Вы находитесь на странице: 1из 75

..

39 01 01 39 01 02

2002

1
681.327 (075.8)
32.811 7
165

..

165 .
39 01 01
39 01 02 .- .: , 2002.-
72 .: .
ISBN 985 444 279-9


.
,
, ,
.

681.327 (075/8)
32/811 7

.. , 2002
ISBN 985 444 279-9

2

................................................................................................................................... 4
............................................................................................................................................................................ 5
1. ........................................................................................................ 7
1.1. ........................................................................................................................ 7
1.2. ...................................................................................................... 10
..................................................................................................................................... 12
2. ................................................................................................................ 13
2.1. .............................................................................................................. 13
2.1.1. ................................................................................................................................................. 13
2.1.2. ................................................................................................................................... 14
2.1.3. ...................................................................................................................................... 15
2.1.4. .......................................................................................................................... 16
2.1.5. .................................................................................................................. 16
2.1.6. ................................................................................................................ 18
2.1.7. ................................................................................................................................................ 21
2.2. ................................................................................................................................... 22
2.2.1. ..................................................................................................................... 23
2.2.2. 5 .................................................................................................................................................. 24
2.2.3. RC4 ............................................................................................................................................... 27
2.2.4. ................................................................................................ 28
2.3. ..................................................................................................................................... 31
2.3.1. DES ...................................................................................................................................... 31
2.3.2. ............................................................................. 36
2.3.2. - ............................................................................. 38
2.3.3. RIJNDAEL .......................................................................................................................................... 40
................................................................................................................................. 43
3. .............................................................. 45
3.1. RSA ............................................................................................................................................. 47
3.2. .................................................................................................................................. 51
3.3. NP .......................... 54
................................................................................................................................. 57
4. ..................................................................................................................................... 58
4.1. ................................................................. 60
4.2. .................................................................................................. 63
4.3. - ...................................................................................................................... 64
4.4. ...................................................................................................................... 67
4.4. ...................................................................................................................... 68
................................................................................................................................. 68
5. ..................................................................................................................................... 70
5.1. .......................................................................................................................... 70
5.2. .................................................................................. 72
5.3. ............................................................................................................................... 73
................................................................................................................................. 75

4


, : ,
, .

: (
), (
).
,
:
1) ;
2) ;
3)
;
4) ( ) ;
5) ( /
)
.
1. . -
, (),
-
.
.
,
: ,
, - .

. ,
.
,
. ,
,
, ,
.
2. . -
,
. - ,
( ,
, " ", ..)
. ,
, ,
, ,
.

5
3. .
- ,
.
,
. -
,
(), .
4. . ,
,
,
. ,
,
, .. .

() ,
,
, .
:
- (-),
;
- , ;
- ;
- , ;
- .
,

.

6
1.

1.1.
1949 . " "
. -
.
.1
X Y Y X
- - -

K


K
(
,
,
X=?; K=?
).
()


.1

X = (x0,,xn-1).
m K.

Y = (y0, ., yn-1):

Y = EK ( X ). 1)
, ,

X = DK ( Y ). (2)


K = (k0, , km-1).
,
, . .

7

() () .
-
.

,
. ,
.
,
.
:
1) , ;
2) ()
, ;
3) ( ) ,

;
4) ;
5) ,
, ,

,
:
, 1,
.
. ,
,
. :
1) ,
(2),
;
2) ( ,
..) ()

;
3) - ,
,
,
, .

(
) (
).

8
. :

.
H(X)
H(X/Y)- Y,

I(X;Y) = H(X) H(X/Y)

.
:
1. I(X;Y) = 0 n. , X Y
. .

, ,
.
, .
2. 0 < I(X;Y) < H(X) n.
, .
H(K / Y) > 0.
, H(K / Y) > 0 n,
.
, ,
.
3. I (X;Y) = H ( X ) n.
.
.

f(t) = H (K/y1,,yt ),
, t ,
-
tmin, f(t) 0

tmin = min{ t : H(K / Y) 0 }.

U
,
.
" " ,

( ) ,

U = H( K ) / (r log L y ),

r = 1 - H( X ) / (N log L y) ,

9
H( K ) - ; r - N
L. Lx = Ly ,
U= m / r.
0,75 56-
(, DES) 11

.
, W(n),
,
n . lim W ( n )
n
.

W(n).
"
" Wh(n),
n ,
" ".
, Wh()
. W() <<
Wh(),
, Wh().
:
.

,
.
(),

.
1.2.


.
,

( - ),
( ).
, ,
(.2).

10
X Y Y X
- -

.2

,
.

.
,
, PI PS. , .. ,
,
Pd = max(PI , PS). # Y ,
P(Y = y) 0, #X #K
.
, K #X
Y, ,

P (Y = y / K = k) 0.

, Y
#Y ,
(# X / # Y). ,
()

PI ( # X / # Y).

,
, # Y # X, ,
, PI = 0, .
,
( ),
:

Log Pd = - H( Y ) H ( Y / K ) = - I ( Y, K ).

,
Pd
I(Y, K), ..
.

.

11

1. .
2. .
3.
,
.
4. .
5. , .
6. ?

12
2.

. 3.

.3


[4, 5, 6, 11, 15, 16 19 ].

, (-
), .

2.1.

2.1.1.

(0, 1, ... , N - 1)
. ,
i (i), 0 (i) < n,
= ( (0), (1), ... , (N - 1) ).
(0, 1, ... , N - 1) n!. X
X = { x0, x1, ...,
xN-1 }, n :
: X X ;
: xi x (i), 0 i < n .
X (0, 1, 2, .. , n - 1).
T Zm
:

13
T = {T(n): 1 n < };
T(n) : Zm,n Zm,n, 1 n < .
T(n) n Zm,n. T(i) T(j)
i j,
n ( mn )!.
. d.
d
. :
d . , d = 7
7352146,

m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 m11 m12 m13 m14



m7 m3 m5 m2 m1 m4 m6 m14 m10 m12 m9 m8 m11 m13 .

