Bo Mt Thng TinTrn Nht Quang Khoa Cng Ngh Thng Tin H S Phm K Thut TP HCM trannhatquang4810@gmail.com

Cc Ni Dung

Thut ton m ha theo khi Mng thay th - hon v Shannon Cu trc M ha Feistel Thut ton DES v to kha con cho DES

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

2

Khi Nim M ha theo khi (Block cipher): l m ha d liu s mi

ln mt khi (block). Thng thng, 1 khi c kch thc 64 hoc 128 bit. P = p1p2pn C = c1c2cn ek(p1), ek(p2), , ek(pn) c1, c2,, cn Kha k khng thay i cho tt c cc khi.

Nh vy, m ha thng ip ln thc cht l m ha tng

khi vi quy trnh ging nhau. Do , khi nghin cu m ha theo khi ta ch cn xem xt

vic m ha 1 khi (64 hoc 128 bit) u vo (coi nh thng ip ngun) v u ra cn xem xt ch l 1 khi. ek(pi) ciBo Mt Thng Tin Chng 4. M Ha Theo Khi v DES

3

Mng Thay Th - Hon V 1949, Claude Shannon a ra tng v Mng Thay th -

Hon v (Substitution Permutation network), hay cn gi Mng S-P, to c s cho cc thut ton m ha theo khi. Mng S-P da trn 2 php bin i: Thay th (Substitution)

Hon v (Permutation)

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

4

Php Thay Th (Substitution Operation) Mt bit c thay th bng bit khc. Php thay th c qui nh bi kha. Nu u vo l n bit th kha di 2n

S kha c th c l 2n!: tng rt nhanh khi n tng. Kha c m t bng bng sau, gi l S-box

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

5

V D S-box Vi n = 3 bit ta c th c mt S-box nh sau:

u vo000 001 010 011 100 101 110 011 010 000 0 3 1 2 2 0 111 3 7 111

u ra

110 101 001 100 4 6 5 5 6 1 7 4

R rng, vi n bit: 1 S-box chnh l 1 hon v ca 2n phn t,

c gi tr t 0.. 2n -1 S S-box c th c l 2n!Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES

6

Php Hon V (Permutation Operation) Cc bit hon i v tr vi

nhau c quy nh bi kha. u vo n bit th kha di n

S lng kha c th c l n! S lng kha tng chm

hn trong php thay th nn an ton cng thp hn. Kha c m t bng P-box

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

7

V D P-box Vi n = 3 bit ta c th c mt P-box nh sau:

u vo

u ra

1 3 R rng, vi n bit:

2 1

3 2

1 P-box chnh l 1 hon v ca n phn t. S P-box c th c l n!Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES

8

Kt Hp P-box Vi S-boxP box-6bits S boxes-3bits0 0 1 2 3 4 5 6

P box

01 1 0

00 1 1

1 2 3 4 5 6

11 0 0

10 1 1

70 1 2 3 4 5 6 7Bo Mt Thng Tin

70 1 2 3 4 5 6 7

...

10

01

11

109

Chng 4. M Ha Theo Khi v DES

Mng Thay Th - Hon V Shannon kt hp cc S-box v P-boxes to ra mng S-P

(Substitution-Permutation):

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

10

M Ha Feistel Trn thc t mng S-P c s dng m ha v gii m

Cn phi d xc nh cc box S-P nghch o v d ci t bng phn mm (software). u 1970s, Horst Feistel IBM vo ngh ra 1 cu trc

thch hp, c gi l M ha Feistel (Feistel cipher): Khi ngun c chia thnh 2 na, L(i-1) v R(i-1), v ch s

dng R(i-1) trong vng th i ca thut ton. Cc kha con th i: K(i) c to ra t kha K. Kha K(i) kim sot hm g, cho php kt hp vng th i ca mng S-P.

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

11

M Ha Feistel (2) Cc php bin i vng th i: L(i) = R(i-1) R(i) = L(i-1) XOR g(K(i), R(i-1))

Cc php bin i ny d dng o ngc (xem s ) Trn thc t, ngi ta kt hp cc vng ny (thng l 16

vng) trong thut ton y .

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

12

Cc Nguyn Tc Thit K Cc thnh phn lm vic cng nhau, trong : S-Box: To ra s xo trn (confusion) cc bit ngun. P-Box: To ra s truyn b (diffusion) cc bit sau S-box.

Nhng khi nim ny cn c Webster v Tavares gi l

hiu ng tuyt l (Avalanche) v hiu ng ton vn (Completeness).

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

13

Hiu ng Tuyt L (Avalanche Effect) Khi thay i 1 bit ngun s dn n s thay i gn mt na

cc bit ch. Hm f s c coi l c hiu ng tuyt l tt nu: Vi mi bit i, 0 i < m, nu 2m bit c chia thnh 2m/2 cp (X, Xi)

ch khc nhau bit i th lun tm c bit gi tr 1 trong t nht trong 2m/2 bit ca tng Vi = f(X) XOR f(Xi) Hiu ng ny bo m mi thay i nh ca ngun s dn ti

s thay i ln ca ch. Do d cho k l gn on ra ngun, kt qu cui cng vn

cn rt xa vi. V d: Trong m ha thay th (c in), c 2 cp ngun v m: cat

rfg v c_ts rfgy trong c cp th 2 c 1 k t cha bit, c th da vo cp u suy ra l ch a bi v ciphertext ging nhau.Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES

14

Hiu ng Ton Vn (Completeness Effect) Mi bit ch l hm phc hp ca tt c cc bit ngun. Hm f s c coi l c hiu ng ton vn tt nu: Vi mi bit j (0 j < m) trong cc ciphertext tm c t nht

1 cp plaintext X v Xi khc nhau ch ti bit i (i) m f(X) v f(Xi) khc nhau ti bit j. Hiu ng ton vn bo m mi bit ch ph thuc vo tt

c cc bit ngun. Do k l s khng th dng nguyn tc Chia tr (tm

cc cp m ngun tng ng) thm m. 2 hiu ng ny l cc tnh cht khc bit so vi cc thut

ton c in.Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES

15

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

16

S Lc Lch S Nhng nm 1973, 1974 nhu cu gi b mt thng tin tr nn cp

thit m cc thut ton c in khng p ng c. T chc NIST (National Institute of Standards and Technology)

ku gi to ra cc thut ton m ha mi v an ton hn. IBM a ra Lucifer, sau c thit k li thnh DES. DES tr thnh chun ca NIST (1976), c s ci t phn

cng (1977), l chun ANSI cho c phn cng v phn mm (1981). DES c s dng rng ri trn th gii, c bit l trong cc

giao dch ngn hng, thng tin lin lc. nh kz, ANSI cng nhn li chun cho thi gian 5 nm tip theo. DES l thut ton m ha khi ph bin trong 1975-2005.Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES

17

Khi Qut DES S dng kha 56-bit DES cho tc tnh ton nhanh nhng

d b thm m bng vt cn kha nh Diffie v Hellman d bo. V DES b ph m: 1997 bng mng my tnh ln trong vi thng

1998 bng my tm kha c bit trong vi ngy 1999 bng t hp cc my trn trong 22 gi 15

Qu trnh m ha 1 khi 64-bit bng DES: Hon v ban u IP (Initial Permulation) 16 vng tnh ton phc tp c s dng kha Hon v kt thc l nghch o ca IPBo Mt Thng Tin Chng 4. M Ha Theo Khi v DES

18

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

19

To Cc Kha Con (Subkey) Kha K ban u 64 bit Chuyn thnh kha 56 bit (Permuted Choice 1 hay PC1) Chia thnh 2 na C0 v D0 Dch tri C0 v D0 i 1 bit ta c C1 v D1 Nht ra c kha K1 (48 bit)

Dch tri C1 v D1 i 1 bit ta c C2 v D2 Nht ra c kha K2 (48 bit) Dch tri C2 v D2 i 2 bit ta c C3 v D3 Nht ra c kha K3 (48 bit)

. Dch tri C15 v D15 i 1 bit ta c C16 v D16 Nht ra c kha K16 (48 bit)Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES

20

To Kha Con

7 bit

1 bitP

64 bit

7 bit

1 bitP

Bt u t kha khi to 64 bit b cc bit 8, 16, 24, 32, 40,

48, 56, 64 ta c kha 56 bit. Theo bng PC1 ta chn c 2 dy 28 bit C0,D0 Dch tri 1 (i vi cc kha 1,2,9,16) hoc 2 bit (i vi cc kha cn li) Theo bng PC2 ta ln lt chn c 16 kha 48 bitBo Mt Thng Tin Chng 4. M Ha Theo Khi v DES

21

LS - Left Shift LSi dch 1 bit nu: i = 1,2,9,16 LSi dch 2 bit nu: i 1,2,9,16 Tng s ln dch: 4*1 + 12*2 = 28 Do : C0 = C16 ;D0 = D16 Ki = PC2( KS( PC1(K), i ) )K148

K64

PC156

C028

D028

LS1 28

LS1 28

PC2

56

C128

D128

LS2

LS2

LS16 LS16 Bo Mt Thng Tin

K16

48

Chng 4. M Ha Theo Khi v DES

PC2

56

C16

D16

22

PC157 49 41 33 25 171 10 2

PC29 14 17 11 243 16 28 15 7 6 4 23 19 12

126

58 2

58 50 42 34 26 18 59 51 43 35 27 3 60 52 44 36

21 10

19 11 7 14

27 20 13

63 55 47 39 31 23 15 62 54 46 38 30 22 6 61 53 45 37 29 5 28 20 12 4

41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32

21 13

PC1:

Input: 64 bit (nh s t tri sang phi 1-64) Output: Kha 56-bit gm 2 na 28-bit C v D PC2: Input: Kha 56-bit (nh s t tri sang phi 1-56) Output: Kha 48-bit (Na 24 bit t C dng cho S1-S4 Na 24 bit t D dng cho S5-S8) S quay 2 na kha C v D:vng: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 KS : 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 Bo Mt Thng1 2 4 6 8 10 12 14 15 M Ha Theo Khi 23 25 27 28 Chng 4. 17 19 21 v DES Total : Tin23

To kha con (2)

1 9

2

3

4

5

6

7

8

57 49 41 33 25 17 1 106456

9

10 11 12 13 14 15 16

58 50 42 34 26 18 2 59 51 43 35 27 3 60 52 44 36

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 3233 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64

19 117 14

63 55 47 39 31 23 15 62 54 46 38 30 22 6 61 53 45 37 29 5 28 20 12 4

21 13

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

24

0

1

0

1 1

0

1

1

5b

K (64 bit)

0 0 1 0 1 0 0

0 1 1 0 1 0 1

0 1 1 0 1 1 1

0 1 1 0 1 0 0

0 1 0 0 0 0 1

0 1 1 1 1 1 1

0 1 1 0 1 0 1

00 0 0 0 0 0

11 1 1 1 1 1

00 1 1 0 1 1

1 11 0 0 0 0 1 1 0 0 0 0 1

01 1 0 1 1 1

11 1 1 1 1

01 1 0 0 1

5a57 67 6a 56 67 6e PC1 6456

1 1 1 1 1 1 1

1 09

57 49 41 33 25 17 1 10 2

0 1 1 0

0 1 1 0

0 1 0 1

0 1 1 0

0 1 1 0

0 1 0 0

0 1 0 0

0 1 0 0

00 ff d8 20 ff ec

58 50 42 34 26 18 59 51 43 35 27 3 60 52 44 36

19 11

63 55 47 39 31 23 157 14 62 54 46 38 30 22 6 61 53 45 37 29 5 28 20 12 4

11 1 0

11 0 1

11 0 1

10 1 1

11 0 0

11 0 0

10 1 0

10 1 025

9370

Bo Mt Thng Tin

21 13

Chng 4. M Ha Theo Khi v DES

0 0 0

1 1 1

0 0 0

1 1 1 1 1 0

0 0 1

1 1 1

1 0 1

5b 5a 57

K (64 bit)

0 1 1 0

0 1 1 0 1 0

0 1 0 1 1 0

0 1 1 0 0 1

0 1 1 0 1 0

0 1 0 0 1 0

0 1 0 0 0 1

0 1 0 0 0 1

00 ff d8 20 ff

C0PC1 6456

00 0 0 0

11 1 1 1

11 0 1 1

0 00 1 1 0 0 0 0 1

10 1 1 1

11 1 1 1

10 0 1 0

676a 56 67 6e

1 1 1 1 1 1 1 11 1

ec93 70

D0 C1PC2 4856

0

1

1

1

0

0

0

0

K1 (48 bit) 0 0 0 0 0 0 0 0 1 0 0 1 1 0 1 0 1 1 1 0 0 0 0 1 0 0 1 1 0 1 1 0 38 09 1b 26 0 1 1 0 1 1 0 0 1 0 1 1 1 0 0 1 1 0 1 0 1 1

Dch 10 1 1 0 1 1 0 0 1 0 0 1 1 0 0 1 0 0 1 0 1 0 1 0 0 1 0 1 1 1 0 0 1 1 0 01 ff b0 40

00 0

00 0

11 1

01 0

11 0 1

10 1 1

11 1 1

10 1 1

2f3a 27

ffd9 26 f0 26

0 Mt Thng Tin 0 0 Bo 0

1 0f Chng 4. M Ha Theo Khi v 1 DES 1

D

1 0 0 0 0

14 17 11 24 3 16 28 15 7 6 4 23 19 12

1 26

5 8 2

9

18 22 25

1 9

2 10

3 11

4

5

6

7

8

21 10

35 38 43 54

12 13 14 15 16 0 0 0 0

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44

27 20 13

41 52 31 37 47 55 30 40 51 45 33 48

44 49 39 56 34 5346 42 50 36 29 32 K1 (48 bit) 0 0 0 0 0 0 0 0 1 0 0 1 1 0 1 0 1 1 1 0 0 0 0 1 0 0 1 1 0 1 1 0 38 09 1b 26

45 46 47 48 49 50 51 5253 54 55 56 0 0 0 0

C1PC2 4856

0 1 1 0 1 1 0

0 1 0 1 1 1 0

0 1 1 0 1 0 1 1

0 1 1 0 1 1 0

0 1 0 0 1 1 0

0 1 0 0 1 0 1

0 1 0 0 1 0 1

1 1 0 0 1 1 0

01 ff b0 40

00 0

00 0

11 1

01 0

110

10 1 1

11 1 1

10 1 1

2f3a 27

ffd9 26 f0 27

0 Mt Thng Tin 0 0 Bo 0

1

1 0f Chng 4. M Ha Theo Khi v 1 DES 1

D

1 0 0 0 0

V D To KhaKeyinit(5b5a5767, 6a56676e) (64-bit) TO 16 KHA CON 48 BIT PC1(Keyinit) C0= 00ffd820, D0= ffec9370 (56-bit key) vng 01 C= 01ffb040, D=ffd926f0, SK1 = (38 09 1b 26 2f 3a 27 0f) vng 02 C= 03ff6080, D=ffb24df0, SK2 = (28 09 19 32 1d 32 1f 2f) vng 03 C= 0ffd8200, D=fec937f0, SK3 = (39 05 29 32 3f 2b 27 0b) vng 04 C= 3ff60800, D=fb24dff0, SK4 = (29 2f 0d 10 19 2f 1d 3f) vng 05 C= ffd82000, D=ec937ff0, SK5 = (03 25 1d 13 1f 3b 37 2a) vng 06 C= ff608030, D=b24dfff0, SK6 = (1b 35 05 19 3b 0d 35 3b) vng 07 C= fd8200f0, D=c937ffe0, SK7 = (03 3c 07 09 13 3f 39 3e) vng 08 C= f60803f0, D=24dfffb0, SK8 = (06 34 26 1b 3f 1d 37 38) vng 09 C= ec1007f0, D=49bfff60, SK9 = (07 34 2a 09 37 3f 38 3c) vng 10 C= b0401ff0, D=26fffd90, SK10 = (06 33 26 0c 3e 15 3f 38) vng 11 C= c1007fe0, D=9bfff640, SK11 = (06 02 33 0d 26 1f 28 3f) vng 12 C= 0401ffb0, D=6fffd920, SK12 = (14 16 30 2c 3d 37 3a 34) vng 13 C= 1007fec0, D=bfff6490, SK13 = (30 0a 36 24 2e 12 2f 3f) vng 14 C= 401ffb00, D=fffd9260, SK14 = (34 0a 38 27 2d 3f 2a 17) vng 15 C= 007fec10, D=fff649b0, SK15 = (38 1b 18 22 1d 32 1f 37) vng 16 C= 00ffd820, D=ffec9370, SK16 = (38 0b 08 2e 3d 2f 0e 17)

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

28

Ti Liu Tham Kho[1] ng Trng Sn, BMTT_04_ModernBC_DES.ppt, H S Phm K Thut TP HCM.

[2] William Stallings, Cryptography and Network Security Principles and Practices, Fourth Edition, Prentice Hall, November 16, 2005. [3] Dng Anh c v Trn Minh Trit, M ha v ng dng, i hc Quc gia thnh ph H Ch Minh, 2005.

Bo Mt Thng Tin

Chng 4. M Ha Theo Khi v DES

29