Encryption is used to exchange messages and hide content from third parties. It is used where a higher level of protection is required. There are two encryption schemes: symmetric and asymmetric.
What is encryption
Encryption will be useful when you need to hide some information from unauthorized persons and provide secret data to authorized users.
A feature of this type of data transfer is the use of a key.
There are three security states:
- hiding information from strangers;
- change prevention;
- preserving the integrity of information;
- sender identification.
To read information other than the key, a decoder is required. This is what makes it impossible for attackers to obtain data, because having intercepted the data, but without having a key, it is impossible to read them.
There are two types of encryption: symmetric and asymmetric.
MainThe purpose of encryption is to store information. This allows you to work with some data from unreliable sources, transmit messages through insecure channels. Sending information is as follows:
- sender encrypts data;
- recipient decrypts.
Each transformation is implemented using algorithms that use keys to solve. Symmetric and asymmetric encryption methods are cryptographically strong.
Crypto strength
Symmetric and asymmetric encryption systems have a characteristic that is responsible for the difficulty of obtaining unauthorized access.
There are 2 main types of cryptographic strength of the encryption system.
- A perfectly secure system cannot be breached, even with infinitely large computational resources. It is characterized by the fact that for each message a separate key is generated. Its length is equal to or greater than the length of the message.
- Sufficiently strong systems are used in the civilian cryptographic system. Such an algorithm is difficult to decipher, but with the right resources it becomes possible.
Comparison of the strength of some encryption systems
The maximum RSA key size is 4096 bits.
It is used for encryption and signing. The cryptographic strength can be described as 2.7×1028 for a 1300 Bit key. The scheme is used in many standards, the principle of RSA encryption is one offirst asymmetric algorithms.
The key size of the ElGamal scheme is RSA - 4096 bits. It is used for both encryption and digital signature. The cryptographic strength of this system does not differ from RSA with the same key size.
The DSA method uses a much smaller key - 1024 bits. It is used exclusively for digital signature.
Symmetric and asymmetric encryption
These two types of encryption differ in the number of keys and the level of resistance to hacking.
If the same key is used for encoding and decoding, then this encryption is symmetrical. Asymmetric encryption means using one key for each algorithm.
- A certain code is encrypted with the public key, which represents a certain message. The key is known to both parties, it is transmitted over an insecure channel, and can be intercepted. The most important task of storing information is to protect the key from interception.
- Closed is used for decryption. Known to only one side. Cannot be intercepted, as it is always with one interlocutor.
The purpose of encryption determines the method of maintaining confidentiality. One of the first was symmetric encryption, asymmetric encryption was invented later to provide greater security.
Features of symmetric encryption
Symmetrical protection system has the following advantages.
- High speed and ease of implementation.
- To ensure the strength of the cipher, a small key length is used.
Disadvantages include the following:
- difficulty managing keys in a large network;
- key exchange complexity;
- need to find a reliable channel for transferring the key to the parties;
- cannot be used for digital signature, certificates.
To compensate for the shortcomings, a combined scheme is used in which the key used for decryption is transmitted using asymmetric encryption. It is transmitted using symmetric encryption.
Features of asymmetric encryption
Using a public-private key pair can be used as:
- independent means of protecting information;
- key distribution facility;
- user authentication tools.
Has the following benefits:
- saving the secret key in a safe place, instead of which the open channel is transmitted over the open channel;
- decryption key is known only to one side;
- in a large asymmetric system, use fewer keys than a symmetrical one.
It is difficult to make any changes in such algorithms. Such a system has long keys. If the symmetric key is 128 bits, then the RSA key is 2304 bits. Because of this, the decryption speed suffers - it is 2-3 times slower. Decryption requires large computing resources.
There are many examples of symmetric and asymmetric encryption systems.
Symmetricalencryption - what does it look like?
An example of symmetric encryption and implementation scheme below.
- There are two people who plan to exchange confidential information.
