HỌC VIỆN KỸ THUẬT QUÂN SỰ KHOA CÔNG NGHỆ THÔNG TIN --------O0O-------- BÀI TẬP MÔN LÝ THUYẾT MẬT MÃ VÀ BẢO MẬT THÔNG TIN Tên đề tài: Hàm băm mật mã và mô hình random oracle Giáo viên hướng dẫn: PGS. TS Nguyễn Hữu Minh Nhóm thực hiện: 1. Nguyễn Hữu Nhạn 2. Vũ Thị Thu Huyền 3. Trần Danh Minh Hoàng LỚP CAO HỌC CNTT KHÓA 25B
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Hm bm mt m
HC VIN K THUT QUN S
KHOA CNG NGH THNG TIN
--------O0O--------
BI TP MN L THUYT MT M
V BO MT THNG TIN
Tn ti: Hm bm mt m v m hnh random oracle
Gio vin hng dn: PGS. TS Nguyn Hu Minh
Nhm thc hin:
1. Nguyn Hu Nhn
2. V Th Thu Huyn
3. Trn Danh Minh Hong
LP CAO HC CNTT KHA 25B
H NI 2014
MC LC
I. Tng quan v l thuyt mt m v bo mt thng tin
Mt m hc l ngnh khoa hc ng dng ton hc vo vic bin i thng tin thnh mt dng khc vi mt mc ch l che du ni dung, ngha thng tin cn m ha.
Cc ng dng ca mt m hc v bo mt thng tin rt a dng v phong ph ty vo c trng mi h thng s c nhng c trng ring nh: Tnh bo mt thng tin, tnh ton vn thng tin, Xc thc trong lin lc v ni dung trong lin lc, chng li s thoi thc trch nhim.
Cc phng php m ha
- M ha i xng: L qu trnh m ha v gii m mt thng ip s dng cng mt m kha gi l kha b mt hay cn gi l kha i xng. Mt s phng php m ha i xng nh l m ha c in, m ha khi ...
- M ha bt i xng: cn c gi l phng php m ha kha cng cng gip cho vic trao i m kha tr nn d dng hn. Ni dung ca kha cng cng (public key) khng cn phi gi b mt nh i vi kha b mt trong cc phng php m ha quy c.
II. M hnh random oracle
1. Nguyn l lng chim
Nu c n lng chim b cu cha n+1 con chim b cu, th t nht mt lng chim c cha 2 con chim. Theo nguyn tc lng chim b cu nu c n lng chim th cha kn+1 con chim, vy nu c n lng chim b cu th t nht mt lng cha k+ 1 con chim.
Gi s rng cc thng ip trong mt hm bm l chiu di 6 bit v bn rt gn (digest) ch cn 4 bit. Sau , s lng c th ca digest (pigeonholes) l 24 = 16, v s lng c th ca thng ip (b cu) l 26 = 64. iu ny c ngha l n = 16 v kn + 1 = 64, do k l ln hn 3. Kt lun l c t nht mt digest tng ng vi bn (k + 1) thng ip.
2. Bi ton ngy sinhNu kch thc ca hm Hash nh, th c th tm c 2 vn bn c cng gi tr hm bm, tc l c va chm m khng ph thuc vo s lng bin i ca hm, cch tn cng ny c tn ngy sinh nht. tng ca phng php tn da trn bi ton ngy sinh nht sau. Cn phi chn mt nhm bao nhiu ngi xc sut hai ngi c cng ngy sinh nht l 0.5? Vn ch l xc sut trng ngy sinh nht i vi mt cp ngu nhin l p=1/365, cn trong nhm gm n ngi c cp khc nhau. T y d dng nhn c nh gi gn ng. Xc sut tn ti t nht mt cp c cng ngy sinh l , t y p=1/2 th chng ta thu c .