. d1, , dk,
d = ( d1, , dk).

2.1.2.

S Zm Zm,
t (t):
Zm Zm; S: t (t).
Gs(Zm).
K Zm
Zm:
K = ( k0, k1, ..., kn-1, ...), ki Gs( Zm ), 0i<.
, K,
Ek, n
(x0, x1, , xn-1) n
(y0, y1, ... , yn-1):
yi = Ek( xi ), 0 i < n - 1 ,
n (n = 1, 2, ). Ek
, k i, i = 0,1,..., Ek
.

14
2.1.3.


.
0 32, , - , 7,
,
.
. - 32, ,
33, , 0 32.
, 27 ( )
1 ( ), 27+7=34 = 1 mod 33. ,

,
( 7 ), 7 ,
.
,
.
C = { EK: 0 K < M - 1 } Gs(ZM),
M
EK: j( j + K ) mod M, 0 K < M - 1,
.
,
n ( x0, x1 , , xn-1 ) n
( y0, y1, ... , yn-1 )
yi = EK( xi ), 0 i < n - 1.
:

,
, .
-
. ,
( ) n ( ).

15
2.1.4. .


.
,
. { Ki; 0 i < n - 1} -
,
ZM
P{( K0, K1, ..., Kn-1 ) = ( k0, k1, ..., kn-1 )} = ( 1/M )n .

X = ( x0, x1, ..., xn-1)
Y = (y0, y1, ..., yn-1)
yi = EKi( xi ) = ( ki + xi ) mod M , i = 0, ... , n - 1. (1)

.
( K0, K1, ..., Kn-1 )
Mn .
. _ ....,
, 33 (..
34).
_. :

_ 25 9 21 17 33 2 5 17 14 0 13 0 33 22 22 22 22

_ 1 5 18 11 15 14 5 24 14 0 32 33 12 5 14 19 0
26 14 5 28 14 16 10 7 28 0 11 33 11 27 2 7 22

.

.
,
.

2.1.5.

( )
K = (k0 ,k1 ,...,kn-1),
, r .
( ), (r - 1)n
Kr = (k0 ,k1 ,...,kn-1), ;kj, kj = k(j mod n) , 0 j < (r - 1)n .

16
, n = 7, r = , 15 8 2 10 11 4 18
:
15 8 2 10 11 4 18 15 8 2 10 11 4 18 15 8 2 10 11 4 18 ...

SV, k
SV, k : ( x0, x1, ..., xm-1 ) ( y0, y1, ..., ym-1 ) =

= ( x0 + ko, x1 + k1, ... , xj + kj (mod n), , xm 1 + km-1(mod n) ) mod M ,

:
1) X r = m/n
Xi = ( xi , xi+1 , ..., xi+(n-1) ), i = 0, n, 2n, , (r 1)n ,

m/n - m n ;
2) i- Xi
EK : (xi , xi+1 , ..., xi+(n-1) ) ( yi , yi+r , ..., yi+r (n-1) ) =

= ( xi + ki mod n, . xi+1 + k(i+1) mod n, , xj + kj mod n , , xi+(n-1) + k[i+(n-1)] mod n ) mod M.



, kj -
. .
, ,
.
, -
,
.
. (r = 4).
: _ .
: 19, 0, 1, 12, 9, 23, 0. 33 , 2, 9, 7, 9,
14, 5, 17, 0.
: .
: 15, 17, 5, 12.
4 :
19, 0, 1, 12, 9, 23, 0, 33, 2, 9, 7, 9, 14, 5, 17, 0.
( ):
+ = = 19 + 15 = 34 0 mod 34; + = = 0 + 17 17 mod 34 ..
:
.
, ,
,
.
-
, , ,

17
.
-
,
.
.
,
m
= n.


.
, .

,
.

2.1.6.

,
Z/NZ
a P + b mod N, (3)

a b - , ,
.
PAYMENQW, 26 -
(N = 26). a = 7, b = 12.
: (15 0 24 12 4 13 14 22),
( 3 ) (13 12 24 18 14
25 6 10) (N M Y S O Z G K).
,

P a` C + b` mod N,

a` - a mod N b` = - a -1 b.
, (a, N) = 1, .. a N
.
P ,
, .

,
N - . ,
.

18
, N = 26 ( )
K,
D. ,
e,
T. P C
, :
10 a` + b` = 4 mod 26 ;
2 a` + b` = 19 mod 26.
,
7 a`= 11 mod 26 ;
a` =7-1 11 mod 26.
b`= 4 - 10 a` mod 26.

P = 9 C +18 mod 26.


,

. ,

.

. ,
(), .
, , ,
.
D.

D = X N + Y,

X ; Y
.
. NO 13 26 + 14 =
352.

C = a P + b mod N 2. (4)

, 26 -

C = 159 P + 580 mod 676,

ON D = 14 26 + 13 =377

19
159 377 + 580 mod 262 359.

N a, b,

P` = a` C + b` mod N 2,
a`= a-1 mod N 2 b` = -a-1 b mod N 2.
X` Y`

P` D = X`N + Y`,
X` = D/N , Y` = ((D))N,

((D))N - D N.

