Encryption Essentials for IB CIE Computer Science | IB CIE 计算机:加密 考点精讲

📚 Encryption Essentials for IB CIE Computer Science | IB CIE 计算机:加密 考点精讲

Encryption is the process of converting plaintext into ciphertext to protect data confidentiality. For IB and CIE Computer Science students, understanding both symmetric and asymmetric encryption, along with hashing and real-world protocols, is essential for mastering the security topic. This article unpacks key concepts, algorithms, and exam-focused details.

加密是将明文转换为密文以保护数据机密性的过程。对于 IB 和 CIE 计算机科学学生来说,理解对称加密和非对称加密、哈希以及现实世界中的协议,是掌握安全主题的关键。本文解析核心概念、算法和考试重点细节。


1. Plaintext, Ciphertext, and Keys | 明文、密文与密钥

Plaintext is the original readable message, while ciphertext is the scrambled output after encryption. A key is a piece of information that determines the functional output of a cryptographic algorithm. Without the correct key, decryption back to plaintext is computationally infeasible in strong systems.

明文是原始的、可读的消息,而密文是加密后得到的乱码输出。密钥是决定密码算法函数输出的一段信息。如果没有正确的密钥,在强加密系统中将密文解密回明文在计算上是不可行的。

In symmetric encryption, the same key is used for both encryption and decryption. In asymmetric encryption, a public key encrypts and a private key decrypts. The key size, measured in bits, directly impacts the strength against brute-force attacks. Modern AES uses 128, 192, or 256 bits.

在对称加密中,加密和解密使用相同的密钥。在非对称加密中,公钥用于加密,私钥用于解密。以比特为单位衡量的密钥大小直接影响抵抗暴力破解攻击的强度。现代 AES 使用 128、192 或 256 位密钥。


2. Symmetric Encryption | 对称加密

Symmetric encryption algorithms use a single shared secret key. The main challenge is securely distributing this key to all communicating parties. If the key is intercepted during transmission, the whole security collapses. Common symmetric ciphers include the stream cipher RC4 and block ciphers like DES and AES.

对称加密算法使用一个共享的秘密密钥。主要的挑战是如何安全地将该密钥分发给所有通信方。如果密钥在传输过程中被截获,整个安全性就崩溃了。常见的对称加密包括流密码 RC4 和分组密码,如 DES 和 AES。

Block ciphers encrypt data in fixed-size blocks (e.g., 128 bits for AES). They use multiple rounds of substitution and permutation to achieve diffusion and confusion, concepts identified by Claude Shannon. Stream ciphers encrypt data one bit or byte at a time, making them suitable for real-time communication.

分组密码以固定大小的数据块(例如 AES 为 128 位)进行加密。它们通过多轮的替换和置换来实现扩散和混淆——这是克劳德·香农提出的概念。流密码一次加密一个比特或一个字节的数据,因此适合实时通信。


3. AES: Advanced Encryption Standard | AES:高级加密标准

AES is the most widely adopted symmetric cipher, standardized by NIST. It operates on 128-bit blocks and supports key lengths of 128, 192, and 256 bits. The algorithm consists of rounds (10, 12, or 14 depending on key size) that involve SubBytes, ShiftRows, MixColumns, and AddRoundKey operations.

AES 是使用最广泛的对称加密算法,由 NIST 标准化。它以 128 位块为单位操作,支持 128、192 和 256 位密钥长度。该算法包含多轮(根据密钥大小分别为 10、12 或 14 轮),每轮包括字节替换、行移位、列混合和轮密钥加操作。

AES uses a substitution-permutation network rather than a Feistel network like DES. It processes the entire block in parallel, which improves performance. The S-box (SubBytes step) is carefully designed to resist linear and differential cryptanalysis. IB and CIE exams may ask for the features of AES or a comparison with older DES.

AES 使用替换-置换网络,而不是像 DES 那样的 Feistel 网络。它并行处理整个数据块,从而提高了性能。S 盒(字节替换步骤)经过精心设计,以抵抗线性分析和差分分析。IB 和 CIE 考试可能会要求说明 AES 的特点或与旧版 DES 进行对比。


4. DES and Triple DES | DES 与三重 DES

DES (Data Encryption Standard) is an older block cipher using a 56-bit key and 64-bit blocks. Its short key length makes it vulnerable to brute-force attacks today. DES applies 16 rounds of a Feistel structure, which splits the block into two halves, processes one half through a function, and swaps them.

DES(数据加密标准)是一种较老的分组密码,使用 56 位密钥和 64 位数据块。其密钥长度较短,使得它在今天容易受到暴力破解攻击。DES 执行 16 轮 Feistel 结构,该方法将数据块分成两半,其中一半通过一个函数处理,然后交换。

Triple DES (3DES) applies the DES algorithm three times with two or three different keys, giving an effective key length of 112 or 168 bits. It remains backward-compatible but is slower than AES. CIE specifications mention DES as an example of a symmetric algorithm; 3DES is a stopgap before AES adoption.

