密码学的基础知识英文翻译

密码学的基础知识
在公钥加密系统中,为了保障加密操作的便捷,产生了密钥技术.目前, 公钥加密系统都使用两个不同的密钥，其中一个密钥是私有的，另一个是公有的.根据不同的应用要求,发送方可使用其私钥或者接收方的公钥或同时使用二者来执行密码加密功能。

密钥体制的应用一般可分为三类； (1）加密/解密:发送方用接收方的公钥对消息加密； (2) 数字签名:发送方用自己的私钥对消息“签名”，可以对整条消息或者对消息的一个小的数据块来产生，接受方利用公钥验证数据源; （3) 密钥交换：通信双方交换会话密钥,一般都要借用通信第三方的私钥。

非对称加密算法进行数字签名时使用两个密钥：公开密钥(public key）和私有密钥（private key），分别用于对数据的加密和解密，即如果使用公开密钥对数据进行加密,只有用对应的私有密钥才能进行解密;如果用私有密钥对数据进行加密,则只有用对应的公开密钥才能解密。

任何拥有发送方公开密钥的人都可以通过密钥验证明文来源的正确性。

由于发送方私有密钥的保密性，使得接收方可以根据验证结果来拒收该报文,也能使其他人无法伪造报文。

密钥
密钥是一个数值,它和加密算法一起生成特别的密文。

密钥本质上是非常非常大的数。

密钥的尺寸用位（bit）来衡量，1024 位密钥代表的数是非常巨大的. 在公开密钥加密方法中,密钥的尺寸越大，密文就越安全. 然而,公钥的尺寸和传统加密方法中密钥的尺寸是不相关的.传统 80 位密钥的强度等同于 1024 位的公钥,传统 128 位密钥的强度等同于 3000 位的公钥。

在同种加密算法中，密钥越大越安全。

但是传统方法和公开密钥方法所用的加密算法不一样，因此它们的密钥尺寸不能直接比较公钥和私钥是算术相关的,仅凭公钥推算出私钥是非常困难的。

然而如果有足够的时间和计算能力，总是可能导出私钥的。

这使得选择合适尺寸的密钥变得非常重要。

为了安全需要足够大的密钥，为了速度有要足够小的密钥。

而且，要考虑是谁想要读取你的文件, 他有多大的决心，多少时间和多少可以利用的资源。

长的密钥会在很长一段时间内是安全的。

如果想保密许多年。

应该选择非常长的密钥。

当然,谁也不知道使用未来速度更快更有效的计算机来测定你的密钥会花费多长时间。

曾经有一段时间人们认为 56 位的对称密钥是非常安全的。

密钥以加密后的形式保存.PGP 在硬盘的两个文件中保存密钥，一个文件保存公钥，另一个保存私钥。

这两个文件称为钥匙环.在使用 PGP 时,用户会经常向公钥环中加入接收者的公钥。

用户自己的私钥保存在私钥环上。

如果丢失了私钥环，就无法解密依赖于该环的。

密钥的组织结构
现有的密钥管理系统都采用了层次化的密钥结构。

层次化的密钥结构与整个系统的密钥控制关系是对应的,按照密钥的作用与类型及它们之间的相互控制关系,可以将不同类型的的密钥划分为一级密钥、二级密钥、……n 级密钥，从而构成一个层次化密钥系统。

其中，系统使用一级密钥 K：通过算法 f，保护二级密钥(一级密钥使用物理方法或者其他方法进行保护)，使用二级密钥通过算法 f:保护三级密钥，以此类推, 直到最后使用 n 级密钥通过算法 f。

保护明文数据。

随着加密过程的进行，各层密钥的内容动态变化，而这种变化的规则由相应层次的密钥协议控制最底层的密钥 K。

也称为工作密钥，或称数据加密密钥，它直接用于对明文数据的加/解密；所有上层密钥可称为密钥加密密钥,它们用于保护数据加密
密钥或者其他低层的密钥加密密钥;最高层的密钥 K，也叫做主密钥，一般来说, 主密钥应采用最保险的方式进行保护. 在进行数据的加/解密时,数据加密密钥将在上层密钥的保护下动态的产生(例如，在上层密钥的保护下，通过密钥协商产生本次数据通信所使用的数据加密密钥；或在文件加密时，产生一个新的数据加密密钥，在使用完毕后, 立即使用上层密钥进行加密后存储,这样，除了加密部件外，密钥仅以密文的形式出现在密码系统其余部分中)；数据加密密钥在使用完毕后,将立即清除，不再出现在密码系统中的任何部分当中. 层次化的密钥结构具有以下优点: (1）安全性大大提高。

