Scribd Logo
Upload

Welcome to Scribd!

  • 040341 PKI基础-密码学概述

    Uploaded by

    Dawei Lan
    12 views86 pages
    040341_PKI基础-密码学概述

    Original Title

    040341_PKI基础-密码学概述

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    040341_PKI基础-密码学概述

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views86 pages

    040341 PKI基础-密码学概述

    Uploaded by

    Dawei Lan
    040341_PKI基础-密码学概述

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 86

    PKI

    Mail: Xgs@ncs-cyber.com.cn
    http: www.ncs-cyber.com.cn

    z
    z
    z VQ

    z
    z

    z BCH
    z
    z
    z

    S = {PCKED}
    P =
    C =
    K =
    E =
    D =
    kKEkDk

    Sk = {PCk Ek Dk}
    C = EkP
    P = DkC = Dk EkP

    >>()>
    ()>

    z
    z
    z
    z E =2143
    z D =2143
    z M =
    z C = E(M) =

    z
    z
    z
    z

    a b c d e f g h i j k l m n o p q r s t u v w x y z
    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

    m = Caser cipher is a shift substitution


    c = FDVHDU FLSHU LV D VKLIW
    VXEVWLWXWLRO

    let C = Cipher text, P = Plain text, k is key,


    E()/D() is the encryption/decryption function,
    then
    C=E(P, k), P=D(C, k)

    K
    A
    M C

    M C
    B
    K

    DES
    Data Encryption Standard,
    20
    DESIBM 1970
    Lucifer 19761123DES

    DES
    DES64
    5664
    DES
    http://dir.yahoo.com/Computers_and_Internet/Security_and
    _Encryption/RSA/RSA_Secret_Key_Challenge/
    DES (cont.)
    64

    IP

    L1 R1

    F(R1,K1) K1

    L2 R2

    F(R2,K2) K2

    L3 R3

    F(R16,K16) K16

    L R

    IP-1

    64
    RC
    RCRon RivestRSA

    z RC1
    Rivest
    z RC2(RC3
    RSADSI);
    z RC4Rivest1987
    z RC5Rivest1994

    DES(56),RC5-32/12/5, RC5-32/12/6,RC-32/12/7
    1997
    IDEA
    Xuejia LaiJames Massey
    IDEA
    6412864
    IDEA
    (
    )
    IDEA()
    Ascom-Tech AG;
    PGPIDEA
    AES CandidateRijndeal
    AES
    5Mars, RC6, Rijndael,
    Serpent, and Twofish
    RijndaelSquare
    (Wide Trail Strategy)

    Rijndael
    AES
    128bit128/192/256bit
    r10/12/14
    ()
    m=m1,m2,.mk
    k=k1,k2,.kk
    ci=miki ,i=1,2,.k

    Whitefield DiffieMartin HellmanNew


    Directions in Cryptography,1976


    (troopdoor one-way function)

    B
    A
    M C


    B M C

    NP
    Ralph MerkleMartin
    Hellman
    Shamir
    RSA
    Ron Rivest, Adi ShamirLeonard Adleman 1977
    1978

    RSA

    DES1000DES
    100
    (ISOITUIETFSWIFT)
    RSAPKCS
    RSA-155(512 bit), RSA-1401999
    RSA (cont.)
    nn = pq
    (n)=(p-1)(q-1).
    e,1e<(n), ((n),e)=1.
    (n),e
    d = e1 mod(n)
    n,e,d.(p,q
    )
    Ek ( x) = x e mod n, x Z n
    D ( y) = yd modn, y Z
    k n
    RSA
    1.
    z :1024,
    z p-1,q-1

    z p+1,q+1

    z ee31765537
    2^16+1
    2.
    z ,
    RSA
    1.
    z A(e,n),Bm
    z c=me mod n A, A

    z m=cd mod n

    z :
    z A,,A.
    z ,.

    z
    RSA
    2.
    z A(e,n),(d,n),Am
    :s=H(m)d mod n, H(x)
    (hash).
    z Am
    H(m)=se mod n
    z :,A,
    A
    z
    RSA
    3.
    z A(e1,n1),(d1,n1)
    z B(e2,n2),(d2,n2),n1>n2

    z ABm,

    z A c=((me2) mod n2)d1 mod n1

    z Ac B,A

    z Bm=((ce1) mod n1)d2 mod n2


    RSA
    4.
    z A,B(IDEA)m,
    z A,BRSA

    z Bk,A
    (e,n),Bk
    z c=ke mod n A, A

    k=cd mod n
    z A,Bk(IDEA)


