Cryptographic means of information protection. Cryptography: Basic knowledge of the science of encryption Encryption cryptographic means of information security

Throughout its history, man has felt the need to encrypt certain information. It is not surprising that an entire science grew out of this need - cryptography. And if previously cryptography for the most part served exclusively state interests, then with the advent of the Internet its methods have become the property of private individuals and are widely used by hackers, freedom of information activists and anyone who wants to encrypt their data on the network to one degree or another.

FURFUR is starting a series of articles about cryptography and how to use it. The first material is introductory: history of the issue and basic terms.

Formally, cryptography (from Greek - “secret writing”) is defined as a science that ensures the secrecy of a message. The pioneer who wrote the first scientific work on cryptography is considered to be Aeneas Tacticus, who completed his earthly journey long before the birth of Christ. India and Mesopotamia also tried to encrypt their data, but the first reliable security systems were developed in China. Ancient Egyptian scribes often used sophisticated writing techniques to draw attention to their texts. Most often, information encryption was used for military purposes: the Scytale cipher, used by Sparta against Athens in the 5th century BC, is widely known. e.

Cryptography actively developed in the Middle Ages, and numerous diplomats and merchants used encryption. One of the most famous ciphers of the Middle Ages is the Codex Copiale, an elegantly designed manuscript with watermarks that has not yet been deciphered. The Renaissance became the golden age of cryptography: it was studied by Francis Bacon, who described seven methods of hidden text. He also proposed a binary encryption method, similar to that used in computer programs in our time. The emergence of the telegraph had a significant impact on the development of cryptography: the very fact of data transmission was no longer secret, which forced senders to focus on data encryption.

During World War I, cryptography became an established combat tool. The unraveling of enemy messages led to stunning results. The interception of a telegram from German Ambassador Arthur Zimmermann by American intelligence agencies led to the United States entering hostilities on the side of the Allies.

The Second World War served as a catalyst for development computer systems- through cryptography. The encryption machines used (the German Enigma, the English Turing Bomb) clearly showed the vital importance of information control. In the post-war era, many governments imposed a moratorium on the use of cryptography. Key works were published exclusively in the form of secret reports - such as, for example, Claude Shannon's book “The Theory of Communications in Secret Systems,” which approached cryptography as a new mathematical science.

The government monopoly only collapsed in 1967 with the publication of David Kahn's book, The Code Breakers. The book examined in detail the entire history of cryptography and cryptanalysis. After its publication, other works on cryptography began to appear in the open press. At the same time, a modern approach to science was formed, and the basic requirements for encrypted information were clearly defined: confidentiality, untraceability and integrity. Cryptography has been divided into two interacting parts: cryptosynthesis and cryptanalysis. That is, cryptographers provide information security, and cryptanalysts, on the contrary, look for ways to hack the system.

Wehrmacht Enigma ("Enigma")

Cipher machine of the Third Reich. Code created using Enigma
considered one of the strongest used in World War II.

Turing Bombe

A decoder developed under the direction of Alan Turing. Its use
allowed the Allies to split the seemingly monolithic Enigma code.

Modern methods of using cryptography

Appearance accessible internet took cryptography to a new level. Cryptographic techniques have become widely used by individuals in electronic commerce, telecommunications, and many other environments. The first gained particular popularity and led to the emergence of a new, non-state-controlled currency - Bitcoin.

Many enthusiasts quickly realized that a bank transfer is, of course, convenient, but it is not suitable for purchasing such pleasant everyday things as weapons or “substances”. It is also not suitable for advanced cases of paranoia, because it requires mandatory authentication from the recipient and the sender.

An analog calculation system was proposed by one of the “cypherpunks” discussed below, the young programmer Wei Dai. Already in 2009, Satoshi Nakamoto (whom many sacredly consider to be an entire hacker group) developed payment system new type - BitCoin. This is how cryptocurrency was born. Its transactions do not require an intermediary in the form of a bank or other financial institution, and they cannot be tracked. The network is completely decentralized, bitcoins cannot be frozen or seized, and they are completely protected from government control. At the same time, Bitcoin can be used to pay for any goods - subject to the consent of the seller.

