Android reverse cryptography

The original link

This section introduces the concepts, applications, common algorithms, and attack methods of cryptography technologies such as pseudo-random number generator, public key cryptography, message authentication code, digital signature, and key negotiation. It also introduces some cryptography technologies that may be used in Android. Other cryptography algorithms and attack methods will be updated in the future.

Messages transmitted in plaintext are insecure, which may be eavesdropped and lead to disclosure of secrets. There are two main ways to improve the security of message transmission: cryptography and steganography.

Steganography: When information is hidden in multiple media, such as videos, hard disks, and images, it is used to embed the information to be hidden into the media in a special way without compromising the expression of the original information on the media, so as to protect the information to be hidden from others.
Cryptography: The technique of encrypting a message so that its contents are undecipherable in order to make it unintelligible to outsiders.

This paper mainly introduces the relevant knowledge of cryptography. Cryptography can be divided into two stages: classical cryptography and modern cryptography.

Classical cryptography

Before the emergence of computers, cryptography mainly through the substitution and substitution of characters to achieve information encryption. A permutation is a rearrangement of letters in plain text. The letters themselves remain the same, but their positions are changed. Substitution is to replace a character in the plaintext with another character.

algorithm	The principle of	decryption
Caesar password	The letters are pushed back in orderxBit to get ciphertext	Brute force. Pan it 25 times to getx
Simple substitution password	Set up the alphabet and replace the letters one by one to obtain ciphertext	Frequency analysis, counting the frequency of letters or letters used in common English, comparing the order in ciphertext, and trying to replace one by one
Affine password	Convert the corresponding letter value to another value according to the function: $(k_1m+k_2)mod26$	Brute force cracking; Frequency analysis

There are also Vigenre multi-table substitution cipher, Scytale cipher, track fence cipher and other algorithms. Some algorithms in classical cryptography have limited key space, such as Caesar cipher. Because classical cryptography is based on characters, and some algorithms have a one-to-one correspondence between letters before and after encryption, frequency analysis can be used to speed up the decoding speed of this algorithm.

Modern cryptography

The difference between modern cryptography and classical cryptography mainly lies in the transfer of character layer encryption to byte layer encryption, and the guarantee of security has also been transferred from secret algorithm to secret key, which mainly includes the following technologies:

technology	function
Pseudo-random number generator	Generate the key
Symmetrical password	Confidentiality of information
Public key cryptography	Message confidentiality, identity authentication
One-way hash function	Message integrity (tamper-proof)
Message authentication code	Message integrity (tamper-proof), identity authentication
A digital signature	Message integrity (tamper-proof), authentication, denial prevention
certificate	A public key to verify

Symmetrical password

Cryptography in which the encryption key is the same as the decryption key to ensure the confidentiality of messages.

Advantages: Usually requires small key, high efficiency, fast speed.

Disadvantages: Can’t safely send the key to the person who needs to decrypt the message.

Common algorithms	Introduction to the
DES	The official data encryption standard for unclassified data, issued in 1977 in the United States, is widely used and already capable of brute force cracking`AES`alternative
AES	Advanced Encryption Standard, the next generation of encryption algorithm standard, adopted`Rijndael`Algorithm, used to replace`DES`
3DES	By increasing the`DES`Key length to avoid brute force cracking, will`DES`A cryptographic algorithm obtained by three repetitions, but not very fast
Blowfish	Designed by Bruce Schneider in 1993, it’s fast, and so far it hasn’t been effectively cracked

Public key cryptography

Also known as asymmetric encryption, the sender uses the public key to encrypt data, and the receiver uses the private key to decrypt data. The public key can be deduced from the known private key, but the private key cannot be deduced from the known public key. It can be used both to ensure message confidentiality and for authentication.

Process: The message receiver generates a pair of public and private keys in advance and broadcasts the public key. The private key is saved by itself. The message sender obtains the public key to be broadcast and encrypts the content to be transmitted using the public key.

Advantages: The private key for decrypting data does not need to be transmitted over the network, which reduces the risk of key leakage and improves security.

Disadvantages: encryption and decryption takes a long time, the calculation speed is slow, through the key is also longer, generally only suitable for a small amount of data encryption.

