Professional Documents
Culture Documents
Phan nh Diu
L thuyt mt m
&
L thuyt mt m
&
L thuyt mt m
&
An ton thng tin
Phan nh Diu
i hc Quc gia H Ni
Ni dung
Li m u.................................................................4
Chng 1
Gii thiu chung v mt m......8
1.1. S loc lch s v khoa mt m.................................. ........ 8
1.2. H thng mt m. M theo khi v m theo dng ........ 12
1.3. Mt m kha i xng v mt m c kha cng khai.... 15
1.4. Cc bi ton an ton thng tin ........................................... 16
1.5. Thm m v tnh an ton ca cc h mt m................... 18
Chng 2.
C s ton hc ca l thuyt mt m ................20
2.1.S hc cc s nguyn.Thut ton Euclide.......................... 20
2.2. Xc sut v thut ton xc sut......... ............................... 31
2.3. phc tp tnh ton......................................................... 36
2.4.S nguyn t. Phn tch thnh tha s.Lgarit ri rc.... 42
Chng 3
Cc h mt m kho i xng ...... 55
3.1. Cc h mt m c in........................................................ 55
3.2. Thm m i vi cc h mt m c in ......................... 63
3.3. Mt m theo dng v cc dy s gi ngu nhin ...........72
3.4. H mt m chun DES
........................................ 80
Chng 4
Cc h mt m kho cng khai ...........92
4.1. Gii thiu m u.................................................................92
4.1. H mt m kho cng khai RSA ........................................97
4.2. H mt m kho cng khai Rabin.................................... 101
4.3. H mt m kho cng khai ElGamal................................103
4.4. Cc h mt m da trn cc bi ton NP-y ............107
4.5. Cc h mt m xc sut kho cng khai...........................111
Chng 5
Bi ton xc nhn v Ch k in t......115
5.1. Bi ton xc nhn v s ch k................................ 115
5.2. S ch k ElGamal v chun ch k i t.......... 118
5.3. Hm bm v ch k......................................................... 122
5.4. Mt s s ch k khc............................................... 127
5.5.Ch k khng ph nh c&khng chi b c 131
Chng 6
Cc s xng danh v xc nhn danh tnh 136
6.1. Vn xng danh..............................................................136
6.2. S xng danh Schnorr..................................................137
6.3. S xng danh Okamoto................................................140
6.4. S xng danh Guillou-Quisquater..............................142
6.5. Giao thc Feige-Fiat-Shamir...............................................145
6.6. Php chng minh khng l tri thc..................................147
Chng 7
Vn phn phi kho v tho thun kho 152
7.1. Qun tr kho trong cc mng truyn tin.........................152
7.2. Mt s h phn phi kho................................................153
7.3. Trao i kho v tho thun kho....................................157
Li m u
T khi con ngi c nhu cu trao i thng tin, th t cho
nhau th nhu cu gi b mt v bo v tnh ring t ca nhng thng
tin, th t c trao i cng ny sinh. Hnh thc thng tin c
trao i ph bin v sm nht l di dng cc vn bn, gi b
mt ca thng tin ngi ta sm ngh n cch che du ni dung
cc vn bn bng cch bin dng cc vn bn ngi ngoi
khng c hiu c, ng thi c cch khi phc li nguyn dng
ban u ngi trong cuc vn c hiu c; theo cch gi ngy
nay th dng bin i ca vn bn c gi l mt m ca vn bn,
cch lp mt m cho mt vn bn c gi l php lp mt m, cn
cch khi phc li nguyn dng ban u ca vn bn t bn mt m
c gi l php gii m. Php lp mt m v php gii m c
thc hin nh mt cha kho ring no m ch nhng ngi trong
cuc c bit, sau y ta s gi l kho mt m. Ngi ngoi cuc
khng c bit kho mt m, nn d c "n cp" c bn mt m
trn ng truyn tin, v nguyn tc cng khng th gii m
hiu c ni dung ca vn bn truyn i.
Hin nhin, tiu chun ca mt bn mt m l to c tnh
b mt cho vn bn; v vy khi nim b mt l khi nim ct li nht
i vi mt l thuyt v mt m. C th c mt nh ngha khoa hc
cho khi nim b mt hay khng? c nhiu cch tip cn tm
hiu ni dung ca khi nim b mt, nhng mt nh ngha khoa
hc, hay hn na, mt nh ngha ton hc cho khi nim th
cha c. Mt cch tip cn kh ph bin l gn khi nim b mt vi
khi nim "ngu nhin", nu mt vn bn r c mt ni dung xc
nh th iu ta mong mun l bn mt m ca n phi l mt bn
gm cc k t c sp xp hn n, c v nh ngu nhin khin
4
Thng 12 nm 2002
Phan nh Diu
CHNG I
Gii thiu chung v mt m
1.1. S lc lch s v mt m.
Nh gii thiu trong Li m u, nhu cu s dng mt
m xut hin t rt sm, khi con ngi bit trao i v truyn
a thng tin cho nhau, c bit khi cc thng tin c th
hin di hnh thc ngn ng, th t. Lch s cho ta bit, cc hnh
thc mt m s khai c tm thy t khong bn nghn nm
trc trong nn vn mnh Ai cp c i. Tri qua hng nghn nm
lch s, mt m c s dng rng ri trn khp th gii t ng
sang Ty gi b mt cho vic giao lu thng tin trong nhiu lnh
vc hot ng gia con ngi v cc quc gia, c bit trong cc
lnh vc qun s, chnh tr, ngoi giao. Mt m trc ht l mt loi
hot ng thc tin, ni dung chnh ca n l gi b mt thng
tin (chng hn di dng mt vn bn) t mt ngi gi A n mt
ngi nhn B, A phi to cho vn bn mt bn m mt tng
ng, v thay v gi vn bn r th A ch gi cho B bn m mt, B
nhn c bn m mt v s c cch t khi phc li vn bn r
hiu c thng tin m A mun gi cho mnh. V bn gi i
thng c chuyn qua cc con ng cng khai nn ngi ngoi
c th "ly trm" c, nhng do l bn mt m nn khng c
hiu c, cn A c th to ra bn m mt v B c th gii bn m
mt thnh bn r hiu c l do gia hai ngi c mt tha
thun v mt cha kha chung, ch vi cha kha chung ny th A
mi to c bn m mt t bn r, v B mi t bn m mt khi
phc li c bn r. Sau ny ta s gi n gin cha kha chung
l kha mt m. Tt nhin thc hin c mt php mt m, ta
8
1.2. Cc h thng mt m.
1.2.1. S h thng mt m.
Mt m c s dng bo v tnh b mt ca thng tin khi
thng tin c truyn trn cc knh truyn thng cng cng nh cc
knh bu chnh, in thoi, mng truyn thng my tnh, mng
Internet, v.v... Gi th mt ngi gi A mun gi n mt ngi
nhn B mt vn bn (chng hn, mt bc th) p, bo mt A lp
cho p mt bn mt m c, v thay cho vic gi p, A gi cho B bn mt
m c, B nhn c c v "gi m" c li c vn bn p nh A
nh gi. A bin p thnh c v B bin ngc li c thnh p , A v B
phi tha thun trc vi nhau cc thut ton lp m v gii m, v
c bit mt kha mt m chung K thc hin cc thut ton .
Ngi ngoi, khng bit cc thng tin (c bit, khng bit kha
12
S = (P , C , K , E , D )
(1)
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25.
i khi ta cng dng vi t cch tp k t bn r hay bn m l cc
tp tch ca cc tp ni trn, c bit l cc tp Am , B m , Znm .
x1...xk P
P k C
v dK :
C kP k nh sau: vi mi
v y1...yk C k ta c
d K ( y1 .... yk ) = d K1 ( y1 )....d K k ( yk ) .
Gi th bn r m ta mun lp mt m cho n l dy k t X
P*
P * bn m tng
ng l
Gii m Y = eK(X) ta c
P = C = K = {0,1}
v cc hm lp m v gii m c xc nh bi
16
CHNG II
C s ton hc ca l
thuyt mt m
2.1. S hc cc s nguyn. Thut ton Euclide.
Ta k hiu Z l tp hp cc s nguyn, Z = {.....,-2,-1,0,1,2,....},
v Z + l tp hp cc s nguyn khng m, Z += {0,1,2,.....}. Trong mc
ny ta s nhc li mt s kin thc v s hc ca cc s nguyn cn
cho vic trnh by l thuyt mt m. V tp gio trnh khng qu
di dng, cc kin thc s c nhc n ch yu l cc khi nim,
cc mnh s c s dng, v.v..., cn cc phn chng minh s
c lc b, bn c no mun tm hiu k hn c th tham kho
cc sch chuyn v S hc.
s ca mi s nguyn bt k, s 0 l bi s ca mi s nguyn bt
k, mi s nguyn a l c s, ng thi l bi s, ca chnh n.
Cho hai s nguyn bt k a v b , b > 1. Thc hin php chia a cho b
ta s c hai s q v r sao cho
Nu a = bq + r th gcd(a,b) = gcd(b,r).
Mt s nguyn m c gi l bi s chung ca a v b nu a m v
4864 3458
4864 = 1. 3458 + 1406
1406
646
646
646
114
114
646 = 5. 114 + 76
114
76
76
114 = 1. 76 + 38
76
38
38
76 = 2. 38 + 0
38
22
a.x + b.y = d
c nghim nguyn (x,y), v mt nghim nguyn (x,y) nh vy c th
tm c bi thut ton Euclide m rng nh sau:
a b, b r , x2 x1 , x1 x , y2 y1 v y1y.
4. t d a, x x2 , y y2 , v cho ra kt qu (d,x,y).
Th d: Dng thut ton Euclide m rng cho cc s a = 4864 v b =
3458, ta ln lt c cc gi tr sau y cho cc bin a, b, q, r, x, y,
x1 , x2 , y1 , y2 (sau mi chu trnh thc hin hai lnh 3.1 v 3.2) :
4864
3458
3458
1406
1406
1406
646
646
646
114
114
76
x1
x2
y1
y2
-1
-1
-2
-2
-1
114
-7
-2
-7
76
-27
38
-27
38
-7
23
76
38
38
32
-45
32
-27
-45
38
38
-91
128
-91
32
128
-45
a.x b (modn ),
(1)
= b/d , n
= n/d ,
a .x b
V gcd(a ,n
modn :
(modn ),
x = x0 b .a
-1
(modn ),
x = x0 , x0 + n , .... , x0 + (d 1)n
(modn).
x1 a1 (mod n1 )
x2 a2 (mod n2 )
........................
xk ak (mod nk )
(2)
x=
k
i =1
ai .N i .M i mod n,
26
By gi ta xt tp Zn * = { a Zn : gcd( a ,n ) = 1} , tc Zn * l tp con
ca Zn bao gm tt c cc phn t nguyn t vi n. Ta gi tp l
tp cc thng d thu gn theo modn. Mi s nguyn nguyn t vi
n u c th tm thy trong Zn * mt i din ng d vi mnh
theo modn . Ch rng nu p l mt s nguyn t th Zp * = {1,2,...,p1}.
