Está en la página 1de 184

1

B GIO DC V O TO
TRNG I HC NHA TRANG
KHOA CNG NGH THNG TIN
----- -----









BI GING

AN TON V BO MT
THNG TIN

(Lu hnh ni b)














Nha Trang, thng 6 nm 2008
2








































BI GING

AN TON V BO MT
THNG TIN


Bin son: Trn Minh Vn
(Ti liu tham kho chnh: Cryptography and Network Security Principles and Practices,
4
th
Edition William Stallings Prentice Hall 2005)
3

MC LC
CHNG 1. GII THIU V AN TON V BO MT THNG TIN .................. 8
1.1 Gii thiu................................................................................................................. 8
1.2 Bo v thng tin trong qu trnh truyn thng tin trn mng .................................. 8
1.2.1 Cc loi hnh tn cng ..................................................................................... 8
1.2.2 Yu cu ca mt h truyn thng tin an ton v bo mt .............................. 10
1.2.3 Vai tr ca mt m trong vic bo mt thng tin trn mng ......................... 11
1.2.4 Cc giao thc (protocol) thc hin bo mt. ................................................. 11
1.3 Bo v h thng khi s xm nhp ph hoi t bn ngoi.................................... 11
1.4 Cu hi n tp ....................................................................................................... 13
CHNG 2. M HA I XNG CN BN .......................................................... 14
2.1 M ha Ceasar ....................................................................................................... 14
2.2 M hnh m ha i xng (Symmetric Ciphers) .................................................. 15
2.3 M ha thay th n bng (Monoalphabetic Substitution Cipher) ....................... 17
2.4 M ha thay th a k t ....................................................................................... 19
2.4.1 M Playfair .................................................................................................... 19
2.4.2 M Hill ........................................................................................................... 20
2.5 M ha thay th a bng (Polyalphabetic Substitution Cipher) ............................ 21
2.6 One-Time Pad ....................................................................................................... 23
2.7 M hon v (Permutation Cipher) ......................................................................... 24
2.8 Tng kt ................................................................................................................ 25
2.9 Cu hi n tp ....................................................................................................... 27
2.10 Bi Tp .................................................................................................................. 27
2.11 Bi Tp Thc Hnh ............................................................................................... 28
CHNG 3. M HA I XNG HIN I .......................................................... 30
3.1 M dng (Stream Cipher) ...................................................................................... 31
3.1.1 A5/1 ............................................................................................................... 32
3.1.2 RC4 ................................................................................................................ 34
3.2 M khi (Block Cipher) ........................................................................................ 37
3.2.1 M khi an ton l tng ............................................................................... 37
3.2.2 Mng SPN ...................................................................................................... 38
3.2.3 M hnh m Feistel ........................................................................................ 38
3.3 M TinyDES ......................................................................................................... 40
3.3.1 Cc vng ca TinyDES .................................................................................. 40
4

3.3.2 Thut ton sinh kha con ca TinyDES......................................................... 42
3.3.3 V d v TinyDES .......................................................................................... 42
3.3.4 Kh nng chng ph m known-plaintext ca TinyDES ............................... 42
3.4 M DES (Data Encryption Standard) .................................................................... 43
3.4.1 Hon v khi to v hon v kt thc: ............................................................ 44
3.4.2 Cc vng ca DES ......................................................................................... 45
3.4.3 Thut ton sinh kha con ca DES ................................................................ 46
3.4.4 Hiu ng lan truyn (Avalanche Effect) ........................................................ 47
3.4.5 an ton ca DES ....................................................................................... 48
3.5 Mt s phng php m khi khc ....................................................................... 49
3.5.1 Triple DES ..................................................................................................... 49
3.5.2 Advanced Encryption Standard (AES) .......................................................... 49
3.6 Cc m hnh ng dng m khi ............................................................................ 50
3.6.1 Electronic Codebook ECB .......................................................................... 50
3.6.2 Cipher Block Chaining CBC....................................................................... 51
3.6.3 Counter CTR ............................................................................................... 53
3.6.4 Output Feedback OFB ................................................................................ 53
3.6.5 Cipher Feedback CFB ................................................................................. 54
3.7 Tnh chng thc (authentication) ca m ha i xng. ....................................... 55
3.8 Tnh khng thoi thc (non-repudiation) ca m ha i xng. ........................... 56
3.9 Trao i kha b mt bng trung tm phn phi kha ........................................... 56
3.10 Cu hi n tp........................................................................................................ 58
3.11 Bi tp.................................................................................................................... 58
3.12 Bi tp thc hnh ................................................................................................... 59
CHNG 4. M HA KHA CNG KHAI ............................................................. 61
4.1 L thuyt s ........................................................................................................... 63
4.1.1 Mt s khi nim........................................................................................... 63
4.1.2 nh l Fermat ............................................................................................... 64
4.1.3 Php logarit ri rc ......................................................................................... 64
4.2 RSA ....................................................................................................................... 66
4.2.1 Nguyn tc thc hin ca RSA ...................................................................... 66
4.2.2 V d RSA ...................................................................................................... 67
4.3 phc tp tnh ton trong RSA .......................................................................... 68
4.3.1 Php tnh m ha/gii m ............................................................................... 68
4.3.2 Php tnh sinh kha ........................................................................................ 70
4.4 an ton ca RSA .............................................................................................. 70
5

4.5 Bo mt, chng thc v khng thoi thc vi m ha kha cng khai ................. 71
4.6 Trao i kha ........................................................................................................ 72
4.6.1 Trao i kha cng khai ................................................................................ 73
4.6.2 Dng m ha kha cng khai trao i kha b mt .................................. 74
4.7 Phng php trao i kha Diffie Hellman ..................................................... 75
4.8 Cu hi n tp ....................................................................................................... 76
4.9 Bi tp ................................................................................................................... 77
4.10 Bi tp thc hnh .................................................................................................. 77
CHNG 5. M CHNG THC THNG IP, HM BM ............................... 79
5.1 M chng thc thng ip .................................................................................... 80
5.2 Hm bm Hash function ..................................................................................... 82
5.2.1 Bi ton ngy sinh nht .................................................................................. 82
5.2.2 Hm bm MD5 v SHA-1 ............................................................................. 84
5.2.3 HMAC ........................................................................................................... 92
5.3 Hm bm v ch k in t .................................................................................. 95
5.4 Mt s ng dng khc ca hm bm .................................................................... 92
5.4.1 Lu tr mt khu ........................................................................................... 92
5.4.2 u gi trc tuyn .......................................................................................... 93
5.4.3 Download file ................................................................................................ 94
5.5 Cu hi n tp ....................................................................................................... 96
5.6 Bi tp ................................................................................................................... 97
5.7 Bi tp thc hnh .................................................................................................. 97
CHNG 6. GIAO THC .......................................................................................... 100
6.1 Pht li thng ip (Replay Attack) .................................................................... 100
6.2 Giao thc bo mt ............................................................................................... 101
6.2.1 nh danh v trao i kha phin dng m ha i xng vi KDC ........... 101
6.2.2 nh danh v trao i kha phin dng m ha kha cng khai ................. 102
6.3 Cu hi n tp ..................................................................................................... 103
6.4 Bi tp ................................................................................................................. 103
CHNG 7. MT S NG DNG THC TIN ................................................... 105
7.1 Gii thiu............................................................................................................. 105
7.2 Chng thc X.509 ............................................................................................... 105
7.2.1 Cu trc chng thc ..................................................................................... 105
7.2.2 Phn cp chng thc .................................................................................... 108
7.2.3 Cc nh dng file ca chng ch X.509 ...................................................... 109
6

7.3 Giao thc bo mt web Secure Socket Layer version 3 - SSLv3 ........................ 110
7.3.1 Giao thc bt tay - SSL Handshaking Protocol ........................................... 113
7.3.2 Giao thc truyn s liu - SSL Record Protocol .......................................... 116
7.3.3 SSL Session v SSL Connection ................................................................. 117
7.4 Giao thc bo mt mng cc b Keberos ............................................................ 117
7.4.1 Keberos version 4......................................................................................... 117
7.5 Cu hi n tp...................................................................................................... 119
7.6 Bi tp thc hnh ................................................................................................. 120
CHNG 8. PH M VI SAI V PH M TUYN TNH ................................... 121
8.1 Ph m vi sai (Differential Cryptanalysis) .......................................................... 121
8.2 Ph m tuyn tnh (Linear Cryptanalysis) ........................................................... 126
8.3 Kt lun v nguyn tc thit k m khi. ............................................................ 128
CHNG 9. ADVANCED ENCRYPTION STANDARD AES ............................ 129
9.1 Nhm, vnh, trng ............................................................................................ 129
9.1.1 Nhm (Group) .............................................................................................. 129
9.1.2 Vnh (Ring).................................................................................................. 130
9.1.3 Trng (Field) .............................................................................................. 130
9.2 S hc modulo v trng hu hn GF(p)............................................................ 131
9.3 S hc a thc v trng hu hn GF(2
n
) ........................................................... 132
9.3.1 Php ton a thc thng thng .................................................................. 132
9.3.2 a thc nh ngha trn tp Z
p
..................................................................... 133
9.3.3 Php modulo a thc .................................................................................... 134
9.3.4 Trng hu hn GF(2
n
)................................................................................ 134
9.3.5 ng dng GF(2
n
) trong m ha ................................................................... 136
9.3.6 Tnh ton trong GF(2
n
) ................................................................................. 137
9.3.7 Tnh ton trong GF(2
n
) vi phn t sinh ...................................................... 138
9.4 M ha AES ........................................................................................................ 139
9.4.1 Substitute bytes ............................................................................................ 141
9.4.2 Shift rows ..................................................................................................... 145
9.4.3 Mix columns ................................................................................................ 145
9.4.4 Add row key ................................................................................................. 147
9.4.5 Expand key ................................................................................................... 147
9.4.6 Kt lun ........................................................................................................ 148
CHNG 10. M HA NG CONG ELLIPTIC ................................................ 149
10.1 ng cong Elliptic trn s thc ........................................................................ 149
10.2 ng cong Elliptic trn trng Z
p
. ................................................................... 152
7

10.3 ng cong Elliptic trn trng GF(2
m
). ........................................................... 155
10.4 ng cong Elliptic trong m ha - ECC ........................................................... 156
10.4.1 Trao i kha EC Diffie-Hellman ............................................................... 156
10.4.2 M ha v gii m EC .................................................................................. 157
10.4.3 an ton ca ECC so vi RSA ................................................................. 158
10.5 Chun ch k in t (Digital Signature Standard DSS)................................. 158
CHNG 11. MT S VN AN TON BO MT .......................................... 161
11.1 Giu tin trong nh s ........................................................................................... 161
11.2 Li phn mm ..................................................................................................... 162
11.2.1 Trn b m (Buffer Overflow) ................................................................... 162
11.2.2 Chn cu lnh SQL (SQL Injection) ............................................................ 166
11.2.3 Chn cu lnh script (Cross-site Scripting XSS) ......................................... 168
11.3 Bi tp thc hnh ................................................................................................ 170
PH LC 1 172
Chi Tit cc S-box ca m ha DES ............................................................................. 172
PH LC 2 174
Thut ton Euclid .......................................................................................................... 174
Phng php kim tra s nguyn t ln Miller-Rabin .................................................. 176
nh l s d Trung Hoa .............................................................................................. 179
Ci t giao thc SSL cho Web server IIS ................................................................... 181
TI LIU THAM KHO ............................................................................................... 182

8

CHNG 1. GII THIU V AN TON V BO MT THNG TIN
1.1 Gii thiu
Trc y khi cng ngh my tnh cha pht trin, khi ni n vn an ton bo
mt thng tin (Information Security), chng ta thng hay ngh n cc bin php nhm
m bo cho thng tin c trao i hay ct gi mt cch an ton v b mt. Chng hn l
cc bin php nh:
- ng du v k nim phong mt bc th bit rng l th c c chuyn
nguyn vn n ngi nhn hay khng.
- Dng mt m m ha thng ip ch c ngi gi v ngi nhn hiu c
thng ip. Phng php ny thng c s dng trong chnh tr v qun s
(xem chng 2).
- Lu gi ti liu mt trong cc kt st c kha, ti cc ni c bo v nghim
ngt, ch c nhng ngi c cp quyn mi c th xem ti liu.
Vi s pht trin mnh m ca cng ngh thng tin, t bit l s pht trin ca
mng Internet, ngy cng c nhiu thng tin c lu gi trn my vi tnh v gi i trn
mng Internet. V do xut hin nhu cu v an ton v bo mt thng tin trn my tnh.
C th phn loi m hnh an ton bo mt thng tin trn my tnh theo hai hng chnh
nh sau:
1) Bo v thng tin trong qu trnh truyn thng tin trn mng (Network Security)
2) Bo v h thng my tnh, v mng my tnh, khi s xm nhp ph hoi t bn
ngoi (System Security)
Phn tip theo sau s ln lt trnh by cc c im chnh ca hai m hnh trn.
1.2 Bo v thng tin trong qu trnh truyn thng tin trn mng
1.2.1 Cc loi hnh tn cng
xem xt nhng vn bo mt lin quan n truyn thng trn mng, chng ta
hy ly mt bi cnh sau: c ba nhn vt tn l Alice, Bob v Trudy, trong Alice v Bob
thc hin trao i thng tin vi nhau, cn Trudy l k xu, t thit b can thip vo knh
truyn tin gia Alice v Bob. Sau y l cc loi hnh ng tn cng ca Trudy m nh
hng n qu trnh truyn tin gia Alice v Bob:
1) Xem trm thng tin (Release of Message Content)
Trong trng hp ny Trudy chn cc thng ip Alice gi cho Bob, v xem c
ni dung ca thng ip.
9


Hnh 1-1. Xem trm thng ip
2) Thay i thng ip (Modification of Message)
Trudy chn cc thng ip Alice gi cho Bob v ngn khng cho cc thng ip ny
n ch. Sau Trudy thay i ni dung ca thng ip v gi tip cho Bob. Bob ngh
rng nhn c thng ip nguyn bn ban u ca Alice m khng bit rng chng b
sa i.

Hnh 1-2. Sa thng ip
3) Mo danh (Masquerade)
Trong trng hp ny Trudy gi l Alice gi thng ip cho Bob. Bob khng bit
iu ny v ngh rng thng ip l ca Alice.

Hnh 1-3. Mo danh
Alice
Bob
Network
Trudy gi l Alice gi
thng ip cho Bob
Trudy



Alice
Bob
Network
Sa thng ip ca
Alice gi cho Bob
Trudy



Alice
Bob
Network
c ni dung thng
ip ca Alice
Trudy



10

4) Pht li thng ip (Replay)
Trudy sao chp li thng ip Alice gi cho Bob. Sau mt thi gian Trudy gi
bn sao chp ny cho Bob. Bob tin rng thng ip th hai vn l t Alice, ni dung hai
thng ip l ging nhau. Thot u c th ngh rng vic pht li ny l v hi, tuy nhin
trong nhiu trng hp cng gy ra tc hi khng km so vi vic gi mo thng ip. Xt
tnh hung sau: gi s Bob l ngn hng cn Alice l mt khch hng. Alice gi thng ip
ngh Bob chuyn cho Trudy 1000$. Alice c p dng cc bin php nh ch k in t
vi mc ch khng cho Trudy mo danh cng nh sa thng ip. Tuy nhin nu Trudy
sao chp v pht li thng ip th cc bin php bo v ny khng c ngha. Bob tin
rng Alice gi tip mt thng ip mi chuyn thm cho Trudy 1000$ na.

Hnh 1-4. Pht li thng ip
1.2.2 Yu cu ca mt h truyn thng tin an ton v bo mt
Phn trn trnh by cc hnh thc tn cng, mt h truyn tin c gi l an ton
v bo mt th phi c kh nng chng li c cc hnh thc tn cng trn. Nh vy h
truyn tin phi c cc t tnh sau:
1) Tnh bo mt (Confidentiality): Ngn chn c vn xem trm thng ip.
2) Tnh chng thc (Authentication): Nhm m bo cho Bob rng thng ip m
Bob nhn c thc s c gi i t Alice, v khng b thay i trong qu trnh
truyn tin. Nh vy tnh chng thc ngn chn cc hnh thc tn cng sa thng
ip, mo danh, v pht li thng ip.
3) Tnh khng t chi (Nonrepudiation): xt tnh hung sau:
Gi s Bob l nhn vin mi gii chng khon ca Alice. Alice gi thng ip yu
cu Bob mua c phiu ca cng ty Z. Ngy hm sau, gi c phiu cng ty ny gim hn
50%. Thy b thit hi, Alice ni rng Alice khng gi thng ip no c v quy trch
nhim cho Bob. Bob phi c c ch xc nh rng chnh Alice l ngi gi m Alice
khng th t chi trch nhim c.
Khi nim ch k trn giy m con ngi ang s dng ngy nay l mt c ch
bo m tnh chng thc v tnh khng t chi. V trong lnh vc my tnh, ngi ta cng
thit lp mt c ch nh vy, c ch ny c gi l ch k in t.
Alice
Bob
Network
Sao chp thng ip ca
Alice v gi li sau cho Bob
Trudy



11


Hnh 1-5. M hnh bo mt truyn thng tin trn mng
1.2.3 Vai tr ca mt m trong vic bo mt thng tin trn mng
Mt m hay m ha d liu (cryptography), l mt cng c c bn thit yu ca bo
mt thng tin. Mt m p ng c cc nhu cu v tnh bo mt (confidentiality), tnh
chng thc (authentication) v tnh khng t chi (non-repudiation) ca mt h truyn tin.
Ti liu ny trc tin trnh by v mt m c in. Nhng h mt m c in ny
tuy ngy nay tuy t c s dng, nhng chng th hin nhng nguyn l c bn c ng
dng trong mt m hin i. Da trn nn tng , chng ta s tm hiu v m ha i
xng v m ha bt i xng, chng ng vai tr quan trng trong mt m hin i. Bn
cnh chng ta cng s tm hiu v hm Hash, cng l mt cng c bo mt quan trng
m c nhiu ng dng l th, trong c ch k in t.
Cc chng 2, 3, 4, 5 s ln lt trnh by nhng ni dung lin quan n mt m.
1.2.4 Cc giao thc (protocol) thc hin bo mt.
Sau khi tm hiu v mt m, chng ta s tm hiu v cch ng dng chng vo thc t
thng qua mt s giao thc bo mt ph bin hin nay l:
- Keberos: l giao thc dng chng thc da trn m ha i xng.
- Chun chng thc X509: dng trong m ha kha cng khai.
- Secure Socket Layer (SSL): l giao thc bo mt Web, c s dng ph bin
trong Web v thng mi in t.
- PGP v S/MIME: bo mt th in t email.
M hnh l thuyt v ni dung cc giao thc trn c trnh by trong chng 6 v
chng 7.
1.3 Bo v h thng khi s xm nhp ph hoi t bn ngoi
Ngy nay, khi mng Internet kt ni cc my tnh khp ni trn th gii li vi
nhau, th vn bo v my tnh khi s thm nhp ph hoi t bn ngoi l mt iu cn
thit. Thng qua mng Internet, cc hacker c th truy cp vo cc my tnh trong mt t
chc (dng telnet chng hn), ly trm cc d liu quan trng nh mt khu, th tn dng,
ti liu Hoc n gin ch l ph hoi, gy trc trc h thng m t chc phi tn
nhiu chi ph khi phc li tnh trng hot ng bnh thng.
Bn gi
Bn nhn




i th
knh thng tin
chuyn i
lin quan n
an ton
chuyn i
lin quan n
an ton
thng tin
b mt
thng tin
b mt
12

thc hin vic bo v ny, ngi ta dng khi nim kim sot truy cp
(Access Control). Khi nim kim sot truy cp ny c hai yu t sau:
- Chng thc truy cp (Authentication): xc nhn rng i tng (con ngi hay
chng trnh my tnh) c cp php truy cp vo h thng. V d: s dng
my tnh th trc tin i tng phi logon vo my tnh bng username v
password. Ngoi ra, cn c cc phng php chng thc khc nh sinh trc hc
(du vn tay, mng mt) hay dng th (th ATM).
- Phn quyn (Authorization): cc hnh ng c php thc hin sau khi truy
cp vo h thng. V d: bn c cp username v password logon vo h
iu hnh, tuy nhin bn ch c cp quyn c mt file no . Hoc bn ch
c quyn c file m khng c quyn xa file.
Vi nguyn tc nh vy th mt my tnh hoc mt mng my tnh c bo v khi
s thm nhp ca cc i tng khng c php. Tuy nhin thc t chng ta vn nghe ni
n cc v tn cng ph hoi. thc hin iu , k ph hoi tm cch ph b c ch
Authentication v Authorization bng cc cch thc sau:
- Dng cc on m ph hoi (Malware): nh virus, worm, trojan, backdoor
nhng on m c ny pht tn lan truyn t my tnh ny qua my tnh khc
da trn s bt cn ca ngi s dng, hay da trn cc li ca phn mm. Li
dng cc quyn c cp cho ngi s dng (chng hn rt nhiu ngi login vo
my tnh vi quyn administrator), cc on m ny thc hin cc lnh ph hoi
hoc d tm password ca qun tr h thng gi cho hacker, ci t cc cng
hu hacker bn ngoi xm nhp.
- Thc hin cc hnh vi xm phm (Intrusion): vic thit k cc phn mm c nhiu
l hng, dn n cc hacker li dng thc hin nhng lnh ph hoi. Nhng
lnh ny thng l khng c php i vi ngi bn ngoi, nhng l hng ca
phn mm dn n c php. Trong nhng trng hp c bit, l hng phn
mm cho php thc hin nhng lnh ph hoi m ngay c ngi thit k chng
trnh khng ng ti. Hoc hacker c th s dng cc cng hu do cc backdoor
to ra xm nhp.
khc phc cc hnh ng ph hoi ny, ngi ta dng cc chng trnh c chc
nng gc cng, phng chng. Nhng chng trnh ny d tm virus hoc d tm cc hnh
vi xm phm n ngn chn chng, khng cho chng thc hin hoc xm nhp. l cc
chng trnh chng virus, chng trnh firewall Ngoi ra cc nh pht trin phn mm
cn c quy trnh xy dng v kim li phn mm nhm hn ch ti a nhng l hng bo
mt c th c.
13


Hnh 1-6.M hnh phng chng xm nhp v ph hoi h thng
Trong khun kh ca ti liu ny ch cp cc ni dung v an ton v bo mt
truyn tin trn mng. Cc bn c th tm hiu c th hn cc ni dung lin quan n bo v
chng xm nhp trong [3].
1.4 Cu hi n tp
1) Nu cc hnh thc tn cng trong qu trnh truyn tin trn mng.
2) Bo v thng tin trong qu trnh truyn i trn mng l g?
3) Bo v h thng khi s tn cng bn ngoi l g?

Con ngi: hacker.
Phn mm: virus, worm


- Cc ti nguyn tnh ton
(b nh, chp x l)
- D liu
- Cc tin trnh
- Phn mm
- Cc ti nguyn mng
H Thng Thng Tin
Knh truy cp
Chc nng
gc cng
14

CHNG 2. M HA I XNG CN BN

Trong chng ny chng ta s tm hiu mt s khi nim c bn v phng php m
ha i xng. y l phng php ch yu trong vic bo m tnh bo mt
(confidentiality) ca mt h truyn tin. Trc tin, chng ta s tm hiu phng php m
ha Ceasar v sau l m hnh tng qut ca phng php m ha i xng cng mt s
tnh cht lin quan. Phn cn li ca chng trnh by mt s phng php m ha c in
ph bin khc.
2.1 M ha Ceasar
Th k th 3 trc cng nguyn, nh qun s ngi La M Julius Ceasar ngh ra
phng php m ha mt bn tin nh sau: thay th mi ch trong bn tin bng ch ng
sau n k v tr trong bng ch ci. Gi s chn k = 3, ta c bng chuyn i nh sau:
Ch ban u: a b c d e f g h i j k l m n o p q r s t u v w x y z
Ch thay th: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
(sau Z s vng li l A, do x A, y B v z C)
Gi s c bn tin gc (bn r): meet me after the toga party
Nh vy bn tin m ha (bn m) s l: PHHW PH DIWHU WKH WRJD SDUWB
Thay v gi trc tip bn r cho cc cp di, Ceasar gi bn m. Khi cp di nhn
c bn m, tin hnh gii m theo quy trnh ngc li c c bn r. Nh vy nu
i th ca Ceasar c ly c bn m, th cng khng hiu c ngha ca bn m.
Chng ta hy gn cho mi ch ci mt con s nguyn t 0 n 25:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Phng php Ceasar c biu din nh sau: vi mi ch ci p thay bng ch m
ha C, trong :
C = (p + k) mod 26 (trong mod l php chia ly s d)
V qu trnh gii m n gin l:
p = (C k) mod 26
k c gi l kha. D nhin l Ceasar v cp di phi cng dng chung mt gi tr
kha k, nu khng bn tin gii m s khng ging bn r ban u.
Ngy nay phng php m ha ca Ceasar khng c xem l an ton. Gi s i
th ca Ceasar c c bn m PHHW PH DIWHU WKH WRJD SDUWB v bit c
phng php m ha v gii m l php cng tr modulo 26. i th c th th tt c 25
trng hp ca k nh sau:
15


Trong 25 trng hp trn, ch c trng hp k=3 th bn gii m tng ng l c
ngha. Do i th c th chc chn rng meet me after the toga party l bn
r ban u.
2.2 M hnh m ha i xng (Symmetric Ciphers)
Phng php Ceasar l phng php m ha n gin nht ca m ha i xng. V
mt khi nim, phng php m ha i xng tng qut c biu din bng m hnh sau:

Hnh 2-1. M hnh m ha i xng
M hnh trn gm 5 yu t:
P
C
b sinh kha
ni nhn
M ha Gii m
Ph m


ni gi
P
knh an ton
K
knh thng
KEY PHHW PH DIWHU WKH WRJD SDUWB
1 oggv og chvgt vjg vqic rctva
2 nffu nf bgufs uif uphb qbsuz
3 meet me after the toga party
4 ldds ld zesdq sgd snfz ozqsx
5 kccr kc ydrcp rfc rmey nyprw
6 jbbq jb xcqbo qeb qldx mxoqv
7 iaap ia wbpan pda pkcw lwnpu
8 hzzo hz vaozm ocz ojbv kvmot
9 gyyn gy uznyl nby niau julns
10 fxxm fx tymxk max mhzt itkmr
11 ewwl ew sxlwj lzw lgys hsjlq
12 dvvk dv rwkvi kyv kfxr grikp
13 cuuj cu qvjuh jxu jewq fqhjo
14 btti bt puitg iwt idvp epgin
15 assh as othsf hvs hcuo dofhm
16 zrrg zr nsgre gur gbtn cnegl
17 yqqf yq mrfqd ftq fasm bmdfk
18 xppe xp lqepc esp ezrl alcej
19 wood wo kpdob dro dyqk zkbdi
20 vnnc vn jocna cqn cxpj yjach
21 ummb um inbmz bpm bwoi xizbg
22 tlla tl hmaly aol avnh whyaf
23 skkz sk glzkx znk zumg vgxze
24 rjjy rj fkyjw ymj ytlf ufwyd
25 qiix qi ejxiv xli xske tevxc
16

- Bn r P (plaintext)
- Thut ton m ha E (encrypt algorithm)
- Kha b mt K (secret key)
- Bn m C (ciphertext)
- Thut ton gii m D (decrypt algorithm)
Trong : C = E (P, K)
P = D (C, K)
Thut ton m ha v gii m s dng chung mt kha, thut ton gii m l php
ton ngc ca thut ton m ha (trong m ha Ceasar, E l php cng cn D l php tr).
V vy m hnh trn c gi l phng php m ha i xng.
Bn m C c gi i trn knh truyn. Do bn m C c bin i so vi bn r
P, cho nn nhng ngi th ba can thip vo knh truyn ly c bn m C, th khng
hiu c ngha ca bn m. y chnh l c im quan trng ca m ha, cho php
m bo tnh bo mt (confidentiality) ca mt h truyn tin cp trong chng 1.
Mt c tnh quan trng ca m ha i xng l kha phi c gi b mt gia
ngi gi v ngi nhn, hay ni cch khc kha phi c chuyn mt cch an ton t
ngi gi n ngi nhn. C th t ra cu hi l nu c mt knh an ton chuyn
kha nh vy th ti sao khng dng knh chuyn bn tin, ti sao cn n chuyn m
ha? Cu tr li l ni dung bn tin th c th rt di, cn kha th thng l ngn. Ngoi ra
mt kha cn c th p dng truyn tin nhiu ln. Do nu ch chuyn kha trn knh
an ton th tn km chi ph.
c tnh quan trng th hai ca mt h m ha i xng l tnh an ton ca h m.
Nh thy phn m ha Ceasar, t mt bn m c th d dng suy ra c bn r ban
u m khng cn bit kha b mt. Hnh ng i tm bn r t bn m m khng cn
kha nh vy c gi l hnh ng ph m (cryptanalysis). Do mt h m ha i
xng c gi l an ton khi v ch khi n khng th b ph m (iu kin l tng) hoc
thi gian ph m l bt kh thi.
Trong phng php Ceasar, l do m phng php ny km an ton l ch kha k
ch c 25 gi tr, do k ph m c th th c ht tt c cc trng hp ca kha rt
nhanh chng. Phng php tn cng ny c gi l phng php vt cn kha (brute-
force attack). Ch cn ni rng min gi tr ca kha th c th tng thi gian ph m n
mt mc c coi l bt kh thi. Bng di y lit k mt s v d v thi gian ph m
trung bnh tng ng vi kch thc ca kha.
Kch thc kha
(bt)
S lng kha Thi gian thc hin
(tc th: 10
3
kha/giy)
Thi gian thc hin
(tc th: 10
9
kha/giy)
32
2
32
4.3 x 10
9

35.8 pht 2.15 mili giy
56
2
56
7.2 x 10
16

1142 nm 10.01 gi
128
2
128
3.4 x 10
38

5.4 x 10
24
nm 5.4 x 10
18
nm
168 2
168
3. 7 x 10
50
5.9 x 10
36
nm 5.9 x 10
30
nm
hon v 26 k t 26! 4 x 10
26
6.4 x 10
12
nm 6.4 x 10
6
nm
17

(tc CPU hin nay khong 3x10
9
Hz, tui v tr vo khong 10
10
nm)
Bng 2-1. Thi gian vt cn kha theo kch thc kha
Phn 2.3 s trnh by phng php m ha n bng, y l phng php m min
gi tr ca kha l 26!. Do m ha n bng an ton i vi phng php tn cng vt
cn trn kha.
Phn 2.6 trnh by phng php m ha One-Time Pad, phng php ny c t tnh
l tn ti rt nhiu kha m mi kha khi a vo gii m u cho ra bn tin c ngha
(phng php Ceasar ch tn ti mt kha gii m cho ra bn tin c ngha). Do vic
vt cn kha khng c ngha i vi m ha One-Time Pad. V mt l thuyt, phng
php ny c chng minh l an ton tuyt i.
Hin nay, ngoi phng php One-Time Pad, ngi ta cha tm ra phng php m
ha i xng an ton tuyt i no khc. Do chng ta chp nhn rng mt phng php
m ha i xng l an ton nu phng php c iu kin sau:
- Khng tn ti k thut tn cng tt no khc tt hn phng php vt cn kha
- Min gi tr kha ln vic vt cn kha l bt kh thi.
2.3 M ha thay th n bng (Monoalphabetic Substitution Cipher)
Xt li phng php Ceasar vi k=3:
Ch ban u: a b c d e f g h i j k l m n o p q r s t u v w x y z
Ch thay th: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Phng php n bng tng qut ha phng php Ceasar bng cch dng m ha
khng phi l mt dch chuyn k v tr ca cc ch ci A, B, C, na m l mt hon v
ca 26 ch ci ny. Lc ny mi hon v c xem nh l mt kha. Gi s c hon v
sau:
Ch ban u: a b c d e f g h i j k l m n o p q r s t u v w x y z
Kha : Z P B Y J R S K F L X Q N W V D H M G U T O I A E C
Nh vy bn r meet me after the toga party
c m ha thnh: NJJU NJ ZRUJM UKJ UVSZ DZMUE
Qu trnh gii m c tin hnh ngc li cho ra bn r ban u.
Vic m ha c tin hnh bng cch thay th mt ch ci trong bn r thnh mt
ch ci trong bn m, nn phng php ny c gi l phng php thay th. S lng
hon v ca 26 ch ci l 26!, y cng chnh l s lng kha ca phng php ny. V
26! l mt con s kh ln nn vic tn cng ph m vt cn kha l bt kh thi (6400 thin
nin k vi tc th kha l 10
9
kha/giy). V vy m ha n bng c xem l
mt phng php m ha an ton trong sut 1000 nm sau cng nguyn.
Tuy nhin vo th k th 9, mt nh hin trit ngi Rp tn l Al-Kindi pht
hin ra mt phng php ph m kh thi khc. Phng php ph m ny da trn nhn xt
sau:
Trong ngn ng ting Anh, tn sut s dng ca cc ch ci khng u nhau, ch E
c s dng nhiu nht, cn cc ch t c s dng thng l Z, Q, J. Tng t nh vy
18

i vi cm 2 ch ci (digram), cm ch TH c s dng nhiu nht. Bng sau thng k
tn sut s dng ca cc ch ci, cm 2 ch, cm 3 ch (trigram) trong ting Anh:
Ch ci (%) Cm 2 ch (%) Cm 3 ch (%) T (%)
E
T
O
A
N
I
R
S
H
D
L
C
F
U
M
P
Y
W
G
B
V
K
X
J
Q
Z
13.05
9.02
8.21
7.81
7.28
6.77
6.64
6.46
5.85
4.11
3.60
2.93
2.88
2.77
2.62
2.15
1.51
1.49
1.39
1.28
1.00
0.42
0.30
0.23
0.14
0.09
TH
IN
ER
RE
AN
HE
AR
EN
TI
TE
AT
ON
HA
OU
IT
ES
ST
OR
NT
HI
EA
VE
CO
DE
RA
RO
3.16
1.54
1.33
1.30
1.08
1.08
1.02
1.02
1.02
0.98
0.88
0.84
0.84
0.72
0.71
0.69
0.68
0.68
0.67
0.66
0.64
0.64
0.59
0.55
0.55
0.55
THE
ING
AND
ION
ENT
FOR
TIO
ERE
HER
ATE
VER
TER
THA
ATI
HAT
ERS
HIS
RES
ILL
ARE
CON
NCE
ALL
EVE
ITH
TED
4.72
1.42
1.13
1.00
0.98
0.76
0.75
0.69
0.68
0.66
0.63
0.62
0.62
0.59
0.55
0.54
0.52
0.50
0.47
0.46
0.45
0.45
0.44
0.44
0.44
0.44
THE
OF
AND
TO
A
IN
THAT
IS
I
IT
FOR
AS
WITH
WAS
HIS
HE
BE
NOT
BY
BUT
HAVE
YOU
WHICH
ARE
ON
OR
6.42
4.02
3.15
2.36
2.09
1.77
1.25
1.03
0.94
0.93
0.77
0.76
0.76
0.72
0.71
0.71
0.63
0.61
0.57
0.56
0.55
0.55
0.53
0.50
0.47
0.45
Bng 2-2. Bng lit k tn sut ch ci ting Anh
Phng php m ha n bng nh x mt ch ci trong bn r thnh mt ch ci
khc trong bn m. Do cc ch ci trong bn m cng s tun theo lut phn b tn sut
trn. Nu ch E c thay bng ch K th tn sut xut hin ca ch K trong bn m l
13.05%. y chnh l c s thc hin ph m.
Xt bn m sau:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPPDPTGUDTMOHMQ
S ln xut hin ca cc ch ci l:
A 2
B 2
C 0
D 6
E 6
F 3
G 3
H 6
I 1
J 0
K 0
L 0
M 7
N 0
O 9
P 17
Q 3
R 0
S 10
T 4
U 9
V 5
W 4
X 5
Y 2
19

