The “password” mentioned here is not the same concept as the passwords we use in daily life.The cryptographic algorithms discussed in this article mainly address the issues of encryption and decryption in information transmission.We must assume that the data transmission process is insecure, and all information is being eavesdropped on, so the sender must encrypt the information, and the receiver must know how to decrypt it after receiving the information.Interestingly, if you can let the receiver know how to decrypt it, then can’t the eavesdropper also know how to decrypt it?Therefore, cryptography is quite magical. I was amazed when I first saw the Diffie-Hellman key exchange algorithm: Two people can exchange a few numbers in front of you, and they can have a common secret;and you know these numbers and the specific steps of the algorithm they are using, but you can never compute that secret.Next, we will introduce symmetric encryption algorithms, Diffie-Hellman key exchange algorithms, asymmetric encryption algorithms, digital signatures, and public key certificates, to see the bumpy road to solving secure transmission issues.
1. Symmetric Encryption
Symmetric encryption, also known as shared key encryption, uses the same key for both encryption and decryption.For example, let me describe the simplest method of symmetric encryption.First, we know that information can be represented as a sequence of 0/1 bits, and we also know that the result of XORing two identical bit sequences is 0.So we can generate a random bit sequence of the same length as the original information as a key, and then use it to XOR the original information to generate ciphertext.Conversely, using the same key to XOR the ciphertext once again can restore the original information.This is a simple example, but it is a bit too simple and has many problems.For example, the key length is exactly the same as the original information; if the original information is very large, the key will be equally large, and generating a large number of truly random bit sequences also has considerable computational overhead.Of course, there are many more complex and excellent symmetric encryption algorithms that solve these problems, such as the Rijndael algorithm, Triple DES algorithm, etc.They are algorithmically flawless, have a huge key space, and are practically impossible to brute-force, and the encryption process is relatively fast.However, the Achilles’ heel of all symmetric encryption algorithms lies in key distribution.Both encryption and decryption use the same key, so the sender must find a way to send the key to the receiver.If the eavesdropper has the ability to intercept the ciphertext, they can certainly intercept the key as well, rendering even the most flawless algorithm vulnerable.Therefore, we will introduce two of the most common algorithms to solve the key distribution problem: the Diffie-Hellman key exchange algorithm and asymmetric encryption algorithms.
2. Key Exchange Algorithms
The key we refer to is generally a very large number, which the algorithm uses for encryption and decryption.The problem is that the channel is insecure, and all outgoing data will be intercepted.In other words, is there a way for two people to openly and aboveboard exchange a secret, securely delivering the symmetric key to the receiver?The Diffie-Hellman key exchange algorithm can accomplish this.To be precise, this algorithm does not securely “send” a secret to the other party, but rather generates a common secret in each party’s “mind” through some shared numbers, a secret that a third-party eavesdropper cannot generate.Perhaps this is the legendary telepathy.The rules of this algorithm are not complicated; you can even try sharing a secret with a friend. I will briefly outline its basic process later.Before that, it’s important to clarify one issue:Not all operations have inverses.A simple example is the well-known one-way hash function: give a number<span>a</span> and a hash function<span>f</span>, you can quickly compute<span>f(a)</span>, but if you give<span>f(a)</span> and<span>f</span>, deducing<span>a</span> is essentially impossible.The reason the key exchange algorithm seems so magical is that it utilizes this irreversible property.Now, let’s look at what the key exchange algorithm’s process is. By naming convention, the two parties preparing to execute the key exchange algorithm are called Alice and Bob, while the bad guy trying to intercept their communication is called Hack.First, Alice and Bob agree on two numbers<span>N</span> and <span>G</span> as generators; of course, the negotiation process can be overheard by the eavesdropper Hack, so I have placed these two numbers in the middle, indicating that all three parties know:Now Alice and Bob each think of a number, which we will call<span>A</span> and <span>B</span>:Now Alice will take this number<span>A</span> and <span>G</span> to perform some calculations to produce a number<span>AG</span>, which she sends to Bob; Bob will take his number<span>B</span> and <span>G</span> to produce a number<span>BG</span>, which he sends to Alice:The situation is now as follows:Note that, similar to the previously mentioned hash function example, knowingAG and G does not allow you to deduce what A is, and similarly for BG.PS:The specific calculation process involves modular (mod) and exponentiation, and the reason it cannot be reversed is that mathematicians have not yet discovered a fast algorithm for calculating discrete logarithms.Then, Alice can use<span>BG</span> and her own<span>A</span> to perform some calculations to obtain a number<span>ABG</span>, and Bob can use<span>AG</span> and his own<span>B</span> to perform calculations to obtain<span>ABG</span>, which is the shared secret between Alice and Bob.As for Hack, he can intercept the transmitted<span>G</span>, <span>AG</span>, <span>BG</span>, but due to the irreversible nature of the calculations, he cannot derive<span>ABG</span><code>:PS:In the specific algorithm, N is used for modular arithmetic, so it is omitted in the illustration.This is the basic process. As for the specific values, there are nuances, and the specific calculation methods can be easily found on Baidu, so I won’t go into detail due to space constraints.This algorithm can compute a secret that cannot be calculated by others under the premise of third-party eavesdropping, serving as the key for symmetric encryption algorithms, thus initiating symmetric encrypted communication.For this algorithm, Hack has thought of a method to crack it, not by eavesdropping on Alice and Bob’s communication data, but by directly impersonating both Alice and Bob, which is known as a man-in-the-middle attack:In this case, both parties cannot detect that they are sharing secrets with Hack, leading to the consequence that Hack can decrypt or even modify data.It is evident that the key exchange algorithm does not completely solve the key distribution problem; its flaw lies in the inability to verify the identity of the other party. Therefore, before executing the key exchange algorithm, it is generally necessary to verify the identity of the other party, for example, by using digital signatures.
