What Are Cryptographic Algorithms?

Cryptographic algorithms are mathematical functions used for encryption and decryption. Cryptographic algorithms are the basis of cryptographic protocols. The current cryptographic algorithms mainly include sequence ciphers, block ciphers, public key ciphers, hash functions, etc., which are used to ensure the security of information and provide authentication, integrity, and non-repudiation services. Suppose we want to send a message P over the network (P is usually a plaintext data packet). Using a cryptographic algorithm to hide P's content can convert P into ciphertext. This conversion process is called encryption. The ciphertext C corresponding to the plaintext P is obtained by an additional parameter K, called the key. To recover the plaintext, the receiver of ciphertext C needs another key K-1 to complete the calculation in the opposite direction. This reverse process is called decryption.

Chinese name: Cryptographic algorithm
Foreign name: cryptographic algorithm

Category: Mathematical function
Classification: Serial password, block password, public key password

Cryptographic algorithm encryption technology

The security of a cryptosystem lies only in the confidentiality of the key, not the confidentiality of the algorithm. This is true of pure data encryption. For those who do not want him to see the data (plaintext of the data), use a reliable encryption algorithm, as long as the cracker does not know the password of the encrypted data, he cannot interpret the data. However, software encryption is different from data encryption. It can only be "hidden". Whether you want to let him (legal user, or Cracker) see this data (the plaintext of the software), the software will always run on the machine. For the machine, it must be plaintext. Now that the machine can "see" these plaintexts, Cracker, through some techniques, can also see these plaintexts. So, in theory, any software encryption technology can be cracked. It's just that the difficulty is different. Some want to keep the crack Cracker busy for a few months, and some may be cracked without effort.

Cryptography Cryptography

Cryptographic Algorithm Related Concepts

(1) sender and receiver

Suppose the sender wants to send a message to the receiver and wants to send the message securely: she wants to be sure that the eavesdropper cannot read the message sent.

(2) Message and encryption

The message is called plaintext. The process of masquerading a message to hide its content is called encryption, the encrypted message is called ciphertext, and the process of converting ciphertext to plaintext is called decryption.

The plaintext is represented by M (message) or P (plaintext), which may be a bitstream (text file, bitmap, digitized voice stream, or digitized video image). As far as computers are concerned, P is simple binary data. The plaintext can be transmitted or stored, in either case M refers to the message to be encrypted.

The ciphertext is represented by C, which is also binary data, sometimes as large as M, and sometimes slightly larger (combination of compression and encryption, C may be smaller than P. However, encryption alone usually cannot achieve this). The encryption function E acts on M to obtain the ciphertext C, which is expressed mathematically as:

E (M) = C.

Conversely, the decryption function D acts on C to produce M

D (C) = M.

After encrypting and then decrypting the message, the original plaintext will be restored. The following equation must be true:

D (E (M)) = M

(3) Identification, integrity and non-repudiation

In addition to providing confidentiality, cryptography usually has other functions:

(a) Identification

The recipient of the message should be able to confirm the source of the message; an intruder cannot pretend to be someone else.

(b) Integrity inspection

The receiver of the message should be able to verify that the message has not been modified during transmission; it is not possible for an intruder to replace a legitimate message with a fake one.

It is impossible for the sender to falsely deny the message he sent afterwards.

(4) Algorithm and key

Cryptographic algorithms, also called passwords, are mathematical functions used for encryption and decryption. (Usually, there are two related functions: one for encryption and one for decryption)

If the confidentiality of an algorithm is based on keeping the algorithm secret, this algorithm is called a restricted algorithm. Restricted algorithms have historical significance, but they are no longer sufficiently confidential by current standards. Large or frequently changing user organizations cannot use them, because every time a user leaves the organization, other users must change to a different algorithm. If someone unintentionally exposes this secret, everyone must change their algorithm.

However, restricted cryptographic algorithms are not possible for quality control or standardization. Each user organization must have their own unique algorithm. Such an organization is unlikely to adopt popular hardware or software products. But eavesdroppers can buy these popular products and learn algorithms, so users have to write their own algorithms and implement them. If there are no good cryptographers in this organization, they cannot know whether they have secure algorithms.

Despite these major flaws, restricted algorithms are still popular for low-density applications, and users either don't recognize or care about the problems inherent in their systems.

Modern cryptography solves this problem with keys, which are represented by K. K can be any value among many values. The range of possible values for the key K is called the key space. This key is used for both encryption and decryption operations (that is, the operation depends on the key and is represented by K as a subscript). In this way, the encryption / decryption function now becomes:

EK (M) = C

DK (C) = M.

