This article is actually a reading note for Illustrated Cryptography. For a primer on cryptography, finish this book.

Symmetrical password

Symmetric encryption means that encryption and decryption use the same key. Symmetric encryption has the advantage of high speed, but it has the problem of key distribution. The diffie-Hellman algorithm can be used to solve the key distribution. The following are commonly used algorithms for symmetric encryption:

  • DES(Data Encryption Standard)

A symmetric cipher algorithm that encrypts 64 bits of plain text into 64 bits of ciphertext. Des key length specification is 64 bits, because every seven bits set an error check bit, real key length is 56 bits. The schematic diagram is as follows:

  • Triple DES

To enhance the encryption strength of DES, repeat DES three times to obtain a password algorithm (note that the encryption steps are: encryption-decryption-encryption). The schematic diagram is as follows:

  • AES(Advanced Encryption Standard)

The length of the AES encryption data block must be 128 bits, and the key length can be any of 128 bits, 192 bits, or 256 bits. (If the length of the data block and key is insufficient, the data block and key will be added up.)

Block cipher mode

Block cipher: a class of cryptographic algorithms that can process only one piece of data of a specified length at a time; Stream ciphers: A class of cryptographic algorithms that continuously process a stream of data

  • ECB (Electronic CodeBook Mode

In ECB mode, the result of encrypting the plaintext group becomes the ciphertext group directly. The schematic diagram is as follows:

  • Cipher Block Chaining Mode (CBC) Indicates the Cipher Block Chaining mode

In CBC mode, the plaintext group is xor with the previous ciphertext group, followed by encryption (initialization of vector IV). The schematic diagram is as follows:

  • Cipher FeedBack mode (CFB) Indicates the ciphertext FeedBack mode

In CFB mode, the previous ciphertext partition is sent back to the input of the cryptographic algorithm. The schematic diagram is as follows:

  • OFB(Output FeedBack mode) Indicates the Output FeedBack mode

In OFB mode, the output of the cryptography algorithm is fed back to the input of the cryptography algorithm. The schematic diagram is as follows:

  • CTR(Counter Mode) Counter mode

CTR mode is a stream cipher that generates a key stream by encrypting progressively accumulated counters. The schematic diagram is as follows:

Here’s a table summarizing the differences and pros and cons of the above models:

model advantages disadvantages note
The ECB mode Simple and fast;

Support for parallel computing (encryption, decryption)		 Repeated permutations of plaintext are reflected in ciphertext;

You can delete or replace ciphertext groups to perform operations on plaintext.

When decrypting ciphertext that contains some error bits,

The corresponding grouping will be wrong; Cannot defend against replay attacks		 Should not be used
CBC mode Repeated sequences of plaintext are not reflected in ciphertext;

Decryption supports parallel computing;

Can decrypt any ciphertext group		 Encryption does not support parallel computing;

When decrypting ciphertext that contains some error bits,

All the bits in the first group and the corresponding bits in the next group are in error;		 It is recommended to use
CFB model No padding required;

Decryption supports parallel computing;

Can decrypt any ciphertext group		 Encryption does not support parallel computing;

When decrypting ciphertext that contains some error bits,

All the bits in the first group and the corresponding bits in the next group are in error;

Cannot defend against replay attacks		 CTR mode is recommended instead of being used
OFB mode No padding required;

Preparation for decryption and encryption can be made in advance;

Encryption and decryption use the same structure;

When decrypting ciphertext containing some bit errors,

Only the corresponding bit in the plaintext can fail		 Does not support parallel computing;

When an active attacker reverses some bits of the ciphertext,

The corresponding bits of the plaintext grouping are also reversed		 CTR mode is recommended instead
CTR mode No padding required;

Preparation for decryption and encryption can be made in advance;

Encryption and decryption use the same structure;

When decrypting ciphertext containing some bit errors,

Only the corresponding bit in the plaintext will fail;

Support for parallel computing (encryption, decryption)		 When an active attacker reverses some bits of the ciphertext,

The corresponding bits of the plaintext grouping are also reversed		 It is recommended to use

Public key cryptography

Unlike symmetric encryption, asymmetric encryption uses different keys for both encryption and decryption. The encryption key is called a public key, and the decryption key is called a key. Generally, public keys are public, while private keys are reserved by the communication parties themselves. RSA algorithm is mainly used in asymmetric encryption. The interaction process is roughly as follows:

One-way hash function (message digest)

One-way hash functions can only detect “tampering”, not “masquerading”

  • Common one-way hash functions

    • MD5
    • SHA-1 SHA-256 SHA-384 SHA-512

  • application

    • Detect whether the software has been tampered with
    • One-time password
    • Is the random number generator
    • A digital signature
    • Password Base Encryption (PBE) Encrypts passwords based on passwords
    • Message authentication code

  • attack

    • Violent attacks, such as rainbow tables

Message Authentication Code (MAC)

Message authentication code is a technique for verifying integrity and authentication. The input of the message authentication code includes the message of any length and a shared key between sender and receiver, and the output of a fixed length of data, called the MAC value

Message authentication codes can identify tampering and masquerading, but cannot solve the two problems of “proof to third parties” and “prevention of denial”

  • Implementation method

    • Use one-way hash functions such as HMAC

    • Use block cipher implementation

      The key of the block password is used as the shared key of the message authentication code, and the message is encrypted in CBC mode. All but the last ciphertext group is discarded, and the last ciphertext group is used as the MAC value

  • Examples of application

    • IPsec: The message authentication code is used to authenticate and verify the integrity of communication content
    • SSL/TLS: Message authentication codes are used for communication content authentication and integrity verification

  • attack

    • Replay attack
    • Brute force

A digital signature

Digital signatures can identify tampering and disguising, as well as prevent denials

  • Digital signature and public key cryptography

  • application

    • Safety Information Bulletin
    • Software download

    • Public key certificate

      A valid public key is required to verify a digital signature. To ensure that the public key is valid, you can add a digital signature to the public key as the message body

    • SSL/TLS

      SSL/TLS Requires a server certificate to authenticate the server identity. The server certificate is a server public key with a digital signature

  • implementation

    Using the RSA

  • attack

    • Man-in-the-middle attack
    • An attack on one-way hash functions
    • Attack public key ciphers with digital signatures

    • certificate

Adds a digital signature to the public key

A simple mind map is attached below

The above summary is relatively simple, but only briefly touched on the concept. The book Illustrated Cryptography is recommended for those interested in the details. Thank you for your time reading this article.