1, symmetric cryptosystem
Symmetric cryptosystem is a traditional cryptosystem, also known as private key cryptosystem. In a symmetric encryption system, encryption and decryption use the same key. Because the encryption and decryption keys are the same, both parties who need to communicate must choose and save their same key, and each party must trust the other party not to disclose the key, so as to realize the confidentiality and integrity of data. For a network with n users, n(n- 1)/2 keys are needed, and the symmetric encryption system is effective when the user group is not very large. However, for large-scale networks, when the user group is huge and widely distributed, the distribution and preservation of keys becomes a problem. Encrypting and verifying confidential information is achieved by sending a message digest (or hash value) with the message. Typical algorithms include DES (Data Encryption Standard) algorithm and its variants Triple DES (triple DES) and GDES (generalized DES). Ideas; In Europe; FEAL N and RC5 in Japan. DES standard was put forward by American National Bureau of Standards, which is mainly used in the field of electronic fund transfer in banking. The key length of DES is 56 bits. Triple DES uses two independent 56-bit keys to encrypt the exchanged information three times, so that its effective length reaches 1 12 bits. RC2 and RC4 are patented symmetric encryption algorithms of RSA Data Security Company, which use variable key length algorithm. By specifying different key lengths, C2 and RC4 can improve or decrease the security. Symmetric encryption algorithm has the advantages of low computational overhead and fast encryption speed, and it is the main algorithm used for information encryption at present. Its limitation is that it has the problem of ensuring the secure exchange of keys between the communicating parties. In addition, if a counterparty has several trading relationships, he must maintain several special keys. It cannot identify the initiator or the final party of the transaction, because both parties have the same key. In addition, because symmetric encryption system can only be used to encrypt and decrypt data, it can provide data confidentiality and cannot be used for digital signature. Therefore, people urgently need to find a new cryptographic system.
2. Asymmetric cryptosystem
Asymmetric cryptosystem, also known as public key encryption technology, is proposed for the defects of private key cryptosystem. In public key encryption system, encryption and decryption are relatively independent. Encryption and decryption will use two different keys. The encryption key (public key) is open to the public and can be used by anyone. The decryption key (secret key) is only known by the decryptor, and illegal users cannot calculate the decryption key according to the public encryption key, which can be called public key cryptosystem. If a person chooses and publishes his public key, anyone else can use this public key to encrypt messages sent to that person. The private key is confidential, and only the owner of the private key can use it to decrypt the ciphertext. RSA system is the most famous representative algorithm in public key cryptosystem, in addition, there are: knapsack cipher, McEliece cipher, different _ hellman, Rabin, zero-knowledge proof, elliptic curve, EIGamal algorithm and so on. The key management of public key is relatively simple, and digital signature and verification can be realized conveniently. But the algorithm is complex and the data encryption rate is low. Public key encryption system does not have the problem of key distribution and storage in symmetric encryption system. For a network with n users, only 2n keys are needed. Besides data encryption, public key encryption system can also be used for digital signature. Public key encryption system can provide the following functions: a, confidentiality: to ensure that unauthorized personnel can not illegally obtain information, through data encryption; B. Authentication: ensuring that the other party belongs to the claimed entity, which is realized by digital signature; C. data integrity: ensure that the information content is not tampered with, and it is impossible for intruders to replace legitimate messages with fake messages, which can be achieved by digital signature; D non-repudiation: it is impossible for the sender to deny that he sent the message afterwards, and the receiver of the message can confirm to a neutral third party that the sender did send the message, which can be realized by digital signature. It can be seen that the public key encryption system meets all the main objectives of information security.