These functions have the following characteristics:

DK (EK (M)) = M.

Some algorithms use different encryption and decryption keys, that is, the encryption key K1 is different from the corresponding decryption key K2. In this case:

EK1 (M) = C

DK2 (C) = M

DK2 (EK1 (M)) = M

The security of all these algorithms is based on the security of the key; not the security of the details of the algorithm. This means that the algorithm can be made public and can be analyzed, and products that use the algorithm can be mass-produced, even if the eavesdropper knows your algorithm, it does not matter; if he does not know the specific key you use, he will not be able to read you News.

The cryptosystem consists of an algorithm, and all possible plaintext, ciphertext, and keys.

There are usually two types of key-based algorithms: symmetric algorithms and public-key algorithms. The following are introduced separately:

Cryptographic algorithm symmetric cryptographic algorithm

Symmetric algorithms are sometimes called traditional cryptographic algorithms, that is, the encryption key can be deduced from the decryption key, and vice versa. In most symmetric algorithms, the encryption / decryption keys are the same. These algorithms are also called secret key algorithms or single key algorithms, which require the sender and receiver to agree on a key before secure communication. The security of symmetric algorithms depends on the key, and leaking the key means that anyone can encrypt / decrypt the message. As long as communications need to be kept secret, keys must be kept secret.

The encryption and decryption of the symmetric algorithm is expressed as:

EK M = C

DK (C) = M

Symmetric algorithms can be divided into two categories. An algorithm that operates on a single bit (sometimes a byte) in clear text at a time is called a sequence algorithm or a sequence cipher. Another type of algorithm is the ADB operation on a set of plaintext bits. These bits are called blocks, and the corresponding algorithm is called a block algorithm or block cipher. The typical block length of modern computer cryptographic algorithms is 64 bits-this length is large enough to prevent analysis from being deciphered, but small enough to be convenient for use (before the advent of computers, the algorithm generally operated on only one character of the plaintext at a time. Is the operation of a sequence password on a sequence of characters).

Cryptographic algorithm

The public key algorithm (also called asymmetric algorithm) is designed such that the key used for encryption is different from the key used for decryption, and the decryption key cannot be calculated from the encryption key (at least for a reasonably assumed long time) Inside). The reason it is called a public key algorithm is because the encryption key can be made public, that is, strangers can use the encryption key to encrypt information, but only use the corresponding decryption key to decrypt the information. In these systems, the encryption key is called the public key (public key for short) and the decryption key is called the private key (private key). Private keys are sometimes called secret keys. To avoid confusion with symmetric algorithms, the name secret key is not used here.

Encrypted with public key K is expressed as

EK (M) = C.

Although the public and private keys are different, decryption with the corresponding private key can be expressed as:

DK (C) = M

Sometimes messages are encrypted with a private key and decrypted with a public key. This is used for digital signatures (more on this later). Although this may be confusing, these operations can be expressed as:

EK (M) = C

DK (C) = M

The speed of the current public cryptographic algorithm is much slower than that of the symmetric cryptographic algorithm, which makes the application of the public cryptographic algorithm limited in the large amount of data encryption.

Cryptographic one-way hash function

The one-way hash function H (M) acts on a message M of arbitrary length. It returns a fixed-length hash value h, where h is of length m.

There are many functions with an input of any length and a fixed length of output, but one-way hash functions have other characteristics that make them one-way:

(1) Given M, it is easy to calculate h;

(2) Given h, it is difficult to calculate M based on H (M) = h;

(3) Given M, it is difficult to find another message M 'and satisfy H (M) = H (M').

In many applications, unidirectionality is not enough. A condition called "collision resistance" is also needed:

Finding two random messages M and M 'makes it difficult to satisfy H (M) = H (M').

Due to these characteristics of the hash function, and because the calculation speed of public cryptographic algorithms is often slow, in some cryptographic protocols, it can be used as a digest of a message M, instead of the original message M, and let the sender sign H (M) Instead of signing M.

For example, the SHA hash algorithm is used in the digital signature protocol DSA.

Cryptographic algorithm digital signature

Digital signatures are inseparable from public cryptosystems and hashing techniques.

There are several public key algorithms that can be used as digital signatures. In some algorithms, such as RSA, public or private keys can be used as encryption. Encrypt the file with your private key and you have a secure digital signature. In other cases, such as DSA, the algorithm is distinguished. Digital signature algorithms cannot be used for encryption. This idea was first proposed by Diffie and Hellman.

The basic protocol is simple:

(1) A uses her private key to encrypt the file, thereby signing the file.

(2) A passes the signed document to B.

