chương 4. mã hóa theo khối và des (1)
TRANSCRIPT
Bo Mt Thng TinTrn Nht Quang Khoa Cng Ngh Thng Tin H S Phm K Thut TP HCM [email protected]
Cc Ni Dung
Thut ton m ha theo khi Mng thay th - hon v Shannon Cu trc M ha Feistel Thut ton DES v to kha con cho DES
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
2
Khi Nim M ha theo khi (Block cipher): l m ha d liu s mi
ln mt khi (block). Thng thng, 1 khi c kch thc 64 hoc 128 bit. P = p1p2pn C = c1c2cn ek(p1), ek(p2), , ek(pn) c1, c2,, cn Kha k khng thay i cho tt c cc khi.
Nh vy, m ha thng ip ln thc cht l m ha tng
khi vi quy trnh ging nhau. Do , khi nghin cu m ha theo khi ta ch cn xem xt
vic m ha 1 khi (64 hoc 128 bit) u vo (coi nh thng ip ngun) v u ra cn xem xt ch l 1 khi. ek(pi) ciBo Mt Thng Tin Chng 4. M Ha Theo Khi v DES
3
Mng Thay Th - Hon V 1949, Claude Shannon a ra tng v Mng Thay th -
Hon v (Substitution Permutation network), hay cn gi Mng S-P, to c s cho cc thut ton m ha theo khi. Mng S-P da trn 2 php bin i: Thay th (Substitution)
Hon v (Permutation)
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
4
Php Thay Th (Substitution Operation) Mt bit c thay th bng bit khc. Php thay th c qui nh bi kha. Nu u vo l n bit th kha di 2n
S kha c th c l 2n!: tng rt nhanh khi n tng. Kha c m t bng bng sau, gi l S-box
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
5
V D S-box Vi n = 3 bit ta c th c mt S-box nh sau:
u vo000 001 010 011 100 101 110 011 010 000 0 3 1 2 2 0 111 3 7 111
u ra
110 101 001 100 4 6 5 5 6 1 7 4
R rng, vi n bit: 1 S-box chnh l 1 hon v ca 2n phn t,
c gi tr t 0.. 2n -1 S S-box c th c l 2n!Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES
6
Php Hon V (Permutation Operation) Cc bit hon i v tr vi
nhau c quy nh bi kha. u vo n bit th kha di n
S lng kha c th c l n! S lng kha tng chm
hn trong php thay th nn an ton cng thp hn. Kha c m t bng P-box
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
7
V D P-box Vi n = 3 bit ta c th c mt P-box nh sau:
u vo
u ra
1 3 R rng, vi n bit:
2 1
3 2
1 P-box chnh l 1 hon v ca n phn t. S P-box c th c l n!Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES
8
Kt Hp P-box Vi S-boxP box-6bits S boxes-3bits0 0 1 2 3 4 5 6
P box
01 1 0
00 1 1
1 2 3 4 5 6
11 0 0
10 1 1
70 1 2 3 4 5 6 7Bo Mt Thng Tin
70 1 2 3 4 5 6 7
...
10
01
11
109
Chng 4. M Ha Theo Khi v DES
Mng Thay Th - Hon V Shannon kt hp cc S-box v P-boxes to ra mng S-P
(Substitution-Permutation):
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
10
M Ha Feistel Trn thc t mng S-P c s dng m ha v gii m
Cn phi d xc nh cc box S-P nghch o v d ci t bng phn mm (software). u 1970s, Horst Feistel IBM vo ngh ra 1 cu trc
thch hp, c gi l M ha Feistel (Feistel cipher): Khi ngun c chia thnh 2 na, L(i-1) v R(i-1), v ch s
dng R(i-1) trong vng th i ca thut ton. Cc kha con th i: K(i) c to ra t kha K. Kha K(i) kim sot hm g, cho php kt hp vng th i ca mng S-P.
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
11
M Ha Feistel (2) Cc php bin i vng th i: L(i) = R(i-1) R(i) = L(i-1) XOR g(K(i), R(i-1))
Cc php bin i ny d dng o ngc (xem s ) Trn thc t, ngi ta kt hp cc vng ny (thng l 16
vng) trong thut ton y .
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
12
Cc Nguyn Tc Thit K Cc thnh phn lm vic cng nhau, trong : S-Box: To ra s xo trn (confusion) cc bit ngun. P-Box: To ra s truyn b (diffusion) cc bit sau S-box.