New electronic money is produced by users themselves, who provide the computing power of their machines to operate the entire BitCoin system. This type of activity is called mining. Mining alone is not very profitable; it is much easier to use special servers - pools. They combine the resources of several participants into one network and then distribute the resulting profits.

The largest platform for buying and selling bitcoins is the Japanese Mt. Gox, through which 67% of transactions in the world are carried out. Avid anonymous users prefer the Russian BTC-E: registration here does not require user identification. The cryptocurrency rate is quite unstable and is determined only by the balance of supply and demand in the world. A warning to beginners is the well-known story of how 10 thousand units spent by one of the users on pizza turned into 2.5 million dollars after some time.

“The main problem with conventional currency is that it requires trust. The central bank requires trust in itself and its currency, but the history of fiat money is full of examples of the erosion of trust. With the advent of electronic currency based on reliable cryptography, we no longer need to trust the “honest uncle”, our money can be securely stored, and its use becomes simple and convenient.”

Satoshi Nakamoto, hacker

Terminology

The main operators are the original message ( plaintext, plaintext) and its modification (ciphertext, ciphertext). Decryption is the process of transforming ciphertext into plaintext. For a novice cryptographer, it is important to remember a few other terms:

ALICE, EVE AND BOB (ALICE)

Certain names of the game participants help reduce the description of the crypto protocol to a mathematical formula: Alice and Bob. The enemy in the current cryptosystem is designated as Eve (eavesdropper - eavesdropper). In rare cases, the name changes, but the enemy always remains feminine.

AUTONOMOUS ELECTRONIC PAYMENT SYSTEM (OFF-LINE E-CASH SYSTEM)

Thanks to it, the buyer and seller can work directly, without the participation of the issuing bank. The disadvantage of this system is the additional transaction that the seller makes, transferring the received money to his bank account.

ANONYMOUS (ANONYMITY)

This concept means that participants in the action can work confidentially. Anonymity can be absolute or revocable (in systems that involve the participation of a third party, an arbiter). The arbiter may, under certain conditions, identify any player.

ADVERSARY

Intruder. It seeks to breach the privacy perimeter of the protocol. In general, participants using the crypto protocol perceive each other as potential opponents - by default.

HONEST PARTY

An honest player who has the necessary information and strictly follows the system protocol.

TRUST CENTER (AUTHORITY (TRUSTED AUTHORITY))

A kind of arbiter who enjoys the trust of all participants in the system. Necessary as a precautionary measure to ensure that participants adhere to the agreed protocol.

BIG BROTHER

Yes, that's it. Big Brother's actions are not controlled or monitored by other participants in the crypto protocol. It is impossible to prove Big Brother's foul play, even if everyone is sure of it.

Anonymity

Novice privacy enthusiasts stay incognito using special sites - web proxies. They do not require separate software and don’t clutter the user’s head with complicated settings. The user enters the desired address not in the browser, but in the address bar of the anonymizer website. He processes the information and transmits it on his own behalf. At the same time, such a server gets a wonderful opportunity to copy the data passing through it. In most cases, this is what happens: information is never superfluous.

Advanced anonymous people prefer to use more serious means. For example, Tor (The Onion Router). This service uses a whole chain of proxy servers, which is almost impossible to control due to its branching. The multi-layer (in slang - onion) routing system provides Tor users with a high level of data security. In addition, The Onion Router interferes with the analysis of traffic passing through it.

Cypherpunk

The term was first used by the famous hacker Jude Milhon in reference to programmers who were overly keen on the idea of ​​anonymity. The main idea of ​​cypherpunk is the ability to ensure anonymity and security on the network by the users themselves. This can be achieved through open cryptographic systems, which are mostly developed by cypherpunk activists. The movement has an implicit political overtones; most of the participants are close to crypto-anarchism and many libertarian social ideas. The most famous representative of cypherpunk is Julian Assange, who founded WikiLeaks to the delight of all world powers. Cypherpunks have an official manifesto.

