-
***Integrityauthenticityaccountability/privacyConfidentialityAvailability/
-
Identification
Authentication
Authorization
-
(Identification)
-
,
Cryptography is originated and developed from the requirements
of application.
-
2.1 2.2 DES2.3 2.4
-
2.1
-
virtual private network1
-
2
-
2
-
ATMATMATMPINATMPINPIN /C&RChallengen and Response
-
PIN kZero-Knowledge
-
/
(1)
(1) (1)
(2)(2) (2)(3)USBePass(3)(4)S() =C()(4)
-
HashVSS,SSL
-
3
-
1930K.Godel1906-1978(A.Church1903-1995)(A.M.TUI-ing1912-1954)
-
fg :2+35;fx2 g2x,fgfg,fggfgfg ()()()
-
, ,,
-
(E.L.Post1897-1954)-()
-
Turing (a) (b)
-
TuringTuring Turing
()()
-
(4)
-
: - Shannon Diffie/HellmanRSA
-
20
-
1949ShannonDES1975HellmanDiffieRSA
-
AliceEP K CBobDCK P
1DE2KAB 3P C
-
1D E XOR2KP One-time Padone time pad
-
Confusion Substitution
-
Diffusion p1:00000000 c1:00000010 p2:00000001 c2:00000011
p1:00000000 c1:01011010 p2:00000001 c2:11101011
-
(5)
-
(5)Shannon
-
-/
/-/ -
Kerkhoffs-/KEY
-
()()
-
A,B, C [D(x1x2)=D(x1)D(x2)]*C rEB(r)EB(x)DB(EB(r)EB(x))rxC
rrxDB(EB(r)EB(x))EB(r)EB(x)
-
PCKEDPCKkKekEP CdkDC PxPdkekxx
-
-/ -/ -/
-
dictionary attack brute force attack
-
symmetric cipher)conventional cipher)asymmetric
cipher):public-key cipher) , .,publickey).,private key).
-
ABCDABCD%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%ABCDABCD%#%%#%ABCD%#%
-
ABCDABCD%#%;~@%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@%#%;~@ABCDABCD%#%%#%ABCD%#%
-
block cipher):stream cipher):.
-
one-time pad[P =? NP]P NP PSPACE EXPTIME EXPSPACE()RSA ?
-
Unconditionally secure ,,,. Onetime padprovable security
Computationally secure .
-
brute force attackM key/sG
key/s2^3235.82^5610^32^12810^2410^18
-
1
-
DES DES (DES) 64 5664 56 DESDES
-
(AES)DES1997NIST2001 FIPS 197128 & 128/192/256
-
2
-
3
-
RSA (Rivest, Shamir, Adleman) 19771024Diffie-Hellman (DSS) SHA-1
(ECC)RSA
-
2.2 DES
-
substitution transpostion
-
wuhdwb lpsrvvleohTREATY IMPOSSIBLECi=E(Pi)=Pi+3(
ABCDEFGHIJKLMNOPQRSTUVWXYZ defghijklmnopqrstuvwxyzabc
-
24133421a1 2 1 3 Aa 1 2 1 3 Ab2 4 2 4 B b 2 4 2 4 Bc3 1 3 2 Cc 3
1 3 2 Cd4 3 4 1 Dd 4 3 4 1 Da1 2 1 31 2 2 41 2 3 2A1 2 4 1b2 4 2 42
4 3 22 4 4 1B2 4 1 3c3 1 3 23 1 4 13 1 1 3C3 1 2 4d4 3 4 14 3 1 34
3 2 4D4 3 3 2aAbBcAdAabcdABAAa2 4 1 32 4 2 42 4 3 2A2 4 4 1b3 1 2
43 1 3 23 1 4 1B3 1 1 3c4 3 3 24 3 4 14 3 1 34 3 2 4d1 2 4 11 2 1
31 2 2 41 2 3 2aBbAcCdAabcdBACAa3 1 1 33 1 2 43 1 3 23 1 4 1b4 3 2
44 3 3 24 3 4 14 3 1 3c1 2 3 21 2 4 11 2 1 31 2 2 4d2 4 4 12 4 1 32
4 2 42 4 3 2bBbCaDbBbbabBCDBa4 3 1 34 3 2 44 3 3 24 3 4 1b1 2 2 41
2 3 21 2 4 11 2 1 3c2 4 3 22 4 4 12 4 1 32 4 2 4d3 1 4 13 1 1 33 1
2 43 1 3 2aAaAcDdAaacdAADAa1 2 1 31 2 2 41 2 3 21 2 4 1b2 4 2 42 4
3 22 4 4 12 4 1 3c3 1 3 23 1 4 13 1 1 33 1 2 4d4 3 4 14 3 1 34 3 2
44 3 3 2aAbBcAdAabcdABAA abcd abcd bbab aacd abcd ABAA BACA BCDB
AADA ABAA4
-
DESShannon1949 Shannon Diffusion ConfusionShannon
-
block cipher()n64(Padding)
Codebook (Substitution Table)642^k
-
stream cipher keystream(,) XOR(plaintextkeystream)One-time
Pad
-
m=m1,m2,.mk k=k1,k2,.kk ci=mi ki ,i=1,2,.kRC4 SEALSoftware
Optimized Encryption Algorithm
-
8 vs. 11Padding
-
1Feistel/DESn2wL0 R0KKk1k2kr r16XORpxx = pF
-
Feistel Network
-
Feistel for LoopL0 R0L1R0
R1L0F(k1,R0)L2R1R2L1F(k2,R1)L3R3R3L2F(k3,R2)LiRi-1
RiLi-1F(ki,Ri-1)LnRn-1 RnLn-1F(kn,Rn-1)LnRn
-
Feistel /
-
2n2C L2R2L0+R0L1R0
R1L0F(k1,R0)L2R1R2L1F(k2,R1)L2R2R1L2L1R2F(k2,R1)R0L1L0R1F(k1,R0)L0R0L1R2F(k2,R1)L1F(k2,R1)F(k2,R1)L1L0R1F(k1,R0)L0F(k1,R0)F(k1,R0)L0
-
Feistel 16Round
-
FeistelDESCASTBlowfish/(Twofish?)RC6(/5)
FeistelAESIDEA
* FeistelXOR
-
DESIBMW. Tuchman C. Meyer 1971-19721967Horst
FeistelNBS)1973519748IBMLUCIFERDES197531977115Data Encryption
Standard19777152DES
-
DES SIZE=64bits SIZE=56bits =1616 =48bits
-
DESDES64645664
-
Data Encryption StandardDESDESFeistel 64bit 56bit 16S-Boxes
-
DES EncryptionOverviewPC-1PC-2PC-1PC2Round
-
Key: Permuted Choice One (PC-1)57 49 41 33 25 17 9 8 1 58 50 42
34 26 18 1610 2 59 51 43 35 27 2419 11 3 60 52 44 36 3263 55 47 39
31 23 15 40 7 62 54 46 38 30 22 4814 6 61 53 45 37 29 5621 13 5 28
20 12 4 6478K56C0D0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1617 18 19
20 21 22 23 2425 26 27 28 29 30 31 3233 34 35 36 37 38 39 4041 42
43 44 45 46 47 4849 50 51 52 53 54 55 5657 58 59 60 61 62 63 64
-
Key: Permuted Choice Two (PC-2)14 17 11 24 1 5 3 2815 6 21 10 23
19 12 426 8 16 7 27 20 13 241 52 31 37 47 55 30 4051 45 33 48 44 49
39 5634 53 46 42 50 36 29 3286918225648KiRound number 1 2 3 4 5 6 7
8 910111213141516Bits rotated 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
-
Keyi48bit282
-
IP & IP-158 50 42 34 26 18 10 260 52 44 36 28 20 12 462 54
46 38 30 22 14 664 56 48 40 32 24 16 857 49 41 33 25 17 9 159 51 43
35 27 19 11 361 53 45 37 29 21 13 563 55 47 39 31 23 15 78814040 8
48 16 56 24 64 3239 7 47 15 55 23 63 3138 6 46 14 54 22 62 3037 5
45 13 53 21 61 2936 4 44 12 52 20 60 2835 3 43 11 51 19 59 2734 2
42 10 50 18 58 2633 1 41 9 49 17 57 25IP16IP-1oddeven
-
DES
-
RoundKi 48bit
-
Expansion Permutation 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 1312
13 14 15 16 1716 17 18 19 20 2120 21 22 23 24 2524 25 26 27 28 2928
29 30 31 32 1Ri32bit 48bit68
-
Round Function6848
-
S-Boxes1-424
-
S-Boxes5-8
-
Permutation Function P
16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3
919 13 30 6 22 11 4 2584S
-
DES EncryptionReview
-
One Samplep=0123456789ABCDEFk=133457799BBCDFF1
c=85E813540F0AB405
-
DES64DESDESRSA challenge
DESAESDESAESDES/3DESAESRC4RC5IDEABlowfishFree/Open
-
DESDESDES2^47DES2^56 (DES Chanllenge III)DESAESDESDES
-
DES Modes of Operation-FIPS 81DES basic function:DES(IN, Key,
Enc/Dec) = OUT
Key 56bits (random bits!)Enc- IN 64bits plaintext block- OUT
64bits ciphertext blockDec- IN 64bits ciphertext block- OUT 64bits
plaintext block
-
Apply DES twice using two keys, K1 and K2. C = EK2 [ EK1 [ P ] ]
P = DK2 [ DK1 [ C ] ]
DESThis leads to a 2x56=112 bit key, so it is more secure than
DES. Is it?Goal: given the pair (P, C) find keys K1 and K2?
-
1ECB2CBC3CFB4OFB5CTR
-
1ECB648
-
1Figure ECB
-
2CBC: Cipher Block Chaining IV initialization vectorIV*
authentication* 8padding
-
CFB: Cipher FeedbackIV 64bitIVKeyRIVsRsXORssRRs
* stream cipher
-
CTR: Counter ModecounterXOR
* Counter
-
()* *,,,,
-
[]** 3 VPN SSL PGP*
-
(),,,
-
Link vs. End-to-end
-
App layer vs. Link layer
-
2.3
-
RotorDES New Directions in CryptographyWhitfield DiffieHellman
1976D-H
-
KDC K KdKeKd KeEPKe CDCKd PKe Kd
-
()
(one-way function)
-
One-way Functionxy=f(x)yx=f-1(y)///*
-
Trapdoor One-way Function()x
//
-
(KeKd)KeKd()KeKd( public key private key secret
key)KeKdKeKeCA
-
(P)(C)(P)PKe C = EPKe DCKdPKd*
-
RSAH S = SigHKdVerCKe HHKd
-
RSAMIT Rivest, Shamir & Adleman 1977 R, S, ARon
Rivesthttp://theory.lcs.mit.edu/~rivest/Adi
Shamirhttp://www.wisdom.weizmann.ac.il/~shamir/Len Adleman
http://www.usc.edu/dept/molecular-science///n/
- RSA512bitp,qnEuler(n)npq (n)=(p-1)(q-1)(n)e
-
RSAmnc=me mod n
m=cd mod n
-
RSAp7q17npq119(n)(p-1)(q-1)61696e5d77 (57738549611 mod
96)511977119 m19cme mod n= 195 mod 119 = 66 mod 119c66mcd mod n =
6677mod 11919 mod 119
-
RSA p, q eddenMiller-Rabin(p-1)/2(q-1)/2edEuclidede365537
X^Y%Z
-
RSA p, q eddenMiller-Rabin(p-1)/2(q-1)/2edEuclidede365537
X^Y%Z
-
RSAO(k), O(k){}K()O(k2), O(k2logk){} xc mod nO(k2logc){}
mod n
-
RSAmecd
n=pq(n)edn(n)d (n)d n(n)
-
Diffie-Hellman D-HqgAXaBXb AYag^Xa mod qBYbg^Xb mod q
YaYbAKYb^Xa mod qBK'Ya^Xb mod q KK'
-
K?
YaYbXaXbYag^Xa mod qYbg^Xb mod q
-
Diffie-Hellman ABq=53,g=17ABXA=5, Xb=7 AYagXa mod q=40BYbgXb mod
q=6 YaYbAKYb^Xa mod q=38BK'Ya^Xb mod q =38KK'
-
vs. 1000CA/
-
vs.
12
12312123
-
2.4
-
(,)(DH)
-
session key
-
1
-
1 2 3 3
-
nn(n+1)/2Diffie-Hellman
-
2Diffie-Hellman
-
DH76Diffie-Hellman
qgAXaBXb AYag^Xa mod qBYbg^Xb mod q YaYbAKYb^Xa mod qBK'Ya^Xb
mod q KK
-
KKKYb^Xa mod qKYa^Xb mod q (g^Xb)^Xa mod q (g^Xa)^Xb mod q
g^(XbXa) mod q g^(XaXb) mod q
q97g5AXa36BXb58Ya5^369750Yb5^5897445044AK44^369775BK50^589775K?YaYbXaXbYag^Xa
mod qYbg^Xb mod q
-
D-H-ABD-HpgEAYag^Xa mod p EEYaBTgt mod pBYg^X mod p EEYTgt mod
pD-HATK1gxa.tmod p; BTK2gxb.tmod pAK1BEK1K2BBBK2AEK2K1AAABE
-
Joux
-
3/1024RSA100/(10)100*128B =
10KB/s(ABKeB)ABAKsKeAKsBKeBBBKdBABAKsAKsA Ks
-
ABAB
-
4
-
Certification AuthorityCAIPCACA
CACA
-
1. AliceBobBob2. BobAliceCACABobBob3. AliceCABobBobBob4.
BobBob5. CAAliceBobCA
-
ABBobCAE(PUBCA(K))+EK(M)
-
5 1 RSATC
2AB A IDa B IDa TC A TC B
-
5 3
Step1:ARa Step2:BRb Step3:BATB:A
Step4:ABTA: B
-
ABSA BEMABRSA,ESAEABMAB
-
.Whitfield Diffie Martin Hellman [DH76]1976
,.,[Dif88]-(trap-door).Whitfield Diffie Martin Hellman [DH76]1976
,.,[Dif88]-(trap-door) IP C0D0 --- C15D15IP
