Historical encryption algorithms

Introduction

As a means of security, encryption algorithms are closely related to the lives of most of us. As long as you go online, you will benefit from it, because all websites that use https already use the encryption protocol TLS/SSL. Therefore, we are all passively enjoying the privacy protection and communication security brought by encryption algorithms. In addition, from the security technology level, the network layer to the host file layer, no matter which layer of encryption application or protocol is behind it, it is supported by various encryption algorithms.

This article attempts to discuss the development and evolution of this encryption algorithm that is closely related to our online life from ancient times to the present, as well as the centralized key encryption algorithms that have appeared in the entire process, and lead everyone to understand the interesting behind this algorithm.

The main function of the encryption algorithm is to convert plain text into cipher text to prevent information leakage. The encrypted ciphertext looks similar to garbled characters, but it is not garbled characters. Most of the garbled characters are caused by inconsistent encoding. The encoding does not belong to the encryption algorithm, but only changes the display format. For example, base64 is just an encoding and cannot guarantee plaintext security. When I hear base64 encryption mentioned in the future, it shows that they are unprofessional.

The encryption algorithm needs to ensure the following three points:

1. Confidentiality: Ensure that even if the data is stolen, the thief will not know what it is.

2. Integrity: Ensure that even if the data is hijacked and modified during transmission, the recipient can find that the information has been intercepted and choose to replace it.

3. Availability: Ensure that the overhead and complexity of the encryption algorithm are within the available range.

Encryption algorithms that meet the above requirements have gone through a long historical development period from classical cryptography to modern cryptography.

How did ancient people encrypt? 1. The earliest encryption algorithm in history

Alternative method
The earliest encryption algorithms were mainly used in the military. The earliest records of encryption algorithms in history come from the "Yin Fu" and "Yin Shu" in the Zhou Dynasty's military book "Six Tao. Long Tao". It records:

Tai Gong said: "The Lord and the generals have Yin talismans, which are of the eighth grade. The talisman for defeating the enemy is one foot long. The talisman for defeating the army and capturing the general is nine inches long. The talisman for surrendering the city to capture the city is long. Eight inches. The talisman used to warn the enemy away is seven inches long. The talisman used by the police to stand firm is six inches long. The talisman used to ask for food and reinforcements for the troops is five inches long. The talisman used to signify the death of a defeated army is four inches long. The talisman used to mark the death of a defeated soldier is eight inches long. , three inches long. Those who were entrusted with the talisman and kept it, and if they heard about the talisman and leaked the report, they were all punished. The eight talismans were secretly heard by the generals, so they were able to speak yinly and did not leak the art of understanding Chinese and foreign. Although the enemy is sagely wise, he should not It can be recognized.”

King Wu asked Taigong: "... the talisman cannot be understood; we are far away and the words cannot be understood. What can be done?" Taigong said: "If you have secret matters and serious concerns, you should use books instead of talismans. The master will leave the generals with the books, and will use them as generals. Ask the master of the book. The books are all combined together and separated again. If they are separated again, they will be divided into three parts. Those who come out three times and become aware of each other are talking about three people. They are related to each other but not aware of each other. Yes. This is called Yin Shu. Even though the enemy is sagely wise, no one can recognize it."

Simply put, Yin symbols use eight equal-length symbols to express different messages and instructions. They are a substitution method in cryptography. In application, they convert information into symbols that the enemy cannot understand. This symbol Dharma can only express the eight most critical meanings. As a supplement to the Yin Talisman, Yin Shu uses the text splitting method to directly split a text into three parts, which are sent to the target through three channels. The enemy can only crack the text by intercepting three parts of the text at the same time.

Shift method
Coincidentally, encryption algorithms are also used on a large scale in wars in the far West. Herodotus's "History" records that in the fifth century BC, Greek city-states and the Persian Empire frequently fought wars. The Greek city-states widely used the shifting method to encrypt war communication information, making it difficult for the Persian Empire to obtain military intelligence from the other side. Military deployment cannot be made in advance. Each paragraph of text used by Greek city-states to transmit military information and orders has a fixed number of words, and the person receiving the secret will have a text shifting instruction in his hand. After the decryptor obtains the ciphertext, he decrypts it according to the shift instructions and deciphers the military order or message.

