Encryption technology classification
The development of cryptography has produced many cryptographic algorithms. Some algorithms have been disclosed in academic journals, while more are secretly kept secret as military, commercial, and trade secrets. Modern passwords can be summarized into three types: serial ciphers, block ciphers, and public key ciphers. Also associated with cryptography are key management and cryptanalysis.
Serial password
A sequence cipher means that a large number of pseudo-random bit streams are generated by a complicated operation (cryptographic algorithm) using a small number of keys (a chaotic element) for encrypting a plaintext bit stream. Decryption refers to the use of the same key and cipher algorithm and the same pseudo-random bit stream as the encryption to restore the plaintext bitstream.
The sequence cipher consists of two parts: a key and a cryptographic algorithm. The key is changed before each use, and is usually stored inside the cryptographic device or input to the cryptographic device from the outside. The cryptographic algorithm is fixed for a long time. The flexible transformation of the key is an active factor in this cryptographic algorithm, and the key to security is the complexity of the cryptographic algorithm. Sequence ciphers should generally meet three requirements: one is a sufficiently long period; the second is a higher complexity; the third is that the generated key stream meets the requirements of random inspection.
The advantage of serial ciphers is that the computation speed is fast, and errors in ciphertext transmission do not spread in the plaintext. The disadvantage is that the key conversion is too frequent and the key distribution is difficult. Due to the long history of serial ciphers and perfected theories, it is still the mainstream of international cryptography applications.
Block password
The block cipher is to group the plaintext according to a certain bit length, and all of the plaintext group and the key group are encrypted to obtain a ciphertext group. When decrypting, the ciphertext group and the key group are decrypted (inverse operation of the encryption operation) and restored to the plaintext group.
The advantage of the block cipher is that the key can be fixed for a certain period of time without having to change each time, thus facilitating the key distribution. However, since the block cipher has a problem that the ciphertext transmission error spreads in the plaintext, it cannot be used in the case where the channel quality is poor.
The DES password is the first block cipher published by the US National Bureau of Standards in 1977.
Public key password
The encryption and decryption keys are the same whether they are serial or block ciphers, so they must be kept strictly confidential and must be distributed through secure channels. This is a difficult problem to solve across a large geographical location. In 1976, a public key cryptosystem was proposed, the principle being that the encryption key and the decryption key were separated. In this way, a specific user can publicize the encryption key and algorithm designed by himself, and only secret decrypt the key. Anyone who uses this encryption key and algorithm to send encrypted information to the user can restore it. Therefore, such a cryptosystem is generally referred to as a two-key cryptosystem or an asymmetric cryptosystem. Correspondingly, a sequence cipher, a block cipher, and the like are referred to as a single-key cryptosystem or a symmetric cryptosystem.
The advantage of public key cryptography is that it does not require a secure channel to pass keys, greatly simplifying key management. Its algorithm is sometimes called a public key algorithm or simply a public key algorithm.
In 1978, a specific implementation scheme of public key cryptography was proposed, namely the RSA scheme.
The DSA algorithm proposed in 1991 is also a public key algorithm, which has great application advantages in digital signature.
At present, the encryption and decryption algorithms that are widely used on smart IC cards in the world are DES algorithm, RSA algorithm and DSA algorithm. The following focuses on these three algorithms for the application, and a brief introduction to other related algorithms. .
Application mode of cryptography on IC card
In terms of IC cards, especially smart card applications, the security, integrity and accessibility of information security involve cryptography. The cryptographic technology mainly includes information transmission protection, information authentication and information authorization (digital electronic signature) in several security modes related to IC cards.
At present, with the rapid development of network technology, network applications have penetrated into various fields of society, and INTERNET has gradually entered thousands of households. On such a network information platform, people are eager to obtain real, secure and reliable information. The combination of cryptography and IC card technology will become an important technical means to protect information security on this platform.
The combination of cryptography and IC cards, especially smart IC card technology, will have a very broad application and development prospects.
Information transmission protection
Protecting the information processed and transmitted by the IC card is the most important aspect of the password application. The basic idea of ​​using cryptography is to translate the problem of protecting a large amount of plaintext information into a problem of protecting a small amount of key information, making the information protection problem easy to solve.
In order to prevent the illegal interception of the transmitted information, the cryptographic technology is used to encrypt and protect the transmitted information, so that the illegally intercepted information becomes unreadable and unknowable.
First of all, because the application of the IC card is closely related to the computer, and some of the security protection concepts are derived from this, a brief introduction to the transmission encryption of the computer network is first made. Transmission encryption in computer networks is usually divided into link encryption and end-end encryption. Link encryption encrypts all information passing through each link; end-end encryption is encrypted at the beginning of the information transmission and decrypted at the information receiving point. The advantage of link encryption is that all information including information headers are encrypted, and ciphertext information flows through each link; the disadvantage is that each time a message passes through a node, it is decrypted and then encrypted, so each message is transmitted. The information on one node is to be exposed. The advantage of end-end encryption is that the information is not exposed on each node. The disadvantage is that the header cannot be encrypted. In order to be safe, there are also two ways to combine them.