Z 13
S ln xut hin ca cc digram (xut hin t 2 ln tr ln) l:
DT 2
DZ 2
EP 3
FP 3
HM 2
HZ 2
MO 2
OH 2
OP 3
PD 3
PE 2
PO 3
PP 2
SX 3
SZ 2
TS 2
UD 2
UZ 3
VU 2
WS 2
XU 2
ZO 2
ZS 2
ZU 2
ZW 3
Do ta c th on P l m ha ca e, Z l m ha ca t. V TH c tn sut cao nht
trong cc digram nn trong 4 digram ZO, ZS, ZU, ZW c th on ZW l th. Ch rng
trong dng th nht c cm ZWSZ, nu gi thit rng 4 ch trn thuc mt t th t c
dng th_t, t c th kt lun rng S l m ha ca a (v t THAT c tn sut xut hin
cao). Nh vy n bc ny, ta ph m c nh sau:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
t a e e te a that e e a a
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
e t ta t ha e ee a e th t a
EPYEPOPDZSZUFPOMBZWPPDPTGUDTMOHMQ
e e e tat e thee e
C tip tc nh vy, d nhin vic th khng phi lc no cng sun s, c nhng lc
phi th v sai nhiu ln. Cui cng ta c c bn gii m sau khi tch t nh sau:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the enemy in moscow
Nh vy vic ph m da trn tn sut ch ci tn thi gian t hn nhiu so vi con
s 6400 thin nin k. L do l ng mt ch ci trong bn gc th cng l mt ch ci
trong bn m nn vn bo ton quy tc phn b tn sut ca cc ch ci. khc phc
im yu ny, c hai phng php. Phng php th nht l m ha nhiu ch ci cng
lc. Phng php th hai l lm sao mt ch ci trong bn r th c tng ng nhiu
ch ci khc nhau trong bn m. Hai phng n trn s ln lt c trnh by trong phn
tip theo.
2.4 M ha thay th a k t
2.4.1 M Playfair
M ha Playfair xem hai k t ng st nhau l mt n v m ha, hai k t ny
c thay th cng lc bng hai k t khc. Playfair dng mt ma trn 5x5 cc k t nh
sau:




20

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

Trong bng trn, kha l t MONARCHY c in vo cc dng u ca bng, cc
ch ci cn li c in tip theo. Ring hai ch I, J c in vo cng mt v trong
ting Anh, t khi nhm ln gia ch I v ch J. V d, nu gp on k t CL_MATE, ta s
bit l t CLIMATE ch khng phi l t CLJMATE.
Trc khi m ha, bn r c tch ra thnh cc cp k t. Nu hai k t trong mt
cp ging nhau th s c tch bng ch X (trong ting Anh t khi c 2 k t X st nhau).
V d: t balloon c tch thnh ba lx lo on . Vic m ha tng cp c thc hin
theo quy tc:
Nu hai k t trong cp thuc cng mt hng, th c thay bng hai k t tip
theo trong hng. Nu n cui hng th quay v u hng. V d cp ar c m
ha thnh RM.
Nu hai k t trong cp thuc cng mt ct, th c thay bng hai k t tip theo
trong ct. Nu n cui ct th quay v u ct. V d cp ov c m ha thnh
HO.
Trong cc trng hp cn li, hai k t c m ha s to thnh ng cho ca
mt hnh ch nht v c thay bng 2 k t trn ng cho kia. V d: hs tr
thnh BP (B cng dng vi H v P cng dng vi S); ea tr thnh IM (hoc JM)
Nh vy nu ch xt trn 26 ch ci th m kha Playfair c 26x26=676 cp ch ci,
do cc cp ch ci ny t b chnh lch v tn sut hn so vi s chnh lnh tn sut ca
tng ch ci. Ngoi ra s lng cc cp ch ci nhiu hn cng lm cho vic ph m tn
sut kh khn hn. y chnh l l do m ngi ta tin rng m ha Playfair khng th b
ph v c qun i Anh s dng trong chin tranh th gii ln th nht.
2.4.2 M Hill
Trong m Hill, mi ch ci c gn cho mt con s nguyn t 0 n 25:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
M Hill thc hin m ha mt ln m k t bn r (k hiu p1, p2,,pm), thay th
thnh m k t trong bn m (k hiu c1, c2,,cm). Vic thay th ny c thc hin bng m
phng trnh tuyn tnh. Gi s m = 3, chng ta minh ha m phng trnh nh sau:

26

26

26
21

Ba phng trnh trn c th biu din thnh vector v php nhn ma trn nh sau:

Hay: C = KP mod 26 vi P v C l vector i din cho bn r v bn m, cn K l
ma trn dng lm kha.
Xt v d bn r l paymoremoney cng vi kha K l

Ba ch ci u tin ca bn r tng ng vi vector (15, 0, 24) . Vy

Thc hin tng t ta c bn m y l LNSHDLEWMTRW
gii m chng ta cn s dng ma trn nghch o ca K l K
-1
, tc l K
-1
K mod 26
= I l ma trn n v (khng phi mi ma trn K u tn ti ma trn nghch o, tuy nhin
nu tn ti th ta c th tm c ma trn n v bng cch tnh hng det ca ma trn)
V d ma trn nghch o ca ma trn trn l:

V :

Khi bng gii m l: K
-1
C mod 26 = K
-1
KP mod 26 = P
C th thy m ha Hill n giu cc thng tin v tn sut nhiu hn m ha Playfair
do c th m ha 3 hoc nhiu hn na cc k t cng lc.
2.5 M ha thay th a bng (Polyalphabetic Substitution Cipher)
Vi s pht hin ra quy lut phn b tn sut, cc nh ph m ang tm thi chim
u th trong cuc chin m ha-ph m. Cho n th k th 15, mt nh ngoi giao ngi
Php tn l Vigenere tm ra phng n m ha thay th a bng. Phng php Vigenere
da trn bng sau y:

4 9 15
15 17 6
24 0 17
17 17 5
21 18 21
2 2 19
=


443 442 442
858 495 780
494 52 365
mod 26 =


1 0 0
0 1 0
0 0 1
4 9 15
15 17 6
24 0 17
K
-1
=


5
0
24
mod 26 = = LNS


17 17 5
21 18 21
2 2 19
11
13
18
17 17 5
21 18 21
2 2 19
K =


c1
c2
c3



k11 k12 k13
k21 k22 k23
k31 k32 k33
p1
p2
p3


=



mod 26


22


key a b c d e f g h i j k l m n o p q r s t u v w x y z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
Bng 2-3. Bng m Vigenere
Dng th k ca bng l mt m ha Ceasar k-1 v tr. V d, dng th 4, ng vi t
kha D l m ha Ceasar 3 v tr. (Trong trng hp tng qut, mi dng ca bng
Vigenere khng phi l mt m ha Ceasar na m l mt m ha n bng, do c tn
gi l m ha a bng).
m ha mt bn tin th cn c mt kha c chiu di bng chiu di bn tin.
Thng th kha l mt cm t no v c vit lp li cho n khi c chiu di bng
chiu di bn tin. V d vi bn tin l We are discovered, save yourself v kha l t
DECEPTIVE, chng ta m ha nh sau:
plaintext: wearediscoveredsaveyourself
key: DECEPTIVEDECEPTIVEDECEPTIVE
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Trong v d trn, ng vi vi ch w trong bn r l ch D trong kha, nn dng m
ha th 4 ng vi kha D trong bng Vigenere c chn. Do ch w c m ha
thnh ch Z. Tng t nh vy cho cc ch cn li.
Trong v d trn, cc ch e trong bn r c m ha tng ng thnh I, T, G, T, H,
M trong bn m. Do phng php ph m da trn thng k tn sut ch ci l khng
23

thc hin c. Trong 3 th k sau m ha Vigenere c xem l m ha khng th b
ph v c bit di ci tn le chipffre indechiffrable (mt m khng th ph ni). Cc
nh m ha li chim u th tr li so vi ngi ph m.
n th k 19, nh khoa hc ngi Anh Charles Barbage, tm ra cch ph m
Vigenere. Vic ph m bng cch thng k s lp li ca cc cm t phng on chiu
di ca kha, trong v d trn cm t VTW c lp li cch nhau 9 v tr nn c th on
chiu di ca kha l 9. V t c th tch bn m thnh 9 phn, phn th nht gm cc
ch 1, 10, 19, 28, phn th hai gm cc ch 2, 11, 20, 29.cho n phn th chn. Mi
phn coi nh c m ha bng phng php m ha n bng. T p dng phng
php ph m da trn tn sut ch ci cho tng phn mt. Cui cng rp li s tm ra c
bn r.
2.6 One-Time Pad
C th thy rng im yu ca m ha a bng l do s lp li cc t trong kha, v
d t DECEPTIVE c lp i lp li nhiu ln. iu ny lm cho vn tn ti mt mi lin
quan gia bn r v bn m, v d cm t red trong bn r c lp li th cm t VTW
cng c lp li trong bn m. Ngi ph m tn dng mi lin quan ny thc hin
ph m. Do vn y l lm sao gia bn r v bn m tht s ngu nhin, khng
tn ti mi quan h no. gii quyt vn ny, Joseph Mauborgne, gim c vin
nghin cu mt m ca qun i M, vo cui cuc chin tranh th gii ln th nht,
xut phng n l dng kha ngu nhin. Kha ngu nhin c chiu di bng chiu di ca
bn r, mi kha ch s dng mt ln.
V d m ha bn tin wearediscoveredsaveyourself
Bn tin P: wearediscoveredsaveyourself
Kha K1: FHWYKLVMKVKXCVKDJSFSAPXZCVP
Bn m C: BLWPOODEMJFBTZNVJNJQOJORGGU
Nu ta dng kha K1 gii m th s c c li bn tin P
wearediscoveredsaveyourself. Tuy nhin xt hai trng hp gii m bn m trn vi 2
kha khc nh sau:
Trng hp 1: Bn m C: BLWPOODEMJFBTZNVJNJQOJORGGU
Kha K2: IESRLKBWJFCIFZUCJLZXAXAAPSY
Bn gii m: theydecidedtoattacktomorrow
(they decided to attack tomorrow)
Trng hp 2: Bn m C: BLWPOODEMJFBTZNVJNJQOJORGGU
Kha K3: FHAHDDRAIQFIASJGJWQSVVBJAZB
Bn gii m: wewillmeetatthepartytonight
(we will meet at the party tonight)
Trong c hai trng hp trn th bn gii m u c ngha. iu ny c ngha l
nu ngi ph m thc hin ph m vt cn th s tm c nhiu kha ng vi nhiu bn
24

tin c ngha, do s khng bit c bn tin no l bn r. iu ny chng minh
phng php One-Time Pad l phng php m ha an ton tuyt i, v c xem l ly
thnh ca khoa mt m c in.
Mt iu cn ch l phng php One-Time Pad l an ton tuyt i th mi
kha ch c s dng mt ln. Nu mt kha c s dng nhiu ln th cng khng khc
g vic lp li mt t trong kha (v d kha c t DECEPTIVE c lp li). Ngoi ra cc
kha phi tht s ngu nhin vi nhau. Nu cc iu ny b vi phm th s c mt mi lin
h gia bn r v bn m, m ngi ph m s tn dng mi quan h ny.
Tuy nhin, phng php One-Time Pad khng c ngha s dng thc t. V chiu
di kha bng chiu di bn tin, mi kha ch s dng mt ln, nn thay v truyn kha
trn knh an ton th c th truyn trc tip bn r m khng cn quan tm n vn m
ha.
V vy sau chin tranh th gii th nht, ngi ta vn cha th tm ra loi mt m
no khc m khng b ph m. Mi c gng vn l tm cch thc hin mt m thay th a
bng dng mt kha di, t lp li, hn ch ph m. My ENIGMA c qun i c
s dng trong chin tranh th gii ln 2 l mt my nh vy. S dng my ENIGMA, c
chim u th trong giai on u ca cuc chin. Tuy nhin trong giai on sau, cc nh
ph m ngi Ba Lan v Anh (trong c Alan Turing, ngi ph minh ra my tnh c th
lp trnh c) tm ra cch ph m my ENIGMA. Vic ph m thc hin c da vo
mt s im yu trong khu phn phi kha ca qun c. iu ny ng vai tr quan
trng vo chin thng ca qun ng minh trong cuc chin.

Hnh 2-2. Hnh minh ha cu trc my ENIGMA, g ch vo bn phm, bn m hin
ra cc bng n bn trn. (ngun: Wikipedia)
2.7 M hon v (Permutation Cipher)
Cc phng php m ha trnh by cho n thi im ny s dng phng thc
thay mt ch ci trong bn r bng mt ch ci khc trong bn m (phng php thay th).
25

Mt cch thc hin khc l xo trn th t ca cc ch ci trong bn r. Do th t ca cc
ch ci b mt i nn ngi c khng th hiu c ngha ca bn tin d cc ch
khng thay i.
Mt cch thc hin n gin l ghi bn r theo tng hng, sau kt xut bn m
da trn cc ct. V d bn r attackpostponeduntilthisnoon c vit li thnh
bng 4 x 7 nh sau:
a t t a c k p
o s t p o n e
d u n t i l t
h i s n o o n
khi kt xut theo tng ct th c c bn m:
AODHTSUITTNSAPTNCOIOKNLOPETN
Mt c ch phc tp hn l chng ta c th hon v cc ct trc khi kt xut bn
m. V d chn mt kha l MONARCH, ta c th hon v cc ct:

M O N A R C H A C H M N O R
a t t a c k p a k p a t t c
o s t p o n e p n e o t s o
d u n t i l t t l t d n u i
h i s n o o n n o n h s i o
v c c bn m: APTNKNLOPETNAODHTTNSTSUICOIO. Vic gii m c tin
hnh theo th t ngc li.
an ton hn na, c th p dng phng php hon v 2 ln (double
transposition), tc sau khi hon v ln 1, ta li ly kt qu hon v thm mt ln na:

M O N A R C H A C H M N O R
a p t n k n l n n l a t p k
o p e t n a o t a o o e p n
d h t t n s t t s t d t h n
s u i c o i o c i o s i u o
V cui cng bn m l NTTCNASILOTOAODSTETIPPHUKNNO
Ngi ta nh gi rng ph m phng php hon v 2 ln khng phi l chuyn
d dng v rt kh on ra c quy lut hon v. Ngoi ra khng th p dng c
phng php phn tch tn sut ch ci ging nh phng php thay th v tn sut ch ci
ca bn r v bn m l ging nhau.
2.8 Tng kt
Cc phng php m ha c in thng da trn hai phng thc. Cch th nht l
dng phng thc thay th mt ch ci trong bn r thnh mt ch ci khc trong bn m
(substitution). Cc m ha dng phng thc ny l m ha Ceasar, m ha thay th n
bng, a bng, one-time pad. Cch th hai l dng phng thc hon v thay i th t
26

ban u ca cc ch ci trong bn r (permutation). Hai phng thc ny cng ng vai
tr quan trng trong m ha i xng hin i c trnh by trong chng tip theo.
Tron chng ny chng ta xem xt mt s phng thc ph m. Mc tiu ca
vic ph m l t bn m i tm bn r, hoc kha, hoc c hai. Chng ta gi nh rng
ngi ph m bit r thut ton m ha v gii m (lut Kerchoff). Vic ph m s c 3
tnh hung sau:
1) Ch bit bn m (ciphertextonly): y l trng hp gy kh khn nht cho
ngi ph m. Cc trng hp ph m c trnh by trong chng ny thuc
dng ciphertext only.


2) Bit mt s cp bn r bn m (knownplaintext): trong trng hp ny, ngi
ph m c c mt vi cp bn r v bn m tng ng.

Vic bit c mt vi cp bn r bn m lm cho ngi ph m d dng
hn trong vic tm kha. V d, i vi m ha Vigenere, nu ngi ph m ch
cn bit mt cp bn r bn m th s d dng suy ra c kha, t gii cc
bn m khc m cng c m ha bng kha ny.
V d: nu bit bn m : ZICVTWQNGRZGVTWAVZHCQYGLMGJ c bn r
tng ng l wearediscoveredsaveyourself, ngi ph m c th tra
ngc bn Vigenere v tm c kha DECEPTIVE gii cc bn m khc.
3) Mt s cp bn r bn c la chn (choosenplaintext): trong trng hp
ny, ngi ph m c kh nng t la mt s bn r v quan st c bn m
tng ng. V d khi bn i n tra v qun kha my, ngi ph m c th dng
chng trnh m ha ca bn thc hin m ha mt s bn tin chn trc v
c c bn m tng ng (d khng bit kha).
Nh vy i vi trng hp 2 v 3 th ngi ph m s d dng hn trong vic ph
m so vi trng hp 1. iu ny t ra thch thc cho cc nh nghin cu l phi tm ra
cc thut ton m ha sao cho khng th b ph m khng ch trong trng hp 1 m cn
ngay c trong trng hp 2 v 3. l mt s thut ton m chng ta s tm hiu trong
chng m ha i xng hin i.

E
P1 C1
P2 C2
P3 C3
Ngi ph m bit C1, C2,
C3 v bit bn r tng
ng vi C1 l P1. Cn tm
ra P2, P3.
E
P1 C1
P2 C2
P3 C3
Ngi ph m ch
bit C1, C2, C3 cn
tm ra P1, P2, P3
27

2.9 Cu hi n tp
1) Ti sao khi gi bn m trn knh truyn th khng s b l thng tin?
2) Kha l g? Ti sao cn gi b mt kha ch c ngi gi v ngi nhn bit?
3) Ti sao li gi kha qua knh an ton m khng gi trc tip bn r trn knh an ton?
4) Ph m khc gii m im no?
5) Ph m theo hnh thc vt cn kha thc hin nh th no? Cn lm g chng li
hnh thc ph m theo vt cn kha?
6) Cc phng php Ceasar, m ha n bng, a bng, one-time pad dng nguyn tc g
m ha?
7) Phng php hon v dng nguyn tc g m ha?
8) Ti sao phng php m ha n bng c th b tn cng ph m dng thng k tn
sut?
9) Hy cho bit ngha ca m ha Vigenere.
10) Phn bit im khc nhau gia ba trng hp ph m: ciphertext-only, known-
plaintext, chosen-plaintext. Trong hai trng hp known-plaintext v chosen-plaintext,
ngi ph m c li th g so vi trng hp ciphertext-only?
2.10 Bi Tp
1. Gii m bn m sau, gi s m ha Ceasar c s dng m ha vi k=3:
IRXUVFRUHDQGVHYHQBHDUVDJR
2. Nu mt my tnh c th th 240 kha /giy, tnh thi gian ph m bng phng
php vt cn kha nu kch thc kha l 128 bt (p n tnh theo n v nm).
3. M ha bn r sau: enemy coming, dng phng php m ha thay th n
bng vi kha hon v K l: IAUTMOCSNREBDLHVWYFPZJXKGQ
4. M ha t explanation bng phng php Vigenere, t kha l LEG.
5. M ha thng ip sau bng phng php hon v:
we are all together
bit kha 24153
6. Ph m bn m sau, gi s m ha Ceasar c s dng:
CSYEVIXIVQMREXIH
7. Ph m bn m sau (ting Anh), bit phng php m ha s dng l phng php
thay th n bng:
GBSXUCGSZQGKGSQPKQKGLSKASPCGBGBKGUKGCEUKUZKGGBSQEICA
CGKGCEUERWKLKUPKQQGCIICUAEUVSHQKGCEUPCGBCGQOEVSHUNSU
GKUZCGQSNLSHEHIEEDCUOGEPKHZGBSNKCUGSUKUASERLSKASCUGB
SLKACRCACUZSSZEUSBEXHKRGSHWKLKUSQSKCHQTXKZHEUQBKZAEN
NSUASZFENFCUOCUEKBXGBSWKLKUSQSKNFKQQKZEHGEGBSXUCGSZQ
GKGSQKUZBCQAEIISKOXSZSICVSHSZGEGBSQSAHSGKHMERQGKGSKR
EHNKIHSLIMGEKHSASUGKNSHCAKUNSQQKOSPBCISGBCQHSLIMQGKG
SZGBKGCGQSSNSZXQSISQQGEAEUGCUXSGBSSJCQGCUOZCLIENKGCA
USOEGCKGCEUQCGAEUGKCUSZUEGBHSKGEHBCUGERPKHEHKHNSZKGGKAD
(Cn vit chng trnh h tr ph m, xem bi tp thc hnh s 3)
28

8. Tng t bi tp 7 cho bn m sau (ting Anh):
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQ
JVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQU
FEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFT
DPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZ
BOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFL
QHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA

9. Xt phng php Vigenere. Gi s bit bn m PVRLHFMJCRNFKKWc bn r
tng ng l networksecurity. Hy tm kha K.
10. Xt bn m c m ha bng phng php One-Time Pad nh sau: KITLKE
Nu bn r l thrill th kha l g? Nu bn r l tiller th kha l g?
11. Mt trng hp tng qut ca m ha Ceasar l m Affine, trong k t p c
m ha thnh k t C theo cng thc:
C = E(p, [a, b]) = (ap + b) mod 26
Mt yu cu ca thut ton m ha l tnh n nh, tc nu pq th E(p) E(q). M
Affine khng phi l n nh vi mi a. V d, vi a=2, b=3 th E(0) = E(13) = 3.
a) C iu kin g t ra cho b hay khng? Ti sao?
b) Xc nh nhng gi tr ca a lm cho m Affine khng n nh.
2.11 Bi Tp Thc Hnh
1. Vit chng trnh m ha v gii m mt file vn bn ASCII trn my tnh bng
phng php m ha Ceasar.
2. Vit chng trnh m ha v gii m mt file vn bn ASCII trn my tnh bng
phng php m ha Playfair.
3. Vit chng trnh m ha v gii m mt file vn bn ASCII trn my tnh bng
phng php m ha Vigenere.
4. Vit chng trnh h tr ph m thay th n bng (bi tp 7 v 8), chng trnh s
lm mt s thao tc nh thng k tn sut cc ch ci, cc digram, thc hin php
thay th
29


30

CHNG 3. M HA I XNG HIN I

i tng ca cc phng php m ha c in l cc bn tin ngn ng, mt n v
m ha l cc ch ci p dng phng thc thay th hay phng thc hon v.
Cng vi s pht trin ca my tnh, thng tin ngy mt tr nn a dng, mt bn tin
by gi khng ch n gin l bn tin gm cc ch ci, m c th gm c cc thng tin v
nh dng vn bn nh ti liu HTML Ngoi ra bn tin c th xut hin di cc loi
hnh khc nh hnh nh, video, m thanh Tt cc bn tin u c biu din trn my
vi tnh di dng mt dy cc s nh phn. Trong my tnh cc ch ci c biu din
bng m ASCII.
Bn tin: attack
M ASCII: 97 116 116 97 99 107
Biu din nh phn: 01100001 01110100 01110100 01100001 01100011 01101011
V cng tng t nh bn tin ngn ng, trong bn tin nh phn cng tn ti mt s
c tnh thng k no m ngi ph m c th tn dng ph bn m, d rng bn m
by gi tn ti di dng nh phn. M ha hin i quan tm n vn chng ph m
trong cc trng hp bit trc bn r (known-plaintext), hay bn r c la chn
(chosen-plaintext).
minh ha cch thc thc hin ca m ha i xng hin i, chng ta s dng
bn r l cc ch ci ca mt ngn ng gm c 8 ch ci A, B, C, D, E, F, G, H trong
mi ch ci c biu din bng 3 bt.







Nh vy nu c bn r l head th biu din nh phn tng ng l: 111100000011
Gi s dng mt kha K gm 4 bt 0101 m ha bn r trn bng php XOR :
bn r: 1111 0000 0011 (head)
kha: 0101 0101 0101
bn m: 1010 0101 0110 (FBCG)
Trong php m ha trn, n v m ha khng phi l mt ch ci m l mt khi 4
bt. gii m, ly bn m XOR mt ln na vi kha th c li bn r ban u.
Tuy nhin, m ha bng php XOR nh trn th kh n gin hai im:
- Kha c lp li, iu ny bc l im yu ging nh m ha Vigenere.
khc phc iu ny, ngi ta dng mt b sinh s ngu nhin to kha di,
Ch ci Nh phn
A 000
B 001
C 010
D 011
E 100
F 101
G 110
H 111

31

gi lp m ha One-Time pad. y l c s thc hin ca m dng (stream
cipher).
- Mt khi c m ha bng php XOR vi kha. iu ny khng an ton v ch
cn bit mt cp khi bn r - bn m (vd: 1111 v 1010), ngi ph m d dng
tnh c kha. khc phc iu ny, ngi ta tm ra cc php m ha phc
tp hn php XOR, v y l c s ra i ca m khi (block cipher).
3.1 M dng (Stream Cipher)
M dng c cc c tnh sau:
- Kch thc mt n v m ha: gm k bt. Bn r c chia thnh cc n
v m ha:


- Mt b sinh dy s ngu nhin: dng mt kha K ban u sinh ra cc s
ngu nhin c kch thc bng kch thc n v m ha:


- Mi s ngu nhin c XOR vi n v m ha ca bn r c c
bn m.


Qu trnh gii m c thc hin ngc li, bn m C c XOR vi dy s ngu
nhin S cho ra li bn r ban u:


Trong v d trn n v m ha c chiu di k = 4 bt, n = 3:

1111

11

11

11

11

11
V d ny khng phi l m dng v s0, s1, s2 lp li kha K. V phng din kha, v
d ny ging m Vigenere hn. i vi m dng, cc s si c sinh ra phi m bo mt
ngu nhin no (chu k tun hon di):


Hnh 3-1. M hnh m dng
Nh vy c th thy m ha dng tng t nh m ha Vigenere v m ha One-
Time Pad. im quan trng nht ca cc m dng l b sinh s ngu nhin. Nu chn kha
c chiu di ngn nh m ha Vigenere th khng bo m an ton, cn nu chn kha c
chiu di bng chiu di bn tin nh One-Time Pad th li khng thc t. B sinh s ca
m dng cn bng gia hai im ny, cho php dng mt kha ngn nhng dy s sinh ra
bo m mt ngu nhin cn thit nh kha ca One-time Pad, dng rng khng hon
ton thc s ngu nhin.
p0 p1 pn-1
c0 c1 cn-1

s0

s1

sn-1
P
C
32

Phn tip theo trnh by hai phng php m ha dng tiu biu l A5/1 v RC4.
3.1.1 A5/1
A5/1 c dng trong mng in thoi GSM, bo mt d liu trong qu trnh lin
lc gia my in thoi v trm thu pht sng v tuyn. n v m ha ca A5/1 l mt
bt. B sinh s mi ln s sinh ra hoc bt 0 hoc bt 1 s dng trong php XOR. n
gin, trc tin chng ta s xem xt mt m hnh thu nh ca A5/1 gi l TinyA5/1.
1) TinyA5/1
C ch thc hin ca b sinh s TinyA5/1 l nh sau:
B sinh s gm 3 thanh ghi X, Y, Z. Thanh ghi X gm 6 bit, k hiu l (x
0
, x
1
, ,
x
5
). Thanh ghi Y gm 8 bit (y
0
, y
1
, , y
7
). Thanh ghi Z lu 9 bit (z
0
, z
1
, , z
8
). Kha K ban
u c chiu di 23 bt v ln lt c phn b vo cc thanh ghi: K XYZ . Cc thanh
ghi X, Y, Z c bin i theo 3 quy tc:
1) Quay X gm cc thao tc:
-
t = x
2
x
4
x
5


-
x
j
= x
j-1
vi j = 5, 4, 3, 2, 1

-
x
0
= t

V d: gi s X l 100101, dn n t = 0

1 = 1, vy sau khi quay gi tr


ca X l 110010.
2) Quay Y: tng t nh quay X, quay Y l nh sau:
-
t = y
6
y
7
-
y
j
= y
j-1
vi j = 7, 6, 5, ..., 1

-
y
0
= t

3) Quay Z:
-
t = z
2
z
7
z
8


-
z
j
= z
j-1
vi j = 8, 7, 6, ..., 1

-
z
0
= t

Cho ba bit x, y, z, ta nh ngha mt hm maj(x, y, z) l hm chim a s, ngha l
nu trong 3 bt x, y, z c t hai bt 0 tr ln th hm tr v gi tr 0, nu khng hm tr v
gi tr 1.
Ti bc sinh s th i, cc php tnh sau c thc hin:
m = maj(x
1
, y
3
, z
3
)
If x
1
= m then thc hin quay X
If y
3
= m then thc hin quay Y
If z
3
= m then thc hin quay Z
V bt c sinh ra l:
si = x5 y7 z8
Bt s
i
c XOR vi bt th i trong bn r c c bt th i trong bn m theo quy
tc ca m dng.
V d: m ha bn r P=111 (ch h) vi kha K l 100101. 01001110.100110000.
1 0 0 1 1 0 0 0 0


Z

0 1 0 0 1 1 1 0

Y

0 1 2 3 4 5 6 7 8
1 0 0 1 0 1

X
33

Ban u gi tr ca cc thanh ghi X, Y, Z l:
X = 100101
Y = 01001110
Z = 100110000
Bc 0: x
1
= 0, y
3
=0, z
3
= 1 m = 0 quay X, quay Y
X = 110010
Y = 10100111 s0= 0

0 = 1
Z = 100110000
Bc 1: x
1
= 1, y
3
=0, z
3
= 1 m = 1 quay X, quay Z
X = 111001
Y = 10100111 s1= 1

0 = 0
Z = 010011000
Bc 2: x
1
= 1, y
3
=0, z
3
= 0 m = 0 quay Y, quay Z
X = 111001
Y = 01010011 s2= 1

0 = 0
Z = 001001100
Vy bn m l C = 111

100 = 011 (ch D)
2) A5/1
V nguyn tc b sinh s A5/1 hot ng ging nh TinyA5/1. Kch thc thanh ghi
X, Y, Z ln lt l 19, 22 v 23 bt. Cc bc quay X, Y, Z c th nh sau:
1) Quay X:
- t = x13 x16 x17 x18
- xj = xj-1 vi j = 18, 17,16 ..., 1
- x0 = t
2) Quay Y:
- t = y20 y21
- yj = yj-1 vi j = 21, 20, 19, ..., 1
- y0 = t
3) Quay Z:
- t = z7 z20 z21 z22
- zj = zj-1 vi j = 22, 21, 20, ..., 1
- z0 = t
Hm maj c tnh trn 3 bt x
8
, y
10
, z
10
. Sau khi quay xong bt sinh ra l: si = x18
y21 z22. Ton b qu trnh sinh dy s ca A5/1 c minh ha qua hnh bn di:



34


Hnh 3-2. M dng A5/1
M ha A5/1 c th c thc hin d dng bng cc thit b phn cng, tc
nhanh. Do A5/1 tng c s dng m ha cc d liu real-time nh cc dy bt
audio. Ngy nay A5/1 c s dng m ha d liu cuc gi trong mng in thoi
GSM.
3.1.2 RC4
RC4 c dng trong giao thc SSL (xem phn 7.3) bo mt d liu trong qu
trnh truyn d liu gia Web Server v trnh duyt Web. Ngoi ra RC4 cn c s dng
trong m ha WEP ca mng Wireless LAN. n gin, chng ta cng s xem xt mt
m hnh thu nh ca RC4 gi l TinyRC4.
1) TinyRC4
Khc vi A5/1, n v m ha ca TinyRC4 l 3 bt. TinyRC4 dng 2 mng S v T
mi mng gm 8 s nguyn 3 bt (t 0 n 7). Kha l mt dy gm N s nguyn 3 bt vi
N c th ly gi tr t 1 n 8. B sinh s mi ln sinh ra 3 bt s dng trong php
XOR. Qu trnh sinh s ca TinyRC4 gm hai giai on:
a) Giai on khi to:

/* Khoi tao day so S va T */
for i = 0 to 7 do
S[i] = i;
T[i] = K[i mod N];
next i
/* Hoan vi day S */
j = 0;
for i = 0 to 7 do
j = (j + S[i] + T[i]) mod 8;
Swap(S[i], S[j]);
next i

Trong giai on ny, trc tin dy S gm cc s nguyn 3 bt t 0 n 7 c
sp th t tng dn. Sau da trn cc phn t ca kha K, cc phn t ca S c
hon v ln nhau n mt mc ngu nhin no .
V d: m ha bn r P = 001000110 (t bag) vi kha K gm 3 s 2, 1, 3 (N=3)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22





X
Y
Z
si
t
t
t
35

- Khi to S v T



- Hon v S


















Qu trnh thc hin n khi i=7 v lc dy S l 6 0 7 1 2 3 5 4
b) Giai on sinh s:
i, j = 0;
while (true)
i = (i + 1) mod 8;
j = (j + S[i]) mod 8;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 8;
k = S[t];
end while;

Trong giai on ny, cc phn t ca S tip tc c hon v. Ti mi bc
sinh s, hai phn t ca dy S c chn tnh ra s k 3 bt l s c dng
XOR vi n v m ha ca bn r.
Tip tc v d trn, qu trnh sinh s m ha bn r bag thc hin nh sau:


0 1 2 3 4 5 6 7

2 1 3 2 1 3 2 1

S

T
K
2 1 3 2 1 3 2 1

2 4 0 3 1 5 6 7

T



S
i=2
j
S[i]+T[i]=3
Swap(S[i], S[j])
i=0
2 1 3 2 1 3 2 1

0 1 2 3 4 5 6 7

T



S
j
S[i]+T[i]=2
Swap(S[i], S[j])
2 1 3 2 1 3 2 1

2 1 0 3 4 5 6 7

T



S
i=1
j
S[i]+T[i]=2
Swap(S[i], S[j])
36

Bc 0:





Bc 1:





Bc 2:





Vy bn m l C = 001.000.110

101.001.111 = 100.001.001 (t EBB)
2) RC4
C ch hot ng ca RC4 cng ging nh TinyRC4 vi cc c tnh sau:
- n v m ha ca RC4 l mt byte 8 bt.
- Mng S v T gm 256 s nguyn 8 bt
- Kha K l mt dy gm N s nguyn 8 bt vi N c th ly gi tr t 1 n 256.
- B sinh s mi ln sinh ra mt byte s dng trong php XOR.
Hai giai on ca RC4 l:
a) Giai on khi to:
/* Khoi tao day S va T*/
for i = 0 to 255 do
S[i] = i;
T[i] = K[i mod N];
next i
/* Hoan vi day S */
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap(S[i], S[j]);
next i






0 6 7 1 2 3 5 4


S




i
j
S[i]
1
S[i]+S[j]=4+7
s1 = 1 = 001[2]
6 0 7 1 2 3 5 4


S




i
j
S[i]
1
S[i]+S[j]=0+6
s0 = 5 = 101[2]
0 6 4 1 2 3 5 7


S




i
j
S[i]
1
S[i]+S[j]=1+6
s2 = 4 = 111[2]
37

b) Giai on sinh s:
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
k = S[t];
end while;

Qu trnh sinh s ca RC4 cng sinh ra dy s ngu nhin, kh on trc, v vy
RC4 t c mc an ton cao theo tinh thn ca m ha One-Time Pad. M ha RC4
hon ton c thc hin trn cc s nguyn mt byte do ti u cho vic thit lp bng
phn mm v tc thc hin nhanh hn so vi m khi.
3.2 M khi (Block Cipher)
3.2.1 M khi an ton l tng
Php ton XOR c mt hn ch l ch cn bit mt cp khi bn r v bn m, ngi
ta c th d dng suy ra c kha v dng kha gii cc khi bn m khc (known-
plaintext attack). Xt li v d u chng:
bn r: 1111 0000 0011 (head)
kha: 0101 0101 0101
bn m: 1010 0101 0110 (FBCG)
Nu bit bn m c
0
= 1010 c bn r tng ng l p
0
= 1111, th c th d dng suy
ra kha l 0101. Ni mt cch tng qut, nu gia bn r P v bn m C c mi lin h
ton hc th vic bit mt s cp bn r-bn m gip ta c th tnh c kha K. (nh trong
trng hp m Hill)
Do chng ph m trong trng hp known-plaintext hay choosen-plaintext, ch
c th l lm cho P v C khng c mi lin h ton hc. iu ny ch c th thc hin c
nu ta lp mt bn tra cu ngu nhin gia bn r v bn m. V d:
Bn r Bn m
0000 1110
0001 0100
0010 1101
0011 0001
0100 0010
0101 1111
0110 1011
0111 1000
1000 0011
1001 1010
1010 0110
1011 1100
1100 0101
1101 1001
1110 0000
1111 0111
38

Lc ny kha l ton b bng trn. Ngi gi cng nh ngi nhn phi bit ton b
bng trn m ha v gii m. i vi ngi ph m, nu bit mt s cp bn r - bn
m th cng ch bit c mt phn ca bng tra cu trn. Do khng suy ra c bn r
cho cc bn m cn li. Hay ni cch khc, mun ph m th phi bit c tt c cc cp
bn r v bn m. Nu chn kch thc ca khi l 64 bt th s dng ca bng kha l 2
64
,
mt con s rt ln (v c khong 2
64
! bng kha nh vy). Lc ny vic nm tt c cc cp
bn r-bn m ca bng kha l iu khng th i vi ngi ph m. Trng hp ny ta
gi l m khi an ton l tng.
Tuy nhin, khi kch thc khi ln th s dng ca bng kha cng ln v gy tr
ngi cho vic lu tr cng nh trao i kha gia ngi gi v ngi nhn. Bng kha c
2
64
dng mi dng 64 bt do kch thc kha s l 64x 2
64
= 2
70
10
21
bt. Do m
khi an ton l tng l khng kh thi trong thc t.
3.2.2 Mng SPN
Trong thc t, ngi ta ch tm cch ch cn dng mt kha c kch thc ngn
gi lp mt bng tra cu c an ton xp x an ton ca m khi l tng. Cch thc
hin l kt hp hai hay nhiu m ha n gin li vi nhau to thnh mt m ha tng
(product cipher), trong m ha tng an ton hn rt nhiu so vi cc m ha thnh phn.
Cc m ha n gin thng l php thay th (substitution, S-box) v hon v
(Permutation, P-box). Do ngi ta hay gi m ha tng l Substitution-Permutation
Network (mng SPN). Hnh di minh ha mt mng SP.

