Вы находитесь на странице: 1из 9

34.11 94. .

..1
2001

{01} - ;
n

{01} - n ;
n

{0} - n ;
| A | - A ;
A B - A B mod 2 , XOR;
A B - A B mod 2256 ;
;
|| - ;
GF ( 2) - 2.


. h
(, 64, 128, 160,192, 224, 256,
384, 512) :

n
h : {01} {01} ,

{01} i {01} ( 34.11 94 n = 256 ).


,
,
, D R
D
R ( ),
, ( )
. :
(), ,
.

:
();
1

127018, . , . , 38 / 55

(095) 289-4232, 289-8998, 289-3162, 219-3188


shefanovski@infosec.ru

.
34.11 94

2n
n
h : {01} {01} (. . 1),
2.
m1
IV

ml

m2

h1

h2

hl1

. 1

m = ( m1 , m2 ,, ml ) ,
:
h0 IV ,

hi H (mi , hi1 ) , i = 1, 2,, l


h hl .
H i - , hi - .
n ,
n . ,
(
), , , 34.11 94
(
). :
, 256 .
34.11 94
( n = 256 ,
2256 / 2 )
(Collision Resistant Hash Function, CRHF), . 4. ,
34.11 94
(, HMAC [1],
, , ..).
:
(
) A + B mod 2 k , k =| A |=| B | , | A | | B | A
B ( ),
mod 2256 (MD - ),
(. . 2).

m1

m2

h1

H*

IV

...

h2

H*

256

...

256

L1

L2

...

{0}
{0}

(256)10

(256)10

ml

... h

l 1

...
...

H*

H*

H*

l1

Ll1

| ml |
. 2 34.11 94

1 ()
,
.
| ml |

256

m1

m2

...

ml1

ml

00...0

256|ml |

{0}
. 3

2 ( IV ) 34.11 94 IV -
256
256 ( IV {01} ). ,
,
.
, IV
( ).
, (
).


1. (
)
256
256 :
: {01}256 {01}256 {01}256 ,
(. . 4):
(
),
;
.

mi
256

H*

hi1

hi

(hi1 , mi , si )

256

256

si

. 4 34.11 94

)
, n k r , kl = n :
r
r
r
r
Fp : {01} {01} {01} {01} ,
l

l
n

p - . A = ( A1 , , Al ) {01} ,
n

B = ( B1 , , Bl ) {01} , Fp ( A) :

Bl A1 f p ( A2 , , Al ) ,

Bl1 Al , , B1 A2 .

. 5 (
).

Al

A2

A1

Fp

...

...

...
Bl

Bl 1

B1

. 5

hi = (mi , hi1 , si ) = 61 (hi1 (mi 12 ( si ))) ,
j - j - .
. 6.
mi

si

12

61

hi1

hi

. 6 34.11 94

(. . 6), si hi1 (. . 4).


256

: {01}

256

{01}

16 ||

1 2 3 4 13 16 || 16 || 15 ||

|| 2 (. . 7).

16

|| 1 , i {01} , i = 1,16

16

15

...
13

. 7

3
:
0-1 (, 0 1
0,5
);
( f , f
f ( xn , xn1 , , x1 ) = an xn an1 xn1 a1 x1 a0 , ai GF (2) ;
, , );
(Strict Avalanche Criterion, SAC) (, f
, 1 i n,
xi f 50%
).
,

:
( f g
, f g
, .
n n A GF ( 2) B Vn f ( xA B ) = g ( x ) ,
f ( xA B) 1 = g ( x) , x = ( xn , xn1 , , x1 ) ; ,

);
( f
, f , g f g - 0-1 ;
,
, ).
, ?

)
:

256
C2 , C4 = {0} , C3 = 0 xf 0 ff 000 ff 00 f 0 ff 00 f 0 f 0 f 0 ff 0 f 0 f 0 f 0.

256
256
o P : {01} {01} . X = 32 || 31 ||
P ( X ) = (32) || (31) ||
o

256

A : {01}

|| 1 ,

|| (1) , (i + 1 + 4 (k 1)) = 8i + k , i = 0,3, k = 1,8.

256

{01} . X = x4 || x3 || x2 || x1 ,

A( X ) = ( x1 x2 ) || x4 || x3 || x2 .
1
1. U mi , V hi1 , W U V , K1 P (W )
2. j 2 4 :
U A (U ) C j , V A ( A (V )) , W U V , K j P (W )
2.1.

3. ( K1 , K 2 , K 3 , K 4 )
)
si hi1 .
64

hi1 = hi41 || hi31 || hi21 || hi11 , hij 1 {01} , j = 1, 4, si = si4 || si3 || si2 || si1 ,
64

sij {01} , j = 1, 4 .
sij EK j (hij 1 ) ,

j = 1, 4 , EK - 28147 89 .
. 8.
hi31

hi41

K4

K3

si4

hi21

K2

si2

si3

hi11

K1

si1

. 8

4 si = si4 || si3 || si2 || si1 - 64 ,

. , 3, si
, (
mi hi1 ).
5 (S- )
28147 89 S- , ,
.
, .

2.
,
, mod 2
mod 2256 :
ml hl1 l Ll h ,
256

ml, hl1 , l , Ll {01} , ml - ( , .


. 3). ()
ml 256 . ml < 256 ,
256 ml

256 ml {0}

ml .

l l1 ml
Ll Ll1 + m (mod 2256 ) .

hl (m, hl1 ) . hl +1 ( Ll , hl )
h (l , hl +1 ) , h .
:
2 34.11 94
: M ,
256
28147-89, IV {01}
: h M .
256

1. h IV , {0}

256

, L {0}

2. M > 256 :
2.1. h (ms , h) ( ),
2.2. L L + 256 (mod 2 256 ) ( ),
2.3. ms ( ).
3. ( )
3.1. L L + m (mod 2256 ) ( ),
256 m

3.2. m {0}

m ( ),

3.3. m ( ),
3.4. h ( m, h) ,
3.5. h ( L, h) (MD - ),
3.6. h (, h) .
4. ( h )

34.11 94
:

-

( SAC);
, ,
, , ,
(CRHF);
MD
( 2);
;

,
;
IV , ,
(. 2),
IV [3];

HAVAL, SHA-256, MD-,
-
;
4/5
;

;
, , .
1. 34.11 94. " .
. ".
2. M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message
authentication. Advances in Cryptology - Crypto 96 Proceedings, Lecture Notes
in Computer Science Vol. 1109, N. Koblitz ed, Springer-Verlag, 1996.
3. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone Handbook of
Applied Cryptography CRC Press ISBN: 0-8493-8523-7 October 1997, 816
pages