Johdanto
Symmetricencryption(alsocalledprivatekeyencryption)referstoanencryptionalgorithmthatusesthesamekeyforencryptionanddecryption.Sometimescalledtraditionalcryptographicalgorithm,thatis,theencryptionkeycanbecalculatedfromthedecryptionkey,andthedecryptionkeycanalsobecalculatedfromtheencryptionkey.Inmostsymmetricalgorithms,theencryptionkeyandthedecryptionkeyarethesame,sothisencryptionalgorithmisalsocalledasecretkeyalgorithmorasinglekeyalgorithm.Itrequiresthesenderandreceivertoagreeonakeybeforecommunicatingsecurely.Thesecurityofthesymmetricalgorithmdependsonthekey.Leakingthekeymeansthatanyonecandecryptthemessagestheysendorreceive.Therefore,theconfidentialityofthekeyisveryimportanttothesecurityofcommunication.
ominaisuudet
Thecharacteristicsofthesymmetricencryptionalgorithmarethatthealgorithmisopen,theamountofcalculationissmall,theencryptionspeedisfast,andtheencryptionefficiencyishigh.
Thedisadvantageisthatbothpartiesinthetransactionusethesamekey,andsecuritycannotbeguaranteed.Inaddition,everytimeeachpairofusersusesasymmetricencryptionalgorithm,theyneedtouseauniquekeythatothersdon'tknow.Thiswillincreasethenumberofkeysownedbybothsendersandreceiversexponentially,andkeymanagementbecomesaburdenonusers.Symmetricencryptionalgorithmsaremoredifficulttouseondistributednetworksystems,mainlybecausekeymanagementisdifficultandtheusecostishigh.Comparedwiththepublickeyencryptionalgorithm,thesymmetricencryptionalgorithmcanprovideencryptionandauthenticationbutlacksthesignaturefunction,whichreducesthescopeofuse.SymmetricencryptionalgorithmswidelyusedincomputerprivatenetworksystemsincludeDESandIDEA.AESadvocatedbytheNationalBureauofStandardsisabouttoreplaceDESasanewstandard.
Theadvantageofthesymmetricencryptionalgorithmliesinthehighspeedofencryptionanddecryptionandthedifficultyofcrackingwhenusinglongkeys.Assumingthattwousersneedtousesymmetricencryptiontoencryptandthenexchangedata,theusersneedatleast2keysandexchangethem.Iftherearenusersintheenterprise,theentireenterpriseneedsn×(n-1)keysintotal.Thegenerationanddistributionofkeyswillbecomeanightmareforcorporateinformationdepartments.Thesecurityofthesymmetricencryptionalgorithmdependsonthepreservationoftheencryptionkey,butitisimpossibletorequireeveryoneintheenterprisewhoholdsthekeytokeepthesecret.Theyusuallyleakthekeyintentionallyorunintentionally—ifoneThekeyusedbytheuserisobtainedbytheintruder,andtheintrudercanreadallthedocumentsencryptedbytheuser'skey.Iftheentireenterprisesharesanencryptionkey,theconfidentialityoftheentireenterprisedocumentwillbeimpossibletotalkabout.
Tietyt goritmit
Sisältää pääasiassa DESalgorithmin, 3DESalgoritmin, TDEAalgoritmin, Blowfishalgorithmin, RC5-algoritmin, IDEA-algoritmin.
Hereisabriefintroductiontotheencryptionalgorithmbasedon"symmetrickey".
"symmetriseen avaimeen" perustuvat salausalgoritmit sisältävät pääasiassa DES, TripleDES, RC2, RC4, RC5 ja Blowfish.
Symmetrickey: DEStripleDESalgorithm
TheDESalgorithmturnsa64-bitplaintextinputblockintoaciphertextoutputblockwithadatalengthof64bits.Amongthem,8bitsareparitybits,andtheother56bitsarethelengthofthepassword.First,DESrecombinestheinput64-bitdatablockbybit,anddividestheoutputintotwoparts,L0andR0,eachpartis32bitslong,andisreplacedbeforeandafter.Finally,L0outputs32bitsontheleftandR0outputs32ontheright.Accordingtothisrule,after16iterations,L16andR16areobtained,whichareusedasinput,andtheinversepermutationoppositetotheinitialpermutationisperformedtoobtaintheciphertextoutput.
