Current location - Quotes Website - Signature design - Cryptography technology
Cryptography technology

Characteristics of cryptographic algorithm

1. Whether it is necessary to distribute the private key in advance: symmetric passwords need to be considered

2. Whether it will be attacked by man-in-the-middle: asymmetric passwords need to be considered when distributing public keys

3. Non-repudiation (which can be proved by both parties and third parties in principle): asymmetric passwords need to be considered when distributing public keys

4. Can the confidentiality of the message be guaranteed: that is, it can't be deciphered

5. Can the integrity (consistency) of the message be guaranteed: that is, it can't be tampered with

6. It can't be impersonated (forged)

Summary: symmetric password (solution 456)-one-way communication of asymmetric password --> Hybrid cipher (Solution 1)-Digital signature of asymmetric cipher->; Public key certificate (Solution 23)

Concept

Cryptographic algorithm: encryption algorithm+key+decryption algorithm, abbreviated as password

Key space: all values of key

Concealed security: cipher algorithm is unknown to ensure confidentiality

Block cipher: Block cipher: Encrypt plaintext instead of taking full text as input

Stream cipher: Overall encryption

methods of deciphering ciphertext

1, eavesdropping+deciphering

2, social engineering

methods of deciphering keys

1, violent deciphering (exhaustive key), such as deciphering Caesar's password

2, frequency analysis, For example, deciphering simple replacement password

3, choosing plaintext attack (exhaustive grouping in plaintext)

alternative technology of encryption system

steganography: hiding messages in larger data, such as Tibetan poem

pseudo-random number generator

hash value (abstract, hash value, fingerprint): the original text passes through hash function (abstract function, hash function, hash function). One-way encryption) calculated value

symmetric password (* * * sharing key password): encryption and decryption use the same private key

asymmetric password (public key password): public key encryption, private key decryption

message authentication code

digital signature

public key certificate

collision: the hash values of two messages are the same

weak resistance. To prevent the following situations, Bob holds a message A and calculates its digest; Alice finds another message B with the same hash value as A, and uses B to switch A; Because the digest is unchanged, Bob does not find it

strong anti-collision: it is difficult to find two messages with the same hash value. To prevent the following situations, Alice takes two messages A and B with the same abstract and sends A to Bob;. Bob calculates his summary; Alice switches A with B; Because the abstract remains unchanged, it will not be discovered by Bob.

MD5(Message Digest 5)

History: MD5 was designed by Ronald Rivest in 1991.

Present situation: MD5 collision attack algorithm was proposed by Wang Xiaoyun in 24.

SHA

History: SHA was released by NIST in 1993, SHA-1 in 1995 and SHA-1 in 22. In 25, Wang Xiaoyun proposed the collision attack algorithm of SHA-1

SHA-3

History: In 27, NIST initiated the selection of SHA-3, In 212, Keccak algorithm designed by Joan Daemen and others was selected as SHA-3

weak pseudo-random number: randomness < P > strong pseudo-random number: unpredictability < P > true random number: non-reproducibility < P > random number generator: hardware can realize true random number through thermal noise < P > pseudo-random number generator: software can only generate pseudo-random number, A seed is needed to initialize the

pseudo-random number algorithm: linear congruence method, hash method, Cryptography and other

good symmetric password solutions: indecipherable

Disadvantages: the key needs to be distributed in advance

Caesar password

Encryption algorithm: letter translation

Key: translation digits

Decryption algorithm: reverse translation

Cracking key: exhaustive possible keys

Simple replacement password

Encryption algorithm: one. Key: substitution table

Decryption algorithm: reverse substitution

Decryption key: frequency analysis of ciphertext letters and letter combinations, and comparison with general frequency table; Using the deciphered plaintext letters, substituting them into the ciphertext, and analyzing the enigma password circularly

Inventor: German Arthur Sherbius

Encryption algorithm: double encryption, daily key as key 1, thinking of a key 2; Encrypt that key 2 with the key 1 to obtain the ciphertext of the key 2; Encrypt the message with key 2; Send the ciphertext of key 2 and the ciphertext of the message together

Key: different keys recorded in the key book every day

Decryption algorithm: Decrypt the ciphertext of key 2 with the daily key to obtain key 2; Decrypt message ciphertext with key 2

Decryptor: Alan Turing

DES encryption standard

History: Horst Feistel of IBM developed Lucifer password in 1974. In 1977, it was determined by American National Standards Institute (ANSI) as DES standard < P > encryption algorithm: 64 bits were used as a group, and 16 rounds of operation were performed. In one round, a group is divided into left and right sides, and sub-keys are extracted from the keys; The wheel function uses one side and the subkey to generate a bit sequence, and uses this bit sequence to XOR the other side.

Key: 56 bits in length

Deciphering: Triple DES (triple-DES, TDEA, 3DES)

encryption algorithm: repeat DES three times

key: length 56 * 3

AES encryption standard

history: 1997, The National Institute of Standards and Technology (NIST) publicly raised AES, and the Rijndael scheme submitted by Belgian cryptographers Joan Daemen and Vincent Rijmen in 2. Selected as the standard

encryption algorithm: take 128 bits as a group, perform multiple rounds of replacement, translation and matrix operation

key: there are 128,192,256 iterative modes of block cipher

ECB mode: Electronic CodeBook mode; The plaintext grouping and ciphertext grouping correspond in order. The active attacker can change the order of ciphertext grouping, copy or delete ciphertext grouping, so that the receiver can get the wrong plaintext CBC mode after decryption: Cipher Block Chaining mode; After XOR operation, this group of plaintext and the upper group of ciphertext are encrypted; If it is tampered with, it cannot be decrypted normally

