Thuat Toan Ma Hoa Va Ung Dung

Li gii thiuMt m (Cryptography) l ngnh khoa hc l ngnh nghin cu cc k thut ton hc nhm cung cp cc dch v bo v thng tin [44]. y l ngnh khoa hc quan trng, c nhiu ng dng trong i sng x hi.

Khoa hc mt m ra i t hng nghn nm. Tuy nhin, trong sut nhiu th k, cc kt qu ca lnh vc ny hu nh khng c ng dng trong cc lnh vc dn s thng thng ca i sng x hi m ch yu c s dng trong lnh vc qun s, chnh tr, ngoi giao... Ngy nay, cc ng dng m ha v bo mt thng tin ang c s dng ngy cng ph bin trong cc lnh vc khc nhau trn th gii, t cc lnh vc an ninh, qun s, quc phng, cho n cc lnh vc dn s nh thng mi in t, ngn hng Vi s pht trin ngy cng nhanh chng ca Internet v cc ng dng giao dch in t trn mng, nhu cu bo v thng tin trong cc h thng v ng dng in t ngy cng c quan tm v c ngha ht sc quan trng. Cc kt qu ca khoa hc mt m ngy cng c trin khai trong nhiu lnh vc khc nhau ca i sng x hi, trong phi k n rt nhiu nhng ng dng a dng trong lnh vc dn s, thng mi...Cc ng dng m ha thng tin c nhn, trao i thng tin kinh doanh, thc hin cc giao dch in t qua mng... tr nn gn gi v quen thuc vi mi ngi. Cng vi s pht trin ca khoa hc my tnh v Internet, cc nghin cu v ng dng ca mt m hc ngy cng tr nn a dng hn, m ra nhiu hng nghin cu chuyn su vo tng lnh vc ng dng c th vi nhng c trng ring. ng dng ca khoa hc mt m khng ch n thun l m ha v gii m thng tin m cn bao gm nhiu vn khc nhau cn c nghin cu v gii quyt, v d nh chng thc ngun gc

1

ni dung thng tin (k thut ch k in t), chng nhn tnh xc thc v ngi s hu m kha (chng nhn kha cng cng), cc quy trnh gip trao i thng tin v thc hin giao dch in t an ton trn mng... Cc ng dng ca mt m hc v khoa hc bo v thng tin rt a dng v phong ph; ty vo tnh c th ca mi h thng bo v thng tin m ng dng s c cc tnh nng vi c trng ring. Trong , chng ta c th k ra mt s tnh nng chnh ca h thng bo v thng tin: Tnh bo mt thng tin: h thng m bo thng tin c gi b mt. Thng tin c th b pht hin, v d nh trong qu trnh truyn nhn, nhng ngi tn cng khng th hiu c ni dung thng tin b nh cp ny. Tnh ton vn thng tin: h thng bo m tnh ton vn thng tin trong lin lc hoc gip pht hin rng thng tin b sa i. Xc thc cc i tc trong lin lc v xc thc ni dung thng tin trong lin lc. Chng li s thoi thc trch nhim: h thng m bo mt i tc bt k trong h thng khng th t chi trch nhim v hnh ng m mnh thc hin Nhng kt qu nghin cu v mt m cng c a vo trong cc h thng phc tp hn, kt hp vi nhng k thut khc p ng yu cu a dng ca cc h thng ng dng khc nhau trong thc t, v d nh h thng b phiu bu c qua mng, h thng o to t xa, h thng qun l an ninh ca cc n v vi hng tip cn sinh trc hc, h thng cung cp dch v a phng tin trn mng vi yu cu cung cp dch v v bo v bn quyn s hu tr tu i vi thng tin s...

2

Khi bin son tp sch ny, nhm tc gi chng ti mong mun gii thiu vi qu c gi nhng kin thc tng quan v m ha v ng dng, ng thi trnh by v phn tch mt s phng php m ha v quy trnh bo v thng tin an ton v hiu qu trong thc t.

Bn cnh cc phng php m ha kinh in ni ting c s dng rng ri trong nhiu thp nin qua nh DES, RSA, MD5, chng ti cng gii thiu vi bn c cc phng php mi, c an ton cao nh chun m ha AES, phng php ECC, chun hm bm mt m SHA224/256/384/512 Cc m hnh v quy trnh chng nhn kha cng cng cng c trnh by trong tp sch ny.

Ni dung ca sch gm 10 chng. Sau phn gii thiu tng quan v mt m hc v khi nim v h thng m ha chng 1, t chng 2 n chng 5, chng ta s i su vo tm hiu h thng m ha quy c, t cc khi nim c bn, cc phng php n gin, n cc phng php mi nh Rijndael v cc thut ton ng c vin AES. Ni dung ca chng 6 gii thiu h thng m ha kha cng cng v phng php RSA. Chng 7 s trnh by v khi nim ch k in t cng vi mt s phng php ph bin nh RSA, DSS, ElGamal. Cc kt qu nghin cu ng dng l thuyt ng cong elliptic trn trng hu hn vo mt m hc c trnh by trong chng 8. Chng 9 gii thiu v cc hm bm mt m hin ang c s dng ph bin nh MD5, SHS cng vi cc phng php mi c cng b trong thi gian gn y nh SHA-256/384/512. Trong chng 10, chng ta s tm hiu v h thng chng nhn kha cng cng, t cc m hnh n quy trnh trong thc t ca h thng chng nhn kha cng cng, cng vi mt v d v vic kt hp h thng m ha quy c, h thng m ha kha cng cng v chng nhn kha cng cng xy dng h thng th in t an ton.

3

Vi b cc v ni dung nu trn, chng ti hi vng cc kin thc trnh by trong tp sch ny s l ngun tham kho hu ch cho qu c gi quan tm n lnh vc m ha v ng dng.

Mc d c gng hon thnh sch vi tt c s n lc nhng chc chn chng ti vn cn nhng thiu st nht nh. Knh mong s cm thng v s gp ca qu c gi.

NHM TC GI: TS. Dng Anh c - ThS. Trn Minh Trit cng vi s ng gp ca cc sinh vin Khoa Cng ngh Thng tin, Trng i hc Khoa hc T nhin, i hc Quc gia thnh ph H Ch Minh. Vn c Phng Hng Nguyn Minh Huy Nguyn Ngc Tng Phan Th Minh c Lng V Minh

Thnh ph H Ch Minh, thng 01 nm 2005

4

Mc lcChng 1 Tng quan1.1 Mt m hc 1.2 H thng m ha (cryptosystem) 1.3 H thng m ha quy c (m ha i xng) 1.4 H thng m ha kha cng cng (m ha bt i xng) 1.5 Kt hp m ha quy c v m ha kha cng cng

1515 16 18 19 19

Chng 2 Mt s phng php m ha quy c2.1 H thng m ha quy c 2.2 Phng php m ha dch chuyn 2.3 Phng php m ha thay th 2.4 Phng php Affine 2.5 Phng php Vigenere 2.6 Phng php Hill 2.7 Phng php m ha hon v 2.8 Phng php m ha bng php nhn 2.8.1 Phng php m ha bng php nhn 2.8.2 X l s hc 2.9 Phng php DES (Data Encryption Standard) 2.9.1 Phng php DES 2.9.2 Nhn xt 2.10 Phng php chun m ha nng cao AES

2020 21 22 23 28 29 30 31 31 32 33 33 36 37

Chng 3 Phng php m ha Rijndael3.1 Gii thiu 3.2 Tham s, k hiu, thut ng v hm 3.3 Mt s khi nim ton hc

3939 40 42

5

3.4

3.5

3.6

3.7 3.8

3.3.1 Php cng 3.3.2 Php nhn 3.3.3 a thc vi h s trn GF(28) Phng php Rijndael 3.4.1 Quy trnh m ha 3.4.2 Kin trc ca thut ton Rijndael 3.4.3 Php bin i SubBytes 3.4.4 Php bin i ShiftRows 3.4.5 Php bin i MixColumns 3.4.6 Thao tc AddRoundKey Pht sinh kha ca mi chu k 3.5.1 Xy dng bng kha m rng 3.5.2 Xc nh kha ca chu k Quy trnh gii m 3.6.1 Php bin i InvShiftRows 3.6.2 Php bin i InvSubBytes 3.6.3 Php bin i InvMixColumns 3.6.4 Quy trnh gii m tng ng Cc vn ci t thut ton 3.7.1 Nhn xt Kt qu th nghim

43 43 46 49 50 52 53 55 56 58 59 59 61 62 63 64 66 67 69 72 73 74 74 75

3.9 Kt lun 3.9.1 Kh nng an ton 3.9.2 nh gi

Chng 4 Phng php Rijndael m rng4.1 Nhu cu m rng phng php m ha Rijndael 4.2 Phin bn m rng 256/384/512-bit 4.2.1 Quy trnh m ha 4.2.2 Pht sinh kha ca mi chu k 4.2.3 Quy trnh gii m 4.2.4 Quy trnh gii m tng ng 4.3 Phin bn m rng 512/768/1024-bit 4.4 Phn tch mt m vi phn v phn tch mt m tuyn tnh 4.4.1 Phn tch mt m vi phn 4.4.2 Phn tch mt m tuyn tnh

7777 78 79 86 88 93 94 95 95 96

6

4.4.3 Branch Number 4.4.4 S lan truyn mu 4.4.5 Trng s vt vi phn v vt tuyn tnh 4.5 Kho st tnh an ton i vi cc phng php tn cng khc 4.5.1 Tnh i xng v cc kha yu ca DES 4.5.2 Phng php tn cng Square 4.5.3 Phng php ni suy 4.5.4 Cc kha yu trong IDEA 4.5.5 Phng php tn cng kha lin quan 4.6 Kt qu th nghim 4.7 Kt lun

98 99 107 108 108 109 109 110 110 111 113

Chng 5 Cc thut ton ng c vin AES5.1 Phng php m ha MARS 5.1.1 Quy trnh m ha 5.1.2 Sbox 5.1.3 Khi to v phn b kha 5.1.4 Quy trnh m ha 5.1.5 Quy trnh gii m 5.2 Phng php m ha RC6 5.2.1 Khi to v phn b kha 5.2.2 Quy trnh m ha 5.2.3 Quy trnh gii m 5.3 Phng php m ha Serpent 5.3.1 Thut ton SERPENT 5.3.2 Khi to v phn b kha 5.3.3 Sbox 5.3.4 Quy trnh m ha 5.3.5 Quy trnh gii m 5.4 Phng php m ha TwoFish 5.4.1 Khi to v phn b kha 5.4.2 Quy trnh m ha 5.4.3 Quy trnh gii m 5.5 Kt lun

115115 116 117 118 123 135 137 138 139 143 144 144 144 147 148 153 154 154 163 169 169

7

Chng 6 Mt s h thng m ha kha cng cng6.1 H thng m ha kha cng cng 6.2 Phng php RSA 6.2.1 Phng php RSA 6.2.2 Mt s phng php tn cng gii thut RSA 6.2.3 S che du thng tin trong h thng RSA 6.2.4 Vn s nguyn t 6.2.5 Thut ton Miller-Rabin 6.2.6 X l s hc 6.3 M ha quy c v m ha kha cng cng

172172 174 174 175 182 183 184 186 186

Chng 7 Ch k in t7.1 Gii thiu 7.2 Phng php ch k in t RSA 7.3 Phng php ch k in t ElGamal 7.3.1 Bi ton logarit ri rc 7.3.2 Phng php ElGamal 7.4 Phng php Digital Signature Standard

191191 192 193 193 194 194

Chng 8 Phng php ECC

197

8.1 L thuyt ng cong elliptic 197 8.1.1 Cng thc Weierstrasse v ng cong elliptic 198 8.1.2 ng cong elliptic trn trng R2 199 8.1.3 ng cong elliptic trn trng hu hn 204 8.1.4 Bi ton logarit ri rc trn ng cong elliptic 212 8.1.5 p dng l thuyt ng cong elliptic vo m ha 213 8.2 M ha d liu 213 8.2.1 Thao tc m ha 214 8.2.2 Kt hp ECES vi thut ton Rijndael v cc thut ton m rng 215 8.2.3 Thao tc gii m 215 8.3 Trao i kha theo phng php Diffie - Hellman s dng l thuyt ng cong elliptic (ECDH) 216 8.3.1 M hnh trao i kha Diffie-Hellman 216 8.3.2 M hnh trao i kha Elliptic Curve Diffie - Hellman 217 8.4 Kt lun 218

8

Chng 9 Hm bm mt m

222

9.1 Gii thiu 222 9.1.1 t vn 222 9.1.2 Hm bm mt m 223 9.1.3 Cu trc ca hm bm 225 9.1.4 Tnh an ton ca hm bm i vi hin tng ng 226 9.1.5 Tnh mt chiu 226 9.2 Hm bm MD5 227 9.2.1 Gii thiu MD5 227 9.2.2 Nhn xt 231 9.3 Phng php Secure Hash Standard (SHS) 232 9.3.1 Nhn xt 235 9.4 H thng chun hm bm mt m SHA 236 9.4.1 tng ca cc thut ton hm bm SHA 236 9.4.2 Khung thut ton chung ca cc hm bm SHA 237 9.4.3 Nhn xt 240 9.5 Kin trc hm bm Davies-Mayer v ng dng ca thut ton Rijndael v cc phin bn m rng vo hm bm 241 9.5.1 Kin trc hm bm Davies-Mayer 241 9.5.2 Hm AES-Hash 242 9.5.3 Hm bm Davies-Mayer v AES-Hash 244 9.6 Xy dng cc hm bm s dng cc thut ton m rng da trn thut ton Rijndael 245

Chng 10 Chng nhn kha cng cng10.1 Gii thiu 10.2 Cc loi giy chng nhn kha cng cng 10.2.1 Chng nhn X.509 10.2.2 Chng nhn cht lng 10.2.3 Chng nhn PGP 10.2.4 Chng nhn thuc tnh 10.3 S chng nhn v kim tra ch k 10.4 Cc thnh phn ca mt c s h tng kha cng cng 10.4.1 T chc chng nhn Certificate Authority (CA) 10.4.2 T chc ng k chng nhn Registration Authority (RA)

246246 250 250 252 253 253 254 257 257 258

9

10.4.3 Kho lu tr chng nhn Certificate Repository (CR) 10.5 Chu trnh qun l giy chng nhn 10.5.1 Khi to 10.5.2 Yu cu v giy chng nhn 10.5.3 To li chng nhn 10.5.4 Hy b chng nhn 10.5.5 Lu tr v khi phc kha 10.6 Cc m hnh CA 10.6.1 M hnh tp trung 10.6.2 M hnh phn cp 10.6.3 M hnh Web of Trust 10.7 ng dng H thng bo v th in t 10.7.1 t vn 10.7.2 Quy trnh m ha th in t 10.7.3 Quy trnh gii m th in t 10.7.4 Nhn xt nh gi

259 259 259 259 262 262 264 264 264 265 266 268 268 269 270 271

Ph lc A Ph lc B Ph lc C Ph lc D Ph lc E

S-box ca thut ton MARS Cc hon v s dng trong thut ton Serpent S-box s dng trong thut ton Serpent S-box ca thut ton Rijndael Hng s v gi tr khi to ca SHA

272 275 276 277 279279 279 279 280 281

E.1 Hng s s dng trong SHA E.1.1 Hng s ca SHA-1 E.1.2 Hng s ca SHA-224 v SHA-256 E.1.3 Hng s ca SHA-384 v SHA-512 E.2 Gi tr khi to trong SHA

