the common symmetric encryption algorithms are: digital encryption standard (des), triple-des, idea, blowfish.
the challenge of symmetric encryption:
the challenge of asymmetric encryption:
the common asymmetric encryption algorithms are RSA, elgamal and ECC.
Fuerstl block encryption algorithm is a famous design model of block cipher encryption.
after 199, the speed of thorough key search for DES began to cause discomfort for DES users. However, users don't want to replace DES, because it needs to spend a lot of time and money to change the encryption algorithm widely used and embedded in large-scale security architecture.
the pragmatic approach is not to abandon DES completely, but to change the way DES is used. This leads to the modification scheme of triple DES(3DES).
triple DES
before using 3TDES, users first generate and distribute a 3TDES key k, which consists of three different DES keys K1, K2 and K3.
it can be seen in detail that Triple-DES
Advanced Encryption Standard (AES) is a popular and widely used symmetric encryption algorithm at present. It is found to be at least six times faster than triple DES.
the functions of AES are as follows:
symmetric key symmetric block cipher
128-bit data, 128/192/256-bit key
stronger and faster than Triple-DES
providing complete specifications and design details
For details, we can see that AES
this cipher system is one of the original systems. Even today, it is still the most used cryptographic system. The system was invented by three scholars Ron Rivest, Adi Shamir and Len Adleman, so it is called RSA cryptosystem.
here is an example of generating RSA key pairs (for the sake of understanding, the prime P&Q values used here are very small, but in fact these values are very high).
let two prime numbers be p = 7 and q = 13. Therefore, the modulus n = pq = 7×13 = 91.
choose e = 5, which is an effective choice, because no number is the common factor 5 and (p-1)(q-1)= 6×12 = 72, except 1.
this pair of numbers (n, e) = (91, 5) forms a public key, which can be used by anyone who wants to send us an encrypted message.
input p = 7, q = 13 and e = 5 to the extended Euclidean algorithm. The output will be d = 29.
therefore, the public key is (91, 5) and the private key is (91, 29).
suppose the sender wants to send some text messages to someone with public key (n, e). The sender then represents the plaintext as a series of numbers less than n.
in order to encrypt the first plaintext p, it is a number of modulo n .. The encryption process is a simple mathematical step:
C = Pe mod n
In other words, ciphertext c is equal to plaintext p multiplied by itself e times, and then the modulus n is subtracted. This means that c is also a number less than n.
going back to our example of key generation, plaintext P = 1, we get that ciphertext C:
C = 15 mod 91
belongs to a change of ECC. The core idea of encryption is similar to RSA, and it is also difficult to solve by using discrete logarithm.
but unlike RSA, the public key of EIGamal consists of three parts, namely, prime modulus p, generating element g, and y = GX (the x power of g) mod p.
We can see in detail that Elgamal Cryptosystem
Elliptic Curve Cryptography (ECC) is a term used to describe a set of cryptographic tools and protocols, and its security is based on a special version of the discrete logarithm problem. It does not use digital modulus p. ECC is based on a set of numbers associated with a mathematical object called an elliptic curve. There are rules for adding these numbers and calculating multiples, just like the digital modulus p.
ECC contains many variants of cryptographic schemes originally designed for modular numbers, such as ElGamal encryption and digital signature algorithm.
It is believed that the discrete logarithm problem is more difficult when it is applied to points on elliptic curves. This will prompt you to switch from the digital modulus p to the point on the elliptic curve. If we use variants based on elliptic curves, we can also obtain equivalent security levels with shorter keys.
a shorter key has two advantages:
easy management
efficient calculation
These advantages make the variant of encryption scheme based on elliptic curve very attractive to applications with limited computing resources.
you can see in detail how many times the elliptic curve cryptography
symbol is expressed
signature = message d mod N (d and n are the signer's private keys, and the d power of the message is calculated and mod n is obtained, and the remainder is the signature)
message = signature e mod n (e and n are the signer's public keys, and the e power of the signature is calculated and mod n is obtained). N = 323
public key: E = 5; N = 323
Message: 123
Since the value of n is 323, the message needs to be an integer in the range of ~ 322. Suppose the message of 123 needs to be signed.
Use the private key (D,N) = (29, 323) Sign the message 123.
Message d mod n = 123 29 mod 323 = 157
Therefore (message, signature) = (123, 157)
Use the public key (E,N) = (5, 323) Verify the message
Signature e mod n = 157 5 mod 323 = 123
The message 123 obtained is consistent with the message 123 sent by the sender. Therefore, the signature was verified successfully.
https://Andrea.corbellini.name/215/5/17/elliptic-curve-cryptography -a-gentle-introduction/
Addition inverse: A is in the set, and-A is defined as making a+(-a) in the set. This is the addition inverse operation
the multiplication inverse: A is in the set, and it is not , and A-1 is positioned in the set to make A * A-1 = 1, which is the multiplication inverse operation
Before talking about elliptic curves, let's lay some foundations and then discuss the logarithm problem.
