6HFXULWDWHDLQIRUPD LHL$OJRULWPLFULSWRJUDILFL

ÌQGUXP WRUGHODERUDWRU

5RGLFD LUWHD

2008
 Cuprins

Cuprins........................................................................................................................................3

Introducere..................................................................................................................................6

1R LXQLLQWURGXFWLYH.........................................................................................................6

/LVWDOXFU ULORU .................................................................................................................7

&HULQ HSHQWUXDFWLYLWDWHDGHODERUDWRU.............................................................................7

(YDOXDUHDDFWLYLW LLGHODERUDWRU .....................................................................................7

Lucrarea &ULSWDUHDVLPHWULF &LIUXULVXEVWLWX LH ....................................................................9

6FRSXOOXFU ULL..................................................................................................................9

1.2. Cifruri simetrice...............................................................................................................9

6XEVWLWX LDSROLDOIDEHWLF .................................................................................................9

6XEVWLWX LDSROLJUDPLF ..................................................................................................10

1.5. Teme propuse ................................................................................................................11

Lucrarea 2. Cifruri bloc. Algoritmul DES................................................................................13

6FRSXOOXFU ULL................................................................................................................13

2.2. Cifruri bloc ....................................................................................................................13

3UH]HQWDUHDJHQHUDO DVWDQGDUGXOXL'(6 ......................................................................13

2.3.1. Criptarea cu DES ....................................................................................................14

2.3.2. Decriptarea cu DES ................................................................................................18
3URSULHW LOHOXL'(6...............................................................................................18
2.4. Teme propuse ................................................................................................................18

Lucrarea 3. Modurile de operare ale cifrurilor bloc .................................................................19

6FRSXOOXFU ULL................................................................................................................19

3.2. Descrierea celor cinci modurilor de operare standardizate ...........................................19

 ÌQGUXP WRUGHODERUDWRU

3.2.1. Modul ECB (Electronic Code Block).....................................................................20

3.2.2. Modul CBC (Cipher Block Chaining)....................................................................21
3.2.3. Modul CFB (Cipher FeedBack) .............................................................................21
3.2.4. Modul OFB (Output FeedBack) .............................................................................22
3.2.5. Modul CTR (Counter mode) ..................................................................................23
3.3. Teme propuse ................................................................................................................24

/XFUDUHD3URFHVXOGHVHOHF LD$(6$Ogoritmul AES...........................................................27

6FRSXOOXFU ULL................................................................................................................27

3URFHVXOGHVHOHF LH$(6 ...............................................................................................27

&HULQ HOH$(6úLILQDOLúWLL ........................................................................................27

&RPSDUD LDSHUIRUPDQ HORUSHQWUXILQDOLúWL$(6....................................................28
&RQFOX]LLOHVHOHF iei................................................................................................29
4.3. Algoritmul Rijndael.......................................................................................................30

6SHFLILFD LLOHDOJRULWPXOXL5LMQGDHO........................................................................30
4.3.2. Setarea cheii............................................................................................................34
4.3.3. Cifrul.......................................................................................................................35
4.3.4. Cifrul invers............................................................................................................36
$YDQWDMHúLOLPLW UL .................................................................................................39
4.4. Teme propuse ................................................................................................................40

/XFUDUHD$OJRULWPLFXFKHLSXEOLFH3URLHFWXOGHVHOHF LH1(66,( ....................................41

6FRSXOOXFU ULL................................................................................................................41

5.2. Algoritmi cu chei publice ..............................................................................................41

5.2.1. ScuUW SUH]HQWDUHDDOJRULWPLORUFXFKHLSXEOLFH ....................................................41

5.2.1. Algoritmul RSA (Rivest- Shamir- Adleman).........................................................42
5.3. Proiectul NESSIE ..........................................................................................................43

&ULWHULLOHGHHYDOXDUHúLVHOHF LH...............................................................................44
$OJRULWPLGHVHOHF LH1(66,( ................................................................................45
5.4. Teme propuse ................................................................................................................46

Lucrarea 6. Proiectul de cercetare CRYPTREC.......................................................................47

6.1. Proiectul de cercetare CRYPTREC IPA (CRYPTography Research and Evaluation

Committees)..........................................................................................................................47

4
Tehnici de securitate a datelor

'HVSUHVHOHF LLOHGLQ86$(XURSD-DSRQLD..................................................................48

6.3. Teme propuse ................................................................................................................49

Bibliografie...............................................................................................................................51

5
 ÌQGUXP WRUGHODERUDWRU

Introducere

1R LXQLLQWURGXFWLYH1

$UWDúLúWLLQ DDVLJXU ULLVHFXULW LLLQIRUPD LHLVHQXPHúWHcriptografie (cryptography), iar cei

FDUH R SUDFWLF  VH QXPHVF FULSWRJUDIL &ULSWDQDOLúWLL VXQW FHL FDUH SUDFWLF  criptanaliza
(cryptanalysis) DUWD úL úWLLQ D GHFRGLILF ULL WH[WHORU FLIUDWH &ULSWRJUDILD úL FULSWDQDOL]D VXQW
reunite sub numele de criptologie (cryptology) LDUFHLFDUHRSUDFWLF VXQWFULSWRORJLL

Obiectivele criptografiei sunt:

• &RQILGHQ LDOLWDWHD – PHVDMXO FULSWDW WUHEXLH V  ILH LQWHOLJLELO GRDU pentru destinatarul
acestuia;
• Autentificarea – GHVWLQDWDUXO WUHEXLH V  DLE  SRVLELOLWDWHD V  FXQRDVF  FX VLJXUDQ 
originea mesajului.
• - Integritatea –GHVWLQDWDUXOWUHEXLHV DLE SRVLELOLWDWHDV YHULILFHGDF PHVDMXODIRVW
sau nu modificat în timpul trDQVPLVLHLXQ LQWUXV QX DU WUHEXL V  DLE  SRVLELOLWDWHD V 
modifice mesajul original.
• - Nerefuzarea / nerepudierea (nonrepudiation) – ([SHGLWRUXO QX WUHEXLH V  DLE 
SRVLELOLWDWHDGHDQHJDF HODIRVWH[SHGLWRUXOúLDOWHOH
Un algoritm criptografic, sau cifru HVWH R IXQF LH PDWHPDWLF  IRORVLW  SHQWUX
codificarea/criptarea WH[WXOXL FODU LQL LDO vQ WH[W FLIUDW úL GH DVHPHQHD SHQWUX
decodificarea/decriptarea FHOXL GLQ XUP  SHQWUX DRE LQHWH[WXO LQL LDO'HRELFHL VXQWGRX 
IXQF LLXQDSHQWUXFRGLILFDUHúi una pentru decodificare). Criptosistemul se compune dintr-un
DOJRULWPvPSUHXQ FXWRDWHtextele clare posibile, textele cifrateúLcheile.

'DF  VHFXULWDWHD XQXL DOJRULWP VH ED]HD]  SH S VWUDUHD VHFUHWXOXL DVXSUD PRGXOXL GH
IXQF LRQDUHDDOJRULWPXOXLDFHVWDOJRULWPVHQXPHúWHDOJRULWPUHVWULFWLY$OJRULWPLLUHVWULFWLYL
DX XQ LQWHUHV LVWRULF GHRDUHFH QX FRUHVSXQG VWDQGDUGHORU GH DVW ]L &D U VSXQV V-a introdus
QR LXQHDGHcheie$FHDVW FKHLHSRDWHILXQQXP URDUHFDUHGLQWU-un domeniu mare de valori.
AceVW GRPHQLX VH QXPHúWH VSD LXO FKHLORU $WkW RSHUD LD GH FRGLILFDUH FkW úL RSHUD LD GH
GHFRGLILFDUHIRORVHVFDFHDVW FKHLHúLGHSLQGGHHD

([LVW GRX WLSXULJHQHUDOHGHDOJRULWPLED]D LSHFKHLalgoritmi simetriciOXFU ULOH

úLalgoritmi cu chei – publiceOXFU ULOH

1
A. J. Menezes, P. C. van Oorschot, S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996,
available at: http://www.cacr. math.uwaterloo.ca/hac/

6
Tehnici de securitate a datelor

6FRSXO FULSWRJUDILHL HVWH GH D LQH vQ VHFUHW WH[WXO FODU úL VDX FKHLD vQ ID D XQRU LQWUXúL
&ULSWDQDOL]DHVWHúWLLQ DFDUHRE LQHWH[WXOFODUI U DDYHDDFFHVODFKHLHSULQHDSXWHPRE LQH
cheia sau textul clar. O încerFDUH GH FULSWDQDOL]  VH QXPHúWH atac 2 WHRULH IXQGDPHQWDO  vQ
FULSWDQDOL]  HQXQ DW  SHQWUX SULPD GDW  GH F WUH 'XWFKPDQ $ .HUFNKRIIV vQ VHFROXO ;,;
HVWHF VHFUHWXOWUHEXLHV UH]LGHvQvQWUHJLPHvQcheie.HUFNKRIIVSUHVXSXQHF XQFULSWDQDOLVW
FXQRDúWHvQDP QXQWDOJRULWPLLFULSWRJUDILFLúLPRGXOORUGHLPSOHPHQWDUH'DF DO LLQXSRW
V VSDUJ DOJRULWPLLDLF URUIXQF LRQDUHVHFXQRVFDWXQFLHVWHVLJXUF HLQXSRWVSDUJHQLFL
DOJRULWPLLDLF URUPRGGHIXQF LRQDUHQX-l cunosc.

/LVWDOXFU ULORU

'HVSUHODERUDWRU1R LXQLLQWURGXFWLYHELEOLRJUDILHFHULQ HvQGUXP WRUSUH]HQWDUH

&ULSWDUHDVLPHWULF &LIUXULVXEVWLWX LHvQGUXP WRU

&LIUXULEORF$OJRULWPXO'(6vQGUXP WRU

0RGXULGHRSHUDUHvQGUXP WRUSUH]HQWDUH

4. Advanced EncU\SWLRQ6WDQGDUG$(6vQGUXP WRUSUH]HQWDUH

3URLHFWXOGHVHOHF LH1(66,($OJRULWPLFXFKHLSXEOLFHvQGUXP WRUSUH]HQWDUH

3URLHFWXOGHVHOHF LH&5<375(&6LVWHPHGHVHFXULWDWHvQGUXP WRUSUH]HQWDUH

(YDOXDUHDDFWLYLW LLGHODERUDWRU

0&HULQ HSHQWUXDFWLYLWDWHDGHODERUDWRU

A. ÌQVXúLUHD XQRU QR LXQL GH ED]  FULSWRORJLH FULSWRJUDILH FULSWDQDOL]D DOJRULWPL VLPHWULFL
DOJRULWPLFXFKHLSXEOLFHFRQILGHQ LDOLWDWHLQWHJULWDWHDXWHQWLILFDUHHWF

B. &XQRúWLQ H JHQHUDOH GHVSUH DOJRULtmi criptografici, sisteme de securitate si proiecte de

VHOHF LH'(6$(656$5LMQGDHO3.,1(66,(&5<375(&HWF

C. 5HDOL]DUHD WHPHORU SHQWUX OXFU ULOH GH ODERUDWRU     3UHVXSXQH F XWDUHD
GRFXPHQWD LHL VL SUH]HQWDUHDVXFFLQWD DVXELHFWHORU SURpuse + prezentare pentru colegi (.doc
úLSSW

D.,PSOHPHQWDUHDXQRUDOJRULWPLFULSWRJUDILFLFUHDUHDXQHLDSOLFD LLFDUHXWLOL]HD] PDLPXO L

DOJRULWPLFULSWRJUDILFL VXEVWLWX LLOH'(6úL$(6FXFHOHPRGXULGHRSHUDUH56$VDXDO L
algoritmi - poate fLúLLPSOHPHQWDUHDDOJRULWPXOXLGHODWHPDDOHDV ODSXQFWXO&

(YDOXDUHDDFWLYLW LLGHODERUDWRU

• SHQWUXQRWDFHULQ HOH$VL%SOXVSUH]HQ DODODERUDWRU

7
 ÌQGUXP WRUGHODERUDWRU

• SHQWUXQRWDFHULQ HOH$VL%SUH]HQ DODODERUDWRUúLSUHJ WLUHDWHPHL&

• pentru nota maiPDUHFHULQ HOH$%&SOXVFHULQ HOH'

8
 /XFUDUHD&ULSWDUHDVLPHWULF &LIUXULVXEVWLWX LH

6FRSXOOXFU ULL

/XFUDUHD SURSXQH IDPLOLDUL]DUHD FX DOJRULWPLL VLPHWULFL VLPSOL GH FULSWDUH úL GHFULSWDUH ÌQ
FDGUXODFHVWHLOXFU ULVHYRULPSOHPHQWDFLIUXULED]DWHSHVXEVWLWX LDSROLDOIDEHWLF VLUHVSHFWLY
SROLJUDPLF úLVHYDIDFHRDQDOL] DDOJRULWPLORU

1.2. Cifruri simetrice

&LIUXULOHVLPHWULFHVHFDUDFWHUL]HD] SULQWU-RVLQJXU FKHLHKVHFUHW IRORVLW atât la criptare cât

úLla decriptare (Figura 1.1).

EK(M)=C, DK(C)=M.

Figura 1.1. Cifruri simetrice. Criptarea úi decriptarea cu cheie secret .

În DFHDVW OXFUDUH vor fi prezentate metode de codificare orientate pe caracter, metode utilizate
úL vQDLQWH GH DSDUL LD FDOFXODWRDUHORU ÌQ OXFU ULOH XUP WRDUH YRU IL SUH]HQWD L DOJRULWPL FDUH
XWLOL]HD] FRGLILFDUHDELQDU 

6XEVWLWX LDSROLDOIDEHWLF

&LIUXULOH VXEVWLWX LH înlocuiesc fiecare caracter din alfabetul mesajelor A cu un caracter din
alfabetul criptogramelor C 'DF  A={a1, a2, ... , an} atunci C={f(a1), f(a2), ... ,f(an)} unde
f:A CHVWHIXQF LDGHVXEVWLWX LHFRQVWLWXLQGFKHLDFLIUXOXL Cifrarea unui mesaj M=m1m2 ...
mn se face astfel:

EK(M)=f(m1)f(m2) ... f(mn)

'HFL VXEVWLWX LLOH VXQW WUDQVIRUP UL SULQ FDUH FDUDFWHUHOH OLWHUHOH VDX JUupurile de caractere
ale alfabetului primar sunt înlocuite cu caracterele sau grupurile de caractere ale alfabetului
secundar.
 ÌQGUXP WRUGHODERUDWRU

Cifrurile bazate pe VXEVWLWX LHSROLDOIDEHWLF FRQVWDXGLQXWLOL]DUHDSHULRGLF DXQRUVXEVWLWX LL

simple diferite. Fie d alfabete de cifrare C1, C2, ... ,CdúLdIXQF LLfiFDUHUHDOL]HD] VXEVWLWX LD
de forma fj:A->Cj , 1<=j<=d .

Un mesaj clar M=m1m2 ... mdmd+1 ... m2d ...YDILFLIUDWSULQUHSHWDUHDVHFYHQ HORUGHIXQF LL
f1,..., fd la fiecare al d-lea caracter: EK(M)=f1(m1) ... fd(md) f1(md+1) ...

ÌQ VXEVWLWX LD n-DOIDEHWLF  FDUDFWHUXO m1 al mesajului clar este înlocuit cu un caracter din
alfabetul A1 , m2 cu un caracter din alfabetul A2, …, mn cu un caracter din alfabetul An, mn+1
din nou printr-un caracter din alfabetul A1 etc., conform tabelului:

Caracter de intrare: m1 m2 m3 … mn mn+1 …

AlfabetGHVXEVWLWX LHA1 A2 A3 … An A1 …

Cifrul Vigenere este un exemplu de cifru XWLOL]kQG VXEVWLWX LH DOIDEHWLF . Pentru cifrul
Vigenere, cheia K este oVHFYHQ GHOLWHUHGHIRUPD

K = k1k2… kd,

iar fXQF LLOHfjGHVXEVWLWX LHVHGHILQHVFDVWIHO

fj(a) = (a +kj)(mod l), unde l este lungimea alfabetului.

Exemplu. Pentru cifrarea mesajului SUBSTITUTIE POLIALFABETICA cRQVLGHU P FKHLD

ACADEMIE ca úi sHFYHQ  GH RSW OLWHUH XWLOL]DW  UHSHWLWLY. )RORVLQG R FRUHVSRQGHQ 
ELXQLYRF  vQWUH OLWHUHOH DOIDEHWXOXL úL HOHPHQWHOH LQHOXOXL FODVHORU GH UHVWXUL PRG  $  
B = 1, … , Z = 25, din alfabetul limbii englezeVXEVWLWX LD-DOIDEHWLF FRQGXFHODXUP torul
text cifrat:

Text clar: SUBSTITUTIE POLIALFABETICA

Cheie: ACADEMIE

S + A = 18 + 0 (mod 26) = 18 (mod 26)= 18= S

U + C = 20 + 2 (mod 26) = 22 (mod 26) = 22 = W
B + A = 1 + 0 (mod 26) = 1 (mod 26) = 1 = B
… … … … … …
C + E = 2 + 4 (mod 26) = 6 (mod 26)= 6 = G
A + A = 0 + 0 (mod 26) = 0 (mod 26)= 0 = A
Text cifrat: SWBVXUBYTKESSXQELHAEIFQGA.

ÌQDFHVWH[HPSOXFDUDFWHUXOVSD LXDIRVWLJQRUDW'DF VHGRUHúWHXWLOL]DUHDFDUDFWHUXOXLVSD LX

DDOWRUFDUDFWHUHGHSXQFWXD LHVDXGLDFULWLFHVHFRQVLGHU DOIDEHWXOFRUHVSXQ] WRUGHOXQJLPH
lúLVHXWLOL]HD] LQHOXOFODVHORUGHUHVWXULPRGl.