Tp Zn * lp thnh mt nhm con i vi php nhn ca Zn , v trong
Zn * php chia theo modn bao gi cng thc hin c, ta s gi Zn *
l nhm nhn ca Zn .
Theo i s hc, ta gi s cc phn t trong mt nhm l cp ca
nhm . Ta k hiu (n) l s cc s nguyn dng b hn n v
nguyn t vi n. Nh vy, nhm Zn
c cp (n) , v nu p l s
b p1 1 (mod p )
(3)
p1
p1
1(mod p ),....., a
p1
ps
1(mod p ),
Fermat ).
b)
Nu
aZn*,
th
a ( n ) 1(mod n) .
Nu
r s (mod (n))
x 2 a (mod n) ,
trong n l mt s nguyn dng, a l s nguyn vi gcd(a,n) =1,
v x l n s. Phng trnh khng phi bao gi cng c nghim,
khi n c nghim th ta ni a l mt thng d bc hai modn ; nu
khng th ni a l mt bt thng d bc hai modn. Tp cc s
nguyn nguyn t vi n c phn hoch thnh hai tp con: tp Qn
cc thng d bc hai modn , v tp Qn cc bt thng d modn.
Khi n = p l s nguyn t, ta c tiu chun Euler sau y: S a l
thng d bc hai modp nu v ch nu a ( p1) / 2 1(mod p) . Tiu
chun c chng minh nh sau:
Gi s c x sao cho x 2 a (mod p) , khi ta cng s c
Cho p l mt s nguyn t l.
a
k hiu Legendre nh sau:
p
0 , khi a 0(mod p );
a
= 1 , khi a Q ;
p
p
1, khi a Q p .
T nh ngha ta suy ra ngay a l thng d bc hai modp khi v ch
a
khi = 1. V theo tiu chun Euler ni trn, vi mi a 0, ta c:
p
a ( p1) / 2
a
(mod p).
p
By gi ta m rng k hiu Legendre c k hiu Jacobi i vi
mi s nguyn l n 1 v mi s nguyn a 0, cng c k hiu
a
bi v c nh ngha nh sau: Gi s a c khai trin chnh tc
n
thnh tha s nguyn t l n = p11 . p22 .... pkk th
k
1 2
a = a . a .... a .
p
n p p
1
2
k
29
m .m m m
3. 1 2 = 1 . 2 .
n n n
4. Nu m v n u l s l, th
n
, khi m 3(mod 4) & n 3(mod 4),
m m
=
n n
, khi m 1(mod 4) n 1(mod 4).
m
117
.
=
7411
117
7411
40
2
=
=
7411
117
117
117
5
.
=
117
5 117 2
=
= = 1.
117 5 5
9283 l mt s nguyn t. Do , gi tr -1 ca k hiu Jacobi
7411
x 2 7411(mod 9283)
30
l v nghim.
By gi ta xt vic gii phng trnh ng d bc hai
x 2 a (mod n)
(4)
p1
+1
2
2( m+1)
a (mod p ),
a (mod p ),
E 2 ca hai s kin E 1 v E 2 bt k. V ta c:
1) Gi s E l mt s kin. Khi 0 p (E ) 1 v p( E ) = 1 - p (E ).
Ngoi ra, p () = 1 v p () = 0.
2) Gi s E 1 v E 2 l hai s kin. Nu E 1 E 2 th p (E 1) p (E 2) .
V c p (E 1E 2) + p (E 1 E 2) =p (E 1) + p (E 2) . Do p (E 1E 2) =p
(E 1) + p (E 2) khi v ch khi E 1 E 2 = , tc l khi E 1 v E 2 l hai s
kin loi tr ln nhau.
Cho E 1 v E 2 l hai s kin, vi p (E 2) > 0. Ta nh ngha xc sut c
iu kin ca E 1 khi c E 2 , k hiu p ( E1 E2 ) , l
p ( E1 E2 ) =
p ( E1 E2 )
.
p ( E2 )
p ( E1 E2 ) =
p ( E1 ). p ( E2 E1 )
p ( E2 )
. .
p(E1).p(E2). Khi ta c: p ( E1 E2 ) = p ( E1 ) v p( E2 E1 ) = p( E2 ).
Gi s l mt khng gian mu vi mt phn b xc sut P . Ta gi
mt i lng ngu nhin trn l mt nh x gn cho mi s
mt s thc (s ). Hin nhin, nu v l cc i lng ngu
nhin trn , th + , . c nh ngha bi :
32
E ( )= ( s ). p( s ) .
s
nh l 2.2.1. Gi s S = (P , C , K , E , D ) l mt h mt m vi
iu kin P = C = K , tc cc tp P , C , K c s cc phn t bng
nhau. Khi , h l b mt hon ton nu v ch nu mi kho K K
c dng vi xc sut bng nhau l 1/K , v vi mi x P , y C
c mt kho duy nht K K sao cho eK (x ) = y.
Chng minh. a) Gi th h S l b mt hon ton. Khi , vi mi x
C = { eK(x ): K K } K .
Theo gi thit ca nh l, C = K , do
{ eK(x ): K K } = K .
Nhng iu ny li c ngha l khng th c hai kho K1 K2 sao
cho eK1 ( x) = eK 2 ( x). Vy ta chng minh c vi mi x P v y C
c ng mt kho K sao cho eK (x ) = y .
K hiu n = K v t K = {K1,..., Kn }. C nh mt y C v gi th
eKi ( xi ) = y vi P = {x1,....., xn }, 1 i n. Dng cng thc Bayes ta li
pP ( xi y ) =
pC ( y xi ). pP ( xi ) pK ( K i ). pP ( xi )
.
=
pC ( y )
pC ( y )
34
eK (x ) = y . Ta tnh:
pC ( y ) = pK ( K ). pP (d K ( y )) =
K K
1
K
K K
K K
1
pP (d K ( y )) =
K
(d K ( y )).
K K
(d K ( y )) =
p
xP
( x) = 1,
v ta c pC (y ) = 1/K vi mi y C .
Mt khc, gi K l kho duy nht m eK (x ) = y , ta c
pP ( x). pC ( y x) pP ( x).1/ K
=
= pP ( x).
pC ( y )
1/ K
36
37
x .si = T ?
i =1 i
1) P NP,
2) Nu P1 P2 v P2 NP , th P1 NP .
3) Nu P1 ,P2 NP , P1 P2 , v P1 l NP-y , th P2 cng
l NP -y .
4) Nu c P sao cho P l NP-y v P P , th P = NP.
T cc tnh cht ta c th xem rng trong lp NP , P l lp
con cc bi ton d nht, cn cc bi ton NP-y l cc bi
ton kh nht; nu c t nht mt bi ton NP-y c
chng minh l thuc P , th lp tc suy ra P = NP , d rng cho n
nay tuy c rt nhiu c gng nhng ton hc vn cha tm c
con ng no hy vng i n gii quyt vn [P = NP ?], thm
ch vn cn c xem l mt trong 7 vn kh nht ca ton
hc trong thin nin k mi!
42
b) Nu n l hp s , th
43
n 1
( n1) / 2
mod n
.
a :1 a n 1, a
n
2
{a :1 a n 1, a ( n1) / 2 1mod n}
n 1
.
2
{a :1 a n 1, (a
n 1
.
4
3.
answer n l s nguyn t
4. else
5.
a ( n1) / 2 1mod n
hay
k
45
p ( A B )=
p ( B A). p( A)
p ( B A). p ( A)
=
.
p( B)
p ( B A). p( A) + p ( B A). p( A)
, s cc s l l
, do p ( A)
, v
ln N ln n
2 2
ln n
2
p ( A) 1
. D nhin ta c p ( B A) =1. Thay cc gi tr vo
ln n
cng thc trn, ta c
p ( A B )
2t (1
2t (1
2
)
ln n
2
2
)+
ln n
ln n
ln n 2
.
ln n 2 + 2t +1
(5)
Input:
6.
7.
if ( q 4 r log n) and (n
8.
break;
1(mod r ))
r r + 1;
9.
10.
r1
q
if
COMPOSITE;
(( x a) n ( x n a )(mod x r 1, n))
ouput
48
Q = q ln n / ln q ,
q B
ln n
.
3.1 Tnh l =
ln q
l
24
2293244
15
13555889
10
16937223
15214586
11
9685355
13
13271154
17
11406961
19
554506
x 2 a 2 (mod n)
c 4 nghim, hai nghim tm thng l x = a v x = -a . Hai nghim
khng tm thng khc l b , chng l nghim ca hai h phng
trnh ng d bc nht sau y:
x a (mod p )
x a (mod q )
x a (mod p )
x a (mod q )
m = p 1 .
Ta
tm
a
a = mj + i, 0 j , i m 1. R rng = a modp
t
di
dng
khi v ch khi
p 1= pici .
i=1
phn nh sau:
c1
x = xi qi (0 xi q 1).
i=0
p1
q
p1
q
( p1 ) q
( p1) x0
q
(mod p ).
x ' = xi qi .
i =1
T ta suy ra
53
C lm nh vy, ta s tm c dn tt c cc gi tr xi vi i =
0,1,...,c -1, tc l tnh c x. Sau khi tm c tt c cc gi tr x
ng vi mi c s nguyn t q ca p , th theo mt nhn xt
trn, ch cn gii tip mt h phng trnh ng d bc nht theo
cc muyn tng cp nguyn t vi nhau (bng phng php s
d Trung quc), ta s tm c s a cn tm, a = log theo
modp.
Th d: Cho p = 29 v = 2. Hy tnh a =log 218 theo mod29.
Ta c p - 1 = 28 = 22. 71 . Theo thut ton Polig-Hellman, ta tm
ln lt a mod 4 v a mod 7. Theo cc bc tnh ton nh m t
trn, ta s tm c a mod 4 = 3 v a mod 7 =4 .T gii h
phng trnh
x 3(mod 4),
x 4 (mod 7)
ta c nghim x 11 (mod28), tc c 11 = log 218 theo
mod29. Thut ton Polig-Hellman cho ta mt cch tnh logarit ri
rc kh hiu qu, nhng ch khi p -1 ch c cc tha s nguyn t
b. V vy, nu p -1 c t nht mt tha s nguyn t ln th thut
ton kh c thc hin c hiu qu, tc trong trng hp
bi ton tnh logarit ri rc theo modp vn l mt bi ton kh.
