message, the ciphertext is useless. To put it bluntly, this encryption method can be unlocked by intercepting the message.
2. There is also the problem that the source of the news cannot be determined, and the problem of message tampering.
As shown in the above figure, before sending data, Node A encrypts with B's public key to obtain ciphertext 1, and then encrypts ciphertext 1 with A's private key to obtain ciphertext 2. After node B gets the ciphertext, it decrypts it with A's public key to get the ciphertext 1, and then decrypts it with B's private key to get the plaintext.
1. When data ciphertext 2 is intercepted on the network, because A's public key is public, it can be decrypted with A's public key to get ciphertext 1. So it looks like double encryption, but the private key signature of the last layer is invalid. Generally speaking, we all want to sign our names on the most original materials. If you put the signature behind, because the public key is public, the signature lacks security.
2. There is a performance problem. Asymmetric encryption itself is inefficient, and the encryption process is carried out twice.
As shown in the above figure, node A encrypts with A's private key first, and then encrypts with B's public key. After receiving the message, node B decrypts with B's private key first, and then decrypts with A's public key.
1. When ciphertext data 2 is intercepted by hackers, because ciphertext data 2 can only be decrypted by B's private key, and B's private key only belongs to node B, others can't keep it secret. So the security is the highest.
2. When Node B decrypts the ciphertext 1, only A's public key can be used for decryption. Only the data encrypted with A's private key can be successfully decrypted by A's public key, and A's private key is owned by only one node, so it can be determined that the data was transmitted by one node.
After two times of asymmetric encryption, the performance problem is more serious.
Based on the above problem of tampering with data, we introduce message authentication. The encryption process after message authentication is as follows:
Before Node A sends the message, the plaintext data is hashed once. Get a summary and send it to node B at the same time as the original data. When the Node B receives the message, it decrypts the message. The hash digest and the original data are parsed, and then the same hash calculation is performed on the original data to get the digest 1, and the digest and the digest 1 are compared. If it is the same, it means that it has not been tampered with; If it is different, it means it has been tampered with.
In the transmission process, as long as the ciphertext 2 is tampered with, the obtained hash will be different from hash 1.
Unable to solve the signature problem, the two sides attack each other. A always denies the information he sends. For example, A sends an error message to B, which leads to B's loss. But denial will not be sent out by itself.
In the process of (3), there is no way to solve the mutual attack between the two sides. What do you mean? It may be because the message sent by A was unfavorable to Node A, and later A denied that it had not sent a message.
In order to solve this problem, signature is introduced. Here, we combine the encryption method in (2) -4 with message signature.
In the above figure, we use the private key of Node A to sign the abstract information sent by it, then add the signature to the original text, and then encrypt it with the public key of Node B. After obtaining the ciphertext, B decrypts it with B's private key, and then decrypts the abstract with A's public key. Only by comparing the contents of the two abstracts, we can avoid the tamper-proof problem and the attacks from both sides. Because A signed the information, it can't be denied.
In order to solve the performance problem of asymmetric encrypted data, mixed encryption is often used. It is necessary to introduce symmetric encryption here, as shown in the following figure:
When encrypting data, we use a symmetric key shared by both parties. Symmetric keys should not be transmitted on the network as far as possible to avoid being lost. The * * * shared symmetric key here is calculated according to its own private key and the other party's public key, and then the data is encrypted by using the symmetric key. When the other party receives the data, it also calculates the symmetric key and decrypts the ciphertext.
The above symmetric key is insecure, because the private key of A and the public key of B are generally fixed in a short time, so the symmetric key shared by * * * is also fixed. In order to enhance security, the best way is to generate a temporary symmetric key for each interaction. So how to generate a random symmetric key in each interaction without transmission?
So how to generate a random key for encryption?
For the sender node A, a temporary asymmetric key pair will be generated for each transmission, and then a symmetric key can be calculated according to the public key and temporary asymmetric private key of node B (KA algorithm-key negotiation) ... Then the data will be encrypted with the symmetric key and enjoy the key of * * *. The process here is as follows:
For node B, when the transmitted data is received, the random public key of node A is resolved, and then the symmetric key (KA algorithm) is calculated by using the random public key of node A and the private key of node B ... and then the data is encrypted by using the symmetric key.
For the above encryption methods, there are still many problems, such as how to avoid replay attack (adding Nonce to the message) and rainbow table (refer to KDF mechanism). Due to limited time and ability, it is temporarily ignored.
So what kind of encryption method should we use?
Mainly based on the security level of the data to be transmitted. In fact, it is enough for unimportant data to be authenticated and signed, but very important data needs to be encrypted with a higher security level.
Cryptosystem is a concept of network protocol. It mainly includes authentication, encryption, message authentication (MAC) and key exchange algorithms.
