1 Background Introduction With the rapid development of communication networks, especially the Internet, the use of networks as information exchange and information processing has become more and more common, and the traditional business and business operation modes of society have been hit by unprecedented impact. At present, both the national government and enterprises are integrating into this network revolution, from its original traditional business model to the network model. Future e-government, e-commerce, and e-business will become an irreversible development trend. In the growing number of online activities, people are increasingly concerned about the issue of information security. This is concentrated in:
(1) Network identity authentication - confirming the true identity of network clients (2) confidentiality of information and data - personal or system confidential information and data protection (3) information and data integrity - preventing illegal data modification (4) Non-repudiation - non-repudiation of the behavior of the network environment (digital signature)
The core technology in information security is cryptography, which can be basically divided into serial ciphers, symmetric ciphers (also known as block ciphers), and asymmetric ciphers (also known as public key ciphers).
Asymmetric cryptographic algorithms are at the heart of supporting the four key aspects of the above. More and more popular is the solution based on the PKI system model. In the PKI system model, the client needs a better personal information security carrier, smart card or smart cipher key will be an ideal way, all must support public key algorithm, and ECC is most suitable for use in this resource is restricted In the client product.
2 elliptic curve cryptography algorithm ECC
Since the advent of public key cryptography, scholars have proposed a variety of public key cryptography methods, their security is based on complex mathematical problems. According to the mathematical problems based on classification, the following three types of systems are currently considered to be safe and effective: (1) large integer factorization system (representative with RSA), (2) finite field (a type of mathematics) Algebraic structure) Discrete logarithmic system (representative DSA), (3) Finite-domain elliptic curve discrete logarithm system (ECC). The most famous and widely used public key system RSA is proposed by Rivet, Shamir, Adelman (referred to as RSA system), its security is based on the difficulty of large integer factor factorization, and the large integer factorization problem is There are no effective methods to solve the famous problems in mathematics, so the security of the RSA algorithm can be ensured. The RSA system is the most typical method for public key systems. Most products and standards that use public key cryptography for encryption and digital signature use the RSA algorithm. The advantages of the RSA method are mainly that the principle is simple and easy to use. However, with the advancement and improvement of the method of decomposing large integers, the improvement of computer speed, and the development of computer networks (which can use thousands of machines to simultaneously perform large integer decomposition), the large integer requirement for RSA encryption and decryption security is increasing. The bigger. In order to ensure the security of RSA, the number of keys of the key has been increasing. For example, it is generally considered that RSA needs more than 1024 characters to have security. However, the increase in the length of the key causes the speed of encryption and decryption to be greatly reduced, and the hardware implementation becomes more and more unbearable, which imposes a heavy burden on the application using RSA, and the electronic for a large number of secure transactions. This is especially true for business, which makes its scope of application increasingly restricted. DSA (Data Signature Algorithm) is a digital signature standard based on the finite field discrete logarithm problem. It only provides digital signature and does not provide data encryption. The public key system Elliptic Curve Cryptography (ECC) with higher security and better algorithm performance is based on the difficulty of discrete logarithm calculation of elliptic curves over finite fields. Human studies have elliptical curves for more than a century, but the real application of them to cryptography was proposed in 1985 by Koblitz (University of Washington, USA) and Miller (IBM). Define the point (x, y) on the elliptic curve (y2=x3+ax+b) of the finite field (Fp or F(2m)), plus the infinite point O, as calculated by a certain rule For multiplication) will form a group (an algebraic structure in mathematics). Elliptic curve multiplication groups on finite fields also have corresponding discrete logarithm computational difficulty problems. Therefore, many public cryptosystems have been developed based on this problem, such as ECES, ECDSA, such as ELGamal, DSA and other cryptosystems.
3 Elliptic Curve Encryption Algorithm ECC Advantages The elliptic curve encryption algorithm ECC has many technical advantages compared to the RSA method:
â— Security performance The security performance of the encryption algorithm is generally reflected by the attack strength of the algorithm. Compared with several other public key systems, ECC has an absolute advantage in its anti-attack. The discrete logarithm computational difficulty (ECDLP) of elliptic curves is currently fully exponential in terms of computational complexity, while RSA is sub-exponential. This shows that ECC has higher security performance per bit than RSA.
