Вы находитесь на странице: 1из 141

1.

1.1.
1.2.
1.3.
1.4.
1.5.
1.6.
1.7.
1.8.
1.9.
2.
2.1.
2.2.
2.3.
2.4. ,
2.5.
2.6.
2.7.
2.8.
2.9.
2.10.,
2.11.
2.12.
2.13.
2.14.
3.
3.1.
3.2.
3.3.
3.4.
3.5.
3.6.
3.7.
3.8.
4.
4.1. DES
4.2. IDEA
4.3. BLOWFISH
4.4. AES
4.4.1. AES
4.4.2. AES
4.4.3. AES
1

4.4.4. AES
5.
5.1.
5.2.
5.3. -
5.4.
5.5.
5.6.
5.7.
6.
6.1.
6.2.
6.3.
6.4. RSA
6.5.
6.7.

1.
1.1.

(cryptology). kryptos
, logos - . . .
.

.
() ()

- ,

.
,
( )
(),
.
.
- ()
(messages).
(Plaintext) -
.
(Ciphertext) -
.
,
().
(Enciphering)
.
(Deciphering)
,
.

,
. :
- (
);
- ( ).
,

.

.1.1.
1.2.
.

(Permutation
Ciphers)

. ,
" "
, .
.1.2 .
CRYPTOGRAPHY
TARPORPYYGH
. "" ,
3.
C R Y P T O G R A P H Y

T
R

A
O

R
G

Y
H

C T A R P O R P Y Y G H
.1.2.

.

1.3.
(Substitution Cipher)
,
.

k , k
. ,
k=3. .1.3
.
C R Y P T

O G R A P H Y

F U B S W R J

U D S K B

.1.3.
, ,
. ,
Data Encryption
Standard (DES), 64- ,
.
,
" " .

, , CRYPTOGRAPHY
7905. ,
7905 CRYPTOGRAPHY.
1.4.

. ,
, "
". ,
, ,
, .

, , ,
, ,
. ,
, , ,
: , , , , ,
, ..
5

"
". , , ,

,
, ,
"LOGIN"

, .
.
( ),
, ,
,
.
(strong),
.
1.5.
,

. ,
. (
),
, ( ), -
.


.1.4.

, ,
, , ,
. (eavesdropping)
, ,
(tampering) .
6

1.6.
.
1. , M.
2. , C.
3. , K.
4. () , Ek: M
C.
5. () ,
Dk: C M.
Ek
E, , k,
. ,
Dk
D k. k, Dk
Ek; Dk(Ek (M))=M
M. Ek Dk
, k k.

. ,
, .
M

Ek

Dk

.1.5.
1. .
2.

.
3.
, E D.
1.7.

.

1.

Dk

C,
M .
2.
M
C.

1.
Ek C,
M .
2.
C , Dk(C)
, M.

, . , :
, , ..
, .
:

() ;
, ,
;
,

( );
;

;
;
, , ;

;
, ;

;
8

, ,
.
1.8.
(Simmons)
()
() .
, .
(
). , Ek Dk
. ,
. ,
( )
. DES .

.
A Ek Dk
.

Ek

Dk

.1.6.

Ek

Dk

.1.7. /
Ek
, Dk
.
1.8.
()
EA,
, DA,
. DA
, EA
, DA
. EA
DA DA
EA DA.

. , A
M B. A
EB B, A M
B C=EB(M).
B C
DB DB(C)=DB(EB(M))=M.
,
().

.

EB
A

DB
B

10

.1.8.
, M
DA.
, A C=DA(M) .
, B
EA
EA(C)=EA(DA(M))=M.
() .
, ,
.

DA

EA

M
B

.1.9.
,
.
A C=EB(DA(M)), B M
: EA(DB(C))=EA(DB(EB(DA(M))))= EA(DA(M))=M.

M
A

DA

EB

DB

EA

M
B

.1.10.


.
1.9.

,
. B M,
11

A. A
:
1.B A M.
2., , A.
3. , M,
-
A B.


.

, .

. DA ,
,
.
B M, A ( ,
DA)
. B -
A ,
(, DA ).
EA , B
,
A B. :
1.A M, C= DA (M).
2.B A , EA(C) M.
3. A B , EA(C) M
, B.
, ,
.

12

2.
2.1.
,
. ,
, ,
.
,
.
,
.

.
.
, :
THISISHARDCODEFORMANYPEOPLE,

.

This Is Hard Code For Many People.

.
, .


TH IS IS HA RD CO DE FO RM AN YP EO PL E.

. ,
( )
. ,

This Is Hard Code For Many People

SIHT SI DRAH EDOC ROF YNAM ELPOEP.
SIHT
THIS.

.
13

.
.


(Write-in)


(Take-off)

.2.1.
,

(Write-in),
(Take-off).
Write-in Take-off.
2.1. , CRYPTOGRAPHY
(3 4 )
:
1

C R Y P
T O G R
A P H Y

3-1-4-2,
- YGHCTAPRYROP.
.

.
d
M=m1,...,md md+1,,m2d,...,

f.
EK(M)=mf(1),...,mf(d),mf(d+1),...,mf(2d),...
.
2.2. , d=4 f

i 1 2 3 4
f(i) 3 1 4 2
, 4 ,

, ..
14

= C R Y P T O G R A P H Y

EK(M) = Y C P R G T R O H A Y P
,
,
.
2.3. , d=12 , ,
f
i 1 2 3 4
f(i) 3 1 4 2
, 12 ,
34,
,
..
M= HERE IS A SECRET MESSAGE ENCIPHERED BY
TRANSPOSITION, :
H E R E
I S A S
E C R E

T M E S
S A G E
E N C I

P H E R
E D B Y
T R A N

S P O S
I T I O
N

:
E(M)=RARHIEESEESCEGCTSESEIMANEBAPETRYNHDROISINSOPT


. , CONVENIENCE,
,
.
, 1.
, ,
,
.
2.4. CONVENIENCE
,
. ,
.

15

C O N V E N I E N C E
1

10

11

1. ,
, , ,
B. .
, ,
, 3, 4 5 .
=HERE IS A SECRET MESSAGE
ENCIPHERED BY TRANSPOSITION
C O N V E N

E N C E

10

11

H E R E I
E T M E S
C I P H E
R A N S P
N

S
S
R
O

A S E C R
A G E E N
E D B Y T
S I T I O

, ,
C=HECRN CEYI ISEP SGDI RNTO AAES
RMPN SSRO EEBT ETIA EEHS.
2.5.
,
. .
1.
2 .
C O N V E N

E N C E

10

H
E
E
S
P
N
I

R E I S A
T M E S
A G E E N
H E R E D
S P O S I
O N

E C R

11

C I
B Y T R A
T

C=HEESPNI RR
SSEES EIY A SCBT EMGEPN ANDI CT RTAHSO IEERO.
16


" ",
.
, ,
, ,
. ,
90 ,
, .
.

, ,

.
.
2.6.
25 .
1
4
3
2
1

2
5
6
5
4

3
6
7
6
3

4
5
6
5
2

1
2
3
4
1

2
2 5 6
3 6
4
6
1
3

4 1
5
3
5 4
2 1

2.7.
: M=HERE IS A SECRET MESSAGE WRITE.

2
4 5 6
3 6
2
6
1
3

4 1
5
3
5 4
2 1

4
5 2
6
5 4
1

H
E
S
E C
R
E I R
S E
A
T

R
E I
S
A


1 2 3
6
3 6 *
2 5
1 4 3

17

1 2 3
4 5 6
3
* 6
5 6 5
1 4
2

1
2
3
4

H
E C
S
S S
A

E M
E
E I
E
A T

S
R
R

H
E
R
S
E

E
W
E
E
A

S
R
R
T
G


1
3 4 1
4 5
5 2
6 * 6 3
2 5 6
4
2

E
C
S
S
A

M
E
I
I
T


RSEIR SSEIR SSEIT EAATG.

C=HEEMS ECWER

2.2.
()

.

,
.

, M,
, C. C

.
, n ={a0,a1,...,an},
C n- ={f(a0),f(a1),...,f(an)},
f C, ,
C.
,
f.

M=m1m2...,
, ,
EK(M)=f(m1)f(m2).
2.7. , f
= {, , ...} ,
,
:
18

:ABCDEFGHIJKLMNOPQRSTUVWXYZ
C:YARMOLIKBCDEFGHJNPQSTUVWXZ.
M=CRYPTOGRAPHY :
C=RPXJSHIPYJKX.

( YARMOLIK),
.
.

.
,
, .
, ,
.

,
.

, .
, ,
. ,

.
,
.
,
. , ,

NORTH
Y
U
Q
M
I
E
A
WEST

XTPLHD

BFJNRVZ

C
G
K
O
S
W
SOUTH

EAST

19

.2.2.
,

:ABCDEFGHIJKLMNOPQRSTUVWXYZ
C:YUQMIEAZVRNJFBWSOKGCXTPLHD

,

.
,
Angie Wimer. ,
,

, ,
.

B
C

D
E
F

P
N
L

.2.3.

.

55,
, , 2.4.


20

.2.4.
,
.
,
.
2.8. , =
=.


.
2.3.



.
,
,
.

.
,
( 50 ).
,

k .
.
, k=3.

f(a)=(a+k) mod n,
n - ( ), k-
, a
.
,
0-A, 1-B, 2-C, 3-D, 4-E, 5-F, 6-G, 7-H, 8-I, 9-J, 10-K, 11-L, 12-M, 13-N, 14O, 15-P, 16-Q, 17-R, 18-S, 19-T, 20-U, 21-V, 22-W, 23-X, 24-Y, 25-Z,
, ,

21

f(a)=(a+3) mod 26.


, a, f(a)
. G ,
6, f(a)=6+3=9, J,
.
2.9. ,
=CRYPTOGRAPHY C=FUBSWRJ
UDSKB.

.
,

f(a)=(ka) mod n,
k n .

.
2.10. , =CRYPTOGRAPHY
k=3 f(a)=(3a) mod 26, C=GZUTFQSZATVU.

,
f(a)=(k0a+ k1) mod n.
k0 k1.

.
2.4. ,


.

. ,


. , ,
, The quick brown fox jumps over the lazy dog
. ,
,

.
22

,
.
THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG

.2.5. ,
,
T 11 71.
2.11. =JOHNSON IS SPY
J

51

33

12

35

55

33

35

23

55

55

54

84

=513312355533352355555484.
,
,
(The Churchyard cipher),
.
,
- 1794
**

**
*

*
*

**
*

**

.2.6.
,
,
:
A*
D*
G*

B*
E*
H*

C*
F*
I-J*

K**
N**
Q**

L**
O**
R**

M**
P**
S**

T
W
Z

U
X

V
Y


.
2.5.

23



.
,
.
,
.
,

, , ,
:

ETAONIRSH
DLUCM
PFYWGBV
JKQXZ


,

.
.
E
T
A
O
N
I
S
R
H

12.31
9.59
8.05
7.94
7.19
7.18
6.59
6.03
5.14

L
D
C
U
P
F
M
W
Y

4.03
3.65
3.20
3.10
2.29
2.28
2.25
2.03
1.88

B
G
V
K
Q
X
J
Z

1.62
1.61
0.93
0.52
0.20
0.20
0.10
0.09

.2.7.
,
,
.

.

.
24

TH HE AN IN ER RE ES ON EA TI AT ST
3.15 2.51 1.72 1.69 1.54 1.48 1.45 1.45 1.31 1.28 1.24 1.21

:
THE AND THA ENT ION TIO FOR NDE HAS NCE EDT TIS OFT STH MEN.


,
.
2.6.
()
,
.

- .

.

. ,
, ,
.

.
2.12. ,
, 00
99. (,
)
,
,
.


A
G
C
H
O

23, 25, 97, 95, 89, 33, 12, 11, 34


44, 77, 35, 51
87, 41
59, 90, 00, 26, 36
66, 02, 15, 22, 09, 83, 54
25

P
R
T
Y

04, 58
38, 07, 94, 30, 56, 67
55, 71, 72, 80, 01, 12, 29, 50, 68
88

.2.8.
=CRYPTOGRAPHY
C= 87 07 88 58 72 54 51 30 97 04 00 88.

, ,
,
.
2.7.
(Beale Cipher)
.
.

. ,

.
.
.

. , 1000 ,
.
001
011
021
031
041
051
061
071
081
091

When, in the course of human events, it becomes necessary


for one people to dissolve the political bands, which have
connected them with another, and to assume among the Powers
of the earth the separate and equal station to which
the Laws of Nature and of Natures God entitle them,
a decent respect to the opinions of mankind requires that
they should declare the causes which impel them to the
separations. We hold these truths to be self-evident, that
all men are created equal, that they are endowed by
there Creator with certain unalienable rights; that among

.2.9.

,
, .
26

W, , 001, 019, 040,


066, 072.
2.13. ,
=PLAIN. : C =013 042 081 008 044.
2.8.
(Playfair Cipher), 1854 ,
.
.
,
, ,

.

.

.
,
,
.


Y
A
R
M
O
L
I
K
B
C
D
E
F
G
H
N
P
Q
S
T
U
V
W
X
Z
55, 25 . J
I .
.
1. M=m1m2
().
2. m1m2 M

12 .
2.1. m1 m2
, c1 c2
m1 m2, . ,
. ,
m1m2=EH 12=FD.
2.2. m1 m2 , c1 c2
, m1 m2,
. .
, m1m2= FW 12=QR.
27

2.3. m1 m2 , c1 c2
, m1 m2,
, c1
m1, c2 m2. , m1m2=KT,
12=CQ
Y
L
D
N
U

A
I
E
P
V

R
K
F
Q
W

M
B
G
S
X

O
C
H
T
Z

2.4. m1=m2 () (, X)
m1 m2,
m1=m2. , m1m2=KK, m1m2m3=KXK
12=DW.
2.5. ,

.
2.14. M=CRYPTOGRAPHY.
=KOANZCFMIVDO.
,
,
- .


. ( )
,
.

.
2.15. ,
.
M W X Y N
W O M L H
V A P K L
U A N K I
U R B O Z
S B C Z Y
E F Q C I
Q P D E Z
T S G H D
R T V F G
A
Z
U
X
Y

K
B
T
S
R

O N
L P
C M
W D
V Q

I
H
G
F
E

P
I
H
K
V

R M
D S
G C
W L
Q X

O
E
T
B
U

N
F
Y
Z
A
28

m1m2=HW c1c2=TD.
2.9.
(Bifid cipher)

, .
,
, .
(Delastelle).