Correspondingly, there are similar transmission information protection methods on the smart IC card. There are generally three ways: one is the authentication transmission mode (Authentic Transmit Mode); the second is the Encipher Transmit Mode; the third is the hybrid Mixed Transmit Mode.
Authentication transmission method
The authentication transmission method is to attach the corresponding authentication information to the information transmitted between the interface device (IFD) and the IC card (ICC). The information transmitted between the IFD and the ICC can be simply divided into two parts: one is the information head, mainly for transmission control information, such as transmission mode; the other is the information subject.
![]()
The authentication transmission mode has the following characteristics: First, the transmitted information is plaintext and does not have confidentiality; second, the additional authentication information may have various functions such as information authentication, error detection, error correction, etc., but is by no means a general redundancy check.
Encrypted transmission method
The encrypted transmission method is to encrypt the information before transmitting. The information after encryption is confidential, but does not have the functions of error detection and error correction. In addition, in a specific IC card application, there may be several transmission modes at the same time. The transmission mode used for this transmission must be described in the information header, so the information header or part of the information header when the encrypted transmission mode is applied cannot be encrypted. Otherwise, the receiving end will not receive the information correctly because the transmission mode cannot be confirmed.
Mixed transmission method
The hybrid transmission method combines the advantages of the authentication transmission method and the encryption transmission method, and the information to be transmitted is both authenticated and encrypted. Generally, the information is authenticated and then encrypted in the specific implementation. The working principle is shown in Figure 4-6.
Because these kinds of information transmission methods are mainly for time and space in exchange for information transmission security, in an IC card specific application, these information transmission methods can be used alternately or not at all depending on different situations.
The sixth step of the DES algorithm
Add L(i) and X(i) bitwise to form R(i+1), and let R(i) be L(i+1), that is, the output encrypted by the i+1th iteration is obtained. L(i+1)R(i+1), where
L(i+1)= R(i)
R(i+1)= L(i)⊕f(R(i), K(i+1)) (2.1)
(i=0,1,2,...,15)
We can see that each iteration of the DES cryptosystem uses the substitution method and the transposition method and the transposition method to encrypt and transform the output of the previous iteration. When the DES algorithm is implemented by hardware, the replacement function Sj (1 ≤ j ≤ 8) is actually implemented by a substitute box, and the transposition function P is implemented by the transposition box. In order to make the last output ciphertext have no obvious functional relationship with the original input plaintext, the DES algorithm uses 16 iterations. In the first 15 iterations, L(i) in equation (2.1) represents the left 32 bits, and R(i) represents the right 32 bits. For the last iteration, L(16) represents the right 32 bits, and R(16) represents the left 32 bits, that is, no longer left and right exchanges at the last iteration to ensure the symmetry of encryption and decryption.
DES algorithm seventh step
The initial initial transposition IP-1 is performed on R(16)L(16) to obtain a ciphertext.
Inverse initial transposition table IP-1
(slightly)
Known by formula (2.1)
R(i)= L(i+1)
L(i)= R(i+1)⊕f (L(i), K(i+1))
(i=15,14,...,0)
Therefore, the decryption algorithm is the same as the encryption algorithm, and only the order of use of the keys is reversed.
DES algorithm key calculation
Use a 48-bit key in each iteration
K(i)=k1(i)k2(i)...k48(i)
(i=15,14,...,0)
They are based on a 64-bit original key
K=k1k2...k64
Calculated, in which all eight multiples k8, k16, ..., k64 are used as parity bits. Figure 4-3 is a flow chart for calculating the key K(i).
![]()
The first step: first discard all the parity bits in the original key K, and process them by transposition selection 1 (Table 4-6) to become two 28-bit data areas of C(0) and D(0). Group, where
C(0)=c1(0)c2(0)... c28(0) =k57k49...k36
D(0)=d1(0)d2(0)... d28(0) =k63k55...k4
The second step: C(0) and D(0) are each σ(1) left cyclic shift (Table 4-7).
C(1)= λσ(1)C(0)
D(1)= λσ(1)D(0)
The third step: splicing C(1), D(1),
E(1)=e1(1)e2(1)... e56(1) =c1(1)c2(1)... c28(1) d1(1)d2(1)... d28(1)
Use transposition selection 2 (Table 4-8) to select 48 bits from it to form the encryption key used in the first iteration.
K(1)=k1(1)k2(1)... k48(1) =e14(1)e17(1)... e32(1)
Step 4: Recursively generate the key of the i-th (i=2,...16) iteration in the same way.
The encryption calculation and key calculation are summarized together, and the operation process of DES can be simply summarized as follows:
Step 1: Initial input
Input 64-bit original key k1k2...k64 from the outside, where 56 bits are key bits and 8 bits are parity bits;
16 48-bit keys K(1), K(2), ...K(16) are sequentially calculated by k1k2...k64 for the first to the 16th iterations;
Input 64-bit plain text t1t2...t64 from the outside;
Make initial transposition for t1t2...t64, and then divide into 32 bits of L(0), R(0);
The iteration counter is set to 1.