Mt lp cc s nguyn t p m p - 1 c t nht mt c s nguyn
t ln l lp cc s nguyn t dng p = 2q + 1, trong q l
nguyn t. Nhng s nguyn t dng c gi l s nguyn
t Sophie Germain, c vai tr quan trng trong vic xy dng
mt lp kh thng dng cc h mt m c kho cng khai.
Ngi ta cng nghin cu pht trin nhiu thut ton khc, c
thut ton tt nh, c thut ton xc sut, tnh logarit ri rc,
nhng cha c thut ton no c chng t l c phc tp
tnh ton vi thi gian a thc.
54
55
CHNG III
Cc h mt m kha i xng
3.1. Mt s h mt m c in.
Trong chng ny ta s gii thiu mt s h mt m c kha
i xng, tc l nhng h mt m m kha lp mt m v kha gii
mt m l trng nhau, v v vy kha mt m chung phi c
gi b mt, ch ring hai i tc (ngi lp mt m gi i v
ngn nhn mt m gi n) c bit m thi. Trong sut mt thi
k lch s di t thi c i cho n vi ba thp nin gn y, cc
phng php mt m c s dng trong thc t u l mt m
kho i xng, t h mt m Ceasar c dng hn nghn nm
trc cho n cc h mt m c s dng vi s tr gip ca k
thut my tnh hin i trong thi gian gn y. Trc ht ta hy bt
u vi mt s h mt m c in.
S = (P , C , K , E , D ) ,
trong
vi mi K, x , y Z26 :
E (K, x) = x +K mod26,
D (K, y) = y - K mod26.
Cc h mt m c xc nh nh vy l ng n, v vi
mi K, x , y Z26 ta u c:
dK(eK(x)) = (x +K ) - K mod26 = x.
Cc h mt m chuyn dch c s dng t rt sm,
theo truyn thuyt, h m vi K =3 c dng bi J. Caesar t
thi quc La m, v c gi l h m Caesar.
Th d: Cho bn r hengapnhauvaochieuthubay, chuyn dy
k t thnh dy s tng ng ta c:
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
Nu dng thut ton lp mt m vi kho K = 13, ta c bn m l:
y = 20 17 0 19 13 2 0 20 13 7 8 13 1 15 20 21 17 7 6 20 7 14 13 11,
chuyn di dng k t thng thng ta c bn mt m l:
uratncaunhinbpuv rhguhonl .
gii bn mt m , ta ch cn chuyn n li di dng s (
c dy y), ri thc hin thut ton gii m, tc tr tng s hng
vi 13 (theo muyn 26), c li dy x, chuyn thnh dy k t l
c bn r ban u.
Cc h mt m chuyn dch tuy d s dng, nhng vic thm
m cng kh d dng, s cc kho c th c l 26; nhn c mt
bn m, ngi thm m ch cn th dng ln lt ti a l 26 kho
gii m, t s pht hin ra c kho dng v c bn r!
S = (P , C , K , E , D ) ,
P = C = Z26 , K l tp hp tt c cc php hon v trn Z26
cc nh x E v D c cho bi:
trong
56
e ( x) = ( x),
d ( y ) = 1 ( y ),
vi mi x P , y C , K l mt php hon v trn Z26 .
Ta thng ng nht Z26 vi bng k t ting Anh, do
php hon v trn Z26 cng c hiu l mt php hon v trn tp
hp cc k t ting Anh, th d mt php hon v c cho bi
bng :
a b
x n
w b
m n
Vi h mt m thay th c kho , bn r
x = hengapnhauvaochieuthubay
s c chuyn thnh bn mt m
y = ghsoxlsgxuexfygzhumgunxd .
Thut ton gii m vi kho , ngc li s bin y thnh bn r x.
S h mt m c s kho c th bng s cc php hon v
trn tp Z26 , tc l 26! kho, l mt s rt ln (26!> 4.1026). Do ,
vic duyt ln lt tt c cc kho c th thm m l khng thc
t, ngay c dng my tnh. Tuy vy, c nhng phng php thm
m khc hiu qu hn, lm cho cc h mt m thay th khng th
c xem l an ton.
3.1.3. M apphin.
S cc h mt m apphin c nh ngha nh sau:
57
S = (P , C , K , E , D ) ,
trong
cc nh x E v D c cho bi:
eK(x ) = ax + b mod26,
dK(y ) = a-1(y - b) mod26,
vi mi x P , y C , K = (a, b) K .
C iu kin gcd (a, 26) = 1 l bo m c phn t nghch
o a mod26 ca a , lm cho thut ton gii m dK lun thc hin
c. C tt c (26) = 12 s a Z26 nguyn t vi 26, l cc s
-1
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
Nu dng h mt m apphin vi kho K=(5, 6) ta s c bn mt
m
y = 15 0 19 10 6 3 19 15 6 2 7 6 24 16 15 20 0 2 23 15 2 11 6 22,
chuyn sang dng k t ting Anh ta c bn mt m di dng
patkgdtpgchgyqpuacxpclgw .
V c 12 s thuc Z26 nguyn t vi 26, nn s cc kho c th
c (do , s cc h mt m apphin) l bng 12x26 =312, mt con s
khng ln lm nu ta s dng my tnh thc hin vic thm m
bng cch duyt ln lt tt c cc kho c th; nh vy, m apphin
cng khng cn c xem l m an ton !
3.1.4. M Vigenre.
58
S = (P , C , K , E , D ) ,
trong
hengapnhauvaochieuthubay,
ta cng chuyn n thnh dy s v tch thnh tng on 6s lin
tip:
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
(nu di ca x khng phi l bi s ca 6, ta c th qui c thm
vo on cui ca x mt s phn t no , chng hn l cc s 0,
bao gi cng c th xem l x tch c thnh cc on c 6 s lin
tip). Cng theo mod26 cc s trong tng on vi cc s tng
ng trong kho K ta s c bn mt m
y = 9 12 2 13 4 6 15 15 15 1 25 17 16 10 22 15 8 11 21 15 9 8 4
15
chuyn sang dy k t ta c bn m l
jmcnegpppbzrqkwpilvpjiep .
59
3.1.5. M Hill.
S mt m ny c xut bi Lester S. Hill nm 1929.
Cng ging nh s m Vigenre, cc h m ny c thc hin
trn tng b m k t lin tip, iu khc l mi k t ca bn m
c xc nh bi mt t hp tuyn tnh (trn vnh Z26) ca m k t
trong bn r. Nh vy, kho s c cho bi mt ma trn cp m, tc
l mt phn t ca K Z m xm. php bin i tuyn tnh xc nh
bi ma trn K c php nghch o, bn thn ma trn K cng phi c
ma trn nghch o K -1 theo mod26; m iu kin cn v K c
nghch o l nh thc ca n, k hiu detK, nguyn t vi 26. Vy,
s mt m Hill c nh ngha l s
S = (P , C , K , E , D ) ,
trong
cc nh x E v D c cho bi:
60
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
Lp mt m cho tng on hai s lin tip, ri ni ghp li ta c
-1
11 8
7 18
=
(mod 26) =
,
3 7
23 11
3.1.6. M hon v.
Cc h m hon v cng c thc hin trn tng b m k t
lin tip, nhng bn mt m ch l mt hon v ca cc k t trong
tng b m k t ca bn r. Ta k hiu Sm l tp hp tt c cc php
hon v ca tp hp { 1,2, ... ,m }. S cc php m hon v c
cho bi
S = (P , C , K , E , D ) ,
61
trong
(1)
,..., y 1 ( m ) ),
i = 1 2 3 4 5 6
(i) = 3 5 1 6 4 2 .
-1
j = 1 2 3 4 5 6
(j ) = 3 6 1 5 2 4 .
Vi bn r hengapnhauvaochieuthubay, tc cng l vi
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
ta s c bn m tng ng l:
y = 13 0 7 15 6 4 0 21 13 0 20 7 7 4 14 20 8 2 20 0 19 24 1 7
chuyn thnh dy k t l nahpgeavnauhheouicuatybh . Dng cho
tng b 6 k t lin tip ca bn mt m ny (tc l ca y) php gii
m dK ta s thu li c x v bn r ban u.
Ch rng m hon v l mt trng hp ring ca m Hill.
Thc vy, cho php hon v trn {1,2,...,m } , ta xc nh ma trn
62
ng, as, or, ti, is, et, it, ar, te, se, hi, of.
Mi hai b ba k t c xc sut xut hin cao nht l: the, ing, and,
B (1) 0.015
F (5) 0. 022
J (9) 0.002
C (2) 0.028
G (6) 0.020
K (10) 0.008
D (3) 0.043
H (7) 0. 061
L (11) 0.040
M (12) 0.024
Q (16) 0.001
U (20) 0.028
Y (24) 0.020
N
R
V
Z
O (14) 0.075
S (18) 0.063
W (22) 0.023
P (15) 0.019
T (19) 0.091
X (23) 0.001
(13)
(17)
(21)
(25)
0.067
0.060
0.010
0.001.
64
Th d: Ta c bn mt m:
fmxvedkaphferbndkrxrsrefmorudsdkdvshvufedkaprkdlyevlrhhrh .
Hy tm kho mt m v bn r tng ng.
Ta thy trong bn mt m ni trn, r xut hin 8 ln, d 7 ln, e, k, h
mi k t 5 ln, f, s, v mi k t 4 ln, v.v...; vy c th phn on r
l m ca e , d l m ca t, khi c
4a + b = 17 mod26,
19a + b = 3 mod26,
gii ra c a = 6 , b = 19. V gcd(a, 26) = 2 1, nn (a, b) khng th
l kho c, phn on trn khng ng. Ta li th chon mt phn
on khc: r l m ca e, h l m ca t . Khi c:
4
4a + b = 17 mod26,
19a + b = 7 mod26,
ta gii ra c a = 3, b = 5. V (a, 26) = 1 nn K = (3,5) c th l kha
cn tm. Khi php lp mt m l eK(x ) = 3x +5 mod26, v php
gii m tng ng l dK (y) = 9) = 9y - 19 mod26. Dng php gii m
cho bn m ta s c (di dng k t) bn r l:
algorithmsarequitegeneraldefinitionsofarithmeticprocesses .
Ta c th kt lun kho ng l K = (3, 5) v dng trn l bn r cn
tm.
