What are some aspects of cryptography security? Please help!

This question is too broad a design area! I just get some skinny! Hope this helps 2.1 Symmetric Cryptography Symmetric cryptography is also called single-key or conventional cryptography, and it includes two important branches, group cryptography and stream cryptography. Before the emergence of public key cryptography, it is the only type of encryption.2.1.1 FundamentalsNot long ago, the United States computer security experts put forward a new security framework, in addition to confidentiality, integrity, availability, authenticity, and added utility and possession, which is believed to explain a variety of network security issues. Utility refers to the information encryption key can not be lost (not leakage), the loss of the key of the information is also lost the utility of the information, become garbage. Possessiveness means that information carriers such as nodes and disks that store information are not stolen, i.e., the right to occupy the information cannot be lost. Methods to protect the possessiveness of information are using copyrights, patents, trade secrecy, providing physical and logical methods of access restriction; maintaining and checking audit logs about stolen files, using labels, etc. For the analyst, it is possible to obtain the encryption and decryption algorithms and the ciphertext C over the unsecured channel, but what is not available is the key K transmitted over the secure channel.In this way, the symmetric cipher must fulfill the following requirements: ● The algorithm must be strong enough. That is, it is not feasible to compute the key or the plaintext from an intercepted ciphertext or when some known plaintext-ciphertext pair. ● Secrecy that does not depend on the algorithm, but on the key. This is the well-known Kerckhoff principle. ● The key space has to be large enough and the encryption and decryption algorithms applicable to all elements of the key space. This is also a condition that must be fulfilled by asymmetric cryptography. In addition to this, in practice, the sender and receiver must ensure that a copy of the key is obtained in a secure way.2.1.2 BlockCipher A BlockCipher is a plaintext block cipher that is used as a whole to produce a ciphertext block cipher of equal length, usually using a block size of 64bit. Many of the packet encryption algorithms currently in use are based almost exclusively on the Feistel packet cipher structure.2.1.2.1 Fundamentals Diffusion and Confusion are terms introduced by Shannon to describe the two basic building blocks of an arbitrary cryptosystem. These two methods are designed to thwart codebreaking based on statistical analysis. Diffusion, is the diffusion of the statistical structure of the plaintext to disappear into the long-range statistical properties of the ciphertext. This is done by having each digit of the plaintext affect the values of many ciphertext digits, that is, each ciphertext digit is affected by many plaintext digits. The result is that the frequency of occurrence of various letters is closer to the average in ciphertext than in plaintext; the frequency of occurrence of two-letter combinations is also closer to the average. All grouping ciphers contain a transformation from plaintext grouping to ciphertext grouping, which depends on the key. The diffusion mechanism makes the statistical relationship between plaintext and ciphertext as complex as possible in order to thwart attempts to infer the key. Scrambling attempts to make the relationship between the statistical properties of the ciphertext and the values taken by the encryption key as complex as possible, again to thwart attempts to discover the key. In this way, even if the attacker has certain statistical properties of the ciphertext, it is difficult for the attacker to infer the key from it due to the complexity of the way the key produces the ciphertext. To accomplish this, a complex alternative algorithm can be used, whereas a simple linear function would not play much of a role.2.1.2.2 Common Packet Encryption Algorithms This section describes the classic "DataEncryptionStandard" (DES) and the "DataEncryptionStandard" (DES), which abandons the Feistel network structure of the "Advanced Encryption Algorithm" (AES), as well as a brief introduction to other common packet encryption algorithms.1. DataEncryptionStandardDESOnMay15,1973,theNationalBureauOfStandard (now the the U.S. National Institute of Standards and Technology - NIST) published a notice in the Federal Record (Federal Register) soliciting cryptographic algorithms to protect data during transmission and storage.IBM submitted a candidate algorithm, which was developed in-house by IBM, called LUCIFER. After completing an evaluation of the algorithm with the assistance of the NSA (NationalSecurityAgency), on July 15, 1977, the NBS adopted a modified version of the LUCIFER algorithm as the data encryption standard, DES.In 1994, NIST extended the federal government's use of DES by five years, and also recommended that DES be used for applications other than the protection of government or military classified information.DES is an algorithm for encrypting binary data by dividing plaintext messages into 64bit (8B) groups for encryption. The ciphertext groups are also 64bit in length, with no data extensions.DES uses a "key" for encryption, which is 8B (or 64bit) in length from a symbolic point of view. However, for some reason, every 8th bit is ignored in the DES algorithm, which results in the actual size of the key being 56 bits.The entire system of DES is public, and the security of the system is completely dependent on the secrecy of the key.The