CFB mode: Cipher Feedback mode, ciphertext feedback mode; After xor operation of this group of plaintext and the upper group of ciphertext, the ciphertext

OFB mode of this group is obtained: Output Feedback mode, output feedback mode; Using random bit sequence as initialization group (initialization vector); XOR the ciphertext and plaintext groups of the initialization group to obtain ciphertext groups; Encrypt the ciphertext of the initialization group again to obtain a new ciphertext of the initialization group, and XOR it with the next group of plaintext, and so on

CTR mode: CounTeR mode, counter mode; The random bit sequence is used as the initial value of the counter, and after encryption, it is XOR-operated with the plaintext packet to obtain the ciphertext packet; The counter is increased by one to encrypt the next group of plaintext

In the symmetric cipher, when the sender sends the ciphertext, it carries the MAC value a of the message; The receiver uses the same method to calculate the MAC value b; Compare a and b, Ensure that the message is not tampered with

encrypt-then-MAC: the MAC value is the hash value of the message ciphertext

encrypt-and-MAC: the MAC value is the hash value of the message plaintext

the ciphertext with the MAC value being the plaintext hash value

replay attack: after the attacker eavesdrops on the message sent by Alice to Bob, Repeatedly sent to Bob, Bob thought that they were all sent by Alice

to prevent replay attacks: the message contains an id

symmetric password: it cannot be tampered with or forged

Disadvantages: it is necessary to distribute the private key

Password Based Encryption, PBE

solution: key (session key) storage problem

CEK: session key

KEK: key used to encrypt CEK

Scheme

1. Random number as salt, password+hash value of salt as KEK

2. Encrypt CEK with KEK to obtain CEK ciphertext

3. The human brain remembers the password and discards the KEK

dictionary attack: if there is no salt involved in the generation of the KEK, then the password determines the KEK, and the commonly used password corresponds to a commonly used KEK dictionary. The attacker directly uses the commonly used KEK to decrypt the CEK ciphertext.

The role of salt: the KEK is formed by salt, and it is impossible for a KEK dictionary to contain such a KEK

asymmetric password for one-way communication, which cannot be used for communication Alice, but only for mixed passwords < Bob encrypts the message with the public key and sends it to Alice;; Alice decrypts with the decryption key (private key)

Summary: The message receiver is the owner of the key pair, that is, the holder of the private key; The public key is used for encryption and the private key is used for decryption

RSA password

History: 1978, Ron Rivest、Adi Shamir、Reonard Adleman*** RSA

encryption algorithm: ciphertext = plaintext E mode N

public key: combination of e and n

decryption algorithm: plaintext = ciphertext D mode N

private key: combination of d and n

generating key pairs

generating prime numbers: generating random numbers with pseudo-random numbers, Miller-Rabin test is used to test whether it is a prime number or not, until a prime number < P > is obtained, and then the greatest common divisor is obtained: Euclid's division of alternation

1 and N

generate two 512-bit prime numbers P and Q, N = p * q

2, L

L is the least common multiple of p-1 and q-1

3, E

generates random numbers in the range of (1,L) with pseudo-random numbers until the greatest common divisor of e and l is 1

4, and D

is generated with pseudo-random numbers. However, there is no quick and effective method for prime factorization of large numbers.

The first communication is a mixed password, and the subsequent communication is a symmetric password.

Compared with the message authentication code, there is no need to distribute the private key in advance.

Overall idea: Bob encrypts the message with the session key, encrypts the session key with Alice's public key, and sends it to Alice together. Alice decrypts the session key with the private key, and decrypts the message with the session key

Session key: the key of symmetric cipher used to encrypt the message

1. Alice sends Bob the public key

2. Bob randomly generates the session key, encrypts the message with the session key, and obtains the message ciphertext

3. Bob encrypts the session key with the public key. Get the session key ciphertext

4. Bob sends the session key ciphertext and the message ciphertext to Alice

5. Alice decrypts the session key with the private key, and then decrypts the message with the session key

6. Since then, both parties have the session key, so they can communicate with each other with symmetric cipher. Disadvantages: When distributing the public key, they may be attacked by a man in the middle; Alice may deny sending Bob the public key.

The middleman attacks: The middleman intercepted the message from the beginning when Alice gave Bob the public key, and got Alice's public key; Then pretend to be Alice and send his public key to Bob. Therefore, the message that Bob intends to send to Alice can be decrypted by the middleman

and can not be used for communication alone, but only used for plaintext signature in the public key certificate

: Alice encrypts the abstract of the message with the signature key (private key) and sends the abstract ciphertext and the message plaintext to Bob; Bob decrypts the abstract ciphertext to get the abstract A; Calculate plaintext abstract B, compare A and B

Summary: private key is used for encryption, public key is used for decryption, and one-way communication with asymmetric encryption is just the opposite < P > Public-Key Certificate, PKC, certificate for short < P > Certification Authority, CA

Certificate standard: X.59 standard specified by ITU and ISO

Process:

1. Alice is registered in CA

2. CA generates Alice's certificate plaintext, including Alice's registered information, Alice's public key and CA information

3. CA encrypts the plaintext part of the certificate with its own private key to obtain a digital signature

.

Related articles
  • How to write the kindergarten home visit record form?
  • How to sign a parent's signature is standardized?
  • Hijack a little sunset glow for you
  • Is a handwritten real estate transfer agreement valid?
  • I signed a contract under a different name. Is this contract valid?
  • My five-year-old son suddenly said, Mom, I don't want to be a boy. I want to wear a skirt, lipstick and high heels.
  • How to bind your child’s electronic social security card
  • What should I do if I lose my app treasure game account?
  • What does the name Yu Jiacheng mean?
  • Experience of stock trading: how to use opportunism to cross the stock market

    • copyright 2024 Quotes Website All rights reserved