📚 Encryption for A-Level Edexcel Computer Science | A-Level Edexcel 计算机:加密 考点精讲
Encryption is a cornerstone of modern digital security, transforming plaintext into ciphertext to protect confidentiality and integrity. In the Edexcel A-Level Computer Science specification, encryption appears across topics including cryptography fundamentals, symmetric and asymmetric algorithms, hashing, digital signatures, and their application in network security. This masterclass covers every key concept, algorithm, and practical example you need to excel in your exam, from Caesar cipher to RSA and TLS.
加密是现代数字安全的基石,它将明文转换为密文,以保护机密性和完整性。在 Edexcel A-Level 计算机科学大纲中,加密知识分布在密码学基础、对称与非对称算法、哈希、数字签名及其在网络安全中的应用等主题中。本精讲涵盖从凯撒密码到 RSA 和 TLS 的所有关键概念、算法和实际示例,帮助你备考无忧。
1. Encryption Fundamentals | 加密基础
Encryption is the process of encoding a message so that only authorised parties can read it. The original readable data is called plaintext, and the scrambled output is ciphertext. A cipher is the algorithm used to perform encryption and decryption, typically governed by a key. The primary goal is confidentiality, but encryption also supports integrity and authentication when combined with other techniques.
加密是对消息进行编码的过程,使得只有授权方能够读取。原始可读数据称为明文,打乱后的输出称为密文。密码(cipher)是用于加密和解密的算法,通常由密钥控制。主要目标是机密性,但与其他技术结合时,加密也支持完整性和身份验证。
2. Caesar Cipher | 凯撒密码
The Caesar cipher is a substitution cipher where each letter in the plaintext is shifted a fixed number of places down the alphabet. For example, with a shift of 3, ‘A’ becomes ‘D’, ‘B’ becomes ‘E’, etc. The algorithm can be expressed as En(x) = (x + n) mod 26 for letters mapped to 0–25. Although trivial to break with frequency analysis or brute-force (only 25 possible shifts), it illustrates the concepts of key (shift value) and substitution.
凯撒密码是一种替换密码,明文中的每个字母在字母表中向后移动固定位数。例如,移位值为3时,’A’变成’D’,’B’变成’E’,等等。算法可表示为 En(x) = (x + n) mod 26(将字母映射到0–25)。虽然通过频率分析或暴力破解(只有25种可能移位)很容易攻破,但它说明了密钥(移位值)和替换的概念。
3. Vigenère Cipher | 维吉尼亚密码
The Vigenère cipher improves upon Caesar by using a keyword to determine multiple shift values. Each letter of the keyword specifies a shift for the corresponding position in the plaintext. Encryption: Ci = (Pi + Ki) mod 26, where Ki is the key letter value. This polyalphabetic approach defeats simple frequency analysis, but the Kasiski examination can reveal the key length, making it breakable with enough ciphertext.
维吉尼亚密码通过使用关键字来确定多个移位值,改进了凯撒密码。关键字的每个字母指定明文对应位置的移位。加密公式:Ci = (Pi + Ki) mod 26,其中 Ki 是密钥字母的值。这种多表密码方法挫败了简单的频率分析,但卡西斯基测试可以揭示密钥长度,因此在有足够密文时仍可破解。
4. Symmetric Encryption: Stream and Block Ciphers | 对称加密:流密码与分组密码
Symmetric encryption uses a single shared secret key for both encryption and decryption. It is fast and efficient for bulk data. Two main types exist: stream ciphers encrypt data one bit or byte at a time (e.g., RC4), while block ciphers operate on fixed-size blocks (e.g., 128-bit) using modes like ECB or CBC. AES (Advanced Encryption Standard) is the most widely used block cipher today. Key distribution remains the critical weakness: securely sharing the key between parties is challenging.
对称加密使用一个共享的秘密密钥进行加密和解密。它对批量数据快速高效。主要分为两类:流密码逐位或逐字节加密数据(如 RC4),分组密码(如 128 位)则对固定大小的数据块操作,采用 ECB 或 CBC 等模式。AES(高级加密标准)是当今使用最广泛的分组密码。密钥分发是其主要弱点:在通信方之间安全共享密钥具有挑战性。
5. Asymmetric Encryption and Public-Key Cryptography | 非对称加密与公钥密码学
Asymmetric encryption uses a pair of mathematically related keys: a public key for encryption and a private key for decryption. Anyone can encrypt a message with the recipient’s public key, but only the holder of the private key can decrypt it. This solves the key distribution problem inherent in symmetric systems. RSA is the classic asymmetric algorithm, based on the difficulty of factoring large composite numbers. Asymmetric encryption is computationally expensive, so it is often used to exchange symmetric keys rather than encrypt entire messages.
非对称加密使用一对数学相关的密钥:公钥用于加密,私钥用于解密。任何人都可以用接收方的公钥加密消息,但只有拥有私钥的人才能解密。这解决了对称系统中的密钥分发问题。RSA 是经典的非对称算法,基于大合数分解的困难性。非对称加密计算开销大,因此常用于交换对称密钥,而非加密整个消息。
6. RSA Algorithm in Detail | RSA 算法详解
RSA key generation: choose two large primes p and q; compute n = p × q and φ(n) = (p–1)(q–1). Select e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1. Find d where d × e mod φ(n) = 1. Public key is (e, n); private key is (d, n). Encryption: C = Me mod n. Decryption: M = Cd mod n. The security relies on the infeasibility of deriving d from e and n without knowing p and q. A-Level candidates should be able to perform simple RSA calculations with small primes.