Common algorithms	Security dependency	Introduction to the
RSA	Difficulty in factorization of large integers	The most popular public key encryption algorithm, the key and the encrypted file block is variable, can be used for both data encryption and digital signature
ECC	The difficulty of elliptic curve discrete logarithm problem	with`RSA`Compared with the required key length is short, encryption speed, high difficulty to crack, more anti-attack advantages, available`ECDH`Key exchange,`ECDSA`A digital signature
Elgamal	Difficulty in finding discrete logarithms under mod N	It can be used for both data encryption and digital signature, but the length of ciphertext generated by encryption is twice that of plaintext
Rabin	The difficulty in solving square roots under mod N	Decryption is equivalent to the decomposition of large integers. The same ciphertext may correspond to four different plaintext, and the real plaintext needs to be identified during decryption

One-way hash function

Also known as a one-way Hash function or Hash function, the output Hash value is called message digest or fingerprint. The unidirectional hash function can calculate the hash value according to the content of the message, and check the integrity of the message by comparing the hash value. The fixed length of the hash value has nothing to do with the content of the message, and has the characteristics of weak collision resistance, strong collision resistance and unidirectional.

Weak collision resistance: Given the hash value of a message, the one-way hash function must ensure that it is very difficult to find another message with the same hash value as the message.

Strong collision resistance: Finding two different messages with the same hash value is very difficult.

Unidirectional: The message cannot be calculated backwards from the hash value.

Application: Check whether the downloaded software is tampered (calculate the hash value after downloading the software and compare it with the software hash value published on the official website), password-based encryption PBE, message authentication code, digital signature, pseudo-random number generator, one-time password.

Attack method: brute force crack, birthday attack

Common algorithms	Introduction to the
MD4	Designed by Rivest in 1990, the abstract length was 128 bits and was sought after by Dobbertin et al`MD4`Hash collision method is deprecated after
MD5	Designed by Rivest in 1991, the abstract length is 128 bits and the strong collision resistance has been breached
SHA-1	Designed by the NATIONAL Security Agency of the United States, published by the National Institute of Standards and Technology as a federal data processing standard, abstract length of 160 bits, strong collision resistance has been breached
SHA-2	Published in 2001 by the National Institute of Standards and Technology (NIST), the successor to SHA-1, the algorithm standards include`SHA-224`,`SHA-256`,`SHA-384`,`SHA-512`,`SHA-512/224`,`SHA-512/256`six
SHA-3	Selected by NIST in 2012`Keccak`Algorithm becomes`SHA-3`And recommend it as`SHA-2`A candidate (not a successor)
RIPEMD	Published in 1996 by the COSIC research Group at the University of Leuven,`RIPEMD`The strong collision resistance has been breached, but`RIPEMD`The improved version`RIPEMD-160`The one-way hash function used in Bitcoin is`RIPEMD-160`

Pseudo-random number generator

An algorithm capable of simulating the generation of a random sequence of numbers, used in key generation, which may be speculated to pose a risk if the algorithm for generating random numbers is not good. It is impossible for a computer to generate a truly “random number”, and a pseudo-random number is only as close to randomness as it should be.

Internal state: when a pseudorandom number needs to be generated, the pseudorandom number generator calculates the value in memory (internal state) to obtain the pseudorandom number. After the generation, the internal state is changed to prepare for the next generation of pseudorandom number. Therefore, the internal state determines the value of the next pseudorandom number.

Seed: A random bit sequence used to initialize the internal state of the pseudorandom number generator, from which you can generate your own random sequence. Pseudorandom number generators are usually public, and the seeds need to be kept secret, which makes the generated pseudorandom numbers harder to predict.

Common algorithms	Introduction to the
Square the middle	In 1946, von neumann proposed the method of generating [0,1] uniformly distributed random numbers, which is easy to realize, but it is biased for small numbers and has poor uniformity. It is difficult to determine the length and period of random sequence and depends greatly on the initial value
Middle method of product	With the improvement of the square center method, the length and uniformity of the pseudo-random sequence are improved, but the length of the sequence is not enough, and the dependence on the initial value is still great
Shifting method	Due to the unique logical shift operation of the computer, the seed N0 can be moved n bits left to get M1, and the seed N0 can be moved n bits right to get M2. The random number can be obtained by logical addition of M1 and M2, which is fast in generation but highly dependent on the initial value
Linear congruence method	It is one of the earliest and most well-known pseudorandom number generation algorithms, which has been widely used, including addition congruence method, multiplication congruence method and mixed congruence method, but the generated pseudorandom number is distributed on a limited number of isometric parallel lines
Matsett rotation algorithm	Pseudo-random number generation algorithm is proposed in 1997, which fixes many defects of the previous random number generation algorithm. At present, it has been widely used in various programming languages and libraries or as the default pseudo-random number generator, such as`python`The random () function

Message authentication code

Also called message authentication code, file message authentication code, message authentication code, information authentication code, MAC for short. It can be used to check whether the contents of a message have been changed during message delivery. It can also be used as a source authentication to confirm the source of the message. In short, it can be used for tamper-proof and authentication.

