Фергюсон Н., Шнайер Б. - Практическая Криптография - 2005

Practical Cryptography
Niels Ferguson
Bruce Schneier
-
2005
32.973.26018.2.75
43
681.3.07

..
. ..
..
..
:
info@dialektika.com, http://www.dialektika.com
, , , .
43
. : . . . :
, 2004. 432 . : . . . .
ISBN 5845907330 (.)

. , , , ,
. , , . , ,
,
.
32.973.26018.2.75
.

,
, ,
JOHN WILEY&Sons, Inc.
c 2005 by Dialektika Computer Publishing.
Copyright
c 2003 by Niels Ferguson and Bruce Schneier
Original English language edition Copyright
All rights reserved including the right of reproduction in whole or in part in any form. This
translation is published by arrangement with Wiley Publishing, Inc.
ISBN 5845907330 (.)

ISBN 0471223573 (.)
c - , 2005
c Niels Ferguson and Bruce Schneier, 2003
1.
2.
3.
I
4.
5.
6.
7.
8.
9. . I
II
10.
11.
12.
13. RSA
14.
15.
16. . II
III
17.
18.
19. PKI:
20. PKI:
21. PKI
22.
IV
23.
24.
25.
16
20
25
39
61
62
87
104
118
132
150
175
176
208
229
245
266
282
301
319
320
331
337
345
362
369
387
388
395
402
407
408
416
16
18
1.
1.1
1.2
20
21
24
2.1
2.2
2.3
2.4
2.

2.4.1

25
26
27
29
30
31
33
35
36
37
38
3.
3.1
3.1.1
3.2
3.3
3.4
3.5
3.6
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6 ,

39
39
41
42
44
46
47
49
49
49
50
51
51
2.5
2.6
2.7
2.8
2.9
52
3.7
3.8
3.9
3.6.7
3.6.8

4.1
4.2
4.3
4.4
4.
?

4.4.1
4.5
4.5.1 DES
4.5.2 AES
4.5.3 Serpent
4.5.4 Twofish
4.5.5 AES
4.5.6
4.5.7
4.5.8
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.
(ECB)
(CBC)
5.3.1
5.3.2
5.3.3
5.3.4
(OFB)
(CTR)

5.8.1
5.8.2
5.8.3
7
53
55
55
56
58
61
62
62
63
65
65
68
70
71
74
78
79
82
82
83
85
87
88
89
90
90
90
91
92
93
95
97
98
99
101
102
103
6.
6.1
6.2
6.2.1 MD5
6.2.2 SHA-1
6.2.3 SHA-256, SHA-384 SHA-512
6.3
6.3.1
6.3.2
6.4
6.4.1
6.4.2
6.5
6.6
104
105
107
108
109
110
111
111
112
113
114
115
116
117
7.1
7.2
7.3
7.4
7.5
118
118
119
119
120
122
124
125
125
126
127
128
128
129
129
8.
8.1
8.1.1
8.1.2
8.1.3
8.1.4
8.2
8.3
8.3.1
8.3.2
8.3.3
132
132
132
133
134
134
136
139
139
140
141
7.
MAC
MAC
MAC
CBC-MAC
HMAC
7.5.1 HMAC SHAd ?
7.6 UMAC
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5 UMAC?
7.7 MAC
7.8 MAC
8.4
8.5
8.6
8.3.4

8.4.1
8.4.2
8.4.3
8.4.4
141
142
142
143
145
146
147
149
9. . I
9.1
9.1.1
9.1.2
9.1.3
9.1.4 ?
9.2
9.3
9.3.1
9.3.2
9.3.3
9.3.4
9.3.5
9.3.6
9.3.7
9.4
9.4.1
9.4.2
9.4.3
9.4.4
9.4.5
9.5
9.6
150
152
152
153
154
155
156
157
157
160
161
163
165
166
167
168
168
169
170
171
172
173
174
II
175
10.
10.1
10.1.1
10.1.2
10.1.3

10.2
176
177
178
179
180
181
10
10.3 Fortuna
10.4
10.4.1
10.4.2
10.4.3
10.4.4
10.4.5
10.5
10.5.1
10.5.2
10.5.3
10.5.4
10.5.5
10.5.6
10.6
10.6.1
10.6.2
10.6.3
?
10.6.4
10.6.5
10.6.6
10.7 ?
10.8
11.
11.1
11.2
11.3
11.3.1
11.3.2
11.3.3
11.3.4
11.3.5
11.3.6 2
11.4
11.4.1 ,
11.4.2
183
183
186
186
187
188
189
189
190
191
194
197
197
199
200
201
201
202
202
203
204
205
206
208
208
211
213
214
215
215
217
218
219
220
223
227
11
12.
12.1
12.2
12.3
12.4
12.5
12.6
12.7 p
12.8
12.9
229
230
231
233
235
236
237
238
241
242
13. RSA
13.1
13.2
13.2.1
13.2.2
13.2.3
13.2.4
13.3 n
13.4 RSA
13.4.1 RSA
13.4.2
13.4.3
13.4.4 n
13.4.5 RSA
13.5 RSA
13.6
13.7
245
245
246
247
248
248
250
250
251
252
252
253
255
255
257
259
262
14.
14.1
14.2
14.2.1
14.3
14.4
14.5
14.5.1
14.5.2
14.5.3
14.5.4
14.5.5
14.5.6
266
266
267
269
269
272
273
273
274
275
276
277
279
12
15.
15.1
15.2
15.3 !
15.4
15.5
15.6
15.7
15.8
15.8.1
15.8.2
15.8.3
15.8.4
15.9
15.9.1
15.10
15.11
15.12
282
282
283
285
286
287
288
290
292
292
293
293
295
296
297
297
299
299
16. . II
16.1
16.1.1
16.1.2 DH
16.1.3 RSA
16.1.4 RSA
16.1.5
16.2
16.3
16.3.1
16.4
16.4.1
16.4.2
16.4.3
301
301
303
307
308
308
309
309
311
312
314
III
319
17.
17.1
17.1.1
17.1.2
17.1.3
314
315
317
320
320
320
320
321
17.2
17.3
17.4
17.5
17.6
17.7
17.1.4

17.3.1
17.3.2
17.3.3

13
322
322
323
323
324
325
326
327
329
330
18.
18.1
18.2 Kerberos
18.3
18.3.1
18.3.2
18.3.3
18.3.4
18.4
331
332
332
333
334
335
335
336
336
19. PKI:
19.1
19.2
19.2.1
19.2.2
19.2.3
19.2.4
19.2.5
19.3
19.3.1
19.3.2
19.3.3
19.4
337
337
338
338
339
339
339
340
340
340
342
342
343
20. PKI:
20.1
20.2
20.3
20.4
20.5
20.6
345
345
348
349
350
351
352
14
20.7
20.8
20.8.1
20.8.2
20.8.3
20.9
20.10
355
356
356
358
358
359
361
21. PKI
21.1
21.1.1
21.1.2
21.2
21.3
21.4 ?
362
362
362
363
364
367
368
22.
22.1
22.2
22.2.1
22.3
22.4
22.5
22.6
22.7
22.8
22.9
22.10
22.10.1
22.10.2
22.10.3
369
369
370
372
375
376
377
379
380
381
382
383
383
384
386
IV
387
23.
23.1
23.1.1
23.1.2
23.1.3
23.2 SSL
23.3 AES:
388
388
390
390
391
392
393
15
24.
24.1
24.2
24.3
24.4
24.5
24.6
24.7
24.8
395
395
396
397
397
398
400
400
401
25.
402
407
408
416

, . 90-
, Internet.
,
. ,
, . ,
, ,
.
, ,
.
10 , .
, Internet
-.
, .
. ,
.

Internet , . ,
. ( , , ).

, . , . ,

16
17
, . .
.
, .
, . ,

, .
, , . , ,
, , , . ,
112 128 , , . ,
, . ,
: .. , .
,
10 , .
DES, , 112-
, ,
. ,
-, ,
, .
.
, ,
. , , .
Applied Cryptography [86], 10 . , Applied Cryptography,
, ,
18
. ; , , . Applied
Cryptography
,
, , .
, .
, .
Applied Cryptography ( ) Secrets
and Lies [88], Crypto-Gram.
, CWI (
)
DigiCash.
Blowfish,
Twofish.
. .
, . 1991 1999
Counterpane Systems
. Counterpane Internet Security,
Inc.

. Counterpane ,
MacFergus. . ,
, , .
,
, .

. -
19
, . -
, : . , , ,
.
,
. , . ,
. ( ,
; .) , , ,
, , ( ,
, ) - .
, Web- http://
www.macfergus.com/pc .
, ,
.
, , :
practical-cryptography@macfergus.com
.
, . ,
. , .
2003
niels@macfergus.com
schneier@counterplane.com
, ,
. ,
, .
,
. . , , .
, ,
.
,
. ,
.
. , , : ,
. ,
. . , .
- .
, ,
. , .
. , .
, .
,
.
20
1.1.
1.1
21
--
, . XIX , .
, .
, ,
: .
: , . .
.

, .
,
. , , .
, . ,
. ,
.
, - , .
--
. 1878 (Thomas Bouch) -- ,
. ,
, . , , 28 1879
, 75 . .
1 .
--, ,
1
- (William McGonagall) , : For the stronger we our houses do build/The less

chance we have to be killed ( , ,
). .
22
1.
, ,
.
, ,
- . .
: -
, .
.
,
, ,
. ,
- ,
, . !
, , . ?
. , 90% .
,
. -
.

,
. , ,
.
Internet -,
.
. ,
Secrets and Lies,
, [88].

, , (
). , , .
, ,
90% . ? 10 ( ),
,
10 . . 90%
,
1.1.
23
10 ,
.
.
, : Web-, ,
, ..
.
, .
, -, . , ,
, ,

. ,
, .
, 10 ?
. ,
, .
-
, : . ?
, ,
.
, , ,
- . , ,
, . ,
.

.
, .
.
, , . , , :
.
.
24
1.2
1.
, . ; , ,
.
, . . 20 ,
. . ,
.
, . , , . 20. ,
- , .
. ,
. ,
.
, ,
. , .
.
.
, .
- . . ,
.
. , ,
, , , .
,
.
, , .

.
. ,
. :
,
, .
.
,
, , ,
, , , , , ,
..
, . , .
,
. ,
. -
, . ,
.
. ,
. ,
. , : -
25
26
2.
. ,
.
2.1
. .
. . ,
, , , -.
.
:
.
, , . ,
- , .
. , .
: .
, . ,
.
, . ,
. . , , (
) . , . , , .
, , . ,
Web- . :
.
, .
, , , , .
2.2.
27
,
. ,
. .
, , . ,
. -
. ,
, . . .
2.2
,
:
,
.
, , . ,
.

. ,
,
. , .
, .
.
, .
, ?
, , .
.
,
. . , ,
.
, :
, , .
. (),
(). -
28
2.

"-"
. 2.1.
, ,
.
,
. ,
. . , , ,
.
(attack tree). , . 2.1. , . , ,
. . .
: , ,
, , , . ,
, . ,
, ..

, .
, .
-
2.3.
29
. , ,
, .. ,
, ,
.
. , , , . . , , .
.
, . ,
12- ,
.
.
, . . , ,
.
.
.
.
, .
2.3

, (adversarial setting).
,
, .
, .
-. , , ; , .
, .
.
, ,
,
. , -
30
2.
, ,
.
,
. ? , .
. ,
-.
,
, . ,
, .
,
. , , ,
? : .
, , . .
,
.
.
, , .
; , , ,
.
, -
, . , , ,
,
. , , , .
!
2.4
, .
, . ,
. ,
2.4.
31
, . ,
, , .
, .
. , . , - . . . 1 .
. , . : , , .
, .
, . ,
.
2.4.1
. , ,
. ,
. ,
, : ,
?.. , .
,
. ,
. - -, .
, 2 .
,
. :
. ,
. , 1
: , , , ,
.
2
, ,
, .
32
2.
, , .
, .

. , , , , . 1999
, AES.
Magenta
. , - Magenta ,
, .
. ,
. . ,
,
. ,
,
. .
. , , .
, , .
. , . - :
, : , , ,
. ,
:
- -, . ,
, . ,
.
, - ,
.
, , , .
2.5.
2.5
33
.
, - . , , -, , .
, .
, . ?
, . . ,
.
.

(Secure Electronic Transaction SET), , Internet . SET
, , , . . , ,
, .
.
,
. , . SET
, ,
. (
SET , , .)
, SET .

. . SET .
SET , .
, , SET.
Internet.
34
2.
. Internet .
- :
, - .
, .
, , ,
( PIN-), .
,
. , ,
. SET -. SET (
13, RSA).
, .
.

. , ,
SET? , .
, , SET , .
, . SET .
, SET , /
. , : , -
, : , -
.
. , , .
. ,
,
.
2.6.
2.6
35
, .
, . ,
.
? .
. , . ,
. . (
) , . , :
. ,
. ,
, . ,
, .
. ,
, .
.
- , ,
, , ( , ).
? . , .
. ,
,
, , , .
, , , :
. , . , .
, , .
. . , , .
36
2.
,
. , , ,
. ,
,
. ( ) ,
, - , .
2.7
.
, . , .
.
. , , . , , ,
. ,
: , .
.
, , . , ,
. ( , , ,
20-30 , , , .)
,
. , ;
, . .
,
.
, , , -
, .
, Applied Cryptog-
2.8.
37
raphy [86] .
,
. ,
.
? , .
, , -
, .
, ,
.
, .
.
2.8
, ,
. , , .
, . ,
, , , ,
. . , ,
, , !
,
, . , . , ,
.
. , ,
, .
, . , -
38
2.
.
,
. , .
2.9
, ,
(David Kahn) The Codebreakers [45]. XX . ,
, .
, , Applied Cryptography [86],
.
, .
(Menezes), (van Oorschot) (Vanstone) Handbook
of Applied Cryptography [64]. , , ,
.
Secrets and Lies [88] , . ,
(Ross Anderson) Security Engineering [1].
.

,
,
.
3.1
.
. 3.1 ,
. . ( , Alice, Bob
Eve.) , . . m, , .
( ,
, , . ,
, ,
.) ,
?
, , , . 3.2.
Ke . , (,
39
40
3.

m

m
m
. 3.1. ?

c

m, c := E(Ke, m)
c, m := D(Ke, c)
. 3.2.

).
m, . E(Ke , m), (ciphertext) c. ( m
(plaintext).) m, c := E(Ke , m).
c,
D(Ke , c) m, .
Ke , c, . m
c Ke .

( ),
.
, .
,
.
3.1.
3.1.1
41
: D Ke .
: Ke
.
. .
, . .
. , .
( ). .
( ) .

, . ,
. ?
.

. , . ,
, . . ,
,
. ,
. :
, .
. , , , . ,
.
42
3.2
3.
(. . 3.1)
. .
.
, . , . 3.3
, m, . m,
m0 . , , .
, , ,
,
.
, .
, ?
. ,
, - .
. , ,
. Ke , Ka .
m . 3.4. m,
(Message Authentication Code MAC ).
MAC a a := h(Ka , m), h MAC, Ka .
m a.
m a, ,
Ka , , a.

m'

m'
m
m'
. 3.3. ,
3.2.
43

. 3.4.
m,
m0 . m m0 ,
h(Ka , m0 ) a. MAC
, ,
, .
, Ka , MAC ,
. .
MAC, , - .
. , ,
.
, . m
, ,
. , MAC,
, .

. ,
.
.
,
m1 , m2 , m3 , . . .. , MAC -
44
3.
1
. , , . ,
.
,
. , ,
, .
,
, , ,
.
,
.
, : ! ,
.
, . .
3.3
, 3.1, Ke .
? ,
.
, .
, -
. , 20 ,
,
19 .
190 . ,
.
1
3.3.

m, c := E(PB, m)
45

c, m := D(SB, c)
. 3.5.
.

.
(. 3.5). ; , ,
, .
, . 3.2. ,
. .
.

(SB , PB ). SB PB .
: PB . (
?)
, PB , .
m PB
c. SB , m.
,
, , . , D(SB , E(PB , m)) = m m. .
, . .
,
.
(asymmetric-key encryption) (public-key encryption) (symmetric-key
46
3.
encryption) (secret-key encryption),

.

. ,
. ,
.

, .
, , ?
: .
.
, ,
.
, , ,
.
.
3.4
(MAC).
. 3.6.
(SA , PA ).
m, s := (SA , m). m s . PA
(PA , m, s) . . ,
,
.
, , . ,
, .
3.5.

47

m, s := (SA, m)
m, (PA, m, s)?
m, s
. 3.6.

(digital signature). . -
m s ,
.
, . . . . , .
, , . ,
,
. ,
, .
.
3.5

, . ,
PB , - ? .
(public key infrastructure PKI).
, (certificate authority CA).
. . ,
(certificate), : , , ,
PB . , -
48
3.

.
. , , .
PB . ,
PB , . , PB
.
, .

,
,
. , . :
, .
. , (root),
, , , .
,
, .
;
. ,
. . , . , , ,
. ,
, .
. , ? - . ?
, , - .
.
3.6.
49
, .
, , VeriSign.
.
100 . ,
Internet (
, VeriSign).
, .
, , 100 .
, , 19, PKI: , 20,
PKI: , 21, PKI.
3.6
,
. , . ,
.
3.6.1
, (ciphertext-only attack).
,
.

. ,
.
3.6.2
(known plaintext attack)

. , , , . :
? ,
. . :
50
3.
, :
.
. , , .
.
, , .
, , . , ,
.
-.
- , .

, . , .
IP-. ,
.
. ,
,
.
3.6.3
,
. ,
. , , .
.
,
, . , .

3.6.
51
(, )
.
(chosen plaintext attack) . . ,
, , ,
: ,
.
:
(offline) (online). ,
, ,
. ,
. . , ,
,
, .
3.6.4
(chosen ciphertext
attack) . , .

. , , .

,
.
,
, ,
. , ,
, .
.
3.6.5

. , -
52
3.
, .
, , , . ,
,
. ?
, . (distinguishing attack)
,
. ,
, . , , .
, ? .
, .
,
. , ,
.
, ,
- . ,
, , . ,
, - .
3.6.6

, : 23 , , ,
50%. , ,
365 .
, ,
(birthday attack)? , ,
, (collisions), , .
,
64- . ( , .)
264 ( , 18 1018 , .. 18
3.6.
53
),
, ? ! 232 , ,
. , , , : ?
, MAC ,
. ,
,
. ,
, .
, N ,
N . , , N

.
N = 365 N 19. ,
50%, 23,
N . . k
N , k(k 1)/2 . ,
, 1/N . , ,
k , k(k 1)/2N . k N ,
50%2 .
n- . n-
2n ,
2n = 2n/2 , . 2n/2
(birthday bound).
3.6.7
,
,
(meet-in-the-middle attacks). (
(collision attacks).)
.
2
,
.
54
3.
, ,
.
, 64-
. , .
232 64- . MAC : ? MAC .
,
MAC . , ,
,
MAC. , , . (,
, .)
? MAC 232 . , , 1 232
, , 232 ,
. , 232 232 . ,
264 .
,
, .
,
. ,
, .
.
, ,
. . ,
N . P , Q . P Q , , . , , 1/N . -
3.7.
55
, P Q/N
. P Q N .
, .
, P Q. ,
, .
P Q N . P N 1/3 , Q N 2/3 . 240 MAC
224 .
, ,
N ,
, . ,
, .
, P Q ,
P Q N .
3.6.8
.
, , , ..
.
3.7
, , . ,
.
, , . 2235 ,
235- .
, , , .
,
.
, .
. .
56
3.
, ,
. , ,
, , -
. . , ,
. ,
.
128- . , , , 2128 . , , , 30 20 . ,

50 . ,
, . 128- [62]. ,
110 100 , , , ,
128- .
. , , ,
. .
- .
,
.
3.8

, .
.
, . , . ,
3.8.
57
,
. . -,
.
. ,
,
.
,
. , ,
.
, , . , .
, ,
.
. , . , , 100 /, AES 20%
Pentium III 1 . ( ,
100 / - .) ,
, , . -

1 /. , , . ,

.

.
Web-, SSL-. SSL- . , SSL,
58
3.
. .
SSL,
. .
.
.
, : . ?
. , ,
. ,
, .
3.9
, .
1. .
,
. IT-
. - , . . . , ,
. , , ,
.
: ,
, ,
.. , , .
,
. ,
, ,
. ,
.
.
, , .
.
, .
3.9.
59
, .
. . ,
. ,
-
. ,
.
. , ,
. , , . ,
. , , ,
.
. . , , , .
.
2. .
, , , .
- : ,
.
-
. .
,
. ,
, ,
.

. ,
,
.
4.1
(block cipher) , .
128 (16 ).
128- 128- . :
, 128-
128- .
,
(block size).
, .
, - .
,
. 128 256 . p K E(K, p)
EK (p), c K
D(K, c) DK (c).
, . . ( -
62
4.2.
63
), ,
5, .
,
. ,
. (
)!
, . ,
. , . 32 16 ,
64 150 . ,
128 51039 . ! , ,
. , . ,
, .

. , . ,
, . (permutation).
k k-
.
4.2
, ,
: ,
. ,
, . ,
.
[53, 91], .
64
4.
. 3.6
. .
, .
(relatedkey attack). 1993 [7],
, . , ,
. , , , . , , .
. , ,
, . ,
.
.
Twofish
(chosen key attack),
[85]1 .
- , , ?
. ,
,
. .
[95]. ,
, . , , . , . , , - .
1
,
Twofish [31], .
4.3.
65
4.3
,
. ? , . :

, . , 128- ( 128- )
,
2128 128 .
,
(..
).
,
, . , ,
. ,
.
.
, .
,
. ,
.
4.4
(, [52]). , , . ,
.
1 ,
.
66
4.
, ? ,
.
2 .
?
X ,
.
, , X . ( , , .) , .
, .
, ,
: X .
, .
, , . 0 0 , , X. , , ,
. .
.
: ,
, 2 . ,
.
, , .
. 0
1, . . . , 232 , 32 .
2
1964 (Potter Stewart)

, :
. . . , ,
.
4.4.
67
X , t
. .
,
X. (,
t.)
, .
1000 ,
.
X ,
. , 0,001. ,
, ,
, , .

