mã khoá công khai và rsa
TRANSCRIPT
-
8/13/2019 M kho cng khai v RSA
1/24
M HA KHA KHNGNG B(KHA BTI XNG)
-
8/13/2019 M kho cng khai v RSA
2/24
CHNG 3: M HA
KHA BT I XNG
M bt i xng
Chk in t
Chng thc in t
-
8/13/2019 M kho cng khai v RSA
3/24
M ha kha cng khaiI. M HA KHA CNG KHAI
M ha khai xng c mt nhcim cn bn l: cn phi traoikha b mt trc.
M ha kha cng khai (hay kha bti xng)ca ra nh lmt gii php thay th.
Thut ton m ha kha cng khai c c s hon chnhu tin c
Ron Rivest, Adi Shamir v Leonard Adleman khi xng vo nm 1977ti Hc vin K thut Massachusett (MIT Massachusett Institute ofTechnology). Cng trnh nyc cng b vo nm 1978 v thut tonct tn l thut ton RSA
-
8/13/2019 M kho cng khai v RSA
4/24
M ha kha cng khai1.1. Khi nim chung
M ha kha cng khai l mt dng m ha cho php ngi s dng traoi ccthng tin mt m khng cn phi traoi cc kha b mt trc.
Cc h thng m ha kha cng khai s dng mt cp kha c quan h ton hcvi nhau Kha cng khai Public key
Kha ring Private key (hay kha b mt secret key)
Hthng mt m ha kha cng khai c thsdng vi cc mc ch: M ha: gib mt thng tin v chc ngi c kha b mt mi gii m c.
To chk s: cho php kim tra mt vn bn xem n c phi c to vi mtkha b mt no hay khng.
Tha thun kha: cho php thit lp kha trao i thng tin mt gia hai bn.
-
8/13/2019 M kho cng khai v RSA
5/24
M ha kha cng khai1.2. M hnh hot ng
Sinh Kha A chn thut ton sinh cp kha - kha cng khai E (public key) v kha b
mt D (private key).
A gi E (public key) cho B, giD (private key) cho mnh.
M ha B nhn c kha cng khai E.
B c thng ip gc P, dng E m ha E(P) = C
C l thng ip m ha gi cho A
Gii m A nhn c C Dng D gii m D(C) = Pc li thng ip gc.
Dng kho cng khai m ha, nhng dng kho b mt gii m
-
8/13/2019 M kho cng khai v RSA
6/24
M ha kha cng khai1.3. Thut ton RSA
Sinh Kha Chn 2 snguyn tkh ln (>1024bit) P v Q, PQ
Ly tch s: N = PQ, N c gi l modulo m ha.
Chn sE sao cho: 1< E < PQ, E v (P-1)(Q-1) nguyn tcng nhau (vyE phi chn l mt sl). E c gi l smm ha
Tnh sD sao cho tch sDE 1[mod(P-1)(Q-1)] c ngha l tch sDEchia cho tch s(P-1)(Q-1) c sdl 1, hay l DE -1 chia ht cho (P-1)(Q-1) Ta dng phng php thdn cc snguyn X sao cho c c cho: D =[X(P-1)(Q-1) +1]/E l snguyn. D c gi l smgii m.
Kha cng khai An gi cho Bnh (qua ng thng tin bt k) l cp s[N,E]
Kha b mt An gicho ring mnh l cp s[N,D]
-
8/13/2019 M kho cng khai v RSA
7/24
M ha kha cng khai1.3. Thut ton RSA
M Ha M ha: B nhn c kha cng khai ca A gi. B c thng ip gc
plaintext P
thng ip c sha P thc ra l mt con sdng nhphn c ithnh sthp phn no cn gi cho A.
B m ha bng php ton:
C= PE mod N (P = plaintext, C = ciphertext)
Bnh gi thng ip m ha C cho A.
-
8/13/2019 M kho cng khai v RSA
8/24
M ha kha cng khai1.3. Thut ton RSA
Gii M A nhn c C
A gii m bng php ton
P = CD
mod N
Nhvy l y ta cn phi chng minh c rng:
(PE mod N)D mod N = P
iu ny c chng minh bng cch ng dng
nh l sdTrung hoa The Chinese Remainders Theorem .
-
8/13/2019 M kho cng khai v RSA
9/24
M ha kha cng khai1.3. Thut ton RSA
V d: minh ha phng php nn ta chn p, q kh b cho d tnh ton. Chn 2 snguyn t: p = 17 ; q = 11
n = pq = 187
( n)=(p-1)(q-1)=160
e = 7 : smm ha (cng bcng khai) Kha cng khai A gi i cho B: (7,187)
d=e-1 mod ( n); d=7-1mod 160=23: smgii m ( A giring )
C thng ip gc (sha thnh sdng nhphn ri i ra sthp phn):
M=88
B dng kha cng khai (n,e) m ha : Me mod(187) ; 887 mod 187 = 11
Thng ip m ha c gi i: 187
A dng kha ring (n,d) gii m : Cd mod n; 1123 mod 187 = 88
i 123 vm nhphn v chuyn thnh vn bn gc theo bng m
-
8/13/2019 M kho cng khai v RSA
10/24
M ha kha cng khai1.4. Trao i kha cng khai
RSA operation gm mt dy php tnh ly tha modulo kh ln.phc tp tnh ton:
- Kha cng khai = O(k2) bc tnh ton,
- Kha ring = O(k3),
Tng qut m RSA c phc tp tnh ton l O(k4) k l sbit ca modulo.V vy m RSA c nhc im u tin l tc lp m v gii m rt chm
Nhc im ln khc ca m RSA l nguy csau y. Khi B dng kha cngkhai nhn tA gi tin, chc chn chA c c: tin cy pha ngi gi tin.
Khi A nhn tin, cha chc do B gi (v kha cng khai c thlv ngi thba
bit kha cng khai, c thdng m ha nhng thng ip gigi cho A):khng tin cy pha ngi nhn tin.
khc phc iu , phi c phng php phn phi kha cng khai mtcch tin cy hn
-
8/13/2019 M kho cng khai v RSA
11/24
M ha kha cng khai1.4. Trao i kha cng khai
Strao i kha cng khai:- A to mt cp kha, kha cng khai l E1 v kha ring D1- B to mt cp kha, kha cng khai l E2 v kha ring D2- Dng E1 nhn c ca A m ha E2: E1(E2) = E2, B gi E2 cho A v giD2 cho ring mnh
- A nhn c E2, gii m bng D1 (Chmnh A c D1): Chc A c c E2.Khi chc 2 i tc A v B cng shu kha cng khai E2.
- A c thng ip gc P, dng E2 (ca B m ha thng ip: E2(P) = C, gi thngip m ha (bng kha cng khai ca B) cho B chc chn chc B c c
- B: nhn chc chn do A gi, c: D2(C) = P
Bi tp: Sdng thut ton trao i kha v m ha RSA trao i thng tin
-
8/13/2019 M kho cng khai v RSA
12/24
M ha kha cng khai1.5. Phong b s
M bti xngm boc an ton trong vic chuyn giao kha mnhng li c nhcim l tc lp m, gii m r t chm
Phong b s (Digital envelope) l mt bin php k t hp ca hai loimi xng v bti xng chuyn giao thngip an ton v tincy
-
8/13/2019 M kho cng khai v RSA
13/24
M ha kha cng khai1.5. Phong b s
S chuyn giao kha b mt bng phong b s dngn ginBc 1 : To phong b s
A to kha cng khai E1 gi cho B, gikha ring D1
B to kha cng khai E2, to kha cng khai E2,
dng E1 (nhn tA) m ha: E1(E2) = E2 gi E2 cho A. Chc A shu kha ring D1 nn gii m c: E1(E2) = E2.
T Chc A v B cng shu kha cng khai E2 (do B to)
Bc 2: Chuyn giao kha di xng
A to kha i xng K dng E2 m ha: E2(K) = K gi cho B B dng D2 gii m: D2(K) = K
Chc A v B cng bit kha K, t giao dch bng kha i xng K
-
8/13/2019 M kho cng khai v RSA
14/24
M ha kha cng khai1.6. Cc thut ton m ha thng dng
H mt m Elgamal da trn bi ton logarit ri rc cng l mt thuttonc dng kh phbin trong nhiu th tc mt m
Mt m xp ba l Merkle-Hellman l mt trong nhng h mt m
kha cng khai rai sm nht, do Ralph Merkle v Martin Hellmanpht minh vo nm 1978
Mt mng cong elliptic Elliptic curve cryptography ECClmt dng m ha kha cng khai da trn cu trc i s ca cc
ng cong -lip trn nhng tr ng hu hn. Vic s dng ccngcong e-lip trong mt m hc do Neal Koblitz v Victor S, Millerxut vo nm 1985
-
8/13/2019 M kho cng khai v RSA
15/24
M ha kha cng khaiII. CHKiN T
Trong mt giao dch thng tin gia 2 tc nhn, vic traoi thng tintrc ht phim bo bn yu cu sauy trong cc nguyn l bo mtthng tin
Tnh bo mt: thng tin d lt vo tay ngi khc th ngi cng khng hiuc ni dung th.
Tnh ton vn thng tin:Nu thng tin blm bin i ni dung trong qu trnhtruyn tin th phi nhn bit l thng tin bcan thip (chpht hindetect -nhng c thkhng bit ni dung bcan thip nhthno nh chnh li chong correct)
Tnh xc thc (nhn bit): Khi nhn c thng tin, ngi nhn xc nh cng l thng tin do ngi gi gi khng phi l do mt kthba gimo.
Tnh khng chi b(trch nhim): Sau ny ngi gi khng thchi brngthng tin khng phi ca mnh.
-
8/13/2019 M kho cng khai v RSA
16/24
M ha kha cng khaiV d: Trong giao dch thng thng, An k tn vo l thxc nhnrng th do mnh pht hnh, sau ny khng thchi bc. Khi Bnhthy chk ca An cui thth tin tng l thca An
Vy c cch no gii quyt c cc tnh cht an ton thng tin trong giaodch in t? Ni cch khc, c thto ra mt cng cng vai tr nhchk ca ngi pht hnh thng ip trong dng giao dch thng thngkhng?
Chk in t(Electronic signature) chnh l cng cp ng cnhng yu cu ra trn y cho vic trao i thng ip in t
-
8/13/2019 M kho cng khai v RSA
17/24
M ha kha cng khai2.1. Chk in t
V d: Trong giao dch thng thng, An k tn vo l thxc nhnrng th do mnh pht hnh, sau ny khng thchi bc. Khi Bnhthy chk ca An cui thth tin tng l thca An
Vy c cch no gii quyt c cc tnh cht an ton thng tin trong giaodch in t? Ni cch khc, c thto ra mt cng cng vai tr nhchk ca ngi pht hnh thng ip trong dng giao dch thng thngkhng?
Chk in t(Electronic signature) chnh l cng cp ng cnhng yu cu ra trn y cho vic trao i thng ip in t
-
8/13/2019 M kho cng khai v RSA
18/24
M ha kha cng khai2.1. Chk in t
Qu trnh m ha ngc sdng kha b mt v gii m bng kha cngkhai c gi l qu trnh k v xc nhn (private key authentication)
Sk nhn v xc nhn chk
abcd Encrypt/SignEncrypt/Sign$#&*$#&*
Decrypt/VerifyDecrypt/Verify abcd
Private Key Public Key
Plain textPlain text Plain textPlain text
-
8/13/2019 M kho cng khai v RSA
19/24
M ha kha cng khai2.2. Cc thut ton chk in t
Qu trnh m ha ngc sdng kha b mt v gii m bng kha cngkhai c gi l qu trnh k v xc nhn (private key authentication)
Chk in tvi RSA
Chk in tvi DSA
abcdPrivate KeyPrivate Key
$#
&*
$#
&* Public KeyPublic Key abcd
Plain textPlain text Plain textPlain text
HashHash
abcd SignSign$#&*$#&*
VerifyVerify
Yes
Plain textPlain textNo
$#
HashHash
$#
-
8/13/2019 M kho cng khai v RSA
20/24
M ha kha cng khai2.3. Hm bm
L mt chui i din (message digest) ca dliu c to ra tphng phpton hc (hash function) sdng kim tra tnh chnh xc ca dliu khi trao i
Tnh cht ca hm bm:
Mt chiu h: x x; khng tn ti h-1
Khng c va chm yu x x h(x) h(x)
Khng c va chm mnh Vx x h(x) h(x)
Cng dng ca hm bm:
Kim tra thng d(tnh ng n ca dliu)
So snh hoc kim tra dliu kch thc ln
Sdng trong chk in tHm bm thng dng: MDx (128 bits), SHA-x (160-512 bits), RIPMD(160)
Ch : MAC l mt loi message digest sdng kha ng b
-
8/13/2019 M kho cng khai v RSA
21/24
M ha kha cng khaiIII. CHNG THCIN T
Chng thc in tl mt trong nhng ng dng quan trng ca chkin t. Nhchng ta bit tnh cht quan trng ca chk in tlphi m bo tnh ton vn ca dliu tnh xc thc, v tnh trch nhim
ca ngi gi thng tin. Vy cu hi t ra l:
C phi ng ngi chshu gi thng tin?
Tnh ng n v trch nhim ca ngi chshu nhthno?
-
8/13/2019 M kho cng khai v RSA
22/24
M ha kha cng khai3.1. M hnh chng thc in t
Chng thc in tbao gm 2 phn: Plaintext:Xc nhn chshu v kha cng khai Message digest:bao gm kha cng khai, c xl bi hm bm v
c k bi thnh phn c thm quyn
Mt snh cung cp chng thc: VeriSign, Red Hat, Nexus, FPT, Bkav
Digital Certificate
Issuer: BCng An
Owner: CMND
Public Key: A1BC34
Time: 12/12/2022
A#$1BC^&EFF*&86 Sign
-
8/13/2019 M kho cng khai v RSA
23/24
M ha kha cng khai3.1. Htng cskha cng khai
Public key Infrastructure (PKI) Trong mt m hc, h tng c skha cng khai l mt cch cho mt bn th 3 (thng l nh cungcp chng thc s) cp pht v xc thcnh danh cc bn tham gia voqu trnh traoi thng tin.
Hin nay c 2 m hnh vhtng kha cng khai c sdng:
Tiu chun X.509
Giao thc PGP v Web of Trust
-
8/13/2019 M kho cng khai v RSA
24/24
M ha kha cng khai
KT THC