Vic kt hp cc S-box v P-box to ra hai tnh cht quan trng ca m ha l tnh
khuch tn (diffusion) v tnh gy ln (confusion). Hai tnh cht ny do Claude Shannon
gii thiu vo nm 1946, v l c s ca tt c cc m khi hin nay.
- Tnh khuch tn: mt bt ca bn r tc ng n tt c cc bt ca bn m, hay
ni cch khc, mt bt ca bn m chu tc ng ca tt c cc bt trong bn r.
Vic lm nh vy nhm lm gim ti a mi lin quan gia bn r v bn m,
ngn chn vic suy ra li kha. Tnh cht ny c c da vo s dng P-box
kt hp S-box.
- Tnh gy ln: lm phc tp ha mi lin quan gia bn m v kha. Do cng
ngn chn vic suy ra li kha. Tnh cht ny c c da vo s dng S-box.
3.2.3 M hnh m Feistel
M hnh m Feistel l mt dng tip cn khc so vi mng SP. M hnh do Horst
Feistel xut, cng l s kt hp cc php thay th v hon v. Trong h m Feistel, bn
r s c bin i qua mt s vng cho ra bn m cui cng:


P1
S1
S2
S3


P2
S4
S5
S6


P3
Bt u vo
0
1
2






11
Bt u ra
0
1
2






11
39


P C1 C2 Cn
Trong bn r P v cc bn m Ci c chia thnh na tri v na phi:
P = (L0, R0)
Ci = (Li, Ri) i = 1, 2, n
Quy tc bin i cc na tri phi ny qua cc vng c thc hin nh sau:
Li = Ri-1
Ri = Li-1 F(Ri-1, Ki)
Ki l mt kha con cho vng th i. Kha con ny c sinh ra t kha K ban u
theo mt thut ton sinh kha con (key schedule): K K1 K2 Kn
F l mt hm m ha dng chung cho tt c cc vng. Hm F ng vai tr nh l
php thay th cn vic hon i cc na tri phi c vai tr hon v. Bn m C c tnh t
kt xut ca vng cui cng:
C = Cn = (Ln, Rn)
S tnh ton ca h m Feistel c th hin trong hnh bn di:

Hnh 3-3. M hnh m khi Feistel
gii m qu trnh c thc hin qua cc vng theo th t ngc li:
C Ln, Rn
Ri-1= Li (theo m ha Li = Ri-1 )
Li-1 = Ri F(Ri-1, Ki) (theo m ha Ri = Li-1 F(Ri-1, Ki) )
L
0
R
0


L
1
R
1

plaintext
L
n
R
n

ciphertext


F
F
K
1

K
n

K

L
n-1
R
n-1

K1 K2 K3 Kn-1


K1

40

V cui cng bn r l P = (L0, R0).
H m Feistel c im quan trng l vic chia cc bn m thnh hai na tri phi
gip cho hm F khng cn kh nghch (khng cn c F
-1
). M ha v gii m u dng
chiu thun ca hm F. Hm F v thut ton sinh kha con cng phc tp th cng kh ph
m.
ng vi cc hm F v thut ton sinh kha con khc nhau th ta s c cc phng
php m ha khc nhau, phn tip theo s trnh by m ha DES, l mt phng php m
ha da trn nguyn tc ca h m Feistel.
3.3 M TinyDES
Vo nm 1973, khi lnh vc my tnh ngy cng pht trin, nhu cu ng dng bo
mt vo cc mc ch dn s c t ra. Lc ny Cc tiu chun quc gia Hoa K ku
gi cc cng ty M thit lp mt chun m ha quc gia. M ha Lucifer ca cng ty IBM
c chn v sau mt vi sa i ca c quan an ninh Hoa K, m ha Lucifer tr
thnh m tiu chun DES (Data Encryption Standard). Qua qu trnh s dng m DES
chng t an ton cao v c s dng rng ri.
Tng t nh m dng A5/1 v RC4, chng ta cng s xem xt mt m hnh thu nh
ca m DES l TinyDES.
M TinyDES c cc tnh cht sau:
- L m thuc h m Feistel gm 3 vng
- Kch thc ca khi l 8 bt
- Kch thc kha l 8 bt
- Mi vng ca TinyDES dng kha con c kch thc 6 bt c trch ra t
kha chnh.
Hnh di y minh ha cc vng ca m TinyDES

Hnh 3-4. Cc vng Feistel ca m TinyDES
S m TinyDES trn gm hai phn, phn th nht l cc vng Feistel, phn th
hai l thut ton sinh kha con. Chng ta s ln lt i vo chi tit ca tng phn.
3.3.1 Cc vng ca TinyDES
Hnh sau minh ha mt vng Feistel ca TinyDES
Bn r 8 bt
Vng 1
Vng 2
8
Kha 8 bt
Dch vng tri Nn kha
8
Nn kha
6 8
6 8
Bn m 8 bt
Dch vng tri
Vng 3
8 8
Nn kha
6 8
Dch vng tri
8
41


Hnh 3-5. Cu trc mt vng ca m TinyDES
Trong TinyDES, hm F ca Feistel l:
F(Ri-1, Ki) = P-box(S-box(Expand( Ri-1) Ki))
Trong hm Expand va m rng va hon v Ri-1 t 4 bt ln 6 bt. Hm S-boxes
bin i mt s 6 bt u vo thnh mt s 4 bt u ra. Hm P-box l mt hon v 4 bt.
M t ca cc hm trn l nh sau:
- Expand: gi 4 bt ca Ri-1 l b0b1b2b3. Hm Expand hon v v m rng 4 bt
thnh 6 bt cho ra kt qu: b2b3b1b2b1b0.
V d: R0 = 0110 Expand(R0) = 101110
- S-box: Gi b
0
b
1
b
2
b
3
b
4
b
5
l 6 bt u vo ca S-box, ng vi mi trng hp
ca 6 bt u vo s c 4 bt u ra. Vic tnh cc bt u ra da trn bng sau:

Hai bt b
0
b
1
xc nh th t hng, bn bt b
1
b
2
b
3
b
4
xc nh th t ct ca
bng, T da vo bng tnh c 4 bt u ra. cho n gin, ta c th vit li
bng trn di dng s thp lc phn.


V d: X = 101010. Tra bng ta c S-box(X) = 0110.
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 E 4 D 1 2 F B 8 3 A 6 C 5 9 0 7
1 0 F 7 4 E 2 D 1 A 6 C B 9 5 3 8
2 4 1 E 8 D 6 2 B F C 9 7 3 A 5 0
3 F C 8 2 4 9 1 7 5 B 3 E A 0 6 D

b
1
b
2
b
3
b
4

b
0
b
5

0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
00 1110 0100 1101 0001 0010 1111 1011 1000 0011 1010 0110 1100 0101 1001 0000 0111
01 0000 1111 0111 0100 1110 0010 1101 0001 1010 0110 1100 1011 1001 0101 0011 1000
10 0100 0001 1110 1000 1101 0110 0010 1011 1111 1100 1001 0111 0011 1010 0101 0000
11 1111 1100 1000 0010 0100 1001 0001 0111 0101 1011 0011 1110 1010 0000 0110 1101
\
b
1
b
2
b
3
b
4

b
0
b
5

L
i-1
R
i-1


K
i

L
i
R
i

4
Expand
S-box
P-box

4
4
6
4
4
Compress
4 4
6
4
KL
i-1
KR
i-1

Left Shift
KL
i
KR
i

Left Shift
4
F
42

- P-box: thc hin hon v 4 bt u b0b1b2b3
cho ra kt qu b2b0b3b1.
3.3.2 Thut ton sinh kha con ca TinyDES
Kha K 8 bt ban u c chia thnh 2 na tri phi KL0 v KR0 , mi na c kch
thc 4 bt. Ti vng th nht KL0 v KR0 c dch vng tri 1 bt c c KL1 v KR1.
Ti vng th hai KL1 v KR1 c dch vng tri 2 bt c c KL2 v KR2. Ti vng ti
vng th 3 KL2 v KR2 c dch vng tri 1 bt c KL3 v KR3.
Cui cng kha Ki ca mi vng c to ra bng cch hon v v nn (compress) 8
bt ca KLi v KRi (k0k1k2k3k4k5k6k7) thnh kt qu gm 6 bt : k5k1k3k2k7k0.
3.3.3 V d v TinyDES
V d: m ha bn r P = 0101.1100 (5C) vi kha K = 1001.1010
- L0 = 0101, R0 = 1100, KL0 = 1001, KR0 = 1010
- Vng 1:
- L1 = R0 = 1100, Expand(R0) = 001011
- KL1 = KL0 <<1 = 0011, KR1 =KR0 << 1 = 0101
- K1 = Compress(KL1KR1) = 101110
- Expand(R0) K1 = 100101
- S-box(100101) = 1000
- F1 = P-box(1000) = 0100
- R1 = L0 F1 = 0001
- Vng 2:
- L2 = R1 = 0001, Expand(R1) = 010000
- KL2 = KL1 <<2 = 1100, KR2 =KR1 << 2 = 0101
- K2 = Compress(KL2KR2) = 110011
- Expand(R1) K2 = 100011
- S-box(100011) = 1100
- F2=P-box(1100) = 0101
- R2 = L1 F2 = 1001
- Vng 3:
- L3 = R2 = 1001, Expand(R2) = 010001
- KL3 = KL2 <<1 = 1001, KR3 =KR2 << 1 = 1010
- K3 = Compress(KL3KR3) = 001001
- Expand(R2) K3 = 011000
- S-box(011000) = 0101
- F3 = P-box(0101) = 0011
- R3 = L2 F3 = 0010
- Kt qu C= L3R3 = 1001.0010 (h thp lc phn: 92)
3.3.4 Kh nng chng ph m known-plaintext ca TinyDES
Xt trng hp m TinyDES ch c 1 vng, tc P = (L0, R0) v C = (L1, R1).
43


Trong trng hp ny ngi ph m bit P v C, tuy nhin khng bit K. Gi s P =
0101.1100 v C = 1100.0001. Ngi ph m tin hnh tnh K nh sau:
T R0 tnh X =001011.
T L0 v R1 tnh Z = 0100, v t Z tnh Y = 1000.
Tra cu bng S-box vi u ra l 1000, ta xc nh c cc u vo XK1 c th
xy ra l: {100101, 100111, 001110, 011111}
Nh vy kha K1 l mt trong cc gi tr {101110, 101100, 000101, 010100}
Th tip vi 1 vi cp bn r-bn m khc ta s tm c K1 = 101110 v t tnh
c K = 1001.1010
Tuy nhin vi m TinyDES ba vng, vic ph m khng cn n gin nh vy, ngi
ph m ch bit c input ca vng u l P v output ca vng cui l C, gi tr trung gian
L1R1, L2R2 b n giu nn khng th gii hn min tm kim ca cc kha K1, K2, K3 theo
phng php trn. Di tc ng ca S-box, vic thay i 1 bt trong bn r hoc kha K s
nh hng n nhiu bt khc nhau trong cc gi tr trung gian L1R1, L2R2 (trong phn m
DES ta s gi l hiu ng lan truyn), nn kh phn tch mi lin quan gia bn r, bn m
v kha. Vic ph m cn kh khn hn na trong trng hp m DES gm 16 vng v kch
thc khi l 64 bt.
3.4 M DES (Data Encryption Standard)
M DES c cc tnh cht sau:
- L m thuc h m Feistel gm 16 vng, ngoi ra DES c thm mt hon
v khi to trc khi vo vng 1 v mt hon v khi to sau vng 16
- Kch thc ca khi l 64 bt: v d bn tin meetmeafterthetogaparty
biu din theo m ASCII th m DES s m ha lm 3 ln, mi ln 8 ch
ci (64 bt): meetmeaf - tertheto - gaparty.
- Kch thc kha l 56 bt
- Mi vng ca DES dng kha con c kch thc 48 bt c trch ra t
kha chnh.
Hnh di y minh ha cc vng ca m DES
L
0
R
0


K
1

L
1
R
1

Expand
S-box
P-box

X
Y
Z
44


Hnh 3-6. Cc vng Feistel ca m DES
S m DES trn gm ba phn, phn th nht l cc hon v khi to v hon v
kt thc. Phn th hai l cc vng Feistel, phn th ba l thut ton sinh kha con. Chng
ta s ln lt i vo chi tit ca tng phn.
3.4.1 Hon v khi to v hon v kt thc:
Ta nh s cc bt ca khi 64 bt theo th t t tri sang phi l 0, 1, , 62, 63:


Hon v khi to s hon i cc bt theo quy tc sau :

(


Hon v kt thc hon i cc bt theo quy tc sau:
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
56 48 40 32 24 16 8 0
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6

Hon v khi to
Bn r 64 bt
.
Vng 1
64
Vng 2
64
Vng 16
i 2 na u, cui
Hon v kt thc
Kha 64 bt
Dch vng tri Nn kha
56
Nn kha
Nn kha
.
56
48 56
48 56
48 56
64
64
64
Bn m 64 bt
Dch vng tri
Dch vng tri
Hon v kha
56
45


Hon v kt thc chnh l hon v nghch o ca hon v khi to. i vi known-
plaintext hay chosen-plaintext attack, hon v khi to v hon v kt thc khng c
ngha bo mt, s tn ti ca hai hon v trn c nhn nh l do yu t lch s.
3.4.2 Cc vng ca DES
Hnh sau minh ha mt vng Feistel ca DES

Hnh 3-7. Cu trc mt vng ca m DES
Trong DES, hm F ca Feistel l:
F(Ri-1, Ki) = P-box(S-boxes(Expand( Ri-1) Ki))
Trong hm Expand va m rng va hon v Ri-1 t 32 bt ln 48 bt. Hm S-
boxes nn 48 bt li cn 32 bt. Hm P-box l mt hon v 32 bt. M t ca cc hm trn
l nh sau:
- Expand: nh s cc bt ca Ri-1 theo th t t tri sang phi l 0, 1, 2, , 31.
Hm Expand thc hin va hon v va m rng 32 bt thnh 48 bt theo quy tc:

L
i-1
R
i-1


K
i

L
i
R
i

32
Expand
S-boxes
P-box

32
32
48
32
32
Compress
28 28
48
28
KL
i-1
KR
i-1

Left Shift
KL
i
KR
i

Left Shift
28
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
32 0 40 8 48 16 56 24

46


- S-boxes:
Hm S-boxes ca DES bin i mt s 48 bt thnh mt s 32 bt. Tuy nhin,
nu ch lp mt bng tra cu nh TinyDES th bng ny phi c 2
16
dng v 2
32
ct, dn n s phn t ca bng rt ln. gim kch thc ca bng tra cu, ngi
ta chia hm S-boxes thnh 8 hm S-box con, mi hm bin i s 6 bt thnh s 4 bt
(hnh di)

Hm S-box u tin, hp S
1
, ging hon ton nh S-box ca TinyDES, tc c
ni dung nh sau:

Chi tit cc hp cn li c trnh by trong Ph lc 1. C th thy, mi hm
S-box con l mt php thay th Substitution. Cc hm S-box con khng kh nghch,
do hm S-boxes cng khng kh nghch. S phc tp ny ca S-boxes l yu t
chnh lm cho DES c an ton cao.
- P-box: hm P-box cng thc hin hon v 32 bt u vo theo quy tc:



3.4.3 Thut ton sinh kha con ca DES
15 6 19 20 28 11 27 16
0 14 22 25 4 17 30 9
1 7 23 13 31 26 2 8
18 12 29 5 21 10 3 24

0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
00 1110 0100 1101 0001 0010 1111 1011 1000 0011 1010 0110 1100 0101 1001 0000 0111
01 0000 1111 0111 0100 1110 0010 1101 0001 1010 0110 1100 1011 1001 0101 0011 1000
10 0100 0001 1110 1000 1101 0110 0010 1011 1111 1100 1001 0111 0011 1010 0101 0000
11 1111 1100 1000 0010 0100 1001 0001 0111 0101 1011 0011 1110 1010 0000 0110 1101
\
b
1
b
2
b
3
b
4

b
0
b
5

48 bt
S
1
S
2
S
3
S
4
S
5
S
6
S
7
S
8

32 bt
31 0 1 2 3 4
3 4 5 6 7 8
7 8 9 10 11 12
11 12 13 14 15 16
15 16 17 18 19 20
19 20 21 22 23 24
23 24 25 26 27 28
27 28 29 30 31 0

48 bt
47

Kha K 64 bt ban u c rt trch v hon v thnh mt kha 56 bt (tc ch s
dng 56 bt) theo quy tc:

Kha 56 bt ny c chia thnh 2 na tri phi KL0 v KR0 , mi na c kch thc
28 bt. Ti vng th i (i = 1, 2, 3,,16), KLi-1 v KRi-1 c dch vng tri ri bt c
c KLi v KRi, vi ri c nh ngha:


1 1 2 9 16
2

Cui cng kha Ki ca mi vng c to ra bng cch hon v v nn 56 bt ca KLi
v KRi thnh 48 bt theo quy tc:

3.4.4 Hiu ng lan truyn (Avalanche Effect)
Mt tnh cht quan trng cn thit ca mi thut ton m ha l ch cn mt thay i
nh trong bn r hay trong kha s dn n thay i ln trong bn m. C th, ch cn
thay i mt bt trong bn r hay kha th dn n s thay i ca nhiu bt bn m. Tnh
cht ny c gi l hiu ng lan truyn. Nh c tnh cht ny m ngi ph m khng th
gii hn min tm kim ca bn r hay ca kha (d ph m theo known-plaintext hay
chosen-plaintext) nn phi thc hin vt cn kha.
DES l mt phng php m ha c hiu ng lan truyn ny. Xt hai bn r sau (64
bt):
P1: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
P2: 10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Hai bn r trn c m ha bng DES vi kha:
K: 0000001 1001011 0100100 1100010 0011100 0011000 0011100 0110010
Bng 2-1.a cho bit s bt khc nhau ca bn m tng ng vi P1 v P2 qua cc
vng ca DES:

13 16 10 23 0 4 2 27
14 5 20 9 22 18 11 3
25 7 15 6 26 19 12 1
40 51 30 36 46 54 29 39
50 44 32 47 43 48 38 55
33 52 45 41 49 35 28 31

56 48 40 32 24 16 8
0 57 49 41 33 25 17
9 1 58 50 42 34 26
18 10 2 59 51 43 35
62 54 46 38 30 22 14
6 61 53 45 37 29 21
13 5 60 52 44 36 28
20 12 4 27 19 11 3

56 bt
48 bt
48


Vng th S bt khc nhau Vng th S bt khc nhau
0 1 0 0
1 6 1 2
2 21 2 14
3 35 3 28
4 39 4 32
5 34 5 30
6 32 6 32
7 31 7 35
8 29 8 34
9 42 9 40
10 44 10 38
11 32 11 31
12 30 12 33
13 30 13 28
14 26 14 26
15 29 15 34
16 34 16 35

a)

b)
Bng 3-1. Hiu ng lan truyn
Ch cn n vng th 2, s bt khc nhau gia hai bn m l 21 bt, sau 16 vng s
bt khc nhau l 34 bt (khong 1/2 tng s bt ca bn r)
Xt bn r sau (64 bt):
P: 01101000 10000101 00101111 01111010 00010011 01110110 11101011 10100100
Dng hai kha sau y m ha bn r trn (hai kha ny ch khc nhau 1 bt):
K1: 1110010 1111011 1101111 0011000 0011101 0000100 0110001 11011100
K2: 0110010 1111011 1101111 0011000 0011101 0000100 0110001 11011100
Bng 2-1.b cho bit s bt khc nhau ca bn m tng ng vi K1 v K2 qua cc
vng ca DES. Sau 16 vng, s bt khc nhau l 35 bt, cng khong 1/2 tng s bt ca
bn r.
3.4.5 an ton ca DES
Ta hy xem xt tnh an ton ca DES trc mt vi phng php tn cng ph m.
1) Tn cng vt cn kha (Brute Force Attack):
V kha ca m DES c chiu di l 56 bt nn tin hnh brute-force attack,
cn kim tra 2
56
kha khc nhau. Hin nay vi nhng thit b ph dng, thi gian
gian th kha l rt ln nn vic ph m l khng kh thi (xem bng). Tuy nhin
vo nm 1998, t chc Electronic Frontier Foundation (EFF) thng bo xy dng
c mt thit b ph m DES gm nhiu my tnh chy song song, tr gi khong
250.000$. Thi gian th kha l 3 ngy. Hin nay m DES vn cn c s dng
trong thng mi, tuy nhin ngi ta bt u p dng nhng phng php m ha
khc c chiu di kha ln hn (128 bt hay 256 bt) nh TripleDES hoc AES.
49

2) Ph m DES theo phng php vi sai (differential cryptanalysis):
Nm 1990 Biham v Shamir gii thiu phng php ph m vi sai. Phng
php vi sai tm kha t tn thi gian hn brute-force. Tuy nhin phng php ph m
ny li i hi phi c 2
47
cp bn r - bn m c la chn (chosen-plaintext). V
vy phng php ny l bt kh thi d rng s ln th c th t hn phng php
brute-force.
3) Ph m DES theo phng php th tuyn tnh (linear cryptanalysis)
Nm 1997 Matsui a ra phng php ph m tuyn tnh. Trong phng php
ny, cn phi bit trc 2
43
cp bn r-bn m (known-plaintext). Tuy nhin 2
43
cng
l mt con s ln nn ph m tuyn tnh cng khng phi l mt phng php kh
thi.
3.5 Mt s phng php m khi khc
3.5.1 Triple DES
Mt trong nhng cch khc phc yu im kch thc kha ngn ca m ha DES
l s dng m ha DES nhiu ln vi cc kha khc nhau cho cng mt bn tin. n gin
nht l dng DES hai ln vi hai kha khc nhau, cch thc ny c gi l Double DES:


iu ny ging nh l Double DES dng mt kha c kch thc l 112 byte, ch c
mt hn ch l tc chm hn DES v phi dng DES hai ln. Tuy nhin ngi ta tm
c mt phng php tn cng Double DES c tn gi l gp-nhau--gia (meet-in-the-
middle). y l mt phng php tn cng chosen-plaintext.
V vy ngi ta chn dng DES ba ln vi ba kha khc nhau, cch thc ny c
gi l Triple DES:


Chiu di kha l 168 bt s gy phc tp hn nhiu cho vic ph m bng phng
php tn cng gp-nhau--gia. Trong thc t ngi ta ch dng Triple DES vi hai kha
K1, K2 m vn m bo an ton cn thit. Cng thc nh sau:


Nguyn nhn ca vic dng EDE thay cho EEE l nu vi K1 = K2
= K th

Ngha l Triple DES suy gim thnh mt DES n.
3.5.2 Advanced Encryption Standard (AES)
Vo nhng nm 1990, nhn thy nguy c ca m ha DES l kch thc kha ngn,
c th b ph m trong tng lai gn, Cc tiu chun quc gia Hoa K ku gi xy dng
mt phng php m ha mi. Cui cng mt thut ton c tn l Rijndael c chn v
i tn thnh Andvanced Encryption Standard hay AES. C th ni rng m ha AES vi
kha c kch thc 256 bt l an ton mi mi bt k nhng tin b trong ngnh k thut
my tnh.
50

Ging nh DES, m ha AES l mt m khi gm nhiu vng. Khc vi DES, m
ha AES khng phi l mt m ha Feistel. Thut ton AES kh phc tp, y chng ta
ch nu ra mt s c im chnh ca AES:
- Cho php la chn kch thc khi m ha l 128, 192 hay 256 bt.
- Cho php la chn kch thc ca kha mt cch c lp vi kch thc khi: l
128, 192 hay 256 bt.
- S lng vng c th thay i t 10 n 14 vng ty thuc vo kch thc kha.
an ton ca AES lm cho AES c s dng ngy cng nhiu v trong tng lai
s chim vai tr ca DES v Triple DES.
3.6 Cc m hnh ng dng m khi
M khi (nh m DES) c p dng m ha mt khi d liu c kch thc xc
nh. m ha mt bn tin di, bn tin c chia ra thnh nhiu khi
(

) v p dng m khi cho tng khi mt. C nhiu m hnh p dng


m khi l ECB, CBC, CTR, OFB v CFB.
3.6.1 Electronic Codebook ECB
Trong m hnh ECB, mi khi c m ha mt cch ring r, dng chung mt kha
K.

Hnh 3-8. M hnh ECB ca m khi
Trong m ha ECB, nu Pi = Pj th Ci = Cj v ngc li. C th thy rng m ECB
tng t nh m ha n bng c in, trong Pi v Ci ging nh l cc ch ci, cn
kha K cng vi m khi ging nh l mt php hon v. Do , ngi ph m c th da
vo mt s c tnh thng k ca d liu tin hnh ph m, ging nh dng thng k tn
sut ch ci ph m m ha n bng (d rng Pi c kch thc ln nn c tnh thng
b) Qu trnh gii m
a) Qu trnh m ha
p0 p1 pn-1
c0 c1 cn-1
K
P
C
K
E
K
E E
c0 c1 cn-1
p0 p1 pn-1
K
C
P
K
D
K
D D
51

k cng kh pht hin hn). V vy m ha ECB ch thch hp m ha nhng bn tin
ngn.

Hnh 3-9. M ha ECB khng che du ht thng tin (ngun: trch t [3])
minh ha c tnh thng k ca d liu, hnh trn th hin mt tm nh c m
ha bng ECB. D rng mi khi c bin i qua php m ha, tuy nhin nhn tng
th th vn tn ti mt s lin h no gia cc khi.
3.6.2 Cipher Block Chaining CBC
Trong m hnh CBC, bn m ca mt ln m ha c s dng cho ln m ha tip
theo:

vi i = 1, 2, 3 n-1
Do m ha khi u tin, ngi ta dng mt khi d liu gi c gi l vector
khi to (initialization vector IV) v c chn ngu nhin:


gii m, tin hnh ngc li:

vi i = 1, 2, n-1

52


Hnh 3-10. M hnh CBC ca m khi
Ngi m ha v ngi gii m phi dng chung vector khi to IV. Vector khi to
khng cn gi b mt nn thng c gn vo trc bn m trc khi truyn thng ip
(

).
C th thy rng ni dung ca bn m Ci khng ch ph thuc vo bn r Pi m cn
ph thuc vo tt c cc bn r ng trc v IV. Do nu c hai bn r ging nhau th
hai bn m s khng ging nhau (do IV ngu nhin). iu ny khc phc c hn ch ca
m hnh ECB, t bn m ngi ph m khng th pht hin ra nhng c tnh thng k ca
d liu.
Ngc li, i vi vic gii m, bn r Pi khng ch ph thuc vo bn m Ci m cn
ph thuc vo bn m Ci-1 ng trc. Do nu xy li trn ng truyn, ch cn mt bt
b hng th dn n khng th gii m c bn m v bn m tip theo sau.
b) Qu trnh gii m
a) Qu trnh m ha
p0 p1 pn-1
c0 c1 cn-1
P
E
c0 c1 cn-1
p0 p1 pn-1 P
D

IV
IV

D

D

E

E

53


Hnh 3-11. Bc nh sau khi m ha dng m hnh CBC (ngun: trch t [3])
3.6.3 Counter CTR
n thi im ny, chng ta tm hiu hai cch tip cn chng li vic ph m
da trn thng k tn sut. Cch tip cn th nht l theo m hnh ca m dng, dng mt
b sinh kha ngu nhin (confusion lm ri). Cch tip cn th hai l theo m hnh CBC
ca m khi, dng cc khi pha trc tc ng n bn m ca cc khi i sau (diffusion
khuch tn).
Xt li m hnh m dng:

Trong s0, s1, s2, c sinh ra t b sinh s ngu nhin.
CTR thc ra l mt phng php m ha thuc loi m dng, tuy nhin b sinh kha
ngu nhin c dng n m khi sinh s. Kch thc ca n v m ha l kch thc
m khi (v d nu dng m DES th n v m ha l 64 bt). Vi mt vector khi to ban
u, cng thc sinh s nh sau:


Do hiu ng lan truyn (Avalanche Effect) ca m khi nn c th xem b sinh kha
trn sinh ra mt dy s ngu nhin theo nguyn tc thit k ca m dng.
3.6.4 Output Feedback OFB
M hnh CTR l mt m dng trong n v m ha c kch thc c nh l b bt,
vi b l kch thc m khi. m ha vi n v m ha c kch thc bt k, m hnh
OFB c xut. M hnh ny c hai im khc so vi m hnh CTR:
p0 p1 pn-1
c0 c1 cn-1

s0

s1

sn-1
P
C
54

- Ch dng s bt u tin ca kha sinh ra bi b sinh kha, vi s l kch thc n
v m ha dng trong php XOR.
- tng thm tnh ngu nhin ca b sinh kha, s bt ny ca kha c ghp vo
vector khi to IV cho ln m ha tip theo. Php ghp c thc hin bng cch
y tri IV s bt v a s bt ca kha vo s bt thp ca IV.
Register = IV;
for i = 0 to n-1 do
T
i
= E(Register, K);
T
i
= T
i
SHR (b-s); // ly s bt u ca T
i

C
i
= P
i
XOR T
i
;
Register = Register SHL s;
Register = Register OR T
i
;
next i

Hnh 3-12. M hnh OFB ca m khi
Ging nh m hnh ECB, trong m hnh CTR v OFB, mi khi c m ha mt
cch ring r, khng ph thuc vo nhau.
3.6.5 Cipher Feedback CFB
M hnh CFB c thay i mt cht so vi m hnh OFB. M hnh OFB dng s bt
ca kha do b sinh kha to ra ghp vi IV cho ln m ha tip theo. Cn m hnh
CFB dng s bt ca bn m ghp vi IV.
M khi

K
C
0

M khi

K
M khi

K
P
0


s

b
b bt
s
C
1

P
1

s

b
s
C
2

P
2

s

b
s
IV
Thanh ghi dch tri s bt
b b
s s


s
s bt
s
s
s
55


Hnh 3-13. M hnh CFB ca m khi
Do ging nh m hnh CBC, c th thy rng ni dung ca bn m Ci khng ch
ph thuc vo bn r Pi m cn ph thuc vo tt c cc bn r ng trc v IV. Ngc
li, i vi vic gii m, bn r Pi khng ch ph thuc vo bn m Ci m cn ph thuc
vo bn m Ci-1 ng trc.
3.7 Tnh chng thc (authentication) ca m ha i xng.
Trong phn ln chng ny, chng ta tm hiu v cch thc m ha i xng thc
hin tnh bo mt. Vy cn tnh chng thc th sao? M ha i xng c th chng li cc
hnh thc tn cng sa i thng ip, mo danh v pht li thng ip c hay khng?
Cu tr li l c.
Trc tin l vn mo danh. Trudy c th no gi thng ip cho Bob m Bob
ngh rng thng ip l t Alice khng? Xt tnh hung sau:
- Alice v Bob quyt nh dng m Vigenere trao i d liu, vi kha b mt
KAB l DECEPTIVE
- Khi Alice gi cho Bob mt bn m C, Bob dng KAB gii m cho ra bn r. V
d, Alice gi bn m: ZICVTWQNGRZGVTWAVZHCQYGLMGJ. Bob gii m c
c bn r: wearediscoveredsaveyourself. y l mt bn tin ting Anh
c ngha.
- Trudy mun mo danh Alice nn tm mt bn m CT v gi CT cho Bob. Bob ngh
rng CT l t Alice nn gii m bng KAB v c c bn r PT. Vn y l
lm sao Bob bit c PT l ca Trudy ch khng phi ca Alice?
- V Trudy khng bit KAB nn Trudy khng th chn PT trc ri mi c CT. Do
Trudy phi chn ngu nhin mt CT no . V d Trudy chn CT l
WDTAXRLKY. Nh vy Bob gii m c c PT l tzrwiydpu. Tuy nhin PT
ny khng phi l vn bn c ngha trong ting Anh.
- C th thy rng vic Trudy chn c mt CT no , sao cho sau khi Bob gii
m cho ra PT l vn bn c ngha, th c xc sut rt b. Trong trng hp PT c
ngha theo mun ca Trudy th coi nh l khng th xy ra.
M khi

K
C
0

M khi

K
M khi


K
P
0


s

b
b
s
C
1


P
1

s

b
s
C
2


P
2

s

b
s
IV
Thanh ghi dch tri s bt
b b
s s


s
s bt
s
s
56

- Do c th chc chn rng nu Trudy mo danh th PT s l vn bn v ngha, t
Bob bit c CT l khng phi t Alice.
Tng t nh vy vi vn sa ni dung thng ip, nu Trudy chn c bn m
C ca Alice v sa C thnh CT, th xc sut PT l vn bn c ngha cng rt b. V Bob
bit c C b sa i.
i vi m ha hin i cng vy, nu Trudy chn CT l mt dy bt bt k th bn r
PT cng l mt dy bt ln xn, khng c cu trc ngha.
Tuy nhin, trong thc t, vic xc nh nh th no l dy bt v ngha l mt cng
vic kh khn i vi my tnh. Ngoi ra, c nhng loi d liu hon ton l mt dy bt
ngu nhin. Trong thc t, chng ta phi chp nhn rng bt c dy bt P no cng c th
l c ngha. Do , m bo tnh chng thc, ngi ta dng khi nim m chng thc
thng ip MAC bin dy bt ngu nhin thnh dy bt c cu trc. Chng ta s tm
hiu v MAC trong chng 5. Cn ti thi im ny, chng ta chp nhn rng mt thng
ip c ngha th l mt dy bt c cu trc.
i vi tn cng pht li thng ip (replay attack). Alice gi bn m C cho Bob,
Bob nhn c v gii m c bn r P. Tuy nhin Trudy chn c bn m C v sau
mo danh Alice gi C cho Bob thm mt ln na. Bob gii m v cng c c P. Nh vy
Bob nhn c cng mt thng ip P hai ln. Ti ln th 2, Bob khng c c s xc nh
l Alice mun gi li hay l do Trudy gi. Chng 6 s trnh by cc phng php chng
li hnh thc tn cng pht li thng ip.
3.8 Tnh khng t chi (non-repudiation) ca m ha i xng.
D rng m ha i xng m bo tnh bo mt ca h truyn tin, tuy nhin m ha
i xng li khng thc hin c tnh khng t chi. Nguyn nhn y l tnh b mt
ca kha. V kha K bt mt c hai ngi bit, nn nu K b tit l th khng c c s
quy trch nhim cho Alice hay Bob lm l kha. Do Alice c th t chi l gi bn
tin.
Ly li v d v chng khon, gi s Bob l nhn vin mi gii chng khon ca
Alice. Alice gi thng ip yu cu Bob mua c phiu ca cng ty Z. Thng ip ny c
m ha. Ngy hm sau, gi c phiu cng ty ny gim hn 50%. Thy b thit hi, Alice
ni rng Bob lm l kha, Trudy c c kha v gi thng ip ch khng phi l
Alice. Bob khng th no bc b lp lun ny.
V vy cc nh nghin cu bt u tm kim cc phng n m ha khc, sao cho
kha b mt ch c mt ngi bit m thi. l phng php m ha kha cng khai,
c trnh by trong chng tip theo.
3.9 Trao i kha b mt bng trung tm phn phi kha
Gi s c N ngi s dng, trao i d liu bng m ha i xng, mi cp ngi s
dng cn c mt kha b mt ring, dn n cn c N(N-1)/2 kha b mt. Vic thit lp
cc kha b mt ny s gy ra kh khn cho cc ngi s dng v mi ngi cn thit lp
N-1 kha.
57


Phng php trao i kha bng trung tm phn phi kha (Key Distribution Center
KDC) gip n gin ha vn ny. Trong m hnh s dng KDC, mi ngi s dng
ch cn c mt kha b mt vi KDC. Cn kha dng trao i d liu gia cc ngi s
dng s do KDC cung cp.

Gi s Alice c kha b mt KA vi KDC v Bob c kha b mt KB vi KDC. By
gi Alice mun trao i d liu vi Bob. Qu trnh thit lp kha chung KAB gia Alice v
Bob gm cc bc:
1) Alice gi yu cu mun trao i d liu vi Bob cho KDC.
2) KDC to mt kha b mt KAB v m ha thnh hai bn m. Mt bn m c
m ha bng kha b mt ca Alice E(KAB, KA) v mt bn m c m ha
bng kha b mt ca Bob E(KAB, KB).
3) Alice gii m E(KAB, KA) c KAB
4) Alice gi E(KAB, KB) cho Bob, Bob gii m c c KAB
5) Alice v Bob trao i d liu qua kha b mt KAB

Hnh 3-14. Trao i kha bt mt dng KDC
Nh vy, kha KAB
ch c KDC, Alice v Bob bit. Trch nhim ca KDC l gi b
mt kha ny. Alice v Bob dng kha KAB
m ha d liu. Khi kt thc qu trnh
A B
1. REQUEST to B
KDC
4. E(KAB, KB)
5. E(P, KAB)
2. E(KAB, KA)||E(KAB, KB)
A B
C
D
E
K
A

K
E

K
B

K
C

KDC
K
D

A B
C
D
E
K
AB

K
AC

K
AD

K
AE
K
BC

K
DC

58

truyn d liu, KAB
c hy b. Ln sau nu Alice li truyn s liu vi Bob th KDC s
cung cp kha KAB khc. Nh vy ch cn Alice c thit lp kha b mt KA vi KDC th
Alice c th truyn s liu khng ch vi Bob m cn vi nhng ngi khc.
Mt khi nim quan trng khc c th rt ra t m hnh dng KDC l khi nim
kha ch v kha phin (master key v session key). Trong v d trn cc kha KA, KB
khng c s dng trc tip m ha d liu, chng ch c dng m ha cc kha
tm KAB. Cc kha KAB ny mi trc tip m ha d liu v b hy b khi sau qu trnh
truyn d liu kt thc. V vy KA, KB c gi l kha ch, chng t c s dng nn
ngi ph m kh c c hi thu thp bn m ph m. Kha KA, KB c s dng lu di.
Cn KAB c gi l kha phin, KAB ch tn ti trong mt phin truyn d liu duy nht m
thi.
Chng 7 trnh by giao thc Keberos, l mt giao thc da trn khi nim trung
tm phn phi kha. Keberos c s dng trong cc h iu hnh ngy nay, m ha d
liu trong mng cc b LAN.
3.10 Cu hi n tp
1) M ha i xng hin i v m ha i xng c in khc nhau im no.
2) M dng hot ng da trn nguyn tc thay th hay hon v?
3) T nguyn tc sinh s ca m ha A5/1 v RC4, hy cho bit l do m dng li
dng b sinh s sinh ra dy bt? Ti sao khng dng trc tip kha K thc
hin php XOR ?
4) H m Fiestel c thun li g trong vic thc hin m khi?
5) Ti sao m ha DES li dng cc php bin i phc tp ch m ha mt khi
64 bt?
6) Xt m hnh ECB, m ha mt bn tin di bng m DES, chng ta phi ln
lt m ha tng khi 64 bt. Vic thc hin nh vy ging v khc vi m dng
nhng im no?
7) M hnh CBC c c tnh g m cc phng php m ha theo nguyn tc thay
th (nh ECB) khng c?
8) Ti sao ni m hnh CTR, OFB v CFB thc ra l m dng?
9) Mt bn r phi c c im g th mi c th ni phng php m ha i xng
c tnh chng thc? Nu Trudy khng bit kha b mt ca Alice v Bob, Trudy
c th mo danh Alice gi thng ip m Trudy mun cho Bob c khng?
10) Trong m ha i xng, vic hai ngi cng bit kha dn n nhc im g
ca phng php m ha ny?
11) Hy nu li ch ca vic dng kha ch v kha phin.
3.11 Bi tp
1. Xt thut ton TinyA5/1, gi s ban u X=21, Y = 55, Z=60. Tnh bt th 1, 2, 3
c sinh ra bi b sinh kha.
2. Trong bc khi to ca thut ton RC4, u tin S l dy cc gi tr tng dn t 1
n 255. Tm kha K sau khi hon tt khi to, S khng i (vn l dy tng dn
t 1 n 255).
59

3. Alice v Bob trao i d liu bng thut ton A5/1, tuy nhin h mun trnh vic
dng mt kha mi cho mi ln truyn d liu. Alice v Bob b mt chia s mt
kha k ban u gm 128 bit. m ha thng ip m, Alice tin hnh nh sau:
- Chn mt gi tr v bt k gm 80 bt.
- M ha bng RC4: C = A51(v||k) m
- Gi i dy bt v||C
a. M t cc bc thc hin ca Bob gii m thng ip
b. Gi s Trudy quan st thy dy (v1||C1), (v2||C2), (v3||C3), gi i gia Alice v
Bob, nu gii php Trudy c th ph m.
4. Chng minh rng sau mt s bc thc hin, kha sinh ra bi thut ton A5/1 s
lp li.
5. Chng minh rng sau mt s bc thc hin, kha sinh ra bi thut ton RC4 s
lp li.
6. Xt mt m khi thuc h Feistel gm 4 vng v P = (L0, R0). Cho bit bng m C
ng vi cc trng hp sau ca hm F:
a. F(Ri1, Ki ) = 0.
b. F(Ri1, Ki ) = Ri1.
c. F(Ri1, Ki ) = Ki
d. F(Ri1, Ki ) = Ri1 Ki .
7. Xt mt m khi thuc h Feistel gm 2 vng vi kch thc khi v kch thc
kha l 128 bt. Thut ton sinh kha con sinh ra kha cho 2 vng l nh nhau k1 =
k2.
Gi s chng ta c la chn mt (v ch mt) bn r v c bn m tng ng
(chosen-plaintext attack). Hy nu phng thc ph m mt bn m C no .
8. Xt m TinyDES trong kha K l 10100100. Hy tnh bn m trong trng hp
bn r l P = 01001011
9. Cng thc m ha cho m hnh ng dng m khi CTR l:


Gi s thay v s dng cng thc trn ta dng cng thc:


Thc hin nh vy c an ton khng? Ti sao?
10. Xt mt m hnh ng dng m khi sau:


Hy cho bit cng thc gii m. Trnh by mt im yu ca m hnh ny so vi
m hnh CBC.
11. Trong m hnh CBC, nu Alice dng mt IV duy nht cho tt c cc ln truyn d
liu th c an ton khng? (cc ln truyn u dng cng kha)
12. Trong m hnh CBC p dng m khi 64 bt, nu c mt bt ca bn m b hng
trong qu trnh truyn d liu, tnh s bt b hng ca bn gii m.
3.12 Bi tp thc hnh
60

1. Vit chng trnh m ha v gii m file bng thut ton A5/1, kha l X, Y, Z
nhp t bn phm.
2. Vit chng trnh m ha v gii m file bng thut ton RC4, kha l dy N byte
nhp t bn phm.
3. Vit chng trnh m ha v gii m file bng thut ton DES v m hnh m khi
CBC. Kha K c lu trong 1 file text ring di dng ch s thp lc phn.
4. Tm hiu v th vin m ha ca mi trng lp trnh .NET (namespace
System.Security.Cryptography). Vit chng trnh m ha v gii m mt file dng
thut ton DES, TripleDES, Rijndael v AES trong th vin m ha ca .NET.
Kha K c lu trong 1 file text ring di dng ch s thp lc phn.

61

CHNG 4. M HA KHA CNG KHAI

M ha i xng d rng pht trin t c in n hin i, vn tn ti hai im
yu sau:
- Vn trao i kha gia ngi gi v ngi nhn: Cn phi c mt knh an ton
trao i kha sao cho kha phi c gi b mt ch c ngi gi v ngi
nhn bit. iu ny t ra khng hp l khi m ngy nay, khi lng thng tin lun
chuyn trn khp th gii l rt ln. Vic thit lp mt knh an ton nh vy s
tn km v mt chi ph v chm tr v mt thi gian.
- Tnh b mt ca kha: khng c c s quy trch nhim nu kha b tit l.
Vo nm 1976 Whitfield Diffie v Martin Hellman tm ra mt phng php m
ha khc m c th gii quyt c hai vn trn, l m ha kha cng khai (public
key cryptography) hay cn gi l m ha bt i xng (asymetric cryptography). y c
th xem l mt bc t ph quan trng nht trong lnh vc m ha.
Xt li m hnh m ha i xng:

khc phc im yu ca m ha i xng ngi ta tp trung vo nghin cu theo
hng: c phng php no vic m ha v gii m dng hai kha khc nhau? C
ngha l C = E(P, K1) v P = D(C, K2). Nu thc hin c nh vy th chng ta s c 2
phng n p dn:
Phng n 1: ngi nhn (Bob) gi b mt kha K2, cn kha K1 th cng khai cho
tt c mi ngi bit. Alice mun gi d liu cho Bob th dng kha K1 m ha. Bob
dng K2 gii m. y Trudy cng bit kha K1, tuy nhin khng th dng chnh K1
gii m m phi dng K2. Do ch c duy nht Bob mi c th gii m c. iu ny
bo m tnh bo mt ca qu trnh truyn d liu. u im ca phng n ny l khng
cn phi truyn kha K1 trn knh an ton.



Phng n 2: ngi gi (Alice) gi b mt kha K1, cn kha K2 th cng khai cho
tt c mi ngi bit. Alice mun gi d liu cho Bob th dng kha K1 m ha. Bob
P
C
b sinh kha
ni nhn
M ha Gii m
Ph m


ni gi
P
knh an ton
K
knh thng
P = D(C, K1) P = D(C, K2)
62

dng K2 gii m. y Trudy cng bit kha K2 nn Trudy cng c th gii m c.
Do phng n ny khng m bo tnh bo mt. Tuy nhin li c tnh cht quan trng
l m bo tnh chng thc v tnh khng t chi. V ch c duy nht Alice bit c kha
K1, nn nu Bob dng K2 gii m ra bn tin, th iu c ngha l Alice l ngi gi
bn m. Nu Trudy cng c kha K1 gi bn m th Alice s b quy trch nhim lm l
kha K1. Trong phng n ny cng khng cn phi truyn K2 trn knh an ton.
V vy nu kt hp phng n 1 v phng n 2, th m hnh xut ca chng ta
khc phc c cc nhc im ca m ha i xng.
Trong c hai phng n, mt kha c gi b mt ch mt ngi bit, cn kha kia
c cng khai. Do m hnh m ha trn c gi l m ha kha cng khai (hay m
ha bt i xng). thun tin ta quy c li cc k hiu nh sau:
- trnh nhm ln vi kha b mt ca m i xng, kha b mt trong m
hnh trn c gi l kha ring (private key) v k hiu l KR.
- Kha cng khai (public key) c k hiu l KU.
- Bn r c k hiu l M, cn bn m gi nguyn k hiu l C
- Phng n 1 vit li thnh:
C = E(M, KU)
M = D(C, KR)
- Phng n 2 vit li thnh:
C = E(M, KR)
M = D(C, KU)
Vn cn li y l liu c tn ti mt m hnh m ha v gii m dng hai kha
khc nhau nh vy khng? D nhin l hai kha KU v KR khng th no hon ton c lp
vi nhau. Phi c mt mi quan h no gia KU v KR th mi c th tin hnh gii m
ha v gii m c. C ngha l KR = f(KU). Tuy nhin mt yu cu rt quan trng l vic
tnh KR = f(KU) phi l bt kh thi v mt thi gian. Nu nguyn tc ny b vi phm th vic
gi b mt kha KR khng cn ngha v t kha cng khai KU c th tnh c KR.
c c cp kha KR v KU nh trn, ngi ta thng dng cc hm mt chiu
(oneway function). Cc hm mt chiu c tnh cht l hm nghch o ca chng rt kh
thc hin. Sau y l v d v hm mt chiu: vic sinh ra hai s nguyn t ln p, q v tnh
tch N = pq th thc hin d dng. Tuy nhin nu ch cho trc N v thc hin phn tch N
tm li hai s nguyn t p, q l vic hon ton bt kh thi v mt thi gian. Chng ta s
xem cch thc p dng hm mt chiu ny to kha KR v KU trong phn m ha RSA.
C nhiu phng php m ha thuc loi m ha kha cng khai. l cc phng
php Knapsack, RSA, Elgaman, v phng php ng cong elliptic ECC. Mi phng
php c cch thc ng dng hm mt chiu khc nhau. Trong ti liu ny, chng ta ch tp
trung vo tm hiu phng php RSA. Bn cnh , chng ta cng cp n phng
php trao i kha Diffie-Hellman, mt cch p dng hm mt chiu nhng khng phi
m ha. Tuy nhin trc tin chng ta s tm hiu s lc v l thuyt s, y l nn tng
ton hc ca phng php m ha kha cng khai.

63

4.1 L thuyt s
4.1.1 Mt s khi nim
1. Php chia modulo:
Php chia modulo l php chia ly phn d. V d: 27 mod 8 = 3, 35 mod 9 = 8.
Mt cch tng qut:
1

Nu hai s a, b c cng s d trong php chia cho n th ta ni rng a v b l ng d
trong php chia modulo cho n , php so snh ng d c k hiu bng du :
hay vit tt l
C th thy, php ton modulo phn hoch tp s t nhin N thnh n lp tng
ng ng d ng vi cc gi tr ca r trong tp 1 2 3 1. V d vi n = 4 ta
c 4 lp tng ng sau:
4 8 12 16
1 5 9 13 17
2 6 1 14 18
3 7 11 15 19
2. Mt s tnh cht ca php modulo:
Cho a, b v n l cc s nguyn, php modulo c cc tnh cht:
a) [ ]
b) [ ]
c) [ ]
3. c s:
Nu (vit cch khc ) th c ngha l a chia ht
cho n, hay n l c s ca a.
c s chung ln nht ca hai s: k hiu gcd(a, b) . tm USCLN ca hai
s a, b, chng ta c th dng thut ton Euclid (xem Ph lc 2).
4. S nguyn t
Mt s p c gi l s nguyn t nu p ch chia ht cho 1 v chnh n, ngoi ra khng
chia ht cho s no khc t 2 n p 1.
5. S nguyn t cng nhau
Hai s nguyn a, b c gi l nguyn t cng nhau nu USCLN ca a v b l 1. K
hiu: ab. V d: 3 8, 7 9, 4 15. Hai s 20 v 15 khng nguyn t cng nhau v c
USCLN l 5.
r
0 1 2 n 2n qn a (q+1)n
n
64

6. Phn t nghch o ca php nhn modulo:
Nu hai s nguyn a v n nguyn t cng nhau, th tn ti s nguyn w sao cho:
1
Ta gi w l phn t nghch o ca a trong php modulo cho n v k hiu l a
-1

V d:
- n = 10, a = 7 l hai s nguyn t cng nhau, do tm c a
-1
= 3 (21 1 mod 10)
a
-1
0 1 2 3 4 5 6 7 8 9
a
-1

x 7 0 7 4 1 8 5 2 9 6 3
- n = 10, a = 2 khng phi l hai s nguyn t cng nhau, ta c bng php nhn sau:
a
-1
0 1 2 3 4 5 6 7 8 9
a
-1

x 2 0 2 4 6 8 0 2 4 6 8
Trong bng trn khng tn ti s a
-1

no sao cho a.a
-1
1 mod 10. Vy khng tn ti
phn t nghch o.
tnh

chng ta dng thut ton Euclid m rng (xem Ph lc 2)


4.1.2 nh l Fermat
nh l:
Nu p l s nguyn t v a l s nguyn khng chia ht cho p th

1
Chng minh:
Xt tp X gm p 1 phn t sau:
X = { a mod p, 2a mod p, , (n1)a mod p }
Ta c hai nhn xt sau:
- Khng c phn t no ca tp X bng 0 v a nguyn t cng nhau vi p.
- Khng tn ti hai phn t th i v th j (ij) sao cho: ia mod p = ja mod p.
V a nguyn t cng nhau vi p nn tn ti a
-1
trong php modulo p. Do
nu ia ja mod p th iaa
-1
jaa
-1
mod p ngha l i j mod p. iu ny
tri vi gi thit ij.
T hai nhn xt trn ta suy ra cc phn t ca X s l mt hon v ca cc gi tr {1, 2,
, p1 }. Do :
2 1 [1 2 1]

1 (pcm)
Sau y l mt s v d ca nh l Fermat:
- p = 5, a = 7 7
4
= 49.49 = 2401 , 2401 1 mod 5
- p = 7, a = 4 4
6
= 64.64 = 4096 , 4096 1 mod 7
4.1.3 Php logarit ri rc
Ta nh ngha php ly tha modulo nh sau, tnh y t a, x v n l cc s nguyn:

vi x s a nhn vi nhau
65

Ta ch xt trng hp n l s nguyn t. Bng sau minh ha cc gi tr ca php ly
tha modulo vi n = 19 , a v x t 1 n 18.

a a
2
a
3
a
4
a
5
a
6
a
7
a
8
a
9
a
10
a
11
a
12
a
13
a
14
a
15
a
16
a
17
a
18

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
2 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 1
3 9 8 5 15 7 2 6 18 16 10 11 14 4 12 17 13 1
4 16 7 9 17 11 6 5 1 4 16 7 9 17 11 6 5 1
5 6 11 17 9 7 16 4 1 5 6 11 17 9 7 16 4 1
6 17 7 4 5 11 9 16 1 6 17 7 4 5 11 9 16 1
7 11 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 1
8 7 18 11 12 1 8 7 18 11 12 1 8 7 18 11 12 1
9 5 7 6 16 11 4 17 1 9 5 7 6 16 11 4 17 1
10 5 12 6 3 11 15 17 18 9 14 7 13 16 8 4 2 1
11 7 1 11 7 1 11 7 1 11 7 1 11 7 1 11 7 1
12 11 18 7 8 1 12 11 18 7 8 1 12 11 18 7 8 1
13 17 12 4 14 11 10 16 18 6 2 7 15 5 8 9 3 1
14 6 8 17 10 7 3 4 18 5 13 11 2 9 12 16 15 1
15 16 12 9 2 11 13 5 18 4 3 7 10 17 8 6 14 1
16 9 11 5 4 7 17 6 1 16 9 11 5 4 7 17 6 1
17 4 11 16 6 7 5 9 1 17 4 11 16 6 7 5 9 1
18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1
Bng 4-1. Bng gi tr ly tha modulo vi n= 19
Nhn vo bng trn, ta thy rng khng phi hng no cng c y cc gi tr t 1
n 18. Xt hng a = 11, ta c:
- 11
1
11 mod 19 (*)
- 11
2
= 121 7 mod 19
- 11
3
= 1331

1 mod 19
- 11
4
11
3
.11 11 mod 19 ( ging nh hng (*))
- 11
5
11
2
mod 19
- .
Do hng a = 11 (tng ng vi dy 11
1
, 11
2
,, 11
18
) ch c ba gi tr 11, 7, 1
c lp li theo chu k.
Trong bng trn ch c cc gi tr a = 2, 3, 10, 13, 14, 15 l lm cho dy a
1
, a
2
, , a
18

c u cc gi tr t 1 n 18 vi php modulo 19. Nh vy ch c a = 2, 3, 10, 13, 14, 15
th php ly tha modulo trn mi kh nghch.
Trong trng hp tng qut vi mi n ch c mt s trng hp ca a th php ly
tha l kh nghch. Lc ny a c gi l primitive root ca n.
V cng tng t nh s thc, nu bit y, a v n, mun tm li x th ta cng dng hm
logarith, c gi l logarith ri rc.


Tuy nhin khng ging nh s thc, vic tnh logarith ri rc c chng minh l
rt tn km v mt thi gian. V c xem nh l bt kh thi nu a v n l cc s ln. Do
66

php ly tha modulo cng c xem l hm mt chiu v c ng dng trong phng
php trao i kha Diffie Hellman.
4.2 RSA
Phng php RSA l mt phng php m ha kha cng khai. RSA c xy dng
bi cc tc gi Ron Rivest, Adi Shamir v Len Adleman ti hc vin MIT vo nm 1977,
v ngy nay ang c s dng rng ri. V mt tng qut RSA l mt phng php m
ha theo khi. Trong bn r M v bn m C l cc s nguyn t 0 n 2
i
vi i s bt ca
khi. Kch thc thng dng ca i l 1024 bt. RSA s dng hm mt chiu l vn
phn tch mt s thnh tha s nguyn t.
4.2.1 Nguyn tc thc hin ca RSA
thc hin m ha v gii m, RSA dng php ly tha modulo ca l thuyt s.
Cc bc thc hin nh sau:
1) Chn hai s nguyn t ln p v q v tnh N = pq. Cn chn p v q sao cho:
M < 2
i-1
< N < 2
i
. Vi i = 1024 th N l mt s nguyn di khong 309 ch s.
2) Tnh n = (p 1)(q 1)
3) Tm mt s e sao cho e nguyn t cng nhau vi n
4) Tm mt s d sao cho 1 (d l nghch o ca e trong php modulo n)
5) Hy b n, p v q. Chn kha cng khai KU l cp (e, N), kha ring KR l cp
(d, N)
6) Vic m ha thc hin theo cng thc:
- Theo phng n 1, m ha bo mt:


- Theo phng n 2, m ha chng thc:


7) Vic gii m thc hin theo cng thc:
- Theo phng n 1, m ha bo mt:


- Theo phng n 2, m ha chng thc:


Bn r M c kch thc i-1 bt, bn m C c kch thc i bt.
m bo rng RSA thc hin ng theo nguyn tc ca m ha kha cng khai, ta
phi chng minh hai iu sau:
a) Bn gii m chnh l bn r ban u:

, xt phng n 1:
T bc 4 ta suy ra:
1 vi k l mt s nguyn no
Vy:


Trc tin ta chng minh:

. Xt hai trng hp
ca M:
- M chia ht cho p: o


67

- M khng chia ht cho p, v p l s nguyn t nn suy ra M nguyn t cng
nhau vi p. Vy:

(theo nh l Fermat)

Vy:

vi mi M. Hay ni cch khc

chia ht cho p. Chng minh tng t ta c

chia ht cho q. V p, q l hai s nguyn t nn suy ra

chia
ht cho N = pq. Tm li:

(do M<N) (pcm).


V e v d i xng nn c th thy trong phng n 2, ta cng c

.
b) Khng th suy ra KR t KU, ngha l tm cp (d, N) t cp (e, N):
C e v N, mun tm d, ta phi da vo cng thc: 1 . Do
phi tnh c n. V 1 1 nn suy ra phi tnh c p v q. V N = pq
nn ta ch c th tnh c p v q t N. Tuy nhin iu ny l bt kh thi v N = pq l
hm mt chiu. Vy khng th tnh c KR t KU.
4.2.2 V d RSA
minh ha ta s thc hin mt v d v m ha RSA vi kch thc kha l 6 bt.
1) Chn p = 11 v q = 3, do N = pq = 33 (2
5
= 32 < 33 < 64 = 2
6
)
2) n = (p1)(q1) = 20
3) Chn e = 3 nguyn t cng nhau vi n
4) Tnh nghch o ca e trong php modulo n c d = 7 (3x7 = 21)
5) Kha cng khai K
U
= (e, N) = (3, 33). Kha b mt K
R
= (d, N) = (7, 33)
Theo phng n 1 (m ha bo mt):
6) M ha bn r M = 15:

15

33 9 (v 15

3375 12 33 9 )
7) Gii m bn m C = 9:

33 15 (v 9

4782696 144938 33 15 )


Theo phng n 2 (m ha chng thc):
6) M ha bn r M = 15:

15

33 27 (v 15

17859375 5177556 33 27 )
15
3
mod 33 = 9 9
7
mod 33 = 15
bn r
15
bn m
9
bn r
15
KU = (3, 33) KR = (7, 33)
68

7) Gii m bn m C = 9:

27

33 15 (v 27

19683 596 33 15 )
4.3 phc tp tnh ton trong RSA
C hai vn v phc tp tnh ton trong phng php RSA. l cc php tnh
sinh kha v cc php tnh m ha/gii m
4.3.1 Php tnh m ha/gii m
Php tnh m ha v gii m dng php ly tha modulo. an ton, thng phi
chn N, e, d, M ln. Nu thc hin bng cch tnh php ly tha trc sau rt gn
modulo, th gi tr ca php ly tha l qu ln c th lu tr v tnh ton. Tuy nhin s
hc modulo c mt tnh cht sau:
[ ]
Chng ta c th s dng tnh cht ny n gin php tnh ly tha modulo thng
qua mt phng php gi l bnh phng lin tip. V d cn tnh x
16
mod n , u tin s
tnh a = x mod n , tip theo l b = x
2
mod n = a
2
mod n, tip theo l c = x
4
mod n = b
2

mod n, tip theo l d = x
8
mod n = c
2
mod n, v cui cng x
16
mod n = d
2
mod n. Cc s a,
b, c, d lun nh hn n do trnh c vic tnh s ly tha ln ng thi nng cao tc
tnh ton.
Trong trng hp tng qut tnh x
b
mod n, ta vit b di dng s nh phn.
b = bkbk-1 b2b1b0
trong bi l cc bt 0, 1
Nh vy: 2


Do


Nh vy ng bi cc bi
= 1, ta dng phng php bnh phng lin tip tnh cc

. Sau nhn cc kt qu vi nhau v rt gn modulo c kt qu cui cng


V d, tnh y = 5
20
mod 11 : s 20 vit di dng nh phn l 10100, c bt 2 v bt 4
bng 1. (ngha l 20 = 16 + 4)
5
1
= 5 mod 11
5
2
= (5
1
)
2
= 25 3 mod 11
5
4
= (5
2
)
2
= 3
2
9 mod 11
5
8
= (5
4
)
2
= 9
2
= 81 4 mod 11
5
16
= (5
8
)
2
= 4
2
= 16 5 mod 11
Kt qu cui cng y = 5
20
mod 11 = (5
4
mod 11)(5
16
mod 11) = 9 x 5 mod 11 = 1
/* Thut ton tnh ly tha modulo x
b
mod n */
a = x; y = 1;
do
if (b mod 2 <> 0)
y = (y*a) mod n;
end if
b = b shr 1;
a = (a*a) mod n;
69

while (b>0);
return y;

tng tc qu trnh m ha d liu, ngi ta thng chn mt kha cng khai e c
th no . Thng th e l 65537 (2
16
+ 1 ). Ngoi ra cn c th chn e l 3 hoc 17. L
do chn cc con s ny l lc e ch c 2 bt 1. Do gim c php cc php nhn
trong php tnh ly tha modulo (mt im cn ch l phi chn p v q sao cho e nguyn
t cng nhau vi n). Tuy nhin nu chn e qu nh th RSA s b ph m bng cch s
dng nh l s d Trung Hoa (xem Ph Lc 2-3).
Gi s chn e = 3 v Alice gi cng mt thng ip M cho ba ngi khc c kha
cng khai ln lt l (3, N1), (3, N2), (3, N3). Ba bn m s l C1 = M
3
mod N1 , C2 = M
3

mod N1 , C3 = M
3
mod N3 . Thng th N1, N2, N3
s nguyn t cng nhau theo tng cp.
Theo nguyn tc ca RSA, M u nh hn N1, N2, N3 nn M
3
< N1N2N3. Vy xt di gc
ca nh l s d Trung Hoa:
N1N2N3 T
M
3
A
N1 t1 , N2 t2 , N3 t3
C1 a1 , C2 a2 , C1 a3
Theo nh l s d Trung Hoa, nu bit a1, a2, a3, t1, t2, t3 ta c th khi phc c
gi tr A. Vy nu Trudy c c C1, C2, C3 ca Alice, Trudy s tm c M
3
v t tnh
c M.
V ta chn e nh nn d tm c s kh ln. Do ngoi vic p dng phng
php bnh phng lin tip tnh

, ngi ta cn p dng nh l s d
Trung Hoa tng tc tnh ton ln 4 ln. Cch thc hin nh sau:
B sung vo kha ring cc tham s p, q dP, dQ, qInv, vi:
p, q l hai s nguyn t tnh N
dP.e 1 mod p
dQ.e 1 mod q
qInv.q 1 mod p (vi gi nh p>q)
p dng nh l s d Trung Hoa theo phng n Garner, thay v tnh

, chng ta c th tnh M nh sau:



Vi cch thc hin trn, chng ta ch tnh php modulo trn cc s p, q c kch thc
nh hn N.
Chng minh:
Tng t nh cch chng minh RSA, t 1 1, ta c:

(v N chia ht cho p)
70


T p dng nh l Fermat b, ta suy ra:


Tng t, ta cng c


Do , xt theo nh l s d Trung Hoa theo phng n Garner th M trong ZN
tng ng vi cp (m1, m2) trong ZpZq:
N T , M A, p t2 , q t1, m1 a2, m2 a1, qInv c12
Ta c:


Vy:

(pcm).
4.3.2 Php tnh sinh kha
Php tnh sinh kha l chn p v q nguyn t tnh N. phn tch s N thnh tch
hai tha s nguyn t p, q, ch c mt cch duy nht l th tng s p v q. Do phi chn
p, q ln vic th l khng kh thi. Hin nay cha c phng php no sinh ra s
nguyn t ln ty . Ch c cch l chn mt s l ngu nhin no v kim tra s c
phi l s nguyn t khng. Vic kim tra tnh nguyn t cng gp nhiu kh khn. Thut
ton kim tra s nguyn t hiu qu hin nay l thut ton Miller-Rabin (xem Ph lc 2),
d rng khng hon ton chnh xc 100%, tuy nhin c th t sai s nh khng ng k.
Da vo l thuyt s nguyn t, ngi ta c tnh rng cn th trung bnh khong 70
s l tm ra mt s nguyn t ln chng 2
200
.
V chng ta chn e trc l 65537 (hay 3 hoc 17 ), do cn kim tra xem e
c nguyn t cng nhau vi n = (p1)(q1) hay khng. Nu khng ta phi th li vi p v
q khc. Sau khi tm p v q thch hp, cn tm d sao cho 1 . Bng cch
dng thut ton Euclid m rng, chng ta c th kt hp vic kim tra tnh nguyn t cng
nhau ca e v n, ng thi nu e nguyn t cng nhau vi n th thut ton cng cho bit d.
V vy khng cn tin hnh bc tm d ring.
4.4 an ton ca RSA
Sau y ta s xem xt mt s cc tn cng phng php RSA.
1) Vt cn kha: cch tn cng ny th tt c cc kha d c th c tm ra bn gii
m c ngha, tng t nh cch th kha K ca m ha i xng. Vi N ln,
vic tn cng l bt kh thi.
2) Phn tch N thnh tha s nguyn t N = pq: Chng ta ni rng vic phn tch
phi l bt kh thi th mi l hm mt chiu, l nguyn tc hot ng ca RSA.
Tuy nhin, nhiu thut ton phn tch mi c xut, cng vi tc x l
ca my tnh ngy cng nhanh, lm cho vic phn tch N khng cn qu kh
khn nh trc y. Nm 1977, cc tc gi ca RSA treo gii thng cho ai
ph c RSA c kch thc ca N vo khong 428 bt, tc 129 ch s. Cc tc
gi ny c on phi mt 40 nghn triu triu nm mi c th gii c. Tuy
71

nhin vo nm 1994, cu ny c gii ch trong vng 8 thng. Bng sau
lit k kch thc N ca cc RSA ph m c cho n hin nay
S ch s ca N S bt Nm ph m Thut ton
100 322 1991 Quadratic sieve
110 365 1992 Quadratic sieve
120 398 1993 Quadratic sieve
129 428 1994 Quadratic sieve
130 431 1996 GNFS
140 465 1999 GNFS
155 512 1999 GNFS
160 530 2003 Lattice sieve
174 576 2003 Lattice sieve
200 633 2005 Lattice sieve
Bng 4-2. Bng lit k cc mc ph m RSA
D nhin l vic ph m trn ch c thc hin trong phng th nghim. Tuy
nhin ngi ta cho rng kch thc ca N phi khong 1024 bt (309 ch s) th mi
bo m an ton tht s.
3) o thi gian: y l mt phng php ph m khng da vo mt ton hc ca
thut ton RSA, m da vo mt hiu ng l sinh ra bi qu trnh gii m RSA.
Hiu ng l l thi gian thc hin gii m. Gi s ngi ph m c th o
c thi gii m

dng thut ton bnh phng lin tip. Trong


thut ton bnh phng lin tip, nu mt bt ca d l 1 th xy ra hai php
modulo, nu bt l 0 th ch c mt php modulo, do thi gian thc hin
gii m l khc nhau. Bng mt s php th chosen-plaintext, ngi ph m c
th bit c cc bt ca d l 0 hay 1 v t bit c d.
Phng php ph m ny l mt v d cho thy vic thit k mt h m an ton
rt phc tp. Ngi thit k phi lng trc c ht cc tnh hung c th xy ra.
4.5 Bo mt, chng thc v khng t chi vi m ha kha cng khai
Gi s Alice mun gi d liu cho Bob dng m ha kha cng khai, trc tin
Alice v Bob s chn cp kha ring-kha cng khai. K hiu kha ring-kha cng khai
ca Alice l KRA v KUA, ca Bob l KRB v KUB,
Nh vy gi d liu bo mt cho Bob, Alice s dng phng n 1: m ha d liu
bng kha cng khai KUB ca Bob, v Bob dng kha ring KRB gii m.
C = E(M, KUB)
M = D(C, KRB)

72


Hnh 4-1. M hnh bo mt vi m ha kha cng khai
m bo tnh chng thc v Alice khng t chi trch nhim gi d liu, Alice
s dng phng n 2: Alice m ha d liu bng kha ring KRA, v Bob dng kha cng
khai KRA ca Alice gii m.
C = E(M, KRA)
M = D(C, KUA)

Hnh 4-2. M hnh khng thoi thc vi m ha kha cng khai
Cng vi gi nh rng thng ip c ngha l mt dy bt c cu trc, nu bn gii
m ca Bob l hp l th r rng l Alice l ngi gi v ch c Alice mi c kha ring
KRA. Ging nh m ha i xng, nu Trudy can thip chnh sa trn bn m C th Bob s
gii m ra bn r l mt dy bt v ngha. Cn nu Trudy c c kha KRA th Alice
khng th thoi thc trch nhim lm l kha.
Tuy nhin m hnh nh trn li khng m bo tnh bo mt. V khng ch ring
Bob, Trudy cng bit c kha cng khai KUA ca Alice. Do Trudy c th gii m bn
m C v bit c ni dung bn r M.
gii quyt vn trn, ngi ta kt hp tnh bo mt, chng thc v khng t
chi qua m hnh sau:
C = E(E(M, KRA), KUB)
M = D(D(C, KRB), KUA)

Hnh 4-3. M hnh kt hp bo mt, chng thc v khng t chi
4.6 Trao i kha
KRB
KRA
m ha
chng thc
m ha
bo mt
gii m
bo mt
gii m
chng thc
KUA KUB
Bob Alice knh truyn
M C
M
M
C
b sinh kha
Bob E D Alice
M
KUA
knh thng
KRA
knh thng
M
C
b sinh kha
Bob E D Alice
M
KUB
knh thng
KRB
knh thng
73

4.6.1 Trao i kha cng khai
Khi hai ngi s dng mun truyn d liu vi nhau bng phng php m ha kha
cng khai, trc tin h phi trao i kha cng khai cho nhau. V y l kha cng khai
nn khng cn gi b mt vic trao i ny, kha c th truyn cng khai trn knh thng.
Alice v Bob, hay bt c ngi no khc c th cng b rng ri kha cng khai ca mnh
theo m hnh bn di:

Hnh 4-4. Trao i kha cng khai t pht
Tuy nhin y chng ta li gp phi vn v chng thc. Lm nh th no m
Alice c th m bo rng KUB chnh l kha cng khai ca Bob? Trudy c th mo danh
Bob bng cch ly kha KUT ca Trudy v ni rng l kha cng khai ca Bob.
V vy, vic trao i kha cng khai theo m hnh trn t gnh nng ln vai ca
tng c nhn. Alice mun gi thng ip cho Bob hay bt c ngi no khc th phi tin
tng vo kha cng khai ca Bob hay ca ngi . Tng t nh vy cho Bob.
gim gnh nng cho tng c nhn, mt m hnh gi l chng ch kha cng khai
(public-key certificate) c s dng. Trong m hnh ny c mt t chc lm nhim v
cp chng ch c gi l trung tm chng thc (Certificate Authority CA). Cc bc
thc hin cp chng ch cho Alice nh sau:
1) Alice gi nh danh IDA v kha cng khai KUA ca mnh n trung tm chng
thc.
2) Trung tm chng nhn kim tra tnh hp l ca Alice, v d nu IDA l
Microsoft, th Alice phi c bng chng chng t mnh thc s l cng ty
Microsoft.
3) Da trn c s , trung tm chng thc cp mt chng ch CA xc nhn rng
kha cng khai KUA l tng ng vi IDA. Chng ch c k chng thc bng
kha ring ca trung tm m bo rng ni dung ca chng ch l do trung
tm ban hnh.
CA = E(IDA|| KUA , KRAuth)
(|| l php ni dy bt)
4) Alice cng khai chng ch CA
.
5) Bob mun trao i thng tin vi Alice th s gii m CA bng kha cng khai ca
trung tm chng thc c c kha cng khai KUA ca Alice. Do nu Bob
.
.
.
A
IDA||KUA
IDA||KUA
IDA||KUA
IDA||KUA
.
.
.
IDB||KUB
IDB||KUB
IDB||KUB
IDB||KUB
B
74

tin tng vo trung tm chng thc th Bob s tin tng l KUA
l tng ng vi
IDA, tc tng ng vi Alice.

