We in the last article “detailed analysis of DES series of encryption technology (a)” mentioned that DES was cracked in January 1999, and there are analysis reports put forward DES algorithm in the theoretical existence of some vulnerabilities, in addition, in 2001,DES as a standard has been replaced. Once a encryption technology is cracked, so, is replaced is inevitable, for DES, who is to replace him? Today we are going to discuss the descendants of DES, namely 3DES and AES.
3 DES (triple DES) to increase the strength of the DES, the DES repeat 3 times of a cryptographic algorithm, also known as TDEA (TripleDataEncryptionAlgorithm), abbreviated as 3 DES, the process as shown in the figure below:
Although 3DES repeats DES for three times, it can be seen from the figure above that 3DES does not encrypt DES for three times (encryption-encryption-encryption), but encryption-decryption-encryption. This is designed by IMB to be compatible with ordinary DES. For example,3DES is equivalent to ordinary DES when the three keys of 3DES are the same. That is, 3DES has backward compatibility.
In our last blog post on DES, we said that the encryption and decryption processes in DES only change the order of the subkeys, but are actually treated the same. So, if all keys use the same sequence of bits, the result is equivalent to ordinary DES.
If key 1 and key 3 use the same key, and key 2 uses a different key (i.e. only two DES keys are used), the triple DES is called des-ede2.EDE stands for Encryption — Decryption — Encryp Tion), as shown in the figure below:
Javapackage org. Shangzeng. Cipher;
import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
public class ThreeDESTest {
public static void main(String[] args) throws IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException {
String content="Hello,ThreeDES Test!";
String key="shangzengxueyuan2018";
byte[] encryptResult=encryThreeDES(content,key);
String result=convertByteToHexString(encryptResult);
System.out.println("After 3DES is encrypted :"+result);
byte[] decryptResult=decryptThreeDES(encryptResult,key);
System.out.println("3DES decrypted content is :"+new String(decryptResult)); } /*** * convert byte array to hexadecimal output */ public static String convertByteToHexString(byte[] byteArray){String result="";
for (int i = 0; i < byteArray.length; i++) {
int temp=byteArray[i]& 0xff;
String tempHex= Integer.toHexString(temp);
if(tempHex.length()<2){
result+="0"+tempHex;
}else{ result+=tempHex; }}returnresult; } public static byte[] get3DESKey(String pass){ byte[] key=new byte[24]; // The key in 3DES is 24 byte[] temp; try { temp=pass.getBytes("UTF-8"); // Convert a string to a byte arrayifArraycopy (temp,0,key,0,temp.length) {// If temp is less than 24 bits, copy the entire length of the temp array into the key array. }elseSystem. arrayCopy (temp,0,key,0,key.length); } } catch (UnsupportedEncodingException e) { e.printStackTrace(); }return key;
}
private static final String ALGORITHM="DESede";
public static byte[] encryThreeDES(String message,String key) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
return threeDES(message.getBytes(),key,Cipher.ENCRYPT_MODE);
}
public static byte[] decryptThreeDES(byte[] contentArray,String key) throws IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException {
return threeDES(contentArray,key,Cipher.DECRYPT_MODE);
}
private static byte[] threeDES(byte[] contentArray,String key,int mode) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
SecretKey desKey=new SecretKeySpec(get3DESKey(key), ALGORITHM);
Cipher cipher= null;
cipher = Cipher.getInstance(ALGORITHM);
cipher.init(mode,desKey);
returncipher.doFinal(contentArray); }}Copy the code3DES is more secure than DES, but its processing speed is not high. So it is rarely used for new purposes, except in cases where downward compatibility is particularly important. Let’s talk about AES.
Is the advanced encryption standard (AES (AdvancedEncryptionStandard), he is a new standard to replace DES as a symmetric encryption algorithm. We found here, AES and DES, only encryption standard, and is not responsible for the concrete encryption algorithm, DES are implemented by Feistel, while the implementation of AES, by NIST (NationalInstituteofStandardsandTechnology, national standard technology research Organize a public campaign to run a campaign. The cryptography algorithm chosen by the institute will become the national standard in the United States, known as FIPS in our last article. Because the condition of the election was that the encryption algorithm chosen AES must be unconditionally and freely available to the world, SO AES is an American standard, but also like DES, has become a global standard.
Participants in the AES campaign must also submit detailed specifications of the cryptographic algorithm, implementation code written in ANSIC and Java, and an assessment of cryptographic strength. Therefore, the cryptographic algorithms submitted by participants must ensure high strength while fully exposing the detailed design and program code, thus eliminating covert security.
