先进加密标准

先进加密标准 Advanced Encryption Standard For the past three years,the National Institute of Standards and Technology (NIST) has been working to develop a new encryption standard to keep government information secure.The organization is in the final stages of an open process of selecting one or more algorithms,or data-scrambling formulas,for the new Advanced Encryption Standard (AES) and plans to make adecision by late summer or early fall.The standard is slated to go into effect next year. AES is intended to be a stronger,more efficient successor to Triple Data Encryption Standard(3DES),which replaced the aging DES,which was cracked in less than three days in July 1998. “ Until we have the AES,3DES will still offer protection for years to come.So there is no need to immediately switch over,”says Edward Roback, acting chief of the computer security division at NIST and chairman of the AES selection committee.“What AES will offer is a more efficient algorithm.It will be a federal standard,but it will be widely implemented in the IT community.” According to Roback,efficiency of the proposed algorithms is measured by how fast they can encrypt and decrypt information,how fast they can present an encryption key and how much information they can encrypt. The AES review committee is also looking at how much space the algorithm takes up on a chip and how much memory it requires.Roback says the selection of a more efficient AES will also result in cost savings and better use of resources. “ DES was designed for hardware implementations,and we are now living in a world of much more efficient software,and we have learned an awful lot about the design of algorithms,”says Roback.“When you start multiplying this with the billions of implementations done daily,the saving on overhead on the networks will be enormous.” The process of selecting the algorithm for AES has been notable for its openness and transparency.This is a marked departure from the government's past inclination toward secrecy in discussing encryption standards,which led to the public cracking of DES after critics questioned the government's assertion that the standard was still secure. NIST kicked off the selection process in September 1997.Conferences were held in August 1998 and March 1999; cryptographers from around the world discussed the algorithm candidates and helped narrow the list to 15 and then to five finalists: IBM's MARS; RSA Laboratories* RC6; Joan Daemen and Vincent Rijmen's Rijndael; Ross Andersen,Eli Baham and Lars Knudsen's Serpent; and Counterpane Labs* Twofish. While most evaluators of the algorithms want to avoid complexity by selecting one to serve as a standard,there's a minority that wants to select more than one. 在过去三年中，(美国)国家标准与技术局(NIST)已在研究开发一种新的加 密标准，以确保政府的信息安全。该组织目前正处于为新的先进加 密标准 (AES)选择一龌蚣父鏊惴 ɑ 蚴?荽蚵夜?降目?殴?痰淖詈蠼锥危?⒓ 苹?谙哪┗蚯 锍踝鞒鼍龆 ā4 吮曜寄诙?髂晔凳??/p>p> AES 预定为比三层数据加密标准(3DES)更强、更高效的后续标准，3DES 替代了老化的 DES 加密标准，DES 在 1998 年 7 月在不到三天的时间内就 被 破译了。 NIST 计算机安全部的代理主管兼 AES 选择委员会主席 Edward Roback 说 ：“在我们拥有 AES 之前，3DES 还将在今后几年提供保护。所以没有必要 马上转换。AES 所提供的是一种更有效的算法。它将是一项联邦标准，但它 将在 IT 界 广泛实施。” 据 Roback 称，提议中的算法的效率是通过对信息加密和解密有多快、 给出加密密钥有多快以及能对多少信息加密等几个方面进行测量的。 AES 评 价 委 员 会 也 要 看 算 法 占 据 芯 片 上 多 少 空 间 和 需 要 多 少 内 存 。 Roback 说，选择一个更高效的 AES 也会带来成本的节省和资源的更好利用。 Roback 说：“DES 是为硬件实现而设计的，而我们现在处于软件更高效 的世界，我们对算法的设计有极多的了解。当我们开始大规模使用此算法， 每天实现几十亿次的加密时，(算法带来的)网络开销的节省将是巨大的。” 为 AES 选择算法的过程是以其公开性和透明度称著。这标志着政府从以 往讨论加密标准时倾向于保密的做法一刀两断，它导致了政府在断言 DES 标 准仍是安全时被公开破译。 NIST 在 1997 年 9 月开始这个选择过程。1998 年 8 月和 1999 年 3 月召 开了会议，来自全世界的密码专家讨论了候选的算法，帮助把算法缩小到 15 个，最后到了 5 个： IBM 的 MARS 算法， RSA 实验室的 RC6 算法、 Joan Daemen 和 Vincent Rijmen 两 人 的 Rijndael 算 法 、 Eli Baham 和 Lars Knudsen 两人的 Serpent 算法以及 Counterpane 实验室的 Twofish 算法。 大多数算法鉴定者都选择一个作标准以避免复杂性，但也有一小部分人 要选择多个算法。 数据通信系统 Data Communication Systems There are five basic types of data communication system: Off-line data transmission is simply the use of a telephone or similar link to transmit data without involving a computer system.The equipment used at both ends of such a link is not part of a computer, or at least does not immediately make the data available for computer process, that is, the data when sent and/p>or received are 'off-line'. This type of data communication is relatively cheap and simple. Remote batch is the term used for the way in which data communication technology is used geographically to separate the input and /p>or output of data from the computer on which they are processed in batch mode. On-line data collection is the method of using communications technology to provide input data to a computer as such input arises-the data are then stored in the computer(say on a magnetic disk)and processed either at predetermined intervals or as required. Enquiry-response systems provide, as the term suggests, the facility for a user to extract information from a computer.The enquiry facility is passive, that is, does not modify the information stored.The interrogation may be simple, for example, 'RETRIEVE THE RECORD FOR EMPLOYEE NUMBER 1234' or complex.Such systems may use terminals producing hard copy and /p>or visual displays. Real-time systems are those in which information is made available to and processed by a computer system in a dynamic manner so that either the computer may cause action to be taken to influence events as they occur(for example as in a process control application)or human operators may be influenced by the accurate and up-to-date information stored in the computer, for example as in reservation systems. 有五种基本的数据通信系统： 脱机数据传输是简单地利用电话或类似的链路来传输数据，不包括计算 机系统。这样一条链路两端所使用的设备不是计算机的部件，或至少不是立 刻把数据提供给计算机处理，即数据在发送或接收时是脱机的。这种数据通 信相对来说比较便宜和简单。 远程批处理一词适用于这样一种方法：采用数据通信技术来使数据的输 入和输出在地理上远离按批处理模式处理处理它们的计算机。 联机数据收集指的是用数据通信技术来向计算机即时提供刚产生的输入 数据这种方法。数据于是存储在计算机里(比如磁盘上)，并按预定时间间隔 或者根据需要进行处理。 询问——应答系统，顾名思义，是为用户提供从计算机提取信息的功能。 询问功能是被动的。也就是说，它不修改所存储的信息。提问可以很简单， 例如："检索雇员号码为 1234 的记录"也可以是复杂的。这类系统可能要使 用能产生硬拷贝和(或)可视显示的终端。 实时系统是这样一类系统，其中计算机系统是在动态情况下取得和处理 信息，以便可使计算机采取动作来影响正在发生的事件(比如在过程控制应用 中)或者可通过存储在计算机里的准确且不断更新的信息来影响人(操作员)， 比如在预售系统中。