Khảo sát Mã dòng và ứng dụng - Stream Ciphers

TRNG I HC KHOA HC T NHIN KHOA CNG NGH THNG TIN B MN CNG NGH TRI THC NGUYN XUN HUY TRN QUC HUY KHO ST M DNG V NG DNG KHA LUN TT NGHIP C NHN CNTT TP. HCM, 2011 Trang 1 TRNG I HC KHOA HC T NHIN KHOA CNG NGH THNG TIN B MN CNG NGH TRI THC NGUYN XUN HUY 0712196 TRN QUC HUY 0712204 KHO ST M DNG V NG DNG KHA LUN TT NGHIP C NHN CNTT GIO VIN HNG DN PGS.TS. NGUYN NH THC KHA 2007 2011 Trang 2 NHN XT CA GIO VIN HNG DN TpHCM, ngy .. thng nm Gio vin hng dn Trang 3 NHN XT CA GIO VIN PHN BIN Kha lun p ng yu cu ca Kha lun c nhn CNTT. TpHCM, ngy .. thng nm Gio vin phn bin Trang 4 LI CM N ChngemxinchnthnhcmnBmnCngnghTrithccngnhKhoaCng ngh Thng tin, trng i hc Khoa hc T nhin to iu kin tt cho chng em thc hin ti kha lun tt nghip ny. Chng em xin chn thnh cm n thy Nguyn nh Thc tn tnh hng dn, ch bo v ng gp kin cho chng em trong sut qu trnh thc hin ti. ChngemxinchnthnhcmnquthyctrongKhoatntnhgingdyv trang b cho chng em nhng kin thc v knng qu bu trong nhng nm hc ti trng va qua. Chng con xin ni ln lng bit n su sc i vi ng B, Cha M chm sc, nui dng chng con thnh ngi. Xin chn thnh cm n cc anh ch v bn b ng h, gip v ng vin chng em trong sut thi gian hc tp v nghin cu. Mc d c gng hon thnh kha lun trong phm vi v kh nng cho php nhng chcchnskhngtrnhkhinhngthiust.Chngemknhmongnhncs cm thng v tn tnh ch bo ca qu thy c v cc bn. Sinh vin Nguyn Xun Huy Trn Quc Huy Thng 07/2011 Trang 5 MC LC Chng 1. M U ...................................................................................................... 15 1.1. L do cn n m dng hin nay ........................................................................ 16 1.2. Mc tiu ca ti .............................................................................................. 18 1.3. Yu cu ca ti ............................................................................................... 20 1.4. B cc lun vn ................................................................................................... 20 Chng 2. L THUYT M DNG ........................................................................... 23 2.1. So snh m dng vi m khi ............................................................................. 25 2.2. Phn loi m dng ............................................................................................... 27 2.3. Mt s kin trc m dng.................................................................................... 29 2.3.1. M dng ng b cng ................................................................................. 29 2.3.2. M dng t ng b cng ............................................................................ 30 2.3.3. M dng ng b khng cng ...................................................................... 31 2.3.4. Phng php m dng s dng m khi ...................................................... 33 2.3.5. M phn phi hp tc ................................................................................... 36 2.4. Cc loi Generator ............................................................................................... 40 2.4.1. My trng thi hu hn v b sinh dng kha ............................................. 41 2.4.2. B sinh da trn b m .............................................................................. 42 2.4.3. B sinh s hc .............................................................................................. 44 Trang 6 2.4.4. B sinh da trn thanh ghi dch chuyn ....................................................... 48 2.5. Trng hu hn ) ( p GFv) (mp GF............................................................... 57 2.5.1. Trng hu hn (trng Galois) .................................................................. 57 2.5.2. Cch biu din phn t trong trng hu hn ............................................. 59 2.5.3. Tnh ton trn trng hu hn ..................................................................... 61 2.6. Cc kha cnh mt m ca Sequence .................................................................. 64 2.6.1. phc tp tuyn tnh v a thc cc tiu ................................................. 64 2.6.2. Phn phi mu ca dng kha ..................................................................... 73 2.6.3. Hm tng quan ........................................................................................... 74 2.6.4. phc tp cu ........................................................................................... 77 2.7. Tnh an ton ca m hnh m dng ..................................................................... 81 2.7.1. Tnh an ton da trn kin trc m dng ..................................................... 82 2.7.2. Tnh an ton da trn cc kha cnh mt m ca dng kha ....................... 83 2.7.3. Tnh an ton da trn kin trc ca generator ............................................. 85 Chng 3. M DNG TRN MNG DI NG ........................................................ 98 3.1. Gii thiu v mng di ng ................................................................................. 99 3.1.1. Cc chun mng di ng .............................................................................. 99 3.1.2. Bo mt trn mng di ng ........................................................................ 100 3.2. M dng ZUC ................................................................................................... 101 Trang 7 3.2.1. Cu to ca ZUC ........................................................................................ 101 3.2.2. Cu to v hot ng ca LFSR ................................................................. 102 3.2.3. Ti cu trc dy bit ..................................................................................... 103 3.2.4. Hm phi tuyn F......................................................................................... 104 3.2.5. Hot ng ca ZUC ................................................................................... 106 3.3. ng dng ca ZUC ........................................................................................... 110 3.3.1. M ha 128-EEA3...................................................................................... 110 3.3.2. Chng thc 128-EIA3 ................................................................................ 112 3.4. Tiu ch thit k v tnh an ton ca ZUC ........................................................ 114 3.4.1. Tiu ch thit k LFSR ............................................................................... 114 3.4.2. Tiu ch thit k ca BR ............................................................................. 116 3.4.3. Thit k v tnh an ton ca hm phi tuyn F ............................................ 118 Chng 4. CHNG TRNH THC HIN .............................................................. 127 4.1. Gii thiu ........................................................................................................... 128 4.2. M hnh ng dng ............................................................................................. 129 4.2.1. Yu cu chc nng chng trnh ............................................................... 129 4.2.2. Phng php to keystream ....................................................................... 129 4.2.3. M hnh hot ng ca chng trnh ......................................................... 130 4.2.4. Giao din chng trnh v hng dn thc thi .......................................... 131 Trang 8 4.3. Kt qu thc nghim ......................................................................................... 134 4.4. Tng kt chng ............................................................................................... 135 KT LUN .................................................................................................................. 137 HNG PHT TRIN ............................................................................................... 139 TI LIU THAM KHO ............................................................................................ 140 Ph lc A. Mt s thuc tnh mt m khc ca hm Boolean ..................................... 145 A.1. Bc i s ca hm Boolean ............................................................................ 145 A.2. min i s ca hm Boolean ..................................................................... 148 Ph lc B. S-box trong AES ........................................................................................ 149 Ph lc C. Mt s khi nim khc ............................................................................... 150 C.1. Lng tin .......................................................................................................... 150 C.2. Cc tin ngu nhin Golomb ....................................................................... 151 Trang 9 DANH SCH HNH V Hnh 1. Logo ca t chc 3GPP. ................................................................................... 16 Hnh 2. S khc nhau gia m khi v m dng. .......................................................... 26 Hnh 3. M dng ng b cng. ..................................................................................... 28 Hnh 4. M dng t ng b cng. ................................................................................ 30 Hnh 5. Keystream Generator nh my trng thi hu hn t iu khin. ................... 41 Hnh 6. B m vi hm ra phi tuyn. ........................................................................... 43 Hnh 7. Mt s generator da trn b m. ................................................................... 43 Hnh 8. Mt m hnh ca loi thanh ghi Fibonacci. ...................................................... 49 Hnh 9.Mt m hnh ca loi thanh ghi Galois. .......................................................... 49 Hnh 10. M hnh generator s dng b trn knh. ...................................................... 50 Hnh 11. M hnh generator dng v chy. .............................................................. 51 Hnh12.Hotngcageneratorbclunphintrongtrnghpuraca thanh ghi iu khinl 1. .............................................................................................. 52 Hnh13.Hotngcageneratorbclunphintrongtrnghpuraca thanh ghi iu khinl 0. .............................................................................................. 52 Hnh 14. M hnh hot ng ca thanh ghi trong generator co. ................................... 53 Hnh 15. Generator kt hp phi tuyn. .......................................................................... 54 Hnh 16. M hnh ca Generator php cng. ................................................................ 