WWW.DISSERS.RU


...
    !

Pages:     || 2 |
-- [ 1 ] --

aa 15 Oeee ox po Cyecye oeco cocoo oe oe aop oye ox aopo. Cy o coaa ooe cxe ec eae oc eoacoc, e

popac epe ep coa ooo aopa. DES ec eoac aopo, o oepac poaay opx 20 e , e e eee, ay cocoo cp ocaec pya ca. Oao co opoo. Pae e oxo o cooa DES aece ooea pyoo aopa c oee o ? o ooo oy peyeca oo a c apae yx ece poaaa.

O cocoo oee ec oopaoe poae - poa ooo oo e oa opoo eca aop poa coyec ecoo pa c eco a. poa e acao oxoe a oopaoe poae, o coye pae aop. Cyecy pye eo.

oopoe poae oa opoo eca o e e o c oo oo e pyoo a opa epayo. oopoe cooae oo e aopa e yeae cooc cp pyo co. (He aae, peoaae, o aop, a oeco poa, ece poa a y.) p pax aopax cooc cp pyo co oe opaca, a oe ocac eeo. Ec copaeec cooa eo, ocae o ae, yeec, o o ceoaex poa pa eac.

15.1 ooe poae Ha cocoo oc eoacoc aopa ec poae oa a c y pa a. Caaa o pyec ep o, a ae oyc poec pyec o p o. eppoae ec opa poecco.

C = EK (EK (P)) 2 P = DK (DK (C)) 1 Ec o aop opaye pyy (c. pae 11.3), o cea cyecye K3, oopoo C = EK (EK (P)) = EK (P) 2 1 Ec aop e opaye pyy, o p oo cepaeo oca oa oyac a apoa o poeca aoo coee. Beco 2n (e n - a a ax), opeyec 22n oo. Ec aop coye 64-o , oapye e, oop a ap o a poec, opeyec 2128 oo.

Ho p cp c ec op eco o e a. Mep Xea [1075] pya coco o e a a pe, oop ooe cp ay cxey ooo poa a 2n+1 poa, a e a 22n. (O cooa y cxey po DES, o peya oo oo a ce oe aop.) o cpe aaec "cpea ocepee", c oo copo oec poae a c pyo - eppoae, oyec ocepee peya cpaac.

B o cp poaay ec P1, C1, P2 C2, ae o C1 = EK (EK (P1)) 2 C2 = EK (EK ( P2)) 2 aoo oooo K ( K1, K2), poaa paccae EK(P1) coxpae peya a. Copa ce peya, o aoo K ce DK(C1) e a ao e peya. Ec ao peya oapye, o ooo, o ey - K2, a peyaa a - K1. ae poaa pye P1 c oo K1 K2. Ec o oyae C2, o o oe apapoa (c epoo c ycexa 1 22n-2m, e m - paep oa), o o ya K1, K2. Ec o e a, o pooae oc.

Macaoe oeco oo poa, oopoe ey, ooo, pec pep, pao 2*2n, 2n+1. Ec epooc o co ea, o oe cooa pe o poeca, oec e a epooc ycexa 1 22n-3m. Cyecy pye coco oa [912].

n aoo cp ye oo oe a: 2 oo. 56-ooo a yo xpa 256 64 ox oo, 1017 ao. Tao oe a oa ee pyo cee peca, o oo xaae, o ye cax apaoax popao o, o o poae ooac e co.

p 128-oo e xpae poeyox peyao opeyec 10 ao. Ec peoo , o ec coco xpa opa, coy ece ao a, ycpoco a, yoe oe aoo cp, ye peca coo ae y c pepo, o 1 .

poe oo, a oaoc ya-o eo oca ! Bcpe "cpea ocepee" aec eoo e aoo paepa.

py cocoo ooo poa, oop oa aa Davies-Price, ec apao CBC [435].

Ci = EK ( P1 EK (Ci-1)) Pi = DK (Ci ) EK (Ci-1)) epaec, o "y oo pea e ax ocox ococ ", oy e o, o oy, a e y cee o cp "cpea ocepee" a pye pe ooo poa.

15. Tpooe upoaue c y au B oee epeco eoe, peoeo Taeo [1551], o opaaaec p paa c oo yx e: ep o, op o coa ep o. O peaae, o opae caaa poa ep o, ae eppoa op, ooaeo poa ep o.

oyae pacpoae ep o, ae pye op , aoe, eppye ep.

C = EK (DK (EK (P))) 1 2 P = DK (EK (DK (C))) 1 2 oa ao pe aa poae-eppoae-poae (encrypt-decrypt-encrypt, EDE) [55]. Ec o aop coye n-o , o a a ocao cxe cocae 2n .

o apa cxe poae-eppoae-poae papaoa IBM coec oc c cyecy peaa aopa : aae yx oaox e aeo oapoy poa. o. Cxea poae-eppoae-poae caa o cee e oaae a o eoacoc, o o pe cooa yye aopa DES caapax X9.17 ISO 8732 [55, 761].

K1 K2 epeyc peopae ocaoo e cp "cpea ocepee". Ec, o poaa oo oooo K1 oe apaee c C = EK (EK (EK (P))) EK (EK ( P)) 1 1 1 1 ae o cpe. oo opeyec oo 2n 2 poa.

Tpooe poae c y a ycoo aoy cp. Ho Mep Xea papaoa pyo coco paea a a pe, oop ooe oa o eo poa a 2n-1 ec, coy 2n oo a [1075].

aoo oooo K2 pacpye 0 coxpae peya. ae pacpye 0 aoo o ooo K1, o oy P. Boe pooe poae P, o oy C, ae pacpye C o K1. Ec oyeoe aee coaae c aee (xpaec a), oye p e ppoa 0 o K2, o apa K1 K2 ec oo peyao oca. poepe, a o. Ec e, pooae oc.

Boee oo cp c pa op eco peye opooo oea a. oao c 2n pee a, a ae 2m pax opx eco. Bcpe e oe pao, o ce e y ceoc ey ec caoc aopa.

ay a Oopco (Paul van Oorschot) Ma Bep (Michael Wiener) peopaoa o cpe o cp c ec op eco, oopoo yo p ecx opx eco. B pepe pe oaaec, o coyec pe EDE.

(1) peoo epoe poeyooe ae a.

(2) coy ec op ec, cec ay aoo oooo K1 opoe poeyo oe aee b, p epo poeyoo ae, pao a:

b = DK (C) e C - o poec, oye o ecoy opoy ecy.

(3) aoo oooo K2 a ae ee c coaa op poeyo aee b:

b = EK (a) (4) Bepooc ycexa pao p/m, e p - co ecx opx eco, a m - paep oa. Ec coa e e oapye, epe pyoe a ae caaa.

Bcpe peye 2n+m/p pee p - a. DES o pao 2120/p [1558]. p, ox 256, o cpe cpee, e cepa oc.

Tpooe upoaue c mpe au Ec copaeec cooa pooe poae, peoey p pax a. Oa a a oe, o xpaee a oo e ec poeo. ee.

C = EK (DK (EK (P))) 3 2 P = DK (EK (DK (C))) 1 2 ayeo cp c paeo a a pe, oop ec "cpea ocepee", opeyec 22n ec 2n oo a [1075]. Tpooe poae c pe eac a eoaco a coo, acoo a ep aec eoac ooe poae.

Tpooe upoaue c uua o (TEMK) Cyecye eoac coco cooa pooe poae c y a, pooco ocaoy cp aae Tpo poae c a o (Triple Encryption with Minimum Key, TEMK) [858]. oyc o, o oy p a : X1 X2.

K1 = EX (DX (EX (T1))) 1 2 K2 = EX (DX (EX (T2))) 1 2 K3 = EX (DX (EX (T3))) 1 2 T1, T2 T3 peca coo oca, oope eoaeo xpa cepee. a cxea apapye, o o opeo ap e ay ye cpe c ec op eco.

Peu mpooo upoau Heocaoo poco opee pooe poae, yo pa o cocoo eo cooa.

Peee ac o peyex eoacoc eoc. Bo a oox pea pooo po a :

Bype CBC: a p paa pyec pee CBC (c. 14tha). oo yo p pax IV.

Ci = EK (Si Ci-1);

Si = DK (Ti Si-1);

Ti = EK (Pi Ti-1) 32 Pi = Ti-1 DK (Ti );

Ti = Si-1 EK (Si );

Si = Ci-1 DK (Ci ) 12 C0, S0 T0 c IV.

Be CBC: a poepao pyec pee CBC (c. 14thb). oo ye o IV.

Ci = EK (DK (EK (Pi Ci-1))) 3 2 Pi = Ci-1 DK (EK (DK (Ci ))) 1 2 EK EK EK EK EK EK 1 1 1 1 DK DK DK DK DK DK 2 2 2 2 EK EK EK EK EK EK 3 3 3 3 (b) Be CBC (a) Bype CBC Pc. 15-1. Tpooe poae pee CBC.

oox peo yo oe pecypco, e oopaoo poa: oe aapayp oe pee. Oao p pex pyx pocxeax pooeoc ypeeo CBC e ee, e p oopao poa. Ta a p poa CBC eac, p pocxe oy apye ocoo, oaa co xo cee a xo.

Hapo o ee CBC opaa c axoc capy o ooe pe poa. o o aae, o ae c pe pocxea pooeoc ye paa oo oo pe pooe o c p oopao poa. o oy y e pooeoc eeo CBC, opeyec epeoae IV (c. pae 9.12):

Ci = EK (DK (EK (Pi Ci-3))) 3 2 B o cyae C0, C-1 C-2 c IV. o e ooe p popao peaa, pae oo p c ooa apaeoo oepa.

coae eee co pe ec ae eee eoac. xa poaapoa pa e pe o ooe epeaoy poaay oapy, o eoacoc ypeeo CBC o cpae c oopa poae yeaec eaeo. Ec paccapa pooe poae a e oo aop, o ypee opae c oo o e ecy opa yp aopa, o oeae poaa. epeax cp yo opooe oeco pax poeco, o eae cp e co pa, o x peyao oo xa, o acopo apaoax ooaee. Aa ycooc ao po cp pyo co "cpee ocepee" oaa, o oa apaa oaoo eoac [806].

poe x cyecy pye pe. Moo apoa a o pa pee ECB, ae a CBC, o pa CBC, o ECB ee pa CBC, a CBC o pa ECB. xa oaa, o apa e eoacee, e oopa DES, po cp epea poaao c pa op eco [162]. O e oca ox ae pyx apao. Ec copae ec pe pooe poae, coye e opay c.

Bapuam mpooo upoau pee, e oc oaaeca oo, o DES e opaye pyy, oopaoo poa peaac pae cxe. O cocoo oece o, o pooe poae e poc oopaoe, o eee eo oa. poc eoo ec oaee a aoe. Mey ep op, a ae ey op pe poa ec ooec cpoo cyax o (c. Pc. 15.2). Ec PP - o y ooe, o:

C = EK (PP(EK ( PP(EK (P))))) o ooee e oo papyae ao, o ae oeceae epepe oo poa, a pe cee. e cooe oaec oo o o.

....

Op ec poae ao ....

e poae ao ....

e poae....

poec Pc. 15-2. Tpooe poae c aoee.

pyo eo, peoe apo coo ( Carl Ellison), coye eoopy y eac o o a epecao ey pe poa. epecaoa oa paoa c o oa 8 a ooo oo, o eae e paep oa oo apaa pa 8 aa. p yc o, o epecaoa oec cpo, o apa eaoo eeee, e aooe pooe p o ae.

C = EK (T(EK (T(EK ( P))))) 3 2 T copae xoe o (o 8 a y) coye eepaop ceocyax ce x ep e ea. eee ooo a xoa po ee 8 ao peyaa epoo poa, ee o 64 ao peyaa opoo poa ee o 512 ao peyaa peeo poa. Ec a o aop paoae pee CBC, a o epoaao peoeo, o eee eoo a xoa copee ceo pee ee ceo 8-oaooo oa, ae ec o o e ec ep.

Ca oce apa o cxe oeae a cpe ypeeo CBC, oeoe xao, o aee poeyp oea, o aacpoa cpyypy opx eco. a poeypa peca e coo oooy oepa XOR c popaec eoac eepaopo ceocyax ce e ooaea a R. T eae poaay opee a priori, ao coyec po a oo aaoo aa xoa oceeo poa. Bopoe poae ooaeo nE (poae c ec cooae n pax e):

C = EK (R(T(nEK (T(EK (P)))))) 32 Bce poa oc pee ECB, coyec e ee n 2 e poa po paec eoac eepaop ceocyax ce.

a cxea a peoea cooa ece c DES, o oa paoae c o aop o. Peya poaaa ao cxe e eec.

15.3 oee oa B aaeeco cooece ao cop a ey, ocaoa 64-oa a oa. C oo copo 64-o o oeceae y opoo eca oo 8 aax poeca. C pyo copo oee o apye eoacy acpoy cpyyp, poe oo, oe oooce o c.

Cyecy peoe yaa y oa aopa c oo oopaoo poa [299].

pee, e peaoa oo x, oee oooc cp "cpea ocepee". Cxea Papa Aypa (Richard Outerbridge) [300], oaaa a 12-, e oee eoaca, e pooe poae c o ap oo y a [859].

Op ec EK EK ea paa ea paa oo- oo oo- oo a a a a EK EK 2 ea paa ea paa oo- oo oo- oo a a a a EK EK poec Pc. 15-3. oee oa.

Oao e peoey cooa oo pe. O e cpee ooo pooo poa : poa yx oo ax ce ae yo ec poa. Xapaepc ooo pooo poa ec, a a o ocpy aco pyc oe poe.

15.4 pye cxe oopaoo poa poeo pooo poa c y a ec o, o yee oe pocpaca e yo o p poa aoo oa opoo eca. Pae e opoo o a ao-y xp coco oe a poa, oope yo pocpaco e ?

oo OFB/cemu o eo coye o aop eepa yx ooo e, oope coyc poa opoo eca.

Si = EK (Si-1 I1);

I1 = I1 + Ti = EK (Ti-1 I2 );

I2 = I2 + Ci = Pi Si Ti Si Ti - ypee epeee, a I I - ce. e o ooo aopa paoa eoopo po 1 pee OFB/ce, a op ec, Si Ti oec c oo XOR. K K eac. Peya 1 poaaa oo apaa e eec.

ECB + OFB o eo papaoa poa ecox cooe cpoao , apep, o o ca [186, 188]. coyc a a: K K. Caaa eepa ac oa yo 1 coyec pa aop . a aca ye cooaa oopo poa cooe e e a. ae oec XOR opoo eca cooe ac. Haoe peya XOR pyec c oo paoo aopa a K pee ECB.