â— The calculation amount is small and the processing speed is fast under certain conditions of the same computing resources, although in the RSA, the public key processing speed can be improved by selecting a smaller public key (which can be as small as 3), that is, the encryption and signature verification are improved. The speed makes it comparable to ECC in terms of encryption and signature verification speed, but at the processing speed of private keys (decryption and signature), ECC is much faster than RSA and DSA. Therefore, the total speed of ECC is much faster than RSA and DSA. At the same time, the key generation speed of the ECC system is more than 100 times faster than the RSA. Therefore, under the same conditions, ECC has higher encryption performance.
â— The key size and system parameters of the storage space occupying small ECC are much smaller than those of RSA and DSA. The 160-bit ECC has the same security strength as the 1024-bit RSA and DSA. The 210-bit ECC has the same security strength as the 2048bit RSA and DSA. It means that it takes up much less storage space. This is especially important for the application of encryption algorithms in resource-constrained environments such as smart cards.
â— Low bandwidth requirements When encrypting and decrypting long messages, the three types of cryptosystems have the same bandwidth requirements, but the ECC bandwidth requirements are much lower when applied to short messages. Public key cryptosystems are mostly used for short messages, such as for digital signatures and for session key delivery to symmetric systems. Low bandwidth requirements make ECC have broad application prospects in the field of wireless networks.
4 Elliptic Curve Encryption Algorithm ECC's related standards ECC's features make it a replacement for RSA in some areas (such as PDAs, mobile phones, smart cards) and become a universal public key encryption algorithm. Many international standardization organizations (government, industry, finance, business, etc.) have issued various elliptic curve cryptosystems as their standardization documents worldwide. The ECC standard can be roughly divided into two forms: one is the technical standard, which describes the ECC system based on technical support, mainly IEEEP1363, ANSI X9.62, ANSI X9.63, SEC1, SEC2, FIP 186-2, ISO/IEC 14888-3. The selection of various parameters of ECC is standardized, and a set of ECC parameters under various levels of safety strength are given. The other type is the application standard, that is, it is recommended to use ECC technology in specific application environments, mainly including ISO/IEC 15946, IETF PKIX, IETF TLS, WAP WTLS, and so on. At the same time of standardization, some software and hardware based on standard (or draft) elliptic curve encryption, signature, and key exchange have also been introduced. RSA Data Security announced the cryptographic engine toolkit BSAFE 4.0 containing ECC in 1997. The security company and industry association led by Certicom of Canada also developed and produced a cryptographic product with elliptic curve cryptography as the core. The reward challenge for discrete logarithmic attacks on elliptic curves under various safety conditions. It is believed that the application of ECC technology in the field of information security will become wider and wider.
5 smart card SmartC-PK (ECC) with ECC algorithm
Shenzhen Minghua Aohan Technology Co., Ltd. is a high-tech enterprise specializing in the development and operation of smart card technology and information security technology products. The company has a large domestic smart card production base, the largest smart card market promotion, sales and service network in China, and the strongest smart card security technology research and development institution in China. The smart card operating system SmartCOS developed by Minghua has been certified by the National Password Management Committee, the People's Bank of China, various government departments, and many large commercial organizations at home and abroad. Hainan Xinan Data System Co., Ltd. is a professional company specializing in elliptic curve algorithm ECC. The two companies jointly developed the first smart card SmartCOS-PK (ECC) with elliptic curve algorithm in China. With the rapid development of e-government and e-commerce, based on the SmartCOS-PK version that supports the RSA public key algorithm, SmartCOS-PK (ECC) with 160bit/192bit ECC algorithm is developed and supports 256bit. The ECC will also be launched at the end of 2001. At the same time, it also provides a system back-end ECC encryption support library to provide the system's ECC application solution. Minghua-Xin'an is the first company in China to launch a smart card with ECC algorithm, which has taken a leading position in the domestic smart card security technology field, and has surpassed the international advanced level in some technologies, reflecting the leap-forward development of national science and technology. Strategy and breakthrough contribution to national scientific and technological progress.
Sweet Orange Oil,Avocado Oil,Rose Hip Oil,Berries Essential Oil
Ji'An ZhongXiang Natural Plants Co.,Ltd. , http://www.zxessentialoil.com