Въведение
Themessagedigestalgorithmdoesnothavetheproblemofkeymanagementanddistribution,anditissuitableforuseondistributednetworks.Duetotheconsiderableworkloadofitsencryptioncalculation,thispreviousalgorithmisusuallyonlyusedforencryptionwhentheamountofdataislimited.Forexample,thepasswordofacomputerisencryptedwithanirreversibleencryptionalgorithm.Inrecentyears,withtherapidimprovementofcomputerperformance,encryptionspeedisnolongerashacklethatrestrictsthedevelopmentofthisencryptiontechnology,sotheapplicationfieldsofmessagedigestalgorithmscontinuetoincrease.
Themessagedigestalgorithmismainlyusedinthefieldof"digitalsignature"asadigestalgorithmforplaintext.Well-knowndigestalgorithmsincludeRSA'sMD5algorithmandSHA-1algorithmandalargenumberofvariants.
Характеристика
Характеристики на messagedigestalgorithm:
Messagedigestisanalgorithmthatcombinesinputsofanylengthtoproduceapseudo-randomoutputwithafixedlength.Themainfeaturesofthemessagedigestare:
①Nomatterhowlongtheinputmessageis,thelengthofthecalculatedmessagedigestisalwaysfixed.Forexample,amessagedigestedbytheMD5algorithmhas128bits,andamessagedigestedbytheSHA-1algorithmwilleventuallyhavea160-bitoutput.TheSHA-1variantcangenerate192-bitand256-bitmessagedigests.Itisgenerallybelievedthatthelongerthefinaloutputofthedigest,themoresecurethedigestalgorithm.
②Themessagesummarylooks"random".Thesebitsseemtoberandomlyjumbledtogether.Alargenumberofinputscanbeusedtocheckwhethertheoutputisthesame.Generally,differentinputswillhavedifferentoutputs,andtheoutputsummarymessagecanpasstherandomnesstest.However,adigestisnottrulyrandom,becausetwodigestsforthesamemessagewiththesamealgorithmmusthavethesameresult;ifitistrulyrandom,itcannotbereproducedanyway.Thereforethemessagedigestis"pseudo-random".
③Generally,aslongastheinputmessagesaredifferent,thedigestmessagesgeneratedafterdigestingthemmustalsobedifferent;butthesameinputmustproducethesameoutput.Thisisthenatureofagoodmessagedigestalgorithm:whentheinputchanges,theoutputalsochanges;thedigestsoftwosimilarmessagesareindeednotsimilarorevenquitedifferent.
④Themessagedigestfunctionisaone-wayfunctionwithouttrapdoors,thatis,itcanonlycarryoutaforwardinformationdigest,andcannotrecoveranymessagesfromthedigest,andevennooriginalinformationcanbefoundatall.Informationrelatedinformation.Ofcourse,youcanuseabruteforceattackmethod,thatis,tryeverypossibleinformation,calculateitssummary,andseeifitisthesameastheexistingsummary.Ifyoudothis,youwilldefinitelyrecoverthesummarymessageintheend.Butinfact,theinformationtobeobtainedmaybeoneofinfinitemessages,sothiskindofbruteforceattackisalmostineffective.
⑤Withagoodabstractalgorithm,noonecanfind"collision",although"collision"definitelyexists.Thatis,foragivenabstract,itisimpossibletofindapieceofinformationsothattheabstractisexactlygiven.Inotherwords,twomessagescannotbefoundsothattheirdigestsarethesame.