65
I C ( x) =
i =0
fi
2
( n2)
25
f ( f + 1)
i =0
n(n + 1)
IC(x)
25
p
i =0
2
i
= 0,065 ,
66
y = y1 ym+1..... ytm+1
y2 ym+2..... ytm+2
..........................
ym yem..... y(tm+1)m
ngha l vit ln lt theo cc ct m k t cho n ht. Ta k hiu y1,
chreevoahmaeratbiaxxwtnxbeeophbsbqmqeqerbwrvxuoakxa
osxxweahbwgjmmqmnkgrfvgxwtrzxwiaklxfpskautemndemg
tsxmxbtuiadngmgpsrelxnjelxvrvprtulhdnqwtwdtygbphxtfalj
hasvbfxngllchrzbwelekmsjiknbhwrignmgjsglxfeyphagnbieqjt
mrvlcrremndglxrrimgnsnrwchrqhaeyevtaqebbipeewevkakoe
wadremxmtbhhchrtkdnvrzchrclqohpwqaiiwxnrmgwoiifkee.
Dng php th Kasiski, ta nhn thy rng chr xut hin 5 ln,
khong cch ca cc ln xut hin lin tip l 165, 70, 50, 10. c s
67
f .f
MIC(x,y) =
i =0
n.n '
'
i
25
h=0
h =0
MI C ( yi , y j ) ph ki . ph k j = ph . ph + ki k j .
p .p
h =0
h +l
69
Gi tr ca MIC(yi , yjg)
.028 .027 .028 .034 .039
.037
.026
.041
.039
.033 .040 .034 .028 .053 .048 .033 .029 .056 .050 .045 .039
.034 .043 .025 .027 .038 .049 .040 .032 .029 .034 .039 .044 .044
.034 .039 .045 .044 .037 .055 .047 .032 .027 .039 .037 .039 .035
.043 .033 .028 .046 .043 .044 .039 .031 .026 .030 .036 .040 .041
.024 .019 .048 .070 .044 .028 .038 .044 .043 .047 .033 .026 .046
.036
.067 .041 .033 .037 .045 .033 .033 .027 .033 .045 .052 .042 .030
2
.046 .034 .043 .044 .034 .031 .040 .045 040 .048 .044 .033 .024
.028 .042 .039 .026 .034 .050 .035 ,032 .040 .056 .043 .028 .028
.033 .033 .036 .046 .026 .018 .043 .080 .050 .029 .031 .045 .039
.037 .027 .026 .031 .039 .040 .037 .041 .046 .045 .043 .035 .030
.038 .036 .040 .033 .036 .060 .035 .041 .029 .058 .035 .035 .034
.053 .030 .032 .035 .036 .036 .028 .046 .032 .051 .032 .034 .030
.035 .034 .034 .036 .030 .043 .043 .050 .025 .041 .051 .050 .035
.032 .033 .033 .052 .031 .027 .030 .072 .035 .034 .032 .043 .027
.052 .038 .033 .038 .041 .043 .037 .048 .028 .028 .036 .061 .033
.033 .032 .052 .034 .027 .039 .043 .033 .027 .030 .039 .048 .035
k1 - k2 = 9
k2 - k5 = 7
k1 - k5 = 16
k3 - k5 = 20
k2 - k3 = 13
k4 - k5 = 11 .
=
.K ,
2 5 8 3
7 19
t c K =
. Vi K phng trnh th ba cng nghim
8 3
ng.
Tr li vi vn xc nh m. Nu m khng qua ln, ta c
th th cch trn ln lt vi m = 2,3,4,... cho n khi tm c kho,
v kho K xem l tm c nu ngoi m cp b m (x1,y1),..., (xm , ym)
dng tm kho, K vn nghim ng vi cc cp b m khc m ta
c th chn th.
S = (P , C , R, K , F, E , D )
72
(1)
eK ( x) = x + K mod 2,
d K ( y ) = y + K mod 2
(2)
zi = ri , (i = 1,..., m)
(3)
zi = zi - 4 + zi - 3 mod2 (i >4)
74
S = (P , C , K , E , D ) ,
trong P = C = K = Z2 , E v D c cho bi:
E (K, x ) = x + K mod2 , D (K, y ) = y + K mod2 .
C ch to dng kho c th xem l mt nh x :
R XZ K , xc
nh vi mi mm kho r R = Z 2m ( m 1) v mi s nguyn i 0,
mt s hng zi = (r ,i ) K ca dng kho ng b K = z1z2....zi.....
Mt h mt m dng l c bo mt cao, nu bn thn s
mt m nn c bo mt cao (chng hn, l b mt hon ton theo
nh ngha Shannon), v c ch to dng kho to ra c cc dng
kho l cc dy bit ngu nhin. D thy rng, s mt m nn m
t trn tho mn cc iu kin ca nh l 2.2.1 , do n l b mt
75
R XZ K l c ch to dng kho ca mt h mt m
dng, v r R . Ta ni B l mt thut ton on bit tip theo (i vi
v r ) nu vi mi s nguyn i (0 i l )v mi t z1...zi-1Z i -1, ta
c : B (i, z1...zi- 1) = (r ,i ). R rng nu ta mun c ch to ra cc
dng kho gi ngu nhin tt th ta khng mong c thut ton on
bit tip theo lm vic c hiu qu (chng hn tnh ton c trong
thi gian a thc). Gim nh yu cu on ng bit tip theo, ta s
76
(4)
b
si +1 = si mod n,
z1...z20 = 10000111011110011000.
To bit gi ngu nhin BBS (Blum-Blum-Shub) :
C ch to bit gi ngu nhin BBS c m t nh sau : Chn
n =p.q l tch ca hai s nguyn t dng 4m +3, tc p 3(mod4) v
2
si +1 = si mod n,
z1...z20 = 11001110000100111010.
To bit gi ngu nhin da vo bi ton logarit ri rc :
Chn p l mt s nguyn t ln, v l mt phn t nguyn
thu theo modp. Tp cc mm kho l R = Z p . Vi mi mm kho
r R ta xc nh dy s s0,...,si .... bi :
s0 = r ,
si +1 = si mod p.
78
82
Kho K
Bn r x
IP
L0
R0
K1
f
L1
Thut ton
G to
cc kho
K1,....., K16
t
kho K
R1
K2
f
L15
R15
K16
R16
L16
IP -1
Bn m y
82
IP
58
60
62
64
57
59
61
63
50
52
54
56
49
51
53
55
42
44
46
48
41
43
45
47
34
36
38
40
33
35
37
39
26
28
30
32
25
27
29
31
18
20
22
24
17
19
21
23
10
12
14
16
9
11
13
15
2
4
6
8
1
3
5
7
24
23
22
21
20
19
18
17
64
63
62
61
60
59
58
57
32
31
30
29
28
27
26
25
IP -1
40
39
38
37
36
35
34
33
8
7
6
5
4
3
2
1
48
47
46
45
44
43
42
41
16
15
14
13
12
11
10
9
56
55
54
53
52
51
50
49
K (48 bit)
E
E (R) 48 bit
+
B1
B2
B3
S
1
S
2
S
3
C1
C2
C3
B4
B5
S
4
B6
S
5
C4
C5
f (R,K ) 32 bit
83
B7
S
6
C6
B8
S
8
C7
Mi Bi l mt t 6 bit
S
8
C8
Mi Ci l mt t
4 bit
32
4
8
12
16
20
24
28
1
5
9
13
17
21
25
29
2
6
10
14
18
22
26
30
3
7
11
15
19
23
27
31
4
8
12
16
20
24
28
32
5
9
13
17
21
25
29
1
14 4 13
0 15 7
4 1 14
15 12 8
1 2 15 11 8 3 10 6 12 5 9
4 14 2 13 1 10 6 12 11 9 5
8 13 6 2 11 15 12 9 7 3 10
2 4 9 1 7 5 11 3 14 10 0
0 7
3 8
5 0
6 13
S2
15 1 8 14 6 11 3 4 9 7 2 13 12
3 13 4 7 15 2 8 14 12 0 1 10 6
0 14 7 11 10 4 13 1 5 8 12 6 9
13 8 10 1 3 15 4 2 11 6 7 12 0
0 5 10
9 11 5
3 2 15
5 14 9
S3
10 0
13 7
13 6
1 10
9 14 6 3 15 5 1 13
0 9 3 4 6 10 2 8
4 9 8 15 3 0 11 1
13 0 6 9 8 7 4 15
84
12 7
5 14
2 12
14 3
11 4 2 8
12 11 15 1
5 10 14 7
11 5 2 12
S4
7 13 14 3 0 6 9 10
13 8 11 5 6 15 0 3
10 6 9 0 12 11 7 13
3 15 0 6 10 1 13 8
1
4
15
9
2
7
1
4
8 5 11 12 4 15
2 12 1 10 14 9
3 14 5 2 8 4
5 11 12 7 2 14
S5
2 12 4
14 11 2
4 2 1
11 8 12
1 7 10 11 6
12 4 7 13 1
11 10 13 7 8
7 1 14 2 13
8 5 3 15 13
5 0 15 10 3
15 9 12 5 6
6 15 0 9 10
0
9
3
4
14 9
8 6
0 14
5 3
S6
12 1 10 15 9 2 6 8 0
10 15 4 2 7 12 9 5 6
9 14 15 5 2 8 12 3 7
4 3 2 12 9 5 15 10 11
13 3 4 14 7 5 11
1 13 14 0 11 3 8
0 4 10 1 13 11 6
14 1 7 6 0 8 13
S7
4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12
S8
13 2 8 4
1 15 13 8
7 11 4 1
2 1 14 7
6 15 11 1 10 9 3 14 5 0 12 7
10 3 7 4 12 5 6 11 0 14 9 2
9 12 14 2 0 6 10 13 15 3 5 8
4 10 8 13 15 12 9 0 3 5 6 11
16
29
1
5
2
32
19
22
85
7
12
15
18
8
27
13
11
20
28
23
31
24
3
30
4
21
17
26
10
14
9
6
25
S thut ton G
PC-1
C0
D0
LS1
LS1
C1
D1
LS2
LS2
C2
D2
PC2
K1
PC2
K2
............................................
LS16
C16
............... ..............
LS16
D16
PC2
K16
86
57
1
10
19
63
7
14
21
49
58
2
11
55
62
6
13
41
50
59
3
47
54
61
5
33
42
51
60
39
46
53
28
25
34
43
52
31
38
45
20
17
26
35
44
23
30
37
12
9
18
27
36
15
22
29
4
14
3
23
16
41
30
44
46
17
28
19
7
52
40
49
42
11
15
12
27
31
51
39
50
24
6
4
20
37
45
56
36
1
21
26
13
47
33
34
29
5
10
8
2
55
48
53
32
87
i > 1.
Trong hai cch CBC v OFB, ta dng DES to ra mt dng
t kho z1...zi....., ri sau lp m yi = xi zi (i 1). Dng kho
88
89
90
CHNG IV
92
93
1)/2
Bi ton lgarit ri rc :
Bi ton Diffie-Hellman :
95
Hy tm gi tr ab mod p .
C th chng minh c rng bi ton Diffie-Hellman qui
dn c v bi ton lgarit ri rc trong thi gian a thc. Thc
vy, gi s c thut ton gii bi ton lgarit ri rc. Khi , cho
mt b d liu vo ca bi ton Diffie-Hellman gm p, , a mod p
v b mod p ; trc ht dng thut ton cho (p, , a mod p ) ta
tm c a , v sau tnh c ab mod p = ( b ) a mod p. Ngi ta
cng chng minh c hai bi ton lgarit ri rc v DiffieHellman l tng ng v mt tnh ton trong mt s trng hp,
v d p -1 l B-mn vi B = O ((lnp)c ),c l hng s.
Tng t nh vi bi ton lgarit ri rc, ta cng c th nh
ngha cc bi ton Diffie-Hellman suy rng cho cc nhm cyclic
hu hn khc.
x .a
i =1
ij
y j (mod 2) ?
96
S = (P , C , K , E , D )
(1)
trong P l tp k t bn r, C l tp k t bn m, K l tp cc
kho K , mi kho K gm c hai phn K =(K,K''), K' l kho cng
khai dnh cho vic lp mt m, cn K'' l kho b mt dnh cho vic
gii m. Vi mi k t bn r xP , thut ton lp m E cho ta k
t m tng ng y =E (K', x) C , v vi k t m y thut ton gii
m D s cho ta li k t bn r x : D (K'', y) = D (K'', E (K', x)) =x.
xy dng mt h mt m kho cng khai RSA, ta chn
trc mt s nguyn n =p.q l tch ca hai s nguyn t ln, chn
mt s e sao cho gcd(e, (n)) =1, v tnh s d sao cho
e.d 1(mod (n)).
Mi cp K =(K,K''), vi K' =(n,e) v K'' = d s l mt cp kho ca
mt h mt m RSA c th cho mt ngi tham gia.
Nh vy, s chung ca h mt m RSA c nh ngha
bi danh sch (1), trong :
P = C = Zn , trong n l mt s nguyn Blum, tc l tch
ca hai s nguyn t;
K = {K =(K,K''): K' =(n,e) v K'' = d, gcd(e, (n)) =1,
e.d 1(mod (n))};
E v D c xc nh bi:
E (K', x) = xe modn, vi mi x P ,
D (K'', y) = yd modn, vi mi y C .
chng t nh ngha trn l hp thc, ta phi chng minh rng
vi mi cp kho K =(K' ,K'' ), v mi x P , ta u c
D (K'', E (K', x)) = x .
Thc vy, do e.d 1(mod (n)) ta c th vit e.d = t . (n) +1. Nu x
nguyn t vi n , th dng nh l Euler (xem 2.1.3) ta c
D (K'', E (K', x)) = xed xt ( n )+1 xt ( n ) .x (mod n) = x.
Nu x khng nguyn t vi n , th do n =p.q , hoc x chia ht cho p
v nguyn t vi q, hoc x chia ht cho q v nguyn t vi p, v
(n) =(p -1).(q -1),trong c hai trng hp ta u c
xt ( n )+1 x (mod p),
97
98
99
m c1 mod n1
m c2 mod n2
m c mod n
3
3
V x ni , nn x 3 n1n2n3 , do t c m =x 3. Vy l ta a c
bi ton tm cn bc ba theo ngha ng d modni v bi ton tm
cn bc ba theo ngha s hc thng thng: tm cn bc ba ca m ta
c x, tc c bn r!
Vi nhng l do khc, ngi ta c nhng bng chng
chng t rng h RSA cng khng bo m an ton nu ta dng
cc kho c s m gii m d l s nguyn b, d rng khi thut
ton gii m c lm vic hiu qu hn. V th, khi s dng cc h
mt m RSA, bo m an ton ta nn chn cc s m e v d l
nhng s nguyn ln, c kch c ln gn nh bn thn s n.
3. Li dng tnh nhn ca hm lp m. Ta ch rng hm
lp m f (x) = x emodn c tnh nhn (multiplicative property), ngha
l f (x.y) = f (x).f (y). Da vo tnh cht , ta thy rng nu c l mt
m ca bn r x, th c = c.u e mod n s l mt m ca bn r xu. Do
, khi ly c bn mt m c , pht hin bn r x ngi thm
m c th chn ngu nhin mt s u ri to ra bn m c ,v nu
ngi thm m c kh nng thm m theo kiu c bn m c
chn (xem 1.5.1), tc c kh nng vi c c chn tm ra bn r
tng ng l x =xu ,th bn r gc cn pht hin s l x
= x .u 1 mod n . Tt nhin, kh nng ngi thm m c nng lc gii
quyt bi ton thm m theo kiu c bn m c chn l rt him,
nhng du sao y cng l mt trng hp m vn bo mt d
b tn cng, ta khng th khng tnh n tm cch trnh!
4. Tn cng bng cch lp php m. Ta cng ch rng hm
lp m f (x) = x emodn l mt php hon v trn tp Zn ={0,1,...,n -1},
do vi mi c Zn nu ta thc hin lp php lp m c
100
S = (P , C , K , E , D ),
trong : P =C = Zn , trong n l mt s nguyn Blum, n =p.q, vi
p v q l hai s nguyn t c tnh cht p 3(mod4), q 3(mod4),
K = {K = (K', K'') : K' =(n,B), K'' =(p,q), 0B n 1},
cc thut ton E v D c xc nh bi
E (K' ,x) = x (x +B) modn ,
D (K'',y) =
B2
B
+ y mod n.
4
2
101
(2)
p 1
2
q 1
1mod p , C 2 1mod q .
p +1
q +1
l cc
Theo gi thit, p 3(mod4) v q 3(mod4), nn
va`
4
4
s nguyn; v ta c
V p v q l cc s nguyn t nn ta c C
( C
p +1
4 2
) C (mod p), (C
q +1
4 2
) C (mod q).
( q +1) / 4
(mod q )
z C
z C ( p +1) / 4 (mod p )
( q +1) / 4
(mod q )
z C
( p +1) / 4
(mod p )
z C
( q +1) / 4
(mod q )
z C
( p +1) / 4
(mod p )
z C
( q +1) / 4
(mod q )
z C
102
eK (x) = x 2 + 9x mod77,
d K (y) = 1 + y 43mod 77 ,
v 2-1=39mod77, 9.2-1 =9.39 =43mod77, B 2=4mod77, B 2/4 =1mod 77.
Vi x =44 ta c eK (x) = 442+9.44 =2332 =22mod77, bn m tng
ng vi x l y = 22. By gi gii m vi bn m y =22, bng th tc
ni trn ta c th tm c 4 gi tr ca 1 + y = 1 + 22 = 23 theo
mod77 l 10,67,32,45, t 4 gi tr c th c ca d K (y) l
S = (P , C , K , E , D ),
trong : P = Z p , C = Z p Z p , vi p l mt s nguyn t;
104
S = (P , C , K , E , D ),
trong : P =G, C = G G , vi G l mt nhm cyclic hu hn;
K ={K = (K', K'') : K' =(G, ,) , K'' = a , = a },
y l mt phn t nguyn thu ca nhm G.
Cc thut ton lp m eK = E (K' ,.) v gii m d K = D (K'',.)
c xc nh nh sau: Vi mi xP =G, lp mt m cho x trc
ht ta chn thm mt s ngu nhin k (0 k G ) ri tnh:
y = k
eK (x,k ) = (y1, y2), vi 1
k
y2 = x.
105
x3 = 2-x1-x2 , y3 = (x1-x3) - y1 ,
vi
( y2 y1 ) /( x2 x1 ), khi P Q;
2
khi P = Q.
(3 x1 + a ) / 2 y1 ,
106
4.5.2. H mt m Merkle-Hellman.
Bi ton sp ba l (tc bi ton KNAPSACK, cng c gi
l bi ton tng tp con) c t ra nh sau: Cho mt tp cc s
nguyn dng {a1 , a2 ,..., an } v mt s nguyn dng s. Hy xc
nh xem c hay khng mt tp con cc aj m tng ca chng bng
s. Mt cch tng ng, hy xc nh xem c hay khng cc xi
a x = s.
i =1 i i
107
j = 2,3,..., n : a j > ai ,
i =1
2. if
x .a
i =1
S h mt m Merkle-Hellman c nh ngha bi
S = (P , C , K , E , D ),
trong P = {0,1} , C ={0,1,...,n(p -1)}, K l tp cc b kho K =
n
E (K', x) =
x .b
i =1
108
4.5.3. H mt m McEliece.
H mt m McEliece c xy dng da vo tnh NP-y
ca bi ton gii m tuyn tnh t sa sai (trong l thuyt truyn
tin). Bi ton c t ra nh sau: gi s ngun tin l tp cc t k
bit nh phn, tc tp hp {0,1}k, c truyn i trn mt knh c
nhiu, tc l nu truyn trc tip cc dy t k bit th thng tin m ta
nhn c c th b sai lch v ta khng nhn c ng thng tin
c truyn i. khc phc nhng sai lch ngi ta tm cch
m ho ngun tin gc bng cch thm cho mi t k bit mang thng
tin mt s bit dng t hiu chnh, tc l thc hin mt php m
ho bin mi t k bit ban u thnh mt t n bit, vi n > k, c
gi l t m. Php m ho tuyn tnh l php m ho c thc
hin bng cch nhn t k bit ban u x vi mt ma trn G cp kn
c t m n bit y, y =x.G (cc php ton cng v nhn c
thc hin theo mod2). Ta nh ngha khong cch Hamming gia
hai t m n bit l s cc v tr m ti hai t m c gi tr khc
nhau; khong cch d ca h m l khong cch Hamming b nht
gia hai t m bt k. Nh vy, mt h m tuyn tnh c xc
nh bi mt ma trn G (gi l ma trn sinh), v c c trng bi
ba s [n,k,d ]. Nu d = 2t +1, th h m c kh nng t sa sai n t
sai ngu nhin nhim phi do nhiu ca knh truyn. Tuy nhin,
vic t sa sai (tc l khi nhn c t m c th c n t sai ta tm
li c ng t k bit thng tin ban u) ca cc h m tuyn tnh
nh vy ni chung kh phc tp, v bi ton gii m tuyn tnh t
sa sai c chng minh l mt bi ton NP-kh, tc cho n
nay cha bit c thut ton no lm vic trong thi gian a thc
gii c n. Mc du vy, ngi ta tm c mt s lp ring
cc h m tuyn tnh m i vi chng c th xy dng c
nhng thut ton gii m t sa sai lm vic c hiu qu, cc h m
Goppa l mt lp nh vy. H m Goppa l mt loi h m tuyn
tnh c cc c trng n = 2m, d =2t +1, k =n -mt , c ma trn sinh G
cp kn c xy dng da trn mt s tnh cht i s ca trng
GF(2n)-m y ta khng i vo cc chi tit.
c mt h mt m McEliece, trc ht ta chn mt h m
Goppa vi ma trn sinh G v cc c trng trn, sau dng mt
109
S = (P , C , K , E , D ),
trong P ={0,1} , C = {0,1}n , K l tp hp cc b kho K = (K', K''),
k
110
S = (P , C , K , E , D, R ),
trong P , C , K c hiu nh i vi cc h mt m kho cng
khai thng thng, R l mt tp cc phn t ngu nhin, v vi
vi mi x P , r R , d K ( eK (x,r )) = x.
Ngoi ra, ta mong mun mt iu kin an ton nh trong
nh ngha sau y c tho mn: ta k hiu pK,x l phn b xc
111
c.
S = (P , C , K , E , D, R ),
trong P ={0,1}, C = R = Z n , n =p.q l tch ca hai s nguyn t
ln, K l tp hp cc b kho K = (K', K''), trong kho cng khai
y
v do d th c y Qn = 1, v tnh c d K (y).
p
112
S = (P , C , K , E , D, R ),
trong P = Z , C = Z 2 Z n , R = Qn , n = p.q l tch ca hai s
nguyn t ln vi p q 3 mod 4; K l tp hp cc b kho K = (K',
2
si +1 = si mod n,
sau tnh dy s gi ngu nhin (z1,...,zl) bi zi =si mod2.
2.Tnh y =(y1,...,yl) vi yi = xi +zi mod2 (1 i l ).
3. Bn m l eK (x ,r ) = (y, sl+1) =(y1,...,yl ;sl+1).
Thut ton gii m d K = D (K'',.): C P c thc hin theo
cc bc sau y sau khi nhn c bn m (y1,...,yl ;sl+1) :
1. Tnh
a1 = (( p + 1) / 4)l +1 mod( p 1),
s0 b2 mod q
4. Vi s0 theo thut ton BBS ta tm li c dy bit (z1,...,zl).
5. Cui cng ta c
d K (y1,...,yl ;sl+1) = (x1,...,xl), vi xi = yi +zi mod2 (1 i l ).
Nh vy l h mt m Blum-Goldwasser c nh
ngha y . Ta ch rng nu bn r x gm l bit th trong bn
m tng ng, ngoi cc bit m y1,...,yl ta phi gi thm s sl+1, s
113
x ( p +1) / 4 x
= 1 , nn x(p+1)/4modp cng l mt thng d bc
=
p p
hai modp. T nhn xt ta suy ra vi mi i (i = 0,1,..,l ):
si si(+p1+1) / 4 (mod p ),
do ,
l +1
s0 126(mod 503)
114
115
CHNG V
Bi ton xc nhn v
ch k in t
5.1. Bi ton xc nhn v s ch k.
5.1.1. t vn .
Trong chng I, tit 1.3, ta lit k mt s bi ton ch yu
v an ton thng tin, trong ngoi bi ton quan trng nht l bo
mt thng tin th cc bi ton k tip l: xc nhn thng bo v xc
nhn ngi gi (cng vi thng bo), xng danh v xc nhn danh
tnh ca mt ch th giao dch, v.v... Bi ton bo mt c p
ng bng cc gii php mt m l ni dung ca cc chng III
v IV, trong chng ny v chng sau ta s cp n cc bi
ton xc nhn v nhn thc k trn, chng V ny s dnh cho bi
ton xc nhn thng bo v ngi gi thng bo, chng VI tip
theo s xt bi ton xng danh v xc nhn danh tnh.
Trong cch thc truyn thng, thng bo c truyn i
trong giao dch thng di dng cc vn bn vit tay hoc nh
my c km thm ch k (vit tay) ca ngi gi bn di vn
bn. Ch k l bng chng xc nhn thng bo ng l ca
ngi k, tc l ca ch th giao dch, v nu t giy mang vn bn
khng b ct, dn, ty, xo, th tnh ton vn ca thng bo cng
c chng thc bi ch k . Ch k vit tay c nhiu u im
quen thuc nh d kim th, khng sao chp c, ch k ca mt
ngi l ging nhau trn nhiu vn bn, nhng mi ch k gn lin
vi mt vn bn c th, v.v...
Khi chuyn sang cch thc truyn tin bng phng tin hin
i, cc thng bo c truyn i trn cc mng truyn tin s ho,
bn thn cc thng bo cng c biu din di dng s ho, tc
di dng cc dy bit nh phn, ch k nu c cng di dng
cc dy bit, th cc mi quan h t nhin k trn khng cn gi
c na. Chng hn, ch k ca mt ngi gi trn nhng vn
bn khc nhau phi th hin c s gn kt trch nhim ca
115
5.1.2. nh ngha s ch k.
nh ngha 5.1. Mt s ch k S l mt b nm
S = (P, A, K, S, V ),
trong : P l mt tp hu hn cc thng bo c th c,
A l mt tp hu hn cc ch k c th c,
K l mt tp hu hn cc kho, mi kho K K gm c
hai phn K =(K,K''), K' l kho b mt dnh cho vic k, cn K'' l
kho cng khai dnh cho vic kim th ch k.
Vi mi K =(K,K''), trong S c mt thut ton k sig K ' : P A , v
trong Vc mt thut ton kim th verK " : P A {ng,sai} tho
mn iu kin sau y i vi mi thng bo xP v mi ch k
yA :
verK " (x, y) = ng y = sig K ' (x ).
Vi s trn, mi ch th s hu mt b kho K =(K,K''), cng b
cng khai kho K'' mi ngi c th kim th ch k ca mnh,
v gi b mt kho K thc hin ch k trn cc thng bo m
116
mnh mun gi i. Cc hm verK " v sig K ' (khi bit K ) phi tnh
c mt cch d dng (trong thi gian a thc), tuy nhin hm
y = sig K ' (x ) l kh tnh c nu khng bit K - iu bo m
b mt cho vic k, cng tc l bo m chng gi mo ch k.
Bi ton xc nhn vi ch k in t, theo mt ngha no ,
c th xem l i ngu vi bi ton bo mt bng mt m, nh
c minh ho bi th d s ch k RSA, i ngu vi s
mt m RSA, di y :
5.1.3. S ch k RSA.
S ch k RSA c cho bi b nm
S = (P, A, K, S, V ),
trong P =A =Zn , vi n =p.q l tch ca hai s nguyn t ln p,q,
K l tp cc cp kho K =(K,K''), vi K = a v K'' = (n,b), a v b l
hai s thuc Z n tho mn a.b 1(mod(n)). Cc hm sig K ' v
verK " c xc nh nh sau:
sig K ' (x) = x a modn ,
verK (x,y ) = ng x yb (modn ).
D chng minh c rng s c nh ngha nh vy l hp
thc, tc l vi mi xP v mi ch k yA:
verK " (x, y) = ng y = sig K ' (x ).
Ch rng tuy hai vn xc nhn v bo mt theo s
RSA l c b ngoi ging nhau, nhng ni dung ca chng l hon
ton khc nhau: Khi A gi thng bo x cho B, B c cn c xc
nhn ng thc l thng bo do A gi, A phi gi km theo ch
k sig K ' (x), tc l A gi cho B (x, sig K ' (x)), trong cc thng tin gi
i , thng bo x hon ton khng c gi b mt. Cng tng
t nh vy, nu dng s mt m RSA, khi mt ch th A nhn
c mt bn mt m eK (x) t B th A ch bit rng thng bo x
c bo mt, ch khng c g xc nhn x l ca B.
Nu ta mun h truyn tin ca ta va c tnh bo mt va c
tnh xc nhn, th ta phi s dng ng thi c hai h mt m v
xc nhn (bng ch k). Gi s trn mng truyn tin cng cng, ta
c c hai h mt m kho cng khai S1 v h xc nhn bng ch k
S 2. Gi s B c b kho mt m K = (K', K'') vi K' = (n, e) v K'' = d
trong h S1, v A c b kho ch k K s = ( K s , K s ) vi K s = a v
K s = (n, b) trong h S 2. A c th gi n B mt thng bo va bo
117
S = (P, A, K, S, V),
= k modp,
= ( x a ).k 1 mod(p -1).
Thut ton kim th c nh ngha bi:
verK " (x, ( , ) ) = ng . x (modp).
D thy rng s ch k c nh ngha nh trn l hp
thc. Thc vy, nu sig K ' (x,k ) = ( , ), th ta c :
. a.k modp
x modp,
v k +a x mod(p -1). Do , verK " (x, ( , ) ) = ng.
118
. x (modp),
1
. x (modp).
2
T ta c
x x k ( ) (modp),
1
iu tng ng vi
x 1 - x2 k (1 - 2) (mod(p -1)).
t d = gcd(1 - 2, p -1). C ba s 1 - 2, p -1 v x 1 - x2 u chia ht
cho d, ta t
119
1 2
p 1
, p =
.
d
d
d
Khi ng d thc trn tr thnh
x k . (mod p ).
x =
x1 x2
, =
k = x. + i. p mod(p -1)
vi i l mt gi tr no , 0 i d 1. Th ln lt iu kin
= k modp
vi cc gi tr ca i , ta s tm c k ;sau t k tnh c a cn
tm.
2) Kh nng gi mo ch k trn mt vn bn cho trc :
Gi s ch th A chn s ch k ElGamal vi cp kho K
=(K,K''), trrong K = a l kho b mt. Mt ngi ngoi O khng
bit kho b mt K = a m mun gi mo ch k ca A trn mt
vn bn x th phi c kh nng to ra c ch k (, ) m khng
cn bit a. C hai cch : hoc chn trc ri tm tng ng, hoc
ngc li, chn trc ri tm tng ng.
Nu chn trc ri tm , th phi l
. x modp
vi n s . Ta cha bit c cch gii hu hiu no khng, nhng
chc l khng d hn bi ton tnh lgarit ri rc.
Nh vy, ta c th tin rng kh nng gi mo ch k trn
mt vn bn cho trc khi khng bit kho b mt K = a l rt t,
do khng c nh hng ng k n tnh an ton ca s ch
k.
3)Gi mo ch k cng vi vn bn c k :
C mt kh nng gi mo khc l gi mo c vn bn gi i
x cng vi ch k (, ) trn x. Kh nng xy ra khi k gi mo
chn c x v (, ) tho mn iu kin kim th, c th khi chn
c x,, c dng sau y :
= i . j modp,
120
= . j 1 mod(p -1),
x = .i. j 1 mod(p -1),
trong i, j l cc s nguyn sao cho 0 i, j p 2, gcd(j, p 1) = 1, v
j 1 c tnh theo mod(p 1). Thc vy, khi ta c
1
. ( i j ) . j modp
1
. i j . modp
x modp ,
tc iu kin kim th c tho mn, (, ) c th c xc nhn
hp thc l ch k trn x.
