From the perspective of development and application practice,
the core technologies of commercial cryptography mainly include
cryptographic algorithms, keys, and cryptographic protocols
among other aspects.
01Cryptographic Algorithms
Cryptographic algorithms includesymmetric cryptographic algorithms, public key cryptographic algorithms, and hash algorithms. To ensure the security of commercial cryptography, the national cryptography management department has established a series of cryptographic algorithm standards, including SM2, SM3, SM4, SM9, and the ZUC algorithm. Among these, SM2 and SM9 are public key cryptographic algorithms, SM3 is a hash algorithm, while the others are symmetric cryptographic algorithms.
SM2 Algorithm is based on the difficulty of discrete logarithm calculations on elliptic curves, with a key length of 256 bits, including the SM2 encryption algorithm and the SM2 digital signature algorithm.
SM9 is a public key cryptographic algorithm based on identity, also known as identity-based cryptography, using a 256-bit elliptic curve.
SM3 Algorithm has a hash length of 256 bits, utilizing sufficient iterations of simple operations, with security and efficiency comparable to SHA-256. SM3 is mainly used for digital signatures and verification, message authentication code generation and verification, random number generation, etc.
Symmetric cryptography can also be divided into block ciphers and stream ciphers. Among them, SM4 is a block cipher with a block length and key length of 128 bits. The SM4 algorithm is the most widely used cryptographic algorithm in the SM series. The ZUC algorithm is a stream cipher that uses a 128-bit master key and a 128-bit initialization vector as input parameters. This algorithm is fast and commonly used in mobile communication 4G networks.
Currently, most of China’s SM series cryptographic algorithms have been incorporated into ISO/IEC international standards, and the ZUC algorithm has been established as the international encryption standard for the fourth generation of mobile communications, marking the preliminary formation of China’s international standard system for cryptographic algorithms, contributing Chinese wisdom to effectively safeguard cybersecurity and providing a Chinese solution.
02Keys
A key is a string of unpredictable random numbers that controls the cryptographic operation process. If a user possesses the key, they can decrypt the ciphertext to obtain the corresponding plaintext; under sufficiently secure algorithms, if a user does not have the key, the probability of deciphering the plaintext through guessing the key is almost zero. For example, with a key length of 128 bits, an attacker would need to conduct 2 to the power of 128 trials. Therefore, it is essential to ensure the security of the keys used in cryptographic algorithms, which must be kept secret, and the key space must be sufficiently large to prevent exhaustive search.
Keys are susceptible to many threats, such asleakage of key materials, tampering, unauthorized deletion, incomplete destruction, unauthorized revocation, forgery, delayed execution of key management functions, and misuse of keys.
To address the aforementioned threats, key protection methods includeusing cryptographic technology for protection, using non-cryptographic technology for protection, using physical means for protection, and using organizational means for protection.
Using cryptographic technology for protection includes employing encryption techniques to combat key leakage and unauthorized use, using data integrity mechanisms to counter tampering, and using digital signature technology to prevent forgery; using non-cryptographic technology for protection includes time-stamping keys; using physical means for protection includes offline storage of key materials; using organizational means for protection refers to classifying key materials, where each level of key is only used to protect the lower-level keys, and the lowest-level key can be directly used to provide data security services.
Keys are fundamental to cryptographic security and require strict management, with scientifically reasonable security policies established. Key management involves managing the entire lifecycle of keys according to security policies, including key generation, distribution, storage, updating, archiving, revocation, backup, recovery, and destruction.
03Cryptographic Protocols
Cryptographic protocols are the interactive rules for cryptographic applications and are important cryptographic technologies that apply cryptographic algorithms to specific usage environments. The purpose of cryptographic protocols is not only to ensure secrecy; they also facilitate authentication between entities, secure key or other secret distribution between entities, and confirm the non-repudiation of sent and received messages.
In reality, applying cryptographic algorithms to achieve specific security functions is quite complex; different usage environments require different cryptographic protocols, and different security functions are implemented by different cryptographic protocols. Therefore, there are various cryptographic protocols in cryptographic technology, such askey exchange protocols, key distribution protocols, identity authentication protocols, electronic payment protocols, and oblivious transfer protocols. For example, the classic Diffie-Hellman key exchange protocol allows both parties to exchange information so that they can negotiate a shared key over an insecure channel, enabling subsequent encryption operations.
The security of cryptographic protocols is crucial for cryptographic applications. The security of cryptographic protocols is determined not only by the security of the cryptographic algorithms but also by the security of the interactive rules. If there are vulnerabilities in the interactive rules, the protocol may be attacked by adversaries. Typical attacks faced by cryptographic protocols include replay attacks, man-in-the-middle attacks, known-key attacks, parallel session attacks, interleaving attacks, and other types of attacks. Therefore, parameters such as random numbers and timestamps are often added to protocols to enhance their security. Security analysis methods for cryptographic protocols include logic-based analysis methods, model-checking-based analysis methods, theorem-proving-based analysis methods, and cryptographic proof-based security analysis methods. The analysis and design of cryptographic protocols have always been important research topics in the field of cryptography.
END
Source: China Academy of Information and Communications Technology, Cloud Computing and Big Data Research Institute
