• Data encryption algorithms. Symmetric encryption algorithms. RSA encryption algorithm. DES encryption algorithm. Selecting an encryption algorithm. Symmetric cryptosystems

    The only existing method was symmetric encryption. The algorithm key must be kept secret by both parties, measures must be taken to protect access to the channel along the entire path of the cryptogram, or by the parties to interaction through crypto objects, messages, if this interaction channel is classified as “Not for use by third parties.” The encryption algorithm is selected by the parties before the exchange of messages begins.

    Basics

    Data encryption algorithms are widely used in computer technology in systems for hiding confidential and commercial information from malicious use by third parties. The main principle in them is the condition that the transmitter and receiver know the encryption algorithm in advance, as well as the key to the message, without which the information is just a set of symbols that have no meaning.

    Classic examples of such algorithms are symmetric cryptographic algorithms listed below:

    • Simple rearrangement
    • Single permutation by key
    • Double permutation
    • Permutation "Magic square"

    Simple rearrangement

    Simple rearrangement without a key is one of the most simple methods encryption. The message is written into a table in columns. After the plaintext is written in columns, it is read line by line to form the ciphertext. To use this cipher, the sender and recipient need to agree on a shared key in the form of a table size. Combining letters into groups is not included in the cipher key and is used only for the convenience of writing nonsense text.

    Single permutation by key

    More practical method encryption, called single key permutation, is very similar to the previous one. It differs only in that the table columns are rearranged according to keyword, a phrase or a set of numbers the length of a table line.

    Double permutation

    For added security, you can re-encrypt a message that has already been encrypted. This method is known as double permutation. To do this, the size of the second table is selected so that the lengths of its rows and columns differ from the lengths in the first table. It is best if they are relatively prime. In addition, the columns in the first table can be rearranged, and the rows in the second table. Finally, you can fill out the table in a zigzag, snake, spiral, or some other way. Such methods of filling out the table, if they do not increase the strength of the cipher, then make the encryption process much more entertaining.

    Permutation "Magic square"

    Magic squares are square tables with consecutive natural numbers from 1 inscribed in their cells, which add up to the same number for each column, each row and each diagonal. Such squares were widely used to enter encrypted text according to the numbering given in them. If you then write out the contents of the table line by line, you get encryption by rearranging the letters. At first glance, it seems as if there are very few magic squares. However, their number increases very quickly as the size of the square increases. Thus, there is only one magic square measuring 3 x 3, if you do not take into account its rotations. There are already 880 magic squares of 4 x 4, and the number of magic squares of size 5 x 5 is about 250,000. Therefore, magic squares large sizes could have been a good basis for a reliable encryption system of that time, because manually trying out all the key options for this cipher was unthinkable.

    Numbers from 1 to 16 fit into a square measuring 4 by 4. Its magic was that the sum of the numbers in rows, columns and full diagonals was equal to the same number - 34. These squares first appeared in China, where they were assigned some "magic power".

    After this, the ciphertext is written into a string (reading is done from left to right, line by line):
    .irdzegu SzhaoyanP

    When decrypted, the text is fit into a square, and the plaintext is read in the sequence of numbers of the “magic square”. The program should generate “magic squares” and select the required one based on the key. The square is larger than 3x3.

    Story

    Requirements

    The complete loss of all statistical patterns of the original message is an important requirement for a symmetric cipher. To do this, the cipher must have an “avalanche effect” - a strong change in the cipher block should occur with a 1-bit change in the input data (ideally, the values ​​of 1/2 bits of the cipher block should change).

    Another important requirement is the absence of linearity (that is, the conditions f(a) xor f(b) == f(a xor b)), otherwise the application of differential cryptanalysis to the cipher is facilitated.

    General scheme

    Currently, symmetric ciphers are:

    • block ciphers. Process information in blocks of a certain length (usually 64, 128 bits), applying a key to the block in in the prescribed manner, usually by several cycles of shuffling and substitution, called rounds. The result of repeating rounds is an avalanche effect - an increasing loss of bit correspondence between blocks of open and encrypted data.
    • stream ciphers, in which encryption is carried out over each bit or byte of the original (plain) text using gamma. A stream cipher can be easily created based on a block cipher (for example, GOST 28147-89 in gamma mode), launched in a special mode.

    Most symmetric ciphers use a complex combination large quantity substitutions and permutations. Many such ciphers are executed in several (sometimes up to 80) passes, using a “pass key” on each pass. The set of "pass keys" for all passes is called a "key schedule". As a rule, it is created from a key by performing certain operations on it, including permutations and substitutions.