. , . ,
, .
, , . ,
. n , ,
n- .
, . , . ,
2n . , , , ,
.
.
: 2n1 75% .
( , . , 50%-
. ,
0,5 + 0,5 0,5 = 0,75.)
,
.
68
4.
. , , (
, , ),
.
.
, ,
?
, . . , ,
,
. , .
, ,
, , . , ;
, .
, .
4.4.1
, . , . ,
. ,
i i. , . , :
( ), ( ). , ,
, ,
.
128 ,
32- . 32- . , .
4.4.
69
, .
.
. (parity attack).
,
. , , ,
. , .
75 . , ,
. ,
.
,
. ,

, . ( :
.)
, . ,
,
: ,
.
, .

.
3 , , .

,
. . ,
70
4.

.
- , , .
,
, .
4.5

.
. .
:
.
, , ,
. ,
, .
,
: ,
! ,
.
, . , .
,
.
,
(round).
. , , , .

.
.

.
Internet.
.
4.5.
4.5.1
71
DES
DES (Data Encryption Standard ) [69], , .

56 64 DES .
DES 3DES [72]
,
DES. ,
.
DES , 3DES
. , DES
, DES 3DES .
. 4.1 DES. , DES; . , , .
.
XOR (
) ,
, .
, .
DES 64- , 32- : L () R (). L
R
Ki
F
. 4.1. DES
72
4.

. ,
DES
; DES
.
,
64- , .
DES 16 ,
1 16. i (L, R) (L, R)
Ki . F ( . 4.1 ).
, R .
16 R, 32- 48-.
XOR 48- Ki . S-. S- ( S substitution, .. ) .
48-
, S- , 6 4- .
, 48- S-,
32- .
, XOR L. ,
. 15 .
DES [29].
.
L F (Ki , R) ( F
) L R. , . L
R L F (Ki , R).
.
, ,
.
L R, .

.
, .
4.5.
73
DES 48- . 48 56 , -3 .
DES .

.
XOR , , , . S- .
, , . , S-, . ,
F , .
..
, .
DES ,
.
. 0,
0. , , , .
,
.
. , 0 ,
0. , ,
4 .
DES ( ). K P
:
P ) = E(K, P ),
E(K,
, X
X. , 3
,
DES [69].
4
, .
DES.
74
4.
, ,
() .
. . 4.1 ,
, L, R Ki . , .
XOR , . S-
, , , . XOR ,
. L ( R) . ,
L, R Ki , ,
,
. .

. , , DES.
, DES . .
DES .
3DES . , DES ,
. , . ,
3DES , 64 . ,
. (
5.8.) 3DES ,
.
4.5.2
AES
, AES (Advanced Encryption

Standard ). , (National Institute of Standards
4.5.
75
and Technology NIST) . 15 [71], [73].

Rijndael, 5 . , . ,
. , , AES,
, .
, ,
, , .
AES DES. AES . . 4.2
AES. . 16 .
XOR 16- (128-) . (
). 16 S, 8- 8- . S- .
. , . , 4 ,
.
, XOR .
.
10-14 , .
DES, AES , DES.
AES . , , AES. ,
. S5
, , Rijndael. : -, ,
, .
76
4.
. 4.2. AES
, , ,
.
DES, AES , . XOR , S- ,
.
AES ,
.
AES
. AES .
6 ,
1014 , [18].
, 7 128- , 8 192-
9 256- [30]. ,
3 5 . ,
128- 70%
. , AES ,
- .
, , ,
. -
4.5.
77
DES, FEAL IDEA.

. , ,
,
-
.
,
. , AES, , , 2120 2100 .
, , , 120 .
,
- .
50
, (.
3.7).
AES [33]. AES

256 . , , ,
- - , AES
, .
. ,
, , AES.
. . AES .
- , . :
.
. , , - .
, . . . 20 :
, .
.
AES. . , AES.
AES .
78
4.
. ,
, , . , , ,
, .
, -
10%. ,
, 10%. ,
AES 1% ,
, .
, AES, .
AES,
,
. AES - , , . , AES

.
4.5.3
Serpent
Serpent ,
AES [2].
. ,
Serpent AES. AES , Serpent
.
10 32 [6]. Serpent
AES.
, S-
, .
Serpent AES.
32 . 128- XOR, 128-
32
S-. 32 S, . ,
S-, .
4.5.
79
Serpent.
,
32 S-,
32. 1024 ,
. S- .
.
,
AND, OR XOR. , 32-
32 ,
, .
- (bitslice). Serpent - .
S-,
.
Serpent , Rijndael ( AES),
. . Serpent , DES,
, 3DES.
AES.
4.5.4
Twofish
Twofish AES. AES Serpent

, AES, .
, .
8 16.
Twofish
. , Twofish
.
DES, Twofish .
Twofish . 4.36 . 128-
. 32- , 32- . ,
6
, .
, Twofish, , Twofish [85].
80
4.
p (128 )
K1
K0
F
K2
g
K2T+8
S0
S1
S2
K3
<<<1
PHT
MDS
S3
g
S0
<<<8
S1
S2
MDS
S3
K2T+9
>>>1
15
K4
K5
K6
K7
(128 )
. 4.3. Twofish
Twofish . F
, g,
PHT . F
XOR ( ). <<< >>>
32-
.
g S-,
, ,
4.5.
81
AES. S- .
, , S- Twofish
; . , S- . S-
, , ,
. ,
Twofish .
S- .
PHT g, 32 . F . , , .
, Twofish (whitening).
.
,
.
, Twofish
, , .
: . Twofish, . , . Twofish ,
. AES Serpent ,
,
. , Twofish
. .
,
. 5%. ,
, , , AES.
, AES . AES, , ,
Twofish .
, , , .
.
82
4.5.5
4.
AES
, AES . :
RC6 [77] MARS [13]. ,
.
RC6 , 32- . AES 17 RC6. 20
,
.
MARS . ,
MARS , . , . ,
S- MARS, ,
S- , . , ,
MARS ( ), .
MARS
. ,
.
- RC6 MARS . ,
AES, Serpent Twofish ,
.
4.5.6

.
. ,
, ,
XL, FXL XSL.
2002 (Nicolas Courtois) (Josef
Pieprzyk) , Serpent AES [17].
.
AES.
32- Serpent,
AES.
4.5.
83
. ,
. XSL , . , AES Serpent,
. , 2128 , ,
128- , XSL-. XSL- ,
. ,
,
.
, . ,
AES Serpent. - , XSL
. ,
.
? . , .
, .
, . XSL- , .
. , ( ,
), XSL- .
Twofish?
Twofish. Twofish ,
AES Serpent, . ,
.
- XSL- AES Serpent,
, , Twofish.
4.5.7
. , ,
Twofish.
, AES, .
84
4.
XSL- . ,
.
, , , .
XSL-, . ,
XSL-. , ,
.
, , AES.
, .
. , ,
. ,
AES , . , ,
: , IBM.
, AES. ,
/ , AES.
AES . .
, . , , AES.

, Serpent.
AES , Serpent
( )
.
Twofish. Twofish , AES
. , AES
. Twofish , .
3DES.

64 , 3DES. , , , ,
64- .
4.5.
4.5.8
85
,
(AES, Serpent Twofish), 128, 192
256 .
128 . , 128- .
, : . , , , .
, , , ,
, .
. ,
.
3.
n , , , 2n .
, . , , . , 128-
256 ,
128 . , .
, .
, , ,
, .
: 256- !
, AES (Rijndael)
AES, 256- , 128-7 . ,
. , 128- .
128- , 128- , . ,
.
7
Serpent . Twofish

,
.
86
4.
, .
, . 256- .
, 256- 128 . ,
, , 2128 .
,
(128 ),
(256 ).
. 256-
128- .
XSL- AES Serpent
. , , .
Serpent,
2128 . XSL-, ,
256- Serpent, 256- Serpent, Serpent (
) 128 . ,
128 , ,
2128 , XSL- Serpent .
XSL- AES.

. - , ,
(block cipher modes).
, .
, . ,
. , , . , . ,
, . ,
() ( , ,
) . , .
, .
, . . ,
,
, 7,
.
87
88
5.1
5.

P , C,
.
, P .
. .
, , .. .

. . ,
p ,
p k 0. ( k .)
, . , .
, .
,
.
, . ,
, . , , ,
.
,
, .
, ? P ,
l(P ) , b
. .
128,
, b.
0, . . . , b 1.
, ,
b. n, 1
n b n+l(P ) b. n ,
n.
5.2. (ECB)
89
. , , . , .
.
, , . P P1 , . . . , Pk . k
d(l(P ) + 1)/be, d. . .e
, .
, P
P1 , . . . , Pk .

, . ,
. . ,
.
5.2
(ECB)
, ,
(electronic codebook ECB). :
Ci = E(K, Pi ) i = 1, . . . , k.
: . , ,
? ECB!
,
.
ECB? ,
, .
,
.
,
. ,
.
90
5.
, , . Unicode
, .
, ,
. , ECB - .
5.3
(CBC)
(cipher block chaining CBC).

, ECB, XOR
. CBC
:
Ci = E(K, Pi Ci1 ) i = 1, . . . , k.
,
. CBC
,
, .
5.3.1
, C0 ,
(initialization vector IV). .
, ECB.

, . ,
.
5.3.2
. ,
5.3. (CBC)
91
0, 1 .. . , . , XOR
. , 0 1 .
(
, ),
.
,
.
5.3.3
ECB,
CBC , .
, . CBC
,
.
.

. . IV
. :
C0 := ,
Ci := E(K, Pi Ci1 ) i = 1, . . . , k
, () P1 , . . . , Pk
C0 , . . . , Ck . ,
C0 , C1 ; ,
. :
Pi := D(K, Ci ) Ci1
i = 1, . . . , k.
92
5.
.
, .
, , .
, .
5.3.4
, , . .
, , , (nonce).
number used once , . .

. , , , . , , ..
, .
,
,
.
, CBC, .
.
.
1. . , 0. :
,
.
2. .
,
. ,
, , .
.
5.4. (OFB)
93
3. ,
.
4. CBC,
.
5. , .
.
( C0 )
.
6. , . , .
, ,
, ,
. 32-
48- , 128 .
, .
5.4
(OFB)

. (output feedback OFB)
,
.
( ),
XOR . ,
, (stream cipher).
- , . !
, . .
( , )
. CBC
. .
94
5.
OFB :
K0 := IV
Ki := E(K, Ki1 ) i = 1, . . . , k,
Ci := Pi Ki .
, K0 ,
K1 , . . . , Kk
Ki .
XOR
.
. CBC,
(. 5.3.3)
(. 5.3.4).
OFB ,
.
. , , ,
.
OFB . , ,
. ,
,
, . ,
.
, OFB . -
, .
. , P P 0
. C C 0 .
, Ci Ci0 = Pi Ki Pi0 Ki = Pi Pi0 . ,
. ,
. (
.)
. ,
5.5. (CTR)
95

[44].

OFB. , , -
,
, . , , , ,
.
, .
, .

. ,
, , 264 .
,
, . , ,
.
5.5
(CTR)

(counter CTR).
, DES [68],
. CTR NIST [26]. OFB,
. :
Ki := E(K, N once k i) i = 1, . . . , k,
Ci := Pi Ki .
, CTR ( Nonce).

, .
96
5.
CTR .
. ,
, 128- .
, ,
i. 128-
48- , 16 , , 64 i.
248 ,
268 .
OFB, ,
.
CTR, CBC.
, . CBC ,
,
. ,
, ,
, . ,
CBC CTR , .
, CTR .
, CTR .
CTR
, , .
. , CTR
. CTR
.
: ,
CTR ( ,
).
5.6.
5.6
97
70-
80- . .
, , (offset codebook), OCB [82, 83].
, .
, .
-, , . ,
OCB, .
. . .
, , ,
. ( .)
,
. (security reduction)
. , , ,
OCB X, Y . ,
. ,
. :
, ,
,
.
-,
, .
,
.
. .
.
98
5.
5.7
, .
: CBC CTR. , ECB .
OFB , CTR,
. OFB, CTR .
CBC CTR? .
. CBC , CTR
.
. . CTR
, CTR
.
. CTR,
. CBC
.
. ,
CBC . CTR .
. CBC . CTR . , , CBC
, CBC CTR .
, CTR CBC , . - ,
CTR . ,
. ,
CTR ,
, ,
.
, ,
. , CTR,
5.8.
99
. ? .
, . ,
. . .
, .
,
.
, ,
( 8, ).
, .
,
. ,
, ,
, , ,
1 .
.
5.8

. .
.
, .
, ,
. , ,
.
.
ECB. Pi Pj Pi = Pj ,
Ci = Cj . ,
1
(traffic analysis).
.
,
(, , ).
100
5.
, . ,
. ECB.
CBC? ,
XOR .
; , ,
.
, ?
:
Ci = Cj ,
E(K, Pi Ci1 ) = E(K, P j Cj1 )
Pi Ci1 = Pj Cj1
Pi Pj = Ci1 Cj1
CBC,
,

.
, XOR ,
, , . , , . (, ,
), , , ,
.
, . , Ci 6= Cj , , Pi Pj 6=
Ci1 Cj1 , .
CTR. ,
Ki , .
, (
) . Ci Cj , Pi Pj 6= Ci Cj ,
. ,
CTR
.
5.8.
101
CTR .
, . , CTR
, .
OFB , CBC CTR.
, OFB , CTR. ,
OFB - , .
, , CTR
OFB.
5.8.1
, ,
? , M
. , , .
.
M (M 1)/2 . , , 2n ,
n . , M (M
1)/2n+1 , M 2n/2 . , 2n/2 ,
2 .
128 , , 264 . ,
3.6.6. 264
, , 30 . , -
.
. 240
( 16 ), 248 . , .
240 , .
2
,
p
,
, 2n1 = 2n/2 /2,

, .
102
5.
,
248 . , , ,
240 248 = 288 , , 128 .
CBC CTR.
CTR
. CBC , , ,
. ,
, , CTR .
5.8.2
128- ? -
. 128-
,
128 . 256- .
, . , ,

, .
CTR . , 264 C. P 264
, , P C. ,
, 50%. , CTR
, ,
P . ,
. , . 248 ,
1/232 ,
.
. , CTR ,
, , ,
. 260 , 264
.
5.8.
103
CBC .
CBC , 128
.
. ,
CBC, 232 .
128 264 , , , , 128 .
: ,
. ,
, .
,
. , ,
CTR CBC , .
. ,
, .

, ;
. , ,
.
5.8.3
,
, , . , ,
. , , .
. , ,
, .
, . ,
,
.

.
, 1 .
,
( )
.
.
m.
. ,
m,
h(m). h 128 512
, m. , h(m) ,
m.
, : m1 m2 , . .

(message digest),
(digest) (digital fingerprint). (hash function), , , . 1
, (Leslie Lamport), [21].
104
6.1.
105
:
, - , . ,
. , , .
- . .
.
.
. , ,
.
.
, ,
, , -
, .
,
, .
. ,
.
6.1
, m h(m) .
128 512 .
.
(one-way property): m h(m), x
m, h(m) = x. , , , ,
( ).
, ,
(collision resistance). , -
106
6.
.
m1 m2 , h(m1 ) = h(m2 ). , . (
.) ,
.
, , , .

.
,
,
, , ..
, . , . ,
,
.
4 .
,
(. 4.3), .
, ;
.
.
.
5
,
.
, ,
, , . ,
.
.
6.2.
107
,
. ,
. ,
.
.
,
. , . n- 2n/2 .
.
( x m, h(m) = x)
. 2n . , . ,
, ,
. , , , . -
, ,
,
.
, . , ,
.
, , .
512- , 128 .
2128 .
6.2
. .
SHA , , MD5.
, , . ,
108
6.
SHA , ,

(National Security Agency NSA) NIST2 .
( , ) .

m1 , . . . , mk ,
. h0
. H0 Hi = h0 (Hi1 , mi ).
Hk .

. -,
, . -, - ,
. , , ,
.
, .

Internet.
,
.
6.2.1
MD5
(Ron Rivest) [81] 128-

MD5 MD4
[78] 3 .
MD5
512 . ,
. MD5 128- , 32 . h0 ,
2
, .
3
MD4 , [24],
.
6.2.
109

. , XOR, AND, OR 32 . ( [81].)
, .
h0 h0 .
32- 32- .
MD4 .
: h0 , h, h0 ,
. ,
h h0 .
MD5 , h0
[20]. MD5
, MD5
.
128- -
MD5 . ,
MD5 264
, .
MD5.
6.2.2
SHA-1
(Secure Hash Algorithm SHA) (National Security

Agency NSA) NIST [70].
SHA ( SHA-0)
. NSA . NIST
SHA SHA-1.
NIST .
(Chabaud) (Joux) SHA-0 [16]. SHA-1,
, ,
NSA.
110
6.
SHA-1 160- , MD4. SHA-1

MD5; SHA-1 - , MD5. , SHA-1, ,
.
SHA-1 160- , 32- . MD5,
, 32 . , SHA-1 ,
16 80 . , MD4. MD5 . SHA-1
, . ,
SHA-1 SHA-0 .
SHA-1 160-
.
280 , 128 256 .
128- .
6.2.3
SHA-256, SHA-384 SHA-512
NIST ,
[74], 256-, 384- 512- .
128-, 192- 256- AES. SHA-1.
. , .
, , SHA-1, .
. SHA,
NSA, , .
6.3.
111
SHA-256 , SHA-1. SHA-256

, AES Twofish, ,
. .
, , , ,
. , SHA-1
MD5. ,
, .
SHA-384 .
, SHA-512, . , . SHA-256
SHA-512.
6.3
, ,
.
6.3.1
.
, .
. m m1 , . . . , mk , H. m0 , m1 , . . . , mk , mk+1 . k
m0 k m,
h(m) , h(m0 ) k m0 . ,
h(m0 ) = h0 (h(m), mk+1 ). MD5 SHA,
m0 ,
. , , .
- ,
. , h(m) , k m0 .
112
6.
, , , , ,
. ,
. , ,
(m, m0 )
. , ,
, .
, , .
? ,
, h(X k m), X
, , m .
h ,
. , m
h
. ,
, , .
6.3.2
.
.
, . : , . . , , m h(m k X),
X .
m, 4 .
n n .
4

; ,
. ,
.
6.4.
113
m, h(m k X) X
. ,
, .
m m0 , h
. ,
, 2n/2 .
m m0 . , h , ,
,
, ,
- . m
m0 , h(m k X) = h(m0 k X) X.
. (, )
. , , , ,
. , ,
,
.
6.4
, . , .
,
?
? - , ?
, , . :
, .
, . , , . , ,
, .. , , -
114
6.
. .
, .
; . ,
. ,
,
. .
- , ,
.
6.4.1
,
. , .
, . , .
, . , (, , - ). .
h .
m 7 h(m), m 7 h(h(m) k m)5 . ,
m h(m).
- , ,
.
6 h .
hDBL hDBL (m) := h(h(m) k
m).
h ,
,
n , n .
5
x 7 f (x) . ,
. , x 7 x2 ,
.
6.4.
115
.
,
. ,
.
, ?

, - .
m. -
.
, hDBL .
6.4.2
?
. h(m)
h(h(m)) , n/2 .
, n- n ,
6 .
, , n/2 ,
.

, . ,
.
SHA-256,
128- , .
, n-
n/2- .
. ,
,
, n- . , SHA-256 256 AES, , 256- . , 256-
6
SHA-256 , n-
2n .
116
6.
128- ,
SHA-256.
. . ,
,
.
.
7 h .
hd hd := h(h(m)) , min(k, n/2), k
h, n .
SHA. SHA-X, X 1, 256, 384 512, SHAd X ,
m SHA X(SHA X(m)). , SHAd 256
m 7 SHA 256(SHA 256(m)).
,
. , , hd , , ,
h7 . HMAC .
hDBL , hd
, .
, hDBL n- , . n/2- , hd .
6.5
.
SHAd . , .
7
. , ,
, . , ,
, .
6.6.
117
,
. ,
,
. ,
.
, , hd , n/2- , .
SHA , , ,
.
, , SHAd -1, 80- . SHAd -256 SHAd -512.
( SHAd -384 , ,
, SHAd -512.)
128 ,
SHAd -256 .
SHAd -512. , , ,
256 . , , SHAd -512,
. 128-
SHAd -256.
6.6
.
,
,
80- .
, . SHA
. , ,
.

(message authentication code MAC)
, .
, .
MAC. ,
K, ,
.
m, MAC , . ,
MAC, , MAC . ,
.
: K,
MAC, .
.
, 8, .
7.1
MAC
, MAC, , ( K
m ) .
MAC MAC(K, m).

m, MAC(K, m).
118
7.2. MAC
119
MAC. : MAC
, . 7.8.
7.2
MAC
MAC.
MAC , . ,
, MAC . n MAC .
8 MAC
n-
.
MAC . . MAC, ,
.
7.3
MAC
, MAC K m. K
, , .
,
K. k , K.
K, . , k, K
2k (, )1 .
9 n MAC, k
, K.
MAC
1
, . : k
K ( ) , .
120
7.
MAC MAC 2min(n,k) .