层次化密钥结构中，密钥位于的层次越低，则更换的越快,最底层（第 n 层）密钥可以做到每加密一份报文就更换一次。

另外,在层次化的密钥结构中, 下层的密钥破译将不会影响到上层密钥的安全。

在少量最初的处于最高层次的密钥注入系统之后,下面各层密钥的内容可以按照某种协议不断地变化(例如可以通过使用安全算法以及高层密钥产生低层密钥).对于破译者来说，层次化密钥结构意味着他所攻击的已不再是一个静止的密钥系统，而是一个动态的密钥系统。

对于一个静止的密钥系统,一份报文(得到加密该报文所使用的密钥）就可以导致使用该密钥的所有报文的泄露;而在动态密钥系统中，密钥处在不断的变化中，在底层密钥受到攻击后，高层密钥可以有效的保护底层密钥进行更换,从而最大限度的削弱了底层密钥被攻击所带来的影响，使得攻击者无法一劳永逸地破译密码系统，有效地保证了密钥整体的安全性。

(2）为密钥管理自动化带来了方便。

由于计算机的普及和飞速发展，计算机系统的信息量和计算机网络的通信量也在不断增加。

为了达到较高的安全性，所使用的密钥量也随之增加，人工更换密钥已经无法满足需要；同时，一些新的应用场景的出现，例如电子商务，在双方并不相识的情况下进行秘密通信，在这种情况下，
已经不可能进行人工分配密钥。

研究自动化的密钥管理方案已经成为现代密码系统急待解决的问题。

层次化密钥结构中，除了一级密钥需要人工装入以外，其他各层的密钥均可以设计由密钥管理系统按照某种协议进行自动地分配、更换、销毁等。

密钥管理自动化不仅提高了工作效率，也提高了数据安全性。

它可以使得核心的密钥（一级密钥)仅仅掌握在少数安全管理人员的范围内，这些安全管理人员不会直接接触到用户所使用的密钥（由各层密钥进行自动地协商获得）与明文数据，而用户又不可能接触到安全管理人员所掌握的核心密钥，这样，核心密钥的扩散面达到最小，有助于保证密钥的安全性。

密钥的种类
与密钥的层次化结构及其功能相适应的，在一个密码系统中所使用的密钥种类也非常繁杂.不同种类的密钥在层次结构上位于不同的层次，相同层次中的密钥也可能具有不同的功能（例如, 文件加密密钥与数据加密密钥等)，另外，同一密钥在不同的使用环境下也可能属于不同的种类。

一般的密码系统有以下几种密钥：（1) 基本密钥基本密钥也称为初始密钥，是由用户选定或由系统分配给用户的、可在较长时间内(相对于会话密钥)由一对用户（例如密钥分配中心与某一用户之间, 或两个用户之间)所专用的秘密密钥.基本密钥起也到了标识用户的作用。

因此也可以称为用户密钥。

(2)会话密钥在一次通信或数据交换中，用户之间所使用的密钥。

会话密钥可由通信用户之间进行协商得到。

它一般是动态地仅在需要进行会话数据加密时产生并在使用完毕后立即清除掉(当然也可以由用户双方进行预先约定）。

会话密钥可
以使用户不必频繁地更换基本密钥,而通过密钥分配或密钥协商的方法得到某次数据通信所使用的数据加密密钥,这样可以做到一报一密，从而大大提高通信的安全性，并方便密钥的管理. （3）密钥加密密钥
密钥加密密钥一般是用来对传送的会话密钥或文件加密密钥进行加密时所采用的密钥，也称为二级密钥。

密钥加密密钥所保护的对象是实际用来保护通信或文件数据的会话密钥或文件加密密钥.在通信网中，一般在每个节点都分配有一个这类密钥，为保证安全，各节点的密钥加密密钥应互不相同。