Chng ta xem s dng bi ton ngy sinh nht tm va chm trong hm Hash nh th no. Gi s cho H l hm Hash vi kch thc u ra l m bt. Chng ta c N bn tin khc nhau , tnh ton gi tr bm ca cc bn tin ny, gi tr tng ng l . Nu nh hm Hash l hm bin i gi ngu nhin th d dng tnh c xc sut sao cho gia N gi tr khng tm c hai nh nhau.
u tin chng ta xem nh gi da trn tnh ton gn ng, sao cho s lng va chm l nh. Chng ta chn mt s gi tr. Xc sut n khng trn vi cc phn cn li l
.
Tip tc chn mt s gi tr mi. Xc sut n khng trng vi phn cn li l
.
Chng ta chn tng t nh vy i vi gi tr mi ca hm Hash, trong bc th I chng ta thu c xc sut khng trng l
Tt c chng ta cn thc hin N-1 bc kim tra khng trng. Xc sut khng mt gi tr trong chng khng trng l:
Vi .
Xc sut tm thy va chm l
.
Vi xc sut va chm l th ta c biu thc:
,
T y chng ta xc nh ga tr N1/2:
.
Chng ta xem tnh cch tnh chnh xc hn xc sut tm va chm trong tp hp , c th nhn c bng cch rt n gin sau. Chng ta chn. Xc sut khng trng l. Tip tc chn . Xc sut khng trng vi v , vi iu kin v khng trng nhau l. Mt cch tng t, chng ta xc nh xc sut khng trng vi mt trong cc gi tr ,,,, vi iu kin l cc gi tr ,,,khc nhau tng i mt. Chng ta nhn c . Nh vy gi tr chnh xc ca xc sut khng c s va chm l:
.
T y chng ta xc nh xc sut c s va chm l p=1-p. p dng cng thc gn ng . Chng ta thu c:
.
Xac sut tn ti t nht mt va chm l:
.
T y ta d dng nhn c iu sau:
,
Hay
,
.
Vi p=1/2 chng ta c. Chng ta thy kt qu phng n tnh ny chnh xc hn phng n u tin. V t cng thc ny chng ta thy, trong s 23 ngi chn ngu nhin th c t nht mt cp trng ngy sinh vi xc sut l . Nh vy thc hin tn cng th cn b nh l bt v cn thc hin tnh ton hm Hash v thc hin sp xp s. V t y chng thy rng nu nh m khng ln th s d dng tm ra c s lng bn tin m c s va chm. Vi cng ngh hin nay th i hi bt.3. Tn cng trn m hnh random oracle
Hm bm c xem l hm mt chiu khi cho trc gi tr bm, khng th ti to li thng ip ban u, hay cn gi l tin nh (pre-image). Nh vy, trong trng hp l tng, cn phi thc hin hm bm cho khong 2n thng ip tm ra c tin nh tng ng vi mt gi tr bm.
Nu tm ra c mt phng php tn cng cho php xc nh c tin nh tng ng vi mt gi tr bm cho trc th thut ton bm s khng cn an ton na.
Cch tn cng nhm to ra mt thng ip khc vi thng ip ban u nhng c cng gi tr bm gi l tn cng tin nh th hai (second pre-image attack).
Cch tn cng Tin nh 1:
Gi s y = h(M) , tm M sao cho y = h(M)
Trong : M: l Thng ip
H : l hn bm
H(M): l bn thng ip rt gn
Thut ton: Tin nh 1
Preimage_Attack(D)
{
For (i = 1 to k)
{
Create (M[i])
T h(M[i])
If (T = D) return M[i]
}
Return failure
}
Nhng kh khn ca mt cuc tn cng tin nh 1 c t l vi 2nMt hm bm mt m s dng mt digest ca 64 bit. C bao nhiu digest khng Eve cn to tm ra thng bo ban u vi xc sut hn 0,5?