Step 2: Iteration
Applying the extension function to R(i-1) gives E(R(i-1));
If the encryption operation is performed, K(i) is selected; if the decryption operation is performed, K(17-i) is selected;
Calculate E(R(i-1))⊕K(i) to obtain 48-bit data block
Z(i)=z1(i)z2(i)... z48(i)
The Z(i) packet is respectively passed through the corresponding Sj to obtain a 32-bit data block.
Y(i)=y1(i)y2(i)... y32(i)
Applying the transposition function P to Y(i)
X(i)=P(Y(i))
Calculate R(i)= X(i)⊕L(i-1);
Let L(i) = R(i-1);
The iteration counter is incremented by one;
If the iteration counter is less than or equal to 16, redo (6) to (14). Otherwise, (R(16)L(16)) is output after the inverse initial transposition.
DES algorithm implementation and DES password cracking
DES algorithm implementation
The DES algorithm can be used in one of four modes of operation: electronic ciphertext, cipher grouping, output feedback, and ciphertext feedback. Among them, electronic ciphertext is the simplest mode and the security is the worst; cipher grouping links are often implemented in software; output feedback and ciphertext feedback are often implemented in hardware-implemented algorithms.
After the release of DES, dozens of manufacturers have produced DES devices, most of which are used to encrypt sensitive information. With the increasing use of DES applications, various DES-specific chips have emerged. Such DES chips are inexpensive, fast in encryption and decryption, and are widely used in related products.
The DES algorithm can be implemented not only in hardware but also in software.
DES password cracking
During the identification of the DES password, the National Secret Service and the Institute of Computer Science and Technology organized experts from all walks of life to study the security of the DES cryptosystem and discussed all possible ways to decipher the DES cryptosystem. Although some experts and scholars are still skeptical about its safety, the official has reached a very optimistic conclusion. They announced: "There is no systematic analysis that can decipher the DES cryptosystem. If the exhaustive method is used, it is basically impossible to produce a dedicated computer that can decipher a DES key every day before 1990. Even if it can be created at that time. The dedicated machine, its deciphering success rate will only be between 0.1 and 0.2, and the cost may be as high as tens of millions of dollars."
First we consider the problem of deciphering DES passwords with exhaustive methods. Let a ciphertext C and its corresponding plaintext M be known, and encrypt M with all possible keys K until E(M)=C is obtained. The key K used at this time is the secret of the password to be deciphered. key. The time complexity of the exhaustive method is T=O(n), and the space complexity is S=O(1). For the DES password, n=256≈7×1016, even if you use a large computer that can calculate one million keys per second, it takes 106 days to find the key used, so it seems to be very safe. . But Diffie and Hellman pointed out that if you design a very large-scale integrated chip that can calculate a key in one microsecond, it can calculate 8.64 × 1010 keys in one day. If a dedicated machine is made up of a million such integrated pieces, it can decipher the DES code in an exhaustive way in less than a day. At that time (1977) they estimated that the cost of this special machine was about 20 million US dollars. If it is repaid in installments within five years, an average of about $10,000 is paid per day. Since deciphering the average with only an average of half a key space, the average time to obtain a solution is half a day. Thus, the cost of deciphering each DES password is only $5,000. Later, Diffie revised their estimates in 1981, arguing that in 1980 technology, it took an average of two days to decipher the DES password with a dedicated machine costing $50 million. But he and Hellman both predict that in 1990, the cost of a dedicated machine that deciphered the DES code would drop dramatically.
Computation and scientist Tanenbaum pointed out that even without such a dedicated machine, DES can be deciphered by exhaustive methods.
DES password anti-deciphering strategy
After the promulgation of the DES algorithm, it has attracted extensive attention from the academic and business circles. Many manufacturers quickly produced hardware products that implement the DES algorithm. After users bought high-speed and cheap DES hardware products in the market, they began to encrypt their important data, which greatly promoted the use of cryptography.
The academic community has conducted in-depth research on DES cryptography, and has launched a fierce debate around its security and deciphering methods. In a certain sense, it has also promoted the theoretical research of cryptography.
Since the DES algorithm was first published in 1977, people have been skeptical about the security of DES. There are different opinions on the length of the key, the number of iterations, and the design of the S-box. Technically, the criticism of DES is mainly concentrated in the following three aspects.
As a block cipher, the DES encryption unit is only 64-bit binary, which is too small for data transfer because each block contains only 8 characters, and some of them are used for parity or other communication. Overhead.
The key is only 56 bits and the binary is too short. The key K(i) used in each iteration is generated by recursion. This correlation must reduce the security of the cryptosystem. At present, some people think that it is feasible to use the exhaustive method to find the correct key under the existing technical conditions, so it is better not to use the DES algorithm to protect the data for more than 10 years.
