WWW.DISSERS.RU


...
    !

Pages:     | 1 |   ...   | 8 | 9 || 11 | 12 |   ...   | 14 |

pc aep paa popa 2-e ae pooo, aop cxoe ec a e C COEPAHE . pecoe Beee aa 1 Ocoe o 1.1 Tepoo 1.2 ...

-- [ 10 ] --

Ceapu 2: Tpe - o oep-oapyc. Ec Aca xoe aep oye, oa ocae eo Tpey. Tpe ocae eo poo oc RSA opae opao. (Ooapaee x y e coyc, Tpe pye ce cooee co ap o.) Mop xoe, o Tpe oca aoe cooee, oopoe oo cyae o o oa e o e. Moe o aa peea ea, oe aopo oo cooe ec pyoe o.

ao a pa, Tpe oa e oe o cooee, ec y eo ye oooc opa.

Haoe o cooee m'.

Caaa Mop pae poooe aee x ce y = xe mod n. e o oe oy e pya - o op Tpea, oop oe oyoa, o oo o poep oc Tpea. Teep Mop ce m = ym' mod n ocae m Tpey a oc. Tpe opaae md mod n. Now Mop ce (md mod n)x-1 mod n, oopoe pao n'd mod n ec oc m'.

Ha cao ee Mop oe cooa oeco cocoo pe ooy aay [423, 458, 486].

Ca eco, oopoe coy ae cp, ec coxpaee yao cpyyp xoa p oee cee. To ec:

(xm)d mod n = x dmd mod n Ceapu 3: Ea xoe, o Aca ocaa m3. Oa coae a cooe, ml m2, ae o m3 = m1m2 (mod n) Ec Ea coe aca Acy oca ml m2, oa oe c oc m3:

m3d = (mld mod n) (m2d mod n) Mopa: Hoa e oyec aopo RSA oc cyax oyeo, ocyyx a o copo. Bcea caaa ocoyec ooapaeo x-ye. opa oo ISO 9796 peo paae o cpe.

Bcpmue oeo oy RSA p peaa RSA oo opooa paa ce ooae oao oy n, o aoy co ae oaaee cee e d. coae, o e paoae. Haoee oea poea o, o ec oo o e cooee oa-y poaoc pa oaae cee (c o e e oye), a oaae - ao poce ca (a oo ae), o op ec oe pacp, ae e a ooo a eppoa [1457].

yc m - op ec cooe. a a poa - e1 e2. O oy - n. poeca cooe c:

c1 = me mod n c2 = me mod n poaa ae n, e1, e2, c1 c2. Bo a o yae m.

Ta a e1 e2 - ao poce ca, o c oo pacpeoo aopa a r s, oopx re1 se2 = Ca r opae ( r, s oo opae, yc opae ye r), o coa oo ocooac pacpe aopo ce c1-1. ae (c1-1)-r * c2s = m mod n Cyecye a pyx, oee ox cp cce aoo a. Oo coye epooc eo paoe n a oe. pyo - eeppoa aop ce aoo-y cepeoo a e paoe oy a oe. Oa cp opoo oca [449].

Mopa: He eae n o py ooaee.

Bcpmue aoo noaame upoau RSA poae poepa oc RSA oec cpee, ec e coyec eooe aee, o o ae oe eeoac [704]. Ec e(e 1)/2 eo acx cooe c pa o p a pyc o e e aee e, cyecye coco cp ay ccey. Ec cooe e a oo, ec cooe e ca, o poe e. Ec cooe oao, o oca oo e cooe. poe ceo oo cooe eac cya ca.

o ae apapye, o me mod n me. Ta eaec oce paecx peaa RSA, a pep, PEM PGP (c. pae 24.10 24.12).

Mopa: ooe cooe epe poae cya ae, yeec, o paep m pepo pae n.

Bcpmue aoo noaame eupupoau RSA py cpe, peoe Ma Bep (Michael Wiener), pacpae d, e d e peae e ep paepa n, a e ee n [1596]. p cyao ope e d o cpeaec peo, oa e poo e, ec aee e ao.

Mopa: Bpae ooe aee d.

oyee ypou y Myp (Judith Moore) a ocoa epecex cp po ceye opae RSA [1114, 1115]:

ae oo ap oaaee poa/eppoa aoo oy ooe oy pao oy a oe.

ae oo ap oaaee poa/eppoa aoo oy ooe oy c pye ap oaaee, e pacaa oy a oe.

B poooax cee c, pex RSA, e oe cooac o oy. (o ec oe cece peyx yx yo.) peopae cp aoo oaae poa cooe o ooe c y a ae.

oaae eppoa oe o.

He aae, eocaoo cooa eoac popaec aop, o eoa c c poccea popaec pooo. Caoe eco oo pex x ooeo ce a e eeoaco c ccey.

Bcpmue upoau u nonucu c ucnooaue RSA ee cc oca cooee epe poae (c. pae 2.7), o a pae o e o e oo. RSA oo cp pooo, pye cooee o eo oca [48].

Aca xoe oca cooee oy. Caaa oa pye eo op o oa, a ae oc ae co ap o. Ee apoaoe ocaoe cooee a :

BA me mod nB )d mod nA Bo a o oe oaa, o Aca ocaa ey m', a e m. Ta a oy eco paoee a o e nB (o eo coce oy), o oe c cpee oap o ocoa nB. Ceoa eo, ey yo oo a x, oopoo m'x = m mod nB Toa, ec o oe oyoa xeB aece coeo ooo opoo oaae cee coxpa co pe oy nB, o coe yepa, o Aca ocaa ey cooee m', apoaoe o oaaee.

B eoopx cyax o ocoeo epoe cpe. ae, o x-y e pea poey.

Oao oa peaec p cooa aoo ooae cpoaoo oa ae poa.

Cmaapm RSA de facto ec caapo o o cey py. ISO o, but not uite, created an RSA digital signature standard;

RSA cy opao ooee ISO 9796 [762.]. paycoe aocoe coo eco po RSA aece caapa [525], a e ocy acpa [1498]. B Coeex a ax -a ae NSA aex opoco acoee pe e caapa poa c op o. Moe aepace oa coy PKCS (c. pae 24.14), aca RSA Data Security, Inc. RSA opeee aece epooo aocoo caapa ANSI [61].

amem Aop RSA aaeoa Coeex aax [1330], o oo pyo cpae. PKP oya e ece c py aea oac popa c op a (pae 25.5). Cpo ec aea CA ceae 20 cep 2000 oa.

19.4 PohIig-HeIIman Cxea poa Pohlig-Hellman [1253] oxoa a RSA. o e cep aop, a a poa eppoa coyc pae . o e cxea c op o, ooy o eo oyac o pyoo, poa, eppoa o xpac cepee. a RSA, C = Pe mod n P = Cd mod n e ed 1 (mod aoe-y cocaoe co) B oe o RSA n e opeeec c oo yx pocx ce ocaec ac apoo a.

Ec y oo-y ec e n, o oe c d. He a e d, po ye ye c e = logpC mod n M ye e, o o ec pyo poeo.

amem Aop Pohlig-Hellman aaeoa CA [722] aae. PKP oya e ece c py aea oac popa c op a (c. pae 25.5).

19.5 Rabin eoacoc cxe Paa (Rabin) [1283, 1601] opaec a cooc oca apax ope o o y cocaoo ca. a poea aaoa paoe a oe. Bo oa peaa o cxe .

Caaa pac a pocx ca p q, opyx 3 mod 4. poce ca c ap o, a x poeee n =pq - op o.

poa cooe M (M oo ee n), poco cec C = M2 mod n eppoae cooe ae ecoo, o eoo cyee. Ta a oyae ae p q, o oe pe e opyoc c oo aco eope o ocaax. Bcec m1 = C(p+1)/4 mod p m2 = (p - C(p+1)/4) mod p m3 = C(q+1)/4 mod q m4 = (q - C(q+1)/4) mod q ae paec ee ca a = q(q-1 mod p) b = p(p-1 mod q). ep oo pee c:

M1 = (am1 bm3) mod n M2 = (am1 bm4) mod n M3 = (am2 bm3) mod n M4 = (am2 bm4) mod n O epex peyao, M1, M2, M3 M4, pao M. Ec cooee acao o ac, pa paoe Mi epyo. C pyo copo, ec cooee ec ooo cyax o (cae, eepa e poo oc ), cocoa opee, aoe Mi - paoe, e. O cocoo pe y poey cy oaee cooe epe poae ecoo aooa.

Williams X Bc (Hugh Williams) epeopee cxey Paa, o ycpa eoca [1601]. B eo cxee p q pac a, o p 3 mod q 7 mod N = pq poe oo, coyec eooe eoe co, S, oopoo J(S,N) = -1. (J - o co o - c.

pae I I.3). N S oyoac. Cepe o ec k, oopoo k = 1/2 (1/4 (p - 1) (q - 1) 1) c poa cooe M cec c1, aoe o J(M,N) =. ae cec M' = ( S *M) (-1)c mod N. a cxee Paa, C = M'2 mod N. c2 = M' mod 2. Ooae poeco cooe ec poa:

(C, cl, c2) eppoa C, oyae ce M" c oo Ck M" (mod N) pa a M" opeee c2. Haoe c1 M= ( S * *M") mod N (-1)c Bocec Bc yy y cxey [1603, 1604, 1605]. Beco oee apa opoo e ca cooe, oee eo pe cee. oe poce ca o opy 1 o oy 3, ae op ap oayc oao. ae ye, cyecye oo oa yaa pacpoa aoo poa.

peyeco cxe Paa Bca epe RSA o, o oaao, o o ae eoac, a pa oee a oe. Oao epe cpe c pa poeco o coepeo ea.

Ec copaeec cooa cxe cyae, oa o oe o aoe cpe (apep, aop poo oc, oa o oe pa ocaee cooe ), e a ae cooa epe ocae ooapaey x-y. Pa peo pyo coco ac o aoo cp: aoy cooe epe xpoae ocae oaec y aa cyaa cpoa. ecac, oce oae ooapaeo x-ye o a, o c c ea co e eoaca, a paoee a oe, oe e ec oaa [628]. Xo c pa eco o pe oaee xp oa e oe oca ccey.

py apaa cxe Paa c [972, 909, 696, 697, 1439, 989]. yep apa oca [866, 889].

19.6 EIGamaI Cxey EIGamal [518,519] oo cooa a pox oce, a poa, eo e o acoc ocoaa a pyoc ce cpex oapo oeo oe.

eepa ap e caaa paec pocoe co p a cyax ca, g x, oa c a o ee p. ae cec y = gx mod p Op o c y, g p. g, p oo cea o py ooaee. ap o ec x.

onucu ElGamal o oca cooee M, caaa paec cyaoe co k, ao pocoe c p-1. ae c ec a = gk mod p c oo pacpeoo aopa a axoc b ceye ypae:

M = (xa kb) mod (p - 1) oc ec apa ce: a b. Cyaoe aee k oo xpac cepee. poep o c yo yec, o yaab mod p = gM mod p aa oc poae EIGamal peye ooo ae k, o aee oo pao cya opao. Ec oa-y Ea pacpoe k, coyeoe Aco, oa coe pacp ap Ac x. Ec Ea oa-y coe oy a cooe, ocae apoae c oo ooo oo e k, o oa coe pacp x, ae e a aee k. Ocae ElGamal ceeo 14-.

Ta. 19-5.

oc ElGamal Ompm :

p pocoe co (oe o py ooaee) g

x

k paec cya opao, ao pocoe c p- a (oc) =gk mod p b (oc), aoe o M = (xa kb) mod (p - 1) poepa:

oc caec pao, ec yaab mod p = gM mod p Hapep, epe p = 11 g = 2, a ap x = 8. Bc y = gx mod p = 28 mod 11 = Op o c y = 3, g = 2 p = 11. o oca M = 5, caaa epe cyaoe co k=9. eaec, o gcd(9, 10)= 1. Bce a = gk mod p = 29 mod 11 = c oo pacpeoo aopa a axo b:

M = (xa kb) mod (p - 1) 5 = (8*6 9*b) mod Peee: b = 3, a oc pecae coo apy: a = 6 b = 3.

poep oc yec, o yaab mod p = gM mod p 3663 mod 11 = 25 mod Bapa EIGamal, coye oce, oca [1377]. Toac e (Thomas Beth) ope apa cxe EIGamal, oxo oaaeca eoc [146]. Cyecy apa poep o oc apo [312] oea a [773]. ee c c pyx (c. pae 20.4).

upoaue ElGamal Moa EIGamal ooe poa cooe. poa cooe M caaa pae c cyaoe co k, ao pocoe c p - 1. ae cc a = gk mod p b = yk M mod p apa (a,b) ec poeco. Opae ae, o poec a paa ee opoo e ca. eppoa (a,b) cec M = b/ax mod p Ta a ax gkx (mod p) b/ax yk M/ax gxk M/ gkx = M (mod p), o ce paoae (c. 13-). o cy o o e caoe, o oe a -Xeaa (c. pae 22.1) a cee oo, o y - o ac a, a p poa cooee yoaec a yk.

Ta. 19-6.

poae ElGamal Ompm :

p pocoe co (oe o py ooaee) g

x

k paec cya opao, ao pocoe c p- a (poec) =gk mod p b (poec)= yk M mod p eupupoaue:

M (op ec) = b/ax mod p Copocm Heoope pep copoc pao popax peaa EIGamal pee 12- [918].

Ta. 19-7.

