Basic concepts of cryptography

1. Main tasks of cryptography

Cryptography is not only a method of providing information security, but also a collection of mathematical techniques. There is no doubt that cryptography is a discipline that mainly exists to deal with information security, but in general, in many aspects of information security, cryptography mainly provides the following aspects of protection for digital information in storage and transmission.

CONFIDENTIALITY

It is a security attribute that allows specific users to access and read information, while non-authorized users cannot understand the content of the information. In cryptography, the confidentiality of information is achieved through encryption techniques.

Data integrity

Data integrity is a security attribute used to ensure that data is not modified without authorization during storage and transmission. To provide this information security property, users must have the ability to detect unauthorized modifications. Unauthorized modifications include data tampering, deletion, insertion and replay. Cryptography can achieve data integrity protection by using technologies such as data encryption, message authentication, or digital signatures.

Identification

Authentication services include identity authentication and data source authentication. For a communication, you must be sure that the counterparty of the communication is the intended entity, which involves identity authentication. For data, it is still expected that each data unit is sent to or originates from the expected entity. This is data source authentication. Data source authentication implicitly provides data integrity services. Cryptography can provide this authenticity service through techniques such as data encryption, digital signatures, or authentication protocols.

Non-repudiation

This is a complete feature used to prevent communicating entities from denying previous communications and related content. Cryptography provides this service through technologies such as symmetric encryption or asymmetric encryption, as well as digital signatures, with the assistance of trusted agencies or certificate authorities.

2. Concept of cryptosystem

Plaintext: the original message.
ciphertext: The transformed message.
Encryption: The information transformation process that converts original information (plaintext) into ciphertext.
Decryption (decrypt): The process of restoring encrypted information (ciphertext) to the original information plaintext, also called decryption.
Cryptography algorithm: Abbreviated as (cipher), it usually refers to the information transformation rules used in the encryption and decryption process. It is a mathematical function used for information encryption and decryption. The rules used to encrypt plain text are called encryption algorithms, and the rules used to decrypt cipher text are called decryption algorithms. The operations of encryption and decryption algorithms are usually performed under the control of a set of keys.
Key (secrect key): A variable parameter in a cryptographic algorithm, usually a set of random sequences that meet certain conditions. The one used for the encryption algorithm is called the encryption key, and the one used for the decryption algorithm is called the decryption key. The encryption key and the decryption key may be the same or different. The key is often represented by k. Under the action of key k, the encryption transformation is usually marked as $$E_k(.)$$, and the decryption transformation is marked as $$D_k(.)$$ or $$E_k^{-1}(.) $$.

3.Cryptosystem

Usually a cryptographic system can have the following parts:

1. Message space $$M$$ (also called plaintext space): the set of all possible plaintexts $$m$$;

2. Ciphertext space $$c$$: the set of all possible ciphertexts $$c$$;

3. Key space $$K$$: the set of all possible keys $$k$$, where each key k consists of an encryption key $$k$$ and a decryption key $$k_d$$, That is $$k = (k_e,k_d)$$;

4. Encryption algorithm $$E$$: a cluster of encryption transformations from $$M$$ to $$C$$ controlled by an encryption key;

5. Decryption algorithm $$D$$: a set of decryption transformations from $$C$$ to $$M$$ controlled by the decryption key.

The five ancestors $${ M, C, K, E, D }$$ are called a cryptographic system. In the cryptosystem, for each determined key $$k$$, the encryption algorithm will determine a specific encryption transformation, and the decryption algorithm will determine a specific decryption transformation, and the decryption transformation is the inverse transformation of the encryption transformation. For each plaintext $$m$$ in the plaintext space $$M$$, the encryption algorithm $$E$$ encrypts the plaintext $$m$$ into ciphertext$ under the control of the encryption key $$k$$ $c$$; and under the control of the key $$k_d$$, the ciphertext $$c$$ is decrypted into the same plaintext $$m$$, that is: for $$\forall m\in M,(k_e, kd)\in K$$, there is $$D{kd}(E{k_e}(m)) = m$$.
In the above communication model, there is also a ciphertext $$c$$ that can be intercepted from the ordinary channel by a cryptographic attacker or decipherer. The goal of his work is to obtain the ciphertext $$k$$ without knowing the key $$k$$. Try to recover plaintext $$m$$ or key $$k$$ from ciphertext $$c$$. A cryptosystem is said to be decipherable if a cryptanalyst can deduce the plaintext or the key from the ciphertext alone, or the key from both the plaintext and the ciphertext. On the contrary, the cryptosystem is said to be unbreakable.

