区块链加密不对称怎么办,区块链加密不对称怎么解决
随着区块链技术的发展,加密不对称怎么办也受到越来越多的关注。本文将从以下三个关键词出发,介绍区块链加密不对称怎么解决的问题:数字签名、公钥加密和密钥交换。
数字签名是一种使用密钥的算法,用于对数据进行签名,以确认数据的完整性和可靠性。数字签名的主要目的是验证发送方的身份,以及确保接收方收到的数据是发送方发出的,且没有被篡改。数字签名的实现需要使用密钥,其中一把密钥用于签名,另一把密钥用于验证签名。在加密不对称的情况下,数字签名可以用来确保发送方的身份,以及确保发送方发出的数据没有被篡改。
公钥加密是一种使用密钥的加密方法,它使用一把公开的密钥来加密数据,并使用另一把私有的密钥来解密数据。公钥加密的目的是保护数据的安全性,确保只有拥有私有密钥的接收方才能解密数据。在加密不对称的情况下,公钥加密可以用来保护数据的安全性,以及确保只有拥有私有密钥的接收方才能解密数据。
密钥交换是一种使用密钥的算法,它可以用来在两个实体间安全地交换密钥,以便实现双方的加密通信。密钥交换的主要目的是确保双方能够安全地交换密钥,以便实现双方的加密通信。在加密不对称的情况下,密钥交换可以用来确保双方能够安全地交换密钥,以便实现双方的加密通信。
以上就是本文介绍的区块链加密不对称怎么解决的三个关键词:数字签名、公钥加密和密钥交换。这些关键词可以帮助我们更好地理解如何解决加密不对称的问题,从而实现安全的数据传输和通信。
请查看相关英文文档
『一』What is blockchain technology
Blockchain is a new application model of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. The so-called consensus mechanism is a mathematical algorithm that establishes trust and obtains rights and interests between different nodes in the blockchain system
Blockchain is an important concept of Bitcoin. It is essentially a decentralized database. , and as the underlying technology of Bitcoin. The blockchain is a series of data blocks generated using cryptographic methods. Each data block contains information about a Bitcoin network transaction and is used to verify the validity of its information (anti-counterfeiting) and generate the next block.
In a narrow sense, blockchain is a chain data structure that combines data blocks in a sequential manner in chronological order, and is distributed cryptographically to ensure that it cannot be tampered with or forged. Account book.
Broadly speaking, blockchain technology uses block chain data structures to verify and store data, uses distributed node consensus algorithms to generate and update data, and uses cryptography to ensure the security of data transmission and access. A new distributed infrastructure and computing method that uses smart contracts composed of automated script codes to program and operate data
『二』What does asymmetric encryption algorithm mean
asymmetric encoding algorithm
Asymmetric encryption algorithm requires two keys: public key and private key. The public key and the private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt it; if the private key is used to encrypt the data, then only the corresponding public key can be used to decrypt it. Decrypt. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm. The basic process of asymmetric encryption algorithm to exchange confidential information is: Party A generates a pair of keys and discloses one of them as a public key to other parties; Party B, who obtains the public key, uses the key to process the confidential information. After encryption, it is sent to Party A; Party A then uses another private key saved by itself to decrypt the encrypted information. On the other hand, Party A can use its own private key to encrypt the confidential information before sending it to Party B; Party B can then use Party A's public key to decrypt the encrypted information.
Party A can only use its private key to decrypt any information encrypted by its public key. Asymmetric encryption algorithms provide better confidentiality and eliminate the need for end users to exchange keys.
Characteristics of asymmetric cryptosystem: The algorithm strength is complex, and security depends on the algorithm and key. However, due to the complexity of the algorithm, the encryption and decryption speed is not as fast as that of symmetric encryption and decryption. There is only one key in the symmetric cryptosystem, and it is non-public. If you want to decrypt, you must let the other party know the key. So keep it safeThe key is to ensure the security of the key. The asymmetric key system has two keys, one of which is public, so there is no need to transmit the other party's key like a symmetric cipher. This way the security is much greater.
『三』What is asymmetric encryption
MD5
\PGP and other types of encryption are asymmetric encryption. That is, encryption is simple but decryption (cracking) is difficult.
MD5
p>
『四』 Blockchain has become a new pyramid scheme, what exactly is blockchain?