The design principle of the S-box used to implement the replacement function Si has not been disclosed, and there may be hidden dangers. Some people are more worried about the "trap" in the DES algorithm. People who know the secret can easily decrypt the ciphertext.
In view of the above DES defects, people have proposed several ways to enhance DES security, mainly in the following three.
Triple DES algorithm
Triple encryption with three different keys is:
C=Ek3(Dk2(Ek1P))
P=Dk1(Ek2(Dk3C))
This method is recommended for cryptographers Merkle and Hellman. It is said that no one has found an attack method for this program.
DES algorithm with independent subkey
Each iteration uses a different subkey instead of a 56-bit binary key. Since each of the 16 iterations uses a 48-bit binary key, this method can enhance the encryption strength of the DES. But according to cryptographers Biham and Shamir, the DES variant can be deciphered using 261 plaintexts instead of the 2,768 choices that people want.
DES algorithm with switched S-box
Biham and Shamir proved that by optimizing the design of the S-box, even the order of the S-box itself, it can resist differential cryptanalysis to further enhance the encryption strength of the DES algorithm.
Other block cipher algorithm
With the gradual aging of DES, the study of block ciphers is also deepening. After DES, a number of new block cipher systems have been proposed in the world in recent years, as shown in Table 4-10. Some of these block ciphers have been deciphered, and some still have high security. The following is an introduction to this algorithm.
FEAL-8 password
The FEAL cryptographic algorithm family was designed by Shimizi and Miyaguchi of NTT (Japan Telegraph and Telephone Corporation). As a block cipher, the main idea compared with DES is to increase the algorithm strength of each iteration, so the speed of the operation can be increased by reducing the number of iterations.
FEAL-8 is an eight-round iterative FEAL cipher algorithm. After the introduction of the FEAL cryptographic algorithm, it attracted the attention of relevant experts. Password experts than Hamm and Shamir use nutrient cryptanalysis techniques to find that they can decipher FEAL passwords faster than exhaustive methods. For example, FEAL-8 can be deciphered by only 2,000 plain texts, and FEAL-4 can be deciphered with only 8 carefully selected plaintexts.
Currently, FEAL has obtained a patent.
LOKI algorithm
The LOKI algorithm, as a potential alternative to DES, debuted in cryptography in 1990. Like DES, LOKI encrypts data in 64-bit binary packets, and also uses 64-bit keys (without parity), all 64 bits are keys. After the release of the LOKI password, the relevant experts deciphered it and proved that the LOKI algorithm of no more than 14 rounds is highly vulnerable to differential cryptanalysis. However, this is still better than the DES of the 56-bit key. The newer version of LOKI's results is LOKI-91.
LOKI has not been patented and anyone can use it. Those interested in using the designer's benchmarking program in commercial products can contact the Director of the Department of Computer Science at the Canberra National Defence College in Australia.
Khufu and Khafre algorithm
The pair of algorithms designed by Merhie in 1990 has a long key that is suitable for software implementation and is completely reliable. The overall design of the Khufu algorithm is the same as DES, except that it has a 512-bit (64-byte) key. The Khafre algorithm is similar to the former and is intended for occasions that cannot be pre-computed. Since the Khufu algorithm has a variable S-box, it can resist attacks from differential cryptanalysis. It is understood that there are no other cryptanalysis results targeting this algorithm.
This cryptographic algorithm has been patented, and the original code of the algorithm is in the patent. Those interested in using this pair of algorithms can contact Peter, Director of the Patent Licensing Department of Xerox.
IDEA algorithm
In 1990, the IDEA password developed by XueJia Lai and Massey was first formed, called PES, the "recommended encryption standard." The following year, according to the analysis results of the cryptographic algorithm by the relevant experts, the designer enhanced the algorithm and called it IPES, which is “improved recommended encryption standardâ€. The algorithm was renamed IDEA in 1992, the "International Encryption Standard."
The key length of the IDEA algorithm is 128 bits. The designer did his best to keep the algorithm unaffected by differential cryptanalysis, and the Laiologists have shown that the IDEA algorithm is not affected by differential cryptanalysis after the fourth round of its eight iterations. Assuming that an exhaustive attack is effective, even if you design a dedicated chip that can test 1 billion keys per second and use 1 billion of such chips for this work, it will take 1013 to solve the problem; On the one hand, if you use 1024 such chips, it is possible to find the key in one day, but people still can't find enough silicon atoms to make such a machine. Currently, there is no published article that attempts to perform cryptanalysis on IDEA. Therefore, it should be said that IDEA is very safe now.
The IDEA block cipher has been patented in Europe, and patents in the US are still pending, and there is no non-commercial use license fee. Business users interested in using the IDEA algorithm can contact Profos, the Solothurm laboratory in Switzerland.
The development of cryptography has produced many cryptographic algorithms. Some algorithms have been disclosed in academic journals, while more are secretly kept secret as military, commercial, and trade secrets. Modern passwords can be summarized into three types: serial ciphers, block ciphers, and public key ciphers. Also associated with cryptography are key management and cryptanalysis.