4. Attacks on cryptosystems

The main methods used by cryptanalysts to decipher or attack passwords include Qiongju attack method, statistical analysis method and mathematical analysis method.

Exhaustive attack method

Exhaustive attack method is also called brute force or brute force attack. This attack method is to try to traverse all possible keys for the intercepted ciphertext until an intelligible conversion from ciphertext to plaintext is obtained; or use the same key to encrypt all possible plaintexts until the intercepted ciphertext is obtained. until the ciphertext is consistent. Obviously, for any cryptosystem with a known cryptographic algorithm, as long as the attacker has enough computing resources, this method can be successful. Brutal attack is one of the most basic attack methods on passwords. The main methods to combat the Qiongju attack include: increasing the key length, adding random redundant information in plaintext and ciphertext, etc.

Statistical analysis method

Statistical analysis attacks refer to the method by which cryptanalysts decipher passwords based on the statistical rules of plaintext, ciphertext and keys.
For example, in the classic transposition cipher and permutation cipher system, it can be deciphered by analyzing the frequency and other statistical parameters of single letters, double letters, triple letters, etc. The main method to combat statistical analysis attacks is to try to prevent the statistical properties of the plaintext from being substituted into the ciphertext. In this way, the ciphertext does not carry traces of the plaintext, but exhibits great randomness, thereby defeating statistical analysis attacks. Being able to resist statistical analysis attacks has become a basic requirement for modern cryptography.

Mathematical Analysis

Mathematical analysis attacks refer to cryptanalysts using mathematical solutions to decipher passwords based on the mathematical basis of encryption and decryption algorithms and certain cryptographic properties. Mathematical analysis attacks are a major threat to various cryptographic algorithms based on mathematical puzzles. To combat this attack, encryption algorithms with a solid mathematical foundation and sufficient complexity should be used.
The types of cryptanalysis attacks against cryptographic systems can be divided into the following four types:

• Ciphertext-only attack
• plaintext-known attack
• chosen-plaintext attack
  -chosen-ciphenext attack

5. Security of password system (1)

There are three main ways to evaluate the security of a cryptographic system:

Unconditional security

This evaluation method considers the assumption that an attacker has unlimited computing resources but is still unable to break the cryptosystem. According to the point of view of information theory, the uncertainty of the plaintext before and after the attacker observes the ciphertext is equal, that is, the attacker will not obtain any information that helps decipher the cryptosystem by observing the ciphertext. This kind of cryptosystem is theoretically unbreakable, or it can be said that the cryptosystem has perfect secrecy or unconditional security.

Computational Security

This method means that the calculation required to break it using the best current method far exceeds the attacker's computing resource level, so this cryptosystem can be defined as safe.
In theory, only one-time pad systems can truly achieve unconditional security. All other systems can be decrypted by at least one ciphertext-only attack method, which is the exhaustive attack method. In fact, although the use of brute force attack methods is theoretically feasible, when the key space is large enough, due to limitations of computing conditions and resources, if it cannot be successfully deciphered within the desired time or under actually possible conditions, it is called computing. Computationally unbreakable (computationally unbreakable), this cryptosystem is actually unbreakable and can be considered to satisfy computational security. Most of the currently used symmetric and asymmetric cryptographic schemes fall into this category, so computational security is also called practical security.

Provably safe

This method attributes the security of the cryptosystem to a certain well-studied mathematical problem (such as large integer prime factorization, calculation of discrete logarithms, etc.) that has proven difficult to solve. The problem with this evaluation method is that it only says that the security of this cryptographic method is related to a certain difficult problem, but does not fully prove the security of the problem itself and give proof of their equivalence.

6. Security of password system (2)

Open design principles should also be followed when designing and evaluating cryptographic systems, which is the famous Kerckhoffs principle. Its core content is: even if the algorithms in the cryptosystem are known to cryptanalysts, it is difficult to deduce the plaintext or key from the intercepted ciphertext. In other words, the security of the cryptographic system should only rely on the confidentiality of the key, not the confidentiality of the algorithm. A cryptosystem is only secure if it remains secure assuming that the attacker has sufficient research on cryptographic algorithms and has sufficient computing resources.
Not basing the security of a cryptosystem on the confidentiality of the algorithm means that the cryptographic algorithm can be made public and can be analyzed, even if the attacker knows the cryptographic algorithm. For commercial cryptosystems, the advantages of public cryptographic algorithms include the following aspects:

1. Conducive to public testing and evaluation of the security of cryptographic algorithms;
2. Prevent cryptographic algorithm designers from hiding backdoors in algorithms;
3. Easy to standardize cryptographic algorithms;
4. It is conducive to the large-scale production of products using cryptographic algorithms to achieve low cost and high performance.