节点之间进行密钥协商时,应使用各节点的密钥加密密钥进行. （4)主机主密钥主机主密钥对应于层次化密钥结构中的最高层次，它是对密钥加密密钥进行加密的密钥。

一般情况下,主机主密钥受到严格的保护。

密钥的生成
一个密码体制的关键在于怎样生成好的密钥，密钥选择的不当将会极大影响密码体制的安全性.密钥的生成目前主要是利用噪声源技术.噪声源的功能是产生二进制的随机序列或与之对应的随机数，它是密钥生成的核心部件。

噪声源的另一个用途是在物理层加密的环境下进行信息填充，使网络具有防止流量分析的功能。

当采用序列密码时，也有防止乱数空发的功能。

噪声源还被用于某些身份验证技术中，如对等实体.为了防止口令被窃取，常常使用随机应答技术,这时的提问与应答是由噪声源控制的。

密钥生成所使用的噪声源一般有以下几种： (1）物理噪声源，基于物理的噪声源包括:基于力学的噪声源，基于电子学的噪声源，基于混沌理论的噪声源。

(2）只用具有足够复杂度与安全性的算法生成伪随机序列。

密钥的保护
（1)密钥的保护措施密钥的注入通常采用人工方式。

在可能的情况下，重要密钥可由多人分批次分开完成注入,为了掌握密钥的注入过程，所有的密钥按编号进行管理密钥常用的注入方法有键盘输入、软盘输入、专用密钥注入设备(即密钥枪）输入（2）密钥的存储在密钥注入以后，所有存储在加密设备里的密钥平时都应以加密的形式存放，而对这些密钥的操作口令应该由密码操作人员掌握。

这样，即使装有密钥的加密设备被破译者拿到,也可以保证密钥系统的安全。

（3）密钥的更换密钥的使用是有寿命的，一旦密钥到达或超过有效期，必须消除原密钥存储区，或者用随机生成的噪声重写。

为了保证加密设备能够连续工作，可以在新密钥生效后,旧密钥仍可以继续保持一段时间,以防止在密钥更换期间不能解密的死锁。

(4）保密装置密钥变换和数据加密的基本操作都是在一个保密装置内来实现的，它是一种专用的、具有很高安全性和可靠性的数据保护工具。

保密装置可以用硬件和软件方式来实现，用硬件方式实现更有利于保密和提高效率,但同时也增加了费用。

密钥管理
传统加密方法是有优势的。

它的速度很快，而且特别适用于不需要移动的数据。

然而，由于安全地发布密钥非常困难，单独使用传统加密方法来安全传输数据的代价是非常昂贵的.在间谍影片中常可以看到这样的情节,特工将一个密码箱用手铐和自己的手腕铐在一起。

密码箱中有什么呢？多数情况下里面不是导弹发射密码,不是化学公式，也不是入侵计划，而是用来解密的密钥。

对于使用传统加密方法进行安全通讯的手法双方来说，他们必须拥有相同的密钥而且不能让别人知道。

如果他们处在不同的物理位置，必须相信信使,加密电话或者其他的安全通讯介质，防止在传输过程中泄露密钥。

在传输过程中, 偷听或截获到密钥的任何人，就能够阅读，修改和伪造用这个密钥加密或认证的所有信息。

无论 DES 还是 midnight 上尉的秘密译码器圆环，传统加密方法的永恒问题就是密钥的发布,怎样才能使接收者得到密钥而不被其他人截获呢? 根据美国的数字签名的数字式 multisignature 标准 DSA 提出二份计划。

他们中的一个是
一新的连续数字式 multisignature，并且其他是一新的广播数字式 multisignature. 这些计划安全根
据解决分离对数问题。

署名的参量在计划任意地被选择, 并且计划是高安全。

而且，计划的最初的阶
段是简单的; 他们比广播数字式 multisignature 计划可以防止有些参加者欺诈其他和有更低的通信费用，并且计划是实用的。

The Basics of Cryptography
In public key cryptographic system, in order to safeguard the encryption operation the convenience， has had the key technology。

At present， the public key cryptographic system
all uses two different keys, key is private， another is public。