55 Trang 10 Hnh 17. M hnh generator lc. .................................................................................... 56 Hnh 18. M hnh NLFSR Galois. .................................................................................. 56 Hnh 19. M hnh NLFSR Fibonacci. ............................................................................ 57 Hnh 20. LFSR tng qut th hin s quy. ................................................................ 65 Hnh 21. Kin trc tng qut ca ZUC. ....................................................................... 102 Hnh 22. Kin trc ca S-box S0. .................................................................................. 121 Hnh 23. M hnh hot ng ca ng dng Voice Chat ch cng khai. .............. 130 Hnh 24. M hnh hot ng ca ng dng Voice Chat ch ring t. ................. 131 Hnh 25. Giao din chng trnh SCVoiceChat-server.exe. ........................................ 132 Hnh 26. Giao din chng trnh SCVoiceChat-Client.exe ......................................... 133 Hnh 27. Biu so snh tc thc thi gia 128-EEA3 v AES. ............................. 135 Trang 11 DANH SCH BNG Bng 1. Cc phi tuyn ca cc hm cn bng. ......................................................... 90 Bng 2. Kho st s thay i ca cc hm nh phn thnh phn fj khi bit u vo th i b thay i i vi S-box trong AES. .............................................................................. 96 Bng 3. S-box S0. .......................................................................................................... 106 Bng 4. S-box S1. .......................................................................................................... 106 Bng 5. Bin i P1. ..................................................................................................... 121 Bng 6. Bin i P2. ..................................................................................................... 121 Bng 7. Bin i P3. ..................................................................................................... 121 Bng 8. Kho st s thay i ca cc hm nh phn thnh phn fj khi bit u vo th i b thay i i vi S-box S0 ca hm phi tuyn F. ....................................................... 122 Bng 9. Kho st s thay i ca cc hm nh phn thnh phn fj khi bit u vo th i b thay i i vi S-box S1 ca hm phi tuyn F. ....................................................... 124 Bng 10. So snh cc tnh cht ca S-box trong AES v hai S-box S0 v S1 trong hm phi tuyn F. ................................................................................................................... 125 Bng 11. So snh tc thc thi gia gii thut 128-EEA3 v gii thut AES. ......... 134 Trang 12 THUT NG, VIT TT V K HIU GSMH thng thng tin di ng ton cu 3GPPHip hi d n i tc th h th 3 DACASTrung tm nghin cu an ton tuyn thng v bo mt d liu ca Vin hn lm khoa hc Trung Quc UMTSH thng vin thng di ng ton cu AESChun m ha Advanced Encryption Standard DESChun m ha Data Encryption Standard CDM phn phi hp tc SGB sinh dy FSMMy trng thi hu hn GFTrng Galois (v d GF(2n)) NSGB sinh dy t nhin LFSRThanh ghi dch chuyn hi tip tuyn tnh ZUCPhng php m dng ZUC SACStrict Avalanche Criterion ANFDng chun i s ca hm Boolean S-boxBng thay th Php XOR lun l Trang 13 Php cng trong module 232 a || bPhp ni hai dy bit a v b aHLy 16 bit bn tri ca s nguyn a aL Ly 16 bit bn phi ca s nguyn a a 1Dch phi s a 1 bit (a1, a2,, an)(b1, b2,, bn) Php gn cc gi tr ai cho gi tr bi tng ng Trang 14 TM TT KHA LUN Vn nghin cu: Tmhiuvnghincucclthuytvmdng.Khostmdngtrnmngdi ng. Hin thc ha ng dng Voice Chat s dng m dng ZUC m bo tnh b mt d liu trn ng truyn, bn cnh tin hnh thc nghim chng minh tc ca m dng nhanh hn so vi m khi. Phn tch tnh an ton v thc nghim o c cc c tnh mt m quan trng ca m dng ZUC. Hng tip cn: Tm hiu cc khi nim cn bn v m dng. Xc nh v tin hnh xy dng chng trnh thc hin s dng m dng ZUC. Xc nh cc vn nghin cu c th ca m dng. Nghin cu cc nguyn l thit k m hnh m dng. Nghin cu cc l thuyt v ton hc lin quan n m dng. Nghin cu cc c tnhmtm quan trngnh hng n tnh an ton cam hnh m dng. Tm hiu mt s m dng trn mng di ng. Kho st chi tit m hnh m dng ZUC. Phn tch v thc nghim o c cc c tnh mt m quan trng m dng ZUC. ThcnghimsosnhtcgiamdngZUC(thngquathuttonmha128-EEA3) v m khi AES. Trang 15 Chng 1. M U Tm tt chng: Ni dung chng m u trnh by l do cn n m dng hin nay, mc tiu v yu cu ca lun vn. Tm tt ca tng chng s c trnh by trong phn b cc lun vn. Trang 16 1.1. L do cn n m dng hin nay Ngy nay vi s pht trin vt bt ca cng ngh thng tin v truyn thng em li rt nhiu nhng ng dng tin dng n vi ngi dng. Xu hng pht trin ca cng ngh hin i l trn mi trng mng, trong mng di ng ang v s c nhiu ha hn.Trongtnglaignnhmingdngucthalnchicinthoign nh.Vnbomtngynaykhngchcpbchtrongmnginternettoncu,m ngay c mng di ng cng rt cn c s quan tm. Nhu cu m bo b mt khi thc hin cc cuc gi, hay cc dch v thng qua mng di ng l iu m ngi dng rtquantm.iunycngcquantmhnkhicsxuthinthmhnglot nhng cng ngh mng di ng mi nh GPRS, 3G, EPS (LTE SAE), . Cc cng ngh ny u do t chc 3GPP cng b. Di y l Logo ca t chc 3GPP, c ly t trang web ca t chc (http://www.3gpp.org): Hnh 1. Logo ca t chc 3GPP. p ng cc nhu cu bo mt trn mng di ng th cc cng ngh di ng u phi p dng cc k thut m ha ph hp. Trong tt c cc k thut m ha, m dng (stream cipher) l thch hp p dng trong mng di ng. y l mt k thut mhathucloimixng(symmetriccryptography).Vicbomtbngcch dngmdngtrongGSMcnhngmcchnh:mhambobmtdliu, chng thc, m bo tnh ton vn [2]. C hai loi m i xng l: m khi (block Trang 17 cipher) v m dng (stream cipher). Trong nh ta bit, m khi s lm vic bng cch chia khi d liu cn m ha ban u thnh nhng khi d liu nht nh, ngha l phibittrckchthccngnhbnthnkhidliu.Ccdliuclu thng trn mng di ng in hnh nht l d liu ca mt cuc gi dng nh khng c bit trc kch thc, hay cn gi l d liu c sinh ra v bin thin theo thi gian (time-varying). Do yu cu x l tn hiu bin thin theo thi gian ny ca mng di ng nn i hi k thut m ha p dng cng phi tha mn c ch ny. M dng hotngvibinicanbinthintheothigiantrnnhngkhibnr (plaintext) ring bit [1], cc phn sau ca lun vn s lm sng t chi tit v kh nng p ng c ccyu cu ca m dng trnmng di ng. l l do cho thy tm quan trng ca vic ng dng m dng trong vn bo mt mng di ng. Nhnvqukh,tathyknguyncamdngthcslvonhngnm 1960.Vothigian,rtnhiutchcsdngnmdngnh:nhngnhucu ca qun i v ngoigiao, cc t chc ginip, cc t chc cung cp dch v vin thng,ccdoanhnghip,Nhngthitbmhaintbndnbtuxut hin. Do cc thit b ny c b nh vi dung lng rt thp nn m dng tr nn ph bin hn m khi. Tuy nhin ngy nay vi s pht trin cng ngh trn cc thit b, cc vnkhngcnltrngi,nnmkhilichimuthhn.Bngchngl ngay c trn nn tng GSM, th h th 3 m khi Kasumi thay th m dng A5/x th h th 2. Trn cng ngh Wi-Fi, phin bn IEEE 802.11a/b cn ang s dng m dng RC4, nhng sang phin bn IEEE 802.11i th c thay th bi m khi AES [6]. Nhngkhngvvymmdnglikhngthphttrinc.HithoThe State of the Art of Stream Ciphers (SASC), mt hi tho chuyn v m dng c t chcbiECRYPT(http://www.ecrypt.eu.org),vnangcthuht.ngSteve Babbage (cng tc ti Vodafone Group R&D) c cp, m dng rt hu dng v tc Trang 18 rt nhanh, c hiu lc v nh gn i vi nhng thit b b hn ch nh: nhng thitbcngunnnglng(pin)thpnhtrongRFID;haynhSmartcards(8-bit processors)[7].Trongbibocamnh([6]),AdiShamir(mttrongnhngngi pht minh ra RSA) c cp, ng dng mt m ca RFID c nghin cu rng ri HnQuc,ngchorngnslmtcngnghrtquantrngvthnhcngtrong thp k ti. V ng cng mong i rng cc ng dng trn RFID ny s dng m dng nhiu hn l m khi. Cui cng ng cn nhn xt rng, tnh trng kin thc v s t tin ca chng ta v m dng cnyu. Ngha l chng ta hon ton c th tin tng vo mt tng lai ca vic ng dng m dng. CcthuttonbomttrongmngGSMxutphttbathuttonmhal A3, A5 v A8. GSM s dng mt s thut ton c nh A5/1, A5/2 v A5/3 cho vic bomt.Tuynhinchngcthbbbimtvicctncng[3].Ngycngc thmccthhmicamngdidng,nhthhminhtlcngnghEPS,mt cngnghminhtangcdnhphttrinlnthnhthh4G.Bivyhin nay c nhng bn tho v cc thut ton bo mt mi ng dng vo cc cng ngh mi ny, in hnh l cc bn tho nhng thut ton ca t chc 3GPP nh 128-EEA3 v 128-EIA3 cho cng tc bo mt trn cng ngh EPS [2]. M dng thch hp cho vic hin thc ha bng phn mm hay phn cng. N rt thch hp ci t trc tip trn cc thit b phn cng c cu hnh thp. Nn n c th c hin thc ha trn cc my in thoi di ng. 1.2. Mc tiu ca ti Vi vic hiu c nhu cu cn thit ca m dng, chng ti tin hnh xy dng chng trnh th nghim s dng m dng da vo m ngun m c, t nhn din ra cc vn nghin cu lin quan. Trang 19 M dng l mt ch nghin cu rng, y thch thc, v ang c cc nh nghin cumquan tmv kh nng ng dng quan trng ca n trnmng di ng ton cu. C s l thuyt ca m dng c lin quan vi L thuyt s [4] v l thuyt v Trng(cthltrngGaloishayGaloa),nnchcchnntndngcnhng phng php v lp lun mnh ca cc lnh vc ton hc ny. y l mt im y th thchnhngcngrtthvivichngtikhinghincuvtiny.Vimt mongmun lmsngt nhng chn l ca c s l thuytm dng, chng timnh dnutcngscisutmhiunhngcslthuytmdngy.Phnu calunvnnytrnhbynhngcslthuytvccnguynlthitkccm hnh ca m dng. Ccthuttonmdngthcchtcchiathnhhaithnhphntrongkin trccan.Mtthnhphnlqutrnhlmviccabsinhdngkha(keystream generator), v phn th hai nhn cc keystream c sinh ra bi b sinh dng kha ny tin hnh cng vic m ha (hay chng thc, m bo tnh ton vn) ca mnh. i vi cc thut ton m dng, phn th hai ny c th ch n gin l thc hin nhim v XORdngkhavbnrtothnhbnm.Dotmquantrngcaccthut ton m dng tp trung ch yu vo cc generator [4]. Lun vni su phn tch kin trc v c ch hot ng ca cc generator khc nhau. i vi mt thut ton/m hnh mt m ni chung hay m dng ni ring, tnh antonlyutquantrnghngu.Dolunvnsisuphntchcckha cnh mt m lin quan n tnh an ton ca m hnh m dng. Lun vn tm hiu mt s m hnh m dng ng dng trong mng di ng. Trong bao gm c cc thut ton cha c cng b chnh thc ng dng trong mng di ng cho nhng cng ngh mi, m mi ch l nhng bn tho. in hnh l m dng ZUC [31]doDACAS(Trungtmnghincuantontuynthngvbomtdliuca Trang 20 Vin hn lm khoa hc Trung Quc) thit k, lun vn s i su phn tch m hnh m dng ny. 1.3. Yu cu ca ti Nghin cu cc c s l thuyt ca m dng. Phntch,nmrkintrcvnguynlhotngcaccthuttonmdngv generator tng ng. Tm hiu cc m hnh m dng c ng dng trong mng di ng. Kho st chi tit m hnh m dng ZUC. Hin thc chng trnh minh ha. Thc nghim, o c cc tnh cht mt m quan trng ca m hnh m dng ZUC. 1.4. B cc lun vn Ni dung ca lun vn c trnh by gm: Chng 1. M U trnh by l do cn n m dng hin nay trong thc t, mc tiu thc hin ti m dng, ng thi xc nh c cc yu cu t ra ca lun vn. Chng2.LTHUYTMDNGtrnhbyvhthnghacckinthccn bn ca m dng, ng thi so snh s khc nhau gia m dng v m khi, nu ra cc loikintrcmdng,ccloibsinhdngkha;giithiulilthuytvtrng huhn(trngGalois)ngvaitrcstonhcquantrnghiurcckhi nim lin quan nm dngnh: dng khac sinh ra bi b sinh, LFSR, S-box; trnh by cc kha cnh mt m ca dng kha: phc tp tuyn tnh v a thc cc tiu,phnphimu,hmtngquan,phctpcu;saucngltrnhbyvh