S lng digest c to ra l k 0,69 2n 0,69 264. y l mt s lng ln. Ngay c khi Eve c th to ra 230 (gn mt t ng) tin nhn mi th hai, n mt 0,69 234 giy hoc hn 500 nm. iu ny c ngha rng mt thng ip tiu ha ca kch thc 64 bit l an ton i vi preimage tn cng vi, nhng, nh chng ta s thy ngay, khng c bo m tn cng va chmCch tn cng Tin nh 2
Gi s cho M v H(M) , tm M M sao cho h(M) = H(M)Thut ton: tin nh 2
Second_Preimage_Attack(D,M)
{
For (i = 1 to k-1)
{
Create (M[i])
T h(M[i])
If (T = D) return M[i]
}
Return failure
}
Nhng kh khn ca mt cuc tn cng tin nh 2 c t l vi 2nCch tn cng ng
Tm M v M sao cho M M nhng h(M) = h(M)Thut ton: ng
Collision_Attack(D,M)
{ For (i = 1 to k)
{
Create (M[i])
D[i] h(M[i])
for (j = 1 to i-1)
{
if (D[i] = D[j] return M[i] and M[j])
}
}
Return failure
}
Nhng kh khn ca mt cuc tn cng ng c t l vi 2n/24. Tn cng trn cu trc
Tn cng hm hash theo kiu gp nhau gia (meet in the middle attack)Phng php tn cng gp nhau gia p dng cho cc hm Hash xy dng trn c s m khi, m chng ta tm hiu phn trc. Phng php ny cho kt qu tt hn phng php tn cng theo ngy sinh nht. Trong tn cng theo kiu ngy sinh nht tm c va chm nhng gi tr nhn c ca hm Hash i vi tm kim va chm l ngu nhin. Tn cng u tin c xut l tn cng trn hm Hash xy dng trn c s s Rabin xem hnh 11.1.
S ny da trn thut ton m khi an ton. S da trn tng v tnh ton phc tp xc nh kha khi bit u vo v u ra ca khi d liu. Khi d liu Mi c s dng nh kha tng ng vi mt vng tnh ton ca hm Hash. Tm kim va chm lin quan n bi ton tnh ton kha. V d, tn cng c th thay th mt s khi Mk thnh Mk. iu ny dn n nhn c gi tr mi ca vng hm hash Hk. C th tn ti mt s kha m Mk+1, m chng ta nhn c ng thc sau:
.
Nu nh cch thm m tm c cho th thay th khi d liu vthnh v, tc l ta tm c bn tin mi, m c gi tr hm Hash bng vi gi tr hm Hash ca bn tin ban u. Nu nh thut ton m khi l vng chc i vi php tn cng trn c s bit bn tin, th php tn cng cho trn hm Hash c tnh phc tp cao.
Chng ta xem c th php tn cng ny. Gi s cho bn tin M, gi tr hm Hash ca M l H. Mc ch ca php tn cng l tm ra bn tin khc M m ga tr hm Hash ca M cng bng H. Chng ta chia bn tin thnh hai phn v . Phn u tin ca bn tin c bin dng nhiu ln v mi s bin dng gi tr hm Hash c tnh bng. Gi s nhn c N1 ga tr t N1 phng n ca phn th nht (xem hnh ). Phn th hai ca bn tin cng bin dng nhiu ln, t mi bin dng hm Hash c tnh theo thut ton khc, y chng ta tnh theo th t ngc v s dng hm gii m D, tng ng vi hm m ha E (xem hnh). Gi s thu c N2 gi tr t N2 phng n ca phn hai.
Khi s lng N1 v N2 ln th c th tm c cp gi tr bng nhau trong s v v xc sut ln. Gi s rng n tng ng vi hai bn tin l v . R rng rng bn tin m H(M)=H(M). Vy tm ra c s va chm. Gi chng ta xc nh xem cn b nh v kh ca phng php tn cng ny.
Chng ta gi s rng N1 v N2 tn ti gi tr nh hn , m l kch thc ca gi tr bm. Nh th, vi gi tr xc sut gn ng chnh xc c th tip nhn, sao cho gi tr u tin t tp khng trng vi mt gi tr no ca tp bng
.
Xc sut khng mt gi tr no ca tp trng vi mt gi tr ca tp bng
Nh vy xc sut tm ra t nht mt cp trng nhau gia tp v tp l
.
By gi vi iu kin iv vi trng hp d dng xc nh gi tr N1/2, vi xc sut va chm l :
.
nhn c nh gi chnh xc hn khi c th nhn ga tr p=0.63. Nh vy cn b nh cn thit cho php tn cng l bt, kh tn cng l .
