tls 1.2加密_椭圆曲线加密在TLS 1.3中的工作方式

tls 1.2加密

A couple of reader alerts:

读者警告：

In order to (somewhat) simplify the description process and tighten the volume of the article we are going to write, it is essential to make a significant remark and state the primary constraint right away — everything we are going to tell you today on the practical side of the problematics is viable only in terms of TLS 1.3. Meaning that while your ECDSA certificate would still work in TLS 1.2 if you wish it worked, providing backwards compatibility, the description of the actual handshake process, cipher suits and client-server benchmarks covers TLS 1.3 only. Of course, this does not relate to the mathematical description of algorithms behind modern encryption systems.

为了(某种程度上)简化描述过程并收紧我们将要写的文章的数量，有必要做一个重要的评论并立即指出主要的限制，我们今天将在实用上告诉您的一切问题的一面仅在TLS 1.3方面才可行。 这意味着，尽管您希望ECDSA证书能够工作，但仍可以在TLS 1.2中使用，但可以提供向后兼容性，但实际握手过程，密码套件和客户端-服务器基准的描述仅涵盖TLS 1.3。 当然，这与现代加密系统背后的算法的数学描述无关。

This article was written by neither a mathematician nor an engineer — although those helped to find a way around scary math and reviewed this article. Many thanks to Qrator Labs employees.

这篇文章既不是由数学家也不是由工程师撰写的，尽管他们帮助找到了解决可怕数学问题的方法，并回顾了这篇文章。 非常感谢Qrator Labs的员工。

(

Ë

((

E

)

lliptic

卵状的

C (C)

urve)

urve)

d (D)

iffie-

菲菲

H (H)

ellman (

埃尔曼(

Ë (E)

phemeral)

暂时的)

Diffie-Hellman在21世纪的遗产 (The Diffie–Hellman legacy in the 21 century)

Of course, this has started with neither Diffie nor Hellman. But to provide a correct timeline, we need to point out main dates and events.

当然，这不是从Diffie还是Hellman开始的。 但是，为了提供正确的时间表，我们需要指出主要日期和事件。

There were several major personas in the development of modern cryptography. Most notably, Alan Turing and Claud Shannon both laid an incredible amount of work over the field of theory of computation and information theory as well as general cryptanalysis, and both Diffie and Hellman, are officially credited for coming up with the idea of public-key (or so-called asymmetric) cryptography (although it is known that in the UK there were made serious advances in cryptography that stayed under secrecy for a very long time), making those two gentlemen pioneers.

现代密码学的发展有几个主要角色。 最值得注意的是，艾伦·图灵(Alan Turing)和克劳德·香农(Claud Shannon)都在计算和信息论以及通用密码分析领域进行了令人难以置信的大量工作，并且Diffie和Hellman都因提出了公共密钥的想法而被正式认可。 (或所谓的非对称)加密技术(尽管众所周知，在英国，加密技术已经取得了长足的发展，并且长期处于保密状态)，这使这两位先生成为了先驱。

In what exactly?

到底是什么？

Well, this may sound peculiar; however, before November 6, 1976, there was no public knowledge of public-key encryption systems. Whitfield Diffie and Martin Hellman (and, by the matter of fact, Ralph Merkle) — mathematicians, computer engineers and enthusiasts, as well as cryptologists were the first.

好吧，这听起来很奇怪。 但是，在1976年11月6日之前，还没有公众对公用密钥加密系统的了解。 惠特菲尔德·迪菲(Whitfield Diffie)和马丁·海尔曼(Martin Hellman)(实际上是拉尔夫·默克尔(Ralph Merkle))—数学家，计算机工程师和发烧友以及密码学家是第一批。

For those not aware — due to the role cryptanalysis overtook during the World War II and its enormous impact on keeping information in secret, the two countries that believed they had most advanced cryptography knowledge — the U.S. and U.K. included encryption into their Munitions Lists and leveraged a heavy export ban (simultaneously weakening encryption implementation for domestic private and commercial use). For this reason, the U.K. researchers working at the asymmetric key exchange technique in Government Communications Headquarters and developing an analogous scheme weren’t recognized for this invention until 1997, when restrictions on cryptography algorithms and their description were rendered ineffective.

对于那些不知道的人-由于二战期间密码分析已超越角色，并且对保密信息具有巨大影响，因此两个国家认为他们拥有最先进的密码学知识-美国和英国将加密纳入了弹药清单并加以利用严格的出口禁令(同时削弱了针对家庭私人和商业用途的加密实施)。 由于这个原因，直到1997年英国政府研究人员在政府通信总部的非对称密钥交换技术上工作并开发类似方案的英国研究人员才意识到这项发明，当时对密码算法的限制及其描述无效。

Back to our dual inventors — what has Diffie and Hellman revolutionized specifically?

回到我们的双重发明家-Diffie和Hellman特别革新了什么？

Let’s take a look at their original paper, perfectly illustrating the giant leap they’ve introduced (even theoretically with their research paper):

让我们看一下他们的原始论文，完美地说明了他们所引入的巨大飞跃(甚至在理论上与他们的研究论文一起)：

And the following one:

和以下之一：

These two pictures perfectly illustrate the huge change Whitfield Diffie and Martin Hellman introduced after cryptography and cryptanalysis centuries of evolution — the establishment of a shared secret key as a result of a cryptographic computation.

