現代密碼學數據加密

領測軟件測試網 If the receiver of the encrypted data wants to read the original data, the receiver must convert it back to the original through a process called decryption. Decryption is the inverse of the encryption process. In order to perform the decryption, the receiver must be in possession of a special piece of data called the key.

　　如果接收到加密數據的人要看原來的數據，就必須把數據轉換為原來的形式，這個過程稱為解密。解密是加密過程的逆過程。為了進行解密，接收者必須有稱為密鑰的特殊數據。

　　The two main competing cryptography schemes are known as the secret-key (symmetric) system and the public-key (asymmetric) system. The secret-key system uses a single, wholly secret sequence both to encrypt and to decrypt messages. The public-key system uses a pair of mathematically related sequences, one each for encryption and decryption [1].

　　現在有兩種主要的、相互競爭的密碼術：秘鑰(對稱)和公鑰(不對稱)系統。秘鑰系統采用單一的絕密序列，對報文進行加密和解密。公鑰系統采用一對數學上相關的序列，一個用于加密，另一個用于解密。

　　Secret-key encryption

　　One of the most popular secret-key encryption schemes is IBM’s Data Encryption System (DES), which became the U.S. federal standard in 1997. the standard form uses a 56-bit key to encrypt 64-bit data blocks.

　　The following is a notation for relating plaintext, ciphertext, and keys. We will use C=E k (P) to mean that the encryption of the plaintext P using key k gives the ciphertext C. similarly, P=D k (C) represents of decryption of C to get the plaintext again. It then follows that D k ( E k (P))=P

　　密鑰加密

　　IBM的數據加密系統(DES)是最流行的密鑰加密方案之一。1977年，該方案成為美國聯邦標準。該標準形式采用56位的密鑰對64位的數據塊進行加密。

　　下面是有關明文、密文和密鑰關系的表示法。我們用C=E k (P)表示用密鑰K對明文P加密，得到密文C。類似的，P=D k (C)代表對C解密得到明文。因而遵循：D k (E k (P))=P

　　DES has been studied by many of the world’s leading cryptographers, but no weaknesses have been uncovered. To crack a DES-encrypted message a hacker or commercial spy would need to try 255 possible keys. This type of search would need days of computer time on the world’s fastest supercomputers. Even then, the message may not be cracked if the plaintext is not easily understood [2].

　　為了打開一個DES加密的報文，黑客或商業間諜需要試驗255種可能的密鑰，這種搜索在世界上最快的巨型機上也需好幾天的計算機時間。如果未加密的“明文”是不易理解的，即使算出報文也可能解不開。

　　Developers using DES can improve security by changing the keys frequently, using temporary session keys, or using triple-encryption DES. With triple DES, each 64-bit block is encrypted under three different DES keys. Recent research has confirmed that triple-DES is indeed more secure than single-DES. The User Data Masking Encryption Facility is an export-grade algorithm substituted for DES in several IBM products, such as the Distributed Computing Environment (DCE) [3].

　　使用DES的開發人員可以通過頻繁更改密鑰，使用臨時的會話密鑰或使用三重加密DES來提高安全性。使用三重DES時，每個64位數據塊用三種不同的DES密鑰加密。最新研究已確認三重DES確實比單重DES更安全。

　　Public-key encryption

　　The key distribution problem has always been the weak link in the secret-key systems. Since the encryption key and decryption key are the same( or easily derived from one another) and the key has to be distributed to all users of the system, it seemd as if there was an inherent built-in problem: keys had to be protected from theft, but they also had to be distributed, so they could not just be locked up in a bank vault.

　　公鑰加密

　　密鑰的分布問題在秘鑰系統中一直是一個薄弱環節。因為加密密鑰和解密密鑰是相同的(或彼此容易推出來)并且這個密鑰必須分配給該秘鑰系統的所有用戶，這好像是存在一個固有的內部問題，必須保護密鑰不被偷竊，但又必須分布出去，所以它們不可能只是鎖在銀行的地下室里。

　　Encryption can be used to protect data in transit as well as data in storage. Some vendors provide hardware encryption devices that can be used to encrypt and decrypt data. There are also software encryption packages which are available either commercially or as free software.

　　加密可以用來保護傳輸中的數據和存儲器中的數據。一些廠家提供硬件加密設備，用來加密和解密數據。也可買到軟件加密程序包或作為自由軟件免費獲得。

　　Encryption can be defined as the process of tasking information that exists in some readable form (plaintext) and converting it into a form (ciphertext) so that it cannot be understood by others.

　　加密可以定義為把現有的、以某種可讀形式(明文)的信息轉換成其他人不能理解的形式(密文)的過程。

　　In public key cryptosystem, the encryption and decryption keys were different, and plaintext encrypted with the public key can only be deciphered with the private key from the same pair. Conversely, plaintext encrypted with the private key can be decrypted only with the public key[4] ( it is used in electronic signatures). The notations for these are as follows.

　　C=E k (P) , P=D k1(C)=D k1 (E k (P)) or

　　C=D k1 (P), P=E k (C)=E k (D k1 (P))

　　在公鑰秘鑰系統中，加密和解密密鑰是不同的。并且用公開密鑰加密的明文只能用同一對密鑰中的秘密密鑰解密。相反，用私有密鑰加密的明文只能用公開密鑰解密(它用于電子簽名)。這些關系的表示法如下：(見上式)

　　Here k is a public key and k1 is private key( or secret key). Users can make their public keys freely available or place them at a key distribution center for others to access. However, the private key must be kept safe. In public-key systems there is no need to find a safe channel for communicating a shared secret key.

　　這里K是公開密鑰，K1是私有密鑰(或秘密密鑰)。用戶可以讓他們的公開密鑰自由地使用，或把它們放在密鑰分配中心供其他人存取。然而，私有密鑰必須安全的保存。在公開密鑰系統，無需找一條傳送共享的私有密鑰的安全通道。

文章來源于領測軟件測試網 http://www.kjueaiud.com/

TAG: 數據 現代 密碼學