thngphnrtquantrng,ltnhantoncamhnhmdngvicctng: Trang 21 tnh an ton da vo kin trc m dng, tnh an ton da vo cc kha cnh mt m ca dng kha, c bit l tnh an ton da vo kin trc ca b sinh s i su phn tch v khostccctnhmtmquantrngcahmBooleanvS-boxnhhngn tnhantoncabsinhnh:tnhphituyn(nonlinearity)vtiuchunSAC(Strict Avalanche Criterion) ca hm Boolean, tnh ng nht sai phn ca S-box. Chng3.MDNGTRNMNGDINGtrnhbygiithiuvmngdi ng v cc thut ton bo mt c trn mng di ng; trnh by li m hnh m dng ZUC v cc ng dng ca n trong hai thut ton bo mt l: thut ton m ha 128-EEA3 v thut ton chng thc thng ip 128-EIA3; trnh by cc tiu ch thit k cc lp (layer) trong cu to ca ZUC, c bit i su phn tch v thc nghim o c kim tra cc c tnh mt m quan trng ca hai S-box S0 v S1 trong hm phi tuyn F l: tnh phi tuyn ca S-box, tnh ng nht sai phn ca S-box, tiu chun SAC v tnh cn bng (balance) ca cc hm thnh phn ca S-box. Chng4.CHNGTRNHTHCHINtrnhbyktquvngdngth nghimVoiceChat,chinthcthngquathuttonmha128-EEA3dng generatorZUCmbobmtdliutrnngtruyngianhngngithc hincuchithoivinhau;trnhbymhnhcangdngviccyucuchc nng v m hnh hot ng; thc nghim so snh tc gia 128-EEA3 v AES; tng kt cc kt qu t c v cha t c ca chng trnh thc hin. Ph lc A trnh by mt s c tnh mt m khc ca hm Boolean v ca S-box nh hng n tnh an ton ca b sinh l bc i s (algebraic degree) v min i s (algebraic immunity). Ph lc B trnh by li cu trc v s an ton ca S-box trong thut ton m khi AES. Trang 22 PhlcCtrnhbymtskhinimkhcnh:lngtin,cctinngunhin Golomb. Trang 23 Chng 2. L THUYT M DNG Tm tt chng:Chng2hthnghavkhostcclthuytlinquannmdng.Ni dung chng ny trnh by cc vn chnh sau: oTrnh by tm tt m dng v so snh s khc nhau gia m dng v m khi. oTrnh by cc loi mdng: m dng ng b v m dng t ngb; trnhbyvphntchtnhchtcacckintrcmdng:mdng ng b cng, m dng t ng b cng, m dng ng b khng cng, phng php m dng s dng m khi, m phn phi hp tc; trnh by cc loi b sinh c th c dng trong m hnh m dng. oGii thiu li cc kin thc cn thit v trng hu hn (trng Galois), ngvaitrnntnghiurcckhinimlinquannmdng nh: dng kha c sinh ra bi b sinh, LFSR, S-box. oTrnhbyvhthngcckhacnhmtmcadngkhacsinh ra:phctptuyntnhvathccctiu,phnphimu,hm tng quan, phc tp cu. oH thng v phn tch cc vn lin quan n tnh an ton ca m hnh m dng, vi 3 tng l: tnh an ton da trn kin trc m dng, tnh an ton da trn cc kha cnh mt m ca dng kha, tnh an ton da trn kin trc ca b sinh. tng v tnh an ton da trn kin trc ca b sinh c kho st v phn tch k lng v cc c tnh mt m quan Trang 24 trng ca hm Boolean v S-box nh hng n tnh an ton ca b sinh nh:tnhphituyn(nonlinearity)vtiuchunSAC(StrictAvalanche Criterion) ca hm Boolean, tnh ng nht sai phn ca S-box. Trang 25 2.1. So snh m dng vi m khi Mhaixngcchialmhailoil:mkhi(blockciphers)vmdng (stream ciphers). i vi m khi, khi m ha, d liu ban u c chia thnh cc khi (block) thng c kch thc bng nhau, v kch thc ny s ty thuc vo thut ton m ha c dng nh DES, 3DES, AES, RC2,. Nu p dng DES th cc khi d liu phi c kch thc l 64 bits, cn nu p dng AES th kch thc ny phi l 128 bits. M khicnnmtkhaktrongsutqutrnhmha,khanycngtythucvo thut ton m ha p dng nh trn. Trong thc t khi p dng m khi th d liu ban u phi bit trc v kch thc. Ngha l p dng m khi cho d liu bit trc cth.Saukhidliubanucchiarathnhcckhickchthcnhtnh, qu trnh m ha s s dng n mt trong cc kiu hot ng (mode of operation) tothnhbnmtngngchodliubanu.CcmodeofoperationsnhECB, CBC, CFB, OFB, CTR. Trang 26 Hnh 2. S khc nhau gia m khi v m dng. i vi m dng, trong thc t khi c p dng th d liu thng dng bin thin theo thi gian. Ngha l khng bit trc c d liu ban u. Mi phn ca d liuhintiscmhacngvimtkhazjtngng,) , 0 [ e j .Cczjto thnhmtdng kha (keystream),mi zj c gi lmt keyword.Hmm ha n ginnhttrongthctcthchnginlmtphpXORgiaccbitsbnrv keystreamtngng.Chnhxchnlmikt(character)cabnrXORvizj.M hnh m dng s dng mt kha k ban u sinh ra cc zj. Thc th m nhim chcnngsinhdngkhanycgilbsinhdngkha(keystreamgenerator). Ta c th biu th keystream l...2 1 0z z z z =[4]. Mt m hnh m dng c tnh tun hon (c chu k - periodic) nu keystream lp li sau d k t vi d l gi tr c th [4]. Ngha l s gi tr cc keyword zj l hu hn (d gi tr) mc d chui keystream l v hn trong trng hp tng qut. Hay ta c mt nh ngha tng qut ca m dng: Trang 27 nhnghamdng[16]:ChoKlmtkhnggiankhacamthmvcho K k k e 2 1lmtdngkha.Hmnycgilmtmdngnuvicmha trn chui bn r 2 1m mthu c bng cch p dng lp i lp li ca php m ha trn nhng n v thng ip bn r, j j kc m Ej= ) ( , v nu dj l nghch o ca kj, vic giimxyranh j j dm c Dj= ) ( vi1 > j .NutntimtgitrN l e saocho j l jk k =+ vi miN j e , ta gi m dng tun hon vi chu k l. 2.2. Phn loi m dng Vcnbnmtthuttonmdngthucvmttronghailoi:mdngngb (synchronous cipher), v m dng t ng b (self-synchronous cipher) hay cn c tn gi khc l m dng bt ng b (asynchronous cipher). Tuy nhin, nhng ngi t d n eSTREAM cho mt nh ngha tng qut hn v m dng, h xem mt m dng nhmtthcthcmttrngthinitibinthintheothigian(time-varying internal state), v xem m dng ng b v m dng t ng b l hai trng hp c bit [10]. Trong m dng ng b, trng thi tip theo (next state) ca h thng m ha c m t c lp vi bn r v bn m. Trng thi (state) l gi tr ca mt tp hp cc bin mang li duy nht mt s m t cho trng thi ca thit b [1]. Ta hiu trng thinhlgitrcamtmngnhiuphnt.Thitbychiunhlmt thnh phn trong cu to ca b sinh dng kha (generator). N c th l mt thanh ghi (register) bao gm nhiu phn. Trang 28 Hnh 3. M dng ng b cng. Hnh trn din t quy tc m ha v gii m ca m hnh m dng ng b cng. Khi m ha, ln lt cc k t bn r c + (cng) vi keyword zi sinh ra k t bn m tng ng. Khi gii m th lm ngc li bng cch - (tr). + v - y ch mang ngha c trng cho qu trnh m ha v gii m. Chng c th ch n gin l php XOR chng hn. T hnh r rng ta thy qu trnh sinh keystream hon ton c lp vi bn r v bn m. Ngc li, i vi m dng t ng b, mi k t ca keystream c suy ra t mt s n c nh ca nhng k t bn m trc . V vy, nu mt k t bn m b mt hoc b h (thay i) trong qu trnh truyn d liu, li s b lan truyn cho n k t trong qu trnh gii m. Nhng n s t ng b li sau n k t bn m nhn c [4]. Chng hn ta kho st trong trng hp n = 1: Gi s ta c chui cc k t bn m C b thay i ti 1 jc . -Khidngmdngtngbtheocngthcmha: ) , ( ); (1 = =j j j z jc k f z m E cj.Suyracngthcgiim: ) , ( ); (1 = =j j j z jc k f z c D mj.Tathyhinnhin 1 jc bthayithktqu giim 1 jmb li (khngng nh ban u trc khim ha). Do 1 jcb thay i lm cho jzb sai, nn kt qu gii m jmb li. Trong khi , vic Trang 29 gii m 1 + jmli ph thuc vo jc(jckhng b thay i) nn kt qu gii m 1 + jm khngbli.Nhvychcnsaumtktbnm,qutrnhgii m t ng b. iu ny cng ng cho trng hp 1 jcb mt. -Cn khidngm dng ng b theo cng thc mha: j j jm z c = . Suy ra cng thc giim j j jc z m = . Trong trng hp 1 jcb thay i th d dngnhnthyqutrnhgiimchbliti 1 jm .Tuynhin,khi 1 jc b mt, lc chui cc k t bn m b tht li li mt k t. Ngha l jcng vai tr ca 1 jc , 1 + jcng vai tr ca jc ,. Ni cch khc, k t 1 jctr v sau tt c cc k t bn m u b li. Dn n qu trnh gii m tt c cc k t sau u b li. Nh trn ta gii thch v mt s khc nhau th v gia hai loi m dng. Ngoi ra, mdngtngbkhngctnhtunhonbivmiktkhazjphthucvo ton b cc k t bn r trc [4]. iu ny th ngc li i vi m dng ng b v thng thng n c tnh tun hon. 2.3. Mt s kin trc m dng Cnhiuphngphpmdngkhcnhau,thucvonhngloidi.cbitvi mt s phng php, ta thy c bng dng ca m khi trong vic ng dng vo m dng. 2.3.1. M dng ng b cng Nhcptrn,mdngngbcng(additivesynchronousstreamciphers) sinh dng kha c lp vi d liu bn r. Thut ton sinh dng kha phi c thc hinsaochodngkhacthctilpchoqutrnhgiim.Mdngngb cng nh theo Hnh 3 l mt loi m dng ng b quan trng. Trang 30 Nh phn 2.2. Phn loi m dng gii thch v s ng b ca loi kin trc m dngny.Cntnhcngtrongkintrcnycthhiuldophpcng/trgia dng kha v bn r/bn m, hay ch n gin l mt php XOR. Nhn xt: Vn chnh trong loi m dng ny l thit k b sinh dng kha. Bi v vic kt hp nhng k t bn r v bn m l rt n gin, i hi b sinh dng kha cho m dng ng b cng phi c mnh [4]. 2.3.2. M dng t ng b cng Hnh 4. M dng t ng b cng. Trong mt m dng t ng b, mi k t dng kha nhn c t mt s n c nh ca nhng k t bn m trc . Phn 2.2. Phn loi m dng cng gii thch v stngbcakintrcmdngny.Nhngmnhmkhatng(autokey ciphers)vhthngmhitip(cipherfeedbacksystems)lnhngvdcam dng t ng b cng (additive self-synchronous stream ciphers) [4]. Mtmkhatngckhanhnctdliubnrmnmha.Mtlp quan trng cc m dng t ng b cng khc, trong qu trnh m phn hi ti b sinh dng kha nh trong Hnh 4. Trang 31 Nhn xt: Nhng vn chnh lin quan n loi m dng ny l vic thit k b sinh dng kha v cch m k t bn m phn hi c dng trong b sinh dng kha. Loi m dng ny kh thit k v phn tch hn do lin quan n s phn hi [4]. 2.3.3. M dng ng b khng cng Chailoimkhivmdngcngucnhngimthunlivbtli.M dng ng b cng c im bt li ch, vi mt cp k t bn m-bn r s tit l ngayktkhadngtngngkhiktbnrcmha.iunycthto iukinchomtsloitncngphchikha(key-recoveringattacks)nhtn cng tng quan (correlation attacks) v tn cng ng (collision attacks), tn cng nglng-my(equivalent-machineattacks)nhmttncngdatrnthutton Berlekamp-Massey,tncngxpx-my(approximate-machineattacks)datrnxp x tuyn tnh. Mt im thun li ca n l kha dng bin thin theo thi gian (time-varying), m bo rng cng mt k t bn r thng cho ra nhng k t bn m khc nhau tng ng cc thi im khc nhau. iu ny thng che y mt s thuc tnh xcsutcabnr[4].Sdkintrcmdngnycgilmdngngb khngcng(nonadditivesynchronousstreamcipher)lbidonkhngcnlm dng ng b cng, m c nng cp t m dng ng b cng cng vi m khi to nn mt kin trc m dng an ton hn. Mkhicimbtlich,khacankhngthcthayithng xuyndovnqunlkha,chquycdngduynhtmtkha.Hnna,cng mt khi (block) bn r lun lun cho ra tngng cc khi bnm ging nhau nu mt kha c chn v c nh. iu ny c th to iu kin cho nhiu tn cng nh tncngsaiphn(differentialattacks)trnmtskhibnmthchhp.Mtim Trang 32 thun li ca n l c th pht hin s thay i ca bn r bi v bn r c m ha theo tng khi [4]. gicccuimcachailoimdngcngvmkhi,nhng cng trit tiu cc khuyt im ca c hai phng php, mt phng php m khi ng(dynamicblockcipheringapproach)scmtnhbndi.Viphng phpny,mtbsinhdngkhavmtthuttonmkhibittrcckthp vi nhau. Cc k t dng kha sinh ra bi b sinh dng kha c dng lm kha ng ca thut ton m khi cho mi khi bn r [4]. Cho mt thut ton m khi vi chiu di khi bn r l n, gi Ek(.) v Dk(.) l cc k hiutngngvihmmhavgiim,yklkha.dngthuttonm khi cho vicm hav giim ng,mtkha ngki cho thut ton c sinh ra bimtbsinhdy(sequencegenerator)SGl(1 1,..., , + + t ti ti tiz z z ),ytlmts nguyn dng, v zk hiu dy c sinh ra bi SG. Tham s t c th l 1 hoc mt hng s c nh khc. V vy cng thc m ha v gii m c th hin nh sau: ), (), (i k ii k ic D mm E cii== y,milkhibnr,ci lkhibnmlnthi.Bivkhakibinthintheo thi gian,nn phngphpm nylm khi ng haycn gi l phng phpm dng ng b khng cng. Kha ca h thng bao gm c b sinh dng kha SG [4], nghalbnthnbsinhdngkhacsdngtrongkintrcmdngny phi c giu kn. V d: Gi s ta xt trn thut ton m ha AES vi di kha l 128. Ta mun bin n tr thnh thut ton m ha khi ng hay m dng ng b khng cng, bng cch s dng mt generator sinh kha