The AES campaign was organized by NIST, but the algorithms were not reviewed by NIST. The review was done by corporations and cryptographers around the world. So participants will try to find weaknesses in other cryptography algorithms from all angles and prove them to other participants. This approach is to standardize through competition.
As mentioned above, although 3DES is better than DES in terms of security, its processing speed is not high. Therefore, we have to think about implementation of AES algorithm processing speed, in addition, the algorithm itself if there is a weakness, ease of implementation, the key to speed, whether in a variety of platforms, such as smart CARDS, low performance such as 8-bit CPU platform and high-performance platform, such as working effectively, these are all need to consider the scope of the AES selection of participants.
From 1997,NIST began to collect, and in 1999, 5 algorithms out of 15 were shortlisted. Finally, on October 2, 2000,Rijndael beat the others and was selected by NIST as AES standard. Rijndael is a block cipher algorithm designed by Belgian cryptographers JoanDaemen and vini rijmen. It is not known if Rijndal is related to the names of the two cryptographers.
Rijndael encryption and decryption:
First, the packet length and key length of Rijndael can be selected in 32bit units from 128bit to 256bit. However, in the specification of AES, the packet length is fixed at 128bit, and the key length is only 128,192 and 256.
Like DES,Rijndael algorithm is composed of multiple rounds, but DES uses Feistel network as its basic structure, while Rijndael uses SPN structure. The encryption and decryption process of one unit is shown in the figure below:
From the figure above, we know that Rijndael’s unit input groups are 128 bits, or 16 bytes. The 16 bytes need to be SubBytes first. SubBytes processing can be simply understood as each input byte value has its corresponding value in another replacement table, and then one by one is replaced according to this corresponding relationship. As shown below:
Because all bits entered in Rijndael are encrypted in one round, the number of rounds required for encryption is reduced compared to Feistel networks. And all four can be done in parallel. As for the decryption process, except that the AddRoundKey in the last step is the same as that in encryption, the other three processes are the reverse operation corresponding to the original step. Here is a Java implementation of AES:
Additional code 2. Javapackage org. Shangzeng. Testsignature;
import javax.crypto.*;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
public class AESTest {
private static String convertByteToHexString(byte[] byteArray){
String result="";
for (int i = 0; i < byteArray.length; i++) {
int temp=byteArray[i]& 0xff;
String tempHex= Integer.toHexString(temp);
if(tempHex.length()<2){
result+="0"+tempHex;
}else{ result+=tempHex; }}return result;
}
static final String ALGORITHM="AES";
static SecretKey secretKey=null;
public static SecretKey generateKey() throws NoSuchAlgorithmException {
if(null==secretKey){
KeyGenerator keyGenerator=KeyGenerator.getInstance(ALGORITHM);
SecureRandom secureRandom=new SecureRandom();
keyGenerator.init(secureRandom);
secretKey=keyGenerator.generateKey();
}
return secretKey;
}
public static byte[] encrypt(String content) throws NoSuchAlgorithmException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchPaddingException {
SecretKey secretKey=generateKey();
return aes(Cipher.ENCRYPT_MODE,secretKey,content.getBytes(Charset.forName("UTF-8")));
}
public static String decrypt(byte[] contentArray) throws NoSuchAlgorithmException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchPaddingException, UnsupportedEncodingException {
SecretKey secretKey=generateKey();
byte[] resultByte= aes(Cipher.DECRYPT_MODE,secretKey,contentArray);
return new String(resultByte,"UTF-8");
}
private static byte[] aes(int mode,Key key,byte[] contentArray) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
Cipher cipher=Cipher.getInstance(ALGORITHM);
cipher.init(mode,key);
byte[] result=cipher.doFinal(contentArray);
return result;
}
public static void main(String[] args) throws InvalidKeyException, BadPaddingException, NoSuchAlgorithmException, IllegalBlockSizeException, NoSuchPaddingException, UnsupportedEncodingException {
String content="Hello, I'm Mr. Jacob from Entropy College.";
byte[] encryptResult=encrypt(content);
String resultByHex=convertByteToHexString(encryptResult);
String resultByUnicode=new String(encryptResult,"UTF-8");
System.out.println("The encrypted result is expressed in hexadecimal :"+resultByHex+"\n The encrypted result is converted to a string :"+resultByUnicode);
String decryptResult=decrypt(encryptResult);
System.out.println("The decrypted result is :"+decryptResult); }}Copy the codeFor Rijndael, because it has a very rigorous mathematical structure, that is, the calculation process from clear to cipher can all use formula to express, this is the nature of what other algorithm does not have before, so, the rigorous mathematical structure this property means that Rijndael can crack through the mathematics method, of course this is only one Assumption. At present, there is no effective attack against Rijndael, so AES based on Rijndael is relatively secure.