Professional Documents
Culture Documents
040341 PKI基础-密码学概述
040341 PKI基础-密码学概述
Mail: Xgs@ncs-cyber.com.cn
http: www.ncs-cyber.com.cn
z
z
z VQ
z
z
z BCH
z
z
z
S = {PCKED}
P =
C =
K =
E =
D =
kKEkDk
Sk = {PCk Ek Dk}
C = EkP
P = DkC = Dk EkP
>>()>
()>
z
z
z
z E =2143
z D =2143
z M =
z C = E(M) =
z
z
z
z
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
K
A
M C
M C
B
K
DES
Data Encryption Standard,
20
DESIBM 1970
Lucifer 19761123DES
DES
DES64
5664
DES
http://dir.yahoo.com/Computers_and_Internet/Security_and
_Encryption/RSA/RSA_Secret_Key_Challenge/
DES (cont.)
64
IP
L1 R1
F(R1,K1) K1
L2 R2
F(R2,K2) K2
L3 R3
F(R16,K16) K16
L R
IP-1
64
RC
RCRon RivestRSA
z RC1
Rivest
z RC2(RC3
RSADSI);
z RC4Rivest1987
z RC5Rivest1994
DES(56),RC5-32/12/5, RC5-32/12/6,RC-32/12/7
1997
IDEA
Xuejia LaiJames Massey
IDEA
6412864
IDEA
(
)
IDEA()
Ascom-Tech AG;
PGPIDEA
AES CandidateRijndeal
AES
5Mars, RC6, Rijndael,
Serpent, and Twofish
RijndaelSquare
(Wide Trail Strategy)
Rijndael
AES
128bit128/192/256bit
r10/12/14
()
m=m1,m2,.mk
k=k1,k2,.kk
ci=miki ,i=1,2,.k
(troopdoor one-way function)
B
A
M C
B M C
NP
Ralph MerkleMartin
Hellman
Shamir
RSA
Ron Rivest, Adi ShamirLeonard Adleman 1977
1978
RSA
DES1000DES
100
(ISOITUIETFSWIFT)
RSAPKCS
RSA-155(512 bit), RSA-1401999
RSA (cont.)
nn = pq
(n)=(p-1)(q-1).
e,1e<(n), ((n),e)=1.
(n),e
d = e1 mod(n)
n,e,d.(p,q
)
Ek ( x) = x e mod n, x Z n
D ( y) = yd modn, y Z
k n
RSA
1.
z :1024,
z p-1,q-1
z p+1,q+1
z ee31765537
2^16+1
2.
z ,
RSA
1.
z A(e,n),Bm
z c=me mod n A, A
z m=cd mod n
z :
z A,,A.
z ,.
z
RSA
2.
z A(e,n),(d,n),Am
:s=H(m)d mod n, H(x)
(hash).
z Am
H(m)=se mod n
z :,A,
A
z
RSA
3.
z A(e1,n1),(d1,n1)
z B(e2,n2),(d2,n2),n1>n2
z ABm,
z Ac B,A
z Bk,A
(e,n),Bk
z c=ke mod n A, A
k=cd mod n
z A,Bk(IDEA)
1978McEliece
Goppa
1985Neal KoblitzV.S.Miller
DH
1993
LUC
Elgemal
Elgemal1985
(
NIST
DSS)
Elgemal,SchnorrDSA
ElgemalDH
DH1997429
Elgemal (cont.)
pgx gxp
y=gx mod p
z ygp
z x
z gp
Elgemal
z M-k-kp-1
z a = gk mod p
z b = yk M mod p
z M = b/ax mod p
Elgemal
z a = gk mod p
z bM = (xa+kb)mod(p-1) a,b
z yaab mod p = gM mod p
DSA
19918NISTDSA
DSS
DSANSASchnorr
ElGamal
DSADiffle-Hellman
Merkle-HellmanSchnorr1997
Schnorr2008
DSA (cont.)
z p-LL512102464
z q-160p-1
z g = h (p-1)/q mod php-1h (p-1)/q mod p1
z y = gx mod p
x-q
qk
z r = (gk mod p) mod q
z s = (k-1 (H(m)+x r)) mod q
z rsm,H(.)HASHDSSSHA
z w = s-1 mod q
z u1 = (H(m) w) mod q
z u2 = r w mod q
z v = ((gu1yu2) mod p) mod q,v=r
GOST1995
ElGammalSchnorrDSA
ESIGNNTT
RSADSA
DH
1976DiffieHellmanDH
DH
DH
DH
DH (cont.)
AliceBobngg
n ng
z AlicexBobX = gx mod n
z BobyAliceY = gy mod n
z Alice k = Yx mod n
z Bobk = Xy mod n
z k=k=gxyAliceBob
ng n
n-1/2
EKE
EKESteve BellovinMichael Merrit
EKE
EKE
EKE
EKE (cont.)
AliceBobP
K
z Alice/P
Ep(K)KBobEp(K)
z BobPKK
AlicePKAlice
Ep(E (K))
K
z AliceKRAK
BobEK(RA)
z BobRA RBK
Alice EK(RA RB)
z AliceRA RBRA
KRBBob EK(RB)
z BobRB RB
K
(Hash)
(Hash)M
H
(
collision-free)
Hash
y=H(x),x
y,
z 1.,y,x,y=H(x)
z 2.,y=H(x)
z 3.,x1 x2 ,H(x1)=H(x2).
MD
Ron Rivest:
z MD4[Rivest 1990, 1992, 1995; RFC1320]
z MD5MD4[RFC1321]
z MD2[RFC1319],Rogier1995
IETF
SHASHA-1
NISTNSADSS
(SHS)SHA[FIPS PUB 180]
SHA-1[FIPS PUB 180-1]
SHA/SHA-1MD4
MD4160bit
SHA
SHAMD4MD5
3 4 64
MD43/4 MD41/7
z
z
K
A
M C
M C
B
K
B
A
M C
B M C
K K
A M C
C
B K M
MACHASHHMAC
M HASH H(M)
M
E(H(M),SK)
M
HASH E(H(M),SK)
H(M)=D()
H(M) H(M)=H(M) ??
SSL
SET
IPSec
SSL/TLS
NetscapeIETF TLS
SSL/TLS()
SSL--
SSL
SSL
SSL
TCP/IP
TCP/IP
SSL--SSL
SSL
Step 1
SSL
V3.0CERTIFICATE TYPE
Step 2
Step 3
Step 4
RSA
Step 5
RSA
Step 6
SET
19962IBM, Microsoft, Netscape, RSA, Terisa
VeriSignSET v1(MasterCardVisa
SETInternet
SET
z
z X.509 v3
IPSec
IP3
IPSec
(AH), (ESP),
, , (SA),
(SA Bundle), ISAKMP.
IPSecIPv6()
z nk1k2kn
n
cnkK
dnk
Lagrange
1
1 2 3
1 2 3 4
5 6 7 8
9 10 11 12
1.4.2
LSB
DCT/DWT/FFT
-F16
DWT
DCT
2
1
4
3
PSNR=26.
PSNR=42. 91dB
58dB
6
PSNR=
14.02 dB
DCT
Lena
wLena,
PSNR=43.19db
,
PSNR=9.7db
3.1
z
z
z
z
z
z