1.4. SXEVWLWX LDSROLJUDPLF

ÌQ FD]XO FLIU ULL OLWHUHORU individuale IUHFYHQ D GH DSDUL LH D unei litere în textul cifrat este
DFHHDúLFXIUHFYHQ DGHDSDUL LHDOLWHUHiFRUHVSXQ] WRDUHGLQWH[WXOFODU$FHDVW LQYDULDQ D
IUHFYHQ HORUIXUQL]HD] RFDQWLWDWHGHLQIRUPD LHVXILFLHQW SHQWUXVSDUJHUHDFLIUXOXLAstfel, în
10
Tehnici de securitate a datelor

urma unor analize statistice, s-D FRQVWDWDW F  QXP UXO GH DSDUL LH D OLWHUHORU vQWU-un text din
OLPEDHQJOH] GHFDUDFWHUHHVWH(75«4-=
Deoarece caracterele E, T sau R au R IUHFYHQ  PDL PDUH GH DSDUL LH VXQ PDL XúRU GH
determinat.

&LIUXULOH ED]DWH SH VXEVWLWX LH SROLJUDILF  UHDOL]HD]  VXEVWLWXLUHD XQRU EORFXUL GH FDUDFWere
(poligrame) din textul clar distrugând astfel dependen a dat  GH IUHFYHQ elor diferitelor
caractere, dependen util vQFULSWDQDOL] .

Vom considera un mesaj M=m1m2m3… mdmd+1… úLXQFLIUXFDUHSUHOXFUHD] SROLJUDPHOHGH

lungime d&ULSWRJUDPDUH]XOWDW HVWHC=c1… cdcd+1..cd+d)LHFDUHSROLJUDP mid+1… mid+d va fi
SUHOXFUDW vQSRligrama cid+1… cid+dSULQIXQF LDGHVXEVWLWX LHfi astfel:

cid+1=fj(mid+1, … , mid+d)

3HQWUXPLQLPL]DUHDLQIRUPD LHLFRODWHUDOHdat GHIUHFYHQ DGHDSDUL LHDOLWHUHORUVe FLIUHD]

grupurilor de n litere (n-grame). În cazul când un grup de n litere este substituit printr-un alt
grup de n OLWHUHVXEVWLWX LDVHQXPHúWHSROLJUDPLF .

Exemplu. &HD PDL VLPSO  PHWRG  GH VXEVWLWX LD SROLJUDPLF  VH RE LQH SHQWUX n=2 când
diagrama m1m2 din textul clar se substituie cu diagrama c1c2 din textul cifrat. &RUHVSRQGHQ a
ELXQLYRF  GLQWUH GLDJUDPHOH m1m2 úL c1c2 VH SRDWH VWDELOL FX DMXWRUXO XQXL WDEHO GH IRUP 
S WUDWLF  /LWHUHOH GLQ FRORDQ  GLQ VWkQJD S WUDWXOXL úL GLQ UkQGXO GLVSXV GHDVXSUD S WUDWXOXL
servesc drept coordonate pentru diagrama m1m2 din textul clar, iar diDJUDPD FLIUDW  c1c2 se
VLWXHD] ODLQWHUVHF LDOLQLHLm1 cu coloana m2 sub forma:

A B C D E …
A QX FN LB YE HJ …
B AS EZ BN RD CO …
C PD RA MG LU OP …
… … … … … … …

Tabelul este de fapt cheie în procesul de codificare. AstfelSHQWUXWDEHOXOSDU LDOGHmai sus,

GDF vQWH[Wul clar apare grupul de litere AB acesta va fi înlocuit în textul cifrat cu grupul FN,
grupul AC cu grupul LB, etc.

Pentru decodificare se poate utiliza un alt tabel. Tabelul pentru decodificare este generat
identificând în tabelul de codificare diagrama c1c2 úLformând diagrama m1m2 FRUHVSXQ] WRDUH
din coordonatele ei. În tabelul de decodificare c1 va fi OLQLD úL c2 coloana pentru diagramei
m1m2. Astfel SRUQLQG GH OD WDEHOXO GH FRGLILFDUH SDU LDO SUH]HQWDW PDL VXV, în tabelul de
decoGLILFDUHSHOLQLD4úLFRORDQD;YRPDYHDJUXSXOGHOLWHUH$$, etc.

1.5. Teme propuse

 6  VH scrie un program (în unul din limbajele de programare cunoscute) FDUH UHDOL]HD] 
codificarea unuiILúLHUWH[WXWLOL]kQGFLIUXO9LJHQHUH. 6HYD LQHFRQWGHalfabHWXOúLlungimea
alfabetului ales.

2. S VHSURSXQ IRUPXODFRUHVSXQ] WRDUHIXQF LHLGHGHFRGLILFDUHvQFD]XOFLIUXO9LJHQHUH6 

se implementeze R IXQF LH GH GHFULSWDUH úL V  VH YHULILFH IRUPXOD úL LPSOHPHQWDUHD

11
 ÌQGUXP WRUGHODERUDWRU

decodificând textul criptat anterior, la tema 1.

6 VHDQDOL]H]HSRVLELOLW LOHGHVSDUJHUHDFLIUXOXL Vigenere.

4. 6 se realizeze un tabel cheie pentru codificaUHD XWLOL]kQG VXEVWLWX LD SROLJUDPLF . Se vor
considera JUXSXULGHFkWHGRX OLWHUH 6 VHFodificeXQILúLHUWH[WXWLOL]kQGPHWRGDVXEVWLWX LHL
poligramice. Se va folosi unul din limbajele de programare cunoscute.

5. 6 VHLPSOHPHQWH]HRIXQF LHGHGHFRGLILFDUHúLV VHYHULILFHGHFRGLILFkQGWH[WHFRGLILFDWH

ODWHPDIRORVLQGVXEVWLWX LDSROLJUDPLF 

6. 5HDOL]D L un program pentru codificare/decodificare FDUHXWLOL]HD] VXEVWLWX LDSROLJUDPLF 

pe grupuri de câte trei caractere.&DUHVXQWDYDQWDMHOH"'DUGH]DYDQWDMHOH"7HP RS LRQDO 

7. 6 VHDQDOL]H]HSRVLELOLW LOHGHVSDUJHUHDFLIUXOXL FDUHXWLOL]HD] VXEVWLWX LDSROLJUDPLF .

12
 Lucrarea 2. Cifruri bloc. Algoritmul DES

6FRSXOOXFU ULL

/XFUDUHD SUH]LQW  FDUDFWHULVWLFLOH FLIUXULORU EORF úL SURSXQH DQDOL]D DOJRULWPXOXL '(6 'DWD
Encryption Standard). Sunt introduse a modurilor de operare ale cifrurilor bloc care vor fi
discutatHvQXUP WRDUHDOXFUDUH

2.2. Cifruri bloc

Cifrurile bloc cu chei simetrice sunt cea mai importanta categorie de cifruri. Cifrurile bloc
DVLJXU vQSULQFLSDOFRQILGHQ LDOLWDWHDGDUSRWILLQWHJUDWHúLLQDOWHPHFDQLVPHFXPDUILFHOH
GHVWLQDWHLQWHJULW ii datelor.

8QFLIUXEORFHVWHRIXQF LH(FDUHDVRFLD] XQRUEORFXULGHnEL LGHWH[WFODUEORFXULGHn

EL L GH WH[W FLIUDW XQGH n HVWH OXQJLPHD EORFXOXL $FHDVWD IXQF LH GHSLQGH GH R FKHLH GH
lungime kEL L3HQWUXDSHUPLWHGHFULSWDUHD'DFHDVWDIXQF LHWUHEXLHVDILHLQYHUVDELO 

8QFLIUXEORFFLIUHD] FULSWHD] WH[WXOFODUvPS U LWvQEORFXULGHnEL LGHH[HPSOXGHEL L

FDúLvQFD]XO'(6&HDPDLVLPSODPHWRG HVWHV VHvPSDUW PHVDMXOLQEORFXULGHnEL LVL
V  VH FLIUH]H SH UkQG ILHFare bloc separat. Acest mode de operare VH QXPHúWH Electronic-
CodeBook (ECB) 3H OkQJ  DFHVW PRG GH RSHUDUH PDL H[LVWD DOWH SDWUX PRGXUL GH RSHUDUH
VWDQGDUGL]DWH GH F WUH ,QVWLWXWXO 1D LRQDO GH 6WDQGDUGH DO 68$ 1,67 2  FDUH vúL SURSXQ
V ´DVFXQG ´HYHQWXDOHOHúDEORDQHH[LVWHQWHvQWH[WXOFODU

3UH]HQWDUHDJHQHUDO DVWDQGDUGXOXL'(6

'DWD(QFU\SWLRQ6WDQGDUG'(6HVWHSULPXOVWDQGDUGGHGLFDWSURWHF LHLFULSWRJUDILFHDGDWHORU

GHFDOFXODWRUúLDIRVWGHILQLWvQVWDQGDUGXODPHULFDQ),36-2 în anul úLUH-evaluat si
valid succesiv în 1988, 19933, etc. Din 2004, NIST nu mai recomanda acest standard, locul lui
fiind luat de AES (Advanced Encryption Standard). DES este un cifru bloc, cu lungimea de
EL LSUHOXFUD LvPSUHXQ FXRFKHLHGHEL L

2
Pentru ELEOLRJUDILH SXWH L YL]LWD VLWH-ul National Institute of Standards and Technology (NIST),
“Recommendation for Block Cipher Modes of Operation, Methods and Techniques”, available at:
http://csrc.nist.gov/publications/ nistpubs/800-38a/sp800-38a.pdf; NIST Special Publication 800-38A 2001
Edition.1
3
Federal Information Processing Standards Publication 46-2, Data Encryption Standard (DES),
http://www.itl.nist.gov/fipspubs/fip46-2.htm
 ÌQGUXP WRUGHODERUDWRU

2.3.1. Criptarea cu DES

&LIUDUHD VH UHDOL]HD] GXS FXPVH SRDWHYHGHD úL vQILJXUD vQtrei etape: prima consta
dintr-R SHUPXWDUH LQL LDO  ,3 XUPDW  GH XQ FDOFXO FRPSOH[ FDUH FRQVW  GLQ  LWHUD LL
VXFFHVLYH LDU XOWLPD HWDS  FRQVW  GLQWU-o permutDUH LQYHUV  ,3-1 ÌQ SDUDJUDIHOH XUP WRDUH
sunt descrise în detaliu aceste etape.

(WDSD  3HUPXWDUHD LQL LDO  ,QL LDO EORFXO GH WH[W FODU GH OD LQWUDUH HVWH VXSXV XQHL
SHUPXW ULLQL LDOH,3 (vezi în tabelul 2.1.)

Tabelul 23HUPXWDUHDLQL LDO ,3

58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

ÌQFD]XOSHUPXW ULL,3GLQFHLGHEL LGHLQWUDUHGXS SHUPXWDUHD,3ELWXOGHODLQWUDUH

GHYLQHSULPXOELWODLHúLUHELWXOGHYLQHDOGRLOHDúDPGELWXOGHYLQHXOWLPXO

Etapa II. Cele 16 runde.$SRLEORFXOSHUPXWDWHVWHVXSXVXQXLFDOFXOFRPSOH[FDUHFRQVW 

din  LWHUD LL IXQF LRQDOH identice 1RW P FX Li-1 respectiv Ri-1 FHOH GRX  MXP W L VWkQJ 
UHVSHFWLYGUHDSW GHGHEL LFHFRPSXQEORFXOGHGHEL LVXSXVLWHUD LHLi.

Figura 2.1. Cifrarea utilizând DES

14
Tehnici de securitate a datelor

Fie Ki FKHLDSHQWUXLWHUD LDi format GLQWU-XQEORFGHGHEL LDOHúLDOHDWRULGLQFHLEL LDL

FKHLLLQL LDOH3UHOXFU ULOHXQHLLWHUD LLVXQW

Li=Ri-1, iar Ri=Li-1⊕ f(Ri-1, Ki).

Cheia Ki FRUHVSXQ] WRDUH XQHL LWHUD LL i depinde de i úL GH FKHLD LQL LDO  KEY GH  GH EL L
Ki=KS(i, KEY)&HLGHEL LDLFKHLLKiVHRE LQSULQSURFHGHXOLQGLFDWvQILJXUD

Figura 2.1. Generarea cheii

3URFHGHXO GH JHQHUDUH D FKHLORU GH UXQG Ki HVWH XUP WRUXO FKHLDKEY HVWH VXSXV  XQHL
SHUPXW UL3WDEHOXOEORFXOHVWHDSRLvPS U LWvQGRX EORFXULGHFkWHGHEL LCiúLDi,
GHSODVDWHDSRLODUkQGXOORUFXFkWHXQDVDXGRX SR]L LLODILHFDUHLWHUD LHFRQIRUPWDEHOXOXL
2.4.

,QWU ULOHKiVXQWDSRLVXSXVHGLQQRXXQHLSHUPXW UL3WDEHOXO

Tabelul 2.2. Permutarea P1 Tabelul 2.3. Permutarea P2

57 49 41 33 25 17 9 14 17 11 24 1 5
1 58 50 42 34 26 18 3 28 15 6 21 10
10 2 59 51 43 35 27 23 19 12 4 26 8
19 11 3 60 52 44 36 16 7 27 20 13 2
63 55 47 39 31 23 15 41 52 31 37 47 55
7 62 54 46 38 30 22 30 40 51 45 33 48
14 6 61 53 45 37 29 44 49 39 56 34 53
21 13 5 28 20 12 4 46 42 50 36 29 32

7DEHOXO1XP UXOGHGHSODV ULODILHFDUHLWHUD LH

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1

15
 ÌQGUXP WRUGHODERUDWRU

8OWLPDLWHUD LHGLQFHOHDOHDOJRULWPXOXLHVWHSX LQGLIHULW GHFHOHODOWHILLQGGHILQLW GHHFXD LLOH

L16=R15, si R16=L15⊕ f(R15, K16).

)XQF LDfVHRE LQHSULQWU-XQDOJRULWPGHVXEVWLWX LHQHOLQLDU SUH]HQWDWvQILJXUD'LQFHLGHEL L

LQL LDOLVHRE LQODLHúLUHFXDMXWRUXOIXQF LHLGHH[SDQGDUHESUH]HQWDW vQWDEHOXO

Figura 2.3 SchePDGHUHDOL]DUHDIXQF LHLI

7DEHOXO)XQF LD(7DEHOXO3HUPXWDUHD3

32 1 2 3 4 5 16 7 20 21
4 5 6 7 8 9 29 12 28 17
8 9 10 11 12 13 1 15 23 26
12 13 14 15 16 17 5 18 31 10
16 17 18 19 20 21 2 8 24 14
20 21 22 23 24 25 32 27 3 9
24 25 26 27 28 29 19 13 30 6
28 29 30 31 32 1 22 11 4 25

ÌQFRQWLQXDUHVHvQVXPHD] PRGFXFHLGHEL LDLFKHLL.i5H]XOWDWXOHVWHSDUWL LRQDWvQ

EORFXUL GH FkWH  EL L FDUH FRQVWLWXLH LQWU ULOH D  Futii Si L  FDUH UHDOL]HD]  R VXEVWLWX LH
QHOLQLDU FXLQWU ULúLLHúLUL&HOHFXWLL6VXQWSUH]HQWDWHvQWDEHOXO

În cazul unei cutii SiGDF %HVWHEORFXOGHEL LGHODLQWUDUHSi(B) este determinat în felul

XUP WRUSULPXOúLXOWLPXOELWDOEORFXOXL%UHSUH]LQW vQELQDUXQQXP UFXSULQVvQWUHúL
ILHDFHVWQXP Uk&HLEL LGLQPLMORFXOOXL%UHSUH]LQW vQELQDUXQQXP UFXSULQVvQWUHúL
ILHDFHVWQXP Ul). În tabela SiODLQWHUVHF LDUkQGXOXLk cu coloana lVHJ VHúWHXQQXP U
FXSULQVvQWUHúLDF UXLUHSUH]HQWDUHHVWHSHEL LFHFRQVWLWXLHLHúLUHDFXWLHLSi.

Fie S1, ..., S8FHOHRSWFXWLL63IXQF LDGHSHUPXWDUHúL(IXQF LDGHH[SDQGDUHSUH]HQWDWHvQ

WDEHOHOHVL3HQWUXDGHILQLIXQF LDf(Ri-1, Ki) vom preciza mai întâi blocurile B1, B2, ...,
B8GHEL LILHFDUHFDILLQG

B1B2 ...B8=Ki ⊕ E(Ri-1).

În acest caz blocul f(Ri-1,Ki) poate fi definit ca:

16
Tehnici de securitate a datelor

f(Ri-1,Ki)=P(S1(B1)S2(B2) ... S8(B8))

Tabelul 2.7. Cutiile S.

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
S1 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
S2 0 15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10
1 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
2 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
3 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9
S3 0 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
1 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1
2 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
3 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12
S4 0 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
1 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
2 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14
S5 0 2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9
1 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6
2 4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14
3 11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3
S6 0 12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11
1 10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8
2 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6
3 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13
S7 0 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
2 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
3 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12
S8 0 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7
1 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2
2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
3 2 1 14 7 4 10 18 13 15 12 9 0 3 5 6 11

Etapa III. Permutarea ILQDO  'XS  FDOFXOXO FRPSOH[ IRUPDW GLQ FHOH  LWHUD LL GHVFULVH
DQWHULRU EORFXO GH  GH EL L HVWH VXSXV XQHL SHUPXW UL LQYHUVH ,3-1 LQYHUVD FHOHL LQL LDOH
(tabelul 2.8).

