Asymmetric encryption (public key algorithm): SM2, SM9
Symmetric cipher (block cipher, sequence cipher): SM 1, SM4, SM7, ZUC.
Hash algorithm (hash, hash algorithm): SM3
Overview: Symmetric encryption algorithm (block cipher), the block length is 128 bits, and the key length is 128 bits. The algorithm is not public, and it is called through the interface of the encryption chip.
Scenario: A series of security products, such as chips, smart IC cards, smart password keys, encryption cards and encryption machines, have been developed by using this algorithm, which are widely used in various application fields of e-government, e-commerce and national economy (including national government affairs, police affairs and other important fields).
Overview: Asymmetric encryption algorithm (public key algorithm), with encryption strength of 256 bits, is an elliptic curve algorithm.
Public key cryptography is completely different from other passwords. The encryption system using this method not only discloses the encryption algorithm itself, but also discloses the key used for encryption. Public-key cryptosystem is different from symmetric traditional cryptosystem which only uses one key, and its algorithm is based on mathematical function instead of substitution and permutation. Public key encryption is asymmetric. It uses two independent keys, that is, the key is divided into public key and private key, so it is called double key system. The public key of double-key system can be made public, so it is called public key algorithm.
Ciphertext encrypted with private key can only be decrypted with corresponding public key, while ciphertext encrypted with public key can only be decrypted with corresponding private key. The public key can be generated by elliptic curve operation on the private key, but because of the characteristics of elliptic curve, it is difficult to derive the private key from the public key, which determines the security of SM2 algorithm. The most common application of SM2 algorithm is identity authentication, also known as digital signature and verification. The uniqueness and legitimacy of identity are realized through the privacy of private key.
Scenario: It is suitable for digital signature and verification in commercial applications, and can meet the security requirements of identity authentication, data integrity and authenticity in various cryptographic applications.
Scenario: It is suitable for key exchange in commercial cryptographic applications, and can meet the requirement that both parties can obtain a * * * shared key (session key) decided by both parties through two or three times of information transmission.
Scenario: It is suitable for message encryption and decryption in national commercial password application. The sender of the message can encrypt the message with the public key of the receiver, and the receiver can decrypt the message with the corresponding private key.
Standards involving state secrets: GB/T 329/KOOC-0/8./KOOC-0/-20/KOOC-0/6, GB/T 329/KOOC-0/8.2-20/KOOC-0/6, GB/T 329/KOOC-0/6. T 329 18.5-20 17、GB/T 35275-20 17、GB/T 35276-20 17 .
Overview: Hash algorithm (Hash algorithm). Data with arbitrary length will generate a summary with a fixed length of 256bit after SM3 algorithm. The inverse operation of SM3 algorithm is not feasible in mathematics, that is, the content of the original data cannot be deduced from the 256-bit abstract, so SM3 algorithm is often used to measure the integrity of information in the field of information security.
Scenario: It is suitable for digital signature and verification, message authentication code generation and verification, and random number generation in commercial password applications, and can meet the security requirements of various password applications.
Standards involving state secrets: GB/T 32905-20 16
Overview: Symmetric encryption algorithm (block cipher), the block length is 128 bits, and the key length is 128 bits. Ciphertext encrypted with a certain key can only be decrypted with this key, so it is called symmetric encryption. SM4 algorithm is implemented by 32 rounds of nonlinear iteration, which has fast encryption and decryption speed and is often used to encrypt a large number of data. User data stored in storage media are usually encrypted and protected by SM4 algorithm.
Scene: encryption and decryption of a large number of data, calculation of MAC.
Block cipher is a cipher that groups plaintext data according to a fixed length, and then encrypts them group by group under the control of the same key, thus converting each plaintext group into a ciphertext group with the same length. The length of binary plaintext block is called the block size of block cipher.
The realization principle of block cipher is that it must be relatively simple to realize, and it is very easy to encrypt and decrypt when the key is known, which is suitable for hardware and/or software implementation. The encryption and decryption speed is fast, the consumption of resources is low, and the cost is low, which can meet the needs of a specific application range.
The design of block cipher basically follows the principles of confusion and diffusion.
The principle of confusion is to make the statistical relationship and algebraic relationship between ciphertext, plaintext and key as complex as possible, so that even if the opponent obtains ciphertext and plaintext, he can't find any information of the key; Even if the statistical laws of ciphertext and plaintext are obtained, it is impossible to find any information of plaintext.
(2) The diffusion principle is that the statistical laws and structural laws of plaintext should be dispersed into a fairly long statistical period. That is to say, let every bit in the plaintext affect as many bits as possible in the cipher text, or let every bit in the cipher text be influenced by as many bits as possible in the plaintext.
Standards involving state secrets: GB/T 32907-20 16
Summary: Symmetric encryption algorithm (block cipher), block length 128 bits, key length 128 bits, the algorithm is not public, and it is called through the interface of encryption chip.
Scenario: It is suitable for contactless IC cards, and its applications include identification applications (access cards, work permits, admission cards), ticketing applications (tickets for large-scale events and exhibitions), payment and card applications (credit cards, campus cards, corporate cards, etc.). ).
Overview: asymmetric encryption algorithm (ID password), ID password takes the user's ID (such as email address, mobile phone number, QQ number, etc.). As a public key, the process of exchanging digital certificates and public keys is omitted, which makes the security system easy to deploy and manage, and is very suitable for end-to-end offline security communication, cloud data encryption, attribute-based encryption, policy-based encryption and other occasions.
SM9 algorithm does not need to apply for a digital certificate, and is suitable for the security of various emerging applications of Internet applications. Such as cryptographic services based on cloud technology, e-mail security, intelligent terminal protection, Internet of Things security, cloud storage security and so on. These security applications can use mobile phone numbers or email addresses as public keys to realize security applications such as data encryption, identity authentication, call encryption, channel encryption, etc., which are convenient to use and easy to deploy, thus opening the door for the popularization of cryptographic algorithms.
Overview: sequence cipher is a stream cipher algorithm independently developed in China, and it is an international standard cipher algorithm used in mobile communication 4G networks. The algorithms include Zu Chongzhi algorithm (ZUC), encryption algorithm (128-eaa3) and integrity algorithm (128-EIA3). At present, ZUC algorithm has been optimized, including hardware implementation and optimization for128-eaa3 and 128-EIA3.