Cryptography Journey #1: Fundamentals and Encoding Techniques (密码学之旅 #1：基本概念与编码技术)

star juniper — Sun, 12 Apr 2026 03:14:54 +0000

EN：As an incoming postgraduate student majoring in Software Engineering, I am starting my blogging journey with the assistance of AI translation. This post marks my first exploration into the fascinating world of cryptography.
CH：我是一名软件工程专业的准研究生，我将在ai翻译的帮助下开始写博客。这是我探索密码学的第一篇笔记。

1. Fundamental Goals of Cryptography（密码学的基本目标）

The fundamental goals of cryptography are to solve those three problems:
密码学的基本目标是解决信息安全的三个基本安全需求，即：

Ensuring that information is accessible only to those authorized to have access.
信息的机密性保证；

The process of verifying the identity of a user, device, or system, and the integrity of the message.
信息的真实性认证

Ensuring that a party cannot deny the validity of a previously committed action or message.
承诺的不可否认性

2. Fundamental Concepts of Encryption Algorithms （加密算法的一些基本概念）

As shown in the figure below, this is a complete encryption flow.
如下图所示的是一个完整的加密流程

Kerckhoffs's Principle（kerckhoffs假设）

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
假设敌手知道除了密钥以外的所有信息。

Three Main Types of Cryptographic Attacks Based on The Adversary's Available Knowledge（三类按照敌手可利用知识的类别分类的主要的攻击方法）

Ciphertext-Only Attack（唯密文攻击）
The adversary only has access to a set of ciphertexts.
敌手除了加密算法、明文、密钥的概率分布外，还知道很多由同一个密钥加密的密文。

Known-Plaintext Attack（已知明文攻击）
The adversary has access to both the ciphertext and its corresponding plaintext.
敌手除了具备唯密文攻击的条件之外，还知道许多密文对应的明文。

Chosen-Plaintext/Ciphertext Attack（选择明文（密文）攻击）
The adversary can choose specific plaintexts (or ciphertexts) to be encrypted (or decrypted).
敌手除具备一直到明文攻击以外，还可以任意选择对他有利的明文（密文），并得到相应的密文（明文）

3. The Most Fundamental Cryptanalysis Method: Brute-Force Attack（最基本的破译方法————穷举攻击）

Assume the total number of possible keys is 2^128. Let's examine the resistance of this encryption algorithm against a brute-force attack:
假设可能密钥总数为2^128，现考查该加密算法扛穷举攻击的能力：

The brute-force is the simplest, but often the most effective, method to attack.
穷举攻击是最笨、但往往也是最有效的攻击方式。

The ultimate goal of cipher is to ensure that no cryptanalysis is more effective than a brute-force attack.
密码算法设计最理想的境界就是让所有可能的破译方法都比穷举法更无效

What is the standard for rendering an attack ineffective? We measure it through four key metrics: computational workload, memory usage, the volume of required data, and the success rate.
如何有效衡量让攻击方法失效的标准？用攻击方法所需要的计算量、存储量、已知的数据量和成功率衡量

4. The Three Branches of Cryptology(密码学的三大分支)

Branch 1: Cryptography
分支一：密码编码学
It focuses on the theoretical design and implementation of secure and efficient algorithms for data encryption and message authentication.
是研究安全、高效的信息加密算法和信息认证算法的设计理论与设计技术

Branch 2: Cryptanalysis
分支二：密码分析学
Its primary objective is to investigate the theories and techniques involved in breaking cryptographic systems.
主要任务是研究密码破译的理论与技术

Branch 3: Key Management
分支三：密钥管理学
It is the science dedicated to the principles, technologies, and methodologies of key generation, distribution, and lifecycle management.
是研究密钥生成、分配与管理的理论、技术和方法的科学

5. The Three Fundamental Encoding/Cipher Techniques（密码算法最基本的三个编码技术）

The general process of information encryption is illustrated in the diagram below.
如下图所示为信息加密的一般流程

6. Classification of Fundamental Encoding Techniques（基本编码技术的分类）

Substitution Ciphers
代替密码
A substitution cipher uses pre-designed substitution rules to replace plaintext units, and it is categorized into two types: monoalphabetic and polyalphabetic.
利用预先设计的代替规则，对明文进行代替的密码，分为单表代替和多表代替两种

Transposition Ciphers
移位密码
A method of encryption where the positions held by units of plaintext are shifted according to a regular system.
对各个字符或字符组进行位置移动的密码