    A typical way to construct symmetric encryption algorithms is the Feistel network. The algorithm builds an encryption scheme based on the function F(D, K), where D is a piece of data half the size of the encryption block, and K is the “pass key” for a given pass. The function is not required to be invertible - its inverse function may be unknown. The advantages of the Feistel network are the almost complete coincidence of decryption with encryption (the only difference is the reverse order of the “pass keys” in the schedule), which greatly facilitates the hardware implementation.

    The permutation operation mixes the message bits according to a certain law. In hardware implementations, it is trivially implemented as wire reversal. It is the permutation operations that make it possible to achieve the “avalanche effect.” The permutation operation is linear - f(a) xor f(b) == f(a xor b)

    Substitution operations are performed as replacing the value of a certain part of the message (often 4, 6 or 8 bits) with a standard, hard-wired number in the algorithm by accessing a constant array. The substitution operation introduces nonlinearity into the algorithm.

    Often the strength of an algorithm, especially against differential cryptanalysis, depends on the choice of values ​​in the lookup tables (S-boxes). At a minimum, it is considered undesirable to have fixed elements S(x) = x, as well as the absence of influence of some bit of the input byte on some bit of the result - that is, cases when the result bit is the same for all pairs of input words that differ only in this bit .

    Algorithm parameters

    There are many (at least two dozen) symmetric cipher algorithms, the essential parameters of which are:

    • key length
    • number of rounds
    • processed block length
    • complexity of hardware/software implementation
    • conversion complexity

    Types of symmetric ciphers

    block ciphers
    • AES (English: Advanced Encryption Standard) - American standard encryption
    • GOST 28147-89 - Soviet and Russian encryption standard, also a CIS standard
    • DES (Data Encryption Standard) - data encryption standard in the USA
    • 3DES (Triple-DES, triple DES)
    • RC2 (Rivest Cipher or Ron’s Cipher)
    • IDEA (International Data Encryption Algorithm, international data encryption algorithm)
    • CAST (after the initials of the developers Carlisle Adams and Stafford Tavares)

    Symmetric cryptosystems

    Symmetric cryptosystems (also symmetric encryption, symmetric ciphers) are an encryption method in which the same cryptographic key is used for encryption and decryption. Before the invention of the circuit asymmetric encryption the only method that existed was symmetric encryption. The algorithm key must be kept secret by both parties. The algorithm key is chosen by the parties before the exchange of messages begins.

    Currently, symmetric ciphers are:

    1. Block ciphers - process information in blocks of a certain length (usually 64, 128 bits), applying a key to the block in a prescribed order, usually through several cycles of mixing and substitution, called rounds. The result of repeating rounds is an avalanche effect - an increasing loss of bit correspondence between blocks of open and encrypted data.

    2. Stream ciphers - in which encryption is carried out on each bit or byte of the original (plain) text using gamma. A stream cipher can be easily created based on a block cipher (for example, GOST 28147-89 in gamma mode), launched in a special mode.

    Public key cryptographic system

    A public key cryptographic system (or Asymmetric encryption, Asymmetric cipher) is an information encryption system in which the key with which the message is encrypted and the encrypted message itself is transmitted over an open (that is, unprotected, observable) channel. The recipient uses a private key to generate the public key and to read the encrypted message. Public key cryptographic systems are currently widely used in various network protocols, in particular, in the SSL protocol and protocols based on it application level HTTPS, SSH, etc.

    Rice. 7.

    1. The recipient generates a key. The key is divided into an open and closed part. At the same time public key should not be transmitted over open channel. Or its authenticity must be guaranteed by some certifying authority.

    2. The sender encrypts the message using the public key.

    3. The recipient decrypts the message using the private key.

    Disadvantage of the method: Although the message is securely encrypted, the recipient and the sender are exposed by the very fact of sending an encrypted message.

    The general idea of ​​a public key cryptographic system is to use, when encrypting a message, such a function from the public key and the message (cipher function), which is algorithmically very difficult to reverse, that is, to calculate its argument from the value of the function, even knowing the value of the key.

    System Features

    Advantage asymmetric ciphers over symmetric ciphers is that there is no need to transmit secret key. The party wishing to receive ciphertexts, in accordance with the algorithm used, generates a “public key - private key” pair. The key values ​​are related, but calculating one value from another should be impossible from a practical point of view. The public key is published in open directories and is used to encrypt information by the counterparty. The private key is kept secret and is used to decrypt the message sent to the owner of the key pair. Asymmetric ciphers were pioneered in 1976 by Whitfield Diffie and Martin Hellman, New Directions in Modern Cryptography. They proposed a shared secret key exchange system based on the discrete logarithm problem. In general, the basis of the known asymmetric cryptosystems is one of the complex mathematical problems, which allows the construction of one-way functions and trap functions. For example, the Rivest-Shamir-Adelman cryptosystem uses the factorization problem of large numbers, and the Merkle-Hellman and Hoare-Rivest cryptosystems rely on the so-called knapsack problem.

