Current location - Quotes Website - Signature design - Algorithm principle of encrypting and decrypting character strings
Algorithm principle of encrypting and decrypting character strings
We often need a measure to protect our data from being seen or destroyed by some malicious people. In the information age, information can help groups or individuals and benefit them. Similarly, information can also be used to pose a threat and cause harm to them. In big companies with fierce competition, industrial spies often get each other's information. Therefore, objectively, a powerful security measure is needed to protect confidential data from being stolen or tampered with. Data encryption and decryption are very simple and easy to understand from a macro point of view. Some encryption and decryption methods are very direct and easy to master, and can easily encrypt and decrypt confidential data.

One: Data encryption method

Traditionally, we have several ways to encrypt data streams. These methods can be easily implemented by software, but when we only know the ciphertext, it is not easy to decipher these encryption algorithms (when there are both the original text and the ciphertext, it is not easy to decipher the encryption algorithms, but it is already possible). The best encryption algorithm has little effect on system performance, and it can also bring other inherent advantages. For example, as we all know, pkzip compresses encrypted data. For example, some software packages of dbms always contain some encryption methods, which make the function of copying files invalid for some sensitive data or require users' passwords. All these encryption algorithms must have efficient encryption and decryption capabilities.

Fortunately, among all the encryption algorithms, the simplest one is the "permutation table" algorithm, which can also meet the needs of encryption. Each data segment (always one byte) corresponds to an offset in the substitution table, and the value corresponding to the offset is output as an encrypted file. Both encryption and decryption programs need such a "replacement table". In fact, the 80x86 cpu series has an instruction "XLAT" at the hardware level to do this. This encryption algorithm is relatively simple and the encryption and decryption speed is very fast, but once this "replacement table" is obtained by the other party, then this encryption scheme is completely seen through. In addition, this encryption algorithm is very simple for hackers, as long as they find a "replacement table". This method has been widely used before the appearance of computers.

An improvement of this "permutation table" method is to use two or more "permutation tables", both of which are based on byte positions in the data stream or the data stream itself. At this time, decoding becomes more difficult, because hackers must make several transformations correctly. By using more "permutation tables" and using each table in a pseudo-random way, this improved encryption method becomes difficult to decipher. For example, we can use Table A for all even-numbered data and Table B for all odd-numbered data. Even if the hacker obtains the plaintext and ciphertext, it is difficult for him to decipher this encryption scheme unless the hacker knows exactly that two tables are used.

Similar to the use of "substitution table", "transform data location" is also used for computer encryption. However, this requires more execution time. Read plaintext from the input and put it in the buffer, then reorder them in the buffer and output them in this order. Decryption programs recover data in reverse order. This method is always mixed with other encryption algorithms, which makes decryption extremely difficult and almost impossible. For example, there is a word that can be changed into listen by changing the alphabetical order, but all the letters have not changed, neither increasing nor decreasing, but the order between letters has changed.

But there is a better encryption algorithm that only computers can do, that is, word/byte cyclic shift and XOR operation. If we cyclically shift a word or byte in the data stream and use multiple or changing directions (left or right), we can quickly generate an encrypted data stream. This method is very good and more difficult to decipher! Moreover, further, if we use XOR operation, bit by bit XOR operation will make the password more difficult to decipher. If the pseudo-random method is used again, which involves generating a series of numbers, we can use Fibonacci series. It is almost impossible to decode the secondary password by modulo operation (such as modulo 3) on the numbers generated by the sequence to get a result, and then cyclically shifting the number of times of this result! However, it is very easy for our decryption program to generate passwords by using the pseudo-random method of Fibonacci sequence.

In some cases, we want to know whether the data has been tampered with or destroyed, so we need to generate some check codes and insert them into the data stream. Doing so is good for data security and the program itself. But viruses infected with computer programs don't care whether these data or programs are encrypted or digitally signed. Therefore, every time the encryption program is loaded into the memory and starts to be executed, it is necessary to check whether it is infected by the virus, and all files that need to be encrypted and decrypted should be checked! Such a system should naturally be kept secret, because the writers of virus programs will use it to destroy other people's programs or data. Therefore, encryption technology must be used in some antivirus or antivirus software.

