The US State Standards Bureau began researching the data encryption standards of computer systems in other departments outside the Ministry of Defense, and issued an announcement of the Encryption algorithm twice on August 27, 1973 and August 27, 1973. The purpose of the encryption algorithm (commonly referred to as the DES password algorithm) is mainly the following four points:
☆ Provide high quality data protection, prevent data unauthorized leaks and unmet perceived modifications; ☆ It has a considerable complexity that makes the decipherment overhead exceeds the benefits that may be obtained, and it is necessary to understand and master; ☆ des The security of the cryptographic system should not depend on the confidentiality of the algorithm, and its security is only based on the confidentiality of the encryption key; ☆ Implement the economy, run valid, and apply to a variety of completely different applications. In January 1977, the US government promulgated: adopted IBM's design as a formal data encryption standard for non-confidential data (Des: Data Encryption Standard). At present, DES algorithm is widely used in POS, ATM, magnetic card and smart card (IC card), gas station, highway toll station and other fields to achieve confidentiality of key data, such as credit cardholder PIN encryption Transmission, two-way authentication between the IC card and POS, MAC checks, etc. of financial transaction packets, are used to DES algorithm. There are three entrance parameters of the DES algorithm: Key, Data, Mode. Where KEY is 8 bytes a total of 64 bits, which is the working key of the DES algorithm; DATA is also 8 bytes of 64 bits, is the data to be encrypted or decrypted; Mode is desperate, there are two types: Encryption or decryption. The DES algorithm is working like this: If Mode is encrypted, use Key to encrypt data DATA, generate DATA's password (64-bit) as the output result of DES; if Mode is decrypted, use Key to put the password form Data DATA decryption, restoring the image of the DATA (64-bit) as the output result of the DES. On both ends of the communication network, the two parties agree to en encrypt the core data in the source of communication with Key, and then transmitted to the communication network in the public communication network (such as the telephone network) in the form of a password. After the destination, the cryptographic data is decrypted with the same Key, and the core data of the coded form is reproduced. In this way, the security and reliability of the core data (such as PIN, MAC, etc.) is transmitted in the public communication network. By regularly switching new Key at the same time and destination, the data is further improved, which is the popular practice of financial transaction networks. Detail DES Algorithm Detail The 64-bit express input block becomes 64-bit ciphertext block, which is also 64 bits, the mainstream diagram of the entire algorithm is as follows: The function is to input the input 64-bit data The block is re-combined, and the output is divided into L0, R0, each of which is 32 points, and its replacement rules are shown below: 58, 50, 12, 34, 26, 18, 10, 2, 60, 52 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39 31, 23, 15, 7, the 58th of the input is changed to the first bit, and the 50th is changed to the second bit, ..., according to this type, the last bit is the original 7th bit. L0, R0 is the two parts after the transposition output, and the L0 is the left 32 bits of the output, and R0 is the right 32 bits, an example: set the input value of D1D2D2D3 ... D64, after initial replacement The result is: L0 = D58D50 ... D8; R0 = D57D49 ... D7. After 16 iterative operations.
L16, R16 gets this as input, and the reverse replacement is performed, that is, the ciphertext output is obtained. The inverse replacement is exactly the initial counterputation, for example, after the initial replacement, in the 40th, by reverse replacement, the inverse replacement rules are shown in the table below. : 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 34, 2 42, 10, 50, 18, 58 26, 33, 1, 41, 9, 49, 17, 57, 25, amplifying Tables 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 17, 12, 19, 20, 21, 20, 21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1, simple transposition table 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 2, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25, in F (Ri , Ki) In the diagram, S1, S2 ... S8 is the selection function, which is functional to turn the 6bit data to 4 bit data.
The menu of the selection function Si (i = 1, 2 ... 8) is given: Select the function sis1: 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13, s2: 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9, s3: 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 13, 6, 4, 9, 8, 15, 3, 10, 11, 1, 2, 12, 5, 10, 14, 7, 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12, s4: 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14, S5: 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3, s6: 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13, s7: 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12, s8: 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11, here to see the function as an example, we can see: In S1, there are 4 lines of data, named 0, 1, 2, 3 lines; 16 columns per line, named 0, 1, 2, 3, ..., 14, 15 columns. The input is: D = D1D2D3D4D5D6 order: column = D2D3D4D5 line = D1D6 then enables the corresponding number in the S1 table, indicated in a 4-bit binary, that is, the output of the selection function S1. The generation algorithm for the child key Ki (48bit) is given from the generated algorithm of the sub-key Ki. We can see: the initial key value is 64 bits, but the DES algorithm is set, of which 8th, 16, ... ... 64 bits are parity blocks and do not participate in the DES operation.
Therefore, KEY is only 56. That is, after the change of the change in the selection of the transmissions Table 1, the number of keys turned from 64 bits to 56 bits. This 56 bit is divided into C0, D0 two parts, each 28 bits, then perform the first cycle left shift , Obtain C1, D1, combined with C1 (28), D1 (28) to obtain 56 bits, and then reducing the selection of transposition 2, thereby obtaining a key K0 (48 bits). If you push it, you can get K1, K2, ..., K15, but it should be noted that the left shift bit number of 16 cyclic left shifts should be performed according to the following rules: cyclic left shift number 1 The encryption process of the DES algorithm is described above 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, and 1. The DES algorithm decryption process is the same, and the difference is only to use sub-key K15, the second K14, ..., the last time I use K0, and the algorithm itself does not change.