    Flaws- asymmetric cryptosystems require significantly greater computing resources. In addition, it is necessary to ensure the authenticity (authenticity) of the public keys themselves, for which certificates are usually used.

    A hybrid (or combined) cryptosystem is an encryption system that has all the advantages of a public key cryptosystem, but without its main drawback - low encryption speed.

    Principle: Cryptographic systems take advantage of two main cryptosystems: symmetric and asymmetric cryptography. Programs such as PGP and GnuPG are built on this principle.

    Main disadvantage Asymmetric cryptography is characterized by low speed due to the complex calculations required by its algorithms, while symmetric cryptography has traditionally shown brilliant performance. However, symmetric cryptosystems have one significant drawback - their use requires the presence of a secure channel for transmitting keys. To overcome this drawback, they resort to asymmetric cryptosystems that use a pair of keys: public and private.

    Encryption: Most encryption systems work as follows. For a symmetric algorithm (3DES, IDEA, AES or any other), a random key is generated. Such a key usually has a size from 128 to 512 bits (depending on the algorithm). A symmetric algorithm is then used to encrypt the message. In case block encryption It is necessary to use an encryption mode (for example, CBC), which will allow the message to be encrypted with a length greater than the block length. As for the random key itself, it must be encrypted with the public key of the message recipient, and it is at this stage that a public key cryptosystem (RSA or Diffie-Hellman Algorithm) is applied. Since the random key is short, encrypting it takes little time. Encrypting a set of messages using an asymmetric algorithm is a computationally more complex task, so it is preferable to use symmetric encryption. Then it is enough to send a message encrypted with a symmetric algorithm, as well as the corresponding key in encrypted form. The recipient first decrypts the key using his private key, and then uses the resulting key to receive the entire message.

    A digital signature provides:

    * Identification of the source of the document. Depending on the details of the document definition, fields such as “author”, “changes made”, “time stamp”, etc. may be signed.

    * Protection against document changes. Any accidental or intentional change to the document (or signature) will change the cipher, therefore, the signature will become invalid.

    The following threats are possible digital signature:

    *An attacker may try to forge a signature for a document of his choice.

    *An attacker may try to match a document to a given signature so that the signature matches it.

    When using a strong cipher function, it is computationally difficult to create a counterfeit document with the same cipher as the genuine one. However, these threats can be realized due to weaknesses in specific caching algorithms, signatures, or errors in their implementations. However, the following threats to digital signature systems are still possible:

    *An attacker who steals a private key can sign any document on behalf of the key owner.

    *An attacker can trick the owner into signing a document, for example using a blind signature protocol.

    *An attacker can replace the owner's public key with his own, impersonating him.

    specific algorithm encryption, the input of which is the original unencrypted message, also called plaintext, and the key. Algorithm output is an encrypted message, also called ciphertext. The key is a value independent of the message being encrypted. Changing the key should change the encrypted message.

    The encrypted message is sent to the recipient. The recipient converts the encrypted message to the original unencrypted message using a decryption algorithm and the same key used in encryption, or a key easily obtained from encryption key.

    The unencrypted message will be denoted by P or M, from the words plaintext and message. We will denote the encrypted message C, from the word ciphertext.

    The security provided by traditional cryptography depends on several factors.

    First, the cryptographic algorithm must be strong enough so that the encrypted message being transmitted cannot be decrypted without the key, using only various statistical patterns of the encrypted message or some other means of analyzing it.

    Secondly, the security of the transmitted message must depend on the secrecy of the key, but not on the secrecy of the algorithm. The algorithm must be analyzed by specialists to eliminate the presence of weaknesses, in the presence of which the relationship between unencrypted and encrypted messages is poorly hidden. In addition, if this condition is met, manufacturers can create cheap hardware chips and freely distributed programs that implement this encryption algorithm.

    Thirdly, the algorithm must be such that it is impossible to find out the key, even knowing quite a lot of pairs (encrypted message, unencrypted message) obtained during encryption using this key.

    Claude Shannon introduced the concepts of diffusion and confusion to describe algorithm strength encryption.

    Diffusion is the dispersion of statistical features of plaintext across a wide range of statistical features of ciphertext. This is achieved by the fact that the value of each plaintext element affects the values ​​of many ciphertext elements, or, equivalently, any ciphertext element depends on many plaintext elements.

    Confusion is the destruction of the statistical relationship between the ciphertext and the key.

