Professional Documents
Culture Documents
Cryptography
360
A.
A.1
A.2
B. /
C.
C.1
C.2
C.3
C.4
C.5
C.6
D.
D.1
D.2
D.3
D.4
/
/
E.
F.
G.
G.1
G.2
G.3
G.4
G.5
G.6
G.7
G.8
H.
I.
J. PKI)
K.
L. )
PKI
19
classical cryptography)
20 1949
C.E.Shannon 1949
The Communication Theory of Secr
et Systems
1976 W. Diffie M. Hellman
New Directions in Cryptography
plaintext intelligible
ciphertext
cipher substitution /
disposition
key
encrypt encipher
encode
decrypt decipher
decode
Key Clustering
cryptography
authentication
cryptanalysis
cryptology
confidentiality
integrity
/ authentication
non-repudiation
classical cyptography
substitution
cihpers transposition ciphers
skytale
frequency analysis
rotor machines
Enigma Purple
HASH
DES IDEA AES RSA ECC
1.
2.
Substitution Cipher
Transposition Cipher
12
Transposition Cipher
Substitution cipher
Stream cipher
Block cipher
Polygram Substitution cipher
13
20 1949
/
Rotor Machine
14
Shannon
1949 1975
1949 Shannon The Communication Theory
of Secret Systems
1967 David Kahn The Code breakers
1971 1973 IBM Watson Horst Feistel
15
frequency analysis
simple
substitution ciphers
E X ST NG TH
XT QJ NZ
Germany: Enigma
UK: TYPEX
US: Converter M-209
17
rotor machines
1930 1950
Enigma
26
26^3 17576
substitution
symbol
codebook
monoalphabetic
shift alphabet
scramble alphabet
mixed deranged
multialphabetic
Trithemius
Tabula recta
(transposition)
Permutaion
Columnar transposition
Double transposition
interrupted transposition
Skytale
rail fence
route
anagramming
Whitfield_Diffie
Martin-Hellman
1976
1976 Diffie & Hellman New Directions i
n Cryptography
1977 Rivest,Shamir & Adleman RS
A
90
21
Vs.
Cryptography
Cryptanalysis
22
23
code breaking
24
DES RSA
25
vs.
(Plaintext)
(Ciphertext) (Cryptogram)
(Cryptographer)
26
vs.
Encryption
Decryption
, (Encryption Key)
(Decryption Key)
27
Cryptography Algorithm
Encryption Algorithm
Decryption Algorithm
28
vs.
Diffusion
Confusion
Shannon
29
1 vs.
2 vs.
3 vs.
4 vs.
30
vs.
restricted
key-based
31
Vs.
Substitution Cipher
Permutation Cipher
(Transposition Cipher)
32
23 7
7 23 7 187 1
1 23 88
33
stream cipher
block cipher
out-of-band
N(N-1)/2
vs.
Symmetric cipher
Conventional cipher)
Asymmetric cipher
Public-key cipher)
public key)
private key)
RSA ECC ElGamal
35
(stream ciphers)
pseudorandom number
generator PRNG XOR
keystream / /
RC4
RC4
RC4 2001
RC4 PRGA
RC4 WEP
802.11
IV
HASH IV
(block ciphers)
block
64 128
(DES)
IBM Lucifer
64 56
32
16
Sboxes P-boxes
1976
(ECB)
(CBC)
initialization vector IV
(CFB)
IV
(OFB)
IV
DES(TripleDES)
DES-EDE2 112
56
DES-EDE3 168
56
DES
meet-in-the-middle DES
DES 2 2^56
3DES
168 112
(IDEA)
IDEA 64 4 16
52 16 8
IDEA
AES
(AES)
AES 10 128
12 192 14 256 SPN
byte sub shift
row mix column add
round key
hybrid cryptosystems
Diffie-Hellman
discrete logarithms
Exponential Key Agreement
p g p g p
a g^a Mod p
b g^b Mod p
g^b Mod p g^ab g^a Mod p
g^ba g^ab=g^ba
Man-In-The-Middle
RSA
RSA
RSA
p q N = p q
( p 1 ) ( q 1 ) e 1<e<N
d = e^ - 1 { mod ( p 1 ) ( q 1 ) }
p q N e N d
m N n c = n ^e ( mod N )
n = c ^d ( mod N )
RSA 2048
(ECC)
ECC
RSA
ECC
EI Gamal
p p x g
y g^x mod p y g p x
p m p
1 k c1 g^k mod p c2 my^k mod
p c1,c2 k
c2/c1^x mod p m
digital signature
algorithm DSA
RSA
ECC
Diffe-Hellman
El Gamal
DSS
LUC
DES
3DES
Blowfish
IDEA
RC4
SAFER
1
2
3
4
54
55
1
.