ng. Generator ny sinh dy bao gm cc keyword Trang 33 vikchthc32bit.Nhvykhang ik phibaogm4keyword,do) , , , (3 4 2 4 1 4 4 + + +=i i i i iz z z z k . Trong trng hp ny t = 4. Nhn xt: Trong kin trc m dng ny, thng khng nht thit phi c mt phc tp tuyn tnh (linear complexity) (xem phn: 2.6. Cc kha cnh mt m ca Sequences) ln i vidysinhracaSG.Nuhthngtheokintrcmdngngbkhngcng c thit k tt th phn ln nhng tn cng c bit i vi mdng cng v m khi khng p dng c cho h thng ny. tn cng n, ta cn n nhng phng thc mi [4]. Vicsdngnhngbsinhdynhanhvnhngthuttonmkhinhanhtrongh thng, s mang li tc cho m hnh m dng p dng kin trc ny. 2.3.4. Phng php m dng s dng m khi C mt s loi kiu hot ng (mode of operation) ca m khi. Ph bin l bn loi: ElectronicCodebook(ECB),CipherBlockChaining(CBC),CipherFeedback Chaining (CFB) v Output Feedback Chaining (OFB). Trong kiu ECB, qu trnh m (m ha, gii m) c p dng theo tng khi c lp. Cho M = M1 M2 Mt l bn r, sau khi m ha thu c kt qu theo [4]: ) (i k iM E C =vi i = 1, 2, , t V vy bn m tng ng l C = C1C2 Ct. S gii m c m t bi: ) (i k iC D M =vi i = 1, 2, , t, y) (x Dk l hm ngc ca) (x Ek. Kiu hot ng ny kh n iu v cng nhc. Trang 34 Trong kiu CBC, cc khi c kt li nhau vi mt gi tr khi to IV. Trong kiu ny tagisrngkhnggianbnrvbnmlngnht,vkhnggiankhi(block space)nylmtnhmAben(Abeliangroup)vitont+.Khibnmutin c xc nh nh [4]: ), (1 1IV M E Ck+ = yIV lmt gi tr khi to thuc khng gian khi. Cc khi bn m khc sau c tnh nh sau: ) (1 + =i i k iC M E Cvi i = 2, 3, , t gii m, khi bn r u tin thu c nh: , ) (1 1IV C D Mk = y l ton t ngc ca +. Nhng khi bn r khc sau c tnh nh: , ) (1 =i i k iC C D Mvi i = 2, 3, , t. Nu ta so snh cc cng thc m ca CBC trn vi cng thc m ca m dng tng qut Hnh 2, r rng c th xem kiu CBC lm cho m khi tr thnh m dng vi b nh ni ti (internal memory). B nh ni ti trong CBC y, c th hiu l mhaCiphicnnCi-1,vyphicnmtsnhlikhibnmmha ctrc,iunycnnmtbnh.ivimdngngbcng,b nh ni ti ny nm trong b sinh dng kha ca h thng, m mt v d in hnh l LFSR (xem Phn 2.4.4.1). LFSR chnh l thanh ghi (register) nu hin thc bng phn cng, n ng vai tr quan trng trong vic to ra dng kha [4]. Kiu CFB trong m khi cn c dng cho qu trnh thc hin m dng. Gi s rng tacmtmkhivikhnggiankhibnrvbnmlAn,y(A,+)lmt Trang 35 nhm Aben. Cho Ek(x) l hm m ha, rchopu(x) l k hiu hm c chc nng xa b u k t phi nht ca i s x, v lchopu(x) l k hiu hm c chc nng xa b u k t tri nht cai s x.Mt bin th ca kiuCFB cm t nhsau. Chn m l s nguyn nm gia 1 v n. M dng da trn m khi xt trn (Am, +), y ton t + trn Am l ton t m rng ca + trn A. V d: ), ,..., ( ) ,.., ( ) ,..., (1 1 1 1 m m m my x y x y y x x + + = + y mmA x x e ) ,..., (1 v mmA y y e ) ,..., (1. Chn mt gi tr khi to X1, vic m ha k t bn r th i (miA M e ) nh sau [4]: )), ( (i k m n i iX E rchop M C+ =, || ) (1 i i m iC X lchop X =+ y || l k hiu php ghp (hai chui d liu). Cn gii m nh sau: )), ( (i k m n i iX E rchop C M =. || ) (1 i i m iC X lchop X =+ Trongtrnghpny,kiuCFBcthchinnhmdng,cngcnn mt thanh ghi ni ti. Thanh ghi ni ti (internal register) ny c dng cp nht Xi nh theo cng thc i i m iC X lchop X || ) (1 =+. Cng thc ny l mt cng thc quy np, rrngvictnhgitrXi+1phidngngitrcaXi.DovygitrXinyphi c lu tr bc trc bi thanh ghi v c cp nht sau bi Xi+1. Kiu OFB trong m khi cng c dng cho qu trnh thc hin m dng. Nh trong kiu CFB, ban u mt m khi vi khng gian c bn r v bn m l An, y (A, +) l mt nhm Aben. M dng da trn m khi c m t nh sau. Khng gian bn r v bn m ca m dng l Am, y m c th c chn ty gia 1 v n. M dng c mt thanh ghi ni ti cp nht gi tr niA X e . Cho X1 l gi trkhi to ca thanh ghi. Vic m ha k t bn r th i (miA M e ) nh [4]: Trang 36 )), ( (i k m n i iX E rchop M C+ =), (1 i k iX E X =+ Gii m c nh ngha bi: )), ( (i k m n i iX E rchop C M =). (1 i k iX E X =+ D thy s khc nhau duy nht gia CFB v OFB l s cp nht ca thanh ghi ni ti. Trong bn kiu hot ng ca m khi nh trn, c ba kiu c th dng thc hinmdng.Nhvycrtnhiucchsdngmkhichomdng.Ngayc m dng ng b khng cng nh c cp phn trc cng da trn m khi. Kin trc m phn phi hp tc c trnh by ngay phn di y cng s dng n m khi. 2.3.5. M phn phi hp tc H thng m phn phi hp tc (cooperatively distributed (CD) cipher) hay cn gi l mCDcthitknhmmcchgicccuimcachailoimdng cng vm khi, nhng ng thi cng trit tiu cc khuyt imca c hai phng php trn [4]. H thng m phn phi hp tc gm c s thnh phn: s thut ton m khi cho trc,vikchthckhicattclnhnhau;thitbiukhinqutrnhm (m ha hay gii m) l mt b sinh dy vi b nh ni ti, k hiu l SG. SG sinh ra dy cc phn t trn tp}. 1 ,..., 1 , 0 { = s Zs Chok0,,ks-1lcckhatngngviccthuttonmkhichotrc; ) , ( ),..., , (1 1 0 0- - s sk E k E lcchmmhavicckhatngng; Trang 37 ) , ( ),..., , (1 1 0 0- - s sk D k Dl cc hm gii m vi cc kha tng ng. Cho ksg l kha ca b sinhdy,zi l k t sinh ra ca SG ti thi im i. mi thi im, ch duy nht mt trong cc thut ton m khi cho c dng n (cho c m ha ln gii m). Chng ta c cng thc m ha [4]: ). , (i z z im k E ci i= y mi v ci l khi bn r v bn m th i. Tng t, cng thc gii m c nh ngha bi: ). , (i z z ic k D mi i=Trong kin trc m CD ny, SG quyt nh hot ng ca mi thnh phn m khi, n quyt nh thnh phn m khi no s c dng cho vic m ha/gii m mt khi dliutimtthiim.CthctrnghpcchmmhaE0,,Es-1ging nhau, nhng khi cc kha k0, , ks-1 s phi khc nhau tng i mt [4]. Tnh an ton ca kin trc m dng ny c th c phn tch thng qua ng cnh b tn cng nh sau. u tin, ta xem xt tn cng trn m khi. Tt c cc tn cng trn m khi c thc hin di s gi nh rng kha c c nh v c duy nhtmtthuttonmha(giimtngng).Nhngtncngnhtncngsai phnvtncngtuyntnh.Cctncngnyukhngthpdngctih thng m CD ny vi cch n gin, nu chng ta c t nht hai thut ton m ha khc nhau hoc t nht hai kha khc nhau trn m khi trong h thng ny.Th hai phn lntrongscctncngtrnmdngpdngchoccbsinhdngkhacam dng cng. Nu h thng m CD c thit k ng n sao cho b sinh dng kha an ton trc cc tn cng, th nhng tn cng s khng hiu nghim. H thng m CD l mt qu trnh thc hin theo m dng, mc d n l mt s t hp ca m khi v m dng. Mt thng ip bn r thng tng ng vi cc bn Trang 38 m khc nhau ti cc thi im khc nhau. Mc ch ca s hp tc v phn phi l lm v hiu cc tn cng c bit trn c m khi v m dng cng [4]. Nu h thng c thit k ng n, ta c th to mt m CD rt mnh tmt smkhirtyuvmtbsinhdyyu.iunylichothysc mnhcas hp tc v phn phi. Nhng thnh phn v thit b iu khin trong h thng CD s c chn mt cch chu o. Di y chng ta xem xt h thng bao gm hai thnh phn m khi [4]. Cho K0 vK1 l cckhng gian kha ca haim khi tngng.Gi s rng mi kha c th thuc K0 hay K1. Cho) 1 Pr( ), 0 Pr(1 0= = = = z p z pv { } . 1 , 0 , ) , ( | ) , ( = = e = i c m k E K k c m ni i i i i Cho Pr(m, c) l xc sut sao cho c l mt khi bn m tng ng ca khi bn r m. Ta thy rng [4]: . 1 , 0 ,) , ()) , ( ; Pr(,) , ( ) , () , Pr(111000= = =+ =iKc m np c m i zKc m npKc m np c miii p dng cng thc Bayes ta c kt qu cc xc sut c iu kin sau: ) , ( ) , () , ()) , ( | 1 Pr(,) , ( ) , () , ()) , ( | 0 Pr(1 1 0 0 0 11 1 01 1 0 0 0 10 0 1c m n p K c m n p Kc m n p Kc m zc m n p K c m n p Kc m n p Kc m z+= =+= = Do,tachthcsaucholngtintrungbnh(averagemutualinformation) [5][40]: Trang 39 ) , ( ) , () , (log) , ( ) , () , () , ( ) , () , (log) , ( ) , () , ()) , ( ; (1 1 0 0 0 11 1 01 1 0 0 0 11 1 01 1 0 0 0 10 0 11 1 0 0 0 10 0 1c m n p K c m n p Kc m n p Kc m n p K c m n p Kc m n p Kc m n p K c m n p Kc m n p Kc m n p K c m n p Kc m n p Kc m z I++++ = cc tiu ha lng tin trung bnh ny th: 111000) , ( ) , (Kc m npKc m np =Ch rng: . 1) , ( ) , (1100= = e e C c C cKc m nKc m n Ko theo: .) , ( ) , (1111000 0pKc m npKc m np pC c C c= = = e e Suy ra p0 = p1 = v .) , ( ) , (1100Kc m nKc m n=Vi nhng phn tch trn, ta thu c nguyn tc thit k sau. Cho h thng m CD vi hai thnh phn m khi, cc tham s cn t cc gi tr nh sau [4]: 1.;210 ~ p2. 1100) , ( ) , (Kc m nKc m n~ , v nu mt trong) , (0c m nhay) , (1c m nbng 0, th gi tr cn li cng phi bng 0. Nhn xt: Trang 40 R rng mt m c an ton chng li cctn cng da vo duy nht bn m nu n can tonchng li cctn cng bit trcbnr.Chomt s cpkhi bn r-bn m, vic u tin ca mt nh thm m l c gng ly mt t thng tin v dng kha v sau c gng phc hi li kha ca SG hoc xy dng mt b sinh sinh ra kt qu ging nh vy, bng cch phn tch cc tham s) , (0c m nv) , (1c m nca hai m khi i vi cc cp bn r-bn m cho. Nu hai m khi khng c thit k tt, v nh thm m bit c0 ) , (0= c m n , th sau anh ta bit ngay l gi tr sinh ra ca b sinh l 1, ngha l m khi c chn l E1. Nu mt tn cng trn SG thnh cng, th sau n ch cn vic tn cng vo hai m khi theo mt cch thng thng. Nh vy ngha l ngha ca s hp tc b mt i. Nguyn tc thit k trn c dng lm v hiu loi tn cng chia tr ny. Mtkhc,SGscthitksaochodysinhracancccphnphimu (pattern distribution)(xemphn: 2.6.Cc kha cnhmt m caSequences) tt. Nu dy iu khin (dy kt qu sinh ra bi SG) l 11110000, th s hp tc hin nhin rt yu. Mt h thng CD c th c an ton hn so vi cc m khi. Nu SG c thit k tt, m CD c th tn dng c cc m khi yu [4]. 2.4. Cc loi Generator Nh tng cp, b sinh dng kha (generator) l mt thnh phn quan trng trong mt m hnh m dng. N c nhim v sinh ra dng kha p ng nhu cu m ha v gii m (cng nh m bo tnh ton vn, chng thc,) trong mt m hnh p dng m dng. Trong trng hp tng qut ta c th ni, kt qu ca b sinh dng kha l mt dy (sequence) hay mt dy gi ngu nhin (ngu nhin), hoc l cc s gi ngu nhin (pseudo-random numbers). Trang 41 C nhiu loi generator khc nhau vi cu to v nguyn l hot ng cho ra kt qu khc nhau. C nhiu generator c m hnh bi cc my trng thi hu hn (finite state machine FSM). Ta bt u vi vic cp ti cc my trng thi hu hn ny. 2.4.1. My trng thi hu hn v b sinh dng kha Cc my trng thi hu hn l nhng h thng quan trng cho vic m hnh ha cc thit b mt m. C nhng v d tiu biu v cc h thng m dng vi mt my trng thi hu hn c th c m hnh bi s kt hp ca cc thanh ghi dch chuyn (shift-register) [8]. Cc my trng thi hu hn l nhng i tng ton hc quan trng cho vicmhnhhaphncngint.Trongmtmdngngb,generatorkha chy(running-keygenerator)cthcxemikhinhmtmytrngthihu hn t iu khin (autonomous), nh c th hin Hnh 5. Hnh 5. Keystream Generator nh my trng thi hu hn t iu khin. Keystreamgeneratornhmtmytrngthihuhngmcmtbra(output alphabet)vmttptrngthi,cngvihaihmvmttrngthikhito.Hm trng thi tip (next state function) fs nh x trng thi hin ti Sj thnh mt trng thi miSj+1ttptrngthi,vhmra(outputfunction)f0nhxtrngthihintiSj Trang 42 thnhmtktrazjtbra.Khakcthcdngchohmtrngthitipv hm ra cng nh trng thi khi to [4]. Vn c bn ca vic thit k mt keystream generator l tm mt hm trng thi tip fs v mt hm ra f0, c m bo sinh ra mt kha chy ztha mn cc yu cumtmnhtnhnhphctptuyntnhlnvtnhnnhphctp tuyn tnh tt, t tng quan tt, phn phi mu u,(xem Phn 2.6) [4]. ccnhngyucutrn,nhngloimytrngthihuhnctrngc dng nh nhng generator kha chy. ng tic l l thuyt v my t ng iu khin chmtrngthiphituynkhngcphttrintt.Cnhiuloikeystream generator c xut. Mt s d thi hnh (implement), nhng tnh an ton ca chngkh iu khin. Mt s an ton chng li cc loi tn cng no , nhng li thi hnh tng i chm. Cc generator s hc (number-theoretic generator) v generator m (countergenerator)lnhnggeneratorinhnhcmhnhtccmytrngthi hu hn [4]. 