Ti liu tham kho

284

10

Danh sch hnhHnh 2.1. M hnh h thng m ha quy c Hnh 2.2. Biu din dy 64 bit x thnh 2 thnh phn L v R Hnh 2.3. Quy trnh pht sinh dy Li Ri t dy Li 1 Ri 1 v kha K i Hnh 3.1. Biu din dng ma trn ca trng thi (Nb = 6) v m kha (Nk = 4) Hnh 3.2. Mt chu k m ha ca phng php Rijndael (vi Nb = 4) Hnh 3.3. Thao tc SubBytes tc ng trn tng byte ca trng thi Hnh 3.4. Thao tc ShiftRows tc ng trn tng dng ca trng thi Hnh 3.5. Thao tc MixColumns tc ng ln mi ct ca trng thi Hnh 3.6. Thao tc AddRoundKey tc ng ln mi ct ca trng thi Hnh 3.7. Bng m kha m rng v cch xc nh m kha ca chu k (Nb = 6 v Nk = 4) Hnh 3.8. Thao tc InvShiftRows tc ng ln tng dng ca trng thi hin hnh Hnh 4.1. Kin trc mt chu k bin i ca thut ton Rijndael m rng 256/384/512-bit vi Nb = 4 Hnh 4.2. Bng m kha m rng v cch xc nh m kha ca chu k (vi Nb = 6 v Nk = 4) Hnh 4.3. S lan truyn mu hot ng qua tng php bin i trong thut ton m rng 256/384/512-bit ca phng php Rijndael vi Nb = 6 Hnh 4.4. S lan truyn mu hot ng (thut ton m rng 256/384/512-bit) Hnh 4.5. Minh ha nh l 4.1 vi Q = 2 (thut ton m rng 256/384/512-bit) 100 102 103 88 80 63 61 21 34 35 49 52 54 55 57 59

11

Hnh 4.6. Minh ha nh l 4.2 vi Wc (a1 ) = 1 (th-ton m rng 256/384/512bit) 105 Hnh 4.7. Minh ha nh l 4.3 (thut ton m rng 256/384/512-bit) Hnh 5.1. Quy trnh m ha MARS Hnh 5.2. Cu trc giai on Trn ti Hnh 5.3. H thng Feistel loi 3 Hnh 5.4. Hm E Hnh 5.5. Cu trc giai on Trn li Hnh 5.6. Cu trc m ha RC6 Hnh 5.7. Chu k th i ca quy trnh m ha RC6 Hnh 5.8. M hnh pht sinh kha Hnh 5.9. Cu trc m ha Hnh 5.10. Chu k th i (i = 0, , 30) ca quy trnh m ha Serpent Hnh 5.11. Cu trc gii m Hnh 5.12. Hm h Hnh 5.13. M hnh pht sinh cc Sbox ph thuc kha Hnh 5.14. M hnh pht sinh subkey Kj Hnh 5.15. Php hon v q Hnh 5.16. Cu trc m ha Hnh 5.17. Hm F (kha 128 bit) Hnh 5.18. So snh quy trnh m ha (a) v gii m (b) Hnh 6.1. M hnh h thng m ha vi kha cng cng Hnh 6.2. Quy trnh trao i kha b mt s dng kha cng cng Hnh 6.3. th so snh chi ph cng ph kha b mt v kha cng cng Hnh 8.1. Mt v d v ng cong elliptic 107 116 125 127 128 130 140 141 146 149 150 153 157 159 160 162 164 166 169 174 187 189 199

12

Hnh 8.2. im v cc Hnh 8.3. Php cng trn ng cong elliptic Hnh 8.4. Php nhn i trn ng cong elliptic Hnh 8.5: So snh mc bo mt gia ECC vi RSA / DSA Hnh 9.1. Khung thut ton chung cho cc hm bm SHA Hnh 10.1. Vn ch s hu kha cng cng Hnh 10.2. Cc thnh phn ca mt chng nhn kha cng cng Hnh 10.3. M hnh Certification Authority n gin Hnh 10.4. Phin bn 3 ca chun chng nhn X.509 Hnh 10.5. Phin bn 2 ca cu trc chng nhn thuc tnh Hnh 10.6. Qu trnh k chng nhn Hnh 10.7. Qu trnh kim tra chng nhn Hnh 10.8. M hnh PKI c bn Hnh 10.9. Mu yu cu chng nhn theo chun PKCS#10 Hnh 10.10. nh dng thng ip yu cu chng nhn theo RFC 2511 Hnh 10.11. Phin bn 2 ca nh dng danh sch chng nhn b hy Hnh 10.12. M hnh CA tp trung Hnh 10.13. M hnh CA phn cp Hnh 10.14. M hnh Web of trust Hnh 10.15. Quy trnh m ha th in t Hnh 10.16. Quy trnh gii m th in t

200 201 203 220 238 247 248 249 251 254 255 256 257 260 261 263 264 266 267 269 270

13

Danh sch bngBng 3.1. Gi tr di s shift(r, Nb) Bng 3.2. Tc x l ca phng php Rijndael Bng 4.1. nh hng ca cc php bin i ln mu hot ng Bng 4.2. Tc x l phin bn 256/384/512-bit trn my Pentium IV 2.4GHz Bng 4.3. Tc x l phin bn 512/768/1024-bit trn my Pentium IV 2.4 GHz Bng 4.4. Bng so snh tc x l ca phin bn 256/384/512-bit Bng 4.5. Bng so snh tc x l ca phin bn 512/768/1024-bit Bng 6.1. So snh an ton gia kha b mt v kha cng cng Bng 8.1. So snh s lng cc thao tc i vi cc php ton trn ng cong elliptic trong h ta Affine v h ta chiu Bng 8.2. So snh kch thc kha gia m ha quy c v m ha kha cng cng vi cng mc bo mt Bng 8.3. So snh kch thc kha RSA v ECC vi cng mc an ton Bng 9.1. Chu k bin i trong MD5 Bng 9.2. Cc tnh cht ca cc thut ton bm an ton Bng D.1. Bng thay th S-box cho gi tr {xy} dng thp lc phn. Bng D.2. Bng thay th nghch o cho gi tr {xy} dng thp lc phn. 218 219 230 241 277 278 211 112 112 112 188 55 73 101 111

14

Tng quan

Chng 1 Tng quan

Ni dung ca chng 1 gii thiu tng quan cc khi nim c bn v mt m hc v h thng m ha, ng thi gii thiu s lc v h thng m ha quy c v h thng m ha kha cng cng. 1.1 Mt m hc

Mt m hc l ngnh khoa hc ng dng ton hc vo vic bin i thng tin thnh mt dng khc vi mc ch che du ni dung, ngha thng tin cn m ha. y l mt ngnh quan trng v c nhiu ng dng trong i sng x hi. Ngy nay, cc ng dng m ha v bo mt thng tin ang c s dng ngy cng ph bin hn trong cc lnh vc khc nhau trn th gii, t cc lnh vc an ninh, qun s, quc phng, cho n cc lnh vc dn s nh thng mi in t, ngn hng Cng vi s pht trin ca khoa hc my tnh v Internet, cc nghin cu v ng dng ca khoa hc mt m ngy cng tr nn a dng hn, m ra nhiu hng nghin cu chuyn su vo tng lnh vc ng dng c th vi nhng c trng

15

Chng 1

ring. ng dng ca khoa hc mt m khng ch n thun l m ha v gii m thng tin m cn bao gm nhiu vn khc nhau cn c nghin cu v gii quyt: chng thc ngun gc ni dung thng tin (k thut ch k in t), chng nhn tnh xc thc v ngi s hu m kha (chng nhn kha cng cng), cc quy trnh gip trao i thng tin v thc hin giao dch in t an ton trn mng... Nhng kt qu nghin cu v mt m cng c a vo trong cc h thng phc tp hn, kt hp vi nhng k thut khc p ng yu cu a dng ca cc h thng ng dng khc nhau trong thc t, v d nh h thng b phiu bu c qua mng, h thng o to t xa, h thng qun l an ninh ca cc n v vi hng tip cn sinh trc hc, h thng cung cp dch v multimedia trn mng vi yu cu cung cp dch v v bo v bn quyn s hu tr tu i vi thng tin s...

1.2

H thng m ha (cryptosystem)

nh ngha 1.1: H thng m ha (cryptosystem) l mt b nm (P, C, K, E, D) tha mn cc iu kin sau: 1. 2. 3. 4. Tp ngun P l tp hu hn tt c cc mu tin ngun cn m ha c th c Tp ch C l tp hu hn tt c cc mu tin c th c sau khi m ha Tp kha K l tp hu hn cc kha c th c s dng E v D ln lt l tp lut m ha v gii m. Vi mi kha k K , tn ti lut m ha ek E v lut gii m d k D tng ng. Lut m ha ek : P C v lut gii m ek : C P l hai nh x tha mn

d k (ek ( x)) = x, x P

16

Tng quan

Tnh cht 4 l tnh cht chnh v quan trng ca mt h thng m ha. Tnh cht ny bo m mt mu tin x P c m ha bng lut m ha ek E c th c gii m chnh xc bng lut d k D . nh ngha 1.2: Z m c nh ngha l tp hp {0,1,..., m 1} , c trang b php cng (k hiu +) v php nhn (k hiu l ). Php cng v php nhn trong Z m c thc hin tng t nh trong Z , ngoi tr kt qu tnh theo modulo m. V d: Gi s ta cn tnh gi tr 11 13 trong Z16 . Trong Z , ta c kt qu ca php nhn 1113 = 143 . Do 143 15 (mod 16) nn

11 13 = 15 trong Z16 .Mt s tnh cht ca Z m 1. 2. 3. 4. 5. 6. 7. 8. Php cng ng trong Z m , a, b Z m , a + b Z m Tnh giao hon ca php cng trong Z m , a, b Z m , a + b = b + a Tnh kt hp ca php cng trong Z m , a, b, c Z m , ( a + b) + c = a + (b + c )

Z m c phn t trung ha l 0, a, b Z m , a + 0 = 0 + a = aMi phn t a trong Z m u c phn t i l m a Php nhn ng trong Z m , a, b Z m , a b Z m Tnh giao hon ca php nhn trong Z m , a, b Z m , a b = b a Tnh kt hp ca php nhn trong Z m , a, b, c Zm , (a b) c = a (b c )

17

Chng 1

9.

Z m c phn t n v l 1, a, b Z m , a 1 = 1 a = a a, b, c Z m ,

10. Tnh phn phi ca php nhn i vi php cng, ( a + b) c = a c + b c

Z m c cc tnh cht 1, 3 5 nn to thnh mt nhm. Do Z m c tnh cht 2 nnto thnh nhm Abel. Z m c cc tnh cht (1) (10) nn to thnh mt vnh.

1.3

H thng m ha quy c (m ha i xng)

Trong h thng m ha quy c, qu trnh m ha v gii m mt thng ip s dng cng mt m kha gi l kha b mt (secret key) hay kha i xng (symmetric key). Do , vn bo mt thng tin m ha hon ton ph thuc vo vic gi b mt ni dung ca m kha c s dng.

Vi tc v kh nng x l ngy cng c nng cao ca cc b vi x l hin nay, phng php m ha chun (Data Encryption Standard DES) tr nn khng an ton trong bo mt thng tin. Do , Vin Tiu chun v Cng ngh Quc gia Hoa K (National Institute of Standards and Technology NIST) quyt nh chn mt chun m ha mi vi an ton cao nhm phc v nhu cu bo mt thng tin lin lc ca chnh ph Hoa K cng nh trong cc ng dng dn s. Thut ton Rijndael do Vincent Rijmen v Joan Daeman c chnh thc chn tr thnh chun m ha nng cao (Advanced Encryption Standard AES) t 02 thng 10 nm 2000.

18

Tng quan

1.4

H thng m ha kha cng cng (m ha bt i xng)

Nu nh vn kh khn t ra i vi cc phng php m ha quy c chnh l bi ton trao i m kha th ngc li, cc phng php m ha kha cng cng gip cho vic trao i m kha tr nn d dng hn. Ni dung ca kha cng cng (public key) khng cn phi gi b mt nh i vi kha b mt trong cc phng php m ha quy c. S dng kha cng cng, chng ta c th thit lp mt quy trnh an ton truy i kha b mt c s dng trong h thng m ha quy c. Trong nhng nm gn y, cc phng php m ha kha cng cng, c bit l phng php RSA [45], c s dng ngy cng nhiu trong cc ng dng m ha trn th gii v c th xem nh y l phng php chun c s dng ph bin nht trn Internet, ng dng trong vic bo mt thng tin lin lc cng nh trong lnh vc thng mi in t.

1.5

Kt hp m ha quy c v m ha kha cng cng

Cc phng php m ha quy c c u im x l rt nhanh v kh nng bo mt cao so vi cc phng php m ha kha cng cng nhng li gp phi vn kh khn trong vic trao i m kha. Ngc li, cc phng php m ha kha cng cng tuy x l thng tin chm hn nhng li cho php ngi s dng trao i m kha d dng hn. Do , trong cc ng dng thc t, chng ta cn phi hp c u im ca mi phng php m ha xy dng h thng m ha v bo mt thng tin hiu qu v an ton.

19

Chng 2

Chng 2 Mt s phng php m ha quy c

Trong chng 1, chng ta tm hiu tng quan v mt m hc v h thng m ha. Ni dung ca chng 2 s gii thiu chi tit hn v h thng m ha quy c (hay cn gi l h thng m ha i xng). Mt s phng php m ha quy c kinh in nh phng php dch chuyn, phng php thay th cng vi cc phng php m ha theo khi c s dng ph bin trong nhng thp nin gn y nh DES, Tripple DES, AES cng c gii thiu trong chng ny. 2.1 H thng m ha quy c

H thng m ha quy c l h thng m ha trong quy trnh m ha v gii m u s dng chung mt kho - kha b mt. Vic bo mt thng tin ph thuc vo vic bo mt kha.

Trong h thng m ha quy c, thng ip ngun c m ha vi m kha k c thng nht trc gia ngi gi A v ngi nhn B. Ngi A s s dng

20

Mt s phng php m ha quy c

m kha k m ha thng ip x thnh thng ip y v gi y cho ngi B; ngi B s s dng m kha k gii m thng ip y ny. Vn an ton bo mt thng tin c m ha ph thuc vo vic gi b mt ni dung m kha k. Nu ngi C bit c m kha k th C c th m kha thng ip c m ha m ngi A gi cho ngi B. Kha b mt

Thng ip ngun

M ha

Thng ip m ha

Gii m

Thng ip gii m

Hnh 2.1. M hnh h thng m ha quy c

2.2

Phng php m ha dch chuyn

Phng php m ha dch chuyn l mt trong nhng phng php lu i nht c s dng m ha. Thng ip c m ha bng cch dch chuyn xoay vng tng k t i k v tr trong bng ch ci.

Trong trng hp c bit k = 3 , phng php m ha bng dch chuyn c gi l phng php m ha Caesar.

21

Chng 2

Thut ton 2.1. Phng php m ha dch chuyn Cho P = C = K = Z n Vi mi kha k K , nh ngha:

ek ( x) = ( x + k ) mod n v d k ( y) = ( y k ) mod n vi x, y Z n

E = {ek , k K } v D = {d k , k K }

M ha dch chuyn l mt phng php m ha n gin, thao tc x l m ha v gii m c thc hin nhanh chng. Tuy nhin, trn thc t, phng php ny c th d dng b ph v bng cch th mi kh nng kha k K . iu ny hon ton c th thc hin c do khng gian kha K ch c n phn t chn la.

