Main functions of asymmetric encryption algorithms
Asymmetric encryption system does not require the two sides of the communication to pass the key in advance or have any agreement to complete the confidential communication, and the key management is convenient to realize the prevention of counterfeiting and repudiation, so it is more suitable for the requirements of confidential communication in the network communication.
Applications of Asymmetric Encryption
Application 1: Encrypted Communication
|Plaintext|-> Public Key Encryption->|Ciphertext|->|Private Key Decryption->|Plaintext|
This encryption path is used for encrypted communication with other people, and is equivalent to symmetric encryption.
Let’s go back to the Alice and Bob example.
If Bob wants to privately receive messages sent to him by others using asymmetric encryption algorithms, the steps would look like this.
1. First Bob needs to generate a key and a public key using a specifically agreed upon algorithm (e.g., RSA), keeping the key for himself and publicizing the public key to the public.
2. Once Alice has Bob’s public key, she can encrypt the message she wants to send “Alice has transferred 1BTC to Bob, please check.” Encrypt it.
3. Alice then sends the ciphertext (e.g. “FH39ggJ+shi3djifg35”) to Bob.
4. Bob receives the message, decrypts it with his own private key, and restores the message to its original form. “Alice has transferred 1BTC to Bob, please check.”
Since the message encrypted with Bob’s public key can only be decrypted with Bob’s private key (and Bob’s public key is also a no-no), and the private key is only possessed by Bob, he can’t restore the original message even if the message is hijacked by a third party.
Application 2: Digital Signatures
What if it was the other way around, and the private key was encrypted first? This gives rise to another important application of asymmetric encryption: digital signatures
Let’s go back to the Alice and Bob example.
In the Bitcoin system, a message like “Alice has transferred 1BTC to Bob, please check.” Messages like this end up on the ledger by miners and are of interest to both parties involved in the transfer. The beneficiary of such a message is Bob, so let’s think darkly: what if Bob keeps broadcasting to the network that Alice has transferred money to him?
Bob: “Alice has transferred 1BTC to Bob”
Bob: “Alice has transferred 2BTC to Bob”
Bob: “Alice has transferred 3BTC to Bob”
So we need a mechanism to prove that Alice is “volunteering “, i.e., that the message was sent by Alice herself. The steps are as follows:
1. Alice needs to generate a key and a public key using a specifically agreed upon algorithm (e.g., RSA), with the key retained for herself and the public key made public.
2. When Alice wants to send the message Alice has transferred 1BTC to Bob, please check. |My public key is: “gh3giPGFN2jgh3sF”. When Alice encrypts the message using her own private key, suppose the encrypted ciphertext is SHG356g3T4+dh4fh, now this ciphertext can be seen as Alice’s digital signature.
3. Alice puts the message plaintext and digital signature together and sends it to the network
The message sent is similar to this form Alice has transferred 1BTC to Bob, please check. |My public key is: “gh3giPGFN2jgh3sF”. |Signature: “SHG356g3T4+dh4fh”
4. Everyone in the network receiving the message can do the following to complete the verification:
Received the message Alice has transferred 1BTC to Bob, please check. |My public key is: “gh3giPGFN2jgh3sF”. |Signature: “SHG356g3T4+dh4fh”
Decrypt the digital signature SHG356g3T4+dh4fh signed with the private key using the public key gh3giPGFN2jgh3sF provided by Alice in the message
The decryption result is combined with the message plaintext Alice has transferred 1BTC to Bob, please check. |My public key is: “gh3giPGFN2jgh3sF”
If it is consistent, it means the message was sent by Alice herself, because only Alice herself has Alice’s key
If it is not consistent, then the message was not sent by Alice, or it was sent by Alice but has been tampered with
5. So, by the method described in 4, Bob confirms that Alice has given him a transfer worth 1BTC.
Everyone else in the network (miners) successfully verified the authenticity of this message and testified for Bob that his account was added 1 BTC and Alice’s account was reduced by 1 BTC.
Asymmetric encryption of two application scenarios
Using a math game as an example, the teacher lets the student think of an arbitrary three-digit number A, and then tell the teacher the last three digits of the product of A*91, the teacher will get a product of the last three digits *11, the last three digits of the product is the number A.
For example, the number A is 234, 234*91 = 21294, the student tells 294 to the teacher, 294*11 = 3234, the last three digits is the number A.
The principle of this game is (it’s okay to understand later on) 21294, the student tells the teacher 294, 294*11=3234, and the last three digits are the number A.
The principle of this game is that (it’s okay if you don’t understand it, it doesn’t affect the learning later):
91*11=1001, and a three-digit number *1001 is equivalent to shifting left by three digits and then adding yourself to the number A. Therefore, the last three digits of the product of a three-digit number * 1001 product of the last three digits must be equal to that number
In this example, 91 is the public key, which anyone can encrypt with, and 11 is the private key, which only one person has, so only one person can decrypt it.
In this example, the creation of the public and private keys utilizes 1001=91*11, which is secure in that it’s easy to split 1001 into 91 and 11, but it’s hard to guess 1001 and 11 based on 91 alone.
We can also use larger numbers for the public private key, such as 400000001=19801*20201,4000000000000000000000000000001=1199481995446957*3334772856269093, which is more secure. However, the principles of true asymmetric encryption algorithms (such as RSA) are far more complex than this.