Hnh 4-5. Trao i kha cng khai dng trung tm chng thc
Nh vy c th thy rng nu Bob mun gi thng ip cho Alice, Cindy, hay
Darth, th Bob khng cn phi tin tng vo kha cng khai ca Alice, Cindy, hay Darth
na. Bob ch cn tin tng vo trung tm chng thc v kha cng khai ca trung tm
chng thc l .
Hin nay m hnh chng ch kha cng khai ang c p dng rng ri vi chun
ca chng ch l chun X.509. Trn th gii c khong 80 t chc chng thc chng ch
kha cng khai. Chng ta s tm hiu chi tit hn v chun X.509 trong chng 7.
4.6.2 Dng m ha kha cng khai trao i kha b mt
Do c im ton hc ca phng php m ha kha cng khai, thi gian m ha v
gii m ca phng php ny chm hn so vi phng n m ha i xng. Trong thc t,
i vi vn bo m tnh bo mt, ngi ta vn s dng phng php m ha i xng.
M ha kha cng khai c dng thit lp kha b mt cho mi phin trao i d liu.
Lc ny kha b mt c gi l kha phin (session key), cc phin trao i d liu khc
nhau s dng cc kha b mt khc nhau.
Hnh di m t mt m hnh n gin thit lp kha phin K
S
gia Alice v Bob.

Hnh 4-6. Thit lp kha phin b mt bng m ha kha cng khai
Alice to mt kha phin KS , m ha bng kha ring ca Alice, sau m ha bng
kha cng khai ca Bob. Bob gii m K
S
dng kha ring ca Bob v kha cng khai ca
Alice. Nh tnh bo mt, Alice bit chc rng ngoi Alice ch c Bob mi bit c KS.
Nh tnh khng t chi, Bob bit rng ngoi Bob ch c Alice mi bit c KS v Alice
dng kha ring m ha KS. Do KS c th dng lm kha b mt cho m ha i xng
A B
1.CA
3.E( E(KS , KRA), KUB)
2.CB
4. E(P, KS)
.
.
.
A
CA
CA
.
.
.
B
CB
CB
IDA||KUA
CA = E(IDA|| KUA , KRAuth)
Certificate
Authority
CB = E(IDB|| KUB , KRAuth)
IDB||KUB
75

trao i d liu gia Alice v Bob. Sau phin trao i d liu, KS c hy b nn kha
b mt ny s t c kh nng b l. Lc ny vai tr ca m ha kha cng khai khng phi
l bo mt d liu na (vic ny do m ha i xng m trch) m l bo m tnh b mt
ca kha i xng, ch c A v B bit kha KS.
4.7 Phng php trao i kha Diffie Hellman
Phng php trao i kha Diffie-Hellman dng thit lp mt kha b mt gia
ngi gi v ngi nhn m khng cn dng n m ha cng khai nh phn 4.6.2.
Phng php ny dng hm mt chiu lm hm logarith ri rc. Diffie-Hellman khng c
ngha v mt m ha ging nh RSA.
Trc tin Alice v Bob s thng nht s dng chung mt s nguyn t p v mt s
g nh hn p v l primitive root ca p (ngha l php ton g
x
mod p kh nghch). Hai s p
v g khng cn gi b mt. Sau Alice chn mt s a v gi b mt s a ny. Bob cng
chn mt s b v gi b mt s b. Tip theo Alice tnh v gi g
a
mod p cho Bob, Bob tnh
v gi g
b
mod p cho Bob. Trn c s Alice tnh:
(g
b
)
a
mod p = g
ab
mod p
Bob tnh:
(g
a
)
b
mod p = g
ab
mod p
Do Alice v Bob c chung gi tr g
ab
mod p. Gi tr ny c th dng lm kha
cho php m ha i xng.
Nh vy, k ph m Trudy c th c c g, p, g
a
v g
b
. Mun tnh c g
ab
mod p,
Trudy khng th dng cch:
g
a
g
b
mod p = g
a+b
mod p g
ab
mod p
Mun tnh c g
ab
mod p , Trudy phi tnh c a hoc c b. Tuy nhin vic tnh
a hay b theo cng thc:
a = dlogg, p g
a
hay b = dlogg, p g
b

l khng kh thi do tnh phc tp ca php logarith ri rc. Vy Trudy khng th no
tnh c g
ab
mod p. Hay ni cch khc, kha dng chung c trao i b mt gia Alice
v Bob.
Tuy nhin, thut ton Diffie-Hellman li tht bi i vi cch tn cng k-ng-gia.
Trong phng php tn cng ny, Trudy ng gia Alice v Bob. Trudy chn cc thng
ip ca Alice v Bob, gi mo cc thng ip m Alice v Bob khng hay bit. Alice vn
ngh l nhn d liu t Bob v ngc li.
Do Trudy c th thit lp kha Diffie-Hellman g
at
mod p vi Alice v kha g
bt

mod p vi Bob. Khi Alice gi d liu, Trudy gii m bng kha g
at
mod p, sau m ha
li bng g
bt
mod p v gi cho Bob. Nh vy Alice v Bob khng hay bit cn Trudy th
xem trm c d liu.

Bob Alice Trudy

g
a
mod p
g
t
mod p
g
t
mod p
g
b
mod p
76

Hnh 4-7. Tn cng k-ng-gia vi phng php Diffie--Hellman
an ton, qu trnh thit lp kha Diffie-Hellman vn phi c m ha bng mt
kha cng khai. Lc ny mt cu hi c t ra l nu c bo v bng kha cng
khai ri, th c th chn kha i xng bt k, cn g chn kha Diffie-Hellman? Tuy
nhin c mt s trng hp, khi m cch thc tn cng k-ng-gia khng th thc hin
c, th phng thc Diffie-Hellman t ra rt hu dng.
Trong m hnh trong phn 4.6.2, gi s Trudy ghi nhn li ht tt c cc thng ip
gia Alice v Bob. Sau ny nu Trudy pht hin ra c kha ring KRA v KRB ca Alice
v Bob, Trudy c th khi phc li c kha i xng KS. V t Trudy c th khi
phc li cc bn r m c m ha bng kha K
S
ny. By gi ta xt m hnh sau dng
Diffie-Hellman c bo v bng m ha kha cng khai:

Hnh 4-8. Bo v kha Diffie-Hellman bng kha cng khai
Trong m hnh trn, d cho sau ny Trudy pht hin ra c kha ring KRA v KRB
ca Alice v Bob, v Trudy tm ra c g
a
mod p v g
b
mod p. Tuy vy, Trudy cng
khng th no khi phc li c kha b mt g
ab
mod p. V do khng th khi phc
li cc bn r gia Alice v Bob. y chnh l ngha ca phng php Diffie-Hellman.
4.8 Cu hi n tp
1. Nu im yu ca m ha i xng.
2. Hm mt chiu l g? Cho v d v hm mt chiu.
3. Trong s hc modulo n, khi no th mt s c s nghch o ca php nhn?
4. Logarit ri rc khc logarit lin tc nhng im no?
5. kim tra tnh nguyn t ca mt s nguyn, thut ton Miller-Rabin c th cho
kt qu sai, vy ti sao ngi ta vn s dng thut ton ny?
6. Ti sao trong thut ton RSA cn dng phng php bnh phng lin tip tnh
ly tha modulo?
7. Nu nguyn tc ca m ha kha cng khai? Ti sao trong m ha kha cng khai
khng cn dng n knh an ton truyn kha?
8. Trong m ha kha cng khai, kha ring v kha cng khai c phi l 2 kha ty
, khng lin quan? Nu c lin quan, ti sao khng th tnh kha ring t kha
cng khai?
9. Ngoi vn truyn kha, m ha kha cng khai cn u im hn m ha i
xng im no?
10. Nu nhc im ca m ha kha cng khai.
11. Diffie-Hellman khng phi l mt phng php m ha kha cng khai. Vy
Diffie-Hellman l g?
A
B
CA
E(E(g
a
mod p||T , KRA), KUB)
CB
E(E(g
b
mod p||T , KRB), KUA)
77


4.9 Bi tp
1. Cho a = 13, p = 20. Tm gi tr nghch o ca a trong php modulo p dng thut ton
Euclid m rng (xem ph lc 2).
2. Cho n = 17, lp bng tng t nh Bng 4-1. Lit k cc primitive root ca n.
3. p dng thut ton bnh phng lin tip tnh 7
21
mod 13
4. Cho p = 5, q= 11, e = 7. Tnh kha ring (d, N) trong phng php RSA.
5. Thc hin m ha v gii m bng phng php RSA vi p = 3, q = 11, e = 7, M =
5 theo hai trng hp m ha bo mt v m ha chng thc.
6. Alice chn p = 7, q = 11, e = 17, Bob chn p = 11, q = 13, e = 11:
a. Tnh kha ring K
RA
ca Alice v K
RB
ca Bob
b. Alice mun gi cho Bob bn tin M = 9 va p dng chng thc v bo mt
nh s 4-3. Hy thc hin qu trnh m ha v gii m.
7. Xt thut ton Miller-Rabin (xem ph lc 2). Vi s 37, cho bit kt qu ca thut
ton Miller-Rabin trong cc trng hp sau y ca a: 9, 17, 28.
8. Dng thut ton Miller-Rabin, kim tra tnh nguyn t ca s 169.

4.10 Bi tp thc hnh
1. Vit chng trnh th hin thut ton Euclid m rng p dng cho cc s nguyn nh
32 bt.
2. Vit chng trnh sinh mt s nguyn t nh (32 bt) dng thut ton Miller-Rabin.
3. Vit chng trnh th hin thut ton bnh phng lin tip tnh a
x
mod p trn s
nguyn nh
4. Vit chng trnh m ha file bng thut ton RSA trn s nguyn nh.
5. Vit chng trnh thc hin cc php ton +, -, *, mod trn cc s nguyn ln (kch
thc ti a mt s nguyn l 1024 bt). Gi : mi s nguyn c biu din bng
mt mng cc phn t 32 bt.
6. p dng bi 5, thc hin li cc bi 1, 2, 3, 4 p dng trn s nguyn ln.
7. Tm hiu v thut ton RSA trong mi trng lp trnh .NET (namespace
System.Security.Cryptography). Vit chng trnh m ha v gii m mt file trn
my tnh dng phng php RSA trong th vin m ha ca .NET. Kha cng khai
v kha ring c lu trong 1 file text di dng ch s thp lc phn.
78




79

CHNG 5. M CHNG THC THNG IP, HM BM

tm hiu v tnh chng thc ca m ha i xng v m ha kha cng khai,
trong chng 2, 3 v 4, chng ta gi s rng mt thng ip c ngha th phi c mt
cu trc no . Chng hn nh i vi ngn ng, mt cu vn ch c ngha khi ch ci
c kt hp vi nhau theo cc quy tc t vng v ng php ca mt ngn ng. Do nu
Trudy can thip sa i bn m th bn gii m s l mt chui bt v ngha, v ngi nhn
bit c l d liu b thay i. Ta c hai kt lun sau v tnh chng thc ca m ha
i xng v m ha kha cng khai:
- KL1: Trudy khng th tm ra mt bn m CT, sao cho khi Bob gii m bng kha
KAB (hay kha KUA
vi m kha cng khai) cho ra bn r PT c ngha theo
mun ca Trudy.
- KL2: Hn na, Trudy cng khng th tm ra mt bn m CT sao cho PT

l mt bn
tin c ngha, m ch l mt dy bt ln xn, khng cu trc.
Tuy nhin trong thc t c nhiu loi d liu m cc bt gn nh l ngu nhin.
Chng hn nh d liu hnh nh bitmap hay m thanh. Ngoi ra i vi my tnh, vic
nhn dng ra th no l dy bt c ngha l mt cng vic kh khn. Do trong thc t,
chng ta hu nh chp nhn rng bt c dy bt no cng c th c ngha. Lc ny cc
phng php m ha i xng v m ha cng khai khng th bo m tnh chng thc.
gii quyt vn ny, m ha phi vn dng khi nim redundancy ca lnh vc
truyn s liu, tc thm vo mt t d liu (checksum) bin bn tin, t dy bt ngu
nhin, tr thnh dy bt c cu trc.
Trong qu trnh truyn s liu, do tc ng nhiu ca mi trng, bn tin lc n
ch c th b sai lch so vi bn tin ban u trc khi truyn. pht hin nhiu, mt
on bt ngn gi l checksum c tnh ton t dy bt ca bn tin, v gn vo sau bn tin
to redundancy, v c truyn cng vi bn tin n ch.



Chng ta hy xem xt li mt phng php kim li checksum ph bin l CRC
(cyclic redundancy check). Trong phng php ny, mt on bt ngn c chn lm s
chia, ly dy bt ca thng ip chia cho s chia ny, phn d cn li c gi l gi tr
checksum CRC. Php chia ny khc php chia thng ch dng php XOR thay cho
php tr. Gi s thng ip l 10101011 v s chia l 10011, qu trnh tnh nh sau:






10101011 10011
10011 1011
11001
10011
10101
10011
110



bn tin checksum
80

Gi tr CRC l phn d 0110 (t hn 1 bt so vi s chia). Gi tr ny c gi km
thng ip n ngi nhn. Ngi nhn cng thc hin php tnh CRC nh vy. Nu gi
tr CRC ngi nhn tnh c trng khp vi CRC ca ngi gi th c ngha l thng
ip khng b li trong qu trnh truyn d liu. Trong phng php CRC khng kh
tm ra hai dy bt khc nhau m c cng CRC. C ngha l c th xy ra li m khng pht
hin c. Tuy nhin xc sut ngu nhin xy ra li trn ng truyn m lm cho dy bt
truyn v dy bt nhn c cng gi tr CRC l rt thp.
Nu p dng c ch checksum vo chng thc thng ip, ngi gi c th tnh
checksum t dy bt ca thng ip, sau ni checksum ny vo dy bt . Nh vy
chng ta c mt dy bt c cu trc. Sau tin hnh m ha i xng hay m ha cng
khai trn dy bt mi. V kch thc ca checksum l ngn nn cng khng nh hng lm
n tc m ha v bng thng s dng.
C th, m hnh m ha i xng bo mt v chng thc c sa thnh nh sau:

Hnh 5-1. M hnh chng thc m ha i xng c dng checksum
M hnh chng thc bng m ha kha cng khai c sa thnh:

Hnh 5-2. M hnh chng thc m ha kha cng khai c dng checksum
Nu Trudy sa bng m C, th bn gii m ca Bob, k hiu MT v CST, s mt i tnh
cu trc. Ngha l checksum CSB m Bob tnh c t MT khng ging vi CST. V Bob
bit c l bn tin b thay i ng truyn. Nu hm checksum c phc tp cao th
xc sut CSB = CST l rt thp.
Ngoi ra cn c hai phng thc chng thc thng ip khc m chng ta s tm
hiu l m chng thc thng ip MAC v hm bm (Hash function).
5.1 M chng thc thng ip
M
Tnh CS

M
CSA
So snh
Bn gi Bn nhn
M ha

C Gii m
M
CSA
Tnh CS

M
KRA
KUA
B sinh kha
CS
B

M
Tnh CS

M
CSA
So snh
Bn gi Bn nhn
M ha

C Gii m
M
CSA
Tnh CS

M
Kha b
mt K
Kha b
mt K
CSB
81

M chng thc thng ip (MAC) c th coi l mt dng checksum ca m ha,
c tnh theo cng thc MAC = C(M, K), trong :
1) M l thng ip cn tnh MAC
2) K l kha b mt c chia s gia ngi gi v ngi nhn
3) C l hm tnh MAC
V MAC c kha K bt mt gia ngi gi v ngi nhn nn ch c ngi gi v
ngi nhn mi c th tnh c gi tr MAC tng ng. M hnh ng dng MAC
chng thc thng ip nh sau:

Hnh 5-3. Chng thc dng MAC
Trudy, nu ch sa M thnh MT th gi tr MACB s khc MACA v Bob pht hin
c. Nu Trudy mun sa thng ip m Bob khng bit, th cn sa lun MACA thnh
MACT tnh c t MT. Tuy nhin Trudy khng bit kha K, do khng tnh c MACT
cn thit.
M hnh trn khng m bo tnh bo mt. c tnh bo mt, M v MACA cn c
m ha trc khi truyn i.
Trong phn u chng, ta thy m ha i xng cng c tnh chng thc, nh
vy th ti sao khng dng m ha i xng m cn dng MAC? Cu tr li l trong mt
s trng hp ngi ta khng cn tnh bo mt m ch cn tnh chng thc, nn s dng
MAC tit kim c thi gian x l hn.
Trong thc t, ngi ta hay dng m hnh CBC v phng php DES ca m ha i
xng tnh gi tr MAC. Hnh di y trnh by li m hnh CBC



p0 p1 pn-1
c0 c1 cn-1
E

IV
E

E

Bn gi Bn nhn
M
Tnh MAC

M
MACA
So snh
Tnh MAC

M
Kha b mt K
Kha b mt K
MACB
82

Nh vy thng ip M s c chia thnh cc khi (P0, P1, , Pn-1), dng thm mt
vector khi to IV, th bn m Cn-1 c chn lm gi tr MAC cho M. Nh vy kch thc
ca MAC l 64 bt, kch thc ca kha K l 56 bt.
5.2 Hm bm Hash function
Trong khi phng php checksum CRC cho php hai dy bt c cng checksum, th
hm bm H(x) l mt hm tnh checksum mnh tha mn cc yu cu sau:
1) H c th p dng cho cc thng ip x vi cc di khc nhau
2) Kch thc ca output h = H(x) l c nh v nh
3) Tnh mt chiu: vi mt h cho trc, khng th tm li c x sao cho h = H(x)
(v mt thi gian tnh ton)
4) Tnh chng trng yu: cho trc mt x, khng th tm y x sao cho H(x) = H(y)
5) Tnh chng trng mnh: khng th tm ra cp x, y bt k (xy) sao cho H(x) =
H(y), hay ni cch khc nu H(x) = H(y) th c th chc chn rng x = y.
Kch thc ca input x l bt k cn kch thc ca h l nh, v d gi s kch thc
ca x l 512 bt cn kch thc ca h l 128 bt. Nh vy trung bnh c khong 2
384
gi tr x
m c cng gi tr h. Vic trng l khng th loi b. Tnh chng trng ca hm Hash l
yu cu rng vic tm ra hai input x nh vy th phi l rt kh v mt thi gian tnh ton.






Hnh 5-4. nh x gia thng ip v gi tr hash khng phi l song nh
Ly v d vi i tng con ngi. Xt hai hm sau: hm ly khun mt v hm ly
du vy tay. C th thy hm ly khun mt khng phi l hm hash v chng c th tm ra
2 ngi ging nhau khun mt. Cn hm ly du vn tay l hm hash v trn khp th
gii khng tm ra hai ngi ging nhau v du vn tay.
Mt yu cu na ca hm Hash l kch thc ca output h khng c qu ln. Nu
kch thc h ln th d t c tnh chng trng tuy nhin s tn dung lng ng
truyn trong m hnh Hnh 5-1. Vy kch thc ca output h cn thit l bao nhiu thc
hin chng trng c hiu qu? Chng ta s tm hiu vn ny qua mt l thuyt gi l bi
ton ngy sinh nht.
5.2.1 Bi ton ngy sinh nht
Bi ton 1: Gi s trong phng c 30 ngi. Vy xc sut c hai ngi c cng
ngy sinh l bao nhiu phn trm?
Nguyn l chung b cu Dirichlet pht biu rng l cn c 365+1 = 366 ngi
tm thy hai ngi c cng ngy sinh vi xc sut 100% ( n gin, chng ta b qua
nm nhun). Do hu ht chng ta s ngh rng vi 30 ngi th xc sut hai ngi cng
x
1

x
2

h
1

h
2

Khng gian
thng ip
Khng gian gi
tr hash
83

ngy sinh l nh, chc chn nh hn 50%. Tuy nhin nu kim tra bng ton hc th ch
cn 23 ngi l xc sut ln hn 50%. V vy bi ton ny cn c gi di tn
nghch l ngy sinh. Ta c th pht biu li bi ton v chng minh nh sau.
Gi s trong phng c M ngi. Hi M ti thiu phi l bao nhiu tn ti hai
ngi c cng ngy sinh vi xc sut ln hn 50%?
Ta nh s th t ca M ngi ln lt l 0, 1, 2, , M 1. Xc sut ngi th 1
khc ngy sinh vi ngi th 0 l 364/365. Tip theo, xc sut ngi th 2 khc ngy
sinh vi ngi th 0 v th 1 l l 363/365. Tip tc nh vy n ngi th M-1 th xc
sut ngi ny khc ngy sinh vi tt c nhng ngi trc l (365-M+1)/365. Vy xc
sut M ngi ny u c ngy sinh khc nhau l:
(
364
365
) (
363
365
) (
365 1
365
) (1
1
365
) (1
2
365
) (1
1
365
)
Xt hm ly tha e
x
, chng ta bit mt xp x ca e
x
khi x nh l e
x
=1+x. Do
p(M) c th vit li thnh:


Dn n xc sut tn ti t nht hai ngi c ngy sinh ging nhau l
1 1


xc sut ny ln hn 50% , chng ta cho biu thc trn ln hn 0.5:
1

1
2


1
2

1 2 365

2 (*)
v gii bt ng thc, ta c c M 23.
Bi ton 2: Gi s bn ang trong mt cn phng vi M ngi khc. Hi M ti
thiu l bao nhiu tn ti mt ngi c cng ngy sinh vi bn vi xc sut ln hn
50% ?
Xc sut mt ngi khng c cng ngy sinh vi bn l 364/365. Nh vy xc
sut M ngi u khc ngy sinh vi bn l (364/365)
M
. T ta c xc sut tn ti
t nht mt ngi c cng ngy sinh vi bn l:
1 364365


xc sut ny ln hn 50% th suy ra M 253. Vy ti thiu phi c 253 ngi.
p dng vn ngy sinh nht vo hm bm, ta thy rng tnh chng trng mnh
ging bi ton 1, cn tnh chng trng yu ging bi ton 2. Gi s s bt ca kt xut h
ca hm bm l n bt, nh vy s lng gi tr c th c ca h l N = 2
n
. Gi s thm rng
2
n
gi tr bm ny u l ngu nhin, c kh nng xut hin nh nhau. Thay gi tr 365 ca
bt phng trnh (*) bng 2
n


1 2 2

2
84

Gii bt phng trnh trn, ta c xp x 2


Ging nh vn ngy sinh nht, kt qu trn cho thy, i vi hm bm chng ta
phi th khong 2
n/2
thng ip khc nhau tm ra hai thng ip m c cng gi tr bm
(xc sut ln hn 50%). Nu n=128 th phi th khong 2
64
thng ip, mt con s kh
ln, ngha l hm bm ny t c tnh chng trng mnh. Do vic ph hm bm cng
kh ging nh l vic tn cng vt cn kha ca m ha i xng DES.
Tm li c th pht biu tnh cht chng trng ca hm bm di dng ton hc nh
sau:

Ni cch khc:
(*)
Hai hm bm c dng ph bin hin nay l MD5 v SHA-1.
5.2.2 Hm bm MD5 v SHA-1
MD5 c pht minh bi Ron Rivest, ngi cng tham gia xy dng RSA. MD5,
vit tt t ch Message Digest, c pht trin ln t MD4 v trc l MD2, do MD2
v MD4 khng cn c xem l an ton. Kch thc gi tr bm ca MD5 l 128 bt, m
chng ta coi nh l an ton (theo ngha khng tm c 2 thng ip c cng gi tr bm).
Tuy nhin vo nm 1994 v 1998, mt phng php tn cng MD5 c tm thy v
mt s thng ip c cng gi tr bm MD5 c ch ra (vi phm tnh chng trng mnh).
Tuy vy ngy nay MD5 vn cn c s dng ph bin.
V MD5 khng cn c xem l an ton, nn ngi ta xy dng thut ton bm
khc. Mt trong nhng thut ton l SHA-1 (Secure Hash Algorithm) m c chnh
ph M chn lm chun quc gia. SHA-1 c kch thc gi tr bm l 160 bt. Ngy nay
cn c ba phin bn khc ca SHA l SHA-256, SHA-384, SHA-512 m c kch thc gi
tr bm tng ng l 256, 384 v 512 bt.
Tng t nh m ha i xng, cc hm bm mnh u c hiu ng lan truyn
(avalanche effect). Ch cn thay i 1 bt trong thng ip u vo th cc bt ca gi tr
bm s thay i theo. iu ny lm cho ngi ph hm bm khng th th sai theo kiu
chosen-plainttext, ngha l khng tn ti cch tn cng no khc c v buc phi th vt
cn 2
n/2
thng ip khc nhau, m chng ta chng minh l bt kh thi v mt thi gian.
a) MD5
Sau y chng ta s tm hiu hm bm MD5 vi kch thc gi tr bm l 128 bt,
c dng tnh gi tr bm ca thng ip c kch thc ti a l 2
64
bt.
S tng th:
85


Trc tin thng ip c thm dy bit padding 100.00. Sau thm vo chiu
di (trc khi padding) ca thng ip c biu din bng 64 bt. Nh vy chiu di ca
dy bt padding c chn sao cho cui cng thng ip c th chia thnh N block 512 bt
M1, M2, , MN.
Qu trnh tnh gi tr bm ca thng ip l qu trnh ly tin. Trc tin block M1
kt hp vi gi tr khi to H0 thng qua hm F tnh gi tr hash H1. Sau block M2
c kt hp vi H1 cho ra gi tr hash l H2 . Block M3 kt hp vi H2 cho ra gi tr H3.
C nh vy cho n block MN th ta c gi tr bm ca ton b thng ip l HN.
H0 l mt dy 128 bt c chia thnh 4 t 32 bt, k hiu 4 t 32 bt trn l abcd. a,
b, c, d l cc hng s nh sau (vit di dng thp lc phn):
a = 01234567
b = 89abcdef
c = fedbca98
d = 76543210
Tip theo ta s tm hiu cu trc ca hm F.
Message 10000 Length
N x 512 bt
64 bt
M
1
M
2
M
N

512 bt 512 bt 512 bt
. .
F
IV (H
0
)
128
128 H
1

F




128 H
2
H
N-1

F



128 H
N

.
Hash value
N block
512 512 512
86


Ti mi bc ly tin, cc gi tr abcd ca gi tr hash Hi-1 c bin i qua 64
vng t 0 n 63. Ti vng th j s c 2 tham s l Kj v Wj
u c kch thc 32 bt. Cc
hng s Kj c tnh t cng thc:
Kj l phn nguyn ca s 2

n vi i biu din theo radian.


Gi tr block Mi 512 bt c bin i qua mt hm message schedule cho ra 64 gi
tr W0, W1,, W63 mi gi tr 32 bt. Block Mi 512 bt c chia thnh 16 block 32 bt ng
vi cc gi tr W0, W1, , W15 (1632=512). Tip theo, 16 gi tr ny c lp li 3 ln
to thnh dy 64 gi tr.
Sau vng cui cng, cc gi tr abcde c cng vi cc gi tr abcd ca Hi-1 cho
ra cc gi tr abcd ca Hi. Php cng y l php cng modulo 2
32
.
Tip theo ta tm hiu cu trc ca mt vng. Vic bin i cc gi tr abcd trong
vng th i c th hin trong hnh bn di.
a b c d
Hi-1
Mi
K0
32
128
512
Round 63
a b c d
K63
32
.



Hi
128
W0
32
W63
32
Message Schedule
Round 0
87


y bc, cd, da. Gi tr b c tnh qua hm:


, s)
Trong :
- Hm f(x, y, z):
nu l vng 0 n 15
nu l vng 16 n 31
nu l vng 32 n 48
nu l vng 49 n 63
- Hm ROTL(t, s): t c dch vng tri s bt, vi s l cc hng s cho vng th i
nh sau:
i
s
0, 4, 8, 12 7
1, 5, 9, 13 12
2, 6,10, 14 17
3, 7, 11, 15 22
16, 20, 24, 28 5
17, 21, 25, 29 9
18, 22, 26, 30 14
19, 23, 27, 31 20
32, 36, 40, 44 4
33, 37, 41, 45 11
34, 38, 42, 46 16
35, 39, 43, 47 23
48, 52, 56, 60 6
49, 53, 57, 61 10
50, 54, 58, 62 15
51, 55, 59, 63 21

- Php + (hay ) l php cng modulo 2
32


b) SHA-1
a b c d
a b c d









f
Wj
Kj
ROTL



88

Hm bm SHA-1 vi gi tr bm c kch thc l 160 bt, c dng tnh gi tr
bm ca thng ip c kch thc ti a l 2
64
bt.
S tng th ca SHA1 cng ging nh ca MD5, ch c im khc l kch thc
ca gi tr hash ti mi bc l 160 bt.


H0 l mt dy 160 bt c chia thnh 5 t 32 bt, k hiu 5 t 32 bt trn l abcde. a,
b, c, d, e l cc hng s nh sau:
a = 67452301
b = efcdab89
c = 98badcfe
d = 10325476
e = c3d2e1f0
Cu trc ca hm F ca SHA cng tng t nh MD5, tuy nhin c thc hin trn
80 vng.
Message 10000 Length
N x 512 bt
64 bt
M
1
M
2
M
N

512 bt 512 bt 512 bt
. .
F


IV (H
0
)
160
160 H
1

F



160 H
2
H
N-1

F




160 H
N

.
Hash value
N block
512 512 512
89



Gi tr K0, K1,, K79 l cc hng s sau:
Ki = 5A827999 vi 0 i 19
Ki = 6ED9EBA1 vi 20 i 39
Ki = 8F1BBCDC vi 40 i 59
Ki = CA62C1D6 vi 60 i 79
Gi tr block Mi 512 bt c bin i qua mt hm message schedule cho ra 80 gi
tr W0, W1,, W80 mi gi tr 32 bt, theo quy tc:
Trc tin block Mi 512 bt c chia thnh 16 block 32 bt ng vi cc gi tr W0,
W1, , W15 (1632=512).
Cc gi tr Wt (16 s t s 79) c tnh theo cng thc:

1 vi php cng modulo 2


32
.
Vic bin i cc gi tr abcde trong vng th i c th hin trong hnh bn di.

Message Schedule
Round 0
a b c d e
Hi-1
Mi
K0
32 32
W0
160
512
Round 79
a b c d e
K79
32 32
W79
.










Hi
160
90



y ab, cd, de. Gi tr a v c c tnh qua cc hm:
5


3
Trong , hm f(x, y ,z):
nu l vng 0 n 19
nu l vng 20 n 39
nu l vng 40 n 59
nu l vng 60 n 79
ngha ca hm Maj v hm Ch:
- Hm Maj: gi s xi, yi, zi l bt th i ca x, y, z, th bt th i ca hm Maj l gi
tr no chim a s, 0 hay 1 (ging nh hm maj c nh ngha trong phn
thut ton A5/1).
- Hm Ch: bt th i ca hm Ch l php chn: if xi then yi else zi.

c) SHA-512
Phng php SHA-512 c cu trc cng gn ging nh SHA-1, tuy nhin cc khi
tnh ton c s bt ln hn. Bn di l s tng th ca SHA-512

Message 10000 Length
N x 1024 bt
128 bt
M
1
M
2
M
N

1024 bt 1024 bt 1024 bt
. .
F

IV (H
0
)
512
512 H
1

F


512 H
2
H
N-1

F

512 H
N

.
Hash value
N block
1024 1024 1024
a b c d e
a b c d e








f
Wi
Ki
ROTL
ROTL
91


Thng ip c padding c th chia thnh cc khi 1024 bt. Gi tr hash ti mi
bc c kch thc 512 bt. H
0
c chia thnh 8 t 64 bt abcdefgh. a, b, c, d, e, f, g, h
c ly t phn thp phn ca cn bc 2 ca 8 s nguyn t u tin (v d a c gi tr
hexa l 6A09E667F3BCC908).
Cu trc ca hm F cng ging nh hm F ca SHA-1.

Hai tham s l Ki v Wi
u c kch thc 64 bt. Gi tr K0, K1,, K80 c ly t
phn thp phn ca cn bc 3 ca 80 s nguyn t u tin. Cn W0, W1,, W79 c tnh
t Mi nh sau:
Trc tin block Mi 1024 bt c chia thnh 16 block 64 bt ng vi cc gi tr W0,
W1, , W15 (1664=1024).
Cc gi tr Wt (16 s t s 79) c tnh theo cng thc:


Vi:

1 8 7

19 61 6
Trong :
- : l hm dch phi i bt ca mt s x 64 bt
- : l hm dch vng phi i bt ca mt s x 64 bt
- Php cng l php modulo 2
64

Cu trc ca mt vng:
Message Schedule
Round 0
a b c d e f g h
Hi-1
Mi
K0
64 64
W0
512
1024
Round 79
a b c d e f g h
K79
64 64
W79
.
















Hi
512
92


y gh, fg, ef, cd, bc, ab. Gi tr a v e c tnh qua cc hm:


a = T0 + T1
e = d + T1
Trong , hm

28 34 39

14 18 41
5.2.3 HMAC
Hm bm cng c th dng tnh MAC bng cch truyn thm kha b mt K vo
hm bm. Lc ny, gi tr kt xut c gi l HMAC.

