Fourth Edition by William Stallings - PowerPoint PPT Presentation

About This Presentation
Title:

Fourth Edition by William Stallings

Description:

Title: Crypto-10 Author: YSB Last modified by: Shoubao YANG Created Date: 10/7/2002 11:47:17 PM Document presentation format: Company – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 60
Provided by: YSB7
Category:

less

Transcript and Presenter's Notes

Title: Fourth Edition by William Stallings


1
???????????10? ?????????????
  • Fourth Edition by William Stallings
  • Slides by ???
  • syang_at_ustc.edu.cn
  • http//staff.ustc.edu.cn/syang
  • 2012?10?

2
????
  • ??????????,???????????????????????????????
  • ??????????Diffie-Hellman??????????????????????????
    ?????????????????????,?????????????????
  • ????????????????????ECC??,??????,????????
  • ?ECC??,???????????????????????????????????????????
    ????????Zp?GF(2m)????

3
10.1.1 ??????????
  • ?????????????????????,????????????????????
  • ?????
  • ?????????????????
  • ????????
  • ?????????????
  • ?????????
  • ???????
  • ???????????????,?????????,??????????PGP??,????????
    ??
  • ?????????????????????

4
???????
5
????????
  • ??????????????????????????
  • ???????????????????????
  • ????name, public-key??
  • ????????????????????????
  • ??????????????????????
  • ??????
  • ???????????
  • ??????????????,?????????,??????????????,?????????

6
????????
7
????
  • A????????????????, ??B?????
  • ????A??????KRauth?????, A?????????,????????????
  • B???KUb,????
  • ????,A???????????
  • ?????, A???????????????????
  • A??B???, ??????A???IDA?Nonce1?????, ?????B
  • B????????????A???
  • B?KUa?A?N1?B?N2??, ???A
  • A?B????N2??????B, ?B????????A

8
??????
9
10.1.2 ????
  • ????????????????????????????????
  • ?????????????????????????,??????????????
  • ????????????????????????????????
  • ????????????????????????????????????
  • ?????A,?????????
  • CA EKRauth T, IDA, KUa
  • ????????
  • DKUauthCADKUauth EKRauth T, IDA, KUa(T,
    IDA, KUa)

10
???????
11
10.1.3 ?????????????????
  • ????????????????????????
  • ??????????,?????????????????????????
  • ??,???????????
  • ??????????????????

12
?????????????
  • Merkle?1979?????????
  • A???/???PUa,PRa, ???PUa???IDA?????B
  • B??????(????)Ks, ??A????????A
  • A??D(PRa,E(PUa,Ks), ??Ks, ????????
  • ???????,??????????

13
??????????????
14
10.2 Diffie-Hellman????
  • Diffie?Hellman?1976??????????,???????????,????????
    Diffie-Hellman??????
  • Diffie-Hellman???????????????
  • ??????????
  • ????????????????,????,?????????????????
  • Diffie-Hellman????????????GF???????(????????)
  • Diffie-Hellman?????????????????????DLP

15
??????Discrete Logarithm Problem
  • ??a???p?????(????),?
  • a mod p, a2 mod p, ......, ap-1 mod
    p,???p??????1, 2, ......, p-1
  • ??????,???????,?
  • ??????b???p?????a,?????????i, ?? b ai mod p, ??
    0lt i lt p-1
  • ??i??b??a?????p??????????
  • ??????????????DLP??, ???C?P????, ?d?M???,
    ?M?d???, d logCM in GF(P), ???????Texp((ln(P)ln
    ln(P)1/2)?????P?200??, T 2.7x1011, ??1µs???,
    ??23???P 664?, ?T 1.2x1023,
    ?1012??2.739x109?, ?2.7??. ??P???,?????????