    If X is the original message and K is cryptographic key, then the encrypted transmitted text can be written in the form

    The recipient, using the same key, decrypts the message

    The enemy, without access to K and X, must try to find out X, K, or both.

    Symmetric encryption algorithms differ in the way the source text is processed. Block encryption or stream encryption is possible.

    A block of text is treated as a non-negative integer, or as several independent non-negative integers. The block length is always chosen to be a power of two. In most block algorithms symmetric encryption are used following types operations:

    These operations are repeated cyclically in the algorithm, forming the so-called rounds. The input of each round is the output of the previous round and the key that is obtained by a specific algorithm from the encryption key K. The round key is called plug-in. Each encryption algorithm can be represented as follows:


    Rice. 2.2.

    Applications

    Standard encryption algorithm should be applicable in many applications:

    • Data encryption. The algorithm must be effective when encrypting data files or large data streams.
    • Creation random numbers. The algorithm must be efficient at generating a certain number of random bits.
    • Hashing. The algorithm must translate efficiently into a one-way hash function.

    Platforms

    Standard encryption algorithm must be implemented on different platforms, which accordingly have different requirements.

    • The algorithm must be effectively implemented on specialized hardware designed to perform encryption/decryption.
    • Large processors. Although dedicated hardware is always used for the fastest applications, software implementations are used more often. The algorithm must allow efficient software implementation on 32-bit processors.
    • Medium-sized processors. The algorithm should work on microcontrollers and other mid-size processors.
    • Small processors. It should be possible to implement the algorithm on smart cards, even subject to strict restrictions on the memory used.

    Additional Requirements

    Encryption algorithm must, where possible, satisfy certain additional requirements.

    • The algorithm should be easy to code to minimize the likelihood of programming errors.
    • The algorithm must have a flat key space and accept any random string of bits of the required length as possible key. Having weak keys is undesirable.
    • The algorithm must be easily modified for different security levels and satisfy both minimum and maximum requirements.
    • All data operations must be performed on blocks that are multiples of a byte or a 32-bit word.

    In our computer age, humanity increasingly refuses to store information in handwritten or printed form, preferring documents. And if earlier they simply stole papers or parchments, now they are hacking electronic information. The data encryption algorithms themselves have been known since time immemorial. Many civilizations preferred to encrypt their unique knowledge so that only knowledgeable people could get it. But let's see how all this is reflected in our world.

    What is a data encryption system?

    First, you need to decide what cryptographic systems are in general. Roughly speaking, this is a special algorithm for recording information that would be understandable only to a certain circle of people.

    In this sense to a stranger everything he sees should (and in principle, it does) seem like a meaningless set of symbols. Only someone who knows the rules for their arrangement can read such a sequence. As the most simple example you can define an encryption algorithm with words written, say, backwards. Of course, this is the most primitive thing you can come up with. It is understood that if you know the recording rules, restoring the original text will not be difficult.

    Why is this necessary?

    Why all this was invented is probably not worth explaining. Look, what amounts of knowledge left over from ancient civilizations are today in encrypted form. Either the ancients did not want us to know this, or all this was done so that a person could use them only when he reached the required level of development - for now we can only guess about this.

    However, if we talk about today’s world, information security is becoming one of the most big problems. Judge for yourself, because there are so many documents in the same archives that the governments of some countries would not like to talk about, how many secret developments, how many new technologies. But all this, by and large, is the primary goal of the so-called hackers in the classical sense of the term.

    Only one phrase comes to mind, which has become a classic of the principles of Nathan Rothschild: “Who owns the information, owns the world.” And that is why information has to be protected from prying eyes, so that someone else does not use it for their own selfish purposes.

    Cryptography: a starting point

    Now, before considering the very structure that any encryption algorithm has, let’s dive a little into history, to those distant times when this science was just in its infancy.

    It is believed that the art of hiding data began to actively develop several thousand years ago BC. Primacy is attributed to the ancient Sumerians, King Solomon and the Egyptian priests. Only much later did the same runic signs and symbols similar to them appear. But here’s what’s interesting: sometimes the algorithm for encrypting texts (and at that time it was they who were encrypted) was such that in the same one symbol could mean not only one letter, but also a whole word, concept or even a sentence. Because of this, deciphering such texts, even with modern cryptographic systems that make it possible to restore the original form of any text, becomes absolutely impossible. If we talk modern language, these are quite advanced, as they say now, symmetric encryption algorithms. Let's look at them separately.

    Modern world: types of encryption algorithms

    Regarding the protection of confidential data in the modern world, it is worth mentioning the times when computers were unknown to mankind. Not to mention how much paper the alchemists or the same Templars translated, trying to hide the true texts about the knowledge known to them, it is worth remembering that since the emergence of the connection, the problem has only worsened.