- The first interlocutor generates a key d, encryption algorithms E and decryption D. Then sends this information to the second interlocutor.
- The message is decrypted with the key d.
The main disadvantage is the inability to establish the authenticity of the text. If the key is intercepted, the attacker will decrypt the secret information.
There are classic methods.
- Simple and double permutation.
- Magic square.
- Single permutation.
The first method is one of the simplest and does not use a key in its schema. The sender and receiver agree on some key, represented as a table size. The transmitted message is written in the columns of the table, but read line by line. Knowing the size of the table, the recipient decrypts the message.
Double permutation is used for greater ste alth. Thus, the previously encrypted text is encrypted. To do this, the tables must differ in the number of rows and columns. They are filled vertically, horizontally, in a snake, in a spiral. This method does not increase encryption, but the cracking process becomes longer.
“Magic square” is a more complex structure, which is a matrix. Natural numbers are inscribed in the cellsso that the sum of the numbers in each column, row, diagonal is the same. Each number corresponds to a message letter. The resulting text is written out to a string, matching numbers and symbols.
Examples of asymmetric encryption
In this case, the public key is sent over an open channel and theoretically can be intercepted by intruders.
Unlike symmetric encryption keys, asymmetric encryption keys are different. The public key is used to encrypt the message, and the private key is used to decrypt the message. The use of two keys solves the eavesdropping problem that was in the symmetric method. Implemented as follows.
- The first interlocutor chooses encryption and decryption algorithms, a pair of keys. The public key is sent to the second party.
- The second interlocutor encrypts the information using the received key. Sends information to the first party who decrypts the message using the private key.
There are such basic methods of asynchronous encryption.
- RSA.
- DSA.
- ElGamal Cipher.
RSA
RSA is the first cryptographic algorithm used for both encryption and digital signature.
Described like this.
- Two prime numbers are chosen, for example, 3 and 7.
- The module n is calculated - the product of two numbers. It turns out 21.
- Euler function is calculated
φ=(p-1)×(q-1)=2×6=12. - Calculate any prime number e less than φ and prime with φ. Available options: 5, 7, 11.
Pair of numbers e, n (5, 21) - public key. Now the numbers d and n of the private key are calculated. The number d satisfies the condition
(d×e) mod φ=1 and equals 17. As a result, the second pair of numbers 17 and 21 is the private key. Encryption is performed as follows: the message is raised to the power of e, the remainder of division by n is taken, and the result must be less than the number n. It turns out 10 - this will be the encoded data. For decoding, e is raised to the power of d, the remainder of the division by n is calculated.
DSA
DSA (unlike RSA) is only used for digital signing, not encryption. The given signature can be verified publicly. There are two algorithms for signature creation and verification. It is the hash message that is encrypted, which represents the text in digital form. Therefore, a complex hash function is chosen to avoid collisions. Building a digital signature consists of the following steps.
- Choose the cryptographic hash function H(x).
- The bitness of a prime number q must be equal to the value of the hash function H(x).
- Choosing a prime number p such that p-1 is evenly divisible by q.
g=h (p-1)/q mod p. h must be an arbitrary number between 1 and p-1.
r=(gk mod p) mod q.
s=k-1(H(m) + xr)) mod q.ElGamal Scheme
ElGamal encryption is used for digital signatures. It is an extension of the Diffie-Hellman algorithm.
When working according to this scheme, it is important to consider the following feature. ElGamal encryption is not a digital signature algorithm according to the scheme of the same name. When encrypted, the text is converted into a cipher that is 2 times longer than the original message.
Key generation is as follows.
- A random prime number p.
- The number g must be a primitive root p.
- The number x must be greater than 1 and less than p-1. This will be the private key.
- Then the public key y is calculated using the formula
g^x mod p.
When encrypting the text M, the system key K is selected. It is greater than one and less than p-1. Then the numbers a and b are calculated, which are the ciphertext,
a=g^k mod p
and
b=y^k M mod p.