Define a binary operation on a set, which is the group in mathematics. To be a group, a set G must meet the following four conditions:
From the ordinary concept of addition, Integer set z is a group (and Abelian group). natural number set n is not a group.
We can define a group on the elliptic curve:
https://Andrea. corbellini.name/ECC/interactive/ Reals-add.html
is as follows: The self-addition process of point A is the process of multiplication. This process is called Point Doubling
To calculate nP, N additions are needed. If n is k bits, the binary time complexity is O (2 k).
the multiplication algorithm such as n = 151 is 11111
the time complexity of the multiplication algorithm has been greatly improved O(logN) or O(k)
Q = nP
this is only p = 211. On an elliptic curve like Secp256k1, p = 1157928923731619542357985868797532698465656, how to find n from a 78-bit number?
a popular metaphor: suppose that these points are played by a person A in a big room for two years. After two years, A's friend B comes, B sees the last point, and A tells B the starting point. But how can B know how many times A played before it bounced from the starting point to the end point?
the above two graphs are elliptic curves-Secp256K1: y^2 = x^3+7
The first graph is defined in the real number field
The second graph is defined in the finite field Zp
with the following parameters (p,a,b,G,n, h) Formed as follows:
p = fffffffffffffffffffffffffffffffffffffffe fffffc2f = 2 256-2 32-997
a =
b = 7
g = [x79be667e _ f9d. CBBAC_55A6295_CE87B7_29BFCDB_2DCE28D9_59F2815B_16F81798,
x483ADA77_26A3C465_5DA4FBFC_E118A8_FD17B448_A6855419_9C47D8F_FB1D4B8]
n = xffffffff _ ffffffff _ fffffffe _ baaedce6 _ af48a3b _ bfd25e8c _ d364141
h = 1
if there is a point p on the elliptic curve and there is a minimum positive integer n that multiplies the number by nP=O∞, then n is called the order of p <
sig = f sig (f kekcak256 (m), k)
how to calculate r
how to calculate s ≡ q-1 (kekcak256 (m)+r * k) (mod p)
how to verify the signature?
p.s. the sender's private key
RSA key size (bits) and ECC key size (bits) were not used in the above-mentioned signature verification process.
124 16
248 224
372 256
768 384
1536 521
There is a research example. A computer with the same computing power
Why do Bitcoin and Ethereum choose the elliptic curve Secp256k1?
if someone provides an elliptic curve such as Secp256r1, how to verify the safety of this curve?
because public keys are public and easily destroyed or tampered with, it is necessary to establish and maintain a credible basic mechanism to manage public keys.
PKI consists of five parts:
As a metaphor, a certificate can be regarded as an ID card issued to the person. People use driver's licenses, passports and other ID cards to prove their identity. Digital certificates have the same basic functions in the electronic world.
But there is one difference. Digital certificates can be issued not only to people, but also to computers, software packages or anything else that needs to prove the identity of the electronic world.
digital certificate is based on ITU standard X.59, which defines the standard certificate format of public key certificate and authentication verification. Therefore, digital certificates are sometimes called X.59 certificates.
the public key related to the user client is stored in the digital certificate together with the certificate authority (CA), and other related information, such as customer information, expiration date, usage, issuer, etc.
the ca digitally signs this entire information and includes the digital signature in the certificate.
anyone who needs to guarantee the customer's public key and related information will use the CA's public key for signature verification. Successful verification can ensure that the public key given in the certificate belongs to the person who gives the details in the certificate.
The following figure shows the process for an individual/entity to obtain a digital certificate:
As shown in the figure, a CA accepts an application from a client to prove its public key. After properly verifying the identity of the customer, CA issues a digital certificate to the customer.
as mentioned above, CA issues certificates to customers and assists other users to verify certificates. CA is responsible for correctly identifying the identity of the customer who requests to issue the certificate, and ensuring that the information contained in the certificate is correct and digitally signing it.
key functions of ca:
certificate categories
there are four typical certificate categories:
category 1-these certificates can be easily obtained by providing e-mail addresses.
category 2-these certificates require additional personal information.
category 3-these certificates can only be purchased after checking the identity of the requester.
category 4-they are used by governments and financial institutions that need a high degree of trust.
CA can use a third-party registRAtion agency (ra) to conduct necessary checks on the person or company that requires a certificate to confirm its identity. RA may look like a CA on the client.