消息认证是保障通信双方能确认所接收信息的完整性与来源真实性的重要机制。
Message authentication is a critical mechanism that allows communicating parties to verify both the integrity and authenticity of the received messages.
加密能够防止被动攻击(如窃听),但还必须防范主动攻击(如篡改数据)。
While encryption protects against passive attacks (e.g., eavesdropping), it is also necessary to protect against active attacks (e.g., message forgery).
Approaches to Message Authentication|消息认证的方法
使用对称加密
Using Symmetric Encryption
假设只有通信双方共享密钥,发送者使用此密钥加密消息,接收者能通过密钥解密并验证消息的合法性。Assuming only the sender and receiver share a secret key, the sender encrypts the message, and the receiver decrypts it, verifying its authenticity.不加密消息,仅附加认证标签
Authentication Without Encrypting the Message
发送者生成一个认证标签(如MAC),附加在明文消息后传送。虽然不提供保密性,但仍能验证完整性与身份。The sender generates an authentication tag (e.g., MAC) and appends it to the plaintext message. Although confidentiality is not provided, integrity and authenticity are maintained.
One-Way Hash Functions|单向哈希函数
哈希函数接收任意长度的消息输入,产生固定长度的输出称为消息摘要。Hash functions take a variable-length message input and produce a fixed-length output called a message digest.
它不依赖密钥(不将密钥作为输入),但能提供基本的消息完整性。It does not use a secret key but can provide a fundamental mechanism for ensuring message integrity.
Properties of Secure Hash Functions|安全哈希函数的性质
为了实现安全性,哈希函数H必须具备以下六个特性:To be secure, a hash function H must satisfy the following six properties:
H 可以应用于任意长度的数据块。H can be applied to a block of data of any size.
H 产生固定长度的输出。H produces a fixed-length output.
H(x) 计算必须高效。It must be easy to compute H(x) for any given x.
不可能从 H(x) 反推出 x(前像抗性)。It is computationally infeasible to find x given H(x) (preimage resistance).
给定 x,不可能找到 y ≠ x 使 H(x)=H(y)(第二前像抗性)。Given x, it is hard to find y ≠ x such that H(x) = H(y) (second preimage resistance).
不可能找到任意 (x, y) 使得 H(x) = H(y)(抗碰撞性)。It is hard to find any two distinct values x and y such that H(x) = H(y) (collision resistance).
Attacks on Hash Functions|哈希函数的攻击方式
密码分析攻击:利用算法逻辑缺陷进行攻击。Cryptanalysis: Exploiting algorithmic weaknesses.
暴力攻击:基于哈希长度穷举搜索。Brute-force attacks: Based on the hash output length.
The SHA Secure Hash Algorithm|SHA 安全哈希算法
SHA 是由 NIST 开发并发布的联邦信息处理标准。SHA was developed by NIST and published as a Federal Information Processing Standard.
SHA-1 基于 MD4 设计,输出 160 位哈希值。SHA-1, based on MD4, produces a 160-bit hash value.
2005 年,NIST 宣布逐步淘汰 SHA-1,转向更安全的 SHA-2。In 2005, NIST announced its intention to phase out SHA-1 in favor of SHA-2.
Comparison of SHA Parameters |SHA 参数比较
SHA-512 Process|SHA-512 算法过程
SHA-512 是 SHA-2 系列的一种,输出 512 位哈希值。SHA-512, part of the SHA-2 family, outputs a 512-bit hash.
过程包括:消息填充、分组、初始化变量、循环压缩和最终摘要输出。The process involves message padding, block division, variable initialization, iterative compression, and final digest output.
SHA-3 Requirements|SHA-3 的设计要求
必须支持 224、256、384、512 位输出。Must support output lengths of 224, 256, 384, and 512 bits.
处理小块数据,适合流式处理。Must process small data blocks (e.g., 512/1024 bits) to support streaming.
