Upload
minh-dc
View
78
Download
44
Embed Size (px)
DESCRIPTION
Giáo trình an toàn bảo mật thông tin do tiến sỹ Nguyễn Khanh Văn biên soạn.
Citation preview
1
Chng 1
CC KHI NIM C S & H M C IN
Chng ny s bt u a bn c lm quen vi th gii mt m. Mc du l
chng u, nhng cc khi nim c s c gii thiu c tm bao qut v kh tru
tng. Chng ti hy vng cc v d c th s h tr c lc. Cc h mt m c in
t lu khng c s dng trong thc t, nhng chng vn to ra nhng ngun kin
thc qu gi, h tr c lc cho vic lm quen vi lnh vc. Cc ch chnh ca
chng nh sau:
Cc khi nim c s
Mt s h mt m c in
c thm: L thuyt v s b mt tuyt i (Shannon)
1.1 CC KHI NIM C S
Mt m l mt lnh vc khoa hc chuyn nghin cu v cc phng php v k
thut m bo an ton v bo mt trong truyn tin lin lc vi gi thit s tn ti ca
cc th lc th ch, nhng k mun n cp thng tin li dng v ph hoi. Tn gi
trong ting Anh, Cryptology c dn gii ngun gc t ting Hy lp, trong kryptos
ngha l che du, logos ngha l t ng.
C th hn, cc nh nghin cu lnh vc ny quan tm xy dng hoc phn tch
( ch ra im yu) cc giao thc mt m (cryptographic protocols), tc l cc phng
thc giao dch c m bo mc tiu an ton cho cc bn tham gia (vi gi thit mi
trng c k i ch, ph hoi).
Ngnh Mt m (cryptology) thng c quan nim nh s kt hp ca 2 lnh
vc con:
1. Sinh, ch m mt (cryptography): nghin cu cc k thut ton hc nhm
cung cp cc cng c hay dch v m bo an ton thng tin
2. Ph gii m (cryptanalysis): nghin cu cc k thut ton hc phc v phn
tch ph mt m v/hoc to ra cc on m gin nhm nh la bn nhn tin.
Hai lnh vc con ny tn ti nh hai mt i lp, u tranh cng pht trin
ca mt th thng nht l ngnh khoa hc mt m (cryptology). Tuy nhin, do lnh vc
th hai (cryptanalysis) t c ph bin qung i nn dn dn, cch hiu chung hin
2
nay l nh ng hai thut ng cryptography v cryptology. Theo thi quen chung
ny, hai thut ng ny c th dng thay th nhau. Thm ch cryptography l thut ng
a dng, ph bin trong mi sch v ph bin khoa hc, cn cryptology th xut hin
trong mt phm vi hp ca cc nh nghin cu hc thut thun ty.
Mc d trc y hu nh mt m v ng dng ca n ch ph bin trong gii
hp, nhng vi s pht trin v bo ca cng ngh thng tin v c bit l s ph bin
ca mng Internet, cc giao dch c s dng mt m tr nn rt ph bin. Chng
hn, v d in hnh l cc giao dch ngn hng trc tuyn hu ht u c thc hin
qua mt m. Ngy nay, kin thc ngnh mt m l cn thit cho cc c quan chnh
ph, cc khi doanh nghip v c cho c nhn. Mt cch khi qut, ta c th thy mt
m c cc ng dng nh sau:
Vi cc chnh ph: bo v truyn tin mt trong qun s v ngoi giao, bo v
thng tin cc lnh vc tm c li ch quc gia.
Trong cc hot ng kinh t: bo v cc thng tin nhy cm trong giao dch nh h
s php l hay y t, cc giao dch ti chnh hay cc nh gi tn dng
Vi cc c nhn: bo v cc thng tin nhy cm, ring t trong lin lc vi th gii
qua cc giao dch s dng my tnh v/hoc kt ni mng.
1.1.1 Nhng k nguyn quan trng trong ngnh mt m
Thi k tin khoa hc: Tnh t thng c cho n 1949. Trong thi k ny, khoa
mt m hc c coi l mt ngnh mang nhiu tnh th cng, ngh thut hn l tnh
khoa hc.
Cc h mt m c pht minh v s dng trong thi k ny c gi l cc h
mt m c in. Sau y ta lm quen vi hai v d h m rt ni ting ca thi k ny.
1. Mt php m ho (cipher) trong thi k ny l ca Xe-da (Caesar's cipher),
cch y 2000 nm: cc ch ci c thay th bng cc ch ci cch chng 3 v tr v
bn phi trong bn alphabet:
DASEAR FDHVDU
2. Vernam cipher (1926): ngi ta em thc hin php XOR vn bn gc
(plaintext) vi mt chui nh phn ngu nhin c di bng di ca vn bn gc
(chui ny l chnh l kho ca php m ho). Trong cipher loi ny, kho ch c
dng ng mt ln duy nht. Vernam tin rng cipher ca ng l khng th ph c
nhng khng th chng minh c.
K nguyn mt m c coi l ngnh khoa hc: c nh du bi bi bo ni
ting ca Claude Shannon Commication theory of secretcy systems , c cng b
nm 1949. Cng trnh ny da trn mt bi bo trc ca ng m trong ng cng
3
khai sng ra ngnh khoa hc quan trng khc, l thuyt thng tin (inforrmation
theory). Bi bo nm 1949 ca Shannon nn mng cho vic p dng cng c ton,
c th l xc sut, trong xy dng m hnh v nh gi tnh mt ca cc h m mt.
Tuy nhin s bng n thc s trong l thuyt v mt m (Cryptology) ch bt
u t bi bo ca hai nh bc hc Diffie v Hellman, New directions in
cryptography, c cng b vo nm 1976. Trong , cc ng ny chng t rng
trong truyn tin b mt, khng nht thit l c hai bn u phi nm kho b mt (tc
bn gi phi lm cch no chuyn c kho mt cho bn nhn). Hn na h ln
u tin gii thiu khi nim v ch k in t (digital signature).
Mc d mt m c th coi l mt ngnh ton hc pht trin cao, i hi t duy
cao nm c cc thnh tu hin i ca n, nhng c s xut pht ban u ca n
li l mt m hnh thc tin kh n gin nh sau.
1.1.2 M hnh truyn tin mt c bn
Hnh v 1.1: M hnh truyn tin bo mt
Chng ta xem xt m hnh c bn ca bi ton truyn tin mt. Khc vi quan
nim truyn tin thng thng, m hnh ny a thm vo cc yu t mi, l khi
nim k ch n giu. V vy gii php chng li l s a vo cc khi x l m ho
(encryption) v gii m (decryption).
Cc hot ng c bn c tm tt nh sau. Ngi pht S (sender) mun gi
mt thng ip (message) X ti ngi nhn R (receiver) qua mt knh truyn tin
(communication channel). K th E (enenmy) ly/nghe trm thng tin X. Thng tin X
l dng c c, cn gi l bn r (plaintext). bo mt, S s dng mt php bin
i m ho (encryption), tc ng ln X, ch bin ra mt bn m Y (cryptogram,
hay ciphertext), khng th c c. Ta ni bn m Y che giu ni dung ca bn r
X bn u. Gii m (decryption) l qu trnh ngc li cho php ngi nhn thu c
bn r X t bn m Y.
Sender S Receiver R
Enemy E Key Z
Y Y=EZ(X)
Key Z
X=DZ(Y)
4
bo mt, cc khi bin i sinh v gii m l cc hm ton hc vi tham s
kho (key). Kha l thng s iu khin m s hu kin thc v n thng thng l
hn ch. Thng thng kho (Z) ch c bit n bi cc bn tham gia truyn tin S v
R.
S m hnh ni trn cng th hin mt iu ht sc c bn l ton b tnh bo
mt ca c ch ph thuc vo tnh mt ca kha, ch khng phi l tnh mt ca thut
ton hm sinh hay gii m (encryption v decryption). iu ny c khng nh trong
Lut Kirchoff, mt gi thit c bn ca mt m: Ton b c ch sinh m v gii m
ngoi tr thng tin v kho l khng b mt vi k th. iu ny i ngc vi suy lun
n gin ca a phn nhng ngi bn ngoi lnh vc. H thng cho rng cc thut
ton mt m cn c gi b mt c bit m bo an ton cho h thng.
Nh vy kha gi vai tr trung tm trong m hnh truyn tin mt. Nhng quan
nim v t chc qun l kha khc nhau s em n nhng h thng mt m c tnh
nng c th ht sc khc nhau. Sau y chng ta s xem xt hai h loi h thng mt
m c bn trong quan nim t chc v s dng kha l kh tng phn.
1.1.3 H thng mt m i xng (Symmetric Key Cryptosystem -
SKC).
Loi h thng ny cn gi l h mt m kha b mt (Sycret Key Crytosystem) .
Trong m hnh ca h thng ny, kha ca hai thut ton sinh m v gii m l
ging nhau v b mt i vi tt c nhng ngi khc; ni cch khc, hai bn gi v
nhn tin chia s chung mt kha b mt duy nht. Vai tr ca hai pha tham gia l ging
nhau v c th nh i vai tr, gi v nhn tin, cho nn h thng c gi l m ha
i xng. Chng ta s s dng k hiu vit tt theo ting Anh l SKC.
H thng mt m kha b mt i xng c nhng nhc im ln trn phng
din qun l v lu tr, c bit bc l r trong th gii hin i khi lin lc qua
Internet rt pht trin. Nu nh trong th gii trc kia lin lc mt m ch hn ch
trong lnh vc qun s hoc ngoi giao th ngy nay cc i tc doanh nghip khi giao
dch qua Internet u mong mun bo mt cc thng tin quan trng. Vi h thng kha
b mt, s lng kha b mt m mi cng ty hay c nhn cn thit lp vi cc i tc
khc c th kh ln v do rt kh qun l lu tr an ton cc thng tin kha ring
bit ny.
Mt kh khn c th khc na l vn xc lp v phn phi kha b mt ny
gia hai bn, thng l ang xa nhau v ch c th lin lc vi nhau qua mt knh
truyn tin thng thng, khng m bo trnh c nghe trm. Vi hai ngi xa
cch nhau v thm ch cha tng bit nhau t trc th lm sao c th c th thit lp
5
c mt b mt chung (tc l kha) nu khng c mt knh b mt t trc (m iu
ny ng ngha vi tn ti kha b mt chung)? C v nh chng c cch no ngoi s
dng thn giao cch cm hai ngi nay c th trao i, thit lp mt thng tin b
mt chung?
y l mt thch thc ln i vi h thng mt m kha i xng. Tuy nhin
c gi s thy cu hi ny c th c tr li bng giao thc mt m thit lp kha m
s c gii thiu cc chng sau ny.
1.1.4 H thng mt m kha cng khai hay phi i xng (Public Key
Cryptosystem PKC).
tng v cc h thng mt m loi ny mi ch ra i vo gia nhng nm
by mi ca th k 20. Khc c bn vi SKC, trong m hnh mi ny 2 kha ca
thut ton sinh m v gii m l khc nhau v t thng tin kha sinh m, mc d trn l
thuyt l c th tm c kha gii m (c th th vt cn) nhng kh nng thc t ca
vic ny l hu nh bng khng (bt kh thi v khi lng tnh ton). Chng ta s lm
quen c th vi m hnh ny trong chng 3.
tng mi ny cho php mi thc th c nhn cng ty ch cn to ra cho
mnh mt cp kha, vi hai thnh phn:
Thnh phn kha cng khai, c th ng k ph bin rng khp, dng sinh m
hoc xc thc ch k in t (c th trong chng 3).
Thnh phn kha b mt, ch dnh ring cho bn thn, dng gii m hoc to ra
ch k in t.
Ch vi cp kha ny, thc th ch c th giao dch bo mt vi qung i x
hi, trong vic qun l v lu tr c th c t chc cht ch m vic phi t nh
thng tin mt l ti thiu (ging nh vic ch nh 1 mt khu hay mt s PIN ti khon
ngn hng).
1.1.5 nh gi tnh bo mt ca cc h mt m.
Cc thut ton, h thng mt m c bit n trn th gii l khng t. Lm sao
ta c th nh gi c tnh an ton, hay tnh bo mt ca mi mt h m t ra?
Trn c s no chng ta c th thit lp nim tin nhiu hoc khng nhiu vo mt h
m no ?
Ta c th kt lun mt h m mt l khng an ton (insecure), bng vic ch ra
cch ph n trong mt m hnh tn cng (khi nim s gii thiu sau y) ph bin,
trong ta ch r c cc mc tiu v ATBM (security) khng c m bo ng.
Tuy nhin kt lun rng mt h m l an ton cao th cng vic phc tp hn nhiu.
6
Thng thng, ngi ta phi nh gi h mt m ny trong nhiu m hnh tn cng
khc nhau, vi tnh thch thc tng dn. c th khng nh tnh an ton cao, cch
lm l tng l a ra mt chng mnh hnh thc (formal proof), trong ngi ta
chng minh bng cng c ton hc l tnh ATBM ca h m ang xt l tng ng
vi mt h m kinh in, m tnh an ton ca n khng nh rng ri t lu.
Nh ni trn, ngi ta ph nh tnh an ton ca mt h m mt thng qua
vic ch ra cch ph c th h m ny trn mt m hnh tn cng (attack model) c th.
Mi m hnh tn cng s nh ngha r nng lc ca k tn cng, bao gm nng lc ti
nguyn tnh ton, loi thng tin m n c kh nng tip cn khai thc v kh nng
tip xc vi my mt m (thit b phn cng c ci t thut ton sinh v gii m). Cc
m hnh tn cng thng c sp xp theo th t mnh dn ca nng lc k tn cng.
Nu mt h mt m b ph v trong mt m hnh tn cng cn bn (nng lc k tn
cng l bnh thng) th s b nh gi l hon ton khng an ton. Sau y l mt s
m hnh tn cng ph bin.
Tn cng ch-bit-bn-m (ciphertext-only attack). y k ch E ch l mt
k hon ton bn ngoi, tm cch nghe trm trn ng truyn ly c cc gi tr
Y, bn m ca thng tin gi i. Mc d k ch E ch bit cc bn r Y, nhng mc tiu
n hng ti l khm ph ni dung mt/nhiu bn r X hoc ly c kha mt Z
(trng hp ph gii hon ton). y l m hnh tn cng cn bn nht trong k
ch khng c nng lc quan h c bit (nh mt s hnh thc tn cng sau), din
thng tin tip xc ch l cc bn m. R rng nu mt h m m khng ng vng
c trong m hnh ny th phi nh gi l khng ng tin cy.
Tn cng bit-bn-r (known-plaintext attack). Mc d tn gi hi d hiu
nhm, thc cht trong m hnh ny ta ch gi thit l E c th bit mt s cp X-Y (bn
r v bn mt tng ng) no . Nguyn nhn E thu c c th hon ton tnh c
hoc nh mt vi tay trong l nhn vin thp cp trong h thng. Tt nhin mc tiu
ca E l khm ph ni dung cc bn r quan trng khc v/hoc ly c kha mt. R
rng m hnh tn cng ny lm mnh hn so vi tn cng ch qua bn m: Vic bit
mt s cp X-Y s lm b sung thm u mi phn tch; c bit t by gi E c th
dng php th loi tr vt cn khng gian kha (exshautive key search) v tm ra
kha ng tc l sao cho Enc (K,X)=Y.
Tn cng bn-r-chn-sn (chosen-plaintext attack). Trong m hnh ny, khng
nhng E thu nht c mt s cp X-Y m mt s bn r X do bn thn E son ra
(chosen plaintext). iu ny thot nghe c v khng kh thi thc t, tuy nhin ta c th
tng tng l E c tay trong l mt th k vn phng ca cng ty b tn cng, ngoi
7
ra do mt qui nh my mc no tt c cc vn bn d quan trng hay khng u
c truyn gi mt m khi phn pht gia cc chi nhnh ca cng ty ny. C th nhn
xt thy rng, vic c t chn gi tr ca mt s bn r X s thm nhiu li ch cho E
trong phn tch quan h gia bn m v bn r t ln tm gi tr kha.
Mt cch tng t, ngi ta cng s dng m hnh tn cng bn-m-chn-sn
(chosen-ciphertext attack) trong k ch c th thu nht c mt s cp X-Y m Y
l gi tr c thit k sn. Trong thc t iu ny c th xy ra nu nh k ch c th
truy nhp c vo my mt m 2 chiu (c th s dng vi c 2 chc nng l sinh m
v gii m). Tt nhin c hai dng tn cng rt mnh ni trn k th u c th khn
ngoan s dng mt chin thut thit k bn r (hay bn m) chn sn theo kiu thch
nghi (adaptive), tc l cc bn r chn sau c th thit k da vo kin thc phn tch
da vo cc cp X-Y thu nht t trc.
nh gi tnh an ton ca mt h m mt (khi p vo 1 hay 1 s m hnh
tn cng c th) ngi ta c th p dng mt trong cc m hnh nh gi vi cc mc
mnh n yu di y:
Bo mt v iu kin (unconditional security): y l m hnh nh gi ATBM
mc cao nht, trong v iu kin c hiu theo ngha ca l thuyt thng tin
(information theory), trong cc nim v lng tin c hnh thc ha thng qua
cc php ton xc sut. Trong m hnh ny, k ch c coi l khng b hn ch v
nng lc tnh ton, tc l c th thc hin bt k khi lng tnh ton cc ln no t
ra trong khong thi gian ngn bt k. Mc d c nng lc tnh ton siu nhin nh
vy, m hnh ny ch gi thit k tn cng l ngi ngoi hon ton (tc l ng vi m
hnh tn cng ch-bit-bn-m). Mt h mt m t c mc an ton v iu kin, tc
l c th ng vng trc sc mnh ca mt k ch bn ngoi (ch bit bn m) c
kh nng khng hn ch tnh ton, c gi l t n b mt tuyt i (perfect
secretcy).
Mt cch khi qut, vic nghe trm c bn m n gin l ch cung cp mt
lng kin thc zero tuyt i, khng gip g cho vic ph gii m ca k ch. Vic
bit bn m khng em li cht u mi g cho kh nng ln tm ra kha ca h m.
Bo mt chng minh c (provable security): y cng l mt m hnh nh
gi mc rt cao, l tng trong hu ht cc trng hp. Mt h mt m t c mc
nh gi ny i vi mt mo hnh tn cng c th no , nu ta c th chng mnh
bng ton hc rng tnh an ton ca h mt l c qui v tnh NP-kh ca mt bi
ton no c bit t lu (v d bi ton phn tch ra tha s nguyn t, bi ton
8
ci ti, bi ton tnh logarit ri rc ...). Ni mt cch khc ta phi chng minh c l
k th mun ph c h m th phi thc hin mt khi lng tnh ton tng ng
hoc hn vi vic gii quyt mt bi ton NP-kh bit.
Bo mt tnh ton c, hay bo mt thc tin (computational security hay
practical security): y l mt trong nhng mc nh gi thng c p dng nht
trong thc t (khi nhng mc bo mt cao hn c cho l khng th t ti). Khi
nh gi mc ny vi mt h m c th, ngi ta lng ha khi lng tnh ton t
ra c th ph h m ny, s dng kiu tn cng mnh nht bit (thng km theo
l m hnh tn cng ph bin mnh nht). T vic nh gi c khi lng tnh
ton ny cng thi gian thc hin (vi nng lc k ch mnh nht c th trn thc t),
v so snh vi thi gian i hi m bo tnh mt trn thc t, ta c th nh gi h m
c t an ton thc tin cao hay khng. i khi, c s nh gi cng da vo mt bi
ton kh no mc d khng a ra c mt chng minh tng ng thc s.
V d: Gi thit mt h m X c s dng m mt cc loi vn bn hp ng
c gi tr s dng trong 2 nm. Nu nh k ch c nng lc tnh ton mnh nht c th
cng phi mt thi gian n 20 nm ph c (chng hn s dng ton b lc lng
tnh ton ca cc cng ty IT ln nh Microsoft hay Google), h m X ny c th c
nh gi l m bo mc an ton thc tin.
Bo mt t tc (ad hoc security): Mt s h mt m ring c mt s cng ty
hoc c nhn t ch phc v mc ch c bit dng ni b. Tc gi loi h mt m
c th s dng nhng lp lun nh gi hp l nht nh da trn vic c on khi
lng tnh ton ca k ch khi s dng nhng tn cng mnh nhn bit v lp lun
v tnh bt kh thi thc tin thc hin. Mc d vy h mt m ny vn c th b ph
bi nhng tn cng c th tn ti m cha c bit ti n thi im ; v vy, thc
t bo mt mc ny hm ngha khng c mt chng minh m bo thc s, nn
khng th coi l tin cy vi i chng.
1.2 MT S H MT M C IN
Vic nghin cu cc h m mt (cipher) c in l cn thit qua chng ta
c th lm quen vi cc nguyn tc c bn trong thit k v phn tch cc h mt m
ni chung.
1.2.1 Mt m mt bng th (Monoalphabetic cipher)
y thut ton da trn php hon v trong mt bng ch ci alphabet.
9
V d 1.1. Mt cipher da trn mt bng hon v ca ting Anh nh sau
a b c d e ... x y z
F G N T A ... K P L
Qua bng bin i c th thy a F, bG Qua s c
Plaintext: a bad day
Ciphertext: F GFT TFP
Nh vy kho trong mt cipher loi ny l mt bng hon v (A F, bG, ...,
zL) nh trn, hoc biu din ngn gn hn l bngdng th hai ca php bin i
ny, tc l FGNT..PL. Dng th nht ca bng bin i ny l bng ch ci gc, v n
l c nh nn khng c tnh ti trong kho. Dng th hai, c gi l bng thay th
(substitution alphabet).
Ch rng khng nht thit phi dng mt bng ch ci m ta c th dng bt
c mt th bng k hiu no .
V d 1.2. y bng ch bn r, plaintext alphabet, l mt tp hp ca
cc xu nh phn vi di l 3.
Bng bin i:
p.text 000 001 010 011 100 101 110 111
c.text 101 111 000 110 010 100 001 011
Do xu nh phn plaintext 100101111 s c m ho thnh 010100011.
gii m mt bn r nhn c t thut ton mt m trn, ngi c bn m
ciphertext cn bit kha, do yu cu mt giao thc v trao kho. n gin nht c
th thc hin l ngi gi tin ghi kho ra a v chuyn a cho ngi nhn. R rng
cch lm ny n gin nhng thc t khng an ton. Trong thc t ngi ta s dng
nhiu giao thc phc tp v tinh vi hn.
Nu nh k th khng bit c kho th liu chng c th on c khng ?
Hin nhin l iu ph thuc vo s lng kho c th c ( ln ca khng gian
kho c th c). Nu kch thc ca bng alphabet l N th s kho c th l N! =N(N-
1)...1 v c tnh xp x theo cng thc:
N! (2n)1/2
(n/e)n
Cho N=26, ta c N!=26!926
.
Ch rng, s lng bit c chuyn mt ny c gi l chiu di ca kho.
10
V d 1.3. Chiu di kho ca mt cipher loi ang xt l 26*5=130
bits, chnh l s lng bit tin cn dng chuyn i dng th hai trong bng
chuyn v trn. (Dng th nht c ngm nh l ABC..XYZ, nn khng
cn chuyn).
Ch : Khng phi tt c cc cipher nh trn l che giu c ni dung ca thng tin.
V d 1.4: Sau y l mt cipher hu nh khng lm thay i plaintext.
a b c d e ... x y z
A B C D E ... X Z Y
Mt m cng (Additive cipher) - Mt m Xeda (Ceasar)
Mt m cng (Additive cipher) l mt mt m mt bng th c bit trong ,
php bin i m c biu din thng qua php cng ng d nh sau. Gi s ta gn
cc gi tr t A-Z vi cc s 1-25,0. Th th mt ch plaintext X c th m thnh
ciphertext Y theo cng thc:
Y = X Z,
trong Z l gi tr ca kho, l k hiu php cng ng d modulo 26.
V d 1.5 Xt mt m mt bng th sau y:
a b c d e ... x y z
D E F G H ... A B C
y chnh l mt m Ceasar gii thiu t u chng, trong gi tr
kha l Z=3: D=a 3, E=b 3,... A=x 3, B=y 3, C=z 3
R rng s lng kho c th dng c ch l 25 v s lng bt cn thit cho
vic chuyn kho l 5 (24
< 25
11
Bng th cng c th c xy dng t php nhn ng d ca ch ci trong
bng gc vi gi tr ca kha:
Y=XZ
Trong l php nhn ng d vi modul 26.
Tuy nhin ch rng khng phi tt c cc gi tr t 1-25 u c th l kho m
ch cc gi tr nguyn t cng nhau vi 26, tc l cc s l tr 13. Do ch c 12 kho
c thy m thi.
V d 1.6. Nu ta dng kha Z=2
2 1 = 2 mod 26 tc l b c.
nhng 2 14 = 2 mod 26 tc l o c
R rng kho 2 khng tho mn, v khng to ra nh x 1-1 t bng ch gc
sang bng thay th. S kin ng thi c bc, v oc s lm cho ta khng th gii m
ciphertext c.
tng s lng kho c th, ngi ta c th kt hp c additive cipher v
multiplicative cipher to ra afine cipher:
Y = X Z
X, Y, Z { 0,1,2,3,...25}
{ 1,3,5,7,9,11,15,17,19,21,23,25}
Qua nhng kho st trn ta c th d dng thy cc dng c bit ca mt m
bng th (trong php bin i mt m l mt hm ton hc n gin) l khng an
ton ngay c vi tn cng tm kim vt cn. Tuy nhin mt m mt bn th tng qut,
s dng mt hon v bt k trn bng ch ci gc, c khng gian kha l thng l
ln chng li bt k k ch no (ngay c trong th gii hin i) ch dng tn cng
vt cn -- c th l vi bng ch ci ting Anh (26 ch), s lng hon v c th (tc s
lng kha cn vt cn) s ln ti 26!926
!
Trong thi k thin nhin k u tin (trc nm 1000), mt m mt bng th
c coi l khng th ph c. Tuy nhin sau , cc nh nghin cu thi dn
dn tm ra phng php ph gii tt hn vic th vt cn khng gian kha; phng
php ny da trn nhng quan st mang tnh thng k, chng hn v s xut hin
khng ng u ca cc ch ci trong ngn ng t nhin.
12
1.2.2 Phn tch gii m theo phng php thng k ( Statistical
cryptanalysis)
D dng quan st mt c tnh ca ngn ng t nhin l s xut hin (tn xut)
khng u ca cc ch ci c dng khi din t mt ngn ng.
V d 1.7 Hy theo di mt on vn bn sau y trong ting Anh.
THIS IS A PROPER SAMPLE FOR ENGLISH TEXT. THE FREQUENCIES
OF LETTERS IN THIS SAMPLE IS NOT UNIFORM AND VARY FOR
DIFFERENT CHARACTERS. IN GENERAL THE MOST FREQUENT LETTER IS
FOLLOWED BY A SECOND GROUP. IF WE TAKE A CLOSER LOOK WE WILL
NOTICE THAT FOR BIGRAMS AND TRIGRAMS THE NONUNIFORM IS EVEN
MORE.
y ta d dng thy tn sut xut hin ca ch ci X v A: fx=1 v fA=15.
Khi qut hn, trong ting Anh cn c vo tn xut xut hin ca cc ch ci
trong vn vit, ta c th chia 26 ch ci thnh 5 nhm theo th t t hay dng hn n
t dng hn nh sau:
I: e
II: t,a,o,i,n,s,h,r
III: d,l
VI: c,u,m,w,f,g,y,p,b
V: v,k,j,x,q,z
Vi nhng quan st tng t p dng cho cc cp (bigrams) hay b ba ch
(trigram), ngi ta thy tn xut cao nht ri vo cc cm ph bin sau:
Th, he, in, an, re, ed, on, es, st, en at, to
The, ing, and, hex, ent, tha, nth, was eth, for, dth.
Ch : Nhng quan st ny c phn nh trn chnh on vn bn v d ting
Anh trn. Nhng quan st ny ch ng vi ting Anh v nh vy ting Vit ca
chng ta s c qui lut khc.
Sau khi c cc quan st nh trn, ngi ta c th dng phng php on ch
v gii m da trn vic thng k tn xut xut hin cc ch ci trn m v so snh vi
bng thng k quan st ca plaintext. V d sau y s minh ha c th phng php
ny
13
V d 1.8 Gi s ta thu c mt on m mt bng th nh sau v cn phi gii
tm kha ca n.
YKHLBA JCZ SVIJ JZB TZVHI JCZ VHJ DR IZXKHLBA VSS RDHEI DR YVJV
LBXSKYLBA YLALJVS IFZZXC CVI LEFHDNZY EVBLRDSY JCZ FHLEVHT
HZVIDB RDH JCLI CVI WZZB JCZ VYNZBJ DR ELXHDZSZXJHDBLXI JCZ
XDEFSZQLJT DR JCZ RKBXJLDBI JCVJ XVB BDP WZ FZHRDHEZY WT JCZ
EVXCLBZ CVI HLIZB YHVEVJLXVSST VI V HXXIKSJ DR JCLI HZXZBJ
YZNZXDFEZBJ LB JZXCBDSDAT EVBT DR JCZ XLFCZH ITIJZEIJCVJ PZHZ
DBXZ XDBILYXHZYIZKHZ VHZBDP WHZVMVWSZ.
on m trn bao gm 338 ch, thng k tn xut nh sau:
Letter: A B C D E F G
Frequency: 5 24 19 23 12 7 0
Letter: H I J K L M N
Frequency: 24 21 29 6 21 1 3
Letter: O P Q R S T U
Frequency: 0 3 1 11 14 8 0
Letter: V W X Y Z
Frequency: 27 5 17 12 45
Quan st Z l ch m c tn sut ln hn hn cc ch ci cn li nn rt ra:
e Z (tc l bn r ca m Z phi l e)
Quan st nhng ch m c tn sut cao tip theo fj = 29, fv = 27
ng thi ch n b ba jcz c tn sut cao, d thy
fjcz = 8 t J, h C
(suy lun jcz chnh l t bn r the)
Ngoi ra tip tc quan st ta s thy mt s pht hin d nhn:
a V (ng ring, mo t a)
Lit k nhm II gm cc ch m c tn sut xut hin cao (nhm 1 l ch gm
Z)
J,V,B,H,D,I,L,C ng vi bn r ca nhm II: {t,a,o,i,n,s,h,r}
t,a h
Quan st thy c mt cm 3 l JZB ( teB), ta s tm nt bn r ca B bng
cch n gin sau: thay th cc kh nng nhm 2 ca B vo cm ny:
Teo
Ten
14
JZB = te ? ter n B
The
Tes
Tng t ta thc hin mt s quan st v suy on khc
VI = a ? as
an s I (n c B ri)
VHZ = a ?e ate
are r H (t c J ri)
JCLI = th?s i L,
Cui cng cn li trong nhm II: o D
A b C d e F g h i j
V Z C L
K l M n o P q r s t
B D H I J
U v W x y z
Tip tc phn tch nh cc cm t (bn m) tng i ngn:
DBXZ = on?e c X
WZZB = ?een = b W
YVJV = ?ata d Y
Tuy nhin cng c trng hp khng chc chn:
on: loi v n B ri
DR = o ? of:
or: loi v rH ri
ox :
Nhng cha r rng: f, x R
Tip tc mt s lun on:
WT = b ? y T
BDP = no ? w P
By gi t u tin s l
YKHLBA = d-rin-
u K, g A
R rng qua v d trn ta thy h mt m mt bng th c th kh d dng b ph
khi n vn tip tc bo tn trong bn m nhng qui lut ngn ng trong bn r.
15
Nhng qui lut ny biu hin bng nhng c th thng k thu c khi phn tch mi
ngn ng t nhin.
Mt cch tng qut, mt h m mt tt cn phi trnh khng cho cc qui lut
thng k trong ngn ng vn bn r bo tn mt hnh thc no trong bn m. Mt
cch l tng, cc bn m ca mt h m tt s khng th phn bit c bng thng
k khi vi mt m sinh ngu nhin.
1.2.3 Phng php bng phng ho th tn sut
Khong u thin nhin k th hai, mt m mt bng th b ph v cc nh
khoa hc dn ngh n cc nguyn tc thit k m tt hn, nhm trnh bo tn cc
qui lut thng k t TIN sang M (bn r sang bn m). Ta s xem xt mt s m nh
vy sau y.
M vi bng th ng m (homophonic substitution ciphers)
Trong cc cipher loi ny, nh x ch ci TIN- M khng cn l 1-1 na m l
mt-nhiu. Tc l mi ch ca bng ch ci tin s c m ho thnh 1 ch trong 1 tp
con cc ch m no . Mi ch m trong tp con ny c gi l homophone, tm
dch l ng m.
VD1.9
Ch tin ng m
A 17 11 25 64 2 19 4 31
I 22 95 14 21 79 54
L 12 93 71
N 64 13
O 65 28 15
P 23 73 36 53 20
T 41
E 64 7 8 47 ... (15 ng m)
... ...
Nh vy c th thy y l mt bng bin i t ch tin sang ng m m.
Tin P L a I n p i l o t
M 27 12 11 53 64 36 79 71 15 41
Thng thng ngi ta b tr s lng ng m ng vi mi ch tin t l vi tn
xut xut hin ca ch trong ngn ng t nhin. V vy th tn xut ca cc ch
16
ci trong bn m s tr nn bng phng. Mc d cc cipher loi ny l kh ph hn
nhng chng li b tng thm d tha so vi tin gc.
S dng nhiu bng th (m a bng th)
VD 1.10
Xt mt h m n gin vi bng ch gm 4 ch ci {a,b,c,d}
Gi s tn xut xut hin ca mi ch trong ngn ng nh sau:
Pa = 0.5, Pb =0.05, Pc = 0.2, Pd = 0.25
Ta dng hai bng th v mt chui kha quyt nh th t ha trn hai bng
th ny.
Bng th 1
P.text alph a b c d
C.text alph B
D A C
Bng th 2
P.text alph a b c d
C.text alph D B C D
To m bng phng php trn 2 bng th theo kha 12
X : aba cada da ca baa
Z : 121 2121 21 21 212
Y : BBB CBAB AB CB BBD
v d trn ngi ta ho trn hai bng th lin tc k tip nhau. Nh phn
b tn xut xut hin ca cc ch m s b thay i so vi tin v bng phng hn.
M a bng th (polyalphabetic cipher):Trong h m th loi ny, ngi ta dng
nhiu bng th theo phng php va gii thiu trn.
Ta s xt mt h cipher c in ni ting loi ny sau y.
1.2.4 Vigenere cipher
Trong Vigenere Cipher, ngi ta dng tt c 26 bng th l s thu c t bng
gc ch ci ting Anh m dch i t 0-25 v tr. S ho trn ny c quy lut hon ton
xc nh bi kho. Mi ch ca kho s xc nh mi bng th c dng.
a B c d e f g h i j k l m n o p q r s t u V
17
0 A B C D E F G H I J K L M N O P Q R S T U V
1 B C D E F G H I J K L M N O P Q R S T U V W
2 C D E F G H I J K L M N O P Q R S T U V W X
3 D E F G H I J K L M N O P Q R S T U V W X Y
4 E F G H I J K L M N O P Q R S T U V W X Y Z
5 F G H I J K L M N O P Q R S T U V W X Y Z A
6 G H I J K L M N O P P R S T U V W X Y Z A B
... ...
2
4
Y Z A B C D E F G H I J K L M N O P Q R S T
2
5
Z A B C D E F G H I J K L M N O P Q R S T U
V d 1.11 Keyword : r a d i o r a d i o r a
Plaintext : c o d e b r e a k i n g
Ciphertext : T O G M P I E D S W E G
Nh v d trn, tt c cc ch ng v tr chia 5 d 1 trong plaintext s c
m ho bi bng th R (a thnh R). Tt c cc ch tin ng v tr chia 5 d 2 trong
TIN s c m ho bi bng th A, vv...
Mc d c th lm bng phng tn xut rt tt, mt m a bng th ni chung,
Vigenre ni ring, vn c th ph gii c.
Phng php gii m Vigenere.
tng ca phng php ny gm 3 bc nh sau:
1. i tm chu k p ( di kho)
2. Chia tch M thnh p on phn m, mi on bao gm cc ch v tr kp+i
(k=1,2,3 ... ; i=0,p-1), tc l c m ho theo bng th vi ch kho ch s i.
3. Dng phng php mt bng th bit gii tng on phn m (c th l
vi m Vigenere ch cn mt php dch ng)
Ngi ta s dng khi nim IC (Index of Coincidence) tnh chu k p.
Theo nh ngha, IC xc nh qua cng thc:
25
i=0 fi (fi -1)
IC = -----------------
n(n-1)
Trong f l xc xut ca php th - nht ra 2 con ch ngu nhin bt k t
trong mt on vn bn - thu c cng mt ch cho trc.
18
S bng th (p) 1 2 3 4 5 ... 10
IC 0.068 0.052 0.047 0.044 0.043 ... 0.041
IC ca vn bn ting Anh (p=1) t gia tr 0.068. Khi qua m ho, IC s gim
dn i khi tng dn s lng bng th (hay tng chiu di kho). Qua ta thy IC th
hin khng ng u ca cc tn xut xut hin cc ch ci. Trong vn bn gc,
khng ng u (li lm) l ln nht nn IC l ln nht. Cn khi m ho vi nhiu
bng th, th tn xut c lm "bng phng ho" nn tt nhin IC gim i.
Phng php thc hnh
1. t k=1
2. Kim tra xem p c phi nhn gi tr k hay khng.
2.a. Chia M thnh k phn m v tnh IC ca cc phn m.
2.b. Nu nh chng u xp x nhau v u xp x 0.068 th p=k
Nu chng khc nhau nhiu v nh hn nhiu so vi 0.068 th p>k
3. Tng k ln mt n v v lp li bc 2.
1.2.5 One-time-pad (Vernam cipher)
Mt m One-time-pad c xut bi G. Vernam (1917); sau c
chng minh l m bo b mt tuyt i (perfect secretcy - 1949). Nh tn gi ca n,
trong One-time-pad kha c vit trn 1 bng (tape) di, v s dng ng 1 ln. ng
thi chui kha l chui vn bn sinh ngu nhin, c di bng vn bn s dng hoc
19
hn. Thao tc m ha n gin l php dch theo bng th ng vi ch kha tng ng
hoc XOR nu x l theo chui nh phn.
Sinh m: Y = X + Z (mod 26)
Gii m : X = Y - Z (mod 26)
V vy, One-time-pad c th coi l m Vigenere vi kha l mt chui ngu
nhin c di ng bng vn bn, nh v d sau s cho thy
VD 1.12
X: x n t f u h b z t
Z: A s u n n y d a y
Y: Y G O I I G F A S
y A c hiu l dch 1 nn X+A=Y
Ch rng kha ch c dng ng mt ln, tc l vt b sau khi dng. Nu
dng li th khng cn m bo an ton na.
20
CU HI V BI TP M RNG
Phn bit cc thut ng cryptography, cryptanalysis v cryptology. Khoa hc mt
m l tng ng vi thut ng ting Anh no?
Trong thi k no, k thut mt m cha c coi l mt ngnh khoa hc? Ti
sao?
Hy phn bit cc h bin i m thng thng (Morse code, ASCII code) vi cc
h mt m.
Hy phn tch ngha ca Lut Kirchoff thy ti sao mt m hin i khng
chp nhn quan im cn che giu thut ton mt m.
Phn tch nhng nhc im chnh ca nguyn l h mt m i xng (SKC).
u im chnh ca mt m kha cng khai (PKC) so vi SKC?
Gii thch thut ng tn cng bit-bn-r (known-plaintext attack) v ly v d
nhng tnh hung thc t lm c s cho hnh thc tn cng ny.
Ti sao hnh thc tn cng bn-r-chn-sn (chosen-plaintext attack) c xem l
mnh hn so vi tn cng bit-bn-r.
Khi nim b mt tuyt i (perfect secretcy) c gn lin vi m hnh tn cng
no? Ti sao?
Phn bit bo mt chng minh c (provable security) v bo mt thc tin
(practical security).
Tm s lng kha thc s dng c vi mt m nhn tnh. Hy lp lun chi tit.
Hy tm (v a lp lun chi tit) s kha kh thi ca mt m affine.
Ti sao khng th ni mi kha ca mt m mt-bng-th u an ton nh nhau?
Ti sao ta khng th s dng quan h th t trong cng mt nhm tn sut trong
phn tch gii m? Gii thch qua v d.
Ti sao ni qui lut tn xut khng ng u chi phi mnh m hn cc t c
di ln hn?
Hy gii ti cng mt m trong v d 1.8 v dch ngha bn r sang ting Vit.
Hy gii thch ti sao th tn xut ca cc mt m ng m li bng phng v ti
sao m li c d tha?
Hy so snh IC ca mt bn r M v IC ca mt m ngu nhin R c cng di.
Lp lun gii thch cht ch.
21
Trong qu kh c nhiu ngi mun s dng One-time-pad vi kha chn t
mt quyn sch m hai bn nhn v gi u c (mi ln m li chn li kha). Nh
vy c m bo tnh b mt tuyt i?
Ti sao c th ni mt m one-time-pad l mt trng hp c bit ca mt m
Vigenere? C th ni g v IC ca mt m one-time-pad
Phn c thm
1.3 L THUYT V S B MT TUYT I (SHANNON)
1.3.1 B mt tuyt i l g?
Ti sao chng ta ni mt m One-time-pad m bo b mt tuyt i?
Claude Shannon tr li nhng cu hi ny trong mt cng trnh khoa hc
t nn mng cho ngnh khoa hc mt m hin i (Communication Theory of Secrecy
Systems, 1949). Trong phn ny, chng ta s lm quen vi cc khi nim c bn quan
trng ny.
Nh ni kho st v phn tch cc h mt m, trc ht ta cn nh ngha
m hnh tn cng p dng. y, chng ta s dng m hnh tn cng thng thng v
khi qut nht, m hnh ch-bit-bn-m (ciphertext-only attack), trong k tn cng
Eve l ngi bn ngoi hon ton nn ch c kh nng nghe trm ng truyn. Khi
nim mt h mt m t c b mt tuyt i c hiu l h mt m ny ng vng
trong m hnh tn cng ch-bit-bn-m d k ch Eve mnh n u: tc l c th gi
s rng Eve c phng tin cc k hng hu (coi nh v hn) c th tin hnh c
bt c php tm kim vt cn khng gian kha (hu hn) no trong khong thi gian
ngn ty .
Tt nhin ta phi gi thit rng Eve c th thu c (nghe trm) mt bn m c
di ty c th dng phn tch tm ra kha mt m. Yu t di bn m nghe
trm c l rt quan trng. Cc h mt m d khng an ton vn c th khng b ph
hon ton, tc l Eve khng th tm c kha ng duy nht, nu nh di bn m
b nghe trm l khng di phn tch. Cc v d sau y s minh ha r iu ny.
Gi s Eve nghe trm mt bn m (cryptogram) Y c to ra t mt h m ha
mt bng th. tm bn r tng ng, Eve c th s dng tm kim th - vt cn
khng gian kha (eshautive key search). Vi Y ngn ta c th tm c nhiu bn r X
22
cng c th to ra m Y vi kha khc nhau tng ng (cc php th khc nhau). V d
ta c on m sau:
AZNPTFZHLKZ
Ta c th to ra t nht l 2 on bn r tng ng bng 2 bng th nh sau:
V d 1.13:
Bng th mt
a B c d E f g h i j k l m n o p q r s t u v w x y z
K B C D T E G I J M O L A Q R H S F N P U V W X Z Y
Bng th hai
a B c d E f g h i j k l m n o p q r s t u v w x y z
L P H N Z K T A F E
Do cng on m ny s c 2 bn r tng ng vi 2 bng th trn:
M: A Z N P T F Z H L K Z
Bn r 1: m y s t e r Y p l a y
Bn r 2: r e d b l u e c a k e
C hai chui mysteryplay v redbluecake u c th gi nh l 2 thng
ip c ngha hp l ( loi b bt du trng)
V d 1.14.
Vi M HLKZ c th d dng tm ra 4 TIN tng ng: Vi M HLKZ
c th d dng tm ra 4 TIN tng ng:
C.text: H L K Z
P.text1: p l a y
P.text2: c a k e
P.text3: m i s t
P.text4: w a s h
bng cc bng th nh sau:
23
a b C d e f g h i j k l m n o p q r s t u v w x y z
K L H Z
L H Z K
L H K Z
(Bng trn b trng nhng k t thay th ging nh gc)
Qua cc v d 1.13-14 c th thy c rng i vi m mt-bng-th, khi bn
m cn tng i ngn th lun lun tn ti cng lc nhiu bn r c ngha tng ng
(vi kho d on tng ng).
Tuy nhin vi bn m c di trn 50 tr ln th s ch c duy nht mt bn r
plaintext tho mn, tc chnh n l bn r (vi kha tng ng) cn tm. Nh vy, nu
nh Eve nh phn tch gii ph m (cryptanalyst) tm c mt on m c
di ln, th ni chung lun lun c th ph c m loi mt-bng th ny.
Trong v d sau y, ta s quan st mt qu trnh c th gii ph m cng tnh.
C 26 kho l 26 kh nng th. Eve s nghe trm v ln lt bt c tng k t m
c pht trn ng truyn. Mi khi nghe c thm mt t m th E tin hnh th
lun c 26 kh nng tm bn r c ngha lun. Khi mi nghe trm c t m u
tin th kh nng ca c 26 kho u ngang nga nhau (xc xut on ng u nh, c
nh hn 0.1), khi nghe trm c t kho 2,3.. th cc xc xut s thay i, hu ht l
tip tc gim i, tr trng hp vi kho 15. Khi nghe c t m 5 th xc sut ng
vi kho 15 s l 1 trong khi cc xc sut khc u l khng; tc l kho 15 l kho
ng (ch consi ng vi n l on u ca mt s t c ngha trong ting Anh nh
consider, consideration...).
V d 1.15. Hy xt mt h m cng vi 26 kha khc bit (y 0 25 v tr). Gi s
ta bt c M = sdchx. Ta s th c 26 kha ph m ny. Bng i y minh
ha php th vt cn ny, vi n l di on m b tm tnh n thi im tng
ng.
Shift Decruption N = 1 n = 2 n = 3 n = 4 n = 5
0 rdchx 0.060 0.070
25 sediy 0.063 0.257 0.427 0.182
24 tfejz 0.091 0.003
23 ugfka 0.28 0.052
24
22 vhglb 0.010
21 wihmc 0.024 0.128
20 xjind 0.002
19 ykjoe 0,020
18 zlkpf 0.001 0.001
17 amlqg 0.082 0.072 0.004
16 bnmrh 0.015
15 consi 0.028 0.202 0.515 0.818 1
14 dpotj 0.043
13 eqpuk 0.127 0.044
12 frqvl 0.022 0.058
11 gsrwm 0.020 0.015
10 htsxn 0.061 0.052 0.046
9 iutyo 0.070 0.001
8 jvuzp 0.002
7 kwvaq 0.008
6 lxwbr 0.040
5 myxcs 0.024 0.028
4 nzydt 0.067 0.028
3 oazeu 0.075 0.014
2 pbafv 0.019
1 qcbgw 0.001
Phn sau y s trnh by mt nh ngha tng i cht ch v khi nim b mt tuyt
i.
1.3.2 Khi nim b mt tuyt i
Qua v d 1.15 trn, d thy rng khi di on m nghe trm tng ln th phn
phi xc xut ca tnh kh thi ca mi ng c vin bn r/kha s thay i lin tc: hu
ht cc xc sut s gim v ch c mt s tng ( tr thnh 1 sau ny). iu ny r
rng cho thy tnh khng an ton ca mt m. Ngc li, n cho tm mt cm nhn v
mt m an ton: phn phi xc sut ca cc ng vin bn r phi thay i t hoc khng
thay i khi Eve thu nhn thm cc on m nghe trm c. Vy, khi nim b mt
tuyt i c th c nh ngha nh sau.
Trong h thng m bo b mt tuyt i, bn m b tit l cho k th khng h
em li mt ngha no cho phn tch tm kha ph m. S kin nghe trm bn m (c
di bt k) s khng lm thay i phn phi xc xut ban u ca plaintext.
25
Hay l, mt h thng l c b mt tuyt i nu:
P(X) = P(X/Y) TIN X V M Y
nh l Shannon. Trong h thng c BMT, s lng kho c th ( ln
khng gian kho) phi ln hn hoc bng s lng thng bo c th ( ln khng
gian TIN).
iu ny cho thy t c BMT th kho phi rt di, do vic trao
chuyn khoa gia hai bn truyn tin s lm cho h thng tr nn phi thc t. Nh vy,
nhn chung chng ta khng th t c b mt tuyt i m ch c th c c cc h
thng vi mc an ton thc t (Practical security) c ci t tu theo gi tr ca
thng tin cn bo v v thi gian sng ca n.
1.3.3 nh gi mc bo mt ca mt cipher.
Shannon a ra mt khi nim, unicity distance, o mc an ton ca mt
h m: Unicity distance, k hiu N0, l di ti thiu ca bn m nghe trm c
c th xc nh c kha ng duy nht. Unicity distance c th c tnh theo cng
thc:
d
EN 20
log
Trong d l d tha ca ngn ng s dng ca TIN.
V d 1.16. Cu tc k sau y thc t c th khi phc c v dng y
mt cch duy nht:
Mst ids cn b xprsd n fwr ltrs, bt th xprsn s mst nplsnt Most ideas can be
expressed in fewer letters, but the expression is most unpleasant.
iu ny chng t nhng ch b mt trong cu ban u l d tha v mt
biu din thng tin (nhng cn thit bo m tnh d hiu, c nhanh).
Khi nim d tha c th c nh ngha thng qua cng thc:
d = R - r bits
Trong R: absolute rate v r: true rate ca ngn ng.
R c nh ngha nh l s lng bit c s dng biu th mt ch ci
trong bng ch vi gi s cc ch c tn xut xut hin nh nhau:
R = log2A bits
vi A l kch thc ca bng ch
26
V d 1.17. i vi ting Anh ta c R = log226 4.7 bits.
i lng true rate r c nh ngha nh l s lng bit trung bnh biu th
mt ch ci khi vn bn c biu din dng ti gin: x l theo kiu tc k, gt b
cc ch khng cn thit (hoc p dng k thut nn trn c s cc thuc tnh thng k
ca vn bn) m vn khng lm mt thng tin chuyn ti.
V d 1.18. i vi vn bn ting Anh, tnh trung bnh, r nm trong khong 1 -
1,5 bit
d tha c th coi l mt thc o ca tnh cu trc v tnh d on
(predictability) ca ngn ng. d tha cao hn chng t tnh cu trc v tnh d
on cao hn. Mt ngun pht tin thc s ngu nhin s khng c d tha.
Trong ting Anh, d tha nm trong khong t 3.2 n 3.7 bits (gy nn bi
s tn xut k t li lm v cc mu t b 2-ch, 3-ch ph bin)
S dng Unicity distance ta c th so snh an ton ca cc thut ton m ha
khc nhau.
V d 1.19. Vi m 1-bng th, ta quan st thy
E= |Z| = 26!
P(Z) =1/26!
log2E = log2(26!) 88.4 bits
N0 88.4 / 3.7 23.9 k t
Nh vy cc M cha 24 k t tr ln s c th b gii m mt cch duy nht.
V d 1.20. Vi m one-time-pad:
X = khng gian kha = {tp hp cc on vn bn ting Anh c di k}
Z = khng gian kha = {tp cc chui ch di k trng bng ch ci ting
Anh}
Gi thit cc kha c chn mt cch ngu nhin vi xc xut ng nht
N0 = log2E/d
E= 26k log2(26
k) = k log2264.7k
N0 = (4.7k)/3.7 = 1.37k
Do , thm ch nu E nghe trm ton b tt c cc ch ci ca on M, c ta
vn khng th gii ph m (tm c TIN tng ng duy nht).
27
Ta c th tng tnh mt ca mt h m cho trc hay khng?
1. Tng ln khng gian kha 2. Gim tnh d tha ca ngn ng vn bn TIN: tin x l qua 1 bc thut ton
nn
Ch : mt thut ton nn l tng c th em li d tha 0, do N0 0
3. C th chn thm mt on vn bn ngu nhin phng ha th tn xut ca vn bn TIN. Ta s xt c th bin php ny di y
Cng thc sau cho bit d tha ca vn bn mi (sau khi chn thm chui k t
ngu nhin)
dML
Md
~
Vn bn TIN gc Chui ngu nhin chn
thm
M L
28
CU HI V BI TP M RNG
1. Phn bit cc thut ng cryptography, cryptanalysis v cryptology. Khoa hc mt
m l tng ng vi thut ng ting Anh no?
2. Trong thi k no, k thut mt m cha c coi l mt ngnh khoa hc? Ti
sao?
3. Hy phn bit cc h bin i m thng thng (Morse code, ASCII code) vi cc
h mt m.
4. Hy phn tch ngha ca Lut Kirchoff thy ti sao mt m hin i khng
chp nhn quan im cn che giu thut ton mt m.
5. Phn tch nhng nhc im chnh ca nguyn l h mt m i xng (SKC).
6. u im chnh ca mt m kha cng khai (PKC) so vi SKC?
7. Gii thch thut ng tn cng bit-bn-r (known-plaintext attack) v ly v d
nhng tnh hung thc t lm c s cho hnh thc tn cng ny.
8. Ti sao hnh thc tn cng bn-r-chn-sn (chosen-plaintext attack) c xem l
mnh hn so vi tn cng bit-bn-r.
9. Khi nim b mt tuyt i (perfect secretcy) c gn lin vi m hnh tn cng
no? Ti sao?
10. Phn bit bo mt chng minh c (provable security) v bo mt thc tin
(practical security).
11. Tm s lng kha thc s dng c vi mt m nhn tnh. Hy lp lun chi tit.
12. Hy tm (v a lp lun chi tit) s kha kh thi ca mt m affine.
13. Ti sao khng th ni mi kha ca mt m mt-bng-th u an ton nh nhau?
14. Ti sao ta khng th s dng quan h th t trong cng mt nhm tn sut trong
phn tch gii m? Gii thch qua v d.
15. Ti sao ni qui lut tn xut khng ng u chi phi mnh m hn cc t c
di ln hn?
16. Hy gii ti cng mt m trong v d 1.8 v dch ngha bn r sang ting Vit.
17. Hy gii thch ti sao th tn xut ca cc mt m ng m li bng
phng v ti sao m li c d tha?
18. Hy so snh IC ca mt bn r M v IC ca mt m ngu nhin R c
cng di. Lp lun gii thch cht ch.
29
19. Trong qu kh c nhiu ngi mun s dng One-time-pad vi kha chn t
mt quyn sch m hai bn nhn v gi u c (mi ln m li chn li kha). Nh
vy c m bo tnh b mt tuyt i?
20. Ti sao c th ni mt m one-time-pad l mt trng hp c bit ca mt m
Vigenere? C th ni g v IC ca mt m one-time-pad
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 1
CHNG 2
Mt m khi v mt m kha i xng
1. Cc khi nim v nguyn l thit k c sCc h mt m c in c gii thiu trong chng trc u thuc loi mt m dng (stream cipher), trong php bin i mt m thc hin trn tng k t c lp. Tuy nhin ngy nay c a chung s dng hn l mt kiu mt m khc mt m khi (block cipher) -- trong tng khi nhiu k t c m ha cng mt lc. Trong mt m khi, cc tham s quan trng l kch thc ( di khi) v kch thc kha. Cc khi nim ny c minh ha qua v d sau y.
V d 2.1 Bng sau y biu din mt thut ton m ha theo khikey 000 001 010 011 100 101 110 111
0 001 111 110 000 100 010 101 011
1 001 110 111 100 011 010 000 101
2 001 000 100 101 110 111 010 011
3 100 101 110 111 000 001 010 011
4 101 110 100 010 011 001 011 111
Theo bng ny, d liu plaintext 010100110111 s c m ha thnh:010 100 110 111 111 011 000 101 theo key=1010 100 110 111 100 011 011 111 theo key=4 y s lng kha l 5, do 22 < 5 < 23 nn cn 3 bit biu din v lu gi kha, tc l kich thc kha l 3. ng thi kch thc khi cng l 3.
Cng qua v d n gin ny (ch c tnh cht minh ha), ta thy rng nu cc tham s kch thc khi v kha qua nh th mt m rt d b ph bng cc tn cng thng qua phn tch thng k. Chng hn trong v d trn, nu k th nhn c mt khi m ciphertext 001 th n c th d dng suy ra plaintext tng ng ch c th l 000 hoc 101 (nh thng k trn bng bin i m).
V vy, cc iu kin cn cho mt m khi an ton l:
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 2
Kch thc khi phi ln chng li cc loi tn cng ph hoi bng phng php thng k. Tuy nhin cn lu rng kch thc khi ln s lm thi gian tr ln.
Khng gian kha phi ln (tc l chiu di kha phi ln) chng li tm kim vt cn.Tuy nhin mt khc, kha cn phi ngn vic lm kha, phn phi v lu tr c hiu qu.
V cc nguyn l thit k mt m khi, ngi ta ghi nhn 2 nguyn tc c s sau c bo mt cao, l vic to ra confusion (tnh hn lon, rc ri) v diffusion (tnh khuch tn).
Confusion. (Hn lon, rc ri) S ph thuc ca bn m i vi bn r phi thc phc tp gy rc ri, cm gic hn lon i vi k th c nh phn tch tm qui lut ph m. Quan h hm s ca m-tin l phi tuyn (non-linear).Diffusion. (Khuch tn) Lm khuch tn nhng mu vn bn mang c tnh thng k (gy ra do d tha ca ngn ng) ln vo ton b vn bn. Nh to ra kh khn cho k th trong vic d ph m trn c s thng k cc mu lp li cao. S thay i ca mt bit trong mt khi bn r phi dn ti s thay i hon ton trong khi m to ra.
Mt cch n gin nht, confusion c th c thc hin bng php thay th (substitution) trong khi diffusion c to ra bng cc php chuyn i ch (transposition/permutation) hay hon v.Ton b s bin i mt m s l mt li cc bin i thay th-hon v (substitution-permutation network).
V du 2.2: Php hon v ct: m ha computer security, ta vit li thnh nhiu hng 5 ct c o m p u
t e r s e
c u r i t
y.
M to ra bng cch vit li theo ct: C T C Y O E U M R R P S I U E T
Bn cnh cc nguyn tc to tnh bo mt ni trn, vic thit k mt m khi cng cao cc nguyn tc ci t hiu qu.:
Ci t cho phn mm cn m bo tnh mm do v gi thnh thp. Ci t cho phn cng cn m bo tc cao v tnh kinh t.
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 3
p ng tt cc nguyn l thit k nu trn, cc thut ton mt m khi thng c t chc nh mt cu trc nhiu vng lp. Khi nim vng lp Mt cch ph bin, cc h m khi thng c thit k theo cu trc nhiu vng lp vi mi vng lp li gi thc hin mt hm f c s (nhng vi cc tham s khc nhau). Theo , u vo ca mt vng lp l u ra ca vng lp trc v mt kha con pht sinh t kha y da trn mt thut ton lp lch kha (key scheduler), hay cng gi l thut ton sinh kha con. Gii m s l mt qu trnh ngc, trong cc kha con s dng ti mi vng lp s c lp lch s dng theo th t ngc.
Hnh 2.1 S minh ha mt cu trc 16 vng lp, vi u vo v ra u c kch thc 64 bits (Ngun: Wikipedia). C hai khi hon v u v cui (IP v FP). Hm F c s ch nhn u vo 32 bits, nhng
tc ng ca n s rng khp qua ch 2 vng nh s hon v 2 na tri v phi.Thng thng, hm c s vng lp f c thit k c mt tnh cht c bit l tnh i hp hm (involution), tc l n bng hm ngc ca n: f = f-1 hay l f(f(x)) = x
V d 2.3 Ta xt php bin i f vi min xc nh: x {tp cc chui nh phn di 3}
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 4
213
123f (bit th nht v th hai i ch cho nhau, bit th ba gi nguyn).
Nh th ta c f l mt hm c tnh i hp, chng hn c th l: f(101) = 011; t f(f(101)) = 101
Chng ta s tm hiu chi tit mt h m khi in hnh, l chun mt m DES (Data Encryption Standard); chun ny ra i vo nm 1977 v thng tr ng dng mt m sut 2 thp k sau . Tuy nhin chun mt m ny tr nn lc hu, km an ton v c thay th bi chun mi AES (Advanced Encryption Standard).
2. Chun mt m DESLch s ca DESVo nhng nm u thp k 70, nhu cu c mt chun chung v thut ton mt m tr nn r rng. Cc l do chnh l:
S pht trin ca cng ngh thng tin v ca nhu cu an ton & bo mt thng tin: s ra i ca cc mng my tnh tin thn ca Internet cho php kh nng hp tc v lin lc s ha gia nhiu cng ty, t chc trong cc d n ln ca chnh ph M.
Cc thut ton cy nh l vn (ad hoc) khng th m bo c tnh tin cy i hicao.
Cc thit b khc nhau i hi s trao i thng tin mt m thng nht, chun.Mt chun chung cn thit phi c vi cc thuc tnh nh:1. Bo mt mc cao2. Thut ton c c t v cng khai hon ton, tc l tnh bo mt khng c php da trn nhng phn che giu c bit ca thut ton.3. Vic ci t phi d dng em li tnh kinh t4. Phi mm do p dng c cho mun vn nhu cu ng dng
Nm 1973, Cc qun l cc chun quc gia ca M c vn bn c ng cho vic to lp cc h mt m chun c quan ng k lin bang ca M. iu ny dn n s cng b vo nm 1977 ca cc An ninh Quc gia M (NSA) v Data Encryption Standard, vit tt l DES. Thc cht, DES c pht trin bi IBM nh l s sa i ca mt h m trc kia c bit vi ci tn Lucipher. Trong khong 2 thp k tip theo, DES l h m c dng rng ri nht v cng l gy ra nhiu nghi ng, tranh ci trong lnh vc ny: xung quanh cc nguyn tc thit k m bo tnh mt, chiu di kha tng i ngn v kh nng NSA cn che giu ca sau
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 5
(backdoor) c th b kha, ph m t tn km hn thng thng.
Thut ton v lu hot ng ca DESCc hnh v sau cung cp s khi qut v chi tit ca thut ton sinh m trong DES.
64
2
1
X
X
X
64
2
1
Y
Y
Y
5621 ZZZ Hnh 2.2 S c bn ca DES: u vo ca DES l khi di 64 bits, u ra 64 bits v kha l 56
bits.
Hnh 2.3 S gii thut sinh m DES vi cu trc 16 vng lp
S hnh v 2.3 cho thy DES c cu to bi 16 bc lp vi bc lp c s gi hm
DES
32 Bits
64 Bits
32 Bits
f
32 Bits32 Bits
f
32 Bits32 Bits
f
32 Bits32 Bits
f
32 Bits32 Bits
),( 1001 KRfLR
2K
iK
16K
0R
1K
),( 2112 KRfLR
),( 15141415 KRfLR
0L
01 RL
12 RL
1415 RL
),( 16151516 KRfLL 1516 RR
64 Bits
INPUT
OUTPUT
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 6
chuyn i phi tuyn f; 16 bc lp ny c kp vo gia hai tc t giao hon IP v IP-1. Hai tc t ny khng c ngha g v mt bo mt m hon ton nhm to iu kin cho vic ci t phn cng, chip ha thut ton DES. Hm c s f l ngun gc ca sc mnh bo mt trong thut ton DES ny. S lp li nhiu ln cc bc lp vi tc dng ca f l nhm tng cng tnh confusion v diffusion c trong f.
Thut ton sinh kha con16 vng lp ca DES cng gi thc hin f nhng vi cc tham s kha khc nhau. Tt c 16 kha khc nhau ny, c gi l kha con, cng sinh ra t kha chnh ca DES bng mt thut ton sinh kha con. Trong thut ton sinh kha con ny (lp lch kha), kha chnh K, 64 bit, i qua 16 bc bin i, ti mi bc ny mt kha con c sinh ra vi di 48 bit.
Hnh 2.4 S thut ton sinh kha con (Key Scheduler) Ngun: Wikipedia
Qua s thut ton sinh kha con c th thy rng thc s ch c 56 bit ca kha chnh c s dng, 8 bit cn li l m kim tra chn l (parity bits) v b lc ra bin i PC1. Cc b bin i PC1 v PC2 ch n gin l cc b va chn lc va hon v (PC = permuted choice = la chn c hon v). Cc bin i R1 v R2 (left rotate 1 bit v 2 bit) tng ng l cc php y bit tri 1 v 2 v tr.Cu trc vng lp DESMi vng lp ca DES thc hin trn c s cng thc sau:
(Li,Ri) = (Ri-1, Li-1 f (Ri-1,Ki))
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 7
trong , (Li,Ri) l 2 na tri v phi thu c t bin i ca vng lp th i. Ta cng c th vit li
(Li,Ri) = T F (Ri-1,Ki))
Trong F l php thay th Li-1 bng Li-1 f (Ri-1,Ki), cn T l php i ch hai thnh phn L v R. Tc l mi bin i vng lp ca DES c th coi l mt tch hm s ca F v T (tr vng cui cng khng c T).Ta c th vit li ton b thut ton sinh m DES di dng cng thc tch hm s nh sau:
DES = (IP)-1F16TF15T ... F2TF1 (IP)
Thut ton gii m DES c xy dng ging ht nh thut ton sinh m nhng c cc kha con c s dng theo th t ngc li, tc l dng kha K16 cho vng lp 1, kha K15 cho vng lp 2 ... V vy, thut ton gii m c th c vit li di dng cng thc sau:
DES-1 = (IP)-1F1TF2T ... F15TF16 (IP)
By gi ch rng mi hm T hoc F u l cc hm c tnh cht i hp (f=f-1, hay f(f(x) =x).
Do nu ta thc hin php tch hm DES-1DES hay DES DES-1 th s thu c php ng nht. iu gii thch ti sao thut ton gii m li ging ht nh sinh m ch c khc v tht trong chui kha con.Bi tp. Bn c hy t chng minh tnh i hp ca T v F ng thi ch r ti sao x= DES ( DES-1 (x) vi mi x l chui nh phn 64 bit.Cu trc c th hm fS bin i c th ca hm f c minh ha trong hnh 2.5. Trc ht, 32 bit ca thnh phn Ri-1 c m rng thnh 48 bit thng qua bin i E (expansion: m rng vi s lp li mt s bit) ri em XOR vi 48 bit ca kha Ki. Tip theo, 48 bit kt qu s c phn thnh 8 nhm 6 bit. Mi nhm ny s i vo mt bin i c bit gi l bin i S-box (c 8 S-box khc nhau ng vi mi nhm 6 bit) v cho ra kt qu l 8 nhm 4 bit. T , 32 bit hp thnh (sau khi qua 8 S-box khc nhau) s c hon v li theo hm hon v P a ra kt qu cui cng ca hm f (tc nhn ca Fi).
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 8
Hnh 2.5 Cu trc ca bin i hm f, bc lp c s ca DES. Ngun: Wikipedia
Cu trc ca cc S-BoxNh ta bit mi mt trong 8 nhm 6 bit s i vo mi trong 8 b bin i S1,S2 ... S8.Mi S-box bao gm 4 bng bin i dng, thc cht l mt bin i hon v cho 16 t hp ca 4 bits. Trong 6 bits u vo th hai bit ngoi cng (bit 1 v 6) c dng ch nh 1 trong 4 bng bin i dng ny; v th chng c gi l cc bit iu khin tri v phi (CL v CR).Cn li 4 bit chnh (cc bit 2-5) ca nhm 6 bit u vo s l t hp 4 bits b bin i.
S5Middle 4 bits of input
0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
Outer bits
00 0010 1100 0100 0001 0111 1010 1011 0110 1000 0101 0011 1111 1101 0000 1110 1001
01 1110 1011 0010 1100 0100 0111 1101 0001 0101 0000 1111 1010 0011 1001 1000 0110
10 0100 0010 0001 1011 1010 1101 0111 1000 1111 1001 1100 0101 0110 0011 0000 1110
11 1011 1000 1100 0111 0001 1110 0010 1101 0110 1111 0000 1001 1010 0100 0101 0011
Hnh 2.6 Bng bin i S5: u vo 6 bits 011011 s c bin i thnh 1001 ( vng)Cc thuc tnh ca S-BoxCc nguyn tc thit k ca 8 S-box c a vo lp thng tin mt Classified information M. Mc d vy, NSA tit l 3 thuc tnh ca S-boxes, nhng thuc tnh ny bo m tnh confusion & diffusion ca thut ton.1. Cc bt vo (output bit) lun ph thuc khng tuyn tnh vo cc bt ra (input bit).2. Sa i mt bit vo lm thay i t nht l hai bit ra.3. Khi mt bit vo c gi c nh v 5 bit con li cho thay i th S-boxes th hin mt tnh
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 9
cht c gi l phn b ng nht (uniform distribution): so snh s lng bit s 0 v 1 cc u ra lun mc cn bng. Tnh cht ny khin cho vic p dng phn tch theo l thuyt thng k tm cch ph S-boxes l v ch.
R rng, 3 tnh cht ny m bo tt confusion & diffusion. Thc t, sau 8 vng lp tt c cc bit ra ca DES s chu nh hng ca tt c cc bit vo v tt c cc bit ca kha. Hn na s ph thuc ny l rt phc tp. Tuy nhin sau ny mt s tn cng mi c xut v cho thy 8 vng lp ny l cha bo mt (iu ny cho thy NSA bit trc cc dng tn cng ny nn mi qui nh s vng lp l 16 ngay t u).
Chnh cu to ca S-box gy tranh lun mnh m trong cc thp k 70-90 v kh nng c quan NSA (National Security Agency), M, vn cn che du cc mt s c tnh ca S-box hay ci bn trong nhng ca by (trapdoor) m qua h c th d dng ph gii m hn ngi bnh thng (bit cc b mt ny c th gin lc khng gian kha 256 tm kim vt cn nhanh hn). S pht hin sau ca cc tn cng mi, rt mnh nh tn cng vi phn, cng c s nghi ng ca gii khoa hc.
Cc im yu ca DES1.Tnh b.
K hiu u l phn b ca u (v d 0100101 v 1011010 l b ca nhau) th DES c tnh cht sau:
y = DESz (x) )x(DESy z
Cho nn nu bit M y c m ha t TIN x vi kha z th ta suy ra y c m ha t TIN
x vi kha z . Tnh cht ny chnh l mt im yu ca DES bi v nh k ch c th loi tr mt na s kha cn phi th khi tin hnh php th-gii m theo kiu tm kim vt cnkhng gian kha.
2. Kha yuCc kha yu l cc kha m theo thut ton sinh kha con th tt c 16 kha con u nh nhau
Z1 = Z2 = Z3 = ...=Z15 = Z16
iu khin cho php sinh m v gii m i vi cc kha yu ny l ging ht nhauDESz = DES
-1z
C tt c 4 kha yu nh sau:1) [00000001 00000001 ... ... 00000001]
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 10
2) [11111110 11111110 ... ... 11111110]
3) [11100000 11100000 11100000 11100000
11110001 11110001 11110001 11110001]
4) [00011111 00011111 00011111 00011111
00001110 00001110 00001110 00001110]
ng thi c 10 kha yu vi thuc tnh l tn ti Z, Z sao choDES-1z = DESz hay l DES
-1z = DESz
Tn cng bng phng php vt cn (hay l brute-force attack)DES c 256=1017 kha. Nu nh bit mt cp plaintext-ciphertext th chng ta c th th tt c 1017 kh nng ny tm ra kha cho kt qu khp. Gi s nh mt php th mt qung 10-6s(trn mt my PC thng thng), th chng ta s th mt 1011s tc l 7300 nm!Nhng nh rng y mi ch l s dng cc my tnh thng thng, cn c cc my tnh c ch to theo nguyn l x l song song. Chng hn nu nh lm c mt thit b vi 107 con chip mt m DES chy song song th by gi mi con chip ch phi chu trch nhim tnh ton vi 1010 php th. Chip m DES ngy nay c th x l ti tc l 4.5 x 107bits/s tc l c th lm c hn 105 php m DES trong mt giy.Diffie v Hellman (1977) c lng rng c th ch c mt my tnh chuyn dng vt cn khng gian kha DES trong1/2 ngy vi ci gi cho chic my ny l 20 triu la. Ci gi ny c tnh ton li v gim xung $200,000 vo nm 1987. V vy DES b ph bnh ngay t khi ra i v c kch thc kha qu ngn!Hin nay c nhng thit k c th cho loi my tnh chuyn dng ph kha ny da trn k thut x l song song tin tin v cho bit mt thit b kiu ny c gi khong $10,000 c th cho kt qu trong 1 ngy.
Sau y l mt on trch, tham kho t ngun Wikipedia (theo t kha DES):In academia, various proposals for a DES-cracking machine were advanced. In 1977, Diffie and Hellman proposed a machine costing an estimated US$20
million which could find a DES key in a single day. By 1993, Wiener had proposed a key-search machine costing US$1 million which would find a key within 7
hours. However, none of these early proposals were ever implementedor, at least, no implementations were publicly acknowledged. The vulnerability of DES
was practically demonstrated in the late 1990s. In 1997, RSA Security sponsored a series of contests, offering a $10,000 prize to the first team that broke a
message encrypted with DES for the contest. That contest was won by the DESCHALL Project, led by Rocke Verser, Matt Curtin, and Justin Dolske, using idle
cycles of thousands of computers across the Internet. The feasibility of cracking DES quickly was demonstrated in 1998 when a custom DES-cracker was built
by theElectronic Frontier Foundation (EFF), a cyberspace civil rights group, at the cost of approximately US$250,000 (see EFF DES cracker). Their motivation
was to show that DES was breakable in practice as well as in theory: "There are many people who will not believe a truth until they can see it with their own eyes.
Showing them a physical machine that can crack DES in a few days is the only way to convince some people that they really cannot trust their security to DES."
The machine brute-forced a key in a little more than 2 days search.
Tng kch thc kha ca DESNu nh ta dng nhiu khi DES ni tip th c th lm tng kch thc ca kha. Tuy nhin ch rng nu ni hai khi DES vi hai kha khc nhau th khng v th kch thc kha ca
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 11
c h thng c tng gp i thnh 56 *2 =112 bits m ch l 57 bit.Bi tp. Hy gii thch ti sao.S 3-DES di y, tri li, thc s cung cp mt h m vi di kha l 112 bits
Hnh 2.7 S 3-DES (Triple-DES)Cc dng tn cng khcDifferential Cryptanalysis. c cng b ln u bi E. Biham v A. Shamir vo cui nhng nm 80 (th k trc), tuy nhin thc t c bit n t lu nhng khng cng b bi IBM v NSA (Cc An ninh Quc gia M). ph c DES vi y 16 vng lp, tn cng ny cn ti 249 bn r chn trc (chosen plaintext). c c khi lng bn r ny l khng th xy ra trn thc t, iu cng cho thy l DES c thit k ban u trnh c tn cng ny.
Linear Cryptanalysis. Tn cng ny c pht hin bi Matsui vo nm 1994, v cn 243 bn r chn trc.
3. Cc h mt m khi khcCc mt m khi khc (Cho n nm 1999)Qua thi gian, c nhiu thut ton mt m khi khc nhau c xut bi cng ng khoa hc mt m nh FEAL (-4, -8, -N, -NX), NewDES, LOKI91, Blowfsh, RC2, MMB, IDEA ... Tuy nhin, kh nhiu trong s b ph gii hoc ch ra c nhng im yu nht nh. iu chng t xut thut ton m khi tt c th thay th c DES khng phi l n gin.Trong s ni trn IDEA (1990) c th c xem l thut ton c an ton cao nht, cho n gi vn cha c mt cng b no ni ln mt im yu ng k no ca DES, mc d k t nm 1990 c nhiu loi tn cng rt mnh c s dng th ph gii. IDEA chnh l mt trong cc thut ton c dng trong PGP (Pretty Good Privacy) - mt gii php bo mt khng thng mi gn nh duy nht cho php cc ngi dng trn Internet s dng cho cc nhu cu tha mn b mt ring nh e-mail.IDEA lm vic vi d liu khi 64 bit, nhng vi kha128 bit nn vic thay th s dng IDEA cho DES l mt kh khn ln.
DES DES-1 DESTIN M
K1 K2 K3
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 12
Mt m AESVo nm 2000, c quan qun l v chun v cng ngh ca M, NIST (National Institute of Standard and Technology), t chc mt cuc thi chn mt h mt m mi thay th cho DES. H m Rijndael c chn v c cng b (2002) nh l chun mt m mi thay th cho DES, vi tn gi l Advanced Encryption Standard (AES). Vo n vng trong cn c cc ng vin khc l RC6, Serpent, MARS v Twofish. H m ny c pht trin bi 2 nh khoa hc B, Joan Daemen v Vincent Rijnmen (v vy tn gi Rijndael c to ra t vic ghp tin t tn h 2 ng ny)
AES c xy dng trn nguyn l thit k li giao hon thay th (substitution-permutation network). y l mt h m c tc tt trong c ci t phn mm cng nh phn cng. Khc vi DES, AES khng theo mu thit k mng Feistel. Thay vo cc thao tc c bn c thc hin trn cc khi ma trn d liu 4*4 (bytes), c gi l cc trng thi (state). S vng lp ca AES l mt tham s xc nh trn c s kch thc kha: 10 vng lp cho kha 128bit, 12 cho 192 bit, 14 cho 256bit.
Gio trnh ny s khng i su tm hiu v AES. Sinh vin c khuyn khch tm c thm t cc ti liu tham kho v AES.
4. Cc ch s dng M khiThut ton m khi c u vo v u ra l cc khi c di xc nh (nh DES l 64bit). m ha mt d liu c di ty th ta phi ct d liu thnh nhiu khi n v v p dng thut ton m nhiu ln, ri sau s kt hp cc khi d liu thu c theo mt s no . C nhiu loi s , hay cn gi l ch mt m khc nhau, vi u nhc im khc nhau v c p dng cho cc nhu cu khc nhau. Sau y l mt s ch hay dng.
Ch bng tra m in t (Electronic code book - ECB)Trong ch ny, cc khi c to mt m ring bit, c lp. Do , nhng khi tin ging nhau s c m ha thnh nhng khi m ging nhau.iu ny tr nn nguy him, to ming t mu m cho k ch vn dng tn cng replay cng nh thao tc bin tp theo khi. K th c th nghe trm v tm cch thu thp cc mu tin-m ph bin, sau ct ghp v trn ln to ra cc bn m gi m bn nhn khng pht hin c. V d: Nu ECB c s dng trong truyn tin mt trong giao dch ngn hng, k ch c th tn cng lm gi thng bo, lnh chuyn ti khon. Nhc im ni trn khin cho vic truyn tin mt theo ch m ny l khng c li, tuy nhin ch ny thng c dng trong m ha thng tin lu tr, v d nh cc c s d liu v n cho php tng n v d liu c m ha c lp v do c th cp nht thay i d
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 13
dng tng phn m khng ng chm n cc phn khc ca c s d liu.
Hnh 2.8 S ch mt m ECB
Ch m mc xch (Cipher Block Chaining - CBC)Trong ch ny, mi khi tin trc khi c m ha th c XOR vi khi m sinh ra t bc trc .
X1 = X1 IVX2 = X2 Y1
...
Xi = Xi Yi-1Nh vy cc khi m u ph thuc rt cht vo nhau theo kiu mc xch. Cng qua c th thy rng CBC s to ra cc khi bn m khc nhau khi cc khi tin a vo l ging nhau tc l che giu c cc mu tin-m ph bin khi s theo di ca k th, chn ng kh nng ph hoi bng tn cng replay v bin tp ni trn. Ti bc u tin, khi cha c khi m sinh ra t bc trc, khi tin u s c XOR vi mt vecto khi u, chn ngu nhin, k hiu l IV (initial vector).
Hnh 2.9 S ch mt m CBCTnh cht ph thuc ln nhau ca cc khi bn m cn em li mt u th na l ngn chn k th sa i ct xn m truyn tin, v d ch thay i 1 bit trn m cng lm nh hng n ton b thng tin m c gii m t , n mc ngi nhn c th pht hin c d dng do on thng tin gii m s b hon ton v ngha.
E
IV
XiXi
E
IV
Xi XiYi Yi. . . . . . .
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 14
Tuy nhin tnh cht cng em li mt mi hi l nu nh m truyn i b sai 1 t do nhiu thgii m s b nh hng lan truyn nhiu, dn n phi pht li. Ngoi ra ch CBC mc nh s x l tun t, do khng th thc hin tnh ton song song, tc l khng th ci tin c tc cho h my tnh song song.
Liu c tn ti mt c ch tn cng khc, thng minh hn loi p dng cho ECB, ph m hoc li dng CBC? L lun v s ph thuc mc xch mi ch cho ta mt cm gic an ton ch cha phi l mt chng minh cht ch. Tuy nhin tnh an ton trong truyn tin mt ca ch CBC c chng minh cht ch bng phng php ton hc
Bi tp. Hy so snh 2 dng s mt m di y t lin h gia CBC vi mt m one-time-pad
S A: S dng mt chui ngu nhin lm kha chung
S B: biu din li CBC
Ch M phn hi k-bit (k-bit Cipher Feedback Mode - CFB)Vi mt s ng dng thi gian thc yu cu dng d liu truyn n phi lin tc hn l gin on (nh l chui k t truyn gia host v terminal phi to thnh dng k t lin tc). Do cc ch mt m khi x l v truyn theo tng khi mt tr nn khng thch hp; cc m stream cipher vi n v x l l k t - khi 8 bit s l thch hp hn vi dng ng dng ny.Ch CFB l mt ci tin cho php to ra kh nng truyn khi nh k-bit (vi k ty ) trong khi vn dng thut ton m khi.Dng tin i vo c mc bng tng gu vi dung lng k bit m k l tham s thay i c. Thut ton mt m khi E chy lin tc nh mt l nu: mi bc ngi ta ly k bit (bn tri nht) ca vector u ra t E b vo gu k bit tin, chng c XOR vi nhau. Kt
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 15
qu k bit va c em truyn i, va c b li vo u vo ca thut ton m khi: vecto u vo c dch tri k v tr v k bit phi nht s c thay th bi k bit ly t gu tin. Nh vy c th thy rng thut ton m khi c thc hin nh mt hm sinh cc s gi ngu nhin k-bit, cc ga tr ny li c XOR vi cc phn t k-bit tin ly vo to ra m truyn i.Qua trnh gii m th c tin hnh theo nguyn tc i xng.R rng ch ny cng cung cp cc kh nng nh ca ch CBC, thm vo n cho php truyn tin vi khi ngn ty , m bo cc ng dng v truyn-x l lin tc.
Hnh 2.10 S ch mt m CFB
Ch mt m kt qu phn hi (Output Feedback Mode OFB)Ch ny cng kh gn vi hai ch trn y, nhng cc php XOR to ra khi ciphertext l c lp ring r, ch khng c s ph thuc (mc xch) nh trc. Cc khi plaintext c XOR vi cc u ra output ca cc hm sinh m (thut ton mt m khi) m ring cc phn t output ca hm m ha ny l vn ph thuc mc xch (nn c gi l output feedback). Tuy nhin chui mc xch ny c th c thc hin off-line thng qua tin x l, trc khi thc s c thng tin vn bn cn gi i. Chnh v vy kh nng thi gian tnh ton c th c rt ngn nhiu. Ngoi ra, ch ny cng cho php m khi nh, nh stream cipher, ging nh vi ch CFB vy.
Hnh 2.11 S ch mt m OFB
l kE
l k
l kE
l k
Ptxt PtxtCtxti i
i i
Gio trnh An ton & Bo mt Thng tin 2012
TS. Nguyn Khanh VnVin CNTT-TT, HBKHN Page 16
Ch mt m con m (Counter mode CTR)y l ch mt m mi c pht minh khng lu lm (2000) v c cho l u t nht. S ca n n gin mt cch ng ngc nhin! S mc xch (feedback) gia cc khi c loi tr hon ton, lm cho CTR c nhng hiu nng tnh ton cao ng mong c
C th x l song song d dng v cc khi tnh ton han tan c lp; ngoi ra cng cho php tin x l tnh ton trc chui phn t output ca hm sinh m (chng qua l chui m ha ca dy s t nhin lin tip t gi tr IV ban u).
Khng c s ph thuc ln nhau nn c th dng vo m ha d liu lu tr ging nh vi ECB: cho php truy nhp ngu nhin (random access) thay v truy nhp tun t nh vi CBC chng hn.
Mc d c sn tnh ton rt n gin, tnh an ton ca ch ny c chng minh y bng cng c ton hc hnh thc, trn c s thng qua so snh vi mt m one-time-pad (t b mt tuyt i.
Hnh 2.12 S ch mt m CTR
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 1 -
CHNG 3
H thng mt m kha cng khai
1. Gii thiuNh nu, cc h thng mt m gii thiu cho n gi u c gi l cc h mt m kha i xng (Symmtric Key Cryptosystems) do vai tr hai bn gi v nhn tin u nh nhau v u s hu chung mt kho b mt. Cng c nhiu cch gi khc i vi cc h mt m ny, s dng ty vo cc ng cnh ph hp:
H m vi kha s hu ring (Private Key Cryptosystems) H m vi kha b mt (Secret Key Cryptosystems) H m truyn thng (Conventional Cryptosystems)
Chng ta s s dng k hiu vit tt cho h mt m i xng l SKC.
Tuy nhin cc h m i xng c nhng nhc im c bn nh sau: Vn qun l kho (to, lu mt, trao chuyn ...) l rt phc tp khi s dng trong
mi trng trao i tin gia rt nhiu ngi dng. Vi s lng NSD l n th s lng kho cn to lp l n(n-1)/2. Mi ngi dng phi to v lu n-1 kho b mt lm vic vi n-1 ngi khc trn mng. Nh vy rt kh khn v khng an ton khi n tng ln.
Th hai l, trn c s m i xng, ta khng th thit lp c khi nim ch k in t (m th hin c cc chc nng ca ch k tay trong thc t) v cng do khng c dch v non-repudiation1 (khng th ph nhn c) cho cc giao dch thng mi trn mng.
Vn l ch trong h SKC, thng tin mt c chia s chung bi c hai bn Alice v Bob, do Alice c th lm c bt k ci g m Bob lm v ngc li. Gii php duy nht cho vn ny l phi c thm mt thnh phn th ba trong bt c giao dch no gia Alice v Bob, tc l mt ngi c thm quyn (trusted authority) m c Alice v Bob u 1 Non-repudiation l c m bo cho mt qu trnh giao dch gia Alice (A) v Bob (B) nu trong mi trng hp mi bn u c bng chng chng gian nhng trng hp pha bn kia chi b mt giao dch no , v d A c th chi khng thc hin mt giao dch X no vi B bng vic ly c l c k mo nhn A lm by.
KAC KBC
KAB A
C
B
KCD KAD
KCD D
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 2 -
tin tng l trung thc. Ngi ny s lm chng v trng ti trong trng hp xy ra tranh ci gia hai bn trung thc. Ngi ny s lm chng v trng ti trong trng hp xy ra tranh ci gia hai bn Alice v Bob. Tuy nhin cng vic ca ngi trng ti ny s rtnng v phi tham gia vo tt c cc giao dch ca cc bn, v sm mun cng s tr thnh im qu ti v giao thng truyn tin cng nh tc x l -- im tc ngn c chai (bottleneck).
Sm nhn thc nhng vn , Diffie & Hellman trong cng trnh ni ting ca mnh (1976) xut nhng t tng v mt loi h m vi nguyn tc mi, xy dng xoay quanh mt NSD ch nhn h thng ch khng phi l xoay quanh mt cp NSD nh trong bi ton knh truyn tin mt truyn thng.
Trong h thng mi ny, mi NSD c hai kho, mt c gi l kho b mt (secret key hay private key) v mt c gi l kho cng khai (public key). Kho th nht ch mnh user bit v gi b mt, cn kho th hai th anh ta c th t do ph bin cng khai. Kho th nht thng i lin vi thut ton gii m, cn kho th hai thng i lin vi thut ton sinh m, tuy nhin iu khng phi l bt buc. Ta hy k hiu chng l z (kha ring) v Z (kha cng khai)
Hot ng ca chng l i xngX = D(z, E(Z, X)) (1)
v X = E(Z, D(z, X)) (2)
Trong h thc (1) biu tng cho bi ton truyn tin mt: bt k NSD no khc nh B,C,D ... mun gi tin cho A ch vic m ho thng tin vi kho cng khai (ZA) ca A ri gi i. Ch c A mi c th kho ring gii m (zA) v c c tin; k nghe trm Evekhng th gii m ly c tin v khng c kho zA.Cn h thc (2) s c s dng xy dng cc h ch k in t nh sau ny ta s nghin cu, trong thao tc K chnh l thc hin E(ZA) cn kim nh ch k l thng qua gi D(zA).H mt m theo nguyn tc ni trn c gi l h m vi kho cng khai (public key cryptosystems) hay cn c gi l m kha phi i xng (asymmetric key cryptosystems). Ta s vit tt h thng kiu ny bng PKC.
Nguyn tc cu to mt h PKC s dng ca by (trapdoor)Mt h m PKC c th c to dng trn c s s dng mt hm mt chiu (one-way). Mt hm f c gi l mt chiu nu:1. i vi mi X tnh ra Y = f(X) l d dng.2. Khi bit Y rt kh tnh ngc ra X.
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 3 -
V d 3.1. Cho n s nguyn t p1, p2, ...pn ta c th d dng tnh c N = p1 * p2 * ... * pn, tuy nhin khi bit N, vic tm cc tha s nguyn t ca n l kh khn hn rt nhiu, c bit l khi N ln v cc tha s nguyn t ca n cng ln.
Tuy nhin, chng ta cn mt hm mt chiu c bit c trng b mt ca by (trap door)sao cho nu bit s dng n th vic tm nghch o ca f l d dng, cn nu khng (khng bit b mt ca by) th vn kh nh thng.Mt hm mt chiu c ca by nh th c th dng to ra mt h m PKC nh sau. Ly EZ (hm sinh m) l hm mt chiu c ca by ny. Nh vy b mt ca by chnh l kha b mt z, m nu bit n th c th d dng tnh c ci nghch o ca EZ tc l bit Dz, cn nu khng bit th rt kh (ch cn cch th vt cn, thc t s l bt kh thi v khi lng tnh ton qu ln).Sau y chng ta s kho st hai v d v vic xy dng hm mt chiu c ca by. V d u tin l mt c gng nhng tht bi, h Trapdoor Knapsack. V d th hai l mt h thnh cng v rt ni ting, l h RSA.
2. Merkle-Hellman Trapdoor Knapsack (Ca by da trn bi ton ng thng)
Vo nm 1978, hai ng Merkle v Hellman xut mt thut ton m ho theo m hnh PKC da trn bi ton NG THNG (hay cn gi l bi ton ci ti, hay ba l) nh sau:
Cho 1 tp hp cc s dng ai, 1in v mt s T dng. Hy tm mt tp hp ch s S 1,2,...,n sao cho: iS ai = T
Bi ton ny l mt bi ton kh (NP-kh), theo ngha l cha tm c thut ton no tt hn l thut ton th-vt cn v nh vy thi gian x l s l hm m (trong khi bi ton c quan nim l d theo ngha tin hc nu c thut ton thi gian a thc).
V d 3.2 (a1, a2, a3, a4) = (2, 3, 5, 7) T = 7.Nh vy ta c 2 p s S = (1, 3) v S = (4).
T bi ton ng thng ny chng ta s kho st cc kh nng vn dng to ra thut ton m khi PKC. S u tin nh sau:
Chn mt vector a = (a1, a2, ... , an) - c gi l vector mang (cargo vector)Vi mt khi tin X = (X1,X2,X3 ..., Xn), ta thc hin php m ho nh sau:
T= aiXi (*) i=1,n
Vic gii m l: Cho m T, vector mang a, tm cc Xi sao cho tho mn (*).
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 4 -
S ny th hin mt hm mt chiu m dng lm sinh m th tnh ton d dng nhng vic gii m, tc tnh hm ngc ca n, l rt kh. By gi ta s tip tc tm cch a vo mt ca by (trapdoor) vic gii m c th lm c d dng (nu bit ca by b mt).
Merkle p dng mt mo da trn s dng vector mang c bit l vector siu tng (super-increasing) nh sau. Mt vect l siu tng nu thnh phn i+1 l ln hn tng gi tr ca cc thnh phn ng trc n (1i). Khi s dng mt vector siu tng lm vector mang th s thy vic tnh ngc, tc l gii bi ton ng thng l d dng nh mt gii thut thm n n gin. iu ny c minh ha qua v d bng s sau.
V d 3.3Vector mang siu tng: a=(1,2,4,8)Cho T=14, ta s thy vic tm X=(X1,X2,X3,X4) sao cho T= aiXi l d dng:t T=T0
X4=1 T1=T0-X4=6 (X1 X2 X3 1)X3=1 T2=T1-X3=2 (X1 X2 1 1)X2=1 T3=T2-2=0 (X1 1 1 1)
X1= 0 (0 1 1 1)
bc i, tng ch l Ti (tc l phi tm cc aj tng bng Ti). Ta em so snh Ti vi thnh phn ln nht trong phn cn li ca vector, nu ln hn th thnh phn ny c chn tc l Xi tng ng bng 1, cn ngc li th Xi tng ng bng 0. Sau tip tc chuyn sang bc sau vi Ti+1 = Ti-Xi.
Mc d ta thy s dng vector siu tng l vector mang cho php gii m d dng nhng, tt nhin, ta cn phi lm th no cho ch c ngi ch mi bit c v s dng n cn k th th khng. Tm li, cn to ra mt b mt ca by thng qua vic ngi ch phi ch ng ngu trang vector siu tng ch c anh ta mi bit cn ngi ngoi khng th ln ra c.
S sau y s trnh by mt c ch ngu trang nh vy. Vector a l mt vector siu tng b mt, s c ngy trang, tc l bin i thng qua mt hm g c chn sn to thnh vector a khng h c tnh siu tng (thm ch l c th gim); vector a ny s c s dng lm vector mang. Trong qu trnh gii m, ngi ch (Alice) s thc hin mt bin i vo d liu, trn c s p dng hm ngc g-1, chuyn vic gii m thnh gii mt bi ton ng thng vi vector siu tng l vector mang. Php bin i g c chn chnh l php nhn ng d vi mt gi tr kha b mt.
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 5 -
To kho: 1. Alice chn mt vector siu tng:
a = (a1,a2,...,an)a c gi b mt tc l mt thnh phn ca kho b mt2. Sau chn mt s nguyn m > ai, gi l mo-dul ng d v mt s nguyn ngu
nhin , gi l nhn t, sao cho nguyn t cng nhau vi m.Kho cng khai ca Alice s l vector a l tch ca a vi nhn t :
a = (a1,a2,...,an)
ai=ai (mod m); i=1,2,3...nCn kho b mt s l b ba (a, m, )
Sinh m:Khi Bob mun gi mt thng bo X cho Alice, anh ta tnh m theo cng thc:
T= aiXiGii m:Alice nhn c T, gii m nh sau:1. b lp ngu trang c ta trc ht tnh -1 (l gi tr nghch o ca , tc l -1
=1 mod m, s gii thiu thut ton tnh sau), ri tnh T=T-1 (mod m)2. Alice bit rng T = a. X nn c ta c th d dng gii ra c X theo siu tng a.
Ch thch: y ta c T = T-1 = aiXi-1 = aiXi-1 = (ai-1)Xi-1 = aiXi = a.X
Nh vy chng ta xem xt xong s c th ca Merkle-Hellman v mt h PKC da trn bi ton ng thng.