According to the different applicationrequest， the transmission only then uses its private key or the receiving end public key or simultaneously uses the two to carry out the password encryption function. The asymmetrical encryption algorithm carries on when the digital signature uses two keys：The public key （publick ey) and the private key (private key), uses in separately to the data encryption and the decipher， namely if uses the public key to carry on the encryption for
the data,only then can carry on the decipher with the corresponding private key;If carries on the encryption with the private key to the data, then only then can decipher with the corresponding public key。

Any has the transmitting end public key people all to be possible
to originate true through the key confirmation definite orders. As a result of the
transmitting end private key secrecy， causes the receiving end to be possible to refuse to accept this text according to the confirmation result， also can cause other people to be unable the forge text.
Keys
A key is a value that works with a cryptographic algorithm to produce a specific ciphertext。

Keys are basically really, really, really big numbers。

Key size is measured in bits； the number representing a 1024-bit key is darn huge. In public key cryptography, the bigger the key， the more secure the ciphertext。

However, public key size and conventional cryptography’s secret key size are totally unrelated。

A conventional 80-bit key has the equivalent strength of a 1024-bit public key. A conventional 128—bit key is equivalent to a 3000-bit public key. Again， the bigger the key, the more secure， but the algorithms used
for each type of cryptography are very different and thus comparison is like that of apples
to oranges。

While the public and private keys are mathematically related，it’s very
difficult to derive the private key given only the public key; however， deriving the private key is always possible given enough time and computing power。

This makes it very important
to pick keys of the right size； large enough to be secure, but small enough to be applied fairly quickly。

Additionally， you need to consider who might be trying to read your files，how determined they are， how much time they have， and what their resources might be。

Larger keys will be cryptographically secure for a longer period of time. If what you want to encrypt needs to be hidden for many years, you might want to use a very large key. Of course, who knows how long it will take to determine your key using tomorrow’s faster, more
efficient computers？ There was a time when a 56-bit symmetric key was considered extremely safe。

Keys are stored in encrypted form。

PGP stores the keys in two files on your hard disk; one for public keys and one for private keys。

These files are called keyrings。

As you use PGP, you will typically add the public keys of your recipients to your public keyring。

Your private keys are stored on your private keyring。

If you lose your private keyring， you will be unable to decrypt any information encrypted to keys on that ring。

Key organizational structure
The existing key management system management system has all used the hierarchical key structure. The hierarchical key structure and the overall system key control relations are
the correspondence， according to the key function and the type and between them the mutual control relations, may the different type the key divides into the level key, two levels of keys，…n level key, thus constitutes a hierarchical key system. Among them， system use
level key K:Through algorithm f，Protects two levels of keys (level key use physics method or
alternative means carries on protection), uses two levels of keys to pass algorithm f：Protects three levels of keys, by this analogy, until finally uses the n level key to pass algorithm f. Protection definite orders data。

Along with encryption process march, each key content dynamic change， but this kind of change rule controls the lowest level by the corresponding level. key agreement key K。

Also is called the work key, or called the data encryption key， it uses in directly to definite orders data Canada/Decipher；All upper formation key may be called the key encryption key， they use in protecting the data encryption key or other underlying bed key encryption key;Topmost story key K， also calls to take responsibility the key, generally speaking, the main key should select the safest method to carry on the protection。

Is carrying on the data Canada/When decipher, data encryption key in under upper formation key protection dynamic production (e.g.， in under the upper formation key protection, has this data message center use data through the key consultation to encrypt the key；Or when document encryption, produces a recent data encryption key，finished after the use， after uses the upper formation key to carry on the encryption immediately to save， like this, besides the encryption part， the key only appears by the scrambled text form in the cryptographic system other parts);The data encryption key finished after the use， immediately will eliminate， no longer will appear in the cryptographic system in the middle of any part。

The hierarchical key structure has following merit: （1) security enhances greatly。

In the hierarchical key structure， the key is located the level is lower， then replaces quickly， the lowest level (nth） the key may achieve encrypts a
text to replace one time every time. Moreover, in the hierarchical key structure， the lower level key will break a code cannot affect the upper formation key security。