2. The Caesar Cipher Evolved from Ancient Ciphers

Classical passwords mainly use the movement method and the substitution method. Among them, the shifting method is to move the plaintext in a fixed direction by a specific number of bits. For example, I love you is shifted to the right by 4 bits and becomes M pszi csy. After gradual development and improvement, the most famous one is the Caesar cipher. But the frequency of English or Latin letters is not consistent. Take the English alphabet as an example: the letter e appears more frequently than other letters. After obtaining enough ciphertext samples, the shift rule can be accurately found through frequency calculation to crack the ciphertext. Therefore, most Caesar ciphers use the substitution method to define a plaintext ciphertext mapping table:

This method can solve the problem of exhaustive keys to a certain extent, but it is still helpless against frequency attacks with large amounts of data. Later, this mode was developed to rely on introducing some specific parameters to disrupt the frequency and increase the difficulty of decryption.

In the later period of classical ciphers, a series of cipher types such as Vigenère cipher, ROT5/13/18/47, and Morse code were developed. But they are all based on the substitution method and the shift method, and security is mainly guaranteed by the non-disclosure of the algorithm.

Modern people’s more scientific encryption algorithm

Classical encryption algorithms are essentially changes in linguistic patterns. It was not until the middle of the 20th century that Shannon published the article "Communication Theory of Secret Systems", which marked a shift in the focus of encryption algorithms to applied mathematics. As a result, three types of encryption algorithms that are important today have gradually emerged: asymmetric encryption, symmetric encryption, and hash algorithms. These three types of algorithms are often used in combination to achieve the best results.

1. Symmetric encryption algorithm

Symmetric encryption algorithm is one of the most widely used encryption algorithms. Commonly used algorithms include DES algorithm, AES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm, etc. Its characteristic is that both encryption and decryption parties use the same key for encryption and decryption. According to different principles, symmetric encryption can be roughly divided into two types: stream encryption and block encryption.

Stream Encryption
Stream encryption is a type of symmetric cryptographic algorithm that encrypts plaintext character by character and correspondingly. The ciphertext can be obtained by performing agreed operations on the plaintext and key bit by bit. Among stream encryption algorithms, RC4 and GSM are the most famous. The simplest model is the XOR stream encryption example, such as:

The principle of stream encryption is simple, but its algorithm structure has weaknesses. As long as partial plaintext is leaked, an attacker can easily calculate the key. In addition, because it is encrypted on a bit-by-bit basis, even if an attacker tamperes with the data, the original data structure will not be destroyed, making it difficult for the recipient to detect the changes. Although stream encryption is fast and efficient, it is less secure and is not recommended for encrypting critical information.

Block Encryption
The internal implementation of block encryption is much more complicated. Each encryption block will go through at least 16 rounds of operations. Representative algorithms include DES and AES. It is currently recommended to use AES, DES is no longer safe.

DES

DES is an earlier symmetric encryption standard. The core is mainly divided into three steps: initial permutation, round function, and inverse permutation. It was widely used at that time. As computer performance continues to improve, brute force cracking of DES becomes increasingly easier. Therefore, DES is no longer safe and has been gradually replaced by 3DES and AES in the past decade.

AES

AES has been analyzed and demonstrated by many parties and is widely used around the world. It is currently one of the most secure symmetric encryption algorithms. In the past decade, AES has become one of the most popular algorithms for symmetric key encryption. Unlike DES, AES uses a substitution-permutation network rather than the Feistel architecture.

Most AES calculations are completed in a special finite domain. The encryption process operates on a 4×4 byte matrix. This matrix is ​​also called the "state", and its initial value is a plaintext block. . When encrypting, each AES encryption cycle (except the last round) contains 4 steps:

AddRoundKey - Each byte in the matrix is ​​XORed with the round key; each subkey is generated by the key generation scheme.

SubBytes - Replace each byte with the corresponding byte using a lookup table through a non-linear replacement function.

ShiftRows - circularly shift each column of the matrix.

MixColumns - An operation that fully mixes individual rows in a matrix, using a linear transformation to mix the four bytes of each column. The MixColumns step is omitted from the last encryption loop and replaced by another ddRoundKey.

Encryption mode

AES and DES both support different encryption modes internally, and the security and efficiency of each mode are quite different. Among the two most common modes, ECB and CBC, the ECB mode has high encryption efficiency but low security. The mode is as shown below:

Every time Key encrypts individual blocks, which can be easily cracked by the other party. However, since there is no correlation between each module, it can be operated concurrently, greatly improving encryption efficiency. Typically, ECB is 5-6 times more encryption efficient than CBC. But CBC is higher and safer than ECB. The pattern is as shown below:

Each block of encryption introduces a different IV, which requires iteration on the previous block to finally complete the entire encryption process. Since the IV of each block is related to the ciphertext block, concurrent mode cannot be used and the entire process must be serialized. If it is not due to extremely high performance requirements, it is recommended to use the safer and more reliable CBC mode.