( )
. , 26 -
,
TH HE.
( ) .
. 27 -
, 27- .
(0 - 728)
(27 X +Y). ,
ZA, IA, IW.
, 27-
E , S
, T. ,
.
NDXBHO.
.
= a P + b mod 729;
P = a` C + b` mod 729,
(a, b) - , (a`, b`)- .
,
:
675 a` + b` = 134 mod 729;
216 a` + b` = 512 mod 729;
238 a` + b` = 721 mod 729.
, :
459 a` = 351 mod 729;
437 a` = 142 mod 729.
(27 ).
,
,

20
a` = 437-1 142 mod 729362 142 mod 729374;
b` = 134 675 374 = 647 mod 729.

, ND = 354 365; XB = 622 724; HO = 203 24.

365 = 13 27 + 14;
724 = 26 27 + 22;
24 = 0 27 + 24.
, NOWAY.

= a`-1= 374 1= 614 mod 729;
b=-a-1b`= -614 647 mod 729 = 47 mod 729.

2.1.7.


.
,
, .


(,
2).

.

,
. ,
. ,

,
. .
,
-.
, ,
.
, ,
(
).
,

X = x0, ... , xN - 1,

21

g = g0, , gN - 1,

Y = y0, , yN-1 ; yi = xi gi,


2.

U= n = H(K) .
,
, n .
,
,
L .

.

2.2.


.
X Y, g -
, Z -
, K - . xi, yi, gi, zi
, ,
i. k K
PK, .

zi+1 = F( ki, zi, xi ) ;

yi = f( ki, zi, xi ) ,

F- ; f- .
{ gi = f( ki, zi ); i 1 } .
yi = xi + F( ki, zi ),
.

:
;

22
,
, ,
;
,
;
() ,

;
;

.
.

2.2.1.


.

zi+1 = F( ki, zi );

gi = f( ki, zi ).

z0 k
.
k .
kn n , l (n - l)
.
(n, l(n))- , l
n,
n.

.
.
, (
)
zi+1 = F( zi );

gi = f( ki, zi ).

F

.

23
( ).
f
zi+1 = F( ki, zi );

gi = f( zi ).

f 1 (,
).
, .
.

. ,
. , ,
, ,
,
,
.

2.2.2. 5

5,
GSM.
. 4. ,
.

() ri= (i = 1,2,3)
ri
f i ( z ) = f i ,l z l .
l =0
5 r1 = 19, r2 = 22, r3 = 23.
s1,1 (t )
c1(t+1)
1
s 1, (t )
/ 1


c1(t+1) s2,1(t ) y(t)
1
s 2, 2 (t )
c1(t+1)
s3,1(t )
1
s 3, 3 (t )

. 4

24

ri
xi (t ) = f i ,l xi (t l ) , t ri ,
l =1

xi = { xi(t) ; t = 0, , }
r 1
( 2 ri 1) Si (0) = {xi (t )} ti= 0 .
Si (t ) = {si, j (t ); j = 1, ... , ri } i
t > 0. i
, .
5 1 = 10, 2 = 11, 3 = 12.
()

C (t ) = g ( s1, 1 (t 1), s2, 2 (t 1), s3, 3 (t 1) ) = { c1(t), c2(t), c3(t) },


g - 4- ,
g(s1, s2, s3) = { i, j }, si = sj sk i < j k i, j;

g( s1, s2, s3 ) = { 1, 2, 3 }, s1 = s2 = s3.


ci( t ) = 1,

( ). ci( t ) = 0,
( ). , ,
.

y( t ) = s1,1(t) + s2,1(t) + s3,1(t), mod 2; t 1.


100 ( y( t ); t = 1, , 100 ) ,
114
, 100 , 114

. ,
.

. - 22-
, , ,
. 64
(
1 ), 22-

,
. , p = (p( t); t = -210)
, t, 21 0,

25
"/", p( t )
. 22

.
GSM A5
,
.
(
"" ). , 64-
,
"" (master) , ,
, 128- ,
. ,

.
[28].
1. .

240 :
,

( "
").
2. . A5 -
,
" - ".
" "

, 240.
3. "-". " - "
" ".

. , ( T M ) >263 , T
M ( 128-
). O( M ),
,
, T/102. ,
T >> 227 M >> 235.

" ",

.
4. A5.
,
. , 40%

26
A5 ,
, (223- 1) 4/3 .

2.2.3. RC4

RC4 - ,
1987 . RSA Data Security,
.
(.
5). i j,
, (S-, 8 8), S0, S1, . .
., S255 [ 31 ].
0 255, .
RC4 t
St= { St( l) ; l = 12n-1} ( 2n n- )
n- it jt, n = 8.
M = n 2n+ 2 n .
n- t Yt,
i0 = j0 = 0.
RC4 t 1 :
it = it-1+1; jt = jt-1 +St-1( it ) ;
St( it ) = St-1( jt ), St( jt ) = St-1( it ) ;
Yt= St( St( it ) + St( it ) ),
2n
S

CT
8
8

8
St
Q1

8
SQ1

c
8
CT
8
Q2

SQ2

. 5
S0 K
= (Ki; i = 02n-1)

27
, ( l; l=02n-1 ).
S : S0 = 0, S1 = 1, , S255 = 255.
K. j = 0. :

for i = 0 to 256;
J = (j + Si + Ki) mod 256;
swap Si and Sj .

K
, .
, RC4, -
, . ,
, , M (
),
" " [29].
,
, ().
- ,
, 1/2.
,

,

(1+ )/2.
.
{ zt : t = 1,, }
RC4
z ' = ( z 't = zt + zt +1; t = 1,..., ); z' ' = (z' ' t = zt + zt + 2 ; t = 1,..., ) ,
.
, z ' 1 0, z ' '
.

, O( -2)
64n/225. , n = 8, (240 1012).

2.2.4.



[4, 25].
Ek X:
Y = Ek{ X }.

28
,

X = Ek-1{ Y },
E-1 E .

.
2,
, m- X
,
Y m- Y. m-
Y m-
X ,
Y.
, m- Y

ym = [ xm + f( ym-, ym-+1, , ym-1 )] mod 2,

f( ym-, ym-+1, , ym-1 ) - , 0 1


(ym-, ym-+1, , ym-1)
Y, m- X

xm = [ ym + f( ym-, ym-+1, , ym-1 ) ] mod 2=


= { [ xm + f( ym-, ym-+1, , ym-1 ) ] + f( ym-, ym-+1, , ym-1 ) ] } mod 2.

m +1. ,
m < +1
xi, yi R,
. Y

y1 = [ x1 + f( r1, r2, , r ) ] mod 2,

y2 = [ x2 + f( r2, r3, , y1 ) ] mod 2,

y = [ x + f( r, y1, , y-1 ) ] mod 2.


f(r1, r2, , r ), f( r2, r3, , y1 ) f(r, y1, , y-1)

29
.
,
(RG) , . 6 , 7 .

Y
f(z)
X Mod2 RG

Y RG Mod2 X
f(z)


. 6 . 7

Y

(+1).
f(z) Y.
, , , ,

,
. , f(z)
0 1,
, P1
f(z) (, ,
)

P1 = 2-q, q = 2.

, = 4, P1 = 2-16, = 10 P1 = 2-1024.
2q
[ 25 ].

2q
2,31016

1,21023

2,71034

1,31051

30
,
, 2q = (1,3
1051). , q=169,8, =7,41.
, =8.

2.3.

2.3.1. DES

. 8 10 [15].
DES
, ,
.
64 .
, S P
. P
. S-
.
:
S ,
, , .
56- ,
16 () 48 - Ki
, .
DES . 64-
(IP) 32
. L R.
16 i:

i Li = Ri-1; Ri = Li-1 f(Ri-1, Ki),

Ki - 48- i- .
(IP-1).
DES
f(Ri-1, Ki). f : 32- R 48-
Ki. :
1) R 48- E(R)
;
2) ,
E(R)
Ki 6-
B1,,B8;

31

. 8. DES

32
Rj K-
32

48

48

32 P

. 9. f

33


PS1


LS LS



PS 2


LS LS



PS 2

f 16

. 10.

34
3) 8 64 S
{Bi}, Si 6- Bi 4- i;
4) P.
:
1) 64- K 8 , (8, 16, ,
64), , 56-
PS-1, C
D;
2) 16 LS i
i= LSi ( Ci-1 ) ; Di = LS i( Di-1 ),
LS i - 1 i = 1, 2, 9, 16 2
;
3)
PS 48- .
.
.
32- V
T:
i = Vi T, Vi-1 = Vi , T-1 = T.

[ 6 ]:

D = E-1((IP)-1TV16 TV15 TV14 TV1 (IP))-1=


=(IP)-1 V1 T V2 T V16 T (IP).

,
.
DES
. 56 , ,
256. .

EK( EK ( X ) ) = X ,

, X
.
,

EK1( EK2 ( X )) = X.

DES 4 6 .
4 232
.

35
.

.

2.3.2.


: ECB ; CBC
; CFB - ;
OFB - [4, 34].
ECB, CFB, OFB.
CFB CBC,
.
ECB EK

K. 28147- 89 [ 16 ] ECB
.
,
, /
.
CBC .
Ci ,
{Xi}. -

. CBC . 11, C0 .


X1 Xm C1 Cm

C0 C0 EK EK

EK EK
X1 Xm
C1 Cm

. 11

. .
CFB . 12 .

36
C0

tj n
tj n r EK
r RG C0
X1 EK R C0 r
r r

r Cj Xj
. 12
:
(r)
C j = EK (t j - 1 ) X j ;
t j = (2 r t j -1 + C j ) mod 2 n ;
(r)
X j = C j EK (t j - 1 ) ,
(r)
r (1 r n); E K (t j -1 ) - r
n ; n
(RG); 0 () .
28147-89
.
n/r - .
n / r .
OFB . 13.

r gj r gj
EK EK
Cj
n tj n tj

R X1
R

C0 C0
Xj
.13
,
CFB, {
g j},
EK, (RG)
(). OFB
, CFB, , ,
OFB.

:
1) (PBC);
2) (PFB);

37
3) ;
4) (OFBNLF);
5) .

2.3.2. -

.
() 1990 .
,

r . ,
X r

Y = FK r ...FK1 ( X ) .
Ki.
, .
r-
(r - 1)- , .
i- [a , b(i)] ,
X, X* c (X = X X* = a)
i- Y, Y*,
Y(i) = b(i).
, ,

i-

P(Y(i) = b(i) | X = a ) .
r -
:
1. ( r - 1)- [a (1), b(r-1)]
c p > 1/(N - 1)
2. X X*
, X X* a(1). X X*
, r , Y(r) ,
Y*(r). , (r-1)-
: Y(r-1) = b(1). (Y(r-1), Y(r) , Y*(r))
Kr.
3. .
4. . 2 - 3 ,
Kr .
Kr
Kr.

38
5. . 1 - 4 ,
Y(r-1)
Kr . ,
.
, ,
. ,
:
.
DES FEAL .
r-
,

(Y, Y*, X), (r-1)- [a, b(r-1)] ,

P(Y(r-1) = b | X = a >> 2-n ,
n- .

V 2/(P 1/(N-1)),
[ 4 ].
,
(,
, , ..),
.

. ,
M X = (x0, , xn-1 )
Y = (y0, , yn-1)..
,
{xi; i = 0, , n - 1}
.
,
K = (K0, , KL)
n -1 n -1 L -1
( X,Y ) = ai xi bi yi = c j K j ,
i =0 i =0 j =0
a = { ai }, b = { bi }, c = { cj } .
0,5

P( (X,Y) ) = 0,5 + .
,
.

, 2

39
2
.

(a, b, c)
max (a, b, c). , L
. , X(l) Y(l)
{ l }
, l = 1, , M.

1, l 0,5
dl =
0, l 0,5
L
L 1
c j,l K j = dl , l = 1, L .
j =0

.
DES 247
.

DES, [4].



243(85%) - -
38
2 (10%) 243 - 250

255 247 247 - 255

2.3.3. RIJNDAEL

DES .
2000
.
[23, 34]:
;
;

(128 );

, ..

40
RIJNDAEL,
, .
,
.
, ,
.
, ,

.
. 14. : X -
; Y - ; Ki - ; NLT NLT*-
; r-
(10,12 14).

X Y

NLT NLT NLT*

K1 K2 Kr Kr+1

. 14

(4 n), n = 4, 6, 8
.
,
:
-
,

S( X ) = (x7 + x6 + x2 + x) + X-1 (( x7 + x6 + x5 + x4 + 1) mod (x + 1).


GF(28).
.
,
( S(X) = X ) ( S( X ) = -X ).
:
, 1 ,
2 3
n = 4 6 3 4 n = 8.

- 44

41
02 03 01 01
01 02 03 01
M = .
01 01 02 03
03 01 01 02


GF(28) .. 7,
2.

2,
(x8 + x4 + x3 + x + 1).
M.
,
.
.

:
GF(2);
;
8- .

,
GF(28),
(x 4 + 1 ).

c(x) = 03 x3 + 01 x 2 + 01 x + 02.
RIJNDAEL
, .
,
.
. ,
S
RRot(X)
S-1(RRot( X )) = RRot(S-1( X )).
,

2 :
M-1 ( X Kr ) = ( M-1 X ) ( M-1 Kr ).
,
:
1) ,
;
2) ,
, ;

42
3)
, , :
0E 0B 0D 09
09 0E 0B 0D
M = ;
0D 09 0E 0B

0B 0D 09 0E
4) , , ,
, ,
M-1.

128/192 256 .
4- ,

.
, , -
, ,
, GF(28), , , -
:
-
(
);
(
).

1.
.
2.
?. : .
3. ,
ZRIXXYVBMNPO.
, ,
A-Z,_ 0 26. PK RZ
,
E _ S _ .
4. ISO 10116
DES
.
DES.
5. ? ,
DES.
6. RIJNDAEL,
DES?

43
44
3.

,
.
, . ,

, ,
.

: .



. 15.

. 15

1976 . .
U Eu
Du ( ).
x
.
1. Du(Eu(x)) = x x
U. U Eu
. Du
U. A x
B, EB B

= EB(x),

B.
B

DB() = DB(EB(x)) = x.

45
2. EU DU
.
3. Du Eu
, Du (Eu(x)) = x x.

.
f, ,
f-1 .
:
1. p. p , Zp*,

f : Zp* Zp*, f(x) = x mod p;

2. RSA - . p q - , n = pq e
, (e, (p - 1)(q - 1)) = 1,

f : Zn Zn, f(x) = x e mod n;

3. . n = pq, p q ,
3 mod 4,

f : Qn Qn , f(x) = x2 mod n.


. ,
(PIN) xu.
() y = f(xu),
U. U
, xu. f(xu)
f(xu) = yu. ,
. .
, .
4. Eu(Du(x)) = x u x.
A m B,
,

c = DA(x).
B x c EA:
EA(c) = EA(DA(x)) = x.

5. D A Eu,
Eu ( Du ( x)) = x x.

46
A ,
. ,
x , A
(x, DA(x)).

3.1. RSA

1978 ,
, RSA - .
.
. a n - .
(a,n) = 1 a ( n) 1 mod n ,
(a, n) a n; (n ) -
:
(n) = {1 i n|(i,n) = 1} = n (1- 1 p) ,
p|n
n
0, 1, , n 1, n.
a,
a ( n) +1 a mod n .

RSA.
n

n = p1 1 p 2 2 ,..., p k k ,

1 1 1
(n) = n(1 - )(1 )...(1 ) = (p1 1 p1 1 1 )( p2 2 p2 2 1 )...( pk k pk k 1 ).
p1 p2 pk

RSA. U pu
qu, nu = pu qu..

(nu ) = (pu 1 )(qu 1 ) .

U e, 1 < eu < (nu) ,


(eu, (nu)) = 1. U
(2log 2 (nu)) du,

eu d u 1 mod (nu ), 1 < d u < (nu ) .

U eu nu , du
. pu qu .

47
. A x
B (0 < x < nB), A eB
:
c x e B mod n B .
. B x
c,
D c d B x e B d B x1+ l ( n B ) x mod nB , l ,
(x, nB)=1.

1. p = 211, q = 223, n = p q = 47053, (n) = (p-1)(q-1) = 46620,


e = 16813, d = 19837.
RSA.
: R = 18, S = 19, A = 1.
:
x =((132) + 19)32 + 18 = 1650.

c x e mod n = 165016813 mod 47053 = 3071.
:

D c d mod n = 307119837 mod 47053 = 1650.

2. , N -
k l, k < l, N k N l -
200 - .
N = 26 , k = 3, l = 4. YES.
:
) N k < nA <N l.
pA=281, qA= 167, nA= pAqA = 281167 =46927;
) , eA
= 39423, (eA, pA- 1) = (eA, qA - 1) = 1;
) d A = e A1 mod( p A 1)( q A 1) = 26767 ;
) pA, qA, dA .

(nA, eA) =(46927, 39423).
:

2426 2 +426 + 18 = 16346.

RSA

1634639423 mod 46927,


21166.

48
(nA, dA) = (46927, 26767),

2116626767 mod 46927 = 16346 = YES.



1634639423 mod 46927.
,
O(t3), t .
RSA
eu , nu U
du
eu du 1 mod (nu)
A B 0< x < nB
c x e B mod n B
A
d e d
D C B x B B
B x
1 + l(nB )
x mod n , (l-).
B

RSA. : n = p q,
e , (e, (p-1)(q-1)) = 1, c. m ,
xm = mod n. e -
n, ,
f : ZnZn f(m) = x e mod n
.
RSA.
RSA , n (pq),
(n)
n. , RSA, ..
d,
a ed a mod n
a n. , (e d - 1)
(p - 1), (q - 1).
, n (
) x, a x 1 mod n
a , n. , x
, , , x
x/2. ,
a x 2 1 mod n , , 50% a (Z/nZ).
,
{ai } , a x 2 1 mod n ,

49
, a n
. :
a) x/2 (p-1) (q-1) (
, p), .
a x 2 1 mod p , 50%
q (-1);
) x/2 (p-1) (q-1).
a x 2 1mod p q ( , n) 25%
; a x 2 1mod p q 25%
50% a .
. ,
, .
w : ` = xe mod n.
x`=(`)d mod n = d(we)d = wx mod n. (
w-1) w = x`w-1 mod n.
.
= x e mod n,
K
K- , , c e = c mod n . RSA
, K .
K 1
ce = x mod n . ,
2 3
c e mod n , c e mod n , c e mod n .., ,
K K 1
ce mod n = C c e = x mod n .
.

, h = (c e c, n) > 1 . c e = c mod p c e c mod q ,

= p. , c e = c mod q c e c mod p , = q.
n -
d, x.
. RSA ,
x e = x mod n (, x = 0, x = 1, x = n - 1).
[1 + (e - 1, p - 1)][1 + (e - 1, q-1)].
(e - 1), (p - 1), (q - 1) ,
.
RSA
. :
Y
mod n di = ei mod (n)
mod n d = 1/e mod (n).
e1, e2, . . . , el -
, ei . RSA- n =

50
=p q n , ei (n)
S, Zn.
:
: n; S, Zn;
e1, , el . -
k , 1 k l d i = e-i1 mod n , i =.1, , l.
1. z0 = S ek mod n ,
-1
2. i = 1, 2, ... l zi = z 0e i mod n .
: zi , i = 1, 2, ... , l.
, n-
, .
RSA. RSA-
,
. , RSA
, .
RSA ,
. ,
. ,
, n 2m+k, Zi
1 k/n 0 2m.

3.2.

RSA
. RSA
.
-.
, (
) .
, - , - .
.
I. :
1) , p
Zp mod p;
2) , 1 p-2 mod p;
3) (p, , ), - .
II. . x
:
- (p,

, );
- x{0,1,,p-1};
- k, 1 k p-2;
- = k mod p = x ()k mod p;

51
- y = (, ) .
III. . :
- -1- mod p ( p-1- = - = -k);
- x, (-) mod p.
. ,

- =-k x k = x mod p.

. p = 2357
= 2 Z2357*. = 1751
mod p = 21751 mod 2357 = 1185.
(p = 2357, = 2, = 1185),
= 1751.
. x = 2035.
k = 1520 = 21520 mod 2357 = 1430 =
203511851520 mod 2357 = 697.
= 1430 = 697.
. p-1- = 1430 605 mod 2357 = 872
x = 872 697 mod 2357 = 2035.


.

.
:
.
:
- Zp mod p, p- ;
- F2*m F2 m 2;
- () ;
- Fq* Fq , q = pm, p
;
- Zn*, n ;
- , ;
- .

F2 m .
. F2 4 ,
F2 4
f(z) = z4 +
z + 1. (a3z3 + a2z2 + a1z + z0) (a3,

52
a2, a1 ,a0). G n = 15 =
0010.
= 7 = 7 =(1011).
( = 0010 = 1011)
f(z), .
. x = 1100.
k = 11 : = 11 = 1110, ()11 = 0100 =
x ()11 = 0101. ( = 1110, = 0101).
. =0100 ()-1 = 1101,
x = - =1100.

,
, k mod p
()k mod p k. ,
.
, k ,
. k
x1, x2 (1, 1) (2, 2). ,
x1 , x2
1 x
= 1.
2 x2

. a = b mod p, p ,
. - ,
.
. ,


1+ a a 3 a5
ln = 2( a + + + ...), a < 1
1 a 3 5

logc a = ln a .
ln c
.
.
1 2
{ exp( c(ln p ) 3 (ln ln p ) 3 ) }
. ,
{ exp( ln p lnlnp }.

53
3.3.
NP


,
: x
f(x), , y = f(x), x.

: 1) ; 2)
; 3) NP ,
.
. ,
NP- ,

. :
a = (a1, a2,,an), , ,
. ,
S, a, S,
, .
.
k
, k ?.

. V
N . i- i=
=1,,N Vi ci.
, ,
,
V.
a n -
m = (m1, m2, , mn).
S = am. m ,
. n
.
, am = S,
, .. a
. , ,
, . , 1984 .
40
100 1 .

..

.

54
. (b1, b2,,bn)
,
i-1
bi > b j
j=1
i, 2 i n .


: (b1, b2,,bn), S,
{bi}.
: (x1, x2, , xn); x{0,1}, ,
n
xi bi = S .
i =1
:
1) i n;
2) i 1, ;
- s bi, xi 1 s s - bi, xi 0;
- i i 1;
3) (x1, x2, , xn).

:
1) n ;
2) 3-7;
3) (b1, b2,,bn)
M, , M > b1+ b2 + + bn;
4) W, 1 W M-1 , , (W,M)=1;
5) ( ) (1,2,, n);
6)
ai = W b(i) mod M , i = 1,2,, n;
7) (a1, a2, , an) ;
8) (, M,W, (b1, b2,,bn)) .


B m A:
1) B (a1, a2, , an) ;
2) m mi {0,1}
n , m = (m1, m2,, mn);
3) c = m1 a1 + m2 a2 + + mn an;
4) A.

A:
1) d = W-1 c (mod M);

55
2) ,
(r1, r2, , rn ), ri {0,1},

d = r1b1 + r2b2 + + rn bn;

3)
mi = r ( i ) , i = 1, 2,, n.
.

n n
d W -1 c W -1 mi ai mi b ( i ) mod M ,
i =1 i =1
, ,
(i)
m.

. n = 6, A

(12, 17, 33, 74, 157, 316 ) ;
M = 737;
W = 635;

(1) = 3; (2) = 6 ; (3) = 1; (4) = 2; (5) = 5; (6) = 4.

ai = W b(i )( 319, 196, 250, 477, 209, 559).

(, M, W, ( 12, 17, 33, 74, 157, 316)).

. , m = 101101,
B

c = 319 + 250 + 477 + 559 = 1605

A.
.

d = W-1 c ( mod M) = 136

136 = 12 r1 + 17 r2 + 33 r3 + 74 r4 + 154 r5 + 316 r6.

56

136 = 12 + 17 + 33 + 74.


r1 = 1, r2 = 1, r3 = 1, r4 = 1, r5 = 0, r6 = 0 .
( i )

m1 = r3 = 1; m2 = r6 = 0; m3 = r1 = 1; m4 = r2 = 1; m5 = r5 = 0; m6 = r4 = 1.


.
,
.

1. HELLO RSA,
(n = 2047, e = 179). .
?
2. RSA
?
3. (n) = 21280. e = d -1 mod (n).
n.
4. ?
5. ,
{ui} c ui+1 2ui i .
6.
. 32 , 26
_, 27 ?, 28 !, 29 , , 30 , 31 $.
: 152472, 116116, 68546, 165420, 168261.
(24038, 29756, 34172, 34286, 38334, 1824, 18255, 19723, 143, 17146, 35366,
11204, 32395, 6479), b = 30966, m = 47107.
.

57
4.

50-
. -
()
.
,

.
, .

,
, .
, .
, .
,
.
, ,
, ,
.


().
. 17, 18.

. 17

, - .
:
.

58


=?

. 18
(, S,
V), - ,
K1 - (
), 2- ;
S - ,
s x, ;
V -
. V(K1, x, s) = 1, s x .
V(K1, x, s) = 0, .
.
, .
, .
.
,
-, .
-
.
.
, .. ,
. ,
,
, .
,
, ..
.

, n,
K1. S
( n)
.

59
,
( ).
, (x, s),
.
J.

, P(n)

Pr(J (x, s)) < 1 / P( n ).

.

4.1.

. ,
h{x} - (-) x.
. ( A)


Ee B , n B (h{x}, Ed A , n A (h{x}) .

Ed B , n B
Ed B , n B ( Ee B , n B (h{x}, Ed A , n A (h{x})) = h{x}, Ed A , n A (h{x} ,
Ee A , n A
h{x} = E e A , n A (h{x}, Ed A , n A (h{x}) = E e A , n A ( Ed A , n A (h{x})) .
, h{x}
h{x} . h{x} = h{x} ,
.

:
- , ,
;
- ,
, .
,
.

.
.
,

60
.
.
, nA = 83877499 = 62894113, eA = 5; dA = =37726937; nB
= 55465219, eB = 5, dB = 44360237; nA > nB. , x = =1368797.

s = x d A mod n A = 136879737726937 mod 62894113 = 59847900 ;
c = s eB mod n B = 598479005 mod 55465219 = 38842235 .
:
s = c d B mod n B = 3884223544360237 mod 55465219 = 4382681 ;

x = se A mod n A = 43826815 mod 62894113 = 54383568 , x x.


, s nB.

,
.
,
.
.
.
A x B :
- U Eu;
- - Du;
- RSA;
- A B x DA(x) = ;
- B EA() = x.
x ,
:
-
;
- EB( DA( x ) ) =
A x ;
- DB(EA()) = x B
.


. p= 7027, q
= = 6997 n = p q = 55465219,
=79266996= = 55450296. e =5
e d = 5d 1 mod 55450296.
d = 44360237.
(n = 55465219, e =5);
d = 44360237.

61
s. x = 31229978.

s = xd mod n = 3122997844360237 mod 55465219 = 30729435,
.
. ,
:
x = se mod n = 307294355 mod 55465219 = 31229978.

.
.

- h:{0,1}Zp, p .
(
):
1) p
Zp*;
2) , 1 p-2;
3) = mod n;
4) (p, , ).
. :
1) k, 1 k p - 2, (k, p-1) = 1;
2) r = k mod p.;
3) k 1 mod(p - 1) (,
);
4) s = k -1 [h( x ) - r] mod (p - 1);
5) (r, s), x.
. :
1) (p, , );
2) 1 r p - 1;
, ;
3) v1 = r r s mod p;
4) - h( x ) v2 = h(x) mod p;
5) , v1 = v2.
.
, s = k -1[ h( x ) - r ] mod (p-1).
k ks = [h(x) - r] mod (p-1).
(k s + r) = h(x) mod (p-1),
h(x) = s + r = [( )r rs] mod p. , v1=v2.

. p = 2357 = 2, Z2357*.
= 1751 = mod p = 21751 mod 2357 = 1185.
(p = 2357, =2, = 1185).

62
, -
h(x) =x = 1463. k = 1529 r = k mod p =
=21529 mod 2357 = 1490 [k - 1 mod( p-1 )] = 245.
s = 245[1463 17511490] mod 2357 = 1777.
x = 1463 ( r = 1490, s = 1777).
, v1 = 1185149014901777 mod
2357=1072, h( x ) = 1463 v2 = 21463 mod 2357 = 1072. ,
v1 = v2.

4.2.

,
.
( ) .
- ,
, .
,
. , ,
, . ,
, (),
. (
)
(), : , ,
.

, .
. E K = {E K i ; K i K} -
f

{1, ..., n}.
, = 3 n = 9. x - , f
f ( x ) = {2, 5, 7}.
,
A KB K
.

:
1) f ( x );
2) u = EK{ f( x ); KA};
3) IA
;
4) u = E-1 K{ f( x ); KA};

63
5) s, s = EK{ u IA; KT}
KT (u IA )
.
:
1) v = EK{s ; KB};
2) v IB ;
3) E-1 K{v; KB} = s;
4) E-1 K{s; KT}= u IA;
5) w = EK{u IA; KB} w ;
6) E-1 K{w; KB}= u IA;
7) u` = f (x) x;
8) ,
u` = u.
,
.

4.3. -



- h(x).
.
,
,
.
-
: () (
)
. - ,
, x x -
h(x) = h(x).
-
:
1) , ,
:
- ;
2) ,
-,
.
, :
- , ,
x', -
h(x) = y, y - ;

64
-
x, - h(x)= = h(x),
x x;
- -
( ), -
.
-
.
-
.
, g(x) = x2 mod n
p q, n = pq, (
) n .
, , n.
(
x x ) , ,
-.

(, DES) : f(x) = Ek(x) x,
k. ,
,
y x ( k), [Ek(x) x] = y.
x Ek(x) [Ek(x) x]
y
.
[E-1(x y)]=x.
-

.

- hk, k
:
- ;
- ,
;
- , -
, x
x
(x, hk(x)),
(xi, hk( xi )), xi x.
- , , ,

Hi = h(Hi-1, xi), i = 0,1,,

65
H0- , h , xi -
. x
() n .
,
- . 19 22.
, - -
, -,
.

:
, 0,5
, ? ,
19 .
-, 128 .
- MD2, MD4, MD5 SHA.
MD 1989-, 90- 91-
. 128- .

MD2 :
- , 128 ;
- 16- (
);
- ;
- .
-
MD4 :
- , 448 512;
- 512 ;
- 512- .
-
MD5 ,
.

66
Hi-1
xi
xi Hi-1
g Ek g Ek

Hi Hi

. 19 . 20
xi
Hi-1
g Ek

Hi

X1
X2 X3 Xt

H1 H2 H3 Ht-1

k
E E E E
k k k
E-1

k
E
k k

. 21

67
4.4.


.
,
, .
, , .

,
.

(MDC , , MIC-
, ) (MAC) [4].
-
.
, MAC-


.

<P1, P2, P3> ,
, .

P1- ,
;
P2 ;
P3- .
.
,
,
,
- , .
(
)
,
,
, .

1. ,
,
?

68
2. ,

?
3. ()
-,
.
4. RSA
DATA.
5.
DATA.
6. , .5, 6.
7. ,
?
8. MDC MAC?
9. -
?
10. - 128 ?

69
5.

:
, , .
.
.
.
,
.


.
, , , , ,
, , ,
.
.
, ,
.
, ( ),
.

.
, ,
.

5.1.

-
. ,
.

:
1. .

.
,
.
( ,
)
. ,
, ,
.

70
2.
. ,
.
.
:
1. .
. ,
. D T
. (D,T) ,
t,
T t / 2.
:

D T

A,B,D,T,()
. D T
, ,
.

.

,

.
.
.
.
2. . ,
,
, ,
.
:

, , N .
,
N (A, B)
N + n, n > 0,
(N + n) . ,

71
,
.
, , - .

,
.
3. -.
.
: () ,
NB NB.
:

NB

, ,
NB, . , NB,
. NB
.

-
, NB .
,

.
,
.

5.2.


.
-,
.
.
,
, p (p - ,
). -
.
y = ,, 1 < < p-1, - GF(p), =
logy GF(p). , y. y
. p ,
,
L(p) = exp { (ln p ln ln p)0.5 }.

72
-.
x1, 1,..., p - 1.
,
y1 = mod p .
, y2,
.
k12 = mod p.
k12, y2
. . ,
k12,
. RSA
.
. p = 7, = 3.
= 3, B = 4. y1= mod p = 33 mod7 = 6,
y2= mod p = =34 mod 7 = 4.
: y2
= 3, k12=y2 =43 mod 7 = 1;
y1 - k21=y1 mod p = =64 mod 7 = 1.
, 1.
, k12,
y1 y2.
-
.
. , 1000-
2000 , (
) 1030 .
, -
RSA
. ,
,
. ,
,
, .
( ).

5.3.


.


.

73
(P,V,S)
: P () V ().
P V, S .
V , P,
S ( V ). P
, V , S ,
.
P V :
- S , P
V ;
- S , P
V , S .
(P,V,S) , V
. ,
:
V
S
, S .
,
.
, ,
n = (p q), p q .
( )
, ,
mod n (.. 2 = mod n -1 mod n
). .
= 1 mod n
.
:

1) r < n = r 2 mod n,
;
2) b;
3) 0, r.
1, y = r mod n;
4) 0, , = r2 mod n,
,
. 1, ,
= y2 mod n,
,
/ . , ,
.

, .

74
,
,
, (
) .
, .
.
,
,
.

1. .
2. , -.
3. ,
.
4. ,
.
5.
.
6. ?
7. .
8. .

75