TheDESalgorithmhasextremelyhighsecurity.Sofar,inadditiontotheexhaustivesearchmethodtoattacktheDESalgorithm,nomoreeffectivemethodhasbeenfound,andtheexhaustionofthe56-bitlongkeyThespaceis2^56,whichmeansthatifacomputercandetect1millionkeyspersecond,itwilltakenearly2285yearstosearchforallkeys.Therefore,theDESalgorithmisveryreliable.Encryptionmethod.
Symmetrickey: RCalgoritm
TheprincipleoftheRC4algorithmis"confusion",whichincludestwoparts:initializationalgorithmandpseudo-randomsub-ciphergenerationalgorithmIntheprocessofinitialization,themainfunctionofthekeyistorandomlyscramblea256-byteinitialnumbercluster.Differentnumberclusterscangetdifferentsub-keysequencesafterbeingprocessedbythepseudo-randomsub-ciphergenerationalgorithm.AfterperforminganexclusiveORoperation(XOR)ontheobtainedsubkeysequenceandtheplaintext,theciphertextisobtained.
BecausetheRC4algorithmencryptionusestheexclusiveORmethod,oncethesub-keysequenceisrepeated,theciphertextmaybecracked,butthereisnoRC4withakeylengthof128bits.Thereisapossibilityofduplication,soRC4isalsooneofthemostsecureencryptionalgorithmsatpresent.
Symmetrickey:BlowFishalgorithm
BlowFishalgorithmisa64-bitblockandvariablekeylengthblockcipheralgorithm,thealgorithmisnon-patent.
TheBlowFishalgorithmusestwo"boxes":pbox[18]andsbox[4256].TheBlowFishalgorithmhasacoreencryptionfunction.Thisfunctioninputs64-bitinformation,andoutputsitintheformof64-bitciphertextaftercalculation.EncryptinginformationwiththeBlowFishalgorithmrequirestwoprocesses:keypreprocessingandinformationencryption.TheoriginalkeyspboxandsboxoftheBlowFishalgorithmarefixed.Toencryptamessage,youneedtoselectakey,andusethiskeytotransformthepboxandsboxtoobtainthekey_pboxandkey_sboxusedinthenextstepofinformationencryption.
BlowFishalgorithmdecryptionalsorequirestwoprocesses:keypreprocessingandinformationdecryption.Theprocessofkeypreprocessingisexactlythesameasthatofencryption.Theprocessofinformationdecryptionistousethekey_pboxinthereverseorderoftheinformationencryptionprocess.
Sovellustila
Salaustila (englanninkielinen nimi ja lyhenne)
Kiinalainen nimi
ElectronicCodeBook (ECB)
ElectronicCodeBookMode
CipherBlockChaining (CBC)
Salasanan eston linkkitila
Salauspalautetila (CFB)
EncryptedFeedbackMode
Output Feedback Mode (OFB)
OutputFeedbackMode
ECB:Themostbasicencryptionmode,whichiscommonlyunderstoodencryption.Thesameplaintextwillalwaysbeencryptedintothesameciphertextwithoutaninitialvector.Itisvulnerabletocodebookreplayattacksandisrarelyusedingeneral.
CBC:Beforetheplaintextisencrypted,itneedstobeXORedwiththepreviousciphertextandthenencrypted,soaslongasyouchooseadifferentinitialvector,thesameciphertextwillbeencryptedtoformadifferentciphertext.ThisisCurrentlythemostwidelyusedmode.TheciphertextencryptedbyCBCiscontext-dependent,buterrorsintheplaintextwillnotbepassedontosubsequentpackets,butifonepacketislost,allsubsequentpacketswillbeinvalidated(synchronizationerrors).
CFB:Similartoaself-synchronizingsequencecipher,afterblockencryption,theciphertextandplaintextareshiftedandXORedaccordingto8-bitgroups,andtheoutputisreturnedtotheshiftregisteratthesametime.TheadvantagecanbeassmallasbyteEncryptionanddecryptioncanalsobenbits.CFBisalsocontext-dependent.InCFBmode,anerrorintheplaintextwillaffectthesubsequentciphertext(errordiffusion).
OFB:Runtheblockcipherasasynchronoussequencecipher,similartoCFB,butOFBusesthepreviousn-bitciphertextoutputpackettobefedbacktotheshiftregister,OFBhasnoerrorpropagationproblem.