preface
Encryption is to use Encryption Algorithm to encrypt the plaintext into ciphertext. You can use Key and Decryption algorithm to restore the ciphertext to plaintext.
The three most widely used algorithms in cryptography:
-
Symmetric algorithm (block cipher algorithm) : AES/DES/SM4
-
Asymmetric algorithms (public key cryptography algorithms) : RSA/SM2
-
Algorithm (hash algorithm) : MD5/SHA-I/SM3
I. Overview of national secret algorithm
State secret algorithm is a set of data encryption processing algorithm which is independently developed and innovated in China. From SM1 to SM4, the algorithm functions of symmetry, asymmetry and abstract are realized respectively. Especially suitable for embedded Internet of things and other related fields to complete identity authentication and data encryption and decryption functions. Of course, the default prerequisite is that the algorithm key must be secure, so the national secret algorithm should be embedded in the hardware encryption chip for combined use.
Two, the significance of state secret algorithm
With financial security rising to the height of national security, in recent years, the relevant state organs and regulatory agencies have put forward the requirements of promoting the application and implementation of state secret algorithm and strengthening the industry security and control from the perspective of national security and long-term strategy. It is particularly necessary and urgent to get rid of the over-dependence on foreign technology and products, build the industry network security environment, and enhance the “security and control” ability of China’s industry information system.
Cryptographic algorithm is the core technology to ensure information security, especially in the most critical banking core field, 3DES, SHA-1, RSA, AES and other international common cryptographic algorithm system and related standards have been used for a long time. At the end of 2010, the National Cryptography Administration announced the “elliptic curve Public key Cryptography algorithm” (SM2 algorithm) independently developed by China. In order to ensure the security of key economic system cryptography applications, the National Cryptography Administration issued the Notice on Upgrading Public Key Cryptography Algorithms in 2011, requiring that “as of March 1, 2011, the electronic authentication systems and key management systems of the public key cryptography infrastructure under construction and planned to be built shall use state secret algorithms. Since July 1, 2011, information systems that are put into operation and use public key cryptography shall use the SM2 algorithm.”
Iii. Introduction of state secret algorithm
State secret is the national cryptographic bureau identified domestic cryptographic algorithm. There are mainly SM1, SM2, SM3, and SM4. Both the key length and the packet length are 128 bits.
SM1: indicates symmetric encryption. Its encryption strength is comparable to AES. The algorithm is not disclosed. The algorithm needs to be invoked through the interface of the encryption chip.
SM2: asymmetric encryption based on ECC(elliptic encryption algorithm). The algorithm is disclosed. Because the algorithm is based on ECC, its signature speed and key generation speed are faster than RSA. The ECC256 bit (ONE type of ECC256 bit used by SM2) is more secure than the RSA 2048 bit, but the computing speed is faster than the RSA. That is, SM2>RSA2048, high security and computing speed block.
SM3: Message digest. You can use MD5 for comparison. The algorithm is disclosed. The verification result is 256 bits.
SM4: symmetric encryption. Both the key length and the packet length are 128 bits. Wireless LAN standard packet data algorithm.
The packet size of SM1 and SM4 encryption and decryption is 128 bits. Therefore, if the message length is too long, it needs to be grouped. If the message length is insufficient, it needs to be filled.
Four. Encryption algorithm security comparison
- SM2 and RSA
256 bit SM2>2048 bit RSA
- SM3/MD5/SHA-1
MD5 The output length is 128 bits
Sha-1 The output length is 160 bits
SM3 The output length is 256 bits
The longer the output length, the higher the security. Therefore, SM3>SHA-1>MD5
- SM4/AES/3DES
Symmetric encryption algorithm is used to encrypt and decrypt data. To ensure the security of a symmetric encryption algorithm, the basic condition is that it has the taipa key length, the SM4 key length is 128bit, and the packet length is 128bit. So security: SM4>AES>3DES
In live.
The national secret algorithm is not completely safe. A common means of attacking the algorithm is SCA (Side Channel attack). RSA/AES/DES can be breached, as can SM2/SM4.
Therefore, the products in the financial field, especially the mobile terminal products of banks, are required to pass the algorithm security authentication, so the security hardware with an independent algorithm engine — encryption machine is very important. It is the secret pipe platform system in the bank.