"New big game- this is by no means a war for oil pipelines... The new world treasure is control
over gigantic data streams connecting entire continents and civilizations, linking into a single whole the communications of billions of people and organizations"

Julian Assange

Julian Assange

On its portal, WikiLeaks publicly demonstrated to everyone the underbelly of many government structures. Corruption, war crimes, top-secret secrets - in general, everything that an active libertarian could get his hands on became public knowledge. In addition, Assange is the creator of an infernal cryptosystem called “Deniable encryption”. This is a way of arranging encrypted information that allows for plausible deniability of its presence.

Bram Cohen

American programmer, originally from sunny California. To the delight of the whole world, he came up with the BitTorrent protocol, which is still used to this day without success.

CIPF (means cryptographic protection information) is a program or device that encrypts documents and generates an electronic signature (ES). All operations are performed using a key electronic signature, which cannot be selected manually, since it is a complex set of characters. This ensures reliable information protection.

How CIPF works

1. The sender creates a document
2. Using CIPF and a private key, the electronic signature adds a signature file, encrypts the document and combines everything into a file that is sent to the recipient
3. The file is sent to the recipient
4. The recipient decrypts the document using CIPF and the private key of his electronic signature
5. The recipient checks the integrity of the electronic signature, making sure that no changes have been made to the document

Types of CIPF for electronic signature

There are two types of cryptographic information protection tools: installed separately and built into the media.

CIPF installed separately is a program that is installed on any computer device. Such CIPF are used everywhere, but have one drawback: they are strictly tied to one workplace. You will be able to work with any number of electronic signatures, but only on the computer or laptop on which CIPF is installed. To work for different computers, you will have to buy an additional license for each.

When working with electronic signatures, the cryptoprovider CryptoPro CSP is most often used as the installed CIPF. The program works on Windows, Unix and others operating systems, supports domestic safety standards GOST R 34.11-2012 and GOST R 34.10-2012.

Other cryptographic information protection systems are used less frequently:

1. Signal-COM CSP
2. LISSI-CSP
3. VipNet CSP

All listed CIPFs are certified by the FSB and FSTEC and comply with security standards adopted in Russia. For full operation they also require the purchase of a license.

CIPF built into the media, are encryption tools built into the device that are programmed to work independently. They are convenient due to their self-sufficiency. Everything you need to sign an agreement or report is already on the media itself. There is no need to buy licenses or install additional software. A computer or laptop with Internet access is sufficient. Encryption and decryption of data is carried out within the media. Media with built-in CIPF include Rutoken EDS, Rutoken EDS 2.0 and JaCarta SE.

Listen... could you, for our common benefit, print out every letter that arrives at your post office, incoming and outgoing, you know, a little bit and read it: does it contain some kind of report or just correspondence... .

N.V. Gogol “The Inspector General”

Ideally, only two people should be able to read a confidential letter: the sender and the one to whom it is addressed. The formulation of such a seemingly very simple thing was Starting point cryptographic protection systems. The development of mathematics gave impetus to the development of such systems.

Already in the 17th-18th centuries, ciphers in Russia were quite sophisticated and resistant to cracking. Many Russian mathematicians worked on creating or improving encryption systems and at the same time tried to find keys to the ciphers of other systems. Currently, several Russian encryption systems can be noted, such as Lexicon Verba, Secret Net, DALLAS LOCK, Secret Disk, the Accord family of products, etc. We will talk about them. You will also get acquainted with the main software and hardware cryptographic protection complexes, learn about their capabilities, strengths and weaknesses. We hope that this article will help you make a choice of a cryptoprotection system.

Are you concerned that important information on your computer might fall into the wrong hands? This information can be used by competitors, regulatory authorities, and simply ill-wishers. Obviously, such actions can cause you significant damage. What to do? In order to protect your information from strangers, you need to install one of the data encryption programs. Our review is devoted to the analysis of encryption systems for desktop systems. It should be noted that the use of foreign encryption systems in Russia is severely limited for a number of reasons, so government organizations and large domestic companies are forced to use Russian developments. However, medium and small companies, as well as individuals, sometimes prefer foreign systems.