Aa oo eoa pooc oo o paoe, oopo o oyoa. oo, o o e caee oapoo poa ECB ooo ae ce, a ooe peee aopa. Bepoo, poaa oe o oc e eaco, ec o oy ecoo opx eco a o, apoax o o.

o apy aa ex oo ox ex e ecax pax cooe, oo co oa IV. B o o cooa IV pyx peax ao cyae epe poae ECB o ec XOR aoo oa cooe c IV.

M (Matt Blaze) papaoa o pe coe UNIX Cryptographic File System (CFS, popa eca aoa ccea). o xopo pe, ocoy cp cocoe ec oo oo poae pee ECB, aca oe ceeppoaa oo o pa coxpaea. B CFS aece o oo aopa coyec DES.

xDESi B [1644, 1645] DES coyec a ooe pa ox aopo c yee paepa e oo. cxe a e ac o DES, x oe cooac o o aop.

ep, xDES1, pecae coo poco cxey Luby-Rackoff c o po aece aoo y (c. pae 14.11). Paep oa a paa oe paepa oa coyeoo ooo pa, a paep a p paa oe, e y coyeoo ooo pa. B ao 3 ao paa oo a pyec o aopo o e, ae oec XOR peyaa eo oo, oo epecac.

o cpee, e ooe pooe poae, a a pe poa pyec o, a o o poo a paa oe oa coyeoo ooo aopa. Ho p o cyecye pocoe k cpe "cpea ocepee", oopoe ooe a c oo a paepo 2, e k - o paep a ooo aopa. paa ooa oa opoo eca pyec c oo cex o ox ae K1, oec XOR c eo ooo opoo eca oyee ae coxpa c ae. ae paa ooa poeca pyec c oo cex oox ae K3, oec oc coae ae. p coae apa e K1 K3 - oo apa paoo a. oce ecox oope cp ocaec oo o aa. Ta opao, xDES1 e ec ea peee. ae xye, cyecye cpe c pa op eco, oaaee, o xDES1 e aoo cee coyeoo e ooo aopa [858].

B xDES2 a e pacpec o 5-aoo aopa, paep oa oopoo 4 paa, a paep a pa pea paep oa a coyeoo ooo pa. Ha 11th oaa o a xDES2, a epex ooo o paepy pae oy coyeoo ooo pa, a ce 10 e eac.

EK EK Pc. 15-4. O a xDES2.

oy e, a cxea cpee, e pooe poae : poa oa, oop epe paa oe oa coyeoo ooo pa, yo 10 poa. Oao o eo ycee epeaoy poaay [858] cooa eo e co. Taa cxea ocaec yceo epeaoy poaay, ae ec coyec DES c eac a ao.

i 3 xDESi epoo co e, o cooa eo aece ooo aopa. Hapep, paep oa xDES3 6 pa oe, e y eaeo ocoe ooo pa, 21 pa ee, a poa oa, oop 6 pa ee oa eaeo ocoe ooo pa, yo 21 poae.

o eeee, e pooe poae.

mupamoe upoaue Ec pooe poae eocaoo eoaco - oe , a yo poa pooo poa, coy ee oee c aop - o paoc poa oo ye. Oe yc oo cp "cpea ocepee" paoe poae. (Apye, aaoe paccope ooo poa, oaa, o epexpaoe poae o cpae c po e a eo oae aeoc.) C = EK (DK (EK (DK (EK (P))))) 1 2 3 2 P = DK (EK (DK (EK (DK (C))))) 1 2 3 2 a cxea opao coeca c po poae, ec K1 = K2, c oopa poae, ec K1 = K2 = K3. oeo, oa ye ee aee, ec cooa eacx e.

15.5 eee a CDMF o eo papaoa IBM poya CDMF (Commercial Data Masking Facility, oepecoe cpeco acpoa ax) (c. pae 24.8), o pepa 56-o DES 40-o, pa pee copa [785]. peoaaec, o epoaa DES coep eoc.

(1) Oyc eoc: 8, 16, 24, 32, 40, 48, 56, 64.

(2) Peya aa (1) pyec c oo DES o 0xc408b0540ba1e0ae, peya poa o eec ocpeco XOR c peyao aa (1).

(3) B peyae aa (2) oyc ceye : 1, 2, 3, 4, 8, 16, 17, 18, 19, 2.0, 2.4, 32, 33, 34, 35, 36, 40, 48, 49, 50, 51, 52, 56, 64.

(4) Peya aa (3) pyec c oo DES o 0xef2c041ce6382fe6. oye co y ec poa cooe.

He aae, o o eo yopaae , ceoaeo, ocae aop.

15.6 Oeae Oeae (whitening) aaec coco, p oopo oec XOR ac a c xoo o oo aopa XOR pyo ac a c xoo ooo aopa. Bepe o eo pee apaa DESX, papaoaoo RSA Data Security, Inc., a ae (o-oy, eaco) Khufu Khafre. (Pec a oy eoy, o eooe cooae coa.) Cc x ec o, o oea poaay oy apy "op ec/poec" eaeo ocoe ooo aopa. Meo acae poaaa yaa e oo a o pa, o oo ae oea. Ta a XOR oec epe, oce ooo aopa, caec, o o eo yco po cp "cpea ocepee".

C = K3 EK (P K1) P = K1 DK (C K3) n+m/p Ec K1 = K2, o cp pyo co opeyec 2 ec, e n - paep a, m - paep oa, p - oeco ecx opx eco. Ec K1 K2 pa, o cp pyo co c n+m+ pe ec op eca opeyec 2 ec. po epeaoo eoo poaaa, ae ep oecea ay oo ecox o a. Ho c ceo o pe o oe ee coco oc eoacoc ooo aopa.

15.7 Moopaoe oceoaeoe cooae ox aopo A a ace poa caaa aopo A o A, a ae ee pa aopo B o B?

Moe y Ac oa pae pecae o o, ao aop eoacee : Aca xoe oo ac aopo A, a o - aopo B. o pe, oa aae oceoae cooa e (cascading), oo pacpocpa a oee oeco aopo e.

eccc yepa, o coecoe cooae yx aopo e apapye oe e o acoc. Aop oy aoecoa a-o xp cocoo, o a cao ee ae yeum.

ae pooe poae pe pa aopa oe e acoo eoac, acoo a o aec. popa - ocaoo eoe cycco, ec e coce oaee, o eaee, o oee eo oac ey.

eceoc aoo ceee. oye peocepee ep, oo ec pae a c py o pya. Ec ce coyee eac, o cooc oa oceoaeoc a o po o pae epe e ee, e cooc oa epoo peex aopo [1033]. Ec opo aop ycee cp c pa op eco, o ep aop oe oe o cpe p oceoaeo cooa cea opo aop yce cp c ec op eco. Taoe oooe oeee cp e opaaec oo aop a poa: ec ooe oy-o pyoy opee o aopo, eax o-o c a cooee o poa, co yocoepc, o ae poae ycoo o ooe cp c pa op eco. (Opae ae, o aoee aco coye aopo ca opo pe o oex copoce, pee epe aopo poa, ec CELP, papaoa NSA.) o oo copypoa ae: p cooa cp c pa op eco oc e oaeoc po oa e ee, e o po oceoaeoc [858]. P peyao oaa, o oceoaeoe poae oa o pae epe e ee, e ca c po oceoaeoc, o ocoe x peyao ea eoope ecopypoae peooe [528].

Too ec aop oya, a cyae acax ooox po ( ox po p e e OFB), aeoc x oceoaeoc e ee, e y ceeo coyex aopo.

Ec Aca o e oep aopa py pya, o oy cooa x oceoaeo. o oox aopo x opo e ee ae. p cooa ox aopo Aca oe c a aa cooa aop A, a ae aop B. o, oop oe oepe aopy B, oe co oa aop B epe aopo A. Mey aopa o oy ca xopo ooo p.

o e p pea oe aeo oc eoacoc.

He aye, o aoo aopa oceoaeoc o eac. Ec ao p A coye 64-o , a aop B - 128-o , o oyac oceoaeoc oa cooa 192-o . p cooa acx e y eccco opao oe aco oaac pa.

15.8 Oeee ecox ox aopo Bo pyo coco oe ecoo ox aopo, eoacoc oopoo apapoao ye o pae epe e ee, e eoacoc oox aopo. yx aopo ( yx eacx e):

(1) eeppyec cpoa cyax o R oo e paepa, o cooee M.

(2) R pyec ep aopo.

(3) M R pyec op aopo.

(4) poec cooe ec oeee peyao ao (2) (3).

p yco, o cpoa cyax o eceo cyaa, o eo pye M c oo oo paooo ooa, a ae coepoe ooa oyeec cooee pyc a yx ao po. Ta a o, pyoe eoxoo occaoe M, poaay pec aa oa aopa. Heocao ec yoee paepa poeca o cpae c op eco.

o eo oo pacp ecox aopo, o oaee aoo aopa yeae poec. Caa o cee e xopoa, o, a e aec, e oe paa.

aa eepaop ceocyax oceoaeoce oooe p 16.1 ee opye eepaop e opy eepaopa c eepaop ceye op Xn = (aXn- b) mod m oopx Xn - o n- e oceoaeoc, a Xn-1 - pey e oceoaeoc. epee e a, b m - ocoe: a - oe, b - pee, m - oy. o, apao, cy ae e X0.

epo aoo eepaopa e oe, e m. Ec a, b m pa pao, o eepaop ye eepa opo c aca epoo (oa aae acao o ), eo epo ye pae m.

(Hapep, b oo ao poc c m.) opooe ocae opa oca oye ac aoo epoa oo a [863, 942]. Ee oo xopoe cae o e opy eepa o pa x eop ec [1446].

B 15-, o [1272,], epecc xopoe oca ex opyx eepaopo. Bce o oecea eepaop c aca epoo , o ae oee ao, yoeop cepaoy ecy a cyaoc paepoce 2, 3, 4, 5 6 [385, 863]. Taa opaoaa o acaoy po ee, oopoe e ae epeoe coe yaao .

peyeco ex opyx eepaopo ec x cpoa a ce aoo oeca o e pa a .

ecac ee opye eepaop e cooa popa, a a o pec a ye. Bepe ee opye eepaop oa o Pco (Jim Reeds) [1294, 1295, 1296], a ae oa op (Joan Boyar) [1251]. E yaoc ae cp apae eepaop :

Xn = (aXn-12 bXn-1 c) mod m yece eepaop:

Xn = (aXn-13 bXn-12 c Xn-1 d) mod m pye cceoae pacp e op, papaoa coco cp oo ooaoo e e paopa [923, 899, 900]. oa yceee ee opye eepaop [581, 705, 580], yce ee ee opye eepaop c eec apaepa [1500, 212]. Ta opao a o aaa ecoeoc opyx eepaopo popa.

Ta. 16-1.

oca ex opyx eepaopo epeoec p abm 220 106 1283 221 211 1663 222 421 1663 223 430 2531 936 1399 1366 1283 224 171 11213 859 2531 419 6173 967 3041 225 141 28411 625 6571 1541 2957 1741 2731 1291 4621 205 29573 226 421 17117 1255 6173 281 28411 227 1093 18257 421 54773 1021 24631 1021 25673 228 1277 24749 741 66037 2041 25673 229 2311 25367 1807 45289 1597 51749 1861 49297 2661 36979 4081 25673 3661 30809 230 3877 29573 3613 45289 1366 150889 231 8121 28411 4561 51349 7141 54773 232 9301 49297 4096 150889 233 2416 374441 234 17221 107839 36261 66037 235 84589 45989 Oao, ee opye eepaop coxpa co oeoc epopaecx p o e, apep, oepoa. O e oce coyex pecx ecax eocppy xopoe cacece xapaepc. Bay opa o ex opyx e epaopax x eop oo a [942].

Oeueue uex opymx eepamopo pep p oo oee ex opyx eepaopo [1595, 941]. popa eca eoacoc oyex peyao e oaec, o o oaa oee epoa y xapaepca eoopx cacecx ecax. 32-ox oepo oo co oa cey eepaop [941]:

o eepaop paoae p yco, o oep oe peca ce ee ca ey -231 85 231-249. epeee s1 s2 oa coepa eyee cocoe eepaopa. epe ep oo x eoxoo poapoa. epeeo s1 aaoe aee oo ea aaoe ey 2147483562, epeeo s2 - ey 1 2147483398. epo eepaopa o 1018.

Ha 16-oo oepe coye pyo eepaop :

o eepaop paoae p yco, o oep oe peca ce ee ca ey -32363 32363. epeee s1, s2 s3 oa coepa eyee cocoe eepaopa. epe ep oo x eoxoo poapoa. epeeo s1 aaoe aee oo ea aaoe ey 32362, epeeo s2 - ey 1 31726, epeeo s3 - ey 1 31656. epo eepaopa pae 1.6*1013. oox eepaopo ocaa b paa 0.

16.2 Coe pecp c eo opao c oceoaeoc cox pecpo coyc a popa, a eop opoa.

x eop pepaco popaoaa, oooe p a ae cox pecpo c paoe oao oeo popa aoo o oe epo.

Co pecp c opao c coco yx ace: cooo pecpa y opao c (c. 15th). Co pecp pecae coo oceoaeoc o. (oeco o opee ec o cooo pecpa. Ec a paa n a, o pecp aaec n-o co pecpo.) Bc pa, oa yo e , ce cooo pecpa cac pao a 1 o . Ho pa e ec ye cex ocax o pecpa. Ha xoe cooo pe cpa oaaec o, oo a aa, . epoo cooo pecpa aaec a o yaeo oceoaeoc o aaa ee oope.

....

bn bn -1 b4 b3 b2 b y opao c Pc. 16-1. Co pecp c opao c popaa pac oooe p a ae cox pecpo : o eo peaoac c o o poo aapayp. cea apoy aeaecy eop. B 1965 oy pc Ceep (Ernst Selmer), a popa opecoo paeca, papaoa eop oceoaeoc c ox pecpo [1411]. Cooo oo (Solomon Golomb), aea NSA, aca y, aae ee oope co peaa peya Ceepa [643]. C. ae [970, 971, 1647].

poce o cooo pecpa c opao c ec e co pecp c o pao c (linear feedback shift register, LFSR) (c. 14th). Opaa c pecae coo poco XOR eoopx o pecpa, epee x o aaec ooo oceoaeoc (tap se uence). oa ao pecp aaec oypae oa. -a poco oceoaeoc opao c aaa LFSR oo cooa ooo pay aeaecy eop. po pa aapoa oceoaeoc, yea ce, o oceoaeoc ocaoo cya , o eoac. LFSR ae pyx cox pecpo coyc popa.

....

bn bn -1 b4 b3 b2 b Bxoo....

Pc. 16-2. Co pecp c eo opao c.

Ha 13- oaa 4-o LFSR c ooo o epoo eepoo o. Ec eo poapoa aee 1111, o o oope pecp ye pa ceye ypee coco :

1 1 1 0 1 1 1 0 1 0 1 0 1 0 1 1 1 0 0 1 1 0 0 1 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 1 1 0 1 1 1 b4 b3 b2 b Bxoo Pc. 16-3. 4-o LFSR.

