Encryption is the conversion of data by an encryption algorithm, making it a message that cannot be read without the correct key. These unreadable forms of data are often called ciphertext. In order to understand the message, the ciphertext must be converted into its original form-plaintext. The key is a double password, which is used to transform messages mathematically. In this case, even if a message is intercepted and read, it is useless. According to incomplete statistics, there are nearly 200 kinds of algorithm standards to realize this transformation. Here are several important standards. According to international practice, these nearly 200 methods are divided into two categories according to the standard of whether the keys of the sender and receiver are the same: one is the conventional algorithm (also called private key encryption algorithm or symmetric encryption algorithm), which is characterized in that the sender and receiver use the same key, that is, the encryption key and decryption key are the same or equivalent. The well-known conventional cryptographic algorithms are: DES in the United States and its varieties, such as 3DES, GDES, New DES and Lucifer, the predecessor of DES; Ideas; In Europe; FEAL N and Loki in Japan? 9 1, bonito, RC4, RC5, and classic passwords such as substitution password and wheel password. DES password is the most influential one among many conventional passwords. AES recently introduced by NIST (National Institute of Standards and Technology) will tend to replace DES, which will be analyzed in detail later. The advantage of conventional passwords is that they have strong confidentiality and can stand the test and attack of time, but their keys must be transmitted in a secure way. Therefore, its key management has become an important factor of system security. The other is public key encryption algorithm (also called asymmetric encryption algorithm). Its characteristic is that the keys used by the receiver and the sender are different from each other, and it is almost impossible to deduce the decryption key from the encryption key. Well-known public key cryptography algorithms include RSA, knapsack cryptography, McEliece cryptography, Differhellman, Rabin, Ong Fiat Shamir, zero-knowledge proof algorithm, elliptic curve, EIGamal algorithm and so on. The most influential public key cryptography algorithm is RSA, which can resist all known cryptographic attacks so far. Recently, the strong ECC algorithm has a tendency to replace RSA. The advantage of public key cryptography is that it can meet the requirements of network openness, and the key management problem is relatively simple, especially for digital signature and verification. However, its algorithm is complex and the data encryption rate is low. However, with the development of modern electronic technology and cryptography, public key cryptography will be a promising network security encryption system. These two algorithms have their own advantages and disadvantages, which will be analyzed in detail below. In the private key encryption algorithm, both the receiver and the sender of information use the same key, so the keys of both parties are kept secret, because the privacy of the private key must be based on the confidentiality of the key rather than the algorithm. This increases the security of private key encryption algorithm on hardware. But at the same time, we also see that this also adds a challenge: both the sender and the receiver must be responsible for their own keys, which is particularly important in the case of geographical dispersion. The private key algorithm also faces a greater difficulty, that is, the management and distribution of private keys are very difficult and complicated, and the cost required is very huge. For example, a network with n users needs to distribute n(n- 1)/2 private keys, especially for some large WAN, its management is a very difficult process, and it is precisely because of these factors that the application scope of private key algorithm is determined. Moreover, the private key encryption algorithm does not support digital signature, which is also an obstacle to long-distance transmission. Another factor that affects the privacy of private keys is the complexity of the algorithm. So far, DES, 3DES and AES are popular internationally.

The data encryption standard is an algorithm developed by IBM for the US government in 1977. DES is a block encryption technology based on 56-bit key. The encryption process is generally as follows:

① Disrupt and replace 64-bit plaintext blocks at one time.

② Split the 64-bit plaintext block into two 32-bit blocks;

(3) Scrambling each 32-bit block for 16 times with a secret DES key;

④ Use the reverse arrangement of the initial arrangement.

However, in practical application, the confidentiality of DES has been greatly challenged. 1June, 999, 65438+1October, EFF and distributed network deciphered 56-bit DES encrypted information in less than one day. The dominance of DES has been seriously affected. For this reason, the United States has introduced an improved version of DES-triple data encryption standard, that is, both the sender and the receiver use three keys to encrypt and decrypt. There is no doubt that this 3*56 encryption method greatly improves the security of passwords, and it is almost impossible to crack them according to the current computing speed of computers. However, while providing strong security protection for data, we also need to spend more time encrypting information three times and decrypting each secret layer. At the same time, under this premise, two senders who use this key must have three keys. If one of them is lost, the other two will become useless keys. This triples the number of private keys, which is obviously not what we want to see. Therefore, the National Institute of Standards and Technology introduced a new security measure to protect financial transactions. Advanced encryption standard The National Technical Standards Committee (NIST) in June 2000 chose Rijndael, a Belgian research achievement, as the basis of AES. Rijndael went through a long process of three years, and was finally selected from five schemes to enter the candidate.

