毕业设计论文 外文文献翻译 DES算法的安全性及其应用 中英文对照

算法的安全性及其应用摘要 ：对DES算法的加密进行分析，提出DES算法安全性问题，介绍了DES算法的应用，指出密钥的长度、多重DES算法、算法的安全管理、弱密钥等安全性问题必须给予重视。关键词 ： DES算法 ； 密钥 ； 加密 ； 安全性 ； 应用.数据加密标准（Data Encryption standard , DES）是美国国家标准局研究，除美国国防部以外其他部门的计算机系统的数据加密标准，属于分组密码的一种，在具体的应用中还无法将这种加密算法完全破解掉，因此也被美国政府作为限制出口的一种技术，它目前仍被广泛使用，具有较高的安全性。1.DES算法概述DES是一个对称算法：加密和解密用的是同一算法（除密钥编排不同以外），既可用于加密又可用于解密。它的核技术是：在相信复杂函数可以通过简单函数迭代若干圈得到的原则下，利用F函数及对合等运算，充分利用非线性运算。DES以64位为分组对数据加密。每组64位，最后一组若不足64位以“0”补齐。密钥通常表示为64位的数，但每个第8位都用作奇偶校验，可以忽略，所以密钥的长度为56位，密钥可以是任意的56位的数，且可在任意的时候改变。其中极少量的数被认为是弱密钥，但能容易地避开它们，所有的保密性依赖于密钥。2.DES算法的加密分析 2.1 DES算法的基本思想DES对64位的明文分组进行操作。通过一个初始置换，将明文分组分成左半部分（L0）和右半部分（R0），各32位长。R0与子密钥K1进行F函数的运算，输出32位的数，然后与L0执行异或操作得到R1，L1则是上一轮的R0，如此经过16轮后，左、右半部分合在一起，经过一个末置换（初始置换的逆置换），这样该算法就完成了。2.2 初始置换初始置换在第一轮运算前执行，对输入分组实施如表1所示的变换（此表应从左向右、从上向下读）。例如，初始位置把明文的第58位换到第1位的位置，把第50位换到第2位的位置，把第42位换到第3位的位置等等。初始置换和对应的末置换并不影响DES的安全性。它的主要目的是为了更容易地将明文与密文数据以字节大放入DES芯片中。2.3 子密钥的生成子密钥的产生如图1所示1。将64位密钥进行密钥置换，不考虑每个字节的第8位，DES密钥由64位减至56位，56位密钥被分成两部分，前28位为C0，后28位为D0。C0，D0。接着，根据轮数，C0和D0分别经过LSi循环左移1位或2位。16次循环左移的位数依据下列规则进行：循环左移位数 ，经过循环左移得到的Ci，Di经过压缩置换即得到子密钥Ki（，16）。压缩置换也称作置换选择，就是从56位中选出48位，表2定义了压缩置换。例如，处在第33位位置的那一位在输出时移到了第35位的位置，而处在第 18位位置的那一位被略去。2.4 16轮迭代过程 算法有16次迭代，迭代如图2所示2。从图中可得到 ，。 函数的实现原理是将进行扩展置换后其结果与进行异或，并把输出内容执行S盒替代与P盒转换后得到，其原理如图3所示3。 扩展置换也叫做E盒，它将数据右半部分从32位扩展到48位，改变了位的次序，重复了某些位，比原输入长了16位，数据位仍取决于原输入。扩展置换的48位输出按顺序分成8组，每组6位，分别输入8个S子盒，每个子盒输出4 位，共32位。假设将S盒的6位的输入标记为b1、b2、b3、b4、b5、b6，则b1和b6组合构成了一个2位的数，从0到3，它对应着S表中的一行。从b2 到 b5构成了一个4位的数，从0到15，对应着表中的一列，行列交汇处的数据就是该S盒的输出。每个S盒被看作一个4位输入的代替函数：b2到b5直接输入，输出结果为4位，b1和b6位来自临近的分组，它们从特定的S盒的4个代替函数中选择一个。这是该算法的关键步骤，所有其他的运算都是线性的，易于分析，而S盒是非线性的，它比DES其他任何一步提供了更好的安全性。P盒转换是把每个输入位映射到输出位，任意一位不能被映射两次，也不能被略去。2.5 末置换末置换是初始置换的逆过程，DES在最后一轮后，左半部分和右半部分并未交换，而是将R16和L16并在一起形成一个分组作为末置换的输入。3 DES算法安全性问题3.1 DES算法密钥的长度最初的罗斯福密码中密钥长度为128位，的加密单位仅有64位二进制，而且其中某些位还要用于奇偶校验或其他通讯开销，有效密钥只有56位， 这对于数据传输来说太小，各次迭代中使用的密钥KI是递推产生的，这种相关性必然降低了密码体制的安全性。因此，人们会对56位密钥的安全性产生质疑，那么56位密钥是否足够，已成为人们争论的焦点之一。至今，最有效的破解DES算法的方法是穷举搜约是228，493，000年。但是，仍有学者认为在可预见的将来用穷举法寻找正确密钥已趋于可行，所以若要安全保护10年以上的数据最好不用DES算法。近年来有人提出用差分和线性攻击方案来破解DES算法，虽然，从理论上来说破译的性能高于穷举搜索法，但要有超高速计算机提供支持，以致于美国国家保密局和计算机科学技术学会组织各界专家研究DES密码体制的安全性问题后，得出乐观的结论：没有任何可以破译DES密码体制的系统分析法。若使用穷举法，则在1990年以前基本上不可能产生出每天能破译一个DES密钥的专用计算机。即使届时能制造出这样的专用机，它的破译成功率也只会在0.1到0.2之间，而且造价可能高达几千万美元。根据目前的计算技术和DES的分析情况，16圈DES（采用16轮迭代）仍然是安全的，但提醒使用者不要使用低于16圈的DES，特别是10圈以下的DES。尽管如此，我们仍然需要考虑对DES算法进行改进，使密钥长度增加些，以实现更好的保密功能。3.2 多重DES算法针对DES算法上的缺陷，各国专家们都在研究如何增强DES算法的安全性，现在已发展出几十种改进的DES，经过比较，笔者认为多重DES具有较高的可行性。为了增加密钥的长度，采用多重DES加密技术，将分组密码进行级联，在不同的密钥作用下，连续多次对一组明文进行加密。针对DES算法，专家们的共识是采用3重DES加密算法。3重DES方法需要执行3次常规的DES加密步骤，但最常用的3重DES算法中仅仅用两个56位DES密钥。假设这两个密钥为K1与K2，其算法的步骤是：）用密钥K1进行DES加密；）用步骤1的结果使用密钥K2进行DES解密；）用步骤2的结果使用密钥K1进行DES加密。这个过程称为EDE（加密解密加密）。三重DES可使加密密钥长度扩展到128位，其中有效112位。三重DES的112位密钥长度在可以预见的将来可认为是合适的、安全的，据称，目前尚无人找到针对此方案的攻击方法。因为要破译它可能需要尝试256个不同的56位密钥直到找到正确的密钥。但是三重DES的时间是DES算法的3倍，时间开销较大。 3.3 避开DES算法漏洞,实现安全管理在DES密钥KEY的使用、管理及密钥更换的过程中，应绝对避开DES算法的应用误区，即：绝对不能把KEY的第 、 位作为有效数据位，来对KEY进行管理。从上述DES算法的描述中知道，每个字节的第8位作为奇偶校验位以确保密钥不发生错误，这8位不参与DES运算。因此，特别推荐给金融银行界及非金融业界的领导及决策者们，尤其是负责管理密钥的人，要对此点予以高度重视。有的银行金融交易网络，利用定期更换DES密钥KEY的办法来进一步提高系统的安全性和可靠性，如果忽略了上述应用误区，那么，更换新密钥将是徒劳的，将威胁到金融交易网络的安全运行，所以更换密钥一定要保证新KEY与旧KEY真正的不同即除了第 、 位以外其它位数据发生了变化，这样才能保证DES算法安全可靠发挥作用，须务必对此保持高度重视。现代密码学的特征是算法可以公开。保密的关键是如何保护好自己的密钥，而破密的关键则是如何能破解得到密钥。统的安全主管者，要根据本系统实际所使用的密钥长度与其所保护的信息的敏感程度、重要程度以及系统实际所处安全环境的恶劣程度，在留有足够的安全系数的条件下来确定其密钥和证书更换周期的长短。同时，将已废弃的密钥和证书放入黑库归档，以备后用。密钥更换周期的正确安全策略是系统能够安全运行的保障，是系统的安全管理者最重要、最核心的日常工作任务。3.4 弱密钥在DES算法中存在12个半弱密钥和4个弱密钥。由于在子密钥的产生过程中，密钥被分成了2个部分，如果这2个部分分成了全0或全1，那么每轮产生的子密钥都是相同的，当密钥是全0或全1，或者一半是1或0时，就会产生弱密钥或半弱密钥，DES算法的安全性就会变差。在设定密钥时应避免弱密钥或半弱密钥的出现。4.DES算法的应用自DES算法颁布之后，引起了学术界和企业界的广泛重视。许多厂家很快生产出实现DES算法的硬件产品，广大用户在市场上买到高速而又廉价的DES 硬件产品之后，开始用它加密自己的重要数据，从而大大推广了密码技术的使用。