深度优先(1): Exploring Elliptic Curve Cryptography
下一篇:深度优先(2)Exploring zk-SNARKs
代数基础
需要熟练群、环、域的概念,抽象代数里面四大代数结构群、环、域、模,除了模没上,其他几个都上了。
- 有限域,GF(p)=\(F^*_p\)=Z/pZ,素数p,关于模p的加法构成了交换群,关于模p的乘法构成了循环群。
- ***** Groups, Rings and Fields A brief introduction to algebra
- Finite field
- 有限域上的多项式乘法算法(O(nlog(n)):https://www.texmacs.org/joris/ffnlogn/ffnlogn.html
素数基础
需要理解模运算、以及模运算上定义的群、费马小定理、欧拉函数、欧拉定理、扩展欧几里得算法。
- Greatest common divisor(GCD)
- What is modular arithmetic?
- Fermat's little theorem
- 欧拉定理 (数论)
- 扩展欧几里得算法
- Primitive root modulo n
随机数
- Why secure systems require random numbers
- ***** Ensuring Randomness with Linux's Random Number Generator
- Pseudo random number generator(PRNG)
经典对称加密
//
//
//
//
- Data Encryption Standard(DES)
- Advanced Encryption Standard(AES)
- Vincent_Rijmen
- Substitution–permutation network, SP-network
- Steps:
- SubBytes
- ShiftRows
- MixColumns
- AddRoundKey
- understanding-how-aes-encryption-works
- Block cipher mode of operation
- Electronic Codebook (ECB)
- Cipher Block Chaining (CBC)
- Cipher Feedback (CFB)
- Output Feedback (OFB)
- Counter (CTR)
//
- Message authentication codes, MAC(key,message)
- 不同类型MAC
- hash algorithm based: HMAC, KMAC,
- symmetric ciphers based: CMAC, GMAC, Poly1305,
- universal hashing based: UMAC
- high-performance block cipher-based MAC: VMAC
- SipHash (simple, fast, secure MAC).
- 缺陷
- 由于只有参与方有密钥,不能向第3方证明
- 由于参与方都有密钥,可以被抵赖
- Deniable authentication
- 不同类型MAC
- key derivation functions, KDF
- 从密码生成对应的密钥,再用密钥做MAC
- PBKDF2
- Modern KDFs: Bcrypt, Scrypt and Argon2
- HMAC是简单对消息和key做Hash, 而KDF一般会内部做多次HMAC,例如PBKDF2。更强的KDF,像Bcrypt, Scrypt ,Argon2 除了做多次HMAC,还会大量消耗CPU、内存,从而增加被暴力破解的难度。
- Authenticated Encryption
- Encrypt-and-MAC
- MAC-then-Encrypt
- 2 Factor Authentication (2FA)
- 3 authentication factors: What you known, What you have, What you are...
- 2fa-a-programmers-perspective
- 双因子认证就是除了密码验证外再加上只有用户持有的东西的一个认证,微信扫描,Google设备认证等都算。更强的是3因子认证,就是再加上用户的指纹,人脸识别认证等,像银行客户端会要求你认脸识别,支付宝也有。
经典非对称加密
需要理解非对称加密算法RSA、Deffie-Hellman密钥交换算法。
- RSA安全的基础是大素数分解的难度。
- Deffie-Hellman密钥交换算法安全的基础是有限域上素数循环群上离散对数问题的单向性。
- Understanding Cryptography
- ***** RSA算法原理(一)
- ***** RSA算法原理(二)
- RSA加密算法
- ***** wiki: Deffie-Hellman key exchange
- wiki: NIST Digital Signature Algorithm(NIST DSA)
- Trapdoor function
//
- SSL/TSL
椭圆曲线加密
- A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
- crypto.stanford.edu: Elliptic Curves
- Joseph H. Silverman,Brown
- ***** Elliptic Curve Cryptography
- AN ELEMENTARY PROOF OF THE GROUP LAW FOR ELLIPTIC CURVES
椭圆曲线加密的配对(Pair)
- Exploring Elliptic Curve Pairings
- Pairings for beginners by Craig Costello
- Bilinear Pairings in Cryptography
- Pairing based cryptography
完整的书
- Elliptic Curves Number Theory and Cryptography
- An Introduction to Mathematical Cryptography
- Guide to Elliptic Curve Cryptography
- A Coder’s Guide to Elliptic Curve Cryptography
- Practical Cryptography for Developers