Some time ago, a photo of a Chinese aunt appearing at a blockchain conference became popular on the Internet. There was a heated discussion among them, and netizens said: "Aunts have been targeted by the blockchain." In fact, starting from a few years ago, when the concept of blockchain came out, there were some criminals under the guise of Conducting MLM activities in the name of blockchain has become one of the latest variants of MLM. In fact, with the development of blockchain, various virtual currencies have emerged as the times require. Most of them are scams. Scammers carry out scams in the name of "virtual currency" and "blockchain". This is mainly to use Investors do not understand virtual currency and blockchain, but they want to catch up with the virtual currency investment boom. This scam seems complicated, but it is actually very simple. However, once you are fooled, it is difficult to recover your investment.
In short, blockchain technology is not actually a scam, but has been used by scammers to take advantage of information asymmetry to deceive investors.
『Wu』 Can blockchain technology solve the problem of information asymmetry? If so, will it involve a large number of intermediaries and trade associations?
One of the theoretical foundations of blockchain is game theory The actual situation where the information asymmetry problem mentioned by the question often occurs is between the upstream and downstream of the supply chain. The upstream hopes to sell more expensively, while the downstream hopes to buy cheaper. This will lead to a game between upstream and downstream.
The other is the competitive game between peers, such as two suppliers, and a very important means of competition in this game is through the collection of first-hand information. Through information asymmetry, we can grasp the market trend and obtain higher economic profits.
Blockchain technology can achieve transparent sharing of information between parties and guarantee trust. Therefore, the problem of information asymmetry can be completely solved through blockchain technology.
As for whether intermediaries will be completely eliminated? In my opinion, this is not achievable in the short term. However, judging from the development trend of blockchain technology and future prospects, the share of dealers as intermediaries will definitely be gradually reduced and will be abandoned by the times.
The above are some of my personal views and opinions.
『Lu』 What is symmetric encryption and what is asymmetric encryption
Symmetric encryption
In symmetric encryption (or single-key encryption), only A key is used to encrypt and decrypt information. Although single-key encryption is a simpleprocess, but both parties must completely trust the other party and hold a backup of this key. But achieving this level of trust is not as simple as imagined. A security breach may have occurred while both parties were trying to establish a trusting relationship. First of all, the transmission of the key is an important issue. If it is intercepted, then there will be no security for the key and related important information.
However, if the user wants to transfer information on a public medium (such as the Internet), he needs a way to transfer the key. Of course, physically sending and receiving the key is the most secure, but sometimes this It's impossible. One solution is to send it via email, but such messages can easily be intercepted, defeating the purpose of encryption. Users cannot encrypt messages containing the key because they must share another key used to encrypt messages containing the key. This dilemma raises the question: if symmetric keys use themselves to encrypt, why not just use the same method in the first step? One solution is to use asymmetric encryption, which we will cover later in this lesson.
A theme in all types of encryption is cracking. One countermeasure to reduce the threat posed by the use of symmetric encryption is to change the regularity of the keys. However, changing keys regularly is often difficult, especially if you have many users in your company. Additionally, hackers can compromise symmetric keys using dictionary programs, password sniffing, or by searching desks, wallets, and briefcases. Symmetric encryption is also easily defeated by brute force attacks.
Asymmetric encryption
Asymmetric encryption uses a pair of keys in the encryption process, unlike symmetric encryption which only uses a single key. One key is used for encryption and the other is used for decryption. If A is used to encrypt, B is used to decrypt; if B is used to encrypt, A is used to decrypt.
The important concept is that in this pair of keys, one key is used for public use and the other is used as a private key; the one used for publicity is called the public key, and the other half needs security protection. private key. One disadvantage of asymmetric encryption is that it is very slow because it requires intensive mathematical operations. If a user needs to use asymmetric encryption, even a relatively small amount of information can take several hours.
Another name for asymmetric encryption is public key encryption. Although both private and public keys are mathematically related, determining the value of a private key from a public key is very difficult and time-consuming. When communicating over the Internet, key management for asymmetric encryption is easy because public keys can be easily disseminated and private keys must be carefully protected in the hands of users.
