Encryption technology is a technology to encode and decode information. Encoding is to translate originally readable information (also called plaintext) into code form (also called ciphertext), and its reverse process is decoding (decryption). The key point of encryption technology is encryption algorithm, which can be divided into symmetric encryption, asymmetric encryption and irreversible encryption.
Symmetric encryption algorithm Symmetric encryption algorithm is an early encryption algorithm with mature technology. In the symmetric encryption algorithm, the data sender uses a special encryption algorithm to process the plaintext (original data) and the encryption key together and turn it into a complex encrypted ciphertext to send. After receiving the ciphertext, if the receiver wants to interpret the original text, it needs to decrypt the ciphertext with the encryption key and the inverse algorithm of the same algorithm, so as to restore it to readable plaintext. In the symmetric encryption algorithm, only one key is used, and both the sender and the receiver use this key to encrypt and decrypt the data, which requires the decryptor to know the encryption key in advance. Symmetric encryption algorithm is characterized by open algorithm, small amount of calculation, high encryption speed and high encryption efficiency. The disadvantage is that both parties to the transaction use the same key, and the security cannot be guaranteed. In addition, each pair of users need to use a unique key that others don't know every time they use symmetric encryption algorithm, which will make the number of keys owned by the sender and the receiver increase geometrically, and key management becomes the burden of users. Symmetric encryption algorithm is difficult to use in distributed network system, mainly because of the difficulty of key management and high use cost. DES and IDEA are widely used symmetric encryption algorithms in computer private network systems. AES advocated by the National Bureau of Standards will soon replace DES as the new standard.
Asymmetric encryption algorithm Asymmetric encryption algorithm uses two completely different but completely matched keys-public key and private key. When using asymmetric encryption algorithm to encrypt files, only a pair of matching public keys and private keys are needed to complete the encryption and decryption process of plaintext. Encrypt plaintext with public key and decrypt ciphertext with private key. Moreover, the sender (encryptor) knows the public key of the receiver, and only the receiver (decryptor) knows its own private key. The basic principle of asymmetric encryption algorithm is that if the sender wants to send encrypted information that only the receiver can read, the sender must first know the public key of the receiver, and then encrypt the original text with the public key of the receiver; After receiving the encrypted ciphertext, the receiver can only decrypt the ciphertext with his own private key. Obviously, using asymmetric encryption algorithm, before the sender and the receiver communicate, the receiver must send the public key randomly generated by itself to the sender, while the private key is kept by itself. Because asymmetric algorithm has two keys, it is especially suitable for data encryption in distributed systems. The widely used asymmetric encryption algorithms include RSA algorithm and DSA algorithm proposed by American National Bureau of Standards. Encryption technology based on asymmetric encryption algorithm is widely used.
Irreversible encryption algorithm The characteristic of irreversible encryption algorithm is that no key is needed in the encryption process. After the plaintext is input, it is directly processed into ciphertext by the system through encryption algorithm. This encrypted data cannot be decrypted. Only when the plaintext is re-input, processed by the same irreversible encryption algorithm, the same encrypted ciphertext is obtained and re-recognized by the system, can it be truly decrypted. Obviously, in this encryption process, encryption is its own, and decryption must be its own. The so-called decryption is actually re-encryption, and the "password" of the application is the input plaintext. Irreversible encryption algorithm does not have the problem of key storage and distribution, and is very suitable for use in distributed network systems. However, due to the complexity of encryption calculation and heavy workload, it is usually only used in the case of limited data. For example, password encryption widely used in computer systems adopts irreversible encryption algorithm. In recent years, with the continuous improvement of computer system performance, the application fields of irreversible encryption are gradually increasing. There are many irreversible encryption algorithms used in computer networks, such as MD5 algorithm invented by RSA Company and SHS (Secure Hash Standard) proposed by American National Bureau of Standards.
encrpytion tachniques
Encryption algorithm is the basis of encryption technology, and any mature encryption technology is based on the combination of multiple encryption algorithms or the organic combination of encryption algorithms and other application software. Below we introduce several encryption technologies widely used in computer network applications.
Undeniable technology The core of this technology is the public key technology of asymmetric encryption algorithm, which is completed by generating a digital signature related to user authentication data. When the user executes a transaction, this signature can ensure that the user cannot deny the fact that the transaction will happen in the future. There is no denying that technology is simple in operation and directly involved in some normal electronic transactions of users, so it has become an important guarantee for current users to conduct e-commerce and gain commercial trust.