III. Hm bm mt m hc1. Gii thiu v hm bm
y l hm c tham s u vo l vn bn c chiu di bt k v chiu ra l mt bn tm lt c chiu di c nh.
Nh ni trong phn ch k s, hm hash c vai tr rt quan trng, ngoi trnh c s gi mo ch k, n cn gip cho qu trnh k din ra nhanh hn rt nhiu, bi hm hash c tc ln, nhng quan trng nht l n lm ch k ngn i rt nhiu iu ny c vai tr rt quan trng trong thc t khi lm vic vi s lng ln cc ch k.
to ra hm Hash th hm hash phi tha mn cc yu cu sau:
- i s ca hm hash l bn tin c chiu di bt k;
- Gi tr ca hm hash c chiu di khng i;
- Hm H(x) cn phi c tnh ton hiu qu, tc l thut ton Hash khi thc hin trn phn cng v phn mm cn phi c cng sut ln. Phi m bo c rng qu trnh k v kim tra ln gi tr ca hm hash nhanh hn so vi qu trnh k v kim tra trn bn thn bn tin;
- Cho y l gi tr ca hm hash, th kh v mt tnh ton tm c x tha h(x)=y, tc l hm hash phi l hm mt chiu;
- Hm hash l hm khng va chm, tc l khi cho trc bn tin x, khng th thc hin c v mt tnh ton tm c bn xx sao cho h(x)=h(x).
- Hm hash l hm khng va chm mnh, khi khng th thc hin c v mt tnh ton tm c hai bn tin x v x, vi xx m h(x)=h(x).
Cu trc chung ca hm bm Hash gm cc phn sau:
Cho trc mt thng ip M c di bt k. Ty theo thut ton c s dng, chng ta c th cn thm thng ip cc bit nhn c thng ip c di l bi s ca chiu di c nh cho trc phc v cho vic tnh ton. Chia thng ip thnh tng khi c kch thc bng nhau tc l M=(M1, M2, Ms).
Gi Hi l trng thi c kch thc n bit, n l chiu di ca gi tr hm bm, F l hm nn thc hin thao tc trn khi d liu vi trng thi hin hnh:
Khi to H0, bng vc t khi to no .
Thc hin trn: Hi=F(Hi-1,Mi), i[1,s].
Gi tr ca Hs l gi tr ca hm bm.
Nu hm hash c cho l bn vng, khi c mt s thay i bt k i s ca n ( tc l bn tin u vo) th gi tr ca n cng thay i ngu nhin, tc l mi bt trong n bt c xc sut b thay i l . Mt phng php tn cng n gin trn hm mt chiu hash l la chn bn tin sao cho gi tr hm hash ca n bng vi gi tr hm hash cho hay ni cch khc y l phng php vc cn, chng ta gi s lng bn tin cn chn l N m tha mn c iu trn. Chng ta thy xc sut gi tr hm hash ca mt bn tin bt k khng trng vi gi tr H cho bng , n l chiu di ca gi tr hm hash. Nh th xc sut khng mt bn tin no t N bn tin khc nhau m gi tr ca bn tin khng trng vi H bng . Xc sut tn ti mt bn tin m gi tr hm hash ca n bng H cho trc l:
.
S dng cng thc Niutn, chng ta nhn c gi tr gn ng sau:
, nu nh x nh,
Nn chng ta c: v .
Khi p=1/2, chng ta c . Vi k thut tnh ton hin nay th n=64 th tn cng c th thc hin c nu c ti nguyn ln cho tnh ton. Nu nh n > 96 thi c xem l an ton i vi cch tn cng ny, th nhng cn nhiu cch tn cng khc, nn khuyn co chn gi tr .Cu trc ca Hm bm mt m
C th chng minh cu trc bo mt ca hm bm mt m bao gm hai thnh phn c th c nghin cu c lp vi nhau. Thnh phn u tin l hm nn m nh x mt u vo vi chiu di c nh ti mt u ra c chiu di c nh. Thnh phn th hai ca cu trc l min m rng, a ra mt hm nn, kt qu ca hm vi u vo c di ty .