AES has a more concise and accurate mathematical algorithm, and the encrypted data only needs to pass once. AES has fast design speed and strong safety performance, and can support various small devices. Compared with 3DES, AES has great differences not only in security performance, but also in usage performance and effective utilization of resources. Although I don't know the specific algorithm of AES until now, we can see its great superiority with 3DES from the following table.

There are some other algorithms, such as Skipjack algorithm used by the National Security Agency, but the details of its algorithm are always kept secret, and outsiders have no way to know its details. Some schemes developed by private organizations to replace DES: RC2, RC4, RC5, etc. Facing the problem of how to use and share the key and keep its confidentiality in the execution process, Whitefield Diffe and Marti Hellman put forward the concept of public key cryptography, which is called Diffie-Hellman technology. Since then, public key encryption algorithms have emerged.

Because of the adoption of public keys, the management and distribution of keys become much simpler. For a network with n users, only 2n keys are needed to achieve the density. At the same time, the confidentiality of public key encryption method focuses on extremely complicated mathematical problems, and its security is also guaranteed. But in practice, the public key encryption algorithm can't completely replace the private key encryption algorithm. The important reason is that its implementation speed lags far behind the private key encryption algorithm. Because of its security, it is often used to encrypt some important files. Since the advent of public key encryption, scholars have proposed many public key encryption methods, whose security is based on complex mathematical problems. According to the classification based on mathematical problems, there are three systems that are considered safe and effective at present: large integer factorization system (RSA), elliptic curve discrete logarithm system (ECC) and discrete logarithm system (DSA), which are introduced in detail below.

RSA algorithm was jointly developed by Rivet, Shamir and Adelman, hence the name RAS algorithm. Its security is based on the difficulty of prime number decomposition of large integers, and the decomposition of large integers is a famous problem in mathematics, and there is no effective method to solve it, so the security of RSA algorithm can be guaranteed. RSA system is the most typical method in public key system. Most products and standards that use public key cryptography for encryption and digital signature use RSA algorithm. The specific algorithm is as follows:

① Find two very large prime numbers. The bigger the prime number, the safer it is. Call these two prime numbers p and q.

② Find a number e that satisfies the following conditions:

A.this is an odd number.

B. less than p× q.

C. The coprime with (P- 1) × (Q- 1) only means that E does not have the same prime factor as the calculation result of this equation.

③ Calculate the value d and satisfy the following properties: ((d× e)- 1) is divisible by (p- 1) × (q- 1).

The public key pair is (P×Q, e).

The private key is D.

The public key is e.

The decryption function is:

Suppose t is plaintext and c is ciphertext.

The public key e and modulus p× q of the encryption function;

Encrypted information =(TE) modulus p× q.

The decryption function uses the private key d and the modulus p× q;

Decryption information =(CD) modulus p× q.

Elliptic curve encryption (ECC) is based on one-way function (discrete logarithm of elliptic curve) because it is much more complicated than the discrete logarithm used by RAS. Moreover, this one-way function is more difficult than RSA, so it has the following advantages compared with RSA:

The security performance of encryption algorithm with high security performance is generally reflected by the anti-attack strength of the algorithm. Compared with other public key systems, elliptic curve cryptosystem has absolute advantages in resisting attacks. For example, 160 bit ECC has the same security strength as 1024 bit RSA. While 2 10 bit ECC has the same security strength as 2048 bit RSA.

The calculation amount is small and the processing speed is fast. Although in RSA, the processing speed of public key can be improved by choosing a smaller public key (as small as 3), that is, the speed of encryption and signature verification can be compared with ECC, the processing speed of private key (decryption and signature) is much faster than RSA and DSA. So the overall speed of ECC is much faster than RSA and DSA.

Small storage space: Compared with RSA and DSA, ECC's key size and system parameters are much smaller, which means it takes up much less storage space. This is of great significance to the application of encryption algorithm in IC card.

Low bandwidth requirements When encrypting and decrypting long messages, the three types of cryptosystems have the same bandwidth requirements, but when applied to short messages, the ECC bandwidth requirements are much lower. However, public key encryption system is mainly used for short messages, such as digital signature and session key transmission in symmetric systems. The low bandwidth requirement makes ECC have a broad application prospect in the field of wireless networks.

These characteristics of ECC will replace RSA and become a general public key encryption algorithm. For example, the maker of SET protocol has made it the default public key cryptography algorithm in the next generation SET protocol.