2.4.2. B sinh da trn b m Bm(counter)lmytngnginnhtcmtchuk(period),mthng c ly l qn, y q l mt s dng. Mt b m chu k N m cc s 0, 1, , N 1 theo chu k. Dy kt qu (output sequence) ca b m c chu k ln, nhng thiu cc thuc tnh cyu cu khc. m, dy kt qu c th c dn ra thng qua mt bin i kt qu phi tuyn (nonlinear output transformation) [9]. Hay chnh l vic ngdngmthmphituyn(nonlinearfunction)chomtbmxydng keystream generator nh Hnh 6 [4]. Trang 43 Hnh 6. B m vi hm ra phi tuyn. Trong loi generator ny, kha c dng iu khin hm (logic). Cc gi tr khitocabmcthcxemnhmtphncakhahocnhmtgitr ngu nhin.Mt xut cbitc cho bi Diffie v Hellman l dngmt thnh phncnhcamtthuttonmkhinhlhmra(logic)chogeneratortrong Hnh 6 [4]. Hnh 7. Mt s generator da trn b m. Nu ta xem xt cc b m vi chu k N bt k, v dng mt hm xc nh f(x) t ZN vo mt nhm Aben G, ta c mt generator nh Hnh 7(b). Trong generator ny, kha k l mt trong cc s nguyn 0, 1, , N 1, v b m bt u chu k m ca n gi tr kha. Cc i s x ca f(x) l nhng gi tr nguyn lin tip c cung cp bi b m. Nh vy dy hay dng kha sinh ra trong G c cho bi [4]: ), mod ) (( N k i f zi+ =Trang 44 y phn d modulo N nhn gi tr nguyn t 0 ti N 1. C t im khc nhau gia hai generator trong Hnh 7. Trong generator Hnh 7(a),khahocmtphnkhacdngiukhinhmra,trongkhitrong generator Hnh 7(b) hm f(x) c xc nh v kha n gin l gi tr khi to ca thanh ghi (register). Generator Hnh 7(b) c gi l b sinh dy d nhin (natural sequence generator NSG), bi v mi dy tun hon (dy c chu k) c th thu c bigeneratornytheomtcchtnhin,vnhiukhacnhantoncagenerator ny c th c phn tch v iu khin. M dng ng b cng (additive synchronous streamcipher)datrnloigeneratornycgilmdngtnhincng (additive natural stream cipher) [4]. Nhn xt: Mt keystream generator c thit k khng ng n c th b b bi mt tn cng saiphnhocmtstncngkhc.Nugeneratorcthitkngn,NSGc th khng li tt c cc tn cng [4]. NSG l i tng m cc nh nghin cu m hay cp trong cc nghin cu m dng. 2.4.3. B sinh s hc Mt s h thng thc t sm nht c dng hot ng nh cc generator s gi ngunhin(pseudorandomnumbergenerator)hnlccgeneratordngkha (keystreamgenerator)[1].Ccsgingunhinccnnkhngchtrongmt m, m cn trong nhng m phng s hc cho cc phng thc Monte Carlo, ly mu, phntchshc,kimtrasaixtcachpmytnh,lptrnhmychibc(slot machine).Tuynhin,nhngngdngkhcnhauyucuccthuctnhngunhin caccskhcnhau.Chnghnnhngsngunhinchoccmphng(Monte Carlo) th khcso vicho ccmc chmtm [4]. Mt s generator thucvo loi nynh:generatorngdtuyntnh(congruentialgenerator),generator1/p, Trang 45 generatorlytha(powergenerator),generatordatrnphpm(generatorbased on the exponential operation) [4]. 2.4.3.1. Generator ng d tuyn tnh Mtgeneratorngdtuyntnh(LinearCongruentialGeneratorLCG)thng cdngsinhraccsngunhin,vstiptheoXi+1trongmtdyccsXi c nh ngha nh cch sau: , mod ) (1M b aX Xi i+ =+(2.4.3.1) y1 0 s s M Xi. Trong (a, b, M) l nhng tham s nh ngha generator v X0 lgitrkhiucady(cthchobbnsa,b,M,X0lkhacagenerator). Ccgeneratorngdtuyntnhcsdngrngritrongthctccphng thc Monte Carlo, nhng chng yu v mt mt m [4], vi nhng minh chng sau: R rng phng php ny khng c tnh an ton mt m nu mun M c bit.Trongtrnghpny,cthgiitmxnhvongdthc: M X X x X X mod ) ( ) (0 1 1 2 ; (Gi tr ca x chnh l a, t c th tnh c b). Sau phncnlicadycthctnhchnhxcbngcchdnghthc: M X x X X x Xi imod )) ( ( ) (0 1 1 + =+, [11]. Ngoi ra, mt vn t ra l khi a, b, M v X0 u khng c bit th phi tn cng nh th no. Cn phi c mt cch thc suy on tm cc gi tr ca dy. Ta c thut ton sau gii quyt vn ny: Thut ton Plumstead [12]: Gi s LCG c cho nh theo cng thc (2.4.3.1) vi a, b, M v X0 khng bit, v khng c thuc tnh no trong chng c gi nh g, ngoi ) , , max(0X b a M > . Thut ton s tm mt ng d thc:, mod ) (1M b X a Xi i+ =+ c th Trang 46 vi a v b khc nhng sinh ra dy tng t nh ng d thc ban u. Qu trnh suy on bao gm hai giai on nh sau. Cho i i iX X Y =+1. Giai on 1: Trong giai on ny, ta s tmavb nh sau: 1.Tm t nh nht sao cho) ,..., , gcd(1 0 tY Y Y d =v d chia ht Yt+1. 2.Vi mi i vit i s s 0 , tm ui sao cho: .0d Y utii i== 3.Gn =+=tii iY uda011 , v 0 1X a X b = . Giai on ny s cho, mod ) (1M b X a Xi i+ =+ vi tt c0 > i . Giai on 2: Trong giai on ny, ta bt u d on Xi+1 v nu cn thit c th thay imunM.KhimtdonXicthchin,gitrngthcsscsn sng cho thut ton suy on ( i chiu ng sai). Ban u, gn i = 0, = M v gi s X0 v X1 c bit trc (chng ta c th ti s dng cc s giai on trc). Lp cc bc sau: 1.Gn i = i + 1 v d on: . mod ) (1M b X a Xi i+ =+ 2.Nu Xi+1 khng ng, gn). , gcd(1 i iY Y a M M = Phn tch thut ton Plumstead: r rng mi bc trong c hai giai on c thc hin trong thi gian a thc theo ln ca M. Theo Plumstead, chng minh rng t trong Giai on 1 c gii hn bi (M t2log s , s d on sai c thc hin trong Trang 47 Giaion2cgiihnbiM2log 2 + .Vvythuttontiuviphctp ) (log2M Otrong trng hp xu nht [12]. Mt ln na vi nhng minh chng trn, ta c th kt lun: generator ng d tuyn tnh yu v mt mt m. 2.4.3.2. Cc generator s hc khc Generator 1/p: c khai trin hu t [4]: ... ... .11 2 1 0 +=j jd d d d dp Khaitrinnycthchintrongcsd.Tani(p,d)lccthamsnhngha generator, vkhi u lmt v trxc nhj ca s ngu nhin u tin. V d, cho dy ngu nhin xc nh bi cng thc: xn = dj+n vi. 0 > nGenerator ly tha: c nh ngha bi [4]: , mod1N x xdn n=+ trong(d,N)lccthamsnhnghageneratorvx0lgitrkhiu.Chai trng hp c bit ca generator ly tha, c hai u xy ra khi N = p1.p2 l tch ca haisnguyntlphnbit.Nudcchnsaocho1 )) ( , gcd( = N d | (dv) (N |nguyn t cng nhau), th nh x dx x l mt hon v trn ZN*, v generator ny cn c gi l generator RSA. y) (N |l phi hm Euler ca N. Nu ta chn d =2 vN = p1p2 vi p1 = p2= 3mod 4, th ygi lgenerator bnh phng (square generator) [4]. Generator s hc da trn php m: c cho bi [4]: Trang 48 , mod1N g xnxn=+ trong (g, N) l cc tham s nh ngha generator v x0 l gi tr khi u. Nhn xt cc b sinh s hc: cc b sinh ny c th thc hin kh chm khi mun M ln.Bngcchthayiccbsinhtrn,cththucmtsbsinhbitshc. Chng hn b sinh bit RSA hay b sinh bnh phng (Rabin) vi vic cho ra dy cc bitbnht(leastsignificantbitLSB).Ccbsinhbitshcnyctcnhanh hn hn [13]. 2.4.4. B sinh da trn thanh ghi dch chuyn Thanh ghi dch chuyn (shift register) thng c s dng to b sinh v hai l do c bn. u tin cc generater ny to ra cc dy ph hp vi tinh thn ca cc tin ngunhinGolomb(xemPhlc).ngthihotngcaccbsinhdatrn thanh ghi dch chuyn ph hp cho vic phn tch bng phng php i s hn. 2.4.4.1. Thanh ghi dch chuyn hi tip tuyn tnhTrongccthanhghidchchuynththanhghidchchuynhitiptuyntnh(linear feedback shift register LFSR) thng c p dng trong vic to cc generator hn v loi thanh ghi ny ph hp cho ci t cc x l c tc cao v c th c ci t trn phn cng ln phn mm. Ngoi ra n cn mang cc thuc tnh thng k tt. Thanh ghi ny c chia lm n (stage), mi c nh s t tri sang phi vi cc gi tr 0, 1, 2, , n-1. Mi u cha thng tin v thng tin ca tt c n trong thanh ghi c gi l mt trng thi (state). Trong generator, sau mt xung tn hiu thanh ghi s thay i trng thi ca n: thng tin ca stage i s chuyn sang stage i-1, thng tin ca stage 0 s c ly ra ngoi. Thng tin ca stage n-1 c to bng cch s dng cc php bin i tuyn tnh trn thng tin cc stage khc, cng vic ny gi l hi tip Trang 49 (feedback). Cn c vo cch thay i trng thi ngi ta phn ra lm hai loi thanh ghi khc nhau: thanh ghi Fibonacci v thanh ghi Galois. Hnh 8. Mt m hnh ca loi thanh ghi Fibonacci.

Hnh 9.Mt m hnh ca loi thanh ghi Galois. Do vic s dng cc bin i tuyn tnh nn cc b sinh da trn loi thanh ghi ny c th to ra cc chui c phc tp tuyn tnh d on. iu lm tng nguy c tn cng da trn phc tp tuyn tnh. Ngi ta phi tm cch s dng cc bin i phi tuyn ln cc b sinh. C hai hng tip cn vn ny nh sau. -Dng generator kt hp (combinication generator): dng nhiu thanh ghi v kt hp cc u ra ca cc thanh ghi ny bng mt hm phi tuyn. -Dnggeneratorlc(filtergenerator):chsdngmtthanhghivdngmt hm phi tuyn bin i trng thi ca thanh ghi thnh keystream. Trang 50 2.4.4.2. Generator kt hp 2.4.4.2.1. S dng b trn knh (Multiplexer) Btrnknhlthitbvtldngthunhncctnhiutmtngunuvo. Vic thu nhn tn hiu ny li chu s iu khin t mt ngun u vo khc. Generator c th s dng b trn knh theo cch kt hp hai thanh ghi li vi nhau. Sau mt xung thi gian, generator ly k bit t thanh ghi th nht v dng mt hm bin i k bit ny thnhmtstnhinn.Saugeneratorslynbittthanhghith2lm keystream. Hnh 10. M hnh generator s dng b trn knh. 2.4.4.2.2. iu khin tn hiu nh thi Saumtkhongthigiannhtnhthanhghisthayitrngthi.Tronggenerator s dng phng php iu khin tn hiu nh thi th mt thanh ghi s quyt nh sau khong thi gian mt thanh ghi khc c c quyn thay i trng thi khng. M hnhutincageneratorloinylgeneratordngvchy(stop-and-go generator) s dng hai thanh ghi. Khi thanh ghi th nht thay i trng thi nu u ra ca thanh ghi th nht l 1 th thanh ghi th hai s thay i trng thi, ngc li thanh Trang 51 ghi th hai skhng thayi vu ra thanh ghi th hai s gingvi u ra ca ln trc[23].Gunthercitinloigeneratornythnhloigeneratorbclun phin (alternating step generator). M hnhca Gunther s dng ba thanh ghi, thanh ghi th nht s quytnh vic thay i trng thi ca hai thanh ghi cn li. Saumt xung thi gian, nu u ra ca thanh ghi th nht l 0 th thanh ghi th hai s c thay i trng thi cn thanh ghi th ba khng thay i. Ngc li nu u ra ca thanh ghi th nht l 1 th ch thanh ghi th ba c thay i trng thi [24]. Mt hng ci tin khccageneratordngvchysdngktnidngthcnc(cascade connection) nhiu thanh ghi sp theo th t trong u ra ca thanh ghi pha trc s quyt nh vic thay i trng thi ca thanh ghi sau n. Hnh 11. M hnh generator dng v chy. Trang 52 Hnh 12. Hot ng ca generator bc lun phin trong trng hp u ra ca thanh ghi iu khinl 1. Hnh 13. Hot ng ca generator bc lun phin trong trng hp u ra ca thanh ghi iu khinl 0. 2.4.4.2.3. Generator co (shrinking generator) Mt trong nhng hng kt hp cc thanh ghi khc ca generator l phng php lm co u ra ca cc thanh ghi li. Phng php ny cng c xem l dng m rng ca phngphpiukhintnhiunhthi.Ngitachiageneratorsdngphng php ny lm hai loi: generator co v generator t co (self-shrinking generator). M hnhngincageneratorcogmhaithanhghi.Gingnhgeneratordngv Trang 53 chy nu bit u ra ca thanh ghi th nht l 1 th thanh ghi th hai cp nht trng thi bnhthng.Nhngnubitural0ththanhghithhaikhngthayivcng khng to ra bit u ra no. Khi , trong cung mt thi gian thanh ghi th hai s ra s lng bit thn mt thanh ghi bnh thng. Hnh 14. M hnh hot ng ca thanh ghi trong generator co. Trong m hnh generator t co thay v s dng mt thanh ghi lm tham s iu khinvmtthanhghilmurangitasgomhaichcnngnyvocngmt thanh ghi [25]. Cch ci t ny s tit kim khng gian phn cng trong khi s lng bit u ra ca generator cng khng thay i so vi cch s dng hai thanh ghi. 2.4.4.2.4. Generator kt hp phi tuyn Trang 54 Hnh 15. Generator kt hp phi tuyn. Keystream c sinh ra thng qua mt hm phi tuyn f ca cc kt qu sinh ra ca cc thnhphnLFSR.Generatornycgilgeneratorkthpphituyn(nonlinear combinationgenerator),vfcgilhmkthp(combiningfunction).Bcphi tuyn (nonlinear order) ca f l gi tr ln nht trong cc bc ca cc s hng xut hin trongbiudinisthngthngcan.Vd 5 4 3 1 5 4 3 2 5 4 3 2 11 ) , , , , ( x x x x x x x x x x x x x f = cbcphituynl4[18].Bcphi tuyn ca hm Boolean cn c tn gi khc l bc i s ca hm Boolean (xem thm Ph lc). Mt generator c th thuc loi ny l generator php cng (summation generator). Trongtinhcphpcnghaisnguyn(interger)sctrnhbindchtnh ton trn byte. i vi cc php ton m trnh bin dch thc hin , php chn s d l mt php bin i phi tuyn trn bit. Tnh cht ny c p dng to ra generator phpcng.Generatorphpcngdngnhiuthanhghi,uracathanhghisc a vo nh l cc s cng hng n v ca mt php cng. Mt thit b s c nhim v cng cc gi tr u ra, to v lu s d ng thi xut ra kt qu cng [26]. Trang 55 Hnh 16. M hnh ca Generator php cng. Hnh16dintmtmhnhgeneratorphpcngsinhradngkhatrntrng GF(2). 