Copoc EIGamal pax oye p 160-oo oa aee cee (a SPARC II) 512 o 768 o 1024 o poae 0.33 c 0.80 c 1.09 c eppoae 0.24 c 0.58 c 0.77 c oc 0.25 c 0.47 c 0.63 c poepa l.37 c 5.12 c 9.30 c amem ElGamal eaaeoa. Ho, pee e ac epe peaoa aop, yo a, o PKP cae, o o aop oaae o ece aea -Xeaa [718]. Oao cpo ec ae a -Xeaa aaaec 29 ape 1997 oa, o eae ElGamal ep popaec o po c op a, po poa pox oce eca Coee x aax aea. e oy oac oo oea.

19.7 McEIiece B 1978 oy Poep Mac (Robert McEliece) papaoa poccey c op a a ocoe eop aepaecoo opoa [1041]. o aop coye cyecoae opeeeoo acca cpax o oo, aaex oa oa (Goppa). O peaa coa o oa aac poa eo a o e o. Cyecye cp aop eopoa oo oa, o oa poea a coo oa o aoy ecy eo oo oe ec NP-oo. Xopoee ocae oo aopa oo a [1233], c. ae [1562]. He pee oo pa oop.

yc dH(x,y) ooaae paccoe Xa ey x y. ca n, k t cya apaepa cce.

ap coco pex ace : G' - o apa eepa oa oa, cpaeo t oo. P o apa epecaoo paepo n*n. S - o nonsingular apa paepo k*k.

Op o cy apa G paepo k*n: G = SG'P.

Op ec cooe pecae coo cpoy k o e k-eeoo eopa a oe GF(2).

poa cooe cya opao paec n-ee eop z a oe GF(2), oopoo paccoe Xa ee pao t.

c = mG z eppoa cooe caaa cec c' = cP-1. ae c oo eopyeo aopa oo oa axoc m', oopoo dH(m'G,c) ee pao t. Haoe cec m = m'S-1.

B coe opao paoe Mac peo ae n = 1024, t = 50 k = 524. o ae ae, peyee eoacoc.

Xo o aop o epx aopo c op a, e ooc ya o eo yceo poaaeco cp, o e oy pooo pa popaeco c o oece. Cxea a a-p opa cpee, e RSA, o y ee ec p eocao. Op opoe:

219 o. Co yeaec oe ax - poec a paa ee opoo eca.

P oo poaaa o cce oo a [8, 943, 1559, 306]. H oa x e oca yc exa oeo cya, xo cxoco ey aopo Maca aopo paa eoo oye.

B 1991 a pyccx popaa a, o oa ccey Maca c eoop apaepa [882].

B x cae o yepee e o oocoao, oco popao e p o ae o peya. Ee oo oeoe pycc cpe, oopoe e eocpeceo cooa po cce Maca, ocao [1447, 1448]. Pacpe McEliece oo a [424, 1227, 976].

pyue aopum, ocoae a uex oax, ucnpaux ouu Aop Heppeepa (Niederreiter) [1167] oe o aopy Maca cae, o op - o cyaa apa poep eoc oa, cpaeo o. ap o cy e aop eopoa o ap.

pyo aop, coye ea pox oce, ocoa a eopoa cpoa [1501], oce c. [306]. Aop [1621], coy o, cpae o, ee o ace [698, 33, 31, 1560, 32].

19.8 pocce c ec p ece pe yac oe o, o oy opocy cyecye opooe oeco ep a yp. B 1985 oy H o (Neal Koblitz) B.C. Mep (V. S. Miller) eaco peo cooa x pocce c op a [867, 1095]. O e ope ooo popaecoo aop a, coyeo ece pe a oe o, o peaoa cyecye aop, ooe Diffie-Hellman, c oo ecx px.

ece pe a epec, ooy o o oecea coco ocpypoa "eeo" "pa oee", opayx py. Coca x py ec ocaoo xopoo, o cooa x popaecx aopo, o y x e opeeex coc, oeax poaa. Hapep, oe "aoc" epeo ec p. To ec, e cyecye aoo oeca eox eeo, coy oope c oo pocoo aopa c coo epo oc oo pa cya ee. Ceoaeo, aop ce cpeoo oapa oaae cee e paoa work. opooc c. [1095].

Ocoeo epec ece pe a oe GF(2n). n aaoe o 130 o 200 ecoo papaoa cxey ooceo poco peaoa apeec poeccop coyeoo o. Ta e aop oeao oy ocy ocoo oee cpx pocce c op a e paepa e. C oo ecx px a oe o oy pea oa oe aop c op a, ae a Diffie-Hellman, EIGamal Schnorr.

Cooecya aeaa coa xo a pa o . epecyc o eo pe aa poa e eyoye pao oy y Apea Meeeca ( Alfred Menezes) [1059].

ece pe coyc y aaoa RSA [890, 454]. py paoa c [23, 119, 1062, 869, 152, 871, 892, 25, 895, 353, 1061, 26, 913, 914, 915]. pocce c a eoo a ae ecx px paccapac [701]. Aop Fast Elliptic Encryption (FEE, cpoe ecoe poae) oa Next Computer Inc. ae coye ece pe [388]. po ocoeoc FEE ec o, o ap oe o eo aoaec cpoo. pea ac pocce, coye epece pe [868, 870, 1441, 1214].

19.9 LUC Heoope popa papaoa ooee oa RSA, oope coy pae epe caooe ooe eco oee cee. Bapa, aac Kravitz-Reed coy epoe oe ooe [898], eeoace [451, 589]. Bp Mep (Winfried Mller) B p Hoayep (Wilfried Nbauer) coy oo coa (Dickson) [1127, 1128, 965]. Pyo (Rudolph Lidl) Mep oo o oxo [966, 1126] (o apa aa cxeo Ridi), Hoayep poaapoa eo eoacoc [1172, 1173]. (Coopae o ooy eepa pocx ce c o o y yaca (Lucas) oo a [969, 967, 968, 598].) Hecop a ce peye papao pye cceoaee Hoo ea yaoc aaeoa y cxey 1993 oy, aa ee LUC [1486, 521, 1487].

n-oe co yaca, Vn(P,1), opeeec a Vn(P,1) = PVn-1(P,1)- Vn-2(P,1) Teop ce yaca ocaoo ea, ee poyy. Teop oceoaeoce yaca xopoo o ea [1307, 1308]. Ocoeo xopoo aeaa LUC ocaa [1494, 708].

B o cyae eepa ap op /ap caaa pac a ox c a p q. Bcec n, poeee p q. poa e - o cyaoe co, ao pocoe c p-1, q-1, p 1 q 1. Cyecye epe oox a eppoa, d = e-1 mod (HO(p 1), (q 1))) d = e-1 mod (HO(p 1), (q-1))) d = e-1 mod (HO(p-1), (q 1))) d = e-1 mod (HO(p-1), (q-1))) e HO oaae aeee oee paoe.

Op o c d n;

ap o - e n. p q opacac.

poa cooe P (P oo ee n) cec C = Ve(P,1) (mod n) A eppoa:

P = Vd(P, 1) (mod n), c cooecy d B ye cyae LUC e eoacee RSA. A eae, oo o oyoae peya oaa, a oa LUC o pae epe ecox peaax. e oep oy aopy.

19.10 pocce c op o a ae oex aoao ac popa Tao Pe papaoa aop c op o, ocoa a cooa oex aoao [1301, 1302, 1303, 1300, 1304, 666]. Tao e coo aae, a paoee a o e poee yx ox pocx ce, ec aaa paoe a cocae poee yx oex aoao. o e oee epo, ec o aoao eee.

oa ac pao o oac a oea ae 80-x oax oyoaa a aco e. Pe aa ca o ac. Eo a peyao o o, o opaoe aee eoopx eex (aex) aoao ec ca oa oo oa, oa aoa oaa opeeeo cyeao apo cpyypo. o coco ceae, ec o oee c py a o ao (xo e). B aope c op o cepe ec eppye a e aoao, a cooecy op oe oye c oo x oeoo ep e oe. ae pyc, poxo epe e aoa, a eppyc, poxo epe opae ae ooeo aopa ( eoopx cyax aoa o ycaoe oxoee a aoe aee). a cxea paoae poa, pox o ce.

O pooeoc ax cce pae oo caa ceyee: o, a ccea McEliece, ao o cpee RSA, o pey cooa oee x e. a a, oeceaa, a y a , eoacoc, aaoy 512-ooy RSA, paa 2792 a, a 1024-ooy RSA - 4152 a. B epo cyae ccea pye ae co copoc 20869 a/c eppye ae co copoc1 a/c, paoa a 80486/33 M.

Pe oyoa p aopa. ep FAPKC0. a caa ccea coye ee o o e , a opao, ec cpao. aa yx cepex cce, FAPKC1 FAPKC2, coye o e o ee ooe. oce coee, oa a papaoaa o ep oepa poep ooc.

o acaec x aeoc, ae eao aac o poeo (e ceac ce 30 cyo, yyx pao o popa eoacoc ). ocaooo oeca coo a aco e oo e, o poea a yea.

peaeo ocoeoc FAPKC1 FAPKC2 ec o, o o e opae a aea CA. Ceoaeo, a a cpo ec aea a aop Diffie-Hellman ceae 1997 oy, ao p ecoeo c oe epec.

aa Aop poo oc c op o 20.1 Aop poo oc (DIGITAL SIGNATURE ALGORITHM, DSA) B ayce 19991 oa Haoa cy caapo ex (National Institute of Standards and Tech nology, NIST) peo cooa coe Caape poo oc ( Digital Signature Standard, DSS) Aop poo oc (Digital Signature Algorithm, DSA). Coaco Federal Register [538]:

peaaec eepa caap opao opa ( Federal Information Processing Standard, FIPS) Caapa poo oc (Digital Signature Standard, DSS). B o caape opeeec aop poo oc c op o (DSA), po eepax pee, peyx poo oc. peoe DSS coye op poep oyaee eococ oyex ax oc opae. DSS ae oe cooa pee copoo poep pa oc oc cax c e ax.

B o caape paec cxea oc c op o, coya apy peopaoa coa poep pooo ae, aaeoo oc.

:

peoe caap pecae coo peya oe pax eo poo oc. pa pee e, NIST ceoa ooe paea 2 Aa o oepo eoacoc ( Computer Security Act) 1987 oa o o, o NIST papaaae caap,"... oeceae peaee eoacoc cepeoc eepao opa, pa exoo, peaax cpay cee a, y, oopa oaae aoee oxo pao cyaao xapaepca".

Cpe aopo, paccopex poecce p pee ypoe oeceaeo eoacoc, pocoa a apao popao peaa, pocoa copa a pee CA, peoc aeo, e a aoa y eoacoc oeceee paoopa, a ae cee eoca y oc, a y poe p . aaoc, o oece cooecyy ay eepa ccea oo o cocoa. Bpa yoeope cey peoa:

NIST oae, o eo oo ye cooa ecao. pooe cooae o exoo, oycoeo eo ocyoc, ocy ooeco oe paeca oeca.

Bpaa exoo oeceae eoe cooae oepa oc poex, cax c c ooae eeyax apoe. B x poex oepa oc oc cao ceo cpee eeyax apoe, a poecc poep peayec oee oo ceo cpee, apep, a e p coao oepe, aapao pop aeco oye a oepe-pee.

pee, e ce coce ayaec, ooe e paopac c aa : DSA - o aop, a DSS caap. Caap coye aop. Aop ec ac caapa.

Peau a aeue aee NIST ao oo pecx aea oe. coae, o copee o ec, e ay. RSA Data Security, Inc., poaa aop RSA, oaa po DSS. O peoa, o caap cooac aop RSA. RSADSI oyo eao ee a epoae aopa RSA, caap ecao poo oc po o a cay cy ee oepecx ycexo. (peae: DSA eoaeo e apyae ae, paccop y ey oee.) o ae o p aopa RSADSI eo oa po "oeo oy,'' oop, ooo, oo paecy oea oc. oa o oeo, o aop e coye o o y, pa a pooea c pyx o [154], a c oo ce NIST, a c oo ae pecce. (epe ca NIST ooc [1326]. a x, e aae, o o pae epe a a o pa, Pec Xea, acoo aepecoa o, o DSS e p.) Moe oe oa, papaaae popaoe oeceee, oope ye epoa a o p RSA, ae cy po DSS. B 1982 oy paeco opoco peoca ey aop c op o opa ooo x aece caapa [537]. oce oo eee e e o NIST e o ax ec. Tae oa, a IBM, Apple, Novell, Lotus, Northern Telecom, Microsoft, DEC Sun opa oo ee, peay aop RSA. O e aepecoa oepe ec.

Bceo oy epoo epoa ocye(28 epa 1992 oa) NIST oy 109 aea. Paccop o opy pece aea apec DSA.

1. DSA e cooa poa pacpeee e.

pao, o caap e peye a x oooce. o caap oc. NIST ooo caap poa c op o. NIST coepae oy oy, oca aepac apo e caapa poa c op o. o ce epooc peoe caap poo o c ye eooo cooa poa. (Ho oaaec, o ooo - c. pae 23.3.) o e oaae, o caap oc eco ee.

2. DSA papaoa NSA, aope oy ceae ae.

oco epoaax oeape poco apaoa : "Opae NIST cyecy x aopo e x p e yae oep DSS, a ycae oopee, o cyecye a a popaa, cpeac oo NIST / NSA cpa aoay poccey c op o" [154]. Cepe opoc ooceo eoacoc DSA aa Apao ecpo (Arjen Lenstra) Capo Xaepo (Stuart Haber) Bellcore. O ye paccope e.

3. DSA eeee RSA [800].

oee eee cpaeo. Copoc eepa oc pepo oao, o poepa oc c oo DSA o 10 o 40 pa eeee. Oao eepa e cpee. Ho a oepa eepeca, ooae peo pee ee. C pyo copo poepa oc - o aoee aca oep a.

poea p o, o cyecye oo cocoo opa apaepa ecpoa, oac yx peyao. peapee ce oy ycop eepa oc DSA, o o e cea oo. Copo RSA opa ca a, o e peyeca coeo aopa, a copo DSA coy co coco oa. B o cyae oep caoc ce cpee c pee. Xo paa copoc cyecye, oce po e oa e ye aea.