    And here, perhaps, the most famous device can be called a German encryption machine from World War II called “Enigma,” which translated from English means “riddle.” Again, this is an example of how symmetric encryption algorithms are used, the essence of which is that the encryptor and decipherer know the key (algorithm) originally used to hide the data.

    Today, such cryptosystems are used everywhere. The most striking example can be considered, say, an algorithm that is an international standard. In computer terminology, it allows the use of a 256-bit key. At all modern algorithms encryption is quite diverse, and they can be divided into two large classes: symmetric and asymmetric. They, depending on the area of ​​destination, are used very widely today. And the choice of encryption algorithm directly depends on the tasks set and the method of restoring information in its original form. But what is the difference between them?

    Symmetric and asymmetric encryption algorithms: what is the difference

    Now let's see what the fundamental difference is between such systems, and on what principles their application in practice is based. As is already clear, encryption algorithms are associated with the geometric concepts of symmetry and asymmetry. What this means will now be clarified.

    Symmetric algorithm DES encryption, developed back in 1977, implies the presence of a single key, which is presumably known to two interested parties. Knowing such a key, it is not difficult to apply it in practice to read the same meaningless set of characters, bringing it, so to speak, into readable form.

    What do they represent? asymmetric algorithms encryption? Here, two keys are used, that is, one is used to encode the original information, and another is used to decrypt the content, and it is not at all necessary that they coincide or are simultaneously held by the encoding and decoding sides. One is enough for each of them. This ensures that both keys do not fall into the hands of third parties to a very high degree. However, based on the current situation, for many criminals this type of theft is not particularly a problem. Another thing is searching for exactly the key (roughly speaking, password) that is suitable for decrypting data. And here there can be so many options that even the most modern computer will process them for several decades. As stated, none of the available in the world computer systems hacking access to it and obtaining what is called “wiretapping” cannot and will not be possible for the next decades.

    The most famous and frequently used encryption algorithms

    But let's return to the computer world. What do the main encryption algorithms offer today, designed to protect information at the present stage of development of computer and mobile technology?

    In most countries, the de facto standard is the AES cryptographic system based on a 128-bit key. However, in parallel with it, an algorithm is sometimes used which, although it relates to encryption using an open (public) key, is nevertheless one of the most reliable. This, by the way, has been proven by all leading experts, since the system itself is determined not only by the degree of data encryption, but also by maintaining the integrity of the information. As for the early developments, which include the DES encryption algorithm, it is hopelessly outdated, and attempts to replace it began back in 1997. It was then that, based on it, a new advanced AES encryption standard arose (first with a 128-bit key, then with a 256-bit key).

    RSA encryption

    Now let's focus on RSA technology, which refers to an asymmetric encryption system. Suppose one subscriber sends another information encrypted using this algorithm.

    For encryption, two are enough large numbers X and Y, after which their product Z, called the modulus, is calculated. Next, some extraneous number A is selected that satisfies the condition: 1< A < (X - 1) * (Y - 1). Оно обязательно должно быть простым, то есть не иметь общих делителей с произведением (X - 1) * (Y - 1), равным Z. Затем происходит вычисление числа B, но только так, что (A * B - 1) делится на (X - 1) * (Y - 1). В in this example A - public key, B - secret key, (Z; A) - public key, (Z; B) - secret key.

    What happens during shipment? The sender creates a ciphertext, denoted F, with an initial message M, followed by A and multiplied by mod Z: F = M**A*(mod Z). The recipient just has to calculate a simple example: M = F**B*(mod Z). Roughly speaking, all these actions come down solely to exponentiation. The option of creating a digital signature works on the same principle, but the equations here are somewhat more complicated. In order not to bother the user with algebra, such material will not be presented.

    As for hacking, the RSA encryption algorithm poses an almost impossible task for an attacker: to calculate key B. This could theoretically be done using available factoring tools (by factoring the original numbers X and Y), but today there are no such tools, Therefore, the task itself becomes not only difficult - it is completely impossible.

    DES encryption

    Before us is another, in the past quite effective encryption algorithm with maximum length a block of 64 bits (characters), of which only 56 are significant. As mentioned above, this technique is already outdated, although it has lasted for quite a long time as a standard for cryptosystems used in the United States even for the defense industry.

    The essence of its symmetric encryption is that a certain sequence of 48 bits is used for this. In this case, 16 cycles from a 48-bit key sample are used for operations. But! All cycles are similar in principle of operation, therefore at the moment It is not difficult to calculate the required key. For example, one of the most powerful computers in the US, costing over a million dollars, “breaks” encryption within about three and a half hours. For machines of a lower rank, it takes no more than 20 hours to calculate even the sequence in its maximum manifestation.