16
Diffie-Hellman Key Exchange
  • ???????????(????)p, ??p?????a
  • ????????
  • ???????(??),?xAlt p, xBlt p
  • ????, ?yA axA mod p, yB axB mod p, ?????
  • ?????????KAB??????
  • KAB axA.xB mod p
  • yAxB mod p (which B can compute)
  • yBxA mod p (which A can compute)
  • KAB????????????????
  • ????????,??????????,???????????
  • ?????????x, ?????DLP??

17
Diffie-Hellman Example
  • Users Alice Bob who wish to swap keys
  • Agree on prime p353 and a 3
  • Select random secret keys
  • A chooses xA97,
  • B chooses xB233
  • Compute public keys
  • yA397 mod 353 40 (Alice)
  • yB3233 mod 353 248 (Bob)
  • Compute shared session key as
  • KAB yBxA mod 353 24897 mod 353 160 (Alice)
  • KAB yAxB mod 353 40233 mod 353 160 (Bob)

18
10.2.2 Diffie-Hellman??????
  • ????????????

19
??DLP???????ElGamal Cryptosystem
  • ??A?B????,?????p,????a,0mp-1
  • ??
  • A??k?0, p-1, k???????xA, A????????B?????YB
    axB mod p, ??
  • K (YB)k mod p, ?K axBk mod p
  • c1 ak mod p
  • c2 mK mod p
  • ???? (c1, c2)
  • ??
  • B????KK c1xB mod P akxB mod p
  • ????mm c2/K mod P c2K-1 mod p

20
ElGamal Cryptosystem
  • ??????,k??????,??
  • (1) c1,1 ak mod p c2,1 m1K mod p
  • (2) c1,2 ak mod p c2,2 m2K mod p
  • ?m1/m2 c2,1/c2,2 mod p. ??m1??,m2?????
  • ElGamal???????????,????????????????, ????????k?
  • ElGamal?????????50,?????????????
  • ElGamal??????????Diffie-Hellman???,???DLP,??????,?
    ??????Texp((ln(p)lnln(p)1/2)????

21
ElGamal Cryptosystem
  • ?P 17, a 3, xA 2, xB 5, m 11,
    m?A???B, A??k 7.
  • ???(c1, c2)???
  • ??YA axA mod P 32 mod 17 9
  • YB axB mod P 35 mod 17 5
  • K (YB)k mod P 57 mod 17 10
  • c1 ak mod P 37 mod 17 11
  • c2 mK mod P 10x11 mod 17 8
  • ??,??C (c1, c2) (11, 8)
  • ??K c1xB mod P 115 mod 17 10
  • c2 mK mod P 10m mod 17 8
  • m c2/K mod P c2K-1 mod P
  • K K-1 mod P 1,?10 K-1 mod 17 1,?K-1 12
  • ??,??m c2K-1 mod P 8x12 mod 17 11

22
10.3 ??????
  • ?????????ECC
  • ??????????ECC,?????RSA, D-H?????????????
  • ????????, ?????Weierstrass????????????????
  • y2 axy by x3 cx2 dx e
  • ???? y2 x3 ax b
  • ?????????(x, y)??????E????
  • ???????(point at infinity)???(zero point)?O?

23
?????????
  • ????
  • ????????
  • ??

24
??????
  • (a) y2x3-x
    (b) y2x3x1

25
??????
  • ??
  • P(x, -y)P(x, y)
  • ??X?????
  • PPO
  • ???
  • POP

26
??????????
  • ??????????????????, ???????O?????
  • O???????(additive identity), O -O???????????P,
    ? P O P?
  • ???????????P1(x, y)?P2(x, -y), ???????O,
    ?P1P2O O? P1 -P2?
  • ??????x???Q?R??, ?????????????????P1,
    ???????????QRP1O, ??QR-P1
  • ??Q??, ??????????S, ?QQ2Q-S
  • ??????????P??????k?????????k?P???

27
???????
  • ?????????????????????
  • ??
  • ???????
  • ??????
  • ??
  • ???
  • RPQ
  • (? RPQ)

28
????
  • ??
  • ??P(x, y)???
  • RPP

29
????
kPPP ???
30
????
  • ??g ysxy0
  • ??
  • ?????
  • (sxy0)2x3axb
  • R???