The above example, in fact, only introduces the first application scenario of asymmetric encryption:
The sender of a message encrypts the message with a public key, and the receiver decrypts it with a private key.
In fact, there is a second application scenario for asymmetric encryption:
The message sender encrypts the message with the private key, and the receiver decrypts the message with the public key; if it can be decrypted successfully, it means that the source of the message can be trusted.
The above reference is from Zhihu
Characteristics and Uses of Symmetric Encryption Algorithms and Asymmetric Encryption Algorithms
Symmetric Encryption Algorithms
Symmetric encryption algorithms are encryption algorithms that have been applied earlier and have matured technology. In symmetric encryption algorithm, the sender of the data sends the plaintext (original data) together with the encryption key through a special encryption algorithm to make it into a complex encrypted ciphertext. When the recipient receives the ciphertext, if it wants to decode the original text, it needs to decrypt the ciphertext using the encrypted key and the inverse algorithm of the same algorithm, in order to restore it to readable plaintext. In symmetric encryption algorithms, there is only one key, which is used by both the sender and receiver to encrypt and decrypt the data, which requires that the decryptor must know the encryption key beforehand.
Symmetric encryption algorithms are characterized by open algorithms, low computational effort, fast encryption speed, and high encryption efficiency. The disadvantage is that both parties to a transaction use the same key and security is not guaranteed. In addition, each pair of users need to use a unique key that is not known to others every time they use the symmetric encryption algorithm, which makes the number of keys owned by both the sender and receiver grow geometrically, and key management becomes a burden for the users. Symmetric encryption algorithms are more difficult to use on distributed network systems, mainly because of the difficulty of key management and high cost of use. The symmetric encryption algorithms that are widely used in computerized private network systems are des, idea, and aes.
Asymmetric Encryption Algorithms
Asymmetric encryption algorithms use two completely different, but perfectly matched, pairs of keys – a public key and a private key. When encrypting a file using an asymmetric encryption algorithm, the process of encrypting and decrypting plaintext can only be accomplished using a matched pair of public and private keys. Encrypting the plaintext with the public key and decrypting the ciphertext can only be accomplished by using the private key. Moreover, the sender (encryptor) knows the recipient’s public key, and only the recipient (decryptor) is the only one who knows his private key. The basic principle of asymmetric encryption algorithm is that if the sender wants to send an encrypted message that only the recipient can decrypt, the sender must first know the recipient’s public key, and then use the recipient’s public key to encrypt the original text; after receiving the encrypted ciphertext, the recipient can only decrypt the ciphertext by using its own private key. Obviously, the use of asymmetric encryption algorithm, the receiver and sender in the communication before the two sides, the receiver must be long ago randomly generated public key to the sender, while retaining their own private key. Since the asymmetric algorithm has two keys, it is particularly suitable for data encryption in distributed systems. Widely used asymmetric encryption algorithms include the rsa algorithm and the dsa proposed by the National Bureau of Standards of the U.S. Encryption techniques based on asymmetric encryption algorithms are widely used.
What is a symmetric cipher and non-symmetric cipher, analyze the characteristics of these two cryptosystems and application areas
The cryptographic algorithm can be viewed as a complex function of the transformation, C = FM, Key), C represents the ciphertext, that is, the encrypted sequence of characters, M represents the plaintext, that is, to be encrypted sequence of characters, Key represents the key is the secret of the selected sequence of a character. One of the principles of cryptography is that “all secrets reside in the key” and the algorithm can be made public. When the encryption is completed, the ciphertext can be sent to the recipient through an insecure channel, only the recipient with the decryption key can decrypt the ciphertext, i.e., invert the transformation to get the plaintext, and the key must be passed through a secure channel. Currently the popular cryptographic algorithms are DES, RSA, IDEA, DSA, etc. There is also the new Liu’s algorithm, which was invented by Chinese Liu Zunquan. Cryptographic algorithms can be divided into traditional cryptographic algorithms and modern cryptographic algorithms, traditional cryptographic algorithms are characterized by encryption and decryption must be the same key, such as DES and IDEA, etc.; modern cryptographic algorithms will encryption key and decryption key to distinguish from the encryption key and the encryption key in fact can not be decryption key by the encryption key. So that an entity only need to disclose its encryption key (called public key, decryption key called private key) can be, between the entities can communicate secretly, not like the traditional cryptographic algorithms like in the communication before the secret transmission of the key, which is wonderful to think about it. Therefore, traditional cryptographic algorithms, also known as symmetric cryptographic algorithms (SymmetricCryptographicAlgorithms), and modern cryptographic algorithms, known as asymmetric cryptographic algorithms or public-key cryptographic algorithms (Public-KeyCryptographicAlgorithms) were first developed by Diffie and Hellman at the National Computer Conference in 1976. The concept was first introduced by Diffie and Hellman at the 1976 National Computer Conference. According to the encryption of the plaintext processing, cryptographic algorithms can be divided into group cryptographic algorithms and sequence cryptographic algorithms. The group cipher algorithm is to divide the ciphertext into equal length groups and encrypt them separately, while the sequence cipher algorithm is to process one bit by one bit, and use the known key to randomize the sequence and the plaintext according to the bitwise dissimilarity. Of course, when the group length is 1, the two are mixed.