HASH encryption converts some information of different lengths into a messy 128-bit code, called a HASH value. HASH encryption is used for information that you do not want to decrypt or read. Decryption using this method is theoreticallyIt is impossible to compare whether the values of the two entities are the same without telling other information. Another use of HASH encryption is to sign files. It can also be used when you want someone to check but can't copy the information.
『撒』 How does the blockchain ensure the security of data in the network?
How does the blockchain ensure the security of data in the network:
In the blockchain Among the technologies, digital encryption technology is the key. Generally, the asymmetric encryption algorithm is used, that is, the password for encryption and the password for unlocking are different. To put it simply, we have an exclusive private key. As long as we protect our private key and give the public key to the other party, the other party will use the public key to encrypt the file to generate ciphertext, and then pass the ciphertext to you, and we will use the private key. Decrypting the plain text can ensure that the transmission content is not seen by others. In this way, the encrypted data transmission is completed!
At the same time, there is also a digital signature that adds an extra layer of protection for us to prove that the document has not been tampered with during the process of sending it to the other party. It can be seen that the encryption technology of blockchain can effectively solve the security problems in the process of data circulation and sharing, which can be said to have great potential. Luanhe
『八』【In-depth knowledge】Illustration of the encryption principle of blockchain (encryption, signature)
First, let’s put an architecture diagram of Ethereum:
In the learning process, I mainly use a single module to learn and understand, including P2P, cryptography, network, protocols, etc. Let’s start with the summary directly:
The problem of secret key distribution is also the problem of secret key transmission. If the secret key is symmetric, then the secret key can only be exchanged offline. If the secret key is transmitted online, it may be intercepted. Therefore, asymmetric encryption is used, with two keys, one private key is kept privately, and the other public key is made public. Public keys can be transmitted over the Internet. No offline transactions required. Ensure data security.
As shown in the figure above, node A sends data to node B, and public key encryption is used at this time. Node A obtains the public key of node B from its own public key, encrypts the plaintext data, and sends the ciphertext to node B. Node B uses its own private key to decrypt.
2. Unable to solve message tampering.
As shown in the figure above, node A uses B's public key to encrypt, and then transmits the ciphertext to node B. Node B uses the public key of node A to decrypt the ciphertext.
1. Since A’s public key is public, once an online hacker intercepts the message, the ciphertext will be useless. To put it bluntly, this encryption method can be decrypted as long as the message is intercepted.
2. There is also the problem of being unable to determine the source of the message and the problem of message tampering..
As shown in the figure above, before sending data, node A first encrypts it with B's public key to obtain ciphertext 1, and then uses A's private key to encrypt ciphertext 1 to obtain ciphertext 2. After node B obtains the ciphertext, it first decrypts it using A's public key to obtain ciphertext 1, and then decrypts it using B's private key to obtain the plaintext.
1. When data ciphertext 2 is intercepted on the network, since A's public key is public, you can use A's public key to decrypt ciphertext 2 and obtain ciphertext 1. So this seems to be double encryption, but in fact the private key signature of the last layer is invalid. Generally speaking, we all hope that the signature is signed on the most original data. If the signature is placed later, the signature lacks security since the public key is public.
2. There are performance issues. Asymmetric encryption itself is very inefficient, and two encryption processes are performed.
As shown in the figure above, node A is first encrypted with A's private key, and then encrypted with B's public key. After receiving the message, node B first uses B's private key to decrypt it, and then uses A's public key to decrypt it.
1. When the ciphertext data 2 is intercepted by a hacker, since the ciphertext 2 can only be decrypted using B's private key, and B's private key is only owned by node B, others cannot keep it secret. Therefore, the safety is the highest.
2. When node B decrypts and obtains ciphertext 1, it can only use A’s public key to decrypt it. Only data encrypted by A's private key can be successfully decrypted with A's public key. Only node A has A's private key, so it can be determined that the data was transmitted by node A.
After two asymmetric encryptions, the performance problem is serious.
Based on the above problem of data tampering, we introduced message authentication. The encryption process after message authentication is as follows:
Before node A sends a message, it first performs a hash calculation on the plaintext data. A digest is obtained, and then the illumination and original data are sent to Node B at the same time. When node B receives the message, it decrypts the message. Parse out the hash digest and original data, then perform the same hash calculation on the original data to obtain digest 1, and compare the digest and digest 1. If they are the same, they have not been tampered with; if they are different, they have been tampered with.