To the uninitiated, encrypting information looks like a bit of black magic. Indeed, encrypting messages to hide their contents from outsiders is a complex mathematical problem. In addition, the cipher must be selected in such a way that it is almost impossible to open it without a key, but with a key - quickly and easily. Many companies and organizations find it very difficult to do optimal choice when installing encryption programs. The matter is further complicated by the fact that there are no absolutely secure computers and absolutely reliable encryption systems. However, there are still enough ways to repel almost all attempts to reveal encrypted information.

Encryption programs differ from each other in the encryption algorithm. Having encrypted the file, you can write it to a floppy disk, send it via e-mail or put it on a server in your local network. The recipient of your encryption must have the same encryption program to read the contents of the file.

If you want to send an encrypted message to several users at the same time, then your information for each recipient can be encrypted using his own key or using a shared key for all users (including the message author).

The cryptographic security system uses a secret code to turn your information into a meaningless, pseudo-random string of characters. With a good encryption algorithm, it is almost impossible to decrypt a message without knowledge secret code, used for encryption. Such algorithms are called symmetric key algorithms because the same key is used to encrypt and decrypt information.

To protect your data, the encryption program creates a secret key using your password. You just need to set a long password that no one can guess. However, if you want someone else to be able to read the file, you will need to tell that person the secret key (or password it was created from). You can be sure that even a simple encryption algorithm will protect your data from regular user, say, from a work colleague. However, professionals have a number of ways to decrypt a message without knowing the secret code.

Without special knowledge, you will not be able to independently check how reliable your encryption algorithm is. But you can rely on the opinion of professionals. Some encryption algorithms, such as Triple DES (Data Encryption Standard), have been tested for many years. Based on the test results, this algorithm has proven itself well, and cryptographers believe that it can be trusted. Most new algorithms are also carefully studied, and the results are published in specialized literature.

If the program's algorithm has not been openly reviewed and discussed by professionals, if it does not have certificates and other official papers, this is a reason to doubt its reliability and refuse to use such a program.

Another type of encryption system is public key systems. For such a system to work, there is no need to provide the recipient with the secret key (or the password on the basis of which it was created). These encryption systems generate two digital keys for each user: one is used to encrypt data, the other is used to decrypt it. The first key (called the public key) can be published, but the second key can be kept secret. After this, anyone can encrypt the information using the public key, and only those who have the corresponding secret key can decrypt it.

Some encryption programs contain another important security feature - a digital signature. A digital signature certifies that the file has not been modified since it was signed and gives the recipient information about who signed the file. Creation algorithm digital signature is based on calculating a checksum - the so-called hash sum, or message digest. The algorithms used ensure that it is impossible to select two different files, whose hash sums would match.

When the recipient receives a digitally signed file, its encryption program recalculates the hash for that file. The recipient then uses the public key published by the sender to reconstruct the digital signature. If the result matches the value calculated for the file, then the recipient can be confident that the message text has not been altered (if it had, the hash would be different) and the signature belongs to someone who has access to the sender's private key.

Protecting important or confidential information requires not only good program encryption. You need to take a number of measures to ensure information security. If your password is weak (experts recommend setting it to eight or more characters) or if an unencrypted copy of sensitive information is stored on your computer, then even best system encryption will be powerless.

The Lexikon-Verba system is a means of organizing secure electronic document flow both inside corporate network and between different organizations. Lexikon-Verba uses two modifications of the cryptography system: the Verba-W system is intended for government agencies (protection of confidential information, in particular chipboard; signature keys are public, encryption keys are private), the Verba-OW system is for commercial organizations (protection of trade secrets; signature and encryption keys are public).

There are quite a few global encryption standards, but only a small part of them have certificates from the Federal Agency for Government Communications and Information (FAGSI), which makes it impossible to use uncertified solutions in Russia. The Verba-W system has FAPSI certificate No. SF/114-0176. System "Verba-OW" - FAPSI certificate No. SF/114-0174.

Lexikon-Verba provides encryption and electronic digital signature in accordance with the requirements of GOST 28147-89 “Information processing systems. Cryptographic protection" and GOST R34.10-94 " Information technology. Cryptographic information protection. Procedures for developing and verifying an electronic digital signature based on an asymmetric cryptographic algorithm.”