Tabelul 2.8. Permutarea inversa IP-1

40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25

17
 ÌQGUXP WRUGHODERUDWRU

2.3.2. Decriptarea cu DES

'HFULSWDUHDFRQVW vQIRORVLUHDDFHOXLDúLDOJRULWPGDUFXFKHLOHKi aplicate în sens invers de la
K16 la K13ULPXOSDVvQGHVFLIUDUHHVWHDSOLFDUHDSHUPXW ULL,3FDUHGH]OHDJ XOWLPXOSDV,3-1,
GLQRSHUD LDGHFLIUDUH$SRLVHYDJHQHUDvQVHQVLQYHUV

Ri-1=Li, iar Li-1=Ri⊕ f(Li, Ki)

Se va pleca de la R16úL/16, generându-se la VIkUúLW50úL/0ÌQILQDOEORFXOGHGHEL LHVWH

VXSXVXQHLSHUPXW ULLQYHUVH,3-1.

3URSULHW LOHOXL'(6
(IHFWXO GH DYDODQú  2ULFH PLF  VFKLPEDUH D PHVDMXOXL FODU VDX D FKHLL YD SURGXFH R
VFKLPEDUHPDMRU vQWH[WXOFLIUDW6-DDU WDWF GXS FLQFLLWHUD LLILHFDUHELWDOWH[WXOXLFLIUDW
GHSLQGHGHWR LEL LLPHVDMXOXLúLDLFKHLL

Complementaritatea. '(6HVWHLQYDULDQWODFRPSOHPHQWDUHDPHVDMXOXLFODU0DOFKHLL.úL

al textului cifrat (C ), astfel EK(M)=C ⇔ EK’0¶ &¶ 8QGH .¶ 0¶ úL  &¶ UHSUH]LQW 
FRPSOHPHQWHOHID GHDOHOXL.0UHVSHFWLY&

&KHLVODEHúLVHPL-slabe'(6DUHFKHLVODEHúLSHUHFKLGHFKHLVHPL-VODEHRFKHLHVODE 
vQGHSOLQHúWH XUP WRDUHD FRQGL LH SHQWUX RULFH WH[W FODU 0 (K(EK(M))=M, iar o pereche de
cheie semi-slabe: EK1(EK20 0IXQF LDGHFULSWDUH FXRFKHLHRSHUHD] LGHQWLFFXFHDGH
decriptare utilizând perechea cheii).

2.4. Teme propuse

6 VHVWXGLH]HVWDQGDUGXO'(6

6 VHLPSOHPHQWH]H'(6XWLOL]kQGunul din limbajele de programare cunoscute.

36 VHWHVWH]HFULSWDUHDúLGHVFLIUDUHDXWLOL]kQGILúLHUHSHQWUXWH[WXOFODUUHVSHFWLYFLIUDW

&HVHvQWkPSO GDF VHPRGLILF FXWLLOH6VDXSHUPXW ULOH,331, P2 ?

3URSXQH LVFKHPHGHvQW ULUHSHQWUX'(6

6. Tema&RPSDUD L'(6FX7ULSOH-DES.

7. Tema $QDOL]D L VL FRPSDUD L FHOH FLQFL PRGXULOH GH RSHUDUH VWDQGDUGL]DWH DOH FLIUXULORU
bloc: ECB, CBC, CFB, OFB, CTR1.

18
 Lucrarea 3. Modurile de operare ale cifrurilor bloc

6FRSXOOXFU ULL

Modurile de operare sunt folosite pentru a cripta mesajHOH GH OXQJLPH DUELWUDU  XWLOL]kQG
FLIUXULEORF3HQWUXDILIRORVLWRUXQPRGGHRSHUDUHWUHEXLHV ILHFHOSX LQODIHOGHVLJXUúLGH
HILFLHQW FD úL FLIUXO FX FDUH HVWH IRORVLW 0RGXULOH GH RSHUDUH SRW DYHD SURSULHW L DGL LRQDOH
celor ale cifrului de bD] 

Modurile de operare standard pentru DES au fost publicate în FIPS 814úLvQ$16,;5.

ISO6 a standardizat de asemenea cele 4 moduri de operare pentru a fi aplicabile la blocurile de
FLIUHGHRULFHOXQJLPHÌQGXS VWDQGDUGL]DUHD$(61,67D aprobat un nou standard7
vQFDUHDIRVWDG XJDWXQQRXDOFLQFLOHDPRGGHRSHUDUH

ÌQDFHDVW OXFUDUHYRPDGUHVDFHOHFLQFLPRGXULGHRSHUDUHVWDQGDUGL]DWHGHF WUH1,67'XS 

SUH]HQWDUHD  FHORU FLQFL PRGXUL GH RSHUDUH VH SURSXQH DQDOL]DUHD SRVLELOLW Llor de
SUHSURFHVDUHúLGHFULSWDUHGHFULSWDUHvQSDUDOHODPDLPXOWRUEORFXULFXILHFDUHGLQWUHFHOH 
PRGXULúLGHDVHPHQHDVHSURSXQHDQDOL]DUHDSURSDJ ULLHURULORUSHQWUXDFHVWHPRGXUL

3.2. Descrierea celor cinci modurilor de operare standardizate

Una GLQ FRQGL LLOH SHQWUX R FULSWDUH VLJXU  HVWH QHFHVLWDWHD FD WH[WXO FODU V  QX FRQ LQ  XQ
VWHUHRWLSSDWHUQSHQWUXF DFHVWDVHYDSURSDJDvQWH[WXOFLIUX3HQWUXFDDFHDVW FRQGL LHVD
ILH VDWLVI FXW   LQGHSHQGHQW GH WH[WXO FODU FDUH WUHEXLH FULSWDW FLfrul este folosit în anumite
moduri, numite moduri de operare.

În 1980 patru moduri de operare au fost standardizate: modul ECB (Electronic Code Block) -
mod care nu ascunde paternuri; modul CBC (Cipher Block Chaining); modul CFB (Cipher
)HHG%DFNúLPRdul OFB (Output FeedBack). De exemplu, pentru implementare, textul este
vPS U LWvQEORFXULúLDFHVWHEORFXULVXQWFULSWDWHLDUSHQWUX&%&ODILHFDUHEORFGHWH[WFODUVH

4
“DES Modes of Operation”, Federal Information Processing Standard (FIPS), Publication 81, National Bureau
of Standards, US Department of Commerce, Washington D.C., December 1980.
5
American National Standards Institute, American National Standard X3.106-1983 (R1996), Data Encryption
Algorithm, Modes of Operations for DES, 1983.
6
ISO/IEC 10116, “Information technology - Security techniques - Modes of operation of an n-bit block cipher
algorithm,” IS 10116, 1991.
7
NIST Special Publication 800-38A 2001 Edition, Recommendation for Block Cipher Modes of Operation,
Methods and Techniques, available at: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf.
 ÌQGUXP WRUGHODERUDWRU

UHDOL]HD]  RSHUD LD6DX-H[FXVLY ;25 FX EORFXOFLIUDW DQWHULRUFULSW ULL FHOXL FXUent, etc. În
  1,67 D DG XJDW XQ DO FLQFLOHD PRG PRGXO µFRXQWHU¶ &75 WRDWH FHOH FLQFL ILLQG
recomandate ca moduri de operare pentru a fi folosite cu AES (AES va fi prezentat în lucrarea
XUP WRDUH

ÌQXUP WRDUHOHVHF LXQLFHOHPRGXULGHRSHUDUHVtandardizate sunt prezentate.

3.2.1. Modul ECB (Electronic Code Block)

&HOPDLFODUPRGGHRSHUDUHHVWHPRGXO(&%'H]DYDQWDMXODFHVWXLPRGHVWHGDWGHIDSWXOF 
nu ascunde paternuri. Pentru criptare, textul clar este divizat în blocuri de n-EL L vQ WRWDl m
EORFXULúLHVWHFULSWDWEORFFXEORFILJXUD

Figura 3.1. Modul ECB

'HFULSWDUHDVHUHDOL]HD] GHDVHPHQHDSHEORFXULLQGLYLGXDOH

Ci= Ek (Mi) úL Mi=Dk (Ci)

ÌQUHOD LDGHPDLVXVMi sunt blocurile de text din mesajul M clar înainte de criSWDUHúLCi sunt
EORFXULGHDFHHDúLOXQJLPHDWH[WXOXLFLIUDW&LDU.HVWHFKHLD$FHHDúLQRWD LHHVWHIRORVLW 
SHQWUXXUP WRDUHOHPRGXULGHRSHUDUH

(URULOHGLQWH[WXOGHFULSWDWQXVHSURSDJ GLQFRORGHOLPLWHOHEORFXOXL7RWXúLPRGXO(&%QX
ascuQGHSDWHUQXULFXPDUILUHSHWL LLOHGLQWH[WXOFODUDFHVWHDILLQGWUDQVIHUDWHvQWH[WXOFLIUDW
Prin urmare, acest mod poate fi folosit doar în cazurile unde textul clar este deja random, cum
DUILFULSWDUHDFKHLORUFULSWRJUDILFH)LJXUDSUH]LQW Dcest dezavantaj al modului ECB.

)LJXUD3 VWUDUHDúDEORDQHORUSDWHUQXULORUvQFD]XOPRGXOXL(&%8

8
,PDJLQH SUHOXDW  GH SH VLWH-ul Wikipedia, Block cipher modes of operation, http://en.wikipedia.org/
wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29

20
Tehnici de securitate a datelor

0RGXO(&%HVWHODIHOGHVLJXUFDúLFLIUXOFXFDUHHVWHXWLOL]DW'HRDUHFHSDWHUQXULOHWH[WXOXL
clar nu sunt mascate, blocuri identice de text clar GHWHUPLQ GXS FLIUDUHEORFXULLGHQWLFHGH
WH[WFLIUDW9LWH]DGHFULSWDUHFXPRGXOGHRSHUDUH(&%HVWHLGHQWLF FXFHDFLIU ULLFXFLIUXO
EORFFXFDUHHVWHXWLOL]DW(&%SHUPLWHSDUDOHOL]DUHDSHQWUXRSHUIRUPDQ PDLEXQ 7RWXúL
nici o preprocesare nX HVWH SRVLELO  vQDLQWH FD EORFXO V  ILH GLVSRQLELO FX H[FHS LD VHW ULL
cheilor/subcheilor).

3.2.2. Modul CBC (Cipher Block Chaining)

Modul standard de operare a unui bloc cifru este CBC. În acest mod blocuri consecutive sunt
SUHOXFUDWH vPSUHXQ  $VWIHO VH UHDOL]HD]  RSHUD LD 6DX-exclusiv modulul 2 (XOR) între un
EORFGHWH[WFODUúLEORFXOFXWH[WFLIUDWDQWHULRUvQDLQWHGHDVHUHDOL]DRSHUD LDGHFULSWDUHD
blocului curent:

Ci = EK (Mi ⊕ Ci-1) and Mi=DK(Ci) ⊕ Ci-1.

$FHVWPRGUDQGRPL]HD] WH[WXOFODUúLascunde paternurile.

9DORDUHD LQL LDO  ,9 HVWH IRORVLW  SHQWUX D vQFHSH FULSWDUHD EORFXOXL GH WH[W FODU ILJ
9DULLQG DFHDVWD YDORDUH LQL LDO  DFHODúL WH[W FODU HVWH FULSWDW LQWU-un text cifrat diferit chiar
GDF HVWHXWLOL]DW DFHHDúLFKHLH(PL WRUXOúLUHFHSWRUXOWUHEXLHV ILHGHDFRUGvQSUHDODELO
FXDFHHDúLYDORDUHLQL LDO ,9

Figura 3.3. Modul CBC (Cipher Block Chaining)

0RGXO&%&VHFDUDFWHUL]HD] SULQSURSDJDUHD HURULORUHURULOHGLQEORFXOGHWH[WFLIUDWi vor

modifica complet blocul de text clar iúLVHYRUSURSDJDSkQ vQEORFXOFODUi+1. Modul CBC
SHUPLWH DFFHVXO OD vQWkPSODUH OD GHFULSWDUH GDF  HVWH QHFHVDU FLQHYD SRDWH GHFULSWD GRDU R
PLF SDUWHGLQWH[WXOFLIUDW0RGXO&%&HVWHODIHOGHVLJXUFDúLFLIUXOEORFXWLOL]DWvQID D
DWDFXULORUVWDQGDUG ÌQSOXVRULFHSDWHUQGLQWH[WXOFODUHVWHPDVFDWGHRSHUD LD6DX-exclusiv
;25 UHDOL]DW  vQWUH EORFXO FLIUDW DQWHULRU úL EORFXO FODU FXUHQW 7H[WXO FODU QX SRDWH IL
PDQLSXODWGLUHFWFXH[FHS LDVFRDWHULLEORFXULORUGHODvQFHSXWXOVDXVIkUúLWXOWH[WXOXLFLIUDW

9HFWRUXOGHLQL LDOL]DUHDUWUHEXLV ILHGLIHULWSHQWUXRULFDUHPHVDMHFULSWDWHFXDFHHDúLFKHLH

úLHVWHSUHIHUDELOFDDFHVWYHFWRUGHLQL LDOL]DUHV ILHDOHVDOHDWRU

9LWH]DvQFD]XOXWLOL] ULLPRGXOXL&%&HVWHLGHQWLF FXFHDDDOJRULWPXOXLSHFDUHvOvQVR HúWH

Procesul de criptare nu poate fi executat în paralel, în schimb procesul de decriptare permite
acest lucru.

3.2.3. Modul CFB (Cipher FeedBack)

În cazul modul CFB (vezi fugura 3.4), blocul cifrat rezultat la opeUD LDDQWHULRDU HVWHFULSWDW
FX FKHLD . úL UH]XOWDWXO RE LQXW HVWH FRPELQDW FX EORFXO GH WH[W FODU IRORVLQG ;25 SHQWUX D

21
 ÌQGUXP WRUGHODERUDWRU

SURGXFH EORFXO FLIUDW FXUHQW 6H SRDWH GHILQL PRGXO &)% DVWIHO vQFkW V  VH SRDW  FRGLILFD
blocuri de date incomplete. Pentru CFB, un YHFWRU GH LQL LDOL]DUH ,9 HVWH IRORVLW FD úL
³V PkQ ´SHQWUXFULSWDUH

Ci=Ek(Ci-1) 0i, Mi=Ek(Ci-1) &i

0RGXO&)%QHFHVLW XQSDUDPHWUXPDLH[DFWOXQJLPHDXQXLVHJPHQWXQGHs este 1 ”s ”n,

úLXQGHnHVWHOXQJLPHDXQEORFFULSWDW$VWIHOIXQF LDGHFULSWDUHGHFULSWDUHHVWHH[HFXWDW SH
XQ QXP U GH EL L PDL PDUH GHFkW s, dar, doar cei mai semnificativi s EL L VXQW DGXQD L 6DX-
exclusiv (XOR) cu cei sEL LDOWH[WXOXLFODUFLIUDWSHQWUXDSURGXFHVEL LDLWH[WXOXLFLIUDWFODU

Figura 3.4. Modul CFB (Cipher Feedback)

9DORDUHDOXLVFkWHRGDW HVWHLQFRUSRUDW vQQXPHOHPRGXOXLGHRSHUDUHHJ-bit CFB, sau

128-bit CFB. Figura 3.4 corespunde modului 128-bit CFB. Modul CFB este la fel de sigur ca
úLFLIUXOFXFDUHVHXWLOL]HD] LDUSDWHUQXULOHWH[WXOXLFODUVXQWPDVFDWHFXDMXWRUXORSHUD LHL
XOR. Textul clar nu poate fi manipulat direct decât prin scoaterea blocurilor de la începutul
VDXVIkUúLWXOWH[WXOXLFLIUDW

9LWH]D GH FULSWDUH HVWH LGHQWLF  FX FHD D FLIUXOXL EORF FX FDUH HVWH XWLOL]DW LDU SURFesul de
FULSWDUHQXSRDWHILXúRUSDUDOHOL]DW

3.2.4. Modul OFB (Output FeedBack)

0RGXO2)%ILJXUDHVWHDVHP Q WRUPRGXOXL&)%H[FHSWkQGIDSWXOFDEORFXULOHFDUHVXQW
XWLOL]DWH SHQWUX RSHUD LD 6DX-exclusiv (XOR) sunt generate independent de textul clar sau
cifrat.

Astfel, un YHFWRUGHLQL LDOL]DUH,9=s0 HVWHIRORVLWFDúLV PkQ SHQWUXRVHFYHQ GHEORFXUL

de date siúLILHFDUHEORFGHGDWHsiHVWHJHQHUDWvQXUPDFULSW ULLEORFXOXLGHGDWHDQWHULRUsi-1.
&ULSWDUHD EORFXOXL GH WH[W FODU VH RE LQH UHDOL]kQG RSHUD LD ;25 vQWUH EORFXO GH WH[W FODU úL
EORFXOGHGDWHFRUHVSXQ] WRU

Ci=Mi Vi , Mi=Ci Vi , si=Ek(si-1)

22
Tehnici de securitate a datelor

Figura 3.5. Modul OFB (Output Feedback)

0RGXO2)%HVWHPDLDYDQWDMRVID GHPRGXO&)%GHRDUHFHRULFHHURDUHFDUHDUSXWHDDIHFWD
unELWvQWLPSXOWUDQVPLVLHLQXVHSURSDJ úLQXDIHFWHD] GHFULSWDUHDEORFXULORUFDUHXUPHD] 

2SUREOHPDDPRGXO2)%HVWHF WH[WXOFODUHVWHXúRUGHPDQLSXODW'HH[HPSOXXQDWDFDWRU
FDUH úWLH XQ EORF GH WH[W FODU Mi il poate înlocui cu un bloc de text clar x prin realizarea
RSHUD LHL;25vQWUHMi , x úLEORFXOGHWH[WFLIUDWFRUHVSXQ] WRUCi.

([LVW DWDFXULVLPLODUHúLODPRGXULOH&%&úL&)%GDUvQDFHOHDWDFXULEORFXOGHWH[WFODUYDIL
modificat într-XQ PRG JUHX GH DQWLFLSDW GH F WUH DWDFDWRU 7RWXúL, primul bloc de text cifrat
YHFWRUXOGHLQL LDOL]DUHvQPRGXO&%&úLXOWLPXOEORFGHWH[WFLIUDWvQPRGXO&)%VXQWODIHO
GHYXOQHUDELOHvQFD]XOXQXLDWDFFDúLEORFXULOHGLQPRGXO2)%$WDFXULOHGHDFHVWJHQSRWIL
SUHYHQLWHXWLOL]kQGVHPQ WXUDGLJLWDO VDXPHFDQLVPHGHDXWHQWLILFDUH

9LWH]DGHFULSWDUHvQFD]XO2)%HVWHLGHQWLF FXFHDDEORFXOXLFLIUXFXFDUHVHXWLOL]HD] 'HúL

SURFHVXOQXSRDWHILXúRUSDUDOHOL]DWWLPSXOGHFULSWDUHSRDWHILUHGXVJHQHUkQGDQWLFLSDWúLUXO
de criptare format din blocurile siDVWIHOFDDFHVWHDV ILHGLVSRQLELOHSHQWUXFULSWDUHvQDLQWHD
mesajului.

3.2.5. Modul CTR (Counter mode)

Cum s-D PHQ LRQDW OD vQFHSXWXO OXFU ULL XQ DO FLQFLOHD PRG GH RSHUDUH D IRVW VWDQGDUGL]DW
pentru AES. Modul contor (CTR), este un mod de FRQILGHQ LDOLWDWH FDUH IRORVHúWH FULSWDUHD
XQXLVHWGHEORFXULGHLQWUDUHQXPLWHEORFXULFRQWRUSHQWUXDSURGXFHRVHFYHQ GHEORFXULGH
LHúLUH FDUH VXQW DSRL SUHOXFUDWH vPSUHXQ  FX WH[WXO FODU XWLOL]kQG RSHUD LD ;25 SHQWUX D
produce textul cifrat. SecYHQ D GH EORFXUL FRQWRU WUHEXLH VD DLE  XUP WRDUHD SURSULHWDWH
ILHFDUHEORFGLQVHFYHQ V ILHGLIHULWGHFHOHODOWHEORFXUL$FHDVW FRQGL LHQXVHUHIHU ODXQ
VLQJXUPHVDMSHQWUX WRDWH PHVDMHOH FDUH VXQWFULSWDWH FX RFKHLH GDW  WRDWHEORFXULOHFRQWor
WUHEXLHV ILH GLVWLQFWH ÌQ DFHDVW VHF LXQH EORFXULOH FRQWRUSHQWUX XQPHVDM VXQWQRWDWH FX
ctr1 , ctr2 … ctrm .

$YkQG R VHFYHQ  GH EORFXUL FRQWRU ctr1 , ctr2 … ctrm  PRGXO &75 HVWH GHILQLW GXS  FXP
XUPHD] 

Criptarea utilizând CTR:

Ci=Mi ⊕ EK(ctri)

Decriptarea cu CTR:

Mi=Ci ⊕ EK(ctri).

23
 ÌQGUXP WRUGHODERUDWRU

Figura 3.6. Modul CTR (Counter Mode)

/D FULSWDUHD FX &75 ILHFDUH EORF FRQWRU HVWH FULSWDW  úL  EORFXULOH UH]XOWDWH .6 XWLOL]HD] 
RSHUD LD6DX-H[FOXVLY;25FXEORFXULOHWH[WXOXLFODU0FRUHVSXQ] WRDUHSHQtru a produce
blocurile cifrate ( C). Pentru ultimul bloc, care poate fi un bloc incomplet (doar de uEL LvQ
timp ce lungimea blocului este n), cei mai semnificativi uEL LDOXOWLPXOXLEORFVXQWXWLOL]D L
pentru criptare în timp ce restul de n-u sunt ignRUD L

/D GHFULSWDUHD FX &75 GH DVHPHQHD ILHFDUH EORF FRQWRU HVWH FULSWDW úL EORFXO UH]XOWDW
UHDOL]HD] RSHUD LD6DX-H[FOXVLY;25FXEORFXOGHWH[WFLIUDWFRUHVSXQ] WRUSHQWUXDRE LQH
blocurile textului clar. Pentru ultimul bloc, care poate fi un blRF SDU LDO GH u EL L FHL PDL
semnificativi u EL L GLQ XOWLPXO EORF VXQW IRORVL L SHQWUX RSHUD LD 6DX-exclusiv, n-u EL L FDUH
U PkQGLQXOWLPXOEORFVXQWLJQRUD L

$WkWODFULSWDUHFkWúLODGHFULSWDUHvQFD]XOPRGXOXL&75IXQF LLOHGHFULSWDUHSRWILUHalizate
în paralel; în plus, orice blocul de text clar poate fi recuperat independent de celelalte blocuri
GHWH[WFODUGDF EORFXOFRQWRUFRUHVSXQ] WRUSRDWHILGHWHUPLQDW3HQWUXRFULSWDUHGHFULSWDUH
PDLUDSLG IXQF LDGHFULSWDUHSRDWHILDSOLFDW EOocurilor contor înainte de a avea disponibil
textul clar sau textul cifrat.

0RGXO GH RSHUDUH &75 HVWH LOXVWUDW vQ ILJXUD  6SHFLILFD LLOH PRGXOXL &75 VXEOLQLD] 
necesitatea unui bloc contor unic pentru fiecare bloc de text clar care este criptat cu cheia
GDW  SHQWUX WRDWH PHVDMHOH $OWIHO GDF  XQ EORF FRQWRU  HVWH IRORVLW vQ PRG UHSHWDW
FRQILGHQ LDOLWDWHDWXWXURUEORFXULORUGHWH[WFODUFDUHVXQWFULSWDWHFXDFHODúLEORFFRQWRUHVWH
FRPSURPLV  ÌQSOXV GDF VHFXQRDúWHRULFH EORFGHWH[W FODUFDUH este criptat cu un anume
EORFFRQWRUDWXQFLUH]XOWDWXOIXQF LHLGHFLIUDUHSRDWHILXúRUGHWHUPLQDW

3.3. Teme propuse

 ÌQ OXFUDUH D IRVW SUH]HQW PHFDQLVPXO vQ FDUH VH XWLOL]HD]  PRGXULOH GH RSHUDUH SHQWUX
FULSWDUH&XPVHUHDOL]HD] GHFULSWDUHDvQFD]XOPRGXULOHGHPDLVXV"5HSUH]HQWD LVFKHPHOH
pentru decriptare.

6 VHDQDOL]H]HSURSDJDUHDHURULORUSHQWUXFHOHFLQFLPRGXULGHRSHUDUH

6 VHDQDOL]H]HSRVLELOLW LOHGHFULSWDUHvQSDUDOHOVDXFKLDUDQWLFLSDWDXQRUEORFXULSHQWUX

fiecare dintre cele cinci moduri de operare.

6 VHFRPSDUHvQWUHHOHPRGXULOHGHRSHUDUH

&DUHDUILDYDQWDMHOHFDUHDXMXVWLILFDWDG XJDUHDPRGXOXL&75"

24
Tehnici de securitate a datelor

6 VHVFULHXQSURJUDPRIXQF LHJHQHUDO SHQWUXDSXWHDILXWLOL]DWHPRGXULOHGHRSHUDUH

atât cu blocuriGHGHEL LFD]XODOJRULWPXOXL'(6FkWúLFXFD]XODOJRULWPLORUFDUH
XUPHD] V ILHVWXGLD L

 6  VH XWLOL]H]H WRDWH FHOH  PRGXUL GH RSHUDUH vQ DSOLFD LD ILQDO  GH OD ODERUDWRU SHQWUX
FULSWDUHDGHFULSWDUHDFX'(6úLFXFHLODO LDOJRULWPLFDUHXUPHD] DILGLVFXWD L

25
 /XFUDUHD3URFHVXOGHVHOHF LD$(6$OJRULWPXO$(6

6FRSXOOXFU ULL

ÌQ DFHDVW  OXFUDUH VXQW SUH]HQWDWH vQ UH]XPDW SURFHVXO GH VHOHF LH SHQWUX VWDQGDUGXO $(6
LQL LDW GH 1,67 vQ  FX FHOH GRX  HWDSH úL DOJRULWPLL VHOHFWD L vQ ILQDO  SUHFXP úL
algoritmul finalist Rijndael care a devenit Advanced Encryption Standard (AES).

3URFHVXOGHVHOHF LH$(6

ÌQ  ,QVWLWXWXO 1D LRQDO SHQWUX 6WDQGDUGH úL 7HKQRORJLH NIST (National Institute of
Standards and Technology) dLQ 86$ D LQL LDW XQ SURFHV SHQWUX VHOHFWDUHD XQXL DOJRULWP GH
FULSWDUHFXFKHLHVLPHWULF FDUHV GHYLQ Advanced Ecryption Standard (AES). În 1998, NIST
D DQXQ DW DFFHSWDUHD D  DOJRULWPL FDQGLGD L úL D FHUXW DVLVWHQ D FRPXQLW LL GH FHUFHW WRUL
pentru eYDOXDUHDúLDQDOL]DDOJRULWPLORUFDQGLGD L$FHDVW HYDOXDUHDLQFOXVLQL LDODQDOL]DUHD
FDUDFWHULVWLFLORUGHVHFXULWDWHúLHILFLHQ DSHQWUXILHFDUHDOJRULWP

1,67DUHYL]XLWUH]XOWDWHOHDFHVWHLFHUFHW ULSUHOLPLQDUHúLDVHOHFWDW0$565&Œ5LMQGDHO
SerSHQWúL7ZRILVKFDúLDOJRULWPLILQDOLúWLÌQXUPDFHOHLGHDGRXDHWDSHGHVHOHF LH1,67D
GHFLVV SURSXQ DOJRULWPXO5LMQGDHOFDúL$(6

&HULQ HOH$(6úLILQDOLúWLL
&HULQ HOH PLQLPH GH DFFHSWDUH SHQWUX FDQGLGD LL $(6 VWDELOLWH GH F WUH 1,67 DX IRst1: (1)
DOJRULWPXO V  ILH VLPHWULF FX FKHLH VHFUHW   DOJRULWPXO V  ILH FLIUX EORF úL  DOJRULWPXO
FDQGLGDWV SRDW ILXWLOL]DWFXSHUHFKLGHOXQJLPLDOHFKHLL- lungimi ale blocului de 128-128,
192-úL-EL L

3HED]DDQDOL]HLúLFRPHQWDULLORUSULPLWHGXS SULPDUXQG GHHYDOXDUH1,67DVHOHFWDWGLQ

DOJRULWPLSULPL LLQL LDOSHQWUXHYDOXDUHHQXPHUD LvQWDEHOXOFLQFLSHQWUXDILPDLSHODUJ
HYDOXD LvQFHDGH-DGRXDHWDS GHVHOHF LH&HLFLQFLILQDOLúWLDXIRVW0$565&5LMndael,
6HUSHQWúL7ZRILVK

ÌQVHF LXQHDXUP WRDUHVXQWSUH]HQWD LúLHYDOXD LFHLFLQFLDOJRULWPLILQDOLúWLDLVHOHF LHL1,67

1
National Institute of Standards and Technology, NIST Report, September 12, 1997 (Volume 62, Number 177).
Docket No. 970725180-7180-01.Pages 48051-48058.
 ÌQGUXP WRUGHODERUDWRU

&RPSDUD LDSHUIRUPDQ HORUSHQWUXILQDOLúWL$(6

ÌQDFHDVW VHF LXQHFHLILQDOLúWLVXQWFRPSDUD LGLQSXQFWGHYHGHUHDOSHUIRUPDQ HL7DEHOHOH
4.2- SUH]LQW  LHUDUKLD ED]DW  SH FRPSDUD LD SHUIRUPDQ HORU SHQWUX FULSWDUHGHFULSWDUH
SHQWUXVHWDUHDFKHLORUúLLHUDUKLDSHUIRUPDQ HORUJOREDOH

7DEHOXO&HLDOJRULWPLHYDOXD LvQSULPDHWDS GHVHOHF LH

Numele Propus de
CAST-256 Entrust Technologies, Inc. (Carlisle Adams)
CRYPTON Future Systems, Inc. (Chae Hoon Lim)
DEAL Richard Outerbridge, Lars Knudsen
DFC CNRS (Serge Vaudenay)
E2 NTT (Masayuki Kanda)
FROG TecApro Internacional S.A. (Dianelos Georgoudis)
HPC R. Schroeppel
LOKI97 Brown, Pieprzyk
MARS IBM (Nevenko Zunic)
Magenta Deutsche Telekom AG (Dr. Klaus Huber)
RC6 RSA Laboratories (Burt Kaliski)
RIJNDAEL Joan Daemen, Vincent Rijmen
SAFER+ Cylink Corporation (Charles Williams)
SERPENT Ross Anderson, Eli Biham, Lars Knudsen
TWOFISH Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels
Ferguson

3HUIRUPDQ D1YDULD] GHSLQ]kQGGHSODWIRUP OLPEDMXOGHLPSOHPHQWDUHHWF'HH[HPSOXvQ

FD]XOXQHLLPSOHPHQW ULXWLOL]kQGXQ&38FXEL LLPSOHPHQWDUHvQ&QXP UXOSHULRDGHORU
GH WDFW YDULD]  GH OD  SHQWUX 5& SkQ  OD  SHULRDGH GH WDFW SHQWUX 6HUSHQW SHQWUX
FULSWDUHúLGHODSHULRDGHGHWDFWSHQWUX5LMQGDHOODSHULRDGHGHWDFWOD6HUSHQWSHQWUX
setarea cheii.

În urma evalX ULORUDUH]XOWDWF 5LMQGDHODUHFHOHPDLEXQHYDORULDOHSHUIRUPDQ HLSHQWUXFHOH

PDLPXOWHFULSW UL-GHFULSW ULúLFHOHPDLEXQHYDORULSHQWUXSURJUDPDUHDFKHLL

Tabel 4)LQDOLúWLL$(6&ULSWDUHDúLGHFULSWDUHDGLIHULWHLPSOHPHQW ULSHGLIHULWHSODtforme.

32-bit (C) 32-bit 64-bit (C 8-bit (C 32-bit Digital

(Java) and assembler) & smartcard Signal Proc.
assembler) (ARM)
MARS II II II II II II
RC6 I I II II I II
Rijndael II II I I I I
Serpent III III III III III III
Twofish II III I II III I

1
NIST Report on the Development of the Advanced Encryption Standard (AES), James Nechvatal, Elaine
Barker, Lawrence Bassham, William Burr, and co., October 2, 2000.

28
Tehnici de securitate a datelor

Tabel 4)LQDOLúWLL$(66HWDUHDFKHLORUSHGLIHULWHSODWIRUPH

32-bit (C) 32-bit 64-bit (C 8-bit (C Digital

(Java) and assembler) and assembler) Signal
Processors
MARS II II III II II
RC6 II II II III II
Rijndael I I I I I
Serpent III II II III I
Twofish III III III II III

Tabel 4)LQDOLúWLL$(63HUIRUPDQ DvQJHQHUDO

Encryption/Decryption Key Setup

MARS II II
RC6 I II
Rijndael I I
Serpent III II
Twofish II III

&RQFOX]LLOHVHOHF LHL
)LHFDUH DOJRULWP ILQDOLVW RIHU  DSDUHQW R VHFXULWDWH DGHFYDW  úL ILHFDUH RIHU  XQ QXP U
considerabil de avantaje. Oricum fiecare algoritm are de asemenea una sau mai multe domenii
XQGHQXDUHRSHUIRUPDQ ODIHOGHEXQ  FDúLXQDOWDOJRULWPQLFLXQILQDOLVWQXHFXPXOW
superior restului.

RijndaelDIRVWFRQVLGHUDWFRPSHWLWLYDWkWGSGYDOLPSOHPHQW ULORUKDUGZDUHFkWúLGSGYD
LPSOHPHQW ULORU VRIWZDUH SHQWUX R JDP  ODUJ  GH PHGLL GH FDOFXO LQGLIHUHQW GH PRGXULOH GH
RSHUDUH IRORVLWH FX VDX I U  IHHGEDFN 7LPSXO GH VHWDUH D FKHLL H PDL EXQ GHFkW SHQWUX DO L
DOJRULWPL 5LMQGDHO QX QHFHVLW  XQ VSD LX GH PHPRULH PDUH VH SRWULYHúWH IRDUWH ELQH SHQWUX
PHGLLDF URUVSD LXHUHVWUkQVúLvQFDUHSRDWHGHPRQVWUDSHUIRUPDQ DVDH[FHOHQW 5LMQGDHO
HVWH FRQVWUXLW D IL IOH[LELO OD P ULPLOH EORFXOXL úL D FKHLL úL DOJRULWPXO VH SRDWH DGDSWD OD
PRGLILF ULDOHQXP UXOXLGHUXQGH6WUXFWXUDVDLQWHUQ FLUFXODU EHQHILFLD] GHSDUDOHOLVPXO
OD QLYHO GH LQVWUXF LH %D]kQGX-VH SH DFHVWH FRQVLGHUD LL úL SH ED]D HYDOX ULL VHFXULW LL
SHUIRUPDQ HLHILFLHQ HLXúXULQ HLvQLPSOHPHQWDUHúLVHFXULW LL5LMQGDHODIRVWDOHVGH1,67
FDúL$(61.

5LMQGDHODIRVWVWDQGDUGL]DW FDúL$(6SHQWUX FRQILJXUD LLOH XWLOL]kQGSHUHFKLGHOXQJLPL DOH

cheii - lungimi ale blocului de 128-128, 192-úL-EL LÌQFRQWLQXDre este prezentat
DOJRULWPXO5LMQGDHOFDUHSRDWHILXWLOL]DWúLvQDOWHFRQILJXUD LLGHOXQJLPHDFKHLL- lungime a
EORFXOXL$VWDFKLDUGDF 5LMQGDHO SHUPLWH OXQJLPLDOHEORFXOXLúLDOH FKHLL vQWUHEL L úL
EL LGRDUV ILHPXOWLSOXGHEL L

1
NIST Report on the Development of the Advanced Encryption Standard (AES), James Nechvatal, Elaine
Barker, Lawrence Bassham, William Burr, and co., October 2, 2000.