Serial password
A sequence cipher means that a large number of pseudo-random bit streams are generated by a complicated operation (cryptographic algorithm) using a small number of keys (a chaotic element) for encrypting a plaintext bit stream. Decryption refers to the use of the same key and cipher algorithm and the same pseudo-random bit stream as the encryption to restore the plaintext bitstream.
The sequence cipher consists of two parts: a key and a cryptographic algorithm. The key is changed before each use, and is usually stored inside the cryptographic device or input to the cryptographic device from the outside. The cryptographic algorithm is fixed for a long time. The flexible transformation of the key is an active factor in this cryptographic algorithm, and the key to security is the complexity of the cryptographic algorithm. Sequence ciphers should generally meet three requirements: one is a sufficiently long period; the second is a higher complexity; the third is that the generated key stream meets the requirements of random inspection.
The advantage of serial ciphers is that the computation speed is fast, and errors in ciphertext transmission do not spread in the plaintext. The disadvantage is that the key conversion is too frequent and the key distribution is difficult. Due to the long history of serial ciphers and perfected theories, it is still the mainstream of international cryptography applications.
Block password
The block cipher is to group the plaintext according to a certain bit length, and all of the plaintext group and the key group are encrypted to obtain a ciphertext group. When decrypting, the ciphertext group and the key group are decrypted (inverse operation of the encryption operation) and restored to the plaintext group.
The advantage of the block cipher is that the key can be fixed for a certain period of time without having to change each time, thus facilitating the key distribution. However, since the block cipher has a problem that the ciphertext transmission error spreads in the plaintext, it cannot be used in the case where the channel quality is poor.
The DES password is the first block cipher published by the US National Bureau of Standards in 1977.
Public key password
The encryption and decryption keys are the same whether they are serial or block ciphers, so they must be kept strictly confidential and must be distributed through secure channels. This is a difficult problem to solve across a large geographical location. In 1976, a public key cryptosystem was proposed, the principle being that the encryption key and the decryption key were separated. In this way, a specific user can publicize the encryption key and algorithm designed by himself, and only secret decrypt the key. Anyone who uses this encryption key and algorithm to send encrypted information to the user can restore it. Therefore, such a cryptosystem is generally referred to as a two-key cryptosystem or an asymmetric cryptosystem. Correspondingly, a sequence cipher, a block cipher, and the like are referred to as a single-key cryptosystem or a symmetric cryptosystem.
The advantage of public key cryptography is that it does not require a secure channel to pass keys, greatly simplifying key management. Its algorithm is sometimes called a public key algorithm or simply a public key algorithm.
In 1978, a specific implementation scheme of public key cryptography was proposed, namely the RSA scheme.
The DSA algorithm proposed in 1991 is also a public key algorithm, which has great application advantages in digital signature.
At present, the encryption and decryption algorithms that are widely used on smart IC cards in the world are DES algorithm, RSA algorithm and DSA algorithm. The following focuses on these three algorithms for the application, and a brief introduction to other related algorithms. .
Application mode of cryptography on IC card
In terms of IC cards, especially smart card applications, the security, integrity and accessibility of information security involve cryptography. The cryptographic technology mainly includes information transmission protection, information authentication and information authorization (digital electronic signature) in several security modes related to IC cards.
At present, with the rapid development of network technology, network applications have penetrated into various fields of society, and INTERNET has gradually entered thousands of households. On such a network information platform, people are eager to obtain real, secure and reliable information. The combination of cryptography and IC card technology will become an important technical means to protect information security on this platform.
The combination of cryptography and IC cards, especially smart IC card technology, will have a very broad application and development prospects.
Information transmission protection
Protecting the information processed and transmitted by the IC card is the most important aspect of the password application. The basic idea of ​​using cryptography is to translate the problem of protecting a large amount of plaintext information into a problem of protecting a small amount of key information, making the information protection problem easy to solve.
In order to prevent the illegal interception of the transmitted information, the cryptographic technology is used to encrypt and protect the transmitted information, so that the illegally intercepted information becomes unreadable and unknowable.
First of all, because the application of the IC card is closely related to the computer, and some of the security protection concepts are derived from this, a brief introduction to the transmission encryption of the computer network is first made. Transmission encryption in computer networks is usually divided into link encryption and end-end encryption. Link encryption encrypts all information passing through each link; end-end encryption is encrypted at the beginning of the information transmission and decrypted at the information receiving point. The advantage of link encryption is that all information including information headers are encrypted, and ciphertext information flows through each link; the disadvantage is that each time a message passes through a node, it is decrypted and then encrypted, so each message is transmitted. The information on one node is to be exposed. The advantage of end-end encryption is that the information is not exposed on each node. The disadvantage is that the header cannot be encrypted. In order to be safe, there are also two ways to combine them.