During the transmission process, as long as ciphertext 2 is tampered with, the resulting hash will be different from hash1.
The signature problem cannot be solved, that is, both parties attack each other. A never acknowledges the message he sent. For example, A sends an error message to B, causing B to suffer losses. But A denied that he did not send it himself.
In the process of (3), there is no way to solve the problem of interactive parties attacking each other. What does that mean? It may be that the message sent by A is not good for node A, and later A denies that the message was not sent by it.
In order to solve this problem, signatures were introduced. Here we combine the encryption method in (2)-4 with the message signature.
In the above figure, we use node A's private key to sign the summary information sent by it, then add the signature + original text, and then use B's public key to encrypt. After B obtains the ciphertext, he first uses B's private key to decrypt it, and then uses A's public key to decrypt the digest. Only the content of the two digests is compared to see if they are the same. This not only avoids the problem of anti-tampering, but also circumvents the problem of attacks from both parties. Because A signed the information, it cannot be repudiated.
In order to solve the performance problem when asymmetrically encrypting data, hybrid encryption is often used. Here we need to introduce symmetric encryption, as shown below:
When encrypting data, we use a symmetric secret key shared by both parties to encrypt. The symmetric secret key should not be transmitted on the network to avoid loss. The shared symmetric key here is calculated based on one's own private key and the other party's public key, and then the symmetric key is used to encrypt the data. When the other party receives the data, it also calculates the symmetric secret key and decrypts the ciphertext.
The above symmetric key is unsafe because A's private key and B's public key are generally fixed in the short term, so the shared symmetric key is also fixed. To enhance security, the best way is to generate a temporary shared symmetric key for each interaction. So how can we generate a random symmetric key during each interaction without transmitting it?
So how to generate a random shared secret key for encryption?
For the sender node A, a temporary asymmetric secret key pair is generated every time it is sent, and then a symmetric secret key can be calculated based on the public key of node B and the temporary asymmetric private key. (KA algorithm-Key Agreement). The symmetric secret key is then used to encrypt the data. The process here for the shared secret key is as follows:
For node B, when receiving the transmitted data, the random public key of node A is parsed. Then the symmetric secret key (KA algorithm) is calculated using the random public key of node A and the private key of node B itself. The data is then encrypted using a symmetric key.
For the above encryption methods, in factThere are still many problems, such as how to avoid replay attacks (adding Nonce to the message), and problems such as rainbow tables (refer to the KDF mechanism to solve). Due to limited time and ability, I will ignore it for now.
So what kind of encryption should be used?
Mainly based on the security level of the data to be transmitted. Unimportant data can actually be authenticated and signed, but very important data needs to use an encryption scheme with a relatively high security level.
Cipher suite is a concept of network protocol. It mainly includes algorithms for identity authentication, encryption, message authentication (MAC), and secret key exchange.
During the entire network transmission process, algorithms are mainly divided into the following categories according to cipher suites:
Secret key exchange algorithms: such as ECDHE, RSA. Mainly used for authentication when the client and server handshake.
Message authentication algorithm: such as SHA1, SHA2, SHA3. Mainly used for message summarization.
Batch encryption algorithm: such as AES, mainly used to encrypt information flow.
Pseudo-random number algorithm: For example, the pseudo-random function of TLS 1.2 uses the hash function of the MAC algorithm to create a master key - a 48-byte private key shared by both parties in the connection. The master key serves as a source of entropy when creating session keys (such as creating a MAC).
In the network, a message transmission generally needs to be encrypted in the following four stages to ensure safe and reliable transmission of the message.
Handshake/network negotiation phase:
During the handshake phase between both parties, link negotiation is required. The main encryption algorithms include RSA, DH, ECDH, etc.
Identity authentication phase:
In the identity authentication phase, the source of the sent message needs to be determined. The main encryption methods used include RSA, DSA, ECDSA (ECC encryption, DSA signature), etc.
Message encryption stage:
Message encryption refers to encrypting the sent information flow. The main encryption methods used include DES, RC4, AES, etc.
Message identity authentication phase/anti-tampering phase:
Mainly to ensure that the message has not been tampered with during transmission. The main encryption methods include MD5, SHA1, SHA2, SHA3, etc.
