WWW.DISSERS.RU


...
    !

Pages:     || 2 |
-- [ 1 ] --

aa 18 Ooapaee x-y 18.1 Oco Ooapaea y H(M) peec cooe pooo M opaae aee cpoao h.

h = H(M), e h ee y m Moe y oo c aee cpoao o xo a pooo , o y ooapaex x-y ec ooee coca, eae x ooapae [1065]:

a M, eo c h.

a H, pyo opee M, oopoo H(M)=h.

a M, pyo opee pyoe cooee, M', oopoo H(M)= H(M').

Ec Mop ye ea pye e, o co papy eoacoc oo poooa, c oyeo ooapaey x-y. Cc ooapaex x-y coco oece e M yaoo eaopa ("oeaa aa"). Ec Aca ocaa M c oo aopa poo oc a ae H(M), a o oe coa M', pyoe cooee, ooe o M, oopoo H(M)= H(M'), o o coe yepa, o Aca ocaa M'.

B eoopx poex ooapaeoc eocaoo, eoxoo oee pyoo peoa, aaeoo ycooc cooe.

oo pyo a a cyax cooe, M M', oopx H(M)= H(M').

oe cpe eoo poe paea 7.4? Oo ocoao e a oce pyoo cooe M', oopoo H(M)= H(M'), a a oce yx cyax cooe, M M', oopx H(M)= H(M').

Cey pooo, epe oca eoo ao ( Gideon Yuval) [1635], oaae, a, ec peyee peoae e oec, Aca oe cooa cpe eoo poe o a a oa.

(1) Aca oo e epc opaa: oy, oy oa, pyy, poy eo apocy (2) Aca oc ecoo eaex ee a oye ce x-y.

( ee oy ec, ooe cey : aea POEA oae PO E-AO-POE, caa ooo-yx poeo epe opao ape, .. ea e ea o ooy ee ao 32 cpo, Aca oe eo oy 2 pax oyeo.) (3) Aca cpaae x-ae aoo ee ao yx oyeo, paca apy, oopo ae coaa. (Ec xoo x-y ec ceo 64-papoe a ee, Aca, a pao, coe a coaay apy cpa 2 epc aoo oyea.) Oa occaaae a oyea, ax oaooe x-aee.

(4) Aca oyae ocay oo oy eo epc opaa, coy pooo, oopo o ocae oo x-aee.

(5) Cyc eoopoe pe Aca oee opa, oca oo, py, oop o e oc a. Teep oa oe ye appa o, o o oca pyo opa.

o aea poea. (O coeo ec ecee oceecx cpae ocae oye.) p oooc yceoo cp eoo poe, oy pec pye coco cp . Hapep, po oe oca ccee aoaecoo opo (oe cyoo) cy ae cpo cooe co cya cpoa oce. B oe oo oc o o x c y ax cooe oaec pao. Bpa e coe ya, ey pee a oaa, o, ec eo eceo e ec eaeco paoy cya, o coeo oec.

u ooanpaex x-yu 64-oe x-y co a, o pooco cp eoo poe. oee pa ooapaee x-y, ae 128-oe x-ae. p o, o a a oyea c oao x-ae, cp eoo poe pec xpoa 264 cy ax oyeo, o, poe, eocaoo, ec ya ea eoacoc. NIST coe Caape eoacoo xpoa (Secure Hash Standard, SHS), coye 160-ooe x-aee. o ee cee ycoe cpe eoo poe, oopoo oaoc 280 xpoa.

ye x-ae, aaex opeo x-ye, peoe cey eo.

(1) cooe c oo oo yoyx o e ooapaex x-y eepp y ec x-aee.

(2) X aee oaec cooe.

(3) eeppyec x-aee oee cooe x-ae aa (1).

(4) Coaec oee x-aee, cocoee oee x-ae aa (1) x-ae aa (3).

(5) a (1)-(4) oopc yoe oeco pa oecee peyeo x-ae.

Xo oa e a oaaa eoacoc eeoacoc oo eoa, yp e o eo ae opeeee coe [1262,859].

Oop ooanpaex x-yu He eo ocpo y, xo oopo ee poo paep, a e oee cea ee oo a paeo. B peao pe ooapaee x-y cpoc a ee y ca. Taa oo apaea y ae x-aee n p aax xox ax oe m [1069, 414]. Bxoa y ca c o cooe xo peyeo oa eca (c. 17-). Bxo pecae coo x-aee cex oo o oo oea. To ec, x-aee oa Mi pao hi = f(Mi, hi-1) o x-aee ece co cey oo cooe caoc cey xoo y ca.

X-aee ceo cooe ec x-aee oceeo oa.

Mi Ooapaea hi y hi- Pc. 18-1. Ooapaea y Xpye xo oe a-o cocoo coepa apoe pecaee ceo cooe.

Ta opao peooeaec oeaa poea, aa e, o cooe pao oy aa oo o e x-aee [1069, 414]. oa ao eo aaec MD-ycee [930].

Pae cceoae a peooe, o ec y ca eoaca, o o eo x poa cxox ax pooo ae eoace - o eo e o oaao [1138, 1070, 414].

Ha ey poepoa ooapaex x-y acao oo. oee opoy aeae cy opa oo a [1028, 793, 791, 1138, 1069, 414, 91, 858, 1264]. Booo ca ooo eppeae ooapaex x-y c ec apa peea (Bart Preneel) [1262].

18.2 Snefru Snefru - o ooapaea x-y, papaoaa Pao Mepo [1070]. (Snefru, ae a Khufu Khafre, eec apaoo.) Snefru xpye cooe pooo , pepaa x 128-oe 256-oe ae.

Caaa coee paaec a yco o o 512-m. (epeea m ec o x ae.) Ec xo - o 128-ooe aee, o a ycoo paa 384 a, a ec xo 128-ooe aee, o a ycoo - 256 o.

Cepe aopa cy y H, xpya 512-ooe aee m-ooe. epe m o xoa H c x-aee oa, ocae opacac. Cey o oaec x ae peyeo oa coa xpyec. ( epoaaoy oy oaec cpoa ye.) oce oceeo oa (ec cooee coco e eoo ca oo, oce o ooec y ) epe m o oac apoy pecae cooe xpyc oce pa.

y H ocoaec a E, opao y ooo poa, paoae c 512 o oa. H - o ocee m o xoa E, oeee ocpeco XOR c ep m a xoa E.

eoacoc Snefru opaec a y E, oopa paopye ae a ecoo poxoo. a poxo coco 64 paopyx ao. B ao ae aece xoa S-oa coyec pyo a ax. Bxooe coo oepaec oepa XOR c y coce coa cooe. o cpoee S-oo aaoo ocpoe S-oo Khafre (c. pae 13.7). poe oo, oec p ecx co. Opa Snefru coco yx poxoo.

punmoaau Snefru coy epea poaa, xa ap oaa eeoacoc yxpoxooo Snefru (c 128-o x-aee) [172]. x coco cp a ecoo y oapyae apy coo e c oao x-aee.

128-ooo Snefru x cp paoa ye, e cpe pyo co epex eee p o xoo. Bcpe Snefru eoo poe peye 264 oepa;

epea poaa oe a apy cooe c oao x-aee a 228.5 oepa pexpoxooo Snefru a 244.5 oe pa epexpoxooo Snefru. Haxoee cooe, x-aee oopoo coaae c aa, p cooa pyo c peye 2 oepa, p epeao poaae oo yo 256 oepa pexpoxooo 288 oepa epexpoxooo Snefru.

Xo xa ap e aapoa 256-oe x-ae, o poe aa o o 224 ox x-ae. B cpae c cpe eoo poe, pey 2 oepa o oy a cooe c oao x-aee a 212.5 oepa yxpoxooo Snefru, a 233 oepa pexpoxooo Snefru a 281 oepa epexpoxooo Snefru.

B acoee pe Mep peoeye cooa Snefru o pae epe c oce poxoa [1073].

Oao c a oeco poxoo aop caoc aoo eeee, e MD5 SHA.

18.3 N-x N-x - o aop, pya 1990 oy cceoae Nippon Telephone and Telegraph, e e , oope ope FEAL [1105, 1106]. N-x coye 128-oe o cooe, coy pa opyy y, oxoy a FEAL, ae 128-ooe x-aee.

X-aee aoo 128-ooo oa ec ye oa x-ae peyeo oa.

H0 = I, e I - cyaoe aaoe aee Hi = g(Mi, Hi-1) Mi Hi- X-aee ceo cooe pecae coo x-aee oceeo oa cooe. Cyaoe aaoe aee I oe co, opeee ooaee (ae o y).

y g ocaoo coa. Cxea aopa peea a 16-. Caaa epecac ea paa 64-oe oo 128-ooo x-ae peyeo oa Hi-1, a ae oec XOR c oo pc aoo (128-o) XOR c ey oo cooe Mi. aee o aee acao pe opayec N (a pcyax N= 8) ca opao. py xoo ca opao ec peyee x-aee, oepyoe XOR c oo oc ox oca.

M i EXG: epecaoa eo pao ace 128 o g : 1010... 1010 (ooe, 128 o) PS: ca opao (processing stage) EXG V =||A ||A ||A ||A j j1 j2 j3 j V ||: oaea PS : 000... 0 (ooe, 24 ) V A =4*(j-1)+k(k=1,2,3,4, A - 8 o y) jk jk PS H = g(M, H ) M H i i i-1 i i- V PS V PS V h h i=1 i 128 o 128 o PS V PS V PS V PS Pc. 18-2. Cxea N-x.

Oa ca opao oaaa a 15-. o cooe paaec a epe 32-ox ae. pe yee x-aee ae paaec a epe 32-ox ae. y f pecaea a 14th.

y S0 S1 e e cae, o FEAL.

S0(a,b) = ec c eo a a a (( a b) mod 256) S1(a,b) = ec c eo a a a(( a b 1) mod 256) Bxo: X= X ||X ||X ||X 1 2 3 P= P1||P ||P ||P 2 3 X X2 X3 X 32 a 32 a 32 a 32 a P P P P 1 2 3 32 a 32 a 32 a 32 a f f P 1 P f f P3 P Bxo: Y= Y ||Y ||Y ||Y 1 2 3 Y Y Y Y 1 2 3 Y=PS(X,P) Pc. 18-3. Oa ca opao N-x.

Bxo oo ca opao caoc xoo ceye ca opao. oce ocee ca opao oec XOR xoa c Mi Hi-1, a ae xpoa oo cey o.

x 32 a 32 a P 8 o 8 o 8 o 8 o S S S0 S 32 a f (x,P) Y=S0(X1,X2)=Rot2((X1+X2) mod 256) Y=S1(X1,X2)=Rot2((X1+X2+1) mod 256) Y: xoe 8 o, X1,X2 (8 o): xo Rot2(Y): ec c eo a 2 a 8-ox ax Y Pc. 18-4. y f.

punmoaau N-x ep e oep (Bert den Boer) op coco coaa cooe y aa N-x [1262]. xa ap pe epea poaa cp 6-ao N-x [169, 172]. opeoe oeoe cpe (oeo e, o pye) paoae oo N, eeoc a 3, eee cp eoo poe oo N, eeo 15.

To e caoe cpe oe oapya ap cooe c oao x-aee 12-ao N-x a 256 oepa ( cp pyo co yo 2 oepa). N-x c 15 aa eoaca o o oe epeaoy poaay : cp opeyec 272 oepa.

Papao aopa peoey cooa N-x e ee, e c 8 aa [1106]. C yeo o aao eeoacoc N-x FEAL ( ee copoc p 8 aax) peoey ooc oaac o oo aopa.

18.4 MD MD4 - o ooapaea x-y, opeea Poo Peco [1318, 1319, 1321]. MD ooaa e Message Digest (paoe oee cooe), aop xooo cooe ae 128-ooe x aee, paoe oee cooe.

B [1319] Pec oca e, peceyee p papaoe aopa :

eonacocm. Bceo eooo a a cooe c oao x-aee. Bcpe pyo co ec ca e.

pa eonacocm. eoacoc MD4 e ocoaec a ax-o oyex, apep, pe o oe o pyoc paoe a oe.

Copocm. MD4 oxo coocopocx popax peaa. Oa ocoaa a poco ao pe ox ay c 32-o oepaa.

pocmoma u onamocm. MD4 poca, acoo o ooa, e coep ox cpyyp ax cox popax oye.

aa apxumemypa. MD4 opoaa popoeccopo apxeyp (ocoeo popo eccopo Intel), oee pyx cpx oepo oo o e eoxoe ee.

oce epoo oe aopa ep e oep Ao occeaepc (Antoon Bosselaers) oc ycexa p poaae ocex yx pex ao aopa [202]. Pay Mepy coepeo eaco yaoc cp epe a aa [202]. xa paccope cooae epeaoo poa a a po epx yx ao MD4 [159]. Xo ce cp e pacpocpae a o a o p, Pec yc co papaoy. B peyae oac MD5.

18.5 MD MD5 - o yyea epc MD4 [1386, 1322]. Xo oa coee MD4, x cxe oxo, peyao MD5 ae ec 128-ooe x-aee.

Onucaue MD oce eoopo epoaao opao MD5 opaaae xoo ec 512-o oa, pa a 16 32-ox ooo. Bxoo aopa ec aop epex 32-ox oo, oo pe oec eoe 128-ooe x-aee.

Bo epx, cooee ooec a, o eo a a a 64 a opoe ca, paoo 512. ooee ec 1, a oopo o o oa cooe ceye coo ye, coo yo. ae, peyay oaec 64-ooe pecaee cooe (co, o ooe). a ec cya oo, o a cooe a paa 512 a (o peyec ocaec ac a o pa), o apapoa, o pae cooe e yy e oaoo oce ooe. apyc epe epeex:

A = 0x B = 0x89abcdef C = 0xfedcba D = 0x O aac epee cee.

Teep epee ocooy y aopa. o pooaec, oa e cepac 512-oe o cooe.

epe epeex opyc pye epeee : A a, B b, C c D d.

a coco epex oe oxox ao (y MD4 o oo p aa). Ha ao ae 16 pa coyc pae oepa. aa oepa pecae coo eey y a p e a, b, c d. ae oa oae o peya eepo epeeo, ooy eca ocae. a ee peya ec caec pao a epeeoe co o oae peya oo ep e ex a, b, c d. Haoe peya aee oy epeex a, b, c d. C. 13- 12-. Cyecy epe eex y, coyee o oo ao oepa ( aoo aa - pya y ).

o cooe A A B B a 1 a 2 a 3 a D D Pc. 18-5. a MD5.

Mj ti a b Heea c <<

F(X,Y,Z) = (X Y) ((X) Z) G(X,Y,Z) = (X Z) (Y (Z)) H(X,Y,Z) = X Y Z I(X,Y,Z) = Y (X (Z)) ( - o XOR, - AND, - OR, a - NOT.) y cpoepoa a, o, ec cooecye X, Y Z eac ecee, a peyaa ae eac ecee. y F - o oooe ycoe: ec X, o Y, ae Z. y H - ooa oepa eoc.

Ec Mj ooaae j- oo cooe (o 0 o 15), a <<

FF(a,b,c,d,Mj,s,ti) oaae a = b ((a F(b,c,d) Mj ti) <<

a 1:

FF(a, b, c, d, M0, 7, 0xd76aa478) FF(d, a, b, c, M1, 12, 0xe8c7b756) FF(c, d, a, b, M2, 17, 0x242070db) FF(b, c, d, a, M3, 22, 0xc1bdceee) FF(a, b, c, d, M4, 7, 0xf57c0faf) FF(d, a, b, c, M5, 12, 0x4787c62a) FF(c, d, a, b, M6, 17, 0xa8304613) FF(b, c, d, a, M7, 22, 0xfd469501) FF(a, b, c, d, M8, 7, 0x698098d8) FF(d, a, b, c, M9, 12, 0x8b44f7af) FF(c, d, a, b, M10, 17, 0xffff5bb1) FF(b, c, d, a, M11, 22, 0x895cd7be) FF(a, b, c, d, M12, 7, 0x6b901122) FF(d, a, b, c, M13, 12, 0xfd987193) FF(c, d, a, b, M14, 17, 0xa679438e) FF(b, c, d, a, M15, 22, 0x49b40821) a 2:

GG(a, b, c, d, M1, 5, 0xf61e2562) GG(d, a, b, c, M6, 9, 0xc040b340) GG(c, d, a, b, M11, 14, 0x265e5a51) GG(b, c, d, a, M0, 20, 0xe9b6c7aa) GG(a, b, c, d, M5, 5, 0xd62fl05d) GG(d, a, b, c, M10, 9, 0x02441453) GG(c, d, a, b, M15, 14, 0xd8ale681) GG(b, c, d, a, M4, 20, 0xe7d3fbc8) GG(a, b, c, d, M9, 5, 0x2,lelcde6) GG(d, a, b, c, M14, 9, 0xc33707d6) GG(c, d, a, b, M3, 14, 0xf4d50d87) GG(b, c, d, a, M8, 20, 0x455al4ed) GG(a, b, c, d, M13, 5, 0xa9e3e905) GG(d, a, b, c, M2, 9, 0xfcefa3f8) GG(c, d, a, b, M7, 14, 0x676f02d9) GG(b, c, d, a, M12, 20, 0x8d2a4c8a) a 3:

HH(a, b, c, d, M5, 4, 0xfffa3942) HH(d, a, b, c, M8, 11, 0x8771f681) HH(c, d, a, b, M11, 16, 0x6d9d6122) HH(b, c, d, a, M14, 23, 0xfde5380c) HH(a, b, c, d, M1, 4, 0xa4beea44) HH(d, a, b, c, M4, 11, 0x4bdecfa9) HH(c, d, a, b, M7, 16, 0xf6bb4b60) HH(b, c, d, a, M10, 23, 0xbebfbc70) HH(a, b, c, d, M13, 4, 0x289b7ec6) HH(d, a, b, c, M0, 11, 0xeaa127fa) HH(c, d, a, b, M3, 16, 0xd4ef3085) HH(b, c, d, a, M6, 23, 0x04881d05) HH(a, b, c, d, M9, 4, 0xd9d4d039) HH(d, a, b, c, M12, 11, 0xe6db99e5) HH(c, d, a, b, M15, 16, 0x1fa27cf8) HH(b, c, d, a, M2, 23, 0xc4ac5665) a 4:

II(a, b, c, d, M0, 6, 0xf4292244) II(d, a, b, c, M7, 10, 0x432aff97) II(c, d, a, b, M14, 15, 0xab9423a7) II(b, c, d, a, M5, 21, 0xfc93a039) II(a, b, c, d, M12, 6, 0x655b59c3) II(d, a, b, c, M3, 10, 0x8f0ccc92) II(c, d, a, b, M10, 15, 0xffeff47d) II(b, c, d, a, M1, 21, 0x85845ddl) II(a, b, c, d, M8, 6, 0x6fa87e4f) II(d, a, b, c, M15, 10, 0xfe2ce6e0) II(c, d, a, b, M6, 15, 0xa3014314) II(b, c, d, a, M13, 21, 0x4e081lal) II(a, b, c, d, M4, 6, 0xf7537e82) II(d, a, b, c, M11, 10, 0xbd3af235) II(c, d, a, b, M2, 15, 0x2ad7d2bb) II(b, c, d, a, M9, 21, 0xeb86d391) oca, ti, pac cey opao:

Ha i-o ae ti ec eo ac 232*abs(sin(i)), e i epec paaax.

oce ceo oo a, b, c d oac A, B, C D, cooeceo, aop pooaec ce yeo oa ax. Ooae peyao cy oeee A, B, C D.

eonacocm MD Po Pec pe ceye yye MD5 cpae c MD4 [1322]:

1. oac eep a.

2. Teep ao ec coyec yaa paea ocaa.

3. y G a ae 2 c ((XY)(XZ)(YZ)) a eea a (XZ)(Y(Z)), o cea G eee cepo.

4. Teep aoe ece oaec peyay peyeo aa. o oeceae oee c p a e.

5. ec opo, oopo cooac oo cooe a aax 2 3, o cea ao eee oxo.

6. ae ecoo ca eo a ao ae peo opoa yc o pe aoo ea. epe ca, coyee a ao ae, oac o ae, coyex a pyx aax.

To epco (Tom Berson) oac pe epea poaa ooy ay MD [144], o eo cpe e oaaoc e ooo epex ao. oee yceoe cpe e oepa occeaepca, coyee y ca, peo oapye cooe MD5 [203, 1331, 1336]. Cao o cee o cpe eooo cp MD5 paecx poex, oo e e a cooae MD5 aopax poa, oox Luby-Rackoff (c. pae 14.11). cex oo cp oaae oo, o oa ocox ee poepoa MD5- coa ycoy cooe y ca - e a ocya. Xo cpaeo, o "aec, o y y ca ec caoe eco, o o paec e e a eoacoc x-y " [1336], ooyc coo a MD5 oe ocopoo.

18.6 MD MD2 - o pya 128-oa ooapaea x-y, papaoaa Poo Peco [801, 1335].

Oa, ece c MD5, coyec poooax PEM (c. pae 24.10). eoacoc MD2 opaec a cy ay epecaoy ao. a epecaoa cpoaa ac o papo. S0, S1, S2,..., S255 c epecaoo. o o xpoae cooe M:

(1) ooe cooee i aa, aee i oo a, o a oyeoo cooe a paa 16 aa.

(2) oae cooe 16 ao opoo cy.

(3) poapye 48-ao o : X0, X1, X2,..., X47. aoe epe 16 ao X y, o ope 16 ao X copye epe 16 ao cooe, a pe 16 ao X o pa XOR epx opx 16 ao X.

(4) Bo a y ca:

t = For j = 0 to For k = 0 to t = Xt XOR St Xk = t t = (t j) mod (5) Copye o ope 16 ao X ope 16 ao cooe, a pe 16 ao X o pa XOR epx opx 16 ao X. Boe a (4). oope a (5) (4) o oepe a x 16 ao cooe.

(6) Bxoo c epe 16 ao X.

Xo MD2 oa e o aeo cax ec (c. [1262]), oa paoae eeee oca pyx peaaex x-y.

18.7 Aop eoacoo xpoa (Secure Hash AIgorithm, SHA) NIST, ece c NSA, Caapa poo oc (Digital Signature Standard, c. Pae 20.2) papao a Aop eoacoo xpoa ( Secure Hash Algorithm, SHA) [1154 (Digital Signature Standard]. (Ca caap aaec Caap eoacoo xpoa ( Secure Hash Standard, SHS), a SHA - o aop, coye caape.) B cooec c Federal Register [539]:

peaaec eepa caap opao opa (Federal Information Processing Standard, FIPS) Caapa eoacoo xpoa (Secure Hash Standard, SHS). o peoee opeee Aop eoacoo xpoa (Secure Hash Algorithm, SHA) cooa ece co Caapo poo oc ( Digital Signature Standard)....

poe oo, poe, oopx e peyec poa oc, SHA oe cooac o cex eepax poex, oopx oaoc aop e oacoo xpoa.

o Caap opeee Aop eoacoo xpoa ( Secure Hash Algorithm, SHA), eoxo oece e eoacoc Aopa poo oc ( Digital Signature Algorithm, DSA). oo xooo cooe o ee 264 o SHA ae 160-o peya, aae pa coepae cooe. aee, paoe co epae cooe caoc xoo DSA, oop ce oc cooe. ocae paoo coepa eco ceo cooe aco oae eoc poecca, a a paoe coepae cooe aoo ee, e cao cooee. To e paoe coepae cooe oo oyeo e, o poepe oc, ec pa epc cooe coyec aece xoa SHA. SHA aaec eoac, a a o papaoa a, o o ceo eooo a cooee, cooecyee aoy paoy coepa cooe a a pax cooe c oao pa coepae cooe. e ee, pooee p e peae cooe, c oe coo epooc pey ee paoo coepa cooe, oc e poe poepy. p, eae ocoe SHA, aao cooa poeccopo Poao . Peco MIT p poepoa aopa paoo coepa cooe MD4 [1319]. SHA papaoa o opay yoyoo aopa.

SHA ae 160-ooe x-aee, oee oe, e y MD5.

Onucaue SHA Bo epx, cooee ooec, o eo a a pao 512 a. coyec o e ooe e, o MD5: caaa oaec 1, a ae y a, o a oyeoo cooe a a a ee ca, paoo 512, a ae oaec 64-ooe pecaee opaoo coo e .

apyc 32-ox epeex ( MD5 coyec epe epeex, o paccap ae aop oe aa 160-ooe x-aee ):

A = 0x B = 0xefcdab C = 0x98badcfe D = 0x E = 0xc3d2e1fO ae aaec a aopa. O opaaae cooee 512-o oa poo aec, oa e cepac ce o cooe.

Caaa epeex opyc pye epeee : A a, B b, C c, D d E e.

a coco epex ao o 20 oepa ao ( MD5 epe aa o 16 oepa ao). aa oepa pecae coo eey y a pe a, b, c, d e, a ae o e c coee aaoo MD5. B SHA coyec cey aop eex y :

ft(X,Y,Z) = (X Y) ((X) Z), t=0 o ft(X,Y,Z) = X Y Z, t=20 o ft(X,Y,Z) = (X Y) (X Z) (Y Z), t=40 o ft(X,Y,Z) = X Y Z, t=60 o aope coyc ceye epe oca:

Kt = 0x5a827999, t=0 o Kt = 0x6ed9eba1, t=20 o Kt = 0x8flbbcdc, t=40 o Kt = 0xca62c1d6, t=60 o (Ec epeco, a oye ca, o :0x5a827999 = 21/2/4, 0x6ed9eba1 = 31/2/4, 0x8flbbcdc = 51/2/4, 0xca62c1d6 = 101/2/4.) o cooe pepaaec 16 32-ox co (M0 o M15) 80 32-ox co (W0 o W79) c oo ceyeo aopa:

Wt = Mt, t = 0 o Wt = (Wt-3 Wt-8 Wt-14 Wt-16) <<< 1, t = 16 o (B aece epecoo aea, epoaao cea SHA e o ecoo ca e o. eee "cpae exec , oop ea caap eee eoac, e peoaaoc " 1543]. NSA oaaoc yo cy py a.) Ec t - o oep oepa (o 1 o 80), Wt pecae coo t- oo pacpeoo cooe, a <<

FOR t = 0 to TEMP = (a <<< 5) ft(b,c,d) e Wt Kt e = d d = c c = b <<< b = a a = TEMP Ha 11- oaaa oa oepa. C epeex oe y e y, oopy MD5 oe cooae pax ecax pax epeex.

Wj Kt ai-1 ai b b i-1 i Heea y c c i-1 i d <<<30 d i-1 i <<< e e i-1 i Pc. 18-7. Oa oepa SHA.

oce ceo oo a, b, c, d e oac A, B, C D E, cooeceo, aop pooaec ceyeo oa ax. Ooae peyao cy oeee A, B, C D E.

eonacocm SHA SHA oe oxoa a MD4, o ae 160-ooe x-aee. a eee ec eee pacpeo peopaoa oaee xoa peyeo aa cey c e oye oee cpoo aoo ea. Po Pec oyoa e, peceyee p poepoa MD5, o papao SHA oo e cea. Bo yye, ecee Peco MD5 ooceo MD4, x cpa ee c SHA:

1. "oac eep a." B SHA oe. Oao SHA a eepo ae coyec a e y f, o a opo ae.

2. "Teep ao ec coyec yaa paea ocaa." SHA pepaec cxe MD4, oopo coy oca ao py x 20 ao.

3. "y G a ae 2 c ((XY)(XZ)(YZ)) a eea a (XZ)(Y(Z)), o cea G eee cepo." B SHA coyec epc y MD4: (X Y) (X Z) (Y Z).

4. "Teep aoe ece oaec peyay peyeo aa. o oeceae oee c p a e." o eee o eceo SHA. Oe coco o, o SHA o aea a epeea b, c d, oope ye coyc ft. o eaeoe eee eae pee cp MD5 e oepo occeaepco eoo o ooe SHA.

5. "ec opo, oopo cooac oo cooe a aax 2 3, o cea ao eee oxo." SHA o ece coepeo oaec, a a coye e c o cpae oo.

6. "ae ecoo ca eo a ao ae peo opoa yc o pe aoo ea. epe ca, coyee a ao ae, oac o ae, coyex a pyx aax." SHA a ao ae coye ocooe aee ca. o aee - ao pocoe co c paepo coa, a MD4.

o po ceyey ae : SHA - o MD4 c oaee pacpeo peopaoa, ooeoo aa yye a eo. MD5 - o MD4 c yye o xpoa e, ooe ao yye a eo.

Cee o ycex popaecx cpx SHA ocycy. Ta a a ooapaea x y ae 160-x-aee, oa ycoee cp pyo co (a cpe eoo poe), e 128-oe x-y, paccapaee o ae.

18.8 RIPE-MD RIPE-MD a papaoaa poea RIPE Epoecoo cooeca [1305] (c. pae 25.7). o ao p pecae coo apa MD4, papaoa a, o pooco ec eoa p o paecoo cp, ae 128-ooe x-aee. Bece ee ece c op o co cooe. poe oo, apaeo paoa e o aopa, oaec ocaa. o ce aoo oa peya oox o oaec epee cee. o oy, o oae ycooc aopa poaay.

18.9 HAVAL HAVAL - o ooapaea x-y epeeo [1646]. Oa ec oae MD5.

HAVAL opaaae cooee oa o 1024 a, a paa o, e MD5. coyec oce 32-ox epeex cee, a paa oe, e MD5, epeeoe co ao, o pex o ( ao 16 ec). y oe aa x-ae o 128, 160, 192, 224 256 o.

HAVAL aee poce eee y MD5 a co eee y 7 epeex, aa oopx yoeope cpooy aoy pep. Ha ao ae coyec oa y, o p ao ec xoe epeee epecac pa opao. coyec o opo co oe, p ao ae (poe epoo aa) coyec co paea ocaa. B aope ae coyec a ecx ca.

po aopa c ceye ec:

TEMP = (f(j,A,B,C,D,E,F,G) <<<7) (H <<<11) M[i][r(j) K(j)] H = G;

G = F;

F = E;

E = D;

D = C;

C = B;

B = A;

A = TEMP epeeoe oeco ao epeea a aaeoo ae oaa, o cyecye 15 e p c aopa. Bcpe MD5, oeoe e oepo occeaepco [203], epeo HAVAL -a ecoo ca H.

18.10 pye ooapaee x-y MD3 ec ee oo x-ye, peoeo Poo Peco. Oa ea p eocao o a e xoa a pee aopaop, xo ee ocae eao o oyoao [1335].

pya cceoaee epcea Baepoo peoa ooapaey x-y a ae epaoo oee cee GF(2593) [22]. o o cxee cooee paaec a 593-oe o.

Haa c epoo oa o oceoaeo ooc cee. oaae cee - o peya ce peyeo oa, ep oaae aaec c oo IV.

A aap (Ivan Damgrd) papaoa ooapaey x-y, ocoay a poee p aa (c. pae 19.2) [414], oa oe oaa pepo a 2 oepa [290, 1232, 787].

B aece oco ooapaex x-y peaac eo aoa Ca Bopaa [1608]. Pa peaa [414] eeoaca [1052,404]. pya ooapaea x-y, Cellhash [384, 404], yyea epc, Subbash [384,402, 405], ae ocoa a eox aoaax peaae aapao peaa. Boognish oe p Cellhash MD4 [402, 407]. StepRightUp ae o e peaoaa a x-y [402].

eo 1991 oa ayc opp (Claus Schnorr) peo ooapaey x-y a ae c peoo peopaoa ype, aay FFT-Hash [1399]. epe ecoo ece oa a oaa y eac pya [403, 84]. opp peo oy epc, FFT-Hash II (peya a epe eoaa FFT-Hash I) [1400], oopa a oaa epe ecoo ee [1567]. opp peo aee oa [1402, 1403] o, p ax ocoecax, o aoo eeee, e pye aop o a. Ee oa x-y, SL2 [1526], eeoaca [315].

ooey opa o eop poepoa ooapaex x-y ooapa ex y ooapaex epecaoo oo a [412, 1138, 1342].

18.11 Ooapaee x-y, coye cepe o e aop B aece ooapaex x-y oo cooa cepe oe aop poa. e o, o ec eoace o aop, o ooapaea x-y ye e o aco.

Ca oe cocoo ec poae cooe pee CBC CFB c oo cpo aoo a IV, x-aee ye oce o poeca. eo oca pax caapax, coyx DES: oa pea [1143], CBC [1145], CFB [55, 56, 54]. o coco e c o oxo ooapaex x-y, xo o ye paoa MAC (c. pae 18.14) [29].

Coco oyee coye aece a o cooe, peyee x-aee aece xoa, a eyee x-aee cy xoo.

ecee x-y ae ee coee. Paep oa oo coaae c o a, pa e po x-ae ye a oa. Ta a oco ox aopo 64-oe, cpoepoa p cxe, ax x-aee a paa oee oa.

p yco, o x-y paa, eoacoc o cxe ocoaa a eoacoc coyeo oo y. Oao ec ce. epea poaa ye paoae po o x y x-yx, e po ox y, coyex poa : ece, ooy oo cooa pae pe. ycexa ya oo oa paa apa, oo e eppoa coo paoo opoo eca, coo yo. o apaee oceaec [1263, 858, 1313].

He pee oop pax x-y, ocax epaype [925, 1465, 1262]. Bo o o ooc cp peoaa, o coye o aop eoace, y cpe ec cpe pyo co.

oeo epo x-y, ocoax a ox pax, ec copoc xpoa, oeco n-ox oo cooe (n - o paep oa aopa), opaaaex p poa.

e e copoc xpoa, e cpee aop. (pyoe opeeee oo apaepa aec [1262], o opeeee, peeoe o, oee yo pe coyec. o oe aya.) Cxe, omopx ua x-aeu paa ue oa Bo oa cxea (c. 10-):

H0 = IH,, e IH - cyaoe aaoe aee Hi = EA(B) C e A, B C oy o Mi, Hi-1, (Mi Hi-1), o oca (ooo pae 0). H0 - o eoopoe cyaoe aaoe co IH. Cooee paaec a ac cooec c paepo oa, Mi, opaa aee oeo. poe oo, coyec apa MD-yce, ooo a e poeypa ooe, o MD5 SHA.

A C B poae Pc. 18-8. Ooea x-y, y oopo a x-ae paa e oa.

Ta. 18-1.

eoace x-y, y oopx a x-ae paa e oa Hi = EH ( Mi ) Mi i- Hi = EH ( Mi Hi-1) Mi Hi - i - Hi = EH ( Mi ) Hi -1 Mi i - Hi = EH ( Mi Hi-1 ) Mi i - Hi = EM (Hi -1) Hi - i Hi = EM ( Mi Hi -1) Mi Hi - i Hi = EM (Hi -1) Mi Hi - i Hi = EM ( Mi Hi -1) Hi - i Hi = EM Hi-1 ( Mi ) Mi i Hi = EM Hi-1 (Hi -1) Hi - i Hi = EM Hi-1 ( Mi ) Hi - i Hi = EM Hi-1 (Hi -1) Mi i Tp pae epeee oy pa oo epex oox ae, ooy ceo cyec ye 64 apaa cxe oo a. O ce ye apo peeo ( Bart Preneel) [1262].

aa x pao ca, a a peya e ac o ooo xoo. Tpa ce e eoac o oee o pa. B 17- epece ocaec 12 eoacx cxe : epe epe eoac po cex cp (c. 9th), a ocee 8 eoac po cex o cp, poe cp c cpoao oo, o oopo peax ycox e co ecooc.

Mi Hi- Hi-1 poae Hi Mi Hi poae Hi-1 Hi- Hi Hi Mi Mi poae poae Pc. 18-9. epe eoacx x-y, y oopx a x-ae paa e oa.

epa cxea a ocaa [1028]. Tpe cxea a ocaa [1555, 1105, 1106] peaaac ae ce caapa ISO [766]. a cxea a peoea apo Maepo (Carl Meyer), o epaype oo aaec Davies-Meyer [1606, 1607, 434, 1028]. eca cxea a peoea aece pea x y LOKI [273].

Copoc xpoa epo, opo, pee, eepo, o oaao cxe paa 1 - a a paa e oa. Copoc xpoa pyx cxe cocae k/n, e k -a a. o oaae, o ec a a opoe oa, o o cooe oe o e pae y. He peoeye c, o o cooe ee a, ae ec a a aopa poa oe, e a oa.

Ec o aop ooo DES oaae coco oeapoc ca a, cex 12 cxe cyecye oooc ooeoo cp. Oo e co oaco eceoc e co o o ecooc. Oao oee oeoac ce o aoo cp, acpoa aee opoo peeo o a, paoe ''01" ''10" [1081,1107]. oeo e o ye y k c 56 o o 54 o ( DES) ye copoc xpoa.

o oaao, o ceye cxe, ocae epaype, eeoac.

a cxea [1282] a oaa [369]:

Hi = E (Hi-1) Mi c (Davies) pac (Price) peo apa, oopo ce cooee ec opaaaec aopo a [432, 433]. Bcpe oepca aae ay cxey ae p eoo c eo ooc [369]. B [1606] a oaaa eeoacoc ee oo cxe [432, 458]:

Hi = E (Hi-1) Mi Hi - B [1028] a oaaa eeoacoc ceye cxe (c - ocaa):

Hi = Ec ( Mi Hi -1) Mi Hi - Mouuau cxe Davies-Meyer a (Lai) Macce (Massey) opoa eo Davies-Meyer, o oo o cooa p IDEA [930, 925]. IDEA coye 64-o o 128-o . Bo peoea cxea:

H0 = IH,, e IH - cyaoe aaoe aee Hi = EH, Mi (Hi-1) i- a y xpye cooee 64-o oa ae 64-ooe aee (c. 8-).

oee pocoe cpe o cxe, e eo pyo c, eeco.

Mi Hi-1 poae Hi Pc. 18-10. Moa cxe Davies-Meyer.

Preneel-Bosselaers-Govaerts-Vandewalle a x-y, epe peoea [1266], ae x-aee, a paa oee oa aopa poa: p 64-oo aope oyaec 128-ooe x-aee.

p 64-oo oo aope cxea ae a 64-ox x-ae, Gi Hi, oeee oo px ae 128-ooe x-aee. oca ox aopo a oa paa 64 a. a cocex oa, Li Ri, paep aoo pae paepy oa, xpyc ece.

G0 = IG, e IG - cyaoe aaoe aee H0 = IH,, e IH - pyoe cyaoe aaoe aee Gi = EL Hi-1 (Ri Gi -1) Ri Gi-1 Hi - i Hi = EL Ri (Hi -1 Gi -1) Li Gi-1 Hi - i a po cpe o cxe, oopoe eoopx cyax eae cpe eoo poe pa [925, 926]. pee (Preneel) [1262] oepc (Coppersmith0 [372] ae yceo oa y cxey. He coye ee.

Quisquater-Girault a cxea, epe peoea [1279], eeppye x-aee, a paa oee oa. Ee copoc xpoa paa 1. Oa coye a x-ae, Gi Hi, xpye ece a oa, Li Ri.

G0 = IG, e IG - cyaoe aaoe aee H0 = IH,, e IH - pyoe cyaoe aaoe aee Wi = EL (Gi-1 Ri ) Ri Hi- i Gi = ER (Wi Li) Gi-1 Hi -1 Li i Hi = Wi Gi - a cxea oac 1989 oy poee caapa ISO [764], o a aeea oee oe epce [765]. poe eoacoc o cxe oca [1107, 925, 1262, 372]. (B eceoc, epc, ocaa aepaax oepe, a oce oo, a epc, pecaea a oepe, a cpa.) B pe cyae cooc cp eoo poe ee paa 2, a e 264, a y cp pyo. He coye y cxey.

LOKI c yoe oo o aop pecae coo oa Quis uater-Cirault, ceao cpoepoay pa o c LOKI [273]. Bce apaep - e e, o Quis uater-Girault.

G0 = IG, e IG - cyaoe aaoe aee H0 = IH,, e IH - pyoe cyaoe aaoe aee Wi = EL Gi-1 (Gi -1 Ri) Ri Hi - i Gi = ER Hi-1 (Wi Li) Gi-1 Hi-1 Li i Hi = Wi Gi - coa eoopx cyax cpe eoo poe oaaec pa [925, 926, 1262, 372, 736]. He coye y cxey.

apaea cxea Davies-Meyer o ee oa oa coa aop co copoc xpoa 1, oop ae x-aee, a paa oee oa. [736].

G0 = IG, e IG - cyaoe aaoe aee H0 = IH,, e IH - pyoe cyaoe aaoe aee Gi = EL Ri (Gi -1 Li ) Li Hi - i Hi = EL (Hi -1 Ri ) Ri Hi - i coae a cxea oe eeoaca [928, 861]. Oaaec, o x-y yoeo co copoc xpoa, pao 1, e oe eoacee, e Davies-Meyer [861].

Taea (Tandem) u oopeea (Abreast) cxe Davies-Meyer pyo coco oo opae, pcye o pa c 64-o o, coye a o p, oo IDEA (c. pae 13.9), c 64-o oo 128-o o. Ceye e cxe a 128-ox-aee, a x copoc xpoa paa /2 [930, 925].

poae Hi-1 Hi Mi Wi Gi-1 poae Gi Pc. 18-11. Taea (Tandem) cxea Davies-Meyer.

B epo cxee e opoae y Davies-Meyer paoa aeo, oeepo (c. 7-).

G0 = IG, e IG - cyaoe aaoe aee H0 = IH,, e IH - pyoe cyaoe aaoe aee Wi = EG, Mi (Hi-1) i - Gi = Gi -1 EM,Wi (Gi-1) i Hi = Wi Hi - B ceye cxee coyc e opoae y, paoae oopeeo (c. 6-).

G0 = IG, e IG - cyaoe aaoe aee H0 = IH,, e IH - pyoe cyaoe aaoe aee Gi = Gi -1 EM,Hi-1 (Gi -1) i Hi = Hi-1 EG, Mi (Hi -1) i- poae Hi-1 Hi Mi Gi-1 poae Gi Pc. 18-12. Oopeea (Abreast) cxea Davies-Meyer.

B oex cxeax a 64-ox ae, Gi Hi, oec, opay eoe 128-ooe x-aee.

Hacoo eco, eoacoc 128-oo x-y x aopo eaa : oapye cooe c aa x-aee peyec 2 oo, a axoe yx cyax cooe c oao x-aee - 264 oo, p yco, o y cocoo cp ec peee pyo c.

MDC-2 u MDC- MDC-2 MDC-4 papaoa IBM [1081, 1079]. B acoee pe yaec opoc cooa MDC-2, oa aaeo Meyer-Schilling, aece caapa ANSI ISO [61, 765], o apa pe oe [762]. MDC-4 opeeea poea RIPE [1305] (c. pae 25.7). Cea coye DES aece oo y, xo eopeec oe cooa o o aop.

Copoc xpoa MDC-2 paa /2, a x-ae o y a paa oe paepa oa.Ee cxea oaaa a 5-. MDC-4 ae ae x-aee a paa oee paepa oa, a ee c o poc xpoa paa 1/4 (c. 4-).

Gi- Gi poae Mi poae Hi Hi- Pc. 18-13. MDC-2.

Gi- Gi poae poae Mi poae poae Hi Hi- Pc. 18-14. MDC-4.

cxe poaapoa [925, 1262]. O eoac c yeo ceox oooce ceo ex, o x aeoc e a ea, a xoeoc papaoa. x ycooc e peaoy poaay p DES aece ooo aopa a paccopea [1262].

MDC-2 MDC-4 aaeoa [223].

X-yu AR X-y AR a papaoaa Algorithmic Research, Ltd. ae pacpocpaea ISO oo opa [767]. Ee aoa cpyypa ec apao coyeoo ooo pa (DES yoyo cae) pee CBC. Boec XOR ocex yx oo poeca, oca eyeo oa cooe, peya pyec aopo. X-aee c ocee cee a oa poeca. Cooee opaaaec a, y pa a, ooy copoc xpoa paa 1/2. ep o cy 0x0000000000000000, op - 0x2a41522f4446502a, a aee oca c pao 0x0123456789abcdef. Peya caec o ooo 128-ooo x-ae. opooc pee [750].

Hi = EK(Mi Hi-1 Hi-2 c) Mi y peaeo, o e ec eoaco. oce eoopo aeo peop a o caoc oo eo axo cooe c oao x-aee [416].

X-yu OCT a x-y oac Pocc opeeea caape OCT P 34.11.94 [657]. B e coyec o aop OCT (c. pae 14.1), xo eopeec oe cooac o o aop c 64-o oo 256-o o. y ae 256-ooe x-aee.

y ca, Hi = f(Mi,Hi-1) (oa oepaa - 256-oe e ) opeeec cey opao:

(1) p oo eoo cea Mi, Hi-1 eoopx oca eeppyec epe a po a OCT.

(2) a coyec poa ox 64 o Hi-1 pee ECB. oyee 256 o coxpac o peeo epeeo S.

(3) Hi ec coo, xo eo ye S, Mi Hi-1.

X-aee oceeo oa cooe e ec eo ooae x-aee. Ha ee co yec p epeee cee: Hn - o x-aee oceeo oa, Z - o XOR cex oo cooe, a L - a cooe. C cooae x epeex ooeoo oceeo oa M', ooaeoe x-aee pao:

H = f(Z M',f(L,f(M', Hn))) oyea eoo ayaa ( a pycco e), o ya, o o ce pao. Bo co cy ae a x-y opeeea a ac pocccoo Caapa poo oc (c. pae 20.3).

pyue cxe Pa Mep peo cxey, coyy DES, o oa eea - opaaae oo ce o c o oe a epa, aa epa coco yx poa DES [1065, 1069]. pya cxea [1642, 1645] eeoaca [1267], oa-o oa peaaac aece caapa ISO.

18.12 cooae aopo c op o B aece ooapaeo x-y oo cooa aop poa c op o pee cee oo. Ec ae poc , o oa x-y ye ae pyo, a poa cooee e oo a.

Bo pep, coy RSA. Ec M - o xpyeoe cooee, n - poeee yx pocx ce p q, a e - pyoe ooe co, ao pocoe c (p - l)(q - 1), o x-y, H(M), ye paa H(M) = Me mod n Ee poe cooa oo coe pocoe co aece oy p. Toa:

H(M) = Me mod p Bcpe o poe ooo e ee, e oc cpeoo oapa e. poea oo aop a coco o, o o aoo eeee, e pye ocyaee aop. o o pe e coe y eo.

18.13 Bop ooapaeo x-y y ayc SHA, MD5 cxe, ocoae a ox pax. pye a cao ee e c ceoa ocaoo cee. oocy a SHA. ee oee oe x-aee, e y MD5, oa c pee, e oe cxe c o pa, papaoaa NSA. ep poaaece oooc NSA, ae ec o e yy co peya.

B 16- cpae pee peee coooe eoopx x-y. They are meant for comparison purposes only.

Ta. 18-2.

Copoc poa eoopx x-y a i486SX/33 M Aop a x-ae Copoc poa (a/c) Oopeea cxea Davies-Meyer (c IDEA) 128 Davies-Meyer (c DES) 64 X-y OCT 256 HAVAL (3 poxoa) epeea HAVAL (4 poxoa) epeea HAVAL (5 poxoa) epeea MD2 128 MD4 128 MD5 128 N-x (12 ao) 128 N-x (15 ao) 128 RIPE-MD 128 SHA 160 Snerfu (4 poxoa) 128 Snerfu (8 poxoo) 128 18.14 o poep ooc cooe o poep ooc cooe ( message authentication code, MAC) - o aca o a ooa paea x-y. o MAC oaa e e coca, o paccopee paee x-y, o o, poe oo, a . (o e oaae, o oee oyoa MAC cooa MAC a ooapaey x-y.) Too aee eoo a oe poep x aee. o MAC oe oe oecee poep ooc e apye eoacoc.

o MAC oy cooa poep ooc ao, oop oeac oo a e. Tae o oy cooa o ooaee poep, e ec eo a, oe -a pyca. ooae oe c MAC eo ao coxpa ae ae.

Ec ooae ocoyec eco MAC ooapaeo x-ye, o pyc oe c oe x-ae oce apae ao ae ee a. C MAC pyc e coe oo oc, a a pycy eece.

poc cocoo peopaoa ooapaey x-y MAC ec poae x ae cep aopo. o MAC oe peopaoa ooapaey x y c oo pacp a.

CBC-MAC poce coco coa acy o a ooapaey x-y - poae cooe o aopo peax CBC CFB. X-aee ec oce poa o, a poa peax CBC CFB. Meo CBC opeee ANSI X9.9 [54], ANSI X9.19 [56], ISO 8731- [759], ISO 9797 [763] acpaco caape [1496]. epea poaa oe cp y cxey, ec aece ooo aopa coyec DES c yee co ao FEAL [1197].

oeaa poea, caa c eoacoc oo eoa, coco o, o oyae oe a , o ooe ey eeppoa cooe c e e x-aee, o y pcaoo cooe, c oo eppoa opao apae.

Aopum npoepu nouocmu cooeu (Message Authenticator Algorithm, MAA) o aop ec caapo ISO [760]. O ae 32-ooe x-aee cpoepoa peo c cp cpy yoe [428].

v = v <<< e = v w x = ((((e + y) mod 232) A C) * (x Mi)) mod 232- y = ((((e + x) mod 232) B D) * (y Mi)) mod 232- ec oopc aoo oa cooe, Mi, peypyee x-aee oyaec c oo XOR x y. epeee v e ac o a. A, B, C D c ocaa.

Booo, o aop poo coyec, o e ep, o o ocaoo eoace. O papao a a ao e co coe.

yanpae MAC o MAC ae x-aee, oopoe a paa ee oa aopa [978). Caaa cooe cec CBC-MAC. ae cec CBC-MAC cooe c opa opo oo. yapa e MAC poco ec oeee x yx ae. coae a cxea eeoaca [1097].

Memo yeaa o MAC ae aa apa opy oo oapye ay ( uadratic con gruential manipulation detection code, QCMDC) [792, 789]. Caaa pae cooee a m-oe o.

ae:

H0 = IH,, e IH - cepe Hi = (Hi-1 Mi)2 mod p, e p - pocoe co, eee 2m-1, a ooaae eoceoe coee.

yea (Jueneman) peaae n = 16 p = 231-1. B [792] o ae peaae, o H1 cooac aece ooeoo a a eceoe cooee aaoc c H2.

, -a oeca cp a poe, oex copyece c oo oepco, yea peo c QCMDC epe paa, coy peya oo epa aece IV ceye epa, a ae peya oec 128-ooe x-aee [793]. B aee a e a ycea a ce apaeoo oe epex epa c oepe c ey [790, 791]. a cxea a oaa oepco [376].

B pyo apae [432, 434] oepa coe aeea XOR, coyc o cooe, aoo ee p. poe oo, aa H0, o pepao aop ooapaey x-y e a.

oce oo, a a cxea a cpa [612], oa a ycea cooa aece ac poea European Open Shop Information-TeleTrust [1221], popoaa CCITT X.509 [304] pa ISO [764, 765]. coae oepc oa y cxey [376]. B pe cceoa yaac oooc cooa oe o 2 ocoa coe [603], o oo e oaaoc epce.

RIPE-MAC RIPE-MAC opee apo peeo [1262] cooa poee RIPE [1305] (c. pae 18.8).

O ocoa a ISO 9797 [763] coye DES aece y ooo poa. Cyecye a apaa RIPE-MAC: o, oop coye o DES, aaec RIPE-MAC1, a pyo, coy ee oe eoacoc poo DES, aaec RIPE-MAC3. RIPE-MAGI coye oo poae DES a 64-o o cooe, a RIPE-MAC3 - p.

Aop coco pex ace. Bo epx, cooee yeaec a, o eo a a paa a. ae, yeeoe cooee paaec a 64-oe o. xpoa x oo o o coyec y ca, aca o cepeoo a. Ha o ae coyec o DES, o poo DES. Haoe, xo o y ca oepaec ee ooy DES-poa c py o, oye a, coyeoo p ca. opooc oo a [1305].

IBC-x IBC-x - o ee o MAC, coye poee RIPE [1305] (c. pae 18.8). O epece ooy, o eo eoacoc oaaa, epooc yceoo cp oe oeea oeceo. coae aoe cooee oo xpoac o o. Bpa ypoe eoacoc opaae aca paep xpyeoo cooe, eo e eae oa pya paccopex o ae y. C yeo x coopae oee RIPE peoeyec, o IBC-x cooaac oo x, peo ocaex cooe. po y ec hi = ((Mi mod p) v) mod 2n Cepe pecae coo apy p v, e p - n-ooe pocoe co, a v - cyaoe co, eee 2n. ae Mi oyac c oo cpoo opeeeo poeyp ooe. Bepooc cp a ooapaeoc, a ycooc cooe, oy oee oeceo, ooae, e apaep, oy pa y ypoe eoacoc.

Ooanpaea x-yu MAC B aece MAC oe cooaa ooapaea x-y [1537]. yc Aca o c oy o K, Aca xoe opa oy MAC cooe M. Aca oee K M, c e ooapaey x-y oee: H(K,M). o x-aee ec oo MAC. Ta a o ae K, o oe ocpoec peya Ac, a Mop, oopoy eece, e coe o cea.

Co eoa MD-yce o coco paoae, o ec cepee poe. Mop cea oe oa oe o oy cooe c pa MAC. o cpe oe peopaeo, ec aay cooe oa eo y, o pee coeaec o cxee [1265]. ye oa oy cooe, H(M,K), o p o ae oa poe [1265]. Ec H ooapaea y, oopa e aea o cooe, Mop oe oea cooe. Ee ye H(K,M,K) H(Kl,M,K2), e Kl K2 pa [1537]. pee e yepe o [1265].

eoac ayc ceye ocpy :

H(Kl, H(K2, M)) H(K, H(K,M)) H(K, p,M,K)), e p ooe K o ooo oa cooe.

y oxoo ec oeee c a oo cooe o pae epe 64 o a. o eae ooapaey y eee eo, a a yeac o cooe, o a oa caoc aoo eoacee [1265].

coye ooapaey x-y cep aop. Caaa xpye a, oo apye x-aee. o eoacee, e caaa poa a, a ae xpoa ap o a a, o a cxea ycea oy e cp, o ocpy H(M,K) [1265].

MAC c ucnooaue nomoooo upa a cxea MAC coye oooe p (c. 3-) [932]. popaec eoac eepaop ceocyax o eyecpye oo cooe a a oooa. Ec a xoe eepaopa o ki ea, o ey cooe mi opaec ep ooo, ec o, o mi opaec o opo ooo. a ooo opaec a co LFSR (pae 16.2). Bxoo MAC poco e c oeoe cocoe oox pecpo.

ecac o eo eeoace o ooe eo ee cooe [1523].

Hapep, ec e oce cooe, o coa oeoo MAC yo ye e oo 2 a cooecyeo MAC;

o oe oeo c aeo epooc. Aop peaae oee eoac, oee co, apa.

CSPRNG Co pecp epe oo cooe ae Co pecp Pc. 18-15. MAC c cooae ooooo pa.

aa 19 Aop c op a 19.1 Oco oe popa c op a a ya o ( Whitfield Diffie) Mapo Xeao (Martin Hellman), eaco Pao Mepo (Ralph Merkle). x ao po pa o yeee, o oo cooa apa - poa eppoa o oe eooo oy o pyoo (c. Pae 2.5). Xea epe peca y e a Haoao oepo oepe ( National Computer Conference) 1976 oa [495], epe ecoo ece a oyoaa x ocoooaaa paoa "New Directions in Cryptogra phy'' ("Hoe apae popa") [496]. (-a eccpacoo poecca ya ep a Mepa y oac e oc oo 1978 oy [1064].) C 1976 oa o peoeo oeco popaecx aopo c op a. Moe x eeoac. ex, oope c eoac, oe epo paeco peaa.

o o coy co oo , o paep oyeoo poeca aoo peae pa ep opoo eca.

Heoe aop c eoac, pa. Oo aop ocoa a oo pyx poe, paccopex paee 11.2. Heoope x eoacx pax aopo oxo oo pacpeee e. pye oxo poa ( pacpeee e).

Tpe oe oo pox oce. Too p aopa xopoo paoa a p poa, a poo oc: RSA, EIGamal Rabin. Bce aop ee. O py ep py ae aoo eeee, e cepe aop. Oo x copoc eocaoa p o a ox oeo ax.

pe pocce (c. pae 2.5) oo ycop co: poa cooe c oyec cep aop co cya o, a aop c op o peec poa cyaoo ceacooo a.

eonacocm aopumo c ompmu au Ta a y poaaa ec ocy opoy y, o cea oe pa poa oe cooee. o oaae, o poaa p aao C = EK(P) oe opooa yaa aee P eo poep co oay. o ec cepeo poeo, ec oeco oox opx e co acoo ao, o eae oo cepa oc, o y poey eo oo pe, o o cooe cpoo cyax o. o po oy, o e op eca cooe cy pae poec. (oee opoo a e ocaa paee 23.15.) o ocoeo ao, ec aop c op o coyec poa ceacooo a.

Ea oe coa ay ax cex oox ceacox e, apoax op o oa.

oeo, o opeye oo pee a, o o pyo co papeeoo copy 40-ooo a 56-ooo a DES opeye aoo oe pee a. a oo Ea coac ay ay ax, oa oy oa coe a eo oy.

Aop c op a cpoepoa a, o pooco cp c pa o p eco. x eoacoc ocoaa a a pyoc oye cepeoo a o opoy, a a pyoc oy op ec o poecy. Oao oco aopo c op o ocoeo yce cp c pa poeco (c. pae 1.1).

B cceax, oopx oepa, opaa poa, coyec poo oc, o cpe eooo peopa, ec poa oce cooa oaoe .

Ceoaeo, ao ye c ccey eo, a e oo cocae ac. Xopoe pooo c o p a cpoepoa a opao, o pae copo e o pacpoa po oe cooe, eeppoae py copoa, - xopo pepo c pooo oa a eca eoc (c. pae 5.2).

19.2 Aop paa ep aopo ooeoo poa c op o ca aop paa, papa o a Pao Mepo Mapo Xeao [713, 1074]. O o cooa oo po a , xo oee A ap aapoa ccey poo oc [1413]. eoacoc aopo paa opaec a poey paa, NP-oy poey. Xo oe o oapyeo, o o a o p eeoace, eo co y, a a o eocppye oooc pee NP-oo poe popa c op a.

poea paa ecoa. aa ya peeo pao acc, oo oo eoope x peeo pa a, o acca paa caa paa opeeeoy ae ? oee opao, a aop ae Ml, M2,..., Mn cya S, c ae bi, ae o S = blM1 b2M2... bnMn bi oe o ye, o ee. Ea oaae, o pee ay pa, a o - o e ay.

Hapep, acc peeo oy e ae 1, 5, 6, 11, 14 20. B oee yaoa pa a, o eo acca caa paa 22, cooa acc 5, 6 11. Heooo yaoa pa a, o eo a c ca a paa 24. B oe cyae pe, eoxooe pee o poe, c poco oeca pe eo ye pace coeao.

B ocoe aopa paa Mepa-Xeaa e e poa cooee a peee aopa p o e paa. pee y pac c oo oa opoo eca, o e paoo oecy peeo ye ( opoo eca cooecy ae b), a poec ec oyeo cy o. pep poeca, apoaoo c o o poe paa, oaa a.

Op ec 1 1 1 0 0 1 0 1 0 1 1 0 0 0 0 0 0 0 0 1 1 0 0 Pa 1 5 6 11 14 20 1 5 6 11 14 20 1 5 6 11 14 20 1 5 6 11 14 poec 1 5 6 20=32 5 11 14=30 0=0 5 6= Pc. 19-1. poae c paa oyc o, o a cao ee cyecy e pae poe paa, oa peaec a eoe pe, a pya, a caec, - e. ey poey oo pepa pyy. Op peca e coo pyy poey, oopy eo cooa poa, o eooo eppo a cooe. ap ec eo poeo, aa poco coco eppoa cooe.

Toy, o e ae ap , pec oac pe pyy poey paa.

Cepxopacmaue pau o aoe ea poea paa? Ec epee acc pecae coo cepxopacay oceo aeoc, o oyey poey paa eo pe. Cepxopacaa oceoaeoc - o oceoaeoc, oopo ao e oe cy cex peyx eo. Hapep, oceoa eoc {1,3,6,13,27,52} ec cepxopacae, a {1,3,4,9, 15,25} - e.

Peee cepxopacaeo paa a eo. Boe o ec cpae eo c ca o co oceoaeoc. Ec o ec ee, e o co, o eo e ay pa. Ec o ec oe pae oy cy, o oo aec pa. e accy paa a o aee epee ceyey o ee cy oceoaeoc. ye oop, oa poecc e aoc.

Ec o ec yec o y, o peee aeo. B poo cyae, there isn't.

Hapep, yc o ec paa - 70, a oceoaeoc eco {2,3,6, 13,27,52}. Ca oo ec, 52, ee 70, ooy ae 52 pa. Ba 52 70, oyae 18. Cey ec, 27, oe 18, ooy 27 pa e aec. ec, 13,ee 18, ooy ae 13 pa. Ba 13 18, oy ae 5. Cey ec, 6, oe 5, ooy 6 e aec pa. pooee oo poecca oae, o 2, 3 ayc pa, o ec yeaec o 0, o cooae o aeo pee. Ec o o poa eoo paa Mepa-Xeaa, op ec, oye ae p o eca 70, pae 110101.

He cepxopacae, opae, pa peca coo pyy poey - cpoo a o pa x e aeo. Ece ec cocoo opee, ae pee ayc pa, ec eoeca poepa oox pee, oa e aeec a paoe. Ca cp aop, pa o ae pay pcy, ee coeay acoc o ca o ox peeo. oae oceoaeoc eco ee o e, a peee cae oe pyee. o aoo pyee cepxopacaeo paa, e, ec oae o pee oceo a eoc, oc pee yec a oy oepa.

Aop Mepa-Xeaa ocoa a o coce. ap ec oceoaeoc eco poe cepxopacaeo paa. Op - o oceoaeoc eco poe opao o paa c e e peee. Mep Xea, coy oyy apey, papaoa coco p e opaoa poe cepxopacaeo paa poey opaoo paa.

Coaue ompmoo a u apmoo Paccop paoy aopa, e yyc eop ce : o oy opay oceoae oc paa, oe cepxopacay oceoaeoc paa, apep, {2,3,6,13,27,52}, yo o oy m ce ae a co n. aee oy oo oe cy cex ce oceo a eoc, apep, 105. Moe oe ao poc co c oye, apep, 31. Hop ao oceoaeoc paa ye 2*31 mod 105 = 3*31 mod 105 = 6*31 mod 105 = 13*31 mod 105 = 27*31 mod 105 = 52*31 mod 105 = oo - {62,93,81,88,102,37}.

Cepxopacaa oceoaeoc paa ec ap o, a opaa oceoae oc paa - op.

upoaue poa cooee caaa paaec a o, pae o e cy eeo oceo a eoc paa. ae, ca, o ea yaae a pcyce ea oceoaeoc, a o - a eo ocyce, ce oe eca pao - o ooy aoo oa cooe.

Hapep, ec cooee apo e a 011000110101101110, poae, coy ee peyy oceoaeoc paa, ye pocxo cey opao :

cooee = 011000 110101 011000 cooecye 93 81 = 110101 cooecye 62 93 88 37 = 101110 cooecye 62 81 88 102 = poeco ye oceoaeoc 174,280, eupupoaue ao oyae aoo cooe ae ap : opay cepxopacay oc e oaeoc, a ae ae n m, cooae pepae ee opay oceoaeoc paa. eppoa cooe oyae oe caaa opee n-1, aoe o n(n-1)1 (mod m). aoe aee poeca yoaec a n-1 mod m, a ae paeec c oo apoo a, o oy ae opoo eca.

B ae pepe cepxopacaa oceoaeoc - {2,3,6,13,27,52), m pao 105, a n - 31. po eco cy 174,280,333. B o cyae n-1 pao 61, ooy ae poeca o yo e a 61 mod 105.

174*61 mod 105 = 9 = 3 6, o cooecye 280*61 mod 105 = 70 = 2 3 13 52, o cooecye 333*61 mod 105 = 48 = 2 6 13 27, o cooecye Pacpoa op eco ec 011000 110101 101110.

pamuecue peauauu oceoaeoc ec eeo epyo pe aay paa, ae ec oceoae oc e ec cepxopacae. Peae pa o coepa e eee 250 eeo. a aoo ea cepxopacae oceoaeoc oa e-o ey 200 400 a, a a oy oa o 100 o 200 o. oye x ae paece peaa coy eepaop cyao oceoaeoc.

Bcpa ooe pa p oo pyo c ecoeo. Ec oep oe poep o apao ceyy, poepa cex oox apao paa opeye ce 10 e. ae o a, paoax apaeo, e ycee pe y aay o pepae coa cepxoy e y.

eonacocm emoa paa Boa poccey, ocoay a poee paa, e o a, a apa popao. Ca aa pacp ece opoo eca [725]. ae ap oaa, o opeeex oco ecax pa oe oa [1415, 1416]. pye oce - [1428, 38, 754, 516, 488] - o o e o oa ccey Mapa-Xeaa oe cyae. Haoe ap e (Zippel) [1418, 1419, 1421] oapy cae eca peopaoa, o ooo occao cepxopacay oceoaeoc paa o opao. Toe oaaeca xo a pa o , o x xop o oop oo a [1233, 1244]. Ha oepe, e oaac peya, cpe o poeocppoao o ca a oepe Apple II [492, 494].

Bapuam paa oce cp opao cxe Mepa-Xeaa o peoeo oeco pyx cce a pe paa: ecoo oceoaex pao, pa p-apa (Graham-Shamir), pye.

Bce o poaapoa oa, a pao, c cooae ox ex e popa e cx eoo, x oo cee co copocoo occe popa [260, 253, 269, 921, 15, 919, 920, 922, 366, 254, 263, 255]. Xopo oop x cce x poaa oo a [267, 479, 257, 268].

peoe pye aop, coye oxoe e, o ce o oe oa.

poccea Lu-Lee [990, 13] a oaa [20, 614, 873], ee oa [507] ae oaaac eeo aco [1620]. Bcp pocce Goodman-McAuley pee [646, 647, 267, 268]. poccea Pieprzyk [1246] a oaa aao opao. poccea Niemi [1169], ocoaa a oyx paax, oaa [345, 788]. Ho, ooca pa [747] oa ee e oa, o e o ce. py apao ec [294].

Xo apa aopa paa acoee pe eoace - aop paa Char-Rivest [356], e cop a "ceapoaoe cpe" [743] - oeco eoxox ce eae eo aoo eee oe, e pye paccopee ec aop. Bapa, aa Powerline System (ccea epoa) eeoace [958]. oee oo, ya eoc c oopo a ce ocae apa, o ep yco oa apao, o oy, eocopoo.

amem Opa aop Mepa-Xeaa aaeoa Coeex aax [720] ocao pe (c. 18th). Public Key Partners (PKP) oya e a ae ece c py aea popa c op a (c. pae 25.5). Bpe ec aea CA cee 19 ayca 1997 oa.

Ta. 19-1.

ocpae ae a aop paa Mepa Xeaa Cpaa Hoep aa oye e 871039 5 ape 1979 oa Hepa 7810063 10 ape 1979 oa Beopa 2006580 2 a 1979 oa epa 2843583 10 a 1979 oa e 7810478 14 a 1979 oa pa 2405532 8 1979 oa epa 2843583 3 ap 1982 oa epa 2857905 15 1982 oa aaa 1128159 20 1982 oa Beopa 2.006580 18 ayca 1982 oa eap 63416114 14 ap 1983 oa a 1099780 28 cep 1985 oa 19.3 RSA Bcope oce aopa paa Mepa oc ep ooe aop c op o, o op oo cooa poa pox oce : RSA [1328, 1329]. cex peoex a o aopo c op a RSA poe ceo o peaoa. (Map apep (Martin Gardner) oyoa paee ocae aopa coe ooe "Maeaece p" Scientific American [599].) O ae ec ca oyp. Haa ec pex opeaee - Poa Peca (Ron Rivest), A apa (Adi Shamir) eoapa aa (Leonard Adleman) - o aop oe o po oco ecoy poaay. Xo poaa oaa, opoep eoacoc RSA, o, o cy, oocoae ypoe oep aopy.

eoacoc RSA ocoaa a pyoc paoe a oe ox ce. Op ap c y yx ox (100 - 200 papo ae oe) pocx ce. peoaae c, o occaoee opoo eca o poecy opoy y aeo paoe a oe yx ox ce.

eepa yx e coyc a ox cyax pocx ca, p q. acao eoacoc pae p q pao . Paccaec poeee:

n = p q ae cya opao paec poa e, ao o e (p-1)(q-1) c ao po c ca. Haoe pacpe aop a coyec ce a eppo a d, aoo o ed = 1 (mod (p-1)(q-1)) py coa d = e-1 mod ((p-1)(q-1)) ae, o d n ae ao poce ca. ca e n - o op , a co d - ap.

a pocx ca p q oe e y. O o opoe, o e o pacp.

poa cooe m oo caaa paaec a poe o, ee n ( ox a x paec caa oa cee ca 2, ea n). To ec, ec p q - 100-pape poce ca, o n ye coepa ooo 200 papo, a o cooe mi oe ooo 200 papo y. (Ec yo apoa cpoaoe co oo, x oo oo eco y c e a, o apapoa, o o cea yy ee n. apoaoe cooee c ye coco o o ci o e cao . opya poa a ci = mie mod n pacpo cooe oe a apoa o ci ce mi = cid mod n Ta a cid = (mie)d = mied = mik(p-1)(q-1) 1 = mimik(p-1)(q-1) = mi*1 = mi;

ce (mod n) opya occaaae cooee. o ceeo 17-.

Ta. 19-2.

poae RSA Ompm :

n poeee yx pocx ce p q (p q o xpac cepee) e co, ao pocoe c (p-1)(q-1) apm :

d e-1 mod ((p-1)(q-1)) upoaue:

c = me mod n eupupoaue:

m = cd mod n Too ae cooee oe apoao c oo d, a apoao c oo e, ooe o op. yepey ac o eop ce, oaae, oey o aop paoae. B oce o popa o opoc opoo paccope.

opo pep ooo ooe oc paoy aopa. Ec p = 47 q = 71, o n = pq = e e oe e ox oee (p-1)(q-1)= 46*70 = Bepe (cyao) e pa 79. B o cyae d = 79-1 mod 3220 = p ce oo ca cooa pacpe aop a (c. pae 11.3). Oyye e n, coxpa cepee d. Opoc p q. poa cooe m = caaa pae eo a aee o. aeo cya ooy pexyee o. Cooee paaec a ec oo mi:

ml = m2 = m3 = m4 = m5 = m6 = ep o pyec a 68879 mod 3337 = 1570 = cl Bo e e oepa oceyx oo, coae poec cooe :

c = 1570 2756 2091 2276 2423 eppoae yo o aoe e oeee cee, coy eppoa 1019:

15701019 mod 3337 = 688 = ml Aaoo occaaaec ocaac ac cooe.

Annapame peauauu RSA Cyecye oo ya, apaax ey aapax peaa RSA [1314, 1474, 1456, 1316, 1485, 874, 1222, 87, 1410, 1409, 1343, 998, 367, 1429, 523, 772]. Xopo oop ca cya [258, 872]. poae RSA oec o pocxea [1310, 252, 1101, 1317, 874, 69, 737, 594, 1275, 1563, 509, 1223]. ac cco ocyx acoee pe pocxe RSA, [150, 258], pe e 16th. He ce x ocy cooo poae.

Ta. 19-3.

Cyecye pocxe RSA oa Taoa acoa Copoc Taoe Texoo o a oeco epea oax poa pocxey pacopo a 512 512 Alpha Techn. 25 M 13K 0.98 M 2 poa 1024 AT&T 15 M 19K 0.4 M 1.5 poa 298 British Telecom 10 M 5.IK 1 M 2.5 poa 256 ---- Business Sim. Ltd. 5 M 3.8K 0.67 M Bea apa 32 ---- CalmosSyst-Inc. 20 M 2.8K 0.36 M 2 poa 593 CNET 25 M 5.3K 2.3 M 1 po 1024 Cryptech 14 M 17K 0.4 M Bea apa 120 Cylink 30 M 6.8K 1.2 M 1.5 poa 1024 GEC Marconi 25 M 10.2K 0.67 M 1.4 poa 512 Pijnenburg 25 M 50K 0.256 M 1 po 1024 Sandia 8 M IOK 0.4 M 2 poa 272 Siemens 5 M 8.5K 0.03 M 1 po 512 Copocm RSA Aapao RSA pepo 1000 pa eeee DES. Copoc pao cao cpo CC-peaa RSA c 512-o oye - 64 oa ceyy [258]. Cyecy ae pocxe, oope o 1024-ooe poae RSA. B acoee pe papaaac pocxe, oope, coy 512 o oy, pc pyey 1 M/c. Booo, o oc 1995 oy. pooe ae pe RSA eeyax apoax, o peaa eeee.

popao DES pepo 100 pa cpee RSA. ca oy eaeo ec p e e exoo, o RSA oa e oce copoc cepx aopo. B 15- pee pep copoce popaoo poa RSA [918].

Ta. 19-4.

Copoc RSA pax oye p 8-oo o po e (a SPARC II) 512 o 768 o 1024 a poae 0.03 c 0.05 c 0.08 c eppoae 0.16 c 0.48 c 0.93 c oc 0.16 c 0.52 c 0.97 c poepa 0.02 c 0.07 c 0.08 c popae Speedups poae RSA oec aoo cpe, ec pao epee aee e. Tpe aoee ac apaa c 3, 17 65537 (216 1). (ooe pecaee 65537 coep oo e e, ooy oee cee yo o oo 17 yoe.) X.509 coeye [304], PEM peoeye 3 [76], a PKCS #l (c. pae 24.14) - 3 65537 [1345]. He cyecye ax po e eoacoc, cax c cooae aece e oo x pex ae (p yco, o ooee cooe cya ca - c. pae e), ae ec oo o e aee e coy ec eo pyo ooaee.

Oepa c ap o oo ycop p oo aco eope o ocaax, ec coxp a ae p q, a ae ooee ae: d mod (p - 1), d mod (q - 1) q-1 mod p [1283, 1276]. ooee ca oo eo c o apoy opoy a.

eonacocm RSA eoacoc RSA ooc ac o poe paoe a oe ox ce. Texec, o yepee o eoacoc o. peoaaec, o eoacoc RSA ac o poe paoe a oe ox ce. Hoa e o oaao aeaec, o yo pao n a o e, o occao m o c e. oo, o oe op coce o coco poaaa RSA.

Oao, ec o o coco oo poaay oy d, o ae oe cooa paoe a oe ox ce. e co oyc o o.

Tae oo cp RSA, yaa aee (p-1)(q-1). o cpe e poe paoe n a oe [1616].

cepxceo: oaao, o eoope apa RSA ae co, a paoee a oe (c. pae 19.5). ae ae [361, e oaao, o pacpe ae ecox o opa o apoaoy RSA poecy e ee, e eppoae ceo cooe.

Ca oe cpeco cp ec paoee n a oe. o po coe o y op e oy n. o a eppoa d, po oe pao n a oe. Copeeoe cocoe exoo paoe a oe paccapaoc paee 11.4. B acoee pe epe pae o exoo ec co, coepaee 129 ecx p. a, n oo oe oo ae. Peoea o opy opoo a pee paee 7.2.

oeo, poaa oe epepa ce ooe d, oa o e oepe paoe aee. Ho aoe cpe pyo co ae eee eo, e oa pao n a oe.

Bpe o pee oc ae o o, o ae poco coco cp RSA, o oa oo oox ae e oepoc. Hapep, 1993 oy epoe ca Ba ea ( William Payne) peoe eo, ocoa a ao eopee epa [1234]. coae, o eo oaac eeee paoe a oe Cyecye ee o oo ecooca. oco oepx aopo ce pocx ce p q epooc, o pooe, ec p q oaec coca? Hy, o epx, oo cec e pooc aoo co o yoo ya. ae ec o pooe, copee ceo aoe coe ye cpay e oapyeo - poae eppoae e yy paoa. Cyecye p ce, aaex ca apaa (Carmichael), oope e oy oapy opeeee epooce aop o c a pocx ce. O eeoac, o peao pe [746]. eco oop, e o e oecooo.

Bcpmue c pa upomecmo npomu RSA Heoope cp paoa po peaa RSA. O cpa e ca ao aop, a a cpoe a pooo. Bao oa, o cao o cee cooae RSA e oeceae eoac oc. eo peaa.

Ceapu 1: Ee, ocyae c Ac, yaoc epexa cooee c, poaoe c o o RSA op o Ac. Ea xoe poa cooee. Ha e aea, e yo m, oopoo m = cd pacp m oa caaa pae epoe cyaoe co r, eee n. Oa ocae op Ac e. ae oa ce x = re mod n y = xc mod n t = r-1 mod n Ec x = re mod n, o r = xd mod n.

Teep poc Acy oca y ee ap o, a opao pacpoa y. (Aca oa o ca cooee, a e eo x cyy.) He aae, Aca oa pae e ea y. Aca ocae Ee u = yd mod n Teep Ea ce tu mod n = r-1 yd mod = r-1xdcd mod n = cd mod n = m Ea oyae m.

Ceapu 2: Tpe - o oep-oapyc. Ec Aca xoe aep oye, oa ocae eo Tpey. Tpe ocae eo poo oc RSA opae opao. (Ooapaee x y e coyc, Tpe pye ce cooee co ap o.) Mop xoe, o Tpe oca aoe cooee, oopoe oo cyae o o oa e o e. Moe o aa peea ea, oe aopo oo cooe ec pyoe o.

ao a pa, Tpe oa e oe o cooee, ec y eo ye oooc opa.

Haoe o cooee m'.

Caaa Mop pae poooe aee x ce y = xe mod n. e o oe oy e pya - o op Tpea, oop oe oyoa, o oo o poep oc Tpea. Teep Mop ce m = ym' mod n ocae m Tpey a oc. Tpe opaae md mod n. Now Mop ce (md mod n)x-1 mod n, oopoe pao n'd mod n ec oc m'.

Ha cao ee Mop oe cooa oeco cocoo pe ooy aay [423, 458, 486].

Ca eco, oopoe coy ae cp, ec coxpaee yao cpyyp xoa p oee cee. To ec:

(xm)d mod n = x dmd mod n Ceapu 3: Ea xoe, o Aca ocaa m3. Oa coae a cooe, ml m2, ae o m3 = m1m2 (mod n) Ec Ea coe aca Acy oca ml m2, oa oe c oc m3:

m3d = (mld mod n) (m2d mod n) Mopa: Hoa e oyec aopo RSA oc cyax oyeo, ocyyx a o copo. Bcea caaa ocoyec ooapaeo x-ye. opa oo ISO 9796 peo paae o cpe.

Bcpmue oeo oy RSA p peaa RSA oo opooa paa ce ooae oao oy n, o aoy co ae oaaee cee e d. coae, o e paoae. Haoee oea poea o, o ec oo o e cooee oa-y poaoc pa oaae cee (c o e e oye), a oaae - ao poce ca (a oo ae), o op ec oe pacp, ae e a ooo a eppoa [1457].

yc m - op ec cooe. a a poa - e1 e2. O oy - n. poeca cooe c:

c1 = me mod n c2 = me mod n poaa ae n, e1, e2, c1 c2. Bo a o yae m.

Ta a e1 e2 - ao poce ca, o c oo pacpeoo aopa a r s, oopx re1 se2 = Ca r opae ( r, s oo opae, yc opae ye r), o coa oo ocooac pacpe aopo ce c1-1. ae (c1-1)-r * c2s = m mod n Cyecye a pyx, oee ox cp cce aoo a. Oo coye epooc eo paoe n a oe. pyo - eeppoa aop ce aoo-y cepeoo a e paoe oy a oe. Oa cp opoo oca [449].

Mopa: He eae n o py ooaee.

Bcpmue aoo noaame upoau RSA poae poepa oc RSA oec cpee, ec e coyec eooe aee, o o ae oe eeoac [704]. Ec e(e 1)/2 eo acx cooe c pa o p a pyc o e e aee e, cyecye coco cp ay ccey. Ec cooe e a oo, ec cooe e ca, o poe e. Ec cooe oao, o oca oo e cooe. poe ceo oo cooe eac cya ca.

o ae apapye, o me mod n me. Ta eaec oce paecx peaa RSA, a pep, PEM PGP (c. pae 24.10 24.12).

Mopa: ooe cooe epe poae cya ae, yeec, o paep m pepo pae n.

Bcpmue aoo noaame eupupoau RSA py cpe, peoe Ma Bep (Michael Wiener), pacpae d, e d e peae e ep paepa n, a e ee n [1596]. p cyao ope e d o cpeaec peo, oa e poo e, ec aee e ao.

Mopa: Bpae ooe aee d.

oyee ypou y Myp (Judith Moore) a ocoa epecex cp po ceye opae RSA [1114, 1115]:

ae oo ap oaaee poa/eppoa aoo oy ooe oy pao oy a oe.

ae oo ap oaaee poa/eppoa aoo oy ooe oy c pye ap oaaee, e pacaa oy a oe.

B poooax cee c, pex RSA, e oe cooac o oy. (o ec oe cece peyx yx yo.) peopae cp aoo oaae poa cooe o ooe c y a ae.

oaae eppoa oe o.

He aae, eocaoo cooa eoac popaec aop, o eoa c c poccea popaec pooo. Caoe eco oo pex x ooeo ce a e eeoaco c ccey.

Bcpmue upoau u nonucu c ucnooaue RSA ee cc oca cooee epe poae (c. pae 2.7), o a pae o e o e oo. RSA oo cp pooo, pye cooee o eo oca [48].

Aca xoe oca cooee oy. Caaa oa pye eo op o oa, a ae oc ae co ap o. Ee apoaoe ocaoe cooee a :

BA me mod nB )d mod nA Bo a o oe oaa, o Aca ocaa ey m', a e m. Ta a oy eco paoee a o e nB (o eo coce oy), o oe c cpee oap o ocoa nB. Ceoa eo, ey yo oo a x, oopoo m'x = m mod nB Toa, ec o oe oyoa xeB aece coeo ooo opoo oaae cee coxpa co pe oy nB, o coe yepa, o Aca ocaa ey cooee m', apoaoe o oaaee.

B eoopx cyax o ocoeo epoe cpe. ae, o x-y e pea poey.

Oao oa peaec p cooa aoo ooae cpoaoo oa ae poa.

Cmaapm RSA de facto ec caapo o o cey py. ISO o, but not uite, created an RSA digital signature standard;

RSA cy opao ooee ISO 9796 [762.]. paycoe aocoe coo eco po RSA aece caapa [525], a e ocy acpa [1498]. B Coeex a ax -a ae NSA aex opoco acoee pe e caapa poa c op o. Moe aepace oa coy PKCS (c. pae 24.14), aca RSA Data Security, Inc. RSA opeee aece epooo aocoo caapa ANSI [61].

amem Aop RSA aaeoa Coeex aax [1330], o oo pyo cpae. PKP oya e ece c py aea oac popa c op a (pae 25.5). Cpo ec aea CA ceae 20 cep 2000 oa.

19.4 PohIig-HeIIman Cxea poa Pohlig-Hellman [1253] oxoa a RSA. o e cep aop, a a poa eppoa coyc pae . o e cxea c op o, ooy o eo oyac o pyoo, poa, eppoa o xpac cepee. a RSA, C = Pe mod n P = Cd mod n e ed 1 (mod aoe-y cocaoe co) B oe o RSA n e opeeec c oo yx pocx ce ocaec ac apoo a.

Ec y oo-y ec e n, o oe c d. He a e d, po ye ye c e = logpC mod n M ye e, o o ec pyo poeo.

amem Aop Pohlig-Hellman aaeoa CA [722] aae. PKP oya e ece c py aea oac popa c op a (c. pae 25.5).

19.5 Rabin eoacoc cxe Paa (Rabin) [1283, 1601] opaec a cooc oca apax ope o o y cocaoo ca. a poea aaoa paoe a oe. Bo oa peaa o cxe .

Caaa pac a pocx ca p q, opyx 3 mod 4. poce ca c ap o, a x poeee n =pq - op o.

poa cooe M (M oo ee n), poco cec C = M2 mod n eppoae cooe ae ecoo, o eoo cyee. Ta a oyae ae p q, o oe pe e opyoc c oo aco eope o ocaax. Bcec m1 = C(p+1)/4 mod p m2 = (p - C(p+1)/4) mod p m3 = C(q+1)/4 mod q m4 = (q - C(q+1)/4) mod q ae paec ee ca a = q(q-1 mod p) b = p(p-1 mod q). ep oo pee c:

M1 = (am1 bm3) mod n M2 = (am1 bm4) mod n M3 = (am2 bm3) mod n M4 = (am2 bm4) mod n O epex peyao, M1, M2, M3 M4, pao M. Ec cooee acao o ac, pa paoe Mi epyo. C pyo copo, ec cooee ec ooo cyax o (cae, eepa e poo oc ), cocoa opee, aoe Mi - paoe, e. O cocoo pe y poey cy oaee cooe epe poae ecoo aooa.

Williams X Bc (Hugh Williams) epeopee cxey Paa, o ycpa eoca [1601]. B eo cxee p q pac a, o p 3 mod q 7 mod N = pq poe oo, coyec eooe eoe co, S, oopoo J(S,N) = -1. (J - o co o - c.

pae I I.3). N S oyoac. Cepe o ec k, oopoo k = 1/2 (1/4 (p - 1) (q - 1) 1) c poa cooe M cec c1, aoe o J(M,N) =. ae cec M' = ( S *M) (-1)c mod N. a cxee Paa, C = M'2 mod N. c2 = M' mod 2. Ooae poeco cooe ec poa:

(C, cl, c2) eppoa C, oyae ce M" c oo Ck M" (mod N) pa a M" opeee c2. Haoe c1 M= ( S * *M") mod N (-1)c Bocec Bc yy y cxey [1603, 1604, 1605]. Beco oee apa opoo e ca cooe, oee eo pe cee. oe poce ca o opy 1 o oy 3, ae op ap oayc oao. ae ye, cyecye oo oa yaa pacpoa aoo poa.

peyeco cxe Paa Bca epe RSA o, o oaao, o o ae eoac, a pa oee a oe. Oao epe cpe c pa poeco o coepeo ea.

Ec copaeec cooa cxe cyae, oa o oe o aoe cpe (apep, aop poo oc, oa o oe pa ocaee cooe ), e a ae cooa epe ocae ooapaey x-y. Pa peo pyo coco ac o aoo cp: aoy cooe epe xpoae ocae oaec y aa cyaa cpoa. ecac, oce oae ooapaeo x-ye o a, o c c ea co e eoaca, a paoee a oe, oe e ec oaa [628]. Xo c pa eco o pe oaee xp oa e oe oca ccey.

py apaa cxe Paa c [972, 909, 696, 697, 1439, 989]. yep apa oca [866, 889].

19.6 EIGamaI Cxey EIGamal [518,519] oo cooa a pox oce, a poa, eo e o acoc ocoaa a pyoc ce cpex oapo oeo oe.

eepa ap e caaa paec pocoe co p a cyax ca, g x, oa c a o ee p. ae cec y = gx mod p Op o c y, g p. g, p oo cea o py ooaee. ap o ec x.

onucu ElGamal o oca cooee M, caaa paec cyaoe co k, ao pocoe c p-1. ae c ec a = gk mod p c oo pacpeoo aopa a axoc b ceye ypae:

M = (xa kb) mod (p - 1) oc ec apa ce: a b. Cyaoe aee k oo xpac cepee. poep o c yo yec, o yaab mod p = gM mod p aa oc poae EIGamal peye ooo ae k, o aee oo pao cya opao. Ec oa-y Ea pacpoe k, coyeoe Aco, oa coe pacp ap Ac x. Ec Ea oa-y coe oy a cooe, ocae apoae c oo ooo oo e k, o oa coe pacp x, ae e a aee k. Ocae ElGamal ceeo 14-.

Ta. 19-5.

oc ElGamal Ompm :

p pocoe co (oe o py ooaee) g

x

k paec cya opao, ao pocoe c p- a (oc) =gk mod p b (oc), aoe o M = (xa kb) mod (p - 1) poepa:

oc caec pao, ec yaab mod p = gM mod p Hapep, epe p = 11 g = 2, a ap x = 8. Bc y = gx mod p = 28 mod 11 = Op o c y = 3, g = 2 p = 11. o oca M = 5, caaa epe cyaoe co k=9. eaec, o gcd(9, 10)= 1. Bce a = gk mod p = 29 mod 11 = c oo pacpeoo aopa a axo b:

M = (xa kb) mod (p - 1) 5 = (8*6 9*b) mod Peee: b = 3, a oc pecae coo apy: a = 6 b = 3.

poep oc yec, o yaab mod p = gM mod p 3663 mod 11 = 25 mod Bapa EIGamal, coye oce, oca [1377]. Toac e (Thomas Beth) ope apa cxe EIGamal, oxo oaaeca eoc [146]. Cyecy apa poep o oc apo [312] oea a [773]. ee c c pyx (c. pae 20.4).

upoaue ElGamal Moa EIGamal ooe poa cooe. poa cooe M caaa pae c cyaoe co k, ao pocoe c p - 1. ae cc a = gk mod p b = yk M mod p apa (a,b) ec poeco. Opae ae, o poec a paa ee opoo e ca. eppoa (a,b) cec M = b/ax mod p Ta a ax gkx (mod p) b/ax yk M/ax gxk M/ gkx = M (mod p), o ce paoae (c. 13-). o cy o o e caoe, o oe a -Xeaa (c. pae 22.1) a cee oo, o y - o ac a, a p poa cooee yoaec a yk.

Ta. 19-6.

poae ElGamal Ompm :

p pocoe co (oe o py ooaee) g

x

k paec cya opao, ao pocoe c p- a (poec) =gk mod p b (poec)= yk M mod p eupupoaue:

M (op ec) = b/ax mod p Copocm Heoope pep copoc pao popax peaa EIGamal pee 12- [918].

Ta. 19-7.

Copoc EIGamal pax oye p 160-oo oa aee cee (a SPARC II) 512 o 768 o 1024 o poae 0.33 c 0.80 c 1.09 c eppoae 0.24 c 0.58 c 0.77 c oc 0.25 c 0.47 c 0.63 c poepa l.37 c 5.12 c 9.30 c amem ElGamal eaaeoa. Ho, pee e ac epe peaoa aop, yo a, o PKP cae, o o aop oaae o ece aea -Xeaa [718]. Oao cpo ec ae a -Xeaa aaaec 29 ape 1997 oa, o eae ElGamal ep popaec o po c op a, po poa pox oce eca Coee x aax aea. e oy oac oo oea.

19.7 McEIiece B 1978 oy Poep Mac (Robert McEliece) papaoa poccey c op a a ocoe eop aepaecoo opoa [1041]. o aop coye cyecoae opeeeoo acca cpax o oo, aaex oa oa (Goppa). O peaa coa o oa aac poa eo a o e o. Cyecye cp aop eopoa oo oa, o oa poea a coo oa o aoy ecy eo oo oe ec NP-oo. Xopoee ocae oo aopa oo a [1233], c. ae [1562]. He pee oo pa oop.

yc dH(x,y) ooaae paccoe Xa ey x y. ca n, k t cya apaepa cce.

ap coco pex ace : G' - o apa eepa oa oa, cpaeo t oo. P o apa epecaoo paepo n*n. S - o nonsingular apa paepo k*k.

Op o cy apa G paepo k*n: G = SG'P.

Op ec cooe pecae coo cpoy k o e k-eeoo eopa a oe GF(2).

poa cooe cya opao paec n-ee eop z a oe GF(2), oopoo paccoe Xa ee pao t.

c = mG z eppoa cooe caaa cec c' = cP-1. ae c oo eopyeo aopa oo oa axoc m', oopoo dH(m'G,c) ee pao t. Haoe cec m = m'S-1.

B coe opao paoe Mac peo ae n = 1024, t = 50 k = 524. o ae ae, peyee eoacoc.

Xo o aop o epx aopo c op a, e ooc ya o eo yceo poaaeco cp, o e oy pooo pa popaeco c o oece. Cxea a a-p opa cpee, e RSA, o y ee ec p eocao. Op opoe:

219 o. Co yeaec oe ax - poec a paa ee opoo eca.

P oo poaaa o cce oo a [8, 943, 1559, 306]. H oa x e oca yc exa oeo cya, xo cxoco ey aopo Maca aopo paa eoo oye.

B 1991 a pyccx popaa a, o oa ccey Maca c eoop apaepa [882].

B x cae o yepee e o oocoao, oco popao e p o ae o peya. Ee oo oeoe pycc cpe, oopoe e eocpeceo cooa po cce Maca, ocao [1447, 1448]. Pacpe McEliece oo a [424, 1227, 976].

pyue aopum, ocoae a uex oax, ucnpaux ouu Aop Heppeepa (Niederreiter) [1167] oe o aopy Maca cae, o op - o cyaa apa poep eoc oa, cpaeo o. ap o cy e aop eopoa o ap.

pyo aop, coye ea pox oce, ocoa a eopoa cpoa [1501], oce c. [306]. Aop [1621], coy o, cpae o, ee o ace [698, 33, 31, 1560, 32].

19.8 pocce c ec p ece pe yac oe o, o oy opocy cyecye opooe oeco ep a yp. B 1985 oy H o (Neal Koblitz) B.C. Mep (V. S. Miller) eaco peo cooa x pocce c op a [867, 1095]. O e ope ooo popaecoo aop a, coyeo ece pe a oe o, o peaoa cyecye aop, ooe Diffie-Hellman, c oo ecx px.

ece pe a epec, ooy o o oecea coco ocpypoa "eeo" "pa oee", opayx py. Coca x py ec ocaoo xopoo, o cooa x popaecx aopo, o y x e opeeex coc, oeax poaa. Hapep, oe "aoc" epeo ec p. To ec, e cyecye aoo oeca eox eeo, coy oope c oo pocoo aopa c coo epo oc oo pa cya ee. Ceoaeo, aop ce cpeoo oapa oaae cee e paoa work. opooc c. [1095].

Ocoeo epec ece pe a oe GF(2n). n aaoe o 130 o 200 ecoo papaoa cxey ooceo poco peaoa apeec poeccop coyeoo o. Ta e aop oeao oy ocy ocoo oee cpx pocce c op a e paepa e. C oo ecx px a oe o oy pea oa oe aop c op a, ae a Diffie-Hellman, EIGamal Schnorr.

Cooecya aeaa coa xo a pa o . epecyc o eo pe aa poa e eyoye pao oy y Apea Meeeca ( Alfred Menezes) [1059].

ece pe coyc y aaoa RSA [890, 454]. py paoa c [23, 119, 1062, 869, 152, 871, 892, 25, 895, 353, 1061, 26, 913, 914, 915]. pocce c a eoo a ae ecx px paccapac [701]. Aop Fast Elliptic Encryption (FEE, cpoe ecoe poae) oa Next Computer Inc. ae coye ece pe [388]. po ocoeoc FEE ec o, o ap oe o eo aoaec cpoo. pea ac pocce, coye epece pe [868, 870, 1441, 1214].

19.9 LUC Heoope popa papaoa ooee oa RSA, oope coy pae epe caooe ooe eco oee cee. Bapa, aac Kravitz-Reed coy epoe oe ooe [898], eeoace [451, 589]. Bp Mep (Winfried Mller) B p Hoayep (Wilfried Nbauer) coy oo coa (Dickson) [1127, 1128, 965]. Pyo (Rudolph Lidl) Mep oo o oxo [966, 1126] (o apa aa cxeo Ridi), Hoayep poaapoa eo eoacoc [1172, 1173]. (Coopae o ooy eepa pocx ce c o o y yaca (Lucas) oo a [969, 967, 968, 598].) Hecop a ce peye papao pye cceoaee Hoo ea yaoc aaeoa y cxey 1993 oy, aa ee LUC [1486, 521, 1487].

n-oe co yaca, Vn(P,1), opeeec a Vn(P,1) = PVn-1(P,1)- Vn-2(P,1) Teop ce yaca ocaoo ea, ee poyy. Teop oceoaeoce yaca xopoo o ea [1307, 1308]. Ocoeo xopoo aeaa LUC ocaa [1494, 708].

B o cyae eepa ap op /ap caaa pac a ox c a p q. Bcec n, poeee p q. poa e - o cyaoe co, ao pocoe c p-1, q-1, p 1 q 1. Cyecye epe oox a eppoa, d = e-1 mod (HO(p 1), (q 1))) d = e-1 mod (HO(p 1), (q-1))) d = e-1 mod (HO(p-1), (q 1))) d = e-1 mod (HO(p-1), (q-1))) e HO oaae aeee oee paoe.

Op o c d n;

ap o - e n. p q opacac.

poa cooe P (P oo ee n) cec C = Ve(P,1) (mod n) A eppoa:

P = Vd(P, 1) (mod n), c cooecy d B ye cyae LUC e eoacee RSA. A eae, oo o oyoae peya oaa, a oa LUC o pae epe ecox peaax. e oep oy aopy.

19.10 pocce c op o a ae oex aoao ac popa Tao Pe papaoa aop c op o, ocoa a cooa oex aoao [1301, 1302, 1303, 1300, 1304, 666]. Tao e coo aae, a paoee a o e poee yx ox pocx ce, ec aaa paoe a cocae poee yx oex aoao. o e oee epo, ec o aoao eee.

oa ac pao o oac a oea ae 80-x oax oyoaa a aco e. Pe aa ca o ac. Eo a peyao o o, o opaoe aee eoopx eex (aex) aoao ec ca oa oo oa, oa aoa oaa opeeeo cyeao apo cpyypo. o coco ceae, ec o oee c py a o ao (xo e). B aope c op o cepe ec eppye a e aoao, a cooecy op oe oye c oo x oeoo ep e oe. ae pyc, poxo epe e aoa, a eppyc, poxo epe opae ae ooeo aopa ( eoopx cyax aoa o ycaoe oxoee a aoe aee). a cxea paoae poa, pox o ce.

O pooeoc ax cce pae oo caa ceyee: o, a ccea McEliece, ao o cpee RSA, o pey cooa oee x e. a a, oeceaa, a y a , eoacoc, aaoy 512-ooy RSA, paa 2792 a, a 1024-ooy RSA - 4152 a. B epo cyae ccea pye ae co copoc 20869 a/c eppye ae co copoc1 a/c, paoa a 80486/33 M.

Pe oyoa p aopa. ep FAPKC0. a caa ccea coye ee o o e , a opao, ec cpao. aa yx cepex cce, FAPKC1 FAPKC2, coye o e o ee ooe. oce coee, oa a papaoaa o ep oepa poep ooc.

o acaec x aeoc, ae eao aac o poeo (e ceac ce 30 cyo, yyx pao o popa eoacoc ). ocaooo oeca coo a aco e oo e, o poea a yea.

peaeo ocoeoc FAPKC1 FAPKC2 ec o, o o e opae a aea CA. Ceoaeo, a a cpo ec aea a aop Diffie-Hellman ceae 1997 oy, ao p ecoeo c oe epec.

aa Aop poo oc c op o 20.1 Aop poo oc (DIGITAL SIGNATURE ALGORITHM, DSA) B ayce 19991 oa Haoa cy caapo ex (National Institute of Standards and Tech nology, NIST) peo cooa coe Caape poo oc ( Digital Signature Standard, DSS) Aop poo oc (Digital Signature Algorithm, DSA). Coaco Federal Register [538]:

peaaec eepa caap opao opa ( Federal Information Processing Standard, FIPS) Caapa poo oc (Digital Signature Standard, DSS). B o caape opeeec aop poo oc c op o (DSA), po eepax pee, peyx poo oc. peoe DSS coye op poep oyaee eococ oyex ax oc opae. DSS ae oe cooa pee copoo poep pa oc oc cax c e ax.

B o caape paec cxea oc c op o, coya apy peopaoa coa poep pooo ae, aaeoo oc.

:

peoe caap pecae coo peya oe pax eo poo oc. pa pee e, NIST ceoa ooe paea 2 Aa o oepo eoacoc ( Computer Security Act) 1987 oa o o, o NIST papaaae caap,"... oeceae peaee eoacoc cepeoc eepao opa, pa exoo, peaax cpay cee a, y, oopa oaae aoee oxo pao cyaao xapaepca".

Cpe aopo, paccopex poecce p pee ypoe oeceaeo eoacoc, pocoa a apao popao peaa, pocoa copa a pee CA, peoc aeo, e a aoa y eoacoc oeceee paoopa, a ae cee eoca y oc, a y poe p . aaoc, o oece cooecyy ay eepa ccea oo o cocoa. Bpa yoeope cey peoa:

NIST oae, o eo oo ye cooa ecao. pooe cooae o exoo, oycoeo eo ocyoc, ocy ooeco oe paeca oeca.

Bpaa exoo oeceae eoe cooae oepa oc poex, cax c c ooae eeyax apoe. B x poex oepa oc oc cao ceo cpee eeyax apoe, a poecc poep peayec oee oo ceo cpee, apep, a e p coao oepe, aapao pop aeco oye a oepe-pee.

pee, e ce coce ayaec, ooe e paopac c aa : DSA - o aop, a DSS caap. Caap coye aop. Aop ec ac caapa.

Peau a aeue aee NIST ao oo pecx aea oe. coae, o copee o ec, e ay. RSA Data Security, Inc., poaa aop RSA, oaa po DSS. O peoa, o caap cooac aop RSA. RSADSI oyo eao ee a epoae aopa RSA, caap ecao poo oc po o a cay cy ee oepecx ycexo. (peae: DSA eoaeo e apyae ae, paccop y ey oee.) o ae o p aopa RSADSI eo oa po "oeo oy,'' oop, ooo, oo paecy oea oc. oa o oeo, o aop e coye o o y, pa a pooea c pyx o [154], a c oo ce NIST, a c oo ae pecce. (epe ca NIST ooc [1326]. a x, e aae, o o pae epe a a o pa, Pec Xea, acoo aepecoa o, o DSS e p.) Moe oe oa, papaaae popaoe oeceee, oope ye epoa a o p RSA, ae cy po DSS. B 1982 oy paeco opoco peoca ey aop c op o opa ooo x aece caapa [537]. oce oo eee e e o NIST e o ax ec. Tae oa, a IBM, Apple, Novell, Lotus, Northern Telecom, Microsoft, DEC Sun opa oo ee, peay aop RSA. O e aepecoa oepe ec.

Bceo oy epoo epoa ocye(28 epa 1992 oa) NIST oy 109 aea. Paccop o opy pece aea apec DSA.

1. DSA e cooa poa pacpeee e.

pao, o caap e peye a x oooce. o caap oc. NIST ooo caap poa c op o. NIST coepae oy oy, oca aepac apo e caapa poa c op o. o ce epooc peoe caap poo o c ye eooo cooa poa. (Ho oaaec, o ooo - c. pae 23.3.) o e oaae, o caap oc eco ee.

2. DSA papaoa NSA, aope oy ceae ae.

oco epoaax oeape poco apaoa : "Opae NIST cyecy x aopo e x p e yae oep DSS, a ycae oopee, o cyecye a a popaa, cpeac oo NIST / NSA cpa aoay poccey c op o" [154]. Cepe opoc ooceo eoacoc DSA aa Apao ecpo (Arjen Lenstra) Capo Xaepo (Stuart Haber) Bellcore. O ye paccope e.

3. DSA eeee RSA [800].

oee eee cpaeo. Copoc eepa oc pepo oao, o poepa oc c oo DSA o 10 o 40 pa eeee. Oao eepa e cpee. Ho a oepa eepeca, ooae peo pee ee. C pyo copo poepa oc - o aoee aca oep a.

poea p o, o cyecye oo cocoo opa apaepa ecpoa, oac yx peyao. peapee ce oy ycop eepa oc DSA, o o e cea oo. Copo RSA opa ca a, o e peyeca coeo aopa, a copo DSA coy co coco oa. B o cyae oep caoc ce cpee c pee. Xo paa copoc cyecye, oce po e oa e ye aea.

4. RSA - o caap de facto.

Bo a pepa oox ao. co Poepa oea (Robert Follett), peopa popa caap a oa IBM [570]:

IBM cae, o NIST peo caap cxe poo oc, oac o paex eyapox caapo. ooae opaa ooaee ye ac o, o oepa eyapox caapo, c oyx RSA, cao ae yye cae eoxo ycoe poa cpec oecee e oacoc.

co eca poepa (Les Shroyer), e-peea peopa oa Motorola [1444]:

ac oe e, ae, pa ce aop poo oc, oop oo cooa o cey py a ey aepac eaepac oea, a ey ccea oa Motorola ccea pyx pooee. Ocyce pyx ecocox exoo poo oc a ocee oce e c e ao RSA aec caapo.... Motorola oe pye oa... o RSA o oapo. M co eaec o aoec oooc oep yx pax caapo, aoe ooee pee pocy pa c xoo, aepe paepa ycoe cce....

Mo oa xoeoc, o NIST p ISO 9796, eyapo caap poo oc, coy RSA [762.]. Xo o cepe apye, o eocaoe, o p eyapo caap aece aoaoo. eca caap ye oea oece epeca Coe ex ao.

5. Bop aoaoo aopa e op, e o ao ocaoo pee aaa.

Caaa NIST yepa, o papaoa DSA caocoeo, ae pa oo NSA. Haoe NIST oep, o NSA ec aopo aopa. o ox oecooo - NSA e yae oepe.

ae a, aop oyoa ocye aaa, poe oo, NIST po pe aaa o epoa aopa.

6. DSA oe apya pye ae. o a. o opoc ye paccope paee, paccapa ae.

7. Paep a co a.

o eceo cpaea pa DSS. epoaao peaaoc cooa oy o o [1149]. Ta a eoacoc aopa opeeec cooc ce cpex oapo o aaoy oy, o opoc ooa ox popao. C ex op cee cpex oap o oeo oe oco opeeex ycexo, 512 o co ao oopeeo oc (c. pae 7.2). Coaco pay aMaa (Brian LaMacchia) p Oo (Andrew Odlyzko), "... ae eoacoc, oeceaea 512-o poc ca, o oy, axoc a peee... " [934]. B oe a aea NIST cea y a epeeo, o 512 o 1024 o. Heoo, o ce a oye.

19 a 1994 oa a ooae apa caapa [1154]. p o o caao [542]:

o caap oe pec ce eepa eapaea ypae a ecepeo opa.... o caap ye cooa p poepoa peaa cxe oc c op a, o ope papaaa eepae eapae ypae, oope papaaac o aay. ace o epece opaa oy p cooa o caap.

pee e ooac caapo peaoa eo, poe e pae o ae ax.

Onucaue DSA DSA, peca coo apa aopo oc Schnorr EIGamal, ooc oca [1154].

Aop coye ceye apaep :

p = pocoe co o L o, e L pae aee, paoe 64, aaoe o 512 o 1024. (B epoaao caape paep p cpoa pae 512 a [1149]. o ao oeco p ecx aea, NIST o y aopa [1154].) q = 160-oo pocoe co - oe p-1.

g = h(p-1)/q mod p, e h - oe co, eee p-1, oopoo h(p-1)/q mod p oe 1.

x = co, eee q.

y = gx mod p.

B aope ae coyec ooapaea x-y : H(m). Caap opeee cooae SHA, paccopeoo paee 18.7.

epe p apaepa, p, q g, op oy o ooaee ce. ap o ec x, a op - y. o oca cooee, m:

(1) Aca eeppye cyaoe co k, eee q (2) Aca eeppye r = (gk mod p) mod q s = (k-1 (H(m) xr)) mod q Ee oc cya apaep r s, oa ocae x oy.

(3) o poepe oc, c w = s-1 mod q u1 = (H(m) * w) mod q u2 = (rw) mod q 1 v = (( gu * yu ) mod p) mod q Ec v = r, o oc paa.

oaaeca aeaecx coooe oo a [1154]. 19th pecae coo paoe o cae aopa.

Ta. 20-1.

oc DSA Ompm :

p pocoe co o o 512 o 1024 o (oe cooac pyo ooaee) q 160-o poco oe p-1 (oe cooac pyo ooaee) g = h(p-1)/q mod p, e h - oe co, eee p-1, oopoo h(p-1)/q mod p > 1 (oe cooac pyo ooaee) y = gx mod p (p-ooe co) apm :

x < q (160-ooe co) onuc:

k paec cyao, eee q r (oc) = (gk mod p) mod q s (oc) = (k-1 (H(m) xr)) mod q poepa:

w = s-1 mod q u1 = (H(m) * w) mod q u2 = (rw) mod q 1 v = (( gu * yu ) mod p) mod q Ec v = r, o oc paa.

copue npeapumee uceu B 18- pee pep copoc pao popax peaa DSA [918].

Ta. 20-2.

Copoc DSA pax oye c 160-o oaaee cee (a SPARC II) 512 o 768 o 1024 a oc 0.20 c 0.43 c 0.57 c poepa 0.35 c 0.80 c 1.27 c paece peaa DSA aco oo ycop c oo peapex ce. Opae ae, o aee r e ac o cooe. Moo coa cpoy cyax ae k, ae pac ca ae r aoo x. Moo ae c k-1 aoo x ae k. ae, o a pxo cooee, oo c s aax r k-1.

peapee ce aeo ycop DSA. B 17- pee cpae pee ce DSA RSA opeo peaa eeyao apo [1479].

Ta. 20-3.

Cpaee pee ce RSA DSA DSA RSA DSA c o p, q, g oae ce Off-card (P) N/A Off-card (P) eepa a 14 c Off-card (S) 4c peapee ce 14 c N/A 4 c oc 0.03 c 15 c 0.03 c poepa 16 c l.5 c 10 c 1-5 c off-card (P) 1-3 c off-card (P) Bce e apo (off-card) oc a epcoao oepe i80386/33 M. (P) yaa e ope apaep off-card, a (S) - a ape apaep off-card. B oox aopax coyec 512 o oy.

eepau npocmx uce DSA ecpa Xaep yaa, o oa eoope oy aoo ee, e pye [950]. Ec o-y aca ooaee ce cooa o ax cax oye, o x oc ye ee oea.

Te e eee o e pecae poe o y pa: ae oy eo oapy, o a pe , o epooc cyao cooa ooo x peepeo aa, ee, e epooc cy ao oy cocaoe co a xoe epooco poeyp eepa pocx ce.

B [1154] NIST peoeoa ope eo eepa yx pocx ce, p q, e q ec ee e p-1. a pocoo ca p - ey 512 1024 paa 64 -a. yc L-1= 160n b, e L - o a p, a n b - a ca, pe b ee 160.

(1) Bepe pooy oceoaeoc, o pae epe, 160 o aoe ee S. yc g - o a S ax.

(2) Bc U = SHA(S) SHA((S 1) mod 2g), e SHA oca paee 18.7.

(3) Opaye q, ycao ao ae aae U 1.

(4) poep, ec q poc.

(5) Ec q e ec poc, o epec a a (1).

(6) yc C=0 N=2.

(7) k=0,l,...,n, yc Vk=SHA((S N k) mod 2g) (8) yc W - eoe co W = V0 2160V1... 2160(n-1) Vn-1 2160 (Vn mod 2b) yc X = W 2L- Opae ae, o X - o L-ooe co.

(9) yc p = X - ((X mod 2q) - 1). Opae ae, o p opyo 1 mod 2q.

Pages:     || 2 |



2011 www.dissers.ru -

, .
, , , , 1-2 .