In the transmission process of the whole network, according to the cipher suite, there are mainly the following algorithms:
Key exchange algorithm: e.g. ECDHE, RSA. Mainly used for authentication when the client and the server shake hands.
Message authentication algorithms: such as SHA 1, SHA2, SHA3. Mainly used for message digest.
Batch encryption algorithm: AES, for example, is mainly used to encrypt information flow.
Pseudo-random number algorithm: For example, the pseudo-random function of TLS 1.2 uses the hash function of MAC algorithm to create a master key-a 48-byte private key shared by both parties. When creating a session key (for example, creating a MAC), the master key acts as an entropy source.
In the network, the transmission of a message generally needs to be encrypted in the following four stages to ensure the safe and reliable transmission of the message.
Handshake/network negotiation stage:
In the handshake phase, both parties need to negotiate the link. The main encryption algorithms include RSA, DH, ECDH, etc.
Certification stage:
In the authentication stage, it is necessary to determine the source of the message. The main encryption methods are RSA, DSA, ECDSA(ECC encryption, DSA signature) and so on.
Message encryption stage:
Message encryption refers to the encryption of the information flow sent. The main encryption methods include DES, RC4 and AES.
Message authentication stage/tamper-proof stage:
Mainly to ensure that the message has not been tampered with during transmission. The main encryption methods are MD5, SHA 1, SHA2, SHA3, etc.
Elliptic curve cipher, elliptic curve cipher. It is an algorithm to generate public key and private key according to the product of points on an ellipse. Used to generate public and private keys.
ECDSA: used for digital signature, which is a digital signature algorithm. Effective digital signature makes the receiver have reason to believe that the message was created by a known sender, so that the sender cannot deny that the message has been sent (authenticated and undeniable) and that the message has not changed during transmission. ECDSA signature algorithm is a combination of ECC and DSA The whole signature process is similar to DSA, but the difference is that the algorithm used in the signature is ECC, and the final signature value is also divided into R and S, which is mainly used in the identity authentication stage.
ECDH: It is also a Huffman tree key based on ECC algorithm. Through ECDH, both parties can negotiate a * * * shared secret without sharing any secrets. This * * * shared secret is generated temporarily and randomly for the current communication, and will disappear once the communication is interrupted. Mainly used in handshake negotiation stage.
ECIES: It is an integrated encryption scheme, which can also be called a hybrid encryption scheme. It provides semantic security for selected plaintext and selected ciphertext. ECIES can use different types of functions: key agreement function (KA), key derivation function (KDF), symmetric encryption scheme (ENC), hash function (hash) and H-MAC function (MAC).
ECC is an elliptic encryption algorithm, which mainly describes how to generate an ellipse from public key and private key, and it is irreversible. ECDSA mainly uses ECC algorithm to generate signature, while ECDH uses ECC algorithm to generate symmetric key. All the above three are the applications of ECC encryption algorithm. In real scenes, we often use mixed encryption (symmetric encryption, asymmetric encryption, signature technology, etc. ). ECIES is an integrated (hybrid) encryption scheme provided by the underlying ECC algorithm. It includes asymmetric encryption, symmetric encryption and signature functions.
& ltmeta charset="utf-8 " >
This prerequisite is to ensure that the curve does not contain singularities.
Therefore, with the constant change of curve parameters A and B, the curve also presents different shapes. For example:
All the basic principles of asymmetric encryption are basically based on a formula k = k g, where k stands for public key, k stands for private key and g stands for selected base point. The algorithm of asymmetric encryption is to ensure that the formula cannot be reversed (that is, G/K cannot be calculated). *
How does ECC calculate public and private keys? Here I describe it according to my own understanding.
I understand that the core idea of ECC is to select a base point G on the curve, then randomly select a point K (as the private key) on the ECC curve, and then calculate our public key K according to K G, and ensure that the public key K is also on the curve. *
So what about k G? How to calculate k G to ensure that the final result is irreversible? This is the problem to be solved by ECC algorithm.
First, we randomly select an ECC curve, a =-3, b = 7, and get the following curve:
On this curve, I randomly choose two points. How to multiply these two points? We can simplify the problem, and multiplication can be represented by addition, such as 2 2 = 2+2, 3 5 = 5+5+5. So as long as we can calculate the addition on the curve, we can theoretically calculate the multiplication. So as long as the addition calculation can be carried out on this curve, the multiplication can be calculated theoretically, and the value of the expression k*G can also be calculated theoretically.
How about adding two points to the curve? Here, in order to ensure irreversibility, ECC customized the addition system on the curve.
In reality, 1+ 1=2, 2+2=4, but in ECC algorithm, it is impossible for us to understand this addition system. Therefore, it is necessary to customize an addition system suitable for this curve.
The definition of ECC is to randomly find a straight line in the graph, which intersects with the ECC curve at three points (or maybe two points), namely P, Q and R.