29
 ÌQGUXP WRUGHODERUDWRU

4.3. Algoritmul Rijndael

/DSURLHFWDUHDúLUHDOL]DUHDDOJRULWPXOXL5LMQGDHOV-D LQXWFRQWGHXUP WRDUHOHFHULQ H

• $OJRULWPXOV ILHUH]LVWHQWODWRDWHWLSXULOHGHDWDFFXQRVFXWHODDFHOPRPHQW
• $OJRULWPXOV DLE RSHUIRUPDQ EXQ SHXQQXP UPDUHGHSODWIRUPHGLIHULWHYLWH] 
EXQ úLFHULQ HUHGXVHSHQWUXUHVXUVH
• 6 ILHXQDOJRULWPVLPSOX
/DPXOWHFLIUXULWUDQVIRUPDUHDGHUXQG DUHVWUXFWXUD)HLVWHOH['(6ÌQDFHDVW VWUXFWXU R
parte GLQEL LL VW ULL LQWHUPHGLDUHVXQ GRDU DúH]D L vQ DOW  SR]L LH7UDQVIRUPDUHDGH UXQG  OD
5LMQGDHO QX DUH VWUXFWXU  )HLVWHO ÌQ VFKLPE HVWH FRPSXV  GLQ WUHL WUDQVIRUP UL LQYHUVDELOH
uniforme numite layersVWUDWXUL3ULQXQLIRUPVHvQ HOHJHF ILHFDUHELWDOVW ULLHVWHWUDWDWvQ
DFHODúLPRG

6SHFLILFD LLOHDOJRULWPXOXL5LMQGDHO
5LMQGDHOHVWHXQFLIUXEORFFXLWHUD LLFXOXQJLPHDEORFXOXLúLOXQJLPHDFKHLLYDULDELOH

6WDUHDFKHLDFLIUXOXLúLQXP UXOGHUXQGH
7UDQVIRUP ULOHRSHUHD] DVXSUa rezultatului intermediar, numit Stare.

6WDUHDSRDWHILUHSUH]HQWDW FXDMXWRUXOXQXLWDEORXGHRFWH LFXUkQGXULQXP UXOFRORDQHORU

VHQRWHD] FXNbúLHVWHHJDOFXOXQJLPHDEORFXOXLXWLOL]DWvPS U LW OD&KHLDFLIUXOXLHVWH
UHSUH]HQWDW VLPLODU printr-XQWDEORXFXUkQGXUL1XP UXOFRORDQHORUHVWHQRWDWFXNkúLHVWH
HJDOFXOXQJLPHDFKHLLvPS U LW OD

&HOH GRX  WDEORXUL VXQW UHSUH]HQWDWH vQILJXUD SHQWUX XQH[HPSOX vQFDUHDYHP EL L
SHQWUXEORFXOVW ULLúLEL LSHQWUXFKHLH

Stare cu Nb=6 a0,0 a0,1 a0,2 a0,3 a0,4 a0,5

[EL L a1,0 a1,1 a1,2 a1,3 a1,4 a1,5
a2,0 a2,1 a2,2 a2,3 a2,4 a2,5
a3,0 a3,1 a3,2 a3,3 a4,4 a4,5

Cheie cu Nk=4 k0,0 k0,1 k0,2 k0,3

([EL L k1,0 k1,1 k1,2 k1,3
k2,0 k2,1 k2,2 k2,3
k3,0 k3,1 k3,2 k3,3

)LJXUD&RQILJXUDUHDVW ULLúLDFKHLL

8QHRUL DFHVWHEORFXULVXQW FRQVLGHUDWH FD úLWDEORXULXQLGLPHQVLRQDOHGH YHFWRUL GHRFWH L

XQGHILHFDUHYHFWRU HVWHFRPSXVGLQFRORDQDFRUHVSXQ] WRDUHGLQUHSUH]HQWDUHDFDúLWDEORX
Astfel, aceste tablouri au lungimile de 4, 6 sau 8 respectiv indicii între 0..3, 0..5 sau 0..7.
9HFWRULLGHRFWH LYRUILQXPL LFkWHRGDW FXYLQWH

,QWU ULOH úL LHúLULOH IRORVLWH GH 5LMQGDHO OD LQWHUID D H[WHUQ  VXQW FRQVLGHUDWH D IL WDEORXUL
XQLGLPHQVLRQDOHGHRFWH LQXPHURWD LGHODOD[1E-1. Ca urmare aceste blocuri au lungimile
GHVDXRFWH LúLLQGLFLLvQWUH««VDX«&KHLDHVWHFRQVLGHUDW DILXQ
30
Tehnici de securitate a datelor

WDEORX XQLGLPHQVLRQDO GH RFWH L QXPHURWD L GH OD  OD  1N-1. Aceste blocuri vor avea
lungimileGHVDXRFWH LúLLQGLFLLGLQWDEORXvQWUHVDX

2FWH LLGHLQWUDUHWH[WXOFODUGDF VHIRORVHúWHFLIUDUHD(&%VXQWSODVD LSHRFWH LLGHVWDUHvQ

ordinea a0,0, a1,0, a2,0, a3,0, a0,1, a1,1, a2,1, a3,1 RFWH LL FKHLL VXQW PHPRUD L vQWU-un tablou în
ordinea k0,0, k1,0, k2,0, k3,0, k0,1, k1,1, k2,1, k3,1/DVIkUúLWXORSHUD LHLGHFLIUDUHLHúLUHDFLIUXOXL
HVWHH[WUDV GLQ6WDUHOXkQGRFWH LLGLQ6WDUHvQDFHHDúLRUGLQH

'DF LQGH[XOXQLGLPHQVLRQDODOXQXLRFWHWGLQWU-un bloc este núLLQGH[XOELGLPHQVLRQDO(i, j)

atunci avem: L QPRGM vQWUHJXOvPS U LULLQQ L[M

Mai mult, indexul iHVWHúLQXP UXORFWHWXOXLFXUHQWvQFDGUXOYHFWRUXOXLGHRFWH LLDUj este

indexul pentru vectorul în cadrul bloculXLGHWHUPLQDUH1XP UXOGHUXQGHVHQRWHD] FXNrúL
depinde de valorile NbúLNk, astfel:

7DEHOXO1XP UXOGHUXQGH1UFDúLIXQF LHGHOXQJLPLOHEORFXOXLúLDFKHLL

Nr Nb = 4 Nb = 6 Nb = 8
Nk = 4 10 12 14
Nk = 6 12 12 14
Nk = 8 14 14 14

7UDQVIRUP ULOHGLQFDGUXOXQHLUXQGH
7UDQVIRUPDUHD GLQ FDGUXO XQHL UXQGH HVWH FRPSXV  GLQ  WUDQVIRUP UL GLIHULWH SubBytes,
ShiftRows, MixColumns, AddRoundKey. Folosind pseudo cod se poate scrie:

Runda (Stare, Cheia_de_runda)

{
SubBytes(Stare);
ShiftRows(Stare);
MixColumns(Stare);
AddRoundKey(Stare, Cheia_de_runda);
}
5XQGDILQDO DFLIUXOXLHVWHSX LQGLIHULW úLDUDW DVWIHO

Runda (Stare, Cheia_de_runda)

{
SubBytes(Stare);
ShiftRows(Stare);
AddRoundKey(Stare, Cheia_de_runda);
}
ÌQ DFHDVW  QRWD LH IXQF LLOH Runda, SubBytes, ShiftRows, ...) RSHUHD]  DVXSUD WDEORXULORU
indicate de parametrii (Stare, Cheia_de_runda 6H REVHUY  FD UXQGD ILQDO  HVWH GLIHULW  GH
FHOHODOWH UXQGH SULQ DEVHQ D IXQF LHL MixColumns 7UDQVIRUP ULOH SubBytes, ShiftRows,
MixColumns, AddRoundKeyVXQWSUH]HQWDWHvQFHOHFHXUPHD] 

31
 ÌQGUXP WRUGHODERUDWRU

7UDQVIRUPDUHDGHVXEVWLWXLUHDRFWH LORU– SubBytes

(VWH R VXEVWLWX LH QHOLQLDU  SH RFWHW FDUH RSHUHD]  LQGHSHQGHQW SH ILHFDUH RFWHW DO 6W ULL
7DEHOXOGHVXEVWLWX LHFXWLD6HVWHUHYHUVLELOúLHVWHJHQHUDWFXDMXWRUXODGRX WUDQVIRUP UL
(1) se ia inversul multiplicativ în GF(28 úL DSRL  VH DSOLF  R WUDQVIRUPDUH DILQ  SHVWH
GF(28GHILQLW GHHFXD LDGHPDLMRV

Aplicarea cutieL6DVXSUDWXWXURURFWH LORU6W ULLVHGHVFULHSULQSubBytes(Stare).

)LJXUDLOXVWUHD] HIHFWXOWUDQVIRUP ULL6XE%\WHVDVXSUD6W ULL

 y0  1 0 0 0 1 1 1 1  x0  1
 y  1 1 0 0 0 1 1 1  x1  1
 1 
 y2  1 1 1 0 0 0 1 1   x 2  0 
       
 y3  = 1 1 1 1 0 0 0 1  x3  0
• + (4.1)
 y4  1 1 1 1 1 0 0 0   x 4  0 
       
 y5  0 1 1 1 1 1 0 0  x5  1
 y  0 0 1 1 1 1 1 0  x6  1
 6      
 y7  0 0 0 1 1 1 1 1  x7  0

)LJXUD6XE%\WHVVHDSOLF SHQWUXILHFDUHRFWHWvQSDUWH

Transformarea de deplasare a rândurilor – ShiftRows

ÌQ FDGUXO WUDQVIRUP ULL ShiftRows UkQGXULOH 6W ULL VXQW GHSODVDWH FLFOLF FX YDORUL GLIHULWH
5kQGXOQXHVWHGHSODVDWUkQGXOVHGHSODVHD] FXC1RFWH LUkQGXOFXC2RFWH LúLUkQGXO
3 cu C3RFWH L&HOHWUHLYDORULC1, C2, C3 depind de lungimea blocului Nb.

7DEHOXO'HSODV ULOHSHQWUXWUDQVIRUPDUHD6KLIW5RZVvQIXQF LHGHQXP UXOGHEORFXUL

Nb C1 C2 C3
4 1 2 3
6 1 2 3
8 1 3 4

2SHUD LDGHGHSODVDUHDUkQGXULORU6W ULLHVWHVSHFLILFDW GHShiftRows(Stare).

În ILJXUDHVWHSUH]HQWDWHIHFWXOWUDQVIRUP ULLShiftRowsDVXSUD6W ULL

32
Tehnici de securitate a datelor

)LJXUD'HSODV ULOHGLQFDGUXOWUDQVIRUP ULL6KLIW5RZV

,QYHUVDIXQF LHL6KLIW5RZVHVWHRGHSODVDUHFLFOLF DFHORUWUHLUkQGXULGHMRVFXNb-C1, Nb-C2

úLUHVSHFWLYNb-C3 octe LvQFkWRFWHWXOGLQSR]L LDj în rândul iYDILPXWDWvQSR]L LDj + Nb-
Ci) mod Nb.

Transformarea de amestecare a coloanelor – MixColumns

ÌQFDGUXODFHVWHLWUDQVIRUP ULFRORDQHOH6W ULLVXQWFRQVLGHUDWHSROLQRDPHvQFkPSXO*)8)
úLvQPXO LWHPRG[4+1 cu un polinom stabilit c(x): c(x) = ‘03’ x3 + ‘01’ x2 + ‘01’ x + ‘02’.
3ROLQRPXOF[HVWHSULPID GHSROLQRPXO[4úLGHFLLQYHUVDELO(O SRDWHILGHVFULVFDR
vQPXO LUHGHPDWULFH&RQVLGHUkQGb(x) = c(x) ⊕ a(x) avem:

b0  02 03 01 01 a0 

 b   01 02 03 01  a1 
 1 =  •
b2   01 01 02 03 a2 
     
b3  03 01 01 02  a3 

$SOLFDUHDDFHVWHLRSHUD LLDVXSUDWXWXURUFRORDQHORU6W ULLHVWHGDW GHMixColumns(Stare).

)LJXUD3UH]LQW HIHFWXOWUDQVIRUP ULL0L[&ROXPQVDVXSUD6W ULL

,QYHUVXO RSHUD LHL 0L[&ROXPQV HVWH VLPLODU FX 0L[&ROXPQV )LHFDUH FRORDQ  HVWH
WUDQVIRUPDW  vQPXO LQG-o cu un polinom specific d(x) dat de: (‘03’ x3 + ‘01’ x2 + ‘01’x +
‘02’) ⊕ d(x) = ’01’

Polinomul d(x) este dat de: d(x) = ‘0B’ x3 + ‘0D’ x2 + ‘09’ x + ‘0E’

33
 ÌQGUXP WRUGHODERUDWRU

$GXQDUHDFKHLLGHUXQG
ÌQDFHDVW RSHUD LHRFKHLHGHUXQG HVWHDSOLFDW 6W ULLSULQWU-RRSHUD LH;256DX-exclusiv).
&KHLDGHUXQG HVWHGHULYDW GLQFKHLDFLIUXOXLSULQLQWHUPHGLXOVHW ULLFKHLL/XQJLPHDFKHLL
GHUXQG HVWHHJDO FXOXQJLPHDEORFXOXLNb.

2SHUD LDGHDGXQDUHDFKHLLGHUXQG HVWHGDW GH$GG5RXQG.H\6WDUH&KHLDBGHBUXQG .

$FHDVW WUDQVIRUPDUHHVWHLOXVWUDW vQILJXUD

Figura 4.ÌQDFHDVW RSHUD LHVHIDFH;25SHELWvQWUHFKHLDGHUXQG úL6WDUH

4.3.2. Setarea cheii

@&KHLOH GH UXQG  VXQW GHULYDWH GLQ FKHLD FLIUXOXL SULQ LQWHUPHGLXO IXQF LHL GH VHWDUH D FKHLL
$FHDVWDFRQVW GLQGRX FRPSRQHQWHH[WLQGHUHDKeyExpansion)úLVHOHF LDFKHLLGHUXQG 

&KHLOH GH UXQG  VXQW OXDWH GLQ DFHDVWD FKHLH H[WLQV  DVWIHO FKHLD SULPHL UXQGH FRQVW  GLQ
primele Nb cuvinte, cheia rundei a dRXDFRQVW GLQXUP WRDUHOHNbFXYLQWHúLDúDPDLGHSDUWH

Extinderea cheii.
&KHLDH[WLQV HVWHXQWDEORXOLQLDUGHFXYLQWHGHRFWH LúLHVWHQRWDWFX:>1E 1U@
Primele Nk FXYLQWH FRQ LQ FKHLD FLIUXOXL 7RDWH FHOHODOWH FXYLQWH VXQW GHILQLWH UHFXrsiv în
IXQF LHGHFXYLQWHOHFXLQGLFHPDLPLF)XQF LDGHH[WLQGHUHDFKHLLGHSLQGHGHYDORDUHDNk:
H[LVW RYHUVLXQHSHQWUXNkPDLPLFVDXHJDOFXúLRDOW YHUVLXQHSHQWUXNk mai mare decât
6.

$FHDVW IXQF LHGHH[WLQGHUHDFKHLLHVWHGDW 3HQWUXNk ≤ 6 avem:

Runda (Stare, Cheia_de_runda)

KeyExpansion(byte Key[4*Nk], word W[Nb*(Nk+1)])
{
for(i=0; i<Nk; i++)
W[i]=(Key[4*i], Key[4*i+1], Key[4*i+2], Key[4*i]+3)
for(i=Nk; i<Nb•(Nk+1); i++)
{
temp=W[i-1];
if(i%Nk==0)
temp=SubByte(RotByte(temp))^Rcon[i/Nk];

34
Tehnici de securitate a datelor

W[i]=W[i-Nk]^temp;
}
}
ÌQ DFHDVW  GHVFULHUH SubByte(W) HVWH R IXQF LH FH UHWXUQHD]  XQ FXYkQW GH  RFWH L vQ FDUH
fiecare octet este rezultatuODSOLF ULLFXWLHL6RFWHWXOXLGLQSR]L LDFRUHVSXQ] WRDUHvQFXYkQWXO
GHLQWUDUH)XQF LDRotByte(W)UHWXUQHD] XQFXYkQWvQFDUHRFWH LLVXQWRSHUPXWDUHFLFOLF D
RFWH LORUGLQLQWUDUH'HH[HPSOXFXYkQWXOGHLQWUDUHDEFGSURGXFHFXYkQWXOGHLHúire (b,
c, d, a).

6H SRDWHREVHUYD F SULPHOH Nk FXYLQWH VXQWRFXSDWHGH FKHLD FLIUXOXL 8UP WRDUHOH FXYLQWH
W[i]VXQWHJDOHFXUH]XOWDWXORE LQXWSULQWU-un XOR între cuvântul anterior W[i-1]úLFXYkQWXO
cu NkSR]L LLPDLvQDSRLW[i-Nk]. În cazul cuvinteloUGLQSR]L LLOHFDUHVXQWPXOWLSOXGHNk, se
DSOLF  R WUDQVIRUPDUH DVXSUD FXYkQWXOXL DQWHULRU W[i-1] vQDLQWH GH RSHUD LD ;25 $FHDVW 
WUDQVIRUPDUH FRQVW  GLQWU-R GHSODVDUH FLFOLF  D RFWH LORU GLQ FXYkQW 5RW%\WH XUPDW  GH
DSOLFDUHDXQHLWDEHOHGHF XWDUHDFHORURFWH LDLFXYkQWXOXL6XE%\WH

Pentru Nk>6DYHPRGLIHUHQ ID GHFD]XONk ≤ 6.'LIHUHQ DHVWHF SHQWUXi-4 un multiplu de

NkIXQF LDSubByteHVWHDSOLFDW FXYkQWXOXLW[i-1] înainte de XOR&RQVWDQWHOHGHUXQG VXQW
independente de NkúLVXQWGHILQLWHDVWIHO

Rcon[i] = (RC[i], ‘00’ , ‘00’ , ‘00’ )

RC[i] fiind element în GF(28) cu o valoare x(j-1) astfel încât:

RC[1] = 1 (ex. ‚01’ ) iar

RC[i] = x • (RC[i] = x(j-1)) (ex. X = ‘02’ )

6HOHF LDFKHLLGHUXQG
&KHLDGHUXQG LHVWHGDW GHFXYLQWHOHGHOD:>Nb * i] pâna la W[Nb * (i+1)]:

W0 W1 W2 W3 W4 W5 W6 W7 W8 W9 W10 W1 …
1

Cheia de runda 0 Cheia de runda 1 …

Figura 4([WLQGHUHDFKHLLúLVHOHF LDFKHLLSHQWUX1E úL1N 

4.3.3. Cifrul
&LIUXO5LMQGDHOFRQVW GLQ

• UXQGDLQL LDO GHDGXQDUHDFKHLL

• Nr-1 runde,
• 5XQGDILQDO 
Folosind pseudocod se poate scrie:

Rijndael(Stare, Cheia_de_cifru)
{

35
 ÌQGUXP WRUGHODERUDWRU

KeyExpansion(Cheia_de_cifru, KeyExpansion);
AddRoundKey(Stare, KeyExpansion);
for(i=1; i<Nr; i++) Runda(Stare, KeyExpansion + Nb * i);
5XQGD)LQDO 6WDUH.H\([SDQVLRQ1E 1U
}
([WLQGHUHD FKHLL SRDWH IL I FXW  vQ DYDQV LDU 5LMQGDHO SRDWH IL VSHFLILFDW vQ WHUPHQLL FKHLL
extinse:

Rijndael(Stare, Cheia_de_cifru)
{
AddRoundKey(Stare, KeyExpansion);
for(i=1; i<Nr; i++) Runda(Stare, KeyExpansion + Nb * i);
5XQGD)LQDO 6WDUH.H\([SDQVLRQ1E 1U
}
1XH[LVW UHVWULF LLvQVHOHFWDUHDFKHLLFLIUXOXL&KHLDH[WLQV WUHEXLHvQWRWGHDXQDGHULYDW GLQ
cheia cifrulXLúLQXYDILVSHFLILFDW QLFLRGDW GLUHFW

4.3.4. Cifrul invers

ÌQFD]XOXQHLLPSOHPHQW ULXWLOL]kQGWDEHOHORRNXSHVWHHVHQ LDOFDSDVXOQHOLQLDU%\WH6XEV 
fie prima transformare într-RUXQG LDUUkQGXULOHV ILHGHSODVDWHvQDLQWHFD0L[&ROXPQV ILH
DSOLFDWÌQLQYHUVDUHDXQHLUXQGHRUGLQHDWUDQVIRUP ULORUvQUXQG HVWHLQYHUVDW úLFDXUPDUH
SDVXO QHOLQLDU YD vQFKHLD UXQGD LQYHUV  LDU UkQGXULOH VXQW GHSODVDWH GXS  DSOLFDUHD LQYHUVHL
RSHUD LHL 0L[&ROXPQ ,QYHUVDUHD XQHL UXQGH QX SRDWH IL LPSOHPHQWDW  FX WDEHOH ORREXS
propuse. Aceste aspecte au fost considerate la proiectare.

6WUXFWXUD FLIUXOXL 5LMQGDHO HVWH vQ DúD IHO I FXWD FD VHFYHQ D WUDQVIRUP ULORU FLIU ULL LQYHUVH
HVWH LGHQWLF  FX D FLIUXO vQV úL FX WUDQVIRUP ULOH FLIUXOXL vQORFXLWH FX LQYHUVHOH ORU úL R
schimbare în programarea cheii.

7UDQVIRUPDUHDLQYHUV SHQWUXYDULDQWD5LMQGDHOFXGRXDUXQGH
Inversul unei runde este dat de:

InvRunda (Stare, Cheia_de_runda)

{
$GG5RXQG.H\6WDUH&KHLDBGHBUXQG 
InvMixColumn(Stare);
InvShiftRow(Stare);
InvByteSub(Stare);
}
Inversul rundei finale este dat de:

,QY5XQGD6WDUH&KHLDBGHBUXQG 
{
$GG5RXQG.H\6WDUH&KHLDBGHBUXQG 
InvShiftRow(Stare);
36
Tehnici de securitate a datelor

InvByteSub(Stare);
}
,QYHUVXOYDULDQWHLFXGRX UXQGHFRQVW vQLQYHUVXOUXQGHLILQDOHXUPDWde inversul unei runde,
urmat de runda de adunare a cheii. Vom avea:

AddRoundKey(Stare, KeyExpansion + 2 * Nb);

InvShiftRow(Stare);
InvByteSub(Stare);
AddRoundKey(Stare, KeyExpansion + Nb);
InvMixColumn(Stare);
InvShiftRow(Stare);
InvByteSub(Stare);
AddRoundKey(Stare, KeyExpansion);

3URSULHW LDOJHEULFH
ÌQ GH]YROWDUHD VWUXFWXULL HFKLYDOHQWH D FLIUXOXL LQYHUV DX IRVW IRORVLWH GRX  SURSULHW L DOH
WUDQVIRUP ULORU FRPSRQHQWH 3ULPD RUGLQHD vQ FDUH VXQW UHDOL]DWH RSHUD LLORU 6KLIW5RZ úL
ByteSub nu eVWHUHOHYDQW 6KLIW5RZWUDQVSXQHRFWH LLúLQXDUHHIHFWDVXSUDYDORULLRFWH LORU
%\WH6XE OXFUHD]  SH RFWH L LQGLYLGXDOL LQGHSHQGHQW GH SR]L LD ORU $ GRXD SURSULHWDWH HVWH
GDW GHSRVLELOLWDWHDGHDvQORFXLVHFYHQ D

$GG5RXQG.H\6WDUH&KHLDBGHBUXQG ;
InvMixColumn(Stare);
FXVHFYHQ D

InvMixColumn(Stare);
$GG5RXQG.H\6WDUH,QYHUVDBFKHLLBGHBUXQG 
$FHVWDVHED]HD] SHIDSWXOF SHQWUXRWUDQVIRUPDUHOLQLDU A, avem A(x+k) = A(x) + A(k).

6WUXFWXUDHFKLYDOHQW DFLIU ULLLQYHUVH

)RORVLQG SURSULHW LOH GHVFULVH PDL VXV LQYHUVXO YDULDQWHL 5LMQGDHO FX GRX  UXQGH SRDWH IL
transformat în:

$GG5RXQG.H\6WDUH&KHLDB([SDQGDW ‡1E

InvByteSub(Stare);
InvShiftRow(Stare);
InvMixColumn(Stare);
$GG5RXQG.H\6WDUH,B&KHLDB([SDQGDW 1E

InvByteSub(Stare);
InvShiftRow(Stare);
$GG5RXQG.H\6WDUH&KHLDB([SDQGDW 
6HSRDWHREVHUYDF DYHPGLQQRXRDGXQDUHLQL LDO DFKHLLRUXQG QRUPDO úLRUXQG ILQDO 

37
 ÌQGUXP WRUGHODERUDWRU

5XQGDQRUPDO úLUXQGD ILQDO DX DFHHDúLVWUXFWXU FDúLFHOHGLQFLIUX$FHVWOXFUXVHSRDWH

JHQHUDOL]DSHQWUXRULFHQXP UGHUXQGH

6HGHILQHVFUXQGDQRUPDO úLUXQGDILQDO DFLIUXOXLLQYHUVDVWIHO

,B5XQGD6WDUH,B&KHLDBGHBUXQG 
{
InvByteSub(Stare);
InvShiftRow(Stare);
InvMixColumn(Stare);
AddRoundKey(Stare, I_&KHLDBGHBUXQG 
}

,B5XQGDB)LQDO 6WDUH,B&KHLDBGHBUXQG 
{
InvByteSub(Stare);
InvShiftRow(Stare);
$GG5RXQG.H\6WDUH&KHLDBGHBUXQG B
}
&LIUDUHDLQYHUV SHQWUX5LMQGDHOSRDWHILH[SULPDW DVWIHO

I_Rijndael(Stare, Cheia_de_cifru)
{
,B.H\([SDQVLRQ&KHLDBGHBFLIUX,B&KHLDB([SDQGDW 
$GG5RXQG.H\6WDUH,B&KHLDB([SDQGDW 
IRUL L1UL5XQGD6WDUH,B&KHLDB([SDQGDW 1E‡L
5XQGD)LQDO 6WDUH,B&KHLDB([SDQGDW 1E‡1U
}
Extinderea FKHLLSHQWUXFLIUDUHDLQYHUV HVWHGHILQLW DVWIHO

• 6HDSOLF H[WLQGHUHDFKHLL
• 6HDSOLF ,QY0L[&ROXPQWXWXURUFKHLORUGHUXQG vQDIDU GHSULPDúLGHXOWLPD
Folosind pseudocod avem:

,B.H\([SDQVLRQ&KHLDBGHBFLIUX,B&KHLDB([SDQGDW 
{
KeyExpansiRQ&KHLDBGHBFLIUX,B&KHLDB([SDQGDW 
for(i=1; i<Nr; i++)
,QY0L[&ROXPQ,B&KHLDB([SDQGDW 1E‡L
}

,PSOHPHQWDUHDFLIU ULLLQYHUVH
$OHJHUHD SROLQRPXOXL SHQWUX 0L[&ROXPQ úL H[WHQVLD FKHLL VH ED]HD]  SH DUJXPHQWHOH GH
SHUIRUPDQ DOHFLIUXOXL'HRDUHFHFLIUDUHDLQYHUV HVWHVLPLODU GDUIRORVHúWHRWUDQVIRUPDUH

38
Tehnici de securitate a datelor

0L[&ROXPQFXXQDOWSROLQRPúLvQXQHOHFD]XULRSURJUDPDUHPRGLILFDW DFKHLLGHJUDGDUHD
SHUIRUPDQ HORUHVWHREVHUYDW SHSURFHVRDUHOHGHEL L

$FHDVW  DVLPHWULH HVWH GDWRUDW  IDSWXOXL F  SHUIRUPDQ D FLIU ULL LQYHUVH HVWH FRQVLGHUDW  D IL
PDLSX LQ LPSRUWDQW  GHFkWSHUIRUPDQ D FLIUXOXL ÌQ PXOWH DSOLFD LLDOH FLIUXOXL EORF FLIUDUHD
LQYHUV QXHVWHIRORVLW $FHVWDHVWHFD]XOFDOFXO ULL0$&-XULORUGDUúLFkQGFLIUXOHVWHvQPRG
CFB sau OFB.

$YDQWDMHúLOLPLW UL

Avantaje
Aspecte de implementare:

• 5LMQGDHO SRDWH IL LPSOHPHQWDW V  UXOH]H OD YLWH]H PDUL SHQWUX XQ FLIUX EORF SH XQ
3HQWLXP3UR([LVW XQFRPSURPLVvQWUHP ULPHDWDEHOXOXLúLSHUIRUPDQ 
• Rijndael poate fi implemenWDW SH 6PDUW &DUG FX FRG UHGXV IRORVLQG SX LQ 5$0 úL
IRORVLQGXQQXP UPLFGHFLFOXUL([LVW XQFRPSURPLVvQWUH520úLSHUIRUPDQ 
• 7UDQVIRUPDUHDGHUXQG SRDWHILH[HFXWDW vQSDUDOHOXQDYDQWDMSHQWUXLPSOHPHQWDUH
SHSURFHVRDUHOHYLLWRDUHúLSHKDUGZDre specializat.
• &XP FLIUXO QX IRORVHúWH RSHUD LL DULWPHWLFH QX HVWH LQIOXHQ DW GH XWLOL]DUH D
arhitecturilor “ Big Endian” sau “ Little Endian” .
6LPSOLWDWHDSURLHFW ULL

• &LIUXO HVWH vQ vQWUHJLPH LQGHSHQGHQW 1X IRORVHúWH DOWH FRPSRQHQWH FULSWRJUDILFH
cutiiOH6VXQWLQVSLUDWHGHODFLIUXULELQHFXQRVFXWHúDPG
• Cifrul nu-úLED]HD] VHFXULWDWHDVDXS U LOHDFHVWXLDSHLQWHUDF LXQLREVFXUHúLJUHXGH
vQ HOHVvQWUHRSHUD LLOHDULWPHWLFH
• 0RGHOXOFLIUXOXLIL[QXODV ORFGHVWXOSHQWUXDDVFXQGHWUDSGRRU
LungiPHDYDULDELO DEORFXOXL

• /XQJLPLOHGHúLEL LDOHEORFXOXLSHUPLWFRQVWUXLUHDXQHLIXQF LLGHGLVSHUVLH

UH]LVWHQWHODFROL]LXQLIRORVLQG5LMQGDHOFDIXQF LHGHFRPSUHVLH/XQJLPHDGHEL L
QXHVWHVXILFLHQW PRPHQWDQSHQWUXDFHVWVFRS
Extindere:

• 0RGHOXO SHUPLWH VSHFLILFDUHD YDULDQWHORU FX OXQJLPHD EORFXOXL úL D FKHLL DPEHOH
FUHVFkQGGHODODEL LFXXQSDVGHEL L
• &X WRDWH F  QXP UXO GH UXQGH SHQWUX 5LMQGDHO HVWH IL[DW vQ VSHFLILFD LL VH SRDWH
modifica ca parametru în cazul unor probleme de securitate.

/LPLW UL
/LPLW ULOHFLIUXOXLDXGH-a face cu inversarea acestuia:

• &LIUXOLQYHUVHVWHPDLSX LQSRWULYLWV VHLPSOHPHQWH]HSHXQ6PDUW&DUGGHFkWFLIUXO

vQV úLGHRDUHFHDUHQHYRLHGHPDLPXOWVSD LXSHQWUXFRGúLPDLPXOWHFLFOXUL7RWXúL
vQFRPSDUD LHFXDOWHFLIUXULFKLDUúLFLIUXOLQYHUVHVWHIRDUWHUDSLG
• ÌQVRIWZDUHFLIUXOúLLQYHUVOXLIRORVHVFFRGGLIHULWúLVDXWDEHOHGLIHULWH
• ÌQKDUGZDUHFLIUXOLQYHUVSRDWHUHXWLOL]DGRDUSDU LDOVFKHPDFHLPSOHPHQWHD] FLIUXO

39
 ÌQGUXP WRUGHODERUDWRU

4.4. Teme propuse

&DUHVXQWGLIHUHQ HOHvQWUH5LMQGDHOúL$(6"

 $QDOL]D L VWUXFWXUD FLIUXOXL 5LMQGDHO 8WLOL]kQG VXUVHOH ELEOLRJUDILFH DQDOL]D L DVSHFWHOH
PDWHPDWLFHFkPSXULILQLWH*)úLSROLQRDPHOHXWLOL]DWHSHQWUX5LMQGDHO

 6  VH VFULH XQ SURJUDP vQ XQXO GLQ OLPEDMHOH GH SURJUDPDUH FXQRVFXWH FDUH UHDOL]HD] 
FULSWDUHD úL GHFULSWDUHD XQXL ILúLHU WH[W XWLOL]kQG FLIUXO 5LMQGDHO LQH L FRQW GH PRGXULOH GH
operare.

40
 /XFUDUHD$OJRULWPLFXFKHLSXEOLFH3URLHFWXOGHVHOHF LH
NESSIE.

6FRSXOOXFU Uii

ÌQDFHDVW OXFUDUHQHYRPUHIHULODDOJRULWPLLFXFKHLSXEOLFHDOJRULWPLXWLOL]DELOLDWkWSHQWUX
DVLJXUDUHD FRQILGHQ LDOLW LL FkW úL SHQWUX DVLJXUDUHD DXWHQWLILF ULL HWF 3HUPLW FRPXQLFDUHD
vQWUHGRX S U LFDUHQXGH LQXQVHFUHWRFKHLHVHFUHW LQL LDO 

'XS RVFXUW SUH]HQWDUHDFRQFHSWHORUúLDXQXLH[HPSOXGHDOJRULWPFXFKHLSXEOLFH56$

VHWUHFHODSUH]HQWDUHDSURLHFWXOXLGHVHOHF LH1(66,(SURLHFWFDUHVSUHGHRVHELUHGHVHOHF LD
$(6DDGUHVDWúLDOWHWLSXULGHDOJRULWPLQXGRDUFLIUXULbloc.

5.2. Algoritmi cu chei publice

6FXUW SUH]HQWDUHDDOJRULWPLORUFXFKHLSXEOLFH

)LJXUD&ULSWDUHDúLGHFULSWDUHDXWLOL]kQGDOJRULWPLFXFKHLSXEOLFH

Conceptul de FULSWDUHDVLPHWULF sau cu chei publiceDIRVWLQWURGXVGH'LIILHúL+HOOPan în

(LSURSXQHDXRDFHDVW PHWRG QRX GHFLIUDUHvQFDGUXOF UHLDGRLXWLOL]DWRULSURFHVH
SRWFRPXQLFDFRQILGHQ LDOFXQRVFkQGILHFDUHGRDUFKHLDSXEOLF DFHOXLODOW

$VWIHOGDF GRX S U L$úL% FRPXQLF XWLOL]kQGDFHVWDOJRULWPDPEHOHS U L au nevoie de

câte o pereche de chei – câte o FKHLHSXEOLF úLFkWHRFKHLHVHFUHW ILJXUD.