31
????
  • ??gysxy0
  • ?????
  • (sxy0)2x3axb
  • R???

32
?????????Finite Elliptic Curves
  • ?????????????GFP?
  • y2x3axb mod p
  • p?????, ??
  • 0, 1, , p-1??p?????(Abelian)
  • 1, , p-1??p?????
  • ???????????????????????

33
???????????
  • ???Zp?????(prime curves)Ep(a,b)
  • ??????,?????????0,1,,p-1, ?p??
  • ????????
  • ???GF(2n)??????E2n(a,b)
  • ???????GF(2n), ?????(??????)
  • ???????
  • Ep(a,b)??????????p???, ????(x, y)??????????p??????
    ??????Oy2 mod p (x3axb) mod p.
  • ?? p23, ?4a327b24x1327x12 mod 23 8?0,
    ????(??a, b 1)

34
????E23(1,1)???
  • ??????0xltp?x, ??y2x3x1 mod p
  • ?????????????????????p????, ????,
    ?E23(1,1)????????x??????, ????????????y?(????????
    ?y?0)???(x, y)??E23(1,1)???

35
????E23(1,1)???
36
???????
  • ?GF11?????????????P(x, y) y2x3x6 mod 11
  • ?12??, ??????O??n13???

37
????????
  • ?y2x3x6 mod 11???(2, 4) ????
  • ??2PPP (??? P2PP )
  • ??3PPPP2PP(???P3PPPP2P)
  • ??????GF11???

38
????????
  • ?P(2, 4), ??2PPP (???P2PP )
  • ???3PPPP2PP (???P3P2P )

39
GF(2n)??????
  • ???GF(2n)?2n?????????????????????
  • ???n, ??GF(2n)??????,?????????GF(2n)????????,???GF
    (2n)?????????????
  • ????,GF(2n)?????????????????Zp??????????,??
  • y2xyx3ax2b
  • ????x?y????a?b?GF(2n)????,???GF(2n)???

40
GF(2n)??????
  • ???????(x, y)?????O?????E2n(a,b)
  • ??,????????f(x)x4x1(10011)??????GF(24),????g??f
    (g)0, ?g10010, g4g1, ????0011,
    g5(g4)(g)g2g0110

g00001 g40011 g80101 g121111
g10010 g50110 g91010 g131101
g20100 g61100 g100111 g141001
g31000 g71011 g111110 g150001
41
GF(2n)??????
  • ??,??????y2xyx3g4x21, ag40011, bg00001,
    ?????????(x, y)?(g5, g3)
  • (g3)2(g5)(g3)(g5)3(g4)(g5)21
  • g6g8g15g141
  • 11000101000110010001
  • 10011001

42
(No Transcript)
43
10.4 ???????
  • ????????????RSA, D-H?????????????????,????,???????
    ???????????????ECC,????????????????
  • ECC???????,ECC??????????
  • ECC??????DLP?????
  • QkP, Q, P??Ep(a, b), kltP
  • ??k, P, ????QkP
  • ????Q, P, ?k?
  • ???????????

44
????????
  • ????
  • y2x3axb mod p
  • ??????P,????
  • ??????k-1???
  • QkP, (?QPk)?
  • ????????????
  • ???Q???????k?
  • ???????????
  • ????????

45
???????
  • ?E23(9, 17), ?y2(x39x7) mod 23,
    ?P(16,5)???Q(4, 5)?????k????
  • ??????????,????P???????Q??,??
  • P(16,5)2P(20,20)3P(14,14)4P(19,20)
    5P(13,10)6P(7,3)7P(8,7)8P(12,17) 9P(4,5)
  • ??, ?P(16,5)???Q(4,5)?????k?9
  • ?????,k?????,???????