    AES encryption

    Finally, we have before us the most widespread and, until recently, invulnerable system - the AES encryption algorithm. Today it is presented in three modifications - AES128, AES192 and AES256. The first option is used more to ensure information security mobile devices, the second is involved at a higher level. As a standard, this system was officially introduced in 2002, and its support was immediately announced by Intel Corporation, which produces processor chips.

    Its essence, unlike any other symmetric encryption system, comes down to calculations based on a polynomial representation of codes and calculation operations with two-dimensional arrays. According to the United States government, cracking a 128-bit key, even the most modern one, would take about 149 trillion years. We beg to differ with such a competent source. Over the past hundred years, computer technology has made a leap commensurate with so there is no need to delude yourself too much, especially since today, as it turns out, there are encryption systems even better than those that the United States has declared completely resistant to hacking.

    Problems with viruses and decryption

    Of course, we are talking about viruses. IN lately Quite specific ransomware viruses have appeared that encrypt all content hard drive And logical partitions on the infected computer, after which the victim receives a letter notifying that all files are encrypted, and only the specified source can decrypt them after paying a tidy sum.

    At the same time, most importantly, it is indicated that the AES1024 system was used to encrypt the data, that is, the key length is four times larger than the current AES256, and the number of options when searching for an appropriate decryptor increases simply incredibly.

    And based on the US government's statement about the time it takes to decrypt a 128-bit key, what about the time it would take to find a solution for the case of a 1024-bit key and its variants? This is where the United States made a mistake. They believed that their computer cryptography system was perfect. Alas, there were some specialists (apparently in the post-Soviet space) who surpassed the “immutable” American postulates in all respects.

    With all this, even the leading developers of anti-virus software, including Kaspersky Lab, the specialists who created Doctor Web, ESET Corporation and many other world leaders simply shrug their shoulders, they say, there is simply no money to decipher such an algorithm, while keeping silent about that there is not enough time. Of course, when contacting support, you are asked to send the encrypted file and, if available, preferably its original - in the form in which it was before encryption began. Alas, even comparative analysis has not yet produced tangible results.

    The world we don't know

    What can we say if we are chasing the future without being able to decipher the past. If you look at the world of our millennium, you will notice that the same Roman emperor Gaius Julius Caesar used symmetric encryption algorithms in some of his messages. Well, if you look at Leonardo da Vinci, you generally feel uneasy just from the realization that in the field of cryptography this man, whose life is covered with a certain veil of mystery, has surpassed his contemporaneity for centuries.

    Until now, many are haunted by the so-called “Gioconda’s smile”, in which there is something so attractive that modern people are not able to understand. By the way, relatively recently certain symbols were found in the painting (in the eye, on the dress, etc.), which clearly indicate that all this contains some kind of information encrypted by a great genius, which today, alas, we can extract unable to. But we didn’t even mention various kinds of large-scale structures that could revolutionize the understanding of physics of that time.

    Of course, some minds are inclined exclusively to the fact that in most cases the so-called “golden ratio” was used, however, it does not provide the key to the entire huge repository of knowledge, which is believed to be either incomprehensible to us or lost forever. Apparently, cryptographers still have an incredible amount of work to do to understand that modern encryption algorithms sometimes cannot be compared with the developments of ancient civilizations. In addition, if today there are generally accepted principles of information security, then those that were used in ancient times, unfortunately, are completely inaccessible and incomprehensible to us.

    And one more thing. There is an unspoken belief that most ancient texts cannot be translated simply because the keys to deciphering them are carefully guarded by secret societies like the Freemasons, the Illuminati, etc. Even the Templars left their mark here. What can we say about the fact that the Vatican Library still remains completely inaccessible? Isn’t that where the main keys to understanding antiquity are kept? Many experts are inclined towards this version, believing that the Vatican is deliberately concealing this information from society. Whether this is true or not, no one knows yet. But one thing can be said absolutely for sure - the ancient cryptography systems were in no way inferior (and perhaps even superior) to those used in the modern computer world.

    Instead of an afterword

    Finally, it is worth saying that not all aspects related to current cryptographic systems and the techniques that they use were considered here. The fact is that in most cases it would be necessary to provide complex mathematical formulas and present calculations, which would simply make most users’ heads spin. Just look at the example describing the RSA algorithm to realize that everything else will look much more complicated.

    The main thing here is to understand and delve, so to speak, into the essence of the issue. Well, if we talk about what they represent modern systems offering to store confidential information so that it is available to a limited number of users, there is little choice here. Despite the presence of many cryptographic systems, the same RSA and DES algorithms are clearly inferior to the specifics of AES. However, the majority modern applications, designed for completely different operating systems, they use AES (of course, depending on the application and device). But the “unauthorized” evolution of this cryptosystem, to put it mildly, shocked many, especially its creators. But in general, based on what is available today, it will not be difficult for many users to understand what cryptographic data encryption systems are, why they are needed and how they work.