Correspondingly, there are similar transmission information protection methods on the smart IC card. There are generally three ways: one is the authentication transmission mode (Authentic Transmit Mode); the second is the Encipher Transmit Mode; the third is the hybrid Mixed Transmit Mode.
Authentication transmission method
The authentication transmission method is to attach the corresponding authentication information to the information transmitted between the interface device (IFD) and the IC card (ICC). The information transmitted between the IFD and the ICC can be simply divided into two parts: one is the information head, mainly for transmission control information, such as transmission mode; the other is the information subject.
The authentication transmission mode has the following characteristics: First, the transmitted information is plaintext and does not have confidentiality; second, the additional authentication information may have various functions such as information authentication, error detection, error correction, etc., but is by no means a general redundancy check.
Encrypted transmission method
The encrypted transmission method is to encrypt the information before transmitting. The information after encryption is confidential, but does not have the functions of error detection and error correction. In addition, in a specific IC card application, there may be several transmission modes at the same time. The transmission mode used for this transmission must be described in the information header, so the information header or part of the information header when the encrypted transmission mode is applied cannot be encrypted. Otherwise, the receiving end will not receive the information correctly because the transmission mode cannot be confirmed.
Mixed transmission method
The hybrid transmission method combines the advantages of the authentication transmission method and the encryption transmission method, and the information to be transmitted is both authenticated and encrypted. Generally, the information is authenticated and then encrypted in the specific implementation. The working principle is shown in Figure 4-6.
Because these kinds of information transmission methods are mainly for time and space in exchange for information transmission security, in an IC card specific application, these information transmission methods can be used alternately or not at all depending on different situations.
The sixth step of the DES algorithm
Add L(i) and X(i) bitwise to form R(i+1), and let R(i) be L(i+1), that is, the output encrypted by the i+1th iteration is obtained. L(i+1)R(i+1), where
L(i+1)= R(i)
R(i+1)= L(i)⊕f(R(i), K(i+1)) (2.1)
(i=0,1,2,...,15)
We can see that each iteration of the DES cryptosystem uses the substitution method and the transposition method and the transposition method to encrypt and transform the output of the previous iteration. When the DES algorithm is implemented by hardware, the replacement function Sj (1 ≤ j ≤ 8) is actually implemented by a substitute box, and the transposition function P is implemented by the transposition box. In order to make the last output ciphertext have no obvious functional relationship with the original input plaintext, the DES algorithm uses 16 iterations. In the first 15 iterations, L(i) in equation (2.1) represents the left 32 bits, and R(i) represents the right 32 bits. For the last iteration, L(16) represents the right 32 bits, and R(16) represents the left 32 bits, that is, no longer left and right exchanges at the last iteration to ensure the symmetry of encryption and decryption.
DES algorithm seventh step
The initial initial transposition IP-1 is performed on R(16)L(16) to obtain a ciphertext.
Inverse initial transposition table IP-1
(slightly)
Known by formula (2.1)
R(i)= L(i+1)
L(i)= R(i+1)⊕f (L(i), K(i+1))
(i=15,14,...,0)
Therefore, the decryption algorithm is the same as the encryption algorithm, and only the order of use of the keys is reversed.
DES algorithm key calculation
Use a 48-bit key in each iteration
K(i)=k1(i)k2(i)...k48(i)
(i=15,14,...,0)
They are based on a 64-bit original key
K=k1k2...k64
Calculated, in which all eight multiples k8, k16, ..., k64 are used as parity bits. Figure 4-3 is a flow chart for calculating the key K(i).
The first step: first discard all the parity bits in the original key K, and process them by transposition selection 1 (Table 4-6) to become two 28-bit data areas of C(0) and D(0). Group, where
C(0)=c1(0)c2(0)... c28(0) =k57k49...k36
D(0)=d1(0)d2(0)... d28(0) =k63k55...k4
The second step: C(0) and D(0) are each σ(1) left cyclic shift (Table 4-7).
C(1)= λσ(1)C(0)
D(1)= λσ(1)D(0)
The third step: splicing C(1), D(1),
E(1)=e1(1)e2(1)... e56(1) =c1(1)c2(1)... c28(1) d1(1)d2(1)... d28(1)
Use transposition selection 2 (Table 4-8) to select 48 bits from it to form the encryption key used in the first iteration.
K(1)=k1(1)k2(1)... k48(1) =e14(1)e17(1)... e32(1)
Step 4: Recursively generate the key of the i-th (i=2,...16) iteration in the same way.
The encryption calculation and key calculation are summarized together, and the operation process of DES can be simply summarized as follows:
Step 1: Initial input
Input 64-bit original key k1k2...k64 from the outside, where 56 bits are key bits and 8 bits are parity bits;
16 48-bit keys K(1), K(2), ...K(16) are sequentially calculated by k1k2...k64 for the first to the 16th iterations;
Input 64-bit plain text t1t2...t64 from the outside;
Make initial transposition for t1t2...t64, and then divide into 32 bits of L(0), R(0);
The iteration counter is set to 1.