2.4.4.3. Generator lc phi tuyn Generator lc l loi generator s dng mt thanh ghi v mt hm phi tuyn f to ra keystream.Hmphituynfcuvotrngthicathanhghinhngthngthng hm ny ch dng mt s stage c nh trn thanh ghi. u ra ca hm f l mt bit hay mt dy bit lm keystream. Nh vy an ton ca generator lc s ph thuc vo tnh cht ca hm f. Loi generator ny cng c p dng trong cc phng php m ha da trn generator ZUC (xem Phn 3.2). Trang 56 Hnh 17. M hnh generator lc. 2.4.4.4. Thanh ghi dch chuyn hi tip phi tuyn Thanh ghi dch chuyn hi tip phi tuyn (nonlinear feedback shift register NLFSR) cng c cu trc ging nh LFSR: gm mt dy cc stage v thay i trng thi khi c tnhiunhthi.Nhngkhcbitchhmhitip(feedbackfunction)trong NLFSR l mt hm phi tuyn. V d vixi l thng tin cc stage i ca thanh ghi, hm hi tip trong LFSR s c dng tuyn tnh, v d: f(x)= x1 + x2 + x3 + x4. Trong khi vi NLFSR th hm hi tip s l mt hm phi tuyn, v d: f(x) = x1 x2 x3 + x4. Hnh 18. M hnh NLFSR Galois. Trang 57 Hnh 19. M hnh NLFSR Fibonacci. Dotnhchtbiniphituynnnthanhghiphituyncantonhnthanhghi tuyn tnh, cc generator s dng thanh ghi phi tuyn khng cn dng cc phng php phi tuyn ha nh kt hp cc thanh ghi hay lc thanh ghi. Nhng b li thanh ghi phi tuyn kh ci t hn v chy chm hn. Trong thc t ngi ta thng kt hp c 2 loi thanh ghi ny to generator, nh trong loi m dng Grain ngi ta s dng mt thanh ghi LFSR 80-bit v mt thanh ghi NLFSR 80-bit [27]. 2.5. Trng hu hn ) ( p GFv) (mp GFPhnnytrnhbylthuytcnbnvcctrnghuhn(finitefield)cnthit trongvicnhnghaccdy(sequence)cngnhkeystreamctobicc generator. Tht vy, bn cht ca dy m ta kho st c sinh ra bi generator l bao gmccphnt(element),mtphntcthlmtkeywordtrongdykeystream (keystreamsequence).Ccphntnycththucvmttronghaitrnghu hn) ( p GFhay) (mp GF . Phn ny c xem nh l mt c s ton hc ca m dng. 2.5.1. Trng hu hn (trng Galois) Trng vi mt s hu hn cc phn t c gi l trng hu hn, vi nh ngha: nh ngha 2.5.1 [14]: Mt trng hu hn} , , { - + Fgm c mt tp hu hn F, v hai php ton + v-tha mn cc tnh cht sau: Trang 58 1.F b a F b a F b a e - e + e , , ,2.a b b a a b b a F b a - = - + = + e , , ,3.) ( ) ( ), ( ) ( , , , c b a c b a c b a c b a F c b a - - = - - + + = + + e 4.c a b a c b a F c b a - + - = + - e ) ( , , ,5.a a a a a a F = - = - = + = + e - 1 1 , 0 0 , 1 , 06.F a F a e - e ) ( ,sao cho0 ) ( ) ( = + = + a a a a F a F a e - e = 1, 0sao cho11 1= - = - a a a aTrng hu hn cn c tn gi khc l trng Galois (Galois Field). S phn t trong mt trng Galois c th l mt s nguyn t hoc ly tha ca mt s nguyn t. Chng hn) 7 ( GF ,) 2 ( ) 8 (3GF GF =v) 2 (8GFc s phn t tngng l 7, 8 v 256lcctrngGalois,cn) 6 ( GF csphntl6khngphilmttrng Galois. T y tr i ta k hiu p l s nguyn t.) (mp GFl trng hu hn vi pm phnt,cncgi ltrngmrngca) ( p GF vpcgilcs (characteristic) [14][21]. Mt s nh ngha khc lin quan n trng hu hn) (mp GF : nhngha2.5.2[14]:Bccamttrnghuhnlsphnttrongtrnghu hn . nhngha2.5.3[14]:Choo lmtphntkhc0ca) (mp GF ,bccao ls nguyndngnhnht,khiuord(o ),saocho ) (ooordlphntnvca ) (mp GF . Trang 59 nhngha2.5.4[14]:Khi1 ) ( =mp ord o ,o cgilmtphntcbnca ) (mp GF . nh ngha 2.5.5 [14]: a thc vi cc h s ca n l cc phn t ca) (mp GFc gi l a thc trn) (mp GF . nh ngha 2.5.6 [14]: Mt a thc trn) (mp GFl a thc bt kh quy nu n khng thcphntchthnhnhntcaccathckhngtmthng(bc>0)trn trng tng t ( ) (mp GF ). Trong mt s ti liu ting Vit, a thc bt kh quy cn c tn gi khc l a thc nguyn t. 2.5.2. Cch biu din phn t trong trng hu hn biu din mt phn t trong trng Galois, c nhiu cch khc nhau nh: biu din ly tha (power representation), biu din c s thng thng (normal basis), biu din c s chun (standard basis) [14], . y l cc cch biu din cho trng) (mp GF , cn i vi trng GF(p) nh ta bit cc phn t ca n l tp hp {1, 2, , p 1}. Ngoi ra GF(p) cn c cch k hiu khc l Zp. oTrongcchbiudinlytha,tphpccphntca) (mp GF cthc biu din nh sau [14]: } ,... , , 1 , 0 {2 2 mpo o o yol mt phn t c bn ca) (mp GF . oTrong cch biu din c s thng thng, mi phn t c s c lin h n bt k mt phn t no trong cc phn t c s, bng cch p dng nh x ly Trang 60 tha bc plp i lp li, yp lcs (characteristic) ca trng, iu ni rng [14]: Cho) (mp GFl trng vi pm phn t, v|l mt phn t ca n, sao cho m phn t: } ,..., , , {1 2 mp p p| | | |c lp tuyn tnh. oCnbiudincschunlmtcchbiudintnhincaccphnt trng hu hn nh cc a thc trn mt trng nn, cn c gi l biu din a thc. nh ngha c th nh sau [14]: Cho) (mp GF e ol nghim ca mt a thc bt kh quy (irreducible polynomial) bc m trn) ( p GF . Chun hay c s a thc ca) (mp GFl: } ..., , 1 , 0 {1 mo oV vy trong biu din ny, mi phn t ca) (mp GFc biu din nh mt a thc 1122 1 0...+ + + +mmc c c c o o o trn) ( p GF .Trngnnyl) ( p GF .Nhvy cchbiudincschundatrnbiudinathcthngquamtathcbt kh quy. Mi a thc bt kh quy bc m trn) ( p GFnh ngha duy nht mt trng ) (mp GF .Phntiptheo(2.5.3)giphiurvaitrcaathcnytrongcchbiu din ny. (Trong cch biu din ny, ta c th khng cn quan tm n nghim c thocaathcbtkhquylg,mcthidinbngmtbinx.Dotacnc cchni,miphntca) (mp GF cbiudinnhmtathc 1122 1 0...+ + + +mmx c x c x c ctrn) ( p GF ). Trang 61 Do tnh n gin ca n, nn cch biu din c s chun c s dng rng ri [14]. V trong lun vn ny ch cp n p dng ca cch biu din ny cho cc dy c sinh ra bi generator. 2.5.3. Tnh ton trn trng hu hn Thng thng hai trng) ( p GFv) 2 (mGFhay c ng dng trong mt m, nn ta ch cc php tnh trn hai trng ny. y, lun vn ch cp cc php tnh cn bn trn trng) 2 (mGF . Cho hai phn t) 2 ( ,mGF B A e , vi biu din c s chun tng ng l ==10) (miiix a x Av ==10) (miiix b x Bthng qua) (x fl a thc bt kh quy trn GF(2) bc m. oPhp cng: = + 10) ( ) ( mod )) ( ) ( ( ) (miii ix b a x f x B x A x C . oPhp nhn: = = - =10) ( mod ) ( ) ( ) ( ) ( ) (miiix f x B x A x c x B x A x CoPhpnghcho:Tnh) ( mod1x f A.TacthuttonEuclidnhphnm rng [15]: Thut ton (tnh nghch o) Euclid nh phn m rng (Binary Extended Euclidean Algorithm - BEA) Input:0 ), 2 ( = e A GF Am Output:) ( mod1x f A Trang 62 1 : b 1, c0, u A, vf. 2 : while x divides u do 3 :u u/x. 4 :if x divides b then 5 : b b/x. 6 :else 7 : b (b+ f )/x. 8 :end if 9 : end while 10 : if u = 1 then 11 :return b 12 : end if 13 : if deg(v) < deg(u) then 14 :uv, b c. 15 : end if 16 : u u + v, b b+ c. 17 : goto step 2 Thut ton BEA cha hai ng thc bt bin l bA + df = u v cA + e f = v, vi d v e khng c tnh r rng (khng cn quan tm trong thut ton). Thut ton kt Trang 63 thc khi deg(u) = 0, vi trng hp u = 1 v do bA + df = 1, hay) (mod 1 f Ab . V th) ( mod1x f A b=[15]. Vd:Xttrntrng) 2 (8GF ,choathc 1 ) (5 6 8+ + + + = x x x x x f btkhquytrn GF(2),1 ) (3 7+ + + = x x x x A v1 ) (4+ = x x B lhaiphntthuc) 2 (8GF cbiu din di dng a thc thng qua) (x f . Ta tnh: Cng:x x x x x x x x x x B x A + + + = + + + + = +3 4 7 0 3 4 7) 1 1 ( ) ( ) (Nhn:x x x x x x xx x x x x x x f x x x x x B x A+ + = + + + ++ + + + + + = + + + + = -2 7 5 6 83 4 5 7 11 4 3 7) 1 mod(1 2 )) ( mod( ) 1 ( ) 1 ( ) ( ) ( Nghch o B(x): p dng thut ton BEA, ta s c c: 1 ) 1 ( ) 1 ( ) 1 (2 5 6 8 2 3 4 6 4= + + + + + + + + + + x x x x x x x x x x . Hay: )) ( mod( 1 ) 1 ( ) 1 (2 3 4 6 4x f x x x x x + + + + + . Suy ra: . 1 )) ( mod(2 3 4 6 1+ + + + =x x x x x f BNu xem trng) 2 (8GFl tp hp bao gm cc bytes. Ta c: A x A = =10001011 ) ( ,B x B = = 00010001 ) ( . Cngcngviccktqunhtrn,khithchinphpcng,nhn(haidy bits) v nghch o (ca B), ta s thu c: . 01011101, 10000110, 10011010 00010001 100010111== -= = +BB AB A Trang 64 2.6. Cc kha cnh mt m ca Sequence Cc kha cnh mt m (cryptographic aspect) ca dy (hay dng kha) l cc c tnh ca dy, l cc nhn t c th cn thit cho s an ton ca mt m dng no . i vi dy ca m dng ng b cng, c mt s o mt m v sc mnh cannh:phctptuyntnh(linearcomplexity),phctpcu(sphere complexity), phn phi mu (pattern distribution) v tnh t tng quan [4]. Sau y l cc kha cnh mt m ca dy trn trng hu hn. Ta ni mt dy trn mt trng ngha l tt c cc phn t ca dy thuc trng . 2.6.1. phc tp tuyn tnh v a thc cc tiu A. Khi nim chung v phc tp tuyn tnh v a thc cc tiu: Chomt a thc f(x) thuc GF(q)[x] (q nguyn t) c ton t a thc f(E) c nh ngha nh di. Nu mt dy trn trng hu hn GF(q), v) (x ftrn GF(q) c cho bi [4]: , ... ) (11 1 0+ + + =LLx c x c c x fta nh ngha: . ... ) (1 1 1 1 0 + + + + =L j L j j js c s c s c s E fCho sn khiumt dy 1 1 0 ns s s vi chiu din trn trng hu hn GF(q). Nu n l s hu hn, ta gi dy ldy hu hn. Ngc li ( = n ), ta gi dy ldy na v hn (semi-infinite sequence). Mt a thc] )[ ( ) ( x q GF x f ecl x f s )) ( deg(v 00 = cc gi l a thc c trng ca dy sn nu: 0 ) ( =js E fvi mi j vi. l j >Trang 65 Nu cc phng trnh trn ng cho l, th chng cng ng cho1 + l . V vy vi mi a thc c trng, tn ti mt gi tr nh nht) deg( f l >sao cho cc phng trnh trn ng. Ta gi l nh nht l di lin kt hi tip (associated recurrence length) ca) (x fcho dy. Ngoi ra a thc t trng c gi l a thc cc tiu (minimal polynomial)vdilinkthitipcgilphctptuyntnh(linear complexity) ca dy. phc tp tuyn tnh c k hiu l L(sn). Nhn xt (*): Nu mt dy na v hn sl tun hon, th a thc cc tiu ca n l duy nht vi iu kin10 = c . Nu dy sn tun hon c a thc cc tiu l f, ta lun c ) deg( ) ( f s Ln= . B. phc tp tuyn tnh v a thc cc tiu ca thanh ghi dch chuyn hi tip tuyn tnh (Linear Feedback Shift Register LFSR): Hnh 20. LFSR tng qut th hin s quy. TrongLFSRvichiudiLHnh8,cckhiangchasj-1,sj-2,,sj-L+1,sj-Ll nhngnvnhhayon(stage),vviminhpngh(clocktick)gitrca n v nh phi nht c xut ra, trong khi cc gi tr ca cc n v nh khc c dch chuynqua bnn v nh ngay bn phimt cch tun t [4]. Cc gi trkhi Trang 66 to s0, s1, , sL-1 ca L on trng vi L k s (digit hay keyword) xut ra u tin ca LFSR, cc k s xut ra cn li c tnh duy nht thng qua biu thc quy: = =Lii j i js c s1,. , 2 , 1 , + + = L L L jCcksxutravcchshitipc1,c2,,cLcchonmtrongcng mt trng, c th l mt trng hu hn GF(q) hoc mt trng v hn (nh trng s thc). LFSR c gi l khng suy bin khi01 = c [17]. nh l 2.6.1 [17]: Nu c mt s LFSR vi chiu di L sinh ra dy sN = s0, s1, , sN-1 nhng khng sinh ra c dy sN+1 = s0, s1, , sN-1, sN, th bt k LFSR c chiu di L sinh ra dy sN+1 lun tha mn: . 