After few
initial is in the highest level the key to pour into the system, below each key content may defer to some kind of agreement unceasingly to change (e。

g. may through use security algorithm as well as high—level key produces underlying bed key)。

Regarding code breaking，the hierarchical key structure meant he attacks no longer is a static key system, but is a dynamic key system。

Regarding a static key system, a text （obtains encrypts key which this text uses) to be possible to cause to use this key all text revelation；But in the dynamic key system， the key occupies in the unceasing change, comes under the attack after the first floor key, the high—level key may the effective protection first floor key carry on the replacement， thus the maximum limit weakening first floor key has been attacked the influence which brings， causes the aggressor to be unable to break a code the cryptographic system once and for all， has guaranteed the key whole security effectively. （2） has brought conveniently for the key management automation。

As a result of the computer popular and the rapid development， the computer system information content and the computer network communication load unceasingly is also increasing. In order to achieve the high security， uses the key quantity along with it increase, the manual shift key already was also unable to meet the needs;At the same time， some new application scene appearance, for example electronic commerce, carries on the secret signaling in the situation which both sides are not acquainted with one another, in this case, already not impossible to carry on assigns the key artificially。

The research automation key management plan already became modern cryptographic system the pending issue。

In the hierarchical key structure， needs to load artificially besides the level key， other each level key may design by the key management system management system carries on according to some kind of agreement assigns, the replacement， the destruction automatically and so on。

Not only the key management automation enhanced the working efficiency, also enhanced the data security. It may cause the core the key (level key) to grasp merely in the minority safety manager's scope， these safety manager cannot directly contact the key which the user uses (by each key to carry on consults automatically obtains） with the definite orders data， but the user not impossible to contact the core key which the safety manager grasps， like this, the core key diffusing surface achieved slightly, is helpful in guarantees the key the security.
Key type
In a cryptographic system adapt which with the key hierarchical structure and the
function uses the key type extremely to be also numerous and diverse. The different type key is located the different level in the hierarchical structure, in the same level key also possibly has the different function （e.g.， document encryption key and data encryption key and so on）， moreover， the identical key also possibly belongs to the different type under the different use environment. The general cryptographic system has following several kind of keys：（1） basic key The basic key also is called the initial key， is by the user designated or assigns by the system for the user， may (be opposite in the long time in conversation key) by a pair of user (e.g。

between key distribution center and some user， or between two users) special—purpose secret key。

The basic key played also arrived the marking user’s role. Therefore also may be called the user key。

(2） conversation key in a correspondence or the data exchange, the key which between the user uses. The conversation key may carry on the consultation by the correspondence user between to obtain。

It is generally dynamic only when needs to carry on the conversation data encryption produces and finished after the use eliminates immediately (certainly also may carry on prearranged by user both sides）。

The conversation key may cause the user not to need to replace the basic key frequently， but the method which consults through the key assignment or the key obtains some data message center use data encryption key, like this may achieve a newspaper one densely, thus enhances the correspondence greatly the security， and facilitates the key the management. (3）The key to the transmission conversation key or the document encryption key which key encryption key key encryption key is generally uses for carries on when encryption uses， also is called two levels of keys。

The key encryption key protects the object is uses for to protect the correspondence either the document data conversation key or the document encryption key actually. In the communications network, all assigns generally in each node has a this kind of key， is the guarantee security， various nodes key encryption key should not be mutually same. Between the node carries on when the key consults, should use various nodes the key encryption key to carry on. （4) main engine host key main engine host key corresponds in the hierarchical key structure the highest level, it is carries on the encryption to the key encryption key the key。

In the ordinary circumstances, the main engine host key receives the strict protection。

A key production
password system key lies in the key which how produces， the key chooses not when will be able to affect the password system enormously the security.The key production at present mainly uses the noise source technology. The noise source function has the binary random sequence or with it correspondence random number， it is the core part which the key produces.The noise source another use is carries on the information in under the physical level encryption environment to fill， enable the network to have prevents the current capacity analysis the function. When uses the sequence password， also has prevented the chaotic number sends spatially function。

The noise source also uses in certain identification authentication technology, like coordinated entity。