    1978McEliece

    Goppa
    1985Neal KoblitzV.S.Miller

    DH
    1993

    LUC

    Elgemal
    Elgemal1985
    (
    NIST
    DSS)
    Elgemal,SchnorrDSA

    ElgemalDH
    DH1997429
    Elgemal (cont.)
    pgx gxp
    y=gx mod p
    z ygp
    z x
    z gp
    Elgemal
    z M-k-kp-1
    z a = gk mod p
    z b = yk M mod p
    z M = b/ax mod p
    Elgemal
    z a = gk mod p
    z bM = (xa+kb)mod(p-1) a,b
    z yaab mod p = gM mod p
    DSA
    19918NISTDSA
    DSS
    DSANSASchnorr
    ElGamal
    DSADiffle-Hellman
    Merkle-HellmanSchnorr1997
    Schnorr2008
    DSA (cont.)

    z p-LL512102464
    z q-160p-1
    z g = h (p-1)/q mod php-1h (p-1)/q mod p1
    z y = gx mod p
    x-q
    qk
    z r = (gk mod p) mod q
    z s = (k-1 (H(m)+x r)) mod q
    z rsm,H(.)HASHDSSSHA

    z w = s-1 mod q
    z u1 = (H(m) w) mod q
    z u2 = r w mod q
    z v = ((gu1yu2) mod p) mod q,v=r

    GOST1995

    ElGammalSchnorrDSA
    ESIGNNTT

    RSADSA


    DH
    1976DiffieHellmanDH

    DH

    DH

    DH
    DH (cont.)
    AliceBobngg
    n ng

    z AlicexBobX = gx mod n
    z BobyAliceY = gy mod n
    z Alice k = Yx mod n
    z Bobk = Xy mod n
    z k=k=gxyAliceBob
    ng n
    n-1/2
    EKE
    EKESteve BellovinMichael Merrit

    EKE

    EKE

    EKE
    EKE (cont.)
    AliceBobP
    K
    z Alice/P
    Ep(K)KBobEp(K)
    z BobPKK
    AlicePKAlice
    Ep(E (K))
    K

    z AliceKRAK
    BobEK(RA)
    z BobRA RBK
    Alice EK(RA RB)
    z AliceRA RBRA
    KRBBob EK(RB)
    z BobRB RB
    K

    (Hash)

    (Hash)M
    H

    (
    collision-free)

    Hash
    y=H(x),x
    y,
    z 1.,y,x,y=H(x)
    z 2.,y=H(x)

    z 3.,x1 x2 ,H(x1)=H(x2).

    hash MD5, SHA,

    MD

    Ron Rivest:
    z MD4[Rivest 1990, 1992, 1995; RFC1320]
    z MD5MD4[RFC1321]
    z MD2[RFC1319],Rogier1995
    IETF

    SHASHA-1

    NISTNSADSS
    (SHS)SHA[FIPS PUB 180]
    SHA-1[FIPS PUB 180-1]
    SHA/SHA-1MD4
    MD4160bit
    SHA
    SHAMD4MD5

    MD4 SHA MD5


    Hash 128bit 160bit 128bit
    512bit 512bit 512bit
    32bit 32bit 32bit
    48(3*16) 80(4*20) 64(4*16)
    2^64bit 2^64bit
    3 3(2,4) 4

    3 4 64
    MD43/4 MD41/7

    z
    z

    K
    A
    M C

    M C
    B
    K

    B
    A
    M C


    B M C

    K K

    A M C

    C

    B K M


    MACHASHHMAC

    M HASH H(M)

    M
    E(H(M),SK)

    M

    HASH E(H(M),SK)
    H(M)=D()
    H(M) H(M)=H(M) ??



    SSL
    SET
    IPSec
    SSL/TLS
    NetscapeIETF TLS
    SSL/TLS()

    SSLSSLSSL RECORD PROTOCOLSSL


    SSL HAND-SHAKE PROTOCOL
    SSL
    SSL
    SSLSSL

    SSL SSL SSL HTTP



    SSL
    TCP
    IP
    SSL

    SSL--

    SSL
    SSL
    SSL
    TCP/IP
    TCP/IP

    SSL--SSL

    SSL
    Step 1
    SSL
    V3.0CERTIFICATE TYPE
    Step 2

    Step 3
    Step 4
    RSA
    Step 5
    RSA

    Step 6
    SET
    19962IBM, Microsoft, Netscape, RSA, Terisa
    VeriSignSET v1(MasterCardVisa

    SETInternet

    SET
    z
    z X.509 v3

    IPSec
    IP3

    IPSec
    (AH), (ESP),
    , , (SA),
    (SA Bundle), ISAKMP.
    IPSecIPv6()

    z nk1k2kn
    n
    cnkK
    dnk

    Lagrange


    1

    1 2 3

    1 2 3 4

    5 6 7 8

    9 10 11 12


    1.4.2







    LSB
    DCT/DWT/FFT


    -F16


    DWT

    DCT



    2
    1








    4
    3

    PSNR=26.
    PSNR=42. 91dB
    58dB

    6
    PSNR=
    14.02 dB

    DCT

    Lena


    wLena,
    PSNR=43.19db

    ,

    PSNR=9.7db

    3.1

    z
    z

    z

    z
    z
    z

    You might also like