The program is certified by the State Technical Commission under the President Russian Federation. It is expected to receive a certificate from the Russian Ministry of Defense in July.

The system's cryptographic protection is based on the public key encryption technique. Each key that identifies a user consists of two parts: a public key and a private key. The public key can be distributed freely and is used to encrypt a given user's information. To decrypt a document, the user who encrypted it needs to have your public key and, when encrypting it, indicate you as having access to the document.

To decrypt a document, you need to use the private key. The private key consists of two parts, one of which is stored on a smart card or touch-memory, and the other on your computer's hard drive. Thus, neither the loss of the smart card nor unauthorized access to the computer they do not give, each individually, the opportunity to decrypt documents.

Initial key set, including complete information about open and private keys user, is created at a specially equipped protected workplace. The floppy disk with key information is used only at the stage of preparing the user's workstation.

The Lexikon-Verba system can be used within two main systems for organizing secure document flow:

• How independent decision. If your organization has a local network, the system can be installed not on all computers, but only on those that require working with confidential documents. This means that a subnetwork for the exchange of classified information arises within the corporate network. At the same time, participants in the closed part of the system can exchange open documents with other employees;
• as an integral part of document flow. "Lexikon-Verba" has standard interfaces connecting external functions to perform the operations of opening, saving, closing and sending documents, which makes it easy to integrate this system into both existing and newly developed document flow systems.

It should be noted that the properties of the Lexicon-Verba system make it not only a means of providing information protection from external penetrations, but also a means of increasing internal corporate confidentiality and sharing access.

One of the important additional resources for increasing the level of information security control is the ability to maintain an “event log” for any document. The document history recording function can be enabled or disabled only during system installation; when enabled, this log will be maintained regardless of the user’s wishes.

The main advantage and distinctive feature of the system is the simple and intuitive implementation of information security functions while maintaining the user's traditional work environment for word processors.

The cryptography unit performs encryption, as well as installation and removal of electronic digital signatures (EDS) of documents.

Auxiliary functions of the block include loading a secret key, exporting and importing public keys, setting up and maintaining a directory of system subscriber keys.

Thus, each person who has access to the document can only put his own signature, but remove any of the previously signed ones.

This reflects the accepted procedure for office work, when, as the document undergoes approval, it may be subject to corrections at different stages, but after that the document must be endorsed again.

When you try to make changes to a document by means other than Lexikon-Verba, the digital signature is damaged, and as a result, the message “Damaged” will appear in the “Signature Status” field.

As the number of system users increases, entering each public key onto each computer becomes difficult. Therefore, to organize the work of the office, centralized administration of the directory of public keys is organized. This is done as follows:

1) “Lexicon-Verba” is installed on the administrator’s computer in local mode. This creates a directory of public keys, into which the administrator adds each key used in the office;

2) on all other computers the system is installed in network mode. In this mode, the directory of public keys located on the administrator's computer is used;

3) everyone New user entered by the administrator into the directory, becomes “visible” to all users connected to the directory. From this moment on, they are able to transfer encrypted documents to him.

Administration of the directory becomes centralized, but this does not affect the level of security of the system, since providing access to public keys is a kind of “introduction” to users, but it does not provide access to any documents. In order for a user to be able to decrypt a document, it is necessary that his public key not only be in the directory, but also be explicitly indicated as having access to the document.

While researching cryptocurrencies, one day you will inevitably come across the term “cryptography”. In the area of ​​interest to us, cryptography has many functions. These include data protection, use in creating passwords, optimization of the banking system, etc. In this article, we will introduce you to the basics of cryptography and discuss its implications for cryptocurrencies.

History of cryptography

Cryptography is a method of securely hiding information. To disclose information, the reader needs to know how the information was altered or encrypted. If the message has been well encrypted, only the sender and the recipient can read it.

Cryptography is by no means new; it has been around for thousands of years. Historically, cryptography was used to send important messages in order to hide them from prying eyes. The first cryptographic messages were found among the ancient Egyptians, but the confirmed use of ciphers for strategic purposes dates back to the era of Ancient Rome.