Is similar to the one-way hash function, the sender, according to the MAC value of arbitrary length message generated with MAC value generated after the message sent to the receiver, the receiver to receive after the MAC and the sender sends the MAC, determine the integrity of the message, but the difference is that the message authentication code of the sender and the receiver USES the Shared secret key to encrypt a message, A one-way hash function does not require a key. The MAC value is generated based on the shared key. The MAC value varies depending on the key of the sender and receiver. Therefore, the IDENTITY of the sender can also be authenticated by comparing the MAC value.

Attack methods: brute force cracking, birthday attack, shared key speculation, replay attack

Unsolvable problem: proof to third parties and prevention of denial

Denial: Because the sender and the receiver share the key, both can generate the correct MAC value of the message. For a third party, it is impossible to confirm whether the message is generated by the sender or the receiver. Therefore, the sender may deny the message after sending the generated message, and the third party cannot authenticate the message.

implementation	introduce
HMAC	A method of constructing a message authentication code using a one-way hash function, any high-strength one-way hash function can be used`HMAC`, such as`SHA-256`Structure of the`HMAC`Is called`HMAC-SHA-256`Which are present in`IPSec`And other network protocols (e.g`SSL`Is widely used in
Block cipher	The key of the block password is used as the shared key of the message authentication code. In CBC mode, all messages are encrypted. In CBC mode, the last component is affected by both the message and the key, so it is used as the MAC value.`AES-CMAC`It’s one of those implementations

A digital signature

Is an equivalent to the real world in stamp, signature functions implemented in the computer world of technology, and message authentication codes are similar, the biggest difference is that the digital signature of the sender and receiver use different keys, in addition to, and message authentication codes can tamper proof, certification can also prevent denial.

The signer encrypts the plaintext to get the abstract through one-way hash function first, and the abstract gets the signature through private key encryption. The signature and plaintext are transmitted. After receiving the signature, the verifier decrypts the signer’s abstract through public key decryption, and then calculates the abstract through one-way hash function. The private key is owned by the signer, but the public key is public because anyone can be a verifier to verify the signature.

Denial prevention: Because the signer and verifier use different keys, the signature of the message must be generated using the signer’s private key. The receiver cannot generate the correct signature of the message because the signer cannot deny the message.

Application: website security information bulletin, downloaded software tamper proof, public key certificate, SSL/TLS, etc.

Attack methods: man-in-the-middle attack, strong anti-collision attack against one-way hash function used, potential forgery, targeted attack against signature algorithm used.

Unsolvable problem: public key validation. The verifier needs to use the public key to verify the signature, but the digital signature itself cannot ensure that the public key comes from the real sender. Therefore, the verifier can use the certificate, which must be issued by a trusted organization. The verifier verifies the validity of the certificate through the certificate chain.

Common algorithms	introduce
RSA	`RSA`It can be used for both asymmetric encryption and digital signature, and needs to be used in conjunction with a one-way hash function, such as`SHA256withRSA`is`SHA256`and`RSA`Matching digital signature implementation
DSA	It can not be used as encryption, but only as digital signature. The digital signature Specification (DSS) formulated by NIST in 1991 is secure based on the difficulty of solving discrete logarithms
ECDSA	use`ECC`Public key algorithm pairs digital signature algorithm`DSA`Analog implementation of digital signature algorithm, used in Bitcoin
RSA-PSS	`RSA`and`PSS`Combined digital signature algorithm,`PSS`Is a fill mode for the private key signature process,`RSA-PSS`The message itself is not signed, but its hash value

certificate

Public Key Certificate (PKC), which records personal information (such as name, organization, email address, etc.) and personal Public keys, is certified by Certification Authority and Certifying Authority. CA) to apply a digital signature.