V d: m ha mt thng ip c biu din bng cc ch ci t A n Z (26 ch ci), ta s dng P = C = K = Z 26 . Khi , thng ip c m ha s khng an ton v c th d dng b gii m bng cch th ln lt 26 gi tr kha k K . Tnh trung bnh, thng ip c m ha c th b gii m sau khong n / 2 ln th kha k K .

2.3

Phng php m ha thay th

Phng php m ha thay th (Substitution Cipher) l mt trong nhng phng php m ha ni ting v c s dng t hng trm nm nay. Phng php ny thc hin vic m ha thng ip bng cch hon v cc phn t trong bng ch ci hay tng qut hn l hon v cc phn t trong tp ngun P.

22


Thut ton 2.2. Phng php m ha bng thay th Cho P = C = Zn K l tp hp tt c cc hon v ca n phn t 0,1,..., n 1 . Nh vy, mi kha K l mt hon v ca n phn t 0,1,..., n 1 .

Vi mi kha K , nh ngha: e ( x) = ( x) v d ( y ) = -1 ( y ) vi x, y Z n E = {e , K } v D = { D , K }

y l mt phng php n gin, thao tc m ha v gii m c thc hin nhanh chng. Phng php ny khc phc im hn ch ca phng php m ha bng dch chuyn l c khng gian kha K nh nn d dng b gii m bng cch th nghim ln lt n gi tr kha k K . Trong phng php m ha thay th c khng gian kha K rt ln vi n! phn t nn khng th b gii m bng cch vt cn mi trng hp kha k. Tuy nhin, trn thc t thng ip c m ha bng phng php ny vn c th b gii m nu nh c th thit lp c bng tn s xut hin ca cc k t trong thng ip hay nm c mt s t, ng trong thng ip ngun ban u!

2.4

Phng php Affine

Nu nh phng php m ha bng dch chuyn l mt trng hp c bit ca phng php m ha bng thay th, trong ch s dng n gi tr kha k trong s n! phn t, th phng php Affine li l mt trng hp c bit khc ca m ha bng thay th.

23

Chng 2

Thut ton 2.3. Phng php Affine Cho P = C = Zn

K = {( a, b ) Z n Z n : gcd ( a, n ) = 1}Vi mi kha k = (a, b) K , nh ngha: ek ( x ) = ( ax + b) mod n v d k ( x) = (a 1 ( y b)) mod n vi x, y Z n E = {ek , k K } v D = { Dk , k K }

c th gii m chnh xc thng tin c m ha bng hm ek E th ek phi l mt song nh. Nh vy, vi mi gi tr y Z n , phng trnh ax + b y (mod n) phi c nghim duy nht x Z n .

Phng trnh ax + b y (mod n) tng ng vi ax ( y b)(mod n) . Vy, ta ch cn kho st phng trnh ax ( y b)(mod n) .

nh l 2.1: Phng trnh ax + b y (mod n) c nghim duy nht x Z n vi mi gi tr b Z n khi v ch khi a v n nguyn t cng nhau.

Vy, iu kin a v n nguyn t cng nhau bo m thng tin c m ha bng hm ek c th c gii m v gii m mt cch chnh xc.

Gi (n) l s lng phn t thuc Z n v nguyn t cng nhau vi n.

24


nh l 2.2: Nu n = 1 i m th (n ) =

piei =1i

m

i

vi pi l cc s nguyn t khc nhau v ei Z + ,

(piem i =1

piei 1 .

)

Trong phng php m ha Affine, ta c n kh nng chn gi tr b, (n) kh nng chn gi tr a. Vy, khng gian kha K c tt c n (n) phn t.

Vn t ra cho phng php m ha Affine l c th gii m c thng tin c m ha cn phi tnh gi tr phn t nghch o a 1 Z n . Thut ton Euclide m rng c th gii quyt trn vn vn ny [45].

Trc tin, cn kho st thut ton Euclide ( dng c bn) s dng trong vic tm c s chung ln nht ca hai s nguyn dng r0 v r1 vi r0 > r1 . Thut ton Euclide bao gm mt dy cc php chia: r0 = q1r1 + r2 , 0 < r2 < r1 r1 = q2 r2 + r3 , 0 < r3 < r2 rm 2 = qm 1rm 1 + rm , 0 < rm < rm 1 rm 1 = qm rm (2.1)

D dng nhn thy rng: gcd( r0 , r1 ) = gcd(r1 , r2 ) = ... = gcd(rm 1 , rm ) = rm . Nh vy, c s chung ln nht ca r0 v r1 l rm .

25

Chng 2

Xy dng dy s t0 , t1 ,..., tm theo cng thc truy hi sau: t0 = 0 t1 = 1 t j = (t j 2 q j 1t j 1 ) mod r0 vi j 2 (2.2)

nh l 2.3: Vi mi j, 0 j m , ta c rj t j r1 (mod r0 ) , vi q j v rj c xc nh theo thut ton Euclide v t j c xc nh theo cng thc truy hi nu trn.

nh l 2.4: Nu r0 v r1 nguyn t cng nhau (vi r0 > r1 ) th tm l phn t nghch o ca r1 trong Z r .0

gcd(r0 , r1 ) = 1 tm = r11 mod r0

(2.3)

Trong thut ton Euclide, dy s{t j } c th c tnh ng thi vi dy s {q j } v{rj } . Thut ton Euclide m rng di y c s dng xc nh phn t nghch o (nu c) ca mt s nguyn dng a (modulo n). Trong thut ton khng cn s dng n cu trc d liu mng lu gi tr ca dy s {t j } ,{q j } hay {rj } v ti mi thi im, ta ch cn quan tm n gi tr ca hai phn t cui cng ca mi dy ti thi im ang xt.

26


Thut ton 2.4. Thut ton Euclide m rng xc nh phn t nghch o ca a (modulo n) n0 = n a0 = a t0 = 0 t =1 n q= 0 a0 r = n0 qa0 while r > 0 do temp = t0 qt if temp 0 then temp = temp mod n end if if temp < 0 then temp = n ((temp ) mod n) end if t0 = t t = temp n0 = a0 a0 = r n q= 0 a0 r = n0 qa0 end while if a0 1 then a khng c phn t nghch o modulo n else a 1 = t mod n end if

27

Chng 2

2.5

Phng php Vigenere

Trong phng php m ha bng thay th cng nh cc trng hp c bit ca phng php ny (m ha bng dch chuyn, m ha Affine,), ng vi mt kha k c chn, mi phn t x P c nh x vo duy nht mt phn t y C . Ni cch khc, ng vi mi kha k K , mt song nh c thit lp t P vo C.

Khc vi hng tip cn ny, phng php Vigenere s dng mt t kha c di m. C th xem nh phng php m ha Vigenere Cipher bao gm m php m ha bng dch chuyn c p dng lun phin nhau theo chu k.

Khng gian kha K ca phng php Vigenere Cipher c s phn t l n m , ln hn hn phng php s lng phn t ca khng gian kha K trong phng php m ha bng dch chuyn. Do , vic tm ra m kha k gii m thng ip c m ha s kh khn hn i vi phng php m ha bng dch chuyn.

Thut ton 2.5. Phng php m ha Vigenere Chn s nguyn dng m. nh ngha P = C = K = (Z n )m K = (k0 , k1 ,..., kr 1 ) (Z n )r

{

}

Vi mi kha k = (k0 , k1 ,..., k r 1 ) K , nh ngha: ek ( x1 , x2 ,..., xm ) = (( x1 + k1 ) mod n, ( x2 + k2 ) mod n,..., ( xm + km ) mod n) d k ( y1 , y2 ,..., ym ) = (( y1 k1 ) mod n,( y2 k2 ) mod n,..., ( ym km ) mod n) vi x, y (Z n ) m .

28


2.6

Phng php Hill

Phng php Hill c Lester S. Hill cng b nm 1929: Cho s nguyn dng m, nh ngha P = C = (Z n ) m . Mi phn t x P l mt b m thnh phn, mi thnh phn thuc Z n . tng chnh ca phng php ny l s dng m t hp tuyn tnh ca m thnh phn trong mi phn t x P pht sinh ra m thnh phn to thnh phn t y C .

Thut ton 2.6. Phng php m ha Hill Chn s nguyn dng m. nh ngha: P = C = (Z n ) m v K l tp hp cc ma trn m m kh nghch k1,1 k 2,1 Vi mi kha k = k m,1 k1, 2 k1,m k 2,m K , nh ngha: k m ,m k1, 2 k1,m k 2, m vi x = ( x1 , x2 ,..., xm ) P k m ,m

k m,2

k1,1 k 2,1 ek (x ) = xk = ( x1 , x 2 ,..., x m ) k m,1 v d k ( y ) = yk 1 vi y C .

k m, 2

Mi php ton s hc u c thc hin trn Z n .

29

Chng 2

2.7

Phng php m ha hon v

Nhng phng php m ha nu trn u da trn tng chung: thay th mi k t trong thng ip ngun bng mt k t khc to thnh thng ip c m ha. tng chnh ca phng php m ha hon v (Permutation Cipher) l vn gi nguyn cc k t trong thng ip ngun m ch thay i v tr cc k t; ni cch khc thng ip ngun c m ha bng cch sp xp li cc k t trong .

Thut ton 2.7. Phng php m ha bng hon v Chn s nguyn dng m. nh ngha: P = C = (Z n ) m v K l tp hp cc hon v ca m phn t {1, 2,..., m} Vi mi kha K , nh ngha: e ( x1 , x2 ,..., xm ) = x (1) , x ( 2) ,..., x ( m) v d ( y1 , y2 ,..., ym ) = y1 (1) , y 1 ( 2) ,..., y1 ( m ) vi 1 hon v ngc ca

(

)

(

)

Phng php m ha bng hon v chnh l mt trng hp c bit ca phng php Hill. Vi mi hon v ca tp hp {1, 2, ..., m} , ta xc nh ma trn k = (ki , j ) theo cng thc sau:1, neu i = ( j ) ki , j = 0, trong trng hp ngc lai

(2.4)

30


Ma trn k l ma trn m mi dng v mi ct c ng mt phn t mang gi tr 1, cc phn t cn li trong ma trn u bng 0. Ma trn ny c th thu c bng cch hon v cc hng hay cc ct ca ma trn n v I m nn k l ma trn kh nghch. R rng, m ha bng phng php Hill vi ma trn k hon ton tng ng vi m ha bng phng php hon v vi hon v .

2.8 2.8.1

Phng php m ha bng php nhn Phng php m ha bng php nhn Thut ton 2.8. Phng php m ha bng php nhn

Cho P = C = (Z n ) m , K = {k Z n : gcd( k , n) = 1} Vi mi kha k Z n , nh ngha: ek ( x) = k x mod n v d k ( y ) = k 1 y mod n vi x, y Z n

Phng php m ha bng php nhn (Multiplicative Cipher) l mt phng php m ha n gin. Khng gian kha K c tt c (n) phn t. Tuy nhin, vic chn kha k = 1 K s khng c ngha trong vic m ha thng nn s lng phn t tht s c s dng trong K l (n) 1 .

Vn c t ra y l an ton ca phng php ny ph thuc vo s lng phn t trong tp kha K. Nu gi tr (n) 1 khng ln th thng tin c m ha c th b gii m bng cch th ton b cc kha k K . nng

31

Chng 2

cao an ton ca phng php ny, gi tr n c s dng phi c (n) ln hay chnh gi tr n phi ln. Khi , mt vn mi c t ra l lm th no thc hin c mt cch nhanh chng cc php ton trn s nguyn ln.

2.8.2

X l s hc

Trong phng php m ha ny, nhu cu tnh gi tr ca biu thc z = (a b) mod n c t ra trong c thao tc m ha v gii m. Nu thc hin vic tnh gi tr theo cch thng thng th r rng l khng hiu qu do thi gian x l qu ln. S dng thut ton php nhn n , ta c th c s dng tnh gi tr biu thc z = (a b) mod n mt cch nhanh chng v hiu qu.

Thut ton 2.9. Thut ton php nhn n tnh gi tr z = (a b) mod n z=0 a = a mod n b = b mod n Biu din b di dng nh phn bl 1 , bl 2 ,..., b2 , b1 , bi {0,1} , 0 i < lfor i = 0 to l 1 if bi = 1 then

z = ( z + a ) mod nend if

a = (2a) mod nend for

z = ( z + a ) mod n

32


2.9 2.9.1

Phng php DES (Data Encryption Standard) Phng php DES

Khong nhng nm 1970, tin s Horst Feistel t nn mng u tin cho chun m ha d liu DES vi phng php m ha Feistel Cipher. Vo nm 1976 C quan Bo mt Quc gia Hoa K (NSA) cng nhn DES da trn phng php Feistel l chun m ha d liu [25]. Kch thc kha ca DES ban u l 128 bit nhng ti bn cng b FIPS kch thc kha c rt xung cn 56 bit.

Trong phng php DES, kch thc khi l 64 bit. DES thc hin m ha d liu qua 16 vng lp m ha, mi vng s dng mt kha chu k 48 bit c to ra t kha ban u c di 56 bit. DES s dng 8 bng hng s S-box thao tc.

Qu trnh m ha ca DES c th c tm tt nh sau: Biu din thng ip ngun x P bng dy 64bit. Kha k c 56 bit. Thc hin m ha theo ba giai on: 1. To dy 64 bit x0 bng cch hon v x theo hon v IP (Initial Permutation). Biu din x0 = IP ( x) = L0 R0 , L0 gm 32 bit bn tri ca x0, R0 gm 32 bit bn phi ca x0.

33

Chng 2

L0 x0

R0

Hnh 2.2. Biu din dy 64 bit x thnh 2 thnh phn L v R 2. Thc hin 16 vng lp t 64 bit thu c v 56 bit ca kho k (ch s dng 48 bit ca kho k trong mi vng lp). 64 bit kt qu thu c qua mi vng lp s l u vo cho vng lp sau. Cc cp t 32 bit Li, Ri (vi 1 i 16 ) c xc nh theo quy tc sau: Li = Ri 1 Ri = Li 1 f ( Ri 1 , K i ) (2.5)

vi biu din php ton XOR trn hai dy bit, K1, K2, ..., K16 l cc dy 48 bit pht sinh t kha K cho trc (Trn thc t, mi kha Ki c pht sinh bng cch hon v cc bit trong kha K cho trc). 3. p dng hon v ngc IP 1 i vi dy bit R16 L16 , thu c t y gm 64 bit. Nh vy, y = IP 1 ( R16 L16 ) .

Hm f c s dng bc 2 l hm c gm hai tham s: Tham s th nht A l mt dy 32 bit, tham s th hai J l mt dy 48 bit. Kt qu ca hm f l mt dy 32 bit. Cc bc x l ca hm f ( A, J ) nh sau: Tham s th nht A (32 bit) c m rng thnh dy 48 bit bng hm m rng E. Kt qu ca hm E ( A) l mt dy 48 bit c pht sinh t A bng cch hon v

34


theo mt th t nht nh 32 bit ca A, trong c 16 bit ca A c lp li hai ln trong E ( A) .