Then P+Q+R = 0. Where 0 is not a point on the coordinate axis, but an infinite point in ECC. In other words, the point at infinity is defined as 0 point.
Similarly, we can get P+Q = -r. Since R and-R are symmetrical about X axis, we can find their coordinates on the curve.
P+R+Q = 0, so P+R = -Q, as shown above.
The above describes how to add in the world of ECC curves.
As can be seen from the above figure, there are only two intersections between a straight line and a curve, which means that the straight line is the tangent of the curve. At this point, p and r coincide.
That is, p = R, according to the above ECC addition system, P+R+Q = 0, we can get P+R+Q = 2P+Q = 2R+Q=0.
So we get 2 P = -Q (is it getting closer and closer to the formula K = k G of our asymmetric algorithm).
So we come to a conclusion that we can calculate multiplication, but we can only calculate the multiplication of tangent points, and we can only calculate the multiplication of 2.
If 2 can be multiplied by any number, then it can represent multiplication in ECC curve, and ECC algorithm can meet the requirements of asymmetric encryption algorithm.
So can we randomly calculate the multiplication of any number? The answer is yes. That is, point product calculation method.
Choose a random number k, so what is k * P equal to?
We know that everything is binary in the computer world. Since ECC can calculate the multiplication of 2, we can describe the random number k as binary and then calculate it. Suppose k =151=100111.
Since 2 P = -Q, k P is calculated like this. This is the point multiplication algorithm. Therefore, multiplication can be calculated under the curve system of ECC, so this asymmetric encryption method is considered feasible.
As for why this calculation is irreversible. This requires a lot of deduction, and I don't understand it. But I think it can be understood like this:
On our watches, there is usually a time scale. Now, if we take 1990 065438+ 10 1 as the starting point, and if we tell you that the starting point has passed a whole 1 year, then we can calculate the time of appearance, that is, we can point the hour hand and the minute hand at 00: 00 on the watch. On the other hand, I said that the hour hand on my watch now points to 00: 00: 00. Can you tell me how many years have passed since the beginning?
ECDSA signature algorithm is basically similar to other DSA and RSA, and both adopt private key signature and public key verification. Only the algorithm system adopts ECC algorithm. Both sides of the interaction should adopt the same parameter system. The principles of signature are as follows:
Choose an infinite point on the curve as the base point G = (x, y). Randomly take a point k on the curve as the private key, and K = k*G calculates the public key.
Signature process:
Generate random number r and calculate RG.
According to the random number r, the hash value h of the message m and the private key k, the signature S = (H+kx)/R is calculated.
Send messages m, RG, s to the receiver.
Signature verification process:
Received message m, RG, s
Calculate the hash value h from the message.
According to the sender's public key K, calculate HG/S+xK/S, and compare the calculation result with RG. If they are equal, the verification is successful.
Formula inference:
HG/S+xK/S = HG/S+x(kG)/S =(H+xK)/GS = RG
Before introducing the principle, it is explained that ECC satisfies the associative law and commutative law, that is, A+B+C = A+C+B = (A+C)+B.
Here is an example on WIKI to illustrate how to generate a key. You can also refer to the examples of Alice and Bob.
If Alice and Bob want to communicate, the premise of both parties is the public key and private key generated by ECC based on the same parameter system. Therefore, ECC with the same base point g exists.
Key generation stage:
Alice uses public key algorithm ka = ka * G to generate public key KA and private key KA, and makes public the public key KA.
Bob uses public key algorithm kb = kb * G to generate public key kb and private key kb, and makes public the public key KB.
Calculate ECDH stage:
Alice uses the formula Q = ka * KB to calculate the key Q.
Bob uses the formula Q' = kb * KA to calculate the key q'.
* * * Enjoy key verification:
Q = KA KB = KA * KB * G = KA * G * KB = KA * KB = KB * KA = Q '
Therefore, the * * * shared key calculated by both parties can be encrypted by Q without being leaked. We call q * * * the secret key.
Other contents in the ECIEC encryption suite adopted by Ethereum:
1, in which the hash algorithm adopts Keccak, the safest SHA3 algorithm.
2. the signature algorithm is ECDSA.
3. The authentication method is H-MAC.
4. The parameter system of 4.ECC adopts secp256k 1. Please refer to here for other parameter systems.
The whole process of H-MAC is called hash-based message authentication code. Its model is as follows:
In the UDP communication of Ethereum (the encryption method of RPC communication is different), the above implementation method is adopted and extended.
First of all, the structure of UDP communication in Ethereum is as follows:
Where sig is the signature information encrypted by the private key. Mac can be understood as the summary of the whole message, ptype is the event type of the message, and data is the transmission data encoded by RLP.
The whole encryption, authentication and signature model of UDP is as follows: