Fourth Edition by William Stallings - PowerPoint PPT Presentation
Title:
Fourth Edition by William Stallings
Description:
Title: Crypto-10 Author: YSB Last modified by: Shoubao YANG Created Date: 10/7/2002 11:47:17 PM Document presentation format: Company – PowerPoint PPT presentation
Number of Views:40
Avg rating:3.0/5.0
Title: Fourth Edition by William Stallings
1
???????????10? ?????????????
- Fourth Edition by William Stallings
- Slides by ???
- syang_at_ustc.edu.cn
- http//staff.ustc.edu.cn/syang
- 2012?10?
2
????
- ??????????,???????????????????????????????
- ??????????Diffie-Hellman??????????????????????????
?????????????????????,????????????????? - ????????????????????ECC??,??????,????????
- ?ECC??,???????????????????????????????????????????
????????Zp?GF(2m)????
3
10.1.1 ??????????
- ?????????????????????,????????????????????
- ?????
- ?????????????????
- ????????
- ?????????????
- ?????????
- ???????
- ???????????????,?????????,??????????PGP??,????????
?? - ?????????????????????
4
???????
5
????????
- ??????????????????????????
- ???????????????????????
- ????name, public-key??
- ????????????????????????
- ??????????????????????
- ??????
- ???????????
- ??????????????,?????????,??????????????,?????????
6
????????
7
????
- A????????????????, ??B?????
- ????A??????KRauth?????, A?????????,????????????
- B???KUb,????
- ????,A???????????
- ?????, A???????????????????
- A??B???, ??????A???IDA?Nonce1?????, ?????B
- B????????????A???
- B?KUa?A?N1?B?N2??, ???A
- A?B????N2??????B, ?B????????A
8
??????
9
10.1.2 ????
- ????????????????????????????????
- ?????????????????????????,??????????????
- ????????????????????????????????
- ????????????????????????????????????
- ?????A,?????????
- CA EKRauth T, IDA, KUa
- ????????
- DKUauthCADKUauth EKRauth T, IDA, KUa(T,
IDA, KUa)
10
???????
11
10.1.3 ?????????????????
- ????????????????????????
- ??????????,?????????????????????????
- ??,???????????
- ??????????????????
12
?????????????
- Merkle?1979?????????
- A???/???PUa,PRa, ???PUa???IDA?????B
- B??????(????)Ks, ??A????????A
- A??D(PRa,E(PUa,Ks), ??Ks, ????????
- ???????,??????????
13
??????????????
14
10.2 Diffie-Hellman????
- Diffie?Hellman?1976??????????,???????????,????????
Diffie-Hellman?????? - Diffie-Hellman???????????????
- ??????????
- ????????????????,????,?????????????????
- Diffie-Hellman????????????GF???????(????????)
- Diffie-Hellman?????????????????????DLP
15
??????Discrete Logarithm Problem
- ??a???p?????(????),?
- a mod p, a2 mod p, ......, ap-1 mod
p,???p??????1, 2, ......, p-1 - ??????,???????,?
- ??????b???p?????a,?????????i, ?? b ai mod p, ??
0lt i lt p-1 - ??i??b??a?????p??????????
- ??????????????DLP??, ???C?P????, ?d?M???,
?M?d???, d logCM in GF(P), ???????Texp((ln(P)ln
ln(P)1/2)?????P?200??, T 2.7x1011, ??1µs???,
??23???P 664?, ?T 1.2x1023,
?1012??2.739x109?, ?2.7??. ??P???,?????????
16
Diffie-Hellman Key Exchange
- ???????????(????)p, ??p?????a
- ????????
- ???????(??),?xAlt p, xBlt p
- ????, ?yA axA mod p, yB axB mod p, ?????
- ?????????KAB??????
- KAB axA.xB mod p
- yAxB mod p (which B can compute)
- yBxA mod p (which A can compute)
- KAB????????????????
- ????????,??????????,???????????
- ?????????x, ?????DLP??
17
Diffie-Hellman Example
- Users Alice Bob who wish to swap keys
- Agree on prime p353 and a 3
- Select random secret keys
- A chooses xA97,
- B chooses xB233
- Compute public keys
- yA397 mod 353 40 (Alice)
- yB3233 mod 353 248 (Bob)
- Compute shared session key as
- KAB yBxA mod 353 24897 mod 353 160 (Alice)
- KAB yAxB mod 353 40233 mod 353 160 (Bob)
18
10.2.2 Diffie-Hellman??????
- ????????????
19
??DLP???????ElGamal Cryptosystem
- ??A?B????,?????p,????a,0mp-1
- ??
- A??k?0, p-1, k???????xA, A????????B?????YB
axB mod p, ?? - K (YB)k mod p, ?K axBk mod p
- c1 ak mod p
- c2 mK mod p
- ???? (c1, c2)
- ??
- B????KK c1xB mod P akxB mod p
- ????mm c2/K mod P c2K-1 mod p
20
ElGamal Cryptosystem
- ??????,k??????,??
- (1) c1,1 ak mod p c2,1 m1K mod p
- (2) c1,2 ak mod p c2,2 m2K mod p
- ?m1/m2 c2,1/c2,2 mod p. ??m1??,m2?????
- ElGamal???????????,????????????????, ????????k?
- ElGamal?????????50,?????????????
- ElGamal??????????Diffie-Hellman???,???DLP,??????,?
??????Texp((ln(p)lnln(p)1/2)????
21
ElGamal Cryptosystem
- ?P 17, a 3, xA 2, xB 5, m 11,
m?A???B, A??k 7. - ???(c1, c2)???
- ??YA axA mod P 32 mod 17 9
- YB axB mod P 35 mod 17 5
- K (YB)k mod P 57 mod 17 10
- c1 ak mod P 37 mod 17 11
- c2 mK mod P 10x11 mod 17 8
- ??,??C (c1, c2) (11, 8)
- ??K c1xB mod P 115 mod 17 10
- c2 mK mod P 10m mod 17 8
- m c2/K mod P c2K-1 mod P
- K K-1 mod P 1,?10 K-1 mod 17 1,?K-1 12
- ??,??m c2K-1 mod P 8x12 mod 17 11
22
10.3 ??????
- ?????????ECC
- ??????????ECC,?????RSA, D-H?????????????
- ????????, ?????Weierstrass????????????????
- y2 axy by x3 cx2 dx e
- ???? y2 x3 ax b
- ?????????(x, y)??????E????
- ???????(point at infinity)???(zero point)?O?
23
?????????
- ????
- ????????
- ??
24
??????
- (a) y2x3-x
(b) y2x3x1
25
??????
- ??
- P(x, -y)P(x, y)
- ??X?????
- PPO
- ???
- POP
26
??????????
- ??????????????????, ???????O?????
- O???????(additive identity), O -O???????????P,
? P O P? - ???????????P1(x, y)?P2(x, -y), ???????O,
?P1P2O O? P1 -P2? - ??????x???Q?R??, ?????????????????P1,
???????????QRP1O, ??QR-P1 - ??Q??, ??????????S, ?QQ2Q-S
- ??????????P??????k?????????k?P???
27
???????
- ?????????????????????
- ??
- ???????
- ??????
- ??
- ???
- RPQ
- (? RPQ)
28
????
- ??
- ??P(x, y)???
- RPP
29
????
kPPP ???
30
????
- ??g ysxy0
- ??
- ?????
- (sxy0)2x3axb
- R???
31
????
- ??gysxy0
- ?????
- (sxy0)2x3axb
- R???
32
?????????Finite Elliptic Curves
- ?????????????GFP?
- y2x3axb mod p
- p?????, ??
- 0, 1, , p-1??p?????(Abelian)
- 1, , p-1??p?????
- ???????????????????????
33
???????????
- ???Zp?????(prime curves)Ep(a,b)
- ??????,?????????0,1,,p-1, ?p??
- ????????
- ???GF(2n)??????E2n(a,b)
- ???????GF(2n), ?????(??????)
- ???????
- Ep(a,b)??????????p???, ????(x, y)??????????p??????
??????Oy2 mod p (x3axb) mod p. - ?? p23, ?4a327b24x1327x12 mod 23 8?0,
????(??a, b 1)
34
????E23(1,1)???
- ??????0xltp?x, ??y2x3x1 mod p
- ?????????????????????p????, ????,
?E23(1,1)????????x??????, ????????????y?(????????
?y?0)???(x, y)??E23(1,1)???
35
????E23(1,1)???
36
???????
- ?GF11?????????????P(x, y) y2x3x6 mod 11
- ?12??, ??????O??n13???
37
????????
- ?y2x3x6 mod 11???(2, 4) ????
- ??2PPP (??? P2PP )
- ??3PPPP2PP(???P3PPPP2P)
- ??????GF11???
38
????????
- ?P(2, 4), ??2PPP (???P2PP )
- ???3PPPP2PP (???P3P2P )
39
GF(2n)??????
- ???GF(2n)?2n?????????????????????
- ???n, ??GF(2n)??????,?????????GF(2n)????????,???GF
(2n)????????????? - ????,GF(2n)?????????????????Zp??????????,??
- y2xyx3ax2b
- ????x?y????a?b?GF(2n)????,???GF(2n)???
40
GF(2n)??????
- ???????(x, y)?????O?????E2n(a,b)
- ??,????????f(x)x4x1(10011)??????GF(24),????g??f
(g)0, ?g10010, g4g1, ????0011,
g5(g4)(g)g2g0110
g00001 g40011 g80101 g121111
g10010 g50110 g91010 g131101
g20100 g61100 g100111 g141001
g31000 g71011 g111110 g150001
41
GF(2n)??????
- ??,??????y2xyx3g4x21, ag40011, bg00001,
?????????(x, y)?(g5, g3) - (g3)2(g5)(g3)(g5)3(g4)(g5)21
- g6g8g15g141
- 11000101000110010001
- 10011001
42
(No Transcript)
43
10.4 ???????