Bxoo oceoaeoc ye cpoa ax aax o :

1 1 1 1 0 1 0 1 1 0 0 1 0 0 0....

n-o LFSR oe axoc oo 2n-1 ypex coco. o oaae, o eopeec ao pecp oe eeppoa ceocyay oceoaeoc c epoo 2n-1 o. (co y pex coco epo pa 2n-1, ooy o aoee LFSR y, pee oy, o co pecp ye aa ecoey oceoaeoc ye, o acoo ecoeo.) Too p ope eex oox oceoaeocx LFSR ec poe epe ce 2n-1 ypex coco, ae LFSR c LFSR c aca epoo. oyc peya aaec M oceoaeoc.

oo, o ope LFSR e aca epo, ooe, opaoa ooo o ceoaeoc oca 1, oe p o oy 2. Cee ooea ec o cooo pecpa. p ooe cee n - o epo ooe, oop ec n- eee x2 +1, o e ec eee xd+1 cex d, xc ee 2n-1 (c. pae 11.3).

Cooecyy aeaecy eop oo a [643, 1649, 1648].

B oe cyae e cyecye pocoo cocoa eeppoa pe ooe ao cee o oy 2. poe ceo pa ooe cya opao poep, e ec o p.

o eeo - e-o oxoe a poepy, e ec poc cyao paoe co - o oe a eaece ae popa ye pea ay aay. P eoo pee [970, 971].

Heoope, o, oeo e, e ce, ooe pax ceee, pe o oy 2, pee 14- [1583, 643, 1649, 1648, 1272, 691]. Hapep, ac (32, 7, 5, 3, 2, 1, 0) oaae, o cey oo e pe o oy 2:

x32 x7 x5 x3 x2 x o oo eo oo LFSR c aca epoo. ep co ec a LFSR. o ceee co cea pao 0, eo oo oyc. Bce ca, a cee 0, aa ooy oceo a eoc, ocaey o eoo pa cooo pecpa. To ec, e ooea c ee cee cooecy o e paoy pa pecpa.

pooa pep, ac (32, 7, 5, 3, 2, 1, 0) oaae, o oo 32-ooo cooo pecpa o o eeppyec c oo XOR pa opoo, ceoo, oo, peeo, opoo e p oo o (c. 12th), oyac LFSR ye e acay y, ec poxo o oop e epe 232-1 ae.

o oo LFSR a e C cey opao:

Ec co pecp ee oepoo coa, o ycoec, o e aoo.

b32 b7 b6 b5 b4 b3 b2 b....

Bxoo....

Pc. 16-4. 32-o LFSR c acao o.

Ta. 16-2.

Heoope pe ooe o oy (1, 0) (7, 3, 0) (14, 5, 3, 1, 0) (18, 5, 2, 1, 0) (2, 1, 0) (8, 4, 3, 2, 0) (15, 1, 0) (19, 5, 2, 1, 0) (3, 1, 0) (9, 4, 0) (16, 5, 3.2, 0) (20, 3, 0) (4, 1, 0) (10, 3, 0) (17, 3, 0) (21, 2, 0) (5, 2, 0) (11, 2, 0) (17, 5, 0) (22, 1, 0) (6, 1, 0) (12, 6, 4, 1, 0) (17, 6, 0) (23, 5, 0) (7, 1, 0) (13, 4, 3, 1, 0) (18, 7, 0) (24, 4, 3, 1, 0) (25, 3, 0) (46, 8, 5, 3, 2, 1, 0) (68, 9, 0) (225, 88, 0) (26, 6, 2, 1, 0) (47, 5, 0) (68, 7, 5, 1, 0) (225, 97, 0) (27, 5, 2, 1, 0) (48, 9, 7, 4, 0) (69, 6, 5, 2, 0) (225, 109, 0) (28, 3, 0) (48, 7, 5, 4, 2, 1, 0) (70, 5, 3, 1, 0) (231, 26, 0) (29, 2, 0) (49, 9, 0) (71, 6, 0) (231, 34, 0) (30, 6, 4, 1.0) (49, 6, 5, 4, 0) (71, 5, 3, 1, 0) (234, 31, 0) (31, 3, 0) (50, 4, 3, 2, 0) (72, 10, 9, 3, 0) (234, 103, 0) (31, 6, 0) (51, 6, 3, 1, 0) (72, 6, 4, 3, 2, 1, 0) (236, 5, 0) (31, 7, 0) (52, 3, 0) (73, 25, 0) (250, 103, 0) (31, 13, 0) (53, 6, 2, 1, 0) (73, 4, 3, 2, 0) (255, 52, 0) (32, 7, 6, 2, 0) (54, 8, 6, 3, 0) (74, 7, 4, 3, 0) (255, 56, 0) (32, 7, 5, 3, 2, 1, 0) (54, 6, 5, 4, 3, 2, 0) (75, 6, 3, 1, 0) (255, 82, 0) (33, 13, 0) (55, 24, 0) (76, 5, 4, 2, 0) (258, 83, 0) (33, 16, 4, 1, 0) (55, 6, 2, 1, 0) (77, 6, 5, 2, 0) (266, 47, 0) (34, 8, 4, 3, 0) (56, 7, 4, 2, 0) (78, 7, 2, 1, 0) (97, 6, 0) (34, 7, 6, 5, 2, 1, 0) (57, 7, 0) (79, 9, 0) (98, 11, 0) (35, 2, 0) (57, 5, 3, 2, 0) (79, 4, 3, 2, 0) (98, 7, 4, 3, 1, 0) (135, 11, 0) (58, 19.0) (80, 9, 4, 2, 0) (99, 7, 5, 4, 0) (135, 16, 0) (58, 6, 5, 1, 0) (80, 7, 5, 3, 2, 1, 0) (100, 37, 0) (135, 22, 0) (59, 7, 4, 2, 0) (81, 4, 0) (100, 8, 7, 2, 0) (136, 8, 3, 2, 0) (59, 6, 5, 4, 3, 1, 0) (82, 9, 6, 4, 0) (101, 7, 6, 1, 0) (137, 21, 0) (60, 1, 0) (82, 8, 7, 6, 1, 0) (102, 6, 5, 3, 0) (138, 8, 7, 1, 0) (61, 5, 2, 1, 0) (83, 7, 4, 2, 0) (103, 9, 9) (139, 8, 5, 3, 0) (62, 6, 5, 3, 0) (84, 13, 0) (104, 11, 10, 1, 0) (140, 29, 0) (63, 1, 0) (84, 8, 7, 5, 3, 1, 0) (105, 16, 0) (141, 13, 6, 1, 0) (64, 4, 3, 1, 0) (85, 8, 2, 1, 0) (106, 15, 0) (142, 21, 0) (65, 18, 0) (86, 6, 5, 2, 0) (107, 9, 7, 4, 0) (143, 5, 3, 2, 0) (65, 4, 3, 1, 0) (87, 13, 0) (108, 31, 0) (144, 7, 4, 2, 0) (66, 9, 8, 6, 0) (87, 7, 5, 1, 0) (109, 5, 4, 2.0) (145, 52, 0) (66, 8, 6, 5, 3, 2, 0) (88, 11, 9, 8, 0) (110, 6, 4, 1, 0) (145, 69, 0) (67, 5, 2, 1, 0) (88, 8, 5, 4, 3, 1, 0) (111, 10, 0) (146, 5, 3, 2, 0) (152, 6, 3, 2, 0) (89, 38, 0) (111, 49, 0) (147, 11, 4, 2, 0) (153, 1, 0) (89, 51, 0) (113, 9, 0) (148, 27, 0) (153, 8, 0) (89, 6, 5, 3, 0) (113, 15, 0) (149, 10, 9, 7, 0) (154, 9, 5, 1, 0) (90, 5, 3, 2, 0) (113, 30, 0) (150, 53, 0) (155, 7, 5, 4, 0) (91, 8, 5, 1, 0) (114, 11, 2, 1, 0) (151, 3, 0) (156, 9, 5, 3, 0) (91, 7, 6, 5, 3, 2, 0) (115, 8, 7, 5, 0) (151, 9, 0) (157, 6, 5, 2, 0) (92, 6, 5, 2, 0) (116, 6, 5, 2, 0) (151, 15, 0) (158, 8, 6, 5, 0) (93, 2, 0) (117, 5, 2, 1, 0) (151, 31, 0) (159, 31, 0) (94, 21, 0) (118, 33, 0) (151, 39, 0) (159, 34, 0) (94, 6, 5, 1, 0) (119, 8, 0) (151, 43, 0) (159, 40, 0) (95, 11, 0) (119, 45, 0) (151, 46, 0) (160, 5, 3, 2, 0) (95, 6, 5, 4, 2, 1, 0) (120, 9, 6, 2, 0) (151, 51, 0) (161, 18, 0) (96, 10, 9, 6, 0) (121, 18, 0) (151, 63, 0) (161, 39, 0) (96, 7, 6, 4, 3, 2, 0) (122, 6, 2, 1, 0) (151, 66, 0) (161, 60, 0) (178, 87, 0) (123, 2, 0) (151, 67, 0) (162, 8, 7, 4, 0) (183, 56, 0) (124, 37, 0) (151, 70, 0) (163, 7, 6, 3, 0) (194, 87, 0) (125, 7, 6, 5, 0) (36, 11, 0) (164, 12, 6, 5, 0) (198, 65, 0) (126, 7, 4, 2, 0) (36, 6, 5, 4, 2, 1, 0) (165, 9, 8, 3, 0) (201, 14, 0) (127, 1, 0) (37, 6, 4, 1, 0) (166, 10, 3, 2, 0) (201, 17, 0) (127, 7, 0) (37, 5, 4, 3, 2, 1, 0) (167, 6, 0) (201, 59, 0) (127, 63, 0) (38, 6, 5, 1, 0) (170, 23, 0) (201, 79, 0) (128, 7, 2, 1, 0) (39, 4, 0) (172, 2, 0) (202, 55, 0) (129, 5, 0) (40, 5, 4, 3, 0) (174, 13, 0) (207, 43, 0) (130, 3, 0) (41, 3, 0) (175, 6, 0) (212, 105, 0) (131, 8, 3, 2, 0) (42, 7, 4, 3, 0) (175, 16, 0) (218, 11, 0) (132, 29, 0) (42, 5, 4, 3, 2, 1, 0) (175, 18, 0) (218, 15, 0) (133, 9, 8, 2, 0) (43, 6, 4, 3, 0) (175, 57, 0) (218, 71, 0) (134, 57, 0) (44, 6, 5, 2, 0) (177, 8, 0) (218.83, 0) (270, 133, 0) (45, 4, 3, 1, 0) (177, 22, 0) (225, 32, 0) (282, 35, 0) (46, 8, 7, 6, 0) (1 77, 88, 0) (225, 74, 0) (282, 43, 0) (286, 69, 0) (378, 43, 0) (521, 168, 0) (2281, 915, 0) (286, 73, 0) (378, 107, 0) (607, 105, 0) (2281, 1029, 0) (294, 61, 0) (390, 89, 0) (607, 147, 0) (3217, 67, 0) (322, 67, 0) (462, 73, 0) (607, 273, 0) (3217, 576, 0) (333, 2, 0) (521, 32, 0) (1279, 216, 0) (4423, 271, 0) (350, 53, 0) (521, 48, 0) (1279, 418, 0) (9689, 84, 0) (366, 29, 0) (521, 158, 0) (2281, 715, 0) Opae ae, o y cex eeo a eeoe co oeo. pe ay y ay, a a LFSR aco coyc popa c ooo pa, xoe, o pae o oopa pae pe ooe. Ec p(x) pe, o pe xnp(1/x), ooy a ee a a cao ee opeee a px ooea.

Hapep, ec (a, b, 0) pe, o pe (a, a - b, 0). Ec pe (a, b, c, d, 0), o p e (a, a - d, a - c, a - b, 0). Maeaec:

ec pe xa xb 1, o pe xa xa - b ec pe xa xb xc xd 1, o pe xa xa-d xa-c xa-b cpee ceo popao peayc pe pexe, a a eepa ooo a yo o XOR oo yx o cooo pecpa. eceo, ce ooe opao c, p eee 14-, c papee, o ec, y x eoo oeo. Papeeoc cea pe cae coo co caoc, oopo oa ocaoo cp aopa. popaecx aopo opao ye cooa oe pe ooe, e, y oopx oo oe o. pe oe ooe, ocoeo aece ac a, oo cooa aeo oee opoe LFSR.

eeppoa oe pe ooe o oy 2 eeo. B oe cyae eepa p k x ooeo cee k yo a paoee a oe ca 2 -1. pe ooe oo a ceyx pex xopox paoax: [652, 1285, 1287].

Ca o cee LFSR c xopo eepaopa ceocyax oceoaeoce, o o o a a eoop eeae ecya coca. oceoaee e, o eae x ecoe poa. LFSR n ypeee cocoe pecae coo peye n xox o eepaopa. ae ec cxea opao c xpac cepee, oa oe opeeea o 2n xo a eepaopa c oo coo eoo aopa Berlekamp-Massey [1082,1083]:

c. pae 16.3.

poe oo, oe cyae ca, eeppyee c cooae yx op o o oce o aeoc, co oppepoa eoopx o poe oce e c cya. He cop a o LFSR aco coyc coa aopo poa.

popaa peauau LFSR popae peaa LFSR ee cpee paoa, ec o aca a acceepe, a e a C.

O pee ec cooae apaeo 16 LFSR ( 32, acoc o coa aeo oepa). B o cxee coyec acc co, paep oopoo pae e LFSR, a a coa acca oocc coey LFSR. p yco, o coyc oaoe ooe opao c, o oe a ae p pooeoc. Booe, y cocoo oo coe pecp ec yoee eyeo coco a oxoe oe ap [901].

Cxey opao c LFSRoo opoa. oyac eepaop e ye popaec oee ae, o o ce ee ye oaa aca epoo, eo ee peaoa popao [1272]. Beco cooa eepa ooo paeo eoo a o ooo oceoaeoc oec XOR aoo a ooo oceoaeoc c xoo eepaopa aea eo peyao oo ec, ae peya eepaopa caoc o pa e o (c. 11th). oa y o a aa oypae aya. Ha e C o cey opao:

Bxoo b.... b b b b b b b 32 7 6 5 4 3 2 Pc. 16-5. LFSR aya.

Bp coco o, o ce XOR oo cea a oy oepa. a cxea ae oe paca paeea, a oo pax opax ce oy pa. Taa oypa aya oe a p p aapao peaa, ocoeo e CC. Booe, p cooa aapayp, oopa xopoo oe c pee oypa oa, ec ec oooc cooa apae, pee oypa aya.