In order to prevent the password is stolen， uses the stochastic reply technology frequently, by now inquiry and the reply were control by the noise source.The key production uses the noise source has following several kinds generally: （1） physical noise source， includes based on the physical noise source：Based on mechanics noise source, based on electronics noise source， based on chaos theory noise source. (2) uses to have the enough order of complexity and the secure algorithm production pseudo-random sequence。

The key protection
(1) key protective measures key pours into usually selects the artificial method. In the possible situation, the important key to be possible to complete separately by a multi-person minute raid pours into, in order to grasp the key to pour into the process after, all keys
carry on according to the serial number manage the key commonly used to pour into the method to have the keyboard entry， the floppy disk input, the special-purpose key pour into the equipment （i.e。

key gun) to input. (2） key the memory pours into in the key， all memories form depositing which usually all should encrypt in the encryption equipment key， but should grasp to these key operation password by the crypto—operation personnel。

Thus， even if is loaded with the key encryption equipment to attain by code breaking， also may guarantee the key system the security. (3) key replacement key use has the life, once the key arrives or surpasses the term of validity， must eliminate the original key memory block, or with the noise recomposition which produces stochastically。

In order to guarantee the encryption equipment could the continuous working, be possible after the new key activation， the old key still to be possible to continue to maintain period of time， prevented in key replacement period could not decipher deadboltlock。

(4） secrecy system key transformation and the data encryption elementary operation eo all is， it which realizes in a secrecy system is one kind special—purpose， has the very high security and the reliable data protection tool。

The secrecy system may use the hardware and the software way realizes， is more advantageous with the hardware way realization in keeping secret and enhances the efficiency， but simultaneously also increased the expense。

Public key cryptography
The problems of key distribution are solved by public key cryptography, the concept of which was introduced by Whitfield Diffie and Martin Hellman in 1975。

（There is now evidence that the British Secret Service invented it a few years before Diffie and Hellman， but kept it a military secret - and did nothing with it。

[J H
Ellis： The Possibility of Secure Non—Secret Digital Encryption, CESG Report， January 1970]） Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption： a public key, which encrypts data， and a corresponding private， or secret key for decryption. Youpublishyour public keytotheworldwhile keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met。

It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated； all communications involve only public keys， and no private key is ever transmitted or shared。

Some examples of public—key cryptosystems are Elgamal (named for its inventor, Taher Elgamal), RSA （named for its inventors, Ron Rivest， Adi Shamir， and Leonard Adleman）, Diffie-Hellman (named, you guessed it, for its inventors）, and DSA, the Digital Signature Algorithm (invented by David Kravitz). Because conventional cryptography was once the only available means for relaying secret information, the expense of secure channels and key distribution relegated its use only to those who could afford it， such as governments and large banks （or small children with secret decoder rings). Public key encryption is the technological revolution that provides strong cryptography to the adult masses。

Remember the courier with the locked briefcase handcuffed to his wrist? Public-key encryption puts him out of business (probably to his relief）.
Key management
Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not going anywhere。

However， conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution。

Recall a character from your favorite spy movie： the person with a locked briefcase handcuffed to his or her wrist。

What is in the briefcase，anyway? It’s probably not the missile launch code/ biotoxin formula/ invasion plan itself. It’s the key
that will decrypt the secret data。

For a sender and recipient to communicate securely using conventional encryption， they must agree upon a key and keep it secret between themselves。

If they are in different physical locations, they must trust a courier, the Bat Phone， or some other secure communication medium to prevent the disclosure of the secret key during transmission. Anyone who overhears or intercepts the key in transit can later read， modify，and forge all information encrypted or authenticated with that key。

From DES to Captain Midnight’s Secret Decoder Ring, the persistent problem with con ventional encryption is key distribution： how do you get the key to the recipient without someone intercepting it？ two schemes for digital multisignature based on USA’s digital signature standard DSA are presented。

One of them is a new sequential digital multisignature， and the other is a new broadcasting digital multisignature. The security of these schemes is based on solving the discrete logarithm problem。

The parameters of the signatures in the schemes are randomly selected, and hence the schemes are of high security. Moreover, the initial stage of the schemes is simple； they can prevent some participants from cheating others and have lower communication costs than the broadcasting digital multisignature scheme， and therefore the schemes are practical 蚈。