Giáo trình an toàn bảo mật thông tin

1

Chng 1

CC KHI NIM C S & H M C IN

Chng ny s bt u a bn c lm quen vi th gii mt m. Mc du l

chng u, nhng cc khi nim c s c gii thiu c tm bao qut v kh tru

tng. Chng ti hy vng cc v d c th s h tr c lc. Cc h mt m c in

t lu khng c s dng trong thc t, nhng chng vn to ra nhng ngun kin

thc qu gi, h tr c lc cho vic lm quen vi lnh vc. Cc ch chnh ca

chng nh sau:

Cc khi nim c s

Mt s h mt m c in

c thm: L thuyt v s b mt tuyt i (Shannon)

1.1 CC KHI NIM C S

Mt m l mt lnh vc khoa hc chuyn nghin cu v cc phng php v k

thut m bo an ton v bo mt trong truyn tin lin lc vi gi thit s tn ti ca

cc th lc th ch, nhng k mun n cp thng tin li dng v ph hoi. Tn gi

trong ting Anh, Cryptology c dn gii ngun gc t ting Hy lp, trong kryptos

ngha l che du, logos ngha l t ng.

C th hn, cc nh nghin cu lnh vc ny quan tm xy dng hoc phn tch

( ch ra im yu) cc giao thc mt m (cryptographic protocols), tc l cc phng

thc giao dch c m bo mc tiu an ton cho cc bn tham gia (vi gi thit mi

trng c k i ch, ph hoi).

Ngnh Mt m (cryptology) thng c quan nim nh s kt hp ca 2 lnh

vc con:

1. Sinh, ch m mt (cryptography): nghin cu cc k thut ton hc nhm

cung cp cc cng c hay dch v m bo an ton thng tin

2. Ph gii m (cryptanalysis): nghin cu cc k thut ton hc phc v phn

tch ph mt m v/hoc to ra cc on m gin nhm nh la bn nhn tin.

Hai lnh vc con ny tn ti nh hai mt i lp, u tranh cng pht trin

ca mt th thng nht l ngnh khoa hc mt m (cryptology). Tuy nhin, do lnh vc

th hai (cryptanalysis) t c ph bin qung i nn dn dn, cch hiu chung hin

2

nay l nh ng hai thut ng cryptography v cryptology. Theo thi quen chung

ny, hai thut ng ny c th dng thay th nhau. Thm ch cryptography l thut ng

a dng, ph bin trong mi sch v ph bin khoa hc, cn cryptology th xut hin

trong mt phm vi hp ca cc nh nghin cu hc thut thun ty.

Mc d trc y hu nh mt m v ng dng ca n ch ph bin trong gii

hp, nhng vi s pht trin v bo ca cng ngh thng tin v c bit l s ph bin

ca mng Internet, cc giao dch c s dng mt m tr nn rt ph bin. Chng

hn, v d in hnh l cc giao dch ngn hng trc tuyn hu ht u c thc hin

qua mt m. Ngy nay, kin thc ngnh mt m l cn thit cho cc c quan chnh

ph, cc khi doanh nghip v c cho c nhn. Mt cch khi qut, ta c th thy mt

m c cc ng dng nh sau:

Vi cc chnh ph: bo v truyn tin mt trong qun s v ngoi giao, bo v

thng tin cc lnh vc tm c li ch quc gia.

Trong cc hot ng kinh t: bo v cc thng tin nhy cm trong giao dch nh h

s php l hay y t, cc giao dch ti chnh hay cc nh gi tn dng

Vi cc c nhn: bo v cc thng tin nhy cm, ring t trong lin lc vi th gii

qua cc giao dch s dng my tnh v/hoc kt ni mng.

1.1.1 Nhng k nguyn quan trng trong ngnh mt m

Thi k tin khoa hc: Tnh t thng c cho n 1949. Trong thi k ny, khoa

mt m hc c coi l mt ngnh mang nhiu tnh th cng, ngh thut hn l tnh

khoa hc.

Cc h mt m c pht minh v s dng trong thi k ny c gi l cc h

mt m c in. Sau y ta lm quen vi hai v d h m rt ni ting ca thi k ny.

1. Mt php m ho (cipher) trong thi k ny l ca Xe-da (Caesar's cipher),

cch y 2000 nm: cc ch ci c thay th bng cc ch ci cch chng 3 v tr v

bn phi trong bn alphabet:

DASEAR FDHVDU

2. Vernam cipher (1926): ngi ta em thc hin php XOR vn bn gc

(plaintext) vi mt chui nh phn ngu nhin c di bng di ca vn bn gc

(chui ny l chnh l kho ca php m ho). Trong cipher loi ny, kho ch c

dng ng mt ln duy nht. Vernam tin rng cipher ca ng l khng th ph c

nhng khng th chng minh c.

K nguyn mt m c coi l ngnh khoa hc: c nh du bi bi bo ni

ting ca Claude Shannon Commication theory of secretcy systems , c cng b

nm 1949. Cng trnh ny da trn mt bi bo trc ca ng m trong ng cng

3

khai sng ra ngnh khoa hc quan trng khc, l thuyt thng tin (inforrmation

theory). Bi bo nm 1949 ca Shannon nn mng cho vic p dng cng c ton,

c th l xc sut, trong xy dng m hnh v nh gi tnh mt ca cc h m mt.

Tuy nhin s bng n thc s trong l thuyt v mt m (Cryptology) ch bt

u t bi bo ca hai nh bc hc Diffie v Hellman, New directions in

cryptography, c cng b vo nm 1976. Trong , cc ng ny chng t rng

trong truyn tin b mt, khng nht thit l c hai bn u phi nm kho b mt (tc

bn gi phi lm cch no chuyn c kho mt cho bn nhn). Hn na h ln

u tin gii thiu khi nim v ch k in t (digital signature).

Mc d mt m c th coi l mt ngnh ton hc pht trin cao, i hi t duy

cao nm c cc thnh tu hin i ca n, nhng c s xut pht ban u ca n

li l mt m hnh thc tin kh n gin nh sau.

1.1.2 M hnh truyn tin mt c bn

Hnh v 1.1: M hnh truyn tin bo mt

Chng ta xem xt m hnh c bn ca bi ton truyn tin mt. Khc vi quan

nim truyn tin thng thng, m hnh ny a thm vo cc yu t mi, l khi

nim k ch n giu. V vy gii php chng li l s a vo cc khi x l m ho

(encryption) v gii m (decryption).

Cc hot ng c bn c tm tt nh sau. Ngi pht S (sender) mun gi

mt thng ip (message) X ti ngi nhn R (receiver) qua mt knh truyn tin

(communication channel). K th E (enenmy) ly/nghe trm thng tin X. Thng tin X

l dng c c, cn gi l bn r (plaintext). bo mt, S s dng mt php bin

i m ho (encryption), tc ng ln X, ch bin ra mt bn m Y (cryptogram,

hay ciphertext), khng th c c. Ta ni bn m Y che giu ni dung ca bn r

X bn u. Gii m (decryption) l qu trnh ngc li cho php ngi nhn thu c

bn r X t bn m Y.

Sender S Receiver R

Enemy E Key Z

Y Y=EZ(X)

Key Z

X=DZ(Y)

4

bo mt, cc khi bin i sinh v gii m l cc hm ton hc vi tham s

kho (key). Kha l thng s iu khin m s hu kin thc v n thng thng l

hn ch. Thng thng kho (Z) ch c bit n bi cc bn tham gia truyn tin S v

R.

S m hnh ni trn cng th hin mt iu ht sc c bn l ton b tnh bo

mt ca c ch ph thuc vo tnh mt ca kha, ch khng phi l tnh mt ca thut

ton hm sinh hay gii m (encryption v decryption). iu ny c khng nh trong

Lut Kirchoff, mt gi thit c bn ca mt m: Ton b c ch sinh m v gii m

ngoi tr thng tin v kho l khng b mt vi k th. iu ny i ngc vi suy lun

n gin ca a phn nhng ngi bn ngoi lnh vc. H thng cho rng cc thut

ton mt m cn c gi b mt c bit m bo an ton cho h thng.

Nh vy kha gi vai tr trung tm trong m hnh truyn tin mt. Nhng quan

nim v t chc qun l kha khc nhau s em n nhng h thng mt m c tnh

nng c th ht sc khc nhau. Sau y chng ta s xem xt hai h loi h thng mt

m c bn trong quan nim t chc v s dng kha l kh tng phn.

1.1.3 H thng mt m i xng (Symmetric Key Cryptosystem -

SKC).

Loi h thng ny cn gi l h mt m kha b mt (Sycret Key Crytosystem) .

Trong m hnh ca h thng ny, kha ca hai thut ton sinh m v gii m l

ging nhau v b mt i vi tt c nhng ngi khc; ni cch khc, hai bn gi v

nhn tin chia s chung mt kha b mt duy nht. Vai tr ca hai pha tham gia l ging

nhau v c th nh i vai tr, gi v nhn tin, cho nn h thng c gi l m ha

i xng. Chng ta s s dng k hiu vit tt theo ting Anh l SKC.

H thng mt m kha b mt i xng c nhng nhc im ln trn phng

din qun l v lu tr, c bit bc l r trong th gii hin i khi lin lc qua

Internet rt pht trin. Nu nh trong th gii trc kia lin lc mt m ch hn ch

trong lnh vc qun s hoc ngoi giao th ngy nay cc i tc doanh nghip khi giao

dch qua Internet u mong mun bo mt cc thng tin quan trng. Vi h thng kha

b mt, s lng kha b mt m mi cng ty hay c nhn cn thit lp vi cc i tc

khc c th kh ln v do rt kh qun l lu tr an ton cc thng tin kha ring

bit ny.

Mt kh khn c th khc na l vn xc lp v phn phi kha b mt ny

gia hai bn, thng l ang xa nhau v ch c th lin lc vi nhau qua mt knh

truyn tin thng thng, khng m bo trnh c nghe trm. Vi hai ngi xa

cch nhau v thm ch cha tng bit nhau t trc th lm sao c th c th thit lp

5

c mt b mt chung (tc l kha) nu khng c mt knh b mt t trc (m iu

ny ng ngha vi tn ti kha b mt chung)? C v nh chng c cch no ngoi s

dng thn giao cch cm hai ngi nay c th trao i, thit lp mt thng tin b

mt chung?

y l mt thch thc ln i vi h thng mt m kha i xng. Tuy nhin

c gi s thy cu hi ny c th c tr li bng giao thc mt m thit lp kha m

s c gii thiu cc chng sau ny.

1.1.4 H thng mt m kha cng khai hay phi i xng (Public Key

Cryptosystem PKC).

tng v cc h thng mt m loi ny mi ch ra i vo gia nhng nm

by mi ca th k 20. Khc c bn vi SKC, trong m hnh mi ny 2 kha ca

thut ton sinh m v gii m l khc nhau v t thng tin kha sinh m, mc d trn l

thuyt l c th tm c kha gii m (c th th vt cn) nhng kh nng thc t ca

vic ny l hu nh bng khng (bt kh thi v khi lng tnh ton). Chng ta s lm

quen c th vi m hnh ny trong chng 3.

tng mi ny cho php mi thc th c nhn cng ty ch cn to ra cho

mnh mt cp kha, vi hai thnh phn:

Thnh phn kha cng khai, c th ng k ph bin rng khp, dng sinh m

hoc xc thc ch k in t (c th trong chng 3).

Thnh phn kha b mt, ch dnh ring cho bn thn, dng gii m hoc to ra

ch k in t.

Ch vi cp kha ny, thc th ch c th giao dch bo mt vi qung i x

hi, trong vic qun l v lu tr c th c t chc cht ch m vic phi t nh

thng tin mt l ti thiu (ging nh vic ch nh 1 mt khu hay mt s PIN ti khon

ngn hng).

1.1.5 nh gi tnh bo mt ca cc h mt m.

Cc thut ton, h thng mt m c bit n trn th gii l khng t. Lm sao

ta c th nh gi c tnh an ton, hay tnh bo mt ca mi mt h m t ra?

Trn c s no chng ta c th thit lp nim tin nhiu hoc khng nhiu vo mt h

m no ?

Ta c th kt lun mt h m mt l khng an ton (insecure), bng vic ch ra

cch ph n trong mt m hnh tn cng (khi nim s gii thiu sau y) ph bin,

trong ta ch r c cc mc tiu v ATBM (security) khng c m bo ng.

Tuy nhin kt lun rng mt h m l an ton cao th cng vic phc tp hn nhiu.

6

Thng thng, ngi ta phi nh gi h mt m ny trong nhiu m hnh tn cng

khc nhau, vi tnh thch thc tng dn. c th khng nh tnh an ton cao, cch

lm l tng l a ra mt chng mnh hnh thc (formal proof), trong ngi ta

chng minh bng cng c ton hc l tnh ATBM ca h m ang xt l tng ng

vi mt h m kinh in, m tnh an ton ca n khng nh rng ri t lu.

Nh ni trn, ngi ta ph nh tnh an ton ca mt h m mt thng qua

vic ch ra cch ph c th h m ny trn mt m hnh tn cng (attack model) c th.

Mi m hnh tn cng s nh ngha r nng lc ca k tn cng, bao gm nng lc ti

nguyn tnh ton, loi thng tin m n c kh nng tip cn khai thc v kh nng

tip xc vi my mt m (thit b phn cng c ci t thut ton sinh v gii m). Cc

m hnh tn cng thng c sp xp theo th t mnh dn ca nng lc k tn cng.

Nu mt h mt m b ph v trong mt m hnh tn cng cn bn (nng lc k tn

cng l bnh thng) th s b nh gi l hon ton khng an ton. Sau y l mt s

m hnh tn cng ph bin.

Tn cng ch-bit-bn-m (ciphertext-only attack). y k ch E ch l mt

k hon ton bn ngoi, tm cch nghe trm trn ng truyn ly c cc gi tr

Y, bn m ca thng tin gi i. Mc d k ch E ch bit cc bn r Y, nhng mc tiu

n hng ti l khm ph ni dung mt/nhiu bn r X hoc ly c kha mt Z

(trng hp ph gii hon ton). y l m hnh tn cng cn bn nht trong k

ch khng c nng lc quan h c bit (nh mt s hnh thc tn cng sau), din

thng tin tip xc ch l cc bn m. R rng nu mt h m m khng ng vng

c trong m hnh ny th phi nh gi l khng ng tin cy.

Tn cng bit-bn-r (known-plaintext attack). Mc d tn gi hi d hiu

nhm, thc cht trong m hnh ny ta ch gi thit l E c th bit mt s cp X-Y (bn

r v bn mt tng ng) no . Nguyn nhn E thu c c th hon ton tnh c

hoc nh mt vi tay trong l nhn vin thp cp trong h thng. Tt nhin mc tiu

ca E l khm ph ni dung cc bn r quan trng khc v/hoc ly c kha mt. R

rng m hnh tn cng ny lm mnh hn so vi tn cng ch qua bn m: Vic bit

mt s cp X-Y s lm b sung thm u mi phn tch; c bit t by gi E c th

dng php th loi tr vt cn khng gian kha (exshautive key search) v tm ra

kha ng tc l sao cho Enc (K,X)=Y.

Tn cng bn-r-chn-sn (chosen-plaintext attack). Trong m hnh ny, khng

nhng E thu nht c mt s cp X-Y m mt s bn r X do bn thn E son ra

(chosen plaintext). iu ny thot nghe c v khng kh thi thc t, tuy nhin ta c th

tng tng l E c tay trong l mt th k vn phng ca cng ty b tn cng, ngoi

7

ra do mt qui nh my mc no tt c cc vn bn d quan trng hay khng u

c truyn gi mt m khi phn pht gia cc chi nhnh ca cng ty ny. C th nhn

xt thy rng, vic c t chn gi tr ca mt s bn r X s thm nhiu li ch cho E

trong phn tch quan h gia bn m v bn r t ln tm gi tr kha.

Mt cch tng t, ngi ta cng s dng m hnh tn cng bn-m-chn-sn

(chosen-ciphertext attack) trong k ch c th thu nht c mt s cp X-Y m Y

l gi tr c thit k sn. Trong thc t iu ny c th xy ra nu nh k ch c th

truy nhp c vo my mt m 2 chiu (c th s dng vi c 2 chc nng l sinh m

v gii m). Tt nhin c hai dng tn cng rt mnh ni trn k th u c th khn

ngoan s dng mt chin thut thit k bn r (hay bn m) chn sn theo kiu thch

nghi (adaptive), tc l cc bn r chn sau c th thit k da vo kin thc phn tch

da vo cc cp X-Y thu nht t trc.

nh gi tnh an ton ca mt h m mt (khi p vo 1 hay 1 s m hnh

tn cng c th) ngi ta c th p dng mt trong cc m hnh nh gi vi cc mc

mnh n yu di y:

Bo mt v iu kin (unconditional security): y l m hnh nh gi ATBM

mc cao nht, trong v iu kin c hiu theo ngha ca l thuyt thng tin

(information theory), trong cc nim v lng tin c hnh thc ha thng qua

cc php ton xc sut. Trong m hnh ny, k ch c coi l khng b hn ch v

nng lc tnh ton, tc l c th thc hin bt k khi lng tnh ton cc ln no t

ra trong khong thi gian ngn bt k. Mc d c nng lc tnh ton siu nhin nh

vy, m hnh ny ch gi thit k tn cng l ngi ngoi hon ton (tc l ng vi m

hnh tn cng ch-bit-bn-m). Mt h mt m t c mc an ton v iu kin, tc

l c th ng vng trc sc mnh ca mt k ch bn ngoi (ch bit bn m) c

kh nng khng hn ch tnh ton, c gi l t n b mt tuyt i (perfect

secretcy).

Mt cch khi qut, vic nghe trm c bn m n gin l ch cung cp mt

lng kin thc zero tuyt i, khng gip g cho vic ph gii m ca k ch. Vic

bit bn m khng em li cht u mi g cho kh nng ln tm ra kha ca h m.

Bo mt chng minh c (provable security): y cng l mt m hnh nh

gi mc rt cao, l tng trong hu ht cc trng hp. Mt h mt m t c mc

nh gi ny i vi mt mo hnh tn cng c th no , nu ta c th chng mnh

bng ton hc rng tnh an ton ca h mt l c qui v tnh NP-kh ca mt bi

ton no c bit t lu (v d bi ton phn tch ra tha s nguyn t, bi ton

8

ci ti, bi ton tnh logarit ri rc ...). Ni mt cch khc ta phi chng minh c l

k th mun ph c h m th phi thc hin mt khi lng tnh ton tng ng

hoc hn vi vic gii quyt mt bi ton NP-kh bit.

Bo mt tnh ton c, hay bo mt thc tin (computational security hay

practical security): y l mt trong nhng mc nh gi thng c p dng nht

trong thc t (khi nhng mc bo mt cao hn c cho l khng th t ti). Khi

nh gi mc ny vi mt h m c th, ngi ta lng ha khi lng tnh ton t

ra c th ph h m ny, s dng kiu tn cng mnh nht bit (thng km theo

l m hnh tn cng ph bin mnh nht). T vic nh gi c khi lng tnh

ton ny cng thi gian thc hin (vi nng lc k ch mnh nht c th trn thc t),

v so snh vi thi gian i hi m bo tnh mt trn thc t, ta c th nh gi h m

c t an ton thc tin cao hay khng. i khi, c s nh gi cng da vo mt bi

ton kh no mc d khng a ra c mt chng minh tng ng thc s.

V d: Gi thit mt h m X c s dng m mt cc loi vn bn hp ng

c gi tr s dng trong 2 nm. Nu nh k ch c nng lc tnh ton mnh nht c th

cng phi mt thi gian n 20 nm ph c (chng hn s dng ton b lc lng

tnh ton ca cc cng ty IT ln nh Microsoft hay Google), h m X ny c th c

nh gi l m bo mc an ton thc tin.

Bo mt t tc (ad hoc security): Mt s h mt m ring c mt s cng ty

hoc c nhn t ch phc v mc ch c bit dng ni b. Tc gi loi h mt m

c th s dng nhng lp lun nh gi hp l nht nh da trn vic c on khi

lng tnh ton ca k ch khi s dng nhng tn cng mnh nhn bit v lp lun

v tnh bt kh thi thc tin thc hin. Mc d vy h mt m ny vn c th b ph

bi nhng tn cng c th tn ti m cha c bit ti n thi im ; v vy, thc

t bo mt mc ny hm ngha khng c mt chng minh m bo thc s, nn

khng th coi l tin cy vi i chng.

1.2 MT S H MT M C IN

Vic nghin cu cc h m mt (cipher) c in l cn thit qua chng ta

c th lm quen vi cc nguyn tc c bn trong thit k v phn tch cc h mt m

ni chung.

1.2.1 Mt m mt bng th (Monoalphabetic cipher)

y thut ton da trn php hon v trong mt bng ch ci alphabet.

9

V d 1.1. Mt cipher da trn mt bng hon v ca ting Anh nh sau

a b c d e ... x y z

F G N T A ... K P L

Qua bng bin i c th thy a F, bG Qua s c

Plaintext: a bad day

Ciphertext: F GFT TFP

Nh vy kho trong mt cipher loi ny l mt bng hon v (A F, bG, ...,

zL) nh trn, hoc biu din ngn gn hn l bngdng th hai ca php bin i

ny, tc l FGNT..PL. Dng th nht ca bng bin i ny l bng ch ci gc, v n

l c nh nn khng c tnh ti trong kho. Dng th hai, c gi l bng thay th

(substitution alphabet).

Ch rng khng nht thit phi dng mt bng ch ci m ta c th dng bt

c mt th bng k hiu no .

V d 1.2. y bng ch bn r, plaintext alphabet, l mt tp hp ca

cc xu nh phn vi di l 3.

Bng bin i:

p.text 000 001 010 011 100 101 110 111

c.text 101 111 000 110 010 100 001 011

Do xu nh phn plaintext 100101111 s c m ho thnh 010100011.

gii m mt bn r nhn c t thut ton mt m trn, ngi c bn m

ciphertext cn bit kha, do yu cu mt giao thc v trao kho. n gin nht c

th thc hin l ngi gi tin ghi kho ra a v chuyn a cho ngi nhn. R rng

cch lm ny n gin nhng thc t khng an ton. Trong thc t ngi ta s dng

nhiu giao thc phc tp v tinh vi hn.

Nu nh k th khng bit c kho th liu chng c th on c khng ?

Hin nhin l iu ph thuc vo s lng kho c th c ( ln ca khng gian

kho c th c). Nu kch thc ca bng alphabet l N th s kho c th l N! =N(N-

1)...1 v c tnh xp x theo cng thc:

N! (2n)1/2

(n/e)n

Cho N=26, ta c N!=26!926

.

Ch rng, s lng bit c chuyn mt ny c gi l chiu di ca kho.

10

V d 1.3. Chiu di kho ca mt cipher loi ang xt l 26*5=130

bits, chnh l s lng bit tin cn dng chuyn i dng th hai trong bng

chuyn v trn. (Dng th nht c ngm nh l ABC..XYZ, nn khng

cn chuyn).

Ch : Khng phi tt c cc cipher nh trn l che giu c ni dung ca thng tin.

V d 1.4: Sau y l mt cipher hu nh khng lm thay i plaintext.

a b c d e ... x y z

A B C D E ... X Z Y

Mt m cng (Additive cipher) - Mt m Xeda (Ceasar)

Mt m cng (Additive cipher) l mt mt m mt bng th c bit trong ,

php bin i m c biu din thng qua php cng ng d nh sau. Gi s ta gn

cc gi tr t A-Z vi cc s 1-25,0. Th th mt ch plaintext X c th m thnh

ciphertext Y theo cng thc:

Y = X Z,

trong Z l gi tr ca kho, l k hiu php cng ng d modulo 26.

V d 1.5 Xt mt m mt bng th sau y:

a b c d e ... x y z

D E F G H ... A B C

y chnh l mt m Ceasar gii thiu t u chng, trong gi tr

kha l Z=3: D=a 3, E=b 3,... A=x 3, B=y 3, C=z 3

R rng s lng kho c th dng c ch l 25 v s lng bt cn thit cho

vic chuyn kho l 5 (24

< 25

11

Bng th cng c th c xy dng t php nhn ng d ca ch ci trong

bng gc vi gi tr ca kha:

Y=XZ

Trong l php nhn ng d vi modul 26.

Tuy nhin ch rng khng phi tt c cc gi tr t 1-25 u c th l kho m

ch cc gi tr nguyn t cng nhau vi 26, tc l cc s l tr 13. Do ch c 12 kho

c thy m thi.

V d 1.6. Nu ta dng kha Z=2

2 1 = 2 mod 26 tc l b c.

nhng 2 14 = 2 mod 26 tc l o c

R rng kho 2 khng tho mn, v khng to ra nh x 1-1 t bng ch gc

sang bng thay th. S kin ng thi c bc, v oc s lm cho ta khng th gii m

ciphertext c.

tng s lng kho c th, ngi ta c th kt hp c additive cipher v

multiplicative cipher to ra afine cipher:

Y = X Z

X, Y, Z { 0,1,2,3,...25}

{ 1,3,5,7,9,11,15,17,19,21,23,25}

Qua nhng kho st trn ta c th d dng thy cc dng c bit ca mt m

bng th (trong php bin i mt m l mt hm ton hc n gin) l khng an

ton ngay c vi tn cng tm kim vt cn. Tuy nhin mt m mt bn th tng qut,

s dng mt hon v bt k trn bng ch ci gc, c khng gian kha l thng l

ln chng li bt k k ch no (ngay c trong th gii hin i) ch dng tn cng

vt cn -- c th l vi bng ch ci ting Anh (26 ch), s lng hon v c th (tc s

lng kha cn vt cn) s ln ti 26!926

!

Trong thi k thin nhin k u tin (trc nm 1000), mt m mt bng th

c coi l khng th ph c. Tuy nhin sau , cc nh nghin cu thi dn

dn tm ra phng php ph gii tt hn vic th vt cn khng gian kha; phng

php ny da trn nhng quan st mang tnh thng k, chng hn v s xut hin

khng ng u ca cc ch ci trong ngn ng t nhin.

12

1.2.2 Phn tch gii m theo phng php thng k ( Statistical

cryptanalysis)

D dng quan st mt c tnh ca ngn ng t nhin l s xut hin (tn xut)

khng u ca cc ch ci c dng khi din t mt ngn ng.

V d 1.7 Hy theo di mt on vn bn sau y trong ting Anh.

THIS IS A PROPER SAMPLE FOR ENGLISH TEXT. THE FREQUENCIES

OF LETTERS IN THIS SAMPLE IS NOT UNIFORM AND VARY FOR

DIFFERENT CHARACTERS. IN GENERAL THE MOST FREQUENT LETTER IS

FOLLOWED BY A SECOND GROUP. IF WE TAKE A CLOSER LOOK WE WILL

NOTICE THAT FOR BIGRAMS AND TRIGRAMS THE NONUNIFORM IS EVEN

MORE.

y ta d dng thy tn sut xut hin ca ch ci X v A: fx=1 v fA=15.

Khi qut hn, trong ting Anh cn c vo tn xut xut hin ca cc ch ci

trong vn vit, ta c th chia 26 ch ci thnh 5 nhm theo th t t hay dng hn n

t dng hn nh sau:

I: e

II: t,a,o,i,n,s,h,r

III: d,l

VI: c,u,m,w,f,g,y,p,b

V: v,k,j,x,q,z

Vi nhng quan st tng t p dng cho cc cp (bigrams) hay b ba ch

(trigram), ngi ta thy tn xut cao nht ri vo cc cm ph bin sau:

Th, he, in, an, re, ed, on, es, st, en at, to

The, ing, and, hex, ent, tha, nth, was eth, for, dth.

Ch : Nhng quan st ny c phn nh trn chnh on vn bn v d ting

Anh trn. Nhng quan st ny ch ng vi ting Anh v nh vy ting Vit ca

chng ta s c qui lut khc.

Sau khi c cc quan st nh trn, ngi ta c th dng phng php on ch

v gii m da trn vic thng k tn xut xut hin cc ch ci trn m v so snh vi

bng thng k quan st ca plaintext. V d sau y s minh ha c th phng php

ny

13

V d 1.8 Gi s ta thu c mt on m mt bng th nh sau v cn phi gii

tm kha ca n.

YKHLBA JCZ SVIJ JZB TZVHI JCZ VHJ DR IZXKHLBA VSS RDHEI DR YVJV

LBXSKYLBA YLALJVS IFZZXC CVI LEFHDNZY EVBLRDSY JCZ FHLEVHT

HZVIDB RDH JCLI CVI WZZB JCZ VYNZBJ DR ELXHDZSZXJHDBLXI JCZ

XDEFSZQLJT DR JCZ RKBXJLDBI JCVJ XVB BDP WZ FZHRDHEZY WT JCZ

EVXCLBZ CVI HLIZB YHVEVJLXVSST VI V HXXIKSJ DR JCLI HZXZBJ

YZNZXDFEZBJ LB JZXCBDSDAT EVBT DR JCZ XLFCZH ITIJZEIJCVJ PZHZ

DBXZ XDBILYXHZYIZKHZ VHZBDP WHZVMVWSZ.

on m trn bao gm 338 ch, thng k tn xut nh sau:

Letter: A B C D E F G

Frequency: 5 24 19 23 12 7 0

Letter: H I J K L M N

Frequency: 24 21 29 6 21 1 3

Letter: O P Q R S T U

Frequency: 0 3 1 11 14 8 0

Letter: V W X Y Z

Frequency: 27 5 17 12 45

Quan st Z l ch m c tn sut ln hn hn cc ch ci cn li nn rt ra:

e Z (tc l bn r ca m Z phi l e)

Quan st nhng ch m c tn sut cao tip theo fj = 29, fv = 27

ng thi ch n b ba jcz c tn sut cao, d thy

fjcz = 8 t J, h C

(suy lun jcz chnh l t bn r the)

Ngoi ra tip tc quan st ta s thy mt s pht hin d nhn:

a V (ng ring, mo t a)

Lit k nhm II gm cc ch m c tn sut xut hin cao (nhm 1 l ch gm

Z)

J,V,B,H,D,I,L,C ng vi bn r ca nhm II: {t,a,o,i,n,s,h,r}

t,a h

Quan st thy c mt cm 3 l JZB ( teB), ta s tm nt bn r ca B bng

cch n gin sau: thay th cc kh nng nhm 2 ca B vo cm ny:

Teo

Ten

14

JZB = te ? ter n B

The

Tes

Tng t ta thc hin mt s quan st v suy on khc

VI = a ? as

an s I (n c B ri)

VHZ = a ?e ate

are r H (t c J ri)

JCLI = th?s i L,

Cui cng cn li trong nhm II: o D

A b C d e F g h i j

V Z C L

K l M n o P q r s t

B D H I J

U v W x y z

Tip tc phn tch nh cc cm t (bn m) tng i ngn:

DBXZ = on?e c X

WZZB = ?een = b W

YVJV = ?ata d Y

Tuy nhin cng c trng hp khng chc chn:

on: loi v n B ri

DR = o ? of:

or: loi v rH ri

ox :

Nhng cha r rng: f, x R

Tip tc mt s lun on:

WT = b ? y T

BDP = no ? w P

By gi t u tin s l

YKHLBA = d-rin-

u K, g A

R rng qua v d trn ta thy h mt m mt bng th c th kh d dng b ph

khi n vn tip tc bo tn trong bn m nhng qui lut ngn ng trong bn r.

15

Nhng qui lut ny biu hin bng nhng c th thng k thu c khi phn tch mi

ngn ng t nhin.

Mt cch tng qut, mt h m mt tt cn phi trnh khng cho cc qui lut

thng k trong ngn ng vn bn r bo tn mt hnh thc no trong bn m. Mt

cch l tng, cc bn m ca mt h m tt s khng th phn bit c bng thng

k khi vi mt m sinh ngu nhin.

1.2.3 Phng php bng phng ho th tn sut

Khong u thin nhin k th hai, mt m mt bng th b ph v cc nh

khoa hc dn ngh n cc nguyn tc thit k m tt hn, nhm trnh bo tn cc

qui lut thng k t TIN sang M (bn r sang bn m). Ta s xem xt mt s m nh

vy sau y.

M vi bng th ng m (homophonic substitution ciphers)

Trong cc cipher loi ny, nh x ch ci TIN- M khng cn l 1-1 na m l

mt-nhiu. Tc l mi ch ca bng ch ci tin s c m ho thnh 1 ch trong 1 tp

con cc ch m no . Mi ch m trong tp con ny c gi l homophone, tm

dch l ng m.

VD1.9

Ch tin ng m

A 17 11 25 64 2 19 4 31

I 22 95 14 21 79 54

L 12 93 71

N 64 13

O 65 28 15

P 23 73 36 53 20

T 41

E 64 7 8 47 ... (15 ng m)

... ...

Nh vy c th thy y l mt bng bin i t ch tin sang ng m m.

Tin P L a I n p i l o t

M 27 12 11 53 64 36 79 71 15 41

Thng thng ngi ta b tr s lng ng m ng vi mi ch tin t l vi tn

xut xut hin ca ch trong ngn ng t nhin. V vy th tn xut ca cc ch

16

ci trong bn m s tr nn bng phng. Mc d cc cipher loi ny l kh ph hn

nhng chng li b tng thm d tha so vi tin gc.

S dng nhiu bng th (m a bng th)

VD 1.10

Xt mt h m n gin vi bng ch gm 4 ch ci {a,b,c,d}

Gi s tn xut xut hin ca mi ch trong ngn ng nh sau:

Pa = 0.5, Pb =0.05, Pc = 0.2, Pd = 0.25

Ta dng hai bng th v mt chui kha quyt nh th t ha trn hai bng

th ny.

Bng th 1

P.text alph a b c d

C.text alph B

D A C

Bng th 2

P.text alph a b c d

C.text alph D B C D

To m bng phng php trn 2 bng th theo kha 12

X : aba cada da ca baa

Z : 121 2121 21 21 212

Y : BBB CBAB AB CB BBD

v d trn ngi ta ho trn hai bng th lin tc k tip nhau. Nh phn

b tn xut xut hin ca cc ch m s b thay i so vi tin v bng phng hn.

M a bng th (polyalphabetic cipher):Trong h m th loi ny, ngi ta dng

nhiu bng th theo phng php va gii thiu trn.

Ta s xt mt h cipher c in ni ting loi ny sau y.

1.2.4 Vigenere cipher

Trong Vigenere Cipher, ngi ta dng tt c 26 bng th l s thu c t bng

gc ch ci ting Anh m dch i t 0-25 v tr. S ho trn ny c quy lut hon ton

xc nh bi kho. Mi ch ca kho s xc nh mi bng th c dng.

a B c d e f g h i j k l m n o p q r s t u V

17

0 A B C D E F G H I J K L M N O P Q R S T U V

1 B C D E F G H I J K L M N O P Q R S T U V W

2 C D E F G H I J K L M N O P Q R S T U V W X

3 D E F G H I J K L M N O P Q R S T U V W X Y

4 E F G H I J K L M N O P Q R S T U V W X Y Z

5 F G H I J K L M N O P Q R S T U V W X Y Z A

6 G H I J K L M N O P P R S T U V W X Y Z A B

... ...

2

4

Y Z A B C D E F G H I J K L M N O P Q R S T

2

5

Z A B C D E F G H I J K L M N O P Q R S T U

V d 1.11 Keyword : r a d i o r a d i o r a

Plaintext : c o d e b r e a k i n g

Ciphertext : T O G M P I E D S W E G

Nh v d trn, tt c cc ch ng v tr chia 5 d 1 trong plaintext s c

m ho bi bng th R (a thnh R). Tt c cc ch tin ng v tr chia 5 d 2 trong

TIN s c m ho bi bng th A, vv...

Mc d c th lm bng phng tn xut rt tt, mt m a bng th ni chung,

Vigenre ni ring, vn c th ph gii c.

Phng php gii m Vigenere.

tng ca phng php ny gm 3 bc nh sau:

1. i tm chu k p ( di kho)

2. Chia tch M thnh p on phn m, mi on bao gm cc ch v tr kp+i

(k=1,2,3 ... ; i=0,p-1), tc l c m ho theo bng th vi ch kho ch s i.

3. Dng phng php mt bng th bit gii tng on phn m (c th l

vi m Vigenere ch cn mt php dch ng)

Ngi ta s dng khi nim IC (Index of Coincidence) tnh chu k p.

Theo nh ngha, IC xc nh qua cng thc:

25

i=0 fi (fi -1)

IC = -----------------

n(n-1)

Trong f l xc xut ca php th - nht ra 2 con ch ngu nhin bt k t

trong mt on vn bn - thu c cng mt ch cho trc.

18

S bng th (p) 1 2 3 4 5 ... 10

IC 0.068 0.052 0.047 0.044 0.043 ... 0.041

IC ca vn bn ting Anh (p=1) t gia tr 0.068. Khi qua m ho, IC s gim

dn i khi tng dn s lng bng th (hay tng chiu di kho). Qua ta thy IC th

hin khng ng u ca cc tn xut xut hin cc ch ci. Trong vn bn gc,

khng ng u (li lm) l ln nht nn IC l ln nht. Cn khi m ho vi nhiu

bng th, th tn xut c lm "bng phng ho" nn tt nhin IC gim i.

Phng php thc hnh

1. t k=1

2. Kim tra xem p c phi nhn gi tr k hay khng.

2.a. Chia M thnh k phn m v tnh IC ca cc phn m.

2.b. Nu nh chng u xp x nhau v u xp x 0.068 th p=k

Nu chng khc nhau nhiu v nh hn nhiu so vi 0.068 th p>k

3. Tng k ln mt n v v lp li bc 2.

1.2.5 One-time-pad (Vernam cipher)

Mt m One-time-pad c xut bi G. Vernam (1917); sau c

chng minh l m bo b mt tuyt i (perfect secretcy - 1949). Nh tn gi ca n,

trong One-time-pad kha c vit trn 1 bng (tape) di, v s dng ng 1 ln. ng

thi chui kha l chui vn bn sinh ngu nhin, c di bng vn bn s dng hoc

19

hn. Thao tc m ha n gin l php dch theo bng th ng vi ch kha tng ng

hoc XOR nu x l theo chui nh phn.

Sinh m: Y = X + Z (mod 26)

Gii m : X = Y - Z (mod 26)

V vy, One-time-pad c th coi l m Vigenere vi kha l mt chui ngu

nhin c di ng bng vn bn, nh v d sau s cho thy

VD 1.12

X: x n t f u h b z t

Z: A s u n n y d a y

Y: Y G O I I G F A S

y A c hiu l dch 1 nn X+A=Y

Ch rng kha ch c dng ng mt ln, tc l vt b sau khi dng. Nu

dng li th khng cn m bo an ton na.

20

CU HI V BI TP M RNG

Phn bit cc thut ng cryptography, cryptanalysis v cryptology. Khoa hc mt

m l tng ng vi thut ng ting Anh no?

Trong thi k no, k thut mt m cha c coi l mt ngnh khoa hc? Ti

sao?

Hy phn bit cc h bin i m thng thng (Morse code, ASCII code) vi cc

h mt m.

Hy phn tch ngha ca Lut Kirchoff thy ti sao mt m hin i khng

chp nhn quan im cn che giu thut ton mt m.

Phn tch nhng nhc im chnh ca nguyn l h mt m i xng (SKC).

u im chnh ca mt m kha cng khai (PKC) so vi SKC?

Gii thch thut ng tn cng bit-bn-r (known-plaintext attack) v ly v d

nhng tnh hung thc t lm c s cho hnh thc tn cng ny.

Ti sao hnh thc tn cng bn-r-chn-sn (chosen-plaintext attack) c xem l

mnh hn so vi tn cng bit-bn-r.

Khi nim b mt tuyt i (perfect secretcy) c gn lin vi m hnh tn cng

no? Ti sao?

Phn bit bo mt chng minh c (provable security) v bo mt thc tin

(practical security).

Tm s lng kha thc s dng c vi mt m nhn tnh. Hy lp lun chi tit.

Hy tm (v a lp lun chi tit) s kha kh thi ca mt m affine.

Ti sao khng th ni mi kha ca mt m mt-bng-th u an ton nh nhau?

Ti sao ta khng th s dng quan h th t trong cng mt nhm tn sut trong

phn tch gii m? Gii thch qua v d.

Ti sao ni qui lut tn xut khng ng u chi phi mnh m hn cc t c

di ln hn?

Hy gii ti cng mt m trong v d 1.8 v dch ngha bn r sang ting Vit.

Hy gii thch ti sao th tn xut ca cc mt m ng m li bng phng v ti

sao m li c d tha?

Hy so snh IC ca mt bn r M v IC ca mt m ngu nhin R c cng di.

Lp lun gii thch cht ch.

21

Trong qu kh c nhiu ngi mun s dng One-time-pad vi kha chn t

mt quyn sch m hai bn nhn v gi u c (mi ln m li chn li kha). Nh

vy c m bo tnh b mt tuyt i?

Ti sao c th ni mt m one-time-pad l mt trng hp c bit ca mt m

Vigenere? C th ni g v IC ca mt m one-time-pad

Phn c thm

1.3 L THUYT V S B MT TUYT I (SHANNON)

1.3.1 B mt tuyt i l g?

Ti sao chng ta ni mt m One-time-pad m bo b mt tuyt i?

Claude Shannon tr li nhng cu hi ny trong mt cng trnh khoa hc

t nn mng cho ngnh khoa hc mt m hin i (Communication Theory of Secrecy

Systems, 1949). Trong phn ny, chng ta s lm quen vi cc khi nim c bn quan

trng ny.

Nh ni kho st v phn tch cc h mt m, trc ht ta cn nh ngha

m hnh tn cng p dng. y, chng ta s dng m hnh tn cng thng thng v

khi qut nht, m hnh ch-bit-bn-m (ciphertext-only attack), trong k tn cng

Eve l ngi bn ngoi hon ton nn ch c kh nng nghe trm ng truyn. Khi

nim mt h mt m t c b mt tuyt i c hiu l h mt m ny ng vng

trong m hnh tn cng ch-bit-bn-m d k ch Eve mnh n u: tc l c th gi

s rng Eve c phng tin cc k hng hu (coi nh v hn) c th tin hnh c

bt c php tm kim vt cn khng gian kha (hu hn) no trong khong thi gian

ngn ty .

Tt nhin ta phi gi thit rng Eve c th thu c (nghe trm) mt bn m c

di ty c th dng phn tch tm ra kha mt m. Yu t di bn m nghe

trm c l rt quan trng. Cc h mt m d khng an ton vn c th khng b ph

hon ton, tc l Eve khng th tm c kha ng duy nht, nu nh di bn m

b nghe trm l khng di phn tch. Cc v d sau y s minh ha r iu ny.

Gi s Eve nghe trm mt bn m (cryptogram) Y c to ra t mt h m ha

mt bng th. tm bn r tng ng, Eve c th s dng tm kim th - vt cn

khng gian kha (eshautive key search). Vi Y ngn ta c th tm c nhiu bn r X

22

cng c th to ra m Y vi kha khc nhau tng ng (cc php th khc nhau). V d

ta c on m sau:

AZNPTFZHLKZ

Ta c th to ra t nht l 2 on bn r tng ng bng 2 bng th nh sau:

V d 1.13:

Bng th mt

a B c d E f g h i j k l m n o p q r s t u v w x y z

K B C D T E G I J M O L A Q R H S F N P U V W X Z Y

Bng th hai

a B c d E f g h i j k l m n o p q r s t u v w x y z

L P H N Z K T A F E

Do cng on m ny s c 2 bn r tng ng vi 2 bng th trn:

M: A Z N P T F Z H L K Z

Bn r 1: m y s t e r Y p l a y

Bn r 2: r e d b l u e c a k e

C hai chui mysteryplay v redbluecake u c th gi nh l 2 thng

ip c ngha hp l ( loi b bt du trng)

V d 1.14.

Vi M HLKZ c th d dng tm ra 4 TIN tng ng: Vi M HLKZ

c th d dng tm ra 4 TIN tng ng:

C.text: H L K Z

P.text1: p l a y

P.text2: c a k e

P.text3: m i s t

P.text4: w a s h

bng cc bng th nh sau:

23

a b C d e f g h i j k l m n o p q r s t u v w x y z

K L H Z

L H Z K

L H K Z

(Bng trn b trng nhng k t thay th ging nh gc)

Qua cc v d 1.13-14 c th thy c rng i vi m mt-bng-th, khi bn

m cn tng i ngn th lun lun tn ti cng lc nhiu bn r c ngha tng ng

(vi kho d on tng ng).

Tuy nhin vi bn m c di trn 50 tr ln th s ch c duy nht mt bn r

plaintext tho mn, tc chnh n l bn r (vi kha tng ng) cn tm. Nh vy, nu

nh Eve nh phn tch gii ph m (cryptanalyst) tm c mt on m c

di ln, th ni chung lun lun c th ph c m loi mt-bng th ny.

Trong v d sau y, ta s quan st mt qu trnh c th gii ph m cng tnh.

C 26 kho l 26 kh nng th. Eve s nghe trm v ln lt bt c tng k t m

c pht trn ng truyn. Mi khi nghe c thm mt t m th E tin hnh th

lun c 26 kh nng tm bn r c ngha lun. Khi mi nghe trm c t m u

tin th kh nng ca c 26 kho u ngang nga nhau (xc xut on ng u nh, c

nh hn 0.1), khi nghe trm c t kho 2,3.. th cc xc xut s thay i, hu ht l

tip tc gim i, tr trng hp vi kho 15. Khi nghe c t m 5 th xc sut ng

vi kho 15 s l 1 trong khi cc xc sut khc u l khng; tc l kho 15 l kho

ng (ch consi ng vi n l on u ca mt s t c ngha trong ting Anh nh

consider, consideration...).

V d 1.15. Hy xt mt h m cng vi 26 kha khc bit (y 0 25 v tr). Gi s

ta bt c M = sdchx. Ta s th c 26 kha ph m ny. Bng i y minh

ha php th vt cn ny, vi n l di on m b tm tnh n thi im tng

ng.

Shift Decruption N = 1 n = 2 n = 3 n = 4 n = 5

0 rdchx 0.060 0.070

25 sediy 0.063 0.257 0.427 0.182

24 tfejz 0.091 0.003

23 ugfka 0.28 0.052

24

22 vhglb 0.010

21 wihmc 0.024 0.128

20 xjind 0.002

19 ykjoe 0,020

18 zlkpf 0.001 0.001

17 amlqg 0.082 0.072 0.004

16 bnmrh 0.015

15 consi 0.028 0.202 0.515 0.818 1

14 dpotj 0.043

13 eqpuk 0.127 0.044

12 frqvl 0.022 0.058

11 gsrwm 0.020 0.015

10 htsxn 0.061 0.052 0.046

9 iutyo 0.070 0.001

8 jvuzp 0.002

7 kwvaq 0.008

6 lxwbr 0.040

5 myxcs 0.024 0.028

4 nzydt 0.067 0.028

3 oazeu 0.075 0.014

2 pbafv 0.019

1 qcbgw 0.001

Phn sau y s trnh by mt nh ngha tng i cht ch v khi nim b mt tuyt

i.

1.3.2 Khi nim b mt tuyt i

Qua v d 1.15 trn, d thy rng khi di on m nghe trm tng ln th phn

phi xc xut ca tnh kh thi ca mi ng c vin bn r/kha s thay i lin tc: hu

ht cc xc sut s gim v ch c mt s tng ( tr thnh 1 sau ny). iu ny r

rng cho thy tnh khng an ton ca mt m. Ngc li, n cho tm mt cm nhn v

mt m an ton: phn phi xc sut ca cc ng vin bn r phi thay i t hoc khng

thay i khi Eve thu nhn thm cc on m nghe trm c. Vy, khi nim b mt

tuyt i c th c nh ngha nh sau.

Trong h thng m bo b mt tuyt i, bn m b tit l cho k th khng h

em li mt ngha no cho phn tch tm kha ph m. S kin nghe trm bn m (c

di bt k) s khng lm thay i phn phi xc xut ban u ca plaintext.

25

Hay l, mt h thng l c b mt tuyt i nu:

P(X) = P(X/Y) TIN X V M Y

nh l Shannon. Trong h thng c BMT, s lng kho c th ( ln

khng gian kho) phi ln hn hoc bng s lng thng bo c th ( ln khng

gian TIN).

iu ny cho thy t c BMT th kho phi rt di, do vic trao

chuyn khoa gia hai bn truyn tin s lm cho h thng tr nn phi thc t. Nh vy,

nhn chung chng ta khng th t c b mt tuyt i m ch c th c c cc h

thng vi mc an ton thc t (Practical security) c ci t tu theo gi tr ca

thng tin cn bo v v thi gian sng ca n.

1.3.3 nh gi mc bo mt ca mt cipher.

Shannon a ra mt khi nim, unicity distance, o mc an ton ca mt

h m: Unicity distance, k hiu N0, l di ti thiu ca bn m nghe trm c

c th xc nh c kha ng duy nht. Unicity distance c th c tnh theo cng

thc:

d

EN 20

log

Trong d l d tha ca ngn ng s dng ca TIN.

V d 1.16. Cu tc k sau y thc t c th khi phc c v dng y

mt cch duy nht:

Mst ids cn b xprsd n fwr ltrs, bt th xprsn s mst nplsnt Most ideas can be

expressed in fewer letters, but the expression is most unpleasant.

iu ny chng t nhng ch b mt trong cu ban u l d tha v mt

biu din thng tin (nhng cn thit bo m tnh d hiu, c nhanh).

Khi nim d tha c th c nh ngha thng qua cng thc:

d = R - r bits

Trong R: absolute rate v r: true rate ca ngn ng.

R c nh ngha nh l s lng bit c s dng biu th mt ch ci

trong bng ch vi gi s cc ch c tn xut xut hin nh nhau:

R = log2A bits

vi A l kch thc ca bng ch

26

V d 1.17. i vi ting Anh ta c R = log226 4.7 bits.

i lng true rate r c nh ngha nh l s lng bit trung bnh biu th

mt ch ci khi vn bn c biu din dng ti gin: x l theo kiu tc k, gt b

cc ch khng cn thit (hoc p dng k thut nn trn c s cc thuc tnh thng k

ca vn bn) m vn khng lm mt thng tin chuyn ti.

V d 1.18. i vi vn bn ting Anh, tnh trung bnh, r nm trong khong 1 -

1,5 bit

d tha c th coi l mt thc o ca tnh cu trc v tnh d on

(predictability) ca ngn ng. d tha cao hn chng t tnh cu trc v tnh d

on cao hn. Mt ngun pht tin thc s ngu nhin s khng c d tha.

Trong ting Anh, d tha nm trong khong t 3.2 n 3.7 bits (gy nn bi

s tn xut k t li lm v cc mu t b 2-ch, 3-ch ph bin)

S dng Unicity distance ta c th so snh an ton ca cc thut ton m ha

khc nhau.

V d 1.19. Vi m 1-bng th, ta quan st thy

E= |Z| = 26!

P(Z) =1/26!

log2E = log2(26!) 88.4 bits

N0 88.4 / 3.7 23.9 k t

Nh vy cc M cha 24 k t tr ln s c th b gii m mt cch duy nht.

V d 1.20. Vi m one-time-pad:

X = khng gian kha = {tp hp cc on vn bn ting Anh c di k}

Z = khng gian kha = {tp cc chui ch di k trng bng ch ci ting

Anh}

Gi thit cc kha c chn mt cch ngu nhin vi xc xut ng nht

N0 = log2E/d

E= 26k log2(26

k) = k log2264.7k

N0 = (4.7k)/3.7 = 1.37k

Do , thm ch nu E nghe trm ton b tt c cc ch ci ca on M, c ta

vn khng th gii ph m (tm c TIN tng ng duy nht).

27

Ta c th tng tnh mt ca mt h m cho trc hay khng?

1. Tng ln khng gian kha 2. Gim tnh d tha ca ngn ng vn bn TIN: tin x l qua 1 bc thut ton

nn

Ch : mt thut ton nn l tng c th em li d tha 0, do N0 0

3. C th chn thm mt on vn bn ngu nhin phng ha th tn xut ca vn bn TIN. Ta s xt c th bin php ny di y

Cng thc sau cho bit d tha ca vn bn mi (sau khi chn thm chui k t

ngu nhin)

dML

Md

~

Vn bn TIN gc Chui ngu nhin chn

thm

M L

28

CU HI V BI TP M RNG

1. Phn bit cc thut ng cryptography, cryptanalysis v cryptology. Khoa hc mt

m l tng ng vi thut ng ting Anh no?

2. Trong thi k no, k thut mt m cha c coi l mt ngnh khoa hc? Ti

sao?

3. Hy phn bit cc h bin i m thng thng (Morse code, ASCII code) vi cc

h mt m.

4. Hy phn tch ngha ca Lut Kirchoff thy ti sao mt m hin i khng

chp nhn quan im cn che giu thut ton mt m.

5. Phn tch nhng nhc im chnh ca nguyn l h mt m i xng (SKC).

6. u im chnh ca mt m kha cng khai (PKC) so vi SKC?

7. Gii thch thut ng tn cng bit-bn-r (known-plaintext attack) v ly v d

nhng tnh hung thc t lm c s cho hnh thc tn cng ny.

8. Ti sao hnh thc tn cng bn-r-chn-sn (chosen-plaintext attack) c xem l

mnh hn so vi tn cng bit-bn-r.

9. Khi nim b mt tuyt i (perfect secretcy) c gn lin vi m hnh tn cng

no? Ti sao?

10. Phn bit bo mt chng minh c (provable security) v bo mt thc tin

(practical security).

11. Tm s lng kha thc s dng c vi mt m nhn tnh. Hy lp lun chi tit.

12. Hy tm (v a lp lun chi tit) s kha kh thi ca mt m affine.

13. Ti sao khng th ni mi kha ca mt m mt-bng-th u an ton nh nhau?

14. Ti sao ta khng th s dng quan h th t trong cng mt nhm tn sut trong

phn tch gii m? Gii thch qua v d.

15. Ti sao ni qui lut tn xut khng ng u chi phi mnh m hn cc t c

di ln hn?

16. Hy gii ti cng mt m trong v d 1.8 v dch ngha bn r sang ting Vit.

17. Hy gii thch ti sao th tn xut ca cc mt m ng m li bng

phng v ti sao m li c d tha?

18. Hy so snh IC ca mt bn r M v IC ca mt m ngu nhin R c

cng di. Lp lun gii thch cht ch.

29

19. Trong qu kh c nhiu ngi mun s dng One-time-pad vi kha chn t

mt quyn sch m hai bn nhn v gi u c (mi ln m li chn li kha). Nh

vy c m bo tnh b mt tuyt i?

20. Ti sao c th ni mt m one-time-pad l mt trng hp c bit ca mt m

Vigenere? C th ni g v IC ca mt m one-time-pad

Gio trnh An ton & Bo mt Thng tin 2012

TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 1

CHNG 2

Mt m khi v mt m kha i xng

1. Cc khi nim v nguyn l thit k c sCc h mt m c in c gii thiu trong chng trc u thuc loi mt m dng (stream cipher), trong php bin i mt m thc hin trn tng k t c lp. Tuy nhin ngy nay c a chung s dng hn l mt kiu mt m khc mt m khi (block cipher) -- trong tng khi nhiu k t c m ha cng mt lc. Trong mt m khi, cc tham s quan trng l kch thc ( di khi) v kch thc kha. Cc khi nim ny c minh ha qua v d sau y.

V d 2.1 Bng sau y biu din mt thut ton m ha theo khikey 000 001 010 011 100 101 110 111

0 001 111 110 000 100 010 101 011

1 001 110 111 100 011 010 000 101

2 001 000 100 101 110 111 010 011

3 100 101 110 111 000 001 010 011

4 101 110 100 010 011 001 011 111

Theo bng ny, d liu plaintext 010100110111 s c m ha thnh:010 100 110 111 111 011 000 101 theo key=1010 100 110 111 100 011 011 111 theo key=4 y s lng kha l 5, do 22 < 5 < 23 nn cn 3 bit biu din v lu gi kha, tc l kich thc kha l 3. ng thi kch thc khi cng l 3.

Cng qua v d n gin ny (ch c tnh cht minh ha), ta thy rng nu cc tham s kch thc khi v kha qua nh th mt m rt d b ph bng cc tn cng thng qua phn tch thng k. Chng hn trong v d trn, nu k th nhn c mt khi m ciphertext 001 th n c th d dng suy ra plaintext tng ng ch c th l 000 hoc 101 (nh thng k trn bng bin i m).

V vy, cc iu kin cn cho mt m khi an ton l:



Kch thc khi phi ln chng li cc loi tn cng ph hoi bng phng php thng k. Tuy nhin cn lu rng kch thc khi ln s lm thi gian tr ln.

Khng gian kha phi ln (tc l chiu di kha phi ln) chng li tm kim vt cn.Tuy nhin mt khc, kha cn phi ngn vic lm kha, phn phi v lu tr c hiu qu.

V cc nguyn l thit k mt m khi, ngi ta ghi nhn 2 nguyn tc c s sau c bo mt cao, l vic to ra confusion (tnh hn lon, rc ri) v diffusion (tnh khuch tn).

Confusion. (Hn lon, rc ri) S ph thuc ca bn m i vi bn r phi thc phc tp gy rc ri, cm gic hn lon i vi k th c nh phn tch tm qui lut ph m. Quan h hm s ca m-tin l phi tuyn (non-linear).Diffusion. (Khuch tn) Lm khuch tn nhng mu vn bn mang c tnh thng k (gy ra do d tha ca ngn ng) ln vo ton b vn bn. Nh to ra kh khn cho k th trong vic d ph m trn c s thng k cc mu lp li cao. S thay i ca mt bit trong mt khi bn r phi dn ti s thay i hon ton trong khi m to ra.

Mt cch n gin nht, confusion c th c thc hin bng php thay th (substitution) trong khi diffusion c to ra bng cc php chuyn i ch (transposition/permutation) hay hon v.Ton b s bin i mt m s l mt li cc bin i thay th-hon v (substitution-permutation network).

V du 2.2: Php hon v ct: m ha computer security, ta vit li thnh nhiu hng 5 ct c o m p u

t e r s e

c u r i t

y.

M to ra bng cch vit li theo ct: C T C Y O E U M R R P S I U E T

Bn cnh cc nguyn tc to tnh bo mt ni trn, vic thit k mt m khi cng cao cc nguyn tc ci t hiu qu.:

Ci t cho phn mm cn m bo tnh mm do v gi thnh thp. Ci t cho phn cng cn m bo tc cao v tnh kinh t.



p ng tt cc nguyn l thit k nu trn, cc thut ton mt m khi thng c t chc nh mt cu trc nhiu vng lp. Khi nim vng lp Mt cch ph bin, cc h m khi thng c thit k theo cu trc nhiu vng lp vi mi vng lp li gi thc hin mt hm f c s (nhng vi cc tham s khc nhau). Theo , u vo ca mt vng lp l u ra ca vng lp trc v mt kha con pht sinh t kha y da trn mt thut ton lp lch kha (key scheduler), hay cng gi l thut ton sinh kha con. Gii m s l mt qu trnh ngc, trong cc kha con s dng ti mi vng lp s c lp lch s dng theo th t ngc.

Hnh 2.1 S minh ha mt cu trc 16 vng lp, vi u vo v ra u c kch thc 64 bits (Ngun: Wikipedia). C hai khi hon v u v cui (IP v FP). Hm F c s ch nhn u vo 32 bits, nhng

tc ng ca n s rng khp qua ch 2 vng nh s hon v 2 na tri v phi.Thng thng, hm c s vng lp f c thit k c mt tnh cht c bit l tnh i hp hm (involution), tc l n bng hm ngc ca n: f = f-1 hay l f(f(x)) = x

V d 2.3 Ta xt php bin i f vi min xc nh: x {tp cc chui nh phn di 3}



213

123f (bit th nht v th hai i ch cho nhau, bit th ba gi nguyn).

Nh th ta c f l mt hm c tnh i hp, chng hn c th l: f(101) = 011; t f(f(101)) = 101

Chng ta s tm hiu chi tit mt h m khi in hnh, l chun mt m DES (Data Encryption Standard); chun ny ra i vo nm 1977 v thng tr ng dng mt m sut 2 thp k sau . Tuy nhin chun mt m ny tr nn lc hu, km an ton v c thay th bi chun mi AES (Advanced Encryption Standard).

2. Chun mt m DESLch s ca DESVo nhng nm u thp k 70, nhu cu c mt chun chung v thut ton mt m tr nn r rng. Cc l do chnh l:

S pht trin ca cng ngh thng tin v ca nhu cu an ton & bo mt thng tin: s ra i ca cc mng my tnh tin thn ca Internet cho php kh nng hp tc v lin lc s ha gia nhiu cng ty, t chc trong cc d n ln ca chnh ph M.

Cc thut ton cy nh l vn (ad hoc) khng th m bo c tnh tin cy i hicao.

Cc thit b khc nhau i hi s trao i thng tin mt m thng nht, chun.Mt chun chung cn thit phi c vi cc thuc tnh nh:1. Bo mt mc cao2. Thut ton c c t v cng khai hon ton, tc l tnh bo mt khng c php da trn nhng phn che giu c bit ca thut ton.3. Vic ci t phi d dng em li tnh kinh t4. Phi mm do p dng c cho mun vn nhu cu ng dng

Nm 1973, Cc qun l cc chun quc gia ca M c vn bn c ng cho vic to lp cc h mt m chun c quan ng k lin bang ca M. iu ny dn n s cng b vo nm 1977 ca cc An ninh Quc gia M (NSA) v Data Encryption Standard, vit tt l DES. Thc cht, DES c pht trin bi IBM nh l s sa i ca mt h m trc kia c bit vi ci tn Lucipher. Trong khong 2 thp k tip theo, DES l h m c dng rng ri nht v cng l gy ra nhiu nghi ng, tranh ci trong lnh vc ny: xung quanh cc nguyn tc thit k m bo tnh mt, chiu di kha tng i ngn v kh nng NSA cn che giu ca sau



(backdoor) c th b kha, ph m t tn km hn thng thng.

Thut ton v lu hot ng ca DESCc hnh v sau cung cp s khi qut v chi tit ca thut ton sinh m trong DES.

64

2

1

X

X

X

64

2

1

Y

Y

Y

5621 ZZZ Hnh 2.2 S c bn ca DES: u vo ca DES l khi di 64 bits, u ra 64 bits v kha l 56

bits.

Hnh 2.3 S gii thut sinh m DES vi cu trc 16 vng lp

S hnh v 2.3 cho thy DES c cu to bi 16 bc lp vi bc lp c s gi hm

DES

32 Bits

64 Bits

32 Bits

f

32 Bits32 Bits

f

32 Bits32 Bits

f

32 Bits32 Bits

f

32 Bits32 Bits

),( 1001 KRfLR

2K

iK

16K

0R

1K

),( 2112 KRfLR

),( 15141415 KRfLR

0L

01 RL

12 RL

1415 RL

),( 16151516 KRfLL 1516 RR

64 Bits

INPUT

OUTPUT



chuyn i phi tuyn f; 16 bc lp ny c kp vo gia hai tc t giao hon IP v IP-1. Hai tc t ny khng c ngha g v mt bo mt m hon ton nhm to iu kin cho vic ci t phn cng, chip ha thut ton DES. Hm c s f l ngun gc ca sc mnh bo mt trong thut ton DES ny. S lp li nhiu ln cc bc lp vi tc dng ca f l nhm tng cng tnh confusion v diffusion c trong f.

Thut ton sinh kha con16 vng lp ca DES cng gi thc hin f nhng vi cc tham s kha khc nhau. Tt c 16 kha khc nhau ny, c gi l kha con, cng sinh ra t kha chnh ca DES bng mt thut ton sinh kha con. Trong thut ton sinh kha con ny (lp lch kha), kha chnh K, 64 bit, i qua 16 bc bin i, ti mi bc ny mt kha con c sinh ra vi di 48 bit.

Hnh 2.4 S thut ton sinh kha con (Key Scheduler) Ngun: Wikipedia

Qua s thut ton sinh kha con c th thy rng thc s ch c 56 bit ca kha chnh c s dng, 8 bit cn li l m kim tra chn l (parity bits) v b lc ra bin i PC1. Cc b bin i PC1 v PC2 ch n gin l cc b va chn lc va hon v (PC = permuted choice = la chn c hon v). Cc bin i R1 v R2 (left rotate 1 bit v 2 bit) tng ng l cc php y bit tri 1 v 2 v tr.Cu trc vng lp DESMi vng lp ca DES thc hin trn c s cng thc sau:

(Li,Ri) = (Ri-1, Li-1 f (Ri-1,Ki))



trong , (Li,Ri) l 2 na tri v phi thu c t bin i ca vng lp th i. Ta cng c th vit li

(Li,Ri) = T F (Ri-1,Ki))

Trong F l php thay th Li-1 bng Li-1 f (Ri-1,Ki), cn T l php i ch hai thnh phn L v R. Tc l mi bin i vng lp ca DES c th coi l mt tch hm s ca F v T (tr vng cui cng khng c T).Ta c th vit li ton b thut ton sinh m DES di dng cng thc tch hm s nh sau:

DES = (IP)-1F16TF15T ... F2TF1 (IP)

Thut ton gii m DES c xy dng ging ht nh thut ton sinh m nhng c cc kha con c s dng theo th t ngc li, tc l dng kha K16 cho vng lp 1, kha K15 cho vng lp 2 ... V vy, thut ton gii m c th c vit li di dng cng thc sau:

DES-1 = (IP)-1F1TF2T ... F15TF16 (IP)

By gi ch rng mi hm T hoc F u l cc hm c tnh cht i hp (f=f-1, hay f(f(x) =x).

Do nu ta thc hin php tch hm DES-1DES hay DES DES-1 th s thu c php ng nht. iu gii thch ti sao thut ton gii m li ging ht nh sinh m ch c khc v tht trong chui kha con.Bi tp. Bn c hy t chng minh tnh i hp ca T v F ng thi ch r ti sao x= DES ( DES-1 (x) vi mi x l chui nh phn 64 bit.Cu trc c th hm fS bin i c th ca hm f c minh ha trong hnh 2.5. Trc ht, 32 bit ca thnh phn Ri-1 c m rng thnh 48 bit thng qua bin i E (expansion: m rng vi s lp li mt s bit) ri em XOR vi 48 bit ca kha Ki. Tip theo, 48 bit kt qu s c phn thnh 8 nhm 6 bit. Mi nhm ny s i vo mt bin i c bit gi l bin i S-box (c 8 S-box khc nhau ng vi mi nhm 6 bit) v cho ra kt qu l 8 nhm 4 bit. T , 32 bit hp thnh (sau khi qua 8 S-box khc nhau) s c hon v li theo hm hon v P a ra kt qu cui cng ca hm f (tc nhn ca Fi).



Hnh 2.5 Cu trc ca bin i hm f, bc lp c s ca DES. Ngun: Wikipedia

Cu trc ca cc S-BoxNh ta bit mi mt trong 8 nhm 6 bit s i vo mi trong 8 b bin i S1,S2 ... S8.Mi S-box bao gm 4 bng bin i dng, thc cht l mt bin i hon v cho 16 t hp ca 4 bits. Trong 6 bits u vo th hai bit ngoi cng (bit 1 v 6) c dng ch nh 1 trong 4 bng bin i dng ny; v th chng c gi l cc bit iu khin tri v phi (CL v CR).Cn li 4 bit chnh (cc bit 2-5) ca nhm 6 bit u vo s l t hp 4 bits b bin i.

S5Middle 4 bits of input

0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111

Outer bits

00 0010 1100 0100 0001 0111 1010 1011 0110 1000 0101 0011 1111 1101 0000 1110 1001

01 1110 1011 0010 1100 0100 0111 1101 0001 0101 0000 1111 1010 0011 1001 1000 0110

10 0100 0010 0001 1011 1010 1101 0111 1000 1111 1001 1100 0101 0110 0011 0000 1110

11 1011 1000 1100 0111 0001 1110 0010 1101 0110 1111 0000 1001 1010 0100 0101 0011

Hnh 2.6 Bng bin i S5: u vo 6 bits 011011 s c bin i thnh 1001 ( vng)Cc thuc tnh ca S-BoxCc nguyn tc thit k ca 8 S-box c a vo lp thng tin mt Classified information M. Mc d vy, NSA tit l 3 thuc tnh ca S-boxes, nhng thuc tnh ny bo m tnh confusion & diffusion ca thut ton.1. Cc bt vo (output bit) lun ph thuc khng tuyn tnh vo cc bt ra (input bit).2. Sa i mt bit vo lm thay i t nht l hai bit ra.3. Khi mt bit vo c gi c nh v 5 bit con li cho thay i th S-boxes th hin mt tnh



cht c gi l phn b ng nht (uniform distribution): so snh s lng bit s 0 v 1 cc u ra lun mc cn bng. Tnh cht ny khin cho vic p dng phn tch theo l thuyt thng k tm cch ph S-boxes l v ch.

R rng, 3 tnh cht ny m bo tt confusion & diffusion. Thc t, sau 8 vng lp tt c cc bit ra ca DES s chu nh hng ca tt c cc bit vo v tt c cc bit ca kha. Hn na s ph thuc ny l rt phc tp. Tuy nhin sau ny mt s tn cng mi c xut v cho thy 8 vng lp ny l cha bo mt (iu ny cho thy NSA bit trc cc dng tn cng ny nn mi qui nh s vng lp l 16 ngay t u).

Chnh cu to ca S-box gy tranh lun mnh m trong cc thp k 70-90 v kh nng c quan NSA (National Security Agency), M, vn cn che du cc mt s c tnh ca S-box hay ci bn trong nhng ca by (trapdoor) m qua h c th d dng ph gii m hn ngi bnh thng (bit cc b mt ny c th gin lc khng gian kha 256 tm kim vt cn nhanh hn). S pht hin sau ca cc tn cng mi, rt mnh nh tn cng vi phn, cng c s nghi ng ca gii khoa hc.

Cc im yu ca DES1.Tnh b.

K hiu u l phn b ca u (v d 0100101 v 1011010 l b ca nhau) th DES c tnh cht sau:

y = DESz (x) )x(DESy z

Cho nn nu bit M y c m ha t TIN x vi kha z th ta suy ra y c m ha t TIN

x vi kha z . Tnh cht ny chnh l mt im yu ca DES bi v nh k ch c th loi tr mt na s kha cn phi th khi tin hnh php th-gii m theo kiu tm kim vt cnkhng gian kha.

2. Kha yuCc kha yu l cc kha m theo thut ton sinh kha con th tt c 16 kha con u nh nhau

Z1 = Z2 = Z3 = ...=Z15 = Z16

iu khin cho php sinh m v gii m i vi cc kha yu ny l ging ht nhauDESz = DES

-1z

C tt c 4 kha yu nh sau:1) [00000001 00000001 ... ... 00000001]



2) [11111110 11111110 ... ... 11111110]

3) [11100000 11100000 11100000 11100000

11110001 11110001 11110001 11110001]

4) [00011111 00011111 00011111 00011111

00001110 00001110 00001110 00001110]

ng thi c 10 kha yu vi thuc tnh l tn ti Z, Z sao choDES-1z = DESz hay l DES

-1z = DESz

Tn cng bng phng php vt cn (hay l brute-force attack)DES c 256=1017 kha. Nu nh bit mt cp plaintext-ciphertext th chng ta c th th tt c 1017 kh nng ny tm ra kha cho kt qu khp. Gi s nh mt php th mt qung 10-6s(trn mt my PC thng thng), th chng ta s th mt 1011s tc l 7300 nm!Nhng nh rng y mi ch l s dng cc my tnh thng thng, cn c cc my tnh c ch to theo nguyn l x l song song. Chng hn nu nh lm c mt thit b vi 107 con chip mt m DES chy song song th by gi mi con chip ch phi chu trch nhim tnh ton vi 1010 php th. Chip m DES ngy nay c th x l ti tc l 4.5 x 107bits/s tc l c th lm c hn 105 php m DES trong mt giy.Diffie v Hellman (1977) c lng rng c th ch c mt my tnh chuyn dng vt cn khng gian kha DES trong1/2 ngy vi ci gi cho chic my ny l 20 triu la. Ci gi ny c tnh ton li v gim xung $200,000 vo nm 1987. V vy DES b ph bnh ngay t khi ra i v c kch thc kha qu ngn!Hin nay c nhng thit k c th cho loi my tnh chuyn dng ph kha ny da trn k thut x l song song tin tin v cho bit mt thit b kiu ny c gi khong $10,000 c th cho kt qu trong 1 ngy.

Sau y l mt on trch, tham kho t ngun Wikipedia (theo t kha DES):In academia, various proposals for a DES-cracking machine were advanced. In 1977, Diffie and Hellman proposed a machine costing an estimated US$20

million which could find a DES key in a single day. By 1993, Wiener had proposed a key-search machine costing US$1 million which would find a key within 7

hours. However, none of these early proposals were ever implementedor, at least, no implementations were publicly acknowledged. The vulnerability of DES

was practically demonstrated in the late 1990s. In 1997, RSA Security sponsored a series of contests, offering a $10,000 prize to the first team that broke a

message encrypted with DES for the contest. That contest was won by the DESCHALL Project, led by Rocke Verser, Matt Curtin, and Justin Dolske, using idle

cycles of thousands of computers across the Internet. The feasibility of cracking DES quickly was demonstrated in 1998 when a custom DES-cracker was built

by theElectronic Frontier Foundation (EFF), a cyberspace civil rights group, at the cost of approximately US$250,000 (see EFF DES cracker). Their motivation

was to show that DES was breakable in practice as well as in theory: "There are many people who will not believe a truth until they can see it with their own eyes.

Showing them a physical machine that can crack DES in a few days is the only way to convince some people that they really cannot trust their security to DES."

The machine brute-forced a key in a little more than 2 days search.

Tng kch thc kha ca DESNu nh ta dng nhiu khi DES ni tip th c th lm tng kch thc ca kha. Tuy nhin ch rng nu ni hai khi DES vi hai kha khc nhau th khng v th kch thc kha ca



c h thng c tng gp i thnh 56 *2 =112 bits m ch l 57 bit.Bi tp. Hy gii thch ti sao.S 3-DES di y, tri li, thc s cung cp mt h m vi di kha l 112 bits

Hnh 2.7 S 3-DES (Triple-DES)Cc dng tn cng khcDifferential Cryptanalysis. c cng b ln u bi E. Biham v A. Shamir vo cui nhng nm 80 (th k trc), tuy nhin thc t c bit n t lu nhng khng cng b bi IBM v NSA (Cc An ninh Quc gia M). ph c DES vi y 16 vng lp, tn cng ny cn ti 249 bn r chn trc (chosen plaintext). c c khi lng bn r ny l khng th xy ra trn thc t, iu cng cho thy l DES c thit k ban u trnh c tn cng ny.

Linear Cryptanalysis. Tn cng ny c pht hin bi Matsui vo nm 1994, v cn 243 bn r chn trc.

3. Cc h mt m khi khcCc mt m khi khc (Cho n nm 1999)Qua thi gian, c nhiu thut ton mt m khi khc nhau c xut bi cng ng khoa hc mt m nh FEAL (-4, -8, -N, -NX), NewDES, LOKI91, Blowfsh, RC2, MMB, IDEA ... Tuy nhin, kh nhiu trong s b ph gii hoc ch ra c nhng im yu nht nh. iu chng t xut thut ton m khi tt c th thay th c DES khng phi l n gin.Trong s ni trn IDEA (1990) c th c xem l thut ton c an ton cao nht, cho n gi vn cha c mt cng b no ni ln mt im yu ng k no ca DES, mc d k t nm 1990 c nhiu loi tn cng rt mnh c s dng th ph gii. IDEA chnh l mt trong cc thut ton c dng trong PGP (Pretty Good Privacy) - mt gii php bo mt khng thng mi gn nh duy nht cho php cc ngi dng trn Internet s dng cho cc nhu cu tha mn b mt ring nh e-mail.IDEA lm vic vi d liu khi 64 bit, nhng vi kha128 bit nn vic thay th s dng IDEA cho DES l mt kh khn ln.

DES DES-1 DESTIN M

K1 K2 K3



Mt m AESVo nm 2000, c quan qun l v chun v cng ngh ca M, NIST (National Institute of Standard and Technology), t chc mt cuc thi chn mt h mt m mi thay th cho DES. H m Rijndael c chn v c cng b (2002) nh l chun mt m mi thay th cho DES, vi tn gi l Advanced Encryption Standard (AES). Vo n vng trong cn c cc ng vin khc l RC6, Serpent, MARS v Twofish. H m ny c pht trin bi 2 nh khoa hc B, Joan Daemen v Vincent Rijnmen (v vy tn gi Rijndael c to ra t vic ghp tin t tn h 2 ng ny)

AES c xy dng trn nguyn l thit k li giao hon thay th (substitution-permutation network). y l mt h m c tc tt trong c ci t phn mm cng nh phn cng. Khc vi DES, AES khng theo mu thit k mng Feistel. Thay vo cc thao tc c bn c thc hin trn cc khi ma trn d liu 4*4 (bytes), c gi l cc trng thi (state). S vng lp ca AES l mt tham s xc nh trn c s kch thc kha: 10 vng lp cho kha 128bit, 12 cho 192 bit, 14 cho 256bit.

Gio trnh ny s khng i su tm hiu v AES. Sinh vin c khuyn khch tm c thm t cc ti liu tham kho v AES.

4. Cc ch s dng M khiThut ton m khi c u vo v u ra l cc khi c di xc nh (nh DES l 64bit). m ha mt d liu c di ty th ta phi ct d liu thnh nhiu khi n v v p dng thut ton m nhiu ln, ri sau s kt hp cc khi d liu thu c theo mt s no . C nhiu loi s , hay cn gi l ch mt m khc nhau, vi u nhc im khc nhau v c p dng cho cc nhu cu khc nhau. Sau y l mt s ch hay dng.

Ch bng tra m in t (Electronic code book - ECB)Trong ch ny, cc khi c to mt m ring bit, c lp. Do , nhng khi tin ging nhau s c m ha thnh nhng khi m ging nhau.iu ny tr nn nguy him, to ming t mu m cho k ch vn dng tn cng replay cng nh thao tc bin tp theo khi. K th c th nghe trm v tm cch thu thp cc mu tin-m ph bin, sau ct ghp v trn ln to ra cc bn m gi m bn nhn khng pht hin c. V d: Nu ECB c s dng trong truyn tin mt trong giao dch ngn hng, k ch c th tn cng lm gi thng bo, lnh chuyn ti khon. Nhc im ni trn khin cho vic truyn tin mt theo ch m ny l khng c li, tuy nhin ch ny thng c dng trong m ha thng tin lu tr, v d nh cc c s d liu v n cho php tng n v d liu c m ha c lp v do c th cp nht thay i d



dng tng phn m khng ng chm n cc phn khc ca c s d liu.

Hnh 2.8 S ch mt m ECB

Ch m mc xch (Cipher Block Chaining - CBC)Trong ch ny, mi khi tin trc khi c m ha th c XOR vi khi m sinh ra t bc trc .

X1 = X1 IVX2 = X2 Y1

...

Xi = Xi Yi-1Nh vy cc khi m u ph thuc rt cht vo nhau theo kiu mc xch. Cng qua c th thy rng CBC s to ra cc khi bn m khc nhau khi cc khi tin a vo l ging nhau tc l che giu c cc mu tin-m ph bin khi s theo di ca k th, chn ng kh nng ph hoi bng tn cng replay v bin tp ni trn. Ti bc u tin, khi cha c khi m sinh ra t bc trc, khi tin u s c XOR vi mt vecto khi u, chn ngu nhin, k hiu l IV (initial vector).

Hnh 2.9 S ch mt m CBCTnh cht ph thuc ln nhau ca cc khi bn m cn em li mt u th na l ngn chn k th sa i ct xn m truyn tin, v d ch thay i 1 bit trn m cng lm nh hng n ton b thng tin m c gii m t , n mc ngi nhn c th pht hin c d dng do on thng tin gii m s b hon ton v ngha.

E

IV

XiXi

E

IV

Xi XiYi Yi. . . . . . .



Tuy nhin tnh cht cng em li mt mi hi l nu nh m truyn i b sai 1 t do nhiu thgii m s b nh hng lan truyn nhiu, dn n phi pht li. Ngoi ra ch CBC mc nh s x l tun t, do khng th thc hin tnh ton song song, tc l khng th ci tin c tc cho h my tnh song song.

Liu c tn ti mt c ch tn cng khc, thng minh hn loi p dng cho ECB, ph m hoc li dng CBC? L lun v s ph thuc mc xch mi ch cho ta mt cm gic an ton ch cha phi l mt chng minh cht ch. Tuy nhin tnh an ton trong truyn tin mt ca ch CBC c chng minh cht ch bng phng php ton hc

Bi tp. Hy so snh 2 dng s mt m di y t lin h gia CBC vi mt m one-time-pad

S A: S dng mt chui ngu nhin lm kha chung

S B: biu din li CBC

Ch M phn hi k-bit (k-bit Cipher Feedback Mode - CFB)Vi mt s ng dng thi gian thc yu cu dng d liu truyn n phi lin tc hn l gin on (nh l chui k t truyn gia host v terminal phi to thnh dng k t lin tc). Do cc ch mt m khi x l v truyn theo tng khi mt tr nn khng thch hp; cc m stream cipher vi n v x l l k t - khi 8 bit s l thch hp hn vi dng ng dng ny.Ch CFB l mt ci tin cho php to ra kh nng truyn khi nh k-bit (vi k ty ) trong khi vn dng thut ton m khi.Dng tin i vo c mc bng tng gu vi dung lng k bit m k l tham s thay i c. Thut ton mt m khi E chy lin tc nh mt l nu: mi bc ngi ta ly k bit (bn tri nht) ca vector u ra t E b vo gu k bit tin, chng c XOR vi nhau. Kt



qu k bit va c em truyn i, va c b li vo u vo ca thut ton m khi: vecto u vo c dch tri k v tr v k bit phi nht s c thay th bi k bit ly t gu tin. Nh vy c th thy rng thut ton m khi c thc hin nh mt hm sinh cc s gi ngu nhin k-bit, cc ga tr ny li c XOR vi cc phn t k-bit tin ly vo to ra m truyn i.Qua trnh gii m th c tin hnh theo nguyn tc i xng.R rng ch ny cng cung cp cc kh nng nh ca ch CBC, thm vo n cho php truyn tin vi khi ngn ty , m bo cc ng dng v truyn-x l lin tc.

Hnh 2.10 S ch mt m CFB

Ch mt m kt qu phn hi (Output Feedback Mode OFB)Ch ny cng kh gn vi hai ch trn y, nhng cc php XOR to ra khi ciphertext l c lp ring r, ch khng c s ph thuc (mc xch) nh trc. Cc khi plaintext c XOR vi cc u ra output ca cc hm sinh m (thut ton mt m khi) m ring cc phn t output ca hm m ha ny l vn ph thuc mc xch (nn c gi l output feedback). Tuy nhin chui mc xch ny c th c thc hin off-line thng qua tin x l, trc khi thc s c thng tin vn bn cn gi i. Chnh v vy kh nng thi gian tnh ton c th c rt ngn nhiu. Ngoi ra, ch ny cng cho php m khi nh, nh stream cipher, ging nh vi ch CFB vy.

Hnh 2.11 S ch mt m OFB

l kE

l k

l kE

l k

Ptxt PtxtCtxti i

i i



Ch mt m con m (Counter mode CTR)y l ch mt m mi c pht minh khng lu lm (2000) v c cho l u t nht. S ca n n gin mt cch ng ngc nhin! S mc xch (feedback) gia cc khi c loi tr hon ton, lm cho CTR c nhng hiu nng tnh ton cao ng mong c

C th x l song song d dng v cc khi tnh ton han tan c lp; ngoi ra cng cho php tin x l tnh ton trc chui phn t output ca hm sinh m (chng qua l chui m ha ca dy s t nhin lin tip t gi tr IV ban u).

Khng c s ph thuc ln nhau nn c th dng vo m ha d liu lu tr ging nh vi ECB: cho php truy nhp ngu nhin (random access) thay v truy nhp tun t nh vi CBC chng hn.

Mc d c sn tnh ton rt n gin, tnh an ton ca ch ny c chng minh y bng cng c ton hc hnh thc, trn c s thng qua so snh vi mt m one-time-pad (t b mt tuyt i.

Hnh 2.12 S ch mt m CTR

Nguyn Khanh Vn & Trn c Khnh

Mt m v An ton Thng tin HBKHN-2012

Chng III - 1 -

CHNG 3

H thng mt m kha cng khai

1. Gii thiuNh nu, cc h thng mt m gii thiu cho n gi u c gi l cc h mt m kha i xng (Symmtric Key Cryptosystems) do vai tr hai bn gi v nhn tin u nh nhau v u s hu chung mt kho b mt. Cng c nhiu cch gi khc i vi cc h mt m ny, s dng ty vo cc ng cnh ph hp:

H m vi kha s hu ring (Private Key Cryptosystems) H m vi kha b mt (Secret Key Cryptosystems) H m truyn thng (Conventional Cryptosystems)

Chng ta s s dng k hiu vit tt cho h mt m i xng l SKC.

Tuy nhin cc h m i xng c nhng nhc im c bn nh sau: Vn qun l kho (to, lu mt, trao chuyn ...) l rt phc tp khi s dng trong

mi trng trao i tin gia rt nhiu ngi dng. Vi s lng NSD l n th s lng kho cn to lp l n(n-1)/2. Mi ngi dng phi to v lu n-1 kho b mt lm vic vi n-1 ngi khc trn mng. Nh vy rt kh khn v khng an ton khi n tng ln.

Th hai l, trn c s m i xng, ta khng th thit lp c khi nim ch k in t (m th hin c cc chc nng ca ch k tay trong thc t) v cng do khng c dch v non-repudiation1 (khng th ph nhn c) cho cc giao dch thng mi trn mng.

Vn l ch trong h SKC, thng tin mt c chia s chung bi c hai bn Alice v Bob, do Alice c th lm c bt k ci g m Bob lm v ngc li. Gii php duy nht cho vn ny l phi c thm mt thnh phn th ba trong bt c giao dch no gia Alice v Bob, tc l mt ngi c thm quyn (trusted authority) m c Alice v Bob u 1 Non-repudiation l c m bo cho mt qu trnh giao dch gia Alice (A) v Bob (B) nu trong mi trng hp mi bn u c bng chng chng gian nhng trng hp pha bn kia chi b mt giao dch no , v d A c th chi khng thc hin mt giao dch X no vi B bng vic ly c l c k mo nhn A lm by.

KAC KBC

KAB A

C

B

KCD KAD

KCD D



Chng III - 2 -

tin tng l trung thc. Ngi ny s lm chng v trng ti trong trng hp xy ra tranh ci gia hai bn trung thc. Ngi ny s lm chng v trng ti trong trng hp xy ra tranh ci gia hai bn Alice v Bob. Tuy nhin cng vic ca ngi trng ti ny s rtnng v phi tham gia vo tt c cc giao dch ca cc bn, v sm mun cng s tr thnh im qu ti v giao thng truyn tin cng nh tc x l -- im tc ngn c chai (bottleneck).

Sm nhn thc nhng vn , Diffie & Hellman trong cng trnh ni ting ca mnh (1976) xut nhng t tng v mt loi h m vi nguyn tc mi, xy dng xoay quanh mt NSD ch nhn h thng ch khng phi l xoay quanh mt cp NSD nh trong bi ton knh truyn tin mt truyn thng.

Trong h thng mi ny, mi NSD c hai kho, mt c gi l kho b mt (secret key hay private key) v mt c gi l kho cng khai (public key). Kho th nht ch mnh user bit v gi b mt, cn kho th hai th anh ta c th t do ph bin cng khai. Kho th nht thng i lin vi thut ton gii m, cn kho th hai thng i lin vi thut ton sinh m, tuy nhin iu khng phi l bt buc. Ta hy k hiu chng l z (kha ring) v Z (kha cng khai)

Hot ng ca chng l i xngX = D(z, E(Z, X)) (1)

v X = E(Z, D(z, X)) (2)

Trong h thc (1) biu tng cho bi ton truyn tin mt: bt k NSD no khc nh B,C,D ... mun gi tin cho A ch vic m ho thng tin vi kho cng khai (ZA) ca A ri gi i. Ch c A mi c th kho ring gii m (zA) v c c tin; k nghe trm Evekhng th gii m ly c tin v khng c kho zA.Cn h thc (2) s c s dng xy dng cc h ch k in t nh sau ny ta s nghin cu, trong thao tc K chnh l thc hin E(ZA) cn kim nh ch k l thng qua gi D(zA).H mt m theo nguyn tc ni trn c gi l h m vi kho cng khai (public key cryptosystems) hay cn c gi l m kha phi i xng (asymmetric key cryptosystems). Ta s vit tt h thng kiu ny bng PKC.

Nguyn tc cu to mt h PKC s dng ca by (trapdoor)Mt h m PKC c th c to dng trn c s s dng mt hm mt chiu (one-way). Mt hm f c gi l mt chiu nu:1. i vi mi X tnh ra Y = f(X) l d dng.2. Khi bit Y rt kh tnh ngc ra X.



Chng III - 3 -

V d 3.1. Cho n s nguyn t p1, p2, ...pn ta c th d dng tnh c N = p1 * p2 * ... * pn, tuy nhin khi bit N, vic tm cc tha s nguyn t ca n l kh khn hn rt nhiu, c bit l khi N ln v cc tha s nguyn t ca n cng ln.

Tuy nhin, chng ta cn mt hm mt chiu c bit c trng b mt ca by (trap door)sao cho nu bit s dng n th vic tm nghch o ca f l d dng, cn nu khng (khng bit b mt ca by) th vn kh nh thng.Mt hm mt chiu c ca by nh th c th dng to ra mt h m PKC nh sau. Ly EZ (hm sinh m) l hm mt chiu c ca by ny. Nh vy b mt ca by chnh l kha b mt z, m nu bit n th c th d dng tnh c ci nghch o ca EZ tc l bit Dz, cn nu khng bit th rt kh (ch cn cch th vt cn, thc t s l bt kh thi v khi lng tnh ton qu ln).Sau y chng ta s kho st hai v d v vic xy dng hm mt chiu c ca by. V d u tin l mt c gng nhng tht bi, h Trapdoor Knapsack. V d th hai l mt h thnh cng v rt ni ting, l h RSA.

2. Merkle-Hellman Trapdoor Knapsack (Ca by da trn bi ton ng thng)

Vo nm 1978, hai ng Merkle v Hellman xut mt thut ton m ho theo m hnh PKC da trn bi ton NG THNG (hay cn gi l bi ton ci ti, hay ba l) nh sau:

Cho 1 tp hp cc s dng ai, 1in v mt s T dng. Hy tm mt tp hp ch s S 1,2,...,n sao cho: iS ai = T

Bi ton ny l mt bi ton kh (NP-kh), theo ngha l cha tm c thut ton no tt hn l thut ton th-vt cn v nh vy thi gian x l s l hm m (trong khi bi ton c quan nim l d theo ngha tin hc nu c thut ton thi gian a thc).

V d 3.2 (a1, a2, a3, a4) = (2, 3, 5, 7) T = 7.Nh vy ta c 2 p s S = (1, 3) v S = (4).

T bi ton ng thng ny chng ta s kho st cc kh nng vn dng to ra thut ton m khi PKC. S u tin nh sau:

Chn mt vector a = (a1, a2, ... , an) - c gi l vector mang (cargo vector)Vi mt khi tin X = (X1,X2,X3 ..., Xn), ta thc hin php m ho nh sau:

T= aiXi (*) i=1,n

Vic gii m l: Cho m T, vector mang a, tm cc Xi sao cho tho mn (*).



Chng III - 4 -

S ny th hin mt hm mt chiu m dng lm sinh m th tnh ton d dng nhng vic gii m, tc tnh hm ngc ca n, l rt kh. By gi ta s tip tc tm cch a vo mt ca by (trapdoor) vic gii m c th lm c d dng (nu bit ca by b mt).

Merkle p dng mt mo da trn s dng vector mang c bit l vector siu tng (super-increasing) nh sau. Mt vect l siu tng nu thnh phn i+1 l ln hn tng gi tr ca cc thnh phn ng trc n (1i). Khi s dng mt vector siu tng lm vector mang th s thy vic tnh ngc, tc l gii bi ton ng thng l d dng nh mt gii thut thm n n gin. iu ny c minh ha qua v d bng s sau.

V d 3.3Vector mang siu tng: a=(1,2,4,8)Cho T=14, ta s thy vic tm X=(X1,X2,X3,X4) sao cho T= aiXi l d dng:t T=T0

X4=1 T1=T0-X4=6 (X1 X2 X3 1)X3=1 T2=T1-X3=2 (X1 X2 1 1)X2=1 T3=T2-2=0 (X1 1 1 1)

X1= 0 (0 1 1 1)

bc i, tng ch l Ti (tc l phi tm cc aj tng bng Ti). Ta em so snh Ti vi thnh phn ln nht trong phn cn li ca vector, nu ln hn th thnh phn ny c chn tc l Xi tng ng bng 1, cn ngc li th Xi tng ng bng 0. Sau tip tc chuyn sang bc sau vi Ti+1 = Ti-Xi.

Mc d ta thy s dng vector siu tng l vector mang cho php gii m d dng nhng, tt nhin, ta cn phi lm th no cho ch c ngi ch mi bit c v s dng n cn k th th khng. Tm li, cn to ra mt b mt ca by thng qua vic ngi ch phi ch ng ngu trang vector siu tng ch c anh ta mi bit cn ngi ngoi khng th ln ra c.

S sau y s trnh by mt c ch ngu trang nh vy. Vector a l mt vector siu tng b mt, s c ngy trang, tc l bin i thng qua mt hm g c chn sn to thnh vector a khng h c tnh siu tng (thm ch l c th gim); vector a ny s c s dng lm vector mang. Trong qu trnh gii m, ngi ch (Alice) s thc hin mt bin i vo d liu, trn c s p dng hm ngc g-1, chuyn vic gii m thnh gii mt bi ton ng thng vi vector siu tng l vector mang. Php bin i g c chn chnh l php nhn ng d vi mt gi tr kha b mt.



Chng III - 5 -

To kho: 1. Alice chn mt vector siu tng:

a = (a1,a2,...,an)a c gi b mt tc l mt thnh phn ca kho b mt2. Sau chn mt s nguyn m > ai, gi l mo-dul ng d v mt s nguyn ngu

nhin , gi l nhn t, sao cho nguyn t cng nhau vi m.Kho cng khai ca Alice s l vector a l tch ca a vi nhn t :

a = (a1,a2,...,an)

ai=ai (mod m); i=1,2,3...nCn kho b mt s l b ba (a, m, )

Sinh m:Khi Bob mun gi mt thng bo X cho Alice, anh ta tnh m theo cng thc:

T= aiXiGii m:Alice nhn c T, gii m nh sau:1. b lp ngu trang c ta trc ht tnh -1 (l gi tr nghch o ca , tc l -1

=1 mod m, s gii thiu thut ton tnh sau), ri tnh T=T-1 (mod m)2. Alice bit rng T = a. X nn c ta c th d dng gii ra c X theo siu tng a.

Ch thch: y ta c T = T-1 = aiXi-1 = aiXi-1 = (ai-1)Xi-1 = aiXi = a.X

Nh vy chng ta xem xt xong s c th ca Merkle-Hellman v mt h PKC da trn bi ton ng thng.

Tn cng v lc (Brute Force Attack)Ban u tn cng v lc c xem l cch duy nht ph h thng mt m ny.Vi nhng k khng bit trapdoor (a, m, ), ph gii m i hi phi tm kim vt cn qua 2n kh nng ca X. V vy vi n c chn ln tn cng v lc l bt kh thi v khi lng tnh ton. Tuy nhin tn cng v lc khng phi l cch duy nht.

S v ca gii php dng Knapsack (1982-1984).Shamir-Adleman ch ra ch yu ca gii php ny bng cch i tm 1 cp (,m) sao cho n c th bin i ngc a v a (tnh c kha b mt - Private key t kha cng khai). Nm 1984, Brickell tuyn b s v ca h thng Knapsack vi dung lng tnh ton khong 1 gi my Cray -1, vi 40 vng lp chnh v c 100 trng s.

Thut ton tm gi tr nghch o theo modul ng dVic xy dng Knapsack vi ca by i hi phi tnh gi tr nghch o ca theo modul m. Thut ton tm x = -1 mod m, sao cho x. = 1 (mod m) c gi l thut ton GCD



Chng III - 6 -

m rng hay Euclide m rng (GCD - Greatest common divior - c s chung ln nht).S d nh vy l v trong khi i tm c s chung ln nht ca hai s nguyn n1 v n2, ngi ta s tnh lun cc gi tr a,b sao cho GCD(n1, n2) = a*n1 + b*n2.T suy ra nu ta bit (n1,n2)=1 th thut ton ny s cho ta tm c a, b tho mn a*n1 + b*n2=1, tc l n1 chnh l nghch o ca a theo modulo n2 (tc l m)

Sau y l s thut ton v mt v d p dng bng s

V d 3.4. Tm ngch o ca 39 theo modulo 11t n1=39, n2=11 ta c bng tnh minh ha cc bc nh sau:

n1 n2 r q a1 b1 a2 b2

39 11 6 3 1 0 0 1

11 6 5 1 0 1 1 -3

6 5 1 1 1 -3 -1 4

5 1 -1 4 2 -7

D thy a=a2=2 chnh l nghch o ca 39 theo modulo 11

K t nm 1976, nhiu gii php cho PKC c nu ra nhng kh nhiu trong s b ph v hoc b ch l khng thc dng do dung lng tnh ton ln hoc thng tin n ra qu ln khi m ho.

Start

n1, n2n1>0

Initialization:a1=1, b1=0

a2 = 0, b2 = 1

Compute quotient q and remainder r

when n1 is divided by n2

r=0g = n2a = a2b = b2

g,a,b

UPDATE:

n1=n2

n2 = r

t=a2

a2 = a1 - q* a2

a1 = t

t=b2

b2=b1-q*b2

b1 = t

YesNo



Chng III - 7 -

Mt h thng PKC c th s dng vo 2 mc ch c bn: (1) Bo mt thng tin v truyn tin (2) Chng thc v ch k in t. Hai thut ton p ng cc ng dng trn thnh cng nht l RSA v Elgamal. Ni chung thut ton PKC l chm v khng thch hp cho mt m trn dng (online) vi truyn tin tc cao, v vy ch thng c s dng khi cn n tnh an ton cao v chp nhn tc chm. Ngoi ra ngi ta thng s dng kt hp PKC v SKC (symmetric key cryptosystems) vi PKC c tc dng khi ng mi cho SKC: dng PKC thit lp thut ton to ra kho b mt thng nht chung gia hai bn truyn tin sau s dng kho b mt trn cho pha truyn tin chnh bng SKC sau .

3. H thng kha cng khai RSARSA l h mt m kha cng khai ph bin v cng a nng nht trong thc t, pht minhbi Rivest, Shamir & Adleman (1977). N l chun mt m bt thnh vn i vi PKC, cung cp m bo tnh mt, xc thc v ch k in t.

C s thut ton RSA da trn tnh kh ca bi ton phn tch cc s ln ra tha s nguyn t: khng tn ti thut ton thi gian a thc (theo di ca biu din nh phn ca s ) cho bi ton ny. Chng hn, vic phn tch mt hp s l tch ca 2 s nguyn t ln hng trm ch s s mt hng ngn nm tnh ton vi mt my PC trung bnh c CPU khong trn 2Ghz.

tng (Motivation)Cc nh pht minh c la chn kh gin d l xy dng thut ton sinh/gii m trn c s php ton ly lu tha ng d trn trng Zn = {0,1,2,..n-1}. Chng hn, vic sinh m cho tin X s c thc hin qua:

Y =

y ta dng k hiu a = b + n ngha l a = b + k* n vi a Zn cn k = 1,2,3,..., v d 7 = 33 + 10) cn vic gii m:

X = (e kha sinh m, d kha gii m)Nh vy hai hm sinh m v gii m ny l hm ngc ca nhau, e v d phi c chn sao cho: Xed = X+ nNgi ta tm c cch xy dng cp s (e,d) ny trn c s cng thc nh sau:

+ n (nh l - le)Trong (n) hm s cho bit s lng cc s thuc Zn m nguyn t cng nhau vi n. Ngi ta cn chn e*d sao cho chia (n) d 1, hay d= e-1 + (n), khi ta s c iu cn thit:

Xed = Xk.(n)+1 =(X(n))d * X = 1*X =X

nX e

nY d

1)( nX



Chng III - 8 -

(n) c th tnh c khi bit cng thc phn tch tha s nguyn t ca n, c th l nu bit n = p*q (p.q l s nguyn t) th (n) = (p-1) (q-1).Ni cch khc nu nh cho trc mt s e th nu bit cng thc phn tch tha s nguyn t ca n ta c th d dng tm c d sao cho d = e-1 + (n) hay l Xed = X + n, cn nu khng bit th rt kh.Va ri l phn trnh by dn dt v ci ngun ca thut ton, sau y l thut ton c th.

Thut ton RSAXy dng: Chn cc tham s1. Chn hai s nguyn t ln p v q. Tnh n = p x q v m = (n) = (p = 1) x (q-1).2. Chn e, 1 e m -1, sao cho gcd (e, m) = 1.3. Tm d sao cho e * d = 1 (mod m), tc l tnh d = e-1 (mod m), gii theo thut ton gcd m rng trnh by phn trc.Kha cng khai (Public key) l (e, n)Kho dng ring (Private key) l d, p, q)

Gi s X l mt khi tin gc (plaintext), Y l mt khi m tng ng ca X, v l cc thnh phn cng khai v ring ca kho ca AliceM ho. Nu Bob mun gi mt thng bo m ho cho Alice th anh ta ch vic dng kho cng khai ca Alice thc hin:

Gii m: Khi Alice mun gii m Y, c ta ch vic dng kho ring zA = d thc hin nh sau:

V d 3.5Chn p = 11 v q = 13n=11*13=143m= (p-1)(q-1) =10 *12=120e=37 gcd (37,120) =1

S dng thut ton gcd tm sao cho e * d =1 120, ta tm c d= 13 (e*d =481) m ho mt xu nh phn, ta phi b ra thnh nhiu on di l u bit, sao cho 2u 142. Do u = 7. Mi on nh vy s l mt con s nm trong khon 0 - 127 v ta c th tnh m Y theo cng thc:

Chng hn vi X = (0000010) =2, ta c

Y= (00001100)Gii m nh sau:

),( AA Zz

nXXEY eZ A )(

nYYD dzA )(

120 eXY

14312)( 37 XXEZ

143212)( 13 YDX z



Chng III - 9 -

tin cho vic giao dch trn mng c s dng truyn tin mt, ngi ta c th thnh lp cc Public Directory (th mc kho cng khai), lu tr cc kho cng khai ca cc user. Th mc ny c t ti mt im cng cng trn mng sao cho ai cng c th truy nhp ti c ly kho cng khai ca ngi cn lin lc.

User (n,e)AliceBobCathy...

(85,23)(117,5)(4757,11)...

Mt s ng dng c bn (ca cc h thng mt m kha cng khai ni chung)a. Bo mt trong truyn tin (Confidentiality)

A s gi cho B. B d dng gii m bng kha b mt zBb. Chng thc+ Alice k ln tin cn gi bng cch m ho vi kho b mt ca c ta v gi

cho Bob

+ Khi Bob mun kim tra tnh tin cy ca tin nhn c, anh ta ch vic tnh v kim tra nu X = X th xc thc c tnh tin cy

(authenticity) ca X.Ch 1: Trong qu trnh ny c vic kim tra (i) tnh ton vn ca thng bo v vic (ii) xc thc danh tnh ca ngi gi c thc hin cng mt lc. Ta c (i) l v ch cn mt bit ca tin m b thay i th s lp tc b pht hin ngay do ch k khng khp. Ngoi ra c (ii) v khng ai c th to ra c thng bo ngoi Alice, ngi duy nht bit zA.Ch 2: Alice c th k vo gi tr bm (hash) ca X thay v k thng ln X. Khi ton b m m Alice s chuyn cho Bob l . H l mt hm bm cng khai.Phng php ny l hiu qu hn do tit kim (hm bm lun cho ra mt xu di c nh v thng thng ngn hn rt nhiu so vi xu u vo).c. Kt hp tnh mt v tin cy.Chng ta c th lm nh sau kt hp c hai kh nng a v b nh trn.A gi cho BB phc hi X nh sau: c bng chng nhm i ph vi vic Alice c th sau ny ph nhn gi thng bo (non-repudiation) th Bob phi lu gi

Mt s vn xung quanh thut ton RSAVn chn p v q:

+ p v q phi l nhng s nguyn t ln, t nht l c 100 ch s.

)(XEBZ

)(XDAz

))(,(),( XDXSXAz

))(()(' XDEXEXAAA zZZ

)))((,( XHDXAz

))(( XDEYAB zZ

))))(((())(( XDEDEYDEX

ABBABA zZzZzZ

)(XDAz



Chng III - 10 -

+ p v q phi ln c xp x nhau ( v di cng 100 ch s chng hn).Bi tp: Ti sao li c iu kin th 2?

Mt vi con s v tc thut ton trong ci t:

So snh vi DES th RSA:+ C tc chm hn rt nhiu. Thng th, RSA chm t nht l 100 ln khi ci t bng phn mm, v c th chm hn t 1000 n 10,000 ln khi ci t bng phn cng (cn ty cch ci t)+ Kch thc ca kho mt ln hn rt nhiu.Nu nh p v q cn biu din c 300 bits th n cn 600 bits. Php nng ln lu tha l kh chm so vi n ln, c bit l nu s dng phn mm (chng trnh). Ngi ta thy rng thc hin mt php nhn c m + 7 nhp Clock khi kch thc n l m bit.V bi ton phn tch ra tha s nguyn t

Gii thut tt nht vn l phng php sng s. Mt c lng v thi gian thc hin ca gii thut l:

L(n) Trong log2n cho s bit s bit cn biu din n, s cn phn tch ra tha s nguyn t. T rt ra, nu tng n ln thm 50 bit (qung 15 ch s thp phn) th thi gian lm phn tch ra tha s nguyn t tng ln 10 ln.

Vo nhng nm cui ca th k 20, ngi ta c lng thy, vi n=200, L(n) 55 ngn nm. i vi kh nng thc hin bng x l song song, mt trong cc kt qu tt nht v phn tch TSNT vi s ln cho bit phn tch mt s c 129 ch s, phn b tnh ton trn ton mng Internet v mt trn 3 thng.

Nh nu, nhng s nguyn kh phn tch tha s nht l nhng hp s l tch ca 2 s nguyn t c ln xp x nhau (v vy cc s nguyn t p v q thng c chn nh vy trong RSA). T in Bch khoa m, Wikipedia trn Internet, cho bit s nguyn c dng nh vy ln nht cho n nay m c phn tch tha s thnh cng, k hiu l RSA-768, c 768 bit hay 232 ch s thp phn. N c phn tch thnh cng vo ngy 12/12/2009 nh s cng tc ca nhiu c s nghin cu hin i trong vng 2 nm tri. Lng tnh ton thc hin trn nguyn l x l song song c so snh tng ng vi 2000 nm chy lin tc ca mt cu hnh x l 2.2 GHz AMD Opteron

RSA-768 = 12301866845301177551304949583849627207728535695953347921973224521517264005

07263657518745202199786469389956474942774063845925192557326303453731548268

50791702612214291346167042921431160222124047927473779408066535141959745985

6902143413

RSA-768 = 33478071698956898786044169848212690817704794983713768568912431388982883793

878002287614711652531743087737814467999489

n2log50

17.9

10



Chng III - 11 -

36746043666799590428244633799627952632279158164343087642676032283815739666

511279233373417143396810270092798736308917

Vn i tm s nguyn t ln:

Mt thut ton to ra tt c cc s nguyn t l khng tn ti, tuy nhin c nhng thut ton kh hiu qu kim tra xem mt s cho trc c phi l nguyn t hay khng (bi ton kim tra tnh nguyn t). Thc t, vic tm cc s nguyn t ln cho RSA l mt vng lp nh sau:1. Chn mt s ngu nhin p nm trong mt khong c ln yu cu (tnh theo bit)2. Kim tra tnh nguyn t ca p, nu l nguyn t th dng li, nu khng th quay li bc 1.

Nhng thut ton tt nh kim tra tnh nguyn t l kh tn thi gian v i hi c thc hin trn my tnh c tc cao. Tuy nhin ngi ta cng cn s dng cc thut tonxc sut, c kh nng on rt nhanh xem mt s c phi nguyn t khng. Cc thut ton xc sut ny khng a ra quyt nh ng tuyt i, nhng cng gn nh tuyt i; tc l xc sut bo sai c th lm nh ty , ch ph thuc vo thi gian b ra.

Xt v d mt thut ton xc sut, da trn phng php sau y ca Lehmann.Phng php Lehmann: Gi s n l mt s l, vi mi s nguyn a ta hy k hiu:

G(a,n) =

V d: Vi n=7, ta c 23=1, 33=6, 43=1, 53=6, 63=1; tc l G= 1,6.

Theo Lehmann, nu n l mt s l th

Documents

Giáo trình an toàn bảo mật thông tin