Cyclic redundancy check is a typical data check method. For each data block, it generates a checksum of 16 or 32 bits by bit cyclic shift and XOR operation, so that the error of missing one or two bits will definitely lead to a checksum error. This method has already been applied to file transfer, such as xmodem-crc. This method has become a standard and well documented. However, the improved algorithm based on standard crc algorithm is very effective for finding errors in encrypted data blocks and whether files are infected by viruses.

2. Encryption algorithm based on public key

An important feature of a good encryption algorithm is that it can specify a password or key and use it to encrypt plaintext. Different passwords or keys produce different ciphertexts. This is divided into two ways: symmetric key algorithm and asymmetric key algorithm. Symmetric key algorithm means that both encryption and decryption use the same key, while asymmetric key algorithm means that encryption and decryption use different keys. The very famous pgp public key encryption and rsa encryption methods are asymmetric encryption algorithms. Encryption keys (public keys) are very different from decryption keys (private keys). Mathematically, there are almost no truly irreversible algorithms. For example, if an operation is performed on the input' a' and the result is' b', then we can perform the corresponding operation based on' b' and export the input' a'. In some cases, we can get every operation of a value, or the operation is undefined (for example, the divisor is 0). For undefined operations, based on encryption algorithm, public keys can be successfully prevented from being converted into private keys. Therefore, the only way to decipher the asymmetric encryption algorithm and find the unique key is trial and error, which requires a lot of processing time.

Rsa encryption algorithm uses two very large prime numbers to generate public and private keys. Even if the private key can be obtained from a public key by factorization, the amount of calculation involved in this operation is so huge that it is not feasible in reality. The encryption algorithm itself is very slow, which makes it infeasible to encrypt a large amount of data using rsa algorithm. This makes some real encryption algorithms based on rsa encryption algorithm. Pgp algorithm (and most encryption methods based on rsa algorithm) uses public key to encrypt the key of a symmetric encryption algorithm, and then uses a fast symmetric encryption algorithm to encrypt data. The key of this symmetric algorithm is randomly generated and kept secret. Therefore, the only way to get the key is to decrypt it with the private key.

Let's take an example: suppose we want to encrypt some data now and use the key'12345'. Use rsa public key, encrypt this key'12345' with rsa algorithm, and put it in front of the data to be encrypted (it may be followed by a separator or file length to distinguish the data from the key). Then, the text is encrypted with a symmetric encryption algorithm, and the key used is'12345'. When the other party receives it, the decryption program finds the encryption key, decrypts it with rsa private key, then determines the starting position of the data, and decrypts the data with the key'12345'. In this way, reliable and efficient encrypted data can be transmitted and decrypted safely.

You can find some simple encryption algorithms based on rsa algorithm at the following sites:

ftp://ftp.funet.fi/pub/crypt/cryptography/asymmetric/rsa

3. A new multi-step encryption algorithm

Now there is a new encryption algorithm, which is said to be almost impossible to decipher. This algorithm was officially published in June 1998. The algorithm is described in detail as follows:

Use a series of numbers (such as 128-bit key) to generate a repeatable but highly randomized pseudo-random number sequence. Use 256 entries at a time, and use a random number sequence to generate a password conversion table, as shown below:

Put 256 random numbers in a matrix, then sort them, and generate a table in such a way as the initial position (we should remember the initial position), which is randomly sorted. The number in the table is between 0 and 255. If you don't know how to do it, you can leave it alone. However, the following also provides some original code (as follows) for us to know how to do it. Now, a specific 256-byte table has been generated. Then let this random number generator generate the remaining numbers in this table, so that each table is different. Next, the "shotgun technology" technology is used to generate the decoding table. Basically, if a maps to b, then b must map to a, so b [a [n]] = n (n is a number between 0 and 255). Assign values in a loop, using a 256-byte decoding table, which corresponds to the 256-byte encryption table we just generated in the previous step.