5.3 Mt s ng dng ca hm bm
5.3.1 Lu tr mt khu
Hu ht cc ng dng phn mm ngy nay, d trn my n hay trn web, u c
chng thc ngi s dng. Ngha l s dng ng dng, ngi s dng phi qua mt c
ch chng thc username v mt khu, v t c cung cp cc quyn s dng phn
mm khc nhau. Do vn bo mt mt khu l vn quan trng i vi mi phn
mm.
Mt khu ngi s dng thng gm cc ch ci thng v hoa, cng thm cc ch
s. Gi s mt khu c lu tr di dng thng, khng m ha, ti mt ni no trn
my tnh c nhn hay my ch, trong mt file d liu hay trong h qun tr c s d liu.
Nh vy s xut hin mt nguy c l c mt ngi khc, hoc l ngi qun tr
administrator, hoc l hacker, c th m c file d liu hoc c s d liu, v xem trm
c mt khu. Nh vy mt khu khng th c gi b mt tuyt i.
Mt phng php bo v mt khu l dng m ha, chng trnh phn mm s
dng mt kha b mt m ha mt khu trc khi lu mt khu xung file hay c s d
liu. Do trnh c vn xem trm mt khu. Tuy nhin phng php ny c yu
a b c d e f g h
a b c d e f g h














E
0

E
1

Maj
Ch
Wi
Ki
93

im l li phi lo bo v kha b mt ny. Nu kha b mt b l th vic m ha khng
cn ngha.
Phng php bo v mt khu hiu qu nht l dng hm bm. Khi ngi s dng
ng k mt khu, gi tr bm ca mt khu c tnh bng mt hm bm no (MD5
hay SHA-1,) Gi tr bm c lu tr vo file hay c s d liu. V hm bm l mt
chiu, nn d bit c gi tr bm v loi hm bm, hacker cng khng th suy ra c
mt khu. Khi ngi s dng ng nhp, mt khu ng nhp c tnh gi tr bm v so
snh vi gi tr bm ang c lu tr. Do tnh chng trng, ch c mt mt khu duy nht
c gi tr bm tng ng, nn khng ai khc ngoi ngi s dng c mt khu mi c
th ng nhp ng dng.

Hnh 5-5. Dng hm Hash lu tr mt khu

Lu tr password khng m ha

Lu tr password m ha bng hm hash MD5
5.3.2 u gi trc tuyn
Phng php lu tr mt khu bng gi tr Hash cng c p dng tng t cho
vic u gi trc tuyn bng hnh thc u gi bt mt. Gi s Alice, Bob v Trudy cng
tham gia u gi, h s cung cp mc gi ca mnh cho trng ti. Cc mc gi ny c
gi b mt cho n khi c ba u np xong. Nu ai l ngi a ra mc gi cao nht th
thng thu. im quan trng ca phng php u gi ny l gi ca Alice, Bob, v Trudy
phi c gi b mt trc khi cng b. Gi s mc gi ca Alice l 100, mc gi ca Bob
m Tnh Hash

h
a) Lu tr mt khu
So snh
Lu tr
m' Tnh Hash

h'
Lu tr
h
b) Chng thc mt khu, theo tnh
chng trng, nu h=h th m=m
94

l 110, nu Trudy thng ng vi trng ti v bit c gi ca Alice v Bob, Trudy c th
a ra mc gi 111 v thng thu.
C th trnh nhng hnh thc la o nh vy bng cch s dng hm bm. T mc
gi b thu, Alice v Bob s tnh cc gi tr bm tng ng v ch cung cp cho trng ti
cc gi tr bm ny. V hm bm l mt chiu, nu trng ti v Trudy bt tay nhau th cng
khng th bit c gi ca Alice v Bob l bao nhiu. n khi cng b, Alice, Bob v
Trudy s a ra mc gi ca mnh. Trng ti s tnh cc gi tr bm tng ng v so snh
vi cc gi tr bm np bo m rng mc gi m Alice, Bob v Trudy l ng vi
nh ban u ca h. V tnh chng trng ca hm bm nn Alice, Bob v Trudy khng th
thay i gi so vi nh ban u.

Hnh 5-6. u gi b mt

5.3.3 Download file





gi Tnh Hash

h
So snh
gi
Tnh Hash

h'
Ngi u gi Trng ti
Np gi
i chiu gi
t
1

t
2
>t
1

95





Khi chng ta download file t mng internet, nu cht lng mng khng tt th c
th xy ra li trong qu trnh download lm cho file ti my client khc vi file trn server.
Hm bm c th gip chng ta pht hin ra nhng trng hp b li nh vy.
Gi file cn download trn server l X, v gi tr hash theo MD5 ca file X m server
tnh sn v cung cp trn trang web l H
X
(c th xem bng mt). Gi Y l file m ngi
s dng download c ti my. Ngi s dng s tnh gi tr MD5 HY cho file Y. Nh vy
nu HX = HY th theo tnh chng trng ca hm hash, file Y hon ton ging file X v qu
trnh download khng xy ra li.










5.4 Hm bm v ch k in t
Trong phn ny chng ta tm hiu cch thc ng dng hm bm vo vn chng
thc m ta gi l ch k in t.
Vic s dng kha b mt chung cho ngi gi v ngi nhn trong m chng thc
thng ip MAC s gp phi vn tnh khng t chi tng t nh m ha i xng.
Dng hm bm v m ha kha cng khai khc phc c vn ny.
Trc tin xt mt m hnh n gin:

M
Tnh Hash

M
HA
So snh
Bn gi Bn nhn
M
Tnh Hash

HB


Internet
download
File X File Y
H
X
H
Y

so snh bng mt, theo tnh cht hm
bm, nu H
X
=H
Y
th FileX=FileY
96

Trong m hnh ny Alice tnh gi tr bm ca thng ip cn gi v gi km cho
Bob. Bob tnh li gi tr bm ca thng ip nhn c v so snh vi gi tr bm ca
Alice. Tng t nh vn download file, nu Trudy sa thng ip M th H
B
H
A
v
Bob s pht hin.
Tuy nhin, Trudy cng c th sa lun gi tr bm H
A
do Alice gi v Bob khng th
pht hin. trnh vn ny cn s dng m ha kha cng khai chng thc H
A
theo
m hnh sau:

Hnh 5-6. M hnh ch k in t
Trong m hnh ny, Alice sau khi tnh gi tr hash HA cho thng ip M th s m ha
HA bng kha ring ca Alice to thnh ch k in t DS. Alice gi km DS theo M
cho Bob. Bob dng kha cng khai ca Alice gii m ch k in t DS v c c gi
tr hash HA ca Alice. V Trudy khng c KRA nn khng th sa c H
A
.
Ngoi ra, v Alice l ngi duy nht c KRA, nn ch c Alice mi c th to DS t M.
Do Alice khng th t chi l gi bn tin.
Vy dng ch k in t th c u im g hn so vi cch dng checksum trong m
hnh hnh 5-2? Ch k in t ch cn m ha gi tr hash m khng cn m ha ton b
thng ip M. V phng php m ha kha cng khai tn km thi gian nn nu M l mt
thng ip di, th vic khng m ha M gip tit kim c nhiu thi gian.
5.5 Cu hi n tp
1. bo m tnh chng thc dng m ha i xng hay m ha kha cng khai,
bn r phi c tnh cht g? Ti sao?
2. Nu bn r l mt dy bt ngu nhin, cn lm g bn r tr thnh c cu trc?
3. S dng MAC chng thc c u im g so vi chng thc bng m ha i
xng?
4. V mt l thuyt, gi tr Hash c th trng khng? Vy ti sao ni gi tr Hash c
th xem l du vn tay ca thng ip?
5. Ti sao chng thc mt thng ip M, ngi ta ch cn m ha kha cng khai
gi tr Hash ca M l ? Thc hin nh vy c li ch g hn so vi cch thc m
ha ton b M.
M
Tnh Hash

M
HA
So snh
Bn gi Bn nhn
M ha

DS
Gii m
M
KRA
KUA
B sinh kha
HA
Tnh Hash

HB
DS: Data signature ch k in t
97

5.6 Bi tp
1. Vi s chia trong php tnh checksum CRC l 11001, bn hy tm mt s m c
CRC ging vi s 11101101.
2. Hy xem xt hm hash sau. Thng ip c dng l mt dy cc s thp phn M =
(a1, a2, , an). Hm hash c tnh bng cng thc:

. Hm
hash trn c tha mn cc tnh cht ca mt hm hash nh nu trong phn 5.2
hay khng? Gii thch l do.
3. Thc hin tng t cu 2 vi hm hash


4. Gi s Alice v Bob mun tung ng xu qua mng (Alice tung v Bob on). Giao
thc thc hin nh sau:
i. Alice chn gi tr X=0 hay 1.
ii. Alice sinh mt kha K ngu nhin gm 256 bt
iii. Dng AES, Alice tnh Y = E(X||R, K) trong R gm 255 bt bt k
iv. Alice gi Y cho Bob
v. Bob on Z l 0 hay 1 v gi Z cho Alice
vi. Alice gi kha K cho Bob Bob tnh X||R = D(Y, K)
vii. Nu X=Z, Bob on trng. Nu khng Bob on sai.
Chng t rng Alice c th la Bob (chng hn, Alice chn X=1, thy Bob
on Z=1 th Alice s la nh th no Bob gii m Y th c X=0). Dng hm hash,
hy sa on giao thc trn Alice khng th la c.
5.7 Bi tp thc hnh
1. Tm hiu v phng php s dng hm hash MD5 v SHA trong th vin m ha ca
.NET. p dng vit chng trnh m ha password lu tr v kim tra password nh
trnh by trong phn 5.3.1
2. Gn y, ngi ta pht hin im yu ca hm hash MD5, tc tm ra hai thng ip
c cng gi tr hash MD5. Bn hy tm nhng bt khc nhau ca 2 thng ip bn di
v dng th vin ca .NET hoc Java tnh gi tr hash MD5 ca chng.
Thng ip 1 (dng s thp lc phn):
d1 31 dd 02 c5 e6 ee c4 69 3d 9a 06 98 af f9 5c
2f ca b5 87 12 46 7e ab 40 04 58 3e b8 fb 7f 89
55 ad 34 06 09 f4 b3 02 83 e4 88 83 25 71 41 5a
08 51 25 e8 f7 cd c9 9f d9 1d bd f2 80 37 3c 5b
96 0b 1d d1 dc 41 7b 9c e4 d8 97 f4 5a 65 55 d5
35 73 9a c7 f0 eb fd 0c 30 29 f1 66 d1 09 b1 8f
75 27 7f 79 30 d5 5c eb 22 e8 ad ba 79 cc 15 5c
ed 74 cb dd 5f c5 d3 6d b1 9b 0a d8 35 cc a7 e3

Thng ip 2 (dng s thp lc phn):
d1 31 dd 02 c5 e6 ee c4 69 3d 9a 06 98 af f9 5c
2f ca b5 07 12 46 7e ab 40 04 58 3e b8 fb 7f 89
55 ad 34 06 09 f4 b3 02 83 e4 88 83 25 f1 41 5a
08 51 25 e8 f7 cd c9 9f d9 1d bd 72 80 37 3c 5b
96 0b 1d d1 dc 41 7b 9c e4 d8 97 f4 5a 65 55 d5
98

35 73 9a 47 f0 eb fd 0c 30 29 f1 66 d1 09 b1 8f
75 27 7f 79 30 d5 5c eb 22 e8 ad ba 79 4c 15 5c
ed 74 cb dd 5f c5 d3 6d b1 9b 0a 58 35 cc a7 e3


3. Vit chng trnh tnh gi tr MD5 cho mt file trn my tnh tng t nh hnh di
y:


4. Mt gii php dng chng li tnh trng vi phm bn quyn, sao chp phn mm m
khng c s ng ca tc gi, c thc hin nh sau:
a. Sau khi ci t, phn mm s ly thng tin v ID ca CPU (hay ID ca a cng)
trn my ngi mua phn mm v gi v cho nh cung cp phn mm.
b. Dng ch k in t, nh cung cp phn mm k vo ID ca CPU (hay ID ca a
cng) ca ngi mua, sau gi li ni dung k cho ngi mua.
c. Mi khi chy chng trnh, phn mm s gii m ch k ca nh cung cp ly
ID CPU c k, ng thi ly li thng tin v ID CPU ca my ang chy. Nu
hai ID ny khng khp, th ngha l phn mm b sao chp vo mt my tnh
khc khng c bn quyn.
Dng ch k in t RSA (hoc ch k in t DSS xem chng 10), hy vit
chng trnh thc hin c ch chng vi phm bn quyn ni trn cho mt phn mm no
ca bn.


99



100

CHNG 6. GIAO THC

Trong cc chng trc, chng ta tm hiu v cch thc thc hin tnh bo mt,
tnh chng thc v tnh khng thoi thc ca cc phng php m ha i xng v m ha
kha cng khai. Chng ny trc tin tm hiu c ch chng li hnh thc tn cng pht
li thng ip (replay attack). Tip theo trnh by v cc giao thc bo mt, l cc nguyn
tc p dng cc k thut m ha nhm m bo vic truyn d liu l an ton trc nhng
hnh thc tn cng c cp trong chng mt. Chng ny trnh by cc giao thc
di dng nguyn tc l thuyt, chng tip theo trnh by mt s giao thc ng dng thc
tin.
6.1 Pht li thng ip (Replay Attack)
Trong hnh thc tn cng pht li thng ip, Trudy chn thng ip ca Alice gi
cho Bob, v sau mt thi gian gi li thng ip ny cho Bob. Nh vy Bob s ngh
rng Alice gi thng ip hai ln khc nhau. Tuy nhin thc s th Alice ch gi mt ln.
Ch s dng m ha i xng v m ha kha cng khai th khng th ngn cn hnh thc
tn cng ny. chng li reply attack c 3 phng php:
1) Dng s nh danh: trong mi thng ip gi cho Bob, Alice nhng vo mt
con s nh danh thng ip S. Mi thng ip ng vi mt S khc nhau.

|| l php ni dy bt
Do nu Trudy pht li thng ip, Bob bit c hai thng ip c cng s nh
danh v loi b thng ip th hai. Tuy nhin, phng php ny c hn ch l Bob phi
lu tr s nh danh ca Alice c c s so snh. Do phng php ny thng ch s
dng cho mt phin lm vic (connection oriented).
2) Dng timestamp: trong mi thng ip gi cho Bob, Alice nhng vo mt
timestamp T xc nh thi im gi. Bob ch chp nhn thng ip nu n n c Bob
trong mt gii hn thi gian no k t lc gi. Tuy nhin phng php ny yu cu
ng h ca Alice v ca Bob phi ng b, khng c sai lch ng k. Ngoi ra tr
ca vic truyn tin trn mng cng l mt tr ngi i vi phng php ny.
3) Dng c ch challenge/response: bo m thng ip t Alice khng phi l
replay, Bob gi 1 s ngu nhin N cho Alice (gi l nounce). Alice s nhng N trong thng
ip gi cho Bob.








A
A
B
C=E(P||N, KAB)
N
A
A
B
C=E(M||N, K
UB
)
N
M ha i xng
M ha kha cng khai
101

Khi Bob gii m th s kim tra N m Bob nhn c xem c trng khp vi N Bob
gi i khng. Nh vy Trudy khng th replay thng ip E(P||N, KAB) c v mi ln
Bob s gi mt s N khc nhau. Tuy nhin phng php ny i hi thm mt bc l Bob
phi gi N trc cho Alice. V vy trong thc t ty trng hp m ngi ta s s dng
mt trong 3 k thut trn cho hp l.
6.2 Giao thc bo mt
Trong thc t, khi hai ngi bt k cha bit trc mun trao i d liu vi nhau,
h phi xc nh ngi kia l ai, sau thng nht vi nhau l phi dng phng php m
ha no, kha l g, lm c iu h phi tin hnh thng qua giao thc bo mt.
Nh vy c th nh ngha giao thc bo mt l cc quy nh m nu hai c th tun
theo cc quy nh , th h c th trao i d liu vi nhau mt cch an ton bo mt. Mt
giao thc bo mt thng nhm xc nh cc yu t sau:
nh danh hai c th trao i d liu, chng replay attack.
Trao i kha phin b mt m ha d liu. V m i xng thc hin nhanh
hn m ha cng khai nn ngy nay ngi ta dng m i xng m ha d
liu, cn vic trao i kha phin b mt th c th dng m ha i xng hay m
ha kha cng khai.
Trong phn 3.9 hay phn 4.6.2 v 4.7 chng ta xem mt s giao thc tp trung
vo vic trao i kha phin. Trong phn ny, ta s m rng cc giao thc trn nhm nh
danh c th trao i d liu v chng replay attack.
6.2.1 nh danh v trao i kha phin dng m ha i xng vi KDC
Xt li m hnh phn 3.9 trao i kha phin

M hnh trn c th b tn cng replay attack. V d, Trudy c th replay bc 4 m
B vn ngh l A gi v B tip tc dng KAB ny lm kha phin. Da trn c s Trudy
tip tc replay bc 5. (vic replay d liu ti bc 5 s gy ra hu qu khng mong mun
nh chng ta cp trong chng 1).
Needham and Schroeder xut sa i m hnh trn nh sau:
1) A KDC: IDA||IDB||N1
2) KDC A: E(KS||IDB||N1||E(KS||IDA, KB), KA) // KS l kha phin, IDB A
bit kha phin ny dng vi B

A B
1. REQUEST to B
KDC
4. E(KAB, KB)
5. E(P, KAB)
2. E(KAB, KA)||E(KAB, KB)
102

3) A gii m c c KS v E(KS||IDA, KB)
4) A B: E(KS||IDA, KB) // IDA B bit kha phin
ny dng vi A
5) B A: E(N2, KS)
6) A B: E(f(N2), KS) // f l hm bt k
7) A B: E(P, KS)
Ti bc 1, A gi cho KDC nounce N1 v KDC nhng N1 vo trong bn r bc 2.
Do bc 2 khng th b replay attack (theo phng php challenge/response).
Ti bc 5, B gi cho A gi tr nounce N2, v ch A gi li gi tr f(N2), f l mt
hm c chn trc. Do nu Trudy replay attack ti bc 4 th Trudy khng th thc
hin bc 6 v Trudy khng c KS tnh N2 v f(N2). Bob nhn bit Trudy l gi mo v
Trudy khng th replay d liu tip ti bc 7.
Nh vy c th thy cc bc 4, 5, 6 cng l mt hnh thc challenge/response
chng replay attack. phng Trudy replay bc 4 s dng li mt KS c. Bob
challenge ti bc 5 v yu cu c response ti bc 6 xem ngi gi c bit KS khng
(ch c Alice mi bit KS)
Tuy nhin giao thc ny cha hon ton chc ch, c mt khuyt im l nu sau ny
Trudy bit c KS v E(KS||IDA, KB) tng ng th Trudy c th replay attack bc 4, sau
da trn KS tnh c N2 v phn hi N2 cho Bob. Nh vy Bob khng bit c l
Trudy mo danh Alice v tip tc dng kha phin KS b l ny. Do giao thc
Needham/Schroeder tip tc c sa li nh sau:
1) A B: IDA ||NA
2) B KDC: IDB||NB||E(IDA||NA, KB)
3) KDC A: E(IDB||NA||KS, KA)|| E(IDA|| KS, KB)|| NB
4) A B: E(IDA||KS, KB)|| E(NB, KS)
5) A B: E(P, KS)
Trong giao thc trn A gi NA cho Bob, Bob gi tip cho KDC, KDC nhng NA vo
bn r gi cho A. Do nu A nhn c NA th c ngha l bn m E(IDB||NA||KS, KA)
trong bc 3 khng b replay attack. B gi NB cho KDC, KDC gi li cho A, A gi li NB
cho B di dng m ha. o nu B nhn c NB th c ngha E(IDA||KS, KB) trong
bc 4 khng b replay attack. Do KS m Alice v Bob nhn c l kha phin mi.
Trudy khng th replay li cc bn m E(P, KS) c trong cc ln trc ti bc 5.
6.2.2 nh danh v trao i kha phin dng m ha kha cng khai
Xt li m hnh phn 4.6.2

A B
1.CA
3.E( E(K
S
, K
RA
), K
UB
)
2.CB
4. E(P, KS)
103

Trong m hnh trn, Trudy c th replay bc 3 m B vn ngh l A gi v B tip tc
dng KS ny lm kha phin. Da trn c s Trudy tip tc replay bc 4. y p
dng mt c ch challenge/response khc chng replay nh sau:







M t:
- Bc 1: A gi chng ch CA cho B.
- Bc 2: B gi chng ch CB v nounce NB cho A.
- Bc 3: A chn mt tin kha phin S v tnh c kha phin KS = H(S||NB).
A gi chng thc v bo mt

S cho B. B cng tnh kha phin KS.
- Bc 4: A gi gi tr hash H(KS) cho B, B kim tra gi tr hash ny vi gi tr
hash do B t tnh. Nu khp, B bit c rng bc 3 khng th b replay
attack.
Gi s Trudy replay bc 3 nhng khng bit S, vy Trudy khng tnh
c KS tng ng vi NB mi ca Bob, t Trudy cng khng th tnh c
H(KS). Do Trudy khng th replay bc 4 m khng b Bob pht hin.
- Bc 5: A v B tin hnh trao i d liu.
6.3 Cu hi n tp
1) Tn cng pht li thng ip l g? Nu tc hi ca thao tc tn cng ny v so snh
vi vic sa i thng ip vo mo danh.
2) Nu cc phng php chng li tn cng pht li thng ip.
3) Nu cc mc ch ca giao thc.
6.4 Bi tp

Xt giao thc sau:



A
A

B
1. IDA
2. CB||NB
3. E(S , KUB)
4. H(KS)
5. E(P||KS)

A
A

B
1. CA
2. CB||NB
3. E(E(S , KRA), KUB)
4. H(KS)
5. E(P||KS)
104

a) B c th chc chn A l ngi ng vi ID
A
khng? Nu Trudy mo danh A
s dng ID
A
th B c pht hin c khng? Gii thch
b) Gi s A c password nh danh vi B, B lu tr gi tr hash password
ca A. Hy sa giao thc trn B c th nh danh c A.

105

CHNG 7. MT S NG DNG THC TIN
7.1 Gii thiu
Trong chng ny, chng ta s tm hiu vic p dng cc m hnh l thuyt trong cc
chng trc vo mt s giao thc thc tin. Trc ht l chun chng thc X.509, l mt
chun thc tin p dng trong vn trao i kha cng khai m c cp trong
phn 4.6.1. Tip theo sau chng ta s tm hiu v giao thc bo mt web Secure Socker
Layer (SSL), giao thc bo mt mng cc b Keberos. C th minh ha cc giao thc trn
trong m hnh mng OSI nh sau:

Trong m hnh trn c th thy vic ng dng bo mt vo truyn thng trn mng
c th c tin hnh ti cc tng khc nhau nh tng mng hay tng ng dng. Trong giao
thc TCP/IP, ngi ta c th thay giao thc IP thng bng giao thc IP Security vic
bo mt c thc hin ti tng mng. Do cc ng dng khc trong tng ng dng s
khng cn quan tm n bo mt na, mi vic bo mt c IPSec thc hin. Chi tit
v IPSec c trnh by trong [3].
Cc giao thc SSL, Keberos, PGP hay S/MIME c thc hin trong tng ng dng.
V vy mi giao thc phi thc hin c ch bo mt cho ring mnh.
7.2 Chng thc X.509
7.2.1 Cu trc chng thc
Chng thc X.509 l mt p dng da trn l thuyt v ch k in t trong phn
5.4. S nguyn tc sinh ra chng thc X.509 nh sau:

Certificate = ID||KU||E(H(ID, KU), KRCA)
Hnh 7-1. S to chng ch X.509
Chng ch cha c
k, gm ID v public
key ca ngi s dng
H
E
Tnh Hash
M ha bng
kha ring ca
CA to ch k
KRCA
Chng ch c k
bi CA, ngi s dng
c th kim tra bng
kha cng khai ca CA

TCP/ UDP
IP/IPSec

Physical
Layer
Link Layer
Network Layer
Transport Layer
Application Layer
SSL
HTTP
Keberos
PGP S/MIME
SMTP
106

Cu trc mt chng ch X.509 gm c cc thnh phn sau:

Hnh 7-2. Cu trc v v d mt chng ch X.509
Mc ch ca cc thnh phn trn l:
- Version: phin bn X.509 ca chng ch ny, c 3 phin bn l 1, 2 v 3.
- Serial Number: s serial ca chng ch ny do trung tm chng thc CA ban
hnh.
- Certificate Signature Algorithm: thut ton k chng ch, gm loi hm Hash
v phng php m ha kha cng khai.
- Issuer name: Tn ca trung tm chng thc CA (CN: common name, O:
organization, OU: organization unit).
- Validity: thi gian hiu lc ca chng ch.
- Subject: tn ch s hu chng ch, cng gm c CN, O, OU,
- Subject Public Key Algorithm: thut ton m ha kha cng khai m tng
ng vi kha cng khai trong chng ch.
- Subject Public Key: kha cng khai trong chng ch, tc kha cng khai ca
ch s hu. i vi RSA th thuc tnh ny lu gi gi tr Modulus v
Exponent ni tip nhau (N v e).
- Issuer Unique Identifier, Subject Unique Identifier: dnh cho version 2, t c
s dng.
- Extension: dnh cho version 3.
- Certificate Signature Algorithm: thut ton k chng ch, ging mc th 3.
- Certificate Signature Value: gi tr ca ch k.
i vi version 3 phn Extension c th gm cc thng tin sau:
- Authority key identifier: Mt con s dng nh danh trung tm chng thc.
Thuc tnh Issuer Name cung cp tn trung tm chng thc di dng text,
iu ny c th gy nhm ln.
- Subject key identifier: Mt con s dng nh danh ngi s dng c
chng thc. Tng t nh Issuer Name, thuc tnh Subject cng cung cp tn
Version
Serial Number
Certificate Signature Algorithm
Issuer Name
Validity (Not Before, Not After)
Subject
Subject Public Key Algorithm
Subject Public Key
Certificate Signature Algorithm
Certificate Signature Value
Issuer Unique Identifie
Subject Unique Identifier
Extension for version 3
v
e
r
s
i
o
n

3

v
e
r
s
i
o
n

2


v
e
r
s
i
o
n

1


all
version
Version 3
05:A0:4C
PKCS #1 SHA-1 With RSA Encryption
OU = Equifax Secure Certificate Authority; O = Equifax
04/01/2006 17:09:06 PM GMT - 04/01/2011 17:09:06 PM GMT
CN= login.yahoo.com; OU= Yahoo; O= Yahoo! Inc.
PKCS #1 RSA Encryption
30 81 89 02 81 81 00 b5 6c 4f ee ef 1b 04 5d be
PKCS #1 SHA-1 With RSA Encryption
50 25 65 10 43 e1 74 83 2f 8f 9c 9e dc 74 64 4e



107

ngi di dng text, iu ny c th gy nhm ln. Ngoi ra vic dng mt
con s nh danh cho php mt ngi s dng c th c nhiu chng ch khc
nhau.
- Key Usage: mc ch s dng ca chng ch. Mi chng ch c th c mt
hoc nhiu mc ch s dng nh: m ha d liu, m ha kha, ch k in
t, khng thoi thc
- CRL Distribution Point: a ch ly danh sch cc chng ch ht hn hay
b thu hi (certificate revocation list).
Mt chng ch thng c lu trn mt file c phn m rng l .cer.

Hnh 7-3. Xem ni dung mt chng thc trong Firefox 2.0 (dng trong giao thc SSL)
V chng ch c k bng kha ring ca CA, nn bo m rng ch k khng th
b lm gi v bt c ai tin tng vo kha cng khai ca CA th c th tin tng vo chng
ch m CA cp pht. Do kha cng khai ca CA phi c cung cp mt cch tuyt
i an ton n tay ngi s dng. Trong v d trn chng thc ca Yahoo c cung cp
bi Equifax Secure. FireFox tin tng vo Equifax v kha cng khai ca Equifax c
tch hp sn trong b ci t ca FireFox. V vy khi duyt n trang web ca Yahoo,
FireFox c c chng ch ca Yahoo, v FireFox tin tng vo Equifax nn cng s tin
tng vo Yahoo v cho php ngi s dng duyt trang web ny (xem thm phn giao
thc SSL bn di).
Trn th gii hin nay c nhiu t chc cung cp chng thc X509 nh VeriSign,
Equifax, Thawte, SecureNet VeriSign hin l t chc ln nht. Verisign cung cp chng
ch X509 theo ba mc (class):
108

- Class 1: ID ca mt i tng l email ca i tng . Sau khi i tng ng
k email v public key qua mng Internet, Verisign gi email kim tra a ch
email hp l v cp chng thc.
- Class 2: ID l a ch ni ca i tng, Verisign s gi confirm qua ng bu
in kim tra a ch hp l.
- Class 3: i tng cn c giy t php l chng minh t cch php nhn.
7.2.2 Phn cp chng thc
Trn th gii khng th ch c mt trung tm chng thc CA duy nht m c th c
nhiu trung tm chng thc. Nhng ngi s dng khc nhau c th ng k chng thc
ti cc CA khc nhau. Do c th trao i d liu, mt ngi cn phi tin tng vo
kha cng khai ca tt c cc trung tm chng thc. gim bt gnh nng ny, X.509
ra c ch phn cp chng thc.
V d, Alice ch tin tng vo trung tm chng thc X1, cn chng thc ca Bob l
do trung tm chng thc X2 cung cp. Nu Alice khng c kha cng khai ca X2, th lm
sao Alice c th kim tra c chng thc ca Bob? Bin php gii quyt l Alice c th
c Authority key identifier (tc ID ca X2) trong chng thc ca Bob. Sau Alice kim
tra xem X1 c cp chng thc no cho X2 hay khng. Nu c, Alice c th tm thy c
kha cng khai ca X2 v tin tng vo kha ny (do c X1 xc nhn). T Alice c
th kim tra tnh xc thc ca chng ch ca Bob.

Vic phn cp chng thc ny khng ch gii hn trong hai trung tm chng thc m
c th thng qua mt dy cc trung tm chng thc to thnh mt mng li chng thc
(Web of Trust). Hnh di minh ha mt v d thc t.
Alice
Bob
X1
X2
109


Hnh 7-4. Minh ha m hnh phn cp chng thc
Trong v d trn chng thc MSN-Passport ca Microsoft c chng thc bi
Verisign Class 3 Extended Validation SSL CA, Firefox khng c sn kha cng khai ca
trung tm ny. Tuy nhin Firefox c kha cng khai ca Verisign Class 3 Public Primary
CA, t FireFox c th chng thc trung tm Verisign Class 3 Public Primary CA
G5 v qua c th chng thc c Verisign Class 3 Extended Validation SSL CA.
7.2.3 Cc nh dng file ca chng ch X.509
1) Dng DER (.cer): ni dung ca chng ch X.509 c lu di format DER, mt
nh dng d liu binary chun cho cc mi trng my tnh.
2) Dng PEM (.pem): l dng DER v c m ha di dng text theo chun
Base64. Mt file text PEM bt u bng dng -----BEGIN CERTIFICATE-----
v kt thc bng dng -----END CERTIFICATE-----
3) Dng PKCS#7 (.p7c hay .p7b): l mt nh dng d liu c m ha hay k.
Do c i km c chng ch.
4) Dng PKCS#10 (.p10 hay .p10): l mt nh dng dng gi yu cu cp
chng ch X509 n trung tm chng thc. nh dng ny c ID v public key
ca ngi yu cu.
5) Dng PKCS#12 (.p12): lu tr chng ch X509 v private key tng ng (c
password bo v) trong cng 1 file.
6) Dng PFX (.pfx): cng lu chng ch X509 v private key theo nh dng ca
Microsoft.
Hnh bn di l mt chng ch ca Verisign c cung cp di dng PEM
110


7.3 Giao thc bo mt web Secure Socket Layer version 3 - SSLv3
D liu Web c trao i gia trnh duyt v web server c thc hin qua giao
thc HTTP. Client kt ni vi server qua socket ca giao thc TCP/IP.

Hnh sau minh ha d liu ca giao thc HTTP khi thc hin tm kim t Nha
Trang trong website vn.search.yahoo.com.

v hnh di l d liu phn hi ca server yahoo. D liu ny gm hai phn, phn
u theo quy nh ca giao thc HTTP, phn sau l d liu HTML.
GET /search?p=Nha+Trang&fcss=on&fr=yfp-t-101&toggle=1&cop=&ei=UTF-8 HTTP/1.1
Host: vn.search.yahoo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022
Firefox/3.0.13 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://vn.yahoo.com/?p=us

TCP/IP TCP/IP
HTTP HTTP
HTTP Data
Socket
111


Giao thc SSL bo mt d liu trao i qua socket. V vy nn c tn gi l Secure
Socket Layer (URL bt u bng https://). y l giao thc bo mt kt hp m ha kha
cng khai v kha i xng nh trnh by trong phn 4.6.2 trong m ha RSA c
dng trao i kha phin ca m ha i xng.


Xt li m hnh trao i kha phin trong phn 6.2.2.

M hnh ny yu cu mi ngi duyt web (A) v mi website (B) u phi c cp
kha ring v kha cng khai. Hay ni cch khc website v ngi duyt phi c chng
thc. iu ny s gy kh khn cho ngi duyt web v phi c chng ch. y l yu cu
cn thit m bo tuyt i tnh chng thc cho c hai pha website v ngi duyt.
Ngha l kha KS phi xut pht t mt ngi duyt A c th no m website bit, ng
thi kha KS n ng website B ch khng phi l website khc.

A
A

B
1. CA
2. CB||NB
3. E(E(S , KRA), KUB)
4. H(KS)
5. E(P||KS)
HTTP/1.1 200 OK
Date: Fri, 14 Aug 2009 10:25:49 GMT
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: Keep-Alive
Content-Encoding: gzip

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html lang="vi"><head> </head>
.
</html>

112

Tuy nhin trong thc t khng phi lc no cng cn chng thc t pha ngi s
dng. V d, khi bn mua hng ti ca hng sch Amazon. Amazon khng cn bit bn l
ai, ch cn bn c ti khon mua hng (vic bo mt ti khon ngi mua l trch nhim
ca m ha i xng). Do Amazon khng cn chng thc ngi duyt web. V vy
trong trng hp ny, ngi duyt khng cn c chng ch. Lc ny m hnh trao i kha
l:

Hnh 7-5. S trao i kha phin ch cn chng thc 1 pha
M hnh trn m bo ngoi ngi duyt A ch c website B l bit c kha phin
KS,
cn A l ai th website khng cn bit. chng thc ngi s dng, website c th
n gin lu password ca ngi s dng v chng thc qua c ch login. Cch thc ny
hin nay ang c s dng ph bin hn l phi yu cu ngi s dng cung cp chng
ch chng thc.
Giao thc SSL cho php thc hin c hai kh nng trao i kha ni trn.
Mt phng php khc m SSL cng s dng trao i kha l phng php
Diffie-Hellman. SSL c ba dng Diffie-Hellman.
- Fixed Diffie-Hellman: l phng php trao i kha Diffie-Hellman m trong
cc yu t cng khai (g, t) c chng thc ging nh chng thc kha cng khai
ca RSA. iu ny gip ngn chn hnh thc tn cng k-ng-gia.
- Ephemeral Diffie-Hellman: l phng php trao i kha Diffie-Hellman c
bo v bng m ha kha cng khai RSA. y l hnh thc Diffie-Hellman an
ton nht.
- Anonymous Diffie-Hellman: Diffie-Hellman thng, do c th b tn cng
theo hnh thc k-ng-gia.
Cc phng php m ha i xng m SSL c th thc hin l RC4, RC2, DES,
3DES, IDEA, AES. Hnh sau y minh ha m hnh n gin ca giao thc SSL.