三重 DES(3DES)使用两个或三个不同的密钥,将 DES 算法应用三次,从而提供 112 或 168 位的有效密钥长度。它保持了向后兼容性,但比 AES 慢。CIE 大纲将 DES 作为对称算法的一个例子提及;3DES 是 AES 被广泛采用之前的权宜之计。


5. Asymmetric Encryption | 非对称加密

Asymmetric encryption, also called public-key cryptography, uses two mathematically related keys: a public key for encryption and a private key for decryption. Anyone can encrypt a message with the recipient’s public key, but only the holder of the corresponding private key can decrypt it. This solves the key distribution problem of symmetric encryption.

非对称加密,又称公钥密码体制,使用两个数学上相关的密钥:公钥用于加密,私钥用于解密。任何人都可以用接收者的公钥加密消息,但只有对应的私钥持有者才能解密。这解决了对称加密的密钥分发问题。

The security relies on mathematical trapdoor functions, such as factoring large composite numbers (RSA) or computing discrete logarithms (Diffie-Hellman). Asymmetric encryption is computationally heavier than symmetric encryption, so real systems often use it to exchange a symmetric session key.

其安全性依赖于数学上的陷门函数,例如大数分解难题(RSA)或离散对数问题(Diffie-Hellman)。非对称加密的计算量比对称加密大,因此实际系统通常用它来交换对称会话密钥。


6. RSA Algorithm | RSA 算法

RSA is the most common asymmetric algorithm. Key generation: choose two large primes p and q; compute n = p × q; compute φ(n) = (p-1)(q-1); choose e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; compute d as the modular inverse of e modulo φ(n). Public key is (n, e); private key is (n, d).

RSA 是最常见的非对称算法。密钥生成:选择两个大素数 p 和 q;计算 n = p × q;计算 φ(n) = (p-1)(q-1);选择 e 使得 1 < e < φ(n) 且 gcd(e, φ(n)) = 1;计算 d 作为 e 模 φ(n) 的模逆。公钥为 (n, e);私钥为 (n, d)。

Encryption: ciphertext C = Me mod n. Decryption: M = Cd mod n. The security is based on the practical difficulty of factoring the large number n. Exam questions often ask students to perform simple RSA operations with small numbers or to explain the role of e and d.

加密:密文 C = Me mod n。解密:M = Cd mod n。其安全性基于对大数 n 进行因式分解的实际困难性。考试题目常常要求学生用较小的数字进行简单的 RSA 运算,或解释 e 和 d 的作用。


7. Diffie-Hellman Key Exchange | Diffie-Hellman 密钥交换

Diffie-Hellman (DH) allows two parties to agree on a shared secret over an insecure channel without prior secrets. They agree on a large prime p and a generator g. Each party chooses a private number (a and b), computes a public value (ga mod p and gb mod p), and exchanges them.

Diffie-Hellman(DH)允许双方在不安全的信道上,在没有预先秘密的情况下协商出一个共享秘密。双方商定一个大素数 p 和一个生成元 g。每一方选择一个私有数字(a 和 b),计算一个公开值(ga mod p 和 gb mod p),并交换这些值。

The shared secret is computed as (gb)a mod p = (ga)b mod p. An eavesdropper sees only ga and gb; deriving a or b is the discrete logarithm problem. DH is used in TLS handshakes. CIE syllabus includes DH as a method for exchanging keys securely.

共享秘密计算为 (gb)a mod p = (ga)b mod p。窃听者只能看到 ga 和 gb;要推导出 a 或 b 是离散对数问题。DH 用于 TLS 握手过程中。CIE 大纲将 DH 列为安全交换密钥的方法之一。


8. Hashing and Message Integrity | 哈希与消息完整性

A hash function maps data of arbitrary size to a fixed-size hash value (digest). It is deterministic, quick to compute, and infeasible to reverse. Cryptographic hash functions also require collision resistance: it should be extremely hard to find two different inputs that produce the same hash output.

哈希函数将任意大小的数据映射为固定大小的哈希值(摘要)。它是确定性的、计算速度快,且不可逆。密码学哈希函数还要求具有抗碰撞性:极难找到两个不同的输入产生相同的哈希输出。

Common hash functions include SHA-256 (part of SHA-2 family) and the older MD5 and SHA-1, which are now considered broken for security due to collision attacks. Hashes are used for password storage (with salt), digital signatures, and file integrity verification.