This method can already generate such a table, and the order of the table is random, so the random number of 256 bytes is generated by quadratic pseudo-random, and two passwords of 16 bits are used. Now, there are two conversion tables, and the basic encryption and decryption work is as follows. The ciphertext of the previous byte is the index of this 256-byte table. Alternatively, in order to improve the encryption effect, you can use an extra 8-bit value, or even use a checksum or crc algorithm to generate index bytes. Suppose this table is a 256*256 array, it will look like this:

Crypto 1 = a [crypto 0][ value]

The variable "crypto 1" is the encrypted data, and "crypto0" is the previous encrypted data (or the function value of the previous encrypted data). Naturally, the first data needs a "seed", which we must remember. If a table of 256*256 is used, this will increase the length of the ciphertext. Alternatively, you can use the password you used to generate the random number sequence or its crc checksum. By the way, a test was done: the index of the table was generated with 16 bytes, and the key of 128 bits was used as the initial "seed" of this 16 byte. Then, after the table of these random numbers is generated, it can be used to encrypt data at a speed of 100k bytes per second. When encrypting and decrypting, the encrypted value must be used as the index of the table, and these two times must match.

The pseudo-random sequence generated in the encryption process is very random and can be designed into any desired sequence. Without detailed information about this random sequence, it is unrealistic to decrypt the ciphertext. For example, some sequences of ascii codes, such as "eeeeeeee", may be converted into random and meaningless random codes, and each byte depends on the ciphertext of its previous byte rather than the actual value. For this conversion of any single character, the effective actual length of the encrypted data is hidden.

If you really don't understand how to generate a random number sequence, you can consider fibbonacci sequence, use two double-word (64-bit) numbers as seeds to generate random numbers, and add the third double-word to do XOR operation. The algorithm generates a series of random numbers. The algorithm is as follows:

Unsigned long integer dw 1, dw2, dw3, dwmask.

int I 1;

The unsigned long integer arandom [256];

dw 1 = { seed # 1 };

Dw2 = {seed # 2};

dw mask = { seed # 3 };

//This gives you three 32-bit "seeds", that is, 96 bits in total.

for(I 1 = 0; I 1 & lt; 256; i 1++)

{

dw3 =(dw 1+dw2)^ dw mask;

arandom[I 1]= dw3;

dw 1 = dw2;

dw2 = dw3

}

If you want to generate a series of random numbers, for example, some numbers between 0 and all random numbers in the list, you can use the following methods:

int _ _ cdecl mysortproc(void * p 1,void *p2)

{

Unsigned long integer **pp 1 = (unsigned long integer * *) p1;

Unsigned long integer **pp2 = (unsigned long integer * *) p2;

if(* * PP 1 & lt; * * Page 2)

return(- 1);

else if(* * PP 1 & gt; * Page 2)

Returns (1);

return(0);

}

...

int I 1;

Unsigned long * Aprandom [256];

The unsigned long integer arandom [256]; //The same array as before, in this case.

int result[256]; //The results are displayed here

for(I 1 = 0; I 1 & lt; 256; i 1++)

{

aprandom[I 1]= arandom+I 1;

}

//Sort now

qsort(aprandom,256,sizeof(*aprandom),mysortproc);

//Last step-Put the offset of the pointer into the output array.

for(I 1 = 0; I 1 & lt; 256; i 1++)

{

a result[I 1]=(int)(aprandom[I 1]-arandom);

}

...

The value in the variable "aresult" should be an ordered array consisting of only a series of integers, with integer values ranging from 0 to 255. Such an array is very useful, for example, for a byte-to-byte conversion table, a short key can be easily and reliably generated (usually as the seed of some random numbers). This table has other uses, such as generating a random character, the random position of an object in a computer game, and so on. The above example itself does not constitute an encryption algorithm, but only a part of the encryption algorithm.

As a test, an application program is developed to test the above encryption algorithm. The program itself has been optimized and modified many times, which improves the real randomness of random numbers and prevents some short and repeatable random numbers from being generated for encryption. Encrypting a file with this program may take so much time to crack this file, which is impossible in reality.

Four. Conclusion:

Because in real life, we need to ensure that some sensitive data can only be seen by people with corresponding permissions, and that information will not be tampered with or intercepted during transmission, which requires a large number of security systems to be widely used in government, large companies and personal systems. Of course, data encryption can be cracked, but what we want is the security in a specific period, that is to say, it is difficult enough to crack the ciphertext, which is impossible in reality, especially in a short time.