This is the 11th day of my participation in Gwen Challenge

IOS basic principles + reverse article summary

This paper mainly introduces the basic concept of symmetry algorithm

Symmetric encryption

Symmetric encryption

  • The same key is used for encryption and decryption

Symmetric encryption process

  • Plaintext is encrypted with a key to obtain ciphertext

  • Ciphertext is decrypted by key to obtain plaintext

Advantages of symmetric encryption

  • The amount of encryption computation is small

  • Speed is fast

  • Suitable for big data encryption scenarios

Disadvantages of symmetric encryption

  • Key transfer problem: Because encryption and decryption use the same key, how to safely transfer the key to the decryptor is a key. In practical applications, the client usually requests the symmetric encryption key from the server, and the key needs to use asymmetric encryption before transmission

  • Key management issues: Because each user has a separate key, key management becomes an issue as the number of users increases.

Common symmetric encryption algorithms

In the previous section, iOS Reverse 07: Hash Algorithm is used for encryption. Symmetric encryption can also be used. Symmetric encryption mainly includes DES, 3DES, and AES

DES

Data Encryption Standard (DES) is a symmetric cipher adopted in the FEDERAL Information Processing Standard (FIPS 46-3) in 1977. DES has long been used by governments and banks in the United States and other countries

DES is a symmetric encryption algorithm that encrypts 64-bit plain text into 64-bit ciphertext. Its key length is 64 bits, but the key is actually 56 bits, except that one bit is set for error detection every seven bits.

  • DES encrypts a group of 64 binaries. DES can encrypt only 64-bit plaintext at a time. If the plaintext exceeds 64-bit, packet encryption is performed

  • DES decryption is 64 – bit packet decryption, decryption key is 56 bits.

3DES

Triple DES (TRIPLE-DES) is an algorithm that repeats DES three times to increase THE DES strength. It is also called Triple Data Encryption Algorithm (TDEA) and is often abbreviated to 3DES

  • encryption:DES encryption is performed three times(i.e.Encrypt - decrypt - encrypt), the key length of DES is 56 bits. Therefore, the key length of 3DES is 56 x 3 = 168 bits

  • decryption: The decryption process is the reverse of the encryption process, decrypting in reverse order of the key (i.eDecrypt - encrypt - decrypt)

Disadvantages: 3DES due to the processing speed is not high, in addition to compatibility with the previous DES, it is basically no longer used

AES

AES (Advanced Encrytion Standard) is a symmetric cryptographic algorithm that replaces DES. After soliciting AES encryption algorithms worldwide, Rijndael algorithm was selected as the new AES in 2000.

The packet length and key length of Rijndael can be selected in 32-bit bits ranging from 128 to 256 bits respectively. However, in the AES specification, the packet length is fixed at 128 bits, and the key length is only 128, 192 and 256 bits.

Encryption: AES encryption is composed of multiple rounds, mainly divided into 4 rounds

  • 1. SubBytes Bytes

  • 2. ShiftRows

  • 3, MixColumns mixed row operation

  • AddRoundKey xOR operation

Decryption: AES decryption is the reverse of encryption.

Therefore, in the Rijndael encryption process, the processing order of each round is:

  • SubBytes -> ShiftRows -> MixColumns -> AddRoundKey

In the Rijndael decryption process, the processing order of each round is:

  • AddRoundKey -> InvMixColumns -> InvShiftRows -> InvSubBytes

In the decryption process, except the first step and encryption are exactly the same, the other three steps are the reverse process of encryption.

advantages

  • Higher encryption efficiency
  • At present, there is no effective attack decoding method against AES

Refer to the link

Note: Symmetry algorithm is only briefly introduced here, more detailed understanding can refer to the following links

  • Chapter two: Symmetric encryption and AES encryption algorithm
  • Roaming symmetric encryption algorithm

Grouping pattern

Both DES and AES can encrypt only fixed-length plaintext at one time. If you want to encrypt plaintext of any length, you need to iterate the block cipher. The iterative mode of block cipher is called the mode of block cipher

The commonly used grouping modes mainly include ECB and CBC. The following are introduced respectively

ECB

ECB mode is the full name of “Electronic CodeBook” mode. In ECB mode, the result of encrypting the plaintext group is the ciphertext group without any transformation.

In short, the ECB is oneElectronic codebook mode.Each piece of data, independently encrypted, independently decryptedIf one data block is lost, the other data blocks will not be affected. As shown in the figure below

ECB is the most basic encryption mode, that is, commonly understood encryption, the same plaintext will always be encrypted into the same ciphertext, no initial vector, vulnerable to passbook replay attacks, rarely used in general

disadvantages

Since the ECB’s encryption and decryption are straightforward, it is possible to decipher a cipher based on how many repeated combinations exist in the ciphertext, which can be inferred from the plaintext. So the ECB model is a security risk that few people use.

CBC

The CBC mode is Cipher Block Chaining mode, which is a ciphertext grouping link mode. The name also shows its essence, which is linked together like a chain. Data is encrypted using a key and an initialization vector [IV]

The short answer is that, like the ECB, it isPiece by piece, but the encryption of the latter piece of data is associated with the previous piece of dataDecryption is the same, as shown below

Before plaintext encrypted with the previous cipher to encrypt again after exclusive or operation, so as long as the choice of different initial vectors, the same cipher can form different encrypted cryptograph, this is the most widely referenced model, CBC encrypted ciphertext is context-dependent, but definitely mistakes won’t be passed to the subsequent group, but if a packet loss, All subsequent groups will be invalidated (synchronization error)

ECB versus CBC

  • The ECB mode is only encrypted

  • The CBC mode performs an XOR (XOR) before encrypting, which perfectly overcomes the ECB’s shortcomings

advantages

CBC mode uses link mode to effectively ensure the integrity of ciphertext. If a data block is lost or changed during transmission, subsequent data cannot be decrypted

disadvantages

If one bit is missing, the entire ciphertext cannot be parsed. This is a “minor drawback” of the CBC chain. Safer than the ECB

conclusion

  • Symmetric algorithm: Encryption and decryption use the same key

  • Commonly used symmetry algorithms

    • DES: data encryption standard. It is rarely used because it is not strong enough

    • 3DES: Three keys are used to encrypt the same data, which is stronger than DES

    • AES: Advanced password standard

  • Common grouping mode

    • ECB: In this mode, each piece of data is encrypted and decrypted independently

    • CBC: Block ciphers work in chained mode, encrypting data with a key and an initialization vector [IV], i.e. context is associated