.
, ,
,
.
.
, ,
. :

1
2
3
4
5

1
T
L
N
C
F

2
X
K
Z
G
B

3
V
M
O
W
S

4
H
U
Q
Y
D

5
R
P
E
A
I


,
, ,
.
,
. , =THIS IS MY SECRET
MESSAGE ,
M=THISI SMYSE CRETM ESSAG E.
,
, . .
T H I S I
1 1 5 5 5
1 4 5 3 5

S M Y S E
5 2 4 5 3
3 3 4 3 5

E S S A G
3 5 5 4 4

C R E T M
4 1 3 1 2
1 5 5 1 3

E
3
29

3 3 5 2


.
.
1155514535, 5245333435, 4131215513,
3554453352 35. ,
, T=11, I=55, F=51,
A=45, E=35.
, T
() T H
. .
.

C=TIFAEBAOQECNLIVEDAOBE.
(Bifid
cipher)
, Trifid cipher ,
.
,
,
.
1, 2 3. , ,
333=27 , ,
, , ,
55=25 .
.
W 111 N 211

C 311

A 112

E 212

X 113

K 113

Q 213

I 313

M 121

O 221

T 321

& 122

V 222

J 322

B 123

R 223

F 323

Z 131

L 231

U 331

Y 132

P 232

G 332

H 133

S 233

D 333


, .
.
, .
T
3
2
1

H
1
3
3

I
3
1
3

S
2
3
3

I
3
1
3

S
2
3
3

M
1
2
1

Y
1
3
2

S
2
3
3

E
2
1
2

C
3
1
1

R
2
2
3

E
2
1
2

T
3
2
1

M
1
2
1

E
2
1
2

S
2
3
3

S
2
3
3

A
1
1
2

G
3
3
2

E
2
1
2

,
.
30

.

313-I, 232-P, 123-B, 131-Z, 321-T, 333-D, 331-U, 122-&, 322-J, 333-D,
112-A 122-&, 321-T, 321-T, 122-&, 213-Q, 221-O, 331-U, 311-C, 233-S, 222-V.
C=IPBZTDU&JDA&TT&QOUCSV.

(pencil-and-paper ciphers) . -
.
2.10. ,

,
. (The Straddling Checkerboard)
.

. ,
.
,

.
.
.
.
. A, T, O, N, E, S, I, R
At One Sir
.
.

2
6

9
A
B
P

8
T
C
Q

2
D
U

7
O
F
V

0
N
G
W

1
E
H
X

6
J
Y

4
S
K
Z

3
I
L
.

5
R
M
/

( )
.

, .

.
.
, ,
-
.
2.16. , M=SEND
31

MONEY.
=410222570166.
, (pencil-and-paper ciphers)
VIC , ,
, . ,
1953 - ,
.

.
.
1. , .
2. 20 ,
.
3.
, , .
4 1776,
741776. 77651.
"I dream of Jeannie with t"
.
,
, .

:
1.
.
7 7 6 5 1
(-) 7 4 1 7 7

0 3 5 8 4
.
2. 20
20 . ,
, 1 ,
, 2 . 0
,
. , - "I dream of Jeannie with
t" :
I D R E A M O F J E
6 2 0 3 1 8 9 5 7 4

A N N I E W I T H T
1 6 7 4 2 0 5 8 3 9

3.
32

(chain addition). (
,
), ,
,
.
.
.

0+3= 3+5= 5+8= 8+4= 4+3=


4
3
8
3
2
7

4. 0 3 5 8 4 3 8 3 2 7
6 2 0 3 1 8 9 5 7 4.
. 6 2 0 3 1 8 9 5 7 4
+ 0 3 5 8 4 3 8 3 2 7 = 6 5 5 1 5 1 7 8 9 1.
5. , 4,

(2)
(4)

1
6
0

6
5
2

7
5
2

4
1
1

2
5
2

0
1
1

5
7
5

8
8
8

3
9
3

9
1
1

0 0
6 .
2, 2
5. 0 2 2 1 2 1 5 8 3 1.
6.
50 .
: 0 2 2 1 2 1 5 8 3 1 * 2 4 3 3 3 6 3 1 4 3 * 6 7 6 6 9 9 4 5
7 9 * 3 3 2 5 8 3 9 2 6 2 * 6 5 7 3 1 2 1 8 8 8 * 1 2 0 4 3 3 9 6 6 9.
7.
. 1 2 0
4 3 3 9 6 6 9 1 2 0 5 3 4 8 6 7 9.
1 . ,
. 1 2 0 4 3 3 9 6 6
9 3, ,
4.
6.
8. 1 2 0 5 3 4 8 6 7 9
.

33

0
8

1
A
B
P

2
T
C
Q

0
D
U

5
O
F
V

3
N
G
W

4
E
H
X

8
J
Y

6
S
K
Z

7
I
L
.

9
R
M
/


.
2.11.
() (Giovanni Baptista della Porta)
565 .
. .
2.1.

AB
CD
EF
GH
IJ
KL
MN
OP
QR
ST
UV
WX
YZ

A
N
A
Z
A
Y
A
X
A
W
A
V
A
U
A
T
A
S
A
R
A
Q
A
P
A
O

B
O
B
N
B
Z
B
Y
B
X
B
W
B
V
B
U
B
T
B
S
B
R
B
Q
B
P

C
P
C
O
C
N
C
Z
C
Y
C
X
C
W
C
V
C
U
C
T
C
S
C
R
C
Q

D
Q
D
P
D
O
D
N
D
Z
D
Y
D
X
D
W
D
V
D
U
D
T
D
S
D
R

E
R
E
Q
E
P
E
O
E
N
E
Z
E
Y
E
X
E
W
E
V
E
U
E
T
E
S

F
S
F
R
F
Q
F
P
F
O
F
N
F
Z
F
Y
F
X
F
W
F
V
F
U
F
T

G
T
G
S
G
R
G
Q
G
P
G
O
G
N
G
Z
G
Y
G
X
G
W
G
V
G
U

H
U
H
T
H
S
H
R
H
Q
H
P
H
O
H
N
H
Z
H
Y
H
X
H
W
H
V

I
V
I
U
I
T
I
S
I
R
I
Q
I
P
I
O
I
N
I
Z
I
Y
I
X
I
W

J
W
J
V
J
U
J
T
J
S
J
R
J
Q
J
P
J
O
J
N
J
Z
J
Y
J
X

K
X
K
W
K
V
K
U
K
T
K
S
K
R
K
Q
K
P
K
O
K
N
K
Z
K
Y

L
Y
L
X
L
W
L
V
L
U
L
T
L
S
L
R
L
Q
L
P
L
O
L
N
L
Z

M
Z
M
Y
M
X
M
W
M
V
M
U
M
T
M
S
M
R
M
Q
M
P
M
O
M
N
34

.2.10.
(, =LOOK UNDER THE
COUCH) (, = JACKET)
,
.
L
J

O
A

O K U N
C K E T

D E R
J A C

T
K

H E
E T

C
J

O
A

U C H
C K E

,
. (JACKET
), ,
. J
. ,
J . , J
5- .
L,
U. =UBCS JJZRF
LSVYBIXS
2.12.
(Vigenere Cipher)
1586
.
, ,
. ,

.

.

() .
.

35

2.2.

a

h
i

k
l

u
v

h
i

t
u

.2.11.

,

.
.

,
.
,
.
, .

, -
.
,
.
=RYPTOGRAPHY
36

RAND
.
C R Y P T O G R A P H Y
R A N D R A N D R A N D
C
R
T.
C=TRLSKOTURPUB.

: (Straight Keyword);
(Progressive Key); (Auto
ey).
"Wish you were here".
2.17. "Wish you were here",
SIAMESE.
:
M= W I S H Y O U W E R E H E R E
K= S I A M E S E S I A M E S E S
C= O Q S T C G Y O M R Q L W V W


. SIAMESE
TJBNFTF,
UKCOGUG, .
2.18. "Wish you were here",
SIAMESE
.
M= W I S H Y O U W E R
K= S I A M E S E T J B
C= O Q S T C G Y P N S

E H E R E
N F T F U
R M X W Y


.
2.19. "Wish you were here",
SIAMESE. .

M= W
K= S

I
I

S H Y O U W E
A M E S E W I

R
S

E H E R E
H Y O U W
37

C= O Q

G Y

S M

L W

,
,
,
.
2.13.

, ,
.
, ,
,
.
,
, ,

.

. 1568, (Alberty) ,
, .
n ( n -
)
()
. ,
,
. ,
, ,
.
.
XX
.

.
SIGABA (M-134), TYPEX,
PURPLE ENIGMA.
( )
.
n , n
.
.
,
, .

38


.
.
n
.
, ,

.
,
.
, ENIGMA.
ENIGMA
. ( )
n ,
, .
,
,
.
, m n
nm. , ,
,
, nm=262. ,

26! , ,
.

.
.
R1, R2, R3 (Reflec.)
().
.

M
C
R1

R2

R3

Reflec.

.2.12.
,
, :
39

- .
- ,
.
- .

, (),
.
,
. ,

256 ASCII ,
256 , .
ASCII ,
ASCII .
,
,
- .
.2.13.
(RAM)


0
01010101
1
10010011
2
11000011

255
00011101
.2.13.
,
.
(
)
. ,
()
.
. 2.14
.
M

40

.2.14.
ASCII

.
,
/ .
.
,
.
,

, :
1. .
2. .
3. , .
2.14.
(Gilbert Vernam), ,
1917.
,
,

.

(one time pad).

, ,

.
2.20. ,
Cryptography and Data Security,
, THE TREASURE
IS BURIED... .
M=
K=
C=

t h e t r e a s u r e i s b u r i e d
t h e s e c o n d c i p h e r i s a n
m o i l v g o f x t m x z f l z a e q

M=m1m2...
, K=k1k2... .

41

C=EK(M)=c1c2... , ci=(miki) mod 2, i=1,2,... .



,
. ,
/ (mi/ki)
ci=miki. kiki =0 ki=0 1,
: ciki = mikiki=mi.
,
.

42

3.
3.1.
:
.

.
.
d n ,
, n=kd,
dn.
p, p>1 ,
1 p. 2, 3, 5, 7,
11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
103, 107, 109, 113,.
, ,
. ,
.
n>1
.

,

.

, ,
.
.

,
, ,
. ,
,
p q
n=pq.
n .

.
.
3.1. ()
.
: ,
p1, p2, p3,,pk, ,
,

k p 1,
i 1 i

43

p1, p2, p3,,pk,


1 , , . #
,
.
3.2.
k>1, k
.
: (k+1)!=234 (k+1)
2,3,4,,(k+1). ,
(k+1)!+2, (k+1)!+3, (k+1)!+4,, (k+1)!+(k+1),
,
, , 2, 3 . . #

,
.

1 1000, 1 100,
101 200 : 25, 21, 16, 16, 17, 14, 16, 14, 15, 14.
1 000 001 1 001 000 : 6, 10, 8,
8, 7, 7, 10, 5, 6, 8. 10 000 001 10
001 000, : 2, 6, 6, 6, 5, 4, 7, 10, 9, 6.

.
3.3. (x)
2 x x/ln(x) x
,

lim

( x)
x ln( x )

1,

ln(x) x.
.
x
1 000
10 000
100 000
1 000 000
10 000 000
100 000 000
1 000 000 000

(x)

x/ln(x)

168
1 229
9 592
78 498
664 579
5 761 455
50 847 476

145
1 086
8 686
72 382
620 421
5 428 681
48 254 942

(x)/(x/ln(x))
1,159
1,132
1,104
1,084
1,071
1,061
1,054

44

,
,
.
3.4. n(n>1)
(n)1/2, .
: n ,
n=ab,
1<a<n; 1<b<n. a b , (n)1/2 . #
.
T 3.5. ()
1) 2,3,4,..,N, ,
r 2,3,5,7,,pr, ()
.
2) 2,3,4,..,N, ,
(N)1/2,
p (N)1/2<p N.
:
1) n , ,
, n.
2) n, (N)1/2< n N ,
, pi(n)1/2(N)1/2 2, 3,,
pr (pr<(N)1/2 pr+1) , , . #
3.1.
,
1

10 11 12 13 14

15

16 17 18 19 20

21 22 23

24

25

26 27 28 29 30 31 32 33 34

35

36 37 38 39 40

41 42 43

44

45

46 47 48 49

2, 3, 5 7
: 11,13,17,19,23,29,31,37,41,43,47,
.

.
(Eulers)
x2-x+41, x
, 0<x40. , x
.
(Fermats): 3,5,17,257,65537,
2 K=2k, k:
(Mercens)
2n-1, n=2,3,5,7,13,17,19,31,61.
.
45

M=225964951 - 1
7816230 . 42-
18 2005
GIMPS.
M=224036583 - 1 (
7235733 ). 41- ,
GIMPS 15 2004.

, -.

. ,
107 , 100000
.
Co
k

a pi

i 1

pi - , i - , a - .
3.2. a=120=233151
a1,a2,a3,,an d, ,
da1, da2, da3,, dan.
a1,a2,a3,,an
d,
d=(a1,a2,a3,,an).
3.3. (6,15,27)=3.
T 3.6.
k

a1 pi

i 1

a 2 pi

a n pi i ,

...

i 1

i 1

() :
k

(a1 , a2 ,..., an ) pi

min( i , i ,..., i )

i 1

3.4. 6=2131, 15= 3151,


=2min{1,0,0}3min{1,1,3} 5min{0,1,0}=20 31 50=3.
T 3.7.
k

a1 pi
i 1

a 2 pi

27= 33, (6,15,27)=

...

i 1

a n pi i ,

i 1

() :
k

(a1 , a2 ,..., an ) pi
i 1

max( i , i ,..., i )

.
46

3.5. 6=2131, 15= 3151,


=2max{1,0,0}3max{1,1,3} 5max{0,1,0}=21 33 51=270.

27= 33, (6,15,27)=

3.2.

,
.

.
.
T 3.8. a=bq+r,
a,b b,r, (a,b)=(b,r).
:
d=(a,b), da db ,
d bq, a bq
d a-bq=r.#
T 3.9. ( ) a>0 b>0
, a>b, b a, s,
q0,q1,q2,,qs r1,r2,,rs , b>r1>r2>>rs >0 a=bq0+r1,
b=r1q1+r2 , r1= r2q2+r3,, rs-2= rs-1qs-1+rs, rs-1= rsqs, (a,b)=rs

3.8 (a,b), (b,r1), (r1,r2),, (rs1,rs), (a,b)= (b,r1)= (r1,r2)==(rs-1,rs).