- ????????????RSA, D-H?????????????????,????,???????
???????????????ECC,???????????????? - ECC???????,ECC??????????
- ECC??????DLP?????
- QkP, Q, P??Ep(a, b), kltP
- ??k, P, ????QkP
- ????Q, P, ?k?
- ???????????
44
????????
- ????
- y2x3axb mod p
- ??????P,????
- ??????k-1???
- QkP, (?QPk)?
- ????????????
- ???Q???????k?
- ???????????
- ????????
45
???????
- ?E23(9, 17), ?y2(x39x7) mod 23,
?P(16,5)???Q(4, 5)?????k???? - ??????????,????P???????Q??,??
- P(16,5)2P(20,20)3P(14,14)4P(19,20)
5P(13,10)6P(7,3)7P(8,7)8P(12,17) 9P(4,5) - ??, ?P(16,5)???Q(4,5)?????k?9
- ?????,k?????,???????
46
???????
- ???????????
- ???????????????
- ??????a?b
- ???(base)??????????P
- ?(order)P???n,??nPO
- ????????
- EP(a, b), GFP
- Base point P(x, y)
- ?? e ??????
- ?????QeP
47
10.4.1Diffie-Hellman???????
- ?????????G
- A?B??????a, b???
- A QA aG B
- QB bG
- A Qa(QB) abG
- B Qb(QA)baGabG
48
(No Transcript)
49
ECC?Diffie-Hellman???????
- ???D-H,ECC?????????
- ???????ECC, Ep(a,b)
- ????G(x1, y1), ??nGO???n??????
- A?B?????????
- A?B????nAltn, nBltn
- ????PAnAG, PBnBG
- A?B??PA ? PB
- ??????KnAPB nBPA, ??KnAnBG,????????????
50
?ECC??Diffie-Hellman????
- ??
- Ep(0, -4), ? y2x3-4, G(2, 2), p211,n240
- ?? 240GO
- nA121, PA121(2, 2)(115, 48)
- nB203, PB203(2, 2)(130, 203)
- K 121(130, 203) 203(115, 48)(161, 69)
51
Massey-Omura????
- ?GF(q)?, ??A?????????eA, dA
- gcd(eA,q-1)1, eAdA 1 mod (q-1)
- ??, ??B?????????eB, dB
- gcd(eB,q-1)1, eBdB 1 mod (q-1)
- A???m???B
- A meA
B - meA eB
- (meA eB)da meB
- B ( meB )dB m
52
Massey-Omura????????
- m?????????Pm
- n????????(?????)
- ??????e1lteltn, gcd(e, n)1, ed1 mod n
- A???m???B
- A eAPm
B - eBeAPm
- dA( eBeAPm ) eBPm
- B dB( eBPm )Pm
53
ElGamal??????????
- E(a, b), base point G ??E
- A??a???, 0ltaltn,n?G??(order)
- aG??
- B?A????m
- B?m???Pm,?????k,
- A (kG, Pm k(aG)) B
- A Pm Pm k(aG) a(kG)
- ???A,B????akG
54
10.4.2 ?????/??
- ???????m???x-y??Pm, ?Pm???????????,
?????????????x???y??,????????????Eq(a,b)?? - ???D-H????,?????????G????Eq(a,b)?????
- ??A????nAltn, ?????PAnAG
- ??B????nBltn, ?????PBnBG
- A?B Pm
- A?????????k, ???Pm???? CmkG, PmkPB
- B??Cm, ??
- PmkPBnB(kG) Pmk(nBG)nB(kG) Pm
55
ECC Encryption/Decryption
- ??, Ep(-1,188), ?y2x3-x188, G(0,376), p751
- A??B???? Pm(562, 201)
- A??????k386, ???B???PB(201,5)
- ??kG386(0, 376)(676, 558)
- Pm kPB (562, 201) 386(201, 5)(385, 328)
- ??, ????
- CmkG, PmkPB(676, 558), (385, 328)
- B???
- PmkPBnB(kG) Pmk(nBG)nB(kG) Pm
56
??????????
- ECC?????????kP?P??k??????,?????????elliptic curve
logarithm problem,Pollard rho???????????????????? - ??FAC,?????RSA??????
- ????????,ECC?RSA???????????
- ?????????RSA??,??ECC???????,??ECC???????RSA?
57
???????RSA?????
58
Equivalent Cryptographic Strength
59
?10???
- ???1, 7, 8, 10, 11, 12, 13, 16
- ??16?????????
- Due Nov. 20, 2012
2G (5, 2) 3G (8, 3) 4G (10, 2) 5G (3, 6)
6G (7, 9) 7G (7, 2) 8G (3, 5) 9G (10, 9)
10G (8, 8) 11G (5, 9) 12G (2, 4) 13G (2, 7)
Recommended
CrystalGraphics Presentations