2
/
.
56
57
58
(1) A B
N1
(2) B A
A B
B f(N1) N2
(3) A f(N2) B
59
(1) A KDC A
B N1
(2) KDC A
Ks A B KDC
Ks A
A KDC
60
( )
(3) A B B KDC
Ks A
(4) B Ks
N2 A
(5) B Ks f(N2)
B
61
A B A
N1 B
B N1 A N1
N2 A
A B N2 B
B Ks B
A B
A A B Ks
62
USB Key
Usb Key
( )
63
DES
IDEA
AES
64
Oscar
Alice
Bob
Alice Bob
Oscar
65
DES
DES 56bits
64bits
64 bits
Confusion
Diffusion
66
DES
1973 5 15 NBS
:
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
67
DES
DES
1979 DES
1980 ANSI D
ES DEA AN
SI X.392
1983 ISO D
ES DEA-1
1998 12 DES
69
DES
64 bit m
m,
DES(m)=IP-1 T16 T15 ..... T2 T1 IP(m)
IP IP-1
16
70
DES
IP
Initial Permutation
L0
f
64
IP
R0
K1
L1 R0
R1 L0
16
K2
L2 R1
R2 L1 f
32
R15
L15
IP-1
K16
64
L16 R15
R16 L15 f
IP 1
71
DES
DES
16
m = DES-1(c) = IP-1 T1T2.....T15 T16 IP
(c)
DES
= 56
=
1976
2000
DES 3DES
DES 168 , k=k1k2k3
m
DES
k1
DES
-1
k2
DES
k3
DES
-1
k3
DES
DES
-1
k2
k1
DES
k1
DES-1
k2
DES
k1
DES-1
DES
k1
k2
DES-1
k1
74
IDEA
IDEA
IDEA
216
216 X+Y=Z mod(216)
216+1 X*Y=Z mod(216 1)
IDEA 64 4 16
X1 X2 X3 X4
128
IDEA DES
76
AES
1997 4 15
NIST Advanced Encry
ption Standard AES
AES
DES DES
128 128/192/25
6
1997 9 12
AES AES
77
AES
1998 8 12 AES 15
1999 3 22 AES
5 5 RC6 Rijndael SERPENT Twofi
sh MARS
2000 4 13 AES 5
NIST AES
79
AES
3 /
80
AES
128bit
128 bits, 19
2 bits, 256 bits
128-bit key => 10
192-bit key => 12
256-bit key => 14
AES
81
AES
82
83
DES
DES
IDEA
AES
84
DES
56
16
XOR, S-Box
Kerberos,SET
3DES
112 or 168
48
XOR,S-Box
PGP,S/MIME
IDEA
128
XOR, ,
PGP
BlowFish
448
16
XOR, S-Box,
RC5
2048
<255
+, XOR
CAST-128
40 128
16
+, S-Box
PGP
85
86
87
1.
: XY: Y = EKU(X)
: YX: X = DKR(Y) = DKR(EKU(X))
2.
3.
X = DKR(EKU(X)) = EKU(DKR(X))
88
(1) x y=f(x)
(2) y, x y=f(x)
(3) y
x x y=f(x)
1*. (1) (2) (3)
2*. f f
Pk f
Sk f x y
=f(x) Sk x=f-1(y)
3*. (2) y=f(x) x
89
90
RSA
2000 9
91
RSA
p, q , ;
n=pq n;
(n) =(p-1)(q-1)
(n) e
gcd (e,(n) )=1; 1<e<(n) e
5. d de 1 mod (n) ,
de =k(n) +1
1.
2.
3.
4.
92
RSA
(n)
DES 100
DES 1000
93
Q P
mP=P+P++P=Q m P Q
Q P m
Neal Koblitz
Victor Miller 1985
94
ElGamal
DSA ECDSA
ECC Diffie-H
ellman
t,n
95
MIPS 100
96
97
98
ECC
Modem
Deffie-Hell
man
Web
ECC
RSA
99
ECC
100
Diffie-Hellman
1.
2.
3.
4.
5.
1976
a p mod n
101
Diffie-Hellman
Alice
q
a < q , a q
x A
x A q
y A
y A a x A (mod q)
yA
yB
Bob
xB ,
xB q
y B
y B a xB (mod q)
k ( y B ) x A (mod q)
k ( y A ) xB (mod q)
EK(m)
102
ElGamal
p Zp* g
a b=ga mod p
1<=m<=p-1 k
(c1, c2) c1=gk mod p, c2=mbk mod p
DSA
1991 , NIST DSA ,
DSS
DSA
DSA NSA
DSA
DSA RSA 10 40
512
DSA
RSA
104
1 . /
2 . ( )
3 .