.

begin
g0:=a;
g1:=b;
while gi0 do
begin
gi+1:= gi-1 mod gi;
i:=i+1;
end
gcd:= gi-1
{gcd-Greatest Common Divisor ()}
end
3.9. 1173 323, (1173,323)
=?. 1173=3233+204 1173 323
323 204. 323=2041+119;
47

204=119 1+85; 119=851+34; 85=342+17; 34=172 ,


(1173,323) =17.
:
gi+1
204
119
85
34
17
0

:=
:=
:=
:=
:=
:=
:=

gi-1 mod gi;


1173 mod 323
323 mod 204
204 mod 119
119 mod 85
85 mod 34
34 mod 17


,
.
.
:
1. a b , (a,b)=2(a/2,b/2);
2. a , b , (a,b)=(a/2,b);
3. 3.8 (a,b)=(b,a-b);
4. a b , a-b .
3.10. 1173 323, (1173,323)
=?. , ,
(1173,323)=(323,850)=(323,425)=(323,102)=(323,51)=
(51,272)=(51,136)=(51,68)=(51,34)=(51,17)=(17,34)=(17,17)=17.
,
(1173,323)
(323,850)
3. 2
.
a1,a2,a3,,an
, (a1,a2,a3 ,,an)=1.
a1,a2,a3,,an,
, i ji (ai,aj)=1.
T 3.10. (a,b)=1, n m
n m
(a ,b )=1, , (an,bm)=1,
n m (a,b)=1.
: , (a,b)=1.
, a=p11,p22,,pkk
i i>0 , i=0
b=p11,p22,,pkk.
(a,b)=1. , ni>0 i=0. #

48

3.3.
a b ()
m, m .
, a b m, a b
m. , 32 39 7, 32 = 74 + 4,
39 = 75 + 4. a b m :
ab mod m.
().
3.11. 325 mod
9; 4812 mod 9; 177 mod 5.
a b m, a b
m. a/b mod m.
ab mod m (=),
a=b mod m , a b m, ab mod m,
m.
, a=b mod m b<m, b
a m.
:
3.1. ab mod m, k
kakb mod m.
3.2. kakb mod m, (k,m)=1, ab mod m.
3.3. kakb mod km, k m , ab
mod m.
3.4. ab mod m, cd mod m, a+cb+d mod m.
3.5. a1b1 mod m, a2b2 mod m,, anbn mod m,
a1+a2+a3++an b1+b2+b3++bn mod m.
3.6. ab mod m, cd mod m, acbd mod m.
3.7. a1b1 mod m, a2b2 mod m,, anbn mod m,
a1a2a3 an b1b2b3 bn mod m.
3.8. ab mod m, k>0
akbk mod m.

.

.
,
.

49

3.9. (ab) mod m = [(a mod m)(b mod m)] mod m,


+, - .
, (ab) mod m
,
,
(ab) mod m.
3.12. 79 mod 5 =[(7 mod 5)(9 mod 5)] mod 5=3.
,
,
.
3.13. 35 mod 7.
.
3 5,
mod 7 .
3
, 35.
, 4
, az mod m z-1
.
35 mod 7.
, ,
.
,
.
,
, 35 mod 7
:
1. 3
32=33=9.
2. 32,
34=3232=99=81.
3. 35,
35=343=813=243.
4. ,
35 mod 7=243 mod 7=5.
, 35 mod 7,
3, (az mod m)
2(log2z-1) .
,
m.

3.9. 7
(az mod m) m,
.
1. 3 7,
2
3 mod 7=33 mod 7=2

50

2. 34 mod 7 , ,
3.9, 34 mod 7=[(32mod7)(32mod7)]mod7=
22 mod 7=4.
3. ,
35 mod 7=[(34mod7)(3mod7)]mod7= 43 mod 7=5.
(az mod m)
.

begin x=az mod m
a1:=a; z1:=z;
x:=1;
while z10 do x(a1z1 mod m)=az mod m
begin
while z1 mod 2=0 do
begin a1 z1
z1:= z1 div 2;
a1:= (a1a1) mod m;
end;
z1:= z11;
x:=(xa1 ) mod m
end;
fastexp:=x;
end
3.14. x=510 mod 7=5(1010) mod 7
. 1010=10102.

.
a1:=5; z1:=10; x:=1;
z10; (100);
z1 mod 2=0; (10 mod 2=0);
z1 div 2=5; (10/2=5);
a1:= a1a1 mod m=4; (55 mod 7=4);
z1 mod 20; (5 mod 20);
z1:= z11=4; (5-1=4);
x:= (xa1 ) mod m =4; (14 mod 7=4);
z10; (40);
z1 mod 2=0; (4 mod 2=0);
z1 div 2=2; (4/2=2);
a1:= a1a1 mod m=2; (44 mod 7=2);
z1 mod 2=0; (2 mod 2=0);
z1 div 2=1; (2/2=1);
51

a1:= a1a1 mod m=4; (22 mod 7=4);


z1 mod 20; (1 mod 20);
z1:= z11=0; (1-1=0);
z1=0; (0=0);
x:= (xa1 ) mod m =2; (44 mod 7=2);
, x=510 mod 7 2.
3.4.
r (0<r<m),
a m. a m
a m. , a=r
mod m, (0<r<m), m(a-r). , a-r=qm
a=qm+r.
m {ai}={a1,a2,,am}
, m ri
{0,1,2,,m-1}, {ai}
m. , ai,
ai=rj mod m rj
{ai}.
3.15. {16,12,19,48,65}
5. , 16=1 mod 5, 12=2 mod 5,
19=4 mod 5, 48=3 mod 5, 65=0 mod 5
{0,1,2,3,4}.
{ai}={a1,a2,,an}
m, r.
3.16. {16,21,56,91,106}
5. , 16=1 mod 5, 21=1 mod 5, 56=1 mod 5,
91=1 mod 5, 106=1 mod 5 1
.

.
3.11. (Fermat). p (a,p)=1, a ,

p-1=1 mod p.
: p a,
(a,p)=1 p-1 a,2a,3a,,(p-1)a.
ia, ja (ij) p,

iaja mod p,

52

3.2 . ,
ri , (1 ri p1). {1,2,3,,(p-1)} {a,2a,3a,,(p-1)a}.

{r ,r ,r,,r}={1,2,3,,(p-1)}, a=r mod p, 2a=r mod p, 3a=r
mod p,,(p-1)a=r mod p.
3.7 a=r mod p, 2a=r mod p, 3a=r mod
p,,(p-1)a=r mod p a2a3a(p-1)a=r r r,r mod p.
, {r,r,r,,r}={1,2,3,,(p-1)} ,
a2a3a(p-1)a =123(p-1) mod p. ap-1(p-1)!=(p-1)!
mod p. (p-1)! p , ((p1)!,p)=1, ap-1=1 mod p.#
, p.
,
.
n.
(Eulers) (n) n1
, n n.
n (1)=0, (2)=1,
(3)=2, (4)=2, (5)=4, (6)=2, (7)=6, (8)=4, (9)=6, (10)=4,
(11)=10,. , ,
n p, (p)=p-1.
.

.
T 3.12. n=pq, p q (pq) ,
(n)=(p)(q) =(p-1)(q-1).
o: {0,1,2,,pq-1} pq ,
n=pq. n=pq,
(p-1) {q,2q,3q,,(p-1)q}, q, (q-1)
{p,2p,3p,,(q-1)p}, p 0. , (pq)=pq-(p-1)-(q-1)-1=pq-p-q+1=(p1)(q-1).#
3.17.(10)=(25)=(2)(5)=14=4.
T 3.13. p , k>0 , (pk)=pk-pk-1
=pk-1(p-1).
: , pk
pk, {p,2p,3p,,(pk-1-1)p}. ,
pk-1 , , pk, , pk-1-1 ,
pk. T, (p)=pk-1-(pk-1-1)= pk-pk-1.#
3.18.(8)=(23)=23 22=8-4=4.
T 3.14.
, ,
(nm)=(n)(m), (n,m)=1.
53


a.

a=p11 p22prr, pi i pjj
ij,
(a)=(p11)(p22)(prr)=(p11-p11-1)(p22-p22-1)(prr-prr-1)=a(1-1/p1)(11/p2) (1-1/pr).
3.19. (2700)=? 270=223352. (2700)=2700(1-1/2)(1-1/3)(11/5)=720.
3.15. (Eulers). n0 ,
(a,n)=1, a ,
a(n)=1 mod n.
:

{r1,r2,r3,,r(n)}

n, (a,n)=1 ar1, ar2,


ar3,, ar(n) . , ar1=r
mod n, ar2=r mod n, ar3=r mod n,,ar(n)=r mod p, {r,r,r,,r}
{r1 ,r2 ,r3,,r(n)}, .
,
3.11, ar1=r mod n,
ar2=r mod n, ar3=r mod n, ,ar(n) =r mod p, : a(n) r1 r2 r3,r(n)=
r r r, r(n) mod n. , {r1,r2, r3,,r(n), m}=1,
a(n) =1 mod n.#
3.20. 310 mod 11=?. 310=1 mod 11,
p=11 , a=3 p=11,
(11,3)=1.
3.21. 312 mod 26=?. 312 mod 26=1,
n=26, (26)=(213)=(2)(13)=112=12.
3.5.
( )

ax=b mod n, b<n,
a, b n , b<n, x (x<n) ,
.

x, : 1)
; 2) ; 3) ,
.

54

T 3.16. d a n (d=(a,n))
b, ax=b mod n
.
: ,
x0, , ax0=b mod n.
3.16 d a n, , d
ax0 nq, ax0nq=b.
q . :
d b, x0
d b, , ax=b mod n
, d=(a,n) b. #
3.22. 2x=1 mod 4 ,
d=2 a=2 n=4 (2=(2,4))
b=1. ,
x<4 2x=1 mod 4.
T 3.17. d a n
(a,n)=1, , a n ,
ax=b mod n .
: ,
{0,1,2,,n-1} n. , a n
, {0a, 1a, 2a,, (n-1)a}
n.
ax0 b.#
3.18. 2x=1 mod 3
x0=2, a=2 n=3 .
3.17
, a n
. b.
b=1 ax=1 mod n,
x=a-1
a. aa-1 =1 mod n.

: ax=1 mod n
3.17 1=a(n) mod n
, , 3.6,
. ax=a(n) mod n. 3.2,
ax=a(n) mod n a,

x=a(n)-1 mod n,

. , n
x=an-2 mod n.
3.19. 3x=1 mod 7.
55

7 , x=an-2 mod n=37-2 mod 7= 35 mod


7=5.
3.20. 4x=1 mod 9.
n=9 (9)=6,
(n)-1
x=a
mod n =46-1 mod 9= 45 mod 9=7.
b1 ax= b mod n,
x
x=ba(n)-1 mod n,
, n x=ban-2 mod n.
3.21. 3x=3 mod 7.
, (3,7)=1, 7 x=ban-2 mod
n=337-2 mod 7=36 mod 7=1.
T 3.18. d a n
b (db), d
ax=b mod n.
: , d a,
n b. ax=b mod n a1dx=b1d mod n1d.
3.3, a1x=b1 mod n1,
(a1,n1)=1. a1x=b1 mod n1, x0.
n/d
ax=b mod n. x1=x0 mod n, x2=x0+n/d mod n, x3=x0+2n/d
mod n,,
xd=x0 +((d-1)n)/d mod n.#
3.22.
6x=4 mod 10.
, (6,10)=2 2 4,
3x=2 mod 5. x0=ban-2 mod
n=235-2 mod 5=233 mod 5=4. 6x=4 mod 10
x1=x0 mod n=4 mod 10=4; x2=x0+n/d mod n=4+10/2 mod 10=9.
3.6.

(.Shannon). 1949 .Shannon
,
.


.
,
. , ,
,
56

,
.

,
. , ""
,
(Male 0, Female 1).
ASCII , Mal
Female, ,
.

,
.
X1,..., Xn
n ,
p(X1),...,p(Xn), p(Xi), i=1,...,n 1.
Xi
, F(Xi)=-log2p(Xi)=log2(1/p(Xi)).
,
,
log2(1/p(Xi))
. , p(Xi)=1
F(Xi)= log2(1/p(Xi))=log21=0. , ,
, .

.

.
n

i 1

i 1

H ( X ) p( X i ) log 2 ( p( X i )) p( X i ) log 2 (1 / p( X i )).


, log2(1/p(Xi))
,
Xi. ,
(), , ,

,
. ,
,
.
1/p(X) p(X),

.
,
.
57

,
, , .
.
3.23. n=3,
A,B, C, p(A)=1/2 p(B)=p(C)=1/4. log2(1/p(A))=log22=
1; log2(1/p(B))=log2(1/p(C))=log24= 2,
,
.
3.24. ,
. ( ) Mal
Female p(Male)=p(Female)=1/2.

H(X)=p(Male)log2(1/ p(Male))+ p(Female)log2(1/ p(Female))=
=(1/2)(log22)+(1/2)(log22)=1,
,
.

1 .

.
3.25. n=3,

A,B,

C,

p(A)=1/2,
p(B)=p(C)=1/4.

H(X)=(1/2)log22+2(1/4)log24 =0.5+1.0=1.5.

, A ,
, B C. , A
0, B C
: 10 11. ,
, ABCAABAC, ,
12- 010110010011 :
A
0

B
10

C
11

A
0

A
0

B
10

A
0

C
11

12/8=1,5,
. ,
A,B, C
1,5.
3.7.

, ,
.
.
58

,
.
.
N
, () X N

r=H(X)/N,
r
.
(
R), ,

,
. L ,
:
R=log2L,
L=26, R=log2L=log226 =4,7.
R=4,7
,
. , ,
, .

. , ,
, , ,
. , occurring frequently (" ")
58% crng frg .

, .
: , ,
..
.1 3.2.
3.1.

A
0.0804
B
0.0154
C
0.0306
D
0.0399
E
0.1251
F
0.0230
G
0.0196
H
0.0554
I
0.0726
J
0.0016
K
0.0067
L
0.0414
M
0.0253
N
0.0709
O
0.0760
P
0.0200
Q
0.0011
R
0.0612
S
0.0654
T
0.0925
U
0.0271
V
0.0099
W
0.0192
X
0.0019
Y
0.0173
Z
0.0009

59

3.2.


0.062

0.053

0.014

0.026

0.038

0.053

0.013

0.090

0.025

0.023

0.072

0.040
,
0.007

0.045

0.016

0.053

0.062

0.021

0.010

0.002
0.028

0.009

0.004
0.012
0.006
0.003
0.016
0.014
0.003
0.006
0.018

, ,
, ,
E , T
. A O . ,
E, T, A, O, N, I, S, R, H , .
70% .
.
3.3.


0.090 E 0.125
E 0.184 E 0.159
E 0.118
A 0.121
0.072 T 0.092
N 0.114 A 0.094
A 0.117
I 0.106
0.062 A 0.080
I 0.080 I
0.084
I
0.113
T 0.098
0.062 O 0.076
R 0.071 S 0.079
O 0.098
N 0.086
0.053 I
0.073
S 0.070 T 0.073
N 0.069
E 0.081
0.053 N 0.071
A 0.054 N 0.072
L 0.065
S 0.078
0.045 S 0.065
T 0.052 R 0.065
R 0.064
L 0.059
0.040 R 0.061
U 0.050 U 0.062
T 0.056
O 0.055
0.038 H 0.055
D 0.049 L 0.053
S 0.050
K 0.052
# 0.515 # 0.699
# 0.726 #
0.741
# 0.750
# 0.736

p(Xi)
r=H(1-grams)/1=4.15. ,

, .
60

,

, , , ,
.
(
) . ,
TH EN , .
(, OZ) ,
( ).
,
r=H(2-grams)/2=3.62.
( )
, .
, BB
B, BBB.
,
r=H(3-grams)/3=3.22.
( )

N-
N. N , ,
N , ,
N .
, ,

N r=11,5.
, ,
R=4,7.
,
. r
R D=R-r. R=4.7 r=1, D=3.7,
, 79% ; r=1.5,
D=3.2, 68%.
3.8.
, .

.
:
1. M, p(M)
M, P ( M ) 1 .

61

2. C, p(C)
C, P (C ) 1 .
C

3. K, p(K) K,
P( K ) 1 .
K

PC(M) ,
M C,
.
, .
PC(M)=P(M).
P(M) ,
M
. ,
C
.

C
PM(C)=P(C),
C
M.
PM(C)=P(C) ,
PM(C) C
M , P(C)
C M
( M ).
, ,
, ,
,
, .


.
M1

k1

k4

M2
k3

M3
k2

M4

k2
k3
k4
k1
k2
k3
k4
k1
k2
k3
k4
k1

C1

C2

C3

C4

62

.3.1.
PC(M)=P(M)=1/4, PM(C)=P(C)=1/4 M C.
C1 C2 C3
C4,
.
k1, k2, k3 k4
(p(k1)=1/4, p(k2)=1/4, p(k3)=1/4, p(k4)=1/4)
M1 M2 M3 M4 .
, ,
, , .
, M ,
C ki, C M,
PC(M)=0. ,
,
, .
,


,
. ,
.

1917 (. 2.14). M=m1m2...
, K=k1k2...
,
C=EK(M)=c1c2... , ci=(mi+ki) mod 2, i=1,2,... .
XOR
/ ci=miki. kiki =0 ki =0 1,
: ciki = miki ki=mi.
3.26. M=0111001101010101, K=0101011100101011,

p(0)=p(1)=0.5.
:
C=MK=01110011010101010101011100101011=0010010001111110.
:
M=CK=00100100011111100101011100101011=0111001101010101.


.

63

4.
4.1. DES
(Data Encryption Standard - DES)

.
.
,
.

.
,
.
" ",

.
, ,
.

-
LUCIFER,
IBM (Feistl). LUCIFER
, .
.4.1.

S1

P1

S2

S 11

S 21

S 12

S 22

S 13

S 23

S 14

S 24

.4.1. LUCIFER
Si 12 4
Si1 ,...,Si4, ,
.
,
. Pi ()
64

, ,
. , P1
, , ,
. ,
.
1977
(Data Encryption Standard - DES)
,
.
IBM LUCIFER.
DES 64- 56-
. , 56-
,
.
DES,
, 4.2.
T= t1t2,...,t64 64 ,
IP, T0=IP(T). 16
F,
IP-1 . IP IP-1
4.1.
4.1.
-1
IP IP
IP-1

IP
58 50 42 34 26 18 10
60 52 44 36 28 20 12
62 54 46 38 30 22 14
64 56 48 40 32 24 16
57 49 41 33 25 17 9
59 51 43 35 27 19 11
61 53 45 37 29 21 13
63 55 47 39 31 23 15

2
4
6
8
1
3
5
7

40
39
38
37
36
35
34
33

8 48 16 56 24 64 32
7 47 15 55 23 63 31
6 46 14 54 22 62 30
5 45 13 53 21 61 29
4 44 12 52 20 60 28
3 43 11 51 19 59 27
2 42 10 50 18 58 26
1 41 9 49 17 57 25

, . , IP
T=t1t2...t64 T0=t58t50...t7. .
16
F, . Ti
i- , Li Ri
Ti , , Ti = Li Ri , Li = t1t2...t32 , Ri =
t33t34...t64. Li=Ri-1, Ri = Li-1F(Ri-1,Ki),
(XOR), Ki - 48-
i- .
65

T
IP

L0

R0
K1

R1=L0+F(R0,K1)

L1

K2

L2

R2=L1+F(R1,K2)

L15

R15=L14+F(R14,K15)

K16

R16=L15+F(R15,K16)

L16

IP-1

. 4.2. DES
(.4.3) F(Ri-1,Ki,).
Ri-1 48-
E(Ri-1) 4.2 E.
, , Ri-1
.

66

4.2.
,
F(Ri-1,Ki,)

E
P
32 1 2 3 4 5
16 7 20 21
4 5 6 7 8 9
29 12 28 17
8 9 10 11 12 13
1 15 23 26
12 13 14 15 16 17
5 12 31 10
16 17 18 19 20 21
2 8 24 14
20 21 22 23 24 25
32 27 3 9
24 25 26 27 28 29
19 13 30 6
28 29 30 31 32 1
22 11 4 25
Ri-1=r1r2...r32, E(Ri-1)=r32r1r2...r32r1.
E(Ri-1) 48
Ki,
6- B1B2...B8, E(Ri-1)Ki=B1B2...B8. 6-
Bj
F, , , S- (Sbox). S-box, 6- Bj, 4 Si(Bj) . 4-
32- ,
P,
4.2. , 32- , F(Ri1,Ki,), P(S1(B1)...S8(B8)). - F(Ri-1,Ki,), (Si)
.

67

Ri-1
E
Ki

S1

S2

S3

S4

S5

S6

S7

S8

P
F(Ri-1,Ki)

. 4.3. F(Ri-1,Ki,)
, S-box Si 6-
Bj=b1b2b3b4b5b6 4- 4.3. S1.
Ta 4.3.
(S-box) S1
(b2b3b4b5)

(b1b6) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
2
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

.
0, 1, 2 3, b1b6,
, 0,1,2, 15,
b2b3b4b5 . Si(Bj) 4 ,
b1b6 b2b3b4b5.
4.1. B=010100, ,
0 10. 6,
0110.
16 Ki,
48 . Ki
K, 4.4.

68

PC-1
C0

D0

LS1

LS1

C1

D1

LS2

LS2

C2

D2

LS16

LS16

C16

D16

PC -2

K1

PC -2

K2

PC -2

K16

. 4.4.
K 64- 8
8, 16, 24, 32, 40, 48, 56, 64. 4.4
(PC-1) . -,
, -, 56-
K.
Ta 4.4.

PC-1
PC-2
57 49 41 33 25 17 9
14 17 11 24 1
5
1
58 50 42 34 26 18
3
28 15 6
21 10
10 2
59 51 43 35 27
23 19 12 4
26 8
19 11 3
60 52 44 36
16 7
27 20 13 2
63 55 47 39 31 23 15
41 52 31 37 47 55
7
62 54 46 38 30 22
30 40 51 45 33 48
14 6
61 53 45 37 29
44 49 39 56 34 53
21 13 5
28 20 12 4
46 42 50 36 29 32
, i- 48-
Ki K. . 4.4.
.
PC-1 PC-1(K)
C D 28 . C D
,
Ki. Ci Di C D,
Ki. Ci Di
69

Ci=LSi(Ci-1), Di =LSi(Di-1). LSi



, 4.5
Ki. Ki
PC-2: Ki=PC-2(Ci,Di).
4.5.
# LSi
i
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
#
1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
c ,
,
. , K16
, K15 , . ., K1
.
,
. , , ,
, .


IP IP-1.
IP(IP-1())=IP-1(IP())=.
, ,
Ri-1 Li-1 Ri Li
. Ri-1,
Ri-1=Li DES.
Li-1=RiF(Li,Ki)F(Li,Ki)=Ri.
F(Li,Ki)F(Li,Ki)=0.
, ,

. , K1=K2=
=K16. K,
.
, C0 1 0,
D0 1 0, k49=k41=k33=...=k57=0 1
k55=k47=k39=...=k63=0 1.
,
( ) 4.6.
4.6.
01

DES
01 01 01 01 01 01

01
70

1F
E0
FE

1F
E0
FE

1F
E0
FE

1F
E0
FE

1F
E0
FE

1F
E0
FE

1F
E0
FE

1F
E0
FE

,
. , 2
, 8 .
C D 0101...0101
1010...1010, (D C)
0000...0000, 1111...1111, 0101...0101, 1010...1010.
, DES
,
,
.
DES.
1. 56
.
2. F , ,
DES , .
DES
, ,
. .4.5
,
DES.
DES
M

DES
K1

K2

DES-1

DES-1

)
DES
M

DES-1

K1
DES-1

K2
DES

DES
K1

DES-1

)
71

.4.5. DES
DES
, DES-1
.
M C. ,
112
. DES (
4.5),
.
4.2. IDEA
(International Data
Encryption Algorithm IDEA)
. IDEA 1990
(J.Massey),
DES. DES IDEA
,

.
, ,

. DES
IDEA ,
64 ,
128 .
:
1. .
. ,
.
,
. ,

64 . ,
64 ,
,
.
2. . ,
( ,
). 128
, .
3. (Confusion).
,
.
72

4. (Diffusion). ,
,
,
.
16-
:
1. (XOR) 16
, , .
2. 16 216,

3. 216+1.
.
216,
, .
:
a(bc) (ab)(ac),
a(bc) (ab)c.

.
4.7 ,
X Y .
22=4,
22+1=5. , , 23 = 1 mod 4, 23 = 1 mod 5.

22=4. , , , X=2 Y=0 20 =24 = 8
= 3 mod 5. X=1 Y=0 10 =14 = 4 = 0
mod 5. ,
4 0.
4.7.
IDEA
X
Y
XY
XY
XY
0 (00)
0 (00)
0 (00)
1 (01)
0 (00)
0 (00)
1 (01)
1 (01)
0 (00)
1 (01)
0 (00)
2 (10)
2 (01)
3 (11)
2 (10)
0 (00)
3 (11)
3 (11)
2 (10)
3 (11)
1 (01)
0 (00)
1 (01)
0 (00)
1 (01)
1 (01)
1 (01)
2 (10)
1 (01)
0 (00)
1 (01)
2 (10)
3 (11)
2 (10)
3 (11)
1 (01)
3 (11)
0 (00)
3 (11)
2 (10)
2 (10)
0 (00)
2 (10)
3 (11)
2 (10)
2 (10)
1 (01)
3 (11)
2 (10)
3 (11)
2 (10)
2 (10)
0 (00)
0 (00)
0 (00)
73

2 (10)
3 (11)
3 (11)
3 (11)
3 (11)

3 (11)
0 (00)
1 (01)
2 (10)
3 (11)

1 (01)
3 (11)
0 (00)
1 (01)
2 (10)

1 (01)
2 (10)
3 (11)
1 (01)
0 (00)

1 (01)
3 (11)
2 (10)
1 (01)
0 (00)


, - ,
.4.6.
F1
F2

Z5

Z6

G1
G2
.4.6. - .
F1 F2 16- , .
Z5 Z6 - 16- .
IDEA
.
IDEA .4.7.

74

X
X1

X2

X3

X4

Round 1

Z1
Z6

W11 W12 W13 W14

Round 2

Z7
Z12

W21 W22 W23 W24

W71 W72 W73 W74

Round 8

Z43
Z48

W81 W82 W83 W84

Output round

Z49
Z52

Y1

Y2

Y3

Y4

.4.7. IDEA
, ,
, 16 .
Xi, Yi, Wij
Zrl.
,

.
()
IDEA.

75

X1

X2

X3

X4

Z1

Z3

Z2

Z4
I11

I12

I13

I14

MA
Z5

Z6

MAL

W11

W13

MAR

W12

W14

.4.8. IDEA

.

.
W81
W83
W82
W84
1

33

Z49

Z50

Z51

Z52

.4.9. IDEA
76

,
,
128 Z.
.
8 Z1,Z2,,Z8,
, K.
, 16 .
K 25

25 .
, 52
.
K , Z[1128] 8
Z1=Z[116], Z7=Z[97112],
Z13=Z[90105], Z19=Z[8398], Z25=Z[7691], Z31=Z[4459], Z37=Z[34
52], Z43= Z[3045].
4.8.
4.8.
IDEA

#1
#2
#3
#4
#5
#6
#7
#8

Z1Z2Z3Z4Z5Z6
Z7Z8Z9Z10Z11Z12
Z13Z14Z15Z16Z17Z18
Z19Z20Z21Z22Z23Z24
Z25Z26Z27Z28Z29Z30
Z31Z32Z33Z34Z35Z36
Z37Z38Z39Z40Z41Z42
Z43Z44Z45Z46Z47Z48
Z49Z50Z51Z52

Z[196]
Z[97128;2689]
Z[90128;125;5182]
Z[83128;150]
Z[76128;143]
Z[4475;101128;136]
Z[37100;126128;129]
Z[30125]
Z[2386]

,
.
.
Zj-1Zj=1 mod (216+1);
-Zj Zj =0 mod 216,
Zj-1 , -Zj
.
.
77

4.9.
IDEA

#1
#2
#3
#4
#5
#6
#7
#8

U1U2U3U4U5U6
U7U8U9U10U11U12
U13U14U15U16U17U18
U19U20U21U22U23U24
U25U26U27U28U29U30
U31U32U33U34U35U36
U37U38U39U40U41U42
U43U44U45U46U47U48
U49U50U51U52


Z49-1,-Z50 ,-Z51, Z52-1,Z47,Z48
Z43-1,-Z45 ,-Z44, Z46-1,Z41,Z42
Z37-1,-Z39 ,-Z38, Z40-1,Z35,Z36
Z31-1,-Z33 ,-Z32, Z34-1,Z29,Z30
Z25-1,-Z27 ,-Z26, Z28-1,Z23,Z24
Z19-1,-Z21 ,-Z20, Z22-1,Z17,Z18
Z13-1,-Z15 ,-Z14, Z16-1,Z11,Z12
Z7-1,-Z9 ,-Z8, Z10-1,Z5,Z6
Z1-1,-Z2 ,-Z3, Z4-1

DES, IDEA ,
.
, .
.

X1

X2

X3

X4

Transformation

Round #1

I11

I12

I13

I14

Sub ciphering
W11

W12

W13

Z5Z6
W14

Transformation

Round #2

I21

I22

I23

Z7Z10
I24

Sub ciphering

Z11Z12

W21

W22

W23

W24

W71

W72

W73

W74

Transformation

Round #8

I81

I82

I83

Z43Z46
I84

Sub ciphering
W81

W82

W83

Z47Z48
W84

Output Transform.
Y1

Y2

Y3

Z1Z4

Z49Z52
Y4

78

X1

X2

X3

X4

Output Transform.
V81

V82

V83

U49U52
V84

Sub ciphering

Round #8

J81

J82

J83

U47U48
J84

Transformation

U43U46

V71

V72

V73

V74

V21

V22

V23

V24

Sub ciphering

Round #2

J21

J22

J23

U11U12
J24

Transformation
V11

V12

V13

U7Z10
V14

Sub ciphering

Round #1

J11

J12

J13

U5U6
J14

Transformation
Y1

Y2

Y3

U1U4
Y4

.4.10. IDEA
,
(Round)
.

:

Y1=W81Z49, Y2=W83 Z50, Y3=W82 Z51,
Y4=W84Z52,

J11=Y1U1, J12=Y2U2, J13=Y2U3, J14=Y4U4,

J11=Y1Z49-1=W81Z49Z49-1 = W81
J12=Y2-Z50 =W83 Z50-Z50 = W83
J13=Y3-Z51 =W82 Z51-Z51 = W82
J14=Y4Z52-1=W84Z52Z52-1 = W84
, ,
, ,
IDEA.
,
.
79

W81 =I81MAR( I81 I83, I82 I84 )


W82 =I82MAR( I81 I83, I82 I84 )
W83 =I83MAL( I81 I83, I82 I84 )
W84 =I84MAL( I81 I83, I82 I84 )
MAR(A,B) MA
(. 4.8), , MAL( A,B) .
(. 4.8 .
4.10) V11,V12,V13,V14,
V11 =J11MAR( J11J13, J12J14 )=
=W81MAR( W81W83, W82W84 )=
=I81MAR(I81I83,I82I84)MAR[(I81MAR(I81I83,I82I84)I83
MAR(I81I83,I82I84),I82MAL(I81I83,I82I84)I84MAL(I81I83,
I82I84)]=
=I81MAR( I81I83,I82I84)MAR(I81I83,I82I84)=
=I81
, V12 =I12, V13=I13 V14 =I14.

IDEA
.
4.3. BLOWFISH
BLOWFISH
. BLOWFISH
1994 (Bruce Schneier),
DES.
BLOWFISH .
1..
. BLOWFISH 64
32 18
.
2. . BLOWFISH
5 .
3. . BLOWFISH
.
4. . ,

80

.
.
BLOWFISH .
32 448
5. . BLOWFISH 64-
64- .
BLOWFISH
.
BLOWFISH.
. BLOWFISH 32
K1 32 .
K1,K2,,Kj, 1 j14.
.
P- 32-
P1,P2,,P18.
S-. BLOWFISH S. 256 32- .
S1,0, S1,1,,S1,255,
S2,0, S2,1,,S2,255,
S3,0, S3,1,,S3,255,
S4,0, S4,1,,S4,255.
BLOWFISH
P S-.
S- .
1. P- S-
, P1 32 ( ),
32 P2
.
P-, S-.
:
P1=243F6A88, P2=85 A308D3 ,, S4,254= 57FDFE3, S4,255=3AC372E6.
2. XOR P- K, , . ,
P1=P1K1, P2=P2K2,, P14=P14
K14, P15 =P15K1, , P18=P18K4.
3. P S-,
64 , 64 . 64
P1 P2,

. P S
P3,P4,,
P18,S1,0,S1,1,S1,2, S4,254,S4,255.
P1,P2=EP,S[0], P3,P4=EP,S[P1P2], P5,P6=EP,S [P3P4], ,
81

P17,P18=EP,S [P15P16], S1,0,S1,1=EP,S [P17P18], S1,2,S1,3=EP,S


[S1,0S1,1],,S4,254,S4,255=EP,S [S4,252S4,253].
BLOWFISH
DES.
,
.
64 bit
LE0
P1

32 bit

32 bit

RE0

F
LE1

RE1

LE15
P16

RE15

F
LE16
P18

RE16

LE17

P17

RE17

.4.11. BLOWFISH
, DES
: RE0 LE0 32 .
LE0
P1. F,
RE0.
.

For i=1 to 16 do
REi=LEi-1Pi;
LEi=F[REi]REi-1;
LE17=RE16 P18;
RE17=LE16 P17.
82

P
.

64 bit
LD0
P18

32 bit

32 bit

RD0

F
LD1

RD1

LD15
P3

RD15

F
LD16
P1

RD16

P2

LD17

RD17

.4.12. BLOWFISH

.
For i=1 to 16 do
RDi=LDi-1P19-i;
LDi=F[RDi]RDi-1;
LD17=RD16 P1;
RD17=LD16 P2;
BLOWFISH
.4.13.
- F,
. S-
.
83

BLOWFISH 2 :
(+) 216; ( ).
Li-1
Ri-1
32
32

Pi

32

S-matrix
8

S1-matrix

#1

+
32

S2-matrix

S3-matrix

S4-matrix

#2

#3

#4

32
32

32

+
32

32

32

Li

Ri

.4.13. BLOWFISH

F,
, S-.
32 4 a, b, c,
d 8 . 8- ,
S-, 32- . S F.
.
F(a,b,c,d)=(S1,a+S2,b)S3,c+S4,d.
BLOWFISH .
1. DES S- BLOWFISH
.
2. ,
.
84

3. BLOWFISH
.

4.12


.
4.10.


BLOWFISH
9
16
144
DES
18
16
288
IDEA
50
8
400
Triple DES
18
48
856

,
,
.
4.4. AES
4.4.1. AES
,
DES
.
. , -
, 56 ,
. ,



.
1997 (NIST)

AES (Advanced Encryption Standard).

.
, ,
.
,
128 , ,
. ,
85

,
.

,
4.11.
4.11.

AES

(200)

MARS

IBM

US

8 /

RC6

R.Rivest & Co

US

12 /

BE

7 /

Rijndael V.Rijmen & J.Daemen


Serpent

Universities

IS, UK, NO

2 /

TwoFish

B.Schneier & Co

US

11 /


. 2 2000
NIST
RIJNDAEL. -

-
.
AES (Rijndael)
V.Rijmen J.Daemen .
,
.
AES Nb 32-
128 ,
(128=Nb32, Nb=4).
Nk 32-
128, 192 256 .
, Nk 4, 6 8.
10, 12 14. ,
AES,
44, 46 48 .

, ,
.
AES .
1. (b7,b6,b5,b4,
b3,b2,b1,b0), .
86

b7 x 7 b6 x 6 b5 x 5 b4 x 4 b3 x 3 b2 x 2 b1 x1 b0 x 0 bi x i .
i 0

(01001011)x +x +x+1.
2. a0,a1,a2,,a15 ip0,ip1,ip2,,ip126, ip127
128 a0=(ip0,ip1,,ip7), a1=(ip8,ip9,,ip15), ,
a15=(ip121,ip122,,ip127), ipk inputk k=0,1,2,,127.
, ,
, an=(ip8n,ip8n+1,,ip8n+7), n16.
3.
AES ,
(state). Sr,c,
0r<4 0c< Nb.
.
Sr,c,=in(r+4c), 0r<4 0c<Nb,

out(r+4c)=Sr,c, 0r<4 0c<Nb,
S(r,c) .

.
4.12.

in0 in1 in2 in3
S0,0 S0,1 S0,2 S0,3
out0 out1 out2 out3
in4 in5 in6 in7
S1,0 S1,1 S1,2 S1,3
out4 out5 out6 out7

in8 in9 in10 in11


S2,0 S2,1 S2,2 S2,3
out8 out9 out10 out11
in12 in13 in14 in15
S3,0 S3,1 S3,2 S3,3
out12 out13 out14 out15
AES
, ,
.
(Addition)

.
,
5
3
2
7
5
7
3
2
(x +x +x +1)+(x +x +x+1)=(x +x +x +x),

(00101101)+(10100011)=(10001110),

(2d)+(a3)=(8e).
(Multiplication) GF(28)
m(x)=x8+
+x4+x3+x+1 (1(00011011)=(1b)). , (x6+x5+x4+x+1)(x7+x5+x2+1)
mod x8+x4+x3+x+1=x7+x6+x5+x+1. ,
, .
a(x)(b(x)+c(x))=a(x)b(x)+a(x)c(x).

(01)=(00000001)

(multiplicative identity). b(x)


m(x).
87

b7 x 7 b6 x 6 b5 x 5 b4 x 4 b3 x 3 b2 x 2 b1 x1 b0 x 0 bi x i
i 1

x=(02)

m(x)=x8+x4+x3+x+1. ,

(1b), m(x).
xtime(). xk k
xtime().
4.2. (57)(13)=?.
(57)=(01010111).
,
(57)(02)=xtime(57)=(10101110)=(ae)
(57)(04)=xtime(ae)=(01011100)(00011011)=(01000111)=(47)
(57)(08)=xtime(47)=(10001110)=(8e)
(57)(10)=xtime(8e)=(00011100)(00011011)=(00000111)=(07)

(57)(13)=(57){(01)(02)(10)}=(57)(01)(02)(57)(10)=(57)(ae)
(07)=(01010111)(10101110)(00000111)=(11111110)=(fe).

a(x)=a3x3+a2x2+a1x1+a0 a=(a0,a1,a2,a3) b(x)=b3x3+b2x2
+b1x1+b0 b=(b0,b1,b2,b3), ,
.

a(x)+ b(x)=(a3b3)x3+(a2b2)x2+(a1b1)x1+(a0b0).

c(x)=a(x)b(x)

c(x)=a(x)b(x)=6x6+5x5+4x4+3x3+2x2+1x1 +0,

c0=a0b0
c4=a3b1a2b2a1b3
c1=a1b0a0b1
c5=a3b2a2b3
C6=a3b3
c2=a2b0a1b1a0b2
c3=a3b0a2b1a1b2a0b3

, AES,
c(x)
(x4+1) , xi mod (x4+1)=x i mod 4.
a(x)b(x) a(x) b(x)

d(x)=a(x)b(x)=d3x3+d2x2+d1x1 +d0,
88

d0=a0b0a3b1a2b2a1b3
d1=a1b0a0b1a3b2a2b3
d2=a2b0a1b1a0b2a3b3
d3=a3b0a2b1a1b2a0b3

d0

a0

a3

a2

a1

d1 a1

d 2 a2

a0
a1

a3
a0

a 2 b1

a3 b2

d3

a2

a1

a0

a3

b0

b3

4.4.2. AES
(key expansion) K
Nb(Nr+1)
.
RotWord()
[a0,a1,a2,a3] . [a1,a2,a3,a0].
SubWord()
[a0,a1,a2,a3]
4.13 (S-box).
4.13.

0
1
2
3
4
5
6
7
8
9
a
b
c
d
e
f

0
63
ca
b7
04
09
53
d0
51
cd
60
e0
e7
ba
70
e1
8c

1
7c
82
fd
c7
83
d1
ef
a3
0c
81
32
c8
78
3e
f8
a1

2
77
c9
93
23
2c
00
aa
40
13
4f
3a
37
25
b5
98
89

3
7b
7d
26
c3
1a
ed
fb
8f
ec
dc
0a
6d
2e
66
11
0d

4
f2
fa
36
18
1b
20
43
92
5f
22
49
d5
1c
48
69
bf

AES S-box
y
5 6 7 8
6b 6f c5 30
59 47 f0 ad
3f f7 cc 34
96 05 9a 07
6e 5a a0 52
fc b1 5b 6a
4d 33 85 45
9d 38 f5 bc
97 44 17 c4
2a 90 88 46
06 24 5c c2
4e a9 6c 56
a6 b4 c6 e8
03 f6 0e 61
d9 8e 94 9b
f6 42 68 41

9
01
d4
a5
12
3b
cb
f9
b6
a7
ee
d3
f4
dd
35
1e
99

a
67
a2
e5
80
d6
be
02
da
7e
b8
ac
ea
74
57
87
2d

b
2b
af
f1
t2
b3
39
7f
21
3d
14
62
ea
1f
b9
e9
0f

c
fe
9c
71
eb
29
4a
50
10
64
de
91
65
4b
86
ce
b0

d
d7
a4
d8
27
e3
4c
3c
ff
5d
5e
95
7a
bd
c1
55
54

e
ab
72
31
b2
2f
58
9f
f3
19
0b
e4
ae
8b
1d
28
bb

f
76
c0
15
75
84
cf
a8
d2
73
db
79
08
8a
9e
df
16

89

Rcon[i] Rcon[i]
=[x , (00), (00), (00)], ,
i- (xi-1).
4.3. Rcon[i] i.
Rcon[1] = [xi-1, (00), (00), (00)] = [x0, (00), (00), (00)] =[(01), (00), (00),
(00)]=01000000.
Rcon[2] = [x1, (00), (00), (00)] = 02000000
Rcon[3] = [x2, (00), (00), (00)] = 04000000
Rcon[4] = [x3, (00), (00), (00)] = 08000000
Rcon[5] = [x4, (00), (00), (00)] = 10000000
Rcon[6] = [x5, (00), (00), (00)] = 20000000
Rcon[7] = [x6, (00), (00), (00)] = 40000000
Rcon[8] = [x7, (00), (00), (00)] = 80000000
Rcon[9] = [x8, (00), (00), (00)] = [x7x, (00), (00), (00)] = 1b000000
x7 x = xtime(x7) = xtime(80) = {leftshift(80)}{1b} = 1b
Rcon[10] = [x9, (00), (00), (00)] = [x8x, (00), (00), (00)] = 36000000
Rcon[11] = [x10, (00), (00), (00)] = [x9x, (00), (00), (00)] = 6c000000
Rcon[12] = [x11, (00), (00), (00)] = [x10x, (00), (00), (00)] = d8000000
i-1

K
[wi], 0i<Nb(Nr+1)
, .
Key Expansion (byte key[4Nk], word w[Nb(Nr+1)], Nk)
Begin
i=1
while (i<Nk)
w[i]=word[key[4i],key[4i+1],key[4i+2], key[4i+3]]
i=i+1
end while
i=Nk
while (i<Nb(Nr+1))
word temp=w[i-1]
if (i mod Nk=0)
temp=SubWord(RotWord(temp))
Rcon[i/Nk]
else if (Nk=8 and i mod Nk=4)
temp=SubWord(temp)
end if
w[i]=w[i-Nk]temp
i=i+1
end while
end

90

4.4. , K = 36 8a c0 f4 ed cf
76 a6 08 a3 b6 78 31 31 27 6e
, K
Nk = 4 w[0] = 368ac0f4, w[1] = edcf76a6, w[2] = 08a3b678, w[3]
= 3131276e.
w[4] i = 4
. temp = w[3]
= 3131276e.
RotWord(w[3]) = 31276e31.
RotWord(w[3])
(S-box), 4.13,
SubWord(31276e31) = c7cc9fc7.
Rcon[i/Nk]=Rcon[4/4]=Rcon[1]=01000000.
SubWord(c7cc9fc7)
Rcon[01000000]=69f7.
, w[i Nk] = w[0] = 368ac0f4, w[4]
w[4] = c6cc9fc7 368ac0f4 = f0465f33.
w[i] .
4.4.3. AES
AES 128- ,
,

4.14.
4.14.
AES
a0
a4
a8
a12
a1
a5
a9
a13
a2
a6
a10
a14
a3
a7
a11
a15

.
Cipher (byte in [4Nb], byte out [4Nb], word w[Nb(Nr+1)])
begin
byte state [4,Nb]
State=in
AddRoundKey (state,w)
for round=1 step 1 to Nr-1
SubBytes (state)
ShiftRows(state)
91

MixColumns(state)
AddRoundKey(state, w+roundNb)
end for
SubBytes (state)
ShiftRows(state)
AddRoundKey(state, w+NrNb)
out=state
end

SubBytes (state), ShiftRows(state), MixColumns(state), AddRoundKey(state,
w+roundNb). .
SubBytes ()
S-box (.
4.13), , .
ShiftRows (), (
0) ,

s*r,c= s*r,(c+shift(r,Nb)) mod Nb, 0 < r < 4 0 c < Nb,
shift(r,Nb) = shift(r, 4) r

shift(1, 4) = 1; shift(2, 4) = 2; shift(3, 4) = 3;
MixColumns () ,
GF(28) x4 + 1
a(x) = (03)x3 + (01)x2 + (01)x + (02).
s(x) = a(x)s(x)
s(x) , s(x) .
s(x)
s0' ,c
s1' ,c
s 2' ,c
s3' ,c

02 03 01 01 s0,c
01 02 03 01 s1,c

01 01 02 03 s 2,c 0<Nb
03 01 01 02 s3,c

.
s0,c = ((02)s0,c) ((03) s1,c) s2,c s3,c
s1,c = s0,c ((02) s1,c) ((03) s2,c) s3,c
s2,c = s0,c s1,c ((02) s2,c) ((03) s3,c)
s3,c = ((03) s0,c) s1,c s2,c ((02) s3,c)
AddRoundKey()
(round key) .
92

Nb . Nb

[s0,c, s1,c, s2,c, s3,c] = [s0,c, s1,c, s2,c, s3,c] [wroundNb+c] 0 c < Nb,
[wi ] , round 0
round Nr.
round = 0,
4.4.4. AES
AES
InvShiftRows(), InvSubBytes(), InvMixColumns()
AddRoundKey()
.
InvShiftRows()
ShiftRows(). (Row 0) .
(Row 1, Row 2, Row 3)
, shift (r,Nb), r-
Nb = 4, shift(1, 4) = 1, shift(2, 4) = 2, shift(3, 4) = 3,
.
InvShiftRows()
Sr,(c+shift(r,Nb))modNb = sr,c, 0 < r < 4 0 c < Nb
InvSubBytes()
,
(inverse S-box), .
.
4.15.
AES
y
0 1 2 3 4 5 6 7 8 9 a b c d e f
0 52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb
1 7c e3 39 82 9b 2f ff 87 34 8e 43 44 c4 de e9 cb
2 54 7b 94 32 a6 c2 23 3d ee 4c 95 0b 42 fa c3 4e
3 08 2e al 66 28 d9 24 b2 76 5b a2 49 6d 8b d1 25
4 72 f8 f6 64 86 68 98 16 d4 a4 5c cc 5d 65 b6 92
5 6c 70 48 50 fd ed b9 da 5e 15 46 57 a7 8d 9b 84
6 90 d8 ab 00 8c bc d3 0a f7 e4 58 05 b8 b3 45 06
x
7 d0 2c 1e 8f ca 3f of 02 c1 af bd 03 01 13 8a 6b
8 3a 91 11 41 4f 67 dc ea 97 f2 cf ce f0 b4 e6 73
9 96 ac 74 22 e7 ad 35 85 e2 f9 37 e8 1c 75 df 6e
a 47 f1 1a 71 1d 29 c5 89 6f b7 62 0e aa 18 be 1b
b fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a F4
c 1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80 ec 5f
d 60 51 7f a9 19 b5 4a 0d 2d e5 7a 9f 93 c9 9c ef
93

e a0 e0 3b 4d ae 2a f5 b0 c8 eb bb 3c 83 53 99 61
f 17 2b 04 7e ba 77 d6 26 e1 69 14 63 55 21 0c 7d

InvMixColumns
()

MixColumns().
,
GF(28),
a1(x) x4 + 1.
s(x) ,
s(x) = a1(x) s(x),
a1(x) = (0b)x3 + (0d)x2 + (09)x + (0e)

s 0' ,c
s1' ,c
s 2' ,c
s3' ,c

0e 0b 0d 09

s 0 ,c
09 0e 0b 0d s1,c

0d 09 0e 0b s 2,c 0<Nb
0b 0d 09 0e s3,c

.
s0,c = ((0)s0,c) ((0b) s1,c) ((0d) s2,c) ((09) s3,c)
s1,c = ((09s0,c) ((0e) s1,c) ((0b) s2,c) ((0d) s3,c)
s2,c = ((0d) s0,c) ((09) s1,c) ((0e) s2,c) ((0b) s3,c)
s3,c = ((0b) s0,c) ((0b) s1,c) ((09) s2,c) ((0e) s3,c)
AddRoundKey ()
,
.

.
Inverse Cipher (byte in [4Nb], byte out [4Nb], word dw[Nb(Nr+1)])
begin
byte state [4,Nb]
state=in
AddRoundKey (state,dw+NrNb)
for round=Nr-1 step -1 to 1
InvSubBytes (state)
InvShiftRows(state)
InvMixColumns(state)
AddRoundKey(state, dw+roundNb)
end for
InvSubBytes (state)
InvShiftRows(state)
AddRoundKey(state, dw)
out=state
end
94

AES
.
8, 32- .
,

4 .

95

5.
5.1.


.
(synchronous)
(self-synchronizing) .

. , ,

.

, .
.5.1.

.5.1.

.

.


.
.

.

,
.

(DES, IDEA, BLOWFISH, )
.

96

1. ,
, 64 ,
.
2. ,
, .
(. .5.1)

.
3.
,
.
4. DES,
, ,
, .
5.2.

. ,

, ,
.

.

,
, ,
,
.

,

xt+1=(axt+c) mod N,
x0 (), a0
, c , N (
) . c=0
, c0
.

.
Pentium PC N=23197

1=2147483647.
a
: 16807, 630360016, 1078318381, 1203248318,
397204094, 2027812808, 1323257245, 764261123, 112817.
.

1. xt+1=(1176xt+1476xt-1+1776xt-2) mod (232-5);


2. xt+1=(213(xt+xt-1+xt-2)) mod (232-5);
3. xt+1=(1995xt+1998xt-1+2001xt-2) mod (232-849);
4. xt+1=(219(xt+xt-1+xt-2)) mod (232-1629);
5. xt+1=(5115xt+1776xt-1+1492xt-2+2111111111xt-3+ct) mod 232;
ct =(5115xt-1+1776xt-2+1492xt-3+2111111111xt-4+ct-1)/ 232 .
6. COMBO: zn=(xn+yn ) mod 232,
xn=(xn-1*xn-2 ) mod 232,
yn=(30903yn-1+cn ) mod 216,
cn=(yn-1+cn-1 ) /216
7. KISS:
zn=(xn+yn+un) mod 232,
xn=(69069xn-1+1 ) mod 232,
yn=yn-1(I32 +L13)(I32 +R17) (I32 +L5),
un=(2un-1+un-2+cn) mod 232,
cn=(2un-2+un-3 +cn-1 ) / mod 232.

,
. ,

.
5.3.

.

(LinearFeedback Shift Register - LFSR).

.

, . ,
-
.
,
98


. ,
LFSR,
.
(x)=1+x+x4, LFSR .5.2.
Q1

Q2

Q3

Q4

Clk

Clk

Clk

Clk

Cp
M2

.5.2. LFSR
LFSR .5.2

.

.
Q1(k+1)=Q1(k)Q4(k)
Q2(k+1)=Q1(k),
Q3(k+1)=Q2(k),
Q4(k+1)=Q3(k).
5.1.
5.1.
LFSR
#
Q1Q2Q3Q4
#
Q1Q2Q3Q4
0
1000
8
1101
1
1100
9
0110
2
1110
10
0011
3
1111
11
1001
4
0111
12
0100
5
1011
13
0010
6
0101
14
0001
7
1010
15
1000
,
1000, LFSR ,
99

(0000).
.

.
1 28
5.2.
5.2.

m=deg(x)
(x)
m=deg(x)
(x)
1
1+x
15
1+x+x15
2
1+x+x2
16
1+x2+x3+x5+x16
3
1+x+x3
17
1+x3+x17
4
1+x+x4
18
1+x7+x18
5
1+x2+x5
19
1+x+x2+x5+x19
6
1+x+x6
20
1+x3+x20
7
1+x+x7
21
1+x2+x21
8
1+x+x5+x6+x8
22
1+x+x22
9
1+x4+x9
23
1+x5+x23
10
1+x3+x10
24
1+x3+x4+x24
11
1+x2+x11
25
1+x3+x25
12
1+x3+x4+x7+x12
26
1+x+x2+x6+x26
13
1+x+x3+x4+x13
27
1+x+x2+x5+x27
14
1+x+x11+x12+x14
28
1+x3+x28
m=deg(x) (x) =
=a0+a1x+a2x2++am-1xm-1 +amxm; am=a0=1; ai{0,1}
LFSR
. .5.3 LFSR
.
D

Clk

Clk

Clk

Clk

Clk

Cp
0=1

m-1

m=1

.5.3. LFSR

.5.4 LFSR
. LFSR
, .
100

Clk

Clk

Clk

...

D
Clk

Cp
m =1

m-1

m-2

m-3

=1

...

.5.4. LFSR

5.1. LFSR
(x)=1+x+x3

.

Clk

Clk

Clk

100
110
111
011
101
010
001

Cp

Cp

Clk

Clk

Clk

100
010
001
101
111
110
011

)
.5.5. LFSR
(x)=1+x+x3 ) )
LFSR
, .

101

a1(k 1) i ai (k );
i 1

a j (k 1) a j 1(k ), j 2,m, k 0,1,2,...


LFSR .
1(k+1)
2(k+1)
3(k+1)

m(k+1)

m-1

0
0

1
0

0
1

0
0

0
0

1(k)
2(k)
3(k)

m(k)

A(k 1) V A(k )
V () , A(k)
A(k+1) LFSR.
( )
.
1. (2m-1)/m
m, . , ,
m=3 (2m-1)/m= (23-1)/3=6/3=2. , m=3
(x)=1+x+x3 (x)=1+x2+x3. ,

m.
2. (x) (x)-1,

(x)-1=xm(x-1).
5.2. , , (x)=1+x2+x5
(x)-1= x5(x-1) = x5(1+x-2+x-5)= 1+x3+x5.
3. m

L=2m-1.

102

LFSR,
(x) m, m
, .
4. (x) L
, .
5.3. (x)=1+x+x4 15
5.3.

5.3.
, (x)=1+x+x4
1

10 11 12 13 14

15

1
1
1
1
0
1
0
1
1
0
0
1
0
0
0

0
1
1
1
1
0
1
0
1
1
0
0
1
0
0

0
0
1
1
1
1
0
1
0
1
1
0
0
1
0

0
0
0
1
1
1
1
0
1
0
1
1
0
0
1

1
0
0
0
1
1
1
1
0
1
0
1
1
0
0

0
1
0
0
0
1
1
1
1
0
1
0
1
1
0

0
0
1
0
0
0
1
1
1
1
0
1
0
1
1

1
0
0
1
0
0
0
1
1
1
1
0
1
0
1

1
1
0
0
1
0
0
0
1
1
1
1
0
1
0

0
1
1
0
0
1
0
0
0
1
1
1
1
0
1

1
1
1
0
1
0
1
1
0
0
1
0
0
0
1

1
0
1
1
0
0
1
0
0
0
1
1
1
1
0

0
1
0
1
1
0
0
1
0
0
0
1
1
1
1

1
0
1
0
1
1
0
0
1
0
0
0
1
1
1

1
1
0
1
0
1
1
0
0
1
0
0
0
1
1

5.
,
.
m 1
1
1
2
p(ak 1) m m 1 ;
2 1 2 2 2
m 1
1 1
1
p(ak 1) 2 m
m 1 ;
2 1 2 2 2


0.5.
7.
.
103


2m-1-1 ,
2m-1 .
, 000111101011001
(x)=1+x+x4
011110101100100
.
8. . s (1s<L) rs
(1r<L) {ak}{ak-s}={ak-r}.
{a0}
000111101011001
{a-2}
011110101100100
{a-9}
011001000111101
9. L ,

(x)

,
ak=a2k , k=0,1,2,.


ai=a2i, i=0,1,2,, m-1.

.
5.4.
(x)=1+x+x4.

a0=a0;
a1=a2;
a2=a4=a0 a3;
a3=a6=a2 a5= a1 a1 a4= a0 a3.
a0a1a2a3=0111

. 5.3
2.
10. . {ai}
q, (q=1,2,3,) {bj}
q- {ai},
bj=qai. L
q , (L,q)=1 {bj} L=2m-1,
.
104

5.5.
(x)=1+x+x4
.
0 0 0 1 1 1 1 0 1 0 1 1 0 0 1

0 0 1 1 1 1 0 1 0 1 1 0 0 1 0

.5.6. -

, .
,

m.
5.4.


.
F.
,
,
, .
(LFSR)
(Nonlinear Feedback
Shift Register (NFSR))
5.7.
F(aj-1,aj-2,aj-3,,aj-m+1,aj-m)
aj

aj-1

aj-2

...

aj-m+1

aj-m

.5.7.

- (De-Bruijn),
, 2m
, m ,
.
LFSR NFSR .
F(aj-1,aj-2,aj-3,,aj-m+1,aj-m)
105

f(aj-1,aj-2,aj-3,,aj-m+1,aj-m),
LFSR, g(aj-1,aj-2,aj-3,,ajm+1)=a*j-1,a*j-2,a*j-3,,a*j-m+2,a*j-m+1. a*i=1ai.
g(aj-1,aj-2,aj-3,,aj-m+1)=a*j-1,a*j-2,a*j-3,,a*jm+2,a*j-m+1 ,
(
), 000001 000000. ,
LFSR
000001, , m-1 ,
. ,
, f(aj-1,aj-2,aj-3,,aj-m+1,aj-m),
LFSR,
000001.
, 000001
g f , F
000000,
g, f F.
g , f , F=1,
100000.
5.6.
5.8.
aj-1 aj-2 aj-3 aj-4

&

.5.8.
LFSR
(x)=1x1 x4 ,
f(a1,a2,a3,a4)=a1a4. F(aj-1,aj-2,aj-3,
,aj-m+1,aj-m) F(aj-1,aj-2,aj-3,,aj-m+1,aj-m)=
a1a4(a*1a*2a*3). .
5.4.

# a1 a2 a3 a4 # a1 a2 a3 a4
1
1
0
0
0
9
1
1
0
1
106

2
3
4
5
6
7
8

1
1
1
0
1
0
1

1
1
1
1
0
1
0

0
1
1
1
1
0
1

0
0
1
1
1
1
0

10
11
12
13
14
15
16

0
0
1
0
0
0
0

1
0
0
1
0
0
0

1
1
0
0
1
0
0

0
1
1
0
0
1
0

, ,

2m-1 , ,
m .
2m
m,
.
.

,
.
m-
Xk=(b2,b3,b4,,bm+1) Xk-1=(b1,b2,b3,,bm),
bm+1{0,1} .
X*k-1=(b2,b3,b4,,bm,1) ,
X**k-1=(bi,bi+1,,bm,1,b2,,bi-1),
m- . b2==bi-1=0, bm+1
bm+1=b11, bm+1=b1. ,
X0
, X0=(0,0,0,,0).
5.5
m=4.
5.5.

Xk =
X**k-1=
k
bm+1
=(b2,b3,b4,,bm+1) =(bi,bi+1,,bm,1,b2,,bi-1),

107

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

0000
0001
0011
0111
1111
1110
1101
1011
0110
1100
1001
0010
0101
1010
0100
1000
0000

1000
1100
1110
1111
1111
1110
1110
1110
1110
1100
1100
1010
1110
1010
1100
1000
1000

b11=01=1
b11=01=1
b11=01=1
b11=01=1
b11=11=0
b1=1
b1=1
b11=11=0
b1=0
b1=1
b11=11=0
b11=01=1
b1=0
b11=11=0
b1=1
b11=11=0

M

.
M ,
(x) (x)
m. 2m-1,
(x) (x).
,

.
M {ai}, {bi} {ci},
(x) (x) m *(x) m/2
,

m
.

,
, .
5.5.


M
(LFSR)
.
LFSR , ,
.


108

.
(, )
LFSR.

, , .
(combining function),
(combination generator).

(Geffe
generator), LFSR
.5.9.
LFSR1
Cp

LFSR2
LFSR3

a1
a2

MUX
1

Addr.

a3

.5.9.
M LFSR1 LFSR2
a1 a2
, a3 LFSR3,
. LFSR
Cp.
b
b=(a2a3)+ (a1(1a3)),
M LFSR1, LFSR2 LFSR3.
m1, m2 m3
b (2m1-1)(2m21)(2m3-1). m1m2m3, , ,
.

LFSR,
.
LFSR
- (Bth-Piper Stop-and-Go generator).
LFSR
. LFSR
.5.10.

109

Cp

Cp*

LFSR1

LFSR2

&
Cp

LFSR3

.5.10. -
, LFSR1
LFSR2,
LFSR2
LFSR3. LFSR2 Stop-and-Go,
LFSR1,
(LFSR2) , .
LFSR ,
.
.
- (Alternating Stopand-Go generator)
M LFSR1, LFSR2
LFSR3. , M ,
,
. . 5.11 LFSR1 LFSR2
LFSR3. ()
(). ,
,
LFSR2 LFSR3.
Cp

Cp*

LFSR1

&

LFSR2
Cp

&

LFSR3

.5.11. -

(Gollmann
Cascaded Key stream generator),
.
.5.12.

110

1
&

LFSR1
Cp

LFSR2

&

Cp

Cp*

Cp

...

LFSR3
...

.5.12.

, . ,

.
LFSR
M . ,
LFSR
0,5.
LFSR
(Threshold generator), .5.13.
(m) LFSR
F 0 1
M
.

,
.
LFSR1
Cp

LFSR2

F
...

LFSR

.5.13.
,

M
,
, ,
10.
5.6.


111

.
(seed)
.
, (. . 5.3 . 5.4) M
LFSR,

.

,
,
,
.
. 5.14.
K0

K0

LFSR

LFSR

K
M

M
C

.5.14.
K ,
, K0
.
5.7.
(.5.15.), M ,

(x)=1+x+x4. , K0

0010,
. ,
,
0000.

K=011110101100100.

112

LFSR
0

0 1

LFSR
0

0 1

.5.15. ,
(x)=1+x+x4.

M=101011111100001,
.
.
M = 101011111100001

K = 011110101100100
C = 110101010000101
, C=11010101000
0101, .
C = 110101010000101

K = 011110101100100
M = 101011111100001

, .

(x) = a0+a1x+a2x2++am-1xm-1
+amxm; am=a0=1; ai{0,1},
2m ,
.
,
m ,
, 2m
113

K.
.

k
k
k

m 1
m2
m 3

1 k m 2 k m1 3 k m 2 ... m1 k 2 k 1 ;

1 k m1 2 k m 3 k m1 ... m 1 k 3 k 2 ;

1 k m 2 2 k m 1 3 k m ... m1 k 4 k 3 ;

2m

1 k 2 m1 2 k 2 m 2 3 k 2 m 3 ... m 1 k m 1 k m ;

am, a0
.
5.8. ,
.5.14.
2m=24=8 M=10101111 C=11010101.
K,
.
: k1=11=0, k2=01=1, k3=10=1, k4=01=1, k5=10=1, k6=11=0,
k7=10=1, k8=11=0. m=4

k
k
k
k

5
6
7
8

1 k 4 2 k 3 3 k 2 4 k1;

1 k 5 2 k 4 3 k 3 4 k 2 ;
1 k 6 2 k 5 3 k 4 4 k 3;

1 k 7 2 k 6 3 k 5 4 k 4 ;

1=123; 0=1231; 1=231


0=131. 2=0, 3=0 1=1,
, 5.7.


.
5.9.
DES LFSR.

DES. K0
LFSR
DES.
, 64
, DES,
LFSR.

114

K0

K0

LFSR

DES

DES

K
M

LFSR

K
C

.5.16.


.
5.7.

.

.
,
.
,
.


(Self-synchronizing cipher)

(ciphertext auto key cipher) (plaintext auto key cipher).

(x)
= a0+a1x+a2x2++am-1xm-1 +amxm; am=a0=1; ai{0,1},
.
5.17.
K
(x) n
C. S0=s1s2sn-1
,

.
115


n-1

K
M
C

ci-1

ci-2

s1

s2

ci-n
sn

.5.17.
( )

i
n

mi j ci j j s j i ,
j 1
j i 1
n
i
m c ,
i j 1 j i j

0 i n 1 ;
i n,

mi
, ci ,
.

n . ,

n. n

.
,
.
.
.

n-1

ci-1

ci-2

s1

s2

ci-n
sn

.5.18.
( )
116


i
n

ci j ci j j s j i ,
j 1
j i 1
n
mi
c c ,
i j 1 j i j

0 i n 1;
i n.


, , n
.
5.10.

4
(x)=1+x+x =1110100
( ) S0==(s1s2s3s4)=0011.
.

K
M

.5.19.


5.6.
5.6.
.5.18
k M K C i-1 i-2 i-3 i-4
1
0
0
1
1
1
1
0
2
0
0
0
1
1
1
0
3
0
0
0
0
1
0
1
4
1
0
0
0
0
1
1
5
1
1
0
0
1
1
0
6
0
1
1
0
0
0
0
7
0
0
1
1
0
1
1
8
1
0
0
1
1
0
1
.
117

1
K

.5.20.

5.7.
5.7.
.5.18
k
C
K M i-1 i-2 i-3 i-4
1
0
0
1
1
0
1
1
2
0
0
0
1
0
1
1
3
0
0
0
0
1
0
1
4
1
0
0
0
1
1
0
5
1
1
0
0
0
1
1
6
0
1
1
0
0
0
0
7
0
0
1
1
1
1
0
8
1
0
0
1
1
0
1

,
.

118

6.
6.1.
(public key distribution
algorithm), W.Diffie M.Hellman,
1976
. ,
q, q .

GF(q) q-1 {1,2,...,q-1}.
:
C=M (mod q);
M=logC (mod q) GF(q),
0<M, C<q, , q ,
() GF(q). C M
, .
GF(q)
.
q .
, ,
.
,
, ,
, .

GF(q).
A B
(,q) , ,
q .
.
.
1. A B
. A MA, B MB
{1,2,...,q-1},
.
2. : A
C A M mod q , B C B M mod q .
3. A B
CA, B CB.
MA, MB
CA, CB (,q) .
4. A KA, CB
.
K A CBM A mod q ( M B ) M A mod q M BM A mod q
A

119

B KB

K B CAM B mod q ( M A ) M B mod q M AM B mod q

, A B
KA=KB, . ,
MA, MB A
B, CA, CB .

K=KA=KB,
, DES.
5.1. GF(q) q .
GF(q) ,
1,2,...,q-1 GF(q). ,
=2 q=11. =2i (mod 11) .
i
=2i
i mod 11=2i mod 11
i

10

11

11

10

10


(,q)=(2,11).
1., A M=4
2i (mod 11)={1,2,3,...,10} , B
MB=9.
2. . A

CA M A mod q 24 mod 11 5 ,
B

CB MB mod q 29 mod 11 6 .
3. A B
CA=5 CB=6 ,
.
4. A
K A CBM A mod q 64 mod 11 9 ,
B K

K B CAM B mod q 59 mod 11 9 .


,
K=KA=KB, 9.
5.2. GF (2m) m=3.
p(x) m=3
p(x)=1+x+x3. p(x) (p()=1++3=0).
GF(23)
p(x)=1+x+x3 . ,
120

GF (2m) .
,
.
5.1.

0
1
100

1
010

2
2
001

3
1+
110

4
2
011

+
5
2
1+ +
111

6
2
1+
101

7
1
100

0, 1 2 ,
, 3
,
p()=1++3=0. , 3=1+.
1., A B MA=2 MB=5,
. MA=2 MB=5 .
2.
,

A M A mod (1 x x3 ) 2 001,

B M B mod (1 x x3 ) 5 111.
3. CA = 001
CB=111.
4.
KA=(a5)2 mod p(x) = a10 mod p(x) = a3=110
A K=KA=110, B K=KB=110

KB=(a2)5 mod p(x) = a10 mod p(x) = a3=110.
,
.

6.2.

121


.
x. x
f(x) .
,
x=f-1(x) (, )

.
, ,

.

).

,
. ,
.

.
,
, :
1. f(x) x.
2. x f(x), , .

(knapsack problem),
.
K={k1,k2,k3,...,kn}, n
, C.
ki, , C.
C , ki
, .
,
. C=1524 10

K =(123, 763, 37, 1451, 830, 333, 621, 745, 971, 201).
,
1524=123+37+830+333+201.
, .
K ,
C. 210=1024
.
K={k1,k2,k3,...,kn}, n200300 ,
. ,
,
122

. 2300
.
NP , .

f(x), .
K={k1,k2,k3,...,kn}, n ki
f(x) 0 f(x)2n-1
i n-1
, ,
ki K. k1 00001, k2
00010, kn 10000. f(1)= f(00001)=k1, f(2)=
f(00010)=k2,, f(n)= f(10000)= kn.
f(565)=f(1000110101)=
=1524.
,
.
K={k1, k2,...,kn}, ki
i=1,2,...,n, n- M={x1,x2,...,xn},
xi={0,1}. n-

C=KM= k1x1+k2x2+...+knxn.
C , ,
, M C K
, . ,
,

. ,
, ,
, (trap door)
K ,
ki ,
.
ki>k1+k2+k3+...+ki-1,
.

.
c1=k1x1;
c2=k1x1+k2x2;

cn-1=k1x1+k2x2+...+kn-2xn-2+kn-1xn-1;
C=cn=k1x1+k2x2+...+kn-2xn-2+kn-1xn-1+knxn.
123

cn C. ,
M cn i=1,2,...,n K
.
cn<kn, xn=0, ,
xn=1 cnkn. , cn<kn,
kn . cn-1=cn .
cnkn , xn =1 n-1=n-kn.
n-1
xn-1 n-2. ,
M={x1,x2,...,xn}, .
,
,
K={k1, k2,...,kn}.
5.3. ,
M={11001}, K={151, 187, 426, 1091, 2412}.
ki>k1+k2+k3+...+ki-1.
C .
C=KM=1151+1187+0426+01091+12412=2750.
C=c5=2750
.
x5 5 k5. x5=1, 5=2750>k5=2412.
xi i=5,4,...,1 .
5=2750>k5 =2412, x5 =1;
4=5 -k5 =338<k4 =1091, x4 =0;
3=338<k3 =426, x3 =0;
2=338>k2 =187, x2 =1;
1=2 -k2 =151=k1, x1 =1.
, ,
M={11001}.
, , K ,
, ,
, M C.

,
.
.
1. Kp*={k1*,k2*,...,kn*}
k*i>k*1+k*2+k*3+...+k*i-1.
.
2. m, ,
k*1+k*2+...+k*n ,
. w, w<m, (w,m)=1
v=w-1, wv=1mod
124

m ww-1=1 (mod m). m, w v


.
3. Kp=wKp* mod m,
ki=wki* mod m, i=1,2,...,n.
4. Kp={k1,k2,...,kn}
.
5.4. .
1. Kp*={k1*,k2*,...,kn*}={1, 3, 5, 11, 21, 44,
87, 175, 349, 701 }, k*i>k*1+k*2+k*3+
...+k*i-1.
2. m=1590>k*1+k*2+...+k*n=1397,
w=43<m=1590, m,
(w,m)=(43, 1590)=1. w m ,
wv=1 mod m,
43v=mod 1590. v=w-1
=37.
3. Kp
ki=wki* mod m, i=1,2,...,n.
k1=431 mod 1590 = 43;
k2=433 mod 1590 = 129;
k3=435 mod 1590 = 215;
k4=4311 mod 1590 = 473;
k5=4321 mod 1590 = 903;
k6=4344 mod 1590 = 302;
k7=4387 mod 1590 = 561;
k6=43175 mod 1590 = 1165;
k6=43349 mod 1590 = 697;
k6=43701 mod 1590 = 1523;
4. Kp={k1,k2,...,kn}={43, 129, 215, 473, 903, 302, 561,
1165, 697, 1523} .

.
,
C=KpM= k1x1+k2x2+...+knxn.
,
Kp
M.

() C ,
Kp,
C* Kp*.
C v=w-1.

125

C*=w-1C mod m = w-1(KpM) mod m = w-1(k1x1+k2x2+...+knxn) mod m.


, ki=wki* mod m,
C*=(w-1wk1*x1 mod m+ w-1wk2*x2 mod m+...+ w-1 wkn*xn mod m) mod m.
, w-1 w=1, k*1+k*2+...+k*n < m,
C*=(k1*x1 mod m+k2*x2 mod m+...+kn*xn mod m) mod m=
=(k1*x1 +k2*x2+...+kn*xn ) mod m=
=(k1*x1 +k2*x2+...+kn*xn ).
, C*=(k1*x1 +k2*x2+...+kn*xn),
C* kn*
xn
M={x1,x2,...,xn}.
6.3.
1978, Pohling Hellman ,
.
, Riverst, Shamir Adleman ,
,
RSA.
(Pohling-Hellman RSA)
M{0,1,...,n-1}
C=Me mod n,
e n .
M
M=Cd mod n,
d .

C=fastexp(M,e,n)
M=fastexp(C,d,n), 3.

,
. , M n,

M(n) mod n = 1.
, e d
ed mod (n)=1, (n) ,
.
.
6.1. e d ed
126

mod (n)=1, (n) n,


M{0,1,...,n-1} n, (M,n)=1,
(Me mod n)d mod n=M.
: (Me mod n)d mod
n=Med mod n. ed mod (n)=1 ed = t(n)+1,
t .
, ed = t(n)+1
,
Med mod n=Mt(n)+1 mod n=MMt(n) mod n=
= M(Mt(n) mod n)mod n =
=M(M(n) mod n)t mod n=
=M(1)t mod n = M.#
,
.
,
(Me mod n)d mod n=(Md mod n)e mod n=Mde mod n = M.

e d.
n
, . (n).
e d
ed mod (n)=1. d
(n),
e=inv(d,(n)).
, e d ,
e, d=inv(e,(n)).
Pohling Hellman, n
n=p.
.
C=Me mod p, M=Cd mod p.
GF(p). p
, (n)= p-1,
. ,
.

(e,p) (d,p).
.
.
, Pohlnig Hellman
127

e d .
5.5. p=11, (p)=p-1=10. d=7
e=inv(7,10). e 7e=1
mod 10. e=7(10)-1 mod 10=74-1 mod 10=73= mod 10=3.
, M=5.
M
C=Me mod p=53 mod 11=4,
C
M=Cd mod p=47 mod 11=5.
Pohling
Hellman

6.4. RSA

RSA
,
.
RSA ( RivestShamir-Adleman) ,
. RSA, n
p q, n=pq.
, , , p
q, RSA,
.
p q n ,
, n p q,
,
. ,
, -
, RSA .
, ,
, RSA , .

.
n
p q. d,
.
d (p -1)(q -1).
e,

(ed) mod ((p -1)(q -1)) = 1
(e,n), (d,n).
128

M=m1,m2,, ml,

ci= mie mod n.

C=c1,c2,cl.

mi = cid mod n.
,
(d,n).
RSA 6.1.
5.6. , p=3 q=7. n=pq=21.
d=5. , 5e mod 12=1,
(n)=(p-1)(q-1)=(3-1)(7-1)=12, e=17. ,
(17, 21), (5, 21).

=m1,m2,m3,m4,m5 = 1,2,3,4,5, .

c1= 117 mod 21= 01;
c2= 217 mod 21 =11;
c3= 317 mod 21= 12;
c4= 417 mod 21= 16;
c5= 517 mod 21= 17.
=1,2,3,4,5=01,11,12,16,17,
.

m1= 015 mod 21= 1;
m2= 115 mod 21= 2;
m3= 125 mod 21= 3;
m4= 165 mod 21= 4;
m5= 175 mod 21= 5;
5.7. p=53, q=61, n=pq=5361=3233
(n)=(53-1)(61-1)=3120. d=791, 791e=1
mod 3120, e=71.
M=RENAISSANCE,
.
. ,

A=00, B=01 ,..., Z=25, 26.
M=RE
NA IS SA NC E
M=1704 1300 0818 1800 1302 0426.
, 170471 mod 3233=3106,
129

C=3106 0100 0931 2691 1984 2927.

RSA.
1. , p q, pq
.
2. n=pq, , p
q .
3. (n)=(p-1)(q-1),
.
4. e d,
(n).
5.
, .4 ( d e), ed
mod (n)=1.
6.5.

,

.
(Elliptic Curve)

y2+axy+by=x3+cx2+dx+e.
a, b, c, d e ,

O
(infinite element) (zero
element). 6.1 6.2
.

130

5
4

-R

-2
R
-4
-2

-1

.6.1. , y2=x3-x
5
-R

4
2

P
Q

0
-2
-4

R
-2

-1

.6.2. , y2=x3+x+1

(x,y)
.
,
y2=x3+ax+b,
x, y, a b .
y2=x3+ax+b
4a3 + 27b2 0, y2= x3+ax+ b

. ,
O
131

.
(point) P=(x,y), x y,
. P=(x,y)
-P=(x,-y).

.

.
, O.

. , P Q
P -Q.
P Q, .

, -R.
-R R (. .6.1
.6.2). ,

P + Q = R.


.
, Q P
, ,

( ) O. , P + (-P) = O.
, P + O = P. O
(additive identity)
.
.
.
1. O ,
O=-O. P
P+O=P.
2. , P P
. P+(-P)=O.
3. P Q P - Q
, , P+Q=R.
4. , P = Q, P
P (x,0), P
. -R.
P R -R.

P+P=2P=R.
132

5. , P = (x,0),
. ,
, 2P = O. 3P
2P + P. 2P O,
P + O = P. , 3P = P. P = (x,0)
3P = P, 4P = O, 5P = P, 6P = O, 7P = P, .
6. P k
k P, kP=P+P+P++P.
,

,
.
P=(xP,yP)
Q=(xQ,yQ),
.
1. P Q
P Q, P+Q=R
R=(xR,yR),

s=(yP-yQ)/(xP-xQ);
xR =s2- xP -xQ;
yR =-yP+s(xP xR).
2. P
s=(3xP2+a)/(2yP);
xR =s2- 2xP;
yR =-yP+s(xP xR).
a
y2=x3+ax+b.
, ,
,
. , ,
, , ,
,
.

( ) GF(M) GF(2m). ,
GF(M) 0 M-1, M, ,
,
M.
y2=x3+ax+b a b
GF(M) (4a3 + 27b2 0
133

mod M), , ,
EM(a,b) GF(M).
EM(a,b) y2=x3+ax+b
mod M. ,
y2=x3+ax+b
GF(M).
5.8. EM(a,b)=E23(1,0),
y2=x3+x GF(23).
(9,5)
y2=x3+x mod 23. ,
y2 mod M = x3 + x mod M x=9 y=5,

52 mod 23 = 93 + 9 mod 23,


52 mod 23 = 729 + 9 mod 23,
25 mod 23 = 738 mod 23,
2 = 2.
, (9,5) E23(1,0).
23 ,
{O (0,0) (1,5) (1,18) (9,5) (9,18) (11,10) (11,13) (13,5) (13,18) (15,3) (15,20)
(16,8) (16,15) (17,10) (17,13) (18,10) (18,13) (19,1) (19,22) (20,4) (20,19) (21,6)
(21,17)}.
E23(1,0) . 6.3.

.6.3. E23(1,0)

. . 134

, , -,
GF(23),
, GF(23)
.

(Hassego).
M+1-2M1/2#EM(a,b) M+1+2M1/2.

5.9.
EM(a,b)=E5(0,1), y2=x3+1
GF(5). {O,
(0,1), (0,4), (2,2), (2,3), (4,0)}.
,
.
M.
-P -P = (xP,-yP mod M).
, E5(0,1) -(2,2) (2,2)=(2,-2 mod 5)=(2,3).

R P+Q
.
1. P Q
EM(a,b) P Q, P+Q=R
R=(xR,yR),

s=(yP-yQ)/(xP-xQ) mod M;
xR =s2- xP -xQ mod M;
yR =-yP+s(xP xR) mod M.
2. P
s=(3xP2+a)/(2yP) mod M;
xR =s2-2xP mod M;
yR =-yP+s(xP xR) mod M.
a
EM(a,b) GF(M).
M.
5.10. (0,1) (2,2)
E5(0,1). , (0,1)(2,2)
(2,2) -(0,1), . s=(yPyQ)/(xP-xQ) mod M=(1-2)/(0-2) mod 5.
135

2s=1 mod 5, s=3.


R=(xR,yR) xR=s2-xP-xQ mod M=(32-0-2)
mod 5=2; yR =-yP+s(xPxR) mod M=-1+3(0-2) mod 5=-7 mod 5=3.
R=(xR,yR)=(2,3)
5.11. (2,2)
E5(0,1) , (2,2)=(2,2)
. s=(3xP2+a)/(2yP) mod
M=(322+0)/( 22) mod 5=3. R=(xR,yR)
xR=s2-2xP mod M=(32-22) mod 5=0; yR =-yP+s(xPxR) mod
M=-2+3(2-0) mod 5=4. R=(xR,yR)=(0,4).
5.12. , P=-P. (2,2)
(2,3) E5(0,1) ,
(2,2)=-(2,3) O.
s=(yP-yQ)/(xP-xQ) mod M = (2-3)/(2-2)
mod 5=. (2,2)+(2,3)=O.
5.2
E5(0,1)
.
5.2.
+
O
(0,1)
(0,4)
(2,2)
(2,3)
(4,0)

E5(0,1)
O
(0,1) (0,4) (2,2) (2,3)
O
(0,1) (0,4) (2,2) (2,3)
(0,1) (0,4)
O
(2,3) (4,0)
(0,4)
O
(0,1) (4,0) (2,2)
(2,2) (2,3) (4,0) (0,4)
O
(2,3) (4,0) (2,2)
O
(0,1)
(4,0) (2,2) (2,3) (0,1) (0,4)

(4,0)
(4,0)
(2,2)
(2,3)
(0,1)
(0,4)
O


.
5.13. , E23(9,17)
y2=x3+9x+17 mod 23.
, P=(16,5) . y2
mod 23 =52 mod 23=2 163+916+17 mod 23=2.
2P=P+P.
s=(3xP2+a)/(2yP) mod M=(3162+9)/(25) mod 23.
10s=18 mod 23,
s=1810(23)-1 mod 23 = 181021 mod 23 =11.
xR =s2- 2xP mod M=(112- 216) mod 23=20 yR =-yP+s(xP xR) mod
M=-5+11(16-20) mod 23=-49 mod 23= -3 mod 23=20.
Q=2P=(20,20).

136

R=P+Q=3P
s=(yP-yQ)/(xQ-xP) mod M=(5-20)/(20-16) mod 23. 4s=-15 mod 23 =8 mod
23 s=84(23)-1 mod 23 = 8421 mod 23 = 2.
, xR =s2- xP -xQ mod M=(22-16-20) mod 23=-9 mod 23=14 yR =yP+s(xP xR) mod M=-5+2(14-16) mod 23= -9 mod 23=14.
R=3P=(14,14).

kP,

P+P+P+ .

,

P P+P+P+
,
, ,
k l (l>k) kP=lP.
, c=l-k
cP=O. c,
cP=O, P.
5.9
P+P+P+ 5.3.
5.3.
P+P+P+ E5(0,1)
+
(0,1) (0,4) (2,2) (2,3) (4,0)
P
(0,1) (0,4) (2,2) (2,3) (4,0)
2P
(0,4) (0,1) (0,4) (0,1)
O
3P
O
O
(4,0) (4,0) (4,0)
4P
(0,1) (0,4) (0,1) (0,4)
O
5P
(0,4) (0,1) (2,3) (2,2) (0,4)
6P
O
O
O
O
O

, (0,1) (0,4) c=3, (2,2) (2,3)
c=6, (4,0) c=2.
M
, .
,
G, c
.

,
.
137

P Q
k kP=Q.
k Q P.

6.7.

, ,
,
.

,
( ),
.
,
,
, ,
.


, 1927.,
.
,
, .

, .
, ,
.
.
.
1984.
,

.
, ,
, 84.
, 1991. .
,

138

. ,
,
90 ,

. 45
50%.
,
,
.

(, , - ).
,
(
).
,
: ,
, ,
, , .
45 135 .

, 45 , .
,
.
,
. , ,
, .
: -
- 1, - - 0.

,

, .


.

, .

.
.
(|),
(),
-
(\) - (/).
,
, , | / / \ | | .

() (), (+)
139

(
).
,
+ + + + .
, , ,
,
,
, .
,
0,5,
45 .
,
, , ,
.
,

.
, | / / \ | | ,
+ + + + ,
6.?
6.?

|
/
/

\
|
|

+
+

0
0
0
1
1
0
1
1
0

0
0
1
1
1

,

.
.
,
(. ),
, .

, .

. ,
,
140

,

,
. ,
, ,
.
,
,

.

, , 50
,
,
, .
, ,
25
.


. ,
, ,
.

141

Оценить