3. Asymmetric Encryption
The idea of asymmetric encryption is to simply not sneakily transmit the key; I separate the encryption key from the decryption key, using the public key for encryption and the private key for decryption.Only the public key is sent to the other party, and then the other party starts sending me encrypted data, which I can decrypt using my private key.As for the eavesdropper, having the public key and the encrypted data is useless because only my private key can decrypt it.You can think of it this way: the private key is the key, while the public key is the lock, which can be publicly shared so that others can lock data and send it to me; the key must be kept in my hand for unlocking.The commonly known RSA algorithm is a typical example of an asymmetric encryption algorithm, and its specific implementation is quite complex, so I won’t write it out; there are many resources online.In practical applications, the computational speed of asymmetric encryption is much slower than that of symmetric encryption, so when transmitting large amounts of data, the public key is generally not used to directly encrypt data; instead, the symmetric encryption key is encrypted and sent to the other party, who then uses the symmetric encryption algorithm to transmit data.It should be noted that, similar to the Diffie-Hellman algorithm, asymmetric encryption algorithms also cannot determine the identity of the communicating parties and are still susceptible to man-in-the-middle attacks.For instance, if Hack intercepts Bob’s public key and impersonates Bob to send Alice his own public key, then unsuspecting Alice will encrypt private data with Hack’s public key, allowing Hack to decrypt and steal the data using his private key.So, both the Diffie-Hellman algorithm and the RSA asymmetric encryption algorithm can solve the key distribution problem to some extent, but they share the same flaws. What are the differences in their application scenarios?Simply put, we can see from the basic principles of the two algorithms:If both parties have a symmetric encryption scheme and wish to encrypt communication without letting others obtain the key, then the Diffie-Hellman algorithm can be used to exchange keys.If you want anyone to encrypt information while only you can decrypt it, then use the RSA asymmetric encryption algorithm and publish the public key.Next, we will try to solve the problem of authenticating the sender’s identity.
4. Digital Signatures
Earlier, we mentioned asymmetric encryption, where the public key is made public for others to encrypt data and send it to you, with only your corresponding private key able to decrypt the ciphertext.In fact, the private key can also be used to encrypt data; for the RSA algorithm, data encrypted with the private key can only be decrypted with the public key.Digital signatures also utilize the characteristics of asymmetric keys but completely reverse the process of public key encryption:the public key is still published, but you encrypt data with your private key, and then publish the encrypted data; this is the digital signature.You may ask, what is the use of this? Since the public key can decrypt data encrypted with the private key, isn’t this redundant?Yes, but the purpose of a digital signature is not to guarantee data confidentiality, but to prove your identity, confirming that the data was indeed sent by you.Think about it: if the data encrypted with your private key can only be decrypted with your public key, then if a piece of encrypted data can be decrypted with your public key, it indicates that this data was indeed published by you (the private key holder).Of course, the encrypted data is just a signature; the signature should be sent along with the data, and the specific process should be as follows:1.Bob generates a public and private key pair, then publishes the public key while keeping the private key to himself.2.He encrypts the data with his private key as a signature and publishes the data along with the signature.3.4.Alice receives the data and signature, and needs to check whether this data was sent by Bob. She uses Bob’s previously sent public key to attempt to decrypt the signature, comparing the received data with the result of the decrypted signature. If they match exactly, it indicates that the data has not been tampered with and was indeed sent by Bob.Why is Alice so sure? After all, both the data and the signature can be tampered with?The reasons are as follows:1.If someone modifies the data, Alice will find the discrepancy when decrypting the signature and comparing it with the data.2.If someone replaces the signature, Alice can only decrypt a string of garbled text using Bob’s public key, which clearly does not match the data.3.Perhaps someone attempts to modify the data and create a signature for the modified data, making it impossible for Alice to find discrepancies; however, once the signature is decrypted, it is impossible to regenerate Bob’s signature because Bob’s private key is not available.In summary, digital signatures can authenticate the source of data to a certain extent.The reason we say “to a certain extent” is that this method can still be vulnerable to man-in-the-middle attacks.Once public key distribution is involved, the receiver may receive a fake public key from the man-in-the-middle, leading to incorrect authentication, a problem that cannot be completely avoided.Ironically, a digital signature is a way to verify the identity of the other party, but the premise is that the other party’s identity must be genuine… This seems to fall into a chicken-and-egg dilemma, to determine the other party’s identity, a trusted source is necessary; otherwise, no matter how many processes are involved, it only shifts the problem rather than truly solving it.
