WWW.DISSERS.RU


...
    !

Pages:     || 2 | 3 |
-- [ 1 ] --

aa 21 Cxe ea 21.1 FEIGE-FIAT-SHAMIR Cxea poo oc poep ooc, papaoaa Aoco ao ( Amos Fiat) A a po (Adi Shamir), paccapaec [566, 567].

pe ee (Uriel Feige), a ap opoa aop, pepa eo oaaeco ooc c ye ae [544, 545]. o yee oaae co ooc c ye ae.

9 1986 oa p aopa oa ay a oyee aea CA [1427]. -a oooo oeoo pee aa a paccopea oe. Bpe o pee peyao pao aeoe po ec e aa aea, a eo, aaeoe cepe pacopee. 6 ap 1987 oa, a p o ce e ececoo epoa, o poce ap aeoe po ao aoe pacopee. ao, o "... pacpe ya peea a... oe p yep aoao eoacoc..."

Aopa o paao yeo cex paa CA, oope o e pa ya o po o x cceoax, o ecaopoaoe pacpe opa oe aoc y oa peoo ae, pao $10,000 e py oopeeo. oee oo, aop o co o oooeoy o aea opo aa oo cex ocpax paaax, oope oy ocy o opa.

o o eeo. B eee opo oo 1986 oa aop peca co paoy a oepex pae, Epoe Coeex aax. O ae e aepac paaa, c paoa a oea cye Beaa (Weizmann) pae.

Cyx o o ca pacpocpac ayo cooece pecce. B eee yx e cepeoe pac opee o aypoao. ap eo oe ca, o a oeo cepeoo pacope coo NSA, xo ax oax oeape e o. aee opooc o pyo cop pee [936].

npoea cxea uemuuauu Feige-Fiat-Shamir epe ae x apx e app pae cya oy, n, oop ec poe ee yx ox pocx ce. B peao a n oa e ee 512 o ye a oo e 1024 a. n oe o py opoepo. (cooae ce a (Blum) o e ce, o e ec oae eoacoc.) eepa opoo apoo e e oepe app pae co v, eec apa ocao mod n. py coa paec v a, o ypaee x2 v (mod n) eo pe ee, cyecoao v-1 mod n. o v ye op o e. ae cec aeee s, oopoo s s rt (v-1) (mod n). o ye ap e. coyec cey pooo e a.

(1) e pae cyaoe r, eee n. ae oa ce x =-r2 mod n ocae x Bopy.

(2) Bop ocae e cya b.

(3) Ec b = 0, o e ocae Bopy r. Ec b = 1, o e ocae Bopy y = r*s mod n.

(4) Ec b = 0, Bop poepe, o x = -r2 mod n, yeac, o e ae aee s rt(x). Ec b = 1, Bop poepe, o x = y2*v mod n, yeac, o e ae aee s rt(v-1).

o o a poooa, aae apeae. e Bop oop o pooo t pa, oa Bop e yec, o e ae s. o pooo "papea pa". Ec e e ae s, oa oe oopa r a, o oa coe oay Bopa, ec o oe e 0, oa oe oopa r a, o oa coe oay Bopa, ec o oe e 1. Oa e oe cea oopeeo o, pyoe. Bepo oc, o e yacc oay Bopa o pa, paa 50 poea. Bepooc, o e yacc oay eo t pa, paa 1/2t.

Bop oe opooa cp pooo, aa ce a e. O oe aa oee poo oa c c py opoepo, Baepe. Ha ae (1) eco opa cyaoo r ey ocaec poco co oa aee r, oopoe e cooao po pa. Oao, epooc oo, o Baep a ae (2) epe o e aee b, oopoe Bop cooa poooe c e, paa 1/2. Ceoaeo, epo oc, o o oae Baep, paa 50 poea. Bepooc, o ey yacc oay ee t pa, paa 1/2t.

o o pooo paoa, e oa e oa cooa r oopo. B poo cyae, ec Bop a ae (2) oe e pyo cya , o o oy oa oea e. Toa ae o ooy x o coe c s, e ce aoc.

Cxea uemuuauu Feige-Fiat-Shamir B cox paoax [544, 545], ee, a ap oaa, a apaea cxea oe oc co apea a a ye aoec e Bopa.

Caaa, a peye pepe, eeppyec n, poeee yx ox pocx ce. e epa opoo apoo e e caaa paec k pax ce: v1, v2,... vk, e aoe vi ec apa ocao mod n. coa, vi pac a, o x2 vi (mod n) eo pe ee, cyecoao vi-1 mod n. Cpoa, v1, v2,... vk, cy op o. ae cc a ee si, oopx si s rt (vi-1) (mod n). Cpoa s1, s2,... sk, cy ap o.

Boec cey pooo:

(1) e pae cyaoe r, eee n. ae oa ce x =-r2 mod n ocae x Bopy.

(2) Bop ocae e cpoy k cyax o: b1, b2,... bk.

1 (3) e ce y = r *( )mod n. (Oa epeoae ece ae si, cooecye s1b *s2b **sk bk bi=1. Ec ep o Bopa ye 1, o s1 oe poeee, a ec ep o ye 0, o e, ..) Oa ocae y Bopy.

(4) Bop poepe, o x = y2*( ) mod n. (O epeoae ece ae vi, ocoac v1b * v2 b2 **vk bk a cyao oo cpoe. Ec eo ep o ec 1, o v1 oe poeee, a ec ep o ye 0, o e, ..) e Bop oop o pooo t pa, oa Bop e yec, o e ae s1, s2,... sk.

Bepooc, o e yacc oay Bop t pa, paa 1/2kt. Aop peoey cooa ep o oc oeeca 1/220 peaa ae k = 5 t = 4. Ec y ac cooc a peceo a , yee ae.

puep Be a paoy oo poooa eox cax. Ec n = 35 (a pocx ca - 5 7), o oo apa ocaa c :

1: x2 1 (mod 35) ee pee: x = 1, 6, 29, 34.

4: x2 4 (mod 35) ee pee: x = 2, 12, 23, 33.

9: x2 9 (mod 35) ee pee: x = 3, 17, 18, 32.

11: x2 11 (mod 35) ee pee: x = 9, 16, 19, 26.

14: x2 14 (mod 35) ee pee: x = 7, 28.

15: x2 15 (mod 35) ee pee: x = 15, 20.

16: x2 16 (mod 35) ee pee: x = 4, 11, 24, 31.

21: x2 21 (mod 35) ee pee: x = 14, 21.

25: x2 25 (mod 35) ee pee: x = 5, 30.

29: x2 29 (mod 35) ee pee: x = 8, 13, 22, 27.

30: x2 30 (mod 35) ee pee: x = 10, 25.

Opa ae (mod 35) x apa op c :

vv-1 s=s rt(v-1) 11 16 16 11 29 29 Opae ae, o y ce 14, 15, 21, 25 30 e opax ae mod 35, a a o e ao poc c 35. o ee cc, a a oo (5 - 1) * (7 - 1)/4 apax ocao mod 35, ao pocx c 35: HO(x, 35) = 1 (c. pae 11.3).

a, e oyae op , coco k = 4 ae: {4,11,16,29}. Cooecy ap o ec {3,4,9,8}. Bo o a poooa.

(1) e pae cyaoe r=16, ce 162 mod 35 = 11 ocae eo Bopy.

(2) Bop ocae e cpoy cyax o: {1, 1, 0, 1} (3) e ce 16*(31*41*90*81) mod 35 = 31 ocae eo Bopy.

(4) Bop poepe, o 312*(41*111*160*291) mod 35 =11.

e Bop oop o pooo t pa, a pa c o cya r, oa Bop ye ye e.

Heoe ca, ooe cooa pepe, e oecea peao eoacoc. Ho oa a n paa 512 oee a, Bop e coe ya o apo e e eo poe oo aa, o e eceo ae eo.

yeu B pooo oo cpo eaoe ae. yc I - o oa cpoa, pecaa eaop e: , apec, oep coaoo cpaxoa, paep oooo yopa, cop po xaeoo aa pya a opa. coye ooapaey x-y H(x) ce H(I,j), e j - eooe co, oaeoe I. Hae aop j, oopx H(I,j) - o apa ocao o oy n. ae H(I,j) caoc v1, v2,... vk (j e oa apa oca a). Teep op o e cy I epee j. e ocae I epee j Bopy epe a o (1) poooa ( Bop apyae ae c ao-o opo oc oe ), Bop ee ppye v1, v2,... vk H(I,j).

Teep, oce oo, a Bop yceo aep pooo c e, o ye yee, o Tpe, oopoy eco paoee oy a oe, ceppoa c ey I e, a e apae op vi, oyee I. (C. pae 5.2.) ee, a ap oa ceye aea [544, 545]:

eeax x-y oo ocoeoa paopoa I, oa ey y cyay cpoy R.

a cpoa paec appo opaec Bopy ece c I.

B x peaax k oo o 1 o 18. oe ae k oy ye pe pyoc c, yea oeco ao.

a n oa e ee 512 o. (oeo, c ex op paoee a oe aeo poyoc.) Ec a ooae epe coe coceoe n oyye eo ae opx e, o oo ooc e appa. Oao ao RSA-oo apa eae cxey aeo eee yoo.

Cxea nonucu Fiat-Shamir pepaee o cxe ea cxey oc - o, o cy, opoc pepae Bopa x-y. a peyeco cxe poo oc Fiat-Shamir o cpae c RSA ec ee copoc: Fiat-Shamir yo ceo o 1 o 4 poeo oyx yoe, coyex RSA. B o poooe coa epec Ace oy.

Cc epeex - ao e, a cxee ea. Bpaec n - poeee yx ox pocx ce. eeppyec op , v1, v2,... vk, ap , s1, s2,... sk, e si s rt (vi-1) (mod n).

(1) Aca pae t cyax ex ce aaoe o 1 o n - r1, r2,..., rt - ce x1, x2,... xt, ae o xi = ri2 mod n.

(2) Aca xpye oeee cooe cpo xi, coaa o oo: H(m, x1, x2,... xt). Oa c oye epe k*t o o cpo aece ae bij, e i poeae o1 o t, a j o 1 o k.

i1 i2 ik (3) Aca ce y1, y2,... yt,, e yi = ri *( ) mod n s1b * s2b **skb ( aoo i oa epeoae ece ae si, acoc o cyax ae bij. Ec bij=1, o si yacye cex, ec bij=0, o e.) (4) Aca ocae oy m, ce bij, ce ae yi. oa ye ec op Ac : v1, v2,...

vk.

i 1 i (5) o ce z1, z2,... zt, e zi = y2*( ) mod n v1b *v2b **vk bik ( coa o oe yoee acoc o ae bij.) Tae opae ae, o zi oo pao xi.

(6) o poepe, o epe k*t o H(m, z1, z2,... zt) - o ae bij, oope pcaa ey Aca.

a cxee ea eoacoc cxe oc poopoaa l/2kt. Oa ae ac o cooc paoe n a oe. a ap oaa, o oea oc oeaec, ec cooc paoe n a oe aeo ee 2kt. poe oo, -a cp eoo poe (c. pae 18.1), o peoey oc k*t o 20 o pae epe o 72, peaa k = 9 t = 8.

yea cxea nonucu Fiat-Shamir C Ma (Silvia Micali) A ap yy pooo Fiat-Shamir [1088]. O pa v1, v2,... vk a, o o ep k poc ca. To ec v1= 1, v2= 3, v3= 5, ..

o op . ap o, s1, s2,... sk, cya cyae apae op, opeeee a si = s rt (vi-1) (mod n) B o epc y aoo yaca oe co n. Taa oa oeae poepy oce, e a pe eepa oce x eoacoc.

pyue yyeu Ha ocoe aopa Fiat-Shamir cyecye N-copo cxea ea [264]. a pyx yy e cxe Fiat-Shamir [1218]. Ee o apa - [1368].

Cxea uemuuauu Ohta-Okamoto o pooo ec apao cxe ea Feige-Fiat-Shamir, eo eoacoc ocoaa a pyoc paoe a oe [1198, 1199]. e aop papaoa cxey c eco oc (c. pae 23.1), c oo oopo pae oy oceoaeo oca [1200]. a cxea a peoea peaa a eeyax apoax [850].

amem Fiat-Shamir aaeoa [1427]. p ea oy e a aop cec c Yeda Research and Development, The Weizmann Institute of Science, Rehovot 76100, Israel.

21.2 GUILLOU-QUISQUATER Feige-Fiat-Shamir ep paec poooo ea. O poa ce, yea co epa apea a epa. pa peaa, apep, eeya x apoe, o e co oxo. Oe c e po pey pee, a xpaee ax ao apea oe cpo cepa opaee oooc apo.

y y (Louis Guillou) a-a cap (Jean-Jac ues Quis uater) papaoa aop ea c ye ae, oop oe oxo oox poe [670, 1280]. Oe ey e Bopo, a ae apaee apea ao oee cee acooy yy : aoo oaaeca cyecye oo o oe, oopo - oo oa apea. oce oo e ypo eoacoc p cooa cxe Guillou-Quis uater opeyec o p paa oe ce, e p Feige-Fiat-Shamir. , a Feige-Fiat-Shamir, o aop ea o o pepa aop poo oc.

Cxea uemuuauu Guillou-Quisquater e - o eeyaa apoa, oopa copaec oaa co ooc Bopy. e a e pooc o py apyo, pecax coo cpoy ax coepax aae a p o, epo ec, oep aocoo cea pye, oepaee ee peoc, ae. a oa cpoa aaec J. (B peaoc cpoa apyo oe oe o, aece J coy ec ee x-aee. o ycoee a e e a pooo.) a cpoa aaoa opoy y.

pyo opo opae, oe cex "e", oope oy cooa o poee, ec oaae cee v oy n, e n - o poeee yx xpaxc cepee pocx ce. ap o cy B, paccaeoe a, o JBv 1 (mod n).

e ocae Bopy co apy J. Teep oa xoe oaa Bopy, o o eo ee apy.

oo oa oa ye Bopa, o e eco B. Bo o pooo:

(1) e pae cyaoe eoe r, axoeec aaoe o 1 o n-1. Oa ce T = rv mod n o pae eo Bopy.

(2) Bop pae cyaoe eoe d, axoeec aaoe o 0 o v-1. O ocae d e.

(3) e ce D = rBd mod n ocae eo Bopy.

(4) Bop ce T' = DvJd mod n. Ec T T' (mod n), o ooc e oaaa.

Maeaa e co coa:

T' = DvJd = (rBd)vJd = rvBdvJd = rv(BvJ)d = rv = r' T (mod n), a a JBv 1 (mod n) Cxea nonucu Guillou-Quisquater y cxey ea oo pepa cxey oc, ae poy peaa ee yax apoax [671, 672]. Op ap e ec. Bo a pooo:

(1) Aca pae cyaoe eoe r, axoeec aaoe o 1 o n-1. Oa ce T = rv mod n.

(2) Aca ce d = H(M,T), e M - ocaeoe cooee, a H(x) - ooapaea x-y.

aee d, oyeoe c oo x-y, oo aaoe o 0 o v-1 [1280]. Ec xo x-y xo a o aao, o oe pee o oy v.

(3) Aca ce D = rBd mod n. oc coco cooe M, yx cex ae, d and D, ee apyo J. Oa ocae oc oy.

(4) o ce T' = DvJd mod n. ae o ce d' = H(M,T'). Ec d d', o Aca ae B, ee o c ecea.

Hecoo nonuce o ec ecoo eoe axo oca o o e oye ? poe ceo, o o oca eo opo, o paccapaea cxea oc eae o ye. yc Aca o oca oye, a po poepe oc, o poecc oca oe oeeo poooe oeco e. a pae, Aca o oaa ya ae J B: (JA,BA) (JB,BB). ae n v c o ce cce.

(1) Aca pae cyaoe eoe rA, axoeec aaoe o 1 o n-1. Oa ce TA = rAv mod n ocae TA oy.

(2) o pae cyaoe eoe rB, axoeec aaoe o 1 o n-1. O ce TB = rBv mod n o cae TB Ace.

(3) Aca o, a ce T = (TA*TB) mod n.

(4) Aca o, a ce d = H(M,T), e M - ocaeoe cooee, a H(x) - ooapae a x-y. aee d, oyeoe c oo x-y, oo aaoe o 0 o v- [1280]. Ec xo x-y xo a o aao, o oe pee o oy v.

(5) Aca ce DA = rABAd mod n ocae DA oy.

(6) o ce DB = rBBBd mod n ocae DB Ace.

(7) Aca o, a ce D = DA DB mod n. oc coco cooe M, yx cex ae, d and D, apyo oox ocax: JA JB.

(8) po ce J = JA JB mod n.

(9) po ce T' = DvJd mod n. ae oa ce d' = H(M,T'). Ec d d', o oecea o c ecea.

o pooo oe pacpe a oe oeco e. oo ocae cooee o epeo co ae Ti a ae (3), co ae Di a ae (7). o poep oecey oc, yo a ae (8) epeo ae Ji ocax (8). o ce oc pa, o cyecye o pae epe oa epaa oc.

21.3 SCHNORR eoacoc cxe poep ooc oc ayca oppa [1396,1397] opaec a pyoc ce cpex oapo. eepa ap e caaa pac a pocx ca, p q a, o q o cooee p-1. ae paec a, e paoe 1, aoe o aq 1 (mod p). Bce ca oy cooo oyoa cooac pyo ooaee.

eepa opeo ap e paec cyaoe co, eee q. Oo cy ap o, s. ae cec op v = a-s mod p.

pomoo npoepu nouocmu (1) e pae cyaoe co r, eee q, ce x = ar mod p. ce c pe ape oy oe aoo o oe Bopa.

(2) e ocae x Bopy.

(3) Bop ocae e cyaoe co e, aaoa o 0 o 2t-1. (o aoe t, oc y oe.) (4) e ce y = (r se) mod q ocae y to Bopy.

(5) Bop poepe, o x = ayve mod p.

eoacoc aopa ac o apaepa t. Cooc cp aopa pepo paa 2t. opp coeye cooa p ooo 512 o, q - ooo 140 o t - 72.

pomoo upoo nonucu Aop Schnorr ae oo cooa aece poooa poo oc cooe M. apa e coyec a e caa, o oaec ooapaea x-y H(M).

(1) Aca pae cyaoe co r, eee q, ce x = ar mod p. o ca peapex ce.

(2) Aca oee M x xpye peya:

e = H(M,x) (3) Aca ce y = (r se) mod q. oc c ae e y, oa ocae x oy.

(4) o ce x' = ayve mod p. ae o poepe, o x-aee oee M x' pao e.

e = H(M,x') Ec o a, o o cae oc epo.

B coe paoe opp po ceye oe coca coeo aopa :

oa ac ce, yx eepa oc eacx o ocaeoo cooe, oe oea a ca peapex ce. Ceoaeo, ce oy oe o pe p o co e a copoc oca. Bcpe, apaeoe po ca peapex ce, paccap aec [475], e ya, o oo ee paecy eoc.

p oaoo ypoe eoacoc a oce Schnorr opoe, e RSA. Hapep, p 140-oo q a oce paa ceo 212 a, ee oo oce RSA. oc Schnorr ae aoo opo e oce EIGamal.

oeo, paecx coopae oeco o, coyex o cxee, oe ye eo: apep, cxe ea, oopo oe oe o aoooe cpe ceo a ecoo cey (cpae co cxeo oc, oa oe oe oa ec pace, o o oo).

Moa, oea p peo (Ernie Brickell) eo Maep (Kevin McCurley), o ca eoacoc oo aopa [265].

amem Schnorr aaeoa Coeex aax [1398] ox pyx cpaax. B 1993 oy PKP popeo oe poe paa a o ae(c. pae 25.5). Cpo ec aea CA ceae 19 epa oa.

21.4 peopaoae cxe ea cxe oc Bo caap eo peopaoa cxe ea cxey oc : Bop aeec ooa paeo x-ye. epe ocae cooee e xpyec, eco oo xpoae cpa a ec aop oc. B pe, ay ay oo poea c o cxeo ea.

aa 22 Aop oea a 22.1 DIFFIE-HELLMAN Diffie-Hellman, ep cop aop c op o, opee 1976 oy [496]. Eo eo acoc opaec a pyoc ce cpex oapo oeo oe ( cpae c e o c oee cee o e cao oe. Diffie-Hellman oe cooa pacpeee e - Aca o oy ocooac aopo eepa cepeoo a - o eo e cooa poa eppoa cooe.

Maeaa ecoa. Caaa Aca o ece pa oe poce ca n g a, o g o po mod n. a ex ca xpa cepee eoaeo, Aca o oy ooop c o cooa o ecepeoy aay. ca ae oy coeco cooac pyo o oaee. e pa. ae oec cey pooo :

(1) Aca pae cyaoe ooe eoe co x ocae oy X = gx mod n (2) o pae cyaoe ooe eoe co y ocae Ace Y = gy mod n (3) Aca ce k = Yx mod n (4) o ce k' = Xy mod n k, k' pa gxy mod n. Ho ocyax o aa e coe c o aee, eco oo n, g, X Y. oa o e coy c cpe oap pacp x y, o e co y pe poey. ooy, k - o cepe , oop Aca o c eaco.

Bop g n oe aeo a eoacoc cce. co (n-1)/2 ae oo poc [1253]. , caoe aoe, n oo o: eoacoc cce ocoaa a cooc paoe a oe ce oo e paepa, o n. Moo pa oe g, oopoe ec po mod n;

e p, o oop e o pa aeee oooe g - oo oopapoe co. ( oy e, a cao ee, g e oo ae po, oo oo oo eeppoa ocaoo oy opyy yao py mod n.) Diffie-Hellman c mpe u oee yacmuau * pooo oea a Diffie-Hellman eo oo pacp a cya c pe oee yaca. B poo pepe Aca, o po ece eeppy cepe .

(1) Aca pae cyaoe ooe eoe co x ce X = gx mod n (2) o pae cyaoe ooe eoe co y ocae po Y = gy mod n (3) po pae cyaoe ooe eoe co z ocae Ace Z = gz mod n (4) Aca ocae oy Z'=Zx mod n (5) o ocae po * X'=Xy mod n (6) po ocae Ace Y'=Yzmod n (7) Aca ce k = Y'x mod n (8) o ce k = Z'y mod n (9) po ce k = X'z mod n Cepe k pae gxyz mod n, o ocyax aa c e coe c o aee. pooo oo eo pacp eepx oee yaco, poco oac yac a ce.

Pacupe Diffie-Hellman Diffie-Hellman ae paoae oyax oax [1253]. . y (Z. Shmuley) e Maep (Kevin McCurley) y apa aopa, oopo oy ec coca co [1441, 1038]. B.C.

Mep (V. S. Miller) H o (Neal Koblitz) pacp o aop, coy ece pe [1095, 867]. Taxep aa (Taher ElGamal) cooa ocoooaay e papao a o pa poa poo oc (c. pae 19.6).

o aop ae paoae oe aya GF(2k) [1442, 1038]. B pe peaa coyec eo o oxo [884, 1631, 1632], a a ce oc aoo cpee. Ho poaaece ce oc aoo cpee, ooy ao aeo pa oe, ocaoo ooe, o oece yy eoacoc.

Hughes o apa aopa Diffie-Hellman ooe Ace eeppoa oca eo oy [745].

(1) Aca pae cyaoe ooe eoe co x eeppye k = gx mod n (2) o pae cyaoe ooe eoe co y ocae Ace Y = gy mod n (3) Aca ocae oy X = Yx mod n (4) o ce z = y- k' = Xz mod n Ec ce oeo pao, k = k'.

peyeco oo poooa a Diffie-Hellman coco o, o k oo c apaee, o a oec, Aca oe poa cooe c oo k aoo o ycaoe coee c oo.

Oa oe oca cooee cpay oecy e, a epea oee aoy o oeoc.

Oe o e oea o Ec y ac cooeco ooaee, a oe oyoa op , X = gx mod n, oe ae ax. Ec Aca axoe ycao c c oo, e oaoc oo oy op oa eeppoa x o cepe . Oa oe apoa cooee o oca eo oy. o ee op Ac c o cepe .

aa apa ooaee oe cooa ya cepe , e peyec ax pea pex oeo a ey ooae. Ope o po cepa, o peopa oeece cp, o peypo ec, o o cyae o oe ya e amem Aop oea a Diffie-Hellman aaeoa Coeex aax [718] aae [719]. py a, aaac Public Key Partners (PKP, apep o op a), oya ece c py a ea oac popa c op a oya e a o ae (c. pae 25.5).

Cpo ec aea CA ceae 29 ape 1997 oa.

22.2 pooo "oa-oa" Oe a Diffie-Hellman ycee cp "eoe cepee". O cocoo peo pa o, ec eoxooc Ac oa oca cooe, oope o oca py pyy [500].

o pooo peoaae, o y Ac ec ceppoa op oa, a y oa ec ce p poa op Ac. cepa oca eoop acya oep opao ac, eocpeceo e yacy poooe. Bo a Aca o eeppy cepe k.

(1) Aca eeppye cyaoe co x ocae eo oy.

(2) o eeppye cyaoe co y. coy pooo Diffie-Hellman, o ce o k a a e x y. O ocae x y pye oc o k. ae o ocae oyeec ece c y Ace.

y,Ek(SB(x,y)) (3) Aca ae ce k. Oa pacpoae ocayc ac cooe oa poepe eo o c. ae oa ocae oy ocaoe cooee, cocoee x y, apoax o o k.

Ek(SA(x,y)) (4) o pacpoae cooee poepe oc Ac.

22.3 Tpexpoxo pooo apa o opee A apo o oa e oyoa pooo ooe Ace oy eo aco oeac opae, e coy peapeoo oea cepe, op a [1008]. O peoaae cooae oyaoo cepoo pa, oopoo:

EA(EB(P)) = EB(EA(P)) Cepe Ac - A, a oa - B. Aca xoe oca cooee M oy. Bo o pooo.

(1) Aca pye M co o ocae eo oy C1 = EA(M) (2) o pye C1 co o ocae Ace C2 = EB(EA(M)) (3) Aca pacpoae C2 co o ocae oy C3 = DA(EB(EA(M))) = DA(EA(EB(M))) = EB(M) (4) o pacpoae C3 co o, oya M.

oya oaa coepeo eoacoc oopaoe oo, o c poooo o paoa e yy. p cooa oopaooo ooa p poeca yy e cey opao be:

C1 = M A C2 = M A B C3 = M B Ea, aca p cooe, oop oeac Aca o, poco o XOR cex x poeco occao cooee :

C1 C2 C3 =(M A) (M A B) (M B) = M Oeo, o ao coco paoa e ye.

ap ( eaco Oypa (Jim Omura)) oca oxo a RSA aop poa, oop ye paoa c poooo. yc p ye o o poc co, pe oe p- ec o poc. Bepe poa e, ao poco c p-1. Bc d, oopoo oec de = 1 (mod p - 1). poa cooe ce C = Me mod p eppoa cooe ce M = Cd mod p o oy, y E e cocoa oy M, e pe poey cpeoo oapa, o o oa e o oaao.

a Diffie-Hellman, o pooo ooe Ace aa cepe oe opae c oo, e a ooo eo e. p cooa aopa c op o Aca oa a op oa. pe pexpoxo aop apa, oa poco ocae oy poec cooe. To e ece c oo aopa c op o cey opao :

(1) Aca apaae y oa ( y KDC) eo op .

(2) o ( KDC) ocae Ace co op .

(3) Aca pye M op o oa ocae eo oy.

Tpexpoxo aop apa e oe yco epe cpe "eoe cepee".

22.4 COMSET COMSET (COMmunications SETup, ycaoee c) o pooo oopeeo ea o ea o, papaoa poea RIPE [1305] (c. pae 25.7). C oo popa c op a o ooe Ace oy epoa py pya, p o oeac cepe o.

Maeaeco ocoo COMSET cy cxea Rabin [1283] (c. pae 19.5). Caa cxea epe a peoea [224]. C. opooc [1305].

22.5 Oe apoa a pooo oea apoa a (Encrypted Key Exchange, EKE) papaoa Co e oo (Steve Bellovin) Mao Meppo (Michael Merritt) [109]. O oeceae eoacoc po epy ooc oepx cex, o ooy coy cepy popa, pop a c op a: o cepe coyec poa eeppoaoo cya opao opoo a.

ao npomoo EKE Aca o (a ooae, e cepep, o yoo) e o apo P. coy ce y pooo, o oy poep ooc py pya eeppoa o ceaco K.

(1) Aca Cya opao eeppye apy "op /ap ". Oa pye op K' c oo cepoo aopa, coy P aece a: EP(K'). Oa ocae oy A, EP(K') (2) o ae P. O pacpoae cooee, oya K'. ae o eeppye cya ceaco K pye eo op o, oop o oy o Ac, a ae coy P aece a. O ocae Ace EP(EK'(K) (3) Aca pacpoae cooee, oya K. Oa eeppye cyay cpoy RA, pye ee c oo K ocae oy EK(RA) (4) o pacpoae cooee, oya RA. O eeppye pyy cyay cpoy, RB, pye oe cpo o K ocae Ace peya.

EK(RA,RB) (5) Aca pacpoae cooee, oya RA RB. Ec cpoa RA, oyea o oa, - o a caa cpoa, oopy oa ocaa oy a ae (3), oa, coy K, pye RB ocae ee oy.

EK(RB) (6) o pacpoae cooee, oya RB. Ec cpoa RB, oyea o Ac, - o a caa cpoa, oopy o oca e a ae (4), aepe. Teep oe copo oy oeac opae, c oy K aece ceacooo a.

Ha ae (3) Aca, o a K' K. K - o ceaco , o oe cooa po a cex pyx cooe, oop oeac Aca o. Ea, c ey Aco oo, ae oo EP(K'), EP(EK'(K) ecoo cooe, apoax K. B pyx poooax Ea oa opo oa yaa P ( ce pe pa oxe apo, ec Ea ocaoo ya, oa oe o apo) ae poep co peooe. B paccapaeo poooe Ea e oe poep co peooe, e cp p o aop c op o. , ec K' K pac cya opao, o a poea ye epeooo.

Oea ac poooa, a (3) - (6), oeceae oepee. a (3) - (5) oaa Ace, o o ae K, a (4) - (6) oaa oy, o Aca ae K. Oe ea pee, coye poooe Kerberos, peae y e aay.

EKE oe peaoa c oeco aopo c op a : RSA, ElGamal, Diffie Hellman. poe c eoacoc oa p peaa EKE c aopo paa (ae e yea poe eoacoc, pcyx ca aopa paa ): opaoe pacpeeee poeca coo e co a e peyeca EKE.

Peauau EKE c noo RSA Aop RSA aec ea aoo cooa, o ec p ox poe. Aop peoe y poa a ae (1) oo oaae cee, oca oy. Ocee oo coea pye ooc, cae c cooae RSA, oo a [109].

Peauau EKE c noo ElGamal Peaa EKE a ae aopa ElGamal poca, oo ae ypoc ocoo pooo. coy ooae paea 19.6, g p cya ac opoo a, o cex ooaee. ap o ec cyaoe co r. Op - gr mod p. Ha ae (1) Aca ocae oy ceyee cooee Aca, gr mod p Opae ae, o o op e yo poa c oo P. B oe cyae o eep o, o o a aopa ElGamal algorithm. opooc [109].

o pae cyaoe co R ( aopa ElGamal, eaco o pyx cyax ce, pa e x EKE), cooee, oopoe o ocae A ce a ae (2), a EP(gR mod p, KgrR mod p) Cyecye opae a op epeex ElGamal pee paee 19.6.

Peauau EKE c noo Diffie-Hellman p cooa poooa Diffie-Hellman K eeppyec aoaec. Ooae pooo ee poe. ae g n opeec cex ooaee ce.

(1) Aca pae cyaoe co rA ocae oy A A, mod n gr p cooa Diffie-Hellman Ace e yo poa c oo P coe epoe cooee.

(2) o pae cyaoe co rB ce A K= mod n gr *rB O eeppye cyay cpoy RB, ae ce ocae Ace:

rB EP( mod n),EK(RB) g rB (3) Aca pacpoae epy ooy cooe oa, oya mod n. ae oa ce K g coye eo poa RB. Oa eeppye pyy cyay cpoy RA,, pye oe cpo o K ocae peya oy.

EK(RA,,RB) (4) o pacpoae cooee, oya RA, RB. Ec oyea o Ac cpoa RB coaae c o, oopy o oca e a ae (2), o pye RA o K ocae peya Ace.

EK(RA) (5) Aca pacpoae cooee, oya RA. Ec oyea o oa cpoa RA coaae c o, oo py oa ocaa oy a ae (3), pooo aepaec. Teep copo oy oeac cooe , coy K aece ceacooo a.

cueue EKE eo (Bellovin) Mepp (Merritt) peo yyee apoco-oeo ac aopa, oopoe ooe ea oooo cp p oapye poaao ca poo ae K.

Ha ao pooo EKE. Ha ae (3) Aca eeppye pyoe cyaoe co SA ocae oy EK(RA, SA) Ha ae (4), o eeppye pyoe cyaoe co SB ocae Ace EK(RA,,RB,SB) Teep Aca o oy c c ceaco , SA SB. o aee co yec cooe, oop oeac Aca o, K coyec aece a oea a.

ocop a ypo a, peocaee EKE. Boccaoeoe aee S e ae Ee ao opa o P, a a P oa e coyec poa eo-o aoo, o ee eocpeceo S. poaaecoe cpe K ae eooo, K coyec oo poa cyax ax, a S oa e pyec oeo.

Pacupe EKE pooo EKE cpaae o cepe eocao : o peye, o oe copo a P. B o ce cce aopa ocya xpac ae ooapaeo x-y apoe ooaee, a e ca apo (c. pae 3.2). pooo Pacpe EKE (Augmented EKE, A-EKE) coye apae EKE a ae Diffie-Hellman aee ooapaeo x-y apo ooae aece a cepxpoa. ae ooae ocae ooeoe cooee, ocoaoe a peao apoe, o cooee yocoepe aoo pa ceaco .

Bo a o paoae. a oo, Aca o xo poep ooc py pya eeppoa o . O pa ay-y cxey poo oc, oopo aece apoo a oe cooac oe co, a op oyaec apoo, a e eeppyec oeo.

pepaco oxo aop ElGamal DSA. apo Ac P (, oe , aoe-y pocoe x aee oo apo) ye cooac aece apoo a a P'.

(1) Aca pae cya oaae cee Ra opae rB EP'( mod n) g (2) o, oop ae oo P' e oe oy eo P, pae Rb ocae rB EP( mod n) g A (3) Aca o c o ceaco K= mod n. Haoe Aca oaae, o oa caa gr *rB ae P, a e oo P', oca EK(SP(K)) o, oop ae K P', oe pacpoa poep oc. Too Aca oa pca o co oee, a a oo oa ae P. Caoae, o o aa apoe oa, oe oac P, o o e coe oca ceaco .

Cxea A-EKE e paoae c apao EKE, coy ope , a a o poooe oa copoa pae ceaco aae eo pyo. o ooe oy, aoyey P', o cpe "eoe cepee".

pueeu EKE eo Mepp peaa cooa o pooo eoaco eeoo c [109]:

peoo, o paepya ce pyx eeox aapao. Ec o-y xoe ocooac a eeoo, o oaoc opeeea ea opa. Oepe pee... pey, o y oeo ec . Bo ox cyax o eeaeo. EKE ooe cooa opo, o c aa y p apo, oecea opao oee ceaco .

EKE o oee cooo c. Moeeco pecae coo oy poey cooo ee o , EKE oe oo ac o eo ( oece apoc oa) a ce poa eeoo, ecoex e ee PIN-oa. Ta a PIN-o e xpac eeoe, eo eooo e ypaeoo epa.

aa ca EKE coco o, o popa c op a cepa popa oec yca py pya :

B oe epcee EKE paoae a ycuume cepemocmu. To ec, eo oo cooa yce cpa eo cax cepx acepx cce, coyex ece. Paccop, apep, paep a, eoxo oecee eoacoc p cooa oea o - oaaee cee. a oaa aMaa (LaMacchia) Oo (Odlyzko) [934], ae oy c paepa, cac eoac, (a eo, 192 a) yc e cp, aaey ecoo y oepoo pee. Ho x cpe caoc eoo, ec eoxoo epe peee cp yaa apo.

C pyo copo, cooc cp oea a - oaae cee oe cooaa cpa o o yaa apo. Boooc cp yaae apo ac o copoc poep aoo peooe.

Ec oe ao poep eoxoo o oe a - oaae cee, o oee pe eo opacae.

EKE aaeoa [111].

22.6 aee epeoop o e a cxea ae aae epeoop o e o oxoo opa apoe cp "eoe cepee" [47, 983]. B e coyec x-y yx epeex, oaaa ocoe coco : oa aco po cooe o epo epeeo, paec oa - o opo.

H'(x,y) = H(H(k,x) mod 2m, x), e H(k,x) - oa y k x Bo a o pooo. Aca o coy o cepe apo P ye oec ce pe o K, coy oe o Dime-Hellman. O coy P poep, o x ceacoe oao ( o Ea e pepa cpe "eoe cepee" ), e oo Ee oy P.

(1) Aca ocae oy H'(P,K) (2) o ce H'(P,K) cpaae peya co aee, pca Aco. Ec o coaa, o ocae Ace H'(H(P,K)) (3) Aca ce H'(H(P,K)) cpaae peya co aee, oye o oa.

Ec Ea aec o cpe "eoe cepee", oa coye o , K1, o c A co, pyo, K2, o c oo. o oay oa a ae (2), e pec c o apo ae oca oy H'(P,K2). p cooa oo x-y oa oe epepa aco cpea ec apo, oa e yaae pa, ae yceo poy pooo. Ho p cooa peaaeo x-y, oe apo a oo o e aee p xpoa c o K1. oo y, oa oa axo coaee, o copee ceo o epa apo, o cyae oa oay e yacc.

22.7 Pacpeeee a oepe cepea pooeaea epeaa Aca xoe epea cooee M cpay eco oyae. Oao oa coce e xoe, o o yoo co poec eo. B eceoc, e yo, o oo oyae opeeeoo oo e ca o pao pacp M. cex ocax oa oyc eyxa.

Aca oe cooa aoo oyae o (cepe op). Oa py e cooee a-y cya o K. ae oa pye o K a e pax oyaee cooe. Haoe oa pooeaeo ocae apoaoe cooee, a ae ce a poae K. Cya epeay o o aec pacpoa ce K co cepe o, ac a pa, o, ec Aca e aa epec oyaee coeo cooe, o e coe , copooaeoe apoa o. Tae ye paoa paee paccopea popa c eco a.

pyo coco peaaec [352]. Caaa a oyaee ooapaec c Aco o oe x ox e, oop ee oo oooo poaoo cooe. Bce o ao poc. Oa pye cooee cya o K. ae oa ce oo eoe co R, oopoe o oy cepeoo a opyo K, ec o cepe peoaaec cooa pacpo cooe, opyo y poo c yae.

Hapep, ec Aca xoe, o cepe oy o, po e, o e p, oa pye cooee o K ae ce aoe R, o R K (mod KB) R K (mod KC) R 0 (mod KD) R K (mod KE) R 0 (mod KF) o poca aepaeca poea, oopa eo oe peea Aco. oa o cooee y e po oyae, o c aee oyeoo a o oy x cepeoo a. Te, o y peaaaoc o cooee, peyae ce oya y . B poo cyae p e yao ye 0.

Ee o, pe, y, coy opooy cxey (c. pae 3.7), peaaec [141]. a py x cocoax a oea oyae oyae cepe . o ec e ee e coao opooo cxee. Aca coxpae p cepex e ce, oc eoopy epecay e oc ccey. yc ceo cyecye k oox oyaee. Toa pooeaeo epea M Aca pye M o K eae ceyee.

(1) Aca pae cyaoe co j. o co pao aacpoa oeco oyaee cooe. Oo e oo co o ae oe pac y.

(2) Aca coae opooy cxey (k j 1, 2k j 1), oopo:

K - o cepe.

Cepee apecao cooe cya e.

Cepee ooaee, oopx e cpe oyaee cooe, e c e.

j ee pac cya opao, e coaa c o cepe o.

(3) Aca pooeaeo epeae k j cyao pax ee, oa oopx e coaae c e aa (2).

(4) a cyaee, px pooeaeoe cooee, oae co e oye k j e. Ec oaee coe e ooe ooae c cepe, o ey yaoc op . B poo cyae - e yaoc.

pyo oxo oo a [885, 886, 1194]. ee o - [1000].

Pacnpeeeue e oepeuu o pooo ooe pye n ooaee ooopc o cepeo e, coy oo e cepee aa. pya coye a ox ox pocx ca p q, a ae eepaop g o e , o q.

(1) ooae i, e i o 1 o n, pae cyaoe co ri, eee q, pooeaeo opae i zi = mod p gr (2) a ooae poepe, o ziq 1 (mod p) cex i o 1 o n.

(3) i- ooae pooeaeo epeae ri xi = (zi 1/zi-1) mod p (4) i- ooae ce nri K = (zi-1) *xin-1*xi 1n-2*... *xi-2 mod p Bce ce eco peeo poooe - i-1, i-2 i 1 - pooc mod n. o ooa poo oa y cex ecx ooaee oaec o o e K. A ce ocae eo e oya. Oao o pooo e oe yco epe cpe "eoe cepee". pyo pooo, e ao xopo, pe e [757].

Tateboyashi-Matsuzaki-Newman o pooo pacpeee e oxo cooa cex [1521]. Aca xoe c oo Tpea, KDC, eeppoa ceaca c c oo. Bce yaca ece op Tpea n. Tpey ec a pocx oe n, , ceoaeo, o oe eo c apae op o oy n. Cey pooo e coep eoopx eae, o ooe oy oee pecaee.

(1) Aca pae cyaoe co rA ocae Tpey rA3 mod n (2) Tpe cooae oy, o o-o xoe oec c o.

(3) o pae cyaoe co rB ocae Tpey rB3 mod n (4) Tpe, coy co ap , pacpoae rA rB. O ocae Ace rA rB (5) Aca ce (rA rB) rA = rB Oa coye rB eoacoo ceaca c c oo.

pooo xopoo, o coep ae . po oe ocya a(3) cooa y opa, ocooac oo oepoo Tpea coeo cooa a, o pacp [1472].

(1) po pae cyaoe co rC ocae Tpey rB3 rC3 mod n (2) Tpe cooae y, o o-o xoe oec c o.

(3) pae cyaoe co rD ocae Tpey rD3 mod n (4) Tpe, coy co ap , pacpoae rC rD. O ocae po (rB rC mod n) rD (5) ocae rD po.

(6) po coye rC rD oye rB. Oa coye rB pacpoa epeoopo Ac oa.

o oxo.

aa Ceae aop poooo 23.1 popa c eco op a o ooee RSA (c. pae 19.3) [217, 212]. Moy n ec poeee yx pocx ce p q. Oao eco e d, oopx ed 1 mod ((p-1)(q-1)), paec t e Ki, oopx oec K1* K2*... *Kt 1 mod ((p-1)(q-1)) Ta a K1*K2 *...*Kt M = M o a cxea oaaec cxeo c eco a, ocaa paee 3.5.

Ec, apep, coyec e, o cooee, apoaoe a K3 K5, oe pacpoao c oo K1, K2 K4.

K3 *K C = M mod n K1*K2 *K M = C mod n O pee o cxe ec ocae oyea eco . peca cya , oa oo, o oye ecee, o oe oca Aco, oo. co yc p a: K1, K2 K3. Aca o oya o ooy y epx yx, a pe oyoa ec.

(1) Caaa Aca ocae M ocae eo oy.

K M' = M mod n (2) o oe occao M o M'.

M = M 'K *K5 mod n (3) O oe ae oa co oc.

M'' = M 'K mod n (4) poep oc oo p oo opoo a K3.

M = M ' 'K mod n Opae ae, o paoococooc o cce ya acyaa oep copoa, o o pa ycaoa ccey aa Ace oy. Ta e poea cyecye cxee [484]. oee oa cxea ocaa [695, 830, 700], Ho yc, pepaee poep, poopoa o e cy ocax. Hoe cxe [220, 1200], ocoae a cxeax ea c ye ae, peooea eoca peecyx c ce.

23.2 Aop paee cepea B paee 3.7 paccapa e, coyey cxeax paee cepea. epe peex e pax aopa peca coo ace cya oeo eopeecoo oxoa [883].

Cxea umepnouox ooeo apaa coa opooo cxea A ap ocooac ypae ooeo oeo oe [1414]. Bepe pocoe co p, oopoe oe oeca oox ee oe caoo ooo oox cepeo. o cea cepe o, ceeppye poo ooe cee m-1. Hap ep, ec yo coa opooy cxey (3,n) ( occaoe M opeyec p e), eeppyec apa ooe (ax2 bx M) mod p e p - o cyaoe pocoe co, oee oo oeo. oe a b pac cya opao, o xpac ae opacac oce oo, a pacpeec e. M - o coo ee. pocoe co oo oyoao. Te oyac c oo ce ooea n pax oax:

ki =F(xi) py coa, epo e oe aee ooea p x = 1, opo e - aee o oea p x = 2, ..

Ta a apax ooeax p eecx oea, a, b M, coa pex ypae oo cooa e p e. Oo yx ee e xa, a epex ee ye oo.

Hapep, yc M pao 11. o coa opooy cxey (3, 5), oopo e poe eoe oy occao M, caaa oy apaoe ypaee (7 8 - cyao pae ca chosen ran domly):

F(x) = (7x 2 5x 11) mod e c:

k1 = F(1) = 7 8 11 0 (mod 13) k2 = F(2) = 28 16 11 3 (mod 13) k3 = F(3) = 63 24 11 7 (mod 13) k4 = F(4) = 112 32 11 12 (mod 13) k5 = F(5) = 175 40 11 5 (mod 13) o occao M o pe e, apep, k2, k3 k5, peaec ccea ex ypae :

a*22 b*2 M = 3 (mod 13) a*32 b*3 M = 7 (mod 13) a*52 b*5 M = 5 (mod 13) Peee yy a = 7, b = 8 M = 11. a, M oyeo.

y cxey paee oo eo peaoa ox ce. Ec xoe pa cooee a 30 pax ace a, o occao cooee oo o, oe e ec x, ae aoy 30 eoe ae ooea o cee.

F(x) = ax5 bx4 cx3 dx2 ex M (mod p) ec eoe oy ec eecx (a M), o ep e yacc ya eo o M.

Haoee ea oeo coecoo cooa cepea ec o, o, ec oe pa cya opao, eoe ae p oo ecoex cex ooce e coy ya eo, poe cooe (oopa a eca). o ae eoaco, a oopao oo, oa o cepa oc (o ec, epeop cex oox ecx ee ) o ae, o oe oooe cooee ocaec cepe. o cpaeo cex pecaex o e cxe paee cepea.

Bemopa cxea op (George Blakley) ope cxey, coyy oe oe pocpace [182]. Coo ee opeeec a oa m-epo pocpace. aa e - o ypaee (m-1)-epo epo coc, coepae y oy.

Hapep, ec occaoe cooe y p e, o oo ec oo pexepo p o cpace. aa e pecae coo y ococ. a oy e, oo yepa, o oa ax o c e-o a ococ. a e e - o oa axoc e-o a epecee yx ococe. a p e, oo oo opee, o oa axoc a epecee pex ococe.

Asmuth-Bloom B o cxee coyc poce ca [65]. (m, n)-opooo cxe paec ooe pocoe co p, oee M. ae pac ca, ee p - d1, d2,... dn, oopx:

1. ae di yopoe o opaca, di < di 2. aoe di ao poco c py di 3. d1*d2*...*dm > p*dn-m 2*dn-m 3*...*dn o pacpee e, caaa paec cyaoe co r cec M' = M rp Te, ki, c ki = M' mod di Oe e m ee, oo occao M, coy acy eopey o ocaax, o o eo oo c oo x m-1 ee. opooc pee [65].

Karnin-Greene-Hellman B o cxee coyec apoe yoee [818]. Bpaec n 1 m-epx eopo, V0, V1,... Vn, a, o pa o ap paepo m*m, opaoao x eopo, pae m. Beop U - o eop paepoc m 1.

M - o apoe poeee UV0. Te c poee UVi, e i eec o 1 o n.

e m ee oo cooa pee cce ex ypae paepoc m*m, e ec c oe U. UV0 oo c o U. coy e m-1 ee, pe cce y ypae , a opao, occao cepe eooo.

oee coe nopooe cxe B peyx pepax oaa oo pocee opooe cxe : cepe ec a n ee a, o , oe e m x, oo o pacp cepe. Ha ae x aopo oo coa aoo oee coe cxe. B ceyx pepax ye cooac aop apa, xo yy paoa ce ocae.

o coa cxey, oopo o yaco aee pyx, ey aec oe ee. Ec occaoe cepea yo ee, y oo-o ec p e, a y cex ocax - o oo, o eoe ece c y py oe occao cepe. e eo yac occaoe cepea op e yec eoe.

o ecoo ee oy oy a eoea oee. aoy eoey oe ao ooe co ee. Heaco o oo, coo ee o poao, occaoe cepea opeyec e m x. H o eoe, ea pya e coy occao cepe, oaa oo m-1 e.

pyx cxe peca ceap c y pae eea. Moo pacpee cepe a, o eo occaoe opeoaoc oe 7 yaco eea A poe 12 yaco eea B. Coaec ooe cee 3, oop ec poeee eoo apaoo pae.

aoy yacy eea A aec e, oopa ec aee eoo pae, a yac a eea B ac ae apaoo pae.

occaoe eoo pae ocao e e e yaco eea A, o ea co o oo, coo pyx ee ec y eea, ee yac e coy eo ya o cepee. Aao o eea B: ee yac oy co p e, occaaa apaoe paee, o pyy opa, eoxoy occaoe cepea eo, o oy e coy. Too epeo co pae, yac yx eea coy occao cepe.

B oe cyae, oe peaoaa a ca cxea paee cepea. opeyec oo aca ccey ypae, cooecyx opeo ccee. Bo ecoo pepacx cae a ey ooex cxe paee cepea [1462, 1463, 1464].

Paeeue cepema c oeuau o aop ee caapy opooy cxey (m, n) oapye oeo [1529]. oa y eo cooae a ae cxe apaa, o aop paoae c py cxea. Bpaec pocoe co p, oee n oee (s - 1)(m - 1)/e m e s - o ca oo oo cepe, a e - epooc ycexa oeeca. e oo cea a coo a, acoo o eoxoo, o poco yco ce. ocpoe e a pae, o eco cooa 1, 2, 3,..., n xi, epe cya opao ca aaoa o 1 o p-1.

Teep, ec Mop p occaoe cepea ae co ac oeo, eo e c coo epo oc oaec eooo. Heoo cepe, oeo e, oaec oea cepeo. Maea a o cxe peea [1529].

coae, xo oeeco Mop ye opo, ey yacc ya cepe (p yco, o ce ocae ye e pa ). O oo aae pyo pooo, oca [1529, 975]. Oco o ee ec cooae aopa k cepeo, a o o yaco apaee e a, ao x pa. a cepe, a cee acoeo, oe peyeo. ac oe co e, oya o cepe a py, oa o e oya aeee aee cepea. o cepe ye pa.

B o cxee oe eo c ee o oye oeoo cepea. Cyecye opeeee cooc, ec yac pe co e o oepe, opooc oo a epaype. B ce yx paoax ae paccapac oapyee peopaee oeeca opoox cxeax [355, 114, 270].

23.3 ocoae aa Ong-Schnorr-Shamir o ocoae aa (c. pae 4.2), papaoa ycayco Coco (Gustavus Simmons) [1458, 1459, 1460], coye cxey ea Ong-Schnorr-Shamir (c. pae 20.5). a opa o cxee opae (Aca) pae oeocy oy n ap k a, o n k ao poc ca. B o o opao cxe k coyec coeco Aco oo, o yaee ocoaeo aae. Op cec cey opao :

h = -k2 mod n Ec Ace yo opa ocoaeoe cooee M eoo cooe M', oa caaa po epe, o ap M' n, a ae M n c ao poc ca. Aca ce S1 = 1/2*((M'/M M)) mod n S2 = 1/2*((M'/M - M)) mod n apa ce S1 S2 pecae coo oc paoo cxee Ong-Schnortr-Shamir oopeeo ec ocee ocoaeoo cooe.

Tpe oep (oe aoo?) oe poep ooc cooe, a o po Ong Schnorr-Shamir, o o oe cea ee oe-o. O oe poep ooc cooe (Bcea o oo, o oep oaec ey ocyy oeoe cooee ). O poepe, o S12 - S22 M' (mod n) Ec ooc cooe oaaa, oyae oe e ocoaeoe cooee, coy ceyy opyy:

M=M'/(S1+ S2k-1) mod n o paoae, o e aae, o caa cxea Ong-Schnorr-Shamir a oaa.

ElGamal pyo peoe Coco ocoae aa [1459], oca [1407, 1473], ocoa a cxee oc ElGamal c. pae 19.6).

eepa a oec ae, a ocoo cxee oc ElGamal. Caaa paec pocoe co p a cyax ca, g r, ee p. ae cec K = gr mod p Op o cya K, g p. ap o ec r. oo Ac r eco oy, o co coyec e oo oc eooo cooe, o aece a opa e ocoaeoo cooe.

o oca ocoaeoe cooee M eoo cooe, M', M p o oapo ao poc, poe oo, ao poc o M p-1. Aca ce X = gM mod p peae ceyee ypaee Y (c oo pacpeoo aopa a ):

M' = rX+ MY mod (p-1) a aoo cxee ElGamal, oc ec apa ce: X Y. oep oe poep oc El Gamal. O yeaec, o KXXY gM' (mod p) o oe occao ocoaeoe cooee. Caaa o yeaec, o (gr)XXY gM' (mod p) Ec o a, o cae cooee o (e oea oepo). ae occaoe M o ce M = (Y-1 (M' - rX)) mod (p - 1) Hapep, yc p = 11, a g = 2. ap r paec pa 8. o oaae, o op o, oop oep oe cooa poep oc, ye gr mod p = 28 mod 11 = 3.

o opa ocoaeoe cooee M = 9, coy eooe cooee M' = 5, Aca poe pe, o 9 11, a ae 5 11 oapo ao poc. Oa ae yeaec, o ao poc 9 11-1=10. o a, ooy oa ce X = gM' (mod p) = 29 mod 11 = ae oa peae ceyee ypaee Y:

5 = 8 6 9 Y mod Y= 3, ooy oc cy apa ce 6 3 ( X Y). o yeaec, o (gr)XXY gM' (mod p) (28)663 25 (mod 11) o a (oe apeece ec caocoeo, ec e e epe ), ooy o oe pacp ocoaeoe cooee, c M = (Y-1 (M' - rX)) mod (p - 1)= 3-1(5 - 8*6) mod 10 = 7(7) mod 10 = 49 mod 10 = ESIGN ocoae aa oo oa ESIGN [1460] (c. pae 20.6). B ESIGN cepe ec apo ox pocx ce p q, a op o cy n = p2q. cooa ocoaeoo aaa ap o c p pocx ca p, q r, a op o - n, aoe o n = p2qr epeea r - o ooee ae, ye oy poe ocoaeoo cooe.

o oca ooe cooee, Aca caaa pae cyaoe co x, eee pqr, ce:

w, aeee eoe, oopoe oe pao (H(m) - xk mod n)/pq s = x ((w/kxk-1 mod p) pq H(m) - o x-aee cooe, a k - apaep eoacoc. oc ec aee s.

poep oc o ce sk mod n. poe oo, o ce a, aeee eoe, oopoe oe pao yoeoy cy o n, eeoy a 3. Ec H(m) ee paa sk mod n, ec sk mod n ee H(m) 2a, o oc caec pao.

opa ocoaeoo cooe M c oo eooo cooe M' Aca ce s, c oy M eco of H(m). o oaae, o cooee oo ee, e p2qr. ae oa pae cyaoe co u ce x' = M' ur ae o aee x' coyec aece "cyaoo ca" x p oc M'. Cooecyee a ee s ocaec aece oc.

oep oe poep, o s (opoe s) ec pao oc M' Too ae poep o oc cooe oe o. Ho, a a ey eco r, o oe c s = x' ypqr = M ur ypqr M (mod r) a peaa ocoaeoo aaa aoo ye yx peyx. B apaax Ong-Schnorr Shamir ElGamal y oa oe ap Ac. o coe e oo a ocoaee cooe Ac, o aa ce a Acy, oca oe oye. Aca eo c e co e oea, ycaaa ao ocoae aa, e pec oepc oy.

Cxea ESICN cpaae o o poe. ap o Ac cy aop pex pocx ce: p, q r. Cepe o oa ec oo r. O ae n = p2qr, o, o pacp p q, ey oaoc pao a oe o co. Ec poce ca ocaoo e, oy ye a e pyo a ce a Acy, a oepy oy-y ee.

DSA ocoae aa cyecye DSA (c. pae 20.1) [1468, 1469, 1473]. Ha cao ee x ae oe ecoo. poce ocoae aa ae op k. peoaaec, o o ye 160-ooe co. Oao, ec Aca pae opeoe k, o o, a ap Ac, coe pacp o k. Aca oca oy 160-ooe ocoaeoe cooee ao oc DSA, a ce ocae yy oo poep oc Ac. ooeoe ycoee: Ta a k oo cy a, Aca o o cooa o oopao oo poa ocoaeoe coo ee c oo oo ooa, eeppy k.

B DSA ec ocoaee aa, e peye epeaa oy ap Ac. O ae opayea op opex ae k, o e oy epeaa o 160 o opa. Ceya cxea, pecaea [1468, 1469], ooe Ace oy oeac ao oc o o ocoaeo opa.

(1) Aca o pa cyaoe pocoe co P (oaeec o apaepa p cxee oc). o cepe ocoaeoo aaa.

(2) Aca ocae eooe cooee M. Ec oa xoe opa oy ocoae 1, oa yeaec, o apaep r oc ec apa ocao o oy P. Ec oa xoe opa ey 0, oa poepe, o apaep r oc e ec apa ocao o oy P. Oa oaec oo, oca cooee c oo cyax ae k, oa oa e oy oc c y e coco r. Ta a ca, ec apa ocaa e ec , paoepo, o o e oo co coo.

(3) Aca ocae oy ocaoe cooee.

(4) o poepe oc, yeac ooc cooe. ae o poepe, ec r apa ocao o oy P occaaae ocoae .

epeaa a opao ecox o opayeae oop aoo r, oopoe ec e ec apa ocao o eco oy. opooc pee [1468, 1469].

a cxea oe eo pacpea epea ecox ocoaex o a oc. Ec Aca o pa a cyax ca P Q, o Aca oe oca a a, pa cyaoe k a, o r oc e oc apa ocao mod P, a ae oc e oc ap a ocao mod Q. Cyaoe aee k c epooc 25 poeo oo oy r c y coca.

Bo a Mop, eec peaaop DSA, oe coa aop, ea o 10 o apoo a Ac ao ee oc.

(1) Mop cpo co peaa DSA ae ycoo oy CC, o o e co poep, a oa paoae. O coae 14 ocoaex aao coe peaa DSA. To ec, o pae 14 cyax pocx ce coye pocxey, oopa pae aee k a, o r oc e oc apa ocao o oy aoo x 14 pocx ce, acoc o ocoaeoo cooe.

(2) Mop ae pocxe Ace, oy oca ea.

(3) Aca o opao ocae cooee, coy co ap 160-o x.

(4) Mpocxea cya opao pae 10-o o x: epe 10 o, ope 10 o, ..

Ta a cyecye 16 oox 10-ox oo, o oep oa paaec 4-o co.

o 4-o eaop 10 o a yy 14-o ocoae cooee.

(5) Mpocxea epepae cyae ae k, oa e yacc a o, oopoe oaae pa apa ocaa, y epea ocoaeoo. Bepooc cyaoo k oaa pao opo paa 1/16384. Ec pocxea oe poep 10000 ae k ceyy, y oe aee ye aeo ee, e a apy cey. ce e ac o cooe oy ce apaee, o oo, a Aca axoe oca cooee.

(6) Mpocxea o opao ocae cooee, coy paoe a ae (5) aee k.

(7) Aca ocae poy oc oy, oyoae ee ce, ee o-y eae.

(8) Mop pacpae r , a a o ae 14 pocx ce, pacpoae ocoaeoe cooee.

Cpaee ceo, o, ae ec Aca ae, o pocxo, oa eo e coe oaa. oa 14 po cx ce xpac cepee, Mop eoacoc.

umoeue nocoameoo aaa DSA ocoae aa opaec a o, o Aca oe pa k epea ocoaeo opa. o cea ocoae aa eoo, Ace e oo ooeo pa k.

Oao, op k oe apee cex pyx. Ec oy-o pyoy ye ooeo pa k, o o eoe oy oooc oea oc Ac. Ece peee Ac ec poeee eepa k ece c pyo copoo, oo, a, o Aca e oa opopoa o k, a o e o opee o k. Ha pyo copoe poooa y oa oa oooc poep, o Aca cooaa eo coeco coaoe k.

Bo o pooo [1470, 1472, 1473] (1) Aca pae k' ocae oy u = gk' mod p (2) o pae k" ocae eo Ace.

(3) Aca ce k = k'k" mod (p - 1). Oa coye k, o oca coe cooee M, coy DSA, ocae oy co oc: r s.

(4) o poepe, o ((u = gk' mod p) mod q) = r Ec o a, o o ae, o oc M cooaoc k. oce aa (4) o ae, o r e o eo ao ocoaeo opa. Ec o ec oepeo copoo, o oe poep, o oc Ac e ocoaeo opa. py pec oep eo ae, o e c o e oaa o a pee copoe, ocpoe pooo.

eo o, o o, ec axoe, oe cooa o pooo coa coceoo o coaeoo aaa. o oe ocoaey opa oy oce Ac, pa k" c opeee xapaepca. oa Coc op ay oooc, o aa ee "aao y y". opooc pao aaa yy, ea oy pexpoxo pooo eepa k, pac capac [1471, 1473].

pyue cxe ocoae aa oo opaoa o cxe oc [1458, 1460, 1406]. Ocae poo oa cpaa ocoaeoo aaa cxe Fiat-Shamir Feige-Fiat-Shamir ece c oo o yopee oo a [485].

23.4 Heopaee poe oc Aopo oo aopa eopaeo oc (c. pae 4.3) ec ay (David Chaum) [343,327]. Caaa oyoac ooe pocoe co p p ee g, oope yy co eco cooac pyo ocax. Ac ec ap x op gx mod p.

o oca cooee, Aca ce z = mx mod p. o ce, o e yo cea. poepa o c eoo coee.

(1) o pae a cyax ca, a b, ee p, opae Ace:

c = za(gx)b mod p (2) Aca ce t=x-1 mod (p-1), opae oy:

d = ct mod p (3) o poepe, o d magb (mod p) Ec o a, o cae oc co.

peca, o Aca o o o pooo, o eep cae, o Aca ocaa cooe e. o xoe ye o po, ooy o oaae e ac poooa. , oao, xoe ye po, o oye oca e-o py. O coae oey ac poooa. Caaa o eeppye cooee a ae (1). ae a ae (3) o eeppye d oy epeay o pyoo eoea a ae (2).

Haoe, o coae cooee aa (2). po ac oa a oao. Ee eooo ye paoc oc, oa oa e o pooo caocoeo.

oeo, ec oa cea -a ea oa a e, a o oe pooo, oa a yeea.

po yo ye oee ao o opy, a, a o ea o.

coy y cxey oc, oo coyc c poeo, o e a opooce. pee, e ocooac o cxeo, pocope epaypy.

pyo pooo ae e oo pooo oepe - Aca oe ye oa paoc coe oc - o pooo opa. Aca oe c oo epaoo poooa c ye a e ye oa, o ee oc epaa, ec o a [329].

a pey pooo pya ocax coye oeocyoe ooe pocoe co p p ee g. Ac ec ap x op gx mod p. o oca cooe e, Aca ce z = mx mod p. o poep oc:

(1) o pae a cyax ca, a b, ee p, opae Ace:

c = magb mod p (2) Aca pae cyaoe co q, eee p, a ae ce opae oy:

s1 = cgq mod p, s2 = (cgq)x mod p (3) o ocae Ace a b, o Aca oa yec, o o e oea a ae (1).

(4) Aca ocae oy q, o o o ocooac mx occao s1 s2. Ec s1 cgq mod p s2 (gx)b qza (mod p) o oc paa.

Aca oe ae oaac o oc z o cooee m. opooc pee [329]. oo ee pooo eopaex oce oo a [584, 344]. e Xap (Lein Harn) yao (Shoubao Yang) peo cxey pyox eopaex oce [700].

peopayee eompuaee nonucu Aop peopayex eopaex oce, oope oo poep, oe peopa o a oe eopaee oc, pee [213]. O ocoa a aope pox oce El Gamal.

a ElGamal, caaa pac a pocx ca, p q, a, o q o eee p-1. Teep yo coa co g, eee q. B aaoe o 2 o p-1 paec cyaoe co h cec g=h(p-1)/q mod p Ec g pao 1, paec pyoe cyaoe h. Ec e, coyec oyeoe aee g.

ap a cya a pax cyax ca, x z, ee q. Op a c p, q, g, y u, e y = gx mod p u=g mod p ce peopayeo eopaeo oc cooe m (oopoe eceoc ec x-aee cooe), caaa aaoe o 1 o q-1 paec cyaoe co t. ae cec T = gr mod p m' = Ttzm mod q.

Teep cec oa oc ElGamal m'. Bpaec cyaoe co R, eee p-1 ao pocoe c . ae cec r = gR mod p , c oo pacpeoo aopa a, cec s, oopoo m' rx Rs (mod q) oc cya oc ElGamal (r, s) T. Bo a Aca oepae co oc oy:

(1) o eeppye a cyax ca, a b, ce c = TTmagb mod p ocae peya Ace.

(2) Aca eeppye cyaoe co k ce h1 = cgk mod p h2 = h1z mod p, a ae ocae oa ca oy.

(3) o ocae Ace a b.

(4) Aca poepe, o c = TTmagb mod p. Oa ocae k oy.

(5) o poepe, o h1 = TTmagb k mod p, o h2 = yrarsaub k mod p.

Aca oe peopaoa ce co eopaee oc oe, oyoa z. Teep o o e poep ee oc e ee oo.

Cxe eopaex oce oo oe co cxea paee cepea, coa pacpeeee peopayee eopaee oc [1235]. o-y oe oca cooee, a ae pacpee oooc oepe paoc oc. O oe, apep, opeoa, o poooe ye e oa paoc oc yacoa poe oaaee oooc oepe p a oc. B [700, 1369] peoe yye, ooe oaac o eoxooc oepeoo a - pacpeee.

23.5 oc, oepaee oepe o Bo a Aca oe oca cooee, a o poep eo a, o po eoo oe oa oaa y paoc oc Ac (c. pae 4.4) [333].

Caaa oyoac ooe pocoe co p p ee g, oope yy coeco cooac pyo ooaee. Tae oyoaec n, poeee yx pocx ce. po ec ap z op h = gx mod p.

B o poooe Aca oe oca m a, o o o poep paoc ee oc, o e o ye o pe copoy.

(1) Aca pae cyaoe x ce a = gx mod p b = hx mod p Oa ce x-aee m, H(m), x-aee oee a b, H(a,b), a ae j = (H(m) H(a,b))1/3 mod n ocae a, b j oy.

(2) o pae a cyax ca, s t, ex p, ocae Ace c = gsht mod p (3) Aca pae cyaoe q, eee p, ocae oy d = gq mod p e = (cd)x mod p (4) o ocae Ace s t.

(5) Aca poepe, o gsht c (mod p) ae oa ocae oy q.

(6) o poepe d gq mod p e/aq asbt (mod p) (H(m) H(a,b)) = j1/3 mod n Ec ce oeca oc, o o cae oc co.

o e oe cooa ac oo oaaeca yee a coc oc, o oe o pooo c oepe o Ac, po. Bo a po yeae a o, o a b opay pay oc.

(1) pae cyae u v, ee p, ocae po k = guav mod p (2) po pae cyaoe w,, eee p, ocae y l = gw mod p y = (kl)z mod p (3) ocae po u v.

(4) po poepe, o guav k (mod p) ae oa ocae y w.

(5) poepe, o gw l (mod p) y/hw hubv (mod p) Ec ce oeca oc, o cae oc co.

B pyo poooe po oe peopaoa pooo oepeoo a oy poy oc.

opooc [333].

23.6 Bce c apoa a poea ucpemoo oapua Cyecye ooe pocoe co p eepaop g. Aca xoe opeoo x a aoe e, oo poo ge x (mod p) o pya poea, Ace e xaae cex ooce ce peyaa. oa ec ae oooc - o pecae paeco, o ce ep, ee ay y ey opaa. Bo a Aca oe oy oo oa, e pacp ey x [547, 4]:

(1) Aca pae cyaoe co r, eee p.

(2) Aca ce x' = xgr mod p (3) Aca poc oa pe ge' x' (mod p) (4) o ce e' ocae eo Ace.

(5) Aca occaaae e, c e = (e' - r) mod (p - 1) Aaoe pooo poe apax ocao px ope pee [3, 4].

(C. ae pae 4.8.) 23.7 pocae "eco" oe Ceye pooo oo Ace oy poca ecy oey ce epea ax (c. pae 4.9) [194]. o pep poca oe ooe (c. pae 4.10). Caaa oo o yae peya po ca cooae eo Ace. ae Aca oe poep, o o coo pa peya poca.

pocaue "ecmo" oem c noo apamx ope opooo poca eco oe :

(1) Aca pae a ox pocx ca, p q, ocae x poeee n oy.

(2) o pae cyaoe ooeoe eoe co r, eee n/2. o ce z = r2 mod n ocae z Ace.

(3) Aca ce epe apax op z (mod n). Oa oe cea o, a a oa ae pao e e n a oe. Haoe x +x, -x, y -y. Ooa a x' eee ceyx yx ce:

x mod n -x mod n Aaoo, ooa a y' eee ceyx yx ce:

y mod n -y mod n Opae ae, o r pao o x', o y'.

(4) Aca eae aec yaa, aoe ae pao r - x' y', ocae co oay oy.

(5) Ec oaa Ac paa, peyao poca oe ec "ope", a ec epaa "pea". o oe peya poca oe.

opooo poep:

(6) Aca ocae p q oy.

(7) o ce x' y' ocae x Ace.

(8) Aca ce r.

Ac e oooc ya r, ooy oa eceo yaae. Oa a ae (4) cooae oy oo o coe oa, e aa oy oy x', y'. Ec o oy oa x ca, o coe e r oce aa (4).

pocaue "ecmo" oem c noo oeeu cmene no oy F B o poooe aece ooapaeo y coyec oeee cee o oy p o coo ca p [1306]:

opooo poca eco oe :

(1) Aca pae pocoe co p a, o oe p-1 ec, cpe x o o pae epe oo ooe pocoe co.

(2) o pae a px eea, h t, GF(p). O ocae x Ace.

(3) Aca yeaec, o h t c p eea, ae pae cyaoe co x, ao pocoe c p-1. ae oa ce oo yx ae :

y = hx mod p, y = tx mod p Oa ocae y oy.

(4) o aec yaa, ca Aca y a y h a y t, ocae coe peoo ee Ace.

(5) Ec oaa oa paa, peyao poca oe ec "ope", poo cyae "pea". Aca oe peya poca oe.

opooo poep:

(6) Aca pacpae oy aee x. o ce hx mod p tx mod p, yeac, o Aca paa ec o poep peya poca. O ae poepe, o x p-1 - ao poce ca.

o Aca oa coea, oa oa a a ex ca, x x', oopx oec hxtx' mod p. oo, o ya ae, e yo c :

logth =x'x-1 mod p-1 logth =xx'-1 mod p-1.

o pye poe.

Aca coa cea o, ec oa aa logth, o o pae h t a ae (2). Ac e py oo cocoa poe, a oac c cpe oap. Aca oe ae oac coe a, pa x, oopoe e ec ao poc c p-1, o o oapy o a ae (6).

o oe coea, ec h t e c p eea oe in GF(p), o Aca co e eo poep o oce aa (2), a a e eco paoee p-1 a poce oe.

a o poooe ec o, o ec Aca o axo poc ecoo oe, o7 coy cooa o e e ae p, h t. Aca poco eeppye ooe x, pooo pooaec c aa (3).

pocaue "ecmo" oem c noo ex uce a B poooe poca oe oo cooa ee ca a.

(1) Aca eeppye eoe co a n, cyaoe x, ao pocoe c n, x0 = x2 mod n x1 = x02 mod n.

Oa ocae oy n x1.

(2) o yaae, e ee ec x0.

(3) Aca ocae x oy.

(4) o poepe, o n ec e co a (Aca yo epea oy oe n oaa eca oo, o o c poc, o eoop pooo c ye ae, ye a oa, o n - o eoe co a), o x0 = x2 mod n x1 = x02 mod n. Ec ce poep oc, o yaa pao, o pae poco.

o ao, o n o co a. ae Aca coe a aoe x', o x' mod n = x02 mod n=x1, 0 e x' ae ec apa ocao. Ec x0 e, a x' - ee ( aoopo), Aca 0 oa oea.

23.8 Ooapaee cyaop Cyecye poca y ooapaeoo cyaop [116] (c. pae 4.12.):

A(xi, y) = xi-1y mod n ca n (eec poeee yx pocx ce ) x0 o apaee coacoa. Toa cypoae y1, y2 y3 ye y2 ((x0 yq mod n) mod n)y mod n o cee e ac o opa y1, y2 y3.

23.9 Pacpe cepeo "ce eo" o pooo ooe eco copoa ( pao poooa yo e ee yx yaco ) oya pae cepe y ooo poaa (c. pae 4.13) [1374, 1175]. Hae c opeee. Boe e cpo o, x y. cpoa o eco ( fixed bit index, FBI) x y aaec oceoa eoc oepo coaax o x cpo.

Hapep:

x = y = FBI(x, y) = {1, 4, 5, 11} (M ae cpaa aeo, ca ye pa pa .) Teep o a pooo. Aca ye poao. o po - oyae. Ac ec k n ox cepeo: S1, S2,... Sk. o xoe y cepe Sb, po - cepe Sc.

(1) Aca eeppye apy "op /ap " cooae oy (o e po) op .

Oa eeppye pyy apy "op /ap " cooae po (o e oy) op .

(2) o eeppye k n-ox cyax ce, B1, B2,... Bk, cooae x po. po eeppye k n ox cyax ce, C1, C2,... Ck, cooae x oy.

(3) o pye Cb (ao, o xoe y cepe Sb) op o, oye o Ac. O ce FBI Cb oo o apoaoo peyaa. O ocae o FBI po.

po pye Bc (ao, oa xoe y cepe Sc) op o, oye o Ac. Oa ce FBI Bc oo o apoaoo peyaa. Oa ocae o FBI oy.

(4) o epe aoe n-ox ce B1, B2,... Bk aee a , oepa oopoo e FBI, oyeo o po, eo ooee. O ocae o o cco n-ox ce B', B',... B' 1 2 k Ace.

po epe aoe n-ox ce C1, C2,... Ck aee a , oepa oopoo e FBI, oyeo o oa, eo ooee. Oa ocae o o cco n-ox ce C', C',... C' 1 2 k Ace.

(5) Aca pacpoae ce C' ap o oa, oya k n-ox ce C", C",... C". Oa i 1 2 k ce Si C" i = 1,... k, ocae peya oy.

i Aca pacpoae ce B' ap o po, oya k n-ox ce B", B",... B". Oa i 1 2 k ce Si B" i = 1,... k, ocae peya po.

i (6) o ce Sb, o XOR Cb b-o ca, oyeoo o Ac.

po ce Sc, o XOR Bc c-o ca, oyeoo o Ac..

Bce a coo. oc oe ec a pepe.

Ac ec poa oce 12-ox cepeo : S1 = 1990, S2 = 471, S3 = 3860, S4 = 1487, S5 = 2235, S6 = 3751, S7 = 2546 S8 = 4043. o xoe y S7, a po - S2.

(1) Aca coye aop RSA. B aoe c oo oa coye ceyy apy e : n = 7387, e = 5145 d = 777, a aoe c po - n = 2747, e = 1421 d = 2261. Oa cooae oy po x o pe .

(2) o eeppye oce 12-ox ce, B1= 743, B2= 1988, B3= 4001, B4= 2942, B5= 3421, B6= 2210, B7=2306 B8= 222, cooae x po. po eeppye oce 12-ox ce, C1= 1708, C2 = 711, C3= 1969, C4 = 3112, C5 = 4014, C6 = 2308, C7 = 2212 C8 = 222, cooae x oy.

(3) o xoe y S7, ooy o op o, a Aco, pye C7.

22125145 mod 7387 = Teep:

2212 = 5928 = Ceoaeo, FBI x yx ce pae {0, 1, 4, 5, 6}. O ocae eo po.

po xoe y S2, ooy oa op o, a Aco, pye B2 ce FBI B2 peyaa poa. Oa ocae oy {0, 1, 2, 6, 9, 10}.

(4) o epe B1, B2,... B8 aee a , ec oopoo ocycye aope {0, 1, 2, 6, 9, 10} eo ooee. Hapep:

B2= 111111000100 = B' = 011001111100 = O ocae B', B',... B' Ace.

1 2 po epe C1, C2,... C8 aee a , ec oopoo ocycye aope {0, 1, 4, 5, 6}eo ooee. Hapep:

C7 = 0100010100100 = C' = 1011100101000 = Oa ocae C', C',... C' Ace.

1 2 (5) Aca pacpoae ce C' ap o oa oe XOR peyao c Si. Hapep, i i = 7:

5928777 mod 7387 = 2212;

2546 2212 = Oa ocae peya oy.

Aca pacpoae ce B' ap o po oe XOR peyao c Si. Hapep, i i = 2:

16602261 (mod 2747) = 1988;

471 1988 = Oa ocae peya po.

(6) o ce S7, o XOR C7 ceoo ca, oyeoo o Ac :

2212 342= po ce S, o XOR B2 opoo ca, oyeoo e o Ac.

1988 1555 = pooo paoae oo oeca oyaee. Ec o, po xo y cepe, A ca ae aoy oyae a opx a, o ooy a aoo pyoo oyae. a oy ae oyae aop ce o aoo pyoo oyae. ae o o pooo c Aco a oo cox aopo oepo o XOR cex oyex o Ac peyao, oya co cep e . oee opoo o ocao [1374, 1175].

coae, apa eecx yaco oy coea. Aca po, ecy a apy, oy e o o, ao cepe oy o: ec o a FBI Cb aop poa oa, o oy oca aoe b, o y Cb ye pa FBI. A o po, ecy ece, oy eo aoy ce cepe Ac.

Ec caee, o yac ec, oo cooa pooo opoe [389].

(1) Aca pye ce cepe RSA ocae x oy:

Ci = Sie mod n (2) o pae co cepe Cb, eeppye cyaoe co r ocae Ace.

C' = Cbre mod n (3) Aca ocae oy^ P' = C'd mod n (4) o ce P' Sb = P'r-1 mod n Ec yac oy ya, o oe oaa c ye ae, o o ae eoopoe r, aoe o C' = Cbre mod n, xpa b cepee, oa Aca e epeac ey a ae (3) P' [246).

23.10 ece oaoycoe pocce ecma cxea Diffie-Hellman ece pocce peca coo popa coco ycooo pye oyeo (c. pa e 4.14). o pep pao C Ma ( Silvia Micali) [1084, 1085]. O aaeoa [1086, 1087].

B aoo cxee Diffie-Hellman pya ooaee coye oee pocoe co p eepaop g. a p o Ac ec s, a ee op o t = gs mod p. Bo a cea cxey Diffie-Hellman eco ( o pepe coyec oepex ).

(1) Aca pae ex ce, s1, s2, s3, s4, s5, ex p-1. ap o Ac ec s = (s1 s2 s3 s4 s5) mod p- a ee op o t = gs mod p Aca ae ce i ti = mod p, i = 1,... 5.

gs Op ac Ac c ti, a ap - si.

(2) Aca ocae apy cooecyy opy ac aoy oepeoy y. Hapep, oa ocae s1 t2 oepeoy y 1. Oa ocae t KDC.

(3) aoe oepeoe o poepe, o i ti = mod p gs Ec o a, oepeoe o ocae ti ocae eo KDC. oepeoe o coxpae si eo aco ece.

(4) oy ce opx ace, KDC poepe, o t=(t1* t2* t3* t4* t5) mod p Ec o a, KDC pae op .

B o oe KDC ae, o y aoo oepeoo a ec paa ac, o o p eoxo oc coy occao ap . Oao KDC, e epe oepex a e oy oc cao ap Ac.

Pao Ma [1084, 1085] ae coepa oceoaeoc ec coa ecoo RSA oee opooo cxe c eco pocceo, ooe m oepe a n occao ap .

Omaoycmoua cxea Diffie-Hellman a peye poooe y py ooaee ec oe pocoe co p eepaop g. ap o Ac ec s, a ee op o t = gs mod p.

(1) KDC pae cyaoe co B aaoa o 0 o p-2 pyae B c oo poooa pye o (c. pae 4.9).

Aca pae cyaoe co A aaoa o 0 o p-2. Oa ocae KDC gA mod p.

(2) ooae "paee" A c a oepe o, coy cxey oepaeoo coecoo cooa cepea (c. pae 3.7).

(3) KDC pacpae B Ace.

(4) Aca poepe pyee aa (1). ae oa ycaaae co op pa t = gA gB mod p a ap pa s = (A B) mod (p-1) oepee a oy occao A. Ta a KDC ae B, oo ocaoo occaoe s. Aca e coe cooa ax ocoaex aao epea ecaopoao op a. o pooo, paccope [946, 833] acoee pe aeyec.

23.11 ZERO-KNOWLEDGE PROOFS OF KNOWLEDGE oaamecmo c ye aue ucpemoo oapua e xoe oaa Bopy, o e eco x, eec peee Ax B (mod p) e p - pocoe co, a x - poooe co, ao pocoe c p-1. ca A, B p oeocy, a x xpac cepee. Bo a e, e pacpa ae x, oe oaa, o oo e eco (c. pae 5.1) [338, 337].

(1) e eeppye t cyax ce, rl, r2,... rt, pe ce ri ee p-1.

i (2) e ce hi = Ar mod p cex ae i ocae x Bopy.

(3) e Bop, ocooac poooo poca oe eeppy t o: b1, b2,... bt.

(4) cex t o e oe oy ceyx oepa :

a) Ec bi = 0, oa ocae Bopy ri b) Ec bi = 1, oa ocae Bopy si = (ri - rj) mod (p-1), e j - aeee aee eca, p o o po bj = (5) cex t o Bop poepe oo ceyx yco :

i a) p bi = 0 o Ar hi (mod p) i b) p bi = 1 o As hihj-1 (mod p) (6) e ocae Bopy Z, e Z = (x - rj) mod (p-1) (7) Bop poepe, o AZ Bhj-1 (mod p) t Bepooc yaoo oeeca e paa 1/2.

oaamecmo c ye aue ooocmu cpm RSA Aca ae ap po. Moe oa oaa RSA, a oe oa oaa ep app po paa . Aca xoe ye oa, o e ece po. Oao oa e xoe coo a oy , ae pacpoa oa oo cooe po. aee pee pooo c ye ae, c oo oopoo Aca yeae oa, o oa ae ap po [888]. yc o p po - e, ee ap - d, a oy RSA - n.

(1) Aca o pa cyaoe k m, oopx km e (mod n) ca o o pa cya opao, coy eepa k pooo poca oe, a ae c m. Ec k, m oe 3, pooo pooaec. B poo cyae ca pa c aoo.

(2) Aca o eeppy cya poec C. coa o o ocooac poooo p o ca oe.

(3) Aca, coy ap po, ce M = Cd mod n ae oa ce X = Mk mod n ocae X oy.

(4) o poepe, o Xm mod n = C. Ec o a, o o yeaec paoc ae Ac.

Aao pooo oo cooa eocpa oooc cp poe cpe o o oapa [888].

oaamecmo c ye aue moo, mo n emc uco a oa eeco ax eceo pax oaaec oo, o n =pq, e p q - poce c a, opye 3 o oy 4. Oao ec n ee opy prqs, e r s ee, o y ca n coxpac coca, oope ea ca a oe popa. oa cyecye oaaeco c ye ae oo, o n ee ay opy.

peoo, o Ace eco paoee a oe ca a n, e n oaae paccopeo e opo. Bo a oa oe oaa oy, o n ee ay opy [660].

(1) Aca ocae oy co u, e co o pae -1 o oy n.

(2) Aca o coeco pa cyae : b1, b2,... bk.

(3) Aca o coeco pa cyae ca : x1, x2,... xk.

(4) aoo i = 1, 2,... k Aca ocae oy apa ope o oy n ooo epex ce: xi, -xi, uxi, - uxi. Co o apaoo op oe pae bi.

Bepooc yaoo oeeca Ac paa 1/2k.

23.12 Cee oc oe cex oce (c. pae 5.3) o pyao o ayo (David Chaum) [317, 323], o op ae peo epy peaa oo o [318]. Oa coye aop RSA.

oa ec op e, ap d op oy n. Aca xoe, o o cey, e a, oca cooee m.

(1) Aca pae cyaoe co k aaoa o 1 o n. ae oa acpye m, c t = mke mod n (2) o ocae t td = (mke)d mod n (3) Aca cae acpoy c td, c s = td/k mod n (4) Peyao ec s = md mod n o oo eo oaa td (mke)d mdk (mod n), ooy td/k = mdk/k md (mod n).

ay pya eoe ceeco oee cox aopo ceo oc [320, 324], aaex eo a ce oc. Cxe x oce coee, o o a oe oooce.

23.13 epeaa c aae B o poooe, peoeo Mao Pao ( Michael Rabin) [1286], Aca c epooc 50 po eo yaec epea oy a pocx ca, p q. Aca e ae, yceo poa epeaa (C. pa e 5.5.) (o pooo oo cooa epea oy oo cooe c 50-poeo epoo c yceo epea, ec p q pacpa ap RSA.) (1) Aca ocae oy poeee yx pocx ce : n = pq.

(2) o pae cyaoe co x, eee n ao pocoe c n. O ocae Ace:

a = x2 mod n (3) Aca, a p q, ce epe apax op a: x, n-x, y n-y. Oa cya opao pae o x ope ocae eo oy.

(4) Ec o oyae y n-y, o oe c ao o ee x y n, oop ye o p, o q. ae, oeo e, n/p = q. Ec o oyae x n-x, o e oe eo c.

oo poooa oe caoe eco : ooa cya, oa o oe c aoe co a, o p eco apao ope a o coe ce pe pacaa n a oe.

23.14 eoace ce c eco yaca o pooo [1373]. Aca ae eoe co i, a o - eoe co j. Aca o ece xo y a, o pao - ij i>j, o Aca, o e xoe pacp coe co apepy. o oco cy a eoacx ce c eco yaca (c. pae 6.2) oa aa poeo oepa o [162, 7].

B poo pepe peoaaec, o i j pac aaoa o 1 o 100. oa ec op ap .

(1) Aca pae ooe cyaoe co x pye eo op o oa.

c = EB(x) (2) Aca ce c-j ocae peya oy.

(3) o ce ceye 100 ce:

yu = DB(c-i u), 1u DB ooaae eppoae ap o oa.

O pae ooe cyaoe co p. (Paep p oe eoo ee x. o e ae x, o Aca oe eo coo ey paep x.) o ce ceye 100 ce:

zu = (yu mod p), 1u aee o poepe, o cex uv |zu - z| o cex u 0 < zu < p- Ec o e a, o o pae pyoe pocoe co poye coa.

(4) o ocae Ace y oceoaeoc ce, coa x o opo:

zl, z2,... zj, zj 1 1, zj 2 1,... z100 1, p (5) Aca poepe, opye i- e oceoaeoc x mod p. Ec o a, oa eae o, o ij. B poo cyae oa peae, o i> j.

(6) Aca cooae oy co o.

poepa, oopy o oe a ae (3), oa apapoa, o oo co e oc a oceoaeoc, eeppoao a ae (4). B poo cyae, ec za = zb, Aca yae, o a j < b.

Heocao oo poooa ec o, o Aca yae peya ce pae oa. Ho e oeae e aep pooo a ae (5), oaac cooa oy peya. Oa ae oe coa oy a ae (6).

puep npomooa yc o coy RSA. Op o oa ec 7, a ap - 23. n = 55. Cepeoe co Ac, i, pao 4, cepeoe co oa, j - 2. (peoo, o ca i j oy pa oo ae 1, 2, 3 4.) (1) Aca pae x = 39 c = EB(39) = 19.

(2) Aca ce c-i=19-4=15. Oa ocae 15 oy.

(3) o ce ceye epe ca:

y1 = DB{15 l) = y2 = DB{15 2) = y3 = DB{15 3) = y4 = DB{15 4) = O pae p = 31 ce:

z1 = (26 mod 31) = z2 = (18 mod 31) = z3 = (2 mod 31) = z4 = (39 mod 31) = O oe ce poep yeaec, o oceoaeoc paa.

(4) o ocae Ace y oceoaeoc ce, coa x opo :

26, 18, 2 1, 8 1, 31, .e., 26, 18, 3, 9, (5) Aca poepe, opyo eepoe co X mod p. Ta a 9 39 (mod 31 ), o i > j.

(6) Aca cooae o o oy.

o pooo oo cooa coa aoo oee cox poooo. pya e oe poo cepe ayo o ce. O oec yopoa ce o pyy , c oo oapx cpae, opee, o peo oy ey. o oea ye e ceae pe oe cepee ayoa oe cooac ao-o pooo pye o. Ec ayo poo c o oaco ccee, o peo acy ey oyae pee a peoey ey.

Ec ayo pooc o aco ccee, o o oyae pee a opy cy ey. (o oe ceo o pe opoo pya oapx cpae.) Aaoe e pe p ae ceo, epeoopax appae.

23.15 Bepoocoe poae oe epoocoo poa o opeeo a oaccepo (Shafi Goldwasser) C e Ma [624]. Xo x eop ooe coa cay eoacy opeex pocce, pa peaa a eeo [625]. Ho oee oe peaa ce e.

ee epoocoo poa ec ycpaee ye opa popa c op a. Ta a poaa cea oe pacpoa cyae cooe op o, o oe oy eoopy opa. p yco, o y eo ec poec C = EK(M), o aec oy op ec M, o oe pa cyaoe cooee M' apoa eo: C' = EK(M'). Ec C' = C, o o yaa pa op ec. B poo cyae o eae ceyy oy.

poe oo, epoocoe poae ooe ea ae aco ye opa o op ao cooe. p cooa popa c op a poaa oa oe ya oe-o o ax: XOR 5-o, 17-o 39-o o pao 1, ... p epooco poa ocaec cpo aa opa.

Ta cocoo oo e e oo opa, o oeao oooc poaaa pacpoa cyae cooe a op o oe coa opeeee poe. a pa, py cooee, poaa oe e eoo opa. Ho e ae, acoo aea a opa.

Bepoocoe poae aec ycpa y yey. e oo eoa coco o, o ce, pooe a poeco, poepa x pyx opx eco e co a p oaay ao opa o cooecye op o ece.

p epooco poa aop poa ec epooc, a e eeppoa.

py coa, oe poec p pacpoe a a op ec, ope po ec, coye o opeo poa, paec cya opao.

C1 = EK(M), C2 = EK(M), C3 = EK(M),... Ci = EK(M) M = DK(C1) = DK(C2) = DK(C3) =... = DK(Ci) p epooco poa poaay oe e yacc poa pooe ope ec ocax paoo poeca. cpa yc y poaaa ec poec Ci = EK(M). ae ec o pao yaae M, oye p poa EK(M) peya ye coepeo py poeco C: Cj. Cpaa Ci Cj, o e oe o x coae opee paoc coe o a.

o opaeo. ae ec y poaaa ec op poa, op ec poec, o e oe e apoo a eppoa oaa, o poec ec peyao poa opeoo opoo eca. ae o cepa oc, o oe oaa oo, o a oo op ec ec oo op eco.

B o cxee poec cea ye oe opoo eca. oo eooo ea, o ec peyao oo, o oe poec pacpoac o o e op ec. B epo cxee epoocoo poa [625] poec oyac acoo oe opoo eca, o o e c oe.

Oao May (Manual Blum) oaccep (Goldwasser) oy ey peaa ep o ocoo poa c oo eepaopa ceocyax o Blum Blum Shub (BBS), ocaoo paee 17.9 [199].

eepaop BBS ocoa a eop apax ocao. Cyecy a pocx ca, p q, opy x 3 o oy 4. o ap . x poeee, pq = n, ec op o. (aoe co p q, eoacoc cxe opaec a cooc paoe n a oe.) poa cooe M caaa paec cyaoe x, ao pocoe c n. ae cec x0 = x2 mod n x0 cy capoo oceoaeoc eepaopa ceocyax o BBS, a xo eepaopa coyec aece ooooo pa. oo oec XOR M c xoo eepaopa. eepaop ae bi (a aa xi, e xi = xi-12 mod n), ooy M=M1, M2, M3,... Mt c = M1 b1, M2 b2, M3 b3,... Mt bt e t - o a opoo eca oae oceee ceoe aee, xt, oy cooe, eo ceao.

Pacpoa o cooee oo oo o cocoo - oy x0 c o capoo oceoa eoc ayc eepaop BBS, o XOR xoa c poeco. Ta a eepaop BBS eoace eo, aee xt ecoeo poaaa. Too o, oy ec p q, oe pacpoa co oee. Bo a a e C aop oye x0 xt:

p a x0 eppoae ecoo. poco aae capoy oceoaeoc eepaopa BBS oe XOR peyaa c poeco.

y cxey oo cea ee cpee, coy ce ece eoace xi, a e oo a aa . C a yyee epoocoe poae Blum-Goldwasser oaaec cpee RSA e oycae ye opa o opo ece. poe oo, oo oaa, o cooc cp o cxe paa cooc paoe n a oe.

C pyo copo, a cxea coepeo eeoaca o ooe cp c pa poe co. o a aa a pax apax ocao oo c apa ope oo apaoo ocaa. Ec o yacc, o yacc paoee a oe. opooc oo a [1570, 1571, 35, 36].

23.16 aoa popa aoa popa o ececey eopeeeoc aooo pa. C ee oo oo coaa c, oope eooo ocya, e oc oex epeay. ao aeo aa ao ao aa, ae ec ocya oe pepa e ec, ae ec o ee ocy eopaeo ceo ooc, ae ec P = NP. ap ee (Charles Bennett), paccap (Gilles Brassard), o peo (Claude Crepeau) pye pacp y e, oca aooe pacpeeee e, aooe pocae oe, aooe pyee a, aoy epeay c aae aoe ce c eco yaca. Ocae x peyao oo a [128, 129, 123, 124, 125, 133, 126, 394, 134, 392, 243, 517, 132, 130, 244, 393, 396]. y oopo o ao o popa ec [131]. py xopo eexec oopo oe cy [1651]. oy opa o aoo popa oo a [237].

e a ocac peeo ocye aao popa, o ee paccap papaoa ecyy oe [127, 121, 122]. Teep y ac ec cnepuemaa aoa popa.

a ycpoec oyoee, aee cee eo-y paccaec. opoy oc a, o o aoe.

B cooec c aoa aoo exa ac a cao ee e axoc oo ece, a c o peeeo epooc cyecy cpay o ox ecax. Oao o a oo o ex op, oa e p xo ye e oepe acy, "oaayc" ao opeo ece. Ho ep ce apaep ac (apep, oopa copoc) oopeeo eooo. Ec ep oy x yx e , ca a epe yoae cy oooc ep pyy ey. Heopeeeoc e c yaea coco aooo pa, ya o oo e eec.

y eopeeeoc oo cooa eepa cepeoo a. yeecy, oo oe c opeeeo apae, epx-, eo-pao, , o oee epoo, o a-o yo.

O coe ce eopoa, oo oec o cex oox apaex. oa apa ee oea ox ooo coaae, o c opoa. opaoe p poyca oo e oo, oope opoa opeeeo apae, a ocae opyc.

Hapep, opoa opao p poycae oo oo c opoao opa e. oepe o p a 90 payco, eep co eo yy poxo oo epao op o ae oo.

yc y ac ec yc opoao opoax ooo. Ec o opoy po epe op oa p, o y x y cex pepaco oyc. Ec eeo oopaa p a 90 payco, oeco poycaex ooo ye caoc ce ee ee, aoe o oo e po e epe p. o poope paoy ccy. aec, o ae eae oopo pa oe ocao ce oo, a a o opoao opoa. Ho aoo exae aa ac a c opeeeo epooc oe e co opa poco epe p. Ec yo ooe pa ee, a epooc coa, a ec o pae 90 payca, o epooc paa y.

A ec yo oopoa pa pae 45 payca, epooc ooa po p paa 50 poea.

opa oo ep o ccee oopa: yx apaex, pacxoxc o p yo. pepa cce oopa c poyoa - opoaoe epaoe apae - aoaa - ea paa aoa. Ec yc ooo opoa aao ccee oopa, o p epe o e ccee oopa yaee opa. p epe epao ccee oopa, oye cya peya. M copaec cooa o coco eepa cepe oo a:

(1) Aca ocae oy oceoaeoc oox yco. a yco cya op a o opoa oo epex apae: opoao, epao, eo- paoa o ao.

Hapep, Aca ocae oy:

| | / \ | / (2) oa ec eeop opa. O oe acpo co eeop a epee poyoo aoao opa. Oopeeo ep y, pyy y eo e oyc, ey e oo aoa exaa. epee oo opa e ac ep pyy. a, o ycaaae co eeop poo opao:

X X X X X Teep, ec o pao acpo co eeop, o apecppye pay opa. Ec o acpo eeop a epee poyoo opa, yc ye opoa poyoo, o yae, ay opa ooo paa Aca. Ec o acpo eeop a epee a o ao opa, a yc ye opoa poyoo, o peya epe ye cya . o e coe opee pay. B peeo pepe o oe oy cey pey a:

/ | \ / \ / | (3) o cooae Ace o eaeoy aay, ae acpo o cooa.

(4) Aca cooae oy, ae acpo pa. B ae pepe eeop pao yc aoe yco 2, 6, 7 9.

(5) Aca o oca oo pao epee opa. B ae pepe o oca:

* | * * * \ * * C oo apaee pooeoo oa Aca o peopay peya epe opa. Hapep, opoaa eoaoaa oy oaa ey, a epaa paoaoaa - o. B ae pepe o oa oya:

0 0 1 a, Aca o oy epe a. C oo o cce o oy eeppoa coo o, coo yo. B cpee o pao yaae 50 poeax cyae, ooy eepa n o Ace pec oca 2n oox yco. O oy cooa a cepe c epoo aopa oece acoy eoacoc, oy ocaoo o cooa aece oopaooo ooa.

aeae ec o, o Ea e coe ocya. a oy, e yo yaa epeo opa, , a y oa, ooa ee oao ye epao. Ta a epae epe e opa ooo, o p ocya oa eyeo oc o epeay. Ec o a, Aca o oya pae oe oceoaeoc. a, Aca o aaa pooo oo ec:

(6) Aca o cpaa ecoo o cox cpo. o a pacxoe o ya o oc y a. Ec cpo e oac, o o opaca cooae cpae c oy ocaec.

ye oo poooa oo Ace o cooa co ae pcyc E [133, 134, 192]. O oy cpaa oo eoc ox ooec. Toa, ec e oapyeo pacxo e , pec opoc oo o ooeca. o oapyae ocyae c epooc 50 poeo, o ec o cep a opao n pax ox ooec, epooc E oc y n a ocac eaeeo ye paa 1/2.

B aoo pe e ae accoo ocya. Ec Ea oaec pacp ce , oa o aeo papy aa c.

ee paccap ocpo paoay oe aooo pacpeee e oec eoa c a a oeco cae. oceee, o ca, o cooee o o, o British Telecom o ca o 10-oepooy ooooy [276, 1245, 1533]. O ca, o oco paccoe 50 oepo. o opaae oopaee.

ac IV Pea p aa pep peaa Oo eo papaaa pooo aop, coce pyoe eo cpaa x oepaoe c c e. B eop paa eop e o, o a pae ey opoe pa. aco e aeaeo a yae, o e paoa peao . Moe co e peoa copoc aaa, oe pooo co eee. Heoope opoco cooa pop a paccapac ae 10, o ae ocyac pep oo, a popaece aop peayc a pae.

24.1 pooo ypae cepe a oa IBM B oe 70-x oo IBM, coy oo cepy popa, papaoaa aoey ccey ypae a epea ax eoacoc ao oepx cex [515, 1027]. He a a peae exa poooa, a eo oa oco : a ce aoaa eepa, pacpe e e, ycao, xpae, ee papye e o pooo aeo poyc, oecea eoacoc eax eo ocoe popaecx aopo.

o pooo oeceae p e: eoacy c ey cepepo pa epaa, eo acoe xpaee ao a cepepe eoacy c ey cepepa. pooo e oeceae acoeo poo coee epa-epa, xo eo oa oe peaoa ay oooc.

a cepep ce oe popaeco aapaype, oopa oe ce poae e ppoae. aoo cepepa ec a (Master Key), KM0, a apaa, KM1 KM2, oo pe c ypoe apaa KM0. coyc poa pyx e eepa ox e. aoo epaa ec a epaa (Master Terminal Key), KMT, oop coyec oea a c py ep aa.

KMT xpac a cepepax, apoae o KM1. Bce ocae , apep, coyee poa ao e (o aac KNF), xpac apoao ope, ape o KM2. a KM0 xpac epoeaco oye eoacoc. Ceo o oe o , o aa apoa, oe oc ooaee c aayp (ooo a ecoa cpoa, peopayea ). KM1 KM2 e xpac e-y ccee, a, oa oaoc, cc o KM0. Ceacoe c ey cepepa eeppyc a cepepe c oo ce ocyaoo poecca. Aao opao eeppyc poa xpax ao (KNF).

Cepe poooa cy yco cp oy, aae popaeco aapay po (cryptographic facility). a cepepe, a epae ce poae eppoae pocxo eo o oye. B o oye xpac cae ae , coyee eepa ecex e poa. oce oo, a aca, ca x caoc eoo. poe oo, o oee opeoo cooa : , peaae pee oo aa, e oe cyao cooa pee pyo. a oe eopo ypae a ooo ec ca ae ocee o cce. oa c (Donald Davies) B pac (William Price) opoo paccapa o pooo ypae a [435].

Mouuau Moa o cxe aoo ceacox e oo a [1478]. Oa ocpoea a ae cee x yo c aapaypo poep ooc e, oopa ocyae oae epa. a o a a papaoaa, o :

Oeoac yec aa ey y ooaec epaa.

Oeoac c c oo poao o.

Oece ay x ao.

Oece oooc poo oc.

c epea ao ey ooae o cxee coyc , eeppoae aapaype poep ooc e, opaee ooae oce poa c oo a o o a. opa o oc ooae cpaaec , peoca oaaeco oo, o ceaco coyec opeo apo ooaee. Boooc poep ooc e ec ao o ccee. Xo ccee e coyec popa c op a, oa o epae oooc, oxoy a poy oc : oe pca oo opeoo c oa poa oo opeo ece aae.

24.2 MITRENET Oo cax pax peaa popa c op a a cepeaa ccea MEMO (MITRE Encrypted Mail Office, poaoe oooe oeee). MITRE - o a oaa yx ape, paoaa o aay Mcepca oopo. MEMO cya cceo eoaco epoo o ooaee ce MITRENET cooaa popa c op a oea a DES poa ao.

B ccee MEMO ce ope xpac epe pacpeee opx e (Public Key Dis tribution Center), oop ec oe yo ce. xpac cpaeo epepopapyeo , o e a e x. ape eeppyc ooae cce.

o ooae o opa eoace cooe, ccea caaa ycaaae eoacoe c o eee c epo pacpeee opx e. ooae apaae epe a cex opx e. Ec ooae poxo ea c cooae eo apoo a, ep epec a e apoe cco a paoy ca ooae. oecee eococ cco pyec c oo DES.

poa cooe coyec DES. poa ao ccea eeppye cya DES, ooae pye a o DES, a DES - op o oyae. apo a a opac oyae.

MEMO e peycapae ep peocopooc po oep e. Cyecy eoope cpeca poep eococ cooe c cooae opox cy. B ccey e cpoe cpeca po ep ooc.

pee, e ccea a peaoaa, a oaaa eeoacoc opeo peaa cce o px e MEMO - oea a o cxee Diffie-Hellman a GF(2127) (c. pae 11.6), xo e pyo e ccey, o oo o cooa oe ca. MEMO a opeea a opao cepeax ee oa e cooaac peao ccee MITRENET.

24.3 ISDN Bell-Northern Research papaoaa poo eoacoo eeooo epaa ISDN (Integrated Services Digital Network, poa ce c eppoae ycy) [499, 1192, 493, 500]. a eeo aapa, ep a ocac a ypoe pooa. B peyae oc poe eoacoc aeo ax ( Packet Data Security Overlay). Tepa coye cxey oea a Diffie-Hellman, poe oc RSA DES poa ax. O oe epeaa pa pe ae co c opoc 64 /c.

u B eeo cpoea apa "op /ap " eoo cooa. ap xpac ycoo o cp oye eeoa. Op cy ea eeoa.

c ac caoo eeooo aapaa e oy ee.

poe oo, eeoe xpac ee a opx a. O x ec op ae a aapaa. o coyec poep ooc oa aea, o oe ee o oae, ocao aee. Ta ooae oe epea oy-o pyoy pao ae aap a o.

B eeoe ae xpac op ce. O coyec poep ooc oa a a payp ypae ce poep ooc oo o pyx ooaee ce. o ae oo e oao, ocao aee. o ooe aey e ce, oopo o e eo aapa.

paccapac a eoo ooa - o ec peo, ec ooe e c. B eeoe ae xpac apa "op /ap " paocpooo cooa.

O cpoe cepa, oca epo ypae a. a eeoa oeac cep aa p ycaoe coee. ooc x cepao yocoepec op o ce.

Oe cepaa x poepa oc oo p ycaoe eoacoo coee ey aapaa. ycaoe eoacoo coee ey pooo coep ooe ooe. B aapao e aa, oop caec eeo aee, xpac ap aea, apoa cepe apoe, ec oo aey (eo e ae eeo aapa, ep ypae ce, ee o-y). aa ae coep cepa, o ca epo ypae ce, oop e op aea eoopa ea oa opa (, oa, ceaoc, cee oyca, e copa , cecyaa ope a poee). Bce o ae apoao. eppoa o opa oa ee eeo ooae o co cepe apo c aayp aapaa. Teeo aapa coye y opa coee, o oa yaec oce oo, a ooae ee co aa.

B eeoe ae xpac aop cepao, ax epo ypae ce. cepa yocoep pao opex ooaee ooac ope eeo aapaa.

Bo Bo oa Aco pocxo cey opao.

(1) Aca cae eeo co aa o co apo.

(2) Teeo opaae aa, o opee oc Ac a e ca " co oa".

(3) Teeo poepe co aop cepao, poep, o Aca ee pao cooa o aapa.

(4) Aca apae oep, eeo opeee apecaa oa.

Pages:     || 2 | 3 |



2011 www.dissers.ru -

, .
, , , , 1-2 .