Úvod
Symmetricencryption(alsocalledprivatekeyencryption)referstoanencryptionalgorithmthatusesthesamekeyforencryptionanddecryption.Sometimescalledtraditionalcryptographicalgorithm,thatis,theencryptionkeycanbecalculatedfromthedecryptionkey,andthedecryptionkeycanalsobecalculatedfromtheencryptionkey.Inmostsymmetricalgorithms,theencryptionkeyandthedecryptionkeyarethesame,sothisencryptionalgorithmisalsocalledasecretkeyalgorithmorasinglekeyalgorithm.Itrequiresthesenderandreceivertoagreeonakeybeforecommunicatingsecurely.Thesecurityofthesymmetricalgorithmdependsonthekey.Leakingthekeymeansthatanyonecandecryptthemessagestheysendorreceive.Therefore,theconfidentialityofthekeyisveryimportanttothesecurityofcommunication.
Funkce
Thecharacteristicsofthesymmetricencryptionalgorithmarethatthealgorithmisopen,theamountofcalculationissmall,theencryptionspeedisfast,andtheencryptionefficiencyishigh.
Thedisadvantageisthatbothpartiesinthetransactionusethesamekey,andsecuritycannotbeguaranteed.Inaddition,everytimeeachpairofusersusesasymmetricencryptionalgorithm,theyneedtouseauniquekeythatothersdon'tknow.Thiswillincreasethenumberofkeysownedbybothsendersandreceiversexponentially,andkeymanagementbecomesaburdenonusers.Symmetricencryptionalgorithmsaremoredifficulttouseondistributednetworksystems,mainlybecausekeymanagementisdifficultandtheusecostishigh.Comparedwiththepublickeyencryptionalgorithm,thesymmetricencryptionalgorithmcanprovideencryptionandauthenticationbutlacksthesignaturefunction,whichreducesthescopeofuse.SymmetricencryptionalgorithmswidelyusedincomputerprivatenetworksystemsincludeDESandIDEA.AESadvocatedbytheNationalBureauofStandardsisabouttoreplaceDESasanewstandard.
Theadvantageofthesymmetricencryptionalgorithmliesinthehighspeedofencryptionanddecryptionandthedifficultyofcrackingwhenusinglongkeys.Assumingthattwousersneedtousesymmetricencryptiontoencryptandthenexchangedata,theusersneedatleast2keysandexchangethem.Iftherearenusersintheenterprise,theentireenterpriseneedsn×(n-1)keysintotal.Thegenerationanddistributionofkeyswillbecomeanightmareforcorporateinformationdepartments.Thesecurityofthesymmetricencryptionalgorithmdependsonthepreservationoftheencryptionkey,butitisimpossibletorequireeveryoneintheenterprisewhoholdsthekeytokeepthesecret.Theyusuallyleakthekeyintentionallyorunintentionally—ifoneThekeyusedbytheuserisobtainedbytheintruder,andtheintrudercanreadallthedocumentsencryptedbytheuser'skey.Iftheentireenterprisesharesanencryptionkey,theconfidentialityoftheentireenterprisedocumentwillbeimpossibletotalkabout.
Specifické algoritmy
Zahrnuje hlavně algoritmus DES, algoritmus 3DES, algoritmus TDEA, algoritmus Blowfish, algoritmus RC5, algoritmus IDEA.
Hereisabriefintroductiontotheencryptionalgorithmbasedon"symmetrickey".
Šifrovací goritmy založené na "symetrickém klíči" zahrnují hlavně DES, TripleDES, RC2, RC4, RC5 a Blowfish.
Symmetrickey:DESTripleDESalgorithm
TheDESalgorithmturnsa64-bitplaintextinputblockintoaciphertextoutputblockwithadatalengthof64bits.Amongthem,8bitsareparitybits,andtheother56bitsarethelengthofthepassword.First,DESrecombinestheinput64-bitdatablockbybit,anddividestheoutputintotwoparts,L0andR0,eachpartis32bitslong,andisreplacedbeforeandafter.Finally,L0outputs32bitsontheleftandR0outputs32ontheright.Accordingtothisrule,after16iterations,L16andR16areobtained,whichareusedasinput,andtheinversepermutationoppositetotheinitialpermutationisperformedtoobtaintheciphertextoutput.