, MAC , k .
, .
; K. (
K, k = 0, ,
.)
, MAC
, . 2min(s,k) , s .
K
, MAC , .
, , , MAC . MAC . ,
,
n MAC
. n+1 , MAC.
, , ,
. , ,
.
7.4
CBC-MAC
MAC.
K .
CBC-MAC , m , CBC,
. , P1 , . . . , Pk , MAC :
H0 := IV,
Hi := EK (Pi Hi1 ),
MAC := Hk .
7.4. CBC-MAC
121
CBC-MAC
, .
CBC-MAC ,
. . ,
CBC-MAC , CBC, .
( ). CBC
CBC-MAC . MAC
.
CBC-MAC . ,
. , CBC-MAC [12].
. M CBC-MAC.
, M (a) = M (b), , M (a k c) = M (b k c). CBC-MAC.
, c . ,
M (a k c) = EK (c M (a)),
M (b k c) = EK (c M (b)).
M (a) = M (b), .
.
MAC , . a b,
M (a) = M (b). a k c,
b k c, MAC . MAC . (,
. ,
.
.) ,
[12].
,
MAC. . , a b,
122
7.
M (a) = M (b), , MAC ,

CBC-MAC.
, ,
CBCMAC 64- , 128 [4]. ,
, . CBC-MAC, 256- .
CBC-MAC .
CBC-MAC . .
1. s l m, l
m, .
2. s, . (
5.1.)
3. CBC-MAC s.
4. CBC-MAC
.
MAC .
CBC-MAC : , . MAC, , . ,
.
, CBC-MAC,
.
7.5
HMAC
MAC ,
,
, MAC ? HMAC [3, 58].
, ,
, 6, .
n/2-
7.5. HMAC
123
, MAC n- .
MAC(K, m) h(K k m), h(m k K) h(K k m k K)
[76]. ,
. ,
2n/2 .
HMAC , . HMAC , , .
, HMAC n/2- . ,
,
. HMAC , 2n/2 .
, 2n/2 .

. , . , , HMAC n/2
n- .
[3], HMAC, , , ( )
. .
HMAC h(K a k h(K b k m)),
a b . , ,
. HMAC [3, 58]. HMAC , 6,
. ,
SHA, SHAd HMAC ,
SHAd .
HMAC. , . HMAC MD5 SHA-1.
. , 128-
124
7.
HMAC
256- , SHA-256.
HMAC SHA-256, SHAd -256
.
7.5.1
HMAC SHAd ?
, MAC, h(K k
m), , h. SHAd -256.
MAC :
(K, m) 7 SHA 256(SHA 256(K k m)).
HMAC SHA-256. :
(K, m) 7 SHA 256((K a) k SHA 256((K b) k m)).
HMAC, ?
. . HMAC
, . , MAC . , ,
, . , HMAC
(.. )
, (.. ), ,
. HMAC
.
HMAC, , . , . , , . ,
:
S . , S, , ,
MAC. ,
128- .
HMAC.
7.6. UMAC
125
, 128- .
264 ,
. , .
?
HMAC. ,
SHAd 256(K k m), HMAC .
, HMAC, , .
7.6
UMAC
UMAC ,
K MAC,
, 2
(universal hash function). , . . [8, 59].
UMAC HMAC. , UMAC .
, UMAC ,
MAC.
7.6.1
UMAC 64- , , , . ;
. , MAC
, ,
MAC .
MAC,
, ,
. ,
MAC .
, , , 64 . MAC . , ,
2
UMAC
126
7.
MAC3 .
. MAC,
.
. ,
. 128- MAC.
, 3 (. 4.5.8), 256- MAC
128- , .
, 256- MAC. ,
64- 96-
MAC, 256-
( , MAC ).
MAC
, 128- .
7.6.2
, : UMAC ? , UMAC [8],

: UMAC-STD-30, UMAC-STD-60, UMAC-MMX-30
UMAC-MMX-60. RFC [59] : UMAC16 UMAC32.
, UMAC , UMAC16 UMAC32
.
, ,
? UMAC. , .
Pentium MMX, 32- .
, .
. , -,
, .
3
MAC . ,
IKE IPSec [40] MAC ,
, !
7.6. UMAC
127
UMAC 3-5 ,
,
.
UMAC . UMAC
,
.
. , . HMAC SHA-1,
UMAC . UMAC. ,
UMAC.
UMAC ,
, UMAC. ,
20-30
. ,
, .
7.6.3
, UMAC . ,
. , UMAC
. , ,
- 8- . UMAC
, -
.
, UMAC 4 . , UMAC
HMAC. 4
, ,
. .
. ,
.. 1970- 8-
, , , 10 .
128
7.
UMAC , .
, .
7.6.4
UMAC
, . , UMAC, , . , , .
, , ,
AES, SHA-256, ,
. , , AES. ( ,
.) SHA-256 (NSA),
. NSA .
, , SHA-256 , . ,
, .
, , , , . UMAC ,
.
,
UMAC 95%. 5%
, UMAC ,
.
7.6.5
UMAC?
UMAC, ?
. - , UMAC
. K , MAC, .
. -
MAC,
, ,
, .
7.7. MAC
7.7
129
MAC
, , ,
HMAC-SHA-256, .. HMAC, SHA-256. ,
256-. , ,
64- 96- MAC, .
32 (256 ) .
, MAC
, ,
, HMAC-SHA-256 128
.
,
HMAC SHAd -256 , HMAC . 128- HMAC 256-
, SHA-1 .
, HMAC . MAC, .
7.8
MAC
MAC , .
, .
MAC(K, m), , , K, m. .
,
, - .
, . , K
. A, ,
.
m, d.
130
7.
, (replay attacks), ..
(
) . MAC m, d. ,
MAC m, d k m.
.
4. :
, , , .
MAC ,
. , (, , ),
, (, ),
.
, MAC m := a k b k c, a, b c .
m a, b c.
? . ,
, .
, . , m , .
. . ,
. , . -
. ,
,
. ,
, . .
, ,
7.8. MAC
131
. ( ,
, .
MAC , .)

, , .
5 . , . , MAC
m, ,
.
,
, , , ..
XML, -
.
,

. IP- ,
. , , , , , . (,
).
: , . ,
.
, . d k m,
, d
m.
, , : - (Dr. Seuss), [89].

, . ,
.
8.1
: .
, , .
8.1.1
.
,
. ,
. , .
( , ) .
,
, .
, , . , , . ,
, , .
132
8.1.
133
, ,
.
. ,
.
, , , . ,
. , ,
, .
8.1.2
, -
. , K, , .
. .
. , , : -, K .
,
, K ,
.
. , .
15, . K
:
;

K.
, .
,

, . , ,

134
8.
K
. K, , (session key). , 15,
.
,
128- . 3 (.
4.5.8), 256- . , K 256 .
8.1.3
, : (,
) (,
). , .

, .
.
, , ,
. ,
TCP/IP . ,
, TCP-, . TCP
. . , , ,
. ( ,
.)
8.1.4
.
m1 , m2 , . . .,
.
, m01 , m02 , . . ..
8.1.
135
:
mi
;
, , , m01 , m02 , . . ., , m1 , m2 , . . .,
, . (
.)
. . , ,
.
.

. ,
.
, .
,
, , . (traffic analysis).
,
. , ,
,
.
,
. ,
. , .
. ,
, . , , , .
, , -, . , , .
136
8.
, , .
, .
, ( ) .
, . ,
. ,
, , .
? .
. , , , . , . ,
, .
8.2
, . : ,
, , MAC.
. , ,
, , , , , , . , , ,
,
.
.

. (
.) MAC ,
8.2.
137
, .
, . ,
(, CTR) CBC.
, ,
. ,
, MAC
, .
(.. MAC),
. , , .
, . , ,
MAC. ,
. , . ,
. , ( , )
(denial-of-service
DOS). DOS- ,
. , .
,
, .
,
, MAC, MAC. , MAC; ,
MAC (.. ),
MAC .
MAC . , ,
138
8.
. , . ,
. .
, MAC .
: , . . ,
, . , ,
. ,
, - .
, . ,
, , .
. ,
, , . ,
, , .
, , () IPSec [32].
, . , , - . ;
MAC .

(. 8.4.1). ,
:
.
,
.
, . , ,
.
8.3.
139
, ,
.
8.3
: , .
8.3.1
.
, . , ,
. , . , ,
.
(..
, )
( , ).
.
1, 2 .. , .
.
, ,
- .
32 . 1. 232 1. , ,
. , , .
, 64- ,
. (
, .) 32- . ,
140
8.
1 . , , 40- 48- ;
.
, C
? .
N ,
N + 1 . ,
{0, . . . , N }. 232 1,
32- .
,
, ,
.
, .
, ,
, . , ,
, .
i.
8.3.2
MAC. , , ,
HMAC-SHA-256 256- . MAC mi
xi . 7,
,
, . .
,
, , . ,
xi
. , xi , .
1
. . ,

, 232 1 .
8.3.
141
`() ,
( ). MAC a
ai := MAC(i k `(xi ) k xi k mi ),
i `(xi ) 32- , , . `(xi )
, i k `(xi ) k xi k mi
. `(xi )
i, xi mi , , . , xi , -
,
. , .
8.3.3
AES
CTR. , CTR, .
16 232 , 32 . , 64- , 32- . ,
.
k0 , k1 , . . .. i

k0 , . . . , k236 1 := E(K, 0 k i k 0) k E(K, 1 k i k 0) k . . . k E(K, 232 1 k i k 0),
32- , 32- 64 . .
`(mi ) + 32 . (, , . . . )
mi ai XOR k0 , . . . , kl(mi )+31 .
8.3.4
mi k ai ,
. mi k ai i,
142
8.
32- , .
8.4

. ,
. , -,
.
.
, , ,
. if/fi do/od.
8.4.1
, ,
. : .
:
,
,
, .
InitializeSecureChannel
:
K , 256 .
R
. ,
.
: S
.
.
ASCII -.
KeySendEnc SHAd 256(K k )
KeyRecEnc SHAd 256(K k )
KeySendAuth SHAd 256(K k )
KeyRecAuth SHAd 256(K k )
8.4.
143
, .
if R = then
swap(KeySendEnc, KeyRecEnc)
swap(KeySendAuth, KeyRecAuth)
fi
0.
. .
(MsgCntSend, MsgCntRec) (0, 0)
.
S (KeySendEnc,
KeyRecEnc,
KeySendAuth,
KeyRecAuth,
MsgCntSend,
MsgCntRec)
return S
, S.
. , , ,
S.
. , S
.
8.4.2
, , . ,
, , , , , . ,
.
SendMessage
:
S
.
m , .
144
8.
x
: t
,
.
, .
.
assert MsgCntSend< 232 1
MsgCntSend MsgCntSend + 1
i MsgCntSend
MAC. `(x) i
4- , .
a HMAC-SHA-256(KeySendAuth, i k `(x) k x k m)
tmka
. , , 4- , i .
, . E
AES 256- .
K KeySendEnc
k EK (0 k i k 0) k EK (1 k i k 0) k . . .
. i
4- , .
t i k (t First `(t) bytes(k))
return t
(. 8.3).
, .
. -
, . , . , . , i,
.
: , . , . , .
8.4.
8.4.3
145
,
SendMessage, x,
.
ReceiveMessage
:
S
.
t
, .
x
,
.
: m , .
, , 4-
32- MAC. ,
.
assert `(t) 36
t : i . , i 4 .
iktt
, .
K KeyRecEnc
k EK (0 k i k 0) k EK (1 k i k 0) k . . .
t MAC. , a 32 .
m k a t First `(t) bytes(k)
. `(x) i
4- , .
a0 HMAC-SHA-256(KeyRecAuth, i k `(x) k x k m)
if a 6= a0 then
destroy k, m
return AuthenticationFailure
else if i MsgCntRec then
destroy k, m
return MessageOrderError
fi
146
8.
MsgCntRec i
return m
. , , ,
, . ,
, . , .
,
.
; ,
, , .
,
. ReceiveMessage , . ,
, .
, .
?
, ,
. ,
( MAC). , ,
. , , ,
ReceiveMessage, . , k m, ReceiveMessage ,
- .
8.4.4
, S,
MsgCntRec. ,
. , ,
, ( ) .
8.5.
147
( ).
, , ,
, .
.
, ( ).
,
, , .
, ,
; .
IPSec IP (IP Security) [50],
IP-. IP-
, IP, , IPSec
,
. c , IPSec c31, c30, c29, . . . , c1, c.
, . , c 31,
. c31 c1 , 0 (,
1). c,
c , . .
8.5
. , SHA-256
. - ?
, , . OCB [82, 83].
,
, -
148
8.
. , OCB .
,
,
.
(Doug Whiting), (Russ Housley) CTR
CBC-MAC.
CCM ( CTR, CBC MAC) [93]. OCB CCM
, , ,
. CCM
, ,
. (Jakob Jonsson) CCM [14], NIST CCM
.
, : OCB CCM?
(CCM ),
. , . CCM
, OCB
. OCB ,
.
CCM OCB
. CCM CTR, 264 ( ,
128 ) . CCM ,
, 260 . ( ). CCM, ,
. , CCM
128- , ,
.
CCM, OCB , . [34]. ,
OCB 128- . ,
8.6.
149
, 248 , OCB
81 . ,
,
.
, , , CCM.
, . , ,
,
.
: CCM, OCB
.
.
, ,
MAC. , InitializeSecureChannel,
.
.
8.6
, .
. , , , , .
, ,
, .
. I
, ,
.
,
.
, ,
(. 2.2). ,
. (
)
. , , ,
, .
. , ; , , . ,
,
. ?
. , ,
, . .
, ; . , ,
. , .
, ,
. ,
150
151
. , . ,
, , . ,
, , , . , ,
? . ,
,
. , . :
;
. - , ,
.
, , : ,
.
, .
, .
, , ?
,
. , . , , , .
- .
, , , ,
(, , - ). ,
, ,
.
, . . ,
, , .
, ,
. .
70- 80-
! , -
152
9. . I
30-50 . ,
.
9.1
, , IT-, , . ( , , .) ,
.
9.1.1
.
, . , ,
.
.
,
. . , , , , , . ,
.
.
. , . , , .
. .
.
.
, .
- , , ,
,
. , . ,
9.1.
153

.
. ,
. ,
, .

. , ,
.
. . .
, .
. ,
,
.
, , . .
,
. ,
.
9.1.2

. , . , .
, . ,
( , , ) .
1972 (Edsger Dijkstra)
, ,
[22]. . , .
154
9. . I
,
,
.
, . , - . , . ,
,
, .
,
.
, ,
. , .
, .
, , .
, , .
, ?
.
.
, ,
.. .
,
. , , , -
. ,
, .
- .
9.1.3

, .
.
,
, . :
9.1.
155
. , .
, ,
,
. ,
. , , -,

.
. -
.
9.1.4
, , , ,
ISO 9001, . .
,
.
. , , . .
. ,
. ,
,
- . .
, .
. ,
. .
,
.
, ,
156
9. . I
- . ,
,
,
. . ,
.
, , .
, , ,
.
9.2
. ,
.
.
? : A, . : . ,
X. ; , .
- . ,
. :

.
, . , .
, , , .
.
9.3.
157
,
: , . , ,
, .
9.3
, , .
, . ,
, , ,
.
,
: . ; .
, .
.
. , 22, .
. , . , .
9.3.1
:
, .
, , - . ,
, ,
. .
, .
.
C, .
,
, , . , ,
158
9. . I
. ,
,
? ,
.
- . C++ , . , C++.
, . C++ ,
, ,
(), .
, . ,
. , ,
. , .

, . , .
, , ,
. C memset.
memset, ,
.
. ,
, memset. ,
. ,
. ,
- , , .
, ,
, .
9.3.
159
Java. ,
(garbage collector). ,
Finalize ( C++) ,
, .
, ,
. ,
. .
, , . ,
, try. , .
,
Java. Java
,
. Java
. , , Finalize
. main try-finally. , finally,
, , Finalize. (. System.gc() System.runInitialization().) , Finalize
, , .

. C++ , ,
. ,
. Java
. ,
, sensitive ( ), .
, , .
.
.
. . ,
160
9. . I
Pentium,
, , - , .
( ) ,
, ,
. , , , .
9.3.2
( Windows UNIX) , . . ,
. ,
, . ,
.
, .
,
- , .
,
, .
, -
. . ,
.
, . ,

. , , ,
. , -
9.3.
161
? , ,
1 .

?
. ,
. (, , ) ,
. , , . , , .
, .
, .
? , ,
. . ,
. , , .
, . , , . ,
, ,
, , . ,
.
, .
, .
, , .

, ,
.
9.3.3
- . .
1
-
, , .
162
9. . I
, . , . , .
. - ,
. , .
, ( ) , .
,
- .
?
, . ,
, , , .
, . ,
. , . ,
,
, .
, , .
, ,
.
, , . ,
(, ). , -
, , . ,
.
. -
,
. , ,
. , , .
9.3.
9.3.4
163
,
.
, ,
- , .
, .
,
.
, ( ) [38].
.
(Static RAM SRAM), . [9].
BIOS, (magic value),
, , : (cold reboot) (warm reboot)2 .
, ,
. , .

, SRAM ,
. :
, .
, (Dynamic RAM DRAM).
DRAM .
, 2
, ,
, , , .
. . , Reset.
, ,
, .
164
9. . I
, [38].
, ,
,
.
, - ,
. - (, ), , , ,
,
. .
, ( )
. ,
Boojum3 , , ,
. m , . m, R
R R m.
,
. , R. (, 100 )
R0 ,
R R0 R R0 m. ,
. ,
m, .
.
, XOR.
m. m,
R
.
, R Rm
. , , . , ,
, ,
.
0x5555,
. (, , ,
3
[15].
9.3.
165
, .)

. ,
,
.
,
. . ,
,
(
).
. ,
, , , - . ,
, ,
.
, Boojum, .
- ,
, .
, Boojum ,

, .
, , ,
MMX, ,
, .
, ,
.
. ,
Boojum. [23].
9.3.5
,
. . , .
166
9. . I
,
. .
-. , . Windows . , . , UNIX .
(core dump) , , , .
.
, (superusers) (administrators), ,
. , UNIX .

. , , ,
,
.
, .
9.3.6
, .
(MAC), ,
?
, . , - . ,
, , .
, (error correcting code ECC)4 .
- , ECC
. ECC ,
.
4
, ECC.
, , . ECC.
9.3.
167
? . , , ,
1015 .
128 , 109 , , 11 , , ,
. , 1
32 . ECC, .
, .
, . , .
, ,
.
, .
, .
,
.
9.3.7

, . .
. , , . , . ,
.
, . . ,
, ; . ,
.
168
9.4
9. . I
, . .
,
,
.
9.4.1
. . ,
(, ). ,
. ,
. ,

.
.
. .
. ,
. ,
. , ,
. - ,
.
. ( - ) .
, . ,
.
,
. ,
, . ,
?
9.4.
9.4.2
169

. , : .
,
, .
, . .
. .
. . ,
- . , . .
,
. .
,
. - , .
, , . 20 ,
, , .
, , , .
,
.
.
, ,
,
, .
, . ,
.
IBM PC BIOS. ,
, .
170
9. . I
, .
, , , .
, DOS.
. ,
. ,
.
9.4.3
(assertions) ,
5 .
,
.
, . . , ,
. , .
: , - , . ( , ). , ,
.

, . , .
,
,
5
, ,
? , ,
, .
9.4.
171
? , , , ? -
, , , ?
,
- . , , (, , )
, , , . , ,
, .
, , .
!
9.4.4
IT-
. 40 .
. , Algol 60,
. ,
,
, Internet. . . ,
?
, , -
. IT- , . (,
,
.) , :
- , ?
, .
,
. , . , C C++. , . ,
172
9. . I
, .
9.4.5
.
, . .
, .
, . , . , .
. ,
.
, . ,
.
, , - .
. - . ,
4 , , .
.
,
.
(pseudorandom number generator PRNG) 10,
.
. ,
, , .
.
, - , .
AES.
9.5.
173
AES
, . AES ,
.
9.5
, (side-channel attacks) [48]. ,

. , ,
, .
-,
, - . , , ,
, .
, ,
. (power attacks), - [56].
, .
,
. - - -.
, , , ,
. (timing attacks , ) ,
. ,
, -.
, - .

.
174
9. . I
, ,
.
.
, -
,
. , ,
,
. -,
, .
. (-, ,
.)
9.6
, :
. .
, :
, , ,
,
, , .
. .
, .
, ,
(, , ).
. !
, , .
,
. , , , .
II
10

, (random number generator RNG). .
, . ,
.
, .

. 1, ,
. ,
, .
- .
. ,
.
Netscape [37].
(entropy) [90]. , , , .
32- ,
, , 32 . 32-
, 25%, .
, ,
. , ,
176
10.1.
177
. , , . 32- 32 . , : 18
0, 14 1. 228,8 , , 28,8 . , , .
, . X :
X
H(X) :=
P (X = x) log2 P (X = x),
x
P (X = x) , X x.
, . ,
. ;
, . ,
.
10.1
.
,
.
.

.
, [19].
,
.
, .
, 1-2
. ,
.
. ,
178
10.
. , . , ,
. , , ,
. , , .
, .
, . ,
.
,
. , , . , . -, , . , .
, , , , - . (
,
.) , , .
, . , , ,
[5, 11]. , ,
.
[41]. , ,
, .
,
.
10.1.1
,
. -,
. -
10.1.
179
, ,
. , Web-, ,
. ,
. , , ,
.
, , , ,
. . ,
, . , .
, ,
.
, , .
.
10.1.2

.
. (seed).
, . (pseudorandom number generator
PRNG) . , ,
. (Donald Knuth) The Art
of Computer Programming [54] ,
. ,
, .
, ,
, ( ) ?
. .
180
10.
. , ,
-
. . , .
, . .
,
.
, ,
.
10.1.3
,
, . ,
( ,
) . .
, , -
.
, ,
. ,
.
(unconditionally secure). , , .
(computationally secure). , , . .
. ,
, ,
10.2.
181
, .
. , ,
,
, , ,
.
10.2
. () . , [47]. , , Yarrow [46].