Compression function. T quan im ca nh l lun, mt ham mt chiu l mt thnh phn c bn th s nht, t nhiu cng c m ha khc c th c bt ngun. Kt qu ca mt cuc hi tho do Simon cung cp cc bng chng mnh m rng kh nng chu xung t ca hm bm khng th c xy dng da trn ham mt chiu. Thay vo , tc gi thit k hm bm chng xung t da trn mt khi m ha th s-mt khi mt ma.
Mt khi mt ma l mt hon v kha E: {0, 1}n x {0, 1}k {0, 1}nV mt k thut, Mt khi mt ma dng nn u vo ca n - n nh x k + n bit ti n bit. Tuy nhin, Mt khi mt ma thm ch khng phi l one-way: o ngc E trn w, c nh bt k kho k0 v gii m w di kho ny. Nu w gii m cho ra x, sau E(k0, x) = w. Tuy nhin, c ti 12 cu truc n gin xy dng da trn kt qu ca mt khi m ho trong mt hm nn chng xung t. Hai n thng c s dng nht trong cc hm bm nh sau:
Davies-Meyer: H(x, y) = Ey(x)y
Miyaguchi-Preneel: H(x, y) = Ex(y)xy
Bng chng ca bo mt ca nhng an nay va khi ma hoa - da trn gi nh rng cc thut ton m ho c bn l khng th phn bit t mt khi nim tru tng c th, gi l ma hoa y tng, vt xa cc yu cu bo mt tiu chun cho khi ma hoa.
Domain extender. Tn min m rng l mt cu trc chung m bin i mt hm nn vi u vo c di c nh vo mt hm bm vi u vo ty .
Tn min m rng n gin v c s dng ph bin nht l cu trc Merkle -Damgard v n hot ng nh sau:
Cho mt hm nn C: {0, 1}n x {0, 1}m {0, 1}nn-bit lin tc IV.
Input: Thng ip M
1. Break M into m-bit blocks M1,. . . ,Mk, padding if necessary;
2. Let Mk+1 be encoding of |M|;
3. Let h0 = IV;
4. For i = 1 to k + 1 let hi = C(hi-1,Mi);
5. Output hk+1 .
Cu trc lp i lp li hm nn C: output ca C, cng vi khi tip theo ca thng ip, tr thnh u vo cho cc ng dng tip theo ca C.
Bm ca khi cui cng, trong c cha mt m ha chiu di ca thng ip, l bm ca ton b thng ip. Lu tr tm thi u ra ca hm nn, hi, c gi l chui bin hoc trng thi ni (hnh 1).
Hnh 1: Cu trc Merkle-Damgard.
C mt s linh hot nht nh trong hai bc u tin ca cu trc Merkle-Damgard. M ha bt ky s thc hin min l n p ng ba iu kin sau y:
M c m ho nh mt s nguyn ca cc khi m-bit.
M ha la xung t t do;
di ca M c ng gi trong khi cui cng.
Cu trc Merkle-Damgard tng thch vi dng API, ni mt thng ip c cung cp mt khi ti mt thi im vo mt cng c tm kim mt m. Chiu di ca n khng cn phi c bit n cho n khi khi cui cng tr nn c hiu lc. Mt khc, cp nht thm ch mt bit ca thng ip c th kch hot s c lng lai ca ton b bng bm.
Nu hm nn l c kh nng chng xung t, nh vy no l kt qu cu trc
Tuy nhin, cu trc Merkle-Damgard a ra mt hm vi nhiu cu trc thuc tnh, to ra mt s l hng bo mt bt ng.
Trong thc t, cu trc Merkle-Damgard l l do quan trng nht gii thch ti sao n l sai (nguy him, liu lnh, thiu hiu bit) suy ngh v hm bm nh l hp en. Vic cu trc c lp i lp li c thit k p ng mt mc tiu rt khim tn, l m rng tn min ca hm chng xung t v khng nn mong i s c m bo bo mt xa hn.