这两张照片完美地说明了在加密和密码分析百年演变之后，Whitfield Diffie和Martin Hellman所进行的巨大变化-加密计算的结果是建立了共享的秘密密钥。

Let’s take a look at another good picture with colors:

让我们看一下另一种颜色不错的图片：

It explains what is going on. Before Diffie and Hellman key agreement invention, there was only one symmetric key — it was used both to encrypt and decrypt the message. If you want to give someone such a “key”, it must be transferred over a “secure” channel. You can imagine all the restrictions of such a previous generation scheme right away — you need an already established secure channel, you cannot reuse the key, and, ideally, the length of the key should be the same as the length of the message.

它解释了发生了什么。 在Diffie和Hellman密钥协商发明之前，只有一个对称密钥-它既用于加密也用于解密消息。 如果要给某人这样的“密钥”，则必须通过“安全”通道进行转移。 您可以立即想象出这种上一代方案的所有限制-您需要一个已经建立的安全通道， 不能重用密钥 ，并且理想情况下，密钥的长度应与消息的长度相同。

Claude Shannon in his wartime classified work “Communication Theory of Secrecy Systems” proved that all theoretically unbreakable ciphers must have the same requirements as the one-time pad — famously known as the Vernam cipher, by the author of this symmetrical polyalphabetic stream cipher.

克劳德·香农(Claude Shannon)在其战时分类的著作“ 保密系统的传播理论 ”中证明，所有理论上均不可破解的密码必须具有与一次性密码垫相同的要求，该密码垫由对称多字母流密码的作者而著称，即一次Vernam密码。

Again, we’re going to take a look at the original paper:

再次，我们将看一下原始论文：

Before we go any further, let’s ask ourselves — how two, even if brilliant, however, human beings came up with such a significant improvement in an applied field with such a history, especially at the time of war?

在进一步探讨之前，让我们问问自己：两个人，即使是杰出的人，在具有如此悠久历史的应用领域，特别是在战争时期，都取得了如此显着的进步？

Well, because of the:

好吧，因为：

• Information theory, formulated by Claude Shannon;

  信息理论 ，由克劳德·香农(Claude Shannon)提出；

• Theory of computation influenced by, most notably, Alonzo Church, John von Neumann, and Alan Turing;

  计算理论最受Alonzo Church，John von Neumann和Alan Turing的影响；

• And, more importantly, computability theory based mostly on Turing’s work, which we could say all developed and matured at the same period of the 20th century. Diffie and Hellman both mentioned Claude Shannon as the most significant influencer of their work.

  而且，更重要的是， 可计算性理论主要基于图灵的工作，我们可以说所有这些理论都是在20世纪同一时期发展和成熟的。 Diffie和Hellman都提到克劳德·香农(Claude Shannon)是他们工作中最重要的影响者。

Lenstra’s “Universal Security” illustrates the quantity of energy needed to “break” the symmetric cryptosystem with various key lengths. It turned out that breaking a 228-bit long, elliptic curve key would require the same amount of energy that is needed to boil all the water on Earth. It is, however, valid only under consideration of known algorithms and hardware, as, strictly speaking, no one knows if significantly more efficient algorithms or hardware exist. 228-bit EC key is comparable to the 2380-bit long RSA key, more on that later. Although in this estimation both RSA and EC keys are used in an asymmetric encryption scheme, such key lengths are somewhat equivalent to a 128-bit symmetric encryption key.

Lenstra的“ 通用安全性 ”说明了“破坏”具有各种密钥长度的对称密码系统所需的能量。 事实证明，打破228位长的椭圆曲线键将需要与煮沸地球上所有水所需的能量相同的能量。 但是，仅在考虑已知算法和硬件的情况下它才有效，因为严格来说，没有人知道是否存在效率更高的算法或硬件。 228位EC密钥可与2380位长的RSA密钥相提并论。 尽管在此估计中，RSA和EC密钥都用于非对称加密方案中，但是这种密钥长度在某种程度上等效于128位对称加密密钥。

It is easy to imagine that something “hard to calculate” would require much energy and/or time needed for the computation. We tend to think that computers can “calculate everything”, but it turns out that it is not true. First, there exist undecidable examples, like the halting problem, though in the field of cryptography, we can avoid this pitfall. Second, if we consider the time needed for a particular algorithm to run, it may be arbitrary high. That is what we exploit in cryptography. A problem is considered “easy” to calculate if the time required to run the respective algorithm depends on the input size (measured in bits) like a polynomial: $inline$T(n) = O(n^k)$inline$ , for some positive constant $inline$k$inline$ . In the computational complexity theory field, such problems form the P complexity class.

不难想象，“难以计算”的内容将需要大量的能量和/或时间来进行计算。 我们倾向于认为计算机可以“计算一切”，但事实证明事实并非如此。 首先，存在一些不确定的例子，例如停止问题，尽管在密码学领域，我们可以避免这种陷阱。 其次，如果我们考虑运行特定算法所需的时间，则它可能是任意高的。 这就是我们在密码学中所利用的。 计算运行相应算法所需的时间是否像多项式一样取决于输入大小(以位为单位)，是一个“容易”计算的问题： $ inline $ T(n)= O(n ^ k)$ inline $ ，对于一些正常数 $ inline $ k $ inline $ 。 在计算复杂度理论领域，此类问题形成了P复杂度类 。

The P complexity class is almost central, as it represents the problem for which a deterministic poly