Digital signatures require a public key to confirm the identity of the sender, but there is no way to confirm that the public key is an untampered public key from the real sender, and a public key certificate can help verify the public key.

For example, A user sends ciphertext to B. B first create A key pair, send your personal information as well as the public key to C certification institutions, certification machine C structure after the authentication information on the formation of A B’s public key and digital signature certificate (digital signature generation requires authentication institutions C its own private key), A certificate was obtained from the certification body in C and verification certificate of legality, after verification by parsing got B’s public key, User A encrypts the message using USER B’s public key and sends it to user B. User B decrypts the message using its private key to complete the communication.

X. 509: Certificates are issued by different certification authorities. To facilitate verification, a specific certificate format is required. Therefore, people develop a standard specification for certificates, and X.509 is the most widely used certificate standard. It was developed by the International Telecommunication Union (ITU) and the International Organization for Standardization (ISO), and has been revised twice since its release. The current version is X.509 V3.

Public key Infrastructure: Is referred to as “PKI, in order to be able to more effective use of public key and formulate a series of the floorboard of the standard and specification, and not refer to a single particular specifications or specifications, the main function is to bind the identity of the certificate holder and related key pair, to provide users with certificate application, certificate revoked, its access to, certificate status query, And use digital certificates and related services (certificate publishing, blacklist publishing, timestamp service, etc.) to realize the identity authentication, integrity, repudiation resistance and confidentiality of each entity in communication.

CRL: certificate invalid list, when a user’s private key is lost, stolen, certification bodies need to invalid certificate, is the CRL certification organization announced invalid certificate list, users need to get the latest CRL from certification bodies and query should be used to verify the signature of public key certificate is invalid, in general, need to the certificate processing software update CRL.

Certificate chain: Except for self-signed certificates, most applied certificates are hierarchical, from bottom to top: user certificate – intermediate certificate – root certificate. Certificates are verified along this chain.

Attack methods: Before the certificate is generated, attack the public key directly, register similar information, steal the private key of an authentication authority, pretend to be an authentication authority, and use the CRL to issue updates.

Block cipher mode

There are two types of cipher algorithms: block cipher and stream cipher. Stream cryptography is a kind of algorithm that continuously processes data stream and maintains internal state during processing. Block ciphers are algorithms that can only process a specific length of data at a time, such as DES, 3DES, and AES.

Because the block cipher can only process data of fixed length, when the data to be encrypted exceeds the block length, the algorithm needs to be iterated to encrypt all the data. The iterative method is called the block cipher mode. The common mode is as follows:

model	advantages	disadvantages
ECB	Simple; Fast; Support parallel encryption and decryption calculation	Repeated permutations in plaintext are reflected in ciphertext; You can delete or replace ciphertext groups to perform operations on plaintext. When decrypting ciphertext containing some bit errors, the corresponding grouping error occurs. Cannot defend against replay attacks
CBC	Repeated permutations of plaintext are not reflected in ciphertext; Support parallel decryption calculation; Can decrypt any ciphertext group	When decrypting the ciphertext containing some error bits, all the bits in the first group and the corresponding bits in the next group will fail. Encryption does not support parallel computing
CFB	No padding required; Support parallel decryption calculation; Can decrypt any ciphertext group	Encryption does not support parallel computing; When decrypting the ciphertext containing some error bits, all the bits in the first group and the corresponding bits in the next group will fail. Cannot defend against replay attacks
OFB	No padding required; Preparation for encryption and decryption can be made in advance; Encryption and decryption use the same structure; When decrypting ciphertext containing some error bits, only the corresponding bits in the plaintext will fail	Does not support parallel computing; When attacking some bits in the reversed ciphertext group, the corresponding bits in the plaintext group will also be reversed
CTR	No padding required; Preparation for encryption and decryption can be made in advance; Encryption and decryption use the same structure; When decrypting the ciphertext containing some error bits, only the corresponding bits in the plaintext will fail. Support parallel encryption and decryption calculation	When an active attacker reverses some bits in the ciphertext group, the corresponding bits in the plaintext group are also reversed

Hybrid cryptosystem

Symmetric encryption has fast encryption speed but cannot resist man-in-the-middle attack. Asymmetric encryption can solve the key distribution problem but has low encryption efficiency. Symmetric encryption and asymmetric encryption can be combined to form a hybrid cryptosystem, which has the advantages of both encryption modes.