2. SHA-512
SHA 512 l phin bn ca SHA cng vi chui kt qu bm l 512 bit. SHA 512 cng ging vi h SHA u da trn m hnh Merkle-Damgard. SHA 512 to ra chui kt qu bm l 512 bit t nhiu khi thng ip v mi khi thng ip ny c di l 1024 bit.
i vi SHA 512 bits th chiu di ti a ca chui ban u khng di qu 2128 bits. Nu chui c di ln hn s khng dng SHA 512.3. WHIRLPOOLWhirlpool c thit k bi Paulo Barreto v Vincent Rijmen v gi cc p ng cc cuc gi m ho th s ban hnh bi Nessie ( n mi ca chu u cho ch k, ton vn v m ho) vo nm 2000. Whirlpool c la chn cng vi SHA-256, 384, 512 nh l mt phn danh mc u t ca Nessie. Thit k ca Whirlpool kt hp vi tn min m rng Merkle-Damgard vi mt khi m ho da trn hm nn. Khi m ho l mt bin th ca AES, n c bn l khc vi SHACAL, v n c chuyn thnh mt hm nn bng cch s dng cu trc Miyaguchi-Preneel. Whirlpool khng nhm vo bt k kin trc c th no, mc d 32 - hoc 64-bit b vi x l cho php mt s ti u ha khng th trin khai thc hin trong 8-bit. Ti liu tham kho- Bi ging mn L thuyt mt m v bo mt thng tin ca PSG, TS Nguyn Hiu Minh.- Cryptography & Network Security The McGraw-Hill Companies.- Handbook of Applied Cryptography, by A. Menezes, P. Van Oorschot, and S. Vanstone, CRC Press, 1996Tiu chun ca Hm bm mt m
Tin nh 1
Tin nh 2
ng
512 bit
512 bit
512 bit
512 bit
512 bit
Hm nn
Hm nn
Hm nn
1024 bits
1024 bits
1024 bits
_1268303796.unknown
_1268308276.unknown
_1268309726.unknown
_1268310604.unknown
_1268311031.unknown
_1378645494.unknown
_1378645671.unknown
_1378645903.unknown
_1478917634.unknown
_1378645687.unknown
_1378645616.unknown
_1268312641.unknown
_1268312673.unknown
_1268311974.unknown
_1268311080.unknown
_1268310761.unknown
_1268310939.unknown
_1268310654.unknown
_1268310012.unknown
_1268310391.unknown
_1268310597.unknown
_1268310286.unknown
_1268310149.unknown
_1268310185.unknown
_1268310131.unknown
_1268309785.unknown
_1268309815.unknown
_1268309767.unknown
_1268308814.unknown
_1268309346.unknown
_1268309410.unknown
_1268309592.unknown
_1268309290.unknown
_1268308721.unknown
_1268308791.unknown
_1268308284.unknown
_1268305154.unknown
_1268308037.unknown
_1268308248.unknown
_1268308256.unknown
_1268308199.unknown
_1268305212.unknown
_1268305625.unknown
_1268305205.unknown
_1268304350.unknown
_1268305072.unknown
_1268305137.unknown
_1268304749.unknown
_1268304128.unknown
_1268304137.unknown
_1268303938.unknown
_1268302908.unknown
_1268303497.unknown
_1268303720.unknown
_1268303767.unknown
_1268303795.unknown
_1268303762.unknown
_1268303569.unknown
_1268303694.unknown
_1268303556.unknown
_1268303399.unknown
_1268303485.unknown
_1268303166.unknown
_1268303216.unknown
_1268303145.unknown
_1266240581.unknown
_1268302098.unknown
_1268302510.unknown
_1268302604.unknown
_1268302870.unknown
_1268302353.unknown
_1268302384.unknown
_1268302478.unknown
_1268302163.unknown
_1268301741.unknown
_1268301777.unknown
_1266240975.unknown
_1268301667.unknown
_1266240588.unknown
_1266239724.unknown
_1266240312.unknown
_1266240574.unknown
_1266239783.unknown
_1266232982.unknown
_1266236940.unknown
_1266231548.unknown
Related Documents