A
A

B
1. IDA
2. CB||NB
3. E(S , KUB)
4. H(KS)
5. E(P||KS)
113


Do c th p dng nhiu phng php m ha khc nhau nn c t ca giao thc
SSL kh phc tp. Phn tip theo s ch yu trnh by giao thc SSL version 3 trong
trng hp s dng RSA. SSL gm c hai phn c bn l giao thc bt tay v giao thc
truyn d liu.
7.3.1 Giao thc bt tay - SSL Handshaking Protocol
Trc khi tin hnh truyn s liu, SSL thc hin giao thc bt tay chng thc
website v chng thc ngi duyt web, trao i kha phin v thng nht cc thut ton
m ha c s dng. S bt tay c minh ha trong hnh bn di.
Client Server
client_hello
server_hello
certificate
certificate_request
server_hello_done
certificate
client_exchange_key
certificate_verify
finished
finished
Phase 1
Phase 2
Phase 3
Phase 4

(ng nt t l cc thng ip khng bt buc, ch s dng khi cn chng
thc t pha client)
Pha 1: Chn thut ton m ha
Pha 2: Server cung cp chng ch
Pha 3: Trao i kha phin
Truyn d liu ca giao thc HTTP

client

server
Pha 4: Hon tt bt tay

114

Hnh 7-6. Giao thc bt tay SSL
S trn gm c 10 loi thng ip v c chia thnh 4 pha:
1) Pha 1: tha thun v phng php m ha c s dng. Pha ny bt u bng
thng ip client_hello c gi t client n website, thng ip ny gm cc
tham s sau:
- Version: phin bn SSL cao nht m client s dng
- Random: l mt cu trc ngu nhin gm 32 byte
- SessionID: nu bng 0 c ngha l client mun thit lp mt session mi
hon ton. Nu khc 0 ngha l client mun thit lp mt kt ni mi trong
session ny. Vic dng session gip cho client v server gim cc bc
tha thun trong qu trnh bt tay.
- CompressionMethod: phng php nn d liu s dng trong qu trnh
truyn d liu
- CipherSuite: Cc phng php m ha kha cng khai dng trao i
kha phin nh RSA, Fixed Diffie-Hellman, Ephemeral Diffie-Hellman,
Anonymous Diffie-Hellman. Phng php no lit k trc th c c u
tin hn. ng vi mi phng php trao i kha l danh sch cc loi m
ha i xng c s dng. Gm cc tham s sau:
- CipherAlgorithm: phng php m ha i xng s dng (l mt
trong cc phng php m khi RC2, DES, 3DES, IDEA, AES,
Fortezza hay m dng RC4)
- Hash Algorithm: MD5 hay SHA-1.
- CipherType: m ha i xng l m khi hay m dng.
- KeyMaterial: mt chui byte c dng sinh kha.
- IV Size: kch thc ca IV dng trong m hnh CBC ca m khi.
- Sau khi nhn c client_hello server s tr li bng thng ip
server_hello xc cc thut ton c s dng.
2) Pha 2: chng thc server v trao i kha ca m ha cng khai. Sau khi xc
nhn thut ton m ha vi client, server tip tc thc hin cc thng ip sau:
- Thng ip certificate: server cung cp certificate ca mnh cho client
(di dng chng ch X.509) .
- Thng ip certificate_request: trong trng hp server cn chng thc
ngi s dng, server s gi thng ip ny yu cu client cung cp
chng ch.
- Thng ip server_hello_done: bo hiu server hon tt pha 2.
3) Pha 3: chng thc client v trao i kha ca m ha i xng
- Thng ip certificate: nu server yu cu certificate, client cung cp
certificate ca mnh cho server.
- Thng ip client_key_exchange: trong bc ny client gi cc thng s
cn thit cho server to kha b mt. Ta cng s ch cp n trng
hp RSA. Trong trng hp ny client to mt gi tr bt k gi l tin
kha ch (pre-master secret) c kch thc 48 byte, m ha bng kha
115

cng khai ca server. Sau khi c pre-master secret, client v server s
tnh gi tr kha ch (master-secret) nh sau:
master_secret = MD5(pre_master_secret || SHA('A' ||
pre_master_secret ||ClientHello.random ||
ServerHello.random)) ||
MD5(pre_master_secret || SHA('BB' ||
pre_master_secret || ClientHello.random ||
ServerHello.random)) ||
MD5(pre_master_secret || SHA('CCC' ||
pre_master_secret || ClientHello.random ||
ServerHello.random))
Master_secret cng c chiu di l 48 byte (384 bt). Php ton || l php ni
- Thng ip certificate_verify: l ch k ca client trong trng hp server
cn chng thc client. Client phi dng kha ring k ch k, do
server c th m bo c l khng ai khc dng certificate ca client
gi mo.
4) Pha 4: hon tt qu trnh bt tay. Trong pha ny client v server gi thng ip
finished thng bo hon tt qu trnh bt tay ln nhau. Tham s ca thng ip
ny l mt gi tr hash hai bn c th kim tra ln nhau. Gi tr hash ny kt
ni ca 2 gi tr hash:
MD5(master_secret || pad2 ||
MD5(handshake_messages || Sender || master_secret || pad1))
SHA(master_secret || pad2 ||
SHA(handshake_messages || Sender || master_secret || pad1))
Trong handshake_messages l tt c cc thng ip u n trc thng
ip finished ny. Sender l m phn bit thng ip finished ny l t client hay
t server. y l c ch chng replay attack dng hm hash m chng ta tm hiu
trong chng 6.
Da trn gi tr master_secret, client v server s tnh cc tham s cn thit cho m
ha i xng nh sau:
- Hai kha dnh cho vic m ha d liu, mt kha dnh cho chiu server gi
client v 1 kha dnh cho chiu client v server.
- Hai gi tr IV, cng dnh cho server v client tng ng
- Hai kha dnh cho vic tnh gi tr MAC, cng tng ng cho server v client
Ty theo phng php m ha i xng c s dng m cc tham s ny c chiu
di khc nhau. Tuy nhin, chng c ly t dy bt theo cng thc sau:
key_block = MD5(master_secret || SHA('A' || master_secret ||
ServerHello.random || ClientHello.random)) ||
MD5(master_secret || SHA('BB' || master_secret ||
ServerHello.random || ClientHello.random)) ||
MD5(master_secret || SHA('CCC' || master_secret ||
ServerHello.random ||ClientHello.random)) ||
. . .
116

Vic dng cc gi tr ClientHello.random v ServerHello.random s lm phc tp
vic ph m hn.
n y client v server hon tt qu trnh bt tay trao i kha, sn sng
truyn s liu theo giao thc truyn s liu.
7.3.2 Giao thc truyn s liu - SSL Record Protocol
Hnh bn di minh ha cc bc thc hin trong qu trnh truyn s liu:

Hnh 7-7. Truyn d liu theo khi trong SSL
Trong giao thc truyn s liu, d liu c chia thnh cc khi c kch thc l 2
14

byte (16384) Sau , d liu ny c nn li. Tuy nhin hin nay trong SSL version 3
cha m t c th mt phng php nn no nn mc nh xem nh l khng nn.
Bc tip theo gi tr MAC ca khi d liu nn c tnh theo cng thc sau:
hash(MAC_key || pad_2 ||hash(MAC_key || pad_1 || seq_num ||type ||length || data))
trong :
- Hm hash l hm MD5 hay SHA-1
- MAC_key: kha tnh MAC c client v server thng nht trong phn
bt tay
- pad_1: byte 0x36 (00110110) c lp li 48 ln (384 bt) i vi hm hash
MD5 v 40 ln (320 bt) i vi hm hash SHA-1
- pad_2: byte 0x5C (10101100) c lp li 48 ln i vi MD5 v 40 ln vi
SHA-1
- seq_num: s th t ca khi d liu
- type: loi khi d liu (xem phn bn di)
- length: kch thc khi d liu
- data: khi d liu
Sau khi tnh MAC xong, khi d liu cng vi gi tr MAC c m ha bng mt
thut ton m khi c la chn trong giao thc bt tay.
Cui cng mt SSL header c gn vo u khi d liu. SSL header gm cc field
sau:
- Content Type (1 byte): Ngoi vic truyn d liu ca giao thc HTTP, SSL
Record Protocol cn c dng truyn d liu ca giao thc Handshake
cng nh hai giao thc cn li SSL Change Cipher Spec v SSL Alert. Gi tr
D liu
Chia nh
Nn
Tnh MAC
M ha
Thm SSL header
117

ca field ny dng xc nh loi giao thc ang c s dng. i vi
giao thc giao thc Handshake d liu c truyn thng khng cn nn, tnh
MAC v m ha.
- Major Version (1 byte): s hiu chnh ca phin bn SSL. Vi SSLv3 field
ny c gi tr l 3.
- Minor Version (1 byte): s hiu ph ca phin bn SSL. Vi SSLv3 field ny
c gi tr l 0.
- Compressed Length (2 byte): kch thc tnh bng byte ca khi d liu sau
bc nn.

Hnh 7-8. Mi lin h gia cc giao thc con ca SSL
7.3.3 SSL Session v SSL Connection
trnh vic mi ln kt ni vi server l client phi tin hnh giao thc bt tay li
t u, SSL a ra khi nim Session v Connection. C th hnh dung, khi bn m trnh
duyt v kt ni n trang ch mt website, l bn to mt session mi, cn khi bn click
vo cc link i n cc trang web khc trong cng website, l bn to connection mi
trong session c ny. Do SSL ch cn thc hin giao thc bt tay khi to session, cn
khi to mi connection, SSL s gi nguyn tt c cc phng php m ha c chn,
gi nguyn gi tr pre-master secret. Lc ny SSL ch cn thay i hai gi tr
ClientHello.Random v ServerHello.Random, sau tnh li cc gi tr master secret v
2 kha MAC, 2 kha m ha v 2 IV. V vic trao i d liu trn connection mi c
th bt u m khng phi thc hin giao thc bt tay li t u.
7.4 Giao thc bo mt mng cc b Keberos
7.4.1 Keberos version 4.
Trong cc phn trn, chng ta tm hiu v chng thc X.509 v giao thc SSL
dng bo mt d liu truyn i trn mng Internet. Mi server trn internet u c
chng ch X.509 v c ch xc thc mt khu ngi s dng bo m tnh chng thc
ca c hai bn, ng thi thit lp kha phin bo mt d liu.
Giao thc Keberos l mt giao thc chng thc s dng trong mi trng mng quy
m nh hn nh l mng cc b LAN. Trong mng LAN s dng trong cc t chc v
doanh nghip, cng c cc dch v c cung cp qua mng nh dch v in n, dch v
chia s file, c s d liu, email Mi dch v ny u cn chng thc ngi s dng
cng nh bo mt. D nhin l c th dng chng thc X509. Tuy nhin trong mi trng
SSL Record Protocol
TCP
IP
SSL
Handshake
Protocol
SSL Change
Cipher Spec
Protocol
SSL Alert
Protocol

HTTP
118

mng nh nh mng LAN, giao thc Keberos c th c s dng nh l mt gii php
thay th.
Keberos l giao thc chng thc da trn khi nim trung tm phn phi kha KDC
(xem phn 3.9 v m hnh m rng chng replay attack trong chng 6), tc Keberos ch
da trn m ha i xng. Giao thc ny do MIT chun ha. Mc ch ca Keberos l
trao i kha phin, thng qua m bo tnh bo mt v tnh chng thc. Do nguyn tc
ca Keberos da trn KDC nn Keberos cng k tha c nhng u im ca m hnh
KDC nh tnh phi trng thi. Hnh di minh ha m hnh hot ng ca Keberos version
4.
`
Authentication
Server(AS)
Keberos
Ticket-Granting
Server (TGS)
1
. R
e
q
u
e
st Ticke
t-
G
ran
tin
g Ticke
t
2
. Ticket+Sessio
n
K
ey
3. Request Service-
Granting Ticket
5
. R
e
q
u
e
s
t
S
e
r
v
ic
e
6
. P
r
o
v
id
e
s
e
r
v
e
r

a
u
t
h
e
n
t
ic
a
t
o
r
4. Ticket+Session Key
Thc hin 1
ln lc logon
Thc hin 1 ln ti
mi phin dch v
Thc hin 1 ln
theo loi dch v
Client A
Server B

Hnh 7-9. M hnh chng thc v trao i kha phin Keberos
Trong m hnh trn, client A cn kt ni s dng dch v ti server B. Authentication
Server AS (ch c mt AS) v Ticket-Granting Server TGS (c th c nhiu TGS) ng vai
tr l cc KDC. Server AS c nhim v cung cp kha i xng cho trao i gia client A
v server TGS. Server TGS c nhim v cung cp kha i xng cho trao i gia client A
v server dch v B. Cc ngi s dng A cn ng k mt khu KA ca mnh vi Server
AS. Cc server dch v B ng k kha b mt KB vi Server TGS. Server TGS cng ng
k kha b mt KTGS vi Server AS. Qu trnh phn phi kha phin KAB ngi s dng
A kt ni vi Server B tri qua ba giai on nh sau.
a) Giai on ng nhp: c hai thng ip
1. A AS: IDA|| IDTGS|| TS1
2. AS A: E(KATGS||IDTGS||TS2||Lifetime2||TicketTGS, KA)
TicketTGS = E(KATGS||IDA||ADA||IDTGS||TS2||Lifetime2 , KTGS)
Trc tin A s gi yu cu n server AS, ngh cung cp kha phin kt
ni vi server TGS. IDA v IDTGS nhm nh danh client A v server TGS, TS1 l
timestamp xc nh thi im client A gi yu cu. Sau server AS s pht sinh
kha phin KATGS ny v m ha thnh hai bn, mt bn dnh cho A (c m ha
bi KA) v mt bn dnh cho TGS (c m ha bi KTGS). Tuy nhin bn dnh cho
TGS c giao cho A qun l v c gi l Ticket-Granting Ticket (TGT). A s
119

dng ticket ny thit lp kt ni vi TGS. TS2 l timestamp xc nh thi im cp
th, Lifetime2 l thi hn hiu lc ca th ny. ADA l a ch mng ca client A, yu
t ny dng chng li ph hoi replay attack.
b) Giai on ng k s dng dch v:
3. A TGS: IDB|| TicketTGS|| Authenticator
Authenticator = E(IDA||ADA||TS3 , KATGS)
4. TGS A: E(KAB||IDB||TS4||TicketB, KATGS)
TicketB = E(KAB||IDA||ADA||IDV||TS4||Lifetime4 , KB)
-
Sau khi c cp ticket TGT v kha phin KATGS trao i vi server TGS,
client A gi ticket ny cho server TGS cng vi mt autheticator TGS chng thc
client A. Trong thng ip ny client cng yu cu TGS cp kha phin kt ni
vi server dch v B. IDB nhm xc nh server dch v ny. TS3 l timestamp xc
nh thi im A s dng KATGS (chng replay attack).
Sau khi gii m ticket, TGS c c kha phin KATGS. T TGS c th kim
tra tnh chng thc ca client A qua Authenticator. Sau TGS s pht sinh kha
phin KAB v m ha thnh hai bn, mt bn dnh cho A (c m ha bi KATGS ) v
mt bn dnh cho B (c m ha bng KB). Tng t nh TGT, bn dnh cho B
cng c giao cho A qun l v c gi l service ticket. A dng ticket ny trao
i d liu vi B.
TS4 v Lifetime4 l thi im hiu lc v thi hn hiu lc ca ticket ny.
c) Giai on s dng dch v:
5. A B: TicketB|| Authenticator
Authenticator = E(IDA||ADA||TS5 , KAB)
6. B A: E(TS5 + 1, KAB)

Tng t nh thng ip 3, sau khi c cp service ticket v kha phin KAB
trao i vi server B, client A gi ticket ny cho server B cng vi mt
Autheticator B chng thc A (tng t nh authenticator TGS chng thc A).
B gii m ticket ny c c kha phin KAB v t B gii m authenticator
kim tra tnh chng thc ca A. TS5
l timestamp xc nh thi im A s dng KAB
(chng replay attack)
Tip theo B c th gi li TS5+1 cho A A chng thc B. Sau thng ip ny
A v B c th tin hnh trao i d liu thng qua kha phin KAB.
A c th s dng TicketB kt ni vi server B nhiu ln trong thi hn
TicketB cn hiu lc. Khi ticket ny ht hn, A c th gi li yu cu mi cho TGS
TGS cp ticket khc.
7.5 Cu hi n tp
1. Ti sao nu Bob tin tng vo kha cng khai ca trung tm chng thc X th Bob c
th tin tng vo kha cng khai ca Alice? (kha ny c nhng trong chng ch
X.509 do X cp cho Alice)
120

2. Trong giao thc SSL, client c cn cung cp chng ch X.509 cho server khng?
3. Trong giao thc SSL, d liu Web (HTML) c m ha dng phng php m
ha kha cng khai hay m ha i xng?
4. Giao thc SSL c th bo m d liu truyn trn mng. Vy mc ch ca giao
thc Keberos l g?
7.6 Bi tp thc hnh
1. To chng ch X.509 theo cc cch thc:
Dng cng c makecert ca microsoft
Dng cng c openssl
ng k ti Verisign
2. Lp trnh xem ni dung ca mt chng ch X509, trch kha cng khai t chng ch.


3. Ci t SSL cho web server Internet Information Server IIS
4. Ci t SSL cho web server Apache.


121

CHNG 8. PH M VI SAI V PH M TUYN TNH

Trong chng 3 chng ta cp s lc n ba cch thc ph m DES. Chng
ny trnh by cch thc ph m vi sai v ph m tuyn tnh. Vic tm hiu hai cch thc
tn cng ny gip chng ta hiu r hn v c im v cch thc xy dng m khi.
n gin, chng ta s tm hiu ph m TinyDES. Vic ph m DES cng thc hin theo
nguyn tc tng t.
8.1 Ph m vi sai (Differential Cryptanalysis)
Trong chng 3, chng ta tm hiu hiu ng lan truyn ca m DES, di tc
ng ca cc S-box v kha K, ch cn thay i mt bt trong bn r hay trong kha s dn
n s thay i ca nhiu bt trong cc gi tr trung gian LiRi v trong bn m. Do ngi
ph m kh phn tch c mi lin quan gia bn r, bn m v kha cho d ph m
trong trng hp known-plaintext hay chosen-plaintext.

Tuy nhin, nu xt di gc gi tr vi sai (differential) th tc dng lan truyn ca
kha K v hm S-box li mt hiu lc. Ta nh ngha khi nim vi sai nh sau:
Gi s hai gi tr X1 v X2 cng s bt, th vi sai gia X1 v X2 l: X = X1 X2
Tnh cht ca gi tr vi sai qua cc php bin i:
1) Php XOR vi gi tr kha:
Cho


th:


nh vy input XOR bng output XOR, iu c ngha l gi tr vi sai khng
chu tc ng ca kha. y l yu t quan trng ca ph m vi sai.
2) Php P-box:
Cho


L
i-1
R
i-1


K
i

L
i
R
i

Expand
S-box
P-box

X
Y
Z
122

th:


iu c ngha l nu vi sai ca u vo (input XOR) l c nh th vi sai
ca u ra (output XOR) cng c nh. Php bin i P-box l tuyn tnh, ng vi
mi gi tr u vo c 1 gi tr u ra v ngc li.
3) Php Expand:
Cho


th:


tng t nh hm P-box, trong hm Expand, nu input XOR l c nh th
output XOR cng c nh. Hm Expand cng l php bin i tuyn tnh.
4) Php S-box
Xt S-box ca m TinyDES (cng l hp S1 ca m DES) vi 6 bt u vo
v 4 bt u ra:
Cho


Trong trng hp ny output XOR

khng c nh v S-box khng


phi l php bin i tuyn tnh. V d, xt bng di y trong trng hp input
XOR l 000001:
X1 X2 X1 X2 Y1 Y2 Y1 Y2
000000 000001 000001 1110 0000 1110
001000 001001 000001 0010 1110 1100
100000 100001 000001 0100 1111 1011


ng vi mi gi tr ca X1 th c mt X2 tng ng gi tr XOR l 000001.
Do bng trn c 2
6
= 64 dng tng ng vi 64 cp (X1, X2). Tng t nh vy
i vi cc input XOR khc. D rng ng vi cng mt input XOR th cc gi tr
output XOR l khc nhau, nhng nu xt di gc thng k th vn tn ti mi
quan h gia input XOR v output XOR, iu c th hin qua bng sau:
123


Input XOR
(6 bt)
Output XOR (4 bt)
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 64
1 6 2 4 4 10 12 4 10 6 2 4
2 8 4 4 4 6 8 6 12 6 4 2
3 14 4 2 2 10 6 4 2 6 4 4 2 2 2
4 6 10 10 6 4 6 4 2 8 6 2
5 4 8 6 2 2 4 4 2 4 4 12 2 4 6
6 4 2 4 8 2 6 2 8 4 4 2 4 2 12
7 2 4 10 4 4 8 4 2 4 8 2 2 2 4 4
8 12 8 8 4 6 2 8 8 2 2 4
9 10 2 4 2 4 6 2 2 8 10 2 12
A 8 6 2 2 8 6 6 4 6 4 2 10
B 2 4 10 2 2 4 2 6 2 6 6 4 2 12
C 8 6 6 6 6 4 6 6 14 2
D 6 6 4 8 4 8 2 6 6 4 6 2 2
E 4 8 8 6 6 4 6 6 4 4 8
F 2 2 4 4 6 4 2 4 8 2 2 2 6 8 8
10 2 14 6 6 12 4 6 8 6
11 6 8 2 4 6 4 8 6 4 6 6 4
12 8 4 2 6 6 4 6 6 4 2 6 6 4
13 2 4 4 6 2 4 6 2 6 8 4 6 4 6
14 8 8 10 4 2 8 2 2 4 4 8 4
15 4 6 4 2 2 4 10 6 2 10 4 6 4
16 8 10 8 2 2 6 10 2 2 6 2 6
17 4 4 6 10 6 2 4 4 4 6 6 6 2
18 6 6 8 4 2 2 2 4 6 8 6 6 2 2
19 2 6 2 4 8 4 6 10 4 4 2 8 4
1A 6 4 4 6 6 6 6 22 2 4 4 6 8
1B 4 4 2 4 10 6 6 4 6 2 2 4 2 2 4 2
1C 10 10 6 6 12 6 4 2 4 4
1D 4 2 4 8 2 12 2 6 6 6 14
1E 2 6 14 2 6 4 10 8 2 2 6 2
1F 2 4 10 6 2 2 2 8 6 8 4 6 4
20 10 12 8 2 6 4 4 4 2 12
21 4 2 4 4 8 10 4 4 10 4 2 8
22 10 4 6 2 2 8 2 2 2 2 6 4 4 10
23 4 4 8 2 6 6 6 2 10 2 4 10
24 12 2 2 2 2 14 14 2 2 6 2 4
25 6 4 4 12 4 4 4 10 2 2 2 4 2 2 2
26 4 10 10 10 2 4 4 6 4 4 4 2
27 10 4 2 2 4 2 4 8 4 8 8 4 4
28 12 2 2 8 2 6 12 2 6 4 6 2
29 4 2 2 10 2 4 14 10 2 4 6 4
2A 4 2 4 6 2 8 2 2 14 2 6 2 6 2 2
2B 12 2 2 2 4 6 6 2 2 6 2 6 8 4
2C 4 2 2 4 2 10 4 2 2 4 8 8 4 2 6
2D 6 2 6 2 8 4 4 4 2 4 6 8 2 6
2E 6 6 2 2 2 4 6 4 6 2 12 2 6 4
2F 2 2 2 2 2 6 8 8 2 4 4 6 8 3 4 3
30 4 6 12 6 2 2 8 2 4 4 6 2 2 4
31 4 8 2 10 2 2 2 2 6 2 2 4 10 8
32 4 2 6 4 4 2 2 4 6 6 4 8 2 2 8
33 4 4 6 2 10 8 4 2 4 2 2 4 6 2 4
34 8 16 6 2 12 6 8 6
35 2 2 4 8 14 4 6 8 2 14
36 2 6 2 2 8 2 2 4 2 6 8 6 4 10
37 2 2 12 4 2 4 4 10 4 4 2 6 2 2 4
38 6 2 2 2 2 2 4 6 4 4 4 6 10 10
39 6 2 2 4 12 6 4 8 4 2 4 2 4 4
3A 6 4 6 4 6 8 6 2 2 6 2 2 6 4
3B 2 6 4 2 4 6 4 6 8 6 4 4 6 2
3C 10 4 12 4 2 6 4 12 4 4 2
3D 8 6 2 2 6 8 4 4 4 12 4 4
3E 4 8 2 2 2 4 4 14 4 2 2 8 4 4
3F 4 8 4 2 4 2 4 4 2 4 8 8 6 2 2

124

Trong bng trn tng ca mi dng l 64 (l s cp X1, X2 ng vi input
XOR tng ng), tuy nhin s 64 ny khng phn b u trn cc output XOR. Ta
c kt lun v gi tr vi sai ca S-box ny nh sau:
- Nu input XOR l 00 th output XOR chc chn l 0.
- Nu input XOR l 10 th output XOR l 7 vi xc sut 14/64. Bng di
lit k cc cp u vo v u ra tng ng
X1 X2 = 10 Y1 Y2=7
X1 X2 Y1 Y2
08 18 2 5
09 19 E 9
0B 1B 2 5
23 33 C B
24 34 E 9
2C 3C 2 5
2D 3D 1 6

- Nu input XOR l 34 th output XOR l 2 vi xc sut 16/64. Bng di
lit k cc cp u vo v u ra tng ng
X1 X2 = 34 Y1 Y2=2
X1 X2 Y1 Y2
04 30 D F
05 31 7 5
0E 3A 8 A
11 25 A 8
12 26 A 8
14 20 6 4
1A 2E 9 B
1B 2F 5 7

T ta c kt lun sau v gi tr vi sai ca hm F trong TinyDES, vi
input XOR v output XOR ca hm F l 4 bt:
F = P-box(S-box(Expand( Ri-1) Ki))
- Nu input XOR ca F l 0: output XOR ca Expand l 0 (6 bt) input
XOR ca S-box l 0 (kha khng nh hng n vi sai) input XOR ca
P-box (4 bt) chn chn l 0 output XOR ca F chn chn l 0.
- Nu input XOR ca F l 3: output XOR ca Expand l 34 input
XOR ca P-box (4 bt) l 2 vi xc sut 16/64 output XOR ca F l 8
vi xc sut 16/64 = 1/4.
- Nu input XOR ca F l 1: output XOR ca Expand l 10 input
XOR ca P-box (4 bt) l 7 vi xc sut 14/64 output XOR ca F l B
vi xc sut 14/64 = 7/32.
125

Nh vy, d khng bit gi tr ca kha K nhng ta vn c th tn c s lan truyn
ca gi tr vi sai qua 3 vng ca TinyDES. Xt v d sau:
Chn

sao cho vi sai

83 (83: s thp lc phn).


Qu trnh lan truyn vi sai qua cc vng TinyDES c th hin trong bng bn di.

83 Xc sut

3

1/4

2

1

3

(1/4)1

3

2

38

(1/4)(1/4)

Nh vy vi sai ca bn m l 38 vi xc sut 1/16. iu c ngha l trung bnh
trong 16 cp bn r c vi sai l 83 th s tm thy 1 cp c vi sai bn m l 38.
Vi 1 kha K c th no , gi s ta thc hin chosen-plaintext cho 16 cp (bn r,
bn m) v tm thy 1 cp sau:


(c vi sai bn r l 83 v vi sai bn m l 38)
Nh vy, ti vng th 3, input ca hm F trong hai trng hp tng ng l

. Do output ca hm Expand trong 2 trng hp l 2F v 1B.


V input XOR v output XOR ca S-box trong vng th 3 ny l 34 v 2. Tra bng, ta c
cc kha K
3
c th c l:
X1 X2 = 34
K3
X1 X2 = 34
K3
X1=2F K3 X2=1B K3 X1=1B K3 X2=2F K3
04 30 2B 04 30 1F
05 31 2A 05 31 1E
0E 3A 21 0E 3A 15
11 25 3E 11 25 0A
12 26 3D 12 26 09
14 20 3B 14 20 0F
1A 2E 35 1A 2E 01
1B 2F 34 1B 2F 00

Tng t, chn

sao cho vi sai

1. Qu trnh
lan truyn vi sai qua cc vng TinyDES c th hin trong bng bn di.

1 Xc sut

1

7/32

2

1

1

(7/32)1

3

2

1

(7/32)
2
~ 0.048
126

Nh vy vi sai ca bn m l 1B vi xc sut 0.048. iu c ngha l trung bnh
trong 21 cp bn r c vi sai l B1 th s tm thy 1 cp c vi sai bn m l 1B.
Vi 1 kha K c th no , gi s ta thc hin chosen-plaintext cho 21 cp (bn r,
bn m) v tm thy 1 cp sau:

83

98
(c vi sai bn r l B1 v vi sai bn m l 1B)
Ti vng th 3, input ca hm F trong hai trng hp tng ng l

9. Do output ca hm Expand trong 2 trng hp l 01 v 11. V input


XOR v output XOR ca S-box trong vng th 3 ny l 10 v 7. Tra bng, ta c cc kha
K
3
c th c l:
X1 X2 = 10
K3
X1 X2 = 10
K3
X1=01 K3 X2=11 K3 X1=11 K3 X2=01 K3
08 18 09 08 18 19
09 19 08 09 19 18
0B 1B 0A 0B 1B 1A
23 33 22 23 33 32
24 34 25 24 34 35
2C 3C 2D 2C 3C 3D
2D 3D 2C 2D 3D 3C

Kt hp 2 bng, th K3 phi l gi tr thuc tp { 09, 0A, 35, 3D }. Gi 8 bt ca kha
K l k0k1k2k3k4k5k6k7
, th 6 bt ca K3 l k5k1k3k2k7k0. Nh vy vi tng trng hp ca
K3 chng ta c th th cc gi tr ca k4 v k6. V d gi s K3 l 09 (nh phn 001001),
nh vy kha K c dng 1001x0x0, v kha K c 4 trng hp: 10010000, 10010010,
10011000, 10011010. Ln lt m ha bn r 2B vi 4 trng hp trn ca kha K, th ch
c trng hp K = 1001.1010 cho ra bn r E5.
Nh vy thay v vt cn 256 trng hp ca kha K, chng ta ch cn th 16+21= 37
cp bn r-bn m, sau th thm 16 trng hp ca kha K th tm ra c gi tr chnh
xc ca K. iu ny chng t phng php ph m vi sai l c hiu qu ph m
TinyDES.
8.2 Ph m tuyn tnh (Linear Cryptanalysis)
Trong phn m TinyDES, chng ta ni S-box l mt cu trc phi tuyn, tc vi
Y=S-box(X) th gia X v Y khng c mi lin h ton hc. Tuy nhin nu ch xt mt s
bt ca X v Y li bc l mt s quan h tuyn tnh.
Chng ta k hiu cc bt ca X v Y nh sau:


Gi a l cc gi tr t 1 n 64 v b l cc gi tr t 1 n 15, a0a1a2a3a4a5 v
b0b1b2b3 l biu din nh phn tng ng ca a v b. Vi mt a v b c th, tnh:

1
127

1
Vi 64 trng hp ca Y=S-box(X), ta nh ngha s S(a, b) nh sau:
S(a, b) l s trng hp m LX(X, a) = LY(Y, b)
Bng bn di lit k cc gi tr S(a, b) 32 vi a t 1 n 32 v b t 1 n 15.

Nu S(a, b) = 32, th cc bt theo a ca X v cc bt theo b ca Y khng c mi quan
h tuyn tnh
Xt S(16, 15) = 14 , iu ny c ngha l:

xy ra vi xc sut 14/64
hay

xy ra vi xc sut 50/64
ta vit li mi quan h ny Y[0,1,2,3] = X[1]
Nh vy nu xt Y=F(X, K) vi F l hm Feistel trong 1 vng ca m TinyDES:


Th ta c quan h tuyn tnh sau:
[123] [3] [1]
By gi ta lin kt mi quan h ny qua ba vng ca TinyDES

Xc sut

[123]

[123]

[3]

[1]

14/64
a
b
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
2 -2 -2 -4 -2 0 -4 6 2 0 0 6 4 -2 -6 4
3 -2 -2 -4 -2 0 -4 6 2 8 0 -2 4 6 -6 -4
4 2 -2 -4 -2 0 -4 -6 -2 4 8 2 0 -2 -6 12
5 -2 -2 0 -2 -4 -4 -2 2 -4 -4 2 4 -10 -2 -4
6 0 0 4 0 4 0 0 0 -4 4 4 0 0 -4 -8
7 -4 0 8 0 0 0 4 4 -4 -8 -4 4 0 0 0
8 4 -2 6 -6 -6 0 -4 -4 -4 2 -2 2 -2 0 0
9 0 6 -6 -2 -6 4 -4 0 -4 -2 6 2 -6 0 -4
10 -2 0 2 0 6 8 2 -2 0 -2 4 -2 0 -2 4
11 2 -8 -2 -4 -10 4 2 -6 8 2 4 -2 -4 -2 0
12 -2 0 6 0 2 0 2 2 0 6 -4 2 -4 6 0
13 6 0 6 4 -2 -4 -2 2 0 6 4 -2 8 -6 -4
14 0 -2 -2 2 2 0 0 4 4 6 -2 2 2 -4 4
15 0 -2 6 -2 -2 4 -4 -4 -4 -2 -2 -2 -2 0 0
16 2 2 0 -2 0 4 -6 0 6 2 -4 6 -4 -4 -18
17 2 -2 -4 2 -4 -4 10 -4 2 2 -4 -2 -4 0 -6
18 4 0 0 -4 4 0 4 -6 2 2 6 2 6 6 -10
19 4 -4 -4 0 0 -8 -12 -2 -2 -6 6 2 6 2 2
20 4 0 4 -8 -4 4 0 2 6 -2 2 6 2 -2 2
21 0 4 -4 -4 4 4 -4 10 2 2 2 -6 2 6 -2
22 6 2 0 2 -4 0 2 4 2 2 0 -2 0 0 2
23 2 6 -8 6 4 0 -2 -12 -2 -2 0 -6 0 0 -2
24 2 8 2 0 6 4 2 4 -2 4 6 0 -2 -4 2
25 -2 4 -6 0 -6 0 2 4 -6 8 6 0 2 0 -6
26 0 -6 2 -2 -2 4 4 -2 -2 0 0 -4 4 2 2
27 4 6 2 -10 2 -8 4 -2 -6 4 0 4 0 -2 2
28 -4 2 2 2 -6 0 -4 -2 -2 4 0 0 4 2 2
29 4 -2 -2 2 -6 -4 0 2 2 -4 0 -12 0 -6 -6
30 2 0 -2 4 -2 0 -2 0 6 -4 -2 0 -2 0 2
31 2 -4 2 -4 -2 4 2 4 -6 4 -2 -4 2 0 2
32 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

128

2

1

3

2

[123]

[123]

[3]

[1]

[123]

[123]

[3]

[1]

14/64



Suy ra:

[123]

[123]

[3]

[3]

[1]

[1]
hay

[1]
3
[1]
3
[123]

[123]

[3]
3
[3]
Phng trnh trn tha mn vi xc sut (14/64)
2
+ (1-14/64)
2
= 0.66. Gi s ta ph
m known-plaintext vi 100 cp bn r-bn m v c c kt qu sau:

[123]

[123]

[3]

[3] 1 xut hin 66 ln

[123]

[123]

[3]

[3] xut hin 34 ln


Th ta c th kt lun

[1]
3
[1] 1 hay

2
1 vi k1, k2 l bt th 1 v
th 2 trong kha K ban u.
Nh vy ta bit c mi quan h gia hai bt k1, k2 ca kha K ban u, iu
ny gip ta ch cn tm trong 128 gi tr ca kha K m thi. iu ny chng t phng
php ph m tuyn tnh l c hiu qu ph m TinyDES hn l phng php vt cn
kha.
8.3 Kt lun v nguyn tc thit k m khi.
V chng ta khng th chng minh v mt l thuyt l m khi c an ton tuyt i
hay khng nn cc nh nghin cu tm cch chng li cc hnh thc ph m bit.
chng li hai hnh thc ph m vi sai v tuyn tnh, mt s nguyn tc sau c t ra.
1) Tng s vng m ha: v ph m vi sai v tuyn tnh thc hin theo xc sut nn
s vng cng nhiu th xc sut cng gim.
2) Ci thin hm S-box: hm S-box phi c ci tin sao cho du vt vi sai v du
vt tuyn tnh cng t cng tt (xc sut vi sai v xc sut tuyn tnh gim).
3) Ci thin vic xo trn (mix) kt qu trung gian t vng ny qua vng khc, th
hin cc hm Expand v P-box. Vic xo trn tt hn s lm cho vic lin kt vi
sai v lin kt tuyn tnh gia cc vng gim i.
Trong chng tip theo, chng ta s tm hiu v m ha AES. M ha ny thc hin
rt tt hm S-box v P-box nn m AES ch cn thc hin 10 vng so vi 16 vng ca m
DES.