ECC: Elliptic Curves Cryptography, elliptic curve cryptography. It is an algorithm that generates public and private keys based on point multiple products on ellipses. Used to generate public and private keys.
ECDSA: used for digital signature, is a digitalSignature algorithm. A valid digital signature gives the recipient reason to believe that the message was created by a known sender, so that the sender cannot deny that the message has been sent (authentication and non-repudiation), and that the message has not been altered in transit. The ECDSA signature algorithm is a combination of ECC and DSA. The entire signature process is similar to DSA. The difference is that the algorithm used in the signature is ECC, and the final signed value is also divided into r and s. Mainly used in the identity authentication phase.
ECDH: It is also a Huffman tree secret key based on the ECC algorithm. Through ECDH, both parties can negotiate a shared secret without sharing any secrets, and this shared secret key is the current The communication is temporarily generated randomly, and the secret key disappears once the communication is interrupted. Mainly used in the handshake negotiation phase.
ECIES: is an integrated encryption scheme, also known as a hybrid encryption scheme, which provides semantic security against selected plaintext and selected ciphertext attacks. ECIES can use different types of functions: key agreement function (KA), key derivation function (KDF), symmetric encryption scheme (ENC), hash function (HASH), H-MAC function (MAC).
ECC is an elliptical encryption algorithm, which mainly describes how the public and private keys are generated on the ellipse, and is irreversible. ECDSA mainly uses the ECC algorithm to make signatures, while ECDH uses the ECC algorithm to generate symmetric keys. All three of the above are applications of the ECC encryption algorithm. In real-world scenarios, we often use hybrid encryption (a combination of symmetric encryption, asymmetric encryption, signature technology, etc.). ECIES is a set of integrated (hybrid) encryption solutions provided by the underlying ECC algorithm. This includes asymmetric encryption, symmetric encryption and signature functions.
<meta charset="utf-8">
This precondition is to ensure that the curve does not contain singular points .
Therefore, as the curve parameters a and b continue to change, the curve also shows different shapes. For example:
All the basic principles of asymmetric encryption are basically based on a formula K = k G. Among them, K represents the public key, k represents the private key, and G represents a selected base point.. The asymmetric encryption algorithm is to ensure that the formula cannot be inverted (that is, G/K cannot be calculated). *
How does ECC calculate the public and private keys? Here I describe it according to my own understanding.
I understand that the core idea of ECC is to select a base point G on the curve, then randomly pick a point k on the ECC curve (as the private key), and then calculate our public key based on k G K. And ensure that the public key K is also on the curve. *
So how to calculate k G? How to calculate k G to ensure that the final result is irreversible? This is what the ECC algorithm is supposed to solve.
First, we randomly select an ECC curve, a = -3, b = 7 and get the following curve:
On this curve, I randomly select two points. How to calculate the multiplication of points? We can simplify the problem. Multiplication can be expressed by addition, such as 2 2 = 2+2, 3 5 = 5+5+5. Then as long as we can calculate addition on the curve, we can theoretically calculate multiplication. Therefore, as long as addition calculations can be performed on this curve, multiplication can theoretically be calculated, and the value of an expression such as k*G can theoretically be calculated.
How to calculate the addition of two points on the curve? Here, in order to ensure irreversibility, ECC has customized an addition system on the curve.
In reality, 1+1=2, 2+2=4, but in the ECC algorithm, the addition system we understand is impossible. Therefore, it is necessary to customize a set of addition systems suitable for this curve.
The definition of ECC is to randomly find a straight line in the graph and intersect the ECC curve at three points (or possibly two points). These three points are P, Q, and R respectively.
Then P+Q+R = 0. Among them, 0 is not the 0 point on the coordinate axis, but the infinity point in ECC. In other words, the infinity point is defined as point 0.
Similarly, we can get P+Q = -R. Since R and -R are symmetrical about the X-axis, we can find their coordinates on the curve.
P+R+Q = 0, so P+R = -Q, as shown in the figure above.
The above describes how addition operations are performed in the world of ECC curves.
As can be seen from the above figure, there are only two intersection points between a straight line and a curve, which means that the straight line is the tangent line of the curve.At this time, P and R coincide.