    Means of cryptographic protection of state secrets are still equated to weapons. Very few countries in the world have their own cryptographic companies that actually do good means information protection. Even in many developed countries there is no such opportunity: there is no school there that would allow these technologies to be supported and developed. Russia is one of the few countries in the world - there may be five or so such countries - where all this is developed. Moreover, both in the commercial and public sectors there are companies and organizations that have maintained the continuity of the school of cryptography from the times when it was just in its infancy.

    Encryption algorithms

    Today, there are a lot of encryption algorithms that have significant resistance to cryptanalysis (cryptographic strength). Encryption algorithms are divided into three groups:

    Symmetric algorithms

    Symmetric encryption involves using the same key for both encryption and decryption. Two main requirements apply to symmetric algorithms: complete loss of all statistical patterns in the encryption object and lack of linearity. It is customary to divide symmetric systems into block and flow ones.

    In block systems, the source data is divided into blocks and then transformed using a key.

    In streaming systems, a certain sequence (output gamma) is generated, which is subsequently superimposed on the message itself, and data encryption occurs in a stream as the gamma is generated. A communication diagram using a symmetric cryptosystem is shown in the figure.

    Where where M is the plaintext, K is the secret key transmitted via closed channel, En(M) is the encryption operation, and Dk(M) is the decryption operation

    Typically, symmetric encryption uses a complex and multi-stage combination of substitutions and permutations of the original data, and there can be many stages (passes), and each of them must correspond to a “pass key”

    The substitution operation fulfills the first requirement of a symmetric cipher, getting rid of any statistics by shuffling the message bits according to a certain specified law. The permutation is necessary to fulfill the second requirement - to make the algorithm nonlinear. This is achieved by replacing a certain part of a message of a given size with a standard value by accessing the original array.

    Symmetrical systems have both their advantages and disadvantages over asymmetrical ones.

    The advantages of symmetric ciphers include high speed encryption, shorter required key length with similar strength, greater knowledge and ease of implementation. The disadvantages of symmetric algorithms are primarily considered to be the complexity of key exchange due to the high probability of the key being compromised during the exchange that is necessary, and the complexity of key management in a large network.

    Examples of symmetric ciphers

    • GOST 28147-89 - domestic encryption standard
    • 3DES (Triple-DES, triple DES)
    • RC6 (Rivest Cipher)
    • Twofish
    • SEED - Korean encryption standard
    • Camellia – Japanese encryption standard
    • CAST (after the initials of the developers Carlisle Adams and Stafford Tavares)
    • XTEA is the easiest algorithm to implement
    • AES – American encryption standard
    • DES – data encryption standard in the USA up to AES

    Asymmetric Algorithms

    Asymmetric systems are also called public key cryptosystems. This is a method of data encryption in which the public key is transmitted over an open channel (not hidden) and is used for verification electronic signature and for data encryption. To decrypt and create an electronic signature, a second key, a secret one, is used.

    The very design of asymmetric cryptosystems uses the idea of ​​one-way functions ƒ(x), in which it is easy to find x, knowing the value of the function itself, but it is almost impossible to find ƒ(x) itself, knowing only the value of x. An example of such a function would be telephone directory a large city in which it is easy to find a person’s number if you know his last name and initials, but it is extremely difficult to find out the owner if you know the number.

    Operating principle of asymmetric systems

    Let's say there are two subscribers: A and B, and subscriber B wants to send an encrypted message to subscriber A. He encrypts the message using a public key and transmits it already encrypted over an open communication channel. Having received the message, subscriber A decrypts it using the secret key and reads it.

    A clarification needs to be made here. When receiving a message, subscriber A must authenticate his identity to subscriber B so that an ill-wisher cannot impersonate subscriber A and replace his public key with his own.

    Examples of asymmetrical fonts

    • RSA (Rivest-Shamir-Adleman, Rivest - Shamir - Adleman)
    • DSA (Digital Signature Algorithm)
    • Elgamal (El-Gamal Cipher System)
    • Diffie-Hellman (Diffie-Hellman Key Exchange)
    • ECC (Elliptic Curve Cryptography, elliptic curve cryptography)

    Hash functions

    Hashing (from the English hash) is the transformation of an initial information array of arbitrary length into a bit string of a fixed length.

    There are many hash function algorithms, but they differ in their characteristics - cryptographic strength, bit capacity, computational complexity, etc.