1 ' L N L + >athccctiucgilathchitipiviLFSR.Cchscinhtrong Hnh 8 l cc h s ca a thc: LLD c D c D c c D C + + + + =22 1 0) ( . a thc ny l a thc hi tip hay cn c gi l a thc kt ni ca LFSR. Ta cn vit) ( , D C Ll k hiu ca mt LFSR, vi chiu di L v a thc kt ni l C(D) [18]. Theo Nhn xt (*) trn,nnLFSRcduynhtmtathcktningitachoc0=1.Nn LLD c D c D c D C + + + + =22 11 ) ( . Nu] )[ ( ) ( D q GF D C e lmtathccbn(primitivepolynomial)vibcL,th ) ( , D C L cgilmtmaximum-lengthLFSR.athccbn) (D C lathc cctiucnghimlphntcbno ca) (Lq GF .Ktqucamtmaximum-lengthLFSRvitrngthikhitokhckhng(non-zero)cgilm-sequence. m-sequence tha mn cc tin ngu nhin Golomb (xem Ph lc) [18]. V d: Cho Trang 67 41 ) ( D D D C + + = lmtathccbntrnGF(2),LFSR 41 , 4 D D+ + lmt maximum-length LFSR. T dy kt qu ca LFSR ny lmt m-sequence vi chu k ti a c th l15 1 24= = N . Lurng,mtathccbncngngthilmtathcbtkhquy, nhng iu ngc li th khng ng. K hiu LN(s) l chiu di nh nht ca LFSR sinh ra dy sN. nh l 2.6.2 [17]: Nu c mt s LFSR vi chiu di LN(s), sinh ra dy sN = s0, s1, , sN-1vcdysN+1=s0,s1,,sN-1,sN,th) ( ) (1s L s LN N=+.Ngcli,nucmts LFSRvichiudiLN(s)sinhradysNnhngkhngsinhcdysN+1,th )]. ( 1 ), ( max[ ) (1s L N s L s LN N N + =+ nh l 2.6.2 lm c s thit lp thut ton Berlekamp-Massey [17] tm ra mt LFSR ngn nht vi chiu di Ln(s) sinh ra dy s0, s1, , sn-1. Cng theo Nhn xt (*), v do LFSR sinh ra dy tun hon nn) ( )) ( deg( ) ( s L D C s Lnn= = . iu ny c c ldobccaathcktnilunbngchiudicaLFSR.Tcthhiurng thuttonsauycngngthixcnhcphctptuyntnhcady 1 1 0, , , ns s s . Thut ton Berlekamp Massey Input: Dy sn = s0, s1, , sn-1 vi chiu di n. Output: LFSR ngn nht sinh ra sn vi phc tp tuyn tnh L(sn) (chiu di LFSR ngn nht) v a thc kt ni C(D). 1: Khi to: ) ( 1 D C ) ( 1 D B x 1Trang 68 L 0b 1 N 0 2: Nu N = n, dng. Ngc li, tnh: .1=+ =Lii N i Ns c s d 3: Nu d = 0,x x +1 , v i ti bc 6. 4: Nu0 = dv 2L > N ) ( ) ( ) (1D C D B D db D Cx x x +1 , v i ti bc 6. 5: Nu0 = dvN L s 2) ( ) ( D T D C ;[T(D) l bin tm ca C(D)] ) ( ) ( ) (1D C D B D db D Cx L L N +1) ( ) ( D B D T b d x 1 6:N N +1v quay v bc 2. Nu phc tp tuyn tnh ca mt dng kha l L, th ch cn mt dng kha concancchiuditnht2L(ngvaitrlInputcathuttonBerlekamp-Massey)lxcnhcLFSRvichiudiLsinhraydngkhaban Trang 69 u [18]. V vy, phc tp tuyn tnh ln l yu t mt m cn nhng khng ca cc dng kha i vi m dng cng. iu ny s c lm r khi ta gii thiu v phctpcu(spherecomplexity).TuynhinnhtacnitrongPhn2.3.3,i vi mt s m dng khng cng th phc tp tuyn tnh ln ca m dng khng phi l mt yu cu mt m cn thit. T nh l 2.6.2 v thut ton Berlekamp-Massey, ta c c nh l sau: nh l 2.6.3 [17]: Gi s thut ton Berlekamp-Massey c p dng vi dy sn = s0, s1,,sn-1vchoL,C(D),xvB(D)khiuccgitrkhithuttonktthc.Nu n L s 2 , th C(D) l a thc kt ni ca LFSR duy nht vi chiu di nh nht L sinh ra dy.Nun L > 2 ,thtpccathcltpccathcktnichottcLFSRvi chiu di nh nht L sinh ra dy. Mt vn na, theo Khi nim phn A th c a thc kt ni, cng nh dy sn u ang xt trn cng mt trng) (q GF . Nhng nu xt trng hp sn = s0, s1, , sn-1 l dy trn trng) (mq GF . phc tp tuyn tnh ca sn i vi trng conGF(q), k hiu) () (nq GFs L ,cnhnghalstnhinnhnhtLsaochotnticchs ) ( , , ,2 1q GF c c cL e tha: , 01 1= + + + L j L j js c s c s vi mi. n j L < sLc , theo cc nh nghin cu th phc tp tuyn tnh) () (nq GFs Ll s tng qut ha ca phc tp tuyn tnh thng thng. Bt ng thc sau hin nhin ng [4]: ). ( ) () (nq GFns L s L sTrang 70 (ta hiu phc tp tuyn tnh thng thng l khi c a thc kt ni, cng nh dy sn u ang xt trn cng trng) (q GF ) Kt qu thc nghim thut ton Berlekamp-Massey: Chng ti hin thc thut ton Berlekamp-Massey i vi dy nh phn (trn trng GF(2)) tnh phc tp tuyn tnh v tm ra LFSR sinh ra dynh phn c cho trc. Sau y l thut ton Berlekamp-Massey i vi dy nh phn [18]: Input: Mt dy nh phn sn = s0, s1, s2, , sn-1 vi chiu di n. Output:phctptuyntnhL( n L s s 0 )cadyvathchitipC(D)ca LFSR sinh ra dy. 1.Khi to:1 ) ( D C ,0 L ,1 m ,1 ) ( D B ,0 N . 2.While (N < n) do . 2 mod ) (1=+ Lii N i Ns c s dIf d = 1 then ) ( ) ( D C D T . ) ( ) ( ) (m ND D B D C D C + If2 / N L sthen L N L + 1 ,N m ,) ( ) ( D T D B . Trang 71 1 + N N . 3.Return L, C(D). V d cho dy nh phn A = 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0. Kt qu chy thut ton Berlekamp-Massey cho c phc tp tuyn tnh ca A l 9. Theo nh trn th ta c th ch dng mt dy con vi chiu di t nht l 2*9 = 18 tm ra c a thc hi tip C(D) ca LFSR sinh ra A. Ta th kim chng. y ta dng mt dy con bt k c chiu di 18, chng hn dy (trong phn in m trn ca dy A) B = 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0. Kt qu chy thut ton cho ta c phc tp tuyn tnh vn l 9 v a thc kt ni 91 ) ( D D C + = . Nhvythngquaktquthcnghimtathy,victncng(chnghnbittrc bnr)LFSRlhontoncththchinmtcchnginbngthutton Berlekamp-Massey. C. Mt s vn v a thc cc tiu: Nh c cp,phc tp tuyn tnh ca dy tun hontrn trng huhn th ng bng bc a thc cc tiu ca n. V mt mt m, ta cn bit n khng ch Trang 72 phc tp tuyn tnh ca dy m cn a thc cc tiu [4]. Sau y l mt s kt qu ca cc nh nghin cu v a thc cc tiu ca dy tun hon. Khinimhmsinh(generatingfunctionhayformalpower)[4]:Hmsinhcamt dy na v hn strn GF(q) c nh ngha bi: ==0. ) (iiix s x sNu stun hon vi chu k N, ta c: == = 10. ) ( ) ( ) 1 (NiiiN Nx s x s x s xCc mnh sau y ng: Mnh 2.6.4 [4]: Hm sinh ca mi dy tun hon sc th c biu din nh: ) () () (x fx gx s = (2.6.1) vi0 ) 0 ( = f v). deg( ) deg( f g n , tn ti mt hm cn bng f* trn GF(2)n m phi tuyn ca n l: Trang 90 + = + + + + + = + + + + >+ + + + + + ). 1 2 ( 2 ), 2 2 2 2 2 (212, 2 ); 2 2 2 2 2 (2121 1 2 ) 1 2 ( 2 ) 1 2 ( 2 ) 1 2 ( 2 1 ) 1 2 ( 22 2 2 2 1 22 12 2 1*t nnNs t t t t t tmfs s sm m m phi tuyn ca cc hm cn bng trn GF(2)4, GF(2)6, GF(2)8, GF(2)10, GF(2)12 v GF(2)14 c xy dng bng cch ny cho trong bng sau [32]: Khng gian vector GF(2)4GF(2)6GF(2)8GF(2)10GF(2)12GF(2)14 Cc i42611849420148126 Bng cch iu chnh 42611649220108120 Bng cch kt ni 42411248019848064 Bng 1. Cc phi tuyn ca cc hm cn bng. Kt qu thc nghim phi tuyn: Trong phm vi lun vn, chng ti cng tin hnh thc nghim o c phi tuyn ca hmBoolean.Rrngcthdatrctipvonhngha2.4.7xcnhphi tuyn ca hm Boolean bng mt c ch lp trnh kh phc tp. Nhng thc ra c mt cchthunlihn,lsdngbiniWalsh-Hadamard(Walsh-Hadamard transform) da trn ma trn Walsh-Hadamard. Ma trn Walsh-Hadamard c nh ngha nh [32]: H0 = 1,,... 2 , 1 ,1 11 11= ((

=n H Hn n Trang 91 y l tch Kronecker, c nh ngha khiB Avi A l ma trnn mv B l ma trnt s c kt qu l ma trnnt ms : (((((

= B a B a B aB a B a B aB a B a B aB Amn m mnn............2 12 22 211 12 11 vi aij l phn t dng i v ct j ca ma trn A. Ta c: ((

=1 11 11H ; (((((

=((

=1 1 1 11 1 1 11 1 1 11 1 1 11 11 12H HH HH ; (((((((((((

=((

=1 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 11 1 1 12 22 23H HH HHQu trnh ny c tip din v c th gi n l bin i Walsh-Hadamard. Trong khi cc bng chn tr ca tt c cc hm tuyn tnh bc 3 nh sau: Trang 92 1 0 0 10 0 1 10 1 0 11 1 1 10 1 1 01 1 0 01 0 1 00 0 0 00 1 1 01 1 0 01 0 1 00 0 0 00 1 1 01 1 0 01 0 1 00 0 0 0:::::::: 00 1 21 20 220 110x x xx xx xxx xxx+ + +++ Gi cc bng chn tr ny l bng cc bng chn tr tuyn tnh 3 bin. Nu thay cc phn t c gi tr 1 thnh 0 v-1 thnh 1 trong H3 th ta thy lc H3 trng vi bng bng chn tr trn. Tng t ta c th kim chng rng vi mi Hn (n > 3) lun c mt bng cc bng chn tr n bin tng ng vi n. T y ta c tng, dng bin i Walsh-Hadamard xc nh cc bng chn tr ca cc hm Boolean tuyn tnh n bin khi cn tnh phi tuyn ca mt hm Boolean f no c n bin. Vi mt lu rng, sau bin i Walsh-Hadamard ta vn cha xc nh c cc truth table ca cc hm affine n bin cn li, tuy nhin y l mt vic ht sc d dng. Bi v cc hm affine cn li l cc hm tuyn tnh tng ng XOR vi 1, nn ch cn ly tt c cc phn t ca cc bng chn tr ca cc hm tuyn tnh tng ng XOR vi 1 l ta c c cc bng chn tr ca cc hm affine cn li. ri sau tip tc dng chovicsosnhcckhongcchHammingtrongqutrnhtnhphituyncaf. Vi t tng , cc th tc cn thit (c dng bin i Walsh-Hadamard) c hin thc (lp trnh) tnh phi tuyn ca hm Boolean. SauylbngthngkphituyncacchmBooleantrnGF(2)8vibng chn tr c chn ngu nhin: STT Bng chn tr phi tuyn Trang 93 1 1010111010000111011011111010001010111000010111111111000000010000110111111100000001101110011000011111000011000100111100010110001100010010101010000000001001000000100111000000100100101000110110111010111111111110110000100110111111111101010001110110000100111000 100 2 0010000111100000010011000101001001000001110011100110111110010111111110110011000010101011111011101011110001100000111111110101111000011100111111111100100110011110000101100011111100001001001000010100110110111101110001001101011001011111011110100010111001001001 102 3 1001101110101110101100010111100101110100110101000000011101001110000110011110110111110111110100011110101100011100100100010111111001001110111101001110000110011111100001111011100110011000101101101011111111111001010110010011100011111100011011010010100100000011 100 4 1110110011011111011110111100110011100100000100110111110111111001011110011001011010000101100000100001000110011101110101010001111111001100011111001111100010101111111110011101101011000100011111010000110001010111001101101010010101110100010111101000011010110010 103 5 110111010000011011100001010010011001010011001000101101101011010000101101011011100110010011110011111100011010101111111010101011000001010000010101100100001010001101101000101000101001001101000001000001000101000111111100107 Trang 94 1001011110110111011101110011010111101100 6 0011000101010011001100100100001011010011010100000010100111100100000001011011001000000111001100001011101101010001011000011100110100101101101111110010001101011011110011000000000000010010011100100111000010001100000111101101000111000101010101000110011110011010 103 7 0111100000001011110010110000101100110110100100010000100000011011000000011110111001101001000111001110000100000010010110001010101101000011101010110000111011011100101100110110000011100001011000011111011110101010010000100101010001100000011011011011111110010111 105 Ta nhn thy cc phi tuyn cho trong bng ny r rng nh hn phi tuyn cc i vi gi tr l 118 cc hm Boolean trn GF(2)8 cho trong Bng 1. B. Tiu chun SAC ca hm Boolean: nh ngha 2.7.6[32]: Mt hm f trn GF(2)n c gi l tha mn tiu chun SAC nu) ( ) ( o x f x f lmthmcnbngvibtk nGF ) 2 ( e o mtrngs Hamming ca n l 1. Nu xt hm f trn GF(p)n, ta c nh ngha tng qut v tiu chun SAC nh sau: nh ngha 2.7.7 (tng qut SAC) [33]: Hm) ( ) ( : ) ( p GF p GF x fntha tiu chun SAC khi v ch khi np GF apa x f a x f ) ( ,1) ) ( ) ( Pr( e = + = +tha WH(a) = 1. Trang 95 TrongkintrccageneratorcthbaogmccS-box(bngthayth),generator ZUC l mt v d. Tiu chun SAC cng nh hng n an ton ca S-box. Xtn mS-box gm m bit u vo v n bit u ra. C