Li-1

Ri-1

f

Ki

Li

Ri

Hnh 2.3. Quy trnh pht sinh dy Li Ri t dy Li 1 Ri 1 v kha K i Thc hin php ton XOR cho hai dy 48 bit E ( A) v J, ta thu c mt dy 48 bit B. Biu din B thnh tng nhm 6 bit nh sau: B = B1 B2 B3 B4 B5 B6 B7 B8 . S dng tm ma trn S1 , S 2 ,..., S8 , mi ma trn Si c kch thc 4 16 v mi dng ca ma trn nhn 16 gi tr t 0 n 15. Xt dy gm 6 bit B j = b1b2 b3b4 b5 b6 , S j ( B j ) c xc nh bng gi tr ca phn t ti dng r ct c ca Sj, trong , ch s dng r c biu din nh phn l b1b6 , ch s ct c c biu din nh phn l b2 b3b4 b5 . Bng cch ny, ta xc nh c cc dy 4 bit C j = S j (Bj ) , 1 j 8 .

35

Chng 2

Tp

hp

cc

dy

4

bit

Cj

li,

ta

c

c

dy

32

bit

C = C1C2 C3C4 C5C6C7 C8 . Dy 32 bit thu c bng cch hon v C theo mt quy lut P nht nh chnh l kt qu ca hm F ( A, J ) .

Qu trnh gii m chnh l thc hin theo th t o ngc cc thao tc ca qu trnh m ha.

2.9.2

Nhn xt

Do tc tnh ton ca my tnh ngy cng tng cao v DES c s quan tm ch ca cc nh khoa hc ln nhng ngi ph m (cryptanalyst) nn DES nhanh chng tr nn khng an ton. Nm 1997, mt d n tin hnh b kha DES cha n 3 ngy vi chi ph thp hn 250.000 dollars. V vo nm 1999, mt mng my tnh gm 100.000 my c th gii m mt th tn m ha DES cha y 24 gi.

Trong qu trnh tm kim cc thut ton mi an ton hn DES, Tripple DES ra i nh mt bin th ca DES. Tripple DES thc hin ba ln thut ton DES vi 3 kho khc nhau v vi trnh t khc nhau. Trnh t thc hin ph bin l EDE (Encrypt Decrypt Encrypt), thc hin xen k m ha vi gii m (lu l kha trong tng giai on thc hin khc nhau).

36


2.10 Phng php chun m ha nng cao AES tm kim mt phng php m ha quy c mi vi an ton cao hn DES, NIST cng b mt chun m ha mi, thay th cho chun DES. Thut ton i din cho chun m ha nng cao AES (Advanced Encryption Standard) s l thut ton m ha kha quy c, s dng min ph trn ton th gii. Chun AES bao gm cc yu cu sau [23]: o o o o o o o o o Thut ton m ha theo khi 128 bit. Chiu di kha 128 bit, 192 bit v 256 bit. Khng c kha yu. Hiu qu trn h thng Intel Pentium Pro v trn cc nn phn cng v phn mm khc. Thit k d dng (h tr chiu di kha linh hot, c th trin khai ng dng rng ri trn cc nn v cc ng dng khc nhau). Thit k n gin: phn tch nh gi v ci t d dng. Chp nhn bt k chiu di kha ln n 256 bit. M ha d liu thp hn 500 chu k ng h cho mi khi trn Intel Pentium, Pentium Pro v Pentium II i vi phin bn ti u ca thut ton. C kh nng thit lp kha 128 bit (cho tc m ha ti u) nh hn thi gian i hi m ha cc khi 32 bit trn Pentium, Pentium Pro v Pentium II. o o o o Khng cha bt k php ton no lm n gim kh nng trn cc b vi x l 8 bit, 16 bit, 32 bit v 64 bit. Khng bao hm bt k phn t no lm n gim kh nng ca phn cng. Thi gian m ha d liu rt thp di 10/1000 giy trn b vi x l 8 bit. C th thc hin trn b vi x l 8 bit vi 64 byte b nh RAM.

37

Chng 2

Sau khi thc hin hai ln tuyn chn, c nm thut ton c vo vng chung kt, gm c: MARS, RC6, SERPENT, TWOFISH v RIJNDAEL. Cc thut ton ny u t cc yu cu ca AES nn c gi chung l cc thut ton ng vin AES. Cc thut ton ng vin AES c an ton cao, chi ph thc hin thp. Chi tit v cc thut ton ny c trnh by trong Chng 3 - Phng php m ha Rijndael v Chng 5 - Cc thut ton ng c vin AES.

38

Phng php m ha Rijndael

Chng 3 Phng php m ha Rijndael

Ni dung ca chng 3 trnh by chi tit v phng php m ha Rijndael ca hai tc gi Vincent Rijmen v Joan Daeman. y l gii thut c Vin Tiu chun v Cng ngh Hoa K (NIST) chnh thc chn lm chun m ha nng cao (AES) t ngy 02 thng 10 nm 2000. 3.1 Gii thiu

Vi tc v kh nng x l ngy cng c nng cao ca cc b vi x l hin nay, phng php m ha chun (Data Encryption Standard DES) tr nn khng an ton trong bo mt thng tin. Do , Vin Tiu chun v Cng ngh Hoa K (National Institute of Standards and Technology NIST) quyt nh chn mt chun m ha mi vi an ton cao nhm phc v nhu cu bo mt thng tin lin lc ca Chnh ph Hoa K cng nh trong cc ng dng dn s. Thut ton Rijndael do Vincent Rijmen v Joan Daeman c chnh thc chn tr thnh chun m ha nng cao AES (Advanced Encryption Standard) t ngy 02 thng 10 nm 2000.

39

Chng 3

Phng php m ha Rijndael l phng php m ha theo khi (block cipher) c kch thc khi v m kha thay i linh hot vi cc gi tr 128, 192 hay 256 bit. Phng php ny thch hp ng dng trn nhiu h thng khc nhau t cc th thng minh cho n cc my tnh c nhn.

3.2

Tham s, k hiu, thut ng v hm Php bin i s dng trong m ha v gii m, thc hin vic cng m kha ca chu k vo trng thi hin hnh. di ca m kha ca chu k bng vi kch thc ca trng thi.

AddRoundKey

SubBytes

Php bin i s dng trong m ha, thc hnh vic thay th phi tuyn tng byte trong trng thi hin hnh thng qua bng thay th (S-box).

InvSubBytes

Php bin i s dng trong gii m. y l php bin i ngc ca php bin i SubBytes.

MixColumns

Php bin i s dng trong m ha, thc hin thao tc trn thng tin ca tng ct trong trng thi hin hnh. Mi ct c x l c lp.

InvMixColumns

Php bin i s dng trong gii m. y l php bin i ngc ca php bin i MixColumns.

40


ShiftRows

Php bin i s dng trong m ha, thc hin vic dch chuyn xoay vng tng dng ca trng thi hin hnh vi di s tng ng khc nhau

InvShiftRows

Php bin i s dng trong gii m. y l php bin i ngc ca php bin i ShiftRows.

Nw

S lng byte trong mt n v d liu t. Trong thut ton Rijndael, thut ton m rng 256/384/512 bit v thut ton m rng 512/768/1024 bit, gi tr Nw ln lt l 4, 8 v 16

K

Kha chnh.

Nb

S lng ct (s lng cc t 8Nw bit) trong trng thi. Gi tr Nb = 4, 6, hay 8. Chun AES gii hn li gi tr ca Nb = 4.

Nk

S lng cc t (8Nw bit) trong kha chnh. Gi tr Nk = 4, 6, hay 8.

Nr

S lng chu k, ph thuc vo gi tr Nk and Nb theo cng thc: Nr = max (Nb, Nk)+6.

41

Chng 3

RotWord

Hm c s dng trong qu trnh m rng m kha, thc hin thao tc dch chuyn xoay vng Nw byte thnh phn ca mt t.

SubWord

Hm c s dng trong qu trnh m rng m kha. Nhn vo mt t (Nw byte), p dng php thay th da vo S-box i vi tng byte thnh phn v tr v t gm Nw byte thnh phn c thay th.

XOR

Php ton Exclusive-OR.

Php ton Exclusive-OR.

Php nhn hai a thc (mi a thc c bc < Nw) modulo cho a thc xNw + 1.

Php nhn trn trng hu hn.

3.3

Mt s khi nim ton hc

n v thng tin c x l trong thut ton Rijndael l byte. Mi byte xem nh mt phn t ca trng Galois GF(28) c trang b php cng (k hiu ) v php nhn (k hiu ). Mi byte c th c biu din bng nhiu cch khc

42


nhau: dng nh phn ({b7b6b5b4b3b2b1b0}), dng thp lc phn ({h1h0}) hay dng a thc c cc h s nh phn

bi x ii=0

7

3.3.1

Php cng

Php cng hai phn t trn GF(28) c thc hin bng cch cng (thc cht l php ton XOR, k hiu ) cc h s ca cc n thc ng dng ca hai a thc tng ng vi hai ton hng ang xt. Nh vy, php cng v php tr hai phn t bt k trn GF(28) l hon ton tng ng nhau. Nu biu din li cc phn t thuc GF(28) di hnh thc nh phn th php cng gia {a7a6a5a4a3a2a1a0} vi {b7b6b5b4b3b2b1b0} l {c7c6c5c4c3c2c1c0} vi ci = ai b j , 0 i 7.

3.3.2

Php nhn

Khi xt trong biu din a thc, php nhn trn GF(28) (k hiu ) tng ng vi php nhn thng thng ca hai a thc em chia ly d (modulo) cho mt a thc ti gin (irreducible polynomial) bc 8. a thc c gi l ti gin khi v ch khi a thc ny ch chia ht cho 1 v chnh mnh. Trong thut ton Rijndael, a thc ti gin c chn l m( x) = x8 + x 4 + x3 + x + 1 (3.1)

hay 1{1b} trong biu din dng thp lc phn.

43

Chng 3

Kt qu nhn c l mt a thc bc nh hn 8 nn c th c biu din di dng 1 byte. Php nhn trn GF(28) khng th c biu din bng mt php ton n gin mc byte.

Php nhn c nh ngha trn y c tnh kt hp, tnh phn phi i vi php cng v c phn t n v l {01}.Vi mi a thc b(x) c h s nh phn vi bc nh hn 8 tn ti phn t nghch o ca b(x), k hiu b-1(x) (c thc hin bng cch s dng thut ton Euclide m rng [45]).

Nhn xt: Tp hp 256 gi tr t 0 n 255 c trang b php ton cng (c nh ngha l php ton XOR) v php nhn nh ngha nh trn to thnh trng hu hn GF(28).

3.3.2.1

Php nhn vi x

Php nhn (thng thng) a thc b(x ) = b7 x 7 + b6 x 6 + b5 x 5 + b4 x 4 + b3 x 3 + b2 x 2 + b1 x + b0 = vi a thc x cho kt qu l a thcb7 x 8 + b6 x 7 + b5 x 6 + b4 x 5 + b3 x 4 + b2 x 3 + b1 x 2 + b0 x

bi x ii =0

7

(3.2)

(3.3)

Kt qu x b( x) c xc nh bng cch modulo kt qu ny cho a thc m(x). 1. Trng hp b7 = 0 (3.4)

x b(x ) = b6 x 7 + b5 x 6 + b4 x 5 + b3 x 4 + b2 x 3 + b1 x 2 + b0 x

44


2.

Trng hp b7 = 1

x b(x ) = b7 x 8 + b6 x 7 + b5 x 6 + b4 x 5 + b3 x 4 + b2 x 3 + b1 x 2 + b0 x mod m( x )7 8

( = (b x

+ b6 x + b5 x + b 4 x + b3 x + b 2 x + b1 x

7

6

5

4

3

2

) + b x ) m( x )0

(3.5)

Nh vy, php nhn vi a thc x (hay phn t {00000010} GF(28)) c th c thc hin mc byte bng mt php shift tri v sau thc hin tip php ton XOR vi gi tr {1b}nu b7 = 1 .Thao tc ny c k hiu lxtime(). Php nhn vi cc ly tha ca x c th c thc hin bng cch p

dng nhiu ln thao tc xtime(). Kt qu ca php nhn vi mt gi tr bt k c xc nh bng cch cng ( ) cc kt qu trung gian ny li vi nhau. Khi , vic thc hin php nhn gia hai phn t a, b bt k thuc GF(28) c th c tin hnh theo cc bc sau: 1. 2. Phn tch mt phn t (gi s l a) ra thnh tng ca cc ly tha ca 2. Tnh tng cc kt qu trung gian ca php nhn gia phn t cn li (l b) vi cc thnh phn l ly tha ca 2 c phn tch t a.

V d:{57} {13} {57} {02} {57} {04} {57} {08} {57} {10} = = = = = {fe} v xtime({57}) = {ae} xtime({ae}) = {47} xtime({47}) = {8e} xtime({8e}) = {07},

45

Chng 3

Nh vy:{57} {13} = = = {57} ({01} {02} {10}) {57} {ae} {07} {fe}

3.3.3

a thc vi h s trn GF(28)

Xt a thc a(x) v b(x) bc 4 vi cc h s thuc GF(28): a ( x) =

ai x ii =0

3

v b(x ) =

bi x ii =0

3

(3.6)

Hai a thc ny c th c biu din li di dng t gm 4 byte [a0 , a1 , a2 , a3 ] v [b0 , b1 , b2 , b3 ]. Php cng a thc c thc hin bng cch cng (chnh l php ton XOR trn byte) cc h s ca cc n thc ng dng vi nhau: a ( x ) + b( x ) =

(ai bi ) x ii =0

3

(3.7)

Php nhn gia a(x) vi b(x) c thc hin thng qua hai bc. Trc tin, thc hin php nhn thng thng c(x ) = a (x )b( x ) . c( x) = c6 x 6 + c5 x 5 + c 4 x 4 + c3 x 3 + c 2 x 2 + c1 x + c0 vi c0 = a 0 b0 c1 = a1 b0 a 0 b1 c 2 = a 2 b0 a1 b1 a 0 b2 c3 = a3 b0 a 2 b1 a1 b2 a 0 b3 . c4 = a3 b1 a 2 b2 a1 b3 c5 = a3 b2 a 2 b3 c6 = a3 b3 (3.9) (3.8)

46


R rng l c(x) khng th c biu din bng mt t gm 4 byte. a thc c(x) c th c a v mt a thc c bc nh hn 4 bng cch ly c(x) modulo cho mt a thc bc 4. Trong thut ton Rijndael, a thc bc 4 c chn l M ( x) = x 4 + 1 . Do x j mod x 4 + 1 = x j mod 4 nn kt qu d(x) = a(x) b(x) c xc nh bng d ( x ) = d 3 x 3 + d 2 x 2 + d1 x + d 0 vi d 0 = a 0 b0 a3 b1 a 2 b2 a1 b3 d1 = a1 b0 a 0 b1 a3 b2 a 2 b3 d 2 = a 2 b0 a1 b1 a 0 b2 a3 b3 d 3 = a3 b0 a 2 b1 a1 b2 a0 b3 (3.11) (3.10)

(

)

Trong trng hp a thc a(x) c nh, php nhn d(x) = a(x) b(x) c th c biu din di dng ma trn nh sau d 0 a0 d a 1 = 1 d 2 a2 d 3 a3 a3 a0 a1 a2 a2 a3 a0 a1 a1 b0 a 2 b1 a3 b2 a 0 b3

(3.12)

Do x 4 + 1 khng phi l mt a thc ti gin trn GF(28) nn php nhn vi mt a thc a(x) c nh c chn bt k khng m bo tnh kh nghch. V vy, trong phng php Rijndael chn a thc a(x) c phn t nghch o (modulo M(x)) a(x) = {03}x3 + {01}x2 + {01}x + {02} a-1(x) = {0b}x3 + {0d}x2 + {09}x + {0e} (3.13) (3.14)

47

Chng 3

3.3.3.1

Php nhn vi x

Xt a thc b(x ) = b3 x 3 + b2 x 2 + b1 x + b0 (3.15)

Kt qu ca php nhn c(x) = b(x) x c xc nh bng c(x ) = b2 x 3 + b1 x 2 + b0 x + b3 (3.16)

Php nhn vi x tng ng vi php nhn dng ma trn nh trnh by phn trn vi cc gi tr a0 = a2 = a3 = {00} v a1 = {01}. c0 00 c 1 = 01 c 2 00 c3 00 00 00 01 b0 00 00 00 b1 01 00 00 b2 00 01 00 b3

(3.17)

Nh vy, php nhn vi x hay cc ly tha ca x s tng ng vi php dch chuyn xoay vng cc byte thnh phn trong mt t.