RSA
Dieffie-Hellman
DSS
105
Alice
Bob
106
Alice
Bob
107
User B
User A
Xa < p
Ya=aXa mod p
K=(Yb)Xa mod p
Ya
Yb
Xb < p
Yb=aXb mod p
K=(Ya)Xb mod p
Diffie-Hellman
108
109
110
RSA
ECC
ElGamal
DSA
Diffie-Hellman
111
MD5
SHA-1
112
Hash
Hash
, :
h = H(M), M ,h .
x, H(x) (
)
: h, x H(x)=h
;
: x, x y,
H(y)= H(x) ;
: (x, y) ,
H(x)=H(y) .
113
113
Hash
H
H
x H x
h H x h
x
x y
H y H x
MD5 128 SHA 1
60
114
MD5
MD5 (RFC 1321) developed by Ron Rivest
(R of the RSA )at MIT in 90s.
MD Message Digest
128
512
115
SHA-1
SHA1/ MD5
MD5 128bits
SHA1 160bits
SHA1 SHA1
SHA1 openssl speed md5/sha1:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 5425.31k 19457.48k 55891.45k 104857.60k 143211.4
0k
sha1 5104.58k 16008.41k 37925.33k 57421.81k 68241.68
k
117
118
Message encryption
MAC
Hash function
119
MAC
120
MAC
MAC
Key
P || MAC(P, K)
MAC
MAC
MAC
MAC
* MAC
121
MAC
( )
/
122
MAC
MAC
MAC
MAC
Key
HASH
MAC
123
A
B
124
HMAC
HASH Key
RFC 2104
HMAC Keyed-Hashing for Message Authentication
FIPS 198
The Keyed-Hash Message Authentication Code(HMAC)
HASH
HASH
125
, :
126
127
M H(M)
H(M)
EKRa(H(M))
M
B
B A H
B H(M)
H=H(M) A
128
129
( )
( )
(
)
.
130
131
M H(M)
H(M)
EKRa(H(M))
M
B
B A H
B H(M)
H=H(M) A
132
RSA
m
d (e,n)
m H(m).
s=(H(m )d mod n
H1=se mod n
H1=H(m)
133
134
X.509
X.509 ITU-T
X.500
X.509 X.500 distinguished
name DN alternative name
X.509
X.509
.CER DER
.DER DER
.PEM Base-64
.P7B .P7C PKCS#7
.PFX .P12 PKCS#12
( )
Key Storage
Self-Destruct
Key Change
Key Control
Key Disposal
Link Enryption
End-to-End Encryption
Node 2
Node 1
Ek
Link1
Node 3
Link2
Node 4
Link3
Dk
RSA
IDEA
MD5
VPN
IPSec
Authentication Header AH
Authenticity
(SA)
Security Association SA IPsec
AH ESP Identifier
Simplex Connection IP
(AH)
SPI 32
Sequence Number 32
(ESP)
DES DES-CBC
SSL/TLS
SSL SSL
MAC
SSL
SSL
SSL
CA
SSL ( )
Premaster
Secret
Master Secret
Session
Key
1996 Wassenaar
Agreement
4
cybertext only attack
150
151
side channel
replay attack
152
DES RSA
Which of the following best d
escribes a digital signature?
A method of transferring a han
dwritten signature to an electr
onic document
A method to encrypt confidenti
al information
A method to provide an electr
onic signature and encryption
A method to let the receiver of
the message prove the source
and integrity of a message
If a cryptosystem is u
sing a key size of 8, w
hat is the keyspace si
ze?
64
32
256
16
64
32
256
16
Which of the following is a true
difference between an asymm
etric and symmetric algorithm?
Symmetric algorithms are faster
because they use substitution an
d transposition
Asymmetric algorithms are slowe
r because they use substitution a
nd transposition
Asymmetric algorithms are best i
mplemented in hardware and sy
mmetric in software
Asymmetric algorithms are more
vulnerable to frequency analysis
attacks
Which of the following is a
true statement about the C
aesar algorithm?
The algorithm is an alphabe
t and the key is the number
of shifts
The algorithm is the number
of shifts in an algorithm and
the key is the algorithm
It uses a secret word for pol
yalphabetic encryption
It is another name for the sc
ytale method
scyt
ale
Digital signatures, sec
ret key distribution, a
nd encryption are all
carried out by which
of the following algori
thms?
ECC
Diffie-Hellman
Blowfish
RC4
ECC
Diffie-Hellman
Blowfish
RC4