th xem S-box ny gm nhmf0,f1,fn-1,tronghm) 2 ( ) 2 ( : GF GF fmj xcnhbitthjtrongkt qucS-box( n j < s 0 )[33].CchmnylcchmBooleanvcgilcc hm thnh phn ca S-box. Mt trong nhng tiu ch nh gi an ton ca S-box l tng hmfj phi t hay gn t tiu chun SAC, tc l nu 1 bit u vo ca S-box b thay i th mi bit u ra s b thay i vi xc sut xp x [33]. Chng hn trong Bng 2 [33], phn t ti dng i ct j l s trng hp gi tr ca hm fj b thay i khi bit u vo th i b thay i i vi S-box trong thut ton AES. Mc d tt c cc hm fj th S-box ca AES khng tha tiu ch SAC nhng s trng hp kt qu ca fj b thay i khi bit u vo th i b thay i xp x 128. Nh vy, khi 1 bit u vo b thay i, mi bit u ra s thay i vi xc sut xp x [33]. Do cc hm thnh phn ca S-box gn t tiu chun SAC. f0f1f2f3f4f5f6f7 bit 0132132116144116124116128 bit 1120124144128124116128136 bit 2132132128120144128136128 bit 3136136120116128136128140 bit 4116128116132128128140136 Trang 96 bit 5116132132120120140136136 bit 6136136120132120136136124 bit 7132144132136124136124132 Bng 2. Kho st s thay i ca cc hm nh phn thnh phn fj khi bit u vo th i b thay i i vi S-box trong AES. 2.7.3.4. Tnh ng nht sai phn ca S-box nh ngha 2.7.8 (tnh ng nht sai phn) [34]: Cho G1 v G2 l cc nhm Abel hu hn. nh x 2 1: G G f c gi l ng nht sai phn (differential uniformity) mc onu: { } o | o | o o s = + e e = e ) ( ) ( | , , 0 ,1 2 1z f z f G z G G (2.7.3.4) yoc gi l mc ng nht sai phn ca f. Nu f l mtm n S-box,) 2 (1nGF G =v) 2 (2mGF G = , th biu thc (2.7.3.4) trongnhnghatrncthvitl: { } o | o | o o s = + e e = e ) ( ) ( | , , 0 ,1 2 1z f z f G z G G .Vtrn) 2 (mGF ,phpcng ( )cngchnhlphptr.Dthyiunydavonhnghaphpcngtrn trng GF(2m) (xem Phn 2.5.3), v vi mt lu rng trn trng GF(2) php cng cng chnh l php tr (ch : 0 1 = -1 = 1 mod 2). Gi trocng nh th nh x f cng an ton i vi tn cng mt m sai phn v tn cng mt m tuyn tnh [33]. ivim n S-box,mcngnhtsaiphnbchndil 1min2+ =m no .S-boxtcmcngnht mino cgilAlmostPerfectNonlinear(APN).Tuy nhin, khng tn ti APN S-box cn bit u vo vn bit u ra vi nchn. V vy, Trang 97 trong thut ton AES s dng8 8S-box, mc ng nht sai phn ti thiu (l tng) lo= 22 = 4 [33]. Trang 98 Chng 3. M DNG TRN MNG DI NG Tm tt chng:Chng 3 h thng v kho st cc vn lin quan n ng dng ca m dng trn mng di ng. Ni dung chng ny trnh by cc vn chnh sau: oH thng ha v mng di ng, cc thut ton bo mt c trn mng di ng. oH thng li m hnh m dng ZUC vi cu to ca ZUC cng nh kin trc v hot ng ca 3 lp: LFSR, BR, hm phi tuyn F; trnh by hot ng ca ZUC. oTrnhbyhaingdngcaZUClthuttonmha128-EEA3v thut ton chng thc thng ip 128-EIA3. oH thng, phn tch cc tiu ch thit k v tnh an ton ca ZUC: trnh by v phn tch tiu ch thit k ca lp LFSR; trnh by tiu ch thit k calpBR;hthngvphntchtiuchthitkvtnhantonca hmphituynF,cbitisuphntchvthcnghimoc kim tra cc c tnh mt m quan trng ca hai S-box S0 v S1 l: tnh phi tuyn ca S-box, tnh ng nht sai phn ca S-box, tiu chun SAC v tnh cn bng (balance) ca cc hm thnh phn ca S-box. Trang 99 3.1. Gii thiu v mng di ng 3.1.1. Cc chun mng di ng GSM l tn vit tt ca H thng thng tin di ng ton cu (Global System for Mobile Communications).ylmtchundnhchomngthngtindingvhinnay csdngrtphbintrnthgii.GSMccngbvonm1982vc xemlchunmngthhthhai(SecondGeneration2G).GSMdngmhnh mngchia(cellcularnetwork).Mngnycphnthnhnhiu(cell)vinm loi kch thc khc nhau. in thoi di ng s c kt ni vo mng GSM bng cchtmkimgnnnht.cmngGSMxcnhn,miinthoiphic mtmounxcnhnngingk(SubscriberIdentityModule)haycncgi n gin l th SIM.Mng GSM hot ng trn nhiu bng tn khc nhau. Cc bng tn c s dng nhiu nht l 900 MHz v 1800 MHz. UMTSraisauGSMvcxemlchunmngthucthhthba(Third Generation3G).UMTSltnvitttcaHthngvinthngdingtoncu (Universal Mobile Telecommunications System). So vi GSM mng UMTS c tc truyn ti cao hn do s dng k thut tri ph (wideband). V l thuyt tc truyn ti ti a camng UMTS c th lnn 45Mbit/s.UMTS s dng cp di bng tn ring cho thao tc ti ln (upload) v ti xung (download). Cp bng tn ny thay i ty vo mi quc gia v chun loi UMTS s dng. ESP l chun mng c pht trin t UMTS v hin vn cn ang c nghin cu v xy dng. EPS l tn ca h thng gi tin tin ha (Elvovled Packet System). Chun mng ny thuc th h th t (4G) v k tha cc u im t hai chun mng GSM v UMTS.ChaichuncquantmnhiutrongEPSlchunLTE(LongTerm Evolution)vchunSAE(ServiceArchitectureEvolution).LTEquantmnsng Trang 100 truyn v giao tip (Interface) vi thit b, trong khi SAE quan tm n vic xy dng mng li (Core Network). 3.1.2. Bo mt trn mng di ng Mng GSM c thit k cho cc ng dng bo mt khng qu phc tp. Trong chng thc, GSM s dng kha qui c trc (pre-shared key) v phng php thch thc trli(challenge-responseauthentication ).CpthuttonchngthcA3vA8s c ci sn trong SIM gii m gi tin thch thc v to kha b mt truyn d liu. Khi SIM gi yu cu kt ni n mng, h thng mng s to mt s ngu nhin RAND ri gi li cho SIM. SIM v h thng mng cng s dng thut ton A3 vi u vo l kha b mt K1 (kha b mt ca SIM ny v h thng mng) v s ngu nhin RAND cn u ra l gi tr SRES di 32-bit. Nu hai gi tr SRES ca SIM v h thng mnggingnhauthSIMcchngthcthnhcng.KhiSIMcnghthng mngdngthuttonA8torakhaphinnhmmhadliutraoi[28]. GSM dng nhmthut ton A5 m ha gi tin. Trong nhm thut ton A5 ny c hai thut ton ang c p dng rng ri l A5/1 v A5/2 v mt thut ton ang c pht trin da trn m ha Kasumi l A5/3. bomtEPSsdngcpthuttonlEEAvEIA.EEAlthuttonmha trn EPS (EPS Encyption Algorithms) cn EIA l thut ton chng thc trn EPS (EPS Integrity Algorithms). Cp thut ton u tin m EPS s dng l 128-EEA1 v 128-EIA1. Cc thut ton ny c xy dng da trn m dng SNOW 3G v s dng kha di 128 bit. Sau cp thut ton 128-EEA2 v 128-EIA2 [41] c xy dng v pht trin da trn m ha khi AES. Hin nay hng nghin cu thut ton bo mt trn EPS l pht trin vo m dng ZUC [31] lm c s cho cp thut ton 128-EEA3 v 128-EIA3. Trang 101 3.2. M dng ZUC 3.2.1. Cu to ca ZUC ZUC s dng b sinh phi tuyn. B sinh trong ZUC bao gm mt thanh ghi LFSR v mt hm phi tuyn F. Hnh di y m t cu trc tng qut ca ZUC. Ta chia ZUC ra lm 3 lp chnh nh sau: lp trn cng lthanh ghi LFSR c 16 stage, lp gia c gi l lp ti cu trc dy bit (Bit-reorganization - BR), lp di cng l hm phi tuyn F [31]: Trang 102 Hnh 21. Kin trc tng qut ca ZUC. 3.2.2. Cu to v hot ng ca LFSR Thanh ghi dch chuyn hi tip tuyn tnh trong ZUC l mt thanh ghi Fibonacci c 16 stage. Mi stage cha 31 bit v nhn d liu trong khong {1,2,3,, 231-1}. Sau mi xung tn hiu nh thi, thanh ghi s dch chuyn cc bit sang tri v gi hm hi tip (feedback). Thanh ghi c 2 cch hi tip l dng thit lp v dng hot ng. Trang 103 dng thit lp, thanh ghi LFSR nhn d liu u vo l mt t (word) u di 31 bit. T ny c to ra bng cch ly word w t u ra ca hm phi tuyn F v b i bit thp nht (u=W>>1). Quy trnh bao gm cc bc sau: LFSRWithInitialisationMode(u) { 1.v = 215s15+217s13+221s10+220s4+(1+28)s0 mod (231-1); 2. s16 = (v+u) mod (231-1);3.If s16 = 0, then set s16 = 231-1;4.(s1,s2, ,s15,s16) (s0,s1, ,s14,s15) ; } dng hot ng, thanh ghi thc hin cc thao tc sau: LFSRWithWorkMode() {1. s1 6= 215s15+217s13+221s10+220s4+(1+28)s0 mod (231-1);2. If s16 = 0, then set s16 = 231-1;3. (s1,s2, ,s15,s16) (s0,s1, ,s14,s15) ; } 3.2.3. Ti cu trc dy bit Trongbsinhphituyn,hmphituynFthngkhngsdnghtccstageca thanh ghi LFSR m ch s dng mt s stage chn sn. Vic chn stage c thc hin lp ti cu trc dy bit (the bit-reorganization). lp ny cc stage s0, s2, s5, s7, s9, Trang 104 s11, s14, s15 ca thanh ghi s c kt hp li to thnh bn word 36-bit l X0, X1, X2, X3. Ba word us cs dng trong hm phi tuyn F, wordX3 cnli dng to ra keystrean. Hot ng ca lp ny c miu t bi hm sau: Bitreorganization() { 1.X0=s15H || s14L;2.X1=s11L || s9H; 3.X2=s7L || s5H;4. X3=s2L ||s0H.} Trong hmBitreorganization(), sxL l 16 bitcao ca stagesx, sxH l16 bitthp ca stage sx. Cn php bin i a || b l php ni hai dy bit a v b thnh mt dy bit duy nht trong dy a nm v pha bn tri cn dy b nm pha bn phi ca dy bit mi ny. 3.2.4. Hm phi tuyn F HmphituynFnhnuvol3wordX0,X1,X2 tlptrn.uracahml2 word W. Trong lp ny c hai bin nh l R1 v R2. Hot ng ca hm F bao gm cc bc sau: F (X0, X1, X2) {1. W=( X0 XOR R1) + R2 mod 232;2. W1= R1+ X1 mod 232;3. W2= R2 XOR X2;Trang 105 4. R1=S(L1(W1L||W2H));5. R2=S(L2(W2L||W1H)); } Trong hm F c s dng cc hm con S(), L1() v L2(). Hm S() l mt 32x32 S-box nhn vo mt word (32 bit) v tr v mt word tng ng. L1() v L2() l cc hm bin i tuyn tnh. Cu trc ca tng hm c trnh by chi tit trong phn tip theo. 3.2.4.1. S-box S 32x32 S-box trong ZUC gm bn 8x8 S-box ghp li l S0, S1, S2, S3. Trong S0 = S2 v S1 = S3. M hnh ca cc S-box con S0 v S1 c th hin qua cc s bn di. tnh S(X) vi X l mt word 32 bit ta phi tch X thnh 4 byte khc nhau: X= X0 || X1 || X2 || X3. Gi Y=S(X) , khi Y= S0(X0) || S1(X1) || S2(X2) || S3(X3). tnh gi tr qua S-box con, v d S0(X0), ta tch X0 thnh hai phn mi phn 4 bit c th hin dng thp lc phn, v d X0=H0||L0. Khi gi tr S0(X0) s nm ti hngth H0 v ctthL0trongbngS-boxS0.VdviX=0x12345678thY=S(X)=S0(0x12)|| S1(0x34) || S2(0x56) || S3(0x78)=0xF9C05A4E. 0 1 2 3 4 5 6 7 8 9 A B C D E F0 3E 72 5B 47 CA E0 00 33 04 D1 54 98 09 B9 6D CB1 7B 1B F9 32 AF 9D 6A A5 B8 2D FC 1D 08 53 03 902 4D 4E 84 99 E4 CE D9 91 DD B6 85 48 8B 29 6E AC3 CD C1 F8 1E 73 43 69 C6 B5 BD FD 39 63 20 D4 384 76 7D B2 A7 CF ED 57 C5 F3 2C BB 14 21 06 55 9B5 E3 EF 5E 31 4F 7F 5A A4 0D 82 51 49 5F BA 58 1C6 4A 16 D5 17 A8 92 24 1F 8C FF D8 AE 2E 01 D3 AD7 3B 4B DA 46 EB C9 DE 9A 8F 87 D7 3A 80 6F 2F C88 B1 B4 37 F7 0A 22 13 28 7C CC 3C 89 C7 C3 96 569 07 BF 7E F0 0B 2B 97 52 35 41 79 61 A6 4C 10 FEA BC 26 95 88 8A B0 A3 FB C0 18 94 F2 E1 E5 E9 5DB D0 DC 11 66 64 5C EC 59 42 75 12 F5 74 9C AA 23Trang 106 C 0E 86 AB BE 2A 02 E7 67 E6 44 A2 6C C2 93 9F F1D F6 FA 36 D2 50 68 9E 62 71 15 3D D6 40 C4 E2 0FE 8E 83 77 6B 25 05 3F 0C 30 EA 70 B7 A1 E8 A9 65F 8D 27 1A DB 81 B3 A0 F4 45 7A 19 DF EE 78 34 60Bng 3. S-box S0. 0123456789ABCDEF 0 55 C2 63 71 3B C8 47 86 9F 3C DA 5B 29 AA FD 771 8C C5 94 0C A6 1A 13 00 E3 A8 16 72 40 F9 F8 422 44 26 68 96 81 D9453E 10 76 C6 A7 8B 39 43 E13 3A B5 56 2A C0 6D B3 05 22 66 BF DC 0B FA 62 484 DD 20 11 06 36 C9 C1 CF F6 27 52 BB 69 F5 D4 875 7F 84 4C D2 9C 57 A4 BC 4F 9A DF FE D6 8D 7A EB6 2B 53 D8 5C A1 14 17 FB 23 D5 7D 30 67 73 08 097 EE B7 70 3F 61 B2 19 8E 4E E5 4B 93 8F 5D DB A98 AD F1 AE 2E CB 0D FC F4 2D 46 6E 1D 97 E8 D1 E99 4D 37 A5 75 5E 83 9E AB 82 9D B9 1C E0 CD 49 89A 01 B6 BD 58 24 A2 5F 38 78 99 15 90 50 B8 95 E4B D0 91 C7 CE ED 0F B4 6F A0 CC F0 02 4A 79 C3 DEC A3 EF EA 51 E6 6B 18 EC 1B 2C 80 F7 74 E7 FF 21D 5A 6A 54 1E 41 31 92 35 C4 33 07 0A BA 7E 0E 34E 88 B1 98 7C F3 3D 60 6C 7B CA D3 1F 32 65 04 28F 64 BE 85 9B 2F 59 8A D7 B025 AC AF 12 03 E2 F2Bng 4. S-box S1. 3.2.4.2. Hm bin i tuyn tnh L1vL2lhaihmbinituyntnh.Haihmnynhxnhxmtword32-bit ny thnh mt word 32-bit khc. C php c th ca hm nh sau: L1(X)=X(X

Documents

Khảo sát Mã dòng và ứng dụng - Stream Ciphers