DES算法的入口参数有3个：KEY、DATA、MODE。其中KEY为8个字节共64位，是DES算法的工作密钥；DATA也为8个字节64位，是要被加密或被解密的数据；MODE为DES的工作方式，有两种：加密和解密。DES算法是这样工作的：如MODE为加密，则用KEY去把数据DATA 进行加密，生成DATA的密码形式（64位）作为DES的输出结果；如MODE为解密，则用KEY去把密码形式的数据DATA解密，还原为DATA的明码形式（64 位）作为DES的输出结果。在通信网络的两端，双方约定了一致的 KEY，在通信的源点用KEY对核心数据进行DES加密，然后以密码形式在公共通信网（如电话网）中传输到通信网络的终点，数据到达目的地后，用同样的KEY对密码数据进行解密，便再现了明码形式的核心数据。这样，便保证了核心数据在公共通信网中传输的安全性和可靠性3。通过定期在通信网络的源端和目的端同时改用新的KEY，便能更进一步提高数据的保密性，这正是现在金融交易网络的流行做法。在.NET开发系统中，微软公司提供了DES公用密钥的加密类，使用它，我们可以自己编制自己的标准DES加密算法。在任何一个单位，程序员只要设计此程序就能对零散离散文件进行加密传输，而如果要和其他单位交换数据，由于使用的公用算法，只需要向对方提供密钥及算法说明即可，使用非常方便。参考文献 ：卢开澄计算机密码学计算机网络中的数据保密与安全：第 版北京：清华大学出版社，冯登国，吴文玲分组密码的设计与分析北京：清华大学出版社，毕业设计(论文)英文翻译题 目 : 基于混合密码的数字签名方案设计院、系(部): 电子信息工程学院专业及班级: 0 7 0 4 0 5 姓 名: 刘 军 飞 学 号: 070405114 指 导 教师: 张 艳 玲 日 期: 2011.05.02 DES algorithm safety and its applicationAbstract: the encryption algorithm for DES, the article analyzes the safety problems DES algorithm is introduced, and points out that the application of the proposed algorithm is DES key lengths, multiple DES algorithm, algorithm of safety management, such as weak key safety problems must be addressed.Keywords: DES algorithms; Key; Encryption; Safety; applicationData encryption standard (DES) is the U.S. national bureau of outside the U.S. defense department, in addition to other departments of the computer system data encryption standard, belongs to a block cipher in the specific application, still unable to break the encryption algorithm, so completely off by the United States government as a technology export restrictions, it is still widely used, has higher security.1 DES algorithm overviewDES is a symmetric algorithm: encryption and decryption is the same algorithm with (except the key organises different outside), can be used not only can be used to encrypt and decrypt. It is the core technology in believe complex function can: through simple iterative several laps () function gets under the principle of DuiGe using F function and such operations, make full use of nonlinear operations. DES to 64-bit data encryption for grouping. Each group 64-bit, if one last set of less than 6 bits to 0 fill neat. Key usually expressed as a 64-bit number, but each article 8 bits are used as parity and can be ignored, so dense length is 56, key can be arbitrary 56 number, and can in any time change. One of very few number is considered weak key, but can easily avoid them, all the secrecy dependent on the keys.2 DES algorithm encryption analysis2.1The basic idea of 210 DES algorithmDES 64-bit expressly grouping of operation. Through an initial displacement, will expressly group into left brain part (L0) and the right-side part (R0), each 32 bits long. R0 and son key K1 used, and on F function output 32-bit number, then and L0 executive xor operator get R1, L1 is the last round R0, so after 16 rounds, left, right after partial together, after a late replacement (initial displacement inversereplacement), so this algorithm is completed.2.2 initial displacementInitial displacement in the first round of input, former executive computing group implement such as table 1 shows transform (this form should, from left to right to read) for example, the initial position of the proclaimed to the 58th a change of position, one of the first 50 change to second place position, put the first 4 to third position, etc. Initial displacement and the corresponding end displacement does not affect the safety of DES. Its main purpose is to will be more easily with ciphertext data in bytes written in DES chip the size.2.3The key to generate sonThe key to produce as shown in figure 1 son shown 1. Will 64-bit decryption key, dont consider key replacement each byte number eight, DS keys consists of a 64-bit to 56, 56 key is divided into two parts, the first 28 bits after C0, for 28 for D0. C0 = K57K49K41. K52K44K36, D0 = K63K55K47. K20K12K4. Then, according to round number, C0 and D0 LSi cycle respectively after moves left in 1 or 2 bits. 16 times cycle of digit moves left the following rules: cycle according 1,1,2,2,2,2,2,2,1,2,2,2,2,2,21 left shift several.After cycle of Ci, moves left get Di after compression replacement namely get son Ki (I = 1 key,., 16). Compression replacement also called replacement choice, is selected from 56 48 bits, table 2 defines compression replacement. For example, in the positions is 33 output moved in a position of # 35 in 18th place, and that a position omitting .2.4 16 iteration processDES algorithm has 16 iterations, the iterative as figure2shows 2. From the graph can get Li = Ri - 1, Ri = Li - 1 F (Ri - 1, Ki), I = 1, 2, 3. 15,16.F function realization principle is to expand Ri - 1 Ki after displacement and the results are different, and the output content or executive S box of alternative and P box after converting get F (Ri - 1, Ki), ts principle fig.03 shows 1. Expand replacement also called E box, it will data from the right part 32-bit expanded to 48 bits, changed a sequence, repeat some bits, compared to the original input long 16, data bits, still depends on the original input. Extension of the replacement of 48 bits in sequence into eight groups output, each group of six, eight S respectively input son box, each child box output four, a total of 32. Assumptions will S box six input marked b1, b2, b3, b4,b5, b6, then b1 and b6 constitute a 2 bits number, from 0 to 3, it corresponds to S the line. Watch From b2 to b5 constituted a 4 digit number, from 0 to 15, corresponding to table a column in the ranks of the data interchange, is that the S box output. Each S box can be viewed as a four input to replace function: b2 to b5 direct input, output results for four, b1 and b6 participants from neighboring grouping, them from specific S box 4 instead of function choose a. This is the key step in the algorithm, and all other operations are linear, easy to analysis, and S box is nonlinear, it any other step than DES provides better security. P boxes each input a transition is mapped to output a, any one cannot be mapped twice, also cannot be cut out.2. 5 end displacementThe replacement of the initial replacement is the inverse process,DES during the last round, right and left parts, but will not exchange part R16 and L16 and together to form a group as the input end displacement.3 DES algorithm safety issues3.1 DES algorithm key lengthsInitial Roosevelt password for 128-bit key length, DES56 bits, this is too small for data transmission, the keys used in every iteration of the recursive Ki is produced, this correlation inevitable reduces the password system security. Therefore, people will to 56 keys have cast doubt on the safety, then 56 key whether enough, has become one of the focuses of debate.So far, the most effective cracked DES algorithm method is exhaustively search method. 56 need 228,493,000 years is about. Still, some scholars think in the foreseeable future exhaustion method with finding the right key has already become more and more feasible, so if want security protection of 10 years of above data had better not use DES algorithm.In recent years some proposed with difference and linear attack scheme to crack, though, from DES algorithm theoretically decipher than the performance Exhaustively search method, but must have the super-fast computers provide support, that American state secrecy bureau and computer science and technology institute organizing.World experts research DES password system, it is concluded that the problem of safety in the conclusion of optimism after: without any can decipher DES password system system analysis. If use exhaustively method, is in before 1990 basically impossible to produce each day to decipher a DES key special computer. Even when can produce such steels, it will only in deciphering success rate between 0.1 to 0.2, and cost could be as high as millions dollars. According to the present computing and DES analysis situation, 16 - circle DES (with 16 iteration) is still safe, but warn users dont use less than 16 - circle DES, especially 10 - circle the following DES. Nevertheless, we still need to consider to DES algorithm was improved, add some key length, in order to achieve better confidential function.3. 2 multiple DES algorithmAimed at the defects of algorithm, DES nations experts are studying how to enhance the security of DES algorithm, has now developed dozens of improved DES, after comparison, the author thinks that multiple DES has the high feasibility.In order to increase the key lengths, using multiple DES encryption technology group password, cascade, in a different key function, continuous Many times for a group of plaintext encrypted. According to the experts, DES algorithm adopts triple DES consensus is encryption algorithm. Triple DES method needs to perform three conventional DES encrypted steps, but the most commonly used three heavy DES algorithm using only two 56 DES keys. Suppose this two keys with K2, its algorithm triassic-paleogene the steps are:1) for DES encrypted with key K1;2) the results in step 1 to use a key K2 to DES decryption;3) the results in step 2 to use a key K1 for DES encrypted.This process is called EDE (encryption - decryption - encryption).Triple DES can make the encryption key length expanded to 128-bit, including effective 112. The 112 triple DES key length in the foreseeable future can think is appropriate, safe, allegedly, at present there is no people find in this scheme method of assault. Because want Decipher it may need to try to 256 different 56 key until you find the right key. But triple DES time is three times the DES algorithm, time consuming is bigger.3.3 avoid DES algorithm loophole, realize safe managementIn DES keys use and management of the Key specific and Key changes process, should absolutely avoid DES algorithm application pitfalls, namely: definitely not the Key specific section 8, 16, 24. 64 bit as valid data bits, to manage to Key specific. From the description of the above DES algorithm, each byte of the first that eight as parity to ensure the key not errors occur, the eight not participation DES operations. Therefore, particularly recommended for financial banking and non-financial industry leadership and decision makers, especially responsible for managing the people, which key point pay serious attention. Some Banks financial transaction network, use change regularly DES keys to Key specific to further improve reliability and safety of the system, if you ignore the above application pitfalls, then, change the new Key will be in vain, and threaten financial transaction network safety running, so change Key must ensure new Key specific and old Key specific real different that, in addition to the first 8, 16, 24. 