    We are interested in cryptographically strong hash functions. These usually have two requirements:

    • For a given message C, it is almost impossible to find another message C with the same hash
    • It is almost impossible to find pairs of messages (SS") that have the same hash.

    The requirements are called resistance to collisions of the first kind and second kind, respectively. For such functions, another requirement remains important: with a slight change in the argument, a significant change in the function itself must occur. Thus, the hash value should not provide information even about individual bits of the argument.

    Examples of hash algorithms

    • Adler-32
    • SHA-1
    • SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512)
    • HAVAL
    • N-Hash
      • RIPEMD-160
    • RIPEMD-256
    • RIPEMD-320
    • Skein
    • Snefru
    • Tiger (TTH)
    • Whirlpool
    • GOST R34.11-94 (GOST 34.311-95)
    • IP Internet Checksum (RFC 1071)

    Cryptographic primitives

    To give encrypted information greater cryptographic strength, relatively simple transformations - primitives - can be repeatedly used in a cryptographic system. Substitutions, permutations, cyclic shifts or gammas can be used as primitives.

    Quantum cryptography

    Cryptography in digital technologies

    Story

    Cryptography is an ancient science, and its original objects were text messages, which, with the help of certain algorithms, were rendered meaningless for anyone who did not have special knowledge of decrypting this message - the key.

    Initially, methods were used that today are used only for puzzles, that is, in the opinion of a contemporary, the simplest. Such encryption methods include, for example, the replacement method, when each letter is replaced by another, spaced from it at a strictly defined distance in the alphabet. Or the permutation encryption method, when letters are swapped in a certain sequence within a word.

    In ancient times, encryption was used mainly in military and commercial affairs, espionage, and among smugglers.

    Somewhat later, historians determine the date of appearance of another related science - steganography. This science deals with masking the very fact of transmitting a message. It originated in antiquity, and an example here is the receipt by the Spartan king Leonidas before the battle with the Persians of an engraved tablet with text, covered with a dry, easily washable solution. When cleaning, the marks left on the wax with the stylus became clearly visible. Today, sympathetic ink, microdots, microfilms, etc. are used to hide the message.

    With the development of mathematics began to appear mathematical algorithms encryption, but all these types of cryptographic information protection preserved statistical data to varying degrees and remained vulnerable. The vulnerability became especially noticeable with the invention frequency analysis, which was developed in the 9th century AD supposedly by the Arab encyclopedist al-Kindi. And only in the 15th century, after the invention of polyalphabetic fonts by Leon Battista Alberti (presumably), protection moved to a qualitatively new level. However, in the mid-17th century, Charles Babbage presented convincing evidence of the partial vulnerability of polyalphabetic fonts to frequency analysis.

    The development of mechanics made it possible to create devices and mechanisms that facilitate encryption - devices such as the Trithemius square board and Thomas Jefferson's disk cipher appeared. But all these devices cannot be compared with those created in the 20th century. It was at this time that various encryption machines and mechanisms of high complexity began to appear, for example, rotary machines, the most famous of which is Enigma.

    Before the rapid development of science in the 20th century, cryptographers had to deal only with linguistic objects, and in the 20th century the possibilities of using various mathematical methods and theories, statistics, combinatorics, number theory and abstract algebra.

    But the real breakthrough in cryptographic science came with the advent of the ability to represent any information in binary form, divided into bits using computers, which made it possible to create fonts with hitherto unprecedented cryptographic strength. Such encryption systems, of course, can be hacked, but the time spent on hacking is not worth it in the vast majority of cases.

    Today we can talk about significant developments in quantum cryptography.

    Literature

    • Barichev S.G., Goncharov V.V., Serov R.E. Fundamentals of modern cryptography. - M.: *Varfolomeev A. A., Zhukov A. E., Pudovkina M. A. Stream cryptosystems. Basic properties and methods of resistance analysis. M.: PAIMS, 2000.
    • Yashchenko V.V. Introduction to cryptography. St. Petersburg: Peter, 2001. .
    • GOST 28147-89. Information processing systems. Cryptographic protection. Cryptographic conversion algorithm. M.: USSR Civil Code according to standards, 1989.
    • GOST R 34.10-94. Information technology. Cryptographic protection information. *GOST R 34.11-94. Information technology. Cryptographic information protection. Hash function. M., 1995.
    • GOST R 34.10-2001 Information technology. Cryptographic information protection. Processes of generating and verifying electronic digital signatures. M., 2001.
    • Nechaev V.I. Elements of cryptography (Fundamentals of the theory of information security). M.: Higher School, 1999.
    • Zhelnikov V. Cryptography from papyrus to computer. M.: AVR, 1996.
    Read more: