book mahoavaungdung update2
TRANSCRIPT
-
8/8/2019 Book MaHoaVaUngDung Update2
1/289
1
Li gii thiu
Mt m(Cryptography) l ngnh khoa hc l ngnh nghin cu cc k thut ton hc
nhm cung cp cc dch v bo v thng tin [44]. y l ngnh khoa hc quan trng,
c nhiu ng dng trong i sng x hi.
Khoa hc mt m ra i t hng nghn nm. Tuy nhin, trong sut nhiu th k, cc
kt qu ca lnh vc ny hu nh khng c ng dng trong cc lnh vc dn sthng thng ca i sng x hi m ch yu c s dng trong lnh vc qun s,
chnh tr, ngoi giao... Ngy nay, cc ng dng m ha v bo mt thng tin ang c
s dng ngy cng ph bin trong cc lnh vc khc nhau trn th gii, t cc lnh vc
an ninh, qun s, quc phng, cho n cc lnh vc dn s nh thng mi in t,
ngn hng
Vi s pht trin ngy cng nhanh chng ca Internet v cc ng dng giao dch int trn mng, nhu cu bo v thng tin trong cc h thng v ng dng in t ngy
cng c quan tm v c ngha ht sc quan trng. Cc kt qu ca khoa hc mt
m ngy cng c trin khai trong nhiu lnh vc khc nhau ca i sng x hi,
trong phi kn rt nhiu nhng ng dng a dng trong lnh vc dn s, thng
mi...Cc ng dng m ha thng tin c nhn, trao i thng tin kinh doanh, thc hin
cc giao dch in t qua mng... trnn gn gi v quen thuc vi mi ngi.Cng vi s pht trin ca khoa hc my tnh v Internet, cc nghin cu v ng dng
ca mt m hc ngy cng trnn a dng hn, mra nhiu hng nghin cu chuyn
su vo tng lnh vc ng dng c th vi nhng c trng ring. ng dng ca khoa
hc mt m khng chn thun l m ha v gii m thng tin m cn bao gm nhiu
vn khc nhau cn c nghin cu v gii quyt, v d nh chng thc ngun gc
-
8/8/2019 Book MaHoaVaUngDung Update2
2/289
2
ni dung thng tin (k thut ch k in t), chng nhn tnh xc thc v ngi shu
m kha (chng nhn kha cng cng), cc quy trnh gip trao i thng tin v thc
hin giao dch in t an ton trn mng...
Cc ng dng ca mt m hc v khoa hc bo v thng tin rt a dng v phong ph;
ty vo tnh c th ca mi h thng bo v thng tin m ng dng s c cc tnh
nng vi c trng ring. Trong , chng ta c th k ra mt s tnh nng chnh ca
h thng bo v thng tin:
Tnh bo mt thng tin: h thng m bo thng tin c gi b mt. Thng
tin c th b pht hin, v d nh trong qu trnh truyn nhn, nhng ngi tncng khng th hiu c ni dung thng tin bnh cp ny.
Tnh ton vn thng tin: h thng bo m tnh ton vn thng tin trong lin
lc hoc gip pht hin rng thng tin b sa i.
Xc thc cc i tc trong lin lc v xc thc ni dung thng tin trong lin
lc.
Chng li s thoi thc trch nhim: h thng m bo mt i tc bt k
trong h thng khng th t chi trch nhim v hnh ng m mnh thc
hin
Nhng kt qu nghin cu v mt m cng c a vo trong cc h thng phc
tp hn, kt hp vi nhng k thut khc p ng yu cu a dng ca cc h thng
ng dng khc nhau trong thc t, v d nh h thng b phiu bu c qua mng, h
thng o to t xa, h thng qun l an ninh ca cc n v vi hng tip cn sinh
trc hc, h thng cung cp dch va phng tin trn mng vi yu cu cung cp
dch v v bo v bn quyn shu tr tui vi thng tin s...
-
8/8/2019 Book MaHoaVaUngDung Update2
3/289
3
Khi bin son tp sch ny, nhm tc gi chng ti mong mun gii thiu vi qu c
gi nhng kin thc tng quan v m ha v ng dng, ng thi trnh by v phn
tch mt s phng php m ha v quy trnh bo v thng tin an ton v hiu qu
trong thc t.
Bn cnh cc phng php m ha kinh in ni ting c s dng rng ri trong
nhiu thp nin qua nh DES, RSA, MD5, chng ti cng gii thiu vi bn c
cc phng php mi, c an ton cao nh chun m ha AES, phng php ECC,
chun hm bm mt m SHA224/256/384/512 Cc m hnh v quy trnh chng
nhn kha cng cng cng c trnh by trong tp sch ny.
Ni dung ca sch gm 10 chng. Sau phn gii thiu tng quan v mt m hc v
khi nim v h thng m ha chng 1, t chng 2 n chng 5, chng ta si
su vo tm hiu h thng m ha quy c, t cc khi nim cbn, cc phng php
n gin, n cc phng php mi nh Rijndael v cc thut ton ng c vin AES.
Ni dung ca chng 6 gii thiu h thng m ha kha cng cng v phng php
RSA. Chng 7 s trnh by v khi nim ch k in t cng vi mt s phng
php ph bin nh RSA, DSS, ElGamal. Cc kt qu nghin cu ng dng l thuyt
ng cong elliptic trn trng hu hn vo mt m hc c trnh by trong chng
8. Chng 9 gii thiu v cc hm bm mt m hin ang c s dng ph bin nh
MD5, SHS cng vi cc phng php mi c cng b trong thi gian gn y nh
SHA-256/384/512. Trong chng 10, chng ta s tm hiu v h thng chng nhn
kha cng cng, t cc m hnh n quy trnh trong thc t ca h thng chng nhn
kha cng cng, cng vi mt v d v vic kt hp h thng m ha quy c, h
thng m ha kha cng cng v chng nhn kha cng cng xy dng h thng
thin t an ton.
-
8/8/2019 Book MaHoaVaUngDung Update2
4/289
4
Vi b cc v ni dung nu trn, chng ti hi vng cc kin thc trnh by trong tp
sch ny s l ngun tham kho hu ch cho qu c gi quan tm n lnh vc m ha
v ng dng.
Mc d c gng hon thnh sch vi tt c s n lc nhng chc chn chng ti vn
cn nhng thiu st nht nh. Knh mong s cm thng v s gp ca qu c gi.
NHM TC GI: TS. Dng Anh c - ThS. Trn Minh Trit
cng vi sng gp ca cc sinh vin Khoa Cng ngh Thng tin, Trng i hcKhoa hc T nhin, i hc Quc gia thnh ph H Ch Minh.
Vn c Phng Hng Phan Th Minh c
Nguyn Minh Huy Lng VMinh
Nguyn Ngc Tng
Thnh ph H Ch Minh, thng 01 nm 2005
-
8/8/2019 Book MaHoaVaUngDung Update2
5/289
5
Mc lc
Chng 1 Tng quan 15
1.1 Mt m hc 151.2 H thng m ha (cryptosystem) 161.3 H thng m ha quy c (m ha i xng) 181.4 H thng m ha kha cng cng (m ha bt i xng) 191.5
Kt hp m ha quy c v m ha kha cng cng 19
Chng 2 Mt s phng php m ha quy c 20
2.1 H thng m ha quy c 202.2 Phng php m ha dch chuyn 212.3 Phng php m ha thay th 222.4 Phng php Affine 232.5 Phng php Vigenere 282.6 Phng php Hill 292.7 Phng php m ha hon v 302.8 Phng php m ha bng php nhn 31
2.8.1 Phng php m ha bng php nhn 312.8.2 X l s hc 32
2.9 Phng php DES (Data Encryption Standard) 332.9.1 Phng php DES 33
2.9.2 Nhn xt 362.10Phng php chun m ha nng cao AES 37
Chng 3 Phng php m ha Rijndael 39
3.1 Gii thiu 393.2 Tham s, k hiu, thut ng v hm 403.3 Mt s khi nim ton hc 42
-
8/8/2019 Book MaHoaVaUngDung Update2
6/289
6
3.3.1 Php cng 433.3.2 Php nhn 433.3.3 a thc vi h s trn GF(28) 46
3.4 Phng php Rijndael 493.4.1 Quy trnh m ha 503.4.2 Kin trc ca thut ton Rijndael 523.4.3 Php bin i SubBytes 533.4.4 Php bin i ShiftRows 553.4.5 Php bin i MixColumns 563.4.6 Thao tc AddRoundKey 58
3.5 Pht sinh kha ca mi chu k 593.5.1 Xy dng bng kha mrng 59
3.5.2 Xc nh kha ca chu k 613.6 Quy trnh gii m 62
3.6.1 Php bin i InvShiftRows 633.6.2 Php bin i InvSubBytes 643.6.3 Php bin i InvMixColumns 663.6.4 Quy trnh gii m tng ng 67
3.7 Cc vn ci t thut ton 693.7.1 Nhn xt 72
3.8 Kt qu th nghim 733.9 Kt lun 743.9.1 Kh nng an ton 743.9.2 nh gi 75
Chng 4 Phng php Rijndael m rng 77
4.1Nhu cu mrng phng php m ha Rijndael 774.2 Phin bn mrng 256/384/512-bit 78
4.2.1 Quy trnh m ha 794.2.2 Pht sinh kha ca mi chu k 864.2.3 Quy trnh gii m 884.2.4 Quy trnh gii m tng ng 93
4.3 Phin bn mrng 512/768/1024-bit 944.4 Phn tch mt m vi phn v phn tch mt m tuyn tnh 95
4.4.1 Phn tch mt m vi phn 954.4.2 Phn tch mt m tuyn tnh 96
-
8/8/2019 Book MaHoaVaUngDung Update2
7/289
7
4.4.3 Branch Number 984.4.4 S lan truyn mu 994.4.5 Trng s vt vi phn v vt tuyn tnh 107
4.5 Kho st tnh an ton i vi cc phng php tn cng khc 1084.5.1 Tnh i xng v cc kha yu ca DES 1084.5.2 Phng php tn cng Square 1094.5.3 Phng php ni suy 1094.5.4 Cc kha yu trong IDEA 1104.5.5 Phng php tn cng kha lin quan 110
4.6 Kt qu th nghim 1114.7 Kt lun 113
Chng 5 Cc thut ton ng c vin AES 1155.1 Phng php m ha MARS 115
5.1.1 Quy trnh m ha 1165.1.2 Sbox 1175.1.3 Khi to v phn b kha 1185.1.4 Quy trnh m ha 1235.1.5 Quy trnh gii m 135
5.2 Phng php m ha RC6 137
5.2.1 Khi to v phn b kha 1385.2.2 Quy trnh m ha 1395.2.3 Quy trnh gii m 143
5.3 Phng php m ha Serpent 1445.3.1 Thut ton SERPENT 1445.3.2 Khi to v phn b kha 1445.3.3 Sbox 1475.3.4 Quy trnh m ha 1485.3.5 Quy trnh gii m 153
5.4 Phng php m ha TwoFish 1545.4.1 Khi to v phn b kha 1545.4.2 Quy trnh m ha 1635.4.3 Quy trnh gii m 169
5.5 Kt lun 169
-
8/8/2019 Book MaHoaVaUngDung Update2
8/289
8
Chng 6 Mt s h thng m ha kha cng cng 172
6.1 H thng m ha kha cng cng 172
6.2 Phng php RSA 1746.2.1 Phng php RSA 1746.2.2 Mt s phng php tn cng gii thut RSA 1756.2.3 S che du thng tin trong h thng RSA 1826.2.4 Vn s nguyn t 1836.2.5 Thut ton Miller-Rabin 1846.2.6 X l s hc 186
6.3 M ha quy c v m ha kha cng cng 186
Chng 7 Ch k in t 191
7.1 Gii thiu 1917.2 Phng php ch k in t RSA 1927.3 Phng php ch k in t ElGamal 193
7.3.1 Bi ton logarit ri rc 1937.3.2 Phng php ElGamal 194
7.4 Phng php Digital Signature Standard 194
Chng 8 Phng php ECC 1978.1 L thuyt ng cong elliptic 197
8.1.1 Cng thc Weierstrasse v ng cong elliptic 1988.1.2 ng cong elliptic trn trng R2 1998.1.3 ng cong elliptic trn trng hu hn 2048.1.4 Bi ton logarit ri rc trn ng cong elliptic 2128.1.5 p dng l thuyt ng cong elliptic vo m ha 213
8.2 M ha d liu 213
8.2.1 Thao tc m ha 2148.2.2 Kt hp ECES vi thut ton Rijndael v cc thut ton mrng 2158.2.3 Thao tc gii m 215
8.3 Trao i kha theo phng php Diffie - Hellman s dng l thuyt ngcong elliptic (ECDH) 216
8.3.1 M hnh trao i kha Diffie-Hellman 2168.3.2 M hnh trao i kha Elliptic Curve Diffie - Hellman 217
8.4 Kt lun 218
-
8/8/2019 Book MaHoaVaUngDung Update2
9/289
9
Chng 9 Hm bm mt m 222
9.1 Gii thiu 2229.1.1 t vn 2229.1.2 Hm bm mt m 2239.1.3 Cu trc ca hm bm 2259.1.4 Tnh an ton ca hm bm i vi hin tng ng 2269.1.5 Tnh mt chiu 226
9.2 Hm bm MD5 2279.2.1 Gii thiu MD5 2279.2.2 Nhn xt 231
9.3 Phng php Secure Hash Standard (SHS) 232
9.3.1 Nhn xt 2359.4 H thng chun hm bm mt m SHA 2369.4.1 tng ca cc thut ton hm bm SHA 2369.4.2 Khung thut ton chung ca cc hm bm SHA 2379.4.3 Nhn xt 240
9.5 Kin trc hm bm Davies-Mayer v ng dng ca thut ton Rijndael v ccphin bn mrng vo hm bm 241
9.5.1 Kin trc hm bm Davies-Mayer 2419.5.2 Hm AES-Hash 2429.5.3 Hm bm Davies-Mayer v AES-Hash 244
9.6 Xy dng cc hm bm s dng cc thut ton mrng da trn thut tonRijndael 245
Chng 10 Chng nhn kha cng cng 246
10.1Gii thiu 24610.2Cc loi giy chng nhn kha cng cng 250
10.2.1 Chng nhn X.509 25010.2.2 Chng nhn cht lng 25210.2.3 Chng nhn PGP 25310.2.4 Chng nhn thuc tnh 253
10.3S chng nhn v kim tra ch k 25410.4Cc thnh phn ca mt csh tng kha cng cng 257
10.4.1 T chc chng nhn Certificate Authority (CA) 25710.4.2 T chc ng k chng nhn Registration Authority (RA) 258
-
8/8/2019 Book MaHoaVaUngDung Update2
10/289
10
10.4.3 Kho lu tr chng nhn Certificate Repository (CR) 25910.5Chu trnh qun l giy chng nhn 259
10.5.1 Khi to 259
10.5.2 Yu cu v giy chng nhn 25910.5.3 To li chng nhn 26210.5.4 Hy b chng nhn 26210.5.5 Lu tr v khi phc kha 264
10.6Cc m hnh CA 26410.6.1 M hnh t p trung 10.6.2 M hnh phn c p 10.6.3 M hnh Web of Trust 266
10.7ng dng H thng bo v thin t 26810.7.1 t vn 26810.7.2 Quy trnh m ha thin t 26910.7.3 Quy trnh gii m thin t 27010.7.4 Nhn xt nh gi 271
Ph lc A S-box ca thut ton MARS 272
Ph lc B Cc hon v s dng trong thut ton Serpent 275
Ph lc C S-box s dng trong thut ton Serpent 276
Ph lc D S-box ca thut ton Rijndael 277
Ph lc E Hng s v gi tr khi to ca SHA 279
E.1 Hng s s dng trong SHA 279E.1.1 Hng s ca SHA-1 279E.1.2 Hng s ca SHA-224 v SHA-256 279
E.1.3 Hng s ca SHA-384 v SHA-512 280E.2 Gi tr khi to trong SHA 281
Ti liu tham kho 284
-
8/8/2019 Book MaHoaVaUngDung Update2
11/289
11
Danh sch hnh
Hnh 2.1. M hnh h thng m ha quy c 21
Hnh 2.2. Biu din dy 64 bitx thnh 2 thnh phnL vR 34
Hnh 2.3. Quy trnh pht sinh dy i iL R t dy 1 1i iL R v kha iK 35
Hnh 3.1. Biu din dng ma trn ca trng thi (Nb = 6) v m kha (Nk= 4) 49
Hnh 3.2. Mt chu k m ha ca phng php Rijndael (viNb = 4) 52
Hnh 3.3. Thao tc SubBytes tc ng trn tng byte ca trng thi 54
Hnh 3.4. Thao tc ShiftRows tc ng trn tng dng ca trng thi 55
Hnh 3.5. Thao tc MixColumns tc ng ln mi ct ca trng thi 57
Hnh 3.6. Thao tc AddRoundKey tc ng ln mi ct ca trng thi 59
Hnh 3.7. Bng m kha mrng v cch xc nh m kha ca chu k (Nb = 6
vNk= 4) 61Hnh 3.8. Thao tc InvShiftRows tc ng ln tng dng ca trng thi hin
hnh 63
Hnh 4.1. Kin trc mt chu k bin i ca thut ton Rijndael m rng
256/384/512-bit viNb = 4 80
Hnh 4.2. Bng m kha m rng v cch xc nh m kha ca chu k (vi
Nb = 6 vNk= 4) 88Hnh 4.3. S lan truyn mu hot ng qua tng php bin i trong thut ton
mrng 256/384/512-bit ca phng php Rijndael viNb = 6 100
Hnh 4.4. S lan truyn mu hot ng (thut ton mrng 256/384/512-bit) 102
Hnh 4.5. Minh ha nh l 4.1 vi Q = 2 (thut ton mrng 256/384/512-bit) 103
-
8/8/2019 Book MaHoaVaUngDung Update2
12/289
12
Hnh 4.6. Minh ha nh l 4.2 vi ( ) 11 =aWc (th-ton mrng 256/384/512bit) 105
Hnh 4.7. Minh ha nh l 4.3 (thut ton mrng 256/384/512-bit) 107
Hnh 5.1. Quy trnh m ha MARS 116Hnh 5.2. Cu trc giai on Trn ti 125
Hnh 5.3. H thng Feistel loi 3 127
Hnh 5.4. HmE 128
Hnh 5.5. Cu trc giai on Trn li 130
Hnh 5.6. Cu trc m ha RC6 140
Hnh 5.7. Chu k th i ca quy trnh m ha RC6 141
Hnh 5.8. M hnh pht sinh kha 146
Hnh 5.9. Cu trc m ha 149
Hnh 5.10. Chu k thi (i = 0, , 30) ca quy trnh m ha Serpent 150
Hnh 5.11. Cu trc gii m 153
Hnh 5.12. Hm h 157Hnh 5.13. M hnh pht sinh cc Sbox ph thuc kha 159
Hnh 5.14. M hnh pht sinh subkeyKj 160
Hnh 5.15. Php hon v q 162
Hnh 5.16. Cu trc m ha 164
Hnh 5.17. HmF(kha 128 bit) 166
Hnh 5.18. So snh quy trnh m ha (a) v gii m (b) 169
Hnh 6.1. M hnh h thng m ha vi kha cng cng 174
Hnh 6.2. Quy trnh trao i kha b mt s dng kha cng cng 187
Hnh 6.3. th so snh chi ph cng ph kha b mt v kha cng cng 189
Hnh 8.1. Mt v d vng cong elliptic 199
-
8/8/2019 Book MaHoaVaUngDung Update2
13/289
13
Hnh 8.2. im v cc 200
Hnh 8.3. Php cng trn ng cong elliptic 201
Hnh 8.4. Php nhn i trn ng cong elliptic 203Hnh 8.5: So snh mc bo mt gia ECC vi RSA / DSA 220
Hnh 9.1. Khung thut ton chung cho cc hm bm SHA 238
Hnh 10.1. Vn ch shu kha cng cng 247
Hnh 10.2. Cc thnh phn ca mt chng nhn kha cng cng 248
Hnh 10.3. M hnh Certification Authority n gin 249
Hnh 10.4. Phin bn 3 ca chun chng nhn X.509 251
Hnh 10.5. Phin bn 2 ca cu trc chng nhn thuc tnh 254
Hnh 10.6. Qu trnh k chng nhn 255
Hnh 10.7. Qu trnh kim tra chng nhn 256
Hnh 10.8. M hnh PKI cbn 257
Hnh 10.9. Mu yu cu chng nhn theo chun PKCS#10 260Hnh 10.10. nh dng thng ip yu cu chng nhn theo RFC 2511 261
Hnh 10.11. Phin bn 2 ca nh dng danh sch chng nhn b hy 263
Hnh 10.12. M hnh CA t p trung
Hnh 10.13. M hnh CA phn c p
Hnh 10.14. M hnh Web of trust 267
Hnh 10.15. Quy trnh m ha thin t 269
Hnh 10.16. Quy trnh gii m thin t 270
-
8/8/2019 Book MaHoaVaUngDung Update2
14/289
14
Danh sch bng
Bng 3.1. Gi tr di s shift(r,Nb) 55
Bng 3.2. Tc x l ca phng php Rijndael 73
Bng 4.1. nh hng ca cc php bin i ln mu hot ng 101
Bng 4.2. Tc x l phin bn 256/384/512-bit trn my Pentium IV 2.4GHz 111
Bng 4.3. Tc x l phin bn 512/768/1024-bit trn my Pentium IV 2.4
GHz 112Bng 4.4. Bng so snh tc x l ca phin bn 256/384/512-bit 112
Bng 4.5. Bng so snh tc x l ca phin bn 512/768/1024-bit 112
Bng 6.1. So snh an ton gia kha b mt v kha cng cng 188
Bng 8.1. So snh s lng cc thao tc i vi cc php ton trn ng cong
elliptic trong h ta Affine v h ta chiu 211
Bng 8.2. So snh kch thc kha gia m ha quy c v m ha kha cng
cng vi cng mc bo mt 218
Bng 8.3. So snh kch thc kha RSA v ECC vi cng mc an ton 219
Bng 9.1. Chu k bin i trong MD5 230
Bng 9.2. Cc tnh cht ca cc thut ton bm an ton 241
Bng D.1. Bng thay th S-box cho gi tr {xy} dng thp lc phn. 277Bng D.2. Bng thay th nghch o cho gi tr {xy} dng thp lc phn. 278
-
8/8/2019 Book MaHoaVaUngDung Update2
15/289
Tng quan
15
Chng 1Tng quan
Ni dung ca chng 1 gii thiu tng quan cc khi nim cbn vmtm hc v h thng m ha, ng thi gii thiu slc vh thng m ha quy
c v h thng m ha kha cng cng.
1.1 Mt m hc
Mt m hc l ngnh khoa hc ng dng ton hc vo vic bin i thng tin
thnh mt dng khc vi mc ch che du ni dung, ngha thng tin cn m
ha. y l mt ngnh quan trng v c nhiu ng dng trong i sng x hi.
Ngy nay, cc ng dng m ha v bo mt thng tin ang c s dng ngy
cng ph bin hn trong cc lnh vc khc nhau trn th gii, t cc lnh vc an
ninh, qun s, quc phng, cho n cc lnh vc dn s nh thng mi int, ngn hng
Cng vi s pht trin ca khoa hc my tnh v Internet, cc nghin cu v ng
dng ca khoa hc mt m ngy cng trnn a dng hn, mra nhiu hng
nghin cu chuyn su vo tng lnh vc ng dng c th vi nhng c trng
-
8/8/2019 Book MaHoaVaUngDung Update2
16/289
Chng 1
16
ring. ng dng ca khoa hc mt m khng chn thun l m ha v gii m
thng tin m cn bao gm nhiu vn khc nhau cn c nghin cu v gii
quyt: chng thc ngun gc ni dung thng tin (k thut ch k in t), chng
nhn tnh xc thc v ngi shu m kha (chng nhn kha cng cng), cc
quy trnh gip trao i thng tin v thc hin giao dch in t an ton trn
mng... Nhng kt qu nghin cu v mt m cng c a vo trong cc h
thng phc tp hn, kt hp vi nhng k thut khc p ng yu cu a dng
ca cc h thng ng dng khc nhau trong thc t, v d nh h thng b phiu
bu c qua mng, h thng o to t xa, h thng qun l an ninh ca cc n v
vi hng tip cn sinh trc hc, h thng cung cp dch v multimedia trn
mng vi yu cu cung cp dch v v bo v bn quyn shu tr tui vi
thng tin s...
1.2 H thng m ha (cryptosystem)
nh ngha 1.1:H thng m ha (cryptosystem) l mt b nm (P, C, K, E, D)
tha mn cc iu kin sau:
1. Tp ngun P l tp hu hn tt c cc mu tin ngun cn m ha c thc
2. Tp ch C l tp hu hn tt c cc mu tin c thc sau khi m ha
3. Tp kha K l tp hu hn cc kha c thc sdng
4. E v D ln lt l tp lut m ha v gii m. Vi mi kha k K , tn ti
lut m ha ke E v lut gii m kd D tng ng. Lut m ha
:ke P C v lut gii m :ke C P l hai nh x tha mn
( ( )) ,k kd e x x x P =
-
8/8/2019 Book MaHoaVaUngDung Update2
17/289
Tng quan
17
Tnh cht 4 l tnh cht chnh v quan trng ca mt h thng m ha. Tnh cht
ny bo m mt mu tin x P c m ha bng lut m ha ke E c th
c gii m chnh xc bng lut kd D .
nh ngha 1.2: mZ c nh ngha l tp hp { }0,1,..., 1m , c trang b
php cng (k hiu +) v php nhn (k hiu l ). Php cng v php nhn
trong mZ c thc hin tng t nh trong Z , ngoi tr kt qu tnh theo
modulom.
V d: Gi s ta cn tnh gi tr 11 13 trong 16Z . Trong Z , ta c
kt qu ca php nhn 11 13 143 = . Do 143 15 (mod 16) nn
11 13 15 = trong 16Z .
Mt s tnh cht ca mZ
1. Php cng ng trong mZ , , ma b Z , ma b+ Z
2. Tnh giao hon ca php cng trong mZ , , ma b Z , a b b a+ = +
3. Tnh kt hp ca php cng trong mZ , , , ma b c Z , ( ) ( )a b c a b c+ + = + +
4. mZ c phn t trung ha l 0, , ma b Z , 0 0a a a+ = + =
5. Mi phn ta trong mZ u c phn ti l m a
6. Php nhn ng trong mZ , , ma b Z , ma b Z
7. Tnh giao hon ca php nhn trong mZ , , ma b Z , a b b a =
8. Tnh kt hp ca php nhn trong mZ , , , ma b c Z , ( ) ( )a b c a b c =
-
8/8/2019 Book MaHoaVaUngDung Update2
18/289
Chng 1
18
9. mZ c phn tn v l 1, , ma b Z , 1 1a a a = =
10. Tnh phn phi ca php nhn i vi php cng, , , ma b c Z ,
( )a b c a c b c+ = +
mZ c cc tnh cht 1, 3 5 nn to thnh mt nhm. Do mZ c tnh cht 2 nn
to thnh nhm Abel. mZ c cc tnh cht (1) (10) nn to thnh mt vnh.
1.3 H thng m ha quy c (m ha i xng)
Trong h thng m ha quy c, qu trnh m ha v gii m mt thng ip s
dng cng mt m kha gi l kha b mt (secret key) hay kha i xng
(symmetric key). Do , vn bo mt thng tin m ha hon ton ph thuc
vo vic gi b mt ni dung ca m kha c s dng.
Vi tc v kh nng x l ngy cng c nng cao ca cc b vi x l hin
nay, phng php m ha chun (Data Encryption Standard DES) trnn
khng an ton trong bo mt thng tin. Do , Vin Tiu chun v Cng ngh
Quc gia Hoa K (National Institute of Standards and Technology NIST)
quyt nh chn mt chun m ha mi vi an ton cao nhm phc v nhu cu
bo mt thng tin lin lc ca chnh ph Hoa K cng nh trong cc ng dngdn s. Thut ton Rijndael do Vincent Rijmen v Joan Daeman c chnh
thc chn tr thnh chun m ha nng cao (Advanced Encryption Standard
AES) t 02 thng 10 nm 2000.
-
8/8/2019 Book MaHoaVaUngDung Update2
19/289
Tng quan
19
1.4 H thng m ha kha cng cng (m ha bt i xng)
Nu nh vn kh khn t ra i vi cc phng php m ha quy c chnh
l bi ton trao i m kha th ngc li, cc phng php m ha kha cng
cng gip cho vic trao i m kha trnn d dng hn. Ni dung ca kha
cng cng(public key) khng cn phi gi b mt nhi vi kha b mt trong
cc phng php m ha quy c. S dng kha cng cng, chng ta c th thit
lp mt quy trnh an ton truy i kha b mt c s dng trong h thng
m ha quy c.
Trong nhng nm gn y, cc phng php m ha kha cng cng, c bit l
phng php RSA [45], c s dng ngy cng nhiu trong cc ng dng m
ha trn th gii v c th xem nhy l phng php chun c s dng ph
bin nht trn Internet, ng dng trong vic bo mt thng tin lin lc cng nh
trong lnh vc thng mi in t.
1.5 Kt hp m ha quy c v m ha kha cng cng
Cc phng php m ha quy c c u im x l rt nhanh v kh nng bo
mt cao so vi cc phng php m ha kha cng cng nhng li gp phi vn
kh khn trong vic trao i m kha. Ngc li, cc phng php m ha
kha cng cng tuy x l thng tin chm hn nhng li cho php ngi s dng
trao i m kha d dng hn. Do , trong cc ng dng thc t, chng ta cn
phi hp c u im ca mi phng php m ha xy dng h thng m
ha v bo mt thng tin hiu qu v an ton.
-
8/8/2019 Book MaHoaVaUngDung Update2
20/289
Chng 2
20
Chng 2Mt s phng php m ha quy c
Trong chng 1, chng ta tm hiu tng quan vmt m hc v hthng m ha. Ni dung ca chng 2 sgii thiu chi tit hn vh thng m
ha quy c (hay cn gi l h thng m ha i xng). Mt sphng php
m ha quy c kinh in nh phng php dch chuyn, phng php thay
th cng vi cc phng php m ha theo khi c sdng phbin trongnhng th p nin gn y nh DES, Tripple DES, AES cng c gii thiu
trong chng ny.
2.1 H thng m ha quy c
H thng m ha quy c l h thng m ha trong quy trnh m ha v giim u s dng chung mt kho - kha b mt. Vic bo mt thng tin ph thuc
vo vic bo mt kha.
Trong h thng m ha quy c, thng ip ngun c m ha vi m kha k
c thng nht trc gia ngi gi A v ngi nhn B. Ngi A s s dng
-
8/8/2019 Book MaHoaVaUngDung Update2
21/289
Mt s phng php m ha quy c
21
m kha k m ha thng ip x thnh thng ip y v gi y cho ngi B;
ngi B s s dng m kha k gii m thng ipy ny. Vn an ton bo
mt thng tin c m ha ph thuc vo vic gi b mt ni dung m kha k.
Nu ngi C bit c m kha kth C c th mkha thng ip c m
ha m ngi A gi cho ngi B.
Kha b mt
Thng i p M ha Thngi p Gii m Thng ipngun m ha gii m
Hnh 2.1. M hnh h thng m ha quy c
2.2 Phng php m ha dch chuyn
Phng php m ha dch chuyn l mt trong nhng phng php lu i nht
c s dng m ha. Thng ip c m ha bng cch dch chuyn xoay
vng tng k ti kv tr trong bng ch ci.
Trong trng hp c bit 3k= , phng php m ha bng dch chuyn c
gi l phng php m ha Caesar.
-
8/8/2019 Book MaHoaVaUngDung Update2
22/289
Chng 2
22
Thut ton 2.1.Phng php m ha dch chuyn
Cho nP C K = = = Z
Vi mi kha k K , nh ngha:( ) ( ) modke x x k n= + v ( ) ( ) modkd y y k n= vi , nx y Z
{ },kE e k K = v { },kD d k K =
M ha dch chuyn l mt phng php m ha n gin, thao tc x l m ha
v gii m c thc hin nhanh chng. Tuy nhin, trn thc t, phng php
ny c th d dng b ph vbng cch th mi kh nng kha k K .iu ny
hon ton c th thc hin c do khng gian khaKch c n phn t chn
la.
V d: m ha mt thng ip c biu din bng cc ch ci t A
n Z (26 ch ci), ta s dng 26P C K = = =Z
. Khi , thng ip cm ha s khng an ton v c th d dng b gii m bng cch th ln
lt 26 gi tr kha k K . Tnh trung bnh, thng ip c m ha
c th b gii m sau khong / 2n ln th kha k K .
2.3 Phng php m ha thay th
Phng php m ha thay th (Substitution Cipher) l mt trong nhng phng
php m ha ni ting v c s dng t hng trm nm nay. Phng php
ny thc hin vic m ha thng ip bng cch hon v cc phn t trong bng
ch ci hay tng qut hn l hon v cc phn t trong tp ngunP.
-
8/8/2019 Book MaHoaVaUngDung Update2
23/289
Mt s phng php m ha quy c
23
Thut ton 2.2.Phng php m ha bng thay th
ChoP= C= Zn
Kl tp hp tt c cc hon v ca n phn t 0,1,..., 1n . Nh vy, mi kha
K l mt hon v ca n phn t 0,1,..., 1n .
Vi mi kha K , nh ngha:
( ) ( )
e x x= v -1( ) ( )
d y y= vi , nx y Z
{ } ,e K= v { } ,D D K =
y l mt phng php n gin, thao tc m ha v gii m c thc hin
nhanh chng. Phng php ny khc phc im hn ch ca phng php m
ha bng dch chuyn l c khng gian khaKnh nn d dng b gii m bng
cch th nghim ln lt n gi tr kha k K . Trong phng php m ha thay
th c khng gian kha Krt ln vi n! phn t nn khng th b gii m bng
cch vt cn mi trng hp kha k. Tuy nhin, trn thc t thng ip cm ha bng phng php ny vn c th b gii m nu nh c th thit lp
c bng tn s xut hin ca cc k t trong thng ip hay nm c mt s
t, ng trong thng ip ngun ban u!
2.4 Phng php Affine
Nu nh phng php m ha bng dch chuyn l mt trng hp c bit ca
phng php m ha bng thay th, trong ch s dng n gi tr kha ktrong s
n! phn t, th phng php Affine li l mt trng hp c bit khc ca m
ha bng thay th.
-
8/8/2019 Book MaHoaVaUngDung Update2
24/289
Chng 2
24
Thut ton 2.3.Phng php Affine
ChoP= C= Zn
( ) ( ){ }, : gcd , 1n nK a b a n= =Z Z
Vi mi kha ( , )k a b K = , nh ngha:
( ) ( ) modke x ax b n= + v1( ) ( ( )) modkd x a y b n
= vi , nx y Z
{ },ke k K= v { },kD D k K =
c th gii m chnh xc thng tin c m ha bng hm ke E th ke
phi l mt song nh. Nh vy, vi mi gi tr ny Z , phng trnh
(mod )ax b y n+ phi c nghim duy nht nx Z .
Phng trnh (mod )ax b y n+ tng ng vi ( )(mod )ax y b n . Vy, ta
ch cn kho st phng trnh ( )(mod )ax y b n .
nh l 2.1: Phng trnh (mod )ax b y n+ c nghim duy nht nx Z vi
mi gi tr nb Z khi v chkhi a v n nguyn tcng nhau.
Vy, iu kin a v n nguyn t cng nhau bo m thng tin c m ha bnghm ke c thc gii m v gii m mt cch chnh xc.
Gi ( )n l s lng phn t thuc nZ v nguyn t cng nhau vi n.
-
8/8/2019 Book MaHoaVaUngDung Update2
25/289
Mt s phng php m ha quy c
25
nh l 2.2:Nu =
=m
i
ei
ipn1
vipi l cc snguyn tkhc nhau v ie+ Z ,
1 i m th ( ) ( )=
=
m
ieiei ii ppn
11 .
Trong phng php m ha Affine, ta c n kh nng chn gi trb, ( )n kh
nng chn gi tra. Vy, khng gian khaKc tt c ( )n n phn t.
Vn t ra cho phng php m ha Affine l c th gii m c thng tin c m ha cn phi tnh gi tr phn t nghch o 1 na
Z . Thut ton
Euclide mrng c th gii quyt trn vn vn ny [45].
Trc tin, cn kho st thut ton Euclide (dng cbn) s dng trong vic
tm c s chung ln nht ca hai s nguyn dng 0r v 1r vi 0 1r r> . Thut
ton Euclide bao gm mt dy cc php chia:
0 1 1 2r q r r = + , 2 10 r r< <
1 2 2 3r q r r = + , 3 20 r r< <
2 1 1m m m mr q r r = + , 10 m mr r < <
1m m mr q r = (2.1)
D dng nhn thy rng: 0 1 1 2 1gcd( , ) gcd( , ) ... gcd( , )m m mr r r r r r r = = = = . Nh
vy, c s chung ln nht ca 0r v 1r l mr .
-
8/8/2019 Book MaHoaVaUngDung Update2
26/289
Chng 2
26
Xy dng dy s 0 1, ,..., mt t t theo cng thc truy hi sau:
0 0t =
1 1t =
2 1 1 0( ) modj j j jt t q t r = vi 2j (2.2)
nh l 2.3: Vi mij, 0 j m , ta c 1 0(mod )j jr t r r , vi jq v r c
xc nh theo thut ton Euclide v t c xc nh theo cng thc truy hi nu
trn.
nh l 2.4: Nu 0r v 1r nguyn tcng nhau (vi 0 1r r> ) th mt l phn t
nghch o ca 1r trong 0rZ .
10 1 1 0gcd( , ) 1 modmr r t r r
= = (2.3)
Trong thut ton Euclide, dy s{ }t c thc tnh ng thi vi dy s { }q
v{ }r . Thut ton Euclide mrng di y c s dng xc nh phn t
nghch o (nu c) ca mt s nguyn dng a (modulo n). Trong thut ton
khng cn s dng n cu trc d liu mng lu gi tr ca dy s { }t ,{ }q
hay{ }r v ti mi thi im, ta ch cn quan tm n gi tr ca hai phn t cui
cng ca mi dy ti thi im ang xt.
-
8/8/2019 Book MaHoaVaUngDung Update2
27/289
Mt s phng php m ha quy c
27
Thut ton 2.4. Thut ton Euclide mrng
xc nh phn tnghch o ca a (modulo n)
0n n=
0a a=
0 0t =
1t=
0
0
nq
a
=
0 0r n qa=
while 0r> do0temp t qt =
if 0temp then
modtemp temp n=
end ifif 0temp < then
(( ) mod )temp n temp n=
end if0t t=
t temp=
0 0n a=
0a r=
0
0
nq
a
=
0 0r n qa=
end whileif 0 1a then
a khng c phn t nghch o modulo n
else1 moda t n =
end if
-
8/8/2019 Book MaHoaVaUngDung Update2
28/289
Chng 2
28
2.5 Phng php Vigenere
Trong phng php m ha bng thay th cng nh cc trng hp c bit ca
phng php ny (m ha bng dch chuyn, m ha Affine,), ng vi mt
kha kc chn, mi phn t x P c nh x vo duy nht mt phn t
y C . Ni cch khc, ng vi mi kha k K , mt song nh c thit lp t
Pvo C.
Khc vi hng tip cn ny, phng php Vigenere s dng mt t kha c di m. C th xem nh phng php m ha Vigenere Cipher bao gm m php
m ha bng dch chuyn c p dng lun phin nhau theo chu k.
Khng gian khaKca phng php Vigenere Cipher c s phn t l mn , ln
hn hn phng php s lng phn t ca khng gian kha K trong phng
php m ha bng dch chuyn. Do , vic tm ra m kha k gii m thngip c m ha s kh khn hn i vi phng php m ha bng dch
chuyn.
Thut ton 2.5.Phng php m ha Vigenere
Chn s nguyn dng m. nh ngha ( )mnP C K = = = Z
{ }0 1 1( , ,..., ) ( )rr nK k k k = Z
Vi mi kha 0 1 1( , ,..., )rk k k k K = , nh ngha:
1 2 1 1 2 2( , ,..., ) (( ) mod , ( ) mod ,..., ( ) mod )k m m me x x x x k n x k n x k n= + + +
1 2 1 1 2 2( , ,..., ) (( ) mod ,( ) mod ,..., ( ) mod )k m m md y y y y k n y k n y k n=
vi , ( )mnx y Z .
-
8/8/2019 Book MaHoaVaUngDung Update2
29/289
Mt s phng php m ha quy c
29
2.6 Phng php Hill
Phng php Hill c Lester S. Hill cng b nm 1929: Cho s nguyn dng
m, nh ngha ( )mnP C= = Z . Mi phn tx P l mt bm thnh phn, mi
thnh phn thuc nZ . tng chnh ca phng php ny l s dng m t hp
tuyn tnh ca m thnh phn trong mi phn t x P pht sinh ra m thnh
phn to thnh phn ty C .
Thut ton 2.6.Phng php m ha Hill
Chn s nguyn dng m. nh ngha:
( )mnP C= = Z vKl tp hp cc ma trn m m kh nghch
Vi mi kha K
kkk
kk
kkk
k
mmmm
m
m
=
,2,1,
,21,2
,12,11,1
, nh ngha:
( ) ( )
==
mmmm
m
m
mk
kkk
kk
kkk
xxxxkxe
,2,1,
,21,2
,12,11,1
21 ,...,,
vi 1 2( , ,..., )mx x x x P =
v 1( )kd y yk = vi y C .
Mi php ton s hc u c thc hin trn nZ .
-
8/8/2019 Book MaHoaVaUngDung Update2
30/289
Chng 2
30
2.7 Phng php m ha hon v
Nhng phng php m ha nu trn u da trn tng chung: thay th mi
k t trong thng ip ngun bng mt k t khc to thnh thng ip
c m ha. tng chnh ca phng php m ha hon v (Permutation
Cipher) l vn gi nguyn cc k t trong thng ip ngun m ch thay i v tr
cc k t; ni cch khc thng ip ngun c m ha bng cch sp xp li cc
k t trong .
Thut ton 2.7. Phng php m ha bng hon v
Chn s nguyn dng m. nh ngha:
( )mnP C= = Z vKl tp hp cc hon v ca m phn t { }1,2,...,m
Vi mi kha K , nh ngha:
( ) ( ) ( ) ( )( ) 1 2 1 2 , ,..., , ,...,m me x x x x x x= v
( )( ) ( ) ( )( )1 1 1 1 2 1 2 , ,..., , ,...,m md y y y y y y =
vi 1 hon v ngc ca
Phng php m ha bng hon v chnh l mt trng hp c bit ca phng
php Hill. Vi mi hon v ca tp h p {1, 2, ..., m} , ta xc nh ma trn
,( )i jk k = theo cng thc sau:
( ),
1,
0,i j
i jk
==
neu
trong trng hp ngc lai(2.4)
-
8/8/2019 Book MaHoaVaUngDung Update2
31/289
Mt s phng php m ha quy c
31
Ma trn k l ma trn m mi dng v mi ct c ng mt phn t mang gi tr
1, cc phn t cn li trong ma trn u bng 0. Ma trn ny c th thu c bng
cch hon v cc hng hay cc ct ca ma trn n v m nn k l ma trn khnghch. R rng, m ha bng phng php Hill vi ma trn k hon ton tng
ng vi m ha bng phng php hon v vi hon v.
2.8 Phng php m ha bng php nhn
2.8.1 Phng php m ha bng php nhnThut ton 2.8.Phng php m ha bng php nhn
Cho ( )mnP C= = Z , { : gcd( , ) 1}nK k k n= =Z
Vi mi kha nk Z , nh ngha:
( ) modk xe x k n= v1
( ) modkd y k y n
= vi , nx y Z
Phng php m ha bng php nhn (Multiplicative Cipher) l mt phng
php m ha n gin. Khng gian kha Kc tt c ( )n phn t. Tuy nhin,
vic chn kha 1k K= s khng c ngha trong vic m ha thng nn s
lng phn t tht sc s dng trongKl ( ) 1n .
Vn c t ra y l an ton ca phng php ny ph thuc vo s
lng phn t trong tp khaK. Nu gi tr ( ) 1n khng ln th thng tin
c m ha c th b gii m bng cch th ton b cc kha k K . nng
-
8/8/2019 Book MaHoaVaUngDung Update2
32/289
Chng 2
32
cao an ton ca phng php ny, gi trnc s dng phi c ( )n ln
hay chnh gi trn phi ln. Khi , mt vn mi c t ra l lm th no
thc hin c mt cch nhanh chng cc php ton trn s nguyn ln.
2.8.2 Xl shcTrong phng php m ha ny, nhu cu tnh gi tr ca biu thc
( ) modz a b n= c t ra trong c thao tc m ha v gii m. Nu thc hin
vic tnh gi tr theo cch thng thng th r rng l khng hiu qu do thi gianx l qu ln.
S dng thut ton php nhn n , ta c thc s dng tnh gi tr biu
thc ( ) moda b n= mt cch nhanh chng v hiu qu.
Thut ton 2.9. Thut ton php nhnntnh gi tr ( ) modz a b n=
0z =
moda a n=
modb b n=
Biu din b di dng nh phn 1 2 2 1, ,..., ,l lb b b b , {0,1}ib , 0 i l <
for i = 0 to 1l
if 1ib = then( ) modz a n= +
endif
(2 ) moda a n=
endfor
( ) modz z a n= +
-
8/8/2019 Book MaHoaVaUngDung Update2
33/289
Mt s phng php m ha quy c
33
2.9 Phng php DES (Data Encryption Standard)
2.9.1 Phng php DESKhong nhng nm 1970, tin sHorst Feistel t nn mng u tin cho
chun m ha d liu DES vi phng php m ha Feistel Cipher. Vo nm
1976 Cquan Bo mt Quc gia Hoa K (NSA) cng nhn DES da trn
phng php Feistel l chun m ha d liu [25]. Kch thc kha ca DES ban
u l 128 bit nhng ti bn cng b FIPS kch thc kha c rt xung cn
56 bit.
Trong phng php DES, kch thc khi l 64 bit. DES thc hin m ha d
liu qua 16 vng lp m ha, mi vng s dng mt kha chu k 48 bit c to
ra t kha ban u c di 56 bit. DES s dng 8 bng hng s S-box thao
tc.
Qu trnh m ha ca DES c thc tm tt nh sau: Biu din thng ip
ngun x P bng dy 64bit. Kha kc 56 bit. Thc hin m ha theo ba giai
on:
1. To dy 64 bit 0x bng cch hon vx theo hon v IP (Initial Permutation).
Biu din 0 0 0( )x IP x L R= = , L0 gm 32 bit bn tri ca x0, R0 gm 32 bit
bn phi cax0.
-
8/8/2019 Book MaHoaVaUngDung Update2
34/289
Chng 2
34
L0 R0
x0
Hnh 2.2.Biu din dy 64 bit x thnh 2 thnh phn L v R
2. Thc hin 16 vng lp t 64 bit thu c v 56 bit ca kho k(ch s dng
48 bit ca kho k trong mi vng lp). 64 bit kt qu thu c qua mi vng
lp s l u vo cho vng lp sau. Cc cp t 32 bitLi,Ri (vi 1 16i )
c xc nh theo quy tc sau:
1i iL R =
1 1( , )i i i iL f R K = (2.5)
vi biu din php ton XOR trn hai dy bit,K1,K2, ...,K16 l cc dy 48
bit pht sinh t khaKcho trc (Trn thc t, mi khaKic pht sinhbng cch hon v cc bit trong khaKcho trc).
3. p dng hon v ngc 1P i vi dy bit 16 16L , thu c ty gm
64 bit. Nh vy, 1 16 16( )y IP R L= .
Hmfc s dng bc 2 l hm c gm hai tham s: Tham s th nhtA lmt dy 32 bit, tham s th haiJl mt dy 48 bit. Kt qu ca hmf l mt dy
32 bit. Cc bc x l ca hm ( , )A J nh sau:
Tham s th nhtA (32 bit) c mrng thnh dy 48 bit bng hm mrngE.
Kt qu ca hm ( )E A l mt dy 48 bit c pht sinh tA bng cch hon v
-
8/8/2019 Book MaHoaVaUngDung Update2
35/289
Mt s phng php m ha quy c
35
theo mt th t nht nh 32 bit caA, trong c 16 bit caAc lp li hai
ln trong ( )E A .
Li-1 Ri-1
f Ki
Li Ri
Hnh 2.3. Quy trnh pht sinh dy i iL R tdy 1 1i iL R v kha iK
Thc hin php ton XOR cho hai dy 48 bit ( )A vJ, ta thu c mt dy
48 bitB. Biu dinB thnh tng nhm 6 bit nh sau: 1 2 3 4 5 6 7 8B B B B B B B B= .
S dng tm ma trn 1 2 8, ,...,S S S , mi ma trn Si c kch thc 4 16 v mi
dng ca ma trn nhn 16 gi tr t 0 n 15. Xt dy gm 6 bit
1 2 3 4 5 6jB b b b b b b= , ( )jS B c xc nh bng gi tr ca phn t ti dng rct c
ca Sj, trong , ch s dng rc biu din nh phn l 1 6b b , ch s ct c c biu
din nh phn l 2 3 4 5b b b b . Bng cch ny, ta xc nh c cc dy 4 bit
( )j jC S B= , 1 8 .
-
8/8/2019 Book MaHoaVaUngDung Update2
36/289
Chng 2
36
Tp h p cc dy 4 bit Cj li, ta c c dy 32 bit
1 2 3 4 5 6 7 8C C C C C C C C C = . Dy 32 bit thu c bng cch hon vCtheo mt quy
lutPnht nh chnh l kt qu ca hm ( , )F A J .
Qu trnh gii m chnh l thc hin theo th to ngc cc thao tc ca qu
trnh m ha.
2.9.2 Nhn xtDo tc tnh ton ca my tnh ngy cng tng cao v DES c s quan
tm ch ca cc nh khoa hc ln nhng ngi ph m (cryptanalyst) nn DES
nhanh chng trnn khng an ton. Nm 1997, mt d n tin hnh b kha
DES cha n 3 ngy vi chi ph thp hn 250.000 dollars. V vo nm 1999,
mt mng my tnh gm 100.000 my c th gii m mt th tn m ha DES
cha y 24 gi.
Trong qu trnh tm kim cc thut ton mi an ton hn DES, Tripple DES ra
i nh mt bin th ca DES. Tripple DES thc hin ba ln thut ton DES vi
3 kho khc nhau v vi trnh t khc nhau. Trnh t thc hin ph bin l EDE
(Encrypt Decrypt Encrypt), thc hin xen k m ha vi gii m (lu l
kha trong tng giai on thc hin khc nhau).
-
8/8/2019 Book MaHoaVaUngDung Update2
37/289
Mt s phng php m ha quy c
37
2.10 Phng php chun m ha nng cao AES
tm kim mt phng php m ha quy c mi vi an ton cao hn DES,
NIST cng b mt chun m ha mi, thay th cho chun DES. Thut ton i
din cho chun m ha nng cao AES (Advanced Encryption Standard) s l
thut ton m ha kha quy c, s dng min ph trn ton th gii. Chun AES
bao gm cc yu cu sau [23]:
o Thut ton m ha theo khi 128 bit.
o Chiu di kha 128 bit, 192 bit v 256 bit.
o Khng c kha yu.
o Hiu qu trn h thng Intel Pentium Pro v trn cc nn phn cng v phn
mm khc.
o Thit k d dng (h trchiu di kha linh hot, c th trin khai ng dng
rng ri trn cc nn v cc ng dng khc nhau).
o Thit kn gin: phn tch nh gi v ci t d dng.
o Chp nhn bt k chiu di kha ln n 256 bit.
o M ha d liu thp hn 500 chu k ng h cho mi khi trn Intel
Pentium, Pentium Pro v Pentium II i vi phin bn ti u ca thut ton.
o C kh nng thit lp kha 128 bit (cho tc m ha ti u) nh hn thi
gian i hi m ha cc khi 32 bit trn Pentium, Pentium Pro v Pentium
II.
o Khng cha bt k php ton no lm n gim kh nng trn cc b vi x l
8 bit, 16 bit, 32 bit v 64 bit.
o Khng bao hm bt k phn t no lm n gim kh nng ca phn cng.
o Thi gian m ha d liu rt thp di 10/1000 giy trn b vi x l 8 bit.
o C th thc hin trn b vi x l 8 bit vi 64 byte b nhRAM.
-
8/8/2019 Book MaHoaVaUngDung Update2
38/289
Chng 2
38
Sau khi thc hin hai ln tuyn chn, c nm thut ton c vo vng chung
kt, gm c: MARS, RC6, SERPENT, TWOFISH v RIJNDAEL. Cc thut ton
ny u t cc yu cu ca AES nn c gi chung l cc thut ton ng vin
AES. Cc thut ton ng vin AES c an ton cao, chi ph thc hin thp. Chi
tit v cc thut ton ny c trnh by trong Chng 3 - Phng php m ha
Rijndael v Chng 5 - Cc thut ton ng c vin AES.
-
8/8/2019 Book MaHoaVaUngDung Update2
39/289
Phng php m ha Rijndael
39
Chng 3Phng php m ha Rijndael
Ni dung ca chng 3 trnh by chi tit vphng php m ha Rijndaelca hai tc gi Vincent Rijmen v Joan Daeman. y l gii thutc Vin
Tiu chun v Cng ngh Hoa K (NIST) chnh thc chn lm chun m ha
nng cao (AES) tngy 02 thng 10 nm 2000.
3.1 Gii thiu
Vi tc v kh nng x l ngy cng c nng cao ca cc b vi x l hin
nay, phng php m ha chun (Data Encryption Standard DES) tr nn
khng an ton trong bo mt thng tin. Do , Vin Tiu chun v Cng ngh
Hoa K (National Institute of Standards and Technology NIST) quyt nh
chn mt chun m ha mi vi an ton cao nhm phc v nhu cu bo mt
thng tin lin lc ca Chnh ph Hoa K cng nh trong cc ng dng dn s.
Thut ton Rijndael do Vincent Rijmen v Joan Daeman c chnh thc chn
trthnh chun m ha nng cao AES (Advanced Encryption Standard) t ngy
02 thng 10 nm 2000.
-
8/8/2019 Book MaHoaVaUngDung Update2
40/289
Chng 3
40
Phng php m ha Rijndael l phng php m ha theo khi (block cipher)
c kch thc khi v m kha thay i linh hot vi cc gi tr 128, 192 hay 256
bit. Phng php ny thch hp ng dng trn nhiu h thng khc nhau t cc
th thng minh cho n cc my tnh c nhn.
3.2 Tham s, k hiu, thut ng v hm
AddRoundKey Php bin i s dng trong m ha v gii m, thc hin
vic cng m kha ca chu k vo trng thi hin hnh.
di ca m kha ca chu k bng vi kch thc ca trng
thi.
SubBytes Php bin i s dng trong m ha, thc hnh vic thay
th phi tuyn tng byte trong trng thi hin hnh thng qua
bng thay th (S-box).
InvSubBytes Php bin i s dng trong gii m. y l php bin i
ngc ca php bin i SubBytes.
MixColumns Php bin i s dng trong m ha, thc hin thao tc trn
thng tin ca tng ct trong trng thi hin hnh. Mi ctc x l c lp.
InvMixColumns Php bin i s dng trong gii m. y l php bin i
ngc ca php bin i MixColumns.
-
8/8/2019 Book MaHoaVaUngDung Update2
41/289
Phng php m ha Rijndael
41
ShiftRows Php bin i s dng trong m ha, thc hin vic dch
chuyn xoay vng tng dng ca trng thi hin hnh vi di
s tng ng khc nhau
InvShiftRows Php bin i s dng trong gii m. y l php bin i
ngc ca php bin i ShiftRows.
Nw S lng byte trong mt n v d liu t. Trong thut
ton Rijndael, thut ton mrng 256/384/512 bit v thutton mrng 512/768/1024 bit, gi trNw ln lt l 4, 8 v
16
K Kha chnh.
Nb S lng ct (s lng cc t 8Nw bit) trong trng thi.Gi trNb = 4, 6, hay 8. Chun AES gii hn li gi tr ca
Nb = 4.
Nk S lng cc t (8Nw bit) trong kha chnh.
Gi trNk= 4, 6, hay 8.
Nr S lng chu k, ph thuc vo gi trNkandNbtheo cng
thc:Nr= max (Nb,Nk)+6.
-
8/8/2019 Book MaHoaVaUngDung Update2
42/289
Chng 3
42
RotWord Hm c s dng trong qu trnh mrng m kha, thc
hin thao tc dch chuyn xoay vng Nw byte thnh phn
ca mt t.
SubWord Hm c s dng trong qu trnh mrng m kha. Nhn
vo mt t (Nw byte), p dng php thay th da vo S-box
i vi tng byte thnh phn v tr v t gm Nw byte
thnh phn c thay th.
XOR Php ton Exclusive-OR.
Php ton Exclusive-OR.
Php nhn hai a thc (mi a thc c bc
-
8/8/2019 Book MaHoaVaUngDung Update2
43/289
Phng php m ha Rijndael
43
nhau: dng nh phn ({b7b6b5b4b3b2b1b0}), dng thp lc phn ({h1h0}) hay dng
a thc c cc h s nh phn =
7
0i
iixb
3.3.1 Php cngPhp cng hai phn t trn GF(28) c thc hin bng cch cng (thc cht l
php ton XOR, k hiu ) cc h s ca cc n thc ng dng ca hai a thc
tng ng vi hai ton hng ang xt. Nh vy, php cng v php tr hai phnt bt k trn GF(28) l hon ton tng ng nhau.
Nu biu din li cc phn t thuc GF(28) di hnh thc nh phn th php cng
gia {a7a6a5a4a3a2a1a0} vi {b7b6b5b4b3b2b1b0} l {c7c6c5c4c3c2c1c0} vi
i i jc a b= , 0i 7.
3.3.2 Php nhnKhi xt trong biu din a thc, php nhn trn GF(28) (k hiu ) tng ng vi
php nhn thng thng ca hai a thc em chia ly d (modulo) cho mt a
thc ti gin (irreducible polynomial) bc 8. a thc c gi l ti gin khi v
ch khi a thc ny ch chia ht cho 1 v chnh mnh. Trong thut ton Rijndael,
a thc ti ginc chn l
8 4 3( ) 1m x x x x x= + + + + (3.1)
hay 1{1b} trong biu din dng thp lc phn.
-
8/8/2019 Book MaHoaVaUngDung Update2
44/289
Chng 3
44
Kt qu nhn c l mt a thc bc nh hn 8 nn c thc biu din di
dng 1 byte. Php nhn trn GF(28) khng thc biu din bng mt php ton
n gin mc byte.
Php nhn c nh ngha trn y c tnh kt hp, tnh phn phi i vi php
cng v c phn tn v l {01}.Vi mi a thc b(x) c h s nh phn vi
bc nh hn 8 tn ti phn t nghch o ca b(x), k hiu b-1(x) (c thc hin
bng cch s dng thut ton Euclide mrng [45]).
Nhn xt: Tp hp 256 gi tr t 0 n 255 c trang b php ton cng (c
nh ngha l php ton XOR) v php nhn nh ngha nh trn to thnh trng
hu hn GF(28).
3.3.2.1 Php nhn vi xPhp nhn (thng thng) a thc
( ) =
=+++++++=7
001
22
33
44
55
66
77
i
iixbbxbxbxbxbxbxbxbxb (3.2)
vi a thcx cho kt qu l a thc
xbxbxbxbxbxbxbxb 02
1
3
2
4
3
5
4
6
5
7
6
8
7 +++++++ (3.3)
Kt qu ( )x b x c xc nh bng cch modulo kt qu ny cho a thc m(x).
1. Trng hp 07 =b
( )xbx = xbxbxbxbxbxbxb 02
13
24
35
46
57
6 ++++++ (3.4)
-
8/8/2019 Book MaHoaVaUngDung Update2
45/289
Phng php m ha Rijndael
45
2. Trng hp 17 =b
( )xbx =
( )( )xmxbxbxbxbxbxbxbxb mod
0
2
1
3
2
4
3
5
4
6
5
7
6
8
7
+++++++
= ( ) ( )xmxbxbxbxbxbxbxbxb +++++++ 021324354657687 (3.5)
Nh vy, php nhn vi a thc x (hay phn t{00000010} GF(28)) c th
c thc hin mc byte bng mt php shift tri v sau thc hin tip
php ton XOR vi gi tr {1b}nu 17 =b .Thao tc ny c k hiu l
xtime(). Php nhn vi cc ly tha cax c thc thc hin bng cch pdng nhiu ln thao tc xtime(). Kt qu ca php nhn vi mt gi tr bt k
c xc nh bng cch cng ( ) cc kt qu trung gian ny li vi nhau.
Khi , vic thc hin php nhn gia hai phn ta, b bt k thuc GF(28) c th
c tin hnh theo cc bc sau:
1. Phn tch mt phn t (gi s l a) ra thnh tng ca cc ly tha ca 2.
2. Tnh tng cc kt qu trung gian ca php nhn gia phn t cn li (l b)
vi cc thnh phn l ly tha ca 2 c phn tch ta.
V d:
{57}{13} = {fe}v
{57}{02} = xtime({57}) = {ae}
{57}{04} = xtime({ae}) = {47}
{57}{08} = xtime({47}) = {8e}
{57}{10} = xtime({8e}) = {07},
-
8/8/2019 Book MaHoaVaUngDung Update2
46/289
Chng 3
46
Nh vy:
{57}{13} = {57} ({01}{02}{10})= {57}{ae}{07}
= {fe}
3.3.3 a thc vi hstrn GF(28)Xt a thc a(x) v b(x) bc 4 vi cc h s thuc GF(28):
=
=3
0
)(i
iixaxa v ( )
=
=3
0i
iixbxb (3.6)
Hai a thc ny c th c biu din li di dng t gm 4 byte
[a0 , a1 , a2 , a3 ] v [b0 , b1 , b2 , b3 ]. Php cng a thc c thc hin bng cch
cng (chnh l php ton XOR trn byte) cc h s ca cc n thc ng dng
vi nhau:
=
=+3
0
)()()(i
iii xbaxbxa (3.7)
Php nhn gia a(x) vi b(x) c thc hin thng qua hai bc. Trc tin, thc
hin php nhn thng thng ( ) ( ) ( )xbxaxc = .
01
2
2
3
3
4
4
5
5
6
6)( cxcxcxcxcxcxcxc ++++++= (3.8)
vi
000 bac = 3122134 bababac =
10011 babac = 32235 babac =
2011022 bababac = 336 bac = (3.9)
302112033 babababac = .
-
8/8/2019 Book MaHoaVaUngDung Update2
47/289
Phng php m ha Rijndael
47
R rng l c(x) khng thc biu din bng mt t gm 4 byte. a thc c(x)
c thc a v mt a thc c bc nh hn 4 bng cch ly c(x) modulo cho
mt a thc bc 4. Trong thut ton Rijndael, a thc bc 4 c chn l
4( ) 1M x x= + .
Do ( ) 4mod4 1mod jj xxx =+ nn kt qud(x) = a(x) b(x) c xc nh bng
( ) 012
23
3 dxdxdxdxd +++= (3.10)
vi
312213000 babababad =
322310011 babababad =
332011022 babababad =
302112033 babababad = (3.11)
Trong trng hp a thc a(x) cnh, php nhn d(x) = a(x) b(x) c thc
biu din di dng ma trn nh sau
=
3
2
1
0
0123
3012
2301
1230
3
2
1
0
b
b
b
b
aaaa
aaaa
aaaa
aaaa
d
d
d
d
(3.12)
Do 4 1x + khng phi l mt a thc ti gin trn GF(28) nn php nhn vi mt
a thc a(x) cnh c chn bt k khng m bo tnh kh nghch. V vy,
trong phng php Rijndael chn a thc a(x) c phn t nghch o
(modulo M(x))
a(x) = {03}x3 + {01}x2 + {01}x + {02} (3.13)
a-1(x) = {0b}x3 + {0d}x2 + {09}x + {0e} (3.14)
-
8/8/2019 Book MaHoaVaUngDung Update2
48/289
Chng 3
48
3.3.3.1 Php nhn vi x
Xt a thc
( ) 012
23
3 bxbxbxbxb +++= (3.15)
Kt qu ca php nhn c(x) = b(x) xc xc nh bng
( ) 302
13
2 bxbxbxbxc +++= (3.16)
Php nhn vix tng ng vi php nhn dng ma trn nh trnh by
phn trn vi cc gi tra0 = a2 = a3 = {00} v a1 = {01}.
=
3
2
1
0
3
2
1
0
00010000
00000100
00000001
01000000
b
b
b
b
c
c
c
c
(3.17)
Nh vy, php nhn vi x hay cc ly tha ca x s tng ng vi php dch
chuyn xoay vng cc byte thnh phn trong mt t.
Trong thut ton Rijndael cn s dng n a thc x
3
(a0 = a1 = a2 ={00}
va3 = {01})trong hm RotWord nhm xoay vng 4 byte thnh phn ca mt t
c a vo. Nh vy, nu a vo t gm 4 byte [b0, b1, b2, b3] th kt qu
nhn c l t gm 4 byte [b1, b2, b3, b0].
-
8/8/2019 Book MaHoaVaUngDung Update2
49/289
Phng php m ha Rijndael
49
3.4 Phng php Rijndael
Phng php m ha Rijndael bao gm nhiu bc bin i c thc hin tun
t, kt quu ra ca bc bin i trc l u vo ca bc bin i tip theo.
Kt qu trung gian gia cc bc bin i c gi l trng thi (state).
Mt trng thi c thc biu din di dng mt ma trn gm 4 dng v Nb
ct viNb bng vi di ca khi chia cho 32. M kha chnh (Cipher Key)
cng c biu din di dng mt ma trn gm 4 dng v Nkct viNkbng
vi di ca kha chia cho 32. Trong mt s tnh hung, ma trn biu din mt
trng thi hay m kha c thc kho st nh mng mt chiu cha cc phn
t c di 4 byte, mi phn t tng ng vi mt ct ca ma trn.
S lng chu k, k hiu l Nr, ph thuc vo gi tr ca Nb vNktheo cng
thc: max{ , } 6Nr Nb Nk = +
a0,0 a0,1 a0,2 a0,3 a0,4 a0,5
a1,0 a1,1 a1,2 a1,3 a1,4 a1,5
a2,0 a2,1 a2,2 a2,3 a2,4 a2,5
a3,0 a3,1 a3,2 a3,3 a3,4 a3,5
k0,0 k0,1 k0,2 k0,3
k1,0 k1,1 k1,2 k1,3
k2,0 k2,1 k2,2 k2,3
k3,0 k3,1 k3,2 k3,3
Hnh 3.1.Biu din dng ma trn ca trng thi (Nb = 6) v m kha (Nk = 4)
-
8/8/2019 Book MaHoaVaUngDung Update2
50/289
Chng 3
50
3.4.1 Quy trnh m haQuy trnh m ha Rijndael s dng bn php bin i chnh:
1. AddRoundKey: cng () m kha ca chu k vo trng thi hin hnh.
di ca m kha ca chu k bng vi kch thc ca trng thi.
2. SubBytes: thay th phi tuyn mi byte trong trng thi hin hnh thng qua
bng thay th (S-box).
3. MixColumns: trn thng tin ca tng ct trong trng thi hin hnh. Mi ct
c x l c lp.
4. ShiftRows: dch chuyn xoay vng tng dng ca trng thi hin hnh vi
di s khc nhau.
Mi php bin i thao tc trn trng thi hin hnh S. Kt quSca mi phpbin i s trthnh u vo ca php bin i k tip trong quy trnh m ha.
Trc tin, ton b d liu u vo c chp vo mng trng thi hin hnh.
Sau khi thc hin thao tc cng m kha u tin, mng trng thi sc tri
quaNr= 10, 12 hay 14 chu k bin i (ty thuc vo di ca m kha chnh
cng nh di ca khi c x l). 1Nr chu ku tin l cc chu k bini bnh thng v hon ton tng t nhau, ring chu k bin i cui cng c
s khc bit so vi 1Nr chu k trc . Cui cng, ni dung ca mng trng
thi sc chp li vo mng cha d liu u ra.
Quy trnh m ha Rijndael c tm tt li nh sau:
-
8/8/2019 Book MaHoaVaUngDung Update2
51/289
Phng php m ha Rijndael
51
1. Thc hin thao tc AddRoundKey u tin trc khi thc hin cc chu k
m ha.
2. Nr 1 chu k m ha bnh thng: mi chu k bao gm bn bc bin ilin tip nhau: SubBytes, ShiftRows, MixColumns, v AddRoundKey.
3. Thc hin chu k m ha cui cng: trong chu k ny thao tc MixColumns
c b qua.
Trong thut ton di y, mng w[] cha bng m kha mrng; mng in[]
v out[] ln lt cha d liu vo v kt qu ra ca thut ton m ha.
Cipher( byte in[4 * Nb],
byte out[4 * Nb],
word w[Nb * (Nr + 1)])
begin
byte state[4,Nb]
state = in
AddRoundKey(state, w) // Xem phn 3.4.6for round = 1 to Nr 1
SubBytes(state) // Xem phn 3.4.2
ShiftRows(state) // Xem phn 3.4.4
MixColumns(state) // Xem phn 3.4.5
AddRoundKey(state, w + round * Nb)
end for
SubBytes(state)
ShiftRows(state)
AddRoundKey(state, w + Nr * Nb)
out = state
end
-
8/8/2019 Book MaHoaVaUngDung Update2
52/289
Chng 3
52
3.4.2 Kin trc ca thut ton RijndaelThut ton Rijndael c xy dng theo kin trc SPN s dng 16 s-box (kch
thc 8 8) thay th. Trong ton b quy trnh m ha, thut ton s dng
chung bng thay th s-box cnh. Php bin i tuyn tnh bao gm 2 bc:
hon v byte v p dng song song bn khi bin i tuyn tnh (32 bit) c kh
nng khuch tn cao. Hnh 3.2 th hin mt chu k m ha ca phng php
Rijndael.
Trn thc t, trong mi chu k m ha, kha ca chu kc cng (XOR) sau
thao tc bin i tuyn tnh. Do chng ta c thc hin thao tc cng kha trc
khi thc hin chu ku tin nn c th xem thut ton Rijndael tha cu trc
SPN [29].
Hnh 3.2. Mt chu k m ha ca phng php Rijndael (vi Nb = 4)
-
8/8/2019 Book MaHoaVaUngDung Update2
53/289
Phng php m ha Rijndael
53
3.4.3 Php bin i SubBytesThao tc bin i SubBytesl php thay th cc byte phi tuyn v tc ng mtcch c lp ln tng byte trong trng thi hin hnh. Bng thay th (S-box) c
tnh kh nghch v qu trnh thay th 1 bytex da vo S-box bao gm hai bc:
1. Xc nh phn t nghch ox-1 GF(28). Quy c {00}-1 = {00}.
2. p dng php bin i affine (trn GF(2)) i vix-1 (gi sx-1 c biu din
nh phn l { }01234567 xxxxxxxx ):
+
=
0
1
1
0
0
0
1
1
11111000
01111100
00111110
00011111
10001111
11000111
11100011
11110001
7
65
4
3
2
1
0
7
65
4
3
2
1
0
x
x
x
x
x
x
x
x
y
y
y
y
y
y
y
y
(3.18)
hay
iiiiiii cxxxxxy = ++++ 8mod)7(8mod)6(8mod)5(8mod)4( (3.19)
vi cil bit thi ca {63}, 0 i 7.
-
8/8/2019 Book MaHoaVaUngDung Update2
54/289
Chng 3
54
Hnh 3.3. Thao tc SubBytestc ng trn tng byte ca trng thi
Bng D.1 th hin bng thay th S-box c s dng trong php bin iSubBytes dng thp lc phn.
V d: nu gi tr{xy} cn thay th l {53} th gi tr thay th
S-box ({xy}) c xc nh bng cch ly gi tr ti dng 5 ct 3 ca
Bng D.1. Nh vy, S-box ({xy}) = {ed}.
Php bin i SubBytes c th hin di dng m gi:
SubBytes(byte state[4,Nb])
begin
for r = 0 to 3
for c = 0 to Nb - 1
state[r,c] = Sbox[state[r,c]]
end for
end for
end
-
8/8/2019 Book MaHoaVaUngDung Update2
55/289
Phng php m ha Rijndael
55
3.4.4 Php bin i ShiftRows
Hnh 3.4. Thao tc ShiftRows tc ng trn tng dng ca trng thi
Trong thao tc bin i ShiftRows, mi dng ca trng thi hin hnh c dch
chuyn xoay vng i mt s v tr.
Byte ,r cS ti dng rct c s dch chuyn n ct (c -shift(r,Nb)) modNb hay:
( )( ) NbNbrshiftcrcr ss mod,,', += vi 0< r
-
8/8/2019 Book MaHoaVaUngDung Update2
56/289
Chng 3
56
Php bin i ShiftRows c th hin di dng m gi:
ShiftRows(byte state[4,Nb])
begin
byte t[Nb]
for r = 1 to 3
for c = 0 to Nb - 1
t[c] = state[r, (c + h[r,Nb]) mod Nb]
end for
for c = 0 to Nb 1
state[r,c] = t[c]
end for
end for
end
3.4.5 Php bin i MixColumnsTrong thao tc bin i MixColumns, mi ct ca trng thi hin hnh c biu
din di dng a thcs(x) c cc h s trn GF(28). Thc hin php nhn
( ) ( ) ( )xsxaxs =' (3.21)
vi
a(x) = {03}x3 + {01}x2 + {01}x + {02} (3.22)
Thao tc ny c th hin dng ma trn nh sau:
=
c
c
c
c
c
c
c
c
s
s
s
s
s
s
s
s
,3
,2
,1
,0
',3
',2
',1
',0
02010103
03020101
01030201
01010302
(3.23)
-
8/8/2019 Book MaHoaVaUngDung Update2
57/289
Phng php m ha Rijndael
57
Hnh 3.5. Thao tc MixColumns tc ng ln mi ct ca trng thi
Trong on m chng trnh di y, hm FFmul(x,y) thc hin php nhn
(trn trng GF(28)) hai phn tx vy vi nhau
MixColumns(byte state[4,Nb])
begin
byte t[4]
for c = 0 to Nb 1
for r = 0 to 3
t[r] = state[r,c]
end for
for r = 0 to 3
state[r,c] =
FFmul(0x02, t[r]) xor
FFmul(0x03, t[(r + 1) mod 4]) xor
t[(r + 2) mod 4] xor
t[(r + 3) mod 4]
end for
end for
end
-
8/8/2019 Book MaHoaVaUngDung Update2
58/289
Chng 3
58
3.4.6 Thao tc AddRoundKeyPhng php Rijndael bao gm nhiu chu k m ha lin tip nhau, mi chu k
c mt m kha ring (Round Key) c cng kch thc vi khi d liu angc x l v c pht sinh t m kha chnh (Cipher Key) cho trc ban u.
M kha ca chu k cng c biu din bng mt ma trn gm 4 dng v Nb
ct. Mi ct ca trng thi hin hnh c XOR vi ct tng ng ca m kha
ca chu kang xt:
][],,,[]',',','[ ,3,2,1,0,3,2,1,0 cNbroundcccccccc wssssssss += , (3.24)
vi 0 c
-
8/8/2019 Book MaHoaVaUngDung Update2
59/289
Phng php m ha Rijndael
59
Hnh 3.6. Thao tc AddRoundKey tc ng ln mi ct ca trng thi
3.5 Pht sinh kha ca mi chu k
Cc kha ca mi chu k (RoundKey) c pht sinh t kha chnh. Quy trnh
pht sinh kha cho mi chu k gm 2 giai on::
1. Mrng kha chnh thnh bng kha mrng,
2. Chn kha cho mi chu k t bng kha mrng.
3.5.1 Xy dng bng kha mrng
Bng kha mrng l mng 1 chiu cha cc t (c di 4 byte), c k hiul w[Nb*(Nr+ 1)]. Hm pht sinh bng kha mrng ph thuc vo gi trNk,
tc l ph thuc vo di ca m kha chnh.
-
8/8/2019 Book MaHoaVaUngDung Update2
60/289
Chng 3
60
Hm SubWord(W) thc hin vic thay th (s dng S-box) tng byte thnh phn
ca t 4 byte c a vo v tr kt qu v l mt t bao gm 4 byte kt qu sau
khi thc hic vic thay th.
Hm RotWord(W) thc hin vic dch chuyn xoay vng 4 byte thnh phn (a, b,
c, d) ca tc a vo. Kt qu tr v ca hm RotWord l mt t gm 4 byte
thnh phn l (b, c, d, a).
KeyExpansion(byte key[4 * Nk], word w[Nb * (Nr + 1)], Nk)
begin
i=0
while (i < Nk)
w[i] = word[key[4*i],key[4*i+1],
key[4*i+2],key[4*i+3]]
i = i + 1
end while
i = Nk
while (i < Nb * (Nr + 1))
word temp = w[i - 1]
if (i mod Nk = 0) then
temp = SubWord(RotWord(temp)) xor Rcon[i / Nk]
else
if (Nk = 8) and (i mod Nk = 4) then
temp = SubWord(temp)
end if
w[i] = w[i - Nk] xor temp
i = i + 1
end while
end
-
8/8/2019 Book MaHoaVaUngDung Update2
61/289
Phng php m ha Rijndael
61
Cc hng s ca mi chu k hon ton c lp vi gi trNkv c xc nh
bng Rcon[i] = (RC[i], {00}, {00}, {00}) vi RC[i] GF(28) v tha:
RC[1]=1 ({01})
RC[i] =x ({02})(RC[i-1]) =x(i1) (3.25)
3.5.2 Xc nh kha ca chu kKha ca chu k thic xc nh bao gm cc t (4 byte) c ch s t *Nb i
n * ( 1) 1Nb i + ca bng m kha mrng. Nh vy, m kha ca chu k th
i bao gm cc phn t [ * ]w Nb i , [ * 1]w Nb i + ,, [ *( 1) 1]w Nb i + .
w0 w1 w2 w3 w4 w5 w6 w7 w8 w9 w10 w11 w12 w13 w14 w15 w16 w17 ...
Ma khoa chu ky 0 Ma khoa chu ky 1 Ma khoa chu ky 2 ...
Hnh 3.7.Bng m kha mrng v cch xc nh m kha ca chu k(Nb = 6 v Nk = 4)
Vic pht sinh m kha cho cc chu k c thc thc hin m khng nht thit
phi s dng n mng [ *( 1)]w Nb Nr + . Trong trng hp dung lng b nh
hn ch nhcc th thng minh, cc m kha cho tng chu k c thc xc
nh khi cn thit ngay trong qu trnh x l m ch cn s dng
max( , )*4Nk Nb byte trong b nh.
Bng kha m rng lun c tng pht sinh t kha chnh m khng cn
phi c xc nh trc tip t ngi dng hay chng trnh ng dng. Vic
-
8/8/2019 Book MaHoaVaUngDung Update2
62/289
Chng 3
62
chn la kha chnh (Cipher Key) l hon ton t do v khng c mt iu kin
rng buc hay hn ch no.
3.6 Quy trnh gii m
Quy trnh gii m c thc hin qua cc giai on sau:
1. Thc hin thao tc AddRoundKey u tin trc khi thc hin cc chu k
gii m.
2. 1Nr chu k gii m bnh thng: mi chu k bao gm bn bc bin i
lin ti p nhau: InvShiftRows, InvSubBytes, AddRoundKey,InvMixColumns.
3. Thc hin chu k gii m cui cng. Trong chu k ny, thao tc
InvMixColumns c b qua.
Di y l m gi ca quy trnh gii m:
InvCipher( byte in[4 * Nb],
byte out[4 * Nb],
word w[Nb * (Nr + 1)])
begin
byte state[4,Nb]
state = in
AddRoundKey(state, w + Nr * Nb) // Xem phn 3.4.6
for round = Nr - 1 downto 1
InvShiftRows(state) // Xem phn 3.6.1
InvSubBytes(state) // Xem phn 3.6.2
AddRoundKey(state, w + round * Nb)
InvMixColumns(state) // Xem phn 3.6.3
end for
-
8/8/2019 Book MaHoaVaUngDung Update2
63/289
Phng php m ha Rijndael
63
InvShiftRows(state)
InvSubBytes(state)
AddRoundKey(state, w)
out = state
end
3.6.1 Php bin i InvShiftRows
Hnh 3.8. Thao tc InvShiftRows tc ng ln tng dng ca
trng thi hin hnh
InvShiftRows chnh l php bin i ngc ca php bin i ShiftRows. Dng
u tin ca trng thi s vn c gi nguyn trong khc ba dng cui ca trng
thi s c dch chuyn xoay vng theo chiu ngc vi php bin i
ShiftRows vi cc di sNbshift(r,Nb) khc nhau. Cc byte cui dng c
a vng ln u dng trong khi cc byte cn li c khuynh hng di chuyn v
cui dng.
crNbNbrshiftcr ss ,'
mod)),((, =+ vi 0< r
-
8/8/2019 Book MaHoaVaUngDung Update2
64/289
Chng 3
64
Gi tr ca di sshift(r,Nb) ph thuc vo ch s dng rv kch thc Nb ca
khi v c th hin trong Bng 3.1.
InvShiftRows(byte state[4,Nb])
begin
byte t[Nb]
for r = 1 to 3
for c = 0 to Nb - 1
t[(c + h[r,Nb]) mod Nb] = state[r,c]
end forfor c = 0 to Nb 1
state[r,c] = t[c]
end for
end for
end
3.6.2 Php bin i InvSubBytesPhp bin i ngc ca thao tc SubBytes, k hiu l InvSubBytes, s dng
bng thay th nghch o ca S-box trn GF(28), k hiu l S-box-1. Qu trnh
thay th 1 bytey da vo S-box-1 bao gm hai bc sau:
1. p dng php bin i affine (trn GF(2)) sau i vi y (c biu din nhphn l { }01234567 yyyyyyyy ):
-
8/8/2019 Book MaHoaVaUngDung Update2
65/289
-
8/8/2019 Book MaHoaVaUngDung Update2
66/289
Chng 3
66
Bng D.2 th hin bng thay th nghch o c s dng trong php bin i
InvSubBytes
3.6.3 Php bin i InvMixColumnsInvMixColumns l bin i ngc ca php bin i MixColumns. Mi ct ca
trng thi hin hnh c xem nha thcs(x) bc 4 c cc h s thuc GF(28)
v c nhn vi a thc a-1(x) l nghch o ca a thc a(x) (modulo M(x))
c s dng trong php bin i MixColumns.
a-1(x) = {0b}x3 + {0d}x2 + {09}x + {0e} (3.29)
Php nhn )()()( 1 xsxaxs = c thc biu din di dng ma trn:
=
c
c
c
c
c
c
c
c
ss
s
s
ss
s
s
,3
,2
,1
,0
',3
',2
',1
',0
0e090d0b0b0e090d
0d0b0e09
090d0b0e
vi 0 c
-
8/8/2019 Book MaHoaVaUngDung Update2
67/289
Phng php m ha Rijndael
67
block[r,c] =
FFmul(0x0e, t[r]) xor
FFmul(0x0b, t[(r + 1) mod 4]) xor
FFmul(0x0d, t[(r + 2) mod 4]) xor
FFmul(0x09, t[(r + 3) mod 4])
end for
end for
end
3.6.4 Quy trnh gii m tngngNhn xt:
1. Php bin i InvSubBytes thao tc trn gi tr ca tng byte ring bit ca
trng thi hin hnh, trong khi php bin i InvShiftRowsch thc hin
thao tc di chuyn cc byte m khng lm thay i gi tr ca chng. Do ,
th t ca hai php bin i ny trong quy trnh m ha c thc o
ngc.
2. Vi php bin i tuyn tnhA bt k, ta c ( ) ( ) ( )x k A x A k + = + . T,
suy ra
InvMixColumns(state XOR Round Key)=
InvMixColumns(state) XOR InvMixColumns(Round Key)
Nh vy, th t ca php bin i InvMixColumns v AddRoundKey trong quy
trnh gii m c thc o ngc vi iu kin mi t (4 byte) trong bng m
kha mrng s dng trong gii m phi c bin i bi InvMixColumns. Do
trong chu k m ha cui cng khng thc hin thao tc MixColumns nn khng
-
8/8/2019 Book MaHoaVaUngDung Update2
68/289
Chng 3
68
cn thc hin thao tc InvMixColumns i vi m kha ca chu k gii m u
tin cng nh chu k gii m cui cng.
Vy, quy trnh gii m Rijndael c thc thc hin theo vi trnh t cc php
bin i ngc hon ton tngngvi quy trnh m ha.
EqInvCipher(byte in[4*Nb], byte out[4*Nb],
word dw[Nb*(Nr+1)])
begin
byte state[4,Nb]
state = in
AddRoundKey(state, dw + Nr * Nb)
for round = Nr - 1 downto 1
InvSubBytes(state)
InvShiftRows(state)
InvMixColumns(state)
AddRoundKey(state, dw + round * Nb)
end for
InvSubBytes(state)
InvShiftRows(state)
AddRoundKey(state, dw)
out = state
end
Trong quy trnh trn, bng m kha mrng dwc xy dng t bng m kha
wbng cch p dng php bin i InvMixColumns ln tng t (4 byte) trong w,
ngoi trNb tu tin v cui cng ca w.
-
8/8/2019 Book MaHoaVaUngDung Update2
69/289
Phng php m ha Rijndael
69
for i = 0 to (Nr + 1) * Nb 1
dw[i] = w[i]
end for
for rnd = 1 to Nr 1
InvMixColumns(dw + rnd * Nb)
end for
3.7 Cc vn ci t thut ton
Gi a l trng thi khi bt u chu k m ha. Gi b, c, d, e ln lt l trng thikt qu u ra sau khi thc hin cc php bin i SubBytes, ShiftRows,
MixColumns v AddRoundKeytrong chu kang xt. Quy c: trong trng thi
s ( , , , ,a b c d e= ), ct thjc k hiusj, phn t ti dng i ctj k hiu lsi,j.
Sau bin i SubBytes:
=
][
][
][
][
,3
,2
,1
,0
,3
,2
,1
,0
j
j
j
j
j
j
j
j
aS
aS
aS
aS
b
b
b
b
(3.31)
Sau bin i ShiftRows: ( )( )( )( )
( )( )
=
+
+
+
NbNbshiftj
NbNbshiftj
NbNbshiftj
j
j
j
j
j
b
b
b
b
c
c
c
c
mod,3,3
mod,2,2
mod,1,1
,0
,3
,2
,1
,0
(3.32)
Sau bin i MixColumns:
=
j
j
j
j
j
j
j
j
c
c
c
c
d
d
d
d
,3
,2
,1
,0
,3
,2
,1
,0
02010103
03020101
01030201
01010302
(3.33)
-
8/8/2019 Book MaHoaVaUngDung Update2
70/289
Chng 3
70
Sau bin i AddRoundKey:
=
j
j
j
j
j
j
j
j
j
j
j
j
k
k
k
k
d
d
d
d
e
e
e
e
,3
,2
,1
,0
,3
,2
,1
,0
,3
,2
,1
,0
(3.34)
Kt h p cc kt qu trung gian ca mi php bin i trong cng chu k vinhau, ta c:
( )( )[ ]( )( )[ ]
( )( )[ ]
=
+
+
+
j
j
j
j
NbNbshiftj
NbNbshiftj
NbNbshiftj
j
j
j
j
j
k
k
k
k
aS
aS
aS
aS
e
e
e
e
,3
,2
,1
,0
mod,3,3
mod,2,2
mod,1,1
,0
,3
,2
,1
,0 ][
02010103
03020101
01030201
01010302
(3.35)
K hiu [ ] ( )( ) NbNbrshiftjrj mod,+= , biu thc (3.35) c th vit li nh sau:
[ ]
[ ]
[ ]
[ ]
0, 0
0, 0,
1, 11, 1,
2, 2,2, 2
3, 3,
3, 3
[ ]02 03 01 01
01 02 03 01
01 01 02 0303 01 01 02
j
j
jj
jj
j
j
S ae k
S ae k
e kS ae k
S a
=
(3.36)
Khai trin php nhn ma trn, ta c:
[ ] [ ] [ ] [ ]
0, 0,
1, 1,
0, 0 1, 1 2, 2 3, 32, 2,
3, 3,
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
j j
j j
j j j jj j
j j
e k
e kS a S a S a S a
e k
e k
=
(3.37)
-
8/8/2019 Book MaHoaVaUngDung Update2
71/289
Phng php m ha Rijndael
71
nh ngha cc bng tra cu T0, T1, T2, T3 nh sau:
[ ]
[ ][ ]
[ ][ ]
=
03
02
0
aSaS
aS
aS
aT , [ ]
[ ][ ]
[ ][ ]
=
aa
a
a
a
SS
02S
03S
T1
,
[ ]
[ ][ ][ ]
[ ]
=
aS
aS
aS
aS
aT02
032 , [ ]
[ ][ ]
[ ][ ]
=
02
033
aS
aS
aS
aS
aT (3.38)
Khi , biu thc (3.38) c vit li nh sau:
[ ] jNbroundijiii
j waTe +=
= *][,
3
0
(3.39)
vi roundl s th t ca chu kang xt.
Nh vy, mi ct ej ca trng thi kt qu sau khi thc hin mt chu k m ha
c thc xc nh bng bn php ton XOR trn cc s nguyn 32 bit s dng
bn bng tra cu T0, T1, T2 v T3.
Cng thc (3.39) ch p dng c cho Nr-1 chu k u. Do chu k cui cng
khng thc hin php bin i MixColumns nn cn xy dng 4 bng tra cu
ring cho chu k ny:
[ ]
=
0
0
0
][
0
aS
aU , [ ]
=
0
0
][
0
1
aSaU , [ ]
=
0
][
0
0
2 aSaU , [ ]
=
][
0
0
0
3
aS
aU (3.40)
-
8/8/2019 Book MaHoaVaUngDung Update2
72/289
Chng 3
72
3.7.1 Nhn xtK thut s dng bng tra cu gip ci thin tc m ha v gii m mt cch
ng k. Ngoi ra, k thut ny cn gip chng li cc phng php ph m da
trn thi gian m ha do khi s dng bng tra cu, thi gian m ha d liu bt
ku nh nhau.
K thut ny c thc s dng trong quy trnh m ha v quy trnh gii m
tng ng do s tng ng gia cc bc thc hin ca hai quy trnh ny. Khi
, chng ta c th dng chung mt quy trnh cho vic m ha v gii m nhngs dng bng tra khc nhau.
Trn thc t, cc bng tra cu c thc lu tr sn hoc c xy dng trc
tip da trn bng thay th S-Box cng vi thng tin v cc khun dng tng
ng.
Trn cc b vi x l 32-bit, nhng thao tc bin i s dng trong quy trnh m
ha c thc ti u ha bng cch s dng bn bng tra cu, mi bng c 256
phn t vi kch thc mi phn t l 4 byte. Vi mi phn ta GF(28), t:
[ ]
[ ][ ][ ]
[ ]
=
03
02
0
aS
aS
aS
aS
aT , [ ]
[ ][ ]
[ ]
[ ]
=
a
a
a
a
a
S
S
02S
03S
T1 ,
[ ]
[ ][ ][ ]
[ ]
=
aS
aS
aS
aS
aT02
032 , [ ]
[ ][ ]
[ ][ ]
=
02
033
aS
aS
aS
aS
aT (3.41)
-
8/8/2019 Book MaHoaVaUngDung Update2
73/289
Phng php m ha Rijndael
73
Nhn xt: Ti[a] = RotWord(Ti-1[a]) vi 1,2,3i = . K hiu RotWordi l hm x
l gm i ln thc hin hm RotWord, ta c:
[ ] [ ]( )aTaTi
i 0RotWord= (3.42)
Nh vy, thay v dng 4 kilobyte lu tr sn c bn bng, ch cn tn 1
kilobyte lu bng u tin, cc bng cn li c thc pht sinh li khi s
dng. Cc hn ch v b nhthng khng c t ra, tr mt s t trng hp
nhi vi cc applet hay servlet. Khi , thay v lu tr sn bng tra cu, ch
cn lu on m x l pht sinh li cc bng ny. Lc , cng thc (3.39) s tr
thnh:
[ ] [ ]( )][RotWord][ ,03
0,
3
0iji
i
ijijii
ijj aTkaTke
==
== (3.43)
3.8 Kt qu th nghim
Bng 3.2. Tc xl ca phng php Rijndael
Tc x l (Mbit/giy)Kch thc
(bit)Pentium200 MHz
Pentium II400 MHz
Pentium III733 MHz
Pentium IV2.4 GHz
Kha Khi C++ C C++ C C++ C C++ C128 128 69.4 70.5 138.0 141.5 252.9 259.2 863.0 884.7192 128 58.0 59.8 116.2 119.7 212.9 219.3 726.5 748.3256 128 50.1 51.3 101.2 101.5 185.5 186.1 633.5 634.9
Kt qu th nghim thut ton Rijndael c ghi nhn trn my Pentium 200
MHz (s dng hiu hnh Microsoft Windows 98), my Pentium II 400 MHz,
Pentium III 733 MHz (s dng h iu hnh Microsoft Windows 2000
Professional), Pentium IV 2,4GHz (s dng hiu hnh Microsoft Windows XP
Service Pack 2).
-
8/8/2019 Book MaHoaVaUngDung Update2
74/289
Chng 3
74
3.9 Kt lun
3.9.1 Kh nng an tonVic s dng cc hng s khc nhau ng vi mi chu k gip hn ch kh nng
tnh i xng trong thut ton. S khc nhau trong cu trc ca vic m ha v
gii m hn chc cc kha yu (weak key) nh trong phng php DES
(xem phn 4.5.1). Ngoi ra, thng thng nhng im yu lin quan n m kha
u xut pht t s ph thuc vo gi tr c th ca m kha ca cc thao tc phi
tuyn nh trong phng php IDEA (International Data Encryption Algorithm).
Trong cc phin bn mrng, cc kha c s dng thng qua thao tc XOR v
tt c nhng thao tc phi tuyn u c cnh sn trong S-box m khng ph
thuc vo gi tr c th ca m kha (xem phn 4.5.4). Tnh cht phi tuyn cng
kh nng khuch tn thng tin (diffusion) trong vic to bng m kha mrng
lm cho vic phn tch mt m da vo cc kha tng ng hay cc kha c
lin quan trnn khng kh thi (xem phn 4.5.5). i vi phng php vi phn
rt gn, vic phn tch ch yu khai thc c tnh tp trung thnh vng (cluster)
ca cc vt vi phn trong mt s phng php m ha. Trong trng hp thut
ton Rijndael vi s lng chu k ln hn 6, khng tn ti phng php cng
ph mt m no hiu qu hn phng php th v sai (xem phn 4.5.2). Tnh
cht phc tp ca biu thc S-box trn GF(28) cng vi hiu ng khuch tn gip
cho thut ton khng th b phn tch bng phng php ni suy (xem phn
4.5.3).
-
8/8/2019 Book MaHoaVaUngDung Update2
75/289
Phng php m ha Rijndael
75
3.9.2 nh giPhng php Rijndael thch h p cho vic trin khai trn nhiu h thng khc
nhau, khng ch trn cc my tnh c nhn m in hnh l s dng cc chip
Pentium, m c trn cc h thng th thng minh. Trn cc my tnh c nhn,
thut ton AES thc hin vic x l rt nhanh so vi cc phng php m ha
khc. Trn cc h thng th thng minh, phng php ny cng pht huy u im
khng ch nhvo tc x l cao m cn nhvo m chng trnh ngn gn,
thao tc x l s dng t b nh. Ngoi ra, tt c cc bc x l ca vic m ha
v gii m u c thit k thch hp vi cch x l song song nn phng
php Rijndael cng chng t th mnh ca mnh trn cc h thng thit b mi.
Do c tnh ca vic x l thao tc trn tng byte d liu nn khng c s khc
bit no c t ra khi trin khai trn h thng big-endian hay little-endian.
Xuyn sut phng php AES, yu cu n gin trong vic thit k cng tnh
linh hot trong x l lun c t ra v c p ng. ln ca khi d
liu cng nh ca m kha chnh c th ty bin linh hot t 128 n 256-bit vi
iu kin l chia ht cho 32. S lng chu k c thc thay i ty thuc vo
yu cu ring c t ra cho tng ng dng v h thng c th.
Tuy nhin, vn tn ti mt s hn ch m hu ht lin quan n qu trnh gii m.
M chng trnh cng nh thi gian x l ca vic gii m tng i ln hn
vic m ha, mc d thi gian ny vn nhanh hn ng k so vi mt s phng
php khc. Khi ci t bng chng trnh, do qu trnh m ha v gii m khng
ging nhau nn khng th tn dng li ton bon chng trnh m ha cng
nh cc bng tra cu cho vic gii m. Khi ci t trn phn cng, vic gii m
-
8/8/2019 Book MaHoaVaUngDung Update2
76/289
Chng 3
76
ch s dng li mt phn cc mch in t s dng trong vic m ha v vi trnh
t s dng khc nhau.
Phng php Rijndael vi mc an ton rt cao cng cc u im ng ch
khc chc chn s nhanh chng c p dng rng ri trong nhiu ng dng trn
cc h thng khc nhau.
-
8/8/2019 Book MaHoaVaUngDung Update2
77/289
Phng php Rijndael mrng
77
Chng 4Phng php Rijndael m rng
Trong chng 3, chng ta tm hiu vphng php m ha Rijndael.Ni dung ca chng 4 s trnh by mt sphin bn m rng ca chun m
ha Rijndael. Mt skt qu thnghim cng vi phn phn tch v chng minh
kh nng an ton ca phng php Rijndael v cc phin bn mrng ny cng
c trnh by trong chng 4.
4.1 Nhu cu m rng phng php m ha Rijndael
Vo th p nin 1970-1980, phng php DES vn c xem l rt an ton v
cha th cng ph bng cc cng ngh thi by gi. Tuy nhin, hin nay phng
php ny c th b ph vv trnn khng cn an ton bo v cc thng
tin quan trng. y chnh l mt trong nhng l do m NIST quyt nh chn
mt thut ton m ha mi thay th DES nhm phc v nhu cu bo mt
thng tin ca Chnh ph Hoa K cng nh trong mt sng dng dn s khc.
Phng php m ha Rijndael c nh gi c an ton rt cao v phng
php vt cn vn l cch hiu qu nht cng ph thut ton ny. Vi kh nng
-
8/8/2019 Book MaHoaVaUngDung Update2
78/289
Chng 4
78
hin nay ca cc h thng my tnh trn Th gii th gii php vt cn vn l
khng kh thi. Tuy nhin, vi s pht trin ngy cng nhanh ca cng ngh thng
tin, cc th h my tnh mi ra i vi nng lc v tc x l ngy cng cao,
thut ton Rijndael s c th b cng ph trong tng lai. Khi , nhng thng tin
quan trng vn c bo mt bng phng php Rijndael cn phi c m
ha li bng mt phng php m ha mi an ton hn. Vn ti t chc d
liu quan trng c tch ly sau nhiu thp nin l hon ton khng n gin.
iu ny dn n yu cu m rng nng cao an ton ca thut ton,
chng hn nh tng kch thc kha v kch thc khi c x l. Cc phin
bn mrng 256/384/512-bit v phin bn mrng 512/768/1024-bit ca thut
ton Rijndael c trnh by di y c chng ti xy dng trn cng cs
l thuyt ca thut ton nguyn thy v c kh nng x l cc kha v khi d
liu ln hn nhiu ln so vi phin bn gc.
4.2 Phin bn m rng 256/384/512-bit
Trong thut ton m rng 256/384/512-bit ca phng php Rijndael, mi t
gm cNw=8 byte. Mi trng thi c thc biu din di dng mt ma trn
gm 8 dng vNb ct viNb bng vi di ca khi chia cho 64. Kha chnh
cng c biu din di dng mt ma trn gm 8 dng v Nkct viNkbng
vi di ca kha chia cho 64. Ma trn biu din 1 trng thi hay kha c th
c kho st di dng mng 1 chiu cc t (Nw byte), mi phn t tng ng
vi 1 ct ca ma trn.
S lng chu k, k hiu lNr, c gi tr l
Nr= max{Nb,Nk}+ 6 (4.1)
-
8/8/2019 Book MaHoaVaUngDung Update2
79/289
Phng php Rijndael mrng
79
4.2.1 Quy trnh m haTrong quy trnh m ha vn s dng 4 php bin i chnh nh trnh by trong
thut ton m ha Rijndael cbn:
1. AddRoundKey: cng ( ) m kha ca chu k vo trng thi hin hnh.
di ca m kha ca chu k bng vi kch thc ca trng thi.
2. SubBytes: thay th phi tuyn mi byte trong trng thi hin hnh thng qua
bng thay th (S-box).
3. MixColumns: trn thng tin ca tng ct trong trng thi hin hnh. Mi ct
c x l c lp.
4. ShiftRows: dch chuyn xoay vng tng dng ca trng thi hin hnh vi
di s khc nhau.
Mi php bin i thao tc trn trng thi hin hnh S. Kt quSca mi php
bin i s trthnh u vo ca php bin i k tip trong quy trnh m ha.
Trc tin, ton b d liu u vo c chp vo mng trng thi hin hnh.
Sau khi thc hin thao tc cng m kha u tin, mng trng thi sc tri
quaNr= 10, 12 hay 14 chu k bin i (ty thuc vo di ca m kha chnhcng nh di ca khi c x l). 1Nr chu ku tin l cc chu k bin
i bnh thng v hon ton tng t nhau, ring chu k bin i cui cng c
s khc bit so vi 1Nr chu k trc . Cui cng, ni dung ca mng trng
thi sc chp li vo mng cha d liu u ra.
-
8/8/2019 Book MaHoaVaUngDung Update2
80/289
Chng 4
80
Hnh 4.1 th hin kin trc ca mt chu k bin i trong thut ton Rijndael m
rng 256/384/512-bit viNb = 4.
Quy trnh m ha Rijndael mrng c tm tt li nh sau:
1. Thc hin thao tc AddRoundKey u tin trc khi thc hin cc chu k
m ha.
2. Nr1 chu k m ha bnh thng: mi chu k bao gm 4 bc bin i lin
tip nhau: SubBytes, ShiftRows, MixColumns, v AddRoundKey.
3. Thc hin chu k m ha cui cng: trong chu k ny thao tc MixColumns
c b qua.
Hnh 4.1.Kin trc mt chu k bin i ca
thut ton Rijndael mrng 256/384/512-bit vi Nb = 4
Trong thut ton di y, mng w[] cha bng m kha mrng; mng in[]
v out[] ln lt cha d liu vo v kt qu ra ca thut ton m ha.
-
8/8/2019 Book MaHoaVaUngDung Update2
81/289
Phng php Rijndael mrng
81
Cipher(byte in[8 * Nb],
byte out[8 * Nb],
word w[Nb * (Nr + 1)])
begin
byte state[8,Nb]
state = in
AddRoundKey(state, w) // Xem phn 4.2.1.4
for round = 1 to Nr 1
SubBytes(state) // Xem phn 4.2.1.1
ShiftRows(state) // Xem phn 4.2.1.2
MixColumns(state) // Xem phn 4.2.1.3
AddRoundKey(state, w + round * Nb)
end for
SubBytes(state)
ShiftRows(state)
AddRoundKey(state, w + Nr * Nb)
out = stateend
4.2.1.1 Php bin i SubBytes
Thao tc bin i SubBytesl php thay th cc byte phi tuyn v tc ng mt
cch c lp ln tng byte trong trng thi hin hnh. Bng thay th (S-box) ctnh kh nghch v qu trnh thay th 1 bytex da vo S-box bao gm hai bc:
1. Xc nh phn t nghch ox1 GF(28). Quy c {00}1 = {00}
-
8/8/2019 Book MaHoaVaUngDung Update2
82/289
Chng 4
82
2. p dng php bin i affine (trn GF(2)) i vix1 (gi sx1 c biu din
nh phn l { }01234567 xxxxxxxx ):
iiiiiii cxxxxxy = ++++ 8mod)7(8mod)6(8mod)5(8mod)4( (4.2)
vi ci l bit thi ca {63}, 0 i 7.
Php bin i SubBytes c th hin di dng m gi:
SubBytes(byte state[8,Nb])
begin
for r = 0 to 7
for c = 0 to Nb - 1
state[r,c] = Sbox[state[r,c]]
end for
end for
end
Bng D.2 th hin bng thay th nghch o c s dng trong php bin i
SubBytes.
4.2.1.2 Php bin i ShiftRows
Trong thao tc bin i ShiftRows, mi dng ca trng thi hin hnh c dch
chuyn xoay vng vi di khc nhau. Byte Sr,c ti dng rct c s dch chuynn ct (c -shift(r,Nb)) modNb hay:
( )( ) NbNbrshiftcrcr ss mod,,', += vi 0< r
-
8/8/2019 Book MaHoaVaUngDung Update2
83/289
Phng php Rijndael mrng
83
Php bin i ShiftRows c th hin di dng m gi:
ShiftRows(byte state[8,Nb])
begin
byte t[Nb]
for r = 1 to 7
for c = 0 to Nb - 1
t[c] = state[r, (c + shift[r,Nb]) mod Nb]
end for
for c = 0 to Nb 1
state[r,c] = t[c]
end for
end for
end
4.2.1.3 Php bin i MixColumns
Trong thao tc bin i MixColumns, mi ct ca trng thi hin hnh c biu
din di dng a thcs(x) c cc h s trn GF(28). Thc hin php nhn:
( ) ( ) ( )xsxaxs =' vi ( ) =
=7
0i
iixaxa , ia GF(2
8) (4.5)
t
=
01234567
70123456
67012345
56701234
45670123
34567012
23456701
12345670
aM (4.6)
-
8/8/2019 Book MaHoaVaUngDung Update2
84/289
Chng 4
84
Ta c:
=
c
c
c
c
c
c
c
c
a
c
c
c
c
c
c
c
c
s
s
s
ss
s
s
s
M
s
s
s
ss
s
s
s
,7
,6
,5
,4
,3
,2
,1
,0
,7
,6
,5
,4
,3
,2
,1
,0
'
'
'
''
'
'
'
, 0cNb (4.7)
Chng ta c nhiu kh nng chn la a thc a(x) khc nhau m vn m botnh hiu qu v an ton ca thut ton. m bo cc tnh cht an ton ca
mnh, cc h s ca ma trn ny phi tha cc tnh cht sau:
1. Kh nghch.
2. Tuyn tnh trn GF(2).
3. Cc phn t ma trn (cc h s) c gi tr cng nh cng tt.
4. Kh nng chng li cc tn cng ca thut ton (xem 4.4 - Phn tch mt m
vi phn v phn tch mt m tuyn tnh)
on m chng trnh di y th hin thao tc bin i MixColumns vi a
thc c trnh by trong cng thc (2.6). Trong on chng trnh ny, hm
FFmul(x,y) thc hin php nhn (trn trng GF(28)) hai phn tx vy vi
nhau.
-
8/8/2019 Book MaHoaVaUngDung Update2
85/289
-
8/8/2019 Book MaHoaVaUngDung Update2
86/289
Chng 4
86
Nhn xt: Thao tc bin i ngc ca AddRoundKey cng chnh l thao tc
AddRoundKey.
Trong on chng trnh di y, hm xbyte(r, w) thc hin vic ly byte
thrtrong tw.
AddRoundKey(byte state[8,Nb], word rk[])
// rk = w + round * Nb
begin
for c = 0 to Nb 1
forr = 0
to7
state[r,c] = state[r,c] xor xbyte(r, rk[c])
end for
end for
end
4.2.2 Pht sinh kha ca mi chu kQuy trnh pht sinh kha cho mi chu k bao gm hai giai on:
1. Mrng kha chnh thnh bng m kha mrng,
2. Chn kha cho mi chu k t bng m kha mrng.
4.2.2.1 Xy dng bng kha mrng
Bng kha mrng l mng 1 chiu cha cc t (c di 8 byte), c k hiu
l w[Nb*(Nr+ 1)]. Hm pht sinh bng kha mrng ph thuc vo gi trNk,
tc l ph thuc vo di ca m kha chnh.
-
8/8/2019 Book MaHoaVaUngDung Update2
87/289
Phng php Rijndael mrng
87
Hm SubWord(W) thay th (s dng S-box) tng byte thnh phn ca mt t
(c di 8 byte).
Hm RotWord(W) thc hin vic dch chuyn xoay vng 8 byte thnh phn(b0, b1, b 2, b 3, b 4, b 5, b 6, b7) ca tc a vo. Kt qu tr v ca hm
RotWordl 1 t gm 8 byte thnh phn l (b1, b 2, b 3, b 4, b 5, b 6, b7, b0).
KeyExpansion(byte key[8 * Nk], word w[Nb * (Nr + 1)], Nk)
begin
i = 0
while (i < Nk)
w[i]=word[ key[8*i] , key[8*i+1],
key[8*i+2], key[8*i+3],
key[8*i+4], key[8*i+5],
key[8*i+6], key[8*i+7]]
i = i + 1
end while
i = Nk
while (i < Nb * (Nr + 1))
word temp = w[i - 1]
if (i mod Nk = 0) then
temp = SubWord(RotWord(temp)) xor Rcon[i / Nk]
else
if ((Nk = 8) and (i mod Nk = 4)) then
temp = SubWord(temp)
end if
end if
w[i] = w[i - Nk] xor temp
i = i + 1
end while
end
Cc hng s ca mi chu k hon ton c lp vi gi trNkv c xc nh
bng Rcon[i] = (xi1, 0, 0, 0, 0, 0, 0, 0), i 1
-
8/8/2019 Book MaHoaVaUngDung Update2
88/289
Chng 4
88
4.2.2.2 Xc nh kha ca chu k
M kha ca chu k th ic xc nh bao gm cc t (8 byte) c ch s t
*Nb i n *( 1) 1Nb i + ca bng m kha m rng. Nh vy, m kha ca
chu k thi bao gm cc phn t [ * ]w Nb i , [ * 1]w Nb i + , , [ *( 1) 1]w Nb i + .
w0 w1 w2 w3 w4 w5 w6 w7 w8 w9 w10 w11 w12 w13 w14 w15 w16 w17 ...
Ma khoa chu ky 0 Ma khoa chu ky 1 Ma khoa chu ky 2 ...
Hnh 4.2.Bng m kha mrng v cch xc nh m kha ca chu k
(vi Nb = 6 v Nk = 4)
4.2.3 Quy trnh gii m
Quy trnh gii m c thc hin qua cc giai on sau:
1. Thc hin thao tc AddRoundKey u tin trc khi thc hin cc chu k
gii m.
2. Nr 1 chu k gii m bnh thng: mi chu k bao gm bn bc bin i
lin ti p nhau: InvShiftRows, InvSubBytes, AddRoundKey,
InvMixColumns.
3. Thc hin chu k gii m cui cng. Trong chu k ny, thao tc
InvMixColumnsc b qua.
-
8/8/2019 Book MaHoaVaUngDung Update2
89/289
Phng php Rijndael mrng
89
InvCipher( byte in[8 * Nb],
byte out