46
???????
  • ???????????
  • ???????????????
  • ??????a?b
  • ???(base)??????????P
  • ?(order)P???n,??nPO
  • ????????
  • EP(a, b), GFP
  • Base point P(x, y)
  • ?? e ??????
  • ?????QeP

47
10.4.1Diffie-Hellman???????
  • ?????????G
  • A?B??????a, b???
  • A QA aG B
  • QB bG
  • A Qa(QB) abG
  • B Qb(QA)baGabG

48
(No Transcript)
49
ECC?Diffie-Hellman???????
  • ???D-H,ECC?????????
  • ???????ECC, Ep(a,b)
  • ????G(x1, y1), ??nGO???n??????
  • A?B?????????
  • A?B????nAltn, nBltn
  • ????PAnAG, PBnBG
  • A?B??PA ? PB
  • ??????KnAPB nBPA, ??KnAnBG,????????????

50
?ECC??Diffie-Hellman????
  • ??
  • Ep(0, -4), ? y2x3-4, G(2, 2), p211,n240
  • ?? 240GO
  • nA121, PA121(2, 2)(115, 48)
  • nB203, PB203(2, 2)(130, 203)
  • K 121(130, 203) 203(115, 48)(161, 69)

51
Massey-Omura????
  • ?GF(q)?, ??A?????????eA, dA
  • gcd(eA,q-1)1, eAdA 1 mod (q-1)
  • ??, ??B?????????eB, dB
  • gcd(eB,q-1)1, eBdB 1 mod (q-1)
  • A???m???B
  • A meA
    B
  • meA eB
  • (meA eB)da meB
  • B ( meB )dB m

52
Massey-Omura????????
  • m?????????Pm
  • n????????(?????)
  • ??????e1lteltn, gcd(e, n)1, ed1 mod n
  • A???m???B
  • A eAPm
    B
  • eBeAPm
  • dA( eBeAPm ) eBPm
  • B dB( eBPm )Pm

53
ElGamal??????????
  • E(a, b), base point G ??E
  • A??a???, 0ltaltn,n?G??(order)
  • aG??
  • B?A????m
  • B?m???Pm,?????k,
  • A (kG, Pm k(aG)) B
  • A Pm Pm k(aG) a(kG)
  • ???A,B????akG

54
10.4.2 ?????/??
  • ???????m???x-y??Pm, ?Pm???????????,
    ?????????????x???y??,????????????Eq(a,b)??
  • ???D-H????,?????????G????Eq(a,b)?????
  • ??A????nAltn, ?????PAnAG
  • ??B????nBltn, ?????PBnBG
  • A?B Pm
  • A?????????k, ???Pm???? CmkG, PmkPB
  • B??Cm, ??
  • PmkPBnB(kG) Pmk(nBG)nB(kG) Pm

55
ECC Encryption/Decryption
  • ??, Ep(-1,188), ?y2x3-x188, G(0,376), p751
  • A??B???? Pm(562, 201)
  • A??????k386, ???B???PB(201,5)
  • ??kG386(0, 376)(676, 558)
  • Pm kPB (562, 201) 386(201, 5)(385, 328)
  • ??, ????
  • CmkG, PmkPB(676, 558), (385, 328)
  • B???
  • PmkPBnB(kG) Pmk(nBG)nB(kG) Pm

56
??????????
  • ECC?????????kP?P??k??????,?????????elliptic curve
    logarithm problem,Pollard rho????????????????????
  • ??FAC,?????RSA??????
  • ????????,ECC?RSA???????????
  • ?????????RSA??,??ECC???????,??ECC???????RSA?

57
???????RSA?????
58
Equivalent Cryptographic Strength
59
?10???
  • ???1, 7, 8, 10, 11, 12, 13, 16
  • ??16?????????
  • Due Nov. 20, 2012

2G (5, 2) 3G (8, 3) 4G (10, 2) 5G (3, 6)
6G (7, 9) 7G (7, 2) 8G (3, 5) 9G (10, 9)
10G (8, 8) 11G (5, 9) 12G (2, 4) 13G (2, 7)
Write a Comment
User Comments (0)
About PowerShow.com