According to historians, Julius Caesar used cryptography and even created the so-called Caesar cipher to send secret messages to high-ranking generals. This method of protecting confidential information from unwanted eyes has been used until recent history.

During World War II, the Germans used the Enigma encryption machine to transmit important information. Alan Turing, the mathematical genius after whom the Turing Test was later named, found a way to crack it. Now the breaking of Enigma is considered one of the main turning points in World War II.

Cryptography Basics

The above-mentioned Caesar cipher is one of the simplest ways to encrypt messages and is useful for understanding cryptography. It is also called a shift cipher because it replaces the original letters of the message with other letters that are in a specific position relative to the original letter in the alphabet.

For example, if we encrypt a message using the +3 cipher at English language, then A will become D, and K will become N. If we use the -2 rule, then D will become B, and Z will become X.

read everything on invest in blockchain

This is the simplest example of using cryptography, but any other method is based on similar logic. There is a message that is secret to everyone except the parties concerned, and a process to make that message unreadable to everyone except the sender and recipient. This process is called encryption and consists of two elements:

A cipher is a set of rules that you use to encode information. For example, a shift of X letters in the alphabet in the Caesar cipher example. The cipher does not have to be secret because the message can only be read if the key is available.

Key is a value that describes exactly how to use a set of encryption rules. For a Caesar cipher, this would be the number of letters to shift in alphabetical order, such as +3 or -2. A key is a tool for decrypting a message.

So many people can have access to the same cipher, but without the key they still won't be able to break it.

The process of transmitting a secret message goes as follows:

• Party A wants to send a message to Party B, but it is important to them that no one else reads it;
• Party A uses the key to convert the text into an encrypted message;
• Party B receives the ciphertext;
• Party B uses the same key to decrypt the ciphertext and can now read the message.

Evolution of cryptography

Messages are encrypted to protect their contents. This implies that there will always be parties interested in obtaining this information. As people become more or less successful in deciphering various codes, cryptography is forced to adapt. Modern cryptography has gone far beyond the usual shifting of letters in the alphabet, offering complex puzzles that are becoming more and more difficult to solve every year. Instead of a banal displacement, letters can now be replaced by numbers, other letters and various symbols, passing through hundreds and thousands of intermediate steps.

The digital age has led to an exponential increase in the complexity of encryption. This is because computers brought with them a dramatic increase in computing power. Human brain still remains the most difficult information system, but when it comes to performing calculations, computers are much faster and can process much more information.

Digital era cryptography is related to electrical engineering, computer science, and mathematics. Nowadays, messages are usually encrypted and decrypted using complex algorithms created using combinations of these technologies. However, no matter how strong the encryption, there will always be people working to break it.

Cracking the code

You may notice that even without a key, the Caesar cipher is not that difficult to crack. Each letter can only accept 25 different meanings, and for most values ​​the message is meaningless. With trial and error, you should be able to decipher the message without much effort.

Breaking encryption using all possible variations is called brute force. This type of hack involves selecting everyone possible elements until a solution is found. With increasing computing power, brute force becomes an increasingly realistic threat, the only way to protect against it is to increase the complexity of encryption. The more possible keys, the more difficult it is to brute force access to your data.

Modern ciphers allow trillions of possible keys, making brute force less dangerous. However, it is argued that supercomputers and especially quantum computers will soon be able to break most ciphers through brute force due to their unmatched computing power.

As already mentioned, deciphering messages becomes more and more difficult over time. But nothing is impossible. Any cipher is inherently associated with a set of rules, and the rules in turn can be analyzed. Rule analysis is carried out by a more subtle method of message decryption - frequency analysis.

With the enormous complexity of ciphers these days, effective frequency analysis can only be done using computers, but it is still possible. This method analyzes repeating events and tries to find the key using this information.

Let's look at the Caesar cipher example again to understand this. We know that the letter E is used much more often than other letters in the Latin alphabet. When we apply this knowledge to an encrypted message, we begin to look for the letter that is repeated most often. We find that the letter H is used most often and test our guess by applying a -3 shift to the message. The longer the message, the easier it is to apply frequency analysis to it.

uh

Cryptography and cryptocurrencies

Most cryptocurrencies serve completely different purposes than sending secret messages, but despite this, cryptography plays a key role here. It turns out that the traditional principles of cryptography and the tools used for it have more functions than we used to think.