TheDESalgorithmhasextremelyhighsecurity.Sofar,inadditiontotheexhaustivesearchmethodtoattacktheDESalgorithm,nomoreeffectivemethodhasbeenfound,andtheexhaustionofthe56-bitlongkeyThespaceis2^56,whichmeansthatifacomputercandetect1millionkeyspersecond,itwilltakenearly2285yearstosearchforallkeys.Therefore,theDESalgorithmisveryreliable.Encryptionmethod.
Symmetrickey:RCalgorithm
TheprincipleoftheRC4algorithmis"confusion",whichincludestwoparts:initializationalgorithmandpseudo-randomsub-ciphergenerationalgorithmIntheprocessofinitialization,themainfunctionofthekeyistorandomlyscramblea256-byteinitialnumbercluster.Differentnumberclusterscangetdifferentsub-keysequencesafterbeingprocessedbythepseudo-randomsub-ciphergenerationalgorithm.AfterperforminganexclusiveORoperation(XOR)ontheobtainedsubkeysequenceandtheplaintext,theciphertextisobtained.
BecausetheRC4algorithmencryptionusestheexclusiveORmethod,oncethesub-keysequenceisrepeated,theciphertextmaybecracked,butthereisnoRC4withakeylengthof128bits.Thereisapossibilityofduplication,soRC4isalsooneofthemostsecureencryptionalgorithmsatpresent.
Symmetrickey:BlowFishalgorithm
BlowFishalgorithmisa64-bitblockandvariablekeylengthblockcipheralgorithm,thealgorithmisnon-patent.
TheBlowFishalgorithmusestwo"boxes":pbox[18]andsbox[4256].TheBlowFishalgorithmhasacoreencryptionfunction.Thisfunctioninputs64-bitinformation,andoutputsitintheformof64-bitciphertextaftercalculation.EncryptinginformationwiththeBlowFishalgorithmrequirestwoprocesses:keypreprocessingandinformationencryption.TheoriginalkeyspboxandsboxoftheBlowFishalgorithmarefixed.Toencryptamessage,youneedtoselectakey,andusethiskeytotransformthepboxandsboxtoobtainthekey_pboxandkey_sboxusedinthenextstepofinformationencryption.
BlowFishalgorithmdecryptionalsorequirestwoprocesses:keypreprocessingandinformationdecryption.Theprocessofkeypreprocessingisexactlythesameasthatofencryption.Theprocessofinformationdecryptionistousethekey_pboxinthereverseorderoftheinformationencryptionprocess.
Aplikační režim
Režim šifrování (anglický název a zkratka)
Čínské jméno
Elektronický číselník (ECB)
ElectronicCodeBookMode
CipherBlockChaining (CBC)
Režim odkazu na blokování hesel
CipherFeedbackMode (CFB)
EncryptedFeedbackMode
OutputFeedbackMode (OFB)
OutputFeedbackMode
ECB:Themostbasicencryptionmode,whichiscommonlyunderstoodencryption.Thesameplaintextwillalwaysbeencryptedintothesameciphertextwithoutaninitialvector.Itisvulnerabletocodebookreplayattacksandisrarelyusedingeneral.
CBC:Beforetheplaintextisencrypted,itneedstobeXORedwiththepreviousciphertextandthenencrypted,soaslongasyouchooseadifferentinitialvector,thesameciphertextwillbeencryptedtoformadifferentciphertext.ThisisCurrentlythemostwidelyusedmode.TheciphertextencryptedbyCBCiscontext-dependent,buterrorsintheplaintextwillnotbepassedontosubsequentpackets,butifonepacketislost,allsubsequentpacketswillbeinvalidated(synchronizationerrors).
CFB:Similartoaself-synchronizingsequencecipher,afterblockencryption,theciphertextandplaintextareshiftedandXORedaccordingto8-bitgroups,andtheoutputisreturnedtotheshiftregisteratthesametime.TheadvantagecanbeassmallasbyteEncryptionanddecryptioncanalsobenbits.CFBisalsocontext-dependent.InCFBmode,anerrorintheplaintextwillaffectthesubsequentciphertext(errordiffusion).
OFB:Runtheblockcipherasasynchronoussequencecipher,similartoCFB,butOFBusesthepreviousn-bitciphertextoutputpackettobefedbacktotheshiftregister,OFBhasnoerrorpropagationproblem.