2. Asymmetric encryption algorithm

The biggest difference between asymmetric encryption algorithms and symmetric encryption algorithms is that the encryption key and decryption key are no longer one. This method is mainly to deal with the "multiple encryptors, one decryptor" model. So a public key system emerged in this many-to-one relationship. A public key corresponds to a private key. The public key is public, and any data sender uses the public key to encrypt the data, but the content encrypted by the public key can only be decrypted by the private key. The mathematics behind it range from the decomposition of large numbers to the discrete logarithm problem on complex elliptic curves, which is very complex. Common asymmetric encryption algorithms include DSA algorithm, RSA algorithm, Elgamal algorithm, backpack algorithm, Rabin algorithm, D-H algorithm, ECC algorithm, etc. The execution efficiency of asymmetric encryption algorithms restricts the actual application of the algorithm, so most of them are used in identity authentication and will not be used in communications.

3. Hash algorithm

Hash algorithm is also one of the very common encryption algorithms. It is not used for data transmission, but to verify whether the data has been tampered with to prevent criminals from tampering with the data. The characteristic is that no matter how long the original text is, it will become a fixed-length string, which can only be encrypted but not decrypted (only one-way operation). Common hashing algorithms include MD5, SHA-1, SHA 224/256/512, etc. The first two have been proven to be no longer secure, and it is recommended to use highly secure algorithms such as SHA 256/512.

The above encryption algorithms have been widely used in various fields.

Database Encryption Algorithm

With the rapid development of cloud and big data, databases are gradually migrating from secure LAN environments to private clouds and even public clouds. When databases are migrated to the cloud, they face more severe security challenges. Key data is stored in the database, and there are many hidden security risks in cloud hosts. Therefore, cloud database encryption has become a good medicine to solve security risks.

Symmetric encryption algorithm

Different from file encryption and communication encryption, database encryption requires special attention to the expansion of the encryption algorithm and has strict requirements on the performance of the encryption algorithm. In 2009, when Anhua Jinhe was developing database encryption products, he first excluded the stream encryption algorithm among symmetric algorithms. The reason is that although this algorithm has natural advantages in operating efficiency and solving data expansion, it has disadvantages under certain circumstances. safety.

In order to pursue encryption efficiency, some domestic security manufacturers still use this method, but the most basic security requirements are ignored. A more secure approach is to use block encryption (AES) in symmetric encryption for related encryption processing. Block encryption has high security and is relatively secure, but it needs to solve the expansion problem caused by data block size restrictions. This requires designing a sufficiently sophisticated usage plan based on specific situations or fields to solve the expansion problem for different fields or types, and ultimately form a perfect database encryption solution.

domestic password algorithm

Cryptographic algorithms are the core technology to ensure information security. They play a vital role in protecting national secrets and core data in various industries. They use internationally accepted cryptographic algorithm systems and related standards such as 3DES, SHA-1, and RSA. There are major safety risks. Therefore, from the perspective of national security and long-term strategy, relevant state agencies and regulatory agencies have put forward requirements to promote the application and implementation of national secret algorithms and strengthen industry security and controllability. At present, when domestic database encryption products are faced with user selection and evaluation, a considerable number of them are based on supporting national secret algorithms. This is very important for users in related industries such as government, military industry, and confidentiality. National information security must be guaranteed. To get rid of over-reliance on foreign technologies and products, encryption algorithms, as key security technologies, should be domestically produced.

Specifically, domestic cryptographic algorithms refer to domestic commercial cryptographic algorithms recognized by the State Cryptographic Bureau. For example, in the financial field, the three public algorithms SM2, SM3, and SM4 are currently mainly used. Take the SM4 algorithm as an example: The SM4 block cipher algorithm is a block symmetric cipher algorithm independently designed in my country. It is used to implement data encryption/decryption operations to ensure the confidentiality of data and information. The basic condition to ensure the security of a symmetric cryptographic algorithm is that it has sufficient key length. The SM4 algorithm and the AES algorithm have the same key length block length of 128 bits, so it is more secure than the 3DES algorithm.

The above is the detailed content of Historical encryption algorithms. For more information, please follow other related articles on the PHP Chinese website!