RSA 密钥生成:选择两个大素数 p 和 q;计算 n = p × q 和 φ(n) = (p–1)(q–1)。选择 e,满足 1 < e < φ(n) 且 gcd(e, φ(n)) = 1。找到 d,使 d × e mod φ(n) = 1。公钥为 (e, n),私钥为 (d, n)。加密:C = Me mod n。解密:M = Cd mod n。安全性基于在不知 p 和 q 的情况下从 e 和 n 推导 d 的不可行性。考生应能使用小素数进行简单的 RSA 计算。
7. Hashing and Message Integrity | 哈希与消息完整性
A hash function maps input data of arbitrary size to a fixed-size digest. Cryptographic hash functions like SHA-256 are one-way (preimage resistant), deterministic, and collision-resistant. Hashing is not encryption; it cannot be reversed. Common uses include verifying file integrity and storing passwords. In password systems, a salt (random data) is added before hashing to thwart rainbow table attacks.
哈希函数将任意大小的输入数据映射为固定大小的摘要。像 SHA-256 这样的密码学哈希函数具有单向性(抗原像)、确定性和抗碰撞性。哈希不是加密,不可逆。常见用途包括验证文件完整性和存储密码。在密码系统中,加盐(随机数据)后再哈希,以挫败彩虹表攻击。
8. Digital Signatures | 数字签名
A digital signature provides authentication, non-repudiation, and integrity. It is created by hashing the message and then encrypting the hash with the sender’s private key. The recipient decrypts the signature using the sender’s public key and compares the hash with a freshly computed hash of the message. If they match, the message is verified as authentic and unaltered. This process leverages both hashing and asymmetric encryption.
数字签名提供身份验证、不可否认性和完整性。它先对消息进行哈希,然后用发送方的私钥加密哈希值。接收方使用发送方的公钥解密签名,并将哈希值与对消息重新计算的哈希进行比较。如果匹配,则消息被验证为真实且未被篡改。该过程同时运用了哈希和非对称加密。
9. Hybrid Encryption in Practice | 实践中的混合加密
Modern systems combine symmetric and asymmetric encryption for efficiency and security. A symmetric session key is generated for the bulk data exchange (e.g., using AES), and that session key is encrypted with the recipient’s RSA public key. The recipient uses their RSA private key to recover the session key, then decrypts the message with symmetric decryption. This hybrid approach underpins protocols like TLS and PGP.
现代系统结合对称和非对称加密以兼顾效率与安全性。生成一个对称会话密钥用于批量数据交换(例如使用 AES),并用接收方的 RSA 公钥加密该会话密钥。接收方使用自己的 RSA 私钥恢复会话密钥,然后用对称解密处理消息。这种混合方法支撑了 TLS 和 PGP 等协议。
10. SSL/TLS and Secure Communication | SSL/TLS 与安全通信
Transport Layer Security (TLS) is the successor to SSL and secures web traffic (HTTPS). The TLS handshake establishes a secure connection through the following steps: the client and server agree on cipher suites; the server sends its digital certificate containing its public key; the client generates a pre-master secret, encrypts it with the server’s public key; both parties derive symmetric session keys. Data is then encrypted with those symmetric keys, ensuring confidentiality and integrity.
传输层安全(TLS)是 SSL 的后继者,用于保护 Web 流量(HTTPS)。TLS 握手通过以下步骤建立安全连接:客户端和服务器协商密码套件;服务器发送包含其公钥的数字证书;客户端生成预主密钥,并用服务器的公钥加密;双方导出对称会话密钥。随后数据使用这些对称密钥加密,确保机密性和完整性。
11. Vulnerabilities and Cryptanalysis | 漏洞与密码分析
No encryption scheme is invulnerable. Common attacks include brute-force (exhaustive key search), frequency analysis for weak ciphers, man-in-the-middle (MITM) attacks on key exchange, and side-channel attacks that exploit implementation flaws. Modern standards require large key sizes (e.g., RSA 2048-bit or higher, AES-256) to resist brute force. Proper certificate validation and perfect forward secrecy are essential to defend against protocol-level attacks.
没有哪种加密方案是无懈可击的。常见攻击包括暴力破解(穷举密钥搜索)、针对弱密码的频率分析、针对密钥交换的中间人攻击,以及利用实现缺陷的侧信道攻击。现代标准要求足够大的密钥尺寸(例如 RSA 2048 位或更高,AES-256)以抵御暴力破解。正确的证书验证和前向保密对于防御协议级攻击至关重要。
12. Exam Tips and Typical Questions | 考试技巧与典型题型
Edexcel exam questions often ask you to encrypt/decrypt using Caesar or Vigenère given a shift or keyword, perform simple RSA calculations (e.g., encrypt M=2 with public key (e=5, n=21) and decrypt), explain differences between symmetric and asymmetric encryption, describe a TLS handshake, or discuss the role of hashing and digital signatures. Practice step-by-step modular arithmetic, and always show modulus operations clearly. Marks are awarded for method as well as correct answers.
Edexcel 考题常要求根据给定移位或关键字进行凯撒或维吉尼亚加解密,执行简单的 RSA 计算(例如用公钥 e=5, n=21 加密 M=2 并解密),解释对称与非对称加密的区别,描述 TLS 握手,或讨论哈希和数字签名的作用。请练习逐步模运算,并始终清晰展示取模操作。评分既看方法也看结果。
Published by TutorHao | Computer Science Revision Series | aleveler.com
更多咨询请联系16621398022(同微信)
屏轩国际教育cambridge primary/secondary checkpoint, cat4, ukiset,ukcat,igcse,alevel,PAT,STEP,MAT, ibdp,ap,ssat,sat,sat2课程辅导,国外大学本科硕士研究生博士课程论文辅导