常见的哈希函数包括 SHA-256(SHA-2 系列的一部分)以及较老的 MD5 和 SHA-1,它们由于碰撞攻击,如今被认为是不安全的。哈希用于密码存储(加盐)、数字签名和文件完整性验证。


9. Digital Signatures and Certificates | 数字签名与证书

A digital signature is created by encrypting the hash of a message with the sender’s private key. The recipient decrypts it with the sender’s public key and compares it with a freshly computed hash of the message. If they match, the signature verifies both the sender’s identity and message integrity.

数字签名是通过使用发送者的私钥加密消息的哈希值来生成的。接收者用发送者的公钥解密,并将其与重新计算的消息哈希值进行比较。如果匹配,签名就验证了发送者的身份和消息的完整性。

Digital certificates bind a public key to an identity (e.g., a domain name). They are issued by Certificate Authorities (CAs) and used in TLS to prevent man-in-the-middle attacks. The X.509 standard format is typical. IB exams ask about the purpose of certificates and the role of CAs.

数字证书将公钥与一个身份(例如域名)绑定。证书由证书颁发机构(CA)签发,并在 TLS 中用于防止中间人攻击。X.509 标准格式是典型的。IB 考试会问及证书的用途以及 CA 的角色。


10. TLS and Real-World Encryption | TLS 与现实世界加密

Transport Layer Security (TLS) provides confidentiality, integrity, and authentication for internet communication. A TLS handshake uses asymmetric cryptography (e.g., RSA or ECDHE) to authenticate the server and agree on a symmetric session key for bulk data encryption with AES.

传输层安全(TLS)为互联网通信提供机密性、完整性和身份验证。TLS 握手使用非对称加密(如 RSA 或 ECDHE)来认证服务器,并协商用于批量数据加密的对称会话密钥(如 AES)。

After the handshake, all application data is encrypted with the symmetric session key using an authenticated encryption mode such as AES-GCM. TLS also uses hash functions for integrity checking. The protocol illustrates how symmetric and asymmetric encryption and hashing are integrated in practice.

握手之后,所有应用数据都使用经过认证的加密模式(如 AES-GCM),并借助对称会话密钥进行加密。TLS 也使用哈希函数进行完整性校验。该协议展示了对称加密、非对称加密和哈希在实践中是如何结合使用的。


11. Common Attack Vectors | 常见攻击途径

Brute-force attacks try all possible keys; mitigated by long keys. Man-in-the-middle (MITM) attacks intercept communication; prevented by certificate verification. Phishing tricks users into revealing keys or passwords. Replay attacks resend captured data; counters use timestamps or nonces (numbers used once).

暴力破解攻击尝试所有可能的密钥;可以通过长密钥减轻。中间人攻击(MITM)截取通信;可通过证书验证来防止。网络钓鱼诱导用户泄露密钥或密码。重放攻击重新发送被捕获的数据;对策是使用时间戳或一次性随机数。

Side-channel attacks exploit physical information like timing or power consumption to deduce keys. Frequency analysis attacks exploit patterns in ciphertext but are ineffective against modern substitution-permutation algorithms. Understanding attack vectors helps students appreciate the importance of correct implementation.

侧信道攻击利用时间或功耗等物理信息来推测密钥。频率分析攻击利用密文中的模式,但对现代替换-置换算法无效。了解攻击途径有助于学生认识到正确实现的重要性。


12. Exam Tips and Summary | 考试贴士与总结

For CIE and IB questions, structure answers by defining terms clearly, providing examples, and detailing the algorithm steps at the level expected. Students should be able to compare symmetric versus asymmetric encryption, explain the RSA key generation process, and describe TLS handshake stages.

对于 CIE 和 IB 的题目,回答问题时要清晰地定义术语,提供例子,并按照考试要求的层次详细说明算法步骤。学生应能够比较对称加密与非对称加密,解释 RSA 密钥生成过程,并描述 TLS 握手阶段。

Diagrams can illustrate public-key exchange, digital signatures, and TLS flows. Practice simple RSA and Diffie-Hellman calculations. Remember that hashing is one-way, while encryption is reversible. The interplay of these primitives forms the backbone of modern cybersecurity systems.

图解可以说明公钥交换、数字签名和 TLS 流程。练习简单的 RSA 和 Diffie-Hellman 计算。记住哈希是单向的,而加密是可逆的。这些原语的相互作用构成了现代网络安全系统的基础。

Published by TutorHao | Computer Science Revision Series | aleveler.com

更多咨询请联系16621398022(同微信)

Comments

屏轩国际教育cambridge primary/secondary checkpoint, cat4, ukiset,ukcat,igcse,alevel,PAT,STEP,MAT, ibdp,ap,ssat,sat,sat2课程辅导,国外大学本科硕士研究生博士课程论文辅导

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from aleveler.com

Subscribe now to keep reading and get access to the full archive.

Continue reading