Introduction to the above DES algorithm We can see that only 56 bits of 64-bit keys are used in the DES algorithm, while 8th, 16th, 24, ... 64-bit 8 bits are not involved in the DES operation At this point, we have proposed a request for the application, that is, the security of DES is based on the combined change in combination of 56 bits outside of 8, 16, 24, ... 64, is guaranteed. Therefore, in practical applications, we should avoid using ranking 8, 16, 24, ... 64 as a valid data bit, and use other 56-bit as a valid data bit to ensure that the DES algorithm is safe and reliable. Play a role. If you don't understand this, use the key KEY's 8, 16, 24, .....64 bit as a valid data, will not guarantee the security of the DES encryption data, generate the system that uses DES to achieve a confidential role. Data is deciphering, this is the misunderstanding of the DES algorithm in the application, leaving a very hidden danger that is being attacked and decipherted. DES encrypts 64-bit data blocks using a 56-bit key, and 16 rounds of data blocks for 64-bit data blocks. When encoding each round, a 48-bit "per round" key value is obtained from a full key of 56 bits. DES is decoded with software for a long time, while the hardware decoding is very fast, but fortunate is that most hackers have not enough devices to make such hardware devices. In 1977, it is estimated that $ 20 million can be built into a dedicated computer for DES, and it takes 12 hours of crack to get results. Therefore, the DES is considered a very strong encryption method. However, today's computer speed is getting faster and faster, the cost of making a special machine has dropped to about 100,000 US dollars, so it will be carefully considered when using it to protect billions of dollars. In another aspect, if you only use it to protect one server, DES is really a good way, because hackers will never take so many money in the invasion of a server. Since it is now possible to make a special computer for deciphering DES now, it is no longer applicable to the occasion of request "strong" encryption. Triple DES is extremely difficult because it is really difficult to determine if a new encryption method is really safe, and the only cryptographic disadvantage of DES is that the key length is relatively short, so people have not given up the use of Des, but think of a solution The method of its length problem is to use triple DES. This method uses two keys to perform three encryption three times, assuming that two keys are K1 and K2, the steps of the algorithm are shown in Figure 5.9: 1. DEA encryption is performed with the key K1. 2. Decrypt DES 1 with K2. 3. Use the key K1 using the key K1 using the result of the result of step 2. The disadvantage of this method is to spend three times, from another aspect, the 112-bit key length of the triple DES is very "strong" encryption method. See below: In 1993, the government aware of DES security will be harmful. Even if we assume that the NSA builds a latter in DES to allow the government to make conventional decryption on the DES message (such as the public key discovery Diffie and Hellman claim to NSA's letter in 1975), DES is an incidental encryption algorithm. . This is not that effective method. It performs well in hardware (if "smart card" has begun to show its shortcomings). But until 1997, the National Institute of Science and Technology (NIST) began to collect its receipt from the banner of the AES project.
A AES Seminar in AES in AES in AES in AES in AES in AES in AES in 1997 announced the initial goal of the following AES:
Powerful encryption algorithms available for government and commercial use Support Standard Password Note: The DES algorithm replaces the message block into a password block. If each piece is encrypted separately, then the encryption method is called an Electronic Code Book (ECB) mode. DES encryption has two other ways, called chain block coding (CPHER feedback) (CIPHER feedback) (CFB), which makes each password block depend on all previous message blocks in the initial XOR operation. . Since the government / banking industry uses these three ways, what is needed for how to handle information compatibility. It is possible to significantly variable than the DES 3 valid key size, which can increase security when necessary, to select a fair and disclosed manner, can disclose the minimum acceptable requirements and evaluation criteria in the draft of the AES that can be publicly evaluated AES.
A.1 AES should be publicly defined.
A.2 AES should be a symmetrical block password.
A.3 AES should be designed to increase as needed.
A.4 AES should be implemented in hardware and software.
A.5 AES should be a) free, or b) Compliance with the regulations consistent with the US National Standard Society (ANSI) patent policy. Note: This means that it will take into account the algorithm (affected by ANSI policy). This idea has been abandoned, thus ensuring that an algorithm that is not protected (ie, no patent) is unique.
A.6 will evaluate algorithms that meet the above requirements according to the following elements:
Safety (the effort required for password analysis) calculates efficiency memory requirements hardware and software applicability simple flexibility license requirements (see the above A5)
In October 2000, Nist chose Rijndael (pronounce Rhine Dale ") as a AES algorithm. It does not currently instead of DES 3 a method of governance, because it must also pass the test process, "users" will post their views after the test process. But I believe it can pass smoothly. Rijndael is an iterative block password with a variable block length and a variable key length. The block length and key length may be specified as 128, 192 or 256 bits, respectively. Some operations in Rijndael are defined on byte levels, bytes represent elements in the finite field GF (28), and 8 bits in one byte. Other operations are defined according to 4-byte word. The addition of the addende example corresponds to the simple population of byte level. In the polynomial representation, the multiplication of GF (28) corresponds to the unsubstantial binary polynomial of the polynomial multiplication order of 8. (If a polynomial does not have other about 1 and it itself, it is called unpublished.) For Rijndael, this polynomial is called M (X), where: M (x) = (x8 x4 x3 x 1) or hexadecimal is expressed as '11b'. The result is a binary polynomial that is less than 8. Unlike addition, it does not have a simple operation of byte level.