Nhng khi nim ny cn c Webster v Tavares gi l
hiu ng tuyt l (Avalanche) v hiu ng ton vn (Completeness).
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
13
Hiu ng Tuyt L (Avalanche Effect) Khi thay i 1 bit ngun s dn n s thay i gn mt na
cc bit ch. Hm f s c coi l c hiu ng tuyt l tt nu: Vi mi bit i, 0 i < m, nu 2m bit c chia thnh 2m/2 cp (X, Xi)
ch khc nhau bit i th lun tm c bit gi tr 1 trong t nht trong 2m/2 bit ca tng Vi = f(X) XOR f(Xi) Hiu ng ny bo m mi thay i nh ca ngun s dn ti
s thay i ln ca ch. Do d cho k l gn on ra ngun, kt qu cui cng vn
cn rt xa vi. V d: Trong m ha thay th (c in), c 2 cp ngun v m: cat
rfg v c_ts rfgy trong c cp th 2 c 1 k t cha bit, c th da vo cp u suy ra l ch a bi v ciphertext ging nhau.Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES
14
Hiu ng Ton Vn (Completeness Effect) Mi bit ch l hm phc hp ca tt c cc bit ngun. Hm f s c coi l c hiu ng ton vn tt nu: Vi mi bit j (0 j < m) trong cc ciphertext tm c t nht
1 cp plaintext X v Xi khc nhau ch ti bit i (i) m f(X) v f(Xi) khc nhau ti bit j. Hiu ng ton vn bo m mi bit ch ph thuc vo tt
c cc bit ngun. Do k l s khng th dng nguyn tc Chia tr (tm
cc cp m ngun tng ng) thm m. 2 hiu ng ny l cc tnh cht khc bit so vi cc thut
ton c in.Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES
15
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
16
S Lc Lch S Nhng nm 1973, 1974 nhu cu gi b mt thng tin tr nn cp
thit m cc thut ton c in khng p ng c. T chc NIST (National Institute of Standards and Technology)
ku gi to ra cc thut ton m ha mi v an ton hn. IBM a ra Lucifer, sau c thit k li thnh DES. DES tr thnh chun ca NIST (1976), c s ci t phn
cng (1977), l chun ANSI cho c phn cng v phn mm (1981). DES c s dng rng ri trn th gii, c bit l trong cc
giao dch ngn hng, thng tin lin lc. nh kz, ANSI cng nhn li chun cho thi gian 5 nm tip theo. DES l thut ton m ha khi ph bin trong 1975-2005.Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES
17
Khi Qut DES S dng kha 56-bit DES cho tc tnh ton nhanh nhng
d b thm m bng vt cn kha nh Diffie v Hellman d bo. V DES b ph m: 1997 bng mng my tnh ln trong vi thng
1998 bng my tm kha c bit trong vi ngy 1999 bng t hp cc my trn trong 22 gi 15
Qu trnh m ha 1 khi 64-bit bng DES: Hon v ban u IP (Initial Permulation) 16 vng tnh ton phc tp c s dng kha Hon v kt thc l nghch o ca IPBo Mt Thng Tin Chng 4. M Ha Theo Khi v DES
18
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
19
To Cc Kha Con (Subkey) Kha K ban u 64 bit Chuyn thnh kha 56 bit (Permuted Choice 1 hay PC1) Chia thnh 2 na C0 v D0 Dch tri C0 v D0 i 1 bit ta c C1 v D1 Nht ra c kha K1 (48 bit)
Dch tri C1 v D1 i 1 bit ta c C2 v D2 Nht ra c kha K2 (48 bit) Dch tri C2 v D2 i 2 bit ta c C3 v D3 Nht ra c kha K3 (48 bit)
. Dch tri C15 v D15 i 1 bit ta c C16 v D16 Nht ra c kha K16 (48 bit)Bo Mt Thng Tin Chng 4. M Ha Theo Khi v DES
20
To Kha Con
7 bit
1 bitP
64 bit
7 bit
1 bitP
Bt u t kha khi to 64 bit b cc bit 8, 16, 24, 32, 40,
48, 56, 64 ta c kha 56 bit. Theo bng PC1 ta chn c 2 dy 28 bit C0,D0 Dch tri 1 (i vi cc kha 1,2,9,16) hoc 2 bit (i vi cc kha cn li) Theo bng PC2 ta ln lt chn c 16 kha 48 bitBo Mt Thng Tin Chng 4. M Ha Theo Khi v DES
21
LS - Left Shift LSi dch 1 bit nu: i = 1,2,9,16 LSi dch 2 bit nu: i 1,2,9,16 Tng s ln dch: 4*1 + 12*2 = 28 Do : C0 = C16 ;D0 = D16 Ki = PC2( KS( PC1(K), i ) )K148
K64
PC156
C028
D028
LS1 28
LS1 28
PC2
56
C128
D128
LS2
LS2
LS16 LS16 Bo Mt Thng Tin
K16
48
Chng 4. M Ha Theo Khi v DES
PC2
56
C16
D16
22
PC157 49 41 33 25 171 10 2
PC29 14 17 11 243 16 28 15 7 6 4 23 19 12
126
58 2
58 50 42 34 26 18 59 51 43 35 27 3 60 52 44 36
21 10
19 11 7 14
27 20 13
63 55 47 39 31 23 15 62 54 46 38 30 22 6 61 53 45 37 29 5 28 20 12 4
41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32
21 13
PC1:
Input: 64 bit (nh s t tri sang phi 1-64) Output: Kha 56-bit gm 2 na 28-bit C v D PC2: Input: Kha 56-bit (nh s t tri sang phi 1-56) Output: Kha 48-bit (Na 24 bit t C dng cho S1-S4 Na 24 bit t D dng cho S5-S8) S quay 2 na kha C v D:vng: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 KS : 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 Bo Mt Thng1 2 4 6 8 10 12 14 15 M Ha Theo Khi 23 25 27 28 Chng 4. 17 19 21 v DES Total : Tin23
To kha con (2)
1 9
2
3
4
5
6
7
8
57 49 41 33 25 17 1 106456
9
10 11 12 13 14 15 16
58 50 42 34 26 18 2 59 51 43 35 27 3 60 52 44 36
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 3233 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
19 117 14
63 55 47 39 31 23 15 62 54 46 38 30 22 6 61 53 45 37 29 5 28 20 12 4
21 13
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
24
0
1
0
1 1
0
1
1
5b
K (64 bit)
0 0 1 0 1 0 0
0 1 1 0 1 0 1
0 1 1 0 1 1 1
0 1 1 0 1 0 0
0 1 0 0 0 0 1
0 1 1 1 1 1 1
0 1 1 0 1 0 1
00 0 0 0 0 0
11 1 1 1 1 1
00 1 1 0 1 1
1 11 0 0 0 0 1 1 0 0 0 0 1
01 1 0 1 1 1
11 1 1 1 1
01 1 0 0 1
5a57 67 6a 56 67 6e PC1 6456
1 1 1 1 1 1 1
1 09
57 49 41 33 25 17 1 10 2
0 1 1 0
0 1 1 0
0 1 0 1
0 1 1 0
0 1 1 0
0 1 0 0
0 1 0 0
0 1 0 0
00 ff d8 20 ff ec
58 50 42 34 26 18 59 51 43 35 27 3 60 52 44 36
19 11
63 55 47 39 31 23 157 14 62 54 46 38 30 22 6 61 53 45 37 29 5 28 20 12 4
11 1 0
11 0 1
11 0 1
10 1 1
11 0 0
11 0 0
10 1 0
10 1 025
9370
Bo Mt Thng Tin
21 13
Chng 4. M Ha Theo Khi v DES
0 0 0
1 1 1
0 0 0
1 1 1 1 1 0
0 0 1
1 1 1
1 0 1
5b 5a 57
K (64 bit)
0 1 1 0
0 1 1 0 1 0
0 1 0 1 1 0
0 1 1 0 0 1
0 1 1 0 1 0
0 1 0 0 1 0
0 1 0 0 0 1
0 1 0 0 0 1
00 ff d8 20 ff
C0PC1 6456
00 0 0 0
11 1 1 1
11 0 1 1
0 00 1 1 0 0 0 0 1
10 1 1 1
11 1 1 1
10 0 1 0
676a 56 67 6e
1 1 1 1 1 1 1 11 1
ec93 70
D0 C1PC2 4856
0
1
1
1
0
0
0
0
K1 (48 bit) 0 0 0 0 0 0 0 0 1 0 0 1 1 0 1 0 1 1 1 0 0 0 0 1 0 0 1 1 0 1 1 0 38 09 1b 26 0 1 1 0 1 1 0 0 1 0 1 1 1 0 0 1 1 0 1 0 1 1
Dch 10 1 1 0 1 1 0 0 1 0 0 1 1 0 0 1 0 0 1 0 1 0 1 0 0 1 0 1 1 1 0 0 1 1 0 01 ff b0 40
00 0
00 0
11 1
01 0
11 0 1
10 1 1
11 1 1
10 1 1
2f3a 27
ffd9 26 f0 26
0 Mt Thng Tin 0 0 Bo 0
1 0f Chng 4. M Ha Theo Khi v 1 DES 1
D
1 0 0 0 0
14 17 11 24 3 16 28 15 7 6 4 23 19 12
1 26
5 8 2
9
18 22 25
1 9
2 10
3 11
4
5
6
7
8
21 10
35 38 43 54
12 13 14 15 16 0 0 0 0
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
27 20 13
41 52 31 37 47 55 30 40 51 45 33 48
44 49 39 56 34 5346 42 50 36 29 32 K1 (48 bit) 0 0 0 0 0 0 0 0 1 0 0 1 1 0 1 0 1 1 1 0 0 0 0 1 0 0 1 1 0 1 1 0 38 09 1b 26
45 46 47 48 49 50 51 5253 54 55 56 0 0 0 0
C1PC2 4856
0 1 1 0 1 1 0
0 1 0 1 1 1 0
0 1 1 0 1 0 1 1
0 1 1 0 1 1 0
0 1 0 0 1 1 0
0 1 0 0 1 0 1
0 1 0 0 1 0 1
1 1 0 0 1 1 0
01 ff b0 40
00 0
00 0
11 1
01 0
110
10 1 1
11 1 1
10 1 1
2f3a 27
ffd9 26 f0 27
0 Mt Thng Tin 0 0 Bo 0
1
1 0f Chng 4. M Ha Theo Khi v 1 DES 1
D
1 0 0 0 0
V D To KhaKeyinit(5b5a5767, 6a56676e) (64-bit) TO 16 KHA CON 48 BIT PC1(Keyinit) C0= 00ffd820, D0= ffec9370 (56-bit key) vng 01 C= 01ffb040, D=ffd926f0, SK1 = (38 09 1b 26 2f 3a 27 0f) vng 02 C= 03ff6080, D=ffb24df0, SK2 = (28 09 19 32 1d 32 1f 2f) vng 03 C= 0ffd8200, D=fec937f0, SK3 = (39 05 29 32 3f 2b 27 0b) vng 04 C= 3ff60800, D=fb24dff0, SK4 = (29 2f 0d 10 19 2f 1d 3f) vng 05 C= ffd82000, D=ec937ff0, SK5 = (03 25 1d 13 1f 3b 37 2a) vng 06 C= ff608030, D=b24dfff0, SK6 = (1b 35 05 19 3b 0d 35 3b) vng 07 C= fd8200f0, D=c937ffe0, SK7 = (03 3c 07 09 13 3f 39 3e) vng 08 C= f60803f0, D=24dfffb0, SK8 = (06 34 26 1b 3f 1d 37 38) vng 09 C= ec1007f0, D=49bfff60, SK9 = (07 34 2a 09 37 3f 38 3c) vng 10 C= b0401ff0, D=26fffd90, SK10 = (06 33 26 0c 3e 15 3f 38) vng 11 C= c1007fe0, D=9bfff640, SK11 = (06 02 33 0d 26 1f 28 3f) vng 12 C= 0401ffb0, D=6fffd920, SK12 = (14 16 30 2c 3d 37 3a 34) vng 13 C= 1007fec0, D=bfff6490, SK13 = (30 0a 36 24 2e 12 2f 3f) vng 14 C= 401ffb00, D=fffd9260, SK14 = (34 0a 38 27 2d 3f 2a 17) vng 15 C= 007fec10, D=fff649b0, SK15 = (38 1b 18 22 1d 32 1f 37) vng 16 C= 00ffd820, D=ffec9370, SK16 = (38 0b 08 2e 3d 2f 0e 17)
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
28
Ti Liu Tham Kho[1] ng Trng Sn, BMTT_04_ModernBC_DES.ppt, H S Phm K Thut TP HCM.
[2] William Stallings, Cryptography and Network Security Principles and Practices, Fourth Edition, Prentice Hall, November 16, 2005. [3] Dng Anh c v Trn Minh Trit, M ha v ng dng, i hc Quc gia thnh ph H Ch Minh, 2005.
Bo Mt Thng Tin
Chng 4. M Ha Theo Khi v DES
29