5. Public Key Certificates
A certificate is essentially a public key + signature issued by a third-party certification authority.Introducing a trusted third party is a feasible solution to break the trust cycle.The certification process is roughly as follows:1.Bob goes to a trusted certification authority to verify his true identity and provides his public key.2.Alice wants to communicate with Bob, first requests Bob’s public key from the certification authority, which sends her a certificate (Bob’s public key along with the authority’s signature on it).3.Alice checks the signature to ensure that the public key was indeed sent by the certification authority and has not been tampered with.4.Alice encrypts data with this public key and begins communication with Bob.Image from “Illustrated Cryptography”PS:The image above is just for illustration; in practice, certificates only need to be installed once and do not require requests to the certification authority every time; generally, the server sends the certificate directly to the client instead of the certification authority.Some may ask, in order for Alice to determine the validity of a certificate through a digital signature, she must have the (certification) public key of the authority; doesn’t this return to the previous trust cycle?All legitimate browsers we install have pre-stored certificates from legitimate certification authorities (including their public keys), which are used to verify the authority’s identity, so the certification of certificates is trustworthy.During the process of Bob providing his public key to the authority, he must provide a lot of personal information for identity verification, which is quite strict, so it is also considered reliable.Having obtained Bob’s trusted public key, the communication between Alice and Bob is completely secure, protected by encryption algorithms.In summary, each side of this triangle is relatively reliable, making it costly for hackers to implement attacks.Most legitimate websites today use HTTPS protocols, which add an SSL/TLS security layer between HTTP and TCP protocols.After your browser and the website server complete the TCP handshake, the SSL protocol layer also performs an SSL handshake to exchange security parameters, which includes the website’s certificate for browser verification of the site’s identity.Once the SSL security layer verification is complete, the content of the upper-layer HTTP protocol will be encrypted, ensuring secure data transmission.As a result, traditional man-in-the-middle attacks have almost no survival space; attack methods can only shift from technical flaws to deception.In fact, deception can be more effective; for example, I have found that many download sites on the internet publish browsers that not only contain various navigations and bookmark URLs but also include some non-standard certification authority certificates.Anyone can apply for a certificate, and these non-standard certificates can pose security risks.
6. Conclusion
Symmetric encryption algorithms use the same key for both encryption and decryption, are difficult to crack, and have fast encryption speeds, but they face key distribution issues.The Diffie-Hellman key exchange algorithm allows both parties to “telepathically” come to an understanding, solving the key distribution problem to some extent, but it cannot verify the identities of the communicating parties, making it vulnerable to man-in-the-middle attacks.Asymmetric encryption algorithms generate a pair of keys, separating the tasks of encryption and decryption.The RSA algorithm, as a classic asymmetric encryption algorithm, has two uses:If used for encryption, the public key can be published for encryption, and only the private key can decrypt, ensuring data confidentiality;If used for digital signatures, after publishing the public key, the private key encrypts data as a signature to prove that the data was sent by the private key holder.However, regardless of how it is used, involving the publication of public keys does not avoid man-in-the-middle attacks.A public key certificate is a combination of a public key and a signature issued by a trusted third-party certification authority.Since legitimate browsers pre-install the public keys of trusted certification authorities, they effectively prevent man-in-the-middle attacks.The SSL/TLS security layer in HTTPS protocols combines several encryption methods, so do not install non-standard browsers or randomly install unknown certificates.Cryptography is only a small part of security; even HTTPS sites certified by legitimate institutions do not mean they are trustworthy; it only indicates that their data transmission is secure.Technology can never truly protect you; the most important thing is to enhance personal security awareness, be vigilant, and handle sensitive data with care.Finally, if you find this article well-written, please like and share; if the data is good, I will write more.