The most important new features of cryptography are hashing and digital signatures.

Hashing

Hashing is a cryptographic method of converting large amounts of data into short values ​​that are difficult to counterfeit. This is a key component of blockchain technology regarding the security and integrity of data flowing through the system.

This method is mainly used for four processes:

• verification and confirmation of balances in user wallets;
• encoding wallet addresses;
• encoding transactions between wallets;
• mining blocks (for cryptocurrencies that offer this possibility) by creating mathematical puzzles that must be solved in order to mine a block.

Digital signatures

A digital signature is in some ways an analogue of your real signature and serves to confirm your identity online. When it comes to cryptocurrencies, digital signatures represent mathematical functions that are associated with a specific wallet.

Thus, digital signatures are a kind of way to digitally identify a wallet. By attaching a digital signature to the transaction, the owner of the wallet proves to all network participants that the transaction came from him and not from anyone else.

Digital signatures use cryptography to identify a wallet and are secretly linked to the wallet's public and private keys. Your public key is like your bank account, while your private key is your PIN. It doesn't matter who knows your bank account number because the only thing they can do with it is deposit money into your account. However, if they know your PIN, you could be in real trouble.

In blockchain, private keys are used to encrypt a transaction and a public key is used to decrypt it. This is possible because the sending party is responsible for the transaction. The sending party encrypts the transaction with its private key, but it can be decrypted using the recipient's public key because the only purpose of this process is to verify the sender. If the public key fails to decrypt a transaction, it fails.

In such a system, the public key is distributed freely and is secretly associated with the private key. There is no problem if the public key is known, but the private key must always be kept secret. Despite the ratio of the two keys, calculating the private key requires incredible computing power, making hacking financially and technically impossible.

The need to protect the key is the main disadvantage of this system. If someone knows your private key, they will be able to access your wallet and make any transactions with it, which already happened with Bloomberg when one of the employees' keys was shown on TV.

Conclusion

Cryptography in blockchain has many different layers. This article only covers the basics and general principles of using cryptography, but this issue is much deeper than it might seem at first glance.

It is important to understand the relationship between cryptography and blockchain technology. Cryptography makes it possible to create a system in which parties do not need to trust each other, since they can rely on the cryptographic methods used.

Since its inception in 2009, the cryptographic protection of the Bitcoin blockchain has withstood every attempt to falsify data, and there have been countless of them. New cryptocurrencies implement even more secure cryptography methods, some of which are even protected from the brute force of quantum processors, that is, they prevent future threats.

Without cryptography there could not be Bitcoin and cryptocurrencies in general. Amazingly, this scientific method, invented thousands of years ago, keeps our digital assets safe and secure today.

Cryptographic information protection tools are used to protect personal or secret information transmitted over communication lines. To maintain the confidentiality of data, it is recommended to undergo authorization, authenticate the parties using the TLS, IPSec protocols, and ensure the security of the electronic signature and the communication channel itself.

ISBC offers effective solutions under the brand concerning the use of secure storage facilities for important information, electronic signature, access protection when using control systems. The largest government organizations cooperate with us, including the Federal Tax Service of Russia, leading manufacturers of cryptographic information security tools and software developers, certification centers operating in different regions of Russia.

CIPF: types, application

When using CIPF, the following methods are used:

1. Authorization of data, ensuring cryptographic protection of their legal significance during transmission and storage. For this purpose, algorithms are used to generate an electronic key and verify it in accordance with the specified regulations.
2. Cryptographic protection of personal or secret information, control over its integrity. Application of asymmetric encryption, imitation protection (elimination of the possibility of data substitution).
3. Cryptographic protection of application and system software. Ensuring control over unauthorized changes and incorrect operation.
4. Management of the main elements of the system in accordance with established regulations.
5. Authentication of parties that exchange data.
6. Cryptographic protection of information transmission using the TLS protocol.
7. Using cryptographic protection for IP connections using ESP, IKE, AH.