DES algorithm consists of an initial permutation p, a product transform of 16 iterations, an inverse initial permutation ip-1, and 16 key generators. In the left part of the general description of the DES encryption algorithm, it can be seen that the processing of the plaintext goes through three stages: in the first stage, the 64bit plaintext undergoes an initial substitution Ⅲ and then the bits are rearranged to produce the output after the substitution. The second stage, consists of 16 loops of the same function, which itself has both substitution and replacement. The output of the last loop (the 16th) consists of 64 bits whose left and right parts of the output are swapped to give the pre-output. Finally, in the third stage, the pre-output generates a 64bit ciphertext by inverse initial substitution ip-l. In addition to the initial substitution and the inverse initial substitution, DES has a strict Feistel cipher structure. the way the 56bit key is used. The key is first passed through a substitution function, followed by a combination of a cyclic left-shift operation and a substitution operation to produce a subkey KI in each of the 16 loops.The substitution function is the same for each loop, but the subkeys are not the same due to the repetitive shifting of the key bits.DES decryption and encryption use the same algorithms except that the order in which the subkeys are used is reversed.DES has avalanche cipher. DES has an avalanche effect: a change of lbit in the plaintext or key causes a change of many bits in the ciphertext. If the change in the ciphertext is too small, it is possible to find a way to reduce the plaintext and key space to be searched. When the key is unchanged and the plaintext produces an lbit change, after 3 cycles the two groupings are 21 bits different, while after the whole encryption process the two ciphertexts are different in 34 positions. As a comparison, when the plaintext remains unchanged and the key undergoes an lbit change, about half of the Bits in the ciphertext are different. Therefore, DES has a strong avalanche effect, which is a very nice feature.The strength of DES depends on the algorithm itself and the 56bit key it uses. An attack that exploits the characteristics of the DES algorithm makes it possible to analyze the cipher. Over the years, DES has gone through numerous attempts to find and exploit weaknesses in the algorithm, becoming the most studied cryptographic algorithm today. Even so, no one has publicly claimed to have successfully discovered DES's Achilles' heel. The key length, however, is a more serious problem: DES has a key space of 256, and assuming that only half of the key space needs to be searched, it would take 1,000 years for a machine that encrypts DES once in 1us to decipher a DES key. The truth is not so optimistic, as early as 1977, Diffie and Hellman envisioned a technology that could create a parallel machine with one million encryption devices, each of which could complete an encryption in less than 1lls. This reduced the average search time to lOh. In 1977, the two authors estimated that such a machine would be worth about $20 million at the time. By July 1998, the EFF (Electronic Frontier Foundation) announced that it had broken the DES algorithm, using a special "DES Breaker" that cost less than a quarter of a million dollars and took less than three days to attack. In the case of known ciphertext/plaintext pairs, a key search attack simply searches for all possible keys; if there are no known ciphertext/plaintext pairs, the attacker must identify the plaintext himself. This is a rather difficult task. If the message is written in plain English, a program can be used to automate the recognition of the English. If the plaintext message was compressed before being encrypted, then identification is even more difficult. If the message is of some more general type, such as a binary file, then the problem is even more difficult to automate. Therefore, the exhaustive search also requires some auxiliary information, which includes some degree of knowledge of the expected plaintext and some means of automatically distinguishing plaintext from garbled code.2. Triple DES Triple-DES is an alternative encryption algorithm proposed after it was discovered that DES keys were too short and vulnerable to brute-force attacks. Originally proposed by Tuchman, Triple-DES was first standardized for financial applications in the 1985 ASNI Standard X9.17. In 1999, Triple DES was merged into the Data Encryption Standard. Triple DES uses 3 keys and performs the DES algorithm 3 times as shown in the animation below. The encryption process is Encryption One Decryption One Encryption (EDE), which can be expressed as the following equation: C = EK3 (DK2 (EK1 (M))) The same operation is performed in the reverse order of the keys when decrypting, which is expressed as follows: M = DK1 (EK2 (DK3 (C))) where C denotes ciphertext, M denotes plaintext, EK(X) denotes the encryption of X using the key K, and DK(X) denotes the decryption of X using the key K to decrypt X. In order to avoid the disadvantage of long key (56X3 = 168bit) brought by three-stage encryption using three keys for triple DES, Tuchman proposed a triple encryption method using two keys, which only requires a 112bit key, i.e., such that it is K1 = K3: C = EK1(DK2(EK1(M)) The decryption of the second stage of the triple DES does not have a cryptographic cryptographic significance. Its only advantage is that it is possible to decrypt the data encrypted by the original single DES encryption using triple DES, i.e., K1=K2=K3. C = EK1(DKl(EKl(M))) = EKl(M) This answer is referenced in: /dispbbs.asp?boardID=65&ID=69204