M=D(C, KAS), C= E(M, KAP)

MHVWHPHVDMXOLQL LDOKASFKHLDVHFUHW DOXL$KAPFKHLDSXEOLF C mesajul cifrat, E(x, y)

HVWH IXQF LD GH FULSWDUH FDUH DUH FD úL LQWU UL PHVDMXO úL FKHLD LDU '[ \ HVWH IXQF LD GH
 ÌQGUXP WRUGHODERUDWRU

GHFULSWDUHFDUHDUHFDúLLQWU ULPHVDMXOúLFKHLD'LQFKHLDSXEOLF QXVHSRDWHGHWHUPLQDFKHLD

VHFUHW 

$OJRULWPLLFXFKHLSXEOLFHSRWILIRORVL LDWkWvQVFRSXODVLJXU ULLFRQILGHQ LDOLW LLFkWúLSHQWUX

DXWHQWLILFDUH úL QH-UHSXGLHUH $VWIHO VXQW DOJRULWPL SHQWUX FULSWDUH GDU úL SHQWUX VHPQ WXUD
GLJLWDO 

'DF HQHYRLHGHFRQILGHQ LDOLWDWHXWLOL]DWRUXO$FDUHGH LQH

• o cheie KASVHFUHW RYDXWLOL]DSHQWUXGHFULSWDUHDPHVDMHORUSULPLWHúLFDre au fost în

prealabil criptate, de oricine, cu cheia KAPSXEOLF 
• o cheie KAPSXEOLF FDUHHVWHXWLOL]DW GHH[GHXWLOL]DWRUXO%SHQWUXDFULSWDPHVDMHOH
WULPLVH VSUH $ DVWIHO vQFkW GRDU $ V  OH SRDW  GHFULSWD FkQG VH GRUHúWH FRPXQLFDUHD
FRQILGHQ LDO FX$
5ROXULOHSRWILLQYHUVDWHúLDWXQFL$YDXWLOL]DSHQWUXFRGLILFDUH.BPFKHLDSXEOLF DOXL%úL%
YDFLWLPHVDMXOGHFRGLILFDWFXFKHLDVHFUHW .BSFDUHHVWHS VWUDW GHXWLOL]DWRUvQFRQGL LLGH
PD[LP VHFXULWDWH

'DF HQHYRLHGHautentificareXWLOL]DWRUXO$FDUHGH LQH

• o cheie KASVHFUHW RYDXWLOL]DSHQWUXFULSWDUHDPHVDMXOXLFDUHVHGRUHúWHDXWHQWLILFDW

• o cheie KAPSXEOLF FDUHHVWHGLVSRQLELO RULFXLHVWHXWLOL]DW GHH[GHXWLOL]DWRUXO%
pentru a decripta mesajul trimise spre A, astfeO % YHULILF  DXWHQWLFLWDWHD GDF  QX H
autentic –DGLF FULSWDWGH$– , mesajul decriptat nu este inteligibil).
&HOHGRX SURFHGHHSHQWUXDXWHQWLILFDUHúLFRQILGHQ LDOLWDWHSRWILFRPELQDWH

5.2.1. Algoritmul RSA (Rivest- Shamir- Adleman)

Algoritmul RSA D IRVW SURSXV vQ  GH WUHL FHUFHW WRUL FDUH L-DX GDW úL QXPHOH 5RQDOG
Rivest, Adi Shamir, Leonard Adleman).

3HQWUXJHQHUDUHDFKHLORUVHSDUFXUJXUP WRULLSDúL

• VHXWLOL]HD] GRX QXPHUHpúLqQXPHUHPDULSULPHGHP ULPHVLPLODU DVWIHOvQFkWn

= pq eVWHGHP ULPHDFHUXW –GHH[HPSOXHVWHGHGHEL L
• VHGHILQHúWHm sau phi = (p-1)(q-1);.
• VHDOHJHXQQXP UvQWUHJPLFe astfel încât 1 < e < phiúLFDUHHVWHSULPID GHphi:
gcd(e, phi) = 1 (cel mai mare divizor comun e 1);
• se alege un d (secret) 1 < d < phi astfel încât ed % m =1 (% VHPQLILF  UHVWXO
vPS U LULLed la m este 1);
• VHSXEOLF e úLnFDúLFKHLHSXEOLF ;
• VHS VWUHD] d úLnFDúLFKHLHVHFUHW .
Astfel pentru criptare VH UHDOL]HD]  XUP WRDUHOH FDOFXOH c=me % n  VH ULGLF  OD SXWHUHD e
WH[WXOGHFRGLILFDWúLDSRLVHDWULEXLHOXLFUHVWXOvPS U LULLODn.

3HQWUXGHFULSWDUHVHFDOFXOHD] m=cd% n SXWHUHDXWLOL]DW HVWd).

42
Tehnici de securitate a datelor

&ULSWDUHDúLGHFULSWDUHDFX56$
Pentru criptare, A – cel care trimite mesajul –SDUFXUJHXUP WRDUHOHHWDSH

• RE LQHFKHLDSXEOLF DOXL%(n, e);

• VH UHSUH]LQW  PHVDMXO LQL LDO FDUH XUPHD]  V  ILH FULSWDW 0 VXE IRUPD XQXL vQWUHJ
pozitiv m;
• VHFDOFXOHD] c = m^e mod n;
• se trimite textul cifrat c la B.
Pentru decriptare, B – cel care trimite mesajul –SDUFXUJHXUP WRULLSDúi:

• XWLOL]HD] FKHLDSULYDW (n, d) pentru a calcula m = c^d mod n;

• H[WUDJHWH[WXOFODUPHVDMXOLQL LDOGLQvQWUHJXOUHSUH]HQWDWFXm.

56$XWLOL]DWSHQWUXVHPQ WXU GLJLWDO

A –HPL WRUXO–SDUFXUJHXUP WRDUHOHHWDSHSHQWUXa semna digital:

• FUHHD] XQUezumat (message digestDOLQIRUPD LHLFDUHXUPHD] V ILHWULPLVH

• UHSUH]LQW DFHVWUH]XPDWFDúLvQWUHJPFDUHHVWHFXSULQVvQWUHúLn-1;
• XWLOL]HD] FKHLDSULYDW VHFUHW (n, d)SHQWUXDFDOFXODVHPQ WXUDs = m^d mod n;
• WULPLWHVHPQ WXUDs la B.
B – receptorul –SDUFXUJHXUP WRDUHOHHWDSHSHQWUXDYHULILFDVHPQ WXUDGLJLWDO :

• XWLOL]kQGFKHLDSXEOLF DOXL$(n, e) pentru a calcula întregul v = s^e mod n;

• H[WUDJHGLQPHVDMXOUHFHS LRQDWUH]XPDWXODFHVWXLDVXEIRUP GHvQWUHJ
• FDOFXOHD]  vQ PRG LQGHSHQGHQW UH]XPDWXO PHVDMXOXL SHQWUX LQIRUPD LD FDUH D IRVW
VHPQDW 
• FRPSDU FHOHGRX UH]XPDWHúLGDF VXQWLGHQWLFHvQVHDPQ F VHPQ WXUDHVWHYDOLGDW 

5.3. Proiectul NESSIE

Obiectivul principal al proiectului NESSIE (New European Schemes for Signature, Integrity,
and EncryptionILQDQ DWGH8QLXQHD(XURSHDQ DIRVWV VHOHFWH]HXQSRUWRIROLXGHSULPLWLYH
criptografice de diferite tipuri. Proiectul a început printr-R FHUHUH GH RIHUW  SXEOLF  SHQWUX
SULPLWLYH FULSWRJUDILFH úL SHQWUX PHWRGRORJLL GH HYDOXDUHD D SULPLWLYHORU $FHDVW  FHUHUH GH
RIHUW  LQFOXGH R VROLFLWDUH QX QXPDLSHQWUX FLIUXUL EORFFD úLvQFD]XOVHOHF LHL $(6GDU úL
SHQWUX DOWH SULPLWLYH FULSWRJUDILFH LQFOXVLY DOJRULWPL FX FKHL SXEOLFH úL GH DVHPHQHD IXQF LL

43
 ÌQGUXP WRUGHODERUDWRU

KDVKFLIUXULVWUHDPúLDOJRULWPLSHQWUXVHPQ WXU GLJLWDO HWF$SHOXOSHQWUXSULPLWLYHDIRVW

GHILQLWLYDWúLDIRVWSXEOLFDW1 in Martie 2000.

Au fost primite 40 de primitive criptografice. Aceste primitive propuse au fost evaluate (cu
DMXWRUXO úL D DOWRU FRQWULEXLWRUL H[WHUQL DWkW GLQ SXQFW GH YHGHUH D VHFXULW LL FkW úL D
SHUIRUPDQ HL

&ULWHULLOHGHHYDOXDUHúLVHOHF LH2
Criteriile de evaluare publicate în apelul NESSIE au fost:

• $WDFXO DU WUHEXL V  ILH FHO SX LQ OD IHO GH GLILFLO FD úL DWDFXULOH JHQHULFH vPSRWULYD
tipurilor dHSULPLWLYHF XWDUHH[KDXVWLY HWF
• Primitivele vor fi evaluate vis-a-YLVGHFHHDFHSUHWLQGDXWRULORU'DF H[LVW XQDWDF
FDUHQHFHVLW XQHIRUWGHFDOFXOPDLPLFGHFkWFHHDFHSUHWLQGDXWRULLSULPLWLYDYDIL
GHVFDOLILFDW 
• Primitivele vor fi evaluate în mediul declarat (propus). Astfel, vor fi apreciate
analizele de vulnerabilitate în cazul atacurilor side-channel (ex. timing attacks, power
analysis).
&ULWHULLOHGHVHOHF LHSULQFLSDOHDXIRVW

• Securitatea pe termen lung. Securitatea e cel mai impoUWDQW FULWHULX SHQWUX F 

VHFXULWDWHDSULPLWLYHORUFULSWRJUDILFHHVWHHVHQ LDO vQDDVLJXUDvQFUHGHUHD3URFHVXOGH
HYDOXDUH LQHFRQWGHHYROX LDúLGH]YROWDUHDFDUHDUHORFvQSDUDOHOFXSURLHFWXOXLFXP
DUILQRLDWDFXULVDXWHKQLFLGHDQDOL] 
• Cererea SLH HL&HUHUHDSLH HLUHIOHFW QHYRLDGHSULPLWLYHXWLOL]DUHDORUúLSRVLELOLW LL
de a fi folosite pe plan mondial.
• (ILFLHQ D 'LQ SHUVSHFWLYD SHUIRUPDQ HL SHQWUX LPSOHPHQWDUHD VRIWZDUH DX IRVW
FRQVLGHUDWHGLIHULWHSODWIRUPHGHODSODWIRUPHSHEL i (utile pentru Smart Card-uri),
SH  GH EL L úL SkQ  OD  EL L 3HQWUX LPSOHPHQW UL KDUGZDUH VXQW FRQVLGHUDWH DWkW
FPGA-XULFkWúL$6,&-uri.
• Flexibilitatea. 6H GRUHúWH FD R SULPLWLY  V  VH SRDW  XWLOL]D SH R PXOWLWXGLQH GH
platforme.
Câteva dintre aspectele considerate sunt:

• 5H]LVWHQ D OD FULSWDQDOL]  3ULPLWLYHOH SURSXVH WUHEXLDX V  UH]LVWHQWH OD DWDFXUL

FULSWDQDOLWLFH (úHFXO OD XQ DVWIHO GH DWDF GHVFDOLILF  SURSXQHUHD 2ULFXP FkQG VH
HYDOXHD]  UH]LVWHQ D OD DFHVWH DWDFXUL FULSWDQDOLWLFH úL DO L IDFWori sunt de asemenea
FRQVLGHUD LFDP ULPHDúLWLSXOGDWHORUQHFHVDUHSHQWUXDUHDOL]DDWDFXO

1
NESSIE, Call for Cryptographic Primitives, Version 2.2, 8th March 2000, available at:
https://www.cosic.esat.kuleuven.ac.be/ nessie/call/, last visited November 2006.
2
NESSIE consortium, NESSIE project announces final selection of crypto algorithms, February 27, 2003,
available at: https://www.cosic.esat.kuleuven.ac.be/nessie/deliverables/ press_release_feb27.pdf, last visited
November 2006.

44
Tehnici de securitate a datelor

• ,GHLOH úL WUDQVSDUHQ D GHVLJQXOXL (VWH PDL XúRU V  DYHP vQFUHGHUH vQ HYDOXDUHD
VHFXULW LL XQHL SULPLWLYH GDF  PRGHOXO HVWH FODU úL VLPSOX úL HVWH ED]DW SH R EXQ 
vQ HOHJHUH D SULQFLSLLORU PDWHPDWLFH úL FULSWRJUDILFH $FHVWHD VXQW vQ PRG FODU
LPSRUWDQWHFkQGVHFRPSDU SULPLWLYHOHvQWUHHOH
• 5H]LVWHQ D SULPLWLYHORU PRGLILFDWH 2 WHKQLF  XWLOL]DW  vQ PRG IUHFYHQW OD HYDOXDUHD
puterii unei primitive este în a evaOXD R SULPLWLY  PRGLILFDW  GH H[HPSOX SULQ
VFKLPEDUHD VDX HOLPLQDUHD XQHL FRPSRQHQWH VDX SULQ UHGXFHUHD QXP UXOXL GH UXQGH
&RQFOX]LLOH ED]DWH SH HYDOXDUHD SULPLWLYHORU PRGLILFDWH VXQW FX JULM  WUDQVIHUDWH
SHQWUXSULPLWLYDHYDOXDW GDWRULW SRVLELOLW Li de a nu fi valabile.
• 6HFXULWDWHDUHODWLY  &kQG HYDOX PSULPLWLYH GHVWLQDWHV  RSHUH]HOD DFHODúL QLYHO GH
VHFXULWDWHvQPHGLLVLPLODUHHQDWXUDOV QHGRULPV OHFRPSDU PVHFXULWDWHD2ULFXP
DVWIHO GH FRPSDUD LL WUHEXLH UHDOL]DWH FX PXOW  JULM  2 P VXU  FDUH D IRVW VXJHUDW 
SHQWUXSULPLWLYHOHFDUHVHED]HD] SHXQDOJRULWPLWHUDWLYFDUHDUHOLPLWHGHVHFXULWDWH
HVWH V  VH P VRDUH GLIHUHQ D GLQWUH QXP UXO PD[LP GH FLFOXUL FDUH SRW IL XúRU
FRPSURPLVH úL QXP UXO WRWDO GH FLFOXUL GDU QX H[LVW  XQ FRQVens general acceptat
pentru comparare.
• Mediul criptografic ÌQ DQXPLWH PHGLL GH LPSOHPHQWDUH R SULPLWLY  FULSWRJUDILF  DU
SXWHD V  DLE  VDX QX DYDQWDMH SURSULL 8Q H[HPSOX DU SXWHD IL R SULPLWLY  FDUH H
UH]LVWHQW  OD DWDFXUL GH SXWHUH úL WLPS FkQG VH LPSOHPHQWHD]  SH XQ FDUG LQWHOLJHQW
$FHVWHSURSULHW LYRUILFRQVLGHUDWHFkQGHYDOX PVHFXULWDWHDXQHLSULPLWLYH
• 7HVWDUHDVWDWLVWLF 7HVWDUHDVWDWLVWLF DSULPLWLYHORUSURSXVHSHQWUXSURLHFWXO1(66,(
DIRVWHIHFWXDW 6FRSXODFHVWHLWHVW ULVWDWLVWLFHHVWHV VFRDW vQHYLGHQ DQRPDOLLOHvQ
RSHUDUH D SULPLWLYHORU FDUH SRW LQGLFD XQHOH VO ELFLXQL DOH SULPLWLYHL úL QHFHVLW  R
LQYHVWLJD LHXOWHULRDU 

$OJRULWPLGHVHOHF LH1(66,(
ÌQIHEUXDULHFRQVRU LXOSURLHFWXOXL1(66,(DDQXQ DWDOJRULWPLLFULSWRJUDILFLILQDOLúWLL
DLVHOHF LHL3URFHVXOGHHYDOXDUHDIRVWGHVFKLVED]kQGX-VHSHFULWHULXOHYDOX ULLSXEOLFDWH$
IRVW SULPLW IHHGEDFN GH OD FRPXQLWDWHD FULSWRJUDILF  PRQGLDO  FRPHQWDULLOH DX IRVW I FXWH
publice.

7DEHOXO  SUH]LQW  DOJRULWPLL 1(66,( VHOHFWD L  DOJRULWPL GLQ FHL  SURSXúL DO L 
DOJRULWPLVWDQGDUGL]D LDXIRVWDG XJD LODSRUWRIROLXO1(66,(LQGLFD LFX LQWDEHOXO

Nu s-D LGHQWLILFDW YXOQHUDELOLW L SHQWUX DFHúWL  DOJRULWPL SkQ  OD VIkUúLWXO SURFHVXOXL GH
selectare, dar au existat suspiciuni confirmate mai târziu, legate de SFLASH care a fost mai
WkU]LXFRPSURPLVODIHOFDúLSHQWUX6)$/6+YFDUHQXHFRQVLGHUDWGHVWXOGHVLJXU1LFLXQXO
GLQWUHFHLFLIUXULVWUHDPSURSXVHQXDvQGHSOLQLWFHULQ HOHGHVHFXULWDWe NESSIE.