C th c mt cch gi mo khc na, nu k gi mo s
dng ch k ng (, ) trn mt vn bn x c t trc to ra
mt ch k ( , ) mi cho mt vn bn mi x nh sau:
= h . i . j modp,
= (h j ) 1 mod(p -1),
x = (hx + i )(h j ) 1 mod(p -1).
C th th li rng iu kin kim th ng i vi ch k
( , ) v vn bn x , tc l
. x modp.
C hai cch gi mo ni trn u cho ch k tho mn iu
kin kim th i vi vn bn tng ng, tuy nhin vn bn
khng phi l vn bn c chn theo mun ca ngi gi mo,
cho nn kh nng s dng cc cch gi mo trong thc t cng
khng c gi tr , do khng th gy nguy hi ng k cho tnh an
ton ca s ch k ni chung.
121
= ( k modp) modq,
= ( x + a ).k 1 modq.
Thut ton kim th c nh ngha bi:
verK " (x, ( , ) ) = ng ( e1 . e2 modp)modq = ,
trong e1 = x. 1 modq v e2 = . 1 modq.
Ch rng ta phi c 0 modq c th tnh c -1modq
dng trong thut ton kim th, v vy nu chn k m c 0
modq th phi chn li s k khc c c 0 modq.
5.3. Hm bm v ch k.
5.3.1. Hm bm (hash function).
Trong cc phn trn, ta gii thiu mt vi s ch k
in t. Theo cc s , ch k c xc nh cho tng khi ca
vn bn, v nu vn bn gm nhiu khi th ch k cho ton vn
bn cng phi do ghp ch k trn tng khi li vi nhau m
thnh; m ch k trn tng khi vn bn thng c di bng
(hoc thm ch gp i) di ca khi vn bn, do ch k
chung cng c di tng ng vi di vn bn. l mt
iu bt tin. Ta mong mun, nh trong trng hp vit tay, ch
k ch c di ngn v hn ch cho d vn bn c th di bao
nhiu cng c. i vi ch k in t, v ch k phi c k
cho tng bit ca vn bn, nn mun c ch k di hn ch trn
vn bn c di tu th phi tm cch rt ngn di vn bn.
Nhng bn thn vn bn khng th rt ngn c, nn ch cn
cch l tm cho mi vn bn mt bn tm lc c di hn ch,
ri thay cho vic k trn ton b vn bn, ta k trn bn tm lc
122
123
1
, ta c k 1,17 n . Trong trng hp ngy sinh, ta
2
c n =365, do k 22, 3 23.
Tr li vi vn chn di (ca biu din nh phn) cho
cc tm lc, nu ta ly chng hn di 40 bit, th n = 240, v do
t k 220 (khong mt triu) vn bn s c mt va chm mnh
vi xc sut 1/2, nh vy kh bo m c an ton. Nhng nu ta
ly d di ca bn tm lc l 128, tc n =2128, th va chm mnh c
th xy ra vi xc sut 1/2 khi s cc vn bn c th l k 264, mt
con s kh ln (so vi s vn bn c th ny sinh trong thc t), do
hy vng tnh an ton s c bo m. C th v vy m trong
chun DSS ngi ta chn di ca cc tm lc l 160 bit.
Khi =
Ta gi hm bm h c nh ngha nh vy l hm bm
Chaum-van Heijst-Pfitzmann. Hm bm c cc tnh cht l hm
mt pha v khng va chm mnh nh yu cu i vi mt hm
bm. Tnh mt pha ca hm c suy ra t tnh mt pha ca
hm lgarit ri rc. Cn tnh khng va chm mnh ca h c
chng minh bi nh l sau y : Nu bit mt va chm mnh i
vi h th c th tnh c log mt cch c hiu qu.
Gi s c mt va chm
h( x1 , x2 ) = h( x3 , x4 ),
trong (x1,x2) (x3,x4). Nh vy ta c
x1 . x2 x3 . x4 (modp),
tc l
x1 x3 x4 x2 (modp).
t d =gcd(x4 - x2, p -1). V p -1 = 2q v q l s nguyn t, nn ta c
d {1,2,q, p -1}. Ta xt ln lt bn kh nng ca d.
Gi s d =1. Khi , t y = (x4 - x2)-1mod(p -1), ta c
124
( x x ) y (modp)
( x x ) y (modp),
v ta c th tnh logarit ri rc log nh sau :
log = (x1 - x3)(x4 - x2)-1 mod(p 1).
By gi gi s d = 2. V p -1 = 2q v q l s l, ta phi c
gcd(x4 - x2, q) =1. Cng t y = (x4 - x2)-1modq, ta c
(x4 - x2)y = kq +1
vi k l mt s nguyn no , v ta c
( x x ) y kq +1 (modp)
(1) k (modp) (v q 1 (modp))
(modp).
4
Nh vy ta c
( x x ) y ( x x ) y (modp)
(modp).
4
T suy ra
125
5.3.4. Xy dng hm bm t cc h mt m.
C mt phng php chung xy dng hm bm l s
dng cc h mt m kho i xng. Gi s (P , C , K , E , D ) l mt h
mt m kho i xng m an ton c th nghim. tin
trnh by, ta c th gi thit rng P =C =K = Z 2n . Nn chn n kh
ln, c n 128 trnh kiu tn cng ngy sinh. Chng hn, c
th chn h mt m l h DES (c th vi nhng iu chnh cn
thit c di cc k t trong P , C , K thch hp). Xut pht t
hm lp mt m E ta xc nh mt hm f : Z 2n Z 2n Z 2n sao cho vi
mi (x ,y) Z 2n Z 2n , gi tr ca f(x, y) c tnh theo x, y v hm E .
By gi gi s cho x Z 2 . Nh trong mc trn, ta c th vit
x di dng ghp ni lin tip ca k on k t, mi on c n bit :
x = x1x2....xk .
Tip , ta chn mt gi tr ban u g0 Z 2n , v xy dng tip
g1, g2,...,gk theo qui tc
126
c nh ngha nh vy l mt hm nh x Z 2 vo Z 2n ; trong
trng hp chung c th khng bo m tnh an ton, nhng ngi
ta chng t c rng n l an ton trong cc trng hp hm f
c chn nh sau:
f (x, y) = x E (y,x),
f (x, y) = x y E (y,x),
f (x, y) = x E (y,x y),
f (x, y) = x y E (y,x y) ,
trong l php cng mod2 tng cp bit mt ca hai t c s bit
bng nhau.
5.4. Mt s s ch k khc.
5.4.1. S ch k Rabin.
Tng t nh s ch k RSA, s ch k Rabin cng s
dng s nguyn n l tch ca hai s nguyn t ln p v q, n =p.q ,
vi hm mt pha y l hm ly bnh phng ca mt s
nguyn theo modn, c hm ngc l hm tm cn bc hai theo
modn, mt hm khng tnh c mt cch d dng nu khng bit
cc tha s p ,q ca n.
Nh vy, mt cch i th, s ch k Rabin c th c
m t l mt b
S = (P, A, K, S, V),
trong P= Qn , A = Zn , K l tp cc cp kho K =(K,K''), trong
K'' = n l kho cng khai dng kim th ch k,n l tch ca hai
s nguyn t ln p v q, n =p.q , vi p q 3 (mod4), cn K = d
vi d = (n -p -q +5)/8 l kho b mt dng k. Cc hm sig K ' v
verK " c xc nh nh sau:
sig K ' (x) = x d modn ,
verK (x,y ) = ng x y 2 (modn ).
Ta ch rng nu p v q c chn vi tnh cht ni trn th vi
mi x P =Qn , x d modn l mt cn bc hai ca x theo modn, v
2
( p 1)( q 1) + 4
( p 1)( q 1)
+1
8
x 2d x
x 4
x (modn) ;
v cc hm sig K ' v verK " c nh ngha nh trn l hp thc.
Y tng c bn v mt s ch k Rabin ch n gin l
nh th, tuy nhin c mt s ch k dng c trong thc t,
127
m
m
589
m
m
589
m
m
589
m
m
589
6
-1
22
1
54
-1
70
-1
102
1
118
1
262
-1
278
1
294
-1
326
-1
454
1
470
-1
486
-1
502
1
518
-1
86
1
534
-1
550
1
134
1
150
-1
566 582
-1
1
129
5.4.2. S ch k Fiat-Shamir.
Mi s ch k Fiat-Shamir s dng mt hm bm h :
Z Z 2k ,bin mi dy k t nh phn x di tu thnh mt dy
c di k bit, c gi l tm lc ca x .
Mi thc th A to cho mnh cp kho K =(K,K'') bng cch:
chn hai s nguyn t khc nhau p v q, v t n =p.q ; sau chn
ngu nhin k s nguyn khc nhau s1,..., sk Z n , v tnh vi mi j
5.4.3. S ch k Schnorr.
S ch k Schnorr cng c xy dng tng t nh s
Fiat-Shamir, nhng y ta dng mt hm bm mt pha da
trn bi ton kh tnh lgarit ri rc.
Mi thc th A to cho mnh cp kho K =(K,K'') bng cch:
Chn mt s nguyn t ln p, mt s nguyn t q l c s ca
p -1, mt phn t cp q ca Z p , v mt s a , 1 a q -1. Gi K=a
l kho b mt , v cng b kho cng khai K'' = (p,q,,r), trong r
= a modp.
Chn mt hm bm h : Z 2 Z q . Ly P = Z 2 v A = Z q Z q .
130
131
y = sig K ( x ) = x a modp.
Giao thc kim th : Vi vn bn x v ch k y ngi nhn B cng
ngi k A thc hin giao thc kim th sau y:
1. B chn ngu nhin hai s e1 , e2 Z q , tnh c = y e1 . e2 modp
v gi c cho A,
1
mo,
nu
132
a (mod p ). Do ,
1
j k e1 + e2 (modq ).
T gi thit y x a(modp) suy ra l ak 0 (modq), tc nh thc ca
h phng trnh ni trn (vi cc n s e1, e2) l 0 (modq). Nh
vy, mi d G l cu tr li ng (theo giao thc kim th) ch vi
mt cp (e1, e2) trong q cp c th. V vy, nu y x a(modp) , th
xc sut B chp nhn y l ch k ca A trn x (theo giao thc) l
bng 1/q. nh l c chng minh.
i vi giao thc chi b, ta c nh l sau y :
D x f . f (mod p ).
Khi , ng d thc (d e ) f ( D f )e (modp) ng vi xc sut
1/q , tc nu y ng l ch k ca A trn x, th theo giao thc, B c
th kt lun rng n l gi mo (mt cch sai lm) vi xc sut 1/q.