Trong thut ton Rijndael cn s dng n a thc x3 (a0 = a1 = a2 = {00} v a3 = {01})trong hm RotWord nhm xoay vng 4 byte thnh phn ca mt t c a vo. Nh vy, nu a vo t gm 4 byte [b0, b1, b2, b3] th kt qu nhn c l t gm 4 byte [b1, b2, b3, b0].

48


3.4

Phng php Rijndael

Phng php m ha Rijndael bao gm nhiu bc bin i c thc hin tun t, kt qu u ra ca bc bin i trc l u vo ca bc bin i tip theo. Kt qu trung gian gia cc bc bin i c gi l trng thi (state).

Mt trng thi c th c biu din di dng mt ma trn gm 4 dng v Nb ct vi Nb bng vi di ca khi chia cho 32. M kha chnh (Cipher Key) cng c biu din di dng mt ma trn gm 4 dng v Nk ct vi Nk bng vi di ca kha chia cho 32. Trong mt s tnh hung, ma trn biu din mt trng thi hay m kha c th c kho st nh mng mt chiu cha cc phn t c di 4 byte, mi phn t tng ng vi mt ct ca ma trn.

S lng chu k, k hiu l Nr, ph thuc vo gi tr ca Nb v Nk theo cng thc: Nr = max{Nb, Nk } + 6

a 0,0 a 0,1 a0,2 a0,3 a0,4 a0,5 a 1,0 a 1,1 a1,2 a1,3 a1,4 a1,5 a 2,0 a 2,1 a2,2 a2,3 a2,4 a2,5 a 3,0 a 3,1 a3,2 a3,3 a3,4 a3,5

k0,0 k0,1 k0,2 k0,3 k1,0 k1,1 k1,2 k1,3 k2,0 k2,1 k2,2 k2,3 k3,0 k3,1 k3,2 k3,3

Hnh 3.1. Biu din dng ma trn ca trng thi (Nb = 6) v m kha (Nk = 4)

49

Chng 3

3.4.1

Quy trnh m ha

Quy trnh m ha Rijndael s dng bn php bin i chnh: 1. AddRoundKey: cng () m kha ca chu k vo trng thi hin hnh. di ca m kha ca chu k bng vi kch thc ca trng thi. 2. SubBytes: thay th phi tuyn mi byte trong trng thi hin hnh thng qua bng thay th (S-box). 3. MixColumns: trn thng tin ca tng ct trong trng thi hin hnh. Mi ct c x l c lp. 4. ShiftRows: dch chuyn xoay vng tng dng ca trng thi hin hnh vi di s khc nhau.

Mi php bin i thao tc trn trng thi hin hnh S. Kt qu S ca mi php bin i s tr thnh u vo ca php bin i k tip trong quy trnh m ha.

Trc tin, ton b d liu u vo c chp vo mng trng thi hin hnh. Sau khi thc hin thao tc cng m kha u tin, mng trng thi s c tri qua Nr = 10, 12 hay 14 chu k bin i (ty thuc vo di ca m kha chnh cng nh di ca khi c x l). Nr 1 chu k u tin l cc chu k bin i bnh thng v hon ton tng t nhau, ring chu k bin i cui cng c s khc bit so vi Nr 1 chu k trc . Cui cng, ni dung ca mng trng thi s c chp li vo mng cha d liu u ra.

Quy trnh m ha Rijndael c tm tt li nh sau:

50


1. Thc hin thao tc AddRoundKey u tin trc khi thc hin cc chu k

m ha. 2. Nr 1 chu k m ha bnh thng: mi chu k bao gm bn bc bin i lin tip nhau: SubBytes, ShiftRows, MixColumns, v AddRoundKey. 3. Thc hin chu k m ha cui cng: trong chu k ny thao tc MixColumns c b qua. Trong thut ton di y, mng w[] cha bng m kha m rng; mng in[] v out[] ln lt cha d liu vo v kt qu ra ca thut ton m ha.Cipher( byte in[4 * Nb], byte out[4 * Nb], word w[Nb * (Nr + 1)]) begin byte state[4,Nb] in // Xem phn 3.4.6 // Xem phn 3.4.2 // Xem phn 3.4.4 // Xem phn 3.4.5 state =

AddRoundKey(state, w) for round = 1 to Nr 1 SubBytes(state) ShiftRows(state) MixColumns(state) end for SubBytes(state) ShiftRows(state) AddRoundKey(state, w + Nr * Nb) out = state end

AddRoundKey(state, w + round * Nb)

51

Chng 3

3.4.2

Kin trc ca thut ton Rijndael

Thut ton Rijndael c xy dng theo kin trc SPN s dng 16 s-box (kch thc 8 8) thay th. Trong ton b quy trnh m ha, thut ton s dng chung bng thay th s-box c nh. Php bin i tuyn tnh bao gm 2 bc: hon v byte v p dng song song bn khi bin i tuyn tnh (32 bit) c kh nng khuch tn cao. Hnh 3.2 th hin mt chu k m ha ca phng php Rijndael.

Trn thc t, trong mi chu k m ha, kha ca chu k c cng (XOR) sau thao tc bin i tuyn tnh. Do chng ta c thc hin thao tc cng kha trc khi thc hin chu k u tin nn c th xem thut ton Rijndael tha cu trc SPN [29].

Hnh 3.2. Mt chu k m ha ca phng php Rijndael (vi Nb = 4)

52


3.4.3

Php bin i SubBytes

Thao tc bin i SubBytes l php thay th cc byte phi tuyn v tc ng mt cch c lp ln tng byte trong trng thi hin hnh. Bng thay th (S-box) c tnh kh nghch v qu trnh thay th 1 byte x da vo S-box bao gm hai bc: 1. 2. Xc nh phn t nghch o x-1 GF(28). Quy c {00}-1 = {00}. p dng php bin i affine (trn GF(2)) i vi x-1 (gi s x-1 c biu din nh phn l {x7 x6 x5 x4 x3 x2 x1 x0 } ): y 0 1 0 0 0 y 1 1 1 0 0 y 2 1 1 1 0 y 3 = 1 1 1 1 y 4 1 1 1 1 y 5 0 1 1 1 y 0 0 1 1 6 y 7 0 0 0 1 1 1 1 1 x 0 1 0 1 1 1 x1 1 0 0 1 1 x 2 0 0 0 0 1 x 3 0 + 1 0 0 0 x 4 0 1 1 0 0 x5 1 1 1 1 0 x 6 1 1 1 1 1 x 7 0

(3.18)

hayyi = xi x(i +4) mod 8 x(i +5) mod 8 x(i +6) mod 8 x (i +7) mod 8 ci

(3.19)

vi ci l bit th i ca {63}, 0 i 7.

53

Chng 3

Hnh 3.3. Thao tc SubBytes tc ng trn tng byte ca trng thi

Bng D.1 th hin bng thay th S-box c s dng trong php bin i SubBytes dng thp lc phn.

V d: nu gi tr {xy} cn thay th l {53} th gi tr thay th S-box ({xy}) c xc nh bng cch ly gi tr ti dng 5 ct 3 ca Bng D.1. Nh vy, S-box ({xy}) = {ed}. Php bin i SubBytes c th hin di dng m gi:SubBytes(byte state[4,Nb]) begin for r = 0 to 3 for c = 0 to Nb - 1 state[r,c] = Sbox[state[r,c]] end for end for end

54


3.4.4

Php bin i ShiftRows

Hnh 3.4. Thao tc ShiftRows tc ng trn tng dng ca trng thi

Trong thao tc bin i ShiftRows, mi dng ca trng thi hin hnh c dch chuyn xoay vng i mt s v tr.

Byte S r , c ti dng r ct c s dch chuyn n ct (c - shift(r, Nb)) mod Nb hay:

sr' ,c = sr ,(c + shift (r , Nb ))mod Nbliu.

vi 0 < r < 8 v 0 c < Nb

(3.20)

Gi tr di s shift(r, Nb) ph thuc vo ch s dng r v kch thc Nb ca khi d

Bng 3.1. Gi tr di s shift(r, Nb) shift(r, Nb) Nb 4 6 8 1 1 1 1 r 2 2 2 3 3 3 3 4

55

Chng 3

Php bin i ShiftRows c th hin di dng m gi:ShiftRows(byte state[4,Nb]) begin byte t[Nb] for r = 1 to 3 for c = 0 to Nb - 1 t[c] = state[r, (c + h[r,Nb]) mod Nb] end for for c = 0 to Nb 1 state[r,c] = t[c] end for end for end

3.4.5

Php bin i MixColumns

Trong thao tc bin i MixColumns, mi ct ca trng thi hin hnh c biu din di dng a thc s(x) c cc h s trn GF(28). Thc hin php nhn s ' (x ) = a (x ) s(x ) vi a(x) = {03}x3 + {01}x2 + {01}x + {02} (3.22) (3.21)

Thao tc ny c th hin dng ma trn nh sau:' s 0,c 02 ' s1,c = 01 s ' 01 2 ,c ' s3,c 03

03 01 01 s0,c 02 03 01 s1,c 01 02 03 s 2,c 01 01 02 s3,c

(3.23)

56


Hnh 3.5. Thao tc MixColumns tc ng ln mi ct ca trng thi Trong on m chng trnh di y, hm FFmul(x, y) thc hin php nhn (trn trng GF(28)) hai phn t x v y vi nhauMixColumns(byte state[4,Nb]) begin byte t[4] for c = 0 to Nb 1 for r = 0 to 3 t[r] = state[r,c] end for for r = 0 to 3 state[r,c] = FFmul(0x02, t[r]) t[(r + 2) mod 4] t[(r + 3) mod 4] end for end for end xor xor FFmul(0x03, t[(r + 1) mod 4]) xor

57

Chng 3

3.4.6

Thao tc AddRoundKey

Phng php Rijndael bao gm nhiu chu k m ha lin tip nhau, mi chu k c mt m kha ring (Round Key) c cng kch thc vi khi d liu ang c x l v c pht sinh t m kha chnh (Cipher Key) cho trc ban u. M kha ca chu k cng c biu din bng mt ma trn gm 4 dng v Nb ct. Mi ct ca trng thi hin hnh c XOR vi ct tng ng ca m kha ca chu k ang xt: [ s ' 0,c , s '1,c , s ' 2,c , s '3,c ] = [ s 0,c , s1,c , s 2,c , s 3,c ] [ wround Nb +c ] , vi 0 c < Nb. (3.24)

Thao tc bin i ngc ca AddRoundKey cng chnh l thao tc AddRoundKey.

Trong on chng trnh di y, hm xbyte(r, w) thc hin vic ly byte th r trong t w.AddRoundKey(byte state[4,Nb], word rk[]) // rk = w + round * Nb begin for c = 0 to Nb 1 for r = 0 to 3 state[r,c] = state[r,c] xor xbyte(r, rk[c]) end for end for end

58


Hnh 3.6. Thao tc AddRoundKey tc ng ln mi ct ca trng thi

3.5

Pht sinh kha ca mi chu k

Cc kha ca mi chu k (RoundKey) c pht sinh t kha chnh. Quy trnh pht sinh kha cho mi chu k gm 2 giai on:: 1. 2. M rng kha chnh thnh bng kha m rng, Chn kha cho mi chu k t bng kha m rng.

3.5.1

Xy dng bng kha m rng

Bng kha m rng l mng 1 chiu cha cc t (c di 4 byte), c k hiu l w[Nb*(Nr + 1)]. Hm pht sinh bng kha m rng ph thuc vo gi tr Nk, tc l ph thuc vo di ca m kha chnh.

59

Chng 3

Hm SubWord(W) thc hin vic thay th (s dng S-box) tng byte thnh phn ca t 4 byte c a vo v tr kt qu v l mt t bao gm 4 byte kt qu sau khi thc hic vic thay th. Hm RotWord(W) thc hin vic dch chuyn xoay vng 4 byte thnh phn (a, b, c, d) ca t c a vo. Kt qu tr v ca hm RotWord l mt t gm 4 byte thnh phn l (b, c, d, a).KeyExpansion(byte key[4 * Nk], word w[Nb * (Nr + 1)], Nk) begin i=0 while (i < Nk) w[i] = word[key[4*i],key[4*i+1], key[4*i+2],key[4*i+3]] i = i + 1 end while i = Nk while (i < Nb * (Nr + 1)) word temp = w[i - 1] if (i mod Nk = 0) then temp = SubWord(RotWord(temp)) xor Rcon[i / Nk] else if (Nk = 8) and (i mod Nk = 4) then temp = SubWord(temp) end if w[i] = w[i - Nk] xor temp i = i + 1 end while end

60


Cc hng s ca mi chu k hon ton c lp vi gi tr Nk v c xc nh bng Rcon[i] = (RC[i], {00}, {00}, {00}) vi RC[i] GF(28) v tha: RC[1]=1 ({01}) RC[i] =x ({02})(RC[i-1]) = x(i1) (3.25)

3.5.2

Xc nh kha ca chu k

Kha ca chu k th i c xc nh bao gm cc t (4 byte) c ch s t Nb * i n Nb * (i + 1) 1 ca bng m kha m rng. Nh vy, m kha ca chu k th i bao gm cc phn t w[ Nb * i ] , w[ Nb * i + 1] ,, w[ Nb * (i + 1) 1] .

w0 w1 w2 w3 w4 w5 w6 w7 w8 w9 w10 w11 w12 w13 w14 w15 w16 w17 ...Ma khoa chu ky 0 Ma khoa chu ky 1 Ma khoa chu ky 2 ...

Hnh 3.7. Bng m kha m rng v cch xc nh m kha ca chu k (Nb = 6 v Nk = 4)

Vic pht sinh m kha cho cc chu k c th c thc hin m khng nht thit phi s dng n mng w[ Nb * ( Nr + 1)] . Trong trng hp dung lng b nh hn ch nh cc th thng minh, cc m kha cho tng chu k c th c xc nh khi cn thit ngay trong qu trnh x l m ch cn s dng max( Nk , Nb) * 4 byte trong b nh. Bng kha m rng lun c t ng pht sinh t kha chnh m khng cn phi c xc nh trc tip t ngi dng hay chng trnh ng dng. Vic

61

Chng 3

chn la kha chnh (Cipher Key) l hon ton t do v khng c mt iu kin rng buc hay hn ch no. 3.6 Quy trnh gii m

Quy trnh gii m c thc hin qua cc giai on sau: 1. 2. Thc hin thao tc AddRoundKey u tin trc khi thc hin cc chu k gii m. Nr 1 chu k gii m bnh thng: mi chu k bao gm bn bc bin i lin tip nhau: InvShiftRows, InvSubBytes, AddRoundKey, thao tc

InvMixColumns. 3. Thc hin chu k gii m cui cng. Trong chu k ny, InvMixColumns c b qua. Di y l m gi ca quy trnh gii m:InvCipher( byte in[4 * Nb], byte out[4 * Nb], word w[Nb * (Nr + 1)]) begin byte state[4,Nb] // Xem phn 3.4.6 // Xem phn 3.6.1 // Xem phn 3.6.2 // Xem phn 3.6.3 state = in AddRoundKey(state, w + Nr * Nb) for round = Nr - 1 downto 1 InvShiftRows(state) InvSubBytes(state) InvMixColumns(state) end for


62


InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w) out = state end

3.6.1

Php bin i InvShiftRows

Hnh 3.8. Thao tc InvShiftRows tc ng ln tng dng ca trng thi hin hnh

InvShiftRows chnh l php bin i ngc ca php bin i ShiftRows. Dng u tin ca trng thi s vn c gi nguyn trong khc ba dng cui ca trng thi s c dch chuyn xoay vng theo chiu ngc vi php bin i ShiftRows vi cc di s Nbshift (r, Nb) khc nhau. Cc byte cui dng c a vng ln u dng trong khi cc byte cn li c khuynh hng di chuyn v cui dng.

s r' ,( c + shift ( r , Nb )) mod Nb = s r ,c vi 0 < r < 4 v 0 c < Nb

(3.26)

63

Chng 3

Gi tr ca di s shift(r,Nb) ph thuc vo ch s dng r v kch thc Nb ca khi v c th hin trong Bng 3.1.InvShiftRows(byte state[4,Nb]) begin byte t[Nb] for r = 1 to 3 for c = 0 to Nb - 1 t[(c + h[r,Nb]) mod Nb] = state[r,c] end for for c = 0 to Nb 1 state[r,c] = t[c] end for end for end

3.6.2

Php bin i InvSubBytes

Php bin i ngc ca thao tc SubBytes, k hiu l InvSubBytes, s dng bng thay th nghch o ca S-box trn GF(28), k hiu l S-box-1. Qu trnh thay th 1 byte y da vo S-box-1 bao gm hai bc sau: 1. p dng php bin i affine (trn GF(2)) sau i vi y (c biu din nh phn l {y7 y 6 y5 y 4 y3 y 2 y1 y 0 } ):

64


x 0 0 x 1 1 x 2 0 x3 = 1 x 4 0 x 5 0 x 1 6 x 7 0 hay

0 1 0 0 1 0 1 y 0 1 0 0 1 0 0 1 0 y1 0 1 0 0 1 0 0 1 y 2 1 0 1 0 0 1 0 0 y 3 0 + 1 0 1 0 0 1 0 y 4 0 0 1 0 1 0 0 1 y 5 0 0 0 1 0 1 0 0 y 6 0 1 0 0 1 0 1 0 y 7 0

(3.27)

xi = y (i + 2 ) mod 8 y (i +5) mod 8 y ( i + 7) mod 8 d i , vi di l bit th i ca gi tr {05},0 i 7. (3.28)

R rng y chnh l php bin i affine ngc ca php bin i affine bc 1 ca S-box. 2. Gi x l phn t thuc GF(28) c biu din nh phn l {x7 x6 x5 x4 x3 x2 x1 x0 } . Xc nh phn t nghch o x-1 GF(28) vi quy c {00}-1 = {00}InvSubBytes(byte state[4,Nb]) begin for r = 0 to 3 for c = 0 to Nb - 1 state[r,c] = InvSbox[state[r,c]] end for end for end

65

Chng 3

Bng D.2 th hin bng thay th nghch o c s dng trong php bin i InvSubBytes

3.6.3

Php bin i InvMixColumns

InvMixColumns l bin i ngc ca php bin i MixColumns. Mi ct ca trng thi hin hnh c xem nh a thc s(x) bc 4 c cc h s thuc GF(28) v c nhn vi a thc a-1(x) l nghch o ca a thc a(x) (modulo M(x)) c s dng trong php bin i MixColumns. a-1(x) = {0b}x3 + {0d}x2 + {09}x + {0e} Php nhn s ( x) = a 1 ( x ) s ( x) c th c biu din di dng ma trn:' s 0,c 0e ' s1,c = 09 s ' 0d 2 ,c ' s3,c 0b

(3.29)

0b 0d 09 s0,c 0e 0b 0d s1,c vi 0 c < Nb 09 0e 0b s 2,c 0d 09 0e s3,c

(3.30)

Trong on m chng trnh di y, hm FFmul(x, y) thc hin php nhn (trn trng GF(28)) hai phn t x v y vi nhau.InvMixColumns(byte block[4,Nb]) begin byte t[4] for c = 0 to Nb 1 for r = 0 to 3 t[r] = block[r,c] end for for r = 0 to 3

66


block[r,c] = FFmul(0x0e, t[r]) xor FFmul(0x0b, t[(r + 1) mod 4]) xor FFmul(0x0d, t[(r + 2) mod 4]) xor FFmul(0x09, t[(r + 3) mod 4]) end for end for end

3.6.4

Quy trnh gii m tng ng

Nhn xt: 1. Php bin i InvSubBytes thao tc trn gi tr ca tng byte ring bit ca trng thi hin hnh, trong khi php bin i InvShiftRows ch thc hin thao tc di chuyn cc byte m khng lm thay i gi tr ca chng. Do , th t ca hai php bin i ny trong quy trnh m ha c th c o ngc. 2. Vi php bin i tuyn tnh A bt k, ta c A( x + k ) = A( x) + A(k ) . T , suy raInvMixColumns(state XOR Round Key)= InvMixColumns(state) XOR InvMixColumns(Round Key)

Nh vy, th t ca php bin i InvMixColumns v AddRoundKey trong quy trnh gii m c th c o ngc vi iu kin mi t (4 byte) trong bng m kha m rng s dng trong gii m phi c bin i bi InvMixColumns. Do trong chu k m ha cui cng khng thc hin thao tc MixColumns nn khng

67

Chng 3

cn thc hin thao tc InvMixColumns i vi m kha ca chu k gii m u tin cng nh chu k gii m cui cng.

Vy, quy trnh gii m Rijndael c th c thc hin theo vi trnh t cc php bin i ngc hon ton tng ng vi quy trnh m ha.EqInvCipher(byte in[4*Nb], byte out[4*Nb], word dw[Nb*(Nr+1)]) begin byte state[4,Nb] state = in AddRoundKey(state, dw + Nr * Nb) for round = Nr - 1 downto 1 InvSubBytes(state) InvShiftRows(state) InvMixColumns(state) AddRoundKey(state, dw + round * Nb) end for InvSubBytes(state) InvShiftRows(state) AddRoundKey(state, dw) out = state end

Trong quy trnh trn, bng m kha m rng dw c xy dng t bng m kha w bng cch p dng php bin i InvMixColumns ln tng t (4 byte) trong w, ngoi tr Nb t u tin v cui cng ca w.

68


for i = 0 to (Nr + 1) * Nb 1 dw[i] = w[i] end for for rnd = 1 to Nr 1 InvMixColumns(dw + rnd * Nb) end for

3.7

Cc vn ci t thut ton

Gi a l trng thi khi bt u chu k m ha. Gi b, c, d, e ln lt l trng thi kt qu u ra sau khi thc hin cc php bin i SubBytes, ShiftRows, MixColumns v AddRoundKey trong chu k ang xt. Quy c: trong trng thi s ( s = a, b, c, d , e ), ct th j c k hiu sj, phn t ti dng i ct j k hiu l si, j. b0, j S [a 0, j ] b S[a ] 1, j = 1, j b2, j S [a 2, j ] b3, j S [a 3, j ] b0, j c 0, j c b 1, j = 1,( j + shift (1, Nb )) mod Nb c 2 , j b 2 ,( j + shift (2 , Nb )) mod Nb c 3, j b3 ,( j + shift (3, Nb )) mod Nb

Sau bin i SubBytes:

(3.31)

Sau bin i ShiftRows:

(3.32)

Sau bin i MixColumns:

d 0, j 02 d 1, j = 01 d 2, j 01 d 3, j 03

03 01 01 c0, j 02 03 01 c1, j 01 02 03 c 2, j 01 01 02 c3, j

(3.33)

69

Chng 3

Sau bin i AddRoundKey:

e0, j d 0, j k 0, j e d k 1, j = 1, j 1, j e 2 , j d 2 , j k 2 , j e3, j d 3, j k 3, j

(3.34)

Kt hp cc kt qu trung gian ca mi php bin i trong cng chu k vi nhau, ta c: e0, j 02 e 1, j = 01 e2, j 01 e3, j 03 S [ a 0, j ] 03 01 01 S a 02 03 01 1,( j + shift (1, Nb ))mod Nb 01 02 03 S a 2,( j + shift (2, Nb ))mod Nb 01 01 02 S a3,( j + shift (3, Nb )) mod Nb

[ [ [

] ] ]

k 0, j k 1, j k 2, j k 3, j

(3.35)

K hiu j[r ] = ( j + shift (r , Nb )) mod Nb , biu thc (3.35) c th vit li nh sau: S [a0, j [0] ] k0, j 03 01 01 S a1, j [1] k 02 03 01 1, j 01 02 03 S a2, j [ 2] k2, j 01 01 02 k a3, j 3 3, j S [ ]

e0, j 02 e 1, j = 01 e2, j 01 e3, j 03

(3.36)

Khai trin php nhn ma trn, ta c: e0, j 02 03 01 01 k0, j e 01 02 03 01 k 1, j = S a S a1, j 1 S a2, j 2 S a3, j 3 1, j 0, j [0] 01 [ ] 01 [ ] 02 [ ] 03 k 2, j e2, j e3, j 03 01 01 02 k3, j

(3.37)

70


nh ngha cc bng tra cu T0, T1, T2, T3 nh sau: S [a ] 02 S[a ] 03 S [a ] , T [a ] = S[a ] 02 , T0 [a ] = 1 S [a ] S[a ] S [a ] 03 S[a ] S [a ] S [a ] S [a ] 03 , T [a ] = S [a ] T2 [a ] = S [a ] 02 3 S [a ] 03 S [a ] S [a ] 02 Khi , biu thc (3.38) c vit li nh sau:

(3.38)

3 e j = Ti ai , j[i ] wround *Nb + j i =0 vi round l s th t ca chu k ang xt.

[

]

(3.39)

Nh vy, mi ct ej ca trng thi kt qu sau khi thc hin mt chu k m ha c th c xc nh bng bn php ton XOR trn cc s nguyn 32 bit s dng bn bng tra cu T0, T1, T2 v T3.

Cng thc (3.39) ch p dng c cho Nr-1 chu k u. Do chu k cui cng khng thc hin php bin i MixColumns nn cn xy dng 4 bng tra cu ring cho chu k ny: S [a ] 0 0 0 0 S [a ] 0 , U [a ] = , U [a ] = , U [a ] = 0 U 0 [a ] = 1 2 3 0 0 S [a ] 0 0 0 0 S [a ]

(3.40)

71

Chng 3

3.7.1

Nhn xt

K thut s dng bng tra cu gip ci thin tc m ha v gii m mt cch ng k. Ngoi ra, k thut ny cn gip chng li cc phng php ph m da trn thi gian m ha do khi s dng bng tra cu, thi gian m ha d liu bt k u nh nhau. K thut ny c th c s dng trong quy trnh m ha v quy trnh gii m tng ng do s tng ng gia cc bc thc hin ca hai quy trnh ny. Khi , chng ta c th dng chung mt quy trnh cho vic m ha v gii m nhng s dng bng tra khc nhau. Trn thc t, cc bng tra cu c th c lu tr sn hoc c xy dng trc tip da trn bng thay th S-Box cng vi thng tin v cc khun dng tng ng. Trn cc b vi x l 32-bit, nhng thao tc bin i s dng trong quy trnh m ha c th c ti u ha bng cch s dng bn bng tra cu, mi bng c 256 phn t vi kch thc mi phn t l 4 byte. Vi mi phn t a GF(28), t: S [a ] 02 S[a ] 03 S [a ] , T [a ] = S[a ] 02 , T0 [a ] = S [a ] 1 S[a ] S [a ] 03 S[a ] S [a ] S [a ] S [a ] 03 , T [a ] = S [a ] T2 [a ] = S [a ] 02 3 S [a ] 03 S [a ] S [a ] 02

(3.41)

72


Nhn xt: Ti[a] = RotWord(Ti-1[a]) vi i = 1, 2,3 . K hiu RotWordi l hm x l gm i ln thc hin hm RotWord, ta c:

Ti [a ] = RotWord i (T0 [a ])

(3.42)

Nh vy, thay v dng 4 kilobyte lu tr sn c bn bng, ch cn tn 1 kilobyte lu bng u tin, cc bng cn li c th c pht sinh li khi s dng. Cc hn ch v b nh thng khng c t ra, tr mt s t trng hp nh i vi cc applet hay servlet. Khi , thay v lu tr sn bng tra cu, ch cn lu on m x l pht sinh li cc bng ny. Lc , cng thc (3.39) s tr thnh:

e j = k j Ti [ a i , j [i ] ] = k j RotWord i (T0 [ a i , j [i ] ])3 3 i=0 i =0

(3.43)

3.8

Kt qu th nghim Bng 3.2. Tc x l ca phng php Rijndael

Kch thc (bit)Kha 128 192 256 Khi 128 128 128

Pentium 200 MHzC++ 69.4 58.0 50.1 C 70.5 59.8 51.3

Tc x l (Mbit/giy) Pentium II Pentium III 400 MHz 733 MHzC++ 138.0 116.2 101.2 C 141.5 119.7 101.5 C++ 252.9 212.9 185.5 C 259.2 219.3 186.1

Pentium IV 2.4 GHzC++ 863.0 726.5 633.5 C 884.7 748.3 634.9

Kt qu th nghim thut ton Rijndael c ghi nhn trn my Pentium 200 MHz (s dng h iu hnh Microsoft Windows 98), my Pentium II 400 MHz, Pentium III 733 MHz (s dng h iu hnh Microsoft Windows 2000 Professional), Pentium IV 2,4GHz (s dng h iu hnh Microsoft Windows XP Service Pack 2).

73

Chng 3

3.9 3.9.1

Kt lun Kh nng an ton

Vic s dng cc hng s khc nhau ng vi mi chu k gip hn ch kh nng tnh i xng trong thut ton. S khc nhau trong cu trc ca vic m ha v gii m hn ch c cc kha yu (weak key) nh trong phng php DES (xem phn 4.5.1). Ngoi ra, thng thng nhng im yu lin quan n m kha u xut pht t s ph thuc vo gi tr c th ca m kha ca cc thao tc phi tuyn nh trong phng php IDEA (International Data Encryption Algorithm). Trong cc phin bn m rng, cc kha c s dng thng qua thao tc XOR v tt c nhng thao tc phi tuyn u c c nh sn trong S-box m khng ph thuc vo gi tr c th ca m kha (xem phn 4.5.4). Tnh cht phi tuyn cng kh nng khuch tn thng tin (diffusion) trong vic to bng m kha m rng lm cho vic phn tch mt m da vo cc kha tng ng hay cc kha c lin quan tr nn khng kh thi (xem phn 4.5.5). i vi phng php vi phn rt gn, vic phn tch ch yu khai thc c tnh tp trung thnh vng (cluster) ca cc vt vi phn trong mt s phng php m ha. Trong trng hp thut ton Rijndael vi s lng chu k ln hn 6, khng tn ti phng php cng ph mt m no hiu qu hn phng php th v sai (xem phn 4.5.2). Tnh cht phc tp ca biu thc S-box trn GF(28) cng vi hiu ng khuch tn gip cho thut ton khng th b phn tch bng phng php ni suy (xem phn 4.5.3).