That is, P = R. According to the above-mentioned ECC addition system, P+R+Q = 0, it can be concluded that P+R+Q = 2P+Q = 2R+Q=0
So we get 2 P = -Q (is it getting closer to the formula K = k G of our asymmetric algorithm?).
So we come to the conclusion that multiplication can be calculated, but it can only be calculated at the tangent point, and it can only be calculated by 2.
If 2 can be turned into any number for multiplication, then it means that multiplication can be performed in the ECC curve, then the ECC algorithm can meet the requirements of an asymmetric encryption algorithm.
So can we calculate the multiplication of any random number? The answer is yes. That is the dot product calculation method.
Choose a random number k, then what is k * P equal to?
We know that in the computer world, everything is binary. Since ECC can calculate the multiplication of 2, we can describe the random number k as binary and then calculate it. Suppose k = 151 = 10010111
Since 2 P = -Q, so k P is calculated. This is the dot product algorithm. Therefore, multiplication can be calculated under the ECC curve system, so this asymmetric encryption method is feasible.
As for why this calculation is irreversible. This requires a lot of deduction, and I don't understand it either. But I think it can be understood this way:
Our watches usually have time scales. Now if we take 0:00:00 on January 1, 1990 as the starting point, and if we tell you that a full year has passed until the starting point, then we can calculate the current time, that is, we can calculate it on the watch. The hour, minute and second hands should point to 00:00:00. But conversely, I said that the hour, minute and second hands on the watch are now pointing to 00:00:00. Can you tell me how many years have passed since the starting point?
The ECDSA signature algorithm is basically similar to other DSA and RSA, both using private key signature and public key verification. It’s just that the algorithm system uses the ECC algorithm. Both parties interacting must adopt the same set of parameter systems. The signature principle is as follows:
Select an infinite point on the curve as the base point G = (x, y). Randomly pick a point k on the curve as the private key, and K = k*G to calculate the public key.
Signing process:
Generate a random number R and calculate RG.
Based on the random number R, the HASH value H of the message M, and the private key k, calculate the signature S = (H+kx) /R.
Send messages M, RG, S to the receiver.
Signature verification process:
Receive message M, RG, S
Calculate the HASH value H according to the message
According to the sender For the public key K, calculate HG/S + xK/S, and compare the calculated result with RG. If equal, the verification is successful.
Formula inference:
HG/S + xK/S = HG/S + x(kG)/S = (H+xk)/GS = RG
< p> Before introducing the principle, explain that ECC satisfies the associative law and the commutative law, that is to say, A+B+C = A+C+B = (A+C)+B.Here is an example on WIKI to illustrate how to generate a shared secret key. You can also refer to the example of Alice And Bob.
For Alice and Bob to communicate, both parties must have public and private keys generated by ECC based on the same parameter system. So there is a common base point G for ECC.
Secret key generation stage:
Alice uses the public key algorithm KA = ka * G, generates the public key KA and the private key ka, and makes the public key KA public.
Bob uses the public key algorithm KB = kb * G, generates the public key KB and the private key kb, and makes the public key KB public.
Calculation ECDH stage:
Alice uses the calculation formula Q = ka * KB to calculate a secret key Q.
Bob uses the calculation formula Q' = kb * KA to calculate a secret key Q'.
Shared key verification:
Q = ka KB = ka * kb * G = ka * G * kb = KA * kb = kb * KA = Q'
Therefore, the shared secret keys calculated by both parties do not need to be disclosed before they can be encrypted using Q. We call Q the shared secret key.
In Ethereum, other contents of the ECIEC encryption suite used:
1. The HASH algorithm uses the most secure SHA3 algorithm Keccak.
2. The signature algorithm uses ECDSA
3. The authentication method uses H-MAC
4. The ECC parameter system uses secp256k1, other parameter systems can be found here
The whole process of H-MAC is called Hash-based Message Authentication Code. Its model is as follows:
In Ethereum's UDP communication (RPC communication encryption methods are different), the above implementation method is adopted and expanded.
First of all, the structure of Ethereum's UDP communication is as follows:
Among them, sig is the signature information encrypted by the private key. mac can be understood as a summary of the entire message, ptype is the event type of the message, and data is the RLP-encoded transmission data.
The entire encryption, authentication, and signature model of UDP is as follows:
