关于
CDMF,
RIPEMD,
HOTP,
CAST-128,
ARIA,
SkipJack,
ECDSA,
BlowFish,
TwoFish,
OATP,
ECDH
算法
自己从wiki上学习看到的,这里记录下,暂算转帖吧。
--------------------------------------------------------------------------------------------------------------------------------------
CDMF
In cryptography, CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength of the DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of cryptography. Rather than a separate cipher from DES, CDMF constitutes a key generation algorithm, called key shortening. It is one of the cryptographic algorithms supported by S-HTTP.
[edit]
Algorithm
Like DES, CDMF accepts a 64-bit input key, but not all bits are used. The algorithm consists of the following steps:
Clear bits 8, 16, 24, 32, 40, 48, 56, 64 (ignoring these bits as DES does).
XOR the result with its encryption under DES using the key 0xC408B0540BA1E0AE.
Clear bits 1, 2, 3, 4, 8, 16, 17, 18, 19, 20, 24, 32, 33, 34, 35, 36, 40, 48, 49, 50, 51, 52, 56, 64.
Encrypt the result under DES using the key 0xEF2C041CE6382FE6.
The resulting 64-bit data is to be used as a DES key. Due to step 3, a brute force attack needs to test only 240 possible keys.
回页首
----------------------------------------------------我是华丽的分割线--------------------------------------------------------
REPEMD
RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest) is a 160-bit message digest algorithm (cryptographic hash function) developed in Leuven (Belgium) by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996. It is an improved version of RIPEMD, which in turn was based upon the design principles used in MD4, and is similar in performance to the more popular SHA-1.
There also exist 128, 256 and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320, respectively. The 128-bit version was intended only as a drop-in replacement for the original RIPEMD, which was also 128-bit, and which had been found to have questionable security. The 256 and 320-bit versions diminish only the chance of accidental collision, and don't have higher levels of security as compared to, respectively, RIPEMD-128 and RIPEMD-160.
RIPEMD-160 was designed in the open academic community, in contrast to the NSA-designed SHA-1 and SHA-2 algorithms. On the other hand, RIPEMD-160 appears to be used somewhat less frequently than SHA-1, which may have caused it to be less scrutinized than SHA.
RIPEMD-160 is not known to be constrained by any patents.
In August 2004, a collision was reported for the original RIPEMD (PDF). This does not apply to RIPEMD-160.
RIPEMD-160 hashes
The 160-bit RIPEMD-160 hashes (also termed RIPE message digests) are typically represented as 40-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding RIPEMD-160 hash:
RIPEMD-160("The quick brown fox jumps over the lazy dog") =
37f332f68db77bd9d7edd4969571ad671cf9dd3b
Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c:
RIPEMD-160("The quick brown fox jumps over the lazy cog") =
132072df690933835eb8b6ad0b77e7b6f14acad7
The hash of a zero-length string is:
RIPEMD-160("") =
9c1185a5c5e9fc54612808977ee8f548b2258d31
回页首
--------------------------------------------------------------------------------------------------------------------------------------------
HOTP
HOTP is an HMAC-based One Time Password algorithm. It is a cornerstone of Initiative For Open Authentication (OATH).
HOTP was published as an informational IETF RFC 4226 in December 2005, documenting the algorithm along with a Java implementation. Since then, the algorithms was adopted by many companies worldwide (see below) and became the world's leading standard[citation needed] for event-based OTP authentication. The HOTP algorithm is a freely available open standard.
回页首
---------------------------------------------------------------------------------------------------------------------------------------------
CAST-128
in cryptography, CAST-128 (alternatively CAST5) is a block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has also been approved for Canadian government use by the Communications Security Establishment. The algorithm was created in 1996 by Carlisle Adams and Stafford Tavares using the CAST design procedure; another member of the CAST family of ciphers, CAST-256 (a former AES candidate) was derived from CAST-128. According to some sources, the CAST name is based on the initials of its inventors, though Bruce Schneier reports the authors' claim that "the name should conjure up images of randomness" (Schneier, 1996).
CAST-128 is a 12- or 16-round Feistel network with a 64-bit block size and a key size of between 40 to 128 bits (but only in 8-bit increments). The full 16 rounds are used when the key size is longer than 80 bits. Components include large 8×32-bit S-boxes based on bent functions, key-dependent rotations, modular addition and subtraction, and XOR operations. There are three alternating types of round function, but they are similar in structure and differ only in the choice of the exact operation (addition, subtraction or XOR) at various points.
Although Entrust holds a patent on the CAST design procedure, CAST-128 is available worldwide on a royalty-free basis for commercial and non-commercial uses.
Test vectors :
Below is a sample test vector, providing the input and the expected output for the above algorithm. Even, the values of Key Schedule, Km and Kr is provided for both encryption and decryption.
Encryption :
128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
plaintext = 01 23 45 67 89 AB CD EF
ciphertext = 23 8B 4F E5 84 7E 44 B2
回页首
----------------------------------------------------------------------------------------------------------------------------------------------
ARIA
In cryptography, ARIA is a block cipher designed in 2003 by a large group of South Korean researchers. In 2004, the Korean Agency for Technology and Standards selected it as a standard cryptographic technique.
The algorithm uses a substitution-permutation network structure based on AES. The interface is the same as AES: 128-bit block size with key size of 128, 192, or 256 bits. The number of rounds is 12, 14, or 16, depending on the key size. ARIA uses two 8×8-bit S-boxes and their inverses in alternate rounds; one of these is the Rijndael S-box.
The key schedule processes the key using a 3-round 256-bit Feistel cipher, with the binary expansion of 1/π as a source of "nothing up my sleeve numbers".
回页首
-----------------------------------------------------------------------------------------------------------------------------------------
SkipJack
In cryptography, Skipjack is a block cipher — an algorithm for encryption — developed by the U.S. National Security Agency (NSA). Initially classified, it was originally intended for use in the controversial Clipper chip. Subsequently, the algorithm was declassified and now provides a unique insight into the cipher designs of a government intelligence agency.
Skipjack uses an 80-bit key to encrypt or decrypt 64-bit data blocks. It is an unbalanced Feistel network with 32 rounds.[3] It was designed to be used in secured phones.
回页首
-------------------------------------------------------------------------------------------------------------------------------------------
ECDSA
The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses Elliptic curve cryptography.
回页首
--------------------------------------------------------------------------------------------------------------------------------------------
BlowFish
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard now receives more attention.
Schneier designed Blowfish as a general-purpose algorithm, intended as an alternative to the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents or were commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."
Notable features of the design include key-dependent S-boxes and a highly complex key schedule.
Blowfish has a 64-bit block size and a variable key length from 1 bit up to 448 bits.[2] It is a 16-round Feistel cipher and uses large key-dependent S-boxes. It is similar in structure to CAST-128, which uses fixed S-boxes.
回页首
---------------------------------------------------------------------------------------------------------------------------------------------
TwoFish
In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but was not selected for standardisation. Twofish is related to the earlier block cipher Blowfish.
Twofish's distinctive features are the use of pre-computed key-dependent S-boxes, and a relatively complex key schedule. One half of an n-bit key is used as the actual encryption key and the other half of the n-bit key is used to modify the encryption algorithm (key-dependent S-boxes). Twofish borrows some elements from other designs; for example, the pseudo-Hadamard transform (PHT) from the SAFER family of ciphers. Twofish uses the same Feistel structure as DES.
回页首
-----------------------------------------------------------------------------------------------------------------------------------------
OAEP
In cryptography, Optimal Asymmetric Encryption Padding (OAEP) is a padding scheme often used together with RSA encryption. OAEP was introduced by Bellare and Rogaway.[1]
The OAEP algorithm is a form of Feistel network which uses a pair of random oracles G and H to process the plaintext prior to asymmetric encryption. When combined with any secure trapdoor one-way permutation f, this processing is proved in the random oracle model to result in a combined scheme which is semantically secure under chosen plaintext attack (IND-CPA). When implemented with certain trapdoor permutations (e.g., RSA), OAEP is also proved secure against chosen ciphertext attack. OAEP can be used to build an all-or-nothing transform.
OAEP satisfies the following two goals:
Add an element of randomness which can be used to convert a deterministic encryption scheme (e.g., traditional RSA) into a probabilistic scheme.
Prevent partial decryption of ciphertexts (or other information leakage) by ensuring that an adversary cannot recover any portion of the plaintext without being able to invert the trapdoor one-way permutation f.
回页首
----------------------------------------------------------------------------------------------------------------------------------------
ECDH
Elliptic curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel.[1][2] This shared secret may be directly used as a key, or better yet, to derive another key which can then be used to encrypt subsequent communications using a symmetric key cipher. It is a variant of the Diffie–Hellman protocol using elliptic curve cryptography.
回页首