Encryption process:

The receiver generates an asymmetric encrypted public and private key pair, and the sender obtains the public key from the receiver.
The sender uses a pseudorandom number generator to generate the session key.
The session key is used to encrypt messages through symmetric encryption to generate ciphertext.
Use the previously agreed asymmetric encryption public key to encrypt the session key.
The encrypted session key is merged with the ciphertext to form ciphertext.

Decryption process:

The recipient receives the combined ciphertext and obtains the session key and message ciphertext.
The session key is decrypted using the asymmetric encryption private key generated before, and the symmetric encryption key is obtained.
Use the symmetric encryption key to decrypt the ciphertext and obtain the message content.

Key agreement

Even if an attacker peeks at the network transmission between the client and the server, the client can still use the “key negotiation mechanism” to negotiate with the server a session key known only by the two for data encryption.

implementation	Introduction to the
DH	Diffie-hellman key negotiation protocol, security based on the complexity of the “discrete logarithm problem”, does not support authentication cannot resist man-in-the-middle attack, can cooperate with signature algorithms such as`RSA`,`DSA`Implementing Identity Authentication
RSA	Mr Into`RSA`Key pair: The party that obtains the public key creates a random session key, encrypts it with the public key, and sends the encryption result to the other party. The other party decrypts it with the private key, and both parties obtain the session key
ECDH	`ECC`and`DH`Combined, the security becomes the complexity of “the discrete logarithm problem of elliptic curve”, which also defends against man-in-the-middle attack

Cryptographic algorithms

The dense series

The State secret algorithm is a series of algorithms formulated by the National Cryptography Administration. Symmetric encryption algorithms include SM1, SM4, SM5, SM6, SM7, SM8, and ZUC. Public key algorithms include SM2, SM9, and abstract algorithms include SM3, among which SM2, SM3, SM4, SM9, and ZUC have disclosed the algorithm details, while the rest have not been disclosed.

algorithm	type	Introduction to the
SM2	The public key algorithm	Based on the`ECC`Implementation is used to replace in China’s commercial cryptography system`RSA`The algorithm, relative to`RSA`Stronger attack resistance, better performance, smaller key at the same strength
SM3	Hash algorithm	Suitable for commercial password applications in the digital signature, message authentication code generation and verification, random number generation, in`SHA-256`Based on the improved implementation of an algorithm, adopted`Merkle-Damgard`structure
SM4	Symmetric encryption algorithm	Wireless LAN standard packet data algorithm, key length and packet length are 128 bits, encryption algorithm and key extension algorithm adopt 32 round nonlinear iteration structure, S box is fixed 8 bits input and 8 bits output

DES

A symmetric encryption algorithm used in the federal information processing standard of the United States in 1977 has been widely used by governments and banks in many countries. With the improvement of computer computing power, now DES has been able to be cracked by violence, strength is not as good as before, now AES has formally replaced DES.

Key: 8 bytes 64 bits, one bit every 7 bits for error checking, so the valid key is 56 bits.

Structure: 16-round loop Feistel network.

Attack methods: Brute force cracking, differential analysis attack (change some of the changes generated by plaintext analysis ciphertext), linear attack (XOR calculation of some corresponding bits of plaintext and ciphertext zeros).

3DES

Because DES has been able to be cracked, in order to increase the strength, DES repeated three times to get a symmetric encryption algorithm. But because the processing speed is not high, the actual use is not much.

AES

AES is a symmetric encryption algorithm. In 1997, NIST publicly raised AES to replace the original DES. After five years of selection, the Rijdael algorithm designed by Belgian cryptographers Joan Daemen and Vincent Rijmen beat others and was selected as AES standard. At present, there is no effective attack algorithm against AES with low complexity.

Key: 128, 192, 256 bits.

Packet: Fixed 128 bits.

Structure: multi-round SPN structure, each round is divided into SubByte, ShiftRow, MixColumn, AddRoundKey steps.

Attack method: Side-channel attack (using the measurement of physical data to infer the possible key).

RSA

RSA is a public key algorithm proposed by Ron Rivest, Adi Shamir and Leonard Adleman from MIT in 1977. It takes advantage of the difficulty of factor decomposition of large integers, and the longer the algorithm key is, the more difficult it is to crack. Currently, the longest RSA key cracked is 768 bits. A 1024 bit key is basically secure, and a 2048 bit key is extremely secure.