/LFHQ H&HOHSULPLWLYHVLPHWULFHGLQDFHVWSRUWRIROLXFLIUXULEORFDOJRULWPL0$&úL

IXQF LLKDVKSRWILIRORVLWHJUDWXLW3ULPLWLYHOHDVLPHWULFH56$-KEM, RSA-366úL6)/$6+
sunt de asemenea pentru uzul public. PSEC-KEM este disponibil vQ FRQGL LL IDYRUDELOH
/LFHQ HOHWUHEXLHV ILHQHJRFLDWHSHQWUX$&((FU\SW(&'6$úL*36GDUGH LQ WRULLORUDX
SURPLVV RIHUHWHUPHQLUH]RQDELOLúLQHGLVFULPLQDWRULL

45
 ÌQGUXP WRUGHODERUDWRU

Tabel 5.1. NESSIE portfolio

Algoritmi MISTY1 Mitsubishi Electric Corp., Japan

bloc Camellia Nippon Telegraph and Telephone Corp., Japan and Mitsubishi
Electric Corp., Japan
SHACAL-2 Gemplus, France
AES * (Advanced Encryption Standard) (USA FIPS 197) (Rijndael)
Algoritmi cu ACE Encrypt IBM Zurich Research Laboratory, Switzerland
chei publice PSEC-KEM Nippon Telegraph and Telephone Corp., Japan
RSA-KEM* (draft of ISO/IEC 18033-2)
Algoritmi Two-Track-MAC K.U.Leuven, Belgium and debis AG, Germany
0$&úL UMAC Intel Corp., USA, Univ. of Nevada at Reno, USA, IBM Research
IXQF LLKDVK Laboratory, USA, Technion, Israel and Univ. of California at
Davis, USA
CBC-MAC* (ISO/IEC 9797-1)
HMAC* (ISO/IEC 9797-1)
Whirlpool Scopus Tecnologia S.A., Brazil and K.U.Leuven, Belgium
SHA-256*, SHA-384* (USA FIPS 180-2).
and SHA-512*
Algoritmi ECDSA Certicom Corp., USA and Certicom Corp., Canada
pentru RSA-PSS RSA Laboratories, USA
VHPQ WXU  SFLASH Schlumberger, France
GLJLWDO
Scheme de GPS Ecole Normale Supérieure, Paris, France Télécom and La Poste,
identificare France

5.4. Teme propuse

6 VHDQDOL]H]HPRGXOGHRSHUDUHDODOJRULWPXOXL56$/XD LXQH[HPSOXúLSDUFXUJH LSDúLL

pentru criptare/decriptare.

 6  VH VFULH XQ SURJUDP vQ XQXO GLQ OLPEDMHOH GH SURJUDPDUH FXQRVFXWH FDUH UHDOL]HD] 
FRGLILFDUHDXQXLILúLHUWH[WXWLOL]kQGFLIUXO56$6HYD LQHGHFRQWGHIDSWXOF DFHVWDOJRULWP
ODIHOFDúL'(6úL$(6RSHUHD] vQELQDU

 ,GHQWLILFD L XQ DOJRULWP GLIHULW GH FHL GLVFXWD L SkQ  DFXP GLQ OLVWD FHORU VHOHFWD L vQ
SURLHFWXO 1(66,( úL VWXGLD L IXQF LRQDUHD DFHVWXLD 5HDOL]D L R LPSOHPHQWDUH SHQWUX DFHVW
DOJRULWP,QWHJUD LDFHDVW LPSOHPHQWDUHFXFHOHODOWHLPSOHPHQW ULDQWHULRDUH

46
Tehnici de securitate a datelor

Lucrarea 6. Proiectul de cercetare CRYPTREC

6.1. Proiectul de cercetare CRYPTREC IPA (CRYPTography Research

and Evaluation Committees)

$JHQ La Information-technology Promotion Agency (IPA) GLQ -DSRQLD D LQL LDW SURLHFWXO
CRYPTREC (CRYPTography Research and Evaluation Committees) cu scopul de a identifica
DOJRULWPLL FULSWRJUDILFL VWDQGDUG UHFRPDQGD L SHQWUX D IL XWLOL]D L GH LQIUDVWUXFWXUD
guverQDPHQWDO MDSRQH] 1.

3URLHFWXO&5<375(&DIRVWLQL LDWvQ'LIHULWHWLSXULGHSULPLWLYHFULSWRJUDILFHDXIRVW
WULPLVH FD U VSXQV D DSHOXOXL SHQWUX LQVWUXPHQWH FULSWRJUDILFH &D úL  vQ FD]XO LQL LDWLYHL
1(66,(DSHOXO&5<375(&DIRVWLQL LDWSHQWUXPDL multe tipuri de primitive. De asemenea,
VFRSXODIRVWV VHOHFWH]HXQVHWGHWHKQLFLQXQXPDLXQXOFDúLODVHOHF LD$(6

2SDUWHGLQDOJRULWPLLHYDOXD LGHSURLHFWXO1(66,(5&0,67<&DPHOOLD$(6DXIRVW

GHDVHPHQHDSURSXúLOD&5<375(&SHQWUXHYDOXDUH ÌQWDEHOXOvQDGRXDFRORDQ VXQW
DILúDWHSURSXQHULOHSHQWUX&5<375(&úLvQXOWLPDSULPLWLYHOHDG XJDWHSHQWUXHYDOXDUH
Tabel 6.1. Primitivele evaluate de CRYPTREC

Categorie (utilitate) $OJRULWPLWUPLúLOD&5<375(& $O LDOJRULWPLHYDOXD L

Tehnici asimetrice ACE Encrypt, ECAES(Elliptic Curve RSA OAEP
FRQILGHQ LDOLWDWH Augmented Encryption Scheme) in SEC1,
EPOC, HIME-2, PSEC
Tehnici asimetrice ESIGN-identification -
(autentificare)
Tehnici asimetrice ACE Sign, ECDSA(Elliptic Curve Digital DSA, RSA PSS
VHPQ WXU  Signature Algorithm) in SEC1, ESIGN-
signatures, MY-ELLTY ECMR-h
Tehnici asimetrice (stabilire ECDHS (Elliptic Curve Deffie-Hellman DH Key Exchange
chei) Scheme) in SEC1, ECMQVS (Elliptic Curve
MQV Scheme) in SEC1, HDEF-ECDH, HIME-1
Tehnici simetrice (algoritmi MULTI-S01, TOYOCRYPT-HS1 -
stream)
Tehnici simetrice (algoritmi CIPHERUNICORN-E, FEAL-NX, Triple DES
bloc pe 64-EL L Hierocrypt-L1, MISTY1
Tehnici simetrice (algoritmi Camellia, CIPHERUNICORN-A, Hierocrypt-3, Rijndael
bloc pe 128-EL L MARS, RC6, SC2000
)XQF LLKDVK - MD5, RIPEMD-160, SHA-1
Pseudo-Random Number TOYOCRYPT-HR1 PRNG based on SHA-1
Generators (BFIPS186)

1
CRYPTEC site, Evaluation of Cryptographic Techniques, available at: http://www.ipa.go.jp/
security/enc/CRYPTREC/index-e.html

47
 ÌQGUXP WRUGHODERUDWRU

Al doilea apel la CRYPTREC a adresat evaluarea primitivelor cu ajutorul unor atacuri

criptografice. AlteWHKQLFLFULSWRJUDILFHDXIRVWDG XJDWHSHQWUXHYDOXDUHGH&5<375(&

7DEHOXO  FRQ LQH SULPLWLYHOH VHOHFWDWH GH &5<375(& LQFOX]kQG QRWHOH úL UHFRPDQG ULOH
VSHFLDOHFDUHDXIRVWúLHOHSXEOLFDWH6HSRDWHREVHUYDGLQWDEHOF XQLLGLQWUHDOJRULWPLVXQW
iQWURGXúL SHQWUX PRPHQW GDWRULW  XWLOL] ULL ORU vQ PHFDQLVPH GH VHFXULWDWH IRORVLWH GHMD
RULFXPVHUHFRPDQG WUHFHUHDGDF HSRVLELOODDOJRULWPLPDLSXWHUQLFL

Tabelul 6.2. Primitivele selectate de CRYPTREC

Algoritmi 6HPQ WXU DSA, ECDSA, RSAASSA-PKCS1-v1 5, RSA-PSS

cu chei &RQILGHQ LDOLWDWH RSA-OAEP, RSAES-PKCS-v1 5*1
publice Stabilire chei DH, ECDH, PSEC-KEM*2
Algoritmi Algoritmi bloc pe 64- CIPHERUNICORN-E, Hierocrypt-L1, MISTY1, 3-key Triple DES *4
simetrici EL L 3
Algoritmi bloc pe 128- AES, Camellia, CIPHERUNICORN-A, Hierocrypt-3, SC2000
bit
Algoritmi stream MUGI, MULTI-S01, 128-bit RC4 *5
$O L )XQF LLKDVK RIPEMD-160 *6, SHA-1*6, SHA-256, SHA-384, SHA-512
algoritmi Pseudo-random PRNG based on SHA-1 in ANSI X9.42-2001 Annex C.1,
number generator *7 PRNG based on SHA-1 for general purpose in FIPS 186-2 (+ change
*1) Appendix 3.1, PRNG based on SHA-1 for general purpose in FIPS
186-2 (+ change *1) revised Appendix 3.1.
2EVHUYD LL
*1 (YDOXDWGHRDUHFHHVWHXWLOL]DWGHRFDPGDW vQ66L3.0/TLS1.0
*2 Doar presupunând utilizarea cu KEM (Key Encapsulation Mechanism) –DEM (Data Encapsulation
Mechanism)
*3 Algoritmi bloc pe 128-EL LVXQWSUHIHUD L
*4 7ULSOH'(6FXFKHLHVWHSHUPLVGDF HVWHvQF VSHFLILFDWFDúL),36-3, 2) este standard în facto.
*5 5&SHGHEL LIRORVLW'2$5SHQWUX66/7/6VDXXOWHULRDUH'HvQORFXLWFXDOWDOJRULWP
este disponibil.
*6 'DF H[LVW HVWHSUHIHUDELOV ILHIRORVLWHIXQF LLOHKDVKSHEL LVDXPDLPXO L$FHDVW FHULQ QXVH
apliF FkQGVHIRORVHúWHIXQF LHKDVKFDUHDUHODED] DOJRULWPLFXFKHLHSXEOLFHUHDOL]DWFRQIRUP
VSHFLILFD LLORU
*7 Acesti algoritmi sunt exemple de PRNG (pseudo-random number generators). Deoarece PRNG nu
QHFHVLW LQWHURSHUDELOLWDWHSRWILXWLOL]D LDOJRULWPLFULSWRJUDILFLFDúL351*

'HVSUHVHOHF LLOHGLQ86$(XURSD-DSRQLD

ÌQ OXFU ULOH -6 s-DX DQDOL]DW XOWLPHOH  SURFHVH GH HYDOXDUH FDUH DX DGUHVDW VHOHF LD XQRU
DOJRULWPLLFULSWRJUDILFLFRPSHWLWLYL&RPSHWL LD1,67FRPSDUDW FX1(66,(úL&5<37REC,
DGUHVHD] QXPDLEORFXULFLIUDWHGHGHEL LúLDGUHVHD] GRDUXQVLQJXUDOJRULWPvQWLPSFH
FHOHODOWHGRX DFRSHU PDLPXO LDOJRULWPLGHWLSXULOHGLIHULWH3HQWUXDSXWHDFRPSDUDSHQWUX
1(66,(úL&5<375(&DXIRVWDG XJD LDWkWDOJRULWPLVWDQGDUGFkWúL$(6&k LYDDOJRULWPL
DXIRVWSUH]HQWD LúLHYDOXD LSHQWUXWRDWHFRPSHWL LLOHúLGLQWUHDFHúWLDOJRULWPLGRDU5LMQGDHOD
IRVW VHOHFWDW 5& QX D IRVW VHOHFWDW UHVSLQJHUHD D IRVW OHJDW  GH OLFHQ  &k LYD DOJRULWPL
HYDOXD LQXPDLGH1(66,(úL&5<375(&DXIRVWVHOHFWD LvQDPEHOHFRPSHWL LL– acesta este
FD]XO DOJRULWPLORU MDSRQH]L 0,67< úL &DPHOOLD SHQWUX FLIUXUL EORF (&'6$ úL 56$-PSS
SHQWUXVHPQ WXUDGLJLWDO HWF$OJRULWPLFDúL7ULSOH-'(6FXWUHLFKHLDXIRVWLQFOXúLvQOLVWDGH
UHFRPDQG UL D OXL &5<375(& SHQWUX D IL IRORVL L vQ VWDQGDUGHOH GH VHFXULWDWH D UH HOHL
SSL3.0/TLS1.0.

6HOHF LDDOJRULWPLORUFULSWRJUDILFLVHED]HD] SHDQXPLWHFULWHULLFXPDUILVHFXULWDWHHILFLHQ 

48
Tehnici de securitate a datelor

FRVWVLPSOLWDWHVWDWXWXOGSGYDOSURSULHW LLLQWHOHFWXDOe etc. A stabili nivelul de securitate

QXHVWHRVDUFLQ WRFPDLXúRDU &HLPDLPXO LDOJRULWPLFULSWRJUDILFLVHED]HD] SHXQDVDX
PDLPXOWHLSRWH]HQHGHPRQVWUDWHVDXSUREOHPHJUHOH2HYDOXDUHLQGHSHQGHQW HQHFHVDU GDU
DFHDVWDLPSOLF RFDQWLWDWHVXEVWDQ LDO GHFHUFHWDUH&ULSWRJUDILDFKHLLSXEOLFHVHED]HD] SH
SUREOHPHJUHOHGHPDWHPDWLF FXPDUILSUREOHPDIDFWRUL] ULLVDXSUREOHPDORJDULWPXOXLÌQ
JHQHUDO FRQFOX]LLOH WXWXURU HYDOX ULORU VXQW YDOLGH SHQWUX PRPHQW 6LWXD LL QHDúWHSWDWH H[
atacuri nRLSRWvQWRWGHDXQDV DSDU $VWIHOFRQWH[WXOFULSWRJUDILHLVHSRDWHVFKLPEDXúRU

'DWRULW FRQWH[WXOXLvQGRPHQLXOFULSWRJUDILFUH]XOWDWHOHHYDOX ULORUGHVHFXULWDWHGHVFULVHvQ

VHF LXQLOHDQWHULRDUHSRWV QXU PkQ YDOLGHúLvQYLLWRU1RLYXOQHUDELOLW LVXQWLGHQWLILFDWHvQ
ILHFDUH DQ DVWIHO HVWH QHYRLH GH R DGDSWDUH SHUPDQHQW  'H DVHPHQHD HVWH QHFHVDU V  VH
FRQWLQXHHYDOX ULOH

6.3. Teme propuse

 6  VH DQDOL]H]H REVHUYD LLOH GLQ WDEHOXO  &RPSDUD L VHOHF LLOH SUH]HQWDWH vQ XOWLPHOH 
OXFU Ui.

,GHQWLILFD LSHQWUXILHFDUHWLSGHDOJRULWPXQH[HPSOXGHDOJRULWPUHFRPDQGDW

 ,GHQWLILFD L XQ DOJRULWP GLIHULW GH FHL GLVFXWD L SkQ  DFXP GLQ OLVWD FHORU VHOHFWD L vQ
SURLHFWXO&5<375(&úLVWXGLD LIXQF LRQDUHDDFHVWXLD5HDOL]D LRLPSOHPHQWare pentru acest
DOJRULWP,QWHJUD LDFHDVW LPSOHPHQWDUHFXFHOHODOWHLPSOHPHQW ULDQWHULRDUH

49
 Bibliografie

“ DES Modes of Operation” , Federal Information Processing Standard (FIPS), Publication 81,
National Bureau of Standards, US Department of Commerce, Washington D.C., December
1980.

American National Standards Institute, American National Standard X3.106-1983 (R1996),

Data Encryption Algorithm, Modes of Operations for DES, 1983.

Federal Information Processing Standards Publication 46-2, Data Encryption Standard (DES),
http://www.itl.nist.gov/fipspubs/fip46-2.htm

A. J. Menezes, P. C. van Oorschot, S. A. Vanstone, Handbook of Applied Cryptography,

CRC Press, 1996, available at: http://www.cacr. math.uwaterloo.ca/hac/

ISO/IEC 10116, “ Information technology - Security techniques - Modes of operation of an

n-bit block cipher algorithm,” IS 10116, 1991.

B. Schneier, Applied Cryptography, John Wiley & Sons, New York, 1996.

RSA Security web site: http://www.rsasecurity.com/

National Institute of Standards and Technology, NIST Report, September 12, 1997 (Volume
62, Number 177). Docket No. 970725180-7180-01.Pages 48051-48058.

,0DQJ5 LUWHD7HKQLFLGHVHFXULWDWHDGDWHORU–vQGUXP WRUGHODERUDWRU8QLYHUVLWDWHDGLQ

Oradea, 1998.

NIST Report on the Development of the Advanced Encryption Standard (AES), James
Nechvatal, Elaine Barker, Lawrence Bassham, William Burr, and co., October 2, 2000.

NESSIE, Call for Cryptographic Primitives, Version 2.2, 8th March 2000, available at:
https://www.cosic.esat.kuleuven.ac.be/ nessie/call/.

National Institute of Standards and Technology (NIST), “ Recommendation for Block Cipher
Modes of Operation, Methods and Techniques” , available at: http://csrc.nist.gov/publications/
nistpubs/800-38a/sp800-38a.pdf; NIST Special Publication 800-38A 2001 Edition.1

E. Oswald, B. Preneel, “ A theoretical evaluation of some NESSIE candidates regarding their

susceptibility towards power analysis attacks” , NESSIE report, 2002.

NESSIE consortium, NESSIE project announces final selection of crypto algorithms,

February 27, 2003, available at: https://www.cosic.esat.kuleuven.ac.be/nessie/deliverables/
press_release_feb27.pdf
 ÌQGUXP WRUGHODERUDWRU

CRYPTEC site, Evaluation of Cryptographic Techniques, available at: http://www.ipa.go.jp/

security/enc/CRYPTREC/index-e.html

A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, “ Basic Concepts and Taxonomy of
dependable and secure computing,” IEEE Trans. On Dependable and Secure Computing, Vol.
1, No.1, January-March, 2004, pp. 11-33.

L.J. Hoffman, K. Lowson-Jenkins, J. Blum, “ Trust beyond security: An expended trust

model” , Communications of the ACM, Vol. 94, No. 7, July, 2006, pp. 95-101.

Wikipedia – GLYHUVHSDJLQLGHVWLQDWHVHFXULW LLLQIRUPD LHLSHwww.wikipedia.org.

52