PGP(Pretty Good Privacy) technology PGP technology is an email encryption technology based on RSA public key system, and it is also an encryption software with simple operation, convenient use and high popularity. PGP technology can not only encrypt e-mail and prevent unauthorized people from reading letters; You can also attach a digital signature to the email, so that the recipient can clearly understand the real identity of the sender; It also enables people to communicate securely without passing keys through any secret channels. PGP technology creatively combines the convenience of RSA asymmetric encryption algorithm with traditional encryption system, and adopts the ingenious design of seamless combination of digital signature and key authentication management mechanism, making it almost the most popular public key encryption software package.
Digital signature technology Digital signature technology is a typical application of asymmetric encryption algorithm. The application process of digital signature is that the sender of the data source encrypts the data checksum or other variables related to the data content with his own private key to complete the legal "signature" of the data, and the receiver of the data interprets the received "digital signature" with the public key of the other party, and uses the interpretation result to check the integrity of the data to confirm the legality of the signature. Digital signature technology is an important technology to confirm identity in the virtual environment of network system, which can completely replace the "autograph" in the real process and get technical and legal protection. In the management of public and private keys, the application of digital signature is just the opposite of PGP technology for encrypting emails. In the application of digital signature, the sender's public key is easy to obtain, but his private key needs to be kept strictly confidential.
PKI (public key infrastructure) technology PKI technology is a public key infrastructure with asymmetric encryption technology as its core, which can provide security services for the network. At first, PKI technology was mainly used in the Internet environment, providing a unified identity authentication, data encryption and integrity guarantee mechanism for complex Internet systems. Because of the great advantages of PKI technology in the field of network security, it is favored by core application systems such as banks, securities and governments. PKI technology is not only the core of information security technology, but also the key and basic technology of e-commerce. Due to the lack of physical contact between e-commerce and e-government activities through the network, it is very important to verify the trust relationship through electronic means. PKI technology can effectively solve the security problems such as confidentiality, authenticity, integrity, non-repudiation and access control in e-commerce applications. A practical PKI system must also fully consider interoperability and scalability. The functional modules of PKI system, such as authentication center (CA), registration center (RA), policy management, key and certificate management, key backup and recovery, and revocation system, should be organically combined.
Future trend of encryption
Although the double-key cryptosystem is more reliable than the single-key cryptosystem, due to the complexity of calculation, the encryption rate of the double-key cryptosystem is only11000, or even11000. It is precisely because the encryption algorithms of different systems have their own merits that all kinds of encryption systems will develop together for a long time to come. However, in 1996, IBM and other companies jointly launched the e-commerce protocol standard set (secure electronic transactions) and in 1992, PGP technology was jointly developed by many countries, and a mixed cryptosystem including single-key cryptosystem, double-key cryptosystem, one-way hash algorithm and random number generation algorithm was adopted, which seemed to show the future of cryptographic technology application from one side.
In the field of single-key cryptography, one secret at a time is considered to be the most reliable mechanism, but the key stream generator in stream cryptography has not been widely used because it has not broken through the finite cycle in algorithm. If we find a key stream generator that is close to infinite loop in algorithm, the system will have a qualitative leap. In recent years, the study of chaos theory has brought dawn to the breakthrough in this direction. In addition, high-energy quantum cryptography is considered as a potential development direction because it is based on optics and quantum mechanics. This theory is undoubtedly an ideal solution for strengthening information security in optical fiber communication and processing decoding with quantum computing power.
Due to the application requirements of civil systems such as e-commerce, authentication and encryption algorithms will also develop greatly. In addition, in the traditional cryptosystem, a new member like IDEA will appear. One of the main characteristics of new members is the innovation and breakthrough in the algorithm, not just the modification or improvement of the traditional algorithm. Cryptography is a developing young discipline, and any unknown encryption/decryption mechanism may occupy a place in it.
At present, there is no very effective solution to the security problem of information system or email. The main reason is that due to the inherent heterogeneity of the Internet, there is no single trust institution that can meet all the requirements of the overall heterogeneity of the Internet, and there is no single protocol that can be applied to all situations of the overall heterogeneity of the Internet. The only solution is to rely on software agents, that is, to automatically manage the certificates held by users (that is, the trust structure to which users belong) and all the behaviors of users. Whenever a user wants to send a message or e-mail, the agent will automatically negotiate with the agent of the other party to find a trusted institution or a common protocol for communication. In the Internet environment, the next generation security information system will automatically send encrypted emails to users. Similarly, when a user wants to send an email to someone, their local agent will first interact with the agent of the other party to negotiate a certification authority suitable for both parties. Of course, e-mail also needs different technical support, because e-mail is not end-to-end communication, but is delivered to their respective communication machines through multiple intermediaries and finally reaches their destinations.