Process for generating public and private keys:

N = product of two primes = p, x, and q. For example, p=17, q=19, the actual number of primes to be selected is large, N=17 x 19 = 323.
L = least common multiple of p-1 and Q-1 = LCM (P-1, Q-1) = LCM (17-1, 19-1) = 144.
Select a number that is mutually compatible with L as E, that is, the greatest common divisor of E and L is 1. For example, select the number 5 as mutually compatible with E, 5 and 144, and E and N form the public key.
Select the number D. D must meet the following requirements: E x D mod L = 1, that is, 5 x D mod 144 = 1. D can be 29.

Encryption formula: Ciphertext = plaintext EmodN Ciphertext = plaintext ^E\mod\N Ciphertext = plaintext EmodN

Decryption formula: Plaintext = ciphertext DmodN Plaintext = ciphertext ^D\mod\N Plaintext = ciphertext DmodN

Attack methods: Brute force cracking, man-in-the-middle attack, and selective ciphertext attack.

ECC

Elliptic encryption algorithm is a public key algorithm, which was first proposed by Koblitz and Miller in 1985. Based on the problem of calculating discrete logarithms on elliptic curves, it is difficult to calculate discrete logarithms on Abelian additive groups by using rational points on elliptic curves.

Compared with RSA, RSA has the advantages of shorter key length, faster encryption speed, higher decryption difficulty, and stronger anti-attack. ECDH is a key negotiation protocol based on ECC and DH. ECDSA is a digital signature algorithm based on ECC and DSA.

Attack methods: Pohlig-Hellman attack, Pollard Rho attack, and man-in-the-middle attack.

Cryptography in Android

Lock screen

At present, Android lock screen unlocking methods mainly include digital password, gesture password, face recognition, iris recognition, fingerprint and so on, among which digital password and gesture password are relatively simple and do not need to be realized by the hardware layer. Here is only the password technology used in these two unlocking methods (based on Android 5.1 version, I am currently reading the source code of Android 11.0, if the implementation is different, I will update later) :

Digit password: Enter the device information as the salt value. Add the salt value to the digit password to form the salt password. The encryption value = MD5(password with salt).tohex () + SHA

– 1 (salt password). ToHex (), and then the encrypted value stored in the database (database file is “/ data/system/locksettings. Db”), USES the MD5 and SHA – 1 two hash algorithm.

Gesture password: The gesture password is converted into the corresponding byte array, encrypted using the SHA-1 hash algorithm and stored.

The signature

APK needs to be signed before it can be installed. The signature is for security purposes, preventing malicious hackers from decompilating and reinstalling the APK. An application can be signed by a third party (OEM, carrier, or other application market), or can be signed by itself. Android provides the function of signing code with a self-signed certificate. Apksigner in SDK is an APK signature and verification tool officially provided by Google. Currently, it supports v1, V2, V3 and V4 signature schemes:

Signature scheme	The introduction of version	Introduction to the
v1	From the beginning	Based on JAR signatures, some parts of APK, such as ZIP metadata, are not protected, resulting in security risks. All compressed entries must be decompressed during APK authentication, resulting in low performance
v2	The Android 7.0	A full-file signature scheme that signs the entire APK and discovers all changes made to the protected part of the APK, providing higher security and faster verification. APK signatures are stored in APK signature blocks
v3	Android 9	Key rotation was added to enable applications to change their signing keys during APK updates
v4	Android 11	Supports streaming compatible signature schemes based on Merkle hash trees computed from all bytes of APK

HTTPS

It is extremely insecure to directly use HTTP to request applications and servers. The plaintext of the request may be directly seen, or the request may be impersonated or tampered with. Therefore, HTTPS is recommended.

To prevent HTTPS requests from being captured, you can further improve security by setting an agentless mode, enhancing local certificate verification, SSL Pinning certificate locking, and TLS two-way authentication. For details, see the article HTTPS reverse on Android.

Reference and citation

Illustrated Cryptography by Jie Chenghao
Steganography Summary -CTF guidelines
A (relatively easy to understand) primer on elliptic curve cryptography
Types of Encryption: What to Know About Symmetric vs Asymmetric Encryption
Asymmetric encryption and hybrid cryptosystem
Key exchange (key negotiation) algorithm and its principle
Brief analysis of ECC attack method pohlig-Hellman