(3) B decrypts the file with A's public key to verify the signature.

In this agreement, it is only necessary to prove that A's public key is indeed hers. If B cannot complete step (3), then he knows that the signature is invalid.

This protocol also meets the following characteristics:

(1) The signature is trusted. When B verifies the information with A's public key, he knows that it was signed by A.

(2) The signature is unforgeable. Only A knows her private key.

(3) The signature is not reusable. The signature is a function of the file and cannot be converted into another file.

(4) The signed document is immutable. If there are any changes to the file, it will not be possible to verify the file with A's public key.

(5) The signature is undeniable. B can verify A's signature without the help of A.

Cryptographic algorithm

Encryption technology is a technology for encoding and decoding information. Encoding is to translate the original readable information (also known as plain text) into a code form (also known as cipher text), and the reverse process is decoding (decryption). The main point of the encryption technology is the encryption algorithm. The encryption algorithm can be divided into three types: symmetric encryption, asymmetric encryption and irreversible encryption.

Symmetric encryption algorithm Symmetric encryption algorithm is an earlier encryption algorithm, and the technology is mature. In the symmetric encryption algorithm, the data sender processes the plaintext (original data) and the encryption key together through a special encryption algorithm to make it into a complex encrypted ciphertext to send. After receiving the ciphertext, if the recipient wants to interpret the original text, the ciphertext needs to be decrypted by using the encryption key and the inverse algorithm of the same algorithm to restore it to a readable plaintext. In the symmetric encryption algorithm, only one key is used. Both the sender and the receiver use this key to encrypt and decrypt the data. This requires the decrypting party to know the encryption key in advance. The characteristics of symmetric encryption algorithm are open algorithm, small calculation amount, fast encryption speed and high encryption efficiency. The disadvantage is that both parties to the transaction use the same key, and security is not guaranteed. In addition, each time a pair of users uses a symmetric encryption algorithm, it is necessary to use a unique key that is not known to others. This will increase the number of keys owned by both senders and receivers to a geometric progression, and key management becomes a burden on users. Symmetric encryption algorithms are more difficult to use on distributed network systems, mainly due to the difficulty of key management and higher use costs. The symmetric encryption algorithms widely used in computer private network systems include DES and IDEA. AES advocated by the American National Standards Institute will soon replace DES as a new standard.

Asymmetric Encryption Algorithm Asymmetric encryption algorithm uses two completely different but exactly matched pairs of keyspublic key and private key. When using an asymmetric encryption algorithm to encrypt a file, only the matched pair of public and private keys can be used to complete the encryption and decryption process of the plaintext. The public key is used to encrypt the plaintext, and the private key can be used to decrypt the ciphertext, and the sender (encryptor) knows the recipient's public key, and only the recipient (decryptor) is the only one who knows his private key. people. The basic principle of asymmetric encryption algorithm is that if the sender wants to send encrypted information that only the recipient can interpret, the sender must first know the recipient's public key, and then use the recipient's public key to encrypt the original text; After receiving the encrypted ciphertext, the recipient can use their own private key to decrypt the ciphertext. Obviously, using an asymmetric encryption algorithm, before the sending and receiving parties communicate, the recipient must send the public key that has been randomly generated to the sender, and keep the private key. Because asymmetric algorithms have two keys, they are particularly suitable for data encryption in distributed systems. Widely used asymmetric encryption algorithms include the RSA algorithm and DSA proposed by the National Bureau of Standards. Encryption technology based on asymmetric encryption algorithms is widely used.

The irreversible encryption algorithm is characterized by the fact that no key is used in the encryption process. After the plain text is input, the system directly processes the encryption algorithm into cipher text. This encrypted data cannot be decrypted. After the irreversible encryption algorithm is processed, the same encrypted ciphertext is obtained and re-recognized by the system before it can be truly decrypted. Obviously, in this type of encryption process, the encryption is your own, and the decryption must be your own. The so-called decryption is actually re-encryption, and the "password" used is the plain text input. The irreversible encryption algorithm does not have the problem of key storage and distribution, and is very suitable for use on distributed network systems. However, due to the complexity of the encryption calculation and the heavy workload, it is usually only used in situations where the amount of data is limited, such as widely used in computer systems In the password encryption, the irreversible encryption algorithm is used. In recent years, with the continuous improvement of computer system performance, the application areas of irreversible encryption are gradually increasing. There are many irreversible encryption algorithms applied in computer networks, such as the MD5 algorithm invented by RSA Corporation and the irreversible encryption standard SHS (Secure Hash Standard) proposed by the US National Bureau of Standards.