16.3 poepoae aa ooox po oco peax ooox po ocoa a LFSR. ae epe epo ocpo x o ecoo. Co pecp e pecae ce eo oeo, e acc o, a oceo a eoc opao c - aop ee XOR. ae p cooa CC ooo p a ae LFSR oeceae eay eoacoc c oo ecox oecx ee.

poea LFSR coco o, o x popaa peaa oe eea. Ba pxoc e a papeex ooeo opao c - o oea oppeoe cp [1051, 1090, 350] - a oe ooe opao c ee. Bxo oo ooooo pa ec oo, poa oo, o oo o a oy epa DES, eoxoo o 64 epa ooo o o aopa. eceo, popaa peaa pocoo aopa LFSR, oooo ocaeoy e caey eepaopy, e cpee, e DES.

a opac popa cpo paaec very politically charged. oco papaoo acepee - oeco coyex ceo oex cce poa ocoa a LFSR. eceo, y oca oepo Cray (Cray 1, Cray X-MP, Cray Y-MP) ec eca oa cpy, oo aaea a "ce cooyoc" (population count). Oa ocae oeco e pecpe oe cooaa a eoo ce pacco Xa ey y o coa peaa eoppoao epc LFSR. ca, o a cpy caec ao e co cpye NSA, oaeo yppye o o cex opaax, acaxc oepo.

C pyo copo o oao yeo ooe co aaxc co eepaopo a ae cox pecpo. , oeo e, co ax eepaopo, oax oe poaaec ypee, a a NSA, ee oe. oa yec oy, o cae poce x pea a c coa coa.

uea coocm Aapoa oooe p aco poe, e oe. Hapep, a apaepo, coye aaa eepaopo a ae LFSR, ec ea cooc (linear complexity), e epa. Oa opeeec a a n caoo opooo LFSR, oop oe poa xo eepao pa. a oceoaeoc, eeppoaa oe aoao a oe oe, ee oey ey cooc [1006]. ea cooc aa, ooy o c oo pocoo aopa, aa e oo aopo Berlekamp-Massey, oo opee o LFSR, poep oo 2n o ooa e [1005]. Boccoaa y LFSR, aaee ooo p.

a e oo pacp c oe a oa [1298] a cya, oa xoa oceoaeoc pa c capaec a ca oe eeo xapaepc [842]. aeee pacpee po oy o po eo cooc, oop opeee ey cooc oceoaeoc o epe ee ye [1357, 1168, 411, 1582]. pyo aop ce eo cooc poc oo oe c e ecx ycox [597, 595, 596, 1333]. Ooee o eo cooc oeo [776]. Cye cy ae o cepeco apao cooc [844].

B o cyae oe, o coa ea cooc e oaeo apapye eoacoc eep a opa, o a ea cooc yaae a eocaoy eoacoc eepaopa [1357, 12.49].

oppeuoa eaucuocm popa ac oy coy ey cooc, eeo oe peya eo o px xox oceoaeoce. p o oacoc coco o, o oa ecoo ypex xox oceoaeoce - aco poco xo oex LFSR - oy ca o e ooo cp p oo eo aep. aco aoe cpe aa oppeo cp e cpe pae--acy. Toac Ceaep (Thomas Siegenthaler) oaa, o oo oo opee oppeoy eacoc, o cyecye opocc ey oppeoo eac oc eo cooc [1450].

Ocoo ee oppeooo cp ec oapyee eoopo oppe ey xoo eepaopa xoo oo eo cocax ace. Toa, aa xoy oceoaeoc, oo oy opa o o poeyoo xoe. coy y opa pye oppe, o o copa ae o pyx poeyox xoax o ex op, oa eepaop e ye oa.

po ox eepaopo ooo e a ae LFSR yceo cooac oppeoe cp x apa, ae a cpe oppeoe cp, peaae opocc ey c eo cooc eoc [1451, 278, 1452, 572, 1636, 1051, 1090, 350, 633, 1054, 1089, 995]. P epecx ox e o oac oo a [46, 1641].

pyue cpmu Cyecy pye coco cp eepaopo ooo e. Tec a ey oppeoc (linear consistency) aec a eoopoe ooeco a poa c oo apo ex [1638]. Cyecye cpe oppeoc "cpee ocepee" (meet-in-the-middle consistency attack) [39, 41]. Aop eoo cpoa (linear syndrome algorithm) ocoa a oooc aca pa e xoo oceoaeoc e eoo ypae [1636, 1637]. Cyecye cpe y a pee (best afflne approximation attack) [502] cpe ee peoee (derived se uence attack) [42]. ooo pa oo pe ae eo epeaoo [501] eoo [631] poaaa.

16.4 oooe p a ae LFSR Ocoo oxo p poepoa eepaopa ooa e a ae LFSR poc. Caaa epec o ecoo LFSR, oo c pa a pa ooea opao c. (Ec ao poc, a ce ooe opao c p, o y opaoaoo eepaopa ye ac aa a.) ec aa cocoe pecpo LFSR. a pa, oa eoxo o , ce a pecp LFSR (o oa aa apoae (clocking)). xoa peca e coo y, eaeo eey, eoopx o pecpo LFSR. a y aaec o pye ye, a eepaop eo - oao eepaopo. (Ec xoa ec ye eceoo LFSR, o eepaop aaec py eepaopo.) oa ac eop oooo poa ycpoc papaoaa Ceepo ( Selmer) Ho pepo (Neal Zierler) [1647].

Moo ec p ycoe. B eoopx eepaopax pax LFSR coyec paa a oa acoa, oa acoa ooo eepaopa ac o xoa pyoo. Bce o epoe epc e poax a, oxc o Bopo poo o, oope aac eepaopa c ypae e aoo acoo (clock-controlled genelators) [641]. paee aoo acoo oe c p o c, oa xo ooo LFSR ypae aoo acoo pyoo LFSR, c opao c, oa xo ooo LFSR ypae eo coceo aoo acoo.

Xo ce eepaop yce, o pae epe eopeec, cp oee epoo oppee [634, 632], oe x eoac o cx op. ooey eop cox pecpo c ypaeo aoo acoo oo a [89].

accec (Ian Cassells), paee oa aepy co aea epe paoa poaao Bletchly Park, caa, o "popa - o cec aea ya, e ya aeaa oe cooaa po ac." O e y, o ooox pax oece e acao pyx coc eoxo opeeee aeaece cpyyp, ae a LFSR, o, o oea oy-o oy coepae pecpa cp aop, eoxoo ec e oop co ee ecopo. o coe cpae ox aopo.

ooy e co cepeo yeac eepaopa ooa e a ae LFSR, oca oopx o c epaype. e a, coyec xo o x peax popaecx poyax.

oe ac o peca eopeec epec. Heoope oa, eoope o ocac eoac.

Ta a p a ae LFSR oo peayc aapao, a pcyax coyc co epo o o. B ece, oaae XOR, - AND, - OR, - NOT.

eepamop ea B o eepaope ooa e coyc p LFSR, oeee ee opao (c. 10th) [606]. a LFSR c xoa yecopa, a pe LFSR ypae xoo yecopa. Ec a1, a2 a3 - xo pex LFSR, xo eepaopa ea (Geffe) oo oca a:

b = (a1 a2) ((a1) a3) Myecop 2 LFSR- b(t) LFSR- Bop LFSR- Pc. 16-6. eepaop ea.

Ec LFSR pa n1, n2 n3, cooeceo, o ea cooc eepaopa paa (n1 1) n2 n1n3, epo eepaopa pae aeey oey ee epoo pex eepaopo. p yco, o ce e pex px ooeo opao c ao poc, epo oo eepaopa ye pae poee epoo pex LFSR.

Xo o eepaop eoxo a yae, o popaec ca e oe yco po o p peooo cp [829, 1638]. B 75 poeax pee xo eepaopa pae xoy LFSR-2. ooy, ec ec ooe oceoaeoc opao c, oo oaac o aao ae LFSR-2 ceeppoa xoy oceoaeoc oo pecpa. Toa oo oca, coo pa xo LFSR coaae c xoo eepaopa. Ec aaoe aee opeeeo eepo, e oceoaeoc yy coacoac 50 poeax pee, a ec pao, o 75 poeax pee.

Aaoo, xo eepaopa pae xoy LFSR 75 poeax pee. C a oppe eepa op ooa e oe eo oa. Hapep, ec pe ooe coco oo pex eo, a caoo ooo LFSR paa n, occaoe ypex coco cex pex LFSR ye pae xoo oceoaeoc o 37n o [1639].

Ooe eepamop ea Beco opa ey y LFSR o cxee paec o k LFSR, e k ec cee 2. Bce o coyec k 1 LFSR (c. 9th). Taoa acoa LFSR-l oa log2 k pa e, e y ocax k LFSR.

LFSR-n+ Myecop b(t) n LFSR- LFSR-2 Bop LFSR- Pc. 16-7. Ooe eepaop ea.

Hecop a o, o a cxea coee eepaopa ea, oa oo cooa o e oppe ooe cpe. He peoey o eepaop.

eepamop euca a LFSR- B o cxee yecop coyec oee yx LFSR [778, 779, 780]. Myecop, a ypae LFSR-l, pae 1 LFSR-2 aece oepeoo xooo a. poe oo, coyec LFSR- y, oopa oopaae xo LFSR-2 a xo yecopa (c. 8th).

b a LFSR- B LFSR-1 Myecop b(t) o Tapoa p 0 1... n-...

K 1 K LFSR- K Pc. 16-8. eepaop eca.

o ec aaoe cocoe yx LFSR y oopae. Xo y oo eepaopa aea ee cacece coca, o a epe oe Pocco Aepcoo (Ross Anderson) cpe oppeoc cpee ocepee [39] cpe eo oppeoc [1638,442]. He coye o eepaop.

eepamop "cmon-noe" (Stop-and-Go) Both-Piper o eepaop, oaa a 7th, coye xo ooo LFSR ypae aoo acoo py o o LFSR [151]. Tao xo LFSR-2 ypaec xoo LFSR-l, a o LFSR-2 oe e coe co coe oe pee t oo, ec xo LFSR-l oe pee t - 1 pae 1.

a2(t) LFSR- a1(t) LFSR- b(t) a3(t) LFSR- Tapoae Pc. 16-9. eepaop "co-oe" Beth-Piper.

Hoy e yaoc pec oeo cya ocoepe ae o eo cooc oo eepaopa. Oao o e yco epe oppeo cpe [1639].

epeyuc eepamop "cmon-noe" B o eepaope coyc p LFSR pao . LFSR-2 apyec, oa xo LFSR-l pae 1, LFSR-3 apyec, oa xo LFSR-l pae 0. Bxoo eepaopa ec XOR LFSR-2 LFSR-3 (c.

Pc. 16.10) [673].

LFSR- a1(t) LFSR- b(t) LFSR- (t) Pc. 16-10. epeyc eepaop "co-oe" oo eepaopa oo epo oa ea cooc. Aop oaa coco oppeo oo cp LFSR-1, o o e co ocae eepaop. peoe pye eepaop aoo a [1534, 1574, 1477].

ycmopou eepamop "cmon-noe" B o eepaope coyec a LFSR c oaoo o n (c. Pc. 16.11) [1638]. Bxoo eepao pa ec XOR xoo aoo LFSR. Ec xo LFSR-l oe pee t-1 pae 0, a oe pee t-2 - 1, o LFSR-2 e apyec oe pee t. Haoopo, ec xo LFSR-2 oe pee t-1 pae 0, a oe pee t-2 - 1, ec LFSR-2 apyec oe pee t, o LFSR-l e apyec oe pee t.

(t) (t) A a(t+n-1) a(t+n-2)... a(t) n-a LFSR- c(t) n-a LFSR- b(t+n-1) b(t+n-2)... b(t) (t) B (t) Pc. 16-11. ycopo eepaop "co-oe".

ea cooc ao cce pepo paa ee epoy. Coaco [1638], " ao ccee e oe a ooc a e aaec ".

opoo eepamop o eepaop aec oo poe eoacoc, xapaepe peyx eepaopo, c o o epeeoo ca LFSR [277]. o eop p cooa oeo oeca LFSR cp p coee.

o eepaop oaa a 4-. Boe xo ooo ca LFSR (coy eeoe co pecpo).

oye acaoo epoa yeec, o cex LFSR ao poc, a ooe opa o c - p.. Ec oee oo xox o LFSR - 1, o xoo eepaopa ec 1.

Ec oee oo xox o LFSR - 0, o xoo eepaopa ec 0.

LFSR- LFSR- y b(t) LFSR- aoppoa LFSR-n Pc. 16-12. opoo eepaop.

pex LFSR xo eepaopa oo peca a :

b = (a1 a2) (a1 a3) (a2 a3) o oe oxoe a eepaop ea a cee oo, o opoo eepaop oaae oe eo cooc n1n2 n1n3 n2n e n1, n2 n3 - epoo, opoo peeo LFSR.

o eepaop e co xopo. a xoo ae eoopy opa o coco LFSR oee 0.189 a - eepaop eo e oe yco epe oppeo cpe. e coey c ooa ao eepaop.

Caonpopeuaue (Self-Decimated) eepamop Caopopea aac eepaop, oope ypa coceo aoo acoo. o peoeo a a ax eepaopo, o Pepo Peo ( Ranier Rueppel) (c. 3-) [1359] pyo o aepco (Bill Chambers) epo oao (Dieter Collmann) [308] (c. 2nd). B eepaope P ea ec xo LFSR pae 0, LFSR apyec d pa. Ec xo LFSR pae 0, LFSR apyec k pa. e epaop aepca oaa coee, o e ocaec o e. coae oa eepaopa e eoac [1639], xo peoe p oa, oope oy cpa cpeaec poe [1362.].

0: Tapoae d pa b(t) LFSR 1: Tapoae k pa Pc. 16-13. Caopopea eepaop Pea.

0: Tapoae d pa b(t) LFSR 1: Tapoae k pa z... 2 Pc. 16-14. Caopopea eepaop aepca oaa.

Moocopocmo eepamop c ympeu npoueeue (inner-product) o eepaop, peoe Maccee ( Massey) Peo [1014], coye a LFSR c pa a o acoa (c. 1st). Taoa acoa LFSR-2 d pa oe, e y LFSR-l. Oee x LFSR oec oepae AND, a ae oye xooo a eepaopa o oec ocpec o XOR.

l-a LFSR- b(t) d * n-a LFSR- Pc. 16-15. Moocopoco eepaop c ype poeee.

Xo o eepaop oaae coo eo cooc eoe cacec xapaep ca, o ce e e oe yco epe cpe eo coacoaoc [1639]. Ec n1 - a LFSR l, n2 - a LFSR-2, a d - ooee aox aco, o ypeee cocoe eepaopa oe oyeo o xoo oceoaeoc o n2 n2 log2d Cyupyu eepamop Ee oo peoee Pep Pea, o eepaop cypye xo yx LFSR (c epeoco) [1358, 1357]. o coo cee eea oepa. B oe 80-x o eepaop epo ooe eoacoc, o o a epe oppeo cpe [1053, 1054, 1091]. poe oo, o oaao, o o eepaop ec ac cyae opao c, coye co pecp c epeoco (c.

pae 17.4), oe oa [844].

DNRSG o oaae "aec eepaop cyao oceoaeoc" ( "dynamic random-se uence genera tor") [1117]. e coco o, o a pax pyex eepaopa - opoox, cypy x, .. - coyx o aop LFSR, a ypaex py LFSR.

Caaa apyc ce LFSR. Ec xoo LFSR-0 ec 1, o cec xo epoo pyeo eepaopa. Ec xoo LFSR-0 ec 0, o cec xo opoo pyeo eepa o pa. Ooae peyao ec XOR xoo epoo opoo eepaopo.

aca oaa aca oaa (c. 0-), oca [636, 309], pecae coo ycey epc eepaopa "co-oe". O coco oceoaeoc LFSR, apoae aoo oopx ypaec pe y LFSR. Ec xoo LFSR-l oe pee t ec 1, o apyec LFSR-2. Ec xoo LFSR-2 oe pee t ec 1, o apyec LFSR-3, a aee. Bxo oceeo LFSR ec xoo eepaopa. Ec a cex LFSR oaoa paa n, ea cooc cce k LFSR paa n(2n - 1)k- LFSR-1 LFSR-2 LFSR- Pc. 16-16. aca oaa.

o epa e: oeyao o oe poc oy cooa eepa oceo a eoce c opo epoa, opo e cooc xopo cacec co ca. O yce cp, aaeoy apae (lock-in) [640] pecaey eo, c oo oopoo caaa poaa occaaae xo oceeo cooo pecpa acae, a ae aae ec aca, pecp a pecpo. B eoopx cyax o pecae coo cepey poey yeae ey y a aopa, o a oooc aoo cp oo pep p opeeex ep.

ae aa oaa, o c poco k oceoaeoc paec cyao [637, 638, 642, 639]. Ha ocoa eax cp opox acao oaa [1063], coey cooa k e ee 15. ye cooa oe opox LFSR, e ee x LFSR.

popeuae eepamop popeae (shrinking) eepaop [378] coye pyy opy ypae apoae. Boe a LFSR: LFSR-l LFSR -2. oa ao yc a oa pecpa. Ec xoo LFSR-l ec 1, o xoo eepaopa ec xo LFSR-2. Ec xo LFSR-l pae 0, oa a cpacac, LFSR a pyc aoo ce oopec.

e poca, ocaoo ea aec eoaco. Ec ooe opao c popee, eepaop ycee cp, o pyx poe oapyeo e o. Xo o eepaopa oca oo o. Oa poe peaa coco o, o copoc a peyaa e ocoa, ec LFSR-l eeppye y oceoaeoc ye, o a xoe eepaopa eo e. pee o poe aop peaa cooa yepa [378]. paeca peaa popeaeoo e epaopa paccapaec [901].

Caonpopeuae eepamop Caopopeae (self-shrinking) eepaop [1050] ec apao popeaeoo eepaopa. Be co yx LFSR coyec apa o ooo LFSR. poapye LFSR a. Ec ep o ap ye 1, o opo ye xoo eepaopa. Ec ep - 0, cpoce oa a opoye coa.

Xo caopopeaeoo eepaopa yo pepo a paa ee a, e popeae o o, o paoae a paa eeee.

Xo caopopeae eepaop ae aec eoac, o oe ec ce epecaye o pao oaa eec coca. o oe o eepaop, ae ey eoo pee.

16.5 A A5 - o ooo p, coye poa GSM (Group Special Mobile). o epoec caap pox coox ox eeoo. O coyec poa aaa "eeo aoa ca". Ocaac ac aaa e pyec, eeoa oa oe eo cea o y c a paoopa.

Bopy oo poooa eyc cpae oece p. epoaao peoaaoc, o p o pa GSM oo ape cop eeoo eoope cpa. Teep p oo ocyae, e ope A5 cop poaa ecop a o, o o a ca, o p coe cy pec e. o cyxa cepee 80-x pae cepee cy HATO cec o opocy, oo p o ae GSM c ca. Hea a ya ca popa, a a po c ax o c Coec Co. Ba epx pya oa pe, A5 pecae coo paycy pap aoy.

oco eae a eco. paca eeoa oa epeaa c oyea p opcoy yepcey (Bradford University), e aca oca coaee o epaae. opa e-o pocoac aoe a oyoaa Internet. A5 ocaec [1622], ae oe o pee o oo poooa.

A5 coco pex LFSR o 19, 22 23, ce ooe opao c - popee. Bxoo e c XOR pex LFSR. B A5 coyec eeoe ypaee apoae. a pecp apyec acoc o coeo cpeeo a, ae oec XOR c opao opooo ye cpex o cex pex pecpo. Oo a ao ae apyec a LFSR.

Cyecye paoe cpe, peyee 2 poa: peooe coepae epx yx LFSR oaec opee pe LFSR o ooy e. (eceo ao coco cp ooe, ocaec o opoco, oop copo ye papee papaaaeo ao aapaoo oca e [45].) Te e eee, caoc co, o e, eae ocoe A5, eox. Aop oe ee. O yoeope ce ec cacec eca, eceo eo caoc ec o, o eo pec p co opo, o peopa oc a epeopo. Bapa A5 c oee co pecpa oee o ooea opao c o eoac.

16.6 Hughes XPD/KPD o aop peoe Hughes Aircraft Corp. a pa cpoa eo apece aece pa oopyoae oca apae poa a pay. Aop papaoa 1986 oy oy aae XPD, copaee o Exportable Protection Device - coppyeoe ycpoco a. oee o epeeoa KPD - cpoco eeco a - paccepee [1037, 1036].

Aop coye 61-o LFSR. Cyecye 210 pax px ooea opao c , oopex NSA. pae o x ooeo (xpaxc e-o ), a ae aaoe cocoe LFSR.

B aope oce pax eex po, a oopx coye ec ooo LFSR, aa o . Oec, opay a, oop peec poa e ppoa ooa ax.

o aop oe peaeo, o y e ec opeeee coe. NSA papeo eo cop, ceoaeo oe coco cp opa, e oeo e 2. Ho ao?

16.7 Nanoteq Nanote - o oapaca epoa oa. eo o aop coyec oapa co oe p poa epea aco, a ooo pox y.

oee eee o aop oca [902, 903]. O coye 127-o LFSR c cpoa ooeo opao c, pecae coo aaoe cocoe pecpa. p oo 25 ee apx ee 127 o pecpa pepaac o ooa e. ao e 5 xoo o xo:

f(xl, x2, x3, x4, x5) = xl x2 (xl x3) (x2 x4 x5) (xl x4) (x2 x3) x a xo y oepaec oepa XOR c eoop o a. poe oo, cyecye cepea epecaoa, aca o opeo peaa e ocaa cax opoo. o ao p ocye oo aapao e.

eoace o? e yepe. P epecx aco, epeaaex ey oec yaca, o a oc epax aeax. o oe oo peyao aepaco, aco coe co paeaeo eeoc. Pocc Aepco (Ross Anderson) pep p epx ao, po a apy o aop [46], ya, o copo oc oe peya.

16.8 Rambutan Rambutan - o ac aop, papaoa Communications Electronics Security Croup ( pya o eoacoc epox oya, oo oee, cooaoe CCHQ). O poaec oo e aapaoo oy oope a oyeo o o pa "oeao". Ca ao p acepee, pocxea e peaaea poo oepeco poa.

Rambutan coye 112-o (c eoc) oe paoa pex peax: ECB, CBC, 8-o CFB. o c apye oy oo, o o aop - o, o cyx yepa oe. peooeo o ooo p c LFSR. eo peo 80-ox cox p e cpo pao . oo opao c aeo popee, ao x ceo ooo. a co pecp oeceae epe xoa oe oo coo eeo y, oopa ae ece .

oey Rambutan? Booo -a pya, oop o epcy capy, o e yp. Ho c pyo copo ao p oe e .

16.9 Ae eepaop Ae eepaop (oa aaee aaa eepaopa oa ) oe e , a a x peyao c cyae coa, a e cyae [863]. Ca o cee o e eoac, o x oo cooa aece cocax oo eoacx eepaopo.

Haaoe cocoe eepaopa pecae coo acc n-ox co: 8-ox co, 16-ox co, 32-ox co, ..: X1, X2, X3,..., Xm. o epoaaoe cocoe ec o. i-oe coo eepaopa oyaec a Xi = (Xi-a Xi-b Xi-c Xi-m) mod 2n p pao ope oeo a, b, c,..., m epo oo eepaopa e ee 2n-1. O peoa oea ec o, o a aa opaye LFSR acao .

Hapep, (55,24,0) - o p ooe mod 2 14-. o oaae, o a ceyeo a oo eepaopa acaa.

Xi = (Xi-55 Xi-24) mod 2n o paoae, a a y poo ooea p oea. Ec x o oe, oye acao opeoac ooee yco. opooc oo a [249].

Fish Fish - o a eepaop, ocoa a eoax, coyex popeaeo eepaope [190].

O ae oo 32-ox co, oope oy cooa (c oo XOR) c ooo opoo eca oye poeca c ooo poeca oye opoo eca. Haae ao pa pecae coo copaee o Fibonacci shrinking generator - popeae eepaop oa.

Bo epx coye a ceyx ax eepaopa. o ec aae coco x eepaopo.

Ai = (Ai-55 Ai-24) mod Bi = (Bi-52 Bi-19) mod oceoaeoc popeac oapo acoc o aeo aaeo a Bi: ec eo aee pao 1, o apa coyec, ec 0 - oppyec. Cj - o oceoaeoc coyex co Ai, a Dj - o oceoaeoc coyex co Bi. eepa yx 32-ox co-peyao K2j K2j 1 coa coyc apa - C2j, C2j 1, D2j, D2j 1.

E2j = C2j (D2j, D2j 1) F2j = D2j 1 (Ej, C2j 1) K2j = E2j F2j K2j 1 = C2j 1 F2j o aop cp. a poeccope i486/33 peaa Fish a e C pye ae co copoc 15-M/c. coae o ae e eoace, opo cp cocae ooo 240 [45].

Pike Pike - o oeea ypeaa epc Fish, peoea Pocco Aepcoo, e, o oa Fish [45]. O coye p ax eepaopa. Hapep:

Ai = (Ai-55 Ai-24) mod Bi = (Bi-57 Bi-7 ) mod Ci = (Ci-58 Ci-19) mod eepa coa ooa e e a epeoca p coe. Ec ce p oao (ce y ce e), o apyc ce p eepaopa. Ec e, o apyc oo a coaax eepaopa. Coxpae epeoca ceyeo paa. Ooae xoo ec XOR xoo pex eepaopo.

Pike cpee Fish, a a cpee oye peyaa yo 2.75 ec, a e 3. O ae c o o, o ey oep, o oe eoxo.

Mush Mush pecae coo ao popea eepaop. Eo paoy oc eo [1590]. Boe a ax eepaopa: A B. Ec epeoca A ycaoe, apyec B. Ec epeoca B yca oe, apyec A. Tapye A p epeoe ycaaae epeoca. Tapye B p epe oe ycaaae epeoca. Ooae xoo ec XOR xoo A B. poe ceo cooa e e eepaop, o Fish:

Ai = (Ai-55 Ai-24) mod Bi = (Bi-52 Bi-19) mod B cpee eepa ooo xooo coa yo p epa eepaopa. ec oe aoo eepaopa pa pao c ao poc, a xoo oceoae o c ye acaa. Me eeco o ycex cpx, o e aae, o o aop oe o.

16.10 Gifford op (David Gifford) ope ooo p cooa eo poa coo o o ce paoe ocoa c 1984 o 1988 o [608, 607, 609]. Aop coye ece 8-ao p e cp: b0, b1,..., b7. o ec aaoe cocoe pecpa. Aop paoae pee OFB, o p ec acoo e e a paoy aopa. (C. -1-).

C pao a C eo 1 "c a 1 pea e" Cpoc y xoa K P C Pc. 16-17. Gifford.

eepa aa a ki oe b0 b1, a ae oe b4 b7. epeo oyee c a, oya 32-ooe co. Tpe cea ao ye ki.

ooe pecpa oe b1 ce pao "c peae" a 1 cey opao:

pa e oopeeo caec, ocaec a ece. Boe b7 ce eo a o e o, pae pao o oe oc 0. Bo XOR eeoo b1, eeoo b7 b0. C e epoaa a pecpa a 1 pao oec o a pa ey o.

B eee ceo pee cooa o aop ocaac eoac, o o oa 1994 oy [287]. Oaaoc, o ooe opao c e p , a opao, o cp.

16.11 Aop M o aae ao yo [863]. Aop pecae coo coco oe ecoo ceocya x ooo, yea x eoacoc. Bxo ooo eepaopa coyec opa ocaeo xoa pyoo eepaopa [996, 1003]. Ha e C:

Cc coco o, o ec prngA - eceo cyao, eooo eo ya o prngB (, ce oaeo, eooo o poaa ). Ec prngA ee ao , o eo poaa oe oe oo, ec eo xo ocye co oepe (.e., oo ec caaa oe p oaa prngB), a poo cyae oo o cy eceo cyao, o a oa oa eoaco.

16.12 PKZIP Aop poa, cpoe popay ca ax PKZIP, papaoa Poepo a (Roger Schlafly). o ooo p, py ae oao. o pae epe o aop co yec epc 2.04g. e oy eo caa o oee ox epcx, o ec e o ceao ax a e o opao, oo ca c oo epooc, o aop e ec. Aop coy e p 32-ox epeex, apoax cey opao :

K0 = K1 = K2 = coyec 8-o K3, oye K2. Bo o aop ( caapo oa C):

Ci=Pi ^ K K0= crc32 (K0, Pi) K1= K1 (K0 & 0x000000ff) K1 = K1*134775813 K2 = crc32 (K2, K1 >> 24) K3 = ((K2 | 2)* ((K2 | 2)^1)) >> y crc32 epe coe peyee aee a, oe x XOR ce ceyee aee c oo ooea CRC, opeeeoo 0xedb88320. Ha pae 256-eea aa oe pac caa apaee, cee crc32 pepaaec :

crc32 (a, b) = (a >> 8) ^ table [(a & 0xff) b ] Taa paccaec cooec c epoaa opeeee crc32:

table [i] = crc32 (i, 0) poa ooa opoo eca caaa ooe e a a a a o pe poa. oye poec a o ae oppyec. ae oao apye op ec. Opoy ecy peecy eaa cyax ao, o o a cao ee eao. e ppoae oxoe a poae a cee oo, o o opo ec aopa eco Pi c oyec Ci.

eonacocm PKZIP coae oa e co ea. cp yo o 40 o 2000 ao ecoo opoo e ca, peea cooc cp coca ooo 227 [166]. Ha ae epcoao oepe o oo cea a ecoo aco. Ec cao ae coyc ae-y caape aoo, oy e e ecoo opoo eca e pecae coo poe. He coye cpoeoe PKZIP po ae.

aa pye oooe p eepaop acox cyax o ceoaeoce 17.1 RC RC4 - o ooo p c epee paepo a, papaoa 1987 oy Poo Peco RSA Data Security, Inc. B eee ce e o axoc aco coceoc, opooe ocae ao pa peocaoc oo oce oca coae o epaae.

B cepe 1994 o-o aoo oyoa cxo o cce pacc "epa" (Cypherpunks). O cpo pacpocpac eeoepe Usenet sci.crypt epe Internet o pa ftp-cepepa o ce pe. Oaae eax o RC4 ocoepoc oo oa. RSA Data Security, Inc.

oaac aa a opao yy, yepa, o ecop a oyoae aop ocaec opo cepeo, o co oo. C ex op aop ocyac yac Usenet, pacpocpa c a oepex cy aece yeoo oco a ypcax o popa.

Oca RC4 poco. Aop paoae pee OFB: oo e e ac o opoo eca.

coyec S-o paepo 8*8: S0, S1,..., S255. ee peca coo epecaoy ce o 0 o 255, a epecaoa ec ye a epeeo . B aope pec a cea, i j, c ye aa ae.

eepa cyaoo aa oec ceyee :

i = (i 1) mod j = (j Si) mod oe eca Si Sj t = (Si Sj) mod K = St a K coyec oepa XOR c op eco oye poeca oepa XOR c poeco oye opoo eca. poae oec pepo 10 pa cpee, e DES.

Tae ecoa aa S-oa. Caaa ao eo eo: S0 = 0, S1 = 1,..., S255 = 255. a e ao o pyo 256-ao acc, p eoxooc aoe ceo acca oop : K0, K1,..., K255. cao aee eca j pa 0. ae:

for i = 0 to 255:

j = (j Si Ki) mod oe eca Si Sj o ce. RSADSI yepae, o aop yco epeaoy eoy poaay, o, o-oy, e e ax opox o, o o coo cee eee. (Oyoax poaaecx peyao e. RC4 oe axoc pepo 21700 (256! * 2562) oox coco : eepooe co.) S-o eeo eec p cooa : i oeceae eee aoo eea, a j - o ee ec cya opao. Aop acoo ecoe, o oco popaco oy aopoa eo poco o a.

y e oo oo a S-o coa ox paepo. Be a ocaa 8-oa epc RC4. He p, o oop e o opee 16-o RC4 c 16*16 S-oo (100 K a) 16-o coo. Haaa epa ae aoo oe pee - coxpae peeo cxe yo ao 65536-ee acc - o oyc aop oe cpee.

RC4 c o o e oee 40 o oaae cea cop cayco (c. pae 13.8). o cea cayc a e e a eoacoc aopa, xo eee ox e RSA Data Security, Inc. aeao a opaoe. Haae aopa ec opoo apo, ooy a, o ae coc e o, oe aa eo a-o ae. Pae ypee oye RSA Data Security, Inc. o cx op e oyoa [1320, 1337].

a, aoa e cya opy aopa RC4? O oe e ec opo cepeo, ooy o yoo ee oooc ocooac . Oao RSA Data Security, Inc. o aepa oy eo po aoo, o pe eepoa RC4 oepeco poye. Booo e yacc pa poecc, o o aepa pyo oa eee y e, e cyc.

RC4 xo ec oepecx poyo, a Lotus Notes, AOCE oa Apple Computer and Oracle Secure SQL. o aop ae ec ac cea Cooo poo aeo epea ax (Cellular Digital Packet Data) [37].

17.2 SEAL SEAL - o popao e ooo p, papaoa IBM o Poe (Phil Roga way) oo oepco (Don Coppersmith) [1340]. Aop opoa 32-ox poeccopo :

opao pao ey yo oce 32-ox pecpo -a a ecoo oa. o ea cooa eex oepa SEAL oe p peapex ec c o, coxpa peya ecox aax. a coyc ycope poa e ppoa.

Ceecmo nceo cyax yu Ocoeoc SEAL ec o, o o eceoc ec e pao ooo po, a pecae coo ceeco ceocyax y. p 160-oo e k 32-oo n SEAL pacae n L-oy cpoy k(n). L oe pa oe aee, eee 64 a. SEAL, o oy, coye ceyee coco: ec k paec cya opao, o k(n) oo c eo eoo o cyao L-oo y n.

paec e oo, o SEAL ec ceeco ceocyax y, coco o, o o yoe pe poe, e epe paoe oooe p. coy oco oo ox po, coaee ooapaey oceoaeoc o : ece cocoo opee i- , a o i, ec eeppoae cex o o o i-oo. Oe ceeca ceo cyax y coco o, o oee eo oy ocy o o ooa e. o oe oeo.

peca cee, o a yo "ap" ec c. B xoe apoa a 512-ao ceop. coy ceeco ceocyax y, oooe SEAL, coepoe ceopa n oo a poa, o eo XOR c k(n). o o e caoe, a ec a oea oepa XOR ceo ca c o ceocyao ye, a ac o o cpo oe eaco cea e cx poe.

Ceeco ceocyax y ae ypoae poey cxpoa, cpeayc ca apx ooox pax. peoo, o ocaee poae cooe o aay, oopo ae oa epc. C oo ceeca ceocyax y oo apoa o k n-oe epeaaeoe cooee, xn, o XOR xn and k(n). oyae e yo xpa cocoe pa occaoe xn, ey e pxoc ecooc o oepx cooex, x a poecc e ppoa.

Onucaue SEAL Bype SEAL oaa a 16th. Aop ypaec pe oye a aa: R, S T. peapea opaoa oopaae k a a c oo poeyp, ocoao a SHA (c. pae 18.7). 2-oaa aa T pecae coo S-o 9*32 o.

T Coae R a a (SHA) S l a M1 M2 M3 M a n B1 B2 B3 B63 B Pc. 17-1. Bype SEAL.

SEAL ae coye epe 32-ox pecpa, A, B, C D, aae ae oopx opee c n oye o k aa R T. pecp ec xoe epa, aa oopx c o co oc ao. Ha ao ae 9 o epoo pecpa (ce pao A, B, C D) coyc aece eca a T. ae paoe T aee caaec co op pecpo (coa ooy A, B, C D) oeec c eo coep c oo XOR. oo ep pecp ec caec a 9 o. Ha eoopx aax opo pecp aee opyec c oo coe XOR c coep epoo pecpa (ye cy). oce 8 ax ao A, B, C D oac ooy e, p o a x acpyec coee XOR c opeee coo S. epa a epaec paee A C ooex ae, acx o n, n1, n2, n3, n4, op opeoo ae opeeec eoc oepa epa. o oy, p papaoe o cxe a ceye e:

1. cooae ooo, cepeoo, oyaeoo a S-oa (T).

2. epeyec eoypyee apeece oepa (coee XOR).

3. cooae ypeeo coco, oepaeoo po, oopoe e poec o o oe ax (ae ni, oope opy A C oe ao epa).

4. eee y aa cooec c oepo aa eee y epa cooe c c oepo epa.

poa aoo aa eca SEAL peye ooo eeapx oepa. Ha 50 eaepoo poeccope i486 o paoae co copoc 58 M/c. SEAL ooo ec ca cp ocax o e.

C pyo copo SEAL oe o peapey opaoy, ao ypee a.

Paep x a cocae pepo 3 a, a x pacea yo pepo 200 ce SHA. Ta opao, SEAL e oxo ex cyae, oa e xaae pee opao a a xpae a.

eonacocm SEAL SEAL ocaoo o aop, ey ee peco po epe opo opoo poaaa. o ae opeeey acopoeoc. Oao SEAL aec xopoo poya aopo. Eo oco eoc, oeo cee, aoe cco. oy e o oepc caec y poaa o pe.

amem u ueuu SEAL aaeoa [380]. o ooy epoa yo opaac paey o e IBM ( Director of Licenses, IBM Corporation, 500 Columbus Ave., Thurnwood, NY, 10594 ).

17.3 WAKE WAKE - copaee o Word Auto Key Encryption (Aoaecoe poae co o)- o a o p, pya o epo (David Wheeler) [1589]. O ae oo 32-ox co, oope c oo XOR oy cooa oye poeca opoo eca opoo eca poeca. o cp aop.

WAKE paoae pee CFB, eepa ceyeo coa a coyec peyee coo poeca. Aop ae coye S-o 256 32-ox ae. o S-o oaae o oco coco: Cap a cex eeo pecae coo epecaoy cex oox ao, a ax aa cya.

Caaa o y ceeppye ee S-oa, Si. ae poapye epe pecpa c co oae oo e oo a: a0, b0, c0 d0. eepa 32-ooo coa ooa e Ki.

Ki = di Coo poeca Ci pecae coo XOR coa opoo eca Pi c Ki. ae oo epe pe cpa:

ai 1 = M(ai,di) bi 1 = M(bi,ai 1) ci 1 = M(ci,bi 1) di 1 = M(di,ci 1) y M pecae coo M(x,y) = (x y) >> 8 S(x y)^ Cxea aopa oaaa a 15-. a >> ooaae o, e ec c pao. Mae o x y c xoo S-oa. ep po poeypy eepa S-oa, o a cao ee oa e oa. ye paoa o aop eepa cyax ao cyao epecao.

M D M C M B M A K P C Pc. 17-2. WAKE.

Ca e aeco WAKE ec eo copoc. Oao o ycee cp c pa op eco pa poeco. o aop cooac peye epc a pyco popa -pa Coooa.

17.4 Coe pecp c opao c o epeocy Co pecp c opao c o epeocy, FCSR (feedback with carry shift register), oxo a LFSR. B oox ec co pecp y opao c, paa o, o FCSR ec ae pecp epeoca (c. 14-). Beco oe XOR a ce a ooo oceoaeoc c a ac py c pyo c coep pecpa epeoca. Peya mod 2 caoc o o. Pe ya, ee a 2, caoc o coep pecpa epeoca.

Co pecp Cya mod Bxoo ... b4 b3 b2 b bn bn- Cya Cya div Pc. 17-3. Co pecp c opao c o epeocy.

Ha 13- pee pep 3-ooo FCSR c oee epo opo ox. yc eo aa oe aee 001, a aaoe coepoe pecpa epeoca pao 0. Bxoo ye ec pa pa cooo pecpa.

Co pecp Pecp epeoca 0 0 1 1 0 0 0 1 0 1 0 1 1 1 0 1 1 1 0 1 1 1 0 1 0 1 0 0 0 1 0 0 0 1 0 0 Cya mod Bxoo b3 b2 b Cya Cya div Pc. 17-4. 3-o FCSR.

ae, o oeoe ypeee cocoe (a coepoe pecpa epeoca ) coaae co op ype cocoe. C oo oea oceoaeoc ec oopec c epoo, pa 10.

Co yoy ee o ecox oeax. Bo epx, pecp epeoca ec e o, a co.

Paep pecpa epeoca oe e ee log2t, e t - o co oee. B peye pepe oo p oee, ooy pecp epeoca ooo. Ec o epe oee, o pecp epeoca coco yx o o pa ae 0, 1, 2 3.

Bo opx, cyecye aaa aepa pee, e FCSR epee ec pe. B pey e pepe oa e oopec oo oo cocoe. ox oee cox FCSR aepa oe oe.

B pex, aca epo FCSR e 2n-1, e n - a cooo pecpa. Maca epo pae q-1, e q - o eoe co c. o co aae oee opeeec a :

q = 2ql 22q2 23q3... 2nqn- (a, qi ocac cea apao.) ae xye, q oo poc co, oopoo 2 e c p ope. B aee peoaaec, o q yoeope oy yco.

B peeo pepe q = 2*0 4*1 8*1 - 1 == 11. 11 - o pocoe co, p ope oop o o ec 2. Pooy aca epo pae 10.

He ce aae coco a aca epo. Hapep, paccop FCSR c aa ae e 101 pecpo epeoca, ycaoe 4.

Co pecp Pecp epeoca 1 0 1 1 1 0 1 1 1 1 1 1 C oo oea pecp eae ecoey oceoaeoc e.

oe aaoe cocoe po oo epex cya. Bo epx, oo oe ac a caoo epoa. Bo opx, oo oe epe oceoaeoc acaoo epoa oce a ao aep. B pex, oce aao aep oo oe opo ecoey oceoaeoc ye. B eepx, oce aao aep oo oe opo ecoey oceoaeoc e.

opeee, e aoc opeoe aaoe cocoe, cyecye aeaeca opya, o aoo poe poep o o ye. ayce a eoopoe pe FCSR. (Ec m - o aa oe a, a t - oeco oee, o ocaoo log2(t) log2(m) 1 ao.) Ec xoo oo poaec ecoey oceoaeoc ye e a n o, e n - o a FCSR, e c oye o aaoe cocoe. B poo cyae eo oo cooa. Ta a aaoe cocoe FCSR cooecye y ooooo pa, o oaae, o p e eepaopa a ae FCSR yy ca.

B 16- epece ce ee ca c, ee 10000, oopx 2 ec p ope.

cex x ce aca epo pae q-1. o oy o ooy x ce oceoae oc oee, paccae ap coca q 1. Hapep, 9949 ae oceoaeoc oee ox 1, 2, 3, 4, 6, 7, 9, 10 13, a a 9950 = 213 210 29 27 26 24 23 22 B 15- epece ce ooe oceoaeoc epex oee, oope a FCSR ac ao cox pecpo c o 32 a, 64 a 128 o. q, pocoe co, p ope oopoo ec 2, oyaec oeee cex epex ae, a, b, c d.

q = 2a 2b 2c 2d - coa FCSR c epoo q - 1 oo cooa y x oceoaeoce.

e cooa popa FCSR ce ee ec oe oo, epe oa a ya aepo (Andy Klapper) Mapo opec (Mark Goresky) [844, 845, 654, 843, 846]. Tae, a aa LFSR ocoa a coe px ooeo mod 2, aa FCSR ocoa a coe ex ce, a aex 2-adic. Cooecya eop xo aeo a pee o , o pe 2-adic ce cyec y aao ceo. Too ae, a opeeec ea cooc, oo opee 2-adic co oc. Cyecye 2-adic aao aopa Berlekamp-Massey. o oaae, o epee oox ooox po o pae epe yoc. Bce, o oo ea c LFSR, oo ea c FCSR.

Cyecy pao, paae y e paccapae ecoo pecpo epeoca. Aa x eepaopo oceoaeoce ocoa a coe paeex pacpe 2-adic ce [845, 846].

17.5 oooe p, coye FCSR oooe p a ae FCSR e oca epaype, eop ce ee co oa. o a-o "oa aa ae" peoy ec ecoo apao. oxaa a apae: peaa oo oe p a ae FCSR, oope coaa c paee peoe eepaopa LFSR, a ae pea a oooe p, coye FCSR LFSR oopeeo. eoacoc epoo apaa ooo oe poaapoaa c oo 2-adic ce, eepaop opoo apaa e oy poaa poa c cooae aepaecx eoo - ooo x aa oe oe oo oc e opao. B o cyae, ao pa LFSR FCSR c ao poc epoa.

Bce pe oo. Ceac e eeco o peaa, o aae oo x e. ooe ecoo e pocapae epaypy, pee e oepe oy x e.

acae eepamop Cyecye a cocoa cooa FCSR acax eepaopax:

aca FCSR. aca oaa c FCSR eco LFSR.

aca LFSR/FCSR. aca oaa c eepaopa, e LFSR a FCSR aoopo.

ouupoae eepamop FCSR eepaop coy epeeoe oeco LFSR / FCSR oeco y, oe x pecp. Oepa XOR papyae aepaece coca FCSR, ooy ee cc cooa y oepa x oee. eepaop, oaa a 12th, coye epeeoe co FCSR. Eo xoo ec XOR xoo oex FCSR.

py eepaopa, c pae aaox , c :

eepaop eoc FCSR. Bce pecp - FCSR, a oea y - XOR.

eepaop eoc LFSR/FCSR. coyec cec LFSR FCSR, oeex c oo XOR.

opoo eepaop FCSR. Bce pecp - FCSR, a oee ye ec aoppoae.

opoo eepaop LFSR/FCSR. coyec cec LFSR FCSR, oeex c oo ao ppoa.

Cypy eepaop FCSR. Bce pecp - FCSR, a oea y - coee c epeoco.

Cypy eepaop LFSR/FCSR. coyec cec LFSR FCSR, oeex c oo coe c epeoco.

Ta. 17-1.

ee ae c FCSR c aca epoo 2 211 587 5 227 613 11 269 619 13 293 653 19 317 659 29 347 661 37 349 677 53 373 701 59 379 709 61 389 757 67 419 773 83 421 787 101 443 797 107 461 821 131 467 827 139 491 829 149 509 853 163 523 859 173 541 877 179 547 883 181 557 907 197 563 941 1453 2683 3947 1483 2693 3989 1493 2699 4003 1499 2707 4013 1523 2741 4019 1531 2789 4021 1549 2797 4091 1571 2803 4093 1619 2819 4099 1621 2837 4133 1637 2843 4139 1667 2851 4157 1669 2861 4219 1693 2909 4229 1733 2939 4243 1741 2957 4253 1747 2963 4259 1787 3011 4261 1861 3019 4283 1867 3037 4349 1877 3067 4357 1901 3083 4363 1907 3187 4373 1931 3203 4397 1949 3253 4451 1973 3299 4483 1979 3307 4493 1987 3323 4507 1997 3347 4517 2027 3371 4547 2029 3413 4603 2053 3461 4621 2069 3467 4637 2083 3469 4691 2099 3491 4723 2131 3499 4787 2141 3517 4789 2213 3533 4813 2221 3539 4877 2237 3547 4933 2243 3557 4957 2267 3571 4973 2269 3581 4987 2293 3613 5003 2309 3637 5011 2333 3643 5051 2339 3659 5059 2357 3677 5077 2371 3691 5099 2389 3701 5107 2437 3709 5147 2459 3733 5171 2467 3779 5179 2477 3797 5189 2531 3803 5227 2539 3851 5261 2549 3853 5309 2557 3877 5333 2579 3907 5387 2621 3917 5443 2659 3923 5477 2677 3931 5483 6907 7589 8429 6917 7603 8443 6947 7621 8467 6949 7643 8539 6971 7669 8563 7013 7691 8573 7019 7717 8597 7027 7757 8627 7043 7789 8669 7069 7829 8677 7109 7853 8693 7187 7877 8699 7211 7883 8731 7219 7901 8741 7229 7907 8747 7237 7933 8803 7243 7949 8819 7253 8053 8821 7283 8069 8837 7307 8093 8861 7331 8117 8867 7349 8123 8923 7411 8147 8933 7451 8171 8963 7459 8179 8971 7477 8219 9011 7499 8221 9029 7507 8237 9059 7517 8243 9173 7523 8269 9181 7541 8291 9203 7547 8293 9221 7549 8363 7573 8387 Ta. 17-2.

Ooe oceoaeoc FCSR acao (32, 6, 3, 2) (32, 29, 19, 2) (64, 27, 22, 2) (64, 49, 19, 2) (32, 7, 5, 2) (32, 29, 20, 2) (64, 28, 19, 2) (64, 49, 20, 2) (32, 8, 3, 2) (32, 30, 3, 2) (64, 28, 25, 2) (64,52,29,2) (32, 13, 8, 2) (32, 30, 7, 2) (64, 29, 16, 2) (64,53,8,2) (32, 13, 12, 2) (32, 31, 5, 2) (64, 29, 28, 2) (64, 53, 43, 2) (32, 15, 6, 2) (32, 31, 9, 2) (64, 31, 12, 2) (64, 56, 39, 2) (32, 16, 2, 1) (32, 31, 30, 2) (64, 32, 21, 2) (64, 56, 45, 2) (32, 16, 3, 2) (64, 35, 29, 2) (64, 59, 5, 2) (32, 16, 5, 2) (64, 3, 2, 1) (64, 36, 7, 2) (64, 59, 8, 2) (32, 17, 5, 2) (64,14,3,2) (64, 37, 2, 1) (64, 59, 28, 2) (32, 19, 2, 1) (64,15,8,2) (64, 37, 1 1, 2) (64, 59, 38, 2) (32, 19, 5, 2) (64, 17, 2, 1) (64,39,4,2) (64,59,44,2) (32, 19, 9, 2) (64, 17, 9, 2) (64, 39, 25, 2) (64, 60, 49, 2) (32, 19, 12, 2) (64, 17, 16, 2) (64, 41, 5, 2) (64, 61, 51, 2) (32, 19, 17, 2) (64, 19, 2, 1) (64, 41, 1 1, 2) (64, 63, 8, 2) (32, 20, 17, 2) (64, 19, 18, 2) (64,41,27,2) (64, 63, 13, 2) (32, 21, 9, 2) (64, 24, 19, 2) (64, 43, 21, 2) (64, 63, 61, 2) (32, 21, 15, 2) (64, 25, 3, 2) (64, 43, 28, 2) (32,23,8,2) (64,25,4,2) (64, 45, 28, 2) (96, 15, 5. 2) (32, 23, 21, 2) (64, 25, 1 1, 2) (64, 45, 41, 2) (96, 21, 17, 2) (32, 25, 5, 2) (64, 25, 19, 2) (64, 47, 5, 2) (96, 25, 19, 2) (32, 25, 12, 2) (64, 27, 5, 2) (64, 47, 21, 2) (96, 25, 20, 2) (32,27,25,2) (64, 27, 16, 2) (64, 47, 30, 2) (96, 29, 15, 2) (96, 29, 17, 2) (96, 77, 31, 2) (128, 43, 25, 2) (128,97,75,2) (96, 30, 3, 2) (96, 77, 32, 2) (128,43,42,2) (128, 99, 13, 2) (96, 32, 21, 2) (96, 77, 33, 2) (128,45,17,2) (128, 99, 14, 2) (96, 32, 27, 2) (96,77,71,2) (128,45,27,2) (128, 99, 26, 2) (96,33,5,2) (96,78,39,2) (128, 49, 9, 2) (128, 99, 54, 2) (96, 35, 17, 2) (96, 79, 4, 2) (128, 51, 9, 2) (128, 99, 56, 2) (96, 35, 33, 2) (96, 81, 80, 2) (128, 54, 51, 2) (128, 99, 78, 2) (96, 39, 21, 2) (96, 83, 14, 2) (128, 55, 45, 2) (128, 100, 13, 2) (96,40,25,2) (96, 83, 26, 2) (128, 56, 15, 2) (128, 100, 39, 2) (96, 41, 12, 2) (96, 83, 54, 2) (128, 56, 19, 2) (128,101,44,2) (96, 41, 27, 2) (96, 83, 60, 2) (128,56,55,2) (128, 101, 97, 2) (96, 41, 35, 2) (96, 83, 65, 2) (128, 57, 21, 2) (128, 103, 46, 2) (96, 42, 35, 2) (96, 83, 78, 2) (128, 57, 37, 2) (128, 104, 13, 2) (96, 43, 14, 2) (96, 84, 65, 2) (128, 59, 29, 2) (128, 104, 19, 2) (96, 44, 23, 2) (96, 85, 17, 2) (128, 59, 49, 2) (128, 104, 35, 2) (96, 45, 41, 2) (96, 85, 31, 2) (128, 60, 57, 2) (128,105,7,2) (96, 47, 36, 2) (96, 85, 76, 2) (128,61,9,2) (128, 105, 11, 2) (96, 49, 31, 2) (96,85,79,2) (128, 61, 23, 2) (128, 105, 31, 2) (96,51,30,2) (96,86,39,2) (128, 61, 52, 2) (128, 105, 48, 2) (96,53,17,2) (96,86,71,2) (128, 63, 40, 2) (128, 107, 40, 2) (96, 53, 19, 2) (96, 87, 9, 2) (128, 63, 62, 2) (128, 107, 62, 2) (96, 53, 32, 2) (96, 87, 44, 2) (128, 67, 41, 2) (128, 107, 102, 2) (96, 53, 48, 2) (96, 87, 45, 2) (128, 69, 33, 2) (128, 108, 35, 2) (96, 54, 15, 2) (96, 88, 19, 2) (128, 71, 53, 2) (128,108,73,2) (96, 55, 44, 2) (96, 88, 35, 2) (128, 72, 15, 2) (128,108,75,2) (96, 55, 53, 2) (96, 88, 43, 2) (128,72,41,2) (128,108,89,2) (96, 56, 9, 2) (96,88,79,2) (128, 73, 5, 2) (128, 109, 1 1, 2) (96,56,51,2) (96, 89, 35, 2) (128, 73, 65, 2) (128, 109, 108, 2) (96, 57, 3, 2) (96, 89, 51, 2) (128, 73, 67, 2) (128, 1 10, 23, 2) (96, 57, 17, 2) (96, 89, 69, 2) (128, 75, 13, 2) (128, Ill, 61, 2) (96, 57, 47, 2) (96, 89, 87, 2) (128, 80, 39, 2) (128, 113, 59, 2) (96, 58, 35, 2) (96, 92, 51, 2) (128,80,53,2) (128, 114, 83, 2) (96, 59, 46, 2) (96,92,71,2) (128, 81, 55, 2) (128,115,73,2) (96, 60, 29, 2) (96, 93, 32, 2) (128, 82, 67, 2) (128, 117, 105, 2) (96, 60, 41, 2) (96, 93, 39, 2) (128, 83, 60, 2) (128, 119, 30, 2) (96, 60, 45, 2) (96, 94, 35, 2) (128, 83, 61, 2) (128, 119, 101, 2) (96, 61, 17, 2) (96, 95, 4, 2) (128, 83, 77, 2) (128, 120, 9, 2) (96, 63, 20, 2) (96, 95, 16, 2) (128, 84, 15, 2) (128, 120, 27, 2) (96, 65, 12, 2) (96, 95, 32, 2) (128, 84, 43, 2) (128,120,37,2) (96, 65, 39, 2) (96, 95, 44, 2) (128,85,63,2) (128, 120, 41, 2) (96, 65, 51, 2) (96, 95, 45, 2) (128,87,57,2) (128, 120, 79, 2) (96, 67, 5, 2) (128,87,81,2) (128, 120, 81, 2) (96, 67, 25, 2) (128, 5, 4, 2) (128, 89, 81, 2) (128, 121, 5, 2) (96,67,34,2) (128, 15, 4, 2) (128, 90, 43, 2) (128, 121, 67, 2) (96, 68, 5, 2) (128, 21, 19, 2) (128, 91, 9, 2) (128, 121, 95, 2) (96, 68, 19, 2) (128, 25, 5, 2) (128, 91, 13, 2) (128, 121, 96, 2) (96, 69, 17, 2) (128, 26, 11, 2) (128, 91, 44, 2) (128, 123, 40, 2) (96,69,36,2) (128,27,25,2) (128, 92, 35, 2) (128,123,78,2) (96, 70, 23, 2) (128, 31, 25, 2) (128,95,94,2) (128, 124, 41, 2) (96, 71, 6, 2) (128, 33, 21, 2) (128, 96, 23, 2) (128, 124, 69, 2) (96, 71, 40, 2) (128, 35, 22, 2) (128, 96, 61, 2) (128, 124, 81, 2) (96, 72, 53, 2) (128, 37, 8, 2) (128, 97, 25, 2) (128, 125, 33, 2) (96, 73, 32, 2) (128, 41, 12, 2) (128, 97, 68, 2) (128, 125, 43, 2) (96, 77, 27, 2) (128, 42, 35, 2) (128, 97, 72, 2) (128,127,121,2) Pecp- Pecp- Oea Pecp- y Pecp-n Pc. 17-5. opoae eepaop.

aca LFSR/FCSR c cyupoaue/emocm o eop coee c epeoco papyae aepaece coca LFSR, a XOR papyae aepae ce coca FCSR. a eepaop oee e, coyee epecex cypye eepaope LFSR/FCSR eepaope eoc LFSR/FCSR, c acao oaa.

eepaop pecae coo oceoaeoc acco pecpo, apoae aoo acca ope eec xoo peyeo acca. Ha 11- oaa o a aoo eepaopa. Tapyec ep acc LFSR, peya oec coee c epeoco. Ec xo y oee pae 1, o apyec cey acc ( FCSR), xo x FCSR oeec c xoo peye y oee c oo XOR. Ec xo epo y oee pae 0, o acc FCSR e a pyec, xo poco caaec c epeoco, oye a peye ae Ec xo o opo y oee pae 1, o apyec pe acc ( LFSR), ..

LFSR FCSR LFSR FCSR Cyaop c XOR LFSR epeoco FCSR LFSR FCSR Pc. 17-6. pya eepaop.

eepaop coye oo pecpo: n*m, e n - oeco ao, a m - oeco pecpo a ae.

peoey n = 10 m = 5.

epeyuec eepamop "cmon-noe" eepaop coy FCSR eco eoopx LFSR. poe oo, oepa XOR oe aeea coee c epeoco (c. 10-).

eepaop "co-oe" FCSR. Pecp-1, Pecp-2 Pecp-3 - o FCSR. Oea y XOR.

eepaop "co-oe" FCSR/LFSR. Pecp-1 - FCSR, a Pecp-2 Pecp-3 - LFSR. Oea y - coee c epeoco.

eepaop "co-oe" LFSR/FCSR. Pecp-1 - LFSR, a Pecp-2 Pecp-3 - FCSR. Oea y - XOR.

Pecp- Pecp- Oea y Pecp- Pc. 17-7. epeyc eepaop "co-oe" popeuaee eepamop Cyecye epe ocox a eepaopo, coyx FCSR:

popeae eepaop FCSR. popeae eepaop c FCSR eco LFSR.

popeae eepaop FCSR/LFSR. popeae eepaop c LFSR, popea FCSR.

popeae eepaop LFSR/FCSR. popeae eepaop c FCSR, popea LFSR.

Caopopeae eepaop FCSR. Caopopeae eepaop c FCSR eco LFSR.

17.6 Coe pecp c eeo opao c Hepyo peca oee coy, e coyea LFSR FCSR, oceoaeoc opao c. poea o, o e cyecye aeaecoo aapaa, ooeo poec aa ax o ceoaeoce. o-o oyc, o o ae o? Bo eoope poe, cax co co pecpa c eeo opao c.

B xoo oceoaeoc oy cee, apep, e oe oe, e ye.

Maca epo oceoaeoc oe ee, e oaoc.

epo oceoaeoc pax aax ae oe pa.

oceoaeoc aoe-o pe oe e a cyaa, a oo "caac" ece oy ae. (o oo eo ycpa, o XOR paeo paoo a c eeo y e.) co ec o, o -a ocyc eop aaa cox pecpo c eeo opao c cyecye eoo cocoo poaapoa oooe p, ocoae a ax pecpax.

cooa coe pecp c eeo opao c oo, o oe ocopoo.

B coo pecpe c eeo opao c y opao c oe pooo (apep, a a ).

Pc. 17-8. Co pecp c eeo opao c (ooo eeoac).

b3 b2 b Pc. 17-9. 3-o co pecp c eeo opao c.

Ha 8- oaa 3-o eepaop co ceye opao c: o o ec poeee epoo opoo o. Ec eo poapoa aee 110, o oceoaeoc ypex co co ye ceye:

1 1 0 1 1 0 0 1 0 0 0 0 0 0 a o ecoeoc. Bxoo ec oceoaeoc ax aax o :

0 1 1 0 1 0 0 0 0 0 0 0....

o e co oeo.

Moe xye. Ec aaoe aee 100, o cey coco c 010, 001, a ae cea 000. Ec aa aee ec 111, o oo ye oopc cea c caoo aaa.

a poeaa opeeea paoa o ce eo cooc poee yx LFSR [1650, 726, 1364, 630, 658, 659]. ocpy, aa cee LFSR a oe eex xapaepc [310] e ec eoaco [842.].

17.7 pye oooe p B epaype ocac pye oooe p. Bo eoope x.

eepamop ecca (Pless) o eepaop coye coca J-K pepo [1250]. Boce LFSR ypa ep J-K pepa;

a pep eeo oee a LFSR. o ea poe, o xo pepa opeee co, aee ceyeo xooo a, oce apoa epex pepo x xo epeeac oye ooaeoo ooa e.

o aop poaaec oa c oo cp aoo pepa oeoc [1356]. oy e, oeee J-K pepo cao popaec;

eepaop aoo a e yco epe oppeo cpe [1451].

eepamop a ae emooo amoama B [1608, 1609], C Bopa (Steve Wolfram) peo cooa aece eepaopa ceoc y ax ce ooep eo aoa. Paccopee eooo aoaa e ec peeo o , o eepaop Bopaa coco ooepoo acca o a1, a2, a3,..., ak,..., an y oo e:

ak'= ak-1 (ak ak 1) eaec ooo ae ak, peao ce pao aoo.

eepaop ee ce a oe cya. Oao x eepaopo cyecye yceoe cpe c ec op eco [1052]. o cpe oo a PC co ae n o o 500 o.

poe oo, o ape (Paul Bardell) oaa, o xo eooo aoaa oe ae ceepp o a c oo cooo pecpa c eo opao c o e , ceoaeo, e ae o e eoacoc [83].

eepamop 1/p o eepaop peoe oepy poaay [193]. Ec ypeee cocoe eepaopa oe pee t pao xt, o xt 1 = bxt mod p Bxoo eepaopa ec a aa xt div p, e div - o eoceoe eee c ycee e. acaoo epoa oca b p o pa a, o p - pocoe co, a b - p ope mod p. coae, o eepaop e eoace. (ae, o b = 2 FCSR e c a c ae oceoaeoc, opay ao.) crypt(1) Opa aop poa UNIX, crypt(1), pecae coo ooo p, coy e e e, o a. o 256-ee, oopoop ocaoo p c opaaee. poop, opaae oyac a. o aop aoo poe, e eea a pee opo poo o, apoaoy poaay ecoo eo oa [1576, 1299]. cp ao, apoax crypt(1), oo cooa cooo ocyy popay UNIX, aaey Crypt Break ers Workbench (CBW, cpye oa po).

pyue cxe Ee o eepaop ocoa a poee paa (c. pae 19.2) [1363]. CRYPTO-LEGGO eeoace [301]. oa e (Joan Daemen) papaoaa SubStream, Jam StepRightUp [402], o o co o, o x oepoa. Moeco pyx aopo ocao epaype, o ee oe xpac ce pee cpoeo aapaypy.

17.8 Cceo-eopeec oxo poepoa ooox po Ha pae, poepoae ooooo pa o oo oxoe poepoae ooo pa. B o cyae coyec oe aeaeco eop, o oe oo popa peaae ay-o cxey ae aec o ee aa.

Coaco Paepy Pey cyecye epe pax oxoa poepoa ooox po [1360, 1362]:

Cceo-eopeec oxo. coy p yaeax pepe aoo poepoa, aec yocoepc, o aa cxea coae coy eecy poey poaa a,.

opaoo-eopeec oxo. aec coxpa op ec ae o poaaa.

Heaco o oo, a oo ec o poaa, o oa e oy ooaoo pee.

Cooco-eopeec oxo. aec cooa aece ocoa pocce e oopy ecy coy poey, ay a paoee a oe e cpex oapo, cea poccey aeo o poee.

Paopoa oxo. aec coa peao oy poey, aca poaa a poep oeco ecccex ax xoe oo poaaa.

oxo oac peooe o ooocx cocoocx poaaa, opeeee ycexa poaaa oae eoacoc. oco cceoa o oac - eopeece, o cpe ecoex ooox po ec oe pe.

Cceo-eopeec oxo cooac o cex paee peex ooox pax, peyao eo pee c oco coyex peao pe ooox po. popa papa aae eepaop ooa e, oaae poepe xapaepca eoacoc - epoo, pacpeeee o, eo cooc .. - a e p, ocoae a aeaeco eop.

popa ae yae pae eo poaaa x eepaopo poepe, yco e e paop o ooe cocoa cp.

Co peee o oxo pe oe aopa pepe poepoa ooox po [1432, 99, 1357, 1249]. O paccapac Peo [1362], e o opoo po eopeece oco x pepe.

epo e oope.

pep eo cooc - oa ea cooc, e po cooc, oaa ea cooc ..

Cacece pep, apep, eae k-epe pacpeee.

yaa - a ooa e oe co peopaoae cex oca o a.

y - ooc ocpyypax oa pacceac, po oee "paaao" ca ce.

pep eeoc oecx y, ae a ocyce oppe m-o opa, pac coe o ex y, a pep, ..

o epee pepe poepoa e yae ooox po, papaoax c oo cceo-eopeecoo oxoa, o cpae cex ooox po. o cpaeo cex ox po. Ocoeoc cceo-eopeecoo oxoa ec o, o oooe p e o cpeceo papaaac, o yoeop pep.

ao poeo ax pocce ec eoooc oaa x eoacoc, oa e o oaao, o pep poepoa eoxo ocao eoacoc. eepaop ooa e oe yoeop ce paa papao, o e e eee oaac eeoac. pyo o e oaac eoac. o poecce ce ee ocaec o-o aecoe.

C pyo copo cpe oo x eepaopo ooa e pecae coo oy p o ey poaaa. Ec ye papaoao ocaoo pax eepaopo, oe oaac, o poaa e cae pa pe, aa a x. Moe, eo oe aepecye oo oc pocac, ocy ycexa, paaa a oe oe ca c cpee o a p.

17.9 Cooco-eopeec oxo poepoa ooox po Pe ae oep cooco-eopeec oxo poepoa ooox po. B cooe c c popa aec cooa eop cooc, o oaa eo eepaop eoac.

Ceoaeo, eepaop o a oo oe coee, ocoac a ex e pyx po e ax, o popa c op a. , ae a aop c op a, o oa a c ee poo.

eepamop nceocyax uce aupa ap cooa aece eepaopa ceocyax ce aop RSA [1417]. Xo ap oaa, o pecaae xoa eepaopa ceocyax ce paoco oy RSA, oeaoe ceee xoa a poeocppoaa [1401, 200].

eepamop Blum-Micali eoacoc oo eepaopa opeeec pyoc ce cpex oapo [200]. yc g - pocoe co, a p - ee oo pocoe co. x0 aae poecc:

xi 1 = gx mod p i Bxoo eepaopa ec 1, ec xi < (p - 1)/2, 0 poo cyae.

Ec p ocaoo eo, o cee cpex oapo mod p cao ec eoo, o o eepaop eoace. ooee eopeece peya oo a [1627, 986, 985, 1237, 896, 799].

RSA o eepaop RSA [35, 36] ec oae [200]. Haae apaep - oy N, poeee yx ox pocx ce p q, eoe co e, ooceo pocoe c (p-1)(q-1), a ae capooe cy aoe co x0, eee N.

xi 1 = xe mod N i Bxo eepaopa pecae coo a aa xi. eoacoc oo eepaopa opaec a cooc cp RSA. Ec N ocaoo eo, o eepaop eoace. ooea eop pe ea [1569, 1570, 1571, 30, 354].

Blum, Blum, and Shub poce aoee e eepaop, coy cooco-eopeec oxo, ec cox aopo aaec Blum, Blum, and Shub. M copa eo aae o BBS, xo oa eo aa eepaopo c apa ocao [193].

Teop eepaopa BBS coye apae oca o oy n (c. pae 11.3). Bo a o paoae.

Caaa ae a pocx ca, p q, oope opy 3 modulo 4. poeee x ce, n, ec e co a (Blum). Bepe pyoe cyaoe eoe co x, ao pocoe c n. Bc x0 = x2 mod n o capooe co eepaopa.

Teep oo aa c . i- ceocya o ec a aa xi, e xi = xi-12 mod n Ca py coco oo eepaopa ec o, o oye i-o a e yo c peye i-1 . Ec a ec p q, oee c i- eocpeceo.

i bi - o a aa xi, e xi = x0(2 ) mod(( p-1)(q-1)) o coco oaae, o oee cooa o popaec c eepaop ceoc y ax ce aece oooo pocce aa c poo ocyo.

eoacoc o cxe ocoaa a cooc paoe n a oe. Moo oyoa n, a o o yoo oe eeppoa c oo eepaopa. Oao oa poaa e coe pa o n a oe, o oa e coe pecaa xo eepaopa - ae yepa o-y poe: "Cey c epooc 51 poe ye ee ".

oee oo, eepaop BBS epecaye eo apae epecaye pao apae.

o oaae, o oy oceoaeoc, ay eepaopo, poaa e coe pecaa cey, pey oceoaeoc. o ao e eoacoc, ocoao a ao o oy e oo coo eepaope o, a aeao paoe n a oe.

o aop eee, o ec coco eo ycop. Oaaec, o aece ceocyax o oo cooa ecoo aoo xi. B cooec c [1569, 1570, 1571, 35, 36] ec n - a xi, oo cooa log2n ax aax o xi. eepaop BBS cpaeo ee e oxo ooox po. Oao cooaex poe, ax a eepa e, o eepaop ye ox pyx.

17.10 pye oxo poepoa ooox po p opaoo-eopeeco oxoe ooo pa peoaaec, o poaa o aae eopae peee ceo ooc. Ece paec peaoa ooo po, ae o aoo poa, ec oopao oo (c. pae 1.5). Ta a ca ooe e oe yoo, eo oa aa oopaoo eo. Ha yx ax eax, a oo poa, a a pyo eppoa, oe aca e oo e. poa poco oec XOR opoo eca c a e. eppoa oec XOR poeca c a pyo, eo e. O o e oo e e c ooa a. Ta a ooa e eceo cya, pecaa oo e eo oo. Ec ca e oce cooa, o eoacoc ye acoo (p yco, o y oo-o pyoo e o e).

pyo opaoo-eopeec ooo p, papaoax ayco oppo ( Claus Schnorr) peoaae, o poaa ee ocy oo opaeoy cy o poeca [1395]. Pe ya c co eopeec results e e paecoo ae. opooc oo a [1361, 1643,1193].

C oo paopoaoo ooooo pa popa aec cea peee poe, co e epe poaao, ec eoo. oo, coxpa eoo paep cepeoo a, popa aeo yeae oeco o, c oop pec e eo poaa y. o oe ceao a ce cooa p poa eppoa oo oy o ao cyao cpo. e yaae, ae ac cpo yy cooa p poa e ppoa. poaay, e aey a, pec epepa cyae oa ace cpo. eoacoc aoo pa oo pa c oo cpeeo ca o, oope oe po e p poaa pee, e epoocopee aeo yyc o cpae c epo oc pocoo yaa.

up "Pun a Bu" ec Macce (James Massey) eap eapco (Ingemar Ingemarsson) peo p "P a B" [1011], aa a, ooy o oyae, o aa eppoae, oe oy 2n o poeca. Aop, oaa a 7-, poc peaa, apapoao eoace coepeo epae. poco oe XOR opoo eca c ooo e aepe oo e a pe o 0 o 20 e - oa aepa ec ac a. o coa Macce: "Moo eo oaa, o pae coy poaay cp pa oaoc c e, ec o-o coacc ooa c e e opoo eca o e." Pae o e oo a [1577, 755].

aa oo cyax aepa o (y ec Op oo o poa) aepa ec opoo eca 0-20 e (a acepeea ac o a) Pc. 17-10. p "P a B".

Paouupoa nomoo up uu a cxea epe a peoea o [1362]. coyec 2n cyax oceoae oce. pecae coo cyay n-oy cpoy. poa cooe Aca coye k-y cyay cpoy a oopao oo. ae oa opae poec 2n cyax cpo o 2n 1 pa aaa c.

o ae k-, ooy o oe eo pa, ao oopaox ooo cooa ep poa cooe. Ee ocaec oo epepa cyae oceoaeoc, oa oa e ae p a oopao oo. cp opeyec poep eoopoe co o, o opy paoe O(2n). Pe yaa, o, ec opaee n cyax cpo eco2n, ec coyec a a eo oa x cyax cpo, eoacoc ocaec a pee ypoe.

Pages:     || 2 |



2011 www.dissers.ru -

, .
, , , , 1-2 .