However, it must be pointed out that the disclosure principle of cryptographic design does not mean that all cryptographic algorithms must be disclosed when applied.
For a cryptographic system that provides confidentiality services to be practical, it must meet the following basic requirements:

1. The confidentiality of the system does not rely on the confidentiality of the encryption system or algorithm, but only relies on the security of the key. "All secrets are contained in the key" is an important principle in the design of cryptographic systems.
2. Satisfy actual security, so that after the decipherer obtains the ciphertext, it is computationally infeasible to determine the key or the corresponding plaintext within the effective time and cost range.
3. Encryption and decryption algorithms should be applicable to all elements in the plaintext space and key space.
4. Encryption and decryption algorithms can be calculated efficiently, and cryptographic systems are easy to implement and use.

7. Cryptosystem classification

According to the number of keys used in the cryptographic algorithm

Depending on whether the keys used by the encryption algorithm and the decryption algorithm are the same, or whether the decryption/encryption key can be simply derived from the encryption/decryption key, cryptosystems can be divided into symmetric ciphers (symmetric cipher), also known as symmetric ciphers. key cryptography, secret key cryptography, symmetric key cryptography or conventional cryptography) and asymmetric cipher (also known as dual-key cryptography, public key cryptography, asymmetric key cryptography) .

According to the processing method of plain text information

According to how cryptographic algorithms process plaintext information, symmetric cryptosystems can be further divided into block ciphers and stream ciphers (also called stream ciphers).
Block ciphers group messages into groups, processing the input one data block (group) element at a time, and producing an output block for each input block. When encrypting with block cipher 1, a plaintext block is treated as a whole to produce an equal-length cipher block output. The block size usually used in block ciphers is 64 bits or 128 bits, and the block algorithms include DES, AES, IDEA, RC6, etc.
Sequence ciphers process input elements continuously and produce output one element at a time as the processing proceeds. When encrypting with sequence ciphers, they encrypt one bit or byte at a time. Typical sequence codes include RC4, A5, SEAL, etc.

Depending on whether to perform reversible encryption transformation

According to whether the cryptographic algorithm can perform reversible encryption transformation, it can be divided into one-way functional cryptography system and two-way cryptography system.
The one-way function cryptosystem is a special type of cryptosystem. Its nature is that it can easily convert plaintext into ciphertext, but it is indeed infeasible and sometimes even impossible to convert ciphertext into correct plaintext. One-way functions are only suitable for certain special applications that do not require decryption, such as the storage of user passwords and the integrity protection and identification of information.
Bidirectional transformation cryptosystem refers to the ability to perform reversible encryption and decryption transformations. Most encryption algorithms fall into this category. It requires that the cryptographic algorithm used can perform reversible two-way encryption and decryption transformations. Otherwise, the recipient will not be able to convert the ciphertext. Restore to clear text. Typical one-way functions include MD4, MD5, SHA-1, etc.

8. Symmetric and asymmetric cryptosystems

Symmetric cryptosystem

If a cryptosystem that provides confidentiality services has the same encryption key and decryption key, or even though they are different, one of them can be easily derived from the other, then the system uses a symmetric cryptosystem.
DES, AES, IDEA, RC6, etc. are all typical symmetric cryptosystems. Obviously, when using a symmetric cryptosystem, if an entity has encryption (or decryption) capabilities, it must also have decryption (or encryption) capabilities.

Asymmetric cryptography

If a cryptosystem that provides confidentiality services uses two different keys to implement the encryption algorithm and decryption algorithm, and the decryption key cannot be derived from the encryption key, then the system uses an asymmetric cryptography system. Each user using asymmetric key cryptography has a selected pair of keys. One of them can be made public and is called the public key (public key), referred to as the public key; the other is kept secretly by the user, called the private key (private key), referred to as the private key. Such as RSA, E1Gamal, elliptic curve cryptography, etc. are all typical examples of asymmetric key cryptography systems.
In terms of security performance, symmetric key cryptography is based on complex nonlinear transformations and iterative operations to achieve algorithm security performance, while asymmetric key cryptography is generally based on a recognized mathematical problem to achieve security. Since the security level of the latter is closely related to actual computing power, it is generally believed that the security strength of asymmetric key cryptography systems is not as high as that of symmetric key cryptography systems.