Tn cng v lc (Brute Force Attack)Ban u tn cng v lc c xem l cch duy nht ph h thng mt m ny.Vi nhng k khng bit trapdoor (a, m, ), ph gii m i hi phi tm kim vt cn qua 2n kh nng ca X. V vy vi n c chn ln tn cng v lc l bt kh thi v khi lng tnh ton. Tuy nhin tn cng v lc khng phi l cch duy nht.
S v ca gii php dng Knapsack (1982-1984).Shamir-Adleman ch ra ch yu ca gii php ny bng cch i tm 1 cp (,m) sao cho n c th bin i ngc a v a (tnh c kha b mt - Private key t kha cng khai). Nm 1984, Brickell tuyn b s v ca h thng Knapsack vi dung lng tnh ton khong 1 gi my Cray -1, vi 40 vng lp chnh v c 100 trng s.
Thut ton tm gi tr nghch o theo modul ng dVic xy dng Knapsack vi ca by i hi phi tnh gi tr nghch o ca theo modul m. Thut ton tm x = -1 mod m, sao cho x. = 1 (mod m) c gi l thut ton GCD
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 6 -
m rng hay Euclide m rng (GCD - Greatest common divior - c s chung ln nht).S d nh vy l v trong khi i tm c s chung ln nht ca hai s nguyn n1 v n2, ngi ta s tnh lun cc gi tr a,b sao cho GCD(n1, n2) = a*n1 + b*n2.T suy ra nu ta bit (n1,n2)=1 th thut ton ny s cho ta tm c a, b tho mn a*n1 + b*n2=1, tc l n1 chnh l nghch o ca a theo modulo n2 (tc l m)
Sau y l s thut ton v mt v d p dng bng s
V d 3.4. Tm ngch o ca 39 theo modulo 11t n1=39, n2=11 ta c bng tnh minh ha cc bc nh sau:
n1 n2 r q a1 b1 a2 b2
39 11 6 3 1 0 0 1
11 6 5 1 0 1 1 -3
6 5 1 1 1 -3 -1 4
5 1 -1 4 2 -7
D thy a=a2=2 chnh l nghch o ca 39 theo modulo 11
K t nm 1976, nhiu gii php cho PKC c nu ra nhng kh nhiu trong s b ph v hoc b ch l khng thc dng do dung lng tnh ton ln hoc thng tin n ra qu ln khi m ho.
Start
n1, n2n1>0
Initialization:a1=1, b1=0
a2 = 0, b2 = 1
Compute quotient q and remainder r
when n1 is divided by n2
r=0g = n2a = a2b = b2
g,a,b
UPDATE:
n1=n2
n2 = r
t=a2
a2 = a1 - q* a2
a1 = t
t=b2
b2=b1-q*b2
b1 = t
YesNo
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 7 -
Mt h thng PKC c th s dng vo 2 mc ch c bn: (1) Bo mt thng tin v truyn tin (2) Chng thc v ch k in t. Hai thut ton p ng cc ng dng trn thnh cng nht l RSA v Elgamal. Ni chung thut ton PKC l chm v khng thch hp cho mt m trn dng (online) vi truyn tin tc cao, v vy ch thng c s dng khi cn n tnh an ton cao v chp nhn tc chm. Ngoi ra ngi ta thng s dng kt hp PKC v SKC (symmetric key cryptosystems) vi PKC c tc dng khi ng mi cho SKC: dng PKC thit lp thut ton to ra kho b mt thng nht chung gia hai bn truyn tin sau s dng kho b mt trn cho pha truyn tin chnh bng SKC sau .
3. H thng kha cng khai RSARSA l h mt m kha cng khai ph bin v cng a nng nht trong thc t, pht minhbi Rivest, Shamir & Adleman (1977). N l chun mt m bt thnh vn i vi PKC, cung cp m bo tnh mt, xc thc v ch k in t.
C s thut ton RSA da trn tnh kh ca bi ton phn tch cc s ln ra tha s nguyn t: khng tn ti thut ton thi gian a thc (theo di ca biu din nh phn ca s ) cho bi ton ny. Chng hn, vic phn tch mt hp s l tch ca 2 s nguyn t ln hng trm ch s s mt hng ngn nm tnh ton vi mt my PC trung bnh c CPU khong trn 2Ghz.
tng (Motivation)Cc nh pht minh c la chn kh gin d l xy dng thut ton sinh/gii m trn c s php ton ly lu tha ng d trn trng Zn = {0,1,2,..n-1}. Chng hn, vic sinh m cho tin X s c thc hin qua:
Y =
y ta dng k hiu a = b + n ngha l a = b + k* n vi a Zn cn k = 1,2,3,..., v d 7 = 33 + 10) cn vic gii m:
X = (e kha sinh m, d kha gii m)Nh vy hai hm sinh m v gii m ny l hm ngc ca nhau, e v d phi c chn sao cho: Xed = X+ nNgi ta tm c cch xy dng cp s (e,d) ny trn c s cng thc nh sau:
+ n (nh l - le)Trong (n) hm s cho bit s lng cc s thuc Zn m nguyn t cng nhau vi n. Ngi ta cn chn e*d sao cho chia (n) d 1, hay d= e-1 + (n), khi ta s c iu cn thit:
Xed = Xk.(n)+1 =(X(n))d * X = 1*X =X
nX e
nY d
1)( nX
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 8 -
(n) c th tnh c khi bit cng thc phn tch tha s nguyn t ca n, c th l nu bit n = p*q (p.q l s nguyn t) th (n) = (p-1) (q-1).Ni cch khc nu nh cho trc mt s e th nu bit cng thc phn tch tha s nguyn t ca n ta c th d dng tm c d sao cho d = e-1 + (n) hay l Xed = X + n, cn nu khng bit th rt kh.Va ri l phn trnh by dn dt v ci ngun ca thut ton, sau y l thut ton c th.
Thut ton RSAXy dng: Chn cc tham s1. Chn hai s nguyn t ln p v q. Tnh n = p x q v m = (n) = (p = 1) x (q-1).2. Chn e, 1 e m -1, sao cho gcd (e, m) = 1.3. Tm d sao cho e * d = 1 (mod m), tc l tnh d = e-1 (mod m), gii theo thut ton gcd m rng trnh by phn trc.Kha cng khai (Public key) l (e, n)Kho dng ring (Private key) l d, p, q)
Gi s X l mt khi tin gc (plaintext), Y l mt khi m tng ng ca X, v l cc thnh phn cng khai v ring ca kho ca AliceM ho. Nu Bob mun gi mt thng bo m ho cho Alice th anh ta ch vic dng kho cng khai ca Alice thc hin:
Gii m: Khi Alice mun gii m Y, c ta ch vic dng kho ring zA = d thc hin nh sau:
V d 3.5Chn p = 11 v q = 13n=11*13=143m= (p-1)(q-1) =10 *12=120e=37 gcd (37,120) =1
S dng thut ton gcd tm sao cho e * d =1 120, ta tm c d= 13 (e*d =481) m ho mt xu nh phn, ta phi b ra thnh nhiu on di l u bit, sao cho 2u 142. Do u = 7. Mi on nh vy s l mt con s nm trong khon 0 - 127 v ta c th tnh m Y theo cng thc:
Chng hn vi X = (0000010) =2, ta c
Y= (00001100)Gii m nh sau:
),( AA Zz
nXXEY eZ A )(
nYYD dzA )(
120 eXY
14312)( 37 XXEZ
143212)( 13 YDX z
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 9 -
tin cho vic giao dch trn mng c s dng truyn tin mt, ngi ta c th thnh lp cc Public Directory (th mc kho cng khai), lu tr cc kho cng khai ca cc user. Th mc ny c t ti mt im cng cng trn mng sao cho ai cng c th truy nhp ti c ly kho cng khai ca ngi cn lin lc.
User (n,e)AliceBobCathy...
(85,23)(117,5)(4757,11)...
Mt s ng dng c bn (ca cc h thng mt m kha cng khai ni chung)a. Bo mt trong truyn tin (Confidentiality)
A s gi cho B. B d dng gii m bng kha b mt zBb. Chng thc+ Alice k ln tin cn gi bng cch m ho vi kho b mt ca c ta v gi
cho Bob
+ Khi Bob mun kim tra tnh tin cy ca tin nhn c, anh ta ch vic tnh v kim tra nu X = X th xc thc c tnh tin cy
(authenticity) ca X.Ch 1: Trong qu trnh ny c vic kim tra (i) tnh ton vn ca thng bo v vic (ii) xc thc danh tnh ca ngi gi c thc hin cng mt lc. Ta c (i) l v ch cn mt bit ca tin m b thay i th s lp tc b pht hin ngay do ch k khng khp. Ngoi ra c (ii) v khng ai c th to ra c thng bo ngoi Alice, ngi duy nht bit zA.Ch 2: Alice c th k vo gi tr bm (hash) ca X thay v k thng ln X. Khi ton b m m Alice s chuyn cho Bob l . H l mt hm bm cng khai.Phng php ny l hiu qu hn do tit kim (hm bm lun cho ra mt xu di c nh v thng thng ngn hn rt nhiu so vi xu u vo).c. Kt hp tnh mt v tin cy.Chng ta c th lm nh sau kt hp c hai kh nng a v b nh trn.A gi cho BB phc hi X nh sau: c bng chng nhm i ph vi vic Alice c th sau ny ph nhn gi thng bo (non-repudiation) th Bob phi lu gi
Mt s vn xung quanh thut ton RSAVn chn p v q:
+ p v q phi l nhng s nguyn t ln, t nht l c 100 ch s.
)(XEBZ
)(XDAz
))(,(),( XDXSXAz
))(()(' XDEXEXAAA zZZ
)))((,( XHDXAz
))(( XDEYAB zZ
))))(((())(( XDEDEYDEX
ABBABA zZzZzZ
)(XDAz
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 10 -
+ p v q phi ln c xp x nhau ( v di cng 100 ch s chng hn).Bi tp: Ti sao li c iu kin th 2?
Mt vi con s v tc thut ton trong ci t:
So snh vi DES th RSA:+ C tc chm hn rt nhiu. Thng th, RSA chm t nht l 100 ln khi ci t bng phn mm, v c th chm hn t 1000 n 10,000 ln khi ci t bng phn cng (cn ty cch ci t)+ Kch thc ca kho mt ln hn rt nhiu.Nu nh p v q cn biu din c 300 bits th n cn 600 bits. Php nng ln lu tha l kh chm so vi n ln, c bit l nu s dng phn mm (chng trnh). Ngi ta thy rng thc hin mt php nhn c m + 7 nhp Clock khi kch thc n l m bit.V bi ton phn tch ra tha s nguyn t
Gii thut tt nht vn l phng php sng s. Mt c lng v thi gian thc hin ca gii thut l:
L(n) Trong log2n cho s bit s bit cn biu din n, s cn phn tch ra tha s nguyn t. T rt ra, nu tng n ln thm 50 bit (qung 15 ch s thp phn) th thi gian lm phn tch ra tha s nguyn t tng ln 10 ln.
Vo nhng nm cui ca th k 20, ngi ta c lng thy, vi n=200, L(n) 55 ngn nm. i vi kh nng thc hin bng x l song song, mt trong cc kt qu tt nht v phn tch TSNT vi s ln cho bit phn tch mt s c 129 ch s, phn b tnh ton trn ton mng Internet v mt trn 3 thng.
Nh nu, nhng s nguyn kh phn tch tha s nht l nhng hp s l tch ca 2 s nguyn t c ln xp x nhau (v vy cc s nguyn t p v q thng c chn nh vy trong RSA). T in Bch khoa m, Wikipedia trn Internet, cho bit s nguyn c dng nh vy ln nht cho n nay m c phn tch tha s thnh cng, k hiu l RSA-768, c 768 bit hay 232 ch s thp phn. N c phn tch thnh cng vo ngy 12/12/2009 nh s cng tc ca nhiu c s nghin cu hin i trong vng 2 nm tri. Lng tnh ton thc hin trn nguyn l x l song song c so snh tng ng vi 2000 nm chy lin tc ca mt cu hnh x l 2.2 GHz AMD Opteron
RSA-768 = 12301866845301177551304949583849627207728535695953347921973224521517264005
07263657518745202199786469389956474942774063845925192557326303453731548268
50791702612214291346167042921431160222124047927473779408066535141959745985
6902143413
RSA-768 = 33478071698956898786044169848212690817704794983713768568912431388982883793
878002287614711652531743087737814467999489
n2log50
17.9
10
Nguyn Khanh Vn & Trn c Khnh
Mt m v An ton Thng tin HBKHN-2012
Chng III - 11 -
36746043666799590428244633799627952632279158164343087642676032283815739666
511279233373417143396810270092798736308917
Vn i tm s nguyn t ln:
Mt thut ton to ra tt c cc s nguyn t l khng tn ti, tuy nhin c nhng thut ton kh hiu qu kim tra xem mt s cho trc c phi l nguyn t hay khng (bi ton kim tra tnh nguyn t). Thc t, vic tm cc s nguyn t ln cho RSA l mt vng lp nh sau:1. Chn mt s ngu nhin p nm trong mt khong c ln yu cu (tnh theo bit)2. Kim tra tnh nguyn t ca p, nu l nguyn t th dng li, nu khng th quay li bc 1.
Nhng thut ton tt nh kim tra tnh nguyn t l kh tn thi gian v i hi c thc hin trn my tnh c tc cao. Tuy nhin ngi ta cng cn s dng cc thut tonxc sut, c kh nng on rt nhanh xem mt s c phi nguyn t khng. Cc thut ton xc sut ny khng a ra quyt nh ng tuyt i, nhng cng gn nh tuyt i; tc l xc sut bo sai c th lm nh ty , ch ph thuc vo thi gian b ra.
Xt v d mt thut ton xc sut, da trn phng php sau y ca Lehmann.Phng php Lehmann: Gi s n l mt s l, vi mi s nguyn a ta hy k hiu:
G(a,n) =
V d: Vi n=7, ta c 23=1, 33=6, 43=1, 53=6, 63=1; tc l G= 1,6.
Theo Lehmann, nu n l mt s l th