In cryptography, the essence of password is some kind of algorithm. A key is calculated by an encryption algorithm, and then the data transmitted by both parties to the transaction is encrypted with this key. Data is commonly known as "message", which was called "plaintext message" before encryption, that is, plaintext; After encryption, it is called "ciphertext information", that is, ciphertext, which is unreadable without a key. All encryption algorithms are open and belong to a pure mathematical model, so this paper will not discuss them too much. Cryptography only focuses on key management, because the security of encrypted communication is only related to the key, which is the focus of this paper. There are two ways of encrypted communication: symmetric encryption and asymmetric encryption.
Before starting the discussion, we assume that Alice is the initiator of communication in an insecure network (such as the Internet). Bob is the receiver of the communication; Alice and Bob trust each other; Eve, on the other hand, listens to communication and waits for opportunities to destroy it: these are some characters put forward by JohnWiley and Sons in the classic course "AppliedCryptography", and these characters and environmental attributes have now become the standard for describing cryptography technology. Symmetric encryption-solving the encryption problem of data itself
As the name implies, symmetric encryption means "a lock corresponds to a key", which means locking and unlocking. There is a difference between tradition and modernity. Let's take the old replacement encryption method as an example to make a simple explanation.
Clear text: HiIamAlice ciphertext: ZEECGCFEIP
Key (password):
ABCDEFGHIJKLMNOPQRSTUVWXYZ
chimpanzebdfbgjkloqrstxywuv
The first line of the key is the regular 26 letters, and the second line is the agreed alphabetical order, which is used to replace the corresponding letters. Besides letters, other conventional symbols can also play the same role and have the same effect. Modern symmetric encryption methods are mostly realized by complex mathematical algorithms. At present, excellent symmetric encryption algorithms include DES, 3DES, DEA, IDEA and so on. , fast operation speed and good encryption performance. The communication process is roughly as follows:
1. Alice calculates a key through a symmetric encryption algorithm and sends it to Bob; ; 2. Alice encrypts the plaintext with the key to obtain the ciphertext; 3. Alice sends the ciphertext to Bob; ; 4.Bob uses this key to decrypt the ciphertext and get the plaintext.
If Eve only intercepts the ciphertext of the third step, she will get nothing because she doesn't know the key. But when Eve listened to step 1, he got as much information as Bob. In the fourth step, Eve's job is to decrypt. Eve can also interrupt the communication line between Alice and Bob before the start of the third step, then pretend to be Bob to accept Alice's information, decrypt and modify it, and then pretend to be Alice to encrypt and send it to Bob. Alice and Bob are always kept in the dark. If Bob is hurt by interests, Alice can accuse Bob of revealing the key herself.
It can be seen that the problem of symmetric encryption is: 1, and the key must be transmitted in advance, which makes the key transmission process (called in-band transmission) very easy to be stolen. Conventional means cannot solve this high risk. 2. Difficult key management: Assuming that there are n parties communicating with each other, if a key is used, once the key is stolen, the whole encryption system will collapse; If different keys are used, the number of keys is equal to n*(n- 1)/2, which means that 100 people communicate in pairs, so everyone should keep 4950 keys! Key management becomes impossible. 3. Because the key is shared, it can't be denied.
Although symmetric encryption is powerful enough to encrypt the data itself and has been widely used in government agencies and commercial organizations, Internet-oriented e-commerce and e-government cannot be discussed unless the above problems are solved. 1975 In the second half of the year, Stanford University professors Di Fei and Herman presented a paper entitled "Multi-user encryption technology" to the National Computer Conference, summarizing the public key encryption technology being explored, but did not propose a new solution.
1976 In May, they announced the discrete exponential encryption algorithm at the National Computer Conference, and published a famous paper "New Direction of Cryptography Research" on IEEE, and proposed a new scheme based on the discrete exponential encryption algorithm: both parties still need to negotiate the key, but the beauty of the discrete exponential algorithm is that both parties can publicly submit some data for operation, but the key is generated on their own computers and is not transmitted on the Internet. If EVE only listens and does not participate in the operation, it is impossible for him to infer the key from the stolen information. Thereby ensuring the safety of the key. This is the prototype of public key encryption. Unfortunately, this encryption method, which is similar to the telephone status, requires both parties to be online at the same time, and also on the premise of mutual trust, so it still cannot meet the needs of modern electronic transactions. From 65438 to 0978, three MIT professors, Rivest, Shamir and Adleman, were inspired by this paper and developed asymmetric RSA public key algorithm. Because this algorithm not only solves the problem of in-band transmission of keys, but also does not require both parties to be online at the same time and to be trusted, it finally paves the way for the vigorous development of modern e-commerce.
Asymmetric encryption is the result of "reverse thinking" of symmetric encryption, that is, "one lock corresponds to two keys", and either one is locked, but the other one must be unlocked.
The communication process of public key encryption system is roughly as follows:
1.Bob publicly released his public key; 2.Alice encrypts plaintext with Bob's public key to get ciphertext and send it to Bob; 3.Bob decrypts the ciphertext with an undisclosed private key.
Although Eve can legally get Bob's public key this time, she can't decrypt the ciphertext intercepted in the second step because she doesn't have Bob's private key.
Where did Bob's public and private keys come from? Why can only the private key decrypt files encrypted by the public key? In order to understand these two problems, we must return to the mathematical basis of public key encryption: the assumption that large numbers cannot be decomposed by prime factors.