64 bit beyond other bits of data changed, so that we can guarantee DES algorithm safe and reliable work, must make sure to keep high attention.Modern cryptography features is algorithm can open. The key is how to protect the confidentiality of their keys, and the key is broken secret key. How can get hacking The security of the system, this system according to the director of the actual use of key length and the sensitive degree of protection of information, important degree and the actual place security environment system of degree, in bad with sufficient safety coefficient conditions from determine its key and certificate change cycle length. Meanwhile, will have abandoned key and certificate in black library archive, away for future use. Key change cycle right security strategy is system can safe operation of the systems safety protection, is the most important and the most managers of daily tasks.3.4 weak keysIn DES algorithm 12 and a half exists weak key and four weak keys. Because the key in the son produced process, the key is divided into 2 parts, if this 2 parts into full 0 or total 1, so each wheel produces daughter keys are the same, and when keys are all 0 or 1, or half full 1 or 0, can produce weak keys, or half a weak the safety of keys, DES algorithm will become poor. In setting key should avoid weak keys, or half a weak key to appear.4 DES use of the algorithmAfter since DES algorithm, caused promulgated by academic and corporate attention. Many manufacturers soon produce realize DES algorithm Hardware products, users in the market to buy high speed and cheap DES hardware products, to start using it after the important data encryption himself, thus greatly promote the use of a password techniques.DES algorithm entry parameters have 3: Key specific, Data, Mode. One Key specific for 8 byte 64 bits, which is the Key; DES algorithm work Data also for 8 byte 64-bit, is to be encrypted or message decrypted Data; Mode for DES way of working, have two kinds: encryption and decryption. DES algorithm is how it works: such as Mode for encryption, then use the Data to Key specific Data encrypt Data and generate the password form (64 bits); the output as DES Such as Mode for decryption, from the password form to Key specific Data declassified, restore Data for the Data related forms (64 bits) as the output results. DES In communication network, the parties have agreed on the ends of the agreement in communication, Key specific source point of core data with Key specific, and then taking DES encrypted password form in public communication network (such as network) in the end of transmission to communication network, data arrived at their destination, with the same Key specific data of password decryption, he portrays plain code forms of core data. So, then guaranteed the core data (such as PIN, MAC, etc) in public communication network security and reliability of the transmission of 3. Through regularly in the communication network in the source end and purpose in the switch to the new Key specific, can further improve the data privacy, this is now the financial trading network vogue.In development system, Microsoft provides DES public key encryption class, use it, and we can prepare yourself Standard DES encryption algorithm. In any one unit, the programmer as long as this program can design of scattered discrete files for encryption loses. If you want to exchange the data and other units, due to the use of public algorithm, only need to provide each other key and algorithm specification can, use very convenient.References:1 Wilkinson j h.algebraic eigenvalue problem. Computer data in a computer network cryptography secrecy and security: the first 3 edition M. Beijing: tsinghua university press, 2003.2. WuWenLing block cipher FengDengGuo, the design and analysis M. Beijing: tsinghua university Press, 2000.3 DuanWei YangMao phosphorus, ge yong, postgraduate for PhD. The password algorithms and its application in military communication J.journal of fire Force command and control, 2006 (3) : 68-71.