Приложение
Generally,thedigestofamessageiscalledthefingerprintordigitalsignatureofthemessage.Digitalsignatureisamethodtoensuretheintegrityandnon-repudiationofinformation.Dataintegritymeansthatthemessagereceivedbythesinkmustbetheinformationsentbythesourcewithoutanychangesinthemiddle;thenon-repudiationofinformationmeansthatthesourcecannotdenytheinformationthathasbeensent.Infact,digitalsignaturescanalsorealizetheidentification(authentication)ofthesource,thatis,todeterminewhetherthe"source"istheintendedcommunicationpartnerofthesink.Thedigitalsignatureshouldhaveuniqueness,thatis,thesignaturesofdifferentmessagesarenotthesame;itshouldalsohaveunforgeability,thatis,itisimpossibletofindanothermessagetomakeitThesignatureisthesameasthesignatureofanexistingmessage;itshouldalsohaveirreversibility,thatis,itisimpossibletorestoreanyinformationofthesignedmessagebasedonthesignature.Thesecharacteristicsarepreciselythecharacteristicsofthemessagedigestalgorithm,sothemessagedigestalgorithmissuitableasadigitalsignaturealgorithm.
Цифров подпис
Digitalsignatureschemeisamethodofstoringmessagesignaturesinelectronicform.Acompletedigitalsignatureschemeshouldconsistoftwoparts:signaturealgorithmandverificationalgorithm.Generallyspeaking,anypublickeycryptosystemcanbeusedaloneasadigitalsignaturescheme.Forexample,whenRSAisusedasadigitalsignaturescheme,itcanbedefinedasfollows:
Thistypeofsignatureactuallyusestheprivatekeyofthesourcetoencryptthemessage,andtheencryptedmessagebecomesthesignature;andthecorrespondingpublickeyisusedtoencryptthemessage.Thekeyisusedforverification.Ifthedecryptedmessagewiththepublickeyisthesameastheoriginalmessage,themessageiscomplete,otherwisethemessageisincomplete.Itisjusttheoppositeprocessofusingpublickeycryptographyformessageconfidentiality.Becauseonlythesourcehasitsownprivatekey,otherscannotre-encryptthesourcemessage,soevenifsomeoneinterceptsandchangesthesourcemessage,thesignaturecannotberegenerated,becauseonlytheprivatekeyofthesourcecanformthecorrectsignature.Similarly,aslongasthesinkverifieswhetherthemessagedecryptedwiththesource’spublickeyisthesameastheplaintextmessage,itcanknowwhetherthemessagehasbeenaltered,anditcanverifywhetherthemessageisindeedfromtheintendedsource,anditcanalsomakethesourceunabletodenyit.Themessagetobesent.Sothiscancompletethefunctionofdigitalsignature
Butthisschemeistoosimple,itcanonlyguaranteetheintegrityofthemessage,butcannotensuretheconfidentialityofthemessage.Moreover,thisschemeneedstoencryptallmessages.Whenthelengthofthemessageisrelativelylarge,theefficiencyisverylow.Themainreasonistheinefficiencyoftheencryptionanddecryptionprocessofthepublickeysystem.Therefore,thisschemeisgenerallynotadvisable.
Дигесталгоритъм
Almostalldigitalsignatureschemesmustbeusedtogetherwithafastandefficientdigestalgorithm(Hashfunction).Whenthepublickeyalgorithmisusedincombinationwiththedigestalgorithm,itwillItconstitutesaneffectivedigitalsignaturescheme.
Thisprocessis:firstdigestthemessagewithadigestalgorithm,andthenencryptthedigestvaluewiththeprivatekeyofthesource;thereceiverfirstdigeststhereceivedplaintextwiththesamedigestalgorithmtoforma"standard"Signature",thencomparethequasi-signaturewiththe"signature"decryptedwiththepublickeyofthesource.Iftheyarethesame,themessageisconsideredcomplete,otherwisethemessageisincomplete.
Thismethodmakespublickeyencryptiononlyoperateonthemessagedigest,becausethedigestmessagelengthofadigestalgorithmisfixed,andtheyareallrelatively"short"(relativetothemessage),whichfitsRequirementsforpublickeyencryption.Thisefficiencyhasbeenimproved,anditssecurityhasnotbeenweakenedbytheuseofdigestalgorithms.