74


3.9.2

nh gi

Phng php Rijndael thch hp cho vic trin khai trn nhiu h thng khc nhau, khng ch trn cc my tnh c nhn m in hnh l s dng cc chip Pentium, m c trn cc h thng th thng minh. Trn cc my tnh c nhn, thut ton AES thc hin vic x l rt nhanh so vi cc phng php m ha khc. Trn cc h thng th thng minh, phng php ny cng pht huy u im khng ch nh vo tc x l cao m cn nh vo m chng trnh ngn gn, thao tc x l s dng t b nh. Ngoi ra, tt c cc bc x l ca vic m ha v gii m u c thit k thch hp vi c ch x l song song nn phng php Rijndael cng chng t th mnh ca mnh trn cc h thng thit b mi. Do c tnh ca vic x l thao tc trn tng byte d liu nn khng c s khc bit no c t ra khi trin khai trn h thng big-endian hay little-endian.

Xuyn sut phng php AES, yu cu n gin trong vic thit k cng tnh linh hot trong x l lun c t ra v c p ng. ln ca khi d liu cng nh ca m kha chnh c th ty bin linh hot t 128 n 256-bit vi iu kin l chia ht cho 32. S lng chu k c th c thay i ty thuc vo yu cu ring c t ra cho tng ng dng v h thng c th.

Tuy nhin, vn tn ti mt s hn ch m hu ht lin quan n qu trnh gii m. M chng trnh cng nh thi gian x l ca vic gii m tng i ln hn vic m ha, mc d thi gian ny vn nhanh hn ng k so vi mt s phng php khc. Khi ci t bng chng trnh, do qu trnh m ha v gii m khng ging nhau nn khng th tn dng li ton b on chng trnh m ha cng nh cc bng tra cu cho vic gii m. Khi ci t trn phn cng, vic gii m

75

Chng 3

ch s dng li mt phn cc mch in t s dng trong vic m ha v vi trnh t s dng khc nhau.

Phng php Rijndael vi mc an ton rt cao cng cc u im ng ch khc chc chn s nhanh chng c p dng rng ri trong nhiu ng dng trn cc h thng khc nhau.

76

Phng php Rijndael m rng

Chng 4 Phng php Rijndael m rng

Trong chng 3, chng ta tm hiu v phng php m ha Rijndael. Ni dung ca chng 4 s trnh by mt s phin bn m rng ca chun m ha Rijndael. Mt s kt qu th nghim cng vi phn phn tch v chng minh kh nng an ton ca phng php Rijndael v cc phin bn m rng ny cng c trnh by trong chng 4. 4.1 Nhu cu m rng phng php m ha Rijndael

Vo thp nin 1970-1980, phng php DES vn c xem l rt an ton v cha th cng ph bng cc cng ngh thi by gi. Tuy nhin, hin nay phng php ny c th b ph v v tr nn khng cn an ton bo v cc thng tin quan trng. y chnh l mt trong nhng l do m NIST quyt nh chn mt thut ton m ha mi thay th DES nhm phc v nhu cu bo mt thng tin ca Chnh ph Hoa K cng nh trong mt s ng dng dn s khc. Phng php m ha Rijndael c nh gi c an ton rt cao v phng php vt cn vn l cch hiu qu nht cng ph thut ton ny. Vi kh nng

77

Chng 4

hin nay ca cc h thng my tnh trn Th gii th gii php vt cn vn l khng kh thi. Tuy nhin, vi s pht trin ngy cng nhanh ca cng ngh thng tin, cc th h my tnh mi ra i vi nng lc v tc x l ngy cng cao, thut ton Rijndael s c th b cng ph trong tng lai. Khi , nhng thng tin quan trng vn c bo mt bng phng php Rijndael cn phi c m ha li bng mt phng php m ha mi an ton hn. Vn ti t chc d liu quan trng c tch ly sau nhiu thp nin l hon ton khng n gin. iu ny dn n yu cu m rng nng cao an ton ca thut ton, chng hn nh tng kch thc kha v kch thc khi c x l. Cc phin bn m rng 256/384/512-bit v phin bn m rng 512/768/1024-bit ca thut ton Rijndael c trnh by di y c chng ti xy dng trn cng c s l thuyt ca thut ton nguyn thy v c kh nng x l cc kha v khi d liu ln hn nhiu ln so vi phin bn gc.

4.2

Phin bn m rng 256/384/512-bit

Trong thut ton m rng 256/384/512-bit ca phng php Rijndael, mi t gm c Nw=8 byte. Mi trng thi c th c biu din di dng mt ma trn gm 8 dng v Nb ct vi Nb bng vi di ca khi chia cho 64. Kha chnh cng c biu din di dng mt ma trn gm 8 dng v Nk ct vi Nk bng vi di ca kha chia cho 64. Ma trn biu din 1 trng thi hay kha c th c kho st di dng mng 1 chiu cc t (Nw byte), mi phn t tng ng vi 1 ct ca ma trn.

S lng chu k, k hiu l Nr, c gi tr l Nr = max{Nb, Nk}+ 6 (4.1)

78


4.2.1

Quy trnh m ha

Trong quy trnh m ha vn s dng 4 php bin i chnh nh trnh by trong thut ton m ha Rijndael c bn: 1. AddRoundKey: cng ( ) m kha ca chu k vo trng thi hin hnh. di ca m kha ca chu k bng vi kch thc ca trng thi. 2. SubBytes: thay th phi tuyn mi byte trong trng thi hin hnh thng qua bng thay th (S-box). 3. MixColumns: trn thng tin ca tng ct trong trng thi hin hnh. Mi ct c x l c lp. 4. ShiftRows: dch chuyn xoay vng tng dng ca trng thi hin hnh vi di s khc nhau.

Mi php bin i thao tc trn trng thi hin hnh S. Kt qu S ca mi php bin i s tr thnh u vo ca php bin i k tip trong quy trnh m ha.

Trc tin, ton b d liu u vo c chp vo mng trng thi hin hnh. Sau khi thc hin thao tc cng m kha u tin, mng trng thi s c tri qua Nr = 10, 12 hay 14 chu k bin i (ty thuc vo di ca m kha chnh cng nh di ca khi c x l). Nr 1 chu k u tin l cc chu k bin i bnh thng v hon ton tng t nhau, ring chu k bin i cui cng c s khc bit so vi Nr 1 chu k trc . Cui cng, ni dung ca mng trng thi s c chp li vo mng cha d liu u ra.

79

Chng 4

Hnh 4.1 th hin kin trc ca mt chu k bin i trong thut ton Rijndael m rng 256/384/512-bit vi Nb = 4. Quy trnh m ha Rijndael m rng c tm tt li nh sau: 1. 2. 3. Thc hin thao tc AddRoundKey u tin trc khi thc hin cc chu k m ha.Nr1 chu k m ha bnh thng: mi chu k bao gm 4 bc bin i lin

tip nhau: SubBytes, ShiftRows, MixColumns, v AddRoundKey. Thc hin chu k m ha cui cng: trong chu k ny thao tc MixColumns c b qua.

Hnh 4.1. Kin trc mt chu k bin i ca thut ton Rijndael m rng 256/384/512-bit vi Nb = 4

Trong thut ton di y, mng w[] cha bng m kha m rng; mng in[] v out[] ln lt cha d liu vo v kt qu ra ca thut ton m ha.

80


Cipher(byte in[8 * Nb], byte out[8 * Nb], word w[Nb * (Nr + 1)]) begin byte state[8,Nb] in // Xem phn 4.2.1.4 // Xem phn 4.2.1.1 // Xem phn 4.2.1.2 // Xem phn 4.2.1.3 state =

AddRoundKey(state, w) for round = 1 to Nr 1 SubBytes(state) ShiftRows(state) MixColumns(state) end for SubBytes(state) ShiftRows(state) AddRoundKey(state, w + Nr * Nb) out = state end


4.2.1.1

Php bin i SubBytes

Thao tc bin i SubBytes l php thay th cc byte phi tuyn v tc ng mt cch c lp ln tng byte trong trng thi hin hnh. Bng thay th (S-box) c tnh kh nghch v qu trnh thay th 1 byte x da vo S-box bao gm hai bc: 1. Xc nh phn t nghch o x1 GF(28). Quy c {00}1 = {00}

81

Chng 4

2.

p dng php bin i affine (trn GF(2)) i vi x1 (gi s x1 c biu din nh phn l {x7 x6 x5 x4 x3 x2 x1 x0 } ):yi = xi x(i +4) mod 8 x(i +5) mod 8 x(i +6) mod 8 x (i +7) mod 8 ci

(4.2)

vi ci l bit th i ca {63}, 0 i 7.

Php bin i SubBytes c th hin di dng m gi:SubBytes(byte state[8,Nb]) begin for r = 0 to 7 for c = 0 to Nb - 1 state[r,c] = Sbox[state[r,c]] end for end for end

Bng D.2 th hin bng thay th nghch o c s dng trong php bin i SubBytes. 4.2.1.2 Php bin i ShiftRows

Trong thao tc bin i ShiftRows, mi dng ca trng thi hin hnh c dch chuyn xoay vng vi di khc nhau. Byte Sr,c ti dng r ct c s dch chuyn n ct (c - shift(r, Nb)) mod Nb hay:

s r' ,c = s r ,(c + shift (r , Nb )) mod Nb vi 0 < r < 8 v 0 c < Nbvi

(4.3)

shift (r , Nb ) = r mod Nb

(4.4)

82


Php bin i ShiftRows c th hin di dng m gi: ShiftRows(byte state[8,Nb])begin byte t[Nb] for r = 1 to 7 for c = 0 to Nb - 1 t[c] = state[r, (c + shift[r,Nb]) mod Nb] end for for c = 0 to Nb 1 state[r,c] = t[c] end for end for end

4.2.1.3

Php bin i MixColumns

Trong thao tc bin i MixColumns, mi ct ca trng thi hin hnh c biu din di dng a thc s(x) c cc h s trn GF(28). Thc hin php nhn:

s ' ( x ) = a ( x ) s ( x ) vi a(x ) = 0 1 2 Ma = 3 4 5 6 7

a xi i =0

7

i

, a i GF(28)

(4.5)

t

7 0 1 2 3 4 5 6

6 7 0 1 2 3 4 5

5 6 7 0 1 2 3 4

4 5 6 7 0 1 2 3

3 4 5 6 7 0 1 2

2 3 4 5 6 7 0 1

1 2 3 4 5 6 7 0

(4.6)

83

Chng 4

Ta c:

s ' 0, c s 0, c s '1,c s1,c s ' 2, c s 2 ,c s ' 3,c = M s 3,c , 0 c Nb a s' s 4, c 4 ,c s ' 5 ,c s 5, c s' s 6, c 6, c s ' 7 ,c s 7 ,c

(4.7)

Chng ta c nhiu kh nng chn la a thc a(x) khc nhau m vn m bo tnh hiu qu v an ton ca thut ton. m bo cc tnh cht an ton ca mnh, cc h s ca ma trn ny phi tha cc tnh cht sau: 1. 2. 3. 4. Kh nghch. Tuyn tnh trn GF(2). Cc phn t ma trn (cc h s) c gi tr cng nh cng tt. Kh nng chng li cc tn cng ca thut ton (xem 4.4 - Phn tch mt m vi phn v phn tch mt m tuyn tnh)

on m chng trnh di y th hin thao tc bin i MixColumns vi a thc c trnh by trong cng thc (2.6). Trong on chng trnh ny, hmFFmul(x,y) thc hin php nhn (trn trng GF(2 )) hai phn t x v y vi8

nhau.

84


MixColumns(byte state[8, Nb])begin byte t[8] for c = 0 to Nb 1 for r = 0 to 7 t[r] = state[r,c] end for for r = 0 to 7 state[r,c] = FFmul(0x01, t[r]) xor FFmul(0x05, t[(r + 1) mod 8]) xor FFmul(0x03, t[(r + 2) mod 8]) xor FFmul(0x05, t[(r + 3) mod 8]) xor FFmul(0x04, t[(r + 4) mod 8]) xor FFmul(0x03, t[(r + 5) mod 8]) xor FFmul(0x02, t[(r + 6) mod 8]) xor FFmul(0x02, t[(r + 7) mod 8]) xor end for end for end

4.2.1.4

Thao tc AddRoundKey

M kha ca chu k c biu din bng 1 ma trn gm 8 dng v Nb ct. Mi ct ca trng thi hin hnh c XOR vi ct tng ng ca m kha ca chu k ang xt: [ s ' 0,c , s '1,c , s ' 2,c , s '3,c , s ' 4,c , s '5,c , s ' 6,c , s ' 7,c ] = [ s 0,c , s1,c , s 2,c , s3,c , s 4,c , s5,c , s 6,c , s 7,c ] [ wround Nb +c ] vi 0 c < Nb, (4.8)

85

Chng 4

Nhn xt: Thao tc bin i ngc ca AddRoundKey cng chnh l thao tc AddRoundKey. Trong on chng trnh di y, hm xbyte(r, w) thc hin vic ly byte th r trong t w.AddRoundKey(byte state[8,Nb], word rk[]) // rk = w + round * Nb begin for c = 0 to Nb 1 for r = 0 to 7 state[r,c] = state[r,c] xor xbyte(r, rk[c]) end for end for end

4.2.2

Pht sinh kha ca mi chu k

Quy trnh pht sinh kha cho mi chu k bao gm hai giai on: 1. 2. M rng kha chnh thnh bng m kha m rng, Chn kha cho mi chu k t bng m kha m rng.

4.2.2.1

Xy dng bng kha m rng

Bng kha m rng l mng 1 chiu cha cc t (c di 8 byte), c k hiu l w[Nb*(Nr + 1)]. Hm pht sinh bng kha m rng ph thuc vo gi tr Nk, tc l ph thuc vo di ca m kha chnh.

86


Hm SubWord(W) thay th (s dng S-box) tng byte thnh phn ca mt t (c di 8 byte). Hm RotWord(W) thc hin vic dch chuyn xoay vng 8 byte thnh phn (b0, b1, b 2, b 3, b 4, b 5, b 6, b7) ca t c a vo. Kt qu tr v ca hm RotWord l 1 t gm 8 byte thnh phn l (b1, b 2, b 3, b 4, b 5, b 6, b7, b0).KeyExpansion(byte key[8 * Nk], word w[Nb * (Nr + 1)], Nk) begin i = 0 while (i < Nk) w[i]=word[ key[8*i] , key[8*i+1], key[8*i+2], key[8*i+3], key[8*i+4], key[8*i+5], key[8*i+6], key[8*i+7]] i = i + 1 end while i = Nk while (i < Nb * (Nr + 1)) word temp = w[i - 1] if (i mod Nk = 0) then temp = SubWord(RotWord(temp)) xor Rcon[i / Nk] else if ((Nk = 8) and (i mod Nk = 4)) then temp = SubWord(temp) end if end if w[i] = w[i - Nk] xor temp i = i + 1 end while end

Cc hng s ca mi chu k hon ton c lp vi gi tr Nk v c xc nh bng Rcon[i] = (xi1, 0, 0, 0, 0, 0, 0, 0), i 1

87

Chng 4

4.2.2.2

Xc nh kha ca chu k

M kha ca chu k th i c xc nh bao gm cc t (8 byte) c ch s t Nb * i n Nb * (i + 1) 1 ca bng m kha m rng. Nh vy, m kha ca chu k th i bao gm cc phn t w[ Nb * i ] , w[ Nb * i + 1] , , w[ Nb * (i + 1) 1] .w0 w1 w2 w3 w4 w5 w6 w7 w8 w9 w10 w11 w12 w13 w14 w15 w16 w17 ...Ma khoa chu ky 0 Ma khoa chu ky 1 Ma kho a chu ky 2 ...