Step 2: Iteration
Applying the extension function to R(i-1) gives E(R(i-1));
If the encryption operation is performed, K(i) is selected; if the decryption operation is performed, K(17-i) is selected;
Calculate E(R(i-1))⊕K(i) to obtain 48-bit data block
Z(i)=z1(i)z2(i)... z48(i)
The Z(i) packet is respectively passed through the corresponding Sj to obtain a 32-bit data block.
Y(i)=y1(i)y2(i)... y32(i)
Applying the transposition function P to Y(i)
X(i)=P(Y(i))
Calculate R(i)= X(i)⊕L(i-1);
Let L(i) = R(i-1);
The iteration counter is incremented by one;
If the iteration counter is less than or equal to 16, redo (6) to (14). Otherwise, (R(16)L(16)) is output after the inverse initial transposition.
DES algorithm implementation and DES password cracking
DES algorithm implementation
The DES algorithm can be used in one of four modes of operation: electronic ciphertext, cipher grouping, output feedback, and ciphertext feedback. Among them, electronic ciphertext is the simplest mode and the security is the worst; cipher grouping links are often implemented in software; output feedback and ciphertext feedback are often implemented in hardware-implemented algorithms.
After the release of DES, dozens of manufacturers have produced DES devices, most of which are used to encrypt sensitive information. With the increasing use of DES applications, various DES-specific chips have emerged. Such DES chips are inexpensive, fast in encryption and decryption, and are widely used in related products.
The DES algorithm can be implemented not only in hardware but also in software.
DES password cracking
During the identification of the DES password, the National Secret Service and the Institute of Computer Science and Technology organized experts from all walks of life to study the security of the DES cryptosystem and discussed all possible ways to decipher the DES cryptosystem. Although some experts and scholars are still skeptical about its safety, the official has reached a very optimistic conclusion. They announced: "There is no systematic analysis that can decipher the DES cryptosystem. If the exhaustive method is used, it is basically impossible to produce a dedicated computer that can decipher a DES key every day before 1990. Even if it can be created at that time. The dedicated machine, its deciphering success rate will only be between 0.1 and 0.2, and the cost may be as high as tens of millions of dollars."
First we consider the problem of deciphering DES passwords with exhaustive methods. Let a ciphertext C and its corresponding plaintext M be known, and encrypt M with all possible keys K until E(M)=C is obtained. The key K used at this time is the secret of the password to be deciphered. key. The time complexity of the exhaustive method is T=O(n), and the space complexity is S=O(1). For the DES password, n=256≈7×1016, even if you use a large computer that can calculate one million keys per second, it takes 106 days to find the key used, so it seems to be very safe. . But Diffie and Hellman pointed out that if you design a very large-scale integrated chip that can calculate a key in one microsecond, it can calculate 8.64 × 1010 keys in one day. If a dedicated machine is made up of a million such integrated pieces, it can decipher the DES code in an exhaustive way in less than a day. At that time (1977) they estimated that the cost of this special machine was about 20 million US dollars. If it is repaid in installments within five years, an average of about $10,000 is paid per day. Since deciphering the average with only an average of half a key space, the average time to obtain a solution is half a day. Thus, the cost of deciphering each DES password is only $5,000. Later, Diffie revised their estimates in 1981, arguing that in 1980 technology, it took an average of two days to decipher the DES password with a dedicated machine costing $50 million. But he and Hellman both predict that in 1990, the cost of a dedicated machine that deciphered the DES code would drop dramatically.
Computation and scientist Tanenbaum pointed out that even without such a dedicated machine, DES can be deciphered by exhaustive methods.
DES password anti-deciphering strategy
After the promulgation of the DES algorithm, it has attracted extensive attention from the academic and business circles. Many manufacturers quickly produced hardware products that implement the DES algorithm. After users bought high-speed and cheap DES hardware products in the market, they began to encrypt their important data, which greatly promoted the use of cryptography.
The academic community has conducted in-depth research on DES cryptography, and has launched a fierce debate around its security and deciphering methods. In a certain sense, it has also promoted the theoretical research of cryptography.
Since the DES algorithm was first published in 1977, people have been skeptical about the security of DES. There are different opinions on the length of the key, the number of iterations, and the design of the S-box. Technically, the criticism of DES is mainly concentrated in the following three aspects.
As a block cipher, the DES encryption unit is only 64-bit binary, which is too small for data transfer because each block contains only 8 characters, and some of them are used for parity or other communication. Overhead.
The key is only 56 bits and the binary is too short. The key K(i) used in each iteration is generated by recursion. This correlation must reduce the security of the cryptosystem. At present, some people think that it is feasible to use the exhaustive method to find the correct key under the existing technical conditions, so it is better not to use the DES algorithm to protect the data for more than 10 years.
The design principle of the S-box used to implement the replacement function Si has not been disclosed, and there may be hidden dangers. Some people are more worried about the "trap" in the DES algorithm. People who know the secret can easily decrypt the ciphertext.