, ,
(John Kelsey).

. ,
. , ,
. ;
.
. ,
. , , .
, -
. ,
. , - ,
, , ,
. . , -
182
10.
. ,
, -
, .
,
, . ,
. ,
,
( , )
.
, , . . , ,
, , 30 ,

, . 230 , 1 .
,
, .
, , , .
, , . ? ,
2128 , 128 . , , : - , .
, ,
. Yarrow.
, , .
1
, , .
(guessing entropy),
. [14].
10.3. Fortuna
10.3
183
Fortuna
Yarrow. Fortuna 2 . Fortuna , .

Fortuna3 .
Fortuna .
. , . , ,

.
10.4
. AES- . ,
, AES (Rijndael), Serpent Twofish (. 4.5.7). 256-
128- .
,
. , CTR
, .
.
, . , . ,
, .
256
2
, , Tyche.
3
, Fortuna, Fortuna (, , ), ( ). . .
184
10.
. , .
,
. , , . ( 5.8.2.) . , , . (pseudorandom function),
. ,
, ,
. .
264
,
.
,
; . ,
, 216 (.. 220 ). 216
297 , 297 .
, ,
2113 . , , 2128 ,
.
, ,
(, ) . ,
, , .
,
128- . SHA-256, . ,
, .

10.4.
185
.
, ,
.
256- , . ,
- . 2113 , . 2113
. ,
,
.
,
. , . ,
- , . ,
, , .

, . , . ,
.
- ,
,
. . - , ,
, . 128 ,
( 2128
), - . 0
, , ,
.
: , , 1 , . ,
. , .
. , For-
186
10.
tuna, . , -4 . , . , (,
). .
.
, ,
. , .
. ,
.
.
10.4.1
. , ,
.
InitializeGenerator
: G
.
K C .
(K, C) (0, 0)
.
G (K, C)
return G
10.4.2
Reseed
. , . , .
Reseed
:
G
; .
4
,
.
10.4.
s
187
.
.
K SHAd 256(K k s)
, ,
, . C 16- , , .
C C +1
C .
.

, .
, 16 : p0 , . . . , p15 .

15
X
pi 28i .
t=0
, C 16-
, .
10.4.3

. , . .
GenerateBlocks
:
G
; .
k
, .
: r
16k .
assert C 6= 0
.
r
.
for i = 1, . . . , k do
r r k E(K, C)
C C +1
188
10.
od
return r
, , , E(K, C)
, K
C. GenerateBlocks , C
( , ). r
, . , ,
.
10.4.4
PseudoRandomData
.
220 , .
PseudoRandomData
:
G
; .
n
,
.
: r
n .
, . ,
.
assert 0 n 220
.
r n (GenerateBlocks(G, dn/16e))
, .
K GenerateBlocks(G, 2)
return r
, PseudoRandomData GenerateBlocks.
PseudoRandomData
. ( d. . .e .) ,
. K ,
10.5.
189
r. PseudoRandomData r , ,

- r.
, - ,
. ,
.
, ,
PseudoRandomData, . ,
PseudoRandomData. :
, , , .
PseudoRandomData . , 32
( ) .
.
10.4.5
Fortuna, , ,
. Fortuna . PC-

20 . ,
.
10.5
190
10.5.1
10.
,
. , , . , .
, , . , ,
, . ,
.
.
( )
, ,
. ,
; ,
.

. ,
.
.
, 0 255. , .

. , . ,
. ,
.
, . , , , ,
. . ;
; , .
, ,
.
, ,
10.5.
191
. ,
. ,
,
.
10.5.2
, . ,
.
, . ,
, ,
. Yarrow
.
Fortuna .
32 : P0 , . . . , P31 . . .
.
Fortuna - .
. , , ,
. , ,
, .
, P0 .
1, 2, 3, . . .. r .
Pi , 2i r. ,
P0 , P1
, P2 ..
,
.

.
, P0 . ,
192
10.
?
, , P0 ,
. ,
P1 , ,
, P2
.. ,
,
,
, ,
.

,
( )
. ,
, t t . t/32 .
, , 128
. . P0 128 , .
, P0 , . P0 - ,
( ). t . Pi
2i t/32 . , 2i t . Pi , 128 2i t/32 < 256.
( : 2i t/32 256, , 128
Pi1 , ,
Pi .) ,
2i t
< 256,
32
,
2i t <
8192
.
10.5.
193
,
, 213
(8192/). 213 ,
.
, 27 .
,
27 , , 28 . . 32 , 25 .
.
64 ( 64
, ). ,
, . ,
, . Fortuna
Yarrow. ,
, .
;
, .
, .
, 32 . , P31
, ?
,
, 232
, , , 213 . , , ,
, .
100 . 10
, , P32 , , 13 !
,
10 ,
32 .
(2i t)
194
10.5.3
10.
.

- . ,
. , . ,
.
, ,
.
P0 ,
.
P31 ,
.
, , . , , ,
. , , ,
.
, .
,
, . ,
, .
, .
- ? , . ,
- , 5- .
? ?
, , , . ? ,
10.5.
195
- -
. , , .
, .
. :
, ,
, . , .
: ,
- .
. - ,
, ( , , ), .

, .
.
, .
, . ,
. , ,
. -
. ,
.
, .
,
. , . ,

.

196
10.
. ,
. ,
, .

, . , ,
.
RandomData , PseudoRandomData.
, ,
. ,
- .
SHAd -256 , .
, . , .
.
, ,
. ,
- .
, -
.
- , - .
, , ,
.
,
.
.
, .
, - .
.
10.5.
10.5.4
197
, , .
, , ,
Fortuna. PRNG ,
.
InitializePRNG
: R
32 .
for i = 0, . . . , 31 do
Pi
od
0.
ReseedCNT 0
.
G InitializeGenerator()
.
R (G, ReseedCNT, P0 , . . . , P31 )
return R
10.5.5
, RandomData -.
,
.
RandomData
:
R ; .
n
,
.
: r
.
if length(P0 ) MinPoolSize > 100
then
.
ReseedCNT ReseedCNT + 1
- ,
.
s
198
10.
for i = 0, . . . , 31 do
if 2i |ReseedCNT then
s s k SHAd 256(Pi )
Pi
fi
od
, .
Reseed(G, s)
fi
, , . , R.
return PseudoRandomData(G, n)
RandomData P0 MinPoolSize, , . ,
, 128 . ,
8 4 ( ,
2 ),
MinPoolSize 64 . - , , 32 ,
. ,

.
.
ReseedCNT 0,
1. , , , P0 .
for ... do - , . , .
2i |ReseedCNT . ,
2i ReseedCNT. ,
, :
- i,
i, .
, .
10.5.
10.5.6
199
AddRandomEvent,
. , . , ,
.
AddRandomEvent
:
R ; .
s
0, . . . , 255.
i
0, . . . , 31.

.
e
. ,
1, . . . , 32.
.
assert 1 length(e) 32 0 s 255 0 i 31
.
Pi Pi k s k length(e) k e
, 2 + length(e) ,
s length(e) .
. ,
.
,
. .
, ,
.
32 .
. , , .
,
. AddRandomEvent
. ,
.
AddRandomEvent.
, , AddRandomEvent
200
10.
, .

AddRandomEvent (mutex object), ,
5 .

AddRandomEvent. ,
.
, ,
- .
, . .
10.6

. , , ,
.
, ,
.
.
,
, .
,
. , .
. ,
, , .
5
, .
10.6.
10.6.1
201
.
.
WriteSeedFile
:
R ; .
f
, .
write(f, RandomData(R, 64))
64
. - ,
.
10.6.2
, . , ,
.
UpdateSeedFile
:
R ; .
f
, .
s read(f )
assert length(s) = 64
Reseed(G, s)
write(f, RandomData(R, 64))
,
. .
UpdateSeedFile ,
.
, UpdateSeedFile,
. , , UpdateSeedFile
. , , UpdateSeedFile .
, ,
202
10.
. ,
- ,
.
, !
.
,
.
, . ,
(. 10.6.5).
10.6.3
,
.
. , .
,
. , -
.
.
, . ,
. , ,
.
, , , 10 .
10.6.4
, . ,
. , . , ,
. .
10.6.
203
, .
,
.

, . ,
,
. .
, , .
. ,
.

, , , , .
, .
, ,
. .
. ,
,
- .
10.6.5
, , .

.
. (
), , ,
.
,
, - . , , . , ,

204
10.
.
.
,
. !
. .
, .
,
. . ,
,
.
,
, . ,
, , .
10.6.6
,
! , , .
. . .
, . ,

, . , ,
.
, . , ,
10.7. ?
205
,
, . ,
. ,
. ,
,
, .
, Fortuna
,
. ,
(, Fortuna ),
. ,
,
.
10.7
, ,
. , . Fortuna, ,
, ,
, . , ,
.
.
. Fortuna ,
,
. ,
, .
, . , -
206
10.
. ,
.
. ,
. !
10.8
.
, . , , ,
. .
, ,
( ). ,
6 . ,
.
n ,
. ,
0, 1, . . . , n 1.
, n.
n = 0,
. n = 1, . n = 2k , k

0, . . . , n 1. . (, ,
k, .)
, n ? 32-
n. ,
32 .
n = 5 m := 2 /5 .
32- 5, 1, 2, 3 4 m/232 , 0
6
128- , 2128 ,
- .
10.8.
207
(m + 1)/232 .
, .
2128 , .
,
. , 0, . . . , 4, 0, . . . , 7. ,
8 . 5, 0, . . . , 7.
, 0, . . . , 4. , ,
.
,
0, . . . , n 1 n 2.
1. k , 2k n.
2. ,
k- K.
0, . . . , 2k 1. ,
, .
3. K n, 2.
4. K .
.
, . n = 5.
232 1 5, 0, . . . , 232 2 5.
0, . . . , 232 2,
,
, , .

k , k,
k
2 n. q := 2 /n . r 0, . . . , nq 1, . r
, (r mod n).

, ,
.
.
.
11

. , . , ,
, . - , . ,
- . , ,
, .
. .
,
, . ;
. , ; , ,
( , ,
, ).
. , , .
11.1
a b ( a|b
a b), b a . , 7
35, , 7|35.
208
11.1.
209
(prime), :
. , 13 ,
: 1 13.
2, 3, 5, 7, 11, 13 .. , , , (composite). 1
, .
,
.
. ,
.
.
1. a|b b|c, a|c.
. a|b, s, ,
as = b. (, b a, a.) b|c, t, , bt = c.
, c = bt = (as)t = a(st), , a c.
( , ,
. , c
a(st).)
. ,
. . 1 .
, , , a|b.
.
, , , 2000 , . ( , . 1700
,
.) ,
, ,
. , .
.
1
.
, , .
210
11.
,
.
2. n , . d
n, . d .
. ,
d . ( n, , d
.) , n n n > 1. , n , 1.
, d , reductio ad absurdum,
(proof by contradiction). X, , , ,
. , X , , , , , X .
, d .
e, , 1 < e < d. 1, e|d d|n, e|n, e n e < d.
, d n.
, ,
, d .

.
, .
1 ().
.
. .
, , ,
. p1 , p2 , p3 , . . . ., pk ,
k . n := p1 p2 p3 . . . pk + 1 ( 1).
n, , d. , d ( 2)
d|n.
n. , pi
(n 1), n 1.
, d ,
. , p1 , p2 , p3 , . . . , pk , ,
11.2.
211
. ,
.
2000
.
, . , , , .
. ,
, , 2, .
, ,
.
: , , ,
( , ). : 15 = 3 5, 255 = 3 5 17, 60 = 2 2 3 5.
.
.
11.2
. ;
.
SmallPrimeList
:
n
.
2 n 220 .
: P
n.
n. ,
.
assert 2 n 220
.
1.
(b2 , b3 , . . . , bn ) (1, 1, . . . , 1)
i2
while i2 n do
212
11.
i. , i, .
for j 2i, 3i, 4i, . . . , bn/ic i do
bj 0
od
. , i > n,
bi .
repeat
ii+1
until bi = 1
od
1. .
P []
for k 2, 3, 4, . . . , n do
if bk = 1 then
P P kk
fi
od
return P
.
c , c. 2 n
, , . .
1. i , .. 2. , ,
2, , 2i, 3i, 4i
.. , 0. i,
. ,
,
, .
, i . , i2
, n.
,
,
, . (,
, 2i, 3i, . . . .
i, .)
11.3.
213
, i2 > n? , k . p , . , p ( 2).
q := k/p. , p q; q
k,
p,
p.
, p k.
k,

k = p q > k q k p > k k = k.
,
k > k, . , p k.
,
k ,
k. ,
n n. i2 > n, i > n.
, - ,
i, , .
, ,
.

.
,
. .
, , . , ,
.
11.3

,
.
p .
p, 0, 1, . . . , p 1.
: , , ,
r, p.
: r p . r p . ,
25 7, 25 7, 3 4, , ,
(25 mod 7) = 4. (a mod b) a b, ,
214
11.
, , .
- , (modp), ,
p. , , (modp)
, ,
p.
- . a mod b. ,
mod, . , (a mod b)
.
: , p,
0, . . . , p 1, .
( ).
, 1 p, p 1. : (a mod p),
q r, , a = qp + r 0 r < p.
(a mod p) r. a = 1, q = 1 r = p 1.
11.3.1
p . p,
p. 0, . . . , p 1,
2p 2, ,
, p .
. , ,
p.
, p.
0, . . . , p 1, p.
, .
5 + 3 = 1(mod7). , 5 3 1, 8. ,
7, , 8 mod 7 = 1, , 5 + 3 = 1(mod7).
, ,
. , -
11.3.
215
12 ( 24).
, 55 - ,
15 . ,
, 55 + 15 = 10(mod60) ,
10 . ,
, .
11.3.2
, , , . (ab mod p), ab

p.
0, . . . , p1,
(p 1)2 = p2 2p + 1. , (q, r), , ab = qp + r
0 r < p. q; r.
. p = 5.
3 4(modp) 2. , 3 4 = 12 (12 mod 5) = 2.
, 3 4 = 2(mod5).
11.3.3
p(0, 1,
. . . , p 1) (finite field) mod p
modp. modp.
modp p p, .
modp 0, 1, . . . , p 1.
.
, modp (,
a(b + c) = ab + ac).

p. Zp .
GF(p) Z/pZ.
216
11.
(group)
, . , ,
2 .
. , , 0. (-, 0 -
, -, 0 .) 1, . . . , p 1
p .
p (multiplicative group
modulo p) -;
Zp . : ( )
. , Zp , p,
Zp .
(subgroup). .
, .
,
. 8 ( 8) . {0, 2, 4, 6} .
8, . .
7 1, . . . , 6
7. {1, 6} , , ,
{1, 2, 4}.
7, ,
.

.
. .
,
p. ,
, , .. . ,
p. : a/b(modp)
c, c b = a(modp). 0 , , a/b(modp) b 6= 0.
2
, ,
, .
11.3.
217
p ? , , .
2000
.
11.3.4
: (greatest common divisor GCD), , a

b k, , k|a k|b. ,
(a, b) , a b.
, ,
.
[54].
GCD
:
a
.
b
.
: k
a b.
assert a 0 b 0
while a 6= 0 do
(a, b) (b mod a, a)
od
return b
? , , , a b. , (b mod a)
b sa s. k, a b, a (b mod a). ( ,
.) a = 0, b a b, . ,
, a b ,
.
21 30. (a, b) =
(21, 30). (30 mod 21) = 9, , (a, b) = (9, 21). (21 mod 9) = 3
(a, b) = (3, 9). , (9 mod 3) = 0
(a, b) = (0, 3). 3, 21 30.
: (least
common multiple LCM), . a b
218
11.
, a b. , (6, 8) =
24. :
(a, b) =
ab
.
(a, b)
,
.
11.3.5
,
p. , .
: (a, b), u v, , (a, b) = ua + vb.
a/b(modp).
ExtendedGCD
:
a
.
b
.
: k
a b.
(u, v) , ua + vb = k.
assert a 0 b 0
(c, d) (a, b)
(uc , vc , ud , vd ) (1, 0, 0, 1)
while c 6= 0 do
: uc a + vc b = c ud a + vd b = d
q bd/cc (c, d) (d qc, c) (uc , vc , ud , vd ) (ud quc , vd qvc , uc , vc )
od
return d, (ud , vd )
. a b c d, a b, . c
d a b, . (
d mod c ,
.) , ,
; c d ,
a b. , c a,
11.3.
219
d b. c d ,
u v .
?
1/b mod p, 1 b < p. , ExtendedGCD(b, p). ,
b p , p .
ExtendedGCD u v, , ub+vp = (b, p) = 1.
, ub = 1 vp , , ub = 1(modp). , u = 1/b(modp), .. u , b p.
a/b a u. a/b = au(modp),
.

p, , ,
p. ,
p
p.
: u , ,
b,
u mod p.
ExtendedGCD, :
u, vc vd ,
u. ,
p.
11.3.6
2. , 2 ,
2. 2
, - . . 11.1
2. 2 , (XOR),
. 2
AND. 2
(1/1 = 1), . , , Z2
, .
220
11.
. 11.1. 2
11.4

. ,
.
. .
, (multiprecision library). ,
. ,
.
.

. [54, 4.3]. ,
. ,
, .
, .

Internet Python,
.
2000-4000 .
:
, . , , . . n
ln n . ( n,
ln n , -
11.4.
221
. ,
, : 2k , 0,7 k.)
2000 21999 22000 . 1386 . ,
, .
.
GenerateLargePrime
:
l
,
.
u
,
.
: p
l, . . . , u.
.
assert 2 < l u
.
r 100 (blog2 uc + 1)
repeat
r r1
assert r > 0
n.
n R l, . . . , u
, .
until isPrime(n)
return n
R
. , .
. , . l 2 l u
.
: l = 2 3 . , , . , . ,
3
, , , 2. , 2 ,
GenerateLargePrime .
222
11.
90, . . . , 96 .
, , ,
, . , u
0,7 log2 u . ( log2 2. : log2 (x) := ln x/ ln 2). log2 u ,
blog2 uc + 1 : , ,
u . , u
2017 , blog2 uc + 1 = 2017. 100 ,
.
, ,
2128 , .
, GenerateLargePrime
- . assert ;
, .
. , , isPrime
, .
, n l, . . . , u. ,
, l, . . . , u . , ,
2128 ,
.
,
, n. 2 , , ,
.
, , u .
n .
isPrime , .
, n
. ,
. ,
(RabinMiller).
11.4.
223
isPrime
:
n
3.
: b
, , n .
assert n 3
for p { 1000} do
if p n then
return p = n
fi
od
return Rabin-Miller(n)
, . ,
2 3, 5, 7, . . . , 999 .
1000, .
,
9 . 1000
.
, ,
, .
11.4.1
, , ,
( ). ,
. . .
, .
, ,
.
, . ,
n . a,
n ( a (basis)), a n, , n . , ,
n ,
224
11.
25% . a,
. n ,
.
75% a, , n ,
.
2128 , .
.
Rabin-Miller
:
n
3.
: b
, , n .
assert n 3 n mod 2 = 1
(s, t), s 2t s = n 1.
(s, t) (n 1, 0)
while s mod 2 = 0 do
(s, t) (s/2, t + 1)
od
k. 2k .
,
.
k0
while k < 128 do
a, , 2 a n 1.
a r 2, . . . , n 1
: .
v as mod n
v = 1, n a.
if v 6= 1 then
t
n , v, v 2 , . . . , v 2
1, , , n 1.
i0
while v 6= n 1 do
if i = t 1 then
return false
else
11.4.
225
(v, i) (v 2 mod n, i + 1)
fi
od
fi
, , n
a. , 22 ,
k 2.
k k+2
od
return true
n, 3, .
isPrime Rabin-Miller ,
. ,
.
,
4 . n 1 a < n an1 mod n = 1. ,
, , . (
)
a. ,
, (Carmichael).
, () a.
.
n 1 2t s, s . an1 , as
t
t , as2 = an1 . as = 1(modn),
,
, an1 = 1(modn). as 6= 1(modn), 2
3
t
as , as2 , as2 , as2 , . . . , as2 (, n). n , , ,
1.
, n , , x2 = 1(modn), 1 n 1. ( ,
4
, (Fermat). , an + bn = cn .
, .
226
11.
(n 1)2 = 1(modn).) , n , n 1,
.
, .
a , n , false. n
, a , 2128 .
,
.
n .
5-10 . ,
, 2128 . , isPrime
. ,
, - .
, isPrime
2128 .
64 , , , - . , . , ,
. (
.)
, ,
, 64 ,
, , 10 .
Rabin-Miller
, .
, . (
) , 2128 .
2128 , isPrime . ,
, ,
11.4.
227
, . ,
2128 . ?
isPrime.
11.4.2
as mod n. as
n.
,
as , , . a s .
as mod n. mod n ,
.
as mod n,
. as mod n, .
s = 0, 1.
s > 0 , y :=
as/2 mod n, .
: as mod n = y 2 mod n.
s > 0 ,
y := a(s1)/2 mod n, . : as mod n = a y 2 mod n.
.
, ,
.
.
, as mod n?
k s; , 2k1 s < 2k .
2k n. . , 2000 , s 2000
4000 . , , .
. -
228
11.

. ,
(Montgomery). as [10, 4].
10 30% , ,
.

-. -
16.
12

,
.
1976 (Whitfield
Diffie) (Martin Hellman)
New Directions in Cryptography ( ) [21].

. ?
, , 10 ,
. , ,
, . 10 45
.
. , , 4950 ! -
.
,
. , , . ,
.
,
. .
,
. (Diffie-Hellman key exchange protocol),
DH [21].
229
230
12.
DH . , ,
,
,
, ,
.
12.1
, , , .
p . p
2000-4000 .
p, . DH Zp p, 11.3.3.
g 1, g, g 2 , g 3 , . . . (, p). .
, Zp . (,
Zp 1, . . . , p 1, p.) -
. , g i = g j ,
i < j. p, ,
g i ,
: 1 = g ji . , q := j i, ,
g q = 1(modp). q, g q = 1(modp), (order) g. ( , .
, . ,
.)
g , 1, g, g 2 ,
. . . , g q1 . ,
g q = 1. g (generator) , 1, g, g 2 , . . . , g q1 . ,
g, q, ..
g.
p :
g, Zp .
, g, q = p 1.
, Zp
1, . . . , p1, 1, g, g 2 , . . . , g p2 .
12.2.
231
g, ,
(primitive element) .
g . : , g, g, ,
. ,
, , g, .
,
, p. ,
, (. 11.3.3).
.
. g g p1. . g
, h - . g , x, h = g x . , h. 1, h, h2 , h3 , . . .,
1, g x , g 2x , g 3x , . . . . (,
p.) h q, hq = 1. , q, g xq = 1. t g t = 1
, t = 0(modp 1). , h q, xq = 0(modp 1). ,
q = (p 1)/(x, p 1). , q p 1.
. p = 7. g = 3
, 1, g, g 2 , . . . , g 5 = 1, 3, 2, 6, 4, 5. (, p.) h = 2
1, h, h2 = 1, 2, 4, h3 = 23 mod 7 = 1. h = 6 1, 6. 3 2 . ,
p 1.
, 11.4.1. , a
ap1 = 1. . g Zp . x, , g x = a. g
, x a.
ap1 = g x(p1) = (g p1 )x = 1x = 1.
12.2
DH .
p g,
232

12.
*
p
gx
gy
( g y )x
*
p
( g x )y
. 12.1.

Zp . p g
, , , .
. 12.1.
. :
. . x Zp ,
1, . . . , p 1. g x mod p , , ,
Zp y. g y mod p .
g xy . ,
g y , , x. (
: (g y )x = g xy .)
k (g x )y . k,
.
? g x g y ,
x y. g xy g x g y
( DH). p g , g xy
, . , x
g x , k (g y )x ,
. x g x . . Zp (discrete logarithm). x
g x
, DL.
12.3.
233
DH .
. x g x mod p . , ,
g y g xy x.
g xy - . ,
.
12.3
,
(man-in-the-middle attack).
. , - ,
, . ,
, . . 12.2.
, .
, ,
. .
,
. ,
, , , ,
. , ,
, . , ,
,
k, k 0 ,
.
, ,
.

. , ,
, g x , , g x . -
234

12.
*
p
gx
*
p
gv
( g w )x
*
p
*
p
( g x )y
k'
( g y )v
k'
( g v )y
. 12.2.
,
, .
, - .
k ,
. h . h(k),
,
, .
, , k
, . . , ,
. ,
. , ,
.
12.4.
12.4
235
DH . ,
g x g y
, k = 1.
, ,
: . , ,
, , -
.
, g Zp , .

g .
1, g, g 2 , . . . , g q1 . k,
. , , g
. p g?
p g,
- .
, p g . , p g
p.
p.
, g x 1;
. g x h, .
, , ,
h. , , k. (, .)
, .
. ()
. Zp 1, . . . , p 1. 1, h, h2 , h3 , . . . , hq1 , h
Zp , q h. , ,
q p 1. , p 1. :
d, p 1,
236
12.
d. , ,
p 1, .
. p ,
p1 , , 2. ,
, :
1 p 1. , ,
, , p1
.
12.5
, p
(safe prime). 2q+1,
q . Zp
:
, 1;
2, 1 p 1;
q;
2q.
, . ,
. , Zp , .
p, - (, p). ,
1, . . . , p 1 , . , , . (
,
, , ,
.)
,
(Legendre symbol). , p , . . , g g x ,
(, ) , x . x , g x . x , g x .
, ,
12.6.
237
, , x
. :
x, . ,
p. q. , q , ,
.
. (p, q), , p = 2q + 1 p q . (
isPrime .)
2, . . . , p 2 g = 2 (modp). , g 6= 1 g 6= p 1. ( g , .)
(p, q, g)
.
, ( ) , ,
, g, , , g. , ,
. , .
r , rq = 1(modp).
1, .
: r 6= 1 rq mod p = 1.
12.6
. p n , q
n1 , , n1 . 3n/2 p. p
.

. . q
256- . ( , 2255 < q < 2256 .) p, , p = N q + 1
N . N , p N q + 1 ,
238
12.
p . p , , N
. p .
q. ,
. Zp
g = N . , g 6= 1 g q = 1. ( g = p 1
, q .)
g ,
. (p, q, g)
.
, , , ,
g. g x . , , , , ,
, g, , . ,
. r ,
r 6= 1 rq mod p = 1. , ,
r p,
1 < r < p rq = 1.
r , g,
q
r = 1. , r e, re mod q . ,
e , q.
? p , , 2000 .
g x 3000 .
384, x
q, x 256 . ,
g x 8 , . p, .
.
12.7
. ,
2128 , . .
12.7. p
239
,
.
2128 , p
6800 . p
.
. , ( 128
256 ) , .
,
1 .
,
, .

, . .
. , .
, . ,
,
. , 30 ,
20 ,
. ,
50 . ,
, 20 . ,
.

20 . ,
21 , 50 ,
. ,
1
, . , , .
240
12.
.
, p,
[62]. ,
2048 2022 ,
3072 2038 , 4096 2050 . 6800 ,
[62]. p , 2128 .
. ,
,
.

10 , ,
50 , . , 50 .
, [62], ,
.
? ,
, 20 . ,
2048 . , ;
.
, .
: 2048
. ( , .) , 4096 . : ,
8192 .
.
.
. , , . ,
, ,
.
, 20 . .
12.8.
12.8
241
,
, DH.
q 256- . (
DH ,
256 , 2128 .) p
N q + 1 N . ( ,
p, . 12.7. N .) g,
, g 6= 1 g q = 1. ( , g = N , g.
.)
, (p, q, g),
:
p q , q 256 ,
p ( );
q (p 1);
g 6= 1 g q = 1.
, . , ,
,
. (p, q, g) . ,
, .
, r,
, , 1 < r < p
rq = 1. : r = 1 .
, , . 12.3.
.
. DH . ( ,
,
.)
DH
, . 12.1.
, x y 1, . . . , q 1. ,
242
12.

. 12.3.
,
, .
. 12.3 (, =
<), . ,
( ) , . , .
, ,
. , ,
. ,
, , x
Y . , ,
14.5.5.

, , .
k ,
. 15.6.
12.9
, , ,
. IKE (Internet Key Exchange Internet), IPSec. IKE -
12.9.
243
. IKE ,
. IKE
,
. IKE ,
,
. .
,
DH (. . 12.3), X Y . ,
k, , . (
, IKE.)
.
, Y , k . , ?
. d (p1). Y d. k
d Y (x mod d).
(x mod d), k, ,
, . (x mod d) ,
, (x mod d).
, p1 (d1 , d2 , . . . , dk )?
(x mod d1 ), . . . , (x mod dk ).
(. 13.2),
(x mod d1 d2 d3 . . . dk ). , p 1 ,
x. x
,
. , Y ,
, . x, k,
.
: IKE. IKE, . ,
, , .
244
12.
, , - ,
.
, p1 . , 2128 .
p1 2128 .
, , , 128 x, ,
2128 .
x, . x
256 , . , X Y .
,
, (p, q, g).
, p 1
p , q. , .
, . NIST , DSA
(Digital Signature Algorithm ),
, .
(NSA, , ..) ,
. , ,
, , . ;
, NIST ,
, , . ,
.
, :
,
.
, ,
.
p 1, . , ,
, p1, .
, .
13
RSA
(RivestShamirAdleman RSA), , (
).
RSA , , . , RSA ,
,
.
13.1
RSA (. 12, ), . ( DH) : , p g , g x (modp) x,

x g x (modp). RSA, ,
(trapdoor one-way function). n e, me (modn) m, . , , n ,
. n . ,
, , . RSA ,
. RSA (Ronald
Rivest), (Adi Shamir) (Leonard Adleman) 1978 [80].
245
246
13. RSA
p, q n. p q
, . n n := pq.
( , -
.)
13.2
p,
, n. , . ,
(Chinese Remainder Theorem CRT). , (Sun
Tsu), . (
,
RSA, ,
, ?)
n 0, 1, . . . , n 1. , , n . Zn (ring),
. x Zn
(x mod p, x mod q). ,
: (x mod p, x mod q), x.
(a, b) := (x mod p, x mod q).
, x , . x
(a, b), , Zn
x0 , x0 mod p = a x0 mod q = b. x
x0 (a, b),
, .
d := x x0 ,
(a, b). (d mod p) = (x x0 ) mod p = (x mod p) (x0 mod p) =
aa = 0, , d p. , d
q. , d (p, q),
. p q
, (p, q) = pq = n, , x x0 n. x x0
0, 1, . . . , n 1, x x0 , n,
13.2.
247
n + 1, . . . , n 1.
, n, xx0 = 0, x = x0 . ,
(a, b) x,
. x.
13.2.1
x (Garners formula):
x = (((a b)(q 1 mod p)) mod p) q + b.
(q 1 mod p) ,
p q. , p,
, (1/q mod p),
(q 1 mod p).
, ;
, x .
, x 0, . . . , n 1. ,
x 0. t := (((ab)(q 1 mod p)) mod p)
0, . . . , p 1, p.
t p 1, tq (p 1)q x = tq + b (p 1)q + (q 1) = pq 1 = n 1.
, x 0, . . . , n 1.
, x
p, q.
x mod q = ((((a b)(q 1 mod p)) mod p) q + b) mod q
= (K q + b) mod q
= b mod q
=b
(((a b)(q 1 mod p)) mod p), q,
K, q
q . x mod p .
x mod p = ((((a b)(q 1 mod p)) mod p) q + b) mod p
= (((a b)q 1 ) q + b) mod p
= ((a b)(q 1 q) + b) mod p
= (a b) + b) mod p
= a mod p
=a
248
13. RSA
(x mod p).
mod p. , . (,
, , .. (ab)c = a(bc).) ,
(q 1 q) = 1(modp), .
.
, , ,
, .
, .
,
x, (a, b) = (x mod p,
x mod q). ,
,
.
q 1 mod p ,
p, p,
.
13.2.2
, n
1 .
, ,
.
13.2.3
?
- n,
.
0 x < n (x mod p, x mod q) x
CRT- x. x y
, CRT- (x+y)
((x + y) mod p, (x + y) mod q), ,
CRT- x y. (x + y) mod p
((x mod p)+(y mod p) mod p). ( 1
n, , .
13.2.
249
p) CRT- x y.
.
. CRT- xy (xy mod p, xy mod q), ,
CRT- x y. (xy mod p) (x mod p) (y mod p)
p. , q.
k n. p q
k/2 .
n k- ,
k- , n. CRT-, ,
,
. , .
CRT- . k- , k/2- .
CRT-
, .
.

. , xs mod n. s k .
3k/2 n.
CRT- ,
. (xs mod p, xs mod q).
p, s (p 1). (q 1). ,
(xs mod (p1) mod p, xs mod (q1) mod q). k/2 ,
3k/4 .
3k/2 n 2 3k/4 = 3k/2 p q.
3-4 .
CRT-
.
, .

250
13. RSA
RSA. , , CRT- RSA.

. ,
RSA.
13.2.4
: x n
(x mod p, x mod q), n = pq. . CRT-
,
, . (
CRT- ,
, n .)
13.3
RSA, ,
n . p.
p 0 < x < p
xp1 = 1(modp).
n. RSA,
t, xt = 1 mod n ( , ) x.
, ,
.
.
t, x
xt = 1(modn). , xt = 1(modp) xt =
1( mod q). p q ,
, p1 q1 t. t,
, (p1, q1) = (p1)(q1)/(p1,
q 1). t =
(p 1, q 1).
p, q n ,
. t
(Euler) (n). n n = pq (n) = (p 1)(q 1), t.
, x(n) = 1 (n) t
, - t.
13.4. RSA
251
, t, : xt mod p , x mod p = 0. xt mod n = 1 x.

, : q ,
x mod p = 0, p , x mod q = 0. p + q,
, p + q 1, 0 .
, n = pq. , RSA
: xt+1 = x(modn).
. CRT-.
x = 0(modp), xt+1 = 0 = x(modp). q.
, xt+1 = x(modn) Zn .
13.4
RSA
RSA. p q n = pq. p
q , n
.
,
e d. ed = 1(modt),
, , t = (p 1, q 1).
e ,
ExtendedGCD (. 11.3.5), d e
t. , ed = 1(modt).
m, c := me (modn). c, cd (modn). (me )d = med =
mkt+1 = (mt )k m = (1)k m = m(modn), k , . ,
me , m.
(n, e) . . (p, q, t, d)
(private key) ,
RSA.
cd mod n c1/e mod n. ,
n t,
xt = 1(modn), , t . d e t, d 1/e
252
13. RSA
. c1/e , RSA.
e c. , n
.
13.4.1
RSA
RSA.
, . .
m, s := m1/e mod
n. (m, s) . , , , ,
se = m(modn).
,
, e m
, .
13.4.2
. e
t = (p1, q1), d . p, q e ,
. , ,
.
RSA, e .
e . e,
p q, .
,
- . , c, . , c ,
c. , , ,
RSA
. -
13.4. RSA
253
RSA,
.

n . e = 3 e = 5 .
,
n .
[28].
e . ,
, p 1 q 1 3 5. ,
p q.
3 5 . 2 . , ,
.
.
,
e, 17 65 537. ,
. ,
, ,
, .
d,
. (e, d)
d , d [94].
, d.
13.4.3
p, q, t
d, (n, e).
n ,
. , , n p q
d.
.
2
e = 2,
.
254
13. RSA
, p, q, t d. , ,
. .
, (n, e), . p q, . p,
q = n/p, t d , .
, (n, e, t)? -, t =
(p 1)(q 1)/(p 1, q 1), , (p 1)(q 1)
n, (p 1, q 1)
n/t . ( (p 1, q 1)
, ,
.) (p1)(q
1). n (p 1)(q 1) + 1 = pq (pq p q + 1) + 1 =
p + q. n = pq s := p + q. ,
:
s = p + q;
s = p + n/p;
ps = p2 + n;
0 = p2 ps + n.
, p, . , p, .
, d.
e . d < t,
ed 1 t.
, t p q . . ( ,
.)
, p, q, t d,
. , .
RSA . ,
,
RSA.
.
13.4. RSA
255
, ,
, d.
p q, , n,
CRT-. , RSA
d , CRT- 3-4 .
13.4.4
n , p, .
12.7. :
20 , n 2048
. . ,
n 4096 . ,
, n 8192 . , ,

.
p q . k- n, k/2 . (k 1)- n, .
13.4.5
RSA
, ,
RSA, .
GenerateLargePrime, 11.4. p mod 3 6= 1 p mod 5 6= 1, ,
3 5. ,
e , .
GenerateRSAPrime
:
k
.
: p
2k1 , . . . , 2k 1, p mod 3 6= 1 p mod 5 6= 1.
256
13. RSA
, .
assert 1024 k 4096
.
r 100k
repeat
r r1
assert r > 0
n.
n R 2k1 , . . . , 2k 1
, .
until n mod 3 6= 1 n mod 5 6= 1 isPrime(n)
return n
, , .
, RSA .
.
isPrime(n),
n 3 5, isPrime(n) .

?
? ,
. , , ,
. , ,
. GenerateRSAPrime . isPrime, .
.
GenerateRSAKey
:
k
.
: p, q
.
n
k .
d3
.
d5
.
, .
13.5. RSA
257
assert 2048 k 8192

.
p GenerateRSAPrime (bk/2c)
q GenerateRSAPrime (bk/2c)
, . . .
assert p 6= q
t (p 1, q 1).
t (p 1)(q 1)/GCD(p 1, q 1)
. .
g, (u, v) ExtendedGCD(3, t)
.
.
assert g = 1
u t, u ,
d3 .
d3 u mod t
d5 .
g, (u, v) ExtendedGCD(5, t)
assert g = 1
d5 u mod t
return p,q, pq, d3 , d5
, ,
(e = 3),
(e = 5).
13.5
RSA
RSA .
, RSA . , m1 m2 , ,
m3 := m1 m2 mod n. ,
1/e
1/e
, m1 m2 ,
, (m1 m2 )1/e .
,
. e = 5 m < 5 n, me = m5 < n,
258
13. RSA
. m, m5 . ,
.
, AES. 256-
, 22565 = 21280 ,
.. n. , ,
.
,
RSA, ,
. .
. , n. :
, RSA,
.
,
. ,
. (padding) , ,
.
RSA,
. ,
, . (encoding function).
RSA ,
, PKCS #1 v.2.1 [84]. , .
RSA,
. , ,
. ,
PKCS.
PKCS #1 v.2.1 : .
RSA : m = cd mod n, CRT-.
:
. ,
. . ,
13.6.
259
PKCS.
.
13.6
RSA. . : ,
RSA, n.
, .
, RSA , RSA.
: K RSA. m ,
K. ,
ERSA (m), ERSA (K) EK (m). ,
RSA. ,
,
.
. K, r Zn
K := h(r)
h. r r
n. (, e = 5.)
. r , - ,
RSA. ,
, ,
r K, , r K.
r 0, . . . , 2k1 ,
k , 2k < n.
k- , Zn , -
260
13. RSA

.
.
EncryptRandomKeyWithRSA
:
(n, e) RSA, e = 5.
: K
, .
c
RSA.
k.
k blog2 nc
k

r, , 0 r 2 1.
k
r R 0, . . . , 2 1
K SHAd 256(r)
c re mod n
return (K, c)
K = h(c1/e mod n) K.
DecryptRandomKeyWithRSA
:
(n, d) RSA e = 5.
c
.
: K
, .
assert 0 c n
.
K SHAd 256(c1/e mod n)
return K
, , c1/e , .
, CRT- 3-4 .
. ,
K .
.
. K,
(, ). K
,
. (
, , .)
13.6.
261
. r. RSA ( , , ), -
r, re mod n, . r
, , K.
, E
K (, - - ).
?
. K ,
- . , c,
K r. A r,
.
DecryptRandomKeyWithRSA. , c1/e mod n.

. , ,
. c1 , c2 , c3 , . . .
1/e 1/e 1/e
c1 , c2 , c3 , . . .. . ,
- . h, DecryptRandomKeyWithRSA, . K c1/e .
, K ,
. , RSA
.
, ,
, , r, c, 0, . . . , 2k 1. -
262
13. RSA
, .
, , .
, : c ,
c1/e mod n < 2k .
, , ? ,
, , c
, r 3 .
:
(c, c1/e ) c1/e c,
- . (c, c1/e ) .
r, (re , r)
c := re . . ,
, c1/e c, , c , (c, c1/e ),
. :
.
13.7
. , m, ,
. , ,
RSA, . .
. , m h(m), h . SHAd -256, 256-
. n ,
h(m) .
3
r .
EncryptRandomKeyWithRSA,
.
13.7.
263
,
h(m), s
0, . . . , n 1. m
s1/e (modn). h(m) n
(. 10.8). , h(m) 0, . . . , 2k 1, k
, , 2k < n. 0, . . . , 2k 1 , k
.
, . , .
Fortuna, 10, . h,
, ,
. ,
, RSA.
: , m s, , ,
, .
MsgToRSANumber
:
n
RSA, ,
.
m ,
n.
: s
n.
.
G InitializeGenerator()
- .
ReSeed(G, SHAd 256(m))
k.
k blog2 nc
x PseudoRandomData(G, dk/8e)
, x , , .
AND x.
s x mod 2k
264
13. RSA
return s
SignWithRSA
:
(n, d) RSA e = 3.
m
, .
:
m.
s MsgToRSANumber(n, m)
s1/e mod n
return
() ,
s (signature ). s1/e mod n , .
VerifyRSASignature
:
(n, e) RSA e = 3.
m
, .
m.
s MsgToRSANumber(n, m)
assert s = e mod n
, , , .
assert,
, - . ,
: , . (
) , . ,
.
RSA
, RSA. m1 , m2 , . . . , mi ,
(s, s1/e ), s . , h(m)
. .
(s, s1/e ) s,
. , m
(s, s1/e ) , , h(m) s, s1/e .
13.7.
265
. , , , , ,
.
RSA, . RSA
(PKI), ,
. .
14

. 12, .
, , . ,
. .
, , .
, . , , ,
.
14.1

, , .
, ,
. . ,
. , , .
266
14.2.
267
, 1 .
.

DH. , . (,
.)
14.2
, . ,
? , , . , .
, , , . ,
, . . ,
.
.
. . ( )
, . , .
- ,
.
. .
.
-
.
.
,
, . .
.
,
1

.
268
14.
, .
, . .
- (mutually assured destruction MAD). .
, . , , . - , .
,
. . ,
,
: , .
,
Internet. , Web- ACME, ; .
- ,
, .
,
- .
, ACME .
: ACME , . , . - (
) ACME,
2 . ,
. , ,
.
2
, ,
Internet, , ,
, .
14.3.
269
- : , . .
100 , , - . ,
,
. : ? . :
X?.
14.2.1
, . . ,
.
, , . ,
,
, , . , . , ,
. ,
.
14.3

.
? ? .
: , . . . . ,
: ? , , ,
. . -, , , ,
, , . -, ,
.
,
270
14.
. Microsoft , , .
, ,
.
.
.
. .
: . , . ,
? ,
, ,
. ,
,
, .
.

. , , . ,
.
. . ,
, . , .
, : , ; ,

. : ,
, , , ;
, ? .
, ,
.
, , ,
. ,
.
14.3.
271
80-
. ,
. . .
, , . , .
,
.
. , , .
, .
. ,
, , , . , ,
.
. -
, .
, ,
, , . ,
, Firestone , , , .

. -, .
, ,
. ,
: , .
, .
-, .
, -
272
14.
.
,
. Internet,
.
, , .
. , , . .
, . .
14.4
, .
:
, . ,
, .
.
, , , .
. ,
.
, .
. , .
, ,
. ,
Web- SSL, Web- . Internet-
,
. Web-, , .
14.5.
273

PayPal.
, . , , ,
.

.
, .
14.5

, ,
, .
. .
, .
, ,
.
. , .
, , , .
, , . , . . , . , .
14.5.1
,
. ,
,
274
14.
. , ,
. , , .
UDP, TCP,
. . ,
,
. . TCP ,
, ,
TCP, .
. ,
. . . , ,
, .
.

, TCP-. , .
.
8, .
, .
, , , .
14.5.2
( ) . , ,
.
.
, . ,
. , -
14.5.
275
,
, , .. ,
.
,
. ,
, ,
.
, ? ? , . ; . . ,
, .

.
,
, .
, .
. .
, , , . ( ),
.
,
.
14.5.3
. . , , .
(parsing). ,
.
.
276
14.
, ,
. ,
. ,
, , ,
.
.
- .
, . ,
.
, .
TLV (TagLength
Value ).
. ()
, () , () ,
. TLV ASN.1 [42],
, . , ASN.1
.
ASN.1 XML. , XML; .
DTD (Document Template Definition
), -
.
14.5.4

. , .
, .
-
(event-driven programming), .
,
14.5.
277
-
.
- .
, ,
. . , .
14.5.5
.
, , , ,
.
, .

, .
.
, . , ,
, .
,
. , .
, , .
, . , :
.
-. . , , , ,
, .
,
.
-. -
278
14.
PIN-. PIN- , ,
. , PIN- 10 000 . -
PIN- , ,
.
: , PIN-,
, , PIN- 1 2000.
. . 1 2000
. , - . PIN-, , .. PIN- ,
, .
, , PIN-, PIN-.
. ,
, .
PIN- 40 .
( 10 , , 10
..)
PIN- 1 143. ,
1 2000. , 20 ,
PIN- 60%, 0,2%.
, 20 40
, . -, PIN-, ,
PIN-. , PIN. , - . - , PIN-, -
. , . PIN-, ,
. 40
PIN- .
14.5.
279
,
.
. ,
, !
14.5.6
, .
. , . ,
.

(retry). ,
, . , ,
.
, ,
. .
.
, , , , . -

.
.
.
, .

. UDP
(, IP), , ,
. TCP, ,
, .
, , TCP,
. ,
280
14.
- , ,
.
, , .
, .
, ,
. ,
, . , , ..
,
.
. ;
. , .
,
- , ,
, .
, .
, - ?
. ,
. , , ,
. ,
. .
,
, . .
, , . , , DH
, ,
. .
, . , ,
, .
, . ( ,
14.5.
281
.
.)
,
. . , , , . ,
. , .
,
. ,
, - .
. , ,
.
. , , . , ,
. . ,
, .
,
. ,
. - ,
.
: ,
, .
, , . , , . , , , . , ,
, . ,
.
15

- . , 8, .
,
. , . ,

.
15.1
:
. . ,
k, k
.

. 3, ,
, , .
RSA (

)
MAC.
282
15.2.
283
,
? .
() . (, -
),
. , ,
,
, . ,
.
: .
,
(, ). , , 30- , - . (dictionary attack),
. . ,
.
15.2
(. 15.1).
. DH,
. ( .) k ,
k. k
.
, . : , , . , AUTHA (k),
AUTHB (k). ,
MAC, . .
.
284
15.

: (p, q, g)
x R {1, ..., q-1}

: (p, q, g)
X := gx
y
{1, ..., q-1}
Y := gy
Yx
Xy
AUTHA(k)
AUTHA(k)
AUTHB(k)
AUTHB(k)
. 15.1.
,
(p, q, g).
.
,
.
. , . , ,
. , , .
: . k
,
.
. ,
, MAC, ,
.
MAC, , , . ,
, .
15.3. !
285
k , ,
.
, , , , .
,
.
15.3
. .
2000 ,
,
. .
,
. . ,
, ,
.
, , . , , . , , (version-rollback
attack).
, ,
- .
, .
( ). .
, .
DH. ,
,
.
286
15.4
15.
,
.
,
, . , .
.
,
, ,
, ..
,
. , . 15.1,
k, X Y . ,
X, Y AUTHA .

, . ,
. ,

.
,
. AUTHA (X, Y ), AUTHA . , , , .
, , .
:
. , , ,
, . , , - . ,
, , .
15.5.
15.5
287
? DH. .
, , (. 15.2). DH x, X
. , DH
X . ( 12, .) . Y AUTHB ,
DH.
DH. , , ,
, , , .
, .
,
, ? ,
, , , .

(p, q, g)
x R {1, ..., q-1}
(p, q, g), X: = gx,

AUTHA
(p, q, g), X, AUTHA
y R {1, ..., q-1}
Y := gy, AUTHB
Y, AUTHB
k
Yx
Xy
. 15.2.
288
15.
.
: DH k , .
.
. , . - , ,
, ,
( ). , , k . , k, x, x
, k.

, ,
.
. ,
, .
, .
15.6
. DH .
, .
. (,
. ,
, .)
, . ,
. .
. 15.3. s p.
256- Na
,
15.6.
289

s
p
Na
0, ..., 2256-1
s, Na
(p, q, g)
x R {1, ..., q-1}
(p, q, g), X := gx,
AUTHB
(p, q, g), X, AUTHB

y R {1, ..., q-1}
Y := gy, AUTHA
Y, AUTHA
x
Y
k
. 15.3.
DH x.
, g x . DH,
Y .
. k
, .
, k ,
-
. , ,
.
,
- .
. 20

. , ,
. , .
.
.
290
15.7
15.

(. 15.4), .
, ,
. (p, q, g),
. . 15.5.
p.
p, , p, . , , s .
, 100 000- , s.
, .
p.
;
,
.

. 15.4.

15.7.
291

sa
p
Na
0, ..., 2256-1
sa, Na
sb
max(sa, sb)
2 sb
(p, q, g), log2 p
x R {1, ..., q-1}
s
s 1
(p, q, g), X := gx,

AUTHB
(p, q, g), X, AUTHB

?
?
sa 1 log2 p 2 sa
?
255 log2 q 256

, p q
?
?
?
q | ( p 1) g 1 g q 1
X
y
1 Xq 1
R {1,...,q-1}
Y := gy, AUTHA
SHAd-256(Xy)
Y, AUTHA
?
?
Y 1 Yq 1
k
SHAd-256(Yx)
. 15.5.
,
, .
.
, .
. ,
, 2 .
2, 3; .
(. . 15.5)
. ,
DH.
292
15.
DH, .
DH,
. , ,
. . , . ,
,
. , , ,
, .
15.8
. ,
, .
15.8.1
. . ,
,
, , ,
Na , .

.
, DH , DH
. , y Y , , k
, x, , g x = X. DH. X,
, . ,
x .
, ,
k .
15.8.
293
, ,
.
15.8.2
. , , . ,
- sa
Na .
-. , ,
. , , X , . , , . .
, , ,
.
DH;
, . , , ,
k , y, , g y = Y .
Y ,
, y.
, k
.
15.8.3
, . ,
, .
k DH, ,
DH , k. ,
.
.
294
15.
. , , ,
. ,
- ,
.
X .
, .
, , sa . ,
. . , sa , DH, DH .
,
.
, .
sa ,
. ( , p.)
, , .
, ? , , sa .
, ,
DH, , , . , ,
, ,
. , ,
, ,
, . ,
.
,
sa . , , ,
.
.
,
. .
15.8.
15.8.4
295
, , - .
,
, .
. .
, .
,
,
, .
, . ,
,
,
. . , , ,
. ,
. , , : ,
. ,
k ,
. ,
. (forward secrecy)1 .
.
, , . k - g xy , x y
. , . k, , k,
( ,
,
).
1
(perfect forward secrecy PFS),
,
.
296
15.
,
.
15.9
. ,
DH , , .
, :
DH
;
;
;
, ,
, 2 .
, DH. , .
256- .
1150 3 .
, , RSA, RSA
DH . s- 3s/2 ,
(Chinese Remainder Theorem CRT). CRT- ,
RSA s- 3s/8 . :
RSA DH
2
.
DH, ,
.
3
.

1000 .
15.10.
297
. 3000 .
, DH
256- , RSA
.
,
DH
RSA.
,
.
RSA, . ( RSA
, .)
. , , ,
, .
15.9.1
, DH, . (addition chain heuristics)

. , X q X y . (addition
sequence heuristics), ,
250 . (Bos) [10, 4].
,
y g y ,
, .
15.10
, .
,
DH , ( ). ,
, , . .
298
15.
-, - , . 50
, , ! , , 50
.
. ,
.

- . , ,
, .
-, . , , -. - (Marius Schilder), , , ,
. , ,
. - ( , ).
-. ,
, -
. ,
. !
,
.
. ,
. : !

,
. . : DH,
DH . -
15.11.
299
, .
, - . ,
, , . ,
.
- ,
. ,
. . ,
, , ,
. ,
, , . : ,
. , ,
: ,
.
15.11
, . .
,
. . ,
, , , , ,
.
15.12
,
. , ,
.
MAC,
, : ( ),
. MAC , .
300
15.
. , , . ,

.
; ,
SRP [96]. . ,
.
, , .
(Stanford University) SRP, , ,
, SRP. ,
. ,
, .
16
. II
, , .
16.1
. , .
. , , , , . ,
(Add With Carry ADC)
. C .
, , . ,
, , , .
. .
[54]. ,
, ,
.
301
302
16. . II
, . 264 (
18 ) , .
220 ( ) ,
. , , , .

1 .
, . S- AES,
.
. ,
,
.
,
.
.
, , . , ,
, .
,
232 264 . .
.
32- 240
, 32-
, 64 .
, . , . ,
. 1
IDEA
MARS, .
16.1.
303
, . ,
a < b,
a = b 1, a = b a = b + 1 (,
).
. , . ,
, , ..,
.
. .
, RSA,
, p, q. ( ,
CRT-.) ,
+ kq, k . ( , , q,
p, + kq.) 3 mod n ,

. ( + kq)3 3 q.
n, q
n .
!
, ? -,
. - . , , . -,
. , . -,
.
.
16.1.1
, , (wooping).
(David Chaum) (Jurjen Bos)
. -
304
16. . II
- woop 2 .
. [10, 6],
wooping, .
, .
. , . ,
.
,
. ,
, , ( ,
,
).

t 64-128 . t
, . t
. x, , x
:= (x mod t). x

WOOP(x). WOOP(x) . . WOOP(x)
.
, x WOOP(x).
, , x
x mod t.
WOOP. ,
WOOP , WOOP
, WOOP , .
c := a + b. ,
, c, c = a
+ b(modt). 2
wooping ( whooping) , . , . . .
16.1.
305
.
c , , c mod t = c. , .
n ,
. c = (a +
b) mod n, c = a+b+k n, k
, c 0, . . . , n 1.
. k 0
1 , a b 0, . . . , n1. n) mod t.
c = (
a+b+k
,
k. k,
k.
.
c = a b + k n. c = a
b + k n
(modt),
a
, b, n
k. ,
k - .
,
. : a b, n, .
k,
WOOP(k). c.
.
, .
. (
,
.) x WOOP(x)
WOOP
WOOP .
, , , WOOP WOOP .
WOOP , WOOP
.
, WOOP
.
306
16. . II
WOOP.
x, , (x mod t) = x
.
, x mod t x
. ,
,
, t . , ,
t, . ,
t. , .

. .
WOOP(x)? . , , 1/t. , . , , , .
, . t
; t, , .
?
, , . ,
t. t
, .
, 64- t,
16 64 = 1024 .
, ,
t , .
t, .
, t. , , 128 , t
128 .
16.1.
307
,
; , .
, , , .
(fatal error).
. t 64- .
128- .
64- t, 32-
, . 32- t
32- ,
.
, ,
WOOP(x). ?
: (x mod t) = x
. , , , .

. , ,
. , , ,
, .
16.1.2
DH
,
. DH, ,
. , ,
q. , , , , .
- ,
,
. ,
, .
, -
308
16. . II
g x x,
.
DH , . , , x g x . ,
, DH
. , , -
.
16.1.3
RSA
RSA , . -
, ,
, .
,

RSA. , RSA
c = m5 mod n, m , c .
, c1/5 mod n
m.
( , ). , ,
RSA .
, z , c z 5 = (m z)5 mod n.
: c = m5 z 5 , , (mz)5 c z 5 . .
z,
.
RSA ,
.
16.1.4
RSA
RSA . , , -
16.2.
309
.
.
RSA , . .
16.1.5
. ,
, .
,
,
.
,
, .
. ;
, . , , ,
.
16.2

, . [67]. ,
. [25].
(x mod n),
x n. x , n. : x 2. x ,
x 2, .
x , n (, , x n),
2. ( n. , n. ,
n.) n k , x
(n 1)2 , k 2. -
310
16. . II
0, . . . , 2n 1,
n.
- ! 2,
. (x mod n),
x/2k mod n k. , 2k . , .
, 2k . , .
,
. ,
. (, ,
, .) 2k
.
, , . x x 2k .
x y,
. ,
x 2k y 2k , x 2k y 2k n
2k .
x y 2k ,
xy. , , , ( 2k )

( 2k ). x (22k mod n). ,
, , x y 2k k , 2k .
n,
, 2n 1. (
) n.
, . , w . x z,
x + zn . -
16.3.
311
, z
x -,
n. x + zn
, 2w ,
. , .
16.3
-
9.5. , , .
-.
, . ,
,
, . , , . ,
, ,
.
, .
IDEA [60, 61] MARS [13].
, .
( RC6 [77] MARS)
( RC6 RC5), , .
-. , ,
,
.

-. ,
,
. , .
, , .
Web- . -
312
16. . II
SSL
RSA, .
, RSA . ,
, .
, , A ,
B, ,
.
.
A B .
,
, , ,
. , ,
A B.
,
.
.
, , [55].
16.3.1
-.
,
. , . ,
, , .
, . -, ,
, , , . ,
, .
.
- . , ,
, , -
16.3.
313
. , (, ),
. , -,
, , , .
, , -, . .
- . d,
. t, ,
t + d.
, - . ,
- .
, , , , , t + d.
, , -
. , ,
. -,
Internet.
, -
, [55].
.
- .
, .
, ,
.
.
. ,
, .
,
314
16. . II
, , .
t, t + C,
C . , ,
,
t + C.
, , .
16.4
.
.
, . (
), .

.
, , .
16.4.1
. , ,
.
, () .
, . (-
Kerberos.)
, , .
, .
,
.
16.4.
315
. , ,
. ,

.
, .
,
.
16.4.2
, . , . .
.
. .
. , . , .
.
.
.
, . , , TCP,
. ,

. ,
,

, .
, , . ,
n 1
n.
316
16. . II
n, ,
. .
, ?
n n 1, , .
, , . .
n 1, , n . ,
. , .
, n 1
n1, . ,
.
. , n. ,
n,
.

, .
? .
,
.
.
.
,
, .

. , , . ,
n 1 , . n 1,
. ,
, . ,
n 1 .
, n 1, -
16.4.
317
. ,
, ,
, , .
16.4.3
.
, .
.
, ?
. , , ,
.
.
, ,
. .

(SYN flood attack). ,
, .
, .
. , , Internet,
.
,
. ;
, 15 ,
.
20 , .
III
17
,
: .
. , ,
.
17.1
.
. ,
,
.
.
17.1.1
. , , , .

. , ,
, .
.
17.1.2
320
17.1.
321
. . , ,
. ,
.
. .
. , ,
.
, 10, . ,
. 128 , 256- .
. ,
.
.
17.1.3
, , , . .
,
,
, . , ,
,
.

.
. -
,
.
; , ,
.
( ) ,

, .
322
17.1.4
17.
. , , .
, . , . A B , ,
, .

.
, , ,
.
. , : ,
. , . ,
2020 .
:
. ,
2020 ,
,
. , , , .
17.2

.
. , ,
. ?
, .
,
, .
, . , -
17.3.
323
, , . , .
, , ,
. 10
. ,
, ,
. .
1980 . ,
, -
2028 .
,
. -
. , . , .
17.3
17.3.1
, -
.
. , .
, -
, .
, , .
, - . ,
.
. , ,
, .
,
.
324
17.
. , 23:55
(11:55 p.m.) , .
.
,
.
, , .
, , .
,
,
? .
17.3.2
, .
, . , , . ,
, . , .
, , .
,
.
,
. , . 10
. - .
. , , .

. , .
.
-
17.3.
325
, . , , . ,
, ,
. , , .
, : , . !
17.3.3
, . . , ,
. Internet,
.
eBay . eBay ,

.
. - 30 . , 30 .
, , . ,
.
,
.
, .
. , ,
- ,
.
326
17.4
17.
.
.
, .

, .
,
- .
, . , , .
, ,
.
( )
. , . , .
, .
, .
. 1980 , , , - . ,
. , , .
,
, 1 . ,
.
.
, Internet intranet.
, ,
NTP [65] SNTP [66].
1
OK,
, ,
, .
17.5.
327

, . , . , ,
, .

(PKI). , 19, PKI: ,
PKI , . , , .

,
.
17.5
,
.
-.
, , ,
, (, ), , , .
.
, , , .
. ,
. ,
.
,
.
.
, .
, ,
. - : -
328
17.

. , ,
, . , (,
).
.
, .
, . , , . ,
. ,
. .

. ,
, . , , . ,
.
.
.
, ? , . , ,
, . -
, 10 !

. ,
, : - ,
. , .
, - .
17.6.
329
, .
, .
,
.
.
. . . ,
, .

, . . , .
, ,
, ,
.
, .
17.6
, , . : .
, ,
.
. :
,
.
. , .
,
. ,
. ,
330
17.
, , .
UTC.
, ,
.
UTC
.
UTC (leap seconds). UTC
, .
: , 61 . .
. ,
. , . -
, , ,
. , 60 .
UTC,
.
,
. ,
.
,

. ,
.
, , UTC, GMT, TAI
UT1, Internet.
17.7
, . , , .
. !
18

. , , . .
, , .
, Internet. ,
.
,
, .
, . .
, , ,
, ,
, , , , ,
, , .
-, .
, .
,
.
(key server).
331
332
18.1
18.
, , .
,
. , KA ,
. KB , .
.
, . ,
, .
, , .
, . ,
. ,
KAB , .
18.2
Kerberos
Kerberos ,
[57]. Kerberos
(NeedhamSchroeder) [75].
Kerberos .
, .
KAB , KAB ,
KB .
KA , . KAB ,
KB , , KAB . KAB ,
( , , ).
Kerberos , ,
Kerberos
(Key Distribution Center KDC),
. , , . , -
18.3.
333
, .
, . ,
. ,
, .
, ,
Kerberos, .
, . , , .
,
. . , Kerberos.
.
18.3
Kerberos .
. , . ,
1 . .
,
. ,
. ,
, Kerberos.
, . 100 000
:
1 , 100 . ,
,
, .
, . ,
1
(ticket) , .
Kerberos.
334
18.
. , : .
,
.
. , , ,
.
,
.
, ,
, 2 .
, . ,

.
18.3.1
. ,
KA .
, 15, . (
KA , , (. 15.12). , ,
.)
0 .
KA
,
.
0 KA
(. 8, ). , . , , .
.
.
2
- - ,
.
18.3.
18.3.2
335
, .
, ;
. , .
. , KAB
. , ,
.
:
,
. , .
18.3.3
0 .
, KA
,
(
0 .
KA ), KA
,
.
,
. , .
KA ( ), .
, ,
. , ,
( ,
) .
336
18.3.4
18.
, , Kerberos,
. . ,
.

. KA ,
0 , ,
KA
,
, .

.
,
. ,
, - .
,
. , , , , . , , ,
.
18.4
,
Kerberos. .
, Kerberos , , . ,
, , , .
, .
19
PKI:

(PKI) , . , ,
. ,
,
. , ,
.
19.1
(Public-Key Infrastructure PKI)

, ,
. .
, (Certificate Authority CA). - (, RSA)
. , .
,
.
, - . , PKA
: , , 337
338
19. PKI:
PKA . ,
, ,
: PKA . (certificate). ,
.
, ,
.
,
. , , PKA
.
,
,
.
. , ,
,
.
,
.
,
. .
.
19.2
, .
19.2.1
, .. ( ),
. ,
, .
( , ),
.
19.2.
339
, , .
.
19.2.2
,
(virtual private network VPN).
, , .
VPN ,
, . IT-
. , VPN .
19.2.3

Web- . , , .
.
19.2.4
.
, , , . , , , , . ,
,
. ,
, .

,
, .
340
19.2.5
19. PKI:

. . , , ,
, . ,
. ,
,
. ,
.
19.3
, PKI
.
19.3.1
.
,
. . .
. PKX X . . : , , ,
. (certificate chain)
.

. ,
. PKI . ,
,
, , , -
19.3.
341
. , , , , , .
, , , ,
. ,
. , .
, . ,
. . .
, . ,
. . Web Internet PKI,
.
. ,
Web-! ,
, Microsoft. ,
, .
. . . ,
. , , , nastyattacker.com ,
amazon.com. Microsoft Internet Explorer ,
. Amazon,
nastyattacker.com, Web- Amazon. : ,
,
- ! ,
Microsoft ( , ).
, -
342
19. PKI:
. , ,
.
19.3.2
; .
, . , , , , . . ,
.
.

. .
.
. ,
.
, , ..
, .
X.509 v3,
.
, (Peter Guttmann) [39]. , X.509 v3 .
- X.509 v3
.
19.3.3
. . ,
. IT; .
.

. -
19.4.
343
, .
, ,
. , ,
,
.

. ,
, , (Registration Authority
RA). , 100
. . ,
.
, ,
. , ,
. .
IT-, ,
. , ,
, , .
, ,
, , , .
IT- .
, .
, , , ,
.
19.4
, , , .
-
344
19. PKI:
.
-
, . , ,
, , .
, ,
. . .
20
PKI:
.
. ,
, ,
. , . ,
, .
20.1
. . ?
. . ,
, . ,
, ,
. ,
. ,
.
,
, , . ,
, , . (
), .
345
346
20. PKI:
, , .
, .
. , . , .
, . ,
. ,

. ,
. ,
.
, ,
,
.
,
. ,
. ,
.
, ,
!
.
, , ,
. ,
, .
.
Internet. . Internet?
: .
. , jsmith533@
yahoo.com. , , ,
, .. , . ,
, - .
, . , Internet
, ,
. ,
.
. ( , , .)
20.1.
347
,
. , ,
.
, . , , . ,
,
, .

; ,
, . , ,
1 .
,
. , ,
. , , , ,
, .
, , , , . - . - , . ,
. , ,
,
.
(Social Security
number SSN) SoFi .
,
.
, .
,
. ,
,
.
1
, .
348
20. PKI:
. . , . , , , , - SSN
SoFi. .

? , . ,
, .
,
. .
, , , , .
20.2
, ?
? , , ,
, , ?
. , ,
. .
, .
, ,
.
.
, ,
. ,
. ,
, .
, -
20.3.
349
.
.
20.3
,
. , , ,
. , , . , ,
.

, .
-, , , ?
?
, ?
? ?
. ,
,
- Web-. . .
. , . ,
- . , ;
. ,
, , -
, .
.
.
,
. , . ,
. . ; , -
350
20. PKI:
, ,
.
. .
, , .
: ,
,
.
20.4
PKI. , .
, ;
.
, . ,
.

(access control list ACL). , ,
. (, :
/usr/bob, , ),
(,
). ,
.
, : , - . ,
, , . ,
, . ,
[27].
-, .
20.5.
351
, . , .
, , . ,
, , ,
?
?
, ,
.
.
. ,
. ,
.
20.5
,
. ;
[27].
,
, , .
,
.
.

, . ,
. - , , ,
. ,
. -, , ,
. , , , . ,
352
20. PKI:
, , ,

. ,
, .
, , ?
- . ,
.. , ,
,
. ,
. , ,
, .
- . , , , . .
, , . , , , ,
. ,
.
, ,
.
20.6
,
. , .
(credential) . ,
,

. , , : PKB X ,
PKA .
X, , , -
20.6.
353
, X
.
. ,
, . ,

X 2 .
.
.
-, , .
- ,
.
-, . ,
,
. , , . ,
, , ,
. ,
, .
, ( ) ,
- , .
-, ,
.
, . ,
,
, . .
, 2
, ,
.
- ,
. , ,
, , .
.
354
20. PKI:
.
, -
,
.
, , , .
.
, , ,
. , . , ,
. ,
, .
. ,
.
PIN-. ,
. , .
. , , - .
, ,
.
, !
, , . ,
.
, , , .
. -
, . , , .
. -
20.7.
355
,
.
. , .
20.7
, , .
,
PKI.
.
.
.
.
.

.
,
. ,
, .
, , , .

. , .
, . , ,
. ,
! , ( ),
.
356
20. PKI:
20.8
(revocation) . , ,
. ,
, ,
. , .
, . . ,
. 10
PGP. , , 3 .
.

, ,
.
, .
.
?
. ,
? ?
. ?
:
.
20.8.1
(certificate revocation list CRL) , .

3
PGP , PKI (web of trust).

,
.
20.8.
357
, ,
, .
. , . ,
. , ,
.
, . PKI
,
. , (single point
of failure): , -
. ,
PKI , . , ,
, .
. ,
, ,
. ,
,
. : .

.
STU-III (Secure Telephone Unit, Third Generation
). ,

. .
(, )
Web- .
, . , . ,
, .
, 50 . , .
358
20. PKI:
, .
, , .. ,
.
20.8.2
. .
( 10 24 ).
, , .
. ,
10 .
.
, . , ,
. , PKI .
,
.
, ,
.
20.8.3
, . .
.
- .
, , , .
,
20.9.
359
. , ,
.
, , .
20.9
, ,
.
, , ,
.
( )
.
.
.
, . . ,
, ,
. . , , .
, ,
.
, 18, .
.
,
. ,
. .
.
, .
, , ,
. , , . -
360
20. PKI:
.
, .
,
.
-
. .
. , . , .
,
, .
. . ,
.

. : , . . , ,
, . , ,
,
.
, , ,
.
PKI . ,
,
, . , . ,
, . , , ,

, .
20.10.
361
, ,
.
. , , .
20.10
? ? ,
.

. . ,
.
. , .
. , , , .
,
.
.
, , ,
. ,
.
, .
(logical framework).
, , . ,
, , , .
21
PKI
,
. , , . ,
. ,
. , .
21.1
, X.509. ? [39].
. .
, .
:
, ,
. XML, ,
, - ,
.
21.1.1
(, , ) ,
362
21.1.
363
. , ,
, , , . , ,
,
. , , . , PKI. , ,
, . ,
, .
21.1.2
- , - . . (, ) .
, . -
:
. (self-certification), .
, -
. .
. , ,
. , ,
.. , , , .
, . , ,
(root certificate) .
. , .
364
21. PKI

, .
, Web-, ,
.
, , . ,
. , , .
!
, .
.
.

, .
,
. , ,
.
,
.
.
, ( ) (
,
). , .
21.2
. .
. ,
21.2.
365
.
.
.
. -
.
. .
, . ,
.
. ,
, . , , ,

.

.
.
,
, ,
.
, , . . , . , , , , , .
. .
.
.
,
,
. ; .
-.
366
21. PKI
, , .
.
.
? . , ,
. ,
,
.
.
,
. , , , . ,
, .
,

. ,
. , , .
, .
.
,
.

. ,
,
.
.
- , , , , .
, 13.7. -
21.3.
367
.
, ,
.
21.3
, , ?
.
, .
.
, . . - ,
. , . ,
.
, .
, ,
. , . -
, . :

, 1 .
, , .
, , . , .
, . , - 1
, ,
.
: A,
. ,
,
.
368
21. PKI
- .
. (
, , .
.)
, . ,
.
, .
, ,
, ,
.
? . ,
. , 10 , : 10
, .
, , , 2 . ,
,
, ,
, .
, , , .
. .
21.4
, , , , ,
.
, , .
, , ,
. , ,
, . , .
2
,
(, ).
22

9.3 , , . ,
? . -,
. -, (..
) .
22.1
,
. , ,
, . ( ), ,
.
. , ,
- , , , !
,
. , .
, ?
; .
, (),
369
370
22.
, , . (
,
, .)
, , , . , , ? , , ,
- . .
, . ,
RSA .
,
, .
22.2
.
, .
, . , Web-,
, .
. , . , : .
, ,
; , , .
, , , .
. , .
.
( ,
), 19 .
, , ,
1,5-2 .
22.2.
371
, 128- 256- .
256- .
(
), .
256 ,
, , 128 1 .
2 ,
128 64 . . .
, 64 ?
.
2 , ,
32 .
. 6-8 .
. , - ,
, 7193275827429946905186?
, , aoekjk3ncmakwe?
, . (
, , ,
.)
- (passphrase).
, . ,
. , :
.
- : .
, . ,
38 , 57-76 .
: , 52 ,

78-104 .
, , , , 1
: , ,
128 .
372
22.
. ,
, .
.
, -. , , ,?. , , .
:
, ? 2 ,
. ,
, ? - , .
, .

,
,
. , , . ,
-
.
, , . ,
. ,
, 128 .
22.2.1
, . . ,
, . .
2
. . . .
22.2.
373
, (salt).
, , . , 256- .
(stretching) .
.
p , s .
h, :
x0 := 0,
xi := h(xi1 k p k s) i = 1, . . . , r,
K := xr .
K
. r , ,
. (, ,
xi K 256 .)
.
s , K, K, . p, K,
, . , p
. p, r
. r, .

. , , . , , , 200 . r: r , K(s, p) 200 1000
.
, r .
r ,
, r s. (
, r .)
? r = 220 ( ), 220 . 260
280 , r = 220 -
374
22.
20 . r,
.
. r
,
r. (Moores law), . 10 , ,
.
,
.
, , .
, ,
. 10
. , , , , ,
.
( - ), ,
10 .
,
. , .
,
. ,
:
p, K
K. ,
, .
, . ,
.
,
-.
, .
?
. , 128- -
22.3.
375
( ,
), ?
, 256-
.
, , . ,
. , , -
,
, . ,
. ,
r, , , r .
22.3
- .
, .
Web-.
( )
, - ,
, .
, . , ,
.

, .
, -
. ,
.
. -, ,
. , , 256- ,
. -
376
22.
, . , , ,
.
22.4
( ) , (secure token). , .
- ( )
iButton, USB- PCMCIA.
(.. , ) .

, .
, , ,
- . ,
.
, , . , . - ,
.
,
. ;
, .
, - .
,
, .
3 .
3
,
. ;
, .
22.5.
377

.
,
.
. ,
.
, ,
.
, .
. ,
- ,
- -
, ,
50 . , . , , .
, . , , ,
.
.
, , .
22.5
,
. ,
, . ,
, , , , . ,

, .
378
22.
, . (, , PIN) ,
.
PIN- . , PIN-
, .
, .
, , ,
. , . , , ,
.
, , . , , , PIN-.
. , ,
, .
, ,
PIN-. , .
. , (,
Palm).
,
, , ,
.
.
, .
, . ,
, , , .
,
22.6.
379
, ,
, .
22.6
, , . - .
.
, , , . 2002 (Tsutomu Matsumoto)
,
, [63].
,
( , )
.
, , , . , ,
. , .
( !),
. : , , ,
.
, .
, , . ,
,
. , ,
PIN- .
, . , ,
, . ,
,
.
380
22.
. , ,
. ,
, ,
. .
,
. ,
.
, .
,
. -
?
, ,
, . ,
, . 10 , ,
.
22.7
, . (single sign-on
SSO). , , , ,
, .
. , , ,
. . , ,
. ,
22.8.
381
, .
, ,
.
,
,
.
Password Safe,
. , , , . ,
, .
, .
22.8
, ?

? .

.
, ,
, . ,
, . !
,
.
. , , ,
. - ,
, . ,
?
,
. , , . ,
, :
.
382
22.9
22.
, .
, . .
, .
(secret sharing), , ,
. . ,
. , ,
, .
. ,
.

.
. k n ( , , k )
(n k ). ,
, : ,
, .

, . , ,
, .
, . ,
,
. ,
,
. ,
, , -
. , .
22.10.
383
, , , . ,
, , - IT. , .
- , ? .
, ,
. ,
, -
. , , -
.
, , -,
, -,
.
22.10
, . ,
, . 9.3.
.
, , : , ,
, , EPROM, EEPROM, - RAM, .

, , .
22.10.1
, , . , .
384
22.
,
, .
22.10.2
.
.
, , [38],
, , .
. ,
. ,
. , , , . /,
, ,
. , .
.
, -
.
/ , , , .

/,
, .
, , . .
.
, , ,
, . ,
.
22.10.
385
, , . ,
,
, .
, , .
,
, , .
, , . ,
.
,
, . ,
, - . (
, .) ,
50 100
.
. , , . ,
,
.
,

, - . , , , .
( ),
. , ,
,
.
,
.
386
22.10.3
22.
, , EPROM, EEPROM -. .
(. 9.3.4).
,
.
, .
IV
23
.
.
. , , ,
.
23.1
, , , . - ,
, Internet (Internet Engineering Task Force IETF), (Institute of Electrical and Electronics
Engineers IEEE), (International Organization for Standardization ISO)
(European Committee for Standardization CEN).
, . -: , - . ,
. , , . ,
. , , , . ,
(
388
23.1.
389
, ..). ,
.
.
.
, .. ,
. , .
, .
? , . , .
. . ,
. ,
. , .
, ,

. , , .
,
. ,
.
, . , - , , , . ,
.
.
, , , . -
390
23.
,
.
.
. . ,
. ,
, , ..
, , .
.
,
,
. , ,
- . , ,
,
.
, , ,
. .
23.1.1
,
. , , ,
, , . ,
, . , , .
,
,
.
23.1.2
,
.
23.1.
391
, -.
, , , , , . ,
,
, .
. , ,
, , ,
. , .
, .
,
, , . HTML-
,
, ,
. ,
.

. , , ,
,
.
23.1.3
, . , .
, ,
, .
, . , .

- ,
. ,
.
392
23.
, , :
. . . , , . . . , . . . , , . . . , . . . .. , .
, , , : ,
, .
(.. )
, , ,
, , . , , . , , ,
, . , , ,
. ,
, .
, ,
. , - , ,
.

, . , .
- . . .
23.2
SSL
, Web- Web-. ,
, SSL 2,
. SSL SSL 3 [36]. -
23.3. AES:
393
- . SSL 3 .
: SSL , , , , . Web- SSL
(PKI), PKI, , ,
. 108 35
. , ,
35 ,
, Web.
SSL -.
Netscape -. SSL ( TLS)
IETF. TLS.
TLS SSL ,
, TLS - SSL 3. ,
IETF , , IPSec [32], ,
.
23.3
AES:
AES , . AES
.
. ,
.
.
.
,
. ,
. , - .
, ,
. -
394
23.
.
.
, , ,
. ;
, . ,
- , .

(NIST) AES, . 15 ,
. - . ,
; , , ,
.
,
, , , . , , , ,
.
, , . ,
, . -
(
), , , .
,
, , .
24
, . ;
, . (
, , .) ,
, , ,
. , ,
.
, .
24.1
, ,
. , , , (prior art). ,
, ,
. 2001 , ,
[51]. ,
. , .
, , .
,
,
.
395
396
24.
,
, . ;
. ,
. ,

- , ,
. . , ,
. ,
,
: 10 .
24.2
. , , , . ? ; ,
. ,
(disclosure document), . ,
.
. , ,
.
, , ,
- . ,
. ,
, ,
.
, .
24.3.
397
. ,
;
.
24.3
,
, , .
. 20-
.
, , .
,
.
, ,
. ,
, ,
, ? , ! , , .
, .

, .
24.4
: ! , , , . ,
. , , , ,
.
, (
), . ,
.
: , , , ,
, .
, , .
, . , ,
398
24.
, , . ,
, .
, .
,
.
24.5
, , .
.
.
-
. .
. ,
.
, , -. 80-
, RSA DH
,
.
.
, .
, .

. ,
, - ,
.
XCBC, IACBC OCB.
, . ,
-
. ,
, ,
24.5.
399
.
( ), , , , . , XCBC
,

, .
, , , OCB,
,
. (, , ). ,
. ,
. , , .
, ( , )
. , ,
,
, .
,
. . , , ,
.
, XCBC, IACBC
OCB, CCM (. 8.5).
CCM , . , .

, . . . ,
.
400
24.6
24.

, . , .
, , ,
. - .
, , ( ).
, -. ,
, .
24.7

. , . ,
,
. , . 20 , IT- . ,
. IT- ,
.
, , ,
, . ,
, ,
.
, . ! , , . -
. .
,
.
,
24.8.
401
. , , ,
.
.
, , , ,
.
, IT- ,
. ,
, , . , .
. ,
, - . ,

, .
, ,
, .
, , . ,
,
.
, . ,
. , , ,
,
. ,
, - , .
24.8
. .
. ,
, ,
.
!
25

: , , .

. -, ,
. , - , - , . , , , ,
,
.
, Applied Cryptography [86, 87],
, .
. ,
, .
802.11.
, WEP (wired equivalent privacy ) .
, .
. RC4, , , .
RC4 , . WEP ,

. , , ,
402
403
.
RC4 ,
. , :
, RC4, [35]. CRC (cyclic redundancy check
), ,
, ( ) ,
. , .
- .
, . ,
.
WEP ; .
WEP , . :
. WPA (wireless protected access
) .
WEP . , ,
- 802.11, .
: , ,
Applied Cryptography.
, ,
.
. , , ,
.
, .
, 70%. ,
, 90%. . , .
, . ,
.
404
25.
,
? , ,
, - ,
.
,
. , . , , ,

. , ,
, .
, . ,
.
- , :

. - , . .
,
.
, , .

, , .
. , , . , .

, .
. , ?
, . , ;
, . , ,
;
, .
405
, . . , , , , . 1020 .
. ,
. ,
,
, ,
.
, .
. ,
. , , , . ,
,
. ,
.
, , , .
; . , , . , - . DigiCash 1990- .
. , , .
, .
Secrets and Lies [88] :
, . ,
. , .
-
406
25.
,
. , ,
. , , , .
,
, .
, .
, , .

, . ,
. , . ,
, ,
, .
(Beth Friedman), , (Denise
Dick), , . ,
. Internet.
(Carol Long) Wiley .
, ,
.
407
1. Anderson R.J. Security Engineering: A Guide to Building Dependable Distributed Systems. ? John Wiley & Sons, Inc., 2001 (ISBN 0-471-38922-6).
2. Anderson R., Biham E. and Knudsen L. Serpent: A proposal for the Advanced Encryption Standard. ? In: National Institute of Standards and
Technology, August 1998 (. http://www.cl.cam.ac.uk/~rja14/serpent.
html http://www.nist.gov/aes).
3. Bellare M., Canetti R. and Krawczyk H. Keying Hash Functions for Message
Authentication. ? In: Koblitz N. (ed.). Advances in Cryptology CRYPTO
96. Lecture Notes in Computer Science. Springer-Verlag, 1996, vol. 1109,
. 115.
4. Bellare M., Killian J. and Rogaway P. The Security of Cipher Block Chaining. ? In: Desmedt Y.G. (ed). Advances in Cryptology CRYPTO 94.
Lecture Notes in Computer Science. Springer-Verlag, 1994, vol. 839, . 341
358.
5. Bennett C.H. and Brassard G. An update on quantum cryptography. ? In:
Blackley G.R. and Chaum D. (ed). Advances in Cryptology, Proceedings of
CRYPTO 84. Lecture Notes in Computer Science. Springer-Verlag, 1984,
vol. 196, p. 475480.
6. Biham E., Dunkelman O. and Keller N. The Rectangle Attack Rectangling
the Serpent. ? In: Pfitzmann B. (ed). Advances in Cryptology EUROCRYPT 2001. Lecture Notes in Computer Science. Springer-Verlag, 2001,
vol. 2045, p. 340357.
7. Biham E. New Types of Cryptoanalytic Attacks Using Related Keys. ? In:
Helleseth T. (ed). Advances in Cryptology EUROCRYPT 93. Lecture
Notes in Computer Science. Springer-Verlag, 1993, vol. 765, p. 398409.
8. Black J., Halevi S., Krawczyk H., Krovetz T. and Rogaway P. UMAC: Fast
and Secure Message Authentication. ? In: Michael Wiener (ed). Advances in
Cryptology CRYPTO 99. Lecture Notes in Computer Science. SpringerVerlag, 1999, vol. 1666, p. 216233.
408
409
9. Bos J. Booting problems with the JEC computer. ? Personal Communications, 1983.
10. Bos J. Practical Privacy. ? PhD thesis : Eindhoven University of Technology,
1992 (. http://www.macfergus.com/niels/lib/bosphd.html).
11. Brassard G. and Crepeau C. Quantum Bit Commitment and Coin-Tossing
Protocols. ? In: Menezes A.J. and Vanstone S.A. (ed). Advances in Cryptology CRYPTO 90. Lecture Notes in Computer Science. Springer-Verlag,
1990, vol. 537 p. 4961.
12. Brincat K. and Mitchell C.J. New CBC-MAC forgery attacks. ? In: Varadharajan V. and Mu Y. (ed). Information Security and Privacy, ACISP 2001.
Lecture Notes in Computer Science. Springer-Verlag, 2001, vol. 2119, p. 3
14.
13. Burwick C., Coppersmith D., DAvignon E., Gennaro R., Halevi S., Jutla C.,
Matyas S.M. Jr., OConnor L., Peyravian M., Safford D., Zunic N. MARS
a candidate cipher for AES. ? In: National Institute of Standards and Technology, August 1998 (. http://www.research.ibm.com/security/mars.
html http://www.nist.gov/aes).
14. Cachin C. Entropy Measures and Unconditional Security in Cryptography. ?
PhD thesis, ETH : Swiss Federal Institute of Technology (Zurich, 1997)
(. ftp://ftp.inf.ethz.ch/pub/publications/dissertations/th12187.
ps.gz).
15. Carroll L. The Hunting of the Snark: an Agony, in Eight Fits. ? London :
Macmillan and Co., 1876.
16. Chabaud F. and Joux A. Differential Collisions in SHA-0. ? In: Krawczyk H.
(ed). Advances in Cryptology CRYPTO 98. Lecture Notes in Computer
Science. Springer-Verlag, 1998, vol. 1462, p. 5671.
17. Courtois N. and Pieprzyk J. Cryptanalysis of Block Ciphers with Overdefined
Systems of Equations. ? Cryptology ePrint Archive, Report 2002/044, 2002
(. http://eprint.iacr.org/).
18. Daemen J. and Rijmen V. AES Proposal: Rijndael. ? In: National Institute of
Standards and Technology, August 1998 (. http://www.esat.kuleuven.
ac.be/~rijmen/rijndael http://www.nist.gov/aes).
19. Davis D., Ihaka R. and Fenstermacher P. Cryptographic Randomness from
Air Turbulence in Disk Drives. ? In: Desmedt Y.G. (ed). Advances in Cryptology CRYPTO 94. Lecture Notes in Computer Science. Springer-Verlag,
1994, vol. 839, p. 114120.
20. Den Boer B. and Bosselaers A. Collisions for the compression function of
MD5. ? In: Helleseth T. (ed). Advances in Cryptology EUROCRYPT 93.
410

304.
21. Diffie W. and Hellman M.E. New Directions in Cryptography // IEEE

Transactions on Information Theory. 1976. IT-22(6). . 644654.
22. Dijkstra E.W. The Humble Programmer // Comm. of the ACM. 1972.
15(10). . 859866. ( EWD340, http://www.cs.utexas.
edu/users/EWD/ewd03xx/EWD340.PDF.)
23. Di Crescenzo G., Ferguson N., Impagliazzo R. and Jakobsson M. How To
Forget a Secret. ? In: Meinel C. and Tison S. (ed). STACS 99. Lecture Notes
in Computer Science. Springer-Verlag, 1999, vol. 1563, p. 500509.
24. Dobbertin H. Cryptanalysis of MD4 // J. Cryptology. 1998. 11(4).
. 253271.
25. Dusse S.R. and Kaliski B.S. Jr. A Cryptographic Library for the Motorola
DSP56000. ? In: Damg
ard I.B. (ed). Advances in Cryptology EUROCRYPT 90. Lecture Notes in Computer Science. Springer-Verlag, 1990,
vol. 473, p. 230244.
26. Dworkin M. Recommendation for Block Cipher Modes of Operation Methods and Techniques. ? National Institute of Standards and Technology,
December 2001 (. http://csrc.nist.gov/publications/nistpubs/
800-38a/sp800-38a.pdf).
27. Ellison C. Improvements on Conventional PKI Wisdom. ? In: Smith S.
(ed). 1st Annual PKI Research Workshop Proceedings. 2002, p. 165175
(. http://www.cs.dartmouth.edu/~pki02/Ellison/).
28. Evertse J.-H. and Van Heyst E. Which New RSA-Signatures Can Be Computed from Certain Given RSA-Signatures? // J. Cryptology. 1992.
5(1). . 4152.
29. Feistel H., Notz W.A. and Smith J.L. Some Cryptographic Techniques for
machine-to-Machine Data Communications // Proc. of the IEEE. 1975.
63(11). . 15451554.
30. Ferguson N., Kelsey J., Lucks S., Schneier B., Stay M., Wagner D., Whiting
D. Improved Cryptanalysis of Rijndael. ? In: Schneier B. (ed). Fast Software Encryption, 7th International Workshop, FSE 2000. Lecture Notes in
Computer Science. Springer-Verlag, 2000, vol. 1978, p. 213230.
31. Ferguson N., Kelsey J., Schneier B. and Whiting D. A Twofish Retreat: Related-Key Attacks Against Reduced-Round Twofish. ? Twofish Technical Report 6, Counterpane Systems, February 2000 (. http://www.
counterpane.com/twofish.html).
411
32. Ferguson N. and Schneier B. A Cryptographic Evaluation of IPsec, 1999 (.

http://www.counterpane.com/ipsec.html).
33. Ferguson N., Schroeppel R. and Whiting D. A simple algebraic representation of Rijndael. ? In: Vaudenay S. And Youssef A.M. (ed). Selected Areas
in Cryptography, 8th Annual International Workshop, SAC 2001. Lecture
Notes in Computer Science. Springer-Verlag, 2001, vol. 2259.
34. Ferguson N. Collision attacks on OCB. ? Comments to NIST, February 11,
2002 (. http://csrc.nist.gov/CryptoToolkit/modes/ http://csrc.
nist.gov/CryptoToolkit/modes/comments/Ferguson.pdf).
35. Fluhrer S., Mantin I. and Shamir A. Weaknesses in the Key Schedule Algorithm of RC4. ? In: Vaudenay S. and Youssef A.M. (ed). Selected Areas
in Cryptography, 8th Annual International Workshop, SAC 2001. Lecture
Notes in Computer Science. Springer-Verlag, 2001, vol. 2259.
36. Freier A.O., Karlton P. and Kocher P.C. The SSL Protocol, Version 3.0. ?
Internet draft, Transport Layer Security Working Group, November 18, 1996
(. http://home.netscape.com/eng/ssl3/).
37. Goldberg I. and Wagner D. Randomness and the Netscape Browser //
Dr. Dobbs Journal. January 1996. P. 6670 (. www.cs.berkeley.
edu/~daw/papers/ddj-netscape.html).
38. Gutmann P. Secure Deletion of Data from Magnetic and Solid-State Memory. ? In: USENIX Security Symposium Proceedings, 1996 (. http://www.
auckland.ac.nz/~pgut001).
39. Gutmann P. X.509 Style Guide, October 2000 (. http://www.cs.auckland.
ac.nz/~pgut001/pubs/x509guide.txt).
40. Harkins D. and Carrel D. The Internet Key Exchange (IKE). ? RFC 2409,
November 1998.
41. Intel. Intel 82802 Firmware Hub: Random Number Generator, Programmers
Reference Manual, December 1999 (. Web- Intel http://www.
intel.com).
42. International Telecommunication Union. X.680-X.683: Abstract Syntax Notation One (ASN.1). ? X.690-X.693: ASN.1 encoding rules, 2002 (. www.
itu.int/ITU-T/studygroups/com17/languages/x680-x693_0702.pdf).
43. Jonsson J. On the Security of CTR+CBC-MAC. ? In: Selected Areas in
Cryptography, 9th Annual International Workshop, SAC 2002, 2002 (.
http://csrc.nist.gov/encryption/modes/proposedmodes/ccm/ccm-ad.
pdf).
44. Jueneman R.R. Analysis of Certain Aspects of Output Feedback Mode. ? In:
Chaum D., Rivest R.L., and Sherman A.T. (ed). Advances in Cryptology,
Proceedings of Crypto 82. Plenum Press, 1982, p. 99-128.
412
45. Kahn D. The Codebreakers, The Story of Secret Writing. ? New York :
Macmillan Publishing Co., 1967.
46. Kelsey J., Schneier B. and Ferguson N. Yarrow-160: Notes on the Design
and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator. ? In: Heys H. and Adams C. (ed). Selected Areas in Cryptography,
6th Annual International Workshop, SAC 99. Lecture Notes in Computer
Science. Springer-Verlag, 1999, vol. 1758.
47. Kelsey J., Schneier B., Wagner D. and Hall C. Cryptanalytic Attacks on
Pseudorandom Number Generators. ? In: Vaudenay S. (ed). Fast Software
Encryption, 5th International Workshop, FSE 98. Lecture Notes in Computer Science. Springer-Verlag, 1998, vol. 1372, p. 168188.
48. Kelsey J., Schneier B., Wagner D. and Hall C. Side Channel Cryptanalysis
of Product Ciphers // Journal of Computer Security. 2000. 8(2-3). .
141158 (. http://www.counterpane.com/side_channel.html).
49. Kelsey J., Schneier B. and Wagner D. Key-Schedule Cryptanalysis of IDEA,
G-DES, GOST, SAFER, and Triple-DES. ? In: Koblitz N. (ed). Advances in
Cryptology CRYPTO 96. Lecture Notes in Computer Science. SpringerVerlag, 1996, vol. 1109, p. 237251.
50. Kent S. and Atkinson R. Security Architecture for the Internet Protocol. ?
RFC 2401, November 1998.
51. Granted Innovation Patent No. AU2001100012 A4. Circular transportation facilitation device. Keogh J. Australian Patent Office, August 2001
(. http://www.ipmenu.com/archive/AUI_2001100012.pdf).
52. Killian J. and Rogaway P. How to Protect DES Against Exhaustive Key
Search. ? In: Koblitz N. (ed). Advances in Cryptology CRYPTO 96.
Lecture Notes in Computer Science. Springer-Verlag, 1996, vol. 1109, p.
252267.
53. Knudsen L.R. and Rijmen V. Two Rights Sometimes Make a Wrong. ? In:
Workshop on Selected Areas in Cryptography (SAC 97). 1997, p. 213223
(. http://adonis.ee.queensu.ca:8000/sac/sac97/papers.html).
54. Knuth D.E. Seminumerical Algorithms. Vol. 2 of The Art of Computer Programming. ? Addison-Wesley, 1981. ( . . . 2. , 3- .: . . ? . : .
, 2000.)
55. Kocher P.C. Timing Attacks on Implementations of Diffie-Hellman, RSA,
DSS, and Other Systems. ? In: Koblitz N. (ed). Advances in Cryptology
CRYPTO 96. Lecture Notes in Computer Science. Springer-Verlag, 1996,
vol. 1109, p. 104113.
413
56. Kocher P., Jaffe J. and Jun B. Differential Power Analysis. ? In: Wiener M.
(ed). Advances in Cryptology CRYPTO 99. Lecture Notes in Computer
Science. Springer-Verlag, 1999, vol. 1666, p. 388397.
57. Kohl J. and Neuman C. The Kerberos Network Authentication Service (V5). ?
RFC 1510, September 1993.
58. Krawczyk H., Bellare M. and Canetti R. HMAC: Keyed-Hashing for Message
Authentication. ? RFC 2104, February 1997.
59. Krovetz T., Black J., Halevi S., Hevia A., Krawczyk H. and Rogaway P.
UMAC: Message Authentication Code using Universal Hashing. ? RFC
draft draft-krovetz-umac-01.txt, 2000 (. http://www.cs.ucdavis.edu/
~rogaway/umac/).
60. Lai X. and Massey J.L. A Proposal for a New Block Encryption Standard. ?
In: Damg
ard I.B. (ed). Advances in Cryptology EUROCRYPT 90. Lecture Notes in Computer Science. Springer-Verlag, 1990, vol. 473, p. 389404.
61. Lai X., Massey J.L. and Murphy S. Markov Ciphers and Differential Cryptanalysis. ? In: Davies D.W. (ed). Advances in Cryptology EUROCRYPT
91. Lecture Notes in Computer Science. Springer-Verlag, 1991, vol. 547,
p. 1738.
62. Lenstra A.K. and Verheul E.R. Selecting Cryptographic Key Sizes // J. Cryptology. 2001. 14(4). . 255293.
63. Matsumoto T., Matsumoto H., Yamada K. and Hoshino S. Impact of Artificial Gummy Fingers on Fingerprint Systems. In: Proc. of SPIE,
Vol #4677, Optical Security and Counterfeit Deterrence Techniques IV
(. www.itu.int/itudoc/itu-t/workshop/security/present/
s5p4.pdf).
64. Menezes A.J., Van Oorschot P.C. and Vanstone S.A. Handbook of Applied
Cryptography. ? CRC Press, 1996 (ISBN 0-8493-8523-7).
65. Mills D.L. Network Time Protocol (Version 3). ? RFC 1305, March 1992.
66. Mills D. Simple Network Time Protocol (SNTP) Version 4. ? RFC 2030,
October 1996.
67. Montgomery P. Modular Multiplication without Trial Division // Mathematics of Computation. 1985. 44(170). . 519521.
68. National Institute of Standards and Technology. DES Modes of Operation. FIPS PUB 81, December 1980 (. http://www.itl.nist.gov/
fipspubs/).
69. National Institute of Standards and Technology. Data Encryption Standard
(DES). FIPS PUB 46-2, December 1993 (. http://www.itl.nist.
gov/fipspubs/).
414
70. National Institute of Standards and Technology. Secure Hash Standard.

FIPS PUB 180-1, April 1995 (. http://www.itl.nist.gov/fipspubs/).
71. National Institute of Standards and Technology. AES Round 1 Technical Evaluation, CD-1: Documentation, August 1998 (. http://www.itl.
nist.gov/aes).
72. National Institute of Standards and Technology. Data Encryption Standard
(DES). DRAFT FIPS PUB 46-3, 1999 (. http://csrc.ncsl.nist.
gov/fips/).
73. National Institute of Standards and Technology. Proc. 3rd AES candidate
conference, April 2000.
74. National Institute of Standards and Technology. Secure Hash Standard
(draft). DRAFT FIPS PUB 180-2, 2001 (. http://csrc.nist.gov/
encryption/shs/dfips-180-2.pdf).
75. Needham R.M. and Schroeder M.D. Using Encryption for Authentication in
Large Networks of Computers // Comm. of the ACM. 1978. 21(12).
. 993999.
76. Preneel B. and Van Oorschot P.C. On the Security of Two MAC Algorithms. ? In: Maurer U. (ed). Advances in Cryptology EUROCRYPT 96.
32.
77. Rivest R.L., Robshaw M.J.B., Sidney R. And Yin Y.L. The RC6 Block
Cipher. ? In: National Institute of Standards and Technology, August 1998
(. http://www.rsasecurity.com/rsalabs/rc6/ http://nist.gov/
aes).
78. Rivest R.L. The MD4 Message Digest Algorithm. ? In: Menezes A.J. and
Vanstone S.A. (ed). Advances in Cryptology CRYPTO 90. Lecture Notes
79. Rivest R.L. The RC5 Encryption Algorithm. ? In: Preneel B. (ed). Fast Software Encryption, Second International Workshop, FSE 94. Lecture Notes
80. Rivest R., Shamir A. and Adleman L. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems // Comm. of the ACM. 1978.
21. . 120126.
81. Rivest R. The MD5 Message-Digest Algorithm. ? RFC 1321, April 1992.
82. Rogaway P., Bellare M., Black J. and Krovetz T. OCB: A Block-Cipher Mode
of Operation for Efficient Authenticated Encryption. ? In: Eighth ACM Conference on Computer and Communications Security (CCS-8). ACM Press,
2001, p. 196205.
415
83. Rogaway P., Bellare M., Black J. and Krovetz T. OCB: A Block-Cipher
Mode of Operation for Efficient Authenticated Encryption, September 2001
(. http://www.cs.ucdavis.edu/~rogaway).
84. RSA Laboratories. PKCS #1 v2.1: RSA Cryptography Standard, January
2001 (. http://www.rsasecurity.com/rsalabs/pkcs).
85. Schneier B., Kelsey J., Whiting D., Wagner D., Hall C., Ferguson N. The
Twofish Encryption Algorithm, A 128-bit Block Cipher. ? Wiley, 1999.
86. Schneier B. Applied Cryptography, Protocols, Algorithms, and Source Code
in C. ? John Wiley & Sons, Inc., 1994 (ISBN 0-471-59756-2).
87. Schneier B. Applied Cryptography, Second Edition, Protocols, Algorithms,
and Source Code in C. ? John Wiley & Sons, Inc., 1996; ISBN 0-471-12845-7.
( . , 2- : , , . ? . : , 2002.)
88. Schneier B. Secrets and Lies, Digital Security in a Networked World. ?
John Wiley & Sons, Inc., 2000. ISBN 0-471-25311-1. ( .
. . ? . : , 2003.)
89. Dr. Seuss. Horton Hears a Who! ? Random House, 1954.
90. Shannon C.E. A Mathematical Theory of Communication // The Bell Systems Technical Journal. 1948. 27. . 370423; 623656 (. http:
//cm.bell-labs.com/cm/ms/what/shannonday/paper.html).
91. Wagner D., Ferguson N. and Schneier B. Cryptanalysis of FROG. ? In:
Proc. 2nd AES candidate conference. National Institute of Standards and
Technology, March 1999, p. 175181.
92. Wagner D. and Schneier B. Analysis of the SSL 3.0 protocol. ? In: Proc. of
the Second USENIX Workshop on Electronic Commerce. USENIX Press,
November 1996, p. 2940 ( . http://www.
counterpane.com).
93. Whiting D., Housley R. and Ferguson N. Counter with CBC-MAC
(CCM), June 2002 (. http://csrc.nist.gov/encryption/modes/
proposedmodes/ccm/ccm.pdf).
94. Wiener M.J. Cryptanalysis of short RSA secret exponents // IEEE Transactions on Information Theory. 1990. 36(3). . 553558.
95. Winternitz R.S. Producing a One-way Hash Function from DES. ? In:
Chaum D. (ed). Advances in Cryptology, Proceedings of Crypto 83. Plenum
Press, 1983, p. 203207.
96. Wu T. The Secure Remote Password Protocol. ? In: Proc. of the 1998 Network and Distributed System Security (NDSS 98) Symposium, March 1998.

A
Access Control List (ACL), 350
Advanced Encryption Standard (AES), 74
ASN.1, 276
MD4, 108
MD5, 108
Message Authentication Code (MAC), 42;
118
B
Boojum, 164
N
National Security Agency (NSA), 109
C
CBC-MAC, 120
Certificate Authority (CA), 47; 337
Certificate Revocation List (CRL), 356
Chinese Remainder Theorem (CRT), 246
Cipher Block Chaining (CBC), 90
D
Data Encryption Standard (DES), 71
Dynamic RAM (DRAM), 163
P
Pseudorandom Number Generator
(PRNG), 172; 179
Public Key Infrastructure (PKI), 47; 337
R
Random Number Generator (RNG), 176
RC6, 82
Registration Authority (RA), 343
RSA, 245
E
Electronic Codebook (ECB), 89
European Committee for Standardization
(CEN), 388
H
HMAC, 122
I
Institute of Electrical and Electronics
Engineers (IEEE), 388
International Organization for
Standardization (ISO), 388
Internet Engineering Task Force (IETF),
388
S
Secure Electronic Transaction (SET), 33
Secure Hash Algorithm (SHA), 109
Serpent, 78
SHA-1, 109
SHA-256, 111
SHA-384, 111
SHA-512, 111
Single Sign-On (SSO), 380
Static RAM (SRAM), 163
T
TagLengthValue (TLV), 276
Twofish, 79
K
Kerberos, 332
Key Distribution Center (KDC), 332
M
MARS, 82
U
UMAC, 125
V
Virtual Private Network (VPN), 339
416
W
Wired Equivalent Privacy (WEP), 402
X
XML, 276
, 166
CBC-MAC, 120
HMAC, 122
RSA, 245
UMAC, 125
, 231
MD5, 108
SHA, 109
AES, 74
DES, 71
MARS, 82
RC6, 82
Serpent, 78
Twofish, 79
, 135
, 53
, 173
, 66
, 53
, 106
, 233
, 52
, 64
, 51

, 51
, 49

, 173; 311
, 283

, 49
, 285
, 82
, 69
, 317
417
, 64
, 42; 140
, 90
, 303

(PRNG), 179
(RNG), 176
, 216
, 28
, 232
, 396
, 88; 258
, 330
, 376
, 371

(PKI), 47; 337
, 246
(MAC),
42; 118
, 52
, 246
, 215
, 363
, 25
, 352
, 309
, 33
, 169
, 236
(),
217
(), 217
418
, 179
, 230
(OFB), 93
, 357
(SSO), 380
, 92
, 356
, 40

, 53
, 395
, 171
, 63
, 279
, 216
, 72
, 231
, 41
, 130; 275
, 29
, 266; 314
SET, 33
SSL, 392
, 180
, 180
,
229
, 282
, 395
, 295
, 62
, 70
, 363
, 331
, 47; 338
, 275
, 24; 58; 168
-
, 276
, 382
, 350
, 356
, 166
(CBC),
90
, 95
-, 173; 313
, 172
, 170
, 247
,
211
, 258
, 245
, 184
, 104
, 106
, 105
, 105
, 166
(),
332
(), 343
(CA), 47
, 48
(), 337
, 340
, 46; 47
, 320
, 209
, 209
, 62
, 65
, 87
, 93
, 39; 141; 259
, 45
419
, 44; 45
, 46
, 45
, 40

(ECB), 89
, 176
..
..
..
.. ,
.. ,
..

101509, . , . , . 43, . 1
. . 090230 23.06.99

19.11.2004. 70x100/16
Times.
. . . 21,9. .-. . 24,8
3000 .

,

197110, .-, ., 15

Фергюсон Н., Шнайер Б. - Практическая Криптография - 2005

Загружено:

Сведения о документе

Описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Описание:

Авторское право:

Доступные форматы

Фергюсон Н., Шнайер Б. - Практическая Криптография - 2005

Загружено:

Описание:

Авторское право:

Доступные форматы

Practical Cryptography

ISBN 5845907330 (.)

c Niels Ferguson and Bruce Schneier, 2003

- (William McGonagall) , : For the stronger we our houses do build/The less

encryption) (secret-key encryption),

(known plaintext attack)

1964 (Potter Stewart)

DES (Data Encryption Standard ) [69], , .

, AES (Advanced Encryption

and Technology NIST) . 15 [71], [73].

DES, FEAL IDEA.

Twofish AES. AES Serpent

(cipher block chaining CBC).

, 2n1 = 2n/2 /2,

, (Leslie Lamport), [21].

(Ron Rivest) [81] 128-

(Secure Hash Algorithm SHA) (National Security

SHA-1 160- , MD4. SHA-1

SHA-256, SHA-384 SHA-512

SHA-256 , SHA-1. SHA-256

MAC MAC 2min(n,k) .

M (a) = M (b), , MAC ,

, : UMAC ? , UMAC [8],

, , : - (Dr. Seuss), [89].

, (side-channel attacks) [48]. ,

. () . , [47]. , , Yarrow [46].

Yarrow. Fortuna 2 . Fortuna , .

, , , . (ab mod p), ab

: (greatest common divisor GCD), , a

RSA (. 12, ), . ( DH) : , p g , g x (modp) x,

RSA. , , CRT- RSA.

, t, : xt mod p , x mod p = 0. xt mod n = 1 x.

assert 2048 k 8192

{1, ..., q-1}

(p, q, g), X: = gx,

(p, q, g), X, AUTHB

(p, q, g), X := gx,

(p, q, g), X, AUTHB

255 log2 q 256

, DH, . (addition chain heuristics)

(Public-Key Infrastructure PKI)

(certificate revocation list CRL) , .

PGP , PKI (web of trust).

21. Diffie W. and Hellman M.E. New Directions in Cryptography // IEEE

32. Ferguson N. and Schneier B. A Cryptographic Evaluation of IPsec, 1999 (.

70. National Institute of Standards and Technology. Secure Hash Standard.

Похожие интересы

Вам также может понравиться