Hnh 4.2. Bng m kha m rng v cch xc nh m kha ca chu k (vi Nb = 6 v Nk = 4)

4.2.3

Quy trnh gii m

Quy trnh gii m c thc hin qua cc giai on sau: 1. Thc hin thao tc AddRoundKey u tin trc khi thc hin cc chu k gii m. 2. Nr 1 chu k gii m bnh thng: mi chu k bao gm bn bc bin i lin tip nhau: InvShiftRows, InvSubBytes, AddRoundKey,

InvMixColumns. 3. Thc hin chu k gii m cui cng. Trong chu k ny, InvMixColumns c b qua. thao tc

88


InvCipher( byte in[8 * Nb], byte out[8 * Nb], word w[Nb * (Nr + 1)]) begin byte state[8,Nb] // Xem phn 0 state = in AddRoundKey(state, w + Nr * Nb) for round = Nr - 1 downto 1

InvShiftRows(state)InvSubBytes(state)

// Xem phn 4.2.3.1 // Xem phn 0


InvMixColumns(state)end for

// Xem phn 0

InvShiftRows(state)InvSubBytes(state) AddRoundKey(state, w) out = state end

4.2.3.1

Php bin i InvShiftRows

InvShiftRows l bin i ngc ca bin i ShiftRows. Mi dng ca trng thi c dch chuyn xoay vng theo chiu ngc vi bin i ShiftRows vi di Nbshift (r, Nb) khc nhau. Cc byte cui dng c a vng ln u dng trong khi cc byte cn li c khuynh hng di chuyn v cui dng.' s r ,(c + shift ( r , Nb)) mod Nb = s r ,c vi 0 < r < 8 v 0 c < Nb

(4.9)

89

Chng 4

InvShiftRows(byte state[8,Nb]) begin byte t[Nb] for r = 1 to 7 for c = 0 to Nb - 1 t[(c + shift[r,Nb]) mod Nb] = state[r,c] end for for c = 0 to Nb 1 state[r,c] = t[c] end for end for end

4.2.3.2

Php bin i InvSubBytes

Php bin i ngc ca thao tc SubBytes, k hiu l InvSubBytes, s dng bng thay th nghch o ca S-box trn GF(28) c k hiu l S-box-1. Qu trnh thay th 1 byte y da vo S-box-1 bao gm hai bc sau: 1. p dng php bin i affine (trn GF(2)) sau i vi y (c biu din nh phn l {y 7 y 6 y5 y 4 y3 y 2 y1 y 0 } ): xi = y (i + 2 ) mod 8 y (i +5) mod 8 y ( i + 7) mod 8 d i , vi di l bit th i ca gi tr {05},0 i 7. (4.10)

y chnh l php bin i affine ngc ca php bin i affine bc 1 ca S-box.

90


2.

Gi x l phn t thuc GF(28) c biu din nh phn l {x7 x6 x5 x4 x3 x2 x1 x0 } . Xc nh phn t nghch o x-1 GF(28) vi quy c {00}-1 = {00}

Bng D.2 th hin bng thay th nghch o c s dng trong php bin i InvSubBytesInvSubBytes(byte state[8,Nb]) begin for r = 0 to 7 for c = 0 to Nb - 1 state[r,c] = InvSbox[state[r,c]] end for end for end

4.2.3.3

Php bin i InvMixColumns

InvMixColumns l bin i ngc ca php bin i MixColumns. Mi ct ca trng thi hin hnh c xem nh a thc s(x) bc 8 c cc h s thuc GF(28) v c nhn vi a thc a1(x) l nghch o ca a thc a(x) (modulo M ( x ) = x 8 + 1 ) c s dng trong php bin i MixColumns.

Vi a(x) = {05}x7 + {03}x6 + {05}x5 + {04}x4+ {03}x3 + {02}x2 + {02}x + {01} ta c: a-1(x) = {b3}x7 + {39}x6 + {9a}x5 + {a1}x4+ {db}x3 + {54}x2 + {46}x + {2a} (4.12) (4.11)

91

Chng 4

1 Php nhn s( x) = a ( x) s( x) c biu din di dng ma trn nh sau:

s ' 0, c s 0, c s '1,c s1,c s ' 2, c s 2, c s ' 3,c = M s 3,c , 0 c Nb 1 a s s' 4, c 4, c s ' 5 ,c s 5, c s' s 6, c 6, c s ' 7 ,c s 7 ,c

(4.13)

on chng trnh sau th hin thao tc InvMixColumns s dng a thc a-1(x) trong cng thc (4.12).InvMixColumns(byte block[8,Nb]) begin byte t[8] for c = 0 to Nb 1 for r = 0 to 7 t[r] = block[r,c] end for for r = 0 to 7 block[r,c] = FFmul(0x2a, t[r]) xor FFmul(0xb3, t[(r + 1) mod 8]) xor FFmul(0x39, t[(r + 2) mod 8]) xor FFmul(0x9a, t[(r + 3) mod 8]) xor FFmul(0xa1, t[(r + 4) mod 8]) xor FFmul(0xdb, t[(r + 5) mod 8]) xor FFmul(0x54, t[(r + 6) mod 8]) xor

92


FFmul(0x46, t[(r + 7) mod 8]) end for end for end

4.2.4

Quy trnh gii m tng ng

Quy trnh gii m Rijndael c th c thc hin theo vi trnh t cc php bin i ngc hon ton tng ng vi quy trnh m ha (xem chng minh trong phn 3.6.4-Quy trnh gii m tng ng).EqInvCipher(byte in[8*Nb], byte out[8*Nb], word dw[Nb*(Nr + 1)]) begin byte state[8,Nb] state = in AddRoundKey(state, dw + Nr * Nb) for round = Nr - 1 downto 1 InvSubBytes(state)

InvShiftRows(state) InvMixColumns(state)AddRoundKey(state, dw + round * Nb) end for InvSubBytes(state)

InvShiftRows(state)AddRoundKey(state, dw) out = state end

93

Chng 4

Bng m kha m rng dw c xy dng t bng m kha w bng cch p dng php bin i InvMixColumns ln tng t (8 byte) trong w, ngoi tr Nb t u tin v cui cng ca w.for i = 0 to (Nr + 1) * Nb 1 dw[i] = w[i] end for for rnd = 1 to Nr 1

InvMixColumns(dw + rnd * Nb)end for

4.3

Phin bn m rng 512/768/1024-bit

Thut ton m rng 512/768/1024-bit da trn phng php Rijndael c xy dng tng t nh thut ton m rng 256/384/512-bit: Trong thut ton 512/768/1024 bit, mi t c kch thc Nw=16 byte. a thc c chn trong thao tc MixColumns c bc 15 v phi c h s Branch Number l 17. Chng ta c th chn a thc sau minh ha: a(x) = {07}x15 +{09}x14+{04}x13+{09}x12+{08}x11+{03}x10+{02}x9+{08}x8 + {06}x7+{04}x6+{04}x5+{01}x4+{08}x3+{03}x2+{06}x+{05} V a thc nghch o a-1(x) tng ng l a-1(x)={1e}x15+{bc}x14+{55}x13+{8d}x12+{1a}x11+{37}x10+{97}x9+{10}x8+ {f0}x7+{d5}x6+{01}x5+{ad}x4+{59}x3+{82}x2+{59}x+{3a} (4.15) (4.14)

Chi tit v thut ton c trnh by trong [12], [16].

94


4.4 4.4.1

Phn tch mt m vi phn v phn tch mt m tuyn tnh Phn tch mt m vi phn

Phng php phn tch mt m vi phn (Differential Cryptanalysis) c Eli Biham v Adi Shamir trnh by trong [3].

Phng php vi phn ch c th c p dng nu c th d on c s lan truyn nhng khc bit trong cc mu u vo qua hu ht cc chu k bin i vi s truyn (prop ratio [10]) ln hn ng k so vi gi tr 21-n vi n l di khi (tnh bng bit).

Nh vy, m bo an ton cho mt phng php m ha, iu kin cn thit l khng tn ti vt vi phn (differential trail) lan truyn qua hu ht cc chu k c s truyn ln hn ng k so vi gi tr 21n.

i vi phng php Rijndael, cc tc gi chng minh khng tn ti vt vi phn lan truyn qua bn chu k c s truyn ln hn 2-30(Nb+1) [8] vi Nb = n Nw = n 32 . Nh vy, khng tn ti vt vi phn lan truyn qua tm chu k c s truyn ln hn 2-60(Nb+1). iu ny m bo tnh an ton cho thut ton Rijndael.

95

Chng 4

Phn chng minh c trnh by trong 4.4.5-Trng s vt vi phn v vt tuyn tnh cho chng ta cc kt lun sau: i vi thut ton m rng 256/384/512-bit, khng tn ti vt vi phn lan truyn qua bn chu k c s truyn ln hn 2-54(Nb+1) vi Nb = n Nw = n 64 . Nh vy, khng tn ti vt vi phn lan truyn qua tm chu k c s truyn ln hn 2-108(Nb+1). i vi thut ton m rng 512/768/1024-bit, khng tn ti vt vi phn lan truyn qua bn chu k c s truyn ln hn 2-102(Nb+1) vi Nb = n Nw = n 128 . Nh vy, khng tn ti vt vi phn lan truyn qua tm chu k c s truyn ln hn 2-204(Nb+1).

Cc kt lun trn m bo tnh an ton cho thut ton m rng 256/384/512 bit v 512/768/1024-bit i vi phng php phn tch mt m vi phn.

4.4.2

Phn tch mt m tuyn tnh

Phng php phn tch mt m tuyn tnh (Linear Cryptanalysis) c Mitsuru Matsui trnh by trong [32].

Phng php tuyn tnh ch c th c p dng nu s tng quan gia u ra vi u vo ca thut ton qua hu ht cc chu k c gi tr rt ln so vi 2-n/2.

96


Nh vy, m bo an ton cho mt phng php m ha, iu kin cn thit l khng tn ti vt tuyn tnh (linear trail [10]) lan truyn qua hu ht cc chu k c s truyn ln hn ng k so vi gi tr 2n/2.

i vi phng php Rijndael, cc tc gi chng minh c rng khng tn ti vt tuyn tnh no lan truyn qua bn chu k vi tng quan ln hn 2-15(Nb + 1) [8]. Nh vy, khng tn ti vt tuyn tnh no lan truyn qua tm chu k vi tng quan ln hn 2-39(Nb+1). iu ny m bo tnh an ton cho thut ton Rijndael.

Phn chng minh c trnh by trong 4.4.4-S lan truyn mu cho chng ta cc kt lun sau: i vi thut ton m rng 256/384/512-bit, khng tn ti vt tuyn tnh lan truyn qua bn chu k vi tng quan ln hn 2-27(Nb+1). Nh vy, khng tn ti vt tuyn tnh no lan truyn qua tm chu k vi tng quan ln hn 2-54(Nb+1). i vi thut ton m rng 512/768/1024-bit, khng tn ti vt tuyn tnh lan truyn qua bn chu k vi tng quan ln hn 2-51(Nb+1). Nh vy, khng tn ti vt tuyn tnh no lan truyn qua tm chu k vi tng quan ln hn 2-102(Nb+1).

Cc kt lun trn m bo tnh an ton cho thut ton m rng 256/384/512 bit v 512/768/1024-bit i vi phng php phn tch mt m tuyn tnh.

97

Chng 4

4.4.3

Branch Number

Xt php bin i tuyn tnh F trn vector cc byte. Mt byte khc 0 c gi l byte hot ng (active). Trng s byte ca mt vector a, k hiu l W(a), l s lng byte hot ng trong vector ny. nh ngha 4.1: Branch Number B ca php bin i tuyn tnh F l o kh nng khuch tn ca F, c nh ngha nh sau: B(F) = mina0 (W(a) + W(F(a))) (4.16)

Nhn xt: Branch Number cng ln th kh nng khuch tn thng tin ca F cng mnh, gip cho h thng SPN cng tr nn an ton hn.

Trong php bin i MixColumns, nu trng thi ban u c 1 byte hot ng th trng thi kt qu nhn c sau khi p dng MixColumns c ti a Nw byte hot ng. Do , ta c: B(MixColumns) Nw + 1 rng 256/384/512 bit v thut ton m rng 512/768/1024 bit. Nh vy, t c mc khuch tn thng tin cao nht, chng ta cn phi chn php bin i MixColumns sao cho h s Branch Number t c gi tr cc i l Nw + 1 . Ni cch khc, Branch Number ca MixColumns trong thut ton Rijndael, thut ton m rng 256/384/512 bit v thut ton m rng 512/768/1024 bit phi t c gi tr ln lt l 5, 9 v 17. Khi , quan h tuyn tnh gia cc bit trong trng thi u vo v u ra ca MixColumns lin quan n cc Nw + 1 byte khc nhau trn cng mt ct. (4.17)

vi Nw ln lt nhn gi tr l 4, 8 v 16 trong thut ton Rijndael, thut ton m

98


4.4.4

S lan truyn mu

Trong phng php vi phn, s lng S-box hot ng c xc nh bng s lng byte khc 0 trong trng thi u vo ca chu k. Gi mu (vi phn) hot ng (difference activity pattern) l mu xc nh v tr cc byte khc 0 trong trng thi v gi trng s byte l s lng byte khc 0 trong mu.

Trong phng php tuyn tnh, s lng S-box hot ng c xc nh bng s lng byte khc 0 trong cc vector c chn trng thi bt u ca chu k [10]. Gi mu (tng quan) hot ng (correlation activity pattern) l mu xc nh v tr cc byte khc 0 trong trng thi v gi trng s byte l s lng byte khc 0 trong mu.

Mi ct trong trng thi c t nht mt byte thnh phn l byte hot ng c gi ct hot ng. Trng s ct ca trng thi a, k hiu l Wc(a), c nh ngha l s lng ct hot ng trong mu. Trng s byte ca ct j ca trng thi a , k hiu l W(a)j, c nh ngha l s lng byte hot ng trong ct ny.

Trng s ca mt vt lan truyn qua cc chu k c tnh bng tng tt c cc trng s ca cc mu hot ng u vo ca mi chu k thnh phn.

Trong cc hnh minh ha di y, ct hot ng c t mu xm cn cc byte hot ng c t mu en.

99

Chng 4

Hnh 4.3 minh ha s lan truyn cc mu hot ng (bao gm c mu vi phn v mu tng quan) qua tng php bin i trong cc chu k m ha ca thut ton m rng 256/384/512-bit ca phng php Rijndael vi Nb = 6. SubBytes ShiftRows MixColumns AddRoundKey

Hnh 4.3. S lan truyn mu hot ng qua tng php bin i trong thut ton m rng 256/384/512-bit ca phng php Rijndael vi Nb = 6

Mi php bin i thnh phn trong phng php m ha Rijndael c tc ng khc nhau i vi cc mu hot ng v cc trng s: 1. SubBytes v AddRoundKey khng lm thay i cc mu hot ng cng nh gi tr trng s ct v trng s byte ca mu. 2. ShiftRows lm thay i mu hot ng v trng s ct. Do php bin i ShiftRows tc ng ln tng byte ca trng thi mt cch c lp, khng c s tng tc gia cc byte thnh phn trong trng thi ang xt nn khng lm thay i trng s byte. 3. MixColumns lm thay i mu hot ng v trng s byte. Do php bin i MixColumns t

Documents

Thuat Toan Ma Hoa Va Ung Dung