4. RSA - o caap de facto.

Bo a pepa oox ao. co Poepa oea (Robert Follett), peopa popa caap a oa IBM [570]:

IBM cae, o NIST peo caap cxe poo oc, oac o paex eyapox caapo. ooae opaa ooaee ye ac o, o oepa eyapox caapo, c oyx RSA, cao ae yye cae eoxo ycoe poa cpec oecee e oacoc.

co eca poepa (Les Shroyer), e-peea peopa oa Motorola [1444]:

ac oe e, ae, pa ce aop poo oc, oop oo cooa o cey py a ey aepac eaepac oea, a ey ccea oa Motorola ccea pyx pooee. Ocyce pyx ecocox exoo poo oc a ocee oce e c e ao RSA aec caapo.... Motorola oe pye oa... o RSA o oapo. M co eaec o aoec oooc oep yx pax caapo, aoe ooee pee pocy pa c xoo, aepe paepa ycoe cce....

Mo oa xoeoc, o NIST p ISO 9796, eyapo caap poo oc, coy RSA [762.]. Xo o cepe apye, o eocaoe, o p eyapo caap aece aoaoo. eca caap ye oea oece epeca Coe ex ao.

5. Bop aoaoo aopa e op, e o ao ocaoo pee aaa.

Caaa NIST yepa, o papaoa DSA caocoeo, ae pa oo NSA. Haoe NIST oep, o NSA ec aopo aopa. o ox oecooo - NSA e yae oepe.

ae a, aop oyoa ocye aaa, poe oo, NIST po pe aaa o epoa aopa.

6. DSA oe apya pye ae. o a. o opoc ye paccope paee, paccapa ae.

7. Paep a co a.

o eceo cpaea pa DSS. epoaao peaaoc cooa oy o o [1149]. Ta a eoacoc aopa opeeec cooc ce cpex oapo o aaoy oy, o opoc ooa ox popao. C ex op cee cpex oap o oeo oe oco opeeex ycexo, 512 o co ao oopeeo oc (c. pae 7.2). Coaco pay aMaa (Brian LaMacchia) p Oo (Andrew Odlyzko), "... ae eoacoc, oeceaea 512-o poc ca, o oy, axoc a peee... " [934]. B oe a aea NIST cea y a epeeo, o 512 o 1024 o. Heoo, o ce a oye.

19 a 1994 oa a ooae apa caapa [1154]. p o o caao [542]:

o caap oe pec ce eepa eapaea ypae a ecepeo opa.... o caap ye cooa p poepoa peaa cxe oc c op a, o ope papaaa eepae eapae ypae, oope papaaac o aay. ace o epece opaa oy p cooa o caap.

pee e ooac caapo peaoa eo, poe e pae o ae ax.

Onucaue DSA DSA, peca coo apa aopo oc Schnorr EIGamal, ooc oca [1154].

Aop coye ceye apaep :

p = pocoe co o L o, e L pae aee, paoe 64, aaoe o 512 o 1024. (B epoaao caape paep p cpoa pae 512 a [1149]. o ao oeco p ecx aea, NIST o y aopa [1154].) q = 160-oo pocoe co - oe p-1.

g = h(p-1)/q mod p, e h - oe co, eee p-1, oopoo h(p-1)/q mod p oe 1.

x = co, eee q.

y = gx mod p.

B aope ae coyec ooapaea x-y : H(m). Caap opeee cooae SHA, paccopeoo paee 18.7.

epe p apaepa, p, q g, op oy o ooaee ce. ap o ec x, a op - y. o oca cooee, m:

(1) Aca eeppye cyaoe co k, eee q (2) Aca eeppye r = (gk mod p) mod q s = (k-1 (H(m) xr)) mod q Ee oc cya apaep r s, oa ocae x oy.

(3) o poepe oc, c w = s-1 mod q u1 = (H(m) * w) mod q u2 = (rw) mod q 1 v = (( gu * yu ) mod p) mod q Ec v = r, o oc paa.

oaaeca aeaecx coooe oo a [1154]. 19th pecae coo paoe o cae aopa.

Ta. 20-1.

oc DSA Ompm :

p pocoe co o o 512 o 1024 o (oe cooac pyo ooaee) q 160-o poco oe p-1 (oe cooac pyo ooaee) g = h(p-1)/q mod p, e h - oe co, eee p-1, oopoo h(p-1)/q mod p > 1 (oe cooac pyo ooaee) y = gx mod p (p-ooe co) apm :

x < q (160-ooe co) onuc:

k paec cyao, eee q r (oc) = (gk mod p) mod q s (oc) = (k-1 (H(m) xr)) mod q poepa:

w = s-1 mod q u1 = (H(m) * w) mod q u2 = (rw) mod q 1 v = (( gu * yu ) mod p) mod q Ec v = r, o oc paa.

copue npeapumee uceu B 18- pee pep copoc pao popax peaa DSA [918].

Ta. 20-2.

Copoc DSA pax oye c 160-o oaaee cee (a SPARC II) 512 o 768 o 1024 a oc 0.20 c 0.43 c 0.57 c poepa 0.35 c 0.80 c 1.27 c paece peaa DSA aco oo ycop c oo peapex ce. Opae ae, o aee r e ac o cooe. Moo coa cpoy cyax ae k, ae pac ca ae r aoo x. Moo ae c k-1 aoo x ae k. ae, o a pxo cooee, oo c s aax r k-1.

peapee ce aeo ycop DSA. B 17- pee cpae pee ce DSA RSA opeo peaa eeyao apo [1479].

Ta. 20-3.

Cpaee pee ce RSA DSA DSA RSA DSA c o p, q, g oae ce Off-card (P) N/A Off-card (P) eepa a 14 c Off-card (S) 4c peapee ce 14 c N/A 4 c oc 0.03 c 15 c 0.03 c poepa 16 c l.5 c 10 c 1-5 c off-card (P) 1-3 c off-card (P) Bce e apo (off-card) oc a epcoao oepe i80386/33 M. (P) yaa e ope apaep off-card, a (S) - a ape apaep off-card. B oox aopax coyec 512 o oy.

eepau npocmx uce DSA ecpa Xaep yaa, o oa eoope oy aoo ee, e pye [950]. Ec o-y aca ooaee ce cooa o ax cax oye, o x oc ye ee oea.

Te e eee o e pecae poe o y pa: ae oy eo oapy, o a pe , o epooc cyao cooa ooo x peepeo aa, ee, e epooc cy ao oy cocaoe co a xoe epooco poeyp eepa pocx ce.

B [1154] NIST peoeoa ope eo eepa yx pocx ce, p q, e q ec ee e p-1. a pocoo ca p - ey 512 1024 paa 64 -a. yc L-1= 160n b, e L - o a p, a n b - a ca, pe b ee 160.

(1) Bepe pooy oceoaeoc, o pae epe, 160 o aoe ee S. yc g - o a S ax.

(2) Bc U = SHA(S) SHA((S 1) mod 2g), e SHA oca paee 18.7.

(3) Opaye q, ycao ao ae aae U 1.

(4) poep, ec q poc.

(5) Ec q e ec poc, o epec a a (1).

(6) yc C=0 N=2.

(7) k=0,l,...,n, yc Vk=SHA((S N k) mod 2g) (8) yc W - eoe co W = V0 2160V1... 2160(n-1) Vn-1 2160 (Vn mod 2b) yc X = W 2L- Opae ae, o X - o L-ooe co.

(9) yc p = X - ((X mod 2q) - 1). Opae ae, o p opyo 1 mod 2q.

(10) Ec p < 2L-1, o epee a a (13).

(11) poep, ec p poc co.

(12) Ec p - pocoe, epee ay (15).

(13) yc C=C 1 N=N n l.

(14) Ec C = 4096, epec ay (1). B poo cyae epee a a (7).

(15) Coxpa ae S C, cooae eepa p q.

B [1154] epeea S aaec capoo, epeea C - ceo, a N - ceee.

Cc oo ypae o, o oo ec oyoa cocoo eepa p q. cex pa ecx pee o eo ooe ea cax ae p q. Ec o-o py a ae-o p q, ac oe aepecoa, a oye ca. Oao, ec oye ae S C, cooa e p eepa cyax p q, coee oop c poeypy caocoeo. cooae o oapaeo x-y ( caape coyec SHA) e ooe oy S C o ae p q.

a eoacoc ye, e oeceaea RSA. B RSA poce ca xpac cepee. o oe eeppoa aoe pocoe co co, opa oopoo ypoae paoee a oe. He a apoo a, o oa e poep. B DSA, ae ec ap eece, oo y e c, o p q eeppoac cya opao.

upoaue ElGamal c DSA epaoc, o DSA a pac paecy, ooy o eo e cooa aece a o pa poa. Oao oo cooa o y DSA poa EIGamal. yc ao p peaoa a o oo y aa xoe ae p, q, g, k, x h, oo oy apaep oc: r s.

poa cooe m aopo EIGamal c oo opoo a y epe cyaoe c o k oe Bopaeoe aee r ye a cxe EIGamal. Opoc s. ae oe, call epeeye aee r u, opoc s. Boe Opoc r. Bopaeoe aee s ye b cxee EIGamal. Teep y ac ec poec, a b. e ppoae ae poco. coy ap x poec cooe, a b, oe aee r - o ax mod p. Haoe eo e. ae oe aee s ye op eco cooe, m.

o coco paoae e co ce peaa DSA - eoopx x oy acpoa a e p q eoopx pyx apaepo. Te e eee, ec peaa ec ocaoo o e, o oo poa cooee, e coy eo, poe y poo oc.

upoaue RSA c DSA poae RSA ee poe. coy oy n, cooee m op e, oe Bopaeoe aee r ec poec. eppoae RSA ec oo a e. Ec d - a p , o opaae op ec a aee r.

eonacocm DSA C 512 a DSA eocaoo aee eo eoacoc, o o oe aee p 1024 ax. B coe epo ae a y ey NSA a oepoao yepee o epe ( Joe Aber nathy) The Houston Chronicle o ooy ae DSS [363]:

o acaec peoaaeo ae DSS. M cae, o ep "aea" o ayee, a o peo a ae, o epe aey oo a-o pacpoa (poa) apoae cooe, ocaee c oo DSS, e papee opae.

DSS e pye ax ax. o cy opoco ec, e oe o-o p oo DSS oea oc, , a opao, cpepoa c ccey. M aeopec ae, o epooc, o o-y - a NSA coe oea oc DSS, p pao cooa caapa ecoeo aa.

oee oo, peooee o yceoc aee cpaeo o cce poep ooc c o p a, a RSA. epee, o o e oo a DSS (apye, oyp pecce), ooc eepo. Bopoc peaa cocoe opa pocx ce. M pae ac ye ae eae oepe EUROCRYPT, e "a py coo" ocyac opoc aee DSS. O yaco ocye o c ceoaee Bellcore, yepa o oooc ae, o aey oa yac cycc - a oo cceoae Bellcore - p oy, o opoc o aee DSS e pecae poe. oee oo, ce o pao, o opoc o aee ec pa pay pecco. Oao, ac o poce NIST oe a oee o aee, papaoa poecc eepa pocx ce, oo ea opa ooo ooc eo eooo ca cax pocx ce, cooae oopx ocae DSS. poe oo, NIST acaae a c ooa oye oe , o o 1024, o ooe e ooac papaoa poecco eepa pocx ce, ea cax pocx ce. Oe a ooe oeo, a oop aco e opaa ae, ec o, o p cooa DSS poce ca oeocmyn , ceoaeo, oy peeo opoo ye. He ce cce c op a coco po ooy poepy.

eococ o cce a opa peye opa ae a peaa. a yoc c c e c oa paopax ooaee, NSA o pa acaae a cooa epaoax oepe x epo a a cocoe poa pc ccee. Xo o poce NIST papaoa p execx o a DSS, oox peaoa eee epaoa oxo, ce e yo e y ac oe o DSS Federal Register, oopo oopc:

"Xo o caap oe oece oe peoa eoacoc eepa pox oce, cooece caapy e oeceae eoacoc opeo peaa. Oeceoe o ao eapaee ypa e oo apapoa, o oa peaa apapye pee ypoe eoacoc. NIST poo paoy c paece ooae, oecea paoc pea a."

Haoe y ce yepe o eeoacoc DSS, o ac e ye. DSS aeo ye NSA, o ooo aey peopy o eoacoc opaox cce pape cooa o caap o c ecepex ax, opaaaex opeeex paeaex cceax, ae oc cepex a x pe cce. M cae, o oooe pae ceecye o eoooc aoo-o epooo cp eoacoc, oeceaeo DSS p eo pax peaa cooa. Ocoac a peoax pa eca CA exe eoacoc pox oce, cae, o DSS ec y opo. B ec eoc, DSS cyae aece ooo poea Cce a cooe (Defense Message System), paoo apapoa ooc epox cooe eo ax oa opoo opa. a aa a eocpa ae yace oea aao ao, oex cy oopox eoc pooc ooepa c NIST.

e copac oepoa coc ae NSA. pa eo a py e - ac o a eo ey ooe.

Bcpmu k ao oc yo ooe aee k, oopoe oo pac cya opao. Ec Ea y ae k, oopoe Aca cooaa oc cooe, oe ocooac eoop co ca eepaopa cyax ce, oop ae k, oa coe pacp ap Ac, x. Ec Ea oye a cooe, ocax c oo ooo oo e k, o, ae e a aee k, oa co e pacp x. A c oo x Ea coe ao oea oc Ac. B o peaa DSA eoacoc cce oe ae xopo eepaop cyax ce [1468].

Onacocmu oeo oy Xo DSS e opeee peee ooae oeo oy, pae peaa oy oco oac ao oooc. Hapep, Haoooe ypaee paccapae cooae DSS e poo aoo. o ec a opaa opeye, o ce aooae cpa cooa o e p q? O oy co eo caoc e poaaa. oa co pao ocy a pae peaa DSS, o p ecooca ec.

ocoame aa DSA yc Coc (Gus Simmons) op DSA ocoae aa [1468, 1469] (c. pae 23.3). o o coae aa ooe cpaa oc aoe cooee, oopoe oe poao oo e, y oo ec . Coaco Cocy, o "aeaeoe coaee", o "ce oee eoca ocoaex aao, coyx cxey ElGamal, oy ycpae" DSS, o DSS "a ceo oeceae aoee oxoy cpey ocoaex oya ". NIST NSA e oepo a o ocoae aa, o ae e ae, oaac o o ao oooc. Ta a o ocoae aa ooe p eopocoeco peaa DSS epeaa c ao oc ac apoo a. Hoa a oyec peaae DSS, ec e oepee papaoy pea a.

amem pa (David Kravitz), paee paoa NSA, aee aeo DSA [897]. Coaco NIST [538]:

NIST epecax oeca cpec cea exoo DSS ocyo ecao o cey py. M cae, o a exoo oe aaeoaa, o ae pye ae e pe DSS, o e oe a epx a pa oo o oye aea.

Hecop a o, p aea aeo yepa, o DSA apyae x ae: Diffie-Hellman (c.

pae 2.2.1) [718], Merkle-Hellman (c. pae 19.2.) [720] Schnorr (c. pae 21.3) [1398]. ae Schnorr ec coo aox cooce. Cpo ec yx pyx aeo ceae 1997 oy, a ae Schnorr ecee o 2008 oa. Aop Schnorr papaoa e a paecee e. B o e o aeo PKP y paeca CA e pa a ae Schnorr, opp aaeoa co aop o cey py. ae ec cy CA ecy peee oy DSA, eco, aoe peee py cy p y x cpaax. Coe eyapoa opopa p caap, oop aoe ox cpaax a pyae aeoe aooaeco pyx ? Hyo pe, o pe y poey, oey aca o o opoc e pee ae Coeex aax.

B e 1993 oa NIST peo a PKP cey aey e a DSA [541]. Co aee poaoc oce poeco oeceoc caap e ce e cx coae. NIST a [542]:

.. NIST paccope ae o ooo apye aeo cea o, o ae ecpae.

a caap oao p, oyxe axe cye poecca, o e ae, o ea.

NIST a, o o ooe ac , oe apye aeoo aooaeca p cooa DSA paoe o paeceoy opay. Ocae, o oy, o aoc o cee ca. poe aocoo caapa, coyeo DSA, y ANSI [60]. NIST paoae a ee e caapa DSA paeceo aapae. Shell Oil ceaa DSA co eyapo caapo.

O pyx peoex caapax DSA e eeco.

20.2 Bapa DSA o apa eae poe ce, eoxoe oc, e aca c k-1 [1135]. Bce coyee apaep - ae e, a DSA. oc cooe m Aca eeppye a cyax ca, k d, ee q. poeypa oc a r = (gk mod p) mod q s = (H(m) xr) * d mod q t = kd mod q o poepe oc, c w = t/s mod q u1 = (H(m) * w) mod q u2 = (rw) mod q 1 Ec r = (( gu * yu ) mod p) mod q, o oc paa.

Cey apa ypoae ce p poepe oc [1040, 1629]. Bce coyee apae p - ae e, a DSA. oc cooe m Aca eeppye cyaoe co k, eee q. poey pa oc a r = (gk mod p) mod q s = k (H(m) xr)-1 mod q o poepe oc, c u1 = (H(m) *s) mod q u2 = (sr) mod q 1 Ec r = (( gu * yu ) mod p) mod q, o oc paa.

Ee o apa DSA papeae aey poepy, o oe poep oc aea [1135]. Ec ce oc pa, o paoa oa aoea. Ec oa x epaa, o ey ee yo o, aa. ecac, o eeoaco. o oca, o poep oe eo coa aop ax oce, oop yoeope pep poep aea oce [974].

Cyecye ae apa eepa pocx ce DSA, oop ae q coyee e epa pocx ce apaep yp p. Be a cxea a eoacoc DSA, ce ee eeco.

(1) Bepe pooy oceoaeoc, o pae epe, 160 o aoe ee S. yc g - o a S ax.

(2) Bc U = SHA(S) SHA((S 1) mod 2g), e SHA oca paee 18.7.

(3) Opaye q, ycao ao ae aae U 1.

(4) poep, ec q poc.

(5) yc p - o oeee q, S, C SHA(S ). C pecae coo 32 yex a.

(6) p=p-(p mod q) l.

(7) p=p+q.

(8) Ec C p pao 0x7fffffff, epec a a (1).

(9) poep, ec p poc.

(10) Ec p - cocaoe, epec a a (7).

peyeco oo apaa ec o, o a e yo xpa ae C S, cooae eepa p q. O e coca p. poe, paoax ycox exa a, ap ep, eeyax apoe, o oe ao.

20.3 Aop poo oc OCT o pycc caap poo oc, Oao aae OCT P 34.10-94 [656]. Aop oe oxo a DSA, coye ceye apaep p = pocoe co, a oopoo o ey 509 512 a, o ey 1020 1024 a.

q = pocoe co - oe p-1, o o 254 o 256 o.

a = oe co, eee p-1, oopoo aq mod p = 1.

x = co, eee q.

y = ax mod p.

o aop ae coye ooapaey x-y : H(x). Caap opeee cooa e x-y OCT P 34.1 1-94 (c. pae 18.1 1), ocoao a cepo aope OCT (c.

pae 14.1) [657].

epe p apaepa, p, q a, op oy cooac coeco ooae ce. ap o cy x, a op - y. o oca cooee m (1) Aca eeppye cyaoe co k, eee q (2) Aca eeppye I = (a* mod p) mod q s = (ct k(H(m))) mod q r = (ak mod p) mod q s = (xr k(H(m))) mod q Ec H(m) mod q =0, o aee x-y ycaaaec pa 1. Ec r =0, o epe pyoe aee k ae coa. oc cya a ca: r mod 2256 s mod 2256, Aca ocae x oy.

(3) o poepe oc, c v = H(m)q-2 mod q z1 = (sv) mod q z2 = ((q-r)*v) mod q 1 u = (( az * yz ) mod p) mod q Ec u = r, o oc paa.

Pae ey o cxeo DSA o, o DSA s = (k-1 (H(m) xr)) mod q, o ae pyoe ypae e poep. oo, oao, o a q paa 256 a. ocy aax popao aec ocao q pepo 160 o o. Moe o poco cece pycco p pa cepxeoacoc.

Caap coyec c aaa 1995 oa e ap po " cyeoo ooa", o o e ao.

20.4 Cxe poo oc c cooae cpex oapo Cxe oc ElGamal, Schnorr (c. pae 21.3) DSA oe oxo. o cy, ce o c pe pepa oe cxe poo oc, coye poey cpex oapo. Bece c c a pyx cxe oce o c ac ooo oo e ceeca [740, 741, 699, 1184].

Bepe p, ooe pocoe co, q, paoe o p-1, o ooy pocoy oe p-1. ae epe g, co ey 1 p, oopoo gq 1 (mod p). Bce ca op, oy coeco c ooa pyo ooaee. ap o ec x, eee q. Op o cy y =gx mod q.

o oca cooee m, caaa epe cyaoe aee k, eee q ao pocoe c .

Ec q oe pocoe co, o ye paoa oe k, eee q. Caaa c r = gk mod p Ooeoe ypaee oc pe ak = b cx mod q oe a, b c oy pa pae ae. aa cpoa 16th peocae ec o ooce. poep oc, oyae oe yec, o ra = gbyc mod p o ypaee aaec ypaee poep.

Ta. 20-4.

Booe epecao a, b c (r'= r mod q) r' s m r' m s r' m ms m r' r' s ms r' s B 15th epece ooe apa oc poep, oyee oo epo cpo o ox ae a, b c e yea eo .

Ta. 20-5.

Cxe poo oc c cooae cpex oapo paee oc paee poep (1) r'k=s+mx mod q rr'=gsym mod p (2) r'k=m+sx mod q rr'=gmys mod p (3) sk= r'+mx mod q rs=gr'ym mod p (4) sk= m+ r'x mod q rs=gmyr' mod p (5) mk= s+ r'x mod q rm=gsyr' mod p (6) mk= r'+sx mod q rm=gr'ys mod p o ec pax cxe pox oce. oaee yca yeae x oeco o 24. p cooa cex oox ae a, b c co cxe oxo 120.

EIGamal [518, 519] DSA [1154] o cyecy ocoa a ypae (4). pye cxe - a ypae (2) [24, 1629]. Schnorr [1396, 1397], a pya cxea [1183], eco ca c ypaee (5). A ypaee (1) o o e a, o oy cxey, peoey [1630]. Ocaec ypae - oe.

aee. y x cxe oo cea oee DSA-ooo, opee r a r = (gk mod p) mod q coye o e ypaee oc ceae ypaee poep u1 = a-1b mod q u2 = a-1c mod q 1 v = (( gu * yu ) mod p) mod q (r mod q)a = gbyc mod p Cyecy e pye oooc oox peopaoa [740, 741]. Tae oepa oo poe a c ao 120 cxe, oe oee co cxe poo oc, coyx cpee oap, o 480.

Ho o ee e ce. ooee ooe ee po oee, e 13000 apaa (e ce x ocaoo e) [740, 741].

Oo px copo cooa RSA poo oc ec coco, aaeoe oc caoee cooe. oa poepee oc RSA, cee m. ae ceoe m cpa aec c cooee poepec, paa oc cooe. B peyx cxeax occao m p ce oc eooo, a opeyec epooe m, oopoe coyec ypae po ep. Ho, oaaec, oo ocpo apa c occaoee cooe cex epeex cxe. oc caaa c r = mgk mod p ae m ee ypae oc. ae oo occao ypaee poep a, o m oo ceo eocpeceo. To e caoe oo pep DSA-oox cxe:

r = (mgk mod p) mod q eoacoc cex apao oaoa, ooy ee cc pa cxey o cooc ce.

oco cxe aee eoxooc c opae ae. a oaaec, oa x cxe ooe c ypaee oc, ypaee poep e cooa opax ae, p o ee occaaa cooee. Oa aaec cxeo p-NEW [1184].

r = mg-k mod p s = k - r'x mod q m occaaaec ( poepec oc) c oo ce m = gsyr'r mod p B pe apao oopeeo ocaec o a-p oa cooe [740], pye apa oo cooa cex oce [741].

o aea oac ye. Bce pae cxe poo oc c cooae c pex oapo oee oec apaco. o ca, o o ooaeo oo oe copa ey Schnorr [1398] DSA [897]: DSA e ec pooo Schnorr, pao a EIGa mal. Bce p aopa c ac cya ocao oe cxe, a oa cxea eaae o aa.

20.5 ONG-SCHNORR-SHAMIR a cxea oc coye ooe o oy n [1219, 1220]. Bpaec ooe eoe co (a paoee n a oe e oaeo). ae paec cyaoe co k, ao pocoe c n, cec h, paoe h = -k-2 mod n = -(k-1)2 mod n Op o cya h n;

a ap - k.

o oca cooee M, caaa eeppyec cyaoe co r, ao pocoe c n. ae c ec:

S1 = 1/2 (M/r r) mod n S2 = 1/2 (M/r -r) mod n apa ce S1 S2 npecae coo oc. poep oc, yeac, o S12 h*S22 M (mod n) Oca ec apa cxe ocoa a apax ooeax. p eo oyoa [1217] a yce poaa o peoeo oapaee $100. Heeoacoc cxe a oaaa [1255, 18], o o e ocaoo ee aopo. O peo oa aopa, ocoay a yecx ooeax, ae oaayc eeoaco [1255]. Aop peo epc a ae ooeo e epo cee, o a oaa oa [524, 1255]. Bapa, pea poe, oca [1134].

20.6 ESIGN ESICN -o cxea poo oc, papaoaa NTT Japan [1205, 583]. epaoc, o oa e eee eoaca, e RSA DSA, aoo cpee p ex e paepax a oc. ap o cy apa ox pocx ce p q. Op o ec n, oopoo n = p2*q H - o x-y, peea cooe m, pe aee H(m) axoc peeax o 0 o n-1.

coyec ae apaep eoacoc k, oop ye pae paccope.

(1) Aca pae cyaoe co x, eee pq.

(2) Aca ce:

w, aeee eoe, oopoe oe pao (H(m) - xk mod n)/pq s = x ((w/kxk-1 mod p) pq (3) Aca ocae s oy.

(4) poep oc o ce sk mod n. poe oo, o ce a, aeee eoe, oopoe oe pao yoeoy cy o n, eeoy a 3. Ec H(m) ee paa sk mod n, ec sk mod n ee H(m) 2a, o oc caec pao.

Bo p peapex ce, o aop oo ycop. ce oy oe poo oe pee a e ca c ocae cooee. Bpa x, Aca oe pa a (2) a a oaa. Caaa.

(2a) Aca ce:

u = xk mod n v = l/(kxk-1) mod p (2b) Aca ce:

w= aeee eoe, oopoe oe pao (H(m) - u)/pq s = x ((wv mod p) pq oo coyex paepo ce peapee ce ycop poecc oc a o po. o c pya paoa oec eo a ca peapex ce. Ocyee ec oyo ape, oex p ycope ESIGN, oo a [1625, 1624]. o ao p oo pacp pao c ec p [1206].

eonacocm ESIGN oa o aop epe peoe, k o pao pa 2 [1215]. Taa cxea cpo a oaa p peo (Ernie Brickell) oo eaypeco [261], oope pacpocpa coe cpe a cya k = 3. Mopoaa epc oo aopa [1203] a oaa apo [1204].

Bapa, peoe [1204], oa [1553]. ESIGN - o ceo peapa aopo oo ceeca. oa cp ESIGN [963] oaaac epeyao.

B acoee pe aop peoey cooa ceye ae k: 8, 16, 32, 64, 128, 256, 512 1024. O ae peoey, o p q e ee 192 o aoe, opay n e eee, e 576 o y. ( ya, o n oo ee a paa oe.) Aop ca, o c a ae apaepo, eoacoc ESIGN paa eoacoc RSA Rabin. oe aa oaae, o copoc ESIGN aoo e, e y RSA, EIGamal DSA [582].

amem ESICN aaeoa Coeex aax [1208], aae, A, pa, epa a. o, o xoe oy e a aop, oe opac Oe eeyao coceoc NTT (Intellectual Property Department, NTT, 1-6Uchisaiwai-cho, 1-chome, Chiyada-ku, 100 Japan).

20.7 eoe aoa Coepeo oa e, yea aya yao ( Papua Guam) [665], coco cooa poc ceax c op a eox aoao. a ccea ce ee co oa e poa epe a eoe yee, o peapeoe cceoae oaao, o y ee oe aoe e popaec caoe eco, a y pyx cce [562]. Te e eee, o oooeaa oac cceoa. Coc o eox aoao ec o, o ae ec o eppye, eooo c pea po ooo coco, eppoa pao axoe ooa. o oe oxoe a ooapa ey x-y c aeo.

20.8 pye aop c op o a o o peoeo cpo oeco pyx aopo c op a. Aop Matsumoto-lmai [1021] cp [450]. Aop Cade epe peoe 1985 oy, oa [774], ae opaoa o e oy [286]. oo x cp, cyecy oe cp, paca ae ooe a oe o [605]. oy aopy, eoacoc oopoo opeeec ooe ooeo a oe o, yo oocc co ceo, ec e c opoe oopee.

Aop Yagisawa oee oeee cee mod p c apeo mod p-1 [1623], o oa [256]. pyo aop c op o, Tsujii-Kurosawa-Itoh-Fujioka-Matsumoto [1548], ae oaac eeoac [948]. Heeoaco [717] a pe ccea, Luccio-Mazzone [993]. Cxea oc a ae birational epecaoo [1425] a oaa a cey e oce ee pecae [381]. Hecoo cxe oce peo Taya Oaoo ( Tatsuaki Okamoto): o oaao, o oa x a e eoaca, a poea cpeoo oapa, a pya - a poea cpeoo oapa u poea paoe a oe [1206]. Aaoe cxe pecae [709].

ycayc Coc (Gustavus Simmons) peo cooa aece oco aopo c op a J-aepy [1455, 145]. O o e poc oaac oce opee ex eoo paoe ooeo a oe [951]. Tae ye ceae oypy ooeo [1619, 962], o o eo e ao. Xapa Heppeep (Harald Niederreiter) peo aop c op o a ae oceoaeoce cox pecpo [1166]. pyo aop cooa coa oa (Lyndon) [1476], a pe - prepositional ccee [817]. eoacoc ooo eax aop o c op a ocoaac a poee matrix cover [82]. Taya Oaoo ayo Oa (Kazuo Ohta) poe cpaee pa cxe poo oc [1212].

epce coa paao ox pax aopo c op a ec. B oy oe, o oco aopo c op a ocoa a oo pex pyx poe [492, 494]:

1. Pa: ao oeco yax ce, a ooeco, cya oopoo paa N.

2. cpe oap: Ec p - pocoe co, a g M - ee, a x, oopoo oec gxM (mod p).

3. Paoee a oe: Ec N - poeee yx pocx ce, o o (a) pao N a oe, (b) aax ex ce M C a d, oopoo Md C (mod N), (c) aax ex ce e C a M, oopoo Me C (mod N), (d) aaoo eoo ca x opee, cyecye eoe co y, oopoo x y2 (mod N).

Coaco [492, 494], poea cpex oapo a peoea . o ( J. Gill), po ea paoe a oe - yo, a poea paa - ca .

a yoc aeaecx oco popa c op a eoo ecoo. pop pee o poe cpex oapo, o poe paoe a oe ceae eeoac ee acc aopo c op a. oaa [492, 494], o oo pc caec y aopa:

1. Bce oepa, a oope ceac opaec popa c op a - yoee, oeee cee paoee a oe - peca coo yaeae apeece e. Bea o peeo ecoo aeaecoo ye, poc a , a peee pocceax c op a, ye, a e ye ae oepe.

2. Haa oooc o oe apeece ce pace paoepo ceac ooe a pea oa cce c ca aoo paepa, o cce yce oo eceo paa popa paoe a oe, cpex oapax ee ope.

a ye e, e ce aop c op a, ocoae a x poeax, eoac.

Ca oo aopa c op o ac e oo o ceo cooc poe, e a e ocoe aopa. Tpya poea eoaeo peayec co aope. A ap o ce o pe pa [1415]:

1. Teop cooc oo caa c oe ac cya poe. poaa e aco oyae oo aop cacec cax poe - pae poec, a poae o e e o.

2. Bcea cooc poe oo epec xyeo cpeeo cyae. o eo aece cocoa poa, poea oa pyo pee o o cex cyax.

3. pooy coy poey eoaeo oo peopaoa poccey, oy e poea oa oo cpo ee aey, ae oopo oo oo eae oo pocoe peee poe.

aa Cxe ea 21.1 FEIGE-FIAT-SHAMIR Cxea poo oc poep ooc, papaoaa Aoco ao ( Amos Fiat) A a po (Adi Shamir), paccapaec [566, 567]. pe ee (Uriel Feige), a ap opoa aop, pepa eo oaaeco ooc c ye ae [544, 545]. o yee oaae co ooc c ye ae.

9 1986 oa p aopa oa ay a oyee aea CA [1427]. -a oooo oeoo pee aa a paccopea oe. Bpe o pee peyao pao aeoe po ec e aa aea, a eo, aaeoe cepe pacopee. 6 ap 1987 oa, a p o ce e ececoo epoa, o poce ap aeoe po ao aoe pacopee. ao, o "... pacpe ya peea a... oe p yep aoao eoacoc..."

Aopa o paao yeo cex paa CA, oope o e pa ya o po o x cceoax, o ecaopoaoe pacpe opa oe aoc y oa peoo ae, pao $10,000 e py oopeeo. oee oo, aop o co o oooeoy o aea opo aa oo cex ocpax paaax, oope oy ocy o opa.

o o eeo. B eee opo oo 1986 oa aop peca co paoy a oepex pae, Epoe Coeex aax. O ae e aepac paaa, c paoa a oea cye Beaa (Weizmann) pae.

Cyx o o ca pacpocpac ayo cooece pecce. B eee yx e cepeoe pac opee o aypoao. ap eo oe ca, o a oeo cepeoo pacope coo NSA, xo ax oax oeape e o. aee opooc o pyo cop pee [936].

npoea cxea uemuuauu Feige-Fiat-Shamir epe ae x apx e app pae cya oy, n, oop ec poe ee yx ox pocx ce. B peao a n oa e ee 512 o ye a oo e 1024 a. n oe o py opoepo. (cooae ce a (Blum) o e ce, o e ec oae eoacoc.) eepa opoo apoo e e oepe app pae co v, eec apa ocao mod n. py coa paec v a, o ypaee x2 v (mod n) eo pe ee, cyecoao v-1 mod n. o v ye op o e. ae cec aeee s, oopoo s s rt (v-1) (mod n). o ye ap e. coyec cey pooo e a.

(1) e pae cyaoe r, eee n. ae oa ce x =-r2 mod n ocae x Bopy.

(2) Bop ocae e cya b.

(3) Ec b = 0, o e ocae Bopy r. Ec b = 1, o e ocae Bopy y = r*s mod n.

(4) Ec b = 0, Bop poepe, o x = -r2 mod n, yeac, o e ae aee s rt(x). Ec b = 1, Bop poepe, o x = y2*v mod n, yeac, o e ae aee s rt(v-1).

o o a poooa, aae apeae. e Bop oop o pooo t pa, oa Bop e yec, o e ae s. o pooo "papea pa". Ec e e ae s, oa oe oopa r a, o oa coe oay Bopa, ec o oe e 0, oa oe oopa r a, o oa coe oay Bopa, ec o oe e 1. Oa e oe cea oopeeo o, pyoe. Bepo oc, o e yacc oay Bopa o pa, paa 50 poea. Bepooc, o e yacc oay eo t pa, paa 1/2t.

Bop oe opooa cp pooo, aa ce a e. O oe aa oee poo oa c c py opoepo, Baepe. Ha ae (1) eco opa cyaoo r ey ocaec poco co oa aee r, oopoe e cooao po pa. Oao, epooc oo, o Baep a ae (2) epe o e aee b, oopoe Bop cooa poooe c e, paa 1/2. Ceoaeo, epo oc, o o oae Baep, paa 50 poea. Bepooc, o ey yacc oay ee t pa, paa 1/2t.

o o pooo paoa, e oa e oa cooa r oopo. B poo cyae, ec Bop a ae (2) oe e pyo cya , o o oy oa oea e. Toa ae o ooy x o coe c s, e ce aoc.

Cxea uemuuauu Feige-Fiat-Shamir B cox paoax [544, 545], ee, a ap oaa, a apaea cxea oe oc co apea a a ye aoec e Bopa.

Caaa, a peye pepe, eeppyec n, poeee yx ox pocx ce. e epa opoo apoo e e caaa paec k pax ce: v1, v2,... vk, e aoe vi ec apa ocao mod n. coa, vi pac a, o x2 vi (mod n) eo pe ee, cyecoao vi-1 mod n. Cpoa, v1, v2,... vk, cy op o. ae cc a ee si, oopx si s rt (vi-1) (mod n). Cpoa s1, s2,... sk, cy ap o.

Boec cey pooo:

(1) e pae cyaoe r, eee n. ae oa ce x =-r2 mod n ocae x Bopy.

(2) Bop ocae e cpoy k cyax o: b1, b2,... bk.

1 (3) e ce y = r *( )mod n. (Oa epeoae ece ae si, cooecye s1b *s2b **sk bk bi=1. Ec ep o Bopa ye 1, o s1 oe poeee, a ec ep o ye 0, o e, ..) Oa ocae y Bopy.

(4) Bop poepe, o x = y2*( ) mod n. (O epeoae ece ae vi, ocoac v1b * v2 b2 **vk bk a cyao oo cpoe. Ec eo ep o ec 1, o v1 oe poeee, a ec ep o ye 0, o e, ..) e Bop oop o pooo t pa, oa Bop e yec, o e ae s1, s2,... sk.

Bepooc, o e yacc oay Bop t pa, paa 1/2kt. Aop peoey cooa ep o oc oeeca 1/220 peaa ae k = 5 t = 4. Ec y ac cooc a peceo a , yee ae.

puep Be a paoy oo poooa eox cax. Ec n = 35 (a pocx ca - 5 7), o oo apa ocaa c :

1: x2 1 (mod 35) ee pee: x = 1, 6, 29, 34.

4: x2 4 (mod 35) ee pee: x = 2, 12, 23, 33.

9: x2 9 (mod 35) ee pee: x = 3, 17, 18, 32.

11: x2 11 (mod 35) ee pee: x = 9, 16, 19, 26.

14: x2 14 (mod 35) ee pee: x = 7, 28.

15: x2 15 (mod 35) ee pee: x = 15, 20.

16: x2 16 (mod 35) ee pee: x = 4, 11, 24, 31.

21: x2 21 (mod 35) ee pee: x = 14, 21.

25: x2 25 (mod 35) ee pee: x = 5, 30.

29: x2 29 (mod 35) ee pee: x = 8, 13, 22, 27.

30: x2 30 (mod 35) ee pee: x = 10, 25.

Opa ae (mod 35) x apa op c :

vv-1 s=s rt(v-1) 11 16 16 11 29 29 Opae ae, o y ce 14, 15, 21, 25 30 e opax ae mod 35, a a o e ao poc c 35. o ee cc, a a oo (5 - 1) * (7 - 1)/4 apax ocao mod 35, ao pocx c 35: HO(x, 35) = 1 (c. pae 11.3).

a, e oyae op , coco k = 4 ae: {4,11,16,29}. Cooecy ap o ec {3,4,9,8}. Bo o a poooa.

(1) e pae cyaoe r=16, ce 162 mod 35 = 11 ocae eo Bopy.

(2) Bop ocae e cpoy cyax o: {1, 1, 0, 1} (3) e ce 16*(31*41*90*81) mod 35 = 31 ocae eo Bopy.

(4) Bop poepe, o 312*(41*111*160*291) mod 35 =11.

e Bop oop o pooo t pa, a pa c o cya r, oa Bop ye ye e.

Heoe ca, ooe cooa pepe, e oecea peao eoacoc. Ho oa a n paa 512 oee a, Bop e coe ya o apo e e eo poe oo aa, o e eceo ae eo.

yeu B pooo oo cpo eaoe ae. yc I - o oa cpoa, pecaa eaop e: , apec, oep coaoo cpaxoa, paep oooo yopa, cop po xaeoo aa pya a opa. coye ooapaey x-y H(x) ce H(I,j), e j - eooe co, oaeoe I. Hae aop j, oopx H(I,j) - o apa ocao o oy n. ae H(I,j) caoc v1, v2,... vk (j e oa apa oca a). Teep op o e cy I epee j. e ocae I epee j Bopy epe a o (1) poooa ( Bop apyae ae c ao-o opo oc oe ), Bop ee ppye v1, v2,... vk H(I,j).

Teep, oce oo, a Bop yceo aep pooo c e, o ye yee, o Tpe, oopoy eco paoee oy a oe, ceppoa c ey I e, a e apae op vi, oyee I. (C. pae 5.2.) ee, a ap oa ceye aea [544, 545]:

eeax x-y oo ocoeoa paopoa I, oa ey y cyay cpoy R.

a cpoa paec appo opaec Bopy ece c I.

B x peaax k oo o 1 o 18. oe ae k oy ye pe pyoc c, yea oeco ao.

a n oa e ee 512 o. (oeo, c ex op paoee a oe aeo poyoc.) Ec a ooae epe coe coceoe n oyye eo ae opx e, o oo ooc e appa. Oao ao RSA-oo apa eae cxey aeo eee yoo.

Cxea nonucu Fiat-Shamir pepaee o cxe ea cxey oc - o, o cy, opoc pepae Bopa x-y. a peyeco cxe poo oc Fiat-Shamir o cpae c RSA ec ee copoc: Fiat-Shamir yo ceo o 1 o 4 poeo oyx yoe, coyex RSA. B o poooe coa epec Ace oy.

Cc epeex - ao e, a cxee ea. Bpaec n - poeee yx ox pocx ce. eeppyec op , v1, v2,... vk, ap , s1, s2,... sk, e si s rt (vi-1) (mod n).

(1) Aca pae t cyax ex ce aaoe o 1 o n - r1, r2,..., rt - ce x1, x2,... xt, ae o xi = ri2 mod n.

(2) Aca xpye oeee cooe cpo xi, coaa o oo: H(m, x1, x2,... xt). Oa c oye epe k*t o o cpo aece ae bij, e i poeae o1 o t, a j o 1 o k.

i1 i2 ik (3) Aca ce y1, y2,... yt,, e yi = ri *( ) mod n s1b * s2b **skb ( aoo i oa epeoae ece ae si, acoc o cyax ae bij. Ec bij=1, o si yacye cex, ec bij=0, o e.) (4) Aca ocae oy m, ce bij, ce ae yi. oa ye ec op Ac : v1, v2,...

vk.

i 1 i (5) o ce z1, z2,... zt, e zi = y2*( ) mod n v1b *v2b **vk bik ( coa o oe yoee acoc o ae bij.) Tae opae ae, o zi oo pao xi.

(6) o poepe, o epe k*t o H(m, z1, z2,... zt) - o ae bij, oope pcaa ey Aca.

a cxee ea eoacoc cxe oc poopoaa l/2kt. Oa ae ac o cooc paoe n a oe. a ap oaa, o oea oc oeaec, ec cooc paoe n a oe aeo ee 2kt. poe oo, -a cp eoo poe (c. pae 18.1), o peoey oc k*t o 20 o pae epe o 72, peaa k = 9 t = 8.

yea cxea nonucu Fiat-Shamir C Ma (Silvia Micali) A ap yy pooo Fiat-Shamir [1088]. O pa v1, v2,... vk a, o o ep k poc ca. To ec v1= 1, v2= 3, v3= 5, ..

o op . ap o, s1, s2,... sk, cya cyae apae op, opeeee a si = s rt (vi-1) (mod n) B o epc y aoo yaca oe co n. Taa oa oeae poepy oce, e a pe eepa oce x eoacoc.

pyue yyeu Ha ocoe aopa Fiat-Shamir cyecye N-copo cxea ea [264]. a pyx yy e cxe Fiat-Shamir [1218]. Ee o apa - [1368].

Cxea uemuuauu Ohta-Okamoto o pooo ec apao cxe ea Feige-Fiat-Shamir, eo eoacoc ocoaa a pyoc paoe a oe [1198, 1199]. e aop papaoa cxey c eco oc (c. pae 23.1), c oo oopo pae oy oceoaeo oca [1200]. a cxea a peoea peaa a eeyax apoax [850].

amem Fiat-Shamir aaeoa [1427]. p ea oy e a aop cec c Yeda Research and Development, The Weizmann Institute of Science, Rehovot 76100, Israel.

21.2 GUILLOU-QUISQUATER Feige-Fiat-Shamir ep paec poooo ea. O poa ce, yea co epa apea a epa. pa peaa, apep, eeya x apoe, o e co oxo. Oe c e po pey pee, a xpaee ax ao apea oe cpo cepa opaee oooc apo.

y y (Louis Guillou) a-a cap (Jean-Jac ues Quis uater) papaoa aop ea c ye ae, oop oe oxo oox poe [670, 1280]. Oe ey e Bopo, a ae apaee apea ao oee cee acooy yy : aoo oaaeca cyecye oo o oe, oopo - oo oa apea. oce oo e ypo eoacoc p cooa cxe Guillou-Quis uater opeyec o p paa oe ce, e p Feige-Fiat-Shamir. , a Feige-Fiat-Shamir, o aop ea o o pepa aop poo oc.

Cxea uemuuauu Guillou-Quisquater e - o eeyaa apoa, oopa copaec oaa co ooc Bopy. e a e pooc o py apyo, pecax coo cpoy ax coepax aae a p o, epo ec, oep aocoo cea pye, oepaee ee peoc, ae. a oa cpoa aaec J. (B peaoc cpoa apyo oe oe o, aece J coy ec ee x-aee. o ycoee a e e a pooo.) a cpoa aaoa opoy y.

pyo opo opae, oe cex "e", oope oy cooa o poee, ec oaae cee v oy n, e n - o poeee yx xpaxc cepee pocx ce. ap o cy B, paccaeoe a, o JBv 1 (mod n).

e ocae Bopy co apy J. Teep oa xoe oaa Bopy, o o eo ee apy.

oo oa oa ye Bopa, o e eco B. Bo o pooo:

(1) e pae cyaoe eoe r, axoeec aaoe o 1 o n-1. Oa ce T = rv mod n o pae eo Bopy.

(2) Bop pae cyaoe eoe d, axoeec aaoe o 0 o v-1. O ocae d e.

(3) e ce D = rBd mod n ocae eo Bopy.

(4) Bop ce T' = DvJd mod n. Ec T T' (mod n), o ooc e oaaa.

Maeaa e co coa:

T' = DvJd = (rBd)vJd = rvBdvJd = rv(BvJ)d = rv = r' T (mod n), a a JBv 1 (mod n) Cxea nonucu Guillou-Quisquater y cxey ea oo pepa cxey oc, ae poy peaa ee yax apoax [671, 672]. Op ap e ec. Bo a pooo:

(1) Aca pae cyaoe eoe r, axoeec aaoe o 1 o n-1. Oa ce T = rv mod n.

(2) Aca ce d = H(M,T), e M - ocaeoe cooee, a H(x) - ooapaea x-y.

aee d, oyeoe c oo x-y, oo aaoe o 0 o v-1 [1280]. Ec xo x-y xo a o aao, o oe pee o oy v.

(3) Aca ce D = rBd mod n. oc coco cooe M, yx cex ae, d and D, ee apyo J. Oa ocae oc oy.

(4) o ce T' = DvJd mod n. ae o ce d' = H(M,T'). Ec d d', o Aca ae B, ee o c ecea.

Hecoo nonuce o ec ecoo eoe axo oca o o e oye ? poe ceo, o o oca eo opo, o paccapaea cxea oc eae o ye. yc Aca o oca oye, a po poepe oc, o poecc oca oe oeeo poooe oeco e. a pae, Aca o oaa ya ae J B: (JA,BA) (JB,BB). ae n v c o ce cce.

(1) Aca pae cyaoe eoe rA, axoeec aaoe o 1 o n-1. Oa ce TA = rAv mod n ocae TA oy.

(2) o pae cyaoe eoe rB, axoeec aaoe o 1 o n-1. O ce TB = rBv mod n o cae TB Ace.

(3) Aca o, a ce T = (TA*TB) mod n.

(4) Aca o, a ce d = H(M,T), e M - ocaeoe cooee, a H(x) - ooapae a x-y. aee d, oyeoe c oo x-y, oo aaoe o 0 o v- [1280]. Ec xo x-y xo a o aao, o oe pee o oy v.

(5) Aca ce DA = rABAd mod n ocae DA oy.

(6) o ce DB = rBBBd mod n ocae DB Ace.

(7) Aca o, a ce D = DA DB mod n. oc coco cooe M, yx cex ae, d and D, apyo oox ocax: JA JB.

(8) po ce J = JA JB mod n.

(9) po ce T' = DvJd mod n. ae oa ce d' = H(M,T'). Ec d d', o oecea o c ecea.

o pooo oe pacpe a oe oeco e. oo ocae cooee o epeo co ae Ti a ae (3), co ae Di a ae (7). o poep oecey oc, yo a ae (8) epeo ae Ji ocax (8). o ce oc pa, o cyecye o pae epe oa epaa oc.

21.3 SCHNORR eoacoc cxe poep ooc oc ayca oppa [1396,1397] opaec a pyoc ce cpex oapo. eepa ap e caaa pac a pocx ca, p q a, o q o cooee p-1. ae paec a, e paoe 1, aoe o aq 1 (mod p). Bce ca oy cooo oyoa cooac pyo ooaee.

eepa opeo ap e paec cyaoe co, eee q. Oo cy ap o, s. ae cec op v = a-s mod p.

pomoo npoepu nouocmu (1) e pae cyaoe co r, eee q, ce x = ar mod p. ce c pe ape oy oe aoo o oe Bopa.

(2) e ocae x Bopy.

(3) Bop ocae e cyaoe co e, aaoa o 0 o 2t-1. (o aoe t, oc y oe.) (4) e ce y = (r se) mod q ocae y to Bopy.

(5) Bop poepe, o x = ayve mod p.

eoacoc aopa ac o apaepa t. Cooc cp aopa pepo paa 2t. opp coeye cooa p ooo 512 o, q - ooo 140 o t - 72.

pomoo upoo nonucu Aop Schnorr ae oo cooa aece poooa poo oc cooe M. apa e coyec a e caa, o oaec ooapaea x-y H(M).

(1) Aca pae cyaoe co r, eee q, ce x = ar mod p. o ca peapex ce.

(2) Aca oee M x xpye peya:

e = H(M,x) (3) Aca ce y = (r se) mod q. oc c ae e y, oa ocae x oy.

(4) o ce x' = ayve mod p. ae o poepe, o x-aee oee M x' pao e.

e = H(M,x') Ec o a, o o cae oc epo.

B coe paoe opp po ceye oe coca coeo aopa :

oa ac ce, yx eepa oc eacx o ocaeoo cooe, oe oea a ca peapex ce. Ceoaeo, ce oy oe o pe p o co e a copoc oca. Bcpe, apaeoe po ca peapex ce, paccap aec [475], e ya, o oo ee paecy eoc.

p oaoo ypoe eoacoc a oce Schnorr opoe, e RSA. Hapep, p 140-oo q a oce paa ceo 212 a, ee oo oce RSA. oc Schnorr ae aoo opo e oce EIGamal.

oeo, paecx coopae oeco o, coyex o cxee, oe ye eo: apep, cxe ea, oopo oe oe o aoooe cpe ceo a ecoo cey (cpae co cxeo oc, oa oe oe oa ec pace, o o oo).

Moa, oea p peo (Ernie Brickell) eo Maep (Kevin McCurley), o ca eoacoc oo aopa [265].

amem Schnorr aaeoa Coeex aax [1398] ox pyx cpaax. B 1993 oy PKP popeo oe poe paa a o ae(c. pae 25.5). Cpo ec aea CA ceae 19 epa oa.

21.4 peopaoae cxe ea cxe oc Bo caap eo peopaoa cxe ea cxey oc : Bop aeec ooa paeo x-ye. epe ocae cooee e xpyec, eco oo xpoae cpa a ec aop oc. B pe, ay ay oo poea c o cxeo ea.

aa 22 Aop oea a 22.1 DIFFIE-HELLMAN Diffie-Hellman, ep cop aop c op o, opee 1976 oy [496]. Eo eo acoc opaec a pyoc ce cpex oapo oeo oe ( cpae c e o c oee cee o e cao oe. Diffie-Hellman oe cooa pacpeee e - Aca o oy ocooac aopo eepa cepeoo a - o eo e cooa poa eppoa cooe.

Maeaa ecoa. Caaa Aca o ece pa oe poce ca n g a, o g o po mod n. a ex ca xpa cepee eoaeo, Aca o oy ooop c o cooa o ecepeoy aay. ca ae oy coeco cooac pyo o oaee. e pa. ae oec cey pooo :

(1) Aca pae cyaoe ooe eoe co x ocae oy X = gx mod n (2) o pae cyaoe ooe eoe co y ocae Ace Y = gy mod n (3) Aca ce k = Yx mod n (4) o ce k' = Xy mod n k, k' pa gxy mod n. Ho ocyax o aa e coe c o aee, eco oo n, g, X Y. oa o e coy c cpe oap pacp x y, o e co y pe poey. ooy, k - o cepe , oop Aca o c eaco.

Bop g n oe aeo a eoacoc cce. co (n-1)/2 ae oo poc [1253]. , caoe aoe, n oo o: eoacoc cce ocoaa a cooc paoe a oe ce oo e paepa, o n. Moo pa oe g, oopoe ec po mod n;

e p, o oop e o pa aeee oooe g - oo oopapoe co. ( oy e, a cao ee, g e oo ae po, oo oo oo eeppoa ocaoo oy opyy yao py mod n.) Diffie-Hellman c mpe u oee yacmuau * pooo oea a Diffie-Hellman eo oo pacp a cya c pe oee yaca. B poo pepe Aca, o po ece eeppy cepe .

(1) Aca pae cyaoe ooe eoe co x ce X = gx mod n (2) o pae cyaoe ooe eoe co y ocae po Y = gy mod n (3) po pae cyaoe ooe eoe co z ocae Ace Z = gz mod n (4) Aca ocae oy Z'=Zx mod n (5) o ocae po * X'=Xy mod n (6) po ocae Ace Y'=Yzmod n (7) Aca ce k = Y'x mod n (8) o ce k = Z'y mod n (9) po ce k = X'z mod n Cepe k pae gxyz mod n, o ocyax aa c e coe c o aee. pooo oo eo pacp eepx oee yaco, poco oac yac a ce.

Pacupe Diffie-Hellman Diffie-Hellman ae paoae oyax oax [1253]. . y (Z. Shmuley) e Maep (Kevin McCurley) y apa aopa, oopo oy ec coca co [1441, 1038]. B.C.

Mep (V. S. Miller) H o (Neal Koblitz) pacp o aop, coy ece pe [1095, 867]. Taxep aa (Taher ElGamal) cooa ocoooaay e papao a o pa poa poo oc (c. pae 19.6).

o aop ae paoae oe aya GF(2k) [1442, 1038]. B pe peaa coyec eo o oxo [884, 1631, 1632], a a ce oc aoo cpee. Ho poaaece ce oc aoo cpee, ooy ao aeo pa oe, ocaoo ooe, o oece yy eoacoc.

Hughes o apa aopa Diffie-Hellman ooe Ace eeppoa oca eo oy [745].

(1) Aca pae cyaoe ooe eoe co x eeppye k = gx mod n (2) o pae cyaoe ooe eoe co y ocae Ace Y = gy mod n (3) Aca ocae oy X = Yx mod n (4) o ce z = y- k' = Xz mod n Ec ce oeo pao, k = k'.

peyeco oo poooa a Diffie-Hellman coco o, o k oo c apaee, o a oec, Aca oe poa cooe c oo k aoo o ycaoe coee c oo.

Oa oe oca cooee cpay oecy e, a epea oee aoy o oeoc.

Oe o e oea o Ec y ac cooeco ooaee, a oe oyoa op , X = gx mod n, oe ae ax. Ec Aca axoe ycao c c oo, e oaoc oo oy op oa eeppoa x o cepe . Oa oe apoa cooee o oca eo oy. o ee op Ac c o cepe .

aa apa ooaee oe cooa ya cepe , e peyec ax pea pex oeo a ey ooae. Ope o po cepa, o peopa oeece cp, o peypo ec, o o cyae o oe ya e amem Aop oea a Diffie-Hellman aaeoa Coeex aax [718] aae [719]. py a, aaac Public Key Partners (PKP, apep o op a), oya ece c py a ea oac popa c op a oya e a o ae (c. pae 25.5).

Cpo ec aea CA ceae 29 ape 1997 oa.

22.2 pooo "oa-oa" Oe a Diffie-Hellman ycee cp "eoe cepee". O cocoo peo pa o, ec eoxooc Ac oa oca cooe, oope o oca py pyy [500].

o pooo peoaae, o y Ac ec ceppoa op oa, a y oa ec ce p poa op Ac. cepa oca eoop acya oep opao ac, eocpeceo e yacy poooe. Bo a Aca o eeppy cepe k.

(1) Aca eeppye cyaoe co x ocae eo oy.

(2) o eeppye cyaoe co y. coy pooo Diffie-Hellman, o ce o k a a e x y. O ocae x y pye oc o k. ae o ocae oyeec ece c y Ace.

y,Ek(SB(x,y)) (3) Aca ae ce k. Oa pacpoae ocayc ac cooe oa poepe eo o c. ae oa ocae oy ocaoe cooee, cocoee x y, apoax o o k.

Ek(SA(x,y)) (4) o pacpoae cooee poepe oc Ac.

22.3 Tpexpoxo pooo apa o opee A apo o oa e oyoa pooo ooe Ace oy eo aco oeac opae, e coy peapeoo oea cepe, op a [1008]. O peoaae cooae oyaoo cepoo pa, oopoo:

EA(EB(P)) = EB(EA(P)) Cepe Ac - A, a oa - B. Aca xoe oca cooee M oy. Bo o pooo.

(1) Aca pye M co o ocae eo oy C1 = EA(M) (2) o pye C1 co o ocae Ace C2 = EB(EA(M)) (3) Aca pacpoae C2 co o ocae oy C3 = DA(EB(EA(M))) = DA(EA(EB(M))) = EB(M) (4) o pacpoae C3 co o, oya M.

oya oaa coepeo eoacoc oopaoe oo, o c poooo o paoa e yy. p cooa oopaooo ooa p poeca yy e cey opao be:

C1 = M A C2 = M A B C3 = M B Ea, aca p cooe, oop oeac Aca o, poco o XOR cex x poeco occao cooee :

C1 C2 C3 =(M A) (M A B) (M B) = M Oeo, o ao coco paoa e ye.

ap ( eaco Oypa (Jim Omura)) oca oxo a RSA aop poa, oop ye paoa c poooo. yc p ye o o poc co, pe oe p- ec o poc. Bepe poa e, ao poco c p-1. Bc d, oopoo oec de = 1 (mod p - 1). poa cooe ce C = Me mod p eppoa cooe ce M = Cd mod p o oy, y E e cocoa oy M, e pe poey cpeoo oapa, o o oa e o oaao.

a Diffie-Hellman, o pooo ooe Ace aa cepe oe opae c oo, e a ooo eo e. p cooa aopa c op o Aca oa a op oa. pe pexpoxo aop apa, oa poco ocae oy poec cooe. To e ece c oo aopa c op o cey opao :

(1) Aca apaae y oa ( y KDC) eo op .

(2) o ( KDC) ocae Ace co op .

(3) Aca pye M op o oa ocae eo oy.

Tpexpoxo aop apa e oe yco epe cpe "eoe cepee".

22.4 COMSET COMSET (COMmunications SETup, ycaoee c) o pooo oopeeo ea o ea o, papaoa poea RIPE [1305] (c. pae 25.7). C oo popa c op a o ooe Ace oy epoa py pya, p o oeac cepe o.

Maeaeco ocoo COMSET cy cxea Rabin [1283] (c. pae 19.5). Caa cxea epe a peoea [224]. C. opooc [1305].

22.5 Oe apoa a pooo oea apoa a (Encrypted Key Exchange, EKE) papaoa Co e oo (Steve Bellovin) Mao Meppo (Michael Merritt) [109]. O oeceae eoacoc po epy ooc oepx cex, o ooy coy cepy popa, pop a c op a: o cepe coyec poa eeppoaoo cya opao opoo a.

ao npomoo EKE Aca o (a ooae, e cepep, o yoo) e o apo P. coy ce y pooo, o oy poep ooc py pya eeppoa o ceaco K.

(1) Aca Cya opao eeppye apy "op /ap ". Oa pye op K' c oo cepoo aopa, coy P aece a: EP(K'). Oa ocae oy A, EP(K') (2) o ae P. O pacpoae cooee, oya K'. ae o eeppye cya ceaco K pye eo op o, oop o oy o Ac, a ae coy P aece a. O ocae Ace EP(EK'(K) (3) Aca pacpoae cooee, oya K. Oa eeppye cyay cpoy RA, pye ee c oo K ocae oy EK(RA) (4) o pacpoae cooee, oya RA. O eeppye pyy cyay cpoy, RB, pye oe cpo o K ocae Ace peya.

EK(RA,RB) (5) Aca pacpoae cooee, oya RA RB. Ec cpoa RA, oyea o oa, - o a caa cpoa, oopy oa ocaa oy a ae (3), oa, coy K, pye RB ocae ee oy.

EK(RB) (6) o pacpoae cooee, oya RB. Ec cpoa RB, oyea o Ac, - o a caa cpoa, oopy o oca e a ae (4), aepe. Teep oe copo oy oeac opae, c oy K aece ceacooo a.

Ha ae (3) Aca, o a K' K. K - o ceaco , o oe cooa po a cex pyx cooe, oop oeac Aca o. Ea, c ey Aco oo, ae oo EP(K'), EP(EK'(K) ecoo cooe, apoax K. B pyx poooax Ea oa opo oa yaa P ( ce pe pa oxe apo, ec Ea ocaoo ya, oa oe o apo) ae poep co peooe. B paccapaeo poooe Ea e oe poep co peooe, e cp p o aop c op o. , ec K' K pac cya opao, o a poea ye epeooo.

Oea ac poooa, a (3) - (6), oeceae oepee. a (3) - (5) oaa Ace, o o ae K, a (4) - (6) oaa oy, o Aca ae K. Oe ea pee, coye poooe Kerberos, peae y e aay.

EKE oe peaoa c oeco aopo c op a : RSA, ElGamal, Diffie Hellman. poe c eoacoc oa p peaa EKE c aopo paa (ae e yea poe eoacoc, pcyx ca aopa paa ): opaoe pacpeeee poeca coo e co a e peyeca EKE.

Peauau EKE c noo RSA Aop RSA aec ea aoo cooa, o ec p ox poe. Aop peoe y poa a ae (1) oo oaae cee, oca oy. Ocee oo coea pye ooc, cae c cooae RSA, oo a [109].

Peauau EKE c noo ElGamal Peaa EKE a ae aopa ElGamal poca, oo ae ypoc ocoo pooo. coy ooae paea 19.6, g p cya ac opoo a, o cex ooaee. ap o ec cyaoe co r. Op - gr mod p. Ha ae (1) Aca ocae oy ceyee cooee Aca, gr mod p Opae ae, o o op e yo poa c oo P. B oe cyae o eep o, o o a aopa ElGamal algorithm. opooc [109].

o pae cyaoe co R ( aopa ElGamal, eaco o pyx cyax ce, pa e x EKE), cooee, oopoe o ocae A ce a ae (2), a EP(gR mod p, KgrR mod p) Cyecye opae a op epeex ElGamal pee paee 19.6.

Peauau EKE c noo Diffie-Hellman p cooa poooa Diffie-Hellman K eeppyec aoaec. Ooae pooo ee poe. ae g n opeec cex ooaee ce.

(1) Aca pae cyaoe co rA ocae oy A A, mod n gr p cooa Diffie-Hellman Ace e yo poa c oo P coe epoe cooee.

(2) o pae cyaoe co rB ce A K= mod n gr *rB O eeppye cyay cpoy RB, ae ce ocae Ace:

rB EP( mod n),EK(RB) g rB (3) Aca pacpoae epy ooy cooe oa, oya mod n. ae oa ce K g coye eo poa RB. Oa eeppye pyy cyay cpoy RA,, pye oe cpo o K ocae peya oy.

EK(RA,,RB) (4) o pacpoae cooee, oya RA, RB. Ec oyea o Ac cpoa RB coaae c o, oopy o oca e a ae (2), o pye RA o K ocae peya Ace.

EK(RA) (5) Aca pacpoae cooee, oya RA. Ec oyea o oa cpoa RA coaae c o, oo py oa ocaa oy a ae (3), pooo aepaec. Teep copo oy oeac cooe , coy K aece ceacooo a.

cueue EKE eo (Bellovin) Mepp (Merritt) peo yyee apoco-oeo ac aopa, oopoe ooe ea oooo cp p oapye poaao ca poo ae K.

Ha ao pooo EKE. Ha ae (3) Aca eeppye pyoe cyaoe co SA ocae oy EK(RA, SA) Ha ae (4), o eeppye pyoe cyaoe co SB ocae Ace EK(RA,,RB,SB) Teep Aca o oy c c ceaco , SA SB. o aee co yec cooe, oop oeac Aca o, K coyec aece a oea a.

ocop a ypo a, peocaee EKE. Boccaoeoe aee S e ae Ee ao opa o P, a a P oa e coyec poa eo-o aoo, o ee eocpeceo S. poaaecoe cpe K ae eooo, K coyec oo poa cyax ax, a S oa e pyec oeo.

Pacupe EKE pooo EKE cpaae o cepe eocao : o peye, o oe copo a P. B o ce cce aopa ocya xpac ae ooapaeo x-y apoe ooaee, a e ca apo (c. pae 3.2). pooo Pacpe EKE (Augmented EKE, A-EKE) coye apae EKE a ae Diffie-Hellman aee ooapaeo x-y apo ooae aece a cepxpoa. ae ooae ocae ooeoe cooee, ocoaoe a peao apoe, o cooee yocoepe aoo pa ceaco .

Bo a o paoae. a oo, Aca o xo poep ooc py pya eeppoa o . O pa ay-y cxey poo oc, oopo aece apoo a oe cooac oe co, a op oyaec apoo, a e eeppyec oeo.

pepaco oxo aop ElGamal DSA. apo Ac P (, oe , aoe-y pocoe x aee oo apo) ye cooac aece apoo a a P'.

(1) Aca pae cya oaae cee Ra opae rB EP'( mod n) g (2) o, oop ae oo P' e oe oy eo P, pae Rb ocae rB EP( mod n) g A (3) Aca o c o ceaco K= mod n. Haoe Aca oaae, o oa caa gr *rB ae P, a e oo P', oca EK(SP(K)) o, oop ae K P', oe pacpoa poep oc. Too Aca oa pca o co oee, a a oo oa ae P. Caoae, o o aa apoe oa, oe oac P, o o e coe oca ceaco .

Cxea A-EKE e paoae c apao EKE, coy ope , a a o poooe oa copoa pae ceaco aae eo pyo. o ooe oy, aoyey P', o cpe "eoe cepee".

pueeu EKE eo Mepp peaa cooa o pooo eoaco eeoo c [109]:

peoo, o paepya ce pyx eeox aapao. Ec o-y xoe ocooac a eeoo, o oaoc opeeea ea opa. Oepe pee... pey, o y oeo ec . Bo ox cyax o eeaeo. EKE ooe cooa opo, o c aa y p apo, oecea opao oee ceaco .

EKE o oee cooo c. Moeeco pecae coo oy poey cooo ee o , EKE oe oo ac o eo ( oece apoc oa) a ce poa eeoo, ecoex e ee PIN-oa. Ta a PIN-o e xpac eeoe, eo eooo e ypaeoo epa.

aa ca EKE coco o, o popa c op a cepa popa oec yca py pya :

B oe epcee EKE paoae a ycuume cepemocmu. To ec, eo oo cooa yce cpa eo cax cepx acepx cce, coyex ece. Paccop, apep, paep a, eoxo oecee eoacoc p cooa oea o - oaaee cee. a oaa aMaa (LaMacchia) Oo (Odlyzko) [934], ae oy c paepa, cac eoac, (a eo, 192 a) yc e cp, aaey ecoo y oepoo pee. Ho x cpe caoc eoo, ec eoxoo epe peee cp yaa apo.

C pyo copo, cooc cp oea a - oaae cee oe cooaa cpa o o yaa apo. Boooc cp yaae apo ac o copoc poep aoo peooe.

Ec oe ao poep eoxoo o oe a - oaae cee, o oee pe eo opacae.

EKE aaeoa [111].

22.6 aee epeoop o e a cxea ae aae epeoop o e o oxoo opa apoe cp "eoe cepee" [47, 983]. B e coyec x-y yx epeex, oaaa ocoe coco : oa aco po cooe o epo epeeo, paec oa - o opo.

H'(x,y) = H(H(k,x) mod 2m, x), e H(k,x) - oa y k x Bo a o pooo. Aca o coy o cepe apo P ye oec ce pe o K, coy oe o Dime-Hellman. O coy P poep, o x ceacoe oao ( o Ea e pepa cpe "eoe cepee" ), e oo Ee oy P.

(1) Aca ocae oy H'(P,K) (2) o ce H'(P,K) cpaae peya co aee, pca Aco. Ec o coaa, o ocae Ace H'(H(P,K)) (3) Aca ce H'(H(P,K)) cpaae peya co aee, oye o oa.

Ec Ea aec o cpe "eoe cepee", oa coye o , K1, o c A co, pyo, K2, o c oo. o oay oa a ae (2), e pec c o apo ae oca oy H'(P,K2). p cooa oo x-y oa oe epepa aco cpea ec apo, oa e yaae pa, ae yceo poy pooo. Ho p cooa peaaeo x-y, oe apo a oo o e aee p xpoa c o K1. oo y, oa oa axo coaee, o copee ceo o epa apo, o cyae oa oay e yacc.

22.7 Pacpeeee a oepe cepea pooeaea epeaa Aca xoe epea cooee M cpay eco oyae. Oao oa coce e xoe, o o yoo co poec eo. B eceoc, e yo, o oo oyae opeeeoo oo e ca o pao pacp M. cex ocax oa oyc eyxa.

Aca oe cooa aoo oyae o (cepe op). Oa py e cooee a-y cya o K. ae oa pye o K a e pax oyaee cooe. Haoe oa pooeaeo ocae apoaoe cooee, a ae ce a poae K. Cya epeay o o aec pacpoa ce K co cepe o, ac a pa, o, ec Aca e aa epec oyaee coeo cooe, o e coe , copooaeoe apoa o. Tae ye paoa paee paccopea popa c eco a.

pyo coco peaaec [352]. Caaa a oyaee ooapaec c Aco o oe x ox e, oop ee oo oooo poaoo cooe. Bce o ao poc. Oa pye cooee cya o K. ae oa ce oo eoe co R, oopoe o oy cepeoo a opyo K, ec o cepe peoaaec cooa pacpo cooe, opyo y poo c yae.

Hapep, ec Aca xoe, o cepe oy o, po e, o e p, oa pye cooee o K ae ce aoe R, o R K (mod KB) R K (mod KC) R 0 (mod KD) R K (mod KE) R 0 (mod KF) o poca aepaeca poea, oopa eo oe peea Aco. oa o cooee y e po oyae, o c aee oyeoo a o oy x cepeoo a. Te, o y peaaaoc o cooee, peyae ce oya y . B poo cyae p e yao ye 0.

Ee o, pe, y, coy opooy cxey (c. pae 3.7), peaaec [141]. a py x cocoax a oea oyae oyae cepe . o ec e ee e coao opooo cxee. Aca coxpae p cepex e ce, oc eoopy epecay e oc ccey. yc ceo cyecye k oox oyaee. Toa pooeaeo epea M Aca pye M o K eae ceyee.

(1) Aca pae cyaoe co j. o co pao aacpoa oeco oyaee cooe. Oo e oo co o ae oe pac y.

(2) Aca coae opooy cxey (k j 1, 2k j 1), oopo:

K - o cepe.

Cepee apecao cooe cya e.

Cepee ooaee, oopx e cpe oyaee cooe, e c e.

j ee pac cya opao, e coaa c o cepe o.

(3) Aca pooeaeo epeae k j cyao pax ee, oa oopx e coaae c e aa (2).

(4) a cyaee, px pooeaeoe cooee, oae co e oye k j e. Ec oaee coe e ooe ooae c cepe, o ey yaoc op . B poo cyae - e yaoc.

pyo oxo oo a [885, 886, 1194]. ee o - [1000].

Pacnpeeeue e oepeuu o pooo ooe pye n ooaee ooopc o cepeo e, coy oo e cepee aa. pya coye a ox ox pocx ca p q, a ae eepaop g o e , o q.

(1) ooae i, e i o 1 o n, pae cyaoe co ri, eee q, pooeaeo opae i zi = mod p gr (2) a ooae poepe, o ziq 1 (mod p) cex i o 1 o n.

(3) i- ooae pooeaeo epeae ri xi = (zi 1/zi-1) mod p (4) i- ooae ce nri K = (zi-1) *xin-1*xi 1n-2*... *xi-2 mod p Bce ce eco peeo poooe - i-1, i-2 i 1 - pooc mod n. o ooa poo oa y cex ecx ooaee oaec o o e K. A ce ocae eo e oya. Oao o pooo e oe yco epe cpe "eoe cepee". pyo pooo, e ao xopo, pe e [757].

Tateboyashi-Matsuzaki-Newman o pooo pacpeee e oxo cooa cex [1521]. Aca xoe c oo Tpea, KDC, eeppoa ceaca c c oo. Bce yaca ece op Tpea n. Tpey ec a pocx oe n, , ceoaeo, o oe eo c apae op o oy n. Cey pooo e coep eoopx eae, o ooe oy oee pecaee.

(1) Aca pae cyaoe co rA ocae Tpey rA3 mod n (2) Tpe cooae oy, o o-o xoe oec c o.

(3) o pae cyaoe co rB ocae Tpey rB3 mod n (4) Tpe, coy co ap , pacpoae rA rB. O ocae Ace rA rB (5) Aca ce (rA rB) rA = rB Oa coye rB eoacoo ceaca c c oo.

pooo xopoo, o coep ae . po oe ocya a(3) cooa y opa, ocooac oo oepoo Tpea coeo cooa a, o pacp [1472].

(1) po pae cyaoe co rC ocae Tpey rB3 rC3 mod n (2) Tpe cooae y, o o-o xoe oec c o.

(3) pae cyaoe co rD ocae Tpey rD3 mod n (4) Tpe, coy co ap , pacpoae rC rD. O ocae po (rB rC mod n) rD (5) ocae rD po.

(6) po coye rC rD oye rB. Oa coye rB pacpoa epeoopo Ac oa.

o oxo.

aa Ceae aop poooo 23.1 popa c eco op a o ooee RSA (c. pae 19.3) [217, 212]. Moy n ec poeee yx pocx ce p q. Oao eco e d, oopx ed 1 mod ((p-1)(q-1)), paec t e Ki, oopx oec K1* K2*... *Kt 1 mod ((p-1)(q-1)) Ta a K1*K2 *...*Kt M = M o a cxea oaaec cxeo c eco a, ocaa paee 3.5.

Ec, apep, coyec e, o cooee, apoaoe a K3 K5, oe pacpoao c oo K1, K2 K4.

K3 *K C = M mod n K1*K2 *K M = C mod n O pee o cxe ec ocae oyea eco . peca cya , oa oo, o oye ecee, o oe oca Aco, oo. co yc p a: K1, K2 K3. Aca o oya o ooy y epx yx, a pe oyoa ec.

(1) Caaa Aca ocae M ocae eo oy.

K M' = M mod n (2) o oe occao M o M'.

M = M 'K *K5 mod n (3) O oe ae oa co oc.

M'' = M 'K mod n (4) poep oc oo p oo opoo a K3.

M = M ' 'K mod n Opae ae, o paoococooc o cce ya acyaa oep copoa, o o pa ycaoa ccey aa Ace oy. Ta e poea cyecye cxee [484]. oee oa cxea ocaa [695, 830, 700], Ho yc, pepaee poep, poopoa o e cy ocax. Hoe cxe [220, 1200], ocoae a cxeax ea c ye ae, peooea eoca peecyx c ce.

23.2 Aop paee cepea B paee 3.7 paccapa e, coyey cxeax paee cepea. epe peex e pax aopa peca coo ace cya oeo eopeecoo oxoa [883].

Cxea umepnouox ooeo apaa coa opooo cxea A ap ocooac ypae ooeo oeo oe [1414]. Bepe pocoe co p, oopoe oe oeca oox ee oe caoo ooo oox cepeo. o cea cepe o, ceeppye poo ooe cee m-1. Hap ep, ec yo coa opooy cxey (3,n) ( occaoe M opeyec p e), eeppyec apa ooe (ax2 bx M) mod p e p - o cyaoe pocoe co, oee oo oeo. oe a b pac cya opao, o xpac ae opacac oce oo, a pacpeec e. M - o coo ee. pocoe co oo oyoao. Te oyac c oo ce ooea n pax oax:

ki =F(xi) py coa, epo e oe aee ooea p x = 1, opo e - aee o oea p x = 2, ..

Ta a apax ooeax p eecx oea, a, b M, coa pex ypae oo cooa e p e. Oo yx ee e xa, a epex ee ye oo.

Hapep, yc M pao 11. o coa opooy cxey (3, 5), oopo e poe eoe oy occao M, caaa oy apaoe ypaee (7 8 - cyao pae ca chosen ran domly):

F(x) = (7x 2 5x 11) mod e c:

k1 = F(1) = 7 8 11 0 (mod 13) k2 = F(2) = 28 16 11 3 (mod 13) k3 = F(3) = 63 24 11 7 (mod 13) k4 = F(4) = 112 32 11 12 (mod 13) k5 = F(5) = 175 40 11 5 (mod 13) o occao M o pe e, apep, k2, k3 k5, peaec ccea ex ypae :

a*22 b*2 M = 3 (mod 13) a*32 b*3 M = 7 (mod 13) a*52 b*5 M = 5 (mod 13) Peee yy a = 7, b = 8 M = 11. a, M oyeo.

y cxey paee oo eo peaoa ox ce. Ec xoe pa cooee a 30 pax ace a, o occao cooee oo o, oe e ec x, ae aoy 30 eoe ae ooea o cee.

F(x) = ax5 bx4 cx3 dx2 ex M (mod p) ec eoe oy ec eecx (a M), o ep e yacc ya eo o M.

Haoee ea oeo coecoo cooa cepea ec o, o, ec oe pa cya opao, eoe ae p oo ecoex cex ooce e coy ya eo, poe cooe (oopa a eca). o ae eoaco, a oopao oo, oa o cepa oc (o ec, epeop cex oox ecx ee ) o ae, o oe oooe cooee ocaec cepe. o cpaeo cex pecaex o e cxe paee cepea.

Bemopa cxea op (George Blakley) ope cxey, coyy oe oe pocpace [182]. Coo ee opeeec a oa m-epo pocpace. aa e - o ypaee (m-1)-epo epo coc, coepae y oy.

Hapep, ec occaoe cooe y p e, o oo ec oo pexepo p o cpace. aa e pecae coo y ococ. a oy e, oo yepa, o oa ax o c e-o a ococ. a e e - o oa axoc e-o a epecee yx ococe. a p e, oo oo opee, o oa axoc a epecee pex ococe.

Asmuth-Bloom B o cxee coyc poce ca [65]. (m, n)-opooo cxe paec ooe pocoe co p, oee M. ae pac ca, ee p - d1, d2,... dn, oopx:

1. ae di yopoe o opaca, di < di 2. aoe di ao poco c py di 3. d1*d2*...*dm > p*dn-m 2*dn-m 3*...*dn o pacpee e, caaa paec cyaoe co r cec M' = M rp Te, ki, c ki = M' mod di Oe e m ee, oo occao M, coy acy eopey o ocaax, o o eo oo c oo x m-1 ee. opooc pee [65].

Karnin-Greene-Hellman B o cxee coyec apoe yoee [818]. Bpaec n 1 m-epx eopo, V0, V1,... Vn, a, o pa o ap paepo m*m, opaoao x eopo, pae m. Beop U - o eop paepoc m 1.

M - o apoe poeee UV0. Te c poee UVi, e i eec o 1 o n.

e m ee oo cooa pee cce ex ypae paepoc m*m, e ec c oe U. UV0 oo c o U. coy e m-1 ee, pe cce y ypae , a opao, occao cepe eooo.

Pages:     | 1 |   ...   | 8 | 9 || 11 | 12 |   ...   | 14 |



2011 www.dissers.ru -

, .
, , , , 1-2 .