A full description of the use of cryptographic information protection means is contained in relevant documents.

CIPF solutions

In the process of ensuring information security, CIPF uses the following methods:

1. Authentication in applications is carried out thanks to the Blitz Identity Provider. The authentication server allows, using a single account, manage connected resources of any type (Native, Web, Desktop applications), provides strict authentication of users using a token, smart card.
2. At the moment of establishing communication, identification of the parties is ensured thanks to an electronic signature. Inter-PRO provides HTTP traffic protection, the ability to edit, and control digital signatures online.
3. Cryptographic protection tools used for the confidentiality of digital document flow also use an electronic signature. To work with electronic key The Blitz Smart Card Plugin is used in the web application format.
4. The use of cryptographic security means eliminates the introduction of embedded devices and malware, as well as system modification.

CIPF classification

Tools used for cryptographic protection of open information in different systems, ensuring confidentiality in open networks, are aimed at protecting the integrity of data. It is important that the use of such tools for storing state secrets is prohibited by law, but is quite suitable for ensuring the safety of personal information.

The means used for cryptographic information protection are classified depending on the probable threat and an assessment of the likely method of hacking the system. They depend on the presence of undocumented capabilities or non-compliance with the stated characteristics, which may contain:

1. system software;
2. application software;
3. other disadvantages of the storage medium.

Software protection is represented by a set of solutions designed to encrypt messages located on various storage media. Such storage media can be memory cards, flash drives or hard disks. The simplest of them can be found in the public domain. Software cryptographic protection includes virtual networks, designed for exchanging messages running “on top of the Internet”, for example, VPN, extensions that have the HTTP protocol, supporting extensions for HTTPS, SSL encryption. The protocols used to exchange information are used to create Internet applications in IP telephony.

Software cryptographic protection is convenient to use on home computers, for surfing the Internet, and in other areas where high demands are not placed on the functionality and reliability of the system. Or, as when using the Internet, you need to create a large number of different secure connections.

Hardware cryptographic protection systems

Hardware cryptographic protection means are physical devices associated with a data transmission system that provide encryption, recording, and transmission of information. The devices can be personal devices or look like:

• USB encryptors, flash drives.

Using these devices you can build perfectly secure computer networks.

Hardware cryptographic protection tools are easy to install and provide high speed response. The information necessary to provide a high level of cryptographic protection is located in the device memory. It can be read contact or non-contact.

When using CIPF produced under the ESMART brand, you will receive effective technologies that provide effective cryptographic protection online or offline, user authentication using tokens, smart cards or biometric data. Combination of hardware methods with software solutions allows you to obtain the highest level of protection with little time and effort in the process of information exchange.

An important feature of the ESMART® cryptographic protection product line is the presence of a one-of-a-kind product - based on the domestic MIK 51 chip from Mikron PJSC, with which you can effectively solve many problems related to security and data protection. It is a CIPF with hardware support for Russian cryptographic algorithms GOST based on a domestic microcircuit.

CIPF ESMART® Token GOST is issued in the form of smart cards and tokens. The development of the ESMART company is certified by the FSB of Russia in classes KS1/KS2/KS3. Certificate No. SF/124-3668 certifies that the CIPF ESMART Token GOST complies with the requirements of the FSB of Russia for encryption (cryptographic) means of class KS1/KS2/KS3, the requirements for electronic signature means approved by FSB Order No. 796 and can be used for cryptographic information protection , not containing information constituting a state secret. Notice ABPN.1-2018 allows the use of GOST R 34.10-2001 in the ESMART Token GOST CIPF during the validity period of the certificate due to the postponement of the transition to GOST R 34.10-2012 until January 1, 2020. Also, ESMART® Token GOST can be used to generate keys, generate and verify electronic signatures, strict multi-factor user authentication, etc.

The ESMART company offers to purchase modern CIPF at best prices from the manufacturer. Our engineering R&D center and production are located in Zelenograd. Use of chips Russian production allows us to offer the best, most competitive prices for cryptographic information protection tools for government projects, enterprises and organizations.