An Toan Va Bao Mat Thong Tin

Chng 4: Cc h m kha cng khai (Public Key Cryptosystems PKC)

1. Khi nim

* Mt s yu im ca cc h m kha b mt

Cc h m kha b mt (Vigenere, DES, AES ..) c cc yu im sau:

+ Nu mt h thng a ngi dng (n ngi) th i hi phi c n*(n-1)/2 kha khc nhau cho mi cp truyn thng. iu ny gy kh khn

trong vic qun l kha.

+ T cc h m kha b mt khng th xy dng nn cc h thng ch k s, chng ch phc v cho thng mi in t.

Cc h m kha cng khai c xy dng da trn cc nguyn tc do Diffie v Hellman a ra vo nm 1977:

+ H m s c 2 kha, mt kha b mt (KS) v mt kha cng khai (KP).

+ Nu KP dng m ha th ta s c 1 h m mt, ngc li nu KS dng m ha th ta s c mt h ch k s.

Kha KP c cng khai: ai cng c th dng m ha nhng ch 1 ngi ch s hu (c KS) mi c th gii m.

xy dng cc h m kha cng khai cn c cc hm mt pha (one-way function) c trang b cc ca by (trap-door) f:

+ Nu c x th vic tnh y = f(x) l d nhng ngc li nu c y, cn tm x f(x) = y l khng th. Khng th tm c hm ngc ca hm f. V d nu c p v q l 2 s nguyn t ln (300 ch s) th vic tnh N = p*q l d. Ngc li nu c s N l ln (600 ch s) th vic phn tch N thnh dng tha s nguyn t l kh (hin cha c thut ton tt thc hin).

1

+ Ca by: l yu t m nu bit th vic tm c hm ngc ca f l d.

Cc h m kha cng khai u da trn mt bi ton c s m bnh thng l khng c li gii, nhng vi 1 yu t ca by, vic tm hm ngc (gii m) l kh thi.

2. H m RSA (Rivest Shamir Adleman).

L h m kha cng khai ph bin nht hin nay. Bi ton c s l bi ton phn tch s nguyn ln.

Cch xy dng: Chn 2 s nguyn t ln, xp x nhau p v q (trn 100 ch s). Tnh N = p*q v (N) = (p-1)*(q-1). Chn mt s e: (e, (N)) = 1. Tm d = e-1 trn Z(N).

Thut ton m ha mt vn bn M: C = Me mod N.

Thut ton gii m mt bn m C: M = Cd mod N = (Me)d mod N. Do d v e l nghch o ca nhau trn Z(N) nn d*e = k*(N) + 1, suy ra (Me)d mod N = Me*d mod N = M k*(N) + 1 mod N, theo nh l le M (N)= 1 mod N nn M k*(N) + 1 mod N = M. a(N) mod N = 1

Kha cng khai KP = (e, N), kha b mt l KS = (d, p, q).

V d: Cho mt h m RSA c p = 11, q = 17, chn e = 7. Hy tm kha ca h m trn. M ha vn bn M = 10 v gii m bn m nhn c.

N = p*q = 11*17 = 187. (N) = (p-1)*(q-1) = 10*16 = 160. Tm d = e-1 trn Z160. p dng thut ton clit m rng:

g v y 160 0

7 1 22 6 -22 1

2

1 23 6 0

d = 23.

Kha cng khai KP = (e, N) = (7, 187), kha b mt KS = (d, p, q) = (23, 11, 17).

M ha M = 10: C = Me mod N = 107 mod 187 = 175.

Gii m C = 175: M = Cd mod N = 17523 mod 187 = 10.

a mi Kt qu=1 175 1 175 144 1 142 166 1 10 67 0 1 1 10

Bi tp: Cho h m RSA c N = p*q = 13*23 v e = 17. Hy tm kha ca h m trn. M ha vn bn M = 14 v gii m bn m C = 20.

(N) = (p-1)*(q-1) = 12*22 = 264. Tm d bng thut ton clit m rng:

g v y 264 0 17 1 15 9 -15 1 8 16 1 1 -31 8 0

d = 264 31 = 233.

Kha cng khai KP = (e, N) = (17, 299), kha b mt KS = (d, p, q) = (233, 13, 23).

3

M ha M = 14: C =Me mod N = 1417 mod 299 = 66.

a mi Kt qu = 1 14 1 14

196 0 144 0 105 0 261 1 66

Gii m C = 20: M = Cd mod N = 20233 mod 299.

a mi Kt qu = 1 20 1 20

101 0 35 0 29 1 281

243 0 146 1 63 87 1 99 94 1 37

Vy bn r ban u l M = 37.

Mt s vn ca h m RSA:

+ C an ton cao (cc chng minh l thuyt v thc t th hin iu ny).

+ Ph bin rng ri nht trong s cc h m kha cng khai.

+ Thut ton l khng min ph.

4

+ Tc chm, chm hn nhiu so vi cc h m khi. Nn thng c s dng m ha cc d liu quan trng kch thc nh v kt hp vi mt h m khi.

+ RSA c hin tng l bn r (bn m nhn c sau khi m ha ging ht bn r ban u). C (1+(e-1,p-1))* (1+(e-1,q-1)) s trng hp l bn r. Cn phi trnh cc trng hp ny.

+ C th s dng thut ton phn d Trung hoa tng tc cho vic gii m RSA.

3. H m El Gamal

H m ny do nh nghin cu ngi Ai Cp EL Gamal pht minh ra. Bi ton c s ca h m l bi ton logarit ri rc.

Bi ton logarit ri rc:

Nu c a, x v N th vic tnh y = ax mod N l d, nhng nu c y, a v N th vic tm x tha mn ax mod N = y l kh. V l thuyt, cc bi ton kiu ny u c phc tp thuc lp NP (non-polynomial) y .

ZN={0, 1, , N-1}, ZN*={1, , N-1} v mt s c gi l mt phn t nguyn thy ca ZN

* nu { k: k ZN*} = ZN*.

V d: N = 13, = 2

k k

1 2 2 4 3 8 4 3 5 6 6 12 7 11

5

8 9 9 5 10 10 11 7 12 1

Cch xy dng h m El Gamal: Chn mt s nguyn t p ln (vi trm ch s), chn mt s a l phn t nguyn thy ca ZP* v mt s m b mt x. Tnh y = ax mod p. Kha cng khai KP = (a, y, p), kha b mt KS=x.

m ha mt thng ip M, mt s ngu nhin k s c sinh (sau b loi b), gi tr K c tnh:

K = yk mod p.

Bn m C = (C1, C2) c tnh nh sau:

C1 = ak mod p

C2 = K*M mod p

Gii m bn m C = (C1, C2): cn tnh li gi tr K:

K = C1x mod p = (ak)x mod p = yk mod p

M = K-1 * C2 mod p.

V d: Cho h m El Gamal c p = 97, a = 5, x = 10. Hy tm kha ca h m trn. M ha M = 20 v gii m bn m nhn c.

Tnh y = ax mod p = 510 mod 97 = 53.

Kha cng khai KP = (a, y, p) = (5, 53, 97), kha b mt KS = x = 10.

M ha M = 20, gi s s k = 8, K = yk mod p =538 mod 97 = 62.

C1 = ak mod p = 58 mod 97 = 6, C2 = M*K = 20*62 mod 97 = 76.

Vy bn m l C = (C1, C2) = (6, 76). 6

Gii m C = (C1, C2) = (6, 76): tnh K = C1x mod p = 610 mod 97 = 62. Tm phn t nghch o ca 62 trn Z97, K-1 = 36, suy ra M = K-1*C2 mod p = 36*76 mod 97 = 20.

Mt s vn ca h m El Gamal:

+ Thut ton min ph

+ an ton cao (tng ng RSA)

+ Chm

+ ln ca bn m ln gp i so vi bn r.

+ Phi c mt c s d liu cc s nguyn t v cc phn t nguyn thy lin quan khi trin khai thc t.

Bi tp 1: Cho h m RSA c p = 17, q = 23 v e = 7.

a) Hy tm kha ca h m trn.

N = p*q = 17*23 = 391, phi(N) = (p-1)*(q-1) = 16 * 22 = 352.

Tm d theo thut ton clit m rng:

g v y 352 0 7 1 50 2 -50 3 1 151 2 0

Suy ra d = 151, vy KP = = , KS = = .

b) Gi s cn m ha mt vn bn M = 20, hy tm bn m.

Ta c C = Me mod N = 207 mod 391. p dng thut ton ly tha nhanh:

e = (111)2. 7

a mi Kt qu

20 1 20 9 1 180 81 1 113

Suy ra bn m C = 113.

c) Nu bn m l C = 15 th bn r l bao nhiu.

C = 15 suy ra M = Cd mod N = 15151 mod 391. p dng thut ton ly tha nhanh:

d = 151 = (10010111)2.

a mi Kt qu

15 1 15 225 1 247 186 1 195 188 0 154 1 314 256 0 239 0 35 1 42

Vy M = 42.

Bi 2: Cho h m El Gamal c p = 83, a = 5 v x = 37.

a) Hy tm kha ca h m trn.

y = ax mod p = 537 mod 83 = 66 (p dng cc bc tng t nh thut ton ly tha nhanh trn).

Kha ca h m l: KP = = , KS = = .

b) Tnh bn m vi vn bn M = 10 vi k = 7.

Bn m ca vn bn M = 10 l C = (C1, C2) vi:

K = yk mod p = 667 mod 83 = 47

C1 = ak mod p = 57 mod 83 = 22

8

C2 = K*M mod p = 47*10 mod 83 = 55.

Gii m kt qu nhn c: C = (C1, C2) = (22, 55), cn tm bn r ban u:

K = C1x mod p = 2237 mod 83 = 47.

M = C2*K-1. Tm K-1:

Tm d theo thut ton clit m rng:

g v y 83 0 47 1 1 36 -1 1 11 2 3 3 -7 3 2 23 1 1 -30 2 0

K-1 = 83 30 = 53.

Suy ra M = 53*55 mod 83 = 10.

Chng 5: Ch k in t (s) v hm bm.

1. Ch k in t - Digital Signature

Khi nim: Ch k (Signature) l mt c im sinh trc hc (biometric) ca con ngi ging nh cc c im sinh trc hc khc, v d nh khun mt, trng mt, vn tay, dng i dng xc thc danh tnh ca mi ngi. Mt ch k thng s l mt phn vt l gn lin vi vn bn cn k nhm t c 2 mc ch chnh:

+ Xc thc ngun gc ca thng ip.

+ vn bn c tnh hiu lc.

Ch k s hay ch k in t l mt nh danh in t (mt con s) gn vi mi vn bn do my tnh s dng nhm t c hiu qu ging nh i vi ch k thng.

9

Khc vi ch k thng, ch k s l mt phn tch ri vn bn m n k ln, c th khc nhau cc ln k khc nhau ln cng mt vn bn.

xy dng ln cc h ch k in t ngi ta s dng m hnh th 2 ca cc h m kha cng khai: m ha bng kha b mt v gii m bng kha cng khai. iu ny m bo mt ch k ch c to ra bi ngi ch s hu hp l ca h ch k nhng bt c ai cng c th kim tra bng cch s dng kha cng khai. Mt iu cn lu na l vic sao chp (sinh ra cc bn sao) i vi ch k thng th kh nhng i vi ch k in t th d v kh kim sot hn.

2. Mt s h ch k in t ph bin 2.1. H ch k RSA

H m RSA c tnh i xng v thut ton m ha v gii m (php ly tha nhanh vi cc s m khc nhau) nn rt d chuyn thnh mt h ch k theo cc bc sau:

Chn 2 s nguyn t xp x bng nhau l p v q. Tnh N = p*q, phi(N) = (p-1)*(q-1). Chn s m cng khai e vi iu kin (e, phi(N)) = 1. Tm s m d = e-1 trn Zphi(N). Kha dng sinh ch k l KS = (d, p, q) v kha dng kim tra ch k l KP = (e, N). Ch k ln vn bn M s c tnh bng:

SigM = Md mod N.

Kim tra ch k, ta s xc thc ng thc (SigM)e mod p = N ? Nu ng thc ng th SigM ng l ch k ln M, ngc li th SigM khng phi l ch k ln M.

V bn cht cc bc sinh ch k v kim tra trn l qu trnh ngc li ca h m RSA.

V d: Cho h ch k RSA c p = 17, q = 23, e = 7. Hy tnh ch k v xc thc li trn vn bn M = 15.

Ta c KP = = , KS = = .

SigM = Md mod N = 15151 mod 391 = 42.

10

Xc thc ch k: (SigM)e mod N = 427 mod 391 = 15 = M. Vy SigM = 42 l ch k ng ln vn bn m = 15.

Vn ca cc h ch k s:

+ Chm, v cn phi tnh ton vi cc s nguyn ln, cc thao tc m ha, tnh ton s hc.

+ Ch k sinh ra c kch thc ln (xp x vn bn cn k).

khc phc cc nhc im trn, trn thc t ngi ta dng cc hm bm (hash functions).

2.2. H ch k s El Gamal

Cch xy dng: Chn mt s nguyn p (khong 1024 bit), chn 1 phn t nguyn thy ca ZP*. Chn mt s m b mt a v tnh = a mod p. Kha ca h ch k l:

KP = v KS = .

Khi cn k ln vn bn M, chn ngu nhin 1 s k thuc Zp-1* (k, p-1) = 1 v tnh SigM = vi:

= k mod p v

= (M a* )*k-1 mod (p-1).

V d: Cho h ch k El Gamal c p = 83, = 5, a = 13. Hy tm kha ca h ch k trn. Gi s chn k = 11 khi k ln M = 20, hy tnh v xc thc ch k tm c.

3. Hm bm (Hash Function)

Hm bm l mt nh x (hm bin i) nhn input l mt gi tr c ln bt k v sinh ra mt gi tr output c di c nh.

Mc ch ca hm bm l sinh ra mt gi tr lm i din cho vn bn cn phi k bng mt h ch k s.

Vn ca mt hm bm l tnh ng : hai vn bn khc nhau nhng c cng gi tr bm. ng l tt yu. Cc hm bm vn dng trn thc t v vic tm ra ng l rt kh. V d vi 1 hm bm 128 bit, ta

11

s cn th ti 2128 php tnh tm ra ng . Nu mt hm bm tm ra c 1 ng th s khng c s dng na.

4.

12

Documents

An Toan Va Bao Mat Thong Tin