In view of the above DES defects, people have proposed several ways to enhance DES security, mainly in the following three.
Triple DES algorithm
Triple encryption with three different keys is:
C=Ek3(Dk2(Ek1P))
P=Dk1(Ek2(Dk3C))
This method is recommended for cryptographers Merkle and Hellman. It is said that no one has found an attack method for this program.
DES algorithm with independent subkey
Each iteration uses a different subkey instead of a 56-bit binary key. Since each of the 16 iterations uses a 48-bit binary key, this method can enhance the encryption strength of the DES. But according to cryptographers Biham and Shamir, the DES variant can be deciphered using 261 plaintexts instead of the 2,768 choices that people want.
DES algorithm with switched S-box
Biham and Shamir proved that by optimizing the design of the S-box, even the order of the S-box itself, it can resist differential cryptanalysis to further enhance the encryption strength of the DES algorithm.
Other block cipher algorithm
With the gradual aging of DES, the study of block ciphers is also deepening. After DES, a number of new block cipher systems have been proposed in the world in recent years, as shown in Table 4-10. Some of these block ciphers have been deciphered, and some still have high security. The following is an introduction to this algorithm.
FEAL-8 password
The FEAL cryptographic algorithm family was designed by Shimizi and Miyaguchi of NTT (Japan Telegraph and Telephone Corporation). As a block cipher, the main idea compared with DES is to increase the algorithm strength of each iteration, so the speed of the operation can be increased by reducing the number of iterations.
FEAL-8 is an eight-round iterative FEAL cipher algorithm. After the introduction of the FEAL cryptographic algorithm, it attracted the attention of relevant experts. Password experts than Hamm and Shamir use nutrient cryptanalysis techniques to find that they can decipher FEAL passwords faster than exhaustive methods. For example, FEAL-8 can be deciphered by only 2,000 plain texts, and FEAL-4 can be deciphered with only 8 carefully selected plaintexts.
Currently, FEAL has obtained a patent.
LOKI algorithm
The LOKI algorithm, as a potential alternative to DES, debuted in cryptography in 1990. Like DES, LOKI encrypts data in 64-bit binary packets, and also uses 64-bit keys (without parity), all 64 bits are keys. After the release of the LOKI password, the relevant experts deciphered it and proved that the LOKI algorithm of no more than 14 rounds is highly vulnerable to differential cryptanalysis. However, this is still better than the DES of the 56-bit key. The newer version of LOKI's results is LOKI-91.
LOKI has not been patented and anyone can use it. Those interested in using the designer's benchmarking program in commercial products can contact the Director of the Department of Computer Science at the Canberra National Defence College in Australia.
Khufu and Khafre algorithm
The pair of algorithms designed by Merhie in 1990 has a long key that is suitable for software implementation and is completely reliable. The overall design of the Khufu algorithm is the same as DES, except that it has a 512-bit (64-byte) key. The Khafre algorithm is similar to the former and is intended for occasions that cannot be pre-computed. Since the Khufu algorithm has a variable S-box, it can resist attacks from differential cryptanalysis. It is understood that there are no other cryptanalysis results targeting this algorithm.
This cryptographic algorithm has been patented, and the original code of the algorithm is in the patent. Those interested in using this pair of algorithms can contact Peter, Director of the Patent Licensing Department of Xerox.
IDEA algorithm
In 1990, the IDEA password developed by XueJia Lai and Massey was first formed, called PES, the "recommended encryption standard." The following year, according to the analysis results of the cryptographic algorithm by the relevant experts, the designer enhanced the algorithm and called it IPES, which is “improved recommended encryption standardâ€. The algorithm was renamed IDEA in 1992, the "International Encryption Standard."
The key length of the IDEA algorithm is 128 bits. The designer did his best to keep the algorithm unaffected by differential cryptanalysis, and the Laiologists have shown that the IDEA algorithm is not affected by differential cryptanalysis after the fourth round of its eight iterations. Assuming that an exhaustive attack is effective, even if you design a dedicated chip that can test 1 billion keys per second and use 1 billion of such chips for this work, it will take 1013 to solve the problem; On the one hand, if you use 1024 such chips, it is possible to find the key in one day, but people still can't find enough silicon atoms to make such a machine. Currently, there is no published article that attempts to perform cryptanalysis on IDEA. Therefore, it should be said that IDEA is very safe now.
The IDEA block cipher has been patented in Europe, and patents in the US are still pending, and there is no non-commercial use license fee. Business users interested in using the IDEA algorithm can contact Profos, the Solothurm laboratory in Switzerland.
A measuring spoon is a measurement tool used to measure an amount of an ingredient, either liquid or dry, when cooking. It may be made of plastic, metal, and other materials. They are available in many sizes, including the teaspoon and tablespoon. They are smarter and more functional, with comfortable grips, flexible materials, and better balance-all in a modern design.
Measuring Spoon Set,Measuring Spoons,Measuring Scoop,Measuring Tools
V-Boom's Industrial Co.Ltd , http://www.v-booms.com