Cryptanalysis: deep understanding of symmetric encryption and key agreement Technology

2020-12-07 11:05:38

The author is Jingdong Zhilian cloud - Platform security group   Zhang Jingshen

password , It has become the most frequently used thing by the contemporary Internet people , It is quietly guarding our information security . But people have not paid enough attention to the password , So often there will be “123456” This weak code . You may find it funny , But this password has always been at the top of the most common password list , Yes 250 ten thousand People are using , More than... In terms of data disclosure 2300 ten thousand Time , Hackers can successfully crack in less than a second .

Fortunately, in our society , There's always a group of people working on cryptography , Protecting our information security 、 System security . Cryptography has a long history , Its primary purpose is to hide the meaning of information , It's not the existence of hidden information . Cryptography has also promoted computer science , Especially the technology used in computer and network security , Such as access control and confidentiality of information . Cryptography has been applied in daily life ： Include ATM chip cards Computer users access passwords Electronic Commerce wait .

Cryptography is a vast subject , Numerous scholars and researchers who have been studying for decades can only make very small achievements . The following figure shows the author's understanding of cryptography framework , It is enough to show the breadth and profundity of this subject . This paper introduces and demonstrates a small part of cryptography .

▲ chart 1 A partial understanding of the disciplinary framework of cryptography ▲

One 、 Symmetric encryption algorithm

The theoretical basis of encryption is replace and transposition . Substitution is mainly used to disturb , Use different bits 、 Character or grouping of characters to replace the original bit 、 A character or grouping of characters . Transposition is mainly used for diffusion , Don't replace the original text with different text , Instead, the original values are replaced , That is to rearrange the original bits 、 Characters or groups of characters to hide their original meaning .

Symmetric encryption is An encryption algorithm that uses the same key for encryption and decryption . It is characterized by high speed , Efficient , So it is widely used in the core of many encryption protocols , It is also a kind of encryption method that we usually contact more .

▲ chart 2 Symmetric encryption algorithm encryption and decryption process ▲

Common symmetric encryption algorithms

The common symmetric encryption algorithms are as follows ：

1. Data encryption standard （DES,Data Encryption Standard）, Use 64 A key , among 56 Bits are used for encryption ,8 Bits are used for parity . Because of the weak encryption strength , It is not recommended to use ;
2. triple DES, yes DES Upgraded version . 3DES It's not used directly “ encryption -> encryption -> encryption ”  The way , Instead, it adopted “ encryption -> Decrypt -> encryption ” The way . The main benefits of this realization are , When all three keys are the same , The first two steps of encryption and decryption results offset each other , The overall result is equivalent to only one encryption , Therefore, it can be realized that DES Compatibility of encryption algorithms . That's why triple DES It can be popular , And double DES Or quadruple DES It's gone ;
3. Advanced encryption standard （AES,Advanced Encryption Standard）, AES Support 128、192 and 256 A key , More in 3DES Faster 、 safer ;
4. International data encryption algorithm （IDEA,International Data Encryption Algorithm） , The key length used is 128 position ;
5. Blowfish Algorithm , The key length is 32-448 position .

Two 、 Key distribution

1, Common key distribution methods

Symmetric encryption requires both parties to negotiate and distribute the key before encrypted communication , Generally speaking, key distribution can be in the following ways ：

Alice Select a key and pass it to Bob;

The third party Cindy Select the key and pass it to Alice and Bob;

If Alice and Bob A key has been used before , Then one party can encrypt the new key with the old key and send it to the other party ;

If Alice and Bob With a third party Cindy There is an encrypted connection between , be Cindy The key can be sent to Alice and Bob.

2, More convenient key distribution

Affected by the characteristics of symmetric encryption algorithm itself , When multiple users communicate with each other using symmetric encryption algorithm , The number of keys increases exponentially , It is a great challenge for key distribution and management . When the number of users is n, The maximum number of keys is n*(n-1)/2. Such as the 100 Users , At the most 4950 Key .

With the development of technology , There are also some new solutions to symmetric key distribution , Such as asymmetric encryption algorithm ,Diffie–Hellman Algorithm etc. . This kind of algorithm makes the negotiation and management of symmetric encryption key easier and more reliable . When using asymmetric encryption n Users only need to maintain n Key pair , Greatly reduces the key size .

Diffie-Hellman Algorithm （ abbreviation DH Algorithm ） yes Whitefield Diffie and Martin Hellman stay 1976 A secret key exchange algorithm published in . It's a way to create a secret key , Not encryption . Based on this secret key exchange technology ： Both sides of the communication have no prior information from each other , A key can be negotiated over an insecure channel . This key is generally used as a symmetric encryption key to encrypt subsequent data transmission between both parties .

It's the same as the theory of asymmetric encryption ,DH The algorithm is also based on a mathematical problem , The difficulty of computing discrete logarithms . say concretely , hypothesis Alice Need and Bob Need to negotiate a secret key , It's a process like this ：

▲ chart 3 DH Algorithm key agreement process ▲

3, utilize DIFFIE-HELLMAN Algorithm negotiation key instance

Calculated ,Alice And Bob The key of this negotiation is 36.

The original method of root calculation python The implementation is shown in the figure below ：

▲ chart 4 The original method of root calculation python Realization ▲

3、 ... and 、 At the end

about DH Algorithm , Although both parties have no prior information , Key agreement can be done , But the key agreement process also has the risk of man in the middle attack .

Security in modern cryptography is based on the confidentiality of the key , Instead of the secrecy of classical cryptography algorithms . For most ordinary users or organizations , Instead of trying to develop your own encryption algorithm , Using mature algorithms directly , It's more reasonable to focus on key preservation .

Welcome to click Jingdong Zhilian cloud , Learn about the developer community

More wonderful technology practice and exclusive dry goods analysis

Welcome to your attention 【 Jingdong Zhilian cloud Developer 】 official account

https://chowdera.com/2020/12/20201207110410395s.html