HMAC (Hash-based Message Authentication Code)|HMAC(基于哈希的消息认证码)
HMAC 将哈希函数和密钥结合,生成认证码,弥补了哈希函数无密钥的不足。HMAC combines hash functions with a secret key to produce an authentication code, addressing the lack of key usage in traditional hash functions.
它被 RFC 2104 标准化,并广泛用于 IP 安全、TLS、SET 等协议中。It is standardized in RFC 2104 and used in IP Security, TLS, and SET protocols.
Design Objectives of HMAC|HMAC 的设计目标
利用现有哈希函数,无需修改。Use existing hash functions without modification.
易于替换嵌入的哈希函数。Allow easy substitution of the embedded hash function.
保持性能,不影响原有效率。Preserve performance without significant degradation.
简单的密钥处理机制。Use a simple key handling method.
提供良好的理论安全分析。Enable sound cryptographic analysis.
Public-Key Encryption Structure|公钥加密结构
由 Diffie 和 Hellman 在 1976 年首次提出。First proposed by Diffie and Hellman in 1976.
公钥加密是非对称的,使用一对密钥:公钥和私钥。Public-key encryption is asymmetric, using a pair of keys: public and private.
它比对称加密更适合密钥分发与身份验证。It is better suited than symmetric encryption for key distribution and authentication.
Misconceptions|误解
•公钥加密在密码分析中比传统加密更安全
•公钥加密是一种通用技术,使传统加密过时
•有一种感觉,当使用公钥加密时,密钥分发是微不足道的,与传统加密的密钥分发中心所涉及的相当繁琐的握手相比
Applications of Public-Key Cryptosystems|公钥密码的应用
• 公钥系统的特点是使用加密类型的算法,其中包含两个密钥,一个是私有的,另一个是公开的
Public-key systems are characterized by the use of a cryptographic type of algorithm with two keys, one held private and one available publicly
• 根据应用程序的不同,发送方可以使用发送方的私钥或接收方的公钥,或者两者都使用来执行某种类型的加密功能
Depending on the application, the sender uses either the sender’s private key, the receiver’s public key, or both to perform some type of cryptographic function
加密/解密:发送者用接收者的公钥加密。Encryption/Decryption: Sender encrypts with receiver’s public key.
数字签名:发送者用自己的私钥签名。Digital Signature: Sender signs with their own private key.
密钥交换:双方协商生成共享密钥。Key Exchange: Both parties cooperate to establish a shared key.
RSA Algorithm|RSA 算法
RSA 是一种广泛使用的公钥加密算法。RSA is a widely used public-key encryption algorithm.
其安全性基于大整数的因式分解难题。Its security relies on the difficulty of factoring large integers.
攻击方式包括数学攻击、时间攻击和选择密文攻击。Potential attacks include mathematical attacks, timing attacks, and chosen ciphertext attacks.
Diffie-Hellman Key Exchange|Diffie-Hellman 密钥交换
这是第一个公钥协议,允许两个用户安全地共享会话密钥。This was the first public-key protocol, allowing two users to securely share a session key.
该算法仅用于密钥交换,而非数据加密。It is used solely for key exchange, not encryption.
Digital Signature Standard (DSS)|数字签名标准(DSS)
DSS 使用 SHA-1 并定义了一种新的签名算法 DSA。DSS incorporates SHA-1 and defines a new digital signature algorithm called DSA.
不能用于加密,仅用于签名。Unlike RSA, it is only for digital signatures, not encryption or key exchange.
Functions of Digital Signatures|数字签名的功能
数字签名是一种数据相关的比特模式,用于验证:Digital signatures are data-dependent bit patterns used to verify:
消息来源真实性 authenticity of origin
数据完整性 integrity of data
防抵赖性 non-repudiation
FIPS 186-4 规范包括三种算法:DSA、RSA 和 ECDSA。FIPS 186-4 defines three signature algorithms: DSA, RSA, and ECDSA.