Additive Ciphers
加减密码
An encryption technique where plaintext characters are combined with a sequence of random numbers (keystream) through addition or subtraction.
将明文逐字符或逐字符组与乱数相加或相减的密码

Monoalphabetic Substitution Cipher（单表代替密码）

This cipher utilizes a fixed (single) substitution rule—also known as a substitution function, lookup table, or S-box. It performs replacement on the plaintext either character-by-character or in groups of characters.
利用预先设计的固定（意味着代替规则只有一种）的代替规则（也被称为代替函数、代替表或S盒），对明文逐字符或逐字符组进行代替的密码

Advantage: It completely transforms the morphology (形态) of individual characters, making the plaintext unrecognizable at first glance.
单表代替的优点：明文字符的形态一般将面目全非。

Disadvantages: Fixed Positions: The relative positions of the characters remain constant.
Pattern Preservation: Identical plaintext characters always produce identical ciphertext characters, which preserves the statistical patterns of the original message.
单表代替的缺点：明文的位置不变。明文字符相同，则密文字符也相同。

Polyalphabetic Substitution Cipher（多表代替密码）

In this method, the key serves as an indicator to select different substitution rules (alphabets) during the encryption process.
根据密钥的指示，来选择加密时使用的单表方法，称为多表代替密码

The General Structure of the One-Time Pad (OTP) Cryptosystem
一次一密的密码体制的一般结构

OTP is mathematically perfect but architecturally impractical.
一次一密的密码体制的缺点：OTP 在数学上是完美的，但在架构上是不切实际的。

Solution: Using pseudo-random sequences for the keystream.
解决方案：密钥序列采用伪随机序列

The Fundamental Structure of Stream Cipher Algorithms（序列密码算法的基本结构）

Transposition Cipher（移位密码）

A transposition cipher is a method of encryption by which the positions held by units of plaintext are shifted according to a regular system.
移位密码就是对明文字符或字符组的进行位置移动的密码

Ciphers formed by alternating substitution and transposition（交替使用代替和移位形成的密码算法）

7. Summary（小结）

Security Requirements (安全需求)
Chinese: 密码学的基本目标是解决信息的机密性保证、真实性认证和承诺的不可否认性这三个基本安全需求。
English: The fundamental goals of cryptography are to fulfill three basic security requirements: Confidentiality, Authentication (Truthfulness), and Non-repudiation.
Kerckhoffs's Principle (柯克霍夫原则)
Chinese: 对对手破译能力的假设是知道除密钥外的一切信息。
English: We assume the adversary possesses all information about the cryptosystem except for the secret key. (This is known as Kerckhoffs's Principle.)
Three Branches (三大分支)
Chinese: 密码学有密码编码、密码分析和密钥管理三个分支。
English: Cryptology consists of three main branches: Cryptography, Cryptanalysis, and Key Management.
Security Standards (安全标准)
Chinese: 加密算法应能对抗所有可能的攻击方法。
English: A cryptographic algorithm should be robust enough to withstand all potential cryptanalytic attacks.
Brute-Force Attacks (穷举攻击)
Chinese: 对密码算法最基本的攻击方法是穷举密钥攻击。
English: The most fundamental method of attacking a cipher is an exhaustive key search (also known as a brute-force attack).
Core Encoding Techniques (核心编码技术)
Chinese: 代替、移位和加减是密码算法最基本的编码技术。
English: Substitution, Transposition, and Additive techniques are the core encoding methods used in cryptographic algorithms.
Perfect Secrecy (完善保密性)
Chinese: 理论上不可破译的密码算法是存在的——一次一密。
English: Theoretically unbreakable algorithms do exist—namely, the One-Time Pad (OTP), which provides perfect secrecy.
Origin of Stream Ciphers (序列密码的起源)
Chinese: 序列密码脱胎于一次一密。
English: Stream ciphers are derived from the conceptual framework of the One-Time Pad.
Strength Through Combination (组合增强安全性)
Chinese: 利用弱的密码变换可搭配成强度很高的加密算法。
English: Highly secure algorithms can be constructed by combining multiple weak cryptographic primitives.
Block Cipher Models (分组密码模型)
Chinese: 代替密码与移位密码结合、代替密码与加减密码结合都可以形成强度很高的加密算法，这是分组密码的基本模型。
English: Combining substitution with transposition or additive methods can create highly secure ciphers. This serves as the fundamental model for Block Ciphers (e.g., Substitution-Permutation Networks).

DEV Community: star juniper