Chng minh. a) Gi th y x a (mod p ) , v A,B cng thc
hin giao thc chi b. Do y khng l ch k ca A trn x nn B s
1
(d e2 ) f1 (( y e1 e2 ) a e2 ) f1 (modp)
133
ya
y e1a
e1 f1
f1
e a f e f (modp)
2
2 1
(modp).
Tng t, ta cng c
1
. Chn a =101,
phn t sinh ca mt nhm con G cp 233 ca Z 467
a
khi ta c = modp = 4101mod467 =449.
A c cp kho K =(K,K'') vi K =101, v K'' = (467, 4, 449).
Gi th A k trn vn bn x =119 vi ch k
y = 119101mod467 =129.
1)B c th dng giao thc kim th bit y c ng l ch
k ca A trn x hay khng nh sau: B chn ngu nhin e1=38,
e2=397, v tnh c =13; A s tr li li bng d =9. B th iu kin
d x e1 . e2 mod p ,
tc l
9 11938.4397(mod467).
ng d thc ng. B chp nhn 129 ng l ch k ca A trn
vn bn 119.
2) By gi ta th thc hin giao thc chi b. Gi th A gi
vn bn x =286 vi ch k y = 83. B chn ngu nhin e1=45, e2=237,
ri tnh c =305 v gi cho A; A tr li li bng d =109. B th iu
kin d x e1 . e2 (mod p ) , iu kin c tho mn v
134
135
CHNG VI
Cc s xng danh v
xc nhn danh tnh
6.1. Vn xng danh.
Trong chng trc ta thy cc k thut mt m c th
c ng dng xy dng nhiu gii php an ton cho vn
xc nhn cc thng bo cng vi ngi gi trn cc mng truyn
tin cng cng. Trong chng ny ta s xt vic ng dng cng cc
k thut cho bi ton xy dng cc s xng danh v xc nhn
danh tnh, cng l mt bi ton quan trng v thng gp trong
mi hot ng giao lu thng tin, c bit giao lu qua mng. Vic
xng danh v xc nhn danh tnh ca mt ngi thng l cn
thit trong nhng tnh hung nh:
- rt tin t cc my rt tin t ng (ATM), ta cn xng
danh bng cch dng mt th rt tin cng vi mt s PIN (s
xng danh c nhn) ca mnh
- mua hng hoc thanh ton mt khon tin qua mng
in thoi, ta cn thng bo s th tn dng (cng ngy ht hn)
ca mnh.
- truy nhp vo mt my tnh trn mt mng, ta cn khai
bo tn ngi dng cng mt hiu (password) ca mnh.
- v.v...
Trong thc t cuc sng, vic xng danh theo thi quen
thng khng i hi tnh an ton, chng hn cc s PIN, mt khu
thng khng c g bo m l c gi kn, ngi ngoi khng
bit c. Tuy nhin, cuc sng cng ngy cng c tin hc ho,
phn ln cc giao dch c thc hin trn cc mng tin hc, vic
xem thng cc yu cu v an ton trong cc khu xng danh v
xc nhn danh tnh l khng th tip tc c; cn phi c nhng
gii php bo m tnh an ton cho cc hot ng .
Mc tiu an ton ca vic xng danh l bo m sao cho khi
nghe mt ch th A xng danh vi mt ch th B, bt k mt ai
136
137
138
139
1 y 2y v r (modp)
v nu iu kin c tho mn th xc nhn danh tnh ca A.
Thc hin giao thc , A s chng minh c danh tnh
ca mnh, v
1 y 2y v r 1k + a r 2k + a r1 a r 2 a r (modp)
1k 2k (modp)
(modp)
tc iu kin m B cn th l ng. Nh vy, do bit cp s b mt
(a1, a2), nn A c th thc hin thng sut giao thc xc nhn
chng minh danh tnh ca mnh.
Ngc li, mt ngi khc A, do khng bit cp s b mt
(a1, a2), nn kh c kh nng tnh ng c (y1,y2) tr li B
bc 3 ca giao thc, tc l khng vt qua c s kim th ca
giao thc mo nhn mnh l A.
By gi gi s c mt ngi O c th thc hin thng sut
giao thc xc nhn c th c mo nhn l A, chng hn t nht
hai ln. iu c ngha l O bit c hai s r s v hai cp s
(y1,y2), (z1,z2) sao cho
1y 2y v r 1z 2z v s (modp).
t
b1 = ( y1 z1 )(r s )1 mod q,
1
b 2 = ( y2 z2 )(r s )1 modq ,
ta s c
v 1 b1 2 b2 (modp),
do
1 b 2 b 1 a 2 a (modp),
1
tc l
a1 b1
2b2 a2 (modp).
Gi thit rng O v A lin minh vi nhau, khi bit c c cc s
a1, a2, b1, b2.
Nu gi thit (a1, a2) (b1, b2) th a2 b2 , v
-1
(b2 - a2) modq tn ti, v lgarit ri rc c c tnh bi
c = log1 2 = (a1 b1 )(b2 a2 ) 1 modq.
Nh vy, nu O c th thc hin thng sut giao thc xc nhn
c mo nhn l A th khi O v A lin minh vi nhau c th tm
c kh d dng lgarit ri rc c. Nhng t u ta gi thit
vic tm ra c l cc k kh i vi bt k ai (l A, l O, thm ch l
lin minh ca A v O,...), nn cng s cc k kh O thc hin
c thng sut giao thc xc nhn vi mc ch mo xng l A.
Vy l ta chng minh c tnh an ton ca s xng danh
141
142
143
ri gi ID(A) v cho B.
2. B tnh v =h(ID(A)); chn mt s ngu nhin r (0 r 1) v
gi r cho A.
3. A tnh y =kur modn v gi y cho B.
4. B th iu kin v ryb (modn) xc nhn danh tnh ca
A.
Khi xng danh theo giao thc ni trn vi B, A ch cn bit
gi tr u l mt gi tr c tnh bi TA (v ch TA tnh c gi tr
). O khng th gi mo danh tnh ca A v O khng bit gi tr u.
(zero-knowledge proof)
Nh gii thiu trong phn m u 6.1, bi ton xng
danh v xc nhn danh tnh ng mt vai tr c ngha to ln
trong mi hot ng giao dch ca x hi. vic xng danh c
an ton, mt yu cu quan trng l cn chng c vic mo xng
danh tnh ca ngi khc trong giao dch. Khi vic giao dch c
in t ho mt cch rng ri, yu cu an ton t ra nhiu vn
cn c gii quyt bng nhng gii php khoa hc. Nhng gii
php n gin v th s nh trnh tn tui, mt hiu (password),...
khng cn an ton, v kh gi c b mt lm cho ngi khc c
th d dng bt chc mo xng. Trong cc phn trn ca
chng ny, ta trnh by mt s s xng danh da vo cc
giao thc hi-p, ngi kim th a ra cc cu hi, v ngi
xng danh tr li, da trn cc tr li ngi kim th hoc a
thm nhng cu hi mi, hoc chp nhn (hay bc b) danh tnh
ca ngi xng danh. Phn ln cc giao thc hi-p trong cc s
xng danh u c t nhiu tnh cht ca mt chng minh
khng l tri thc, d tri thc m ta cp n ch l vic bit hay
khng bit mt b mt (ca kho xng danh). Khi nim chng
minh khng l tri thc ban u xut pht t vic nghin cu cc s
xng danh, v sau c m rng cho nhiu loi bi ton
khc.
Cc bi ton m ta s tm kim cho chng nhng chng
minh khng l tri thc thng l nhng bi ton quyt nh, l
nhng bi ton c xc nh bi mt tp d liu v mt tnh
cht , v ni dung ca bi ton l xt xem vi mi x , x c tnh
cht hay khng. Mt s lp cc bi ton quyt nh nh vy
c xt n khi ta nghin cu v phc tp tnh ton trong
chng II. Tham gia vo mt giao thc chng minh gm c hai
ngi: mt l ngi chng minh (k hiu l P-prover) v mt l
ngi kim th (k hiu V- verifier). Giao thc gm cc cu hip gia V v P, thng l V a ra cc cu hi hay thch , v V
a ra cc cu tr li. Gi th P bit chc chn rng x c tnh cht
, P c th dng mt giao thc chng minh thuyt phc V tin
rng x c tnh cht , v mt giao thc chng minh c gi l
khng l tri thc, nu ngoi vic thuyt phc c V tin l x c tnh
cht ra, P khng l bt c mt thng tin no c th gip ngi
khc (k c V) dng chng minh x c tnh cht . Trc khi a
ra c cc nh ngha ton hc v cc khi nim , ta hy xt mt
th d v mt bi ton quen thuc l bi ton ng cu graph, vi
tp d liu l tp cc cp graph (G1, G 2), v ni dung bi ton l
cu hi: hai graph G1 v G 2 c ng cu vi nhau khng. Trong l
147
G1
G2
148
149
150
151
CHNG VII
152
153
= aC
+ crC
= bC
1 rA + rB rA rB
1
= (rC rA )(rC rB ) ,
rC
0 1
rC
= bC
= aD
= bD
154
f ( x, y ) = aij xi y j mod p ,
i =0 j = 0
trong ai j Z p , 0 i, j k , ai j = a ji vi mi i, j.
v gi ( m1 , m2 ) n A.
3. A dng hm gii m d K A cho m1 thu c K, T,L,ID(B).
Sau tnh
m3 = eK ( ID( A), T ) ,
v gi (m3 , m2 ) cho B.
4. B dng cc hm gii m d K B cho m2 v dK cho m3 thu
c K ,T, L,ID(A) v ID(A),T . Nu th thy hai gi tr ca ID(A)
v ca T trng nhau, th B tnh tip
m 4 = eK (T +1)
v gi m4 cho A.
5. A dng hm gii m dK cho m4, v th xem kt qu thu
c c ng l T +1 hay khng.
155
aA
mod p v gi bA cho B.
aB , tnh bB =
aB
mod p v gi bB cho B.
157
eK ( x, k ) = ( y1 , y2 ),
trong
y1 = k mod p, y2 = x k mod p.
K = bAaB mod p,
yB = sig B (bB , bA ),
v gi (C(B),bB , yB) cho A.
3. A tnh
K = bBa mod p,
A
yA = sigA(bA , bB ),
v gi (C(A), yA) cho B.
4.B dng verA kim th yA ,v dng verTA kim th C(A).
Nu tt c cc bc c thc hin v cc php kim th
u cho kt qu ng n, th giao thc kt thc, v c A v B u
c c kho chung K . Do vic dng cc thut ton kim th nn
A bit chc gi tr bB l ca B v B bit chc gi tr bA l ca A, loi
159
C(A), rA
A
C(B), rB
C(B), rB
160
v B tnh c kho
K 2 = rA aB + rB a A mod p.
161
ID(A), pA, rA
A
ID(B),pB , rB
ID(B),pB, rB
162
of
163