129

CHNG 9. ADVANCED ENCRYPTION STANDARD AES

9.1 Nhm, vnh, trng
Nhm, vnh, trng cc yu t c bn ca mt ngnh ton hc gi l i s tru
trng (abstract algebra). Trong ngnh ton ny, chng ta quan tm n mt tp cc phn
t, cch thc kt hp phn t th nht v phn t th hai to thnh mt phn t th ba
(ging nh trong s hc thng ta dng php cng v php nhn p dng trn hai s cho ra
kt qu s th ba)
9.1.1 Nhm (Group)
Mt nhm, k hiu l {G, }, l mt tp G cc phn t v mt php kt hp 2 ngi
tha mn cc iu kin sau:
A1) Tnh ng:
A2) Tnh kt hp:
A3) Phn t n v:
A4) Phn t nghch o:


V d 1: D thy tp s nguyn Z v php cng s nguyn l mt nhm. Phn t n
v l 0. Vi a e Z th nghch o ca a l a. Tp Z c v hn phn t nn nhm ny c
gi l nhm v hn.
V d 2: xt mt tp S gm n s nguyn { 1, 2, , n }. nh ngha tp T c cc phn
t l cc hon v ca tp S.
V d n = 4, nh vy {1, 2, 3, 4} e T, {3, 2, 1, 4} e T, .. Tp T c 4! = 24 phn t.
Tip theo, nh ngha php kt hp nh sau: c = a b l mt hon v ca a theo th
t trong b. V d: a = { 2, 3, 4, 1}, b = {3, 2, 4, 1 }. Hon v ca a theo b l { 4, 3, 1, 2}. c
cng l phn t thuc T nn tha tnh cht A1.
Nu chn e = {1, 2, 3, 4} th khng lm thay i th t ca a, cn s hon
v e tr thnh a. V vy {1, 2, 3, 4} l phn t n v theo tnh cht A3.
Ta cng c th chng minh tp T v php hon v tha mn hai tnh cht cn li A2
v A4. Ngha l T v php hon v to thnh mt nhm. Tp T c hu hn phn t nn
nhm ny c gi l nhm hu hn.
Mt nhm c gi l nhm Abel nu c thm tnh cht sau:
A5) Tnh giao hon:
D thy tp Z l nhm Abel trn php cng. Cn tp T v php hon v khng phi l
nhm Abel vi n>2
Nhm vng:
Cho nhm {G, }, ta nh ngha php ly tha nh sau:


130

V d:

.
Ta gi G l nhm vng nu mi phn t ca G u biu din c di dng

vi
a thuc G v k l mt s nguyn. Lc ny a c gi l phn t sinh ca tp G.
V d tp Z l mt nhm vng vi a l 1: 5 = 1
5
, 4 = ( 1)
4


Mi nhm vng u c tnh giao hon nn u l nhm Abel.
9.1.2 Vnh (Ring)
Mt vnh R, k hiu { R, +, }, l mt tp cc phn t v hai php kt hp 2 ngi, gi
l php cng v php nhn, nu cc tnh cht sau c tha mn:
A1-A5) R l mt nhm Abel theo php cng: R tha mn cc tnh cht t A1 n A5, ta
k hiu phn t n v l 0 v phn t nghch o ca a trong php cng l a. Ta
nh ngha php tr l a b = a + (b)
M1) Tnh ng i vi php nhn: (vit tt thay cho du )
M2) Tnh kt hp i vi php nhn:
M3) Tnh phn phi gia php cng v php nhn:


Ngn gn, trong mt vnh, chng ta c th thc hin cc php cng, tr, nhn m
khng ra khi vnh (kt qu cc php ton cng, tr, nhn thuc R)
V d: cho tp cc ma trn vung cp n vi s thc, cc php cng v nhn ma trn
to thnh mt vnh.
Mt vnh c gi l vnh giao hon nu c thm tnh giao hon i vi php nhn:
M4) Tnh giao hon vi php nhn:
V d: cho tp cc s nguyn chn, vi cc php cng v nhn thng thng, to
thnh mt vnh giao hon, tp ma trn vung cp n nh trn khng phi l vnh giao hon.
Mt vnh c gi l min nguyn (integral domain) nu l vnh giao hon v c
thm hai tnh cht sau:
M5) Tn ti phn t n v php nhn: 1 1
M6) Lin quan gia php nhn v phn t n v php cng :

9.1.3 Trng (Field)
Mt trng, k hiu { F, +, }, l mt tp cc phn t v hai php kt hp 2 ngi, gi
l php cng v php nhn, nu cc tnh cht sau c tha mn:
A1-A5, M1-M6) F l mt min nguyn (tha cc tnh cht A1 n A5 v M1 n M6)
M7) Tn ti phn t nghch o ca php nhn:

1
Ngn gn, trong mt trng, chng ta c th thc hin cc php cng, tr, nhn, chia
m khng ra khi trng (kt qu cc php ton cng, tr, nhn, chia thuc F). nh ngha
php chia l:


131

V d: tp cc s thc vi php cng v nhn thng thng l mt trng. Tp cc s
nguyn khng phi l trng v khng thc hin c php chia.
9.2 S hc modulo v trng hu hn GF(p)
Trong chng 4 chng ta tm hiu v php ton modulo. Da trn php ton
modulo, chng ta xy dng mt tp Zn nh sau:
Cho mt s nguyn n: Zn = { 0, 1, 2, , n-1 }
Tng t nh tp s nguyn Z, trn tp Zn ta cng nh ngha cc php cng v nhn
nh sau: a , b, c e Zn :
- Php cng: c = a + b
nu c
- Php nhn: c = a.b nu c
D thy rng tp Zn cng vi php cng trn tha mn cc tnh cht ca mt nhm
Abel vi phn t n v ca php cng l 0 (cc tnh cht t A1 n A5).
Bn cnh , tp Zn cng vi php cng v php nhn trn tha mn cc tnh cht ca
mt min nguyn vi phn t n v ca php nhn l 1 (cc tnh cht t M1 n M6).
V d, vi n = 7 th php nhn v php cng l nh sau:

Tuy nhin khng phi tp Zn no cng tha tnh cht M7, ngha l mi phn t khc
0 ca Zn phi c phn t nghch o ca php nhn. Ch c vi nhng n l s nguyn t th
Zn mi tha tnh cht M7. (xem khi nim 6 trong phn L thuyt s chng 4). V d vi
n=8 (khng tha M7) v n= 7 (tha M7).

a -a a
-1

0 0 -
1 6 1
2 5 4
3 4 5
4 3 2
5 2 3
6 1 6

a -a a
-1

0 0 -
1 7 1
2 6 -
3 5 3
4 4 -
5 3 5
6 2 -
7 1 7

+ 0 1 2 3 4 5 6
0 0 1 2 3 4 5 6
1 1 2 3 4 5 6 0
2 2 3 4 5 6 0 1
3 3 4 5 6 0 1 2
4 4 5 6 0 1 2 3
5 5 6 0 1 2 3 4
6 6 0 1 2 3 4 5

x 0 1 2 3 4 5 6
0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6
2 0 2 4 6 1 3 5
3 0 3 6 2 5 1 4
4 0 4 1 5 2 6 3
5 0 5 3 1 6 4 2
6 0 6 5 4 3 2 1

Php cng trong Zn
Php cng trong s hc thng
132

Ta cng dng thut ton Euclid m rng tm phn t nghch o php nhn trong
tp Zn.
V d php chia: 5/4 = 5(4
-1
) = 5.2 = 3.
Nh vy vi n l s nguyn t, th tp Zn tr thnh mt trng hu hn m ta gi l
trng Galois (tn nh ton hc tm hiu v trng hu hn ny). Ta i k hiu Zn
thnh Zp vi quy nh p l s nguyn t. K hiu trng hu hn trn l GF(p)
9.3 S hc a thc v trng hu hn GF(2
n
)
9.3.1 Php ton a thc thng thng
Trong i s, chng ta nh ngha mt a thc bc n (n > 0) di dng


Trong cc ai e R, an = 0 c gi l cc h s. V ta cng nh ngha cc php
cng, tr, nhn a thc nh sau:
Cho


Php cng:


Php nhn:


Php tr:


Trong 3 php ton trn ta gi nh ai = 0 nu i > n v bi = 0 nu i > m.
Php chia a thc f(x) cho g(x) cng tng t nh php chia trn s nguyn, gm
mt a thc thng q(x) v mt a thc d r(x). r(x) c bc nh hn g(x)



V d:

2 ,

1
-

3
-

1
-

2 2
- a thc phn thng 2 v a thc phn d
Vi cc php ton cng v nhn nh trn th tp cc a thc (mi a thc l mt
phn t ca tp) to thnh mt vnh, vi phn t n v ca php cng l a thc e(x) = 0
v phn t n v ca php nhn l a thc d(x) = 1.
133

Tuy nhin tp cc a thc trn khng to thnh mt trng v khng tn ti phn t
nghch o ca php nhn (nn php chia 2 a thc tn ti phn d).
9.3.2 a thc nh ngha trn tp Zp
Trong phn trn ta nh ngha a thc c cc h s trong trng s thc (tp R).
Trong phn ny ta s xem xt tp cc a thc Wp c h s thuc trng Zp .

}
Trn tp Wp ta nh ngha cc php cng, tr, nhn, chia nh sau:


Php cng:


Php nhn:


Php tr:


Php chia:
Trong cc php ton

c nh ngha trong tp Zp
V d: xt trng

1 ,

1
-

1
-

1 v .
Trong v d trn c th xem g(x) v q(x) l a thc c s ca a thc f(x). f(x) =
g(x). q(x). Nhng a thc f(x) nh vy gi l a thc khng ti gin. a thc ti gin l
a thc ch c c s l a thc 1 v chnh n (khi nim ti gin tng t nh khi nim
s nguyn t trong tp s t nhin).
V d (cng xt trong trng Z2):
-

1 l a thc ti gin
-

1 khng phi l a thc ti gin v

1 1

1
Tng t nh khi nim c s chung ln nht ca 2 s t nhin, chng ta cng c
khi nim c s chung ln nht ca 2 a thc. Khi nim ln y l bc ln, v d

1 ln hn

1
134

V d: xt trong trng Z2
, USCLN ca hai a thc

1 v

1 l

1
Tng t nh tm USCLN ca 2 s nguyn, chng ta c th s i thut ton
Eulid tm USCLN ca hai a thc
/* Thut ton Euclid tnh gcd(a(x),b(x)) */
EUCLID (a(x),b(x))
A(x) = a(x); B(x) = b(x);
while B(x)<>0 do
R(x) = A(x) mod B(x);
A(x) = B(x);
B(x) = R(x);
end while
return A(x);

9.3.3 Php modulo a thc
Tng t nh php chia modulo trong tp s nguyn, ta nh ngha mt php chia
modulo a thc trong tp cc hm a thc.
Gi s ta c hai a thc f(x) v m(x) nh ngha trn trng Zp. Ta nh ngha php
chia modulo ca f(x) cho m(x) nh sau:
l phn d ca php chia
V d: thut ton AES s dng a thc

1 c nh
ngha trn trng Z2. Cng trn Z2 xt a thc:

1
Ta c:

1
9.3.4 Trng hu hn GF(2
n
)
Tng t nh vic xy dng tp Zp dng php modulo p vi p l s nguyn t, trong
phn ny ta s xy dng mt tp Wpm cc a thc dng php modulo a thc.
Chn mt a thc m(x l a thc ti gin trn Zp c bc l n. Tp Wpm bao gm cc
a thc trn Zp c bc nh hn n. Nh vy cc a thc thuc Wpm c dng:

1 1
Tp Wpm c p
n
phn t.
V d:
- p=3, n = 2 tp Wpm c 9 phn t: 1 2 1 2 2 2 1 2 2
- p=2, n = 3 tp Wpm c 8 phn t: 1 1

1.
Ta nh ngha li php cng v php nhn a thc nh sau:
- Php cng, tng t nh php cng trn Wp
- Php nhn, cng tng t nh php nhn trn Wp, v kt qu cui cng c
modulo vi m(x) bc ca kt qu nh hn n.
135

V m(x) l a thc ti gin nn tng t nh s hc modulo, cc phn t trong Wpm
tn ti phn t nghch o ca php nhn:

1
Do tn ti phn t nghch o, nn ta c th thc hin c php chia trong tp Wpm
nh sau:


Lc ny Wpm tha mn cc tnh cht ca mt trng hu hn v ta k hiu trng
hu hn ny l GF(p
n
) (cng theo tn ca nh bc hc Galois). Trong m ha, chng ta ch
quan tm n p =2 tc trng a thc hu hn GF(2
n
) trn tp Z2.
V d xt GF(2
3
), chn a thc ti gin

1, bng bn di th hin
php cng v php nhn.


tm phn t nghch o ca php nhn a thc, ta cng s dng thut ton Euclid
m rng tng t nh tm nghch o trong tp Zp.
/* Thut ton Euclid m rng tr v hai gi tr: */
/* - gcd(m(x),b(x)); */
/* - nu gcd(m(x),b(x))=1; tr v b
-1
(x) mod m(x) */
EXTENDED_EUCLID(m(x),b(x))
A1(x) = 1; A2(x) = 0; A3(x) = m(x);
B1(x) = 0; B2(x) = 1; B3(x) = b(x);
while (B3(x)<>0)AND(B3(x)<>1) do
Q(x) = phn thng ca A3(x) / B3(x);
x 0 1 x x+1 x
2
x
2
+ 1 x
2
+x x
2
+x+1
0 0 0 0 0 0 0 0 0
1 0 1 x x+1 x
2
x
2
+ 1 x
2
+x x
2
+x+1
x 0 x x
2
x
2
+ x x+1 1 x
2
+x+1 x
2
+1
x + 1 0 x + 1 x
2
+ x x
2
+ 1 x
2
+x+1 x
2
1 x
x
2
0 x
2
x+1 x
2
+x+1 x
2
+ x x x
2
+ 1 1
x
2
+ 1 0 x
2
+ 1 1 x
2
x x
2
+x+1 x+1 x
2
+x
x
2
+ x 0 x
2
+ x x
2
+x+1 1 x
2
+ 1 x+1 x x
2

x
2
+ x + 1 0 x
2
+x+1 x
2
+1 x 1 x
2
+x x
2
x+1
b) Bng php nhn

+ 0 1 x x+1 x
2
x
2
+ 1 x
2
+x x
2
+x+1
0 0 1 x x+1 x
2
x
2
+ 1 x
2
+x x
2
+x+1
1 1 0 x+1 x x
2
+1 x
2
x
2
+x+1 x
2
+x
x x x+1 0 1 x
2
+x x
2
+x+1 x
2
x
2
+1
x + 1 x+1 x 1 0 x
2
+x+1 x
2
+x x
2
+1 x
2

x
2
x
2
x
2
+1 x
2
+x x
2
+x+1 0 1 x x+1
x
2
+ 1 x
2
+1 x
2
x
2
+x+1 x
2
+x 1 0 x+1 x
x
2
+ x x
2
+x x
2
+x+1 x
2
x
2
+1 x x+1 0 1
x
2
+ x + 1 x
2
+x+1 x
2
+x x
2
+1 x
2
x+1 x 1 0
a) Bng php cng
136

T1(x) = A1(x) Q(x)B1(x);
T2(x) = A2(x) Q(x)B2(x);
T3(x) = A3(x) Q(x)B3(x);
A1(x) = B1(x); A2(x) = B2(x); A3(x) = B3(x);
B1(x) = T1(x); B2(x) = T2(x); B3(x) = T3(x);
end while
If B3(x)=0 then return A3(x); no inverse;
If B3(x)=1 then return 1; B2(x);

9.3.5 ng dng GF(2
n
) trong m ha
Khi thc hin m ha, i xng hay cng khai, bn r v bn m l cc con s, vic
m ha v gii m c th quy v vic thc hin cc php cng, tr, nhn, chia. Do bn
r v bn m phi thuc mt trng no vic tnh ton khng ra khi trng. Vic
quy bn r v bn m v trng s thc khng phi l phng n hiu qu v tnh ton trn
s thc tn km nhiu thi gian. My tnh ch hiu qu khi tnh ton trn cc s nguyn
di dng byte hay bt. Do trng Z
p
l mt phng n c tnh n. Tuy nhin
trng Z
p
i hi p phi l mt s nguyn t, trong khi nu biu din bn r bn m
theo bt th s lng phn t c dng 2
n
li khng phi l s nguyn t. V d, xt tp cc
phn t c biu din bi cc s nguyn 8 bt, nh vy c 256 phn t. Tuy nhin Z
256

li khng phi l mt trng. Nu ta chn trng Z
251
th

ch s dng c cc s t 0 n
250, cc s t 251 n 255 khng tnh ton c.
Trong bi cnh , vic s dng trng GF(2
n
) l mt phng n ph hp v trng
GF(2
n
) cng c 2
n
phn t. Ta c th nh x gia mt hm a thc trong GF(2
n
) thnh mt
s nh phn tng ng bng cch ly cc h s ca a thc to thnh dy bt an-1an-2a1a0.
V d xt trng GF(2
3
) vi a thc ti gin

1 tng ng vi s nguyn
3 bt nh sau:
a thc trong GF(2
3
) S nguyn tng ng thp lc phn
0 000 0
1 001 1
x 010 2
x+1 011 3
x
2
100 4
x
2
+1 101 5
x
2
+x 110 6
x
2
+x+1 111 7
Bng php cng v bng php nhn tng ng l
137


Bng nghch o ca php cng v php nhn:

Ngoi ra nu xt bng php nhn ca Z
8


Th phn b tn sut ca cc s khng u. Ta c bng so snh sau:

V vy nu dng GF(2
3
) th s thun ln hn cho m ha, trnh vic s dng tn sut
ph m.
9.3.6 Tnh ton trong GF(2
n
)
Vi vic biu din mt hm a thc trong GF(2
n
) thnh mt s nguyn n bt. Ta c
th thc hin php cng v php nhn a thc nh sau:
S nguyn 1 2 3 4 5 6 7
Xut hin trong Z
8
4 8 4 12 4 8 4
Xut hin trong GF(2
3
) 7 7 7 7 7 7 7

x 0 1 2 3 4 5 6 7
0 0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6 7
2 0 2 4 6 0 2 4 6
3 0 3 6 1 4 7 2 5
4 0 4 0 4 0 4 0 4
5 0 5 2 7 4 1 6 3
6 0 6 4 2 0 6 4 2
7 0 7 6 5 4 3 2 1

a -a a
-1

dng a
thc
dng s
dng a
thc
dng s
dng a
thc
dng s
0
0
0
0 - -
1
1
1
1 1 1
x
2
x
2 x
2
+1 5
x+1
3
x+1
3 x
2
+x 6
x
2

4
x
2

4 x
2
+x+1 7
x
2
+1
5
x
2
+1
5 x 2
x
2
+x
6
x
2
+x
6 x+1 3
x
2
+x+1
7
x
2
+x+1
7 x
2
4

+ 0 1 2 3 4 5 6 7
0 0 1 2 3 4 5 6 7
1 1 0 3 2 5 4 7 6
2 2 3 0 1 6 7 4 5
3 3 2 1 0 7 6 5 4
4 4 5 6 7 0 1 2 3
5 5 4 7 6 1 0 3 2
6 6 7 4 5 2 3 0 1
7 7 6 5 4 3 2 1 0

x 0 1 2 3 4 5 6 7
0 0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6 7
2 0 2 4 6 3 1 7 5
3 0 3 6 5 7 4 1 2
4 0 4 3 7 6 2 5 1
5 0 5 1 4 2 7 3 6
6 0 6 7 1 5 3 2 4
7 0 7 5 2 1 6 4 3

138

1) Php cng:
cho hai a thc


Php cng chnh l php XOR hai dy bt an-1an-2a1a0 v
bn-1bn-2b1b0.
2) Php nhn: lin quan n php modulo a thc ti gin
Chng ta s xem xt php nhn hai a thc trong trng GF(2
8
) dng a thc nguyn
t

1 (dng trong m ha AES). T c th tng qut ha


cho trng GF(2
n
) bt k.
Trc ht nhn xt rng:

1
(v 1

)
Mt a thc trong GF(2
8
) c dng:


Suy ra:


Nu b7 = 0 th:


Nu b7 = 1 th:

3
1
Nu vit theo dy bt th iu ngha l:

1 {

1111

1

p dng lp li nh vy tnh

vi k bt k, v t tnh c
V d: tnh

1(
7
1)
Php nhn trn vit theo bt l 01010111 10000011
01010111 00000010 = 10101110
01010111 00000100 = 01011100 00011011 = 01000111
01010111 00001000 = 10001110
01010111 00010000 = 00011100 00011011 = 00000111
01010111 00100000 = 00001110
01010111 01000000 = 00011100
01010111 10000000 = 00111000
V vy 01010111 10000011 = 01010111 [00000001 00000010
10000000] = 01010111 10101110 00111000 = 11000001
Vy

1(
7
1)
7

6
1
9.3.7 Tnh ton trong GF(2
n
) vi phn t sinh
Ngoi cch thc tnh php cng v php nhn a thc dng php XOR v Shift dy
bt, ta c th tnh bng cch dng phn t sinh.
139

Khi nim phn t sinh: gi tr g c gi l phn t sinh ca trng GF(2
n
) vi a
thc ti gin m(x) nu cc ly tha

(gm 2
n-1
phn t) sinh ra cc
a thc khc khng ca trng. Php ly tha trn thc hin modulo cho a thc m(x).
iu kin g l phn t sinh l:


V d, xt li trng GF(2
3
) vi

1
Nh vy g l phn t sinh th

1. Ta thc hin vic sinh cc


phn t ca trng nh sau:

1
Biu din ly
tha
a thc trong
GF(2
3
)
S nguyn tng
ng
thp lc
phn
0 0 000 0
g
0
1 001 1
g
1
g 010 2
g
2
g
2
100 4
g
3
g+1 011 3
g
4
g
2
+g 110 6
g
5
g
2
+g+1 111 7
g
6
g
2
+1 101 5

Da vo phn t sinh ta c th thc hin php nhn a thc bng mt php modulo
2
n-1
. V d, tnh 1

. Ta chuyn thnh

1 (kt
qu ny ging vi kt qu trong bng php nhn trong phn 9.3.4)

9.4 M ha AES
M ha AES l mt m ha theo khi 128 bt khng s dng nguyn tc ca h m
Feistel m s dng m hnh mng SPN. AES dng 4 php bin i chnh m ha mt
khi: Add row key, Substitute bytes, Shift rows, Mix columns. Mi php bin i nhn
tham s u vo c kch thc 128 bt v cho ra kt qu cng c kch thc 128 bt. AES
thc hin 4 php bin i trn nhiu ln to thnh 10 vng bin i nh hnh bn di.
140


Cc php bin i Substitute bytes, Shift rows, Mix columns c php bin i ngc
tng ng l Inverse sub bytes, Inverse shift rows, Inverse mix cols. Ring php bin i
Add row key n gin ch l php XOR nn php bin i ngc cng l Add row key.
Vn dng cc php bin i ngc trn, thut ton gii m AES cng gm 10 vng thc
hin theo chiu ngc li.
Kch thc kha ban u l 128 bt (gm 16 byte). AES dng hm Expand key m
rng kch thc kha thnh 44 word 32 bt. 44 word ny c chia thnh 11 cm kha
con, mi kha con 4 word lm tham s cho 11 thao tc Add row key.
R1
R10
Substitute bytes

Shift rows
Add round key
R9
R1
Add round key
Bn r 128 bt
.
Substitute bytes
128
Shift rows
128
Mix columns
Add round key
128
Substitute bytes

Shift rows
Mix columns
Add round key
R10
Inverse sub bytes

Inverse shift rows
Add round key
128
R9
Add round key
Bn r 128 bt
.
Inverse sub bytes

Inverse shift rows
Inverse mix cols
Add round key
128
Inverse sub bytes

Inverse shift rows
Inverse mix cols
Add round key
Bn m 128 bt Bn m 128 bt
Expand Key
w[0,3]
128
128
w[4,7]
128
128
w[36,39]
128
128
w[40,43]
128
key 128 bt
a) Giai on m ha b) Giai on gii m
141


Mi khi bn r gm 16 byte p0 p1 p15 c t chc di dng mt ma trn 4x4
(ma trn state). Chng ta i k hiu cho ma trn ny di dng s00 s10 s20 s30 s01 s11 s23
s33.

Cc php bin i Add row key, Substitute bytes, Shift rows, Mix columns s thc
hin trn ma trn S 4x4 ny.
Cc php tnh s hc trong AES c thc hin trong trng GF(2
8
) vi a thc ti
gin l

1. T y v sau ta ch ni n gin l GF(2


8
). Phn
sau trnh by chi tit cc thao tc Add row key, Substitute bytes, Shift rows, Mix columns
v Expand key.
9.4.1 Substitute bytes
Trong phn ny, ta s dng mt bng tra cu 1616 byte (gi l S-box). Bng ny
c thit lp nh sau:
Bc 1: in cc con s t 0 n 255 vo bng theo tng hng. Vy hng 0 gm cc
con s {00}, {01}, {0F} (thp lc phn). Hng 1 gm cc con s {10},
{11},, {1F}. iu ny c ngha l ti hng x ct y c gi tr {xy}
Bc 2: thay th mi byte trong bng bng gi tr nghch o trong trng GF(2
8
).
Quy c nghch o ca {00} cng l {00}
Bc 3: i vi mi byte trong bng, k hiu 8 bt l b7b6b5b4b3b2b1b0. Thay th
mi bt

bng gi tr

c tnh sau:


Vi ci l bt th i ca s {63}, tc

1111. Vic
tnh ton trn tng ng vi php nhn ma trn sau trn GF(2
8
) (B = XB C):
p
0

p
1

p
2

p
3

p
4

p
5

p
6

p
7

p
8

p
9

p
10

p
11

p
12

p
13

p
14

p
15

S
00

S
10

S
20

S
30

S
01

S
11

S
21

S
31


S
02

S
12

S
22

S
32

S
03

S
13

S
23

S
33

k
0

k
1

k
2

k
3

k
4

k
5

k
6

k
7

k
8

k
9

k
10

k
11

k
12

k
13

k
14

k
15



w
0



w
1



w
2



w
3



w
4



w
5






w
42



w
43

Expand key
142


Trong php cng thc hin nh php XOR. Hnh di trnh by ni dung
bng S-box sau khi tnh ton.
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76
1 CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0
2 B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15
3 04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75
4 09 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84
5 53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF
6 D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8
7 51 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2
8 CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73
9 60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB
A E0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79
B E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08
C BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A
D 70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E
E E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF
F 8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16

V d: xt gi tr {95}, ti bc 1, gi tr ti dng 9 ct 5 l {95}, sau bc 2 tnh
nghch o gi tr ca ny l {8A} c dng nh phn l 10001010. Thc hin
php nhn ma trn:

Kt qu di dng thp lc phn l {2A}
1 0 0 0 1 1 1 1

1 1 0 0 0 1 1 1
1 1 1 0 0 0 1 1
1 1 1 1 0 0 0 1
1 1 1 1 1 0 0 0
0 1 1 1 1 1 0 0
0 0 1 1 1 1 1 0
0 0 0 1 1 1 1 1

0

1

0

1

0

0

0

1



1

1

0

0

0

1

1

0



=



+



1

0

0

1

0

0

1

0



1

1

0

0

0

1

1

0



=



+



0

1

0

1

0

1

0

0



b
0
b
1
b
2
b
3
b
4
b
5
b
6
b
7


1 0 0 0 1 1 1 1

1 1 0 0 0 1 1 1
1 1 1 0 0 0 1 1
1 1 1 1 0 0 0 1
1 1 1 1 1 0 0 0
0 1 1 1 1 1 0 0
0 0 1 1 1 1 1 0
0 0 0 1 1 1 1 1

b
0
b
1
b
2
b
3
b
4
b
5
b
6
b
7


1

1

0

0

0

1

1

0



=



+



{95} {8A} {2A}
143

Da trn bng tra cu S-box, php bin i Substitute bytes thc hin nh sau: Mi
byte trong ma trn state S, di dng thp lc phn l {xy}, c thay th bng gi tr trong
bng S-box ti dng x ct y.


Sau y l mt v d v php substitute bytes

Php bin i ngc Inverse sub bytes:
Trc tin, ta cng phi xy dng mt bng Inverse S-box (IS-box). Ngha l nu vi
u vo {95}, S-box cho ra kt qu {2A}, th vi u vo l {2A}, IS-box s cho ra li kt
qu {95}. Vic xy dng IS-box cng ging nh xy dng S-box ti bc 1 v bc 2. Ti
bc 3, IS-box thc hin php thay th sau:


Vi di l bt th i ca s {05}, tc

11. V php nhn


ma trn tng ng l (B = YB D):

b
0
b
1
b
2
b
3
b
4
b
5
b
6
b
7


0 0 1 0 0 1 0 1

1 0 0 1 0 0 1 0
0 1 0 0 1 0 0 1
1 0 1 0 0 1 0 0
0 1 0 1 0 0 1 0
0 0 1 0 1 0 0 1
1 0 0 1 0 1 0 0
0 1 0 0 1 0 1 0

b'
0
b
1
b
2
b
3
b
4
b
5
b
6
b
7


1

0

1

0

0

0

0

0



=



+



EA
83
5C
F0
04
45
33
2D
65
5D
98
AD
85
96
B0
C5
87
EC
4A
8C
F2
6E
C3
D8
4D
4C
46
95
97
90
E7
A6
S
00

S
10

S
20

S
30

S
01

S
11

S
21

S
31


S
02

S
12

S
22

S
32

S
03

S
13

S
23

S
33

S
00

S
10

S
20

S
30

S
01

S
11

S
21

S
31


S
02

S
12

S
22

S
32

S
03

S
13

S
23

S
33


















x
y
144

Hnh di trnh by ni dung bng IS-box
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 52 09 6A D5 30 36 A5 38 BF 40 A3 9E 81 F3 D7 FB
1 7C E3 39 82 9B 2F FF 87 34 8E 43 44 C4 DE E9 CB
2 54 7B 94 32 A6 C2 23 3D EE 4C 95 0B 42 FA C3 4E
3 08 2E A1 66 28 D9 24 B2 76 5B A2 49 6D 8B D1 25
4 72 F8 F6 64 86 68 98 16 D4 A4 5C CC 5D 65 B6 92
5 6C 70 48 50 FD ED B9 DA 5E 15 46 57 A7 8D 9D 84
6 90 D8 AB 00 8C BC D3 0A F7 E4 58 05 B8 B3 45 06
7 D0 2C 1E 8F CA 3F 0F 02 C1 AF BD 03 01 13 8A 6B
8 3A 91 11 41 4F 67 DC EA 97 F2 CF CE F0 B4 E6 73
9 96 AC 74 22 E7 AD 35 85 E2 F9 37 E8 1C 75 DF 6E
A 47 F1 1A 71 1D 29 C5 89 6F B7 62 0E AA 18 BE 1B
B FC 56 3E 4B C6 D2 79 20 9A DB C0 FE 78 CD 5A F4
C 1F DD A8 33 88 07 C7 31 B1 12 10 59 27 80 EC 5F
D 60 51 7F A9 19 B5 4A 0D 2D E5 7A 9F 93 C9 9C EF
E A0 E0 3B 4D AE 2A F5 B0 C8 EB BB 3C 83 53 99 61
F 17 2B 04 7E BA 77 D6 26 E1 69 14 63 55 21 0C 7D

Nh vy php bin i Inverse sub bytes thc hin nh sau: Mi byte trong ma trn
state S, di dng thp lc phn l {xy}, c thay th bng gi tr trong bng IS-box ti
dng x ct y.
chng minh Inverse sub bytes l php bin i ngc ca Substitute bytes, ta cn
chng minh Y(XB C) D = B, ngha l YXB YC D = B. Ta c

(YXB = IB v YC = D)
Mc ch ca Substitute bytes:
+



+



=



=



1 0 0 0 1 1 1 1

1 1 0 0 0 1 1 1
1 1 1 0 0 0 1 1
1 1 1 1 0 0 0 1
1 1 1 1 1 0 0 0
0 1 1 1 1 1 0 0
0 0 1 1 1 1 1 0
0 0 0 1 1 1 1 1

b
0
b
1
b
2
b
3
b
4
b
5
b
6
b
7


1

1

0

0

0

1

1

0



0 0 1 0 0 1 0 1

1 0 0 1 0 0 1 0
0 1 0 0 1 0 0 1
1 0 1 0 0 1 0 0
0 1 0 1 0 0 1 0
0 0 1 0 1 0 0 1
1 0 0 1 0 1 0 0
0 1 0 0 1 0 1 0

0 0 1 0 0 1 0 1

1 0 0 1 0 0 1 0
0 1 0 0 1 0 0 1
1 0 1 0 0 1 0 0
0 1 0 1 0 0 1 0
0 0 1 0 1 0 0 1
1 0 0 1 0 1 0 0
0 1 0 0 1 0 1 0

1

0

1

0

0

0
0
0



1

0

1

0

0

0
0
0



1

0

1

0

0

0
0
0



b
0
b
1
b
2
b
3
b
4
b
5
b
6
b
7


b
0
b
1
b
2
b
3
b
4
b
5
b
6
b
7


+



+



1 0 0 0 0 0 0 0

0 1 0 0 0 0 0 0
0 0 1 0 0 0 0 0
0 0 0 1 0 0 0 0
0 0 0 0 1 0 0 0
0 0 0 0 0 1 0 0
0 0 0 0 0 0 1 0
0 0 0 0 0 0 0 1

{2A} {95}
145

Bng S-box dng chng li hnh thc tn cng known-plaintext. Gia input v
output ca php Substitute bytes khng th m t bng mt cng thc ton n gin.
(xem phn m khi an ton l tng trong chng 3)
9.4.2 Shift rows
Thao tc Shift rows thc hin hon v cc byte trong ma trn state theo cch thc sau:
- Dng th nht gi nguyn
- Dng th 2 dch vng tri 1 byte
- Dng th 3 dch vng tri 2 byte
- Dng th 4 dch vng tri 3 byte



Thao tc Inverse shift rows thc hin ngc li, cc dng th 2, th 3, th 4 c
dch vng phi tng ng 1 byte, 2 byte v 3 byte.
Mc ch ca Shift rows:
Xo trn cc byte to cc ct khc nhau trc khi s dng ct cho thao tc Mix
columns.
9.4.3 Mix columns
Thao tc Mix column bin i c lp tng ct trong ma trn state bng mt php
nhn a thc.
Mt ct trong ma trn state c th xem l mt a thc bc 3, v d ct 1 ca ma trn
vit di dng a thc l:


a thc trn c nhn vi a thc:
3

1 2
Trong php cng v nhn cc h s c thc hin trong trng GF(2
8
). a thc
kt qu c bc ln hn 3 (v d h s ca bc 6 l {03}s
01
), tuy nhin ta ch cn s dng 4
h s cho gi tr ct mi nn a thc kt qu s c modulo thm cho a thc

1. Bn byte h s ca

c thay th cho bn byte ban u trong ct.


S
00

S
10

S
20

S
30

S
01

S
11

S
21

S
31


S
02

S
12

S
22

S
32

S
03

S
13

S
23

S
33













146



Php nhn a thc trn c th biu din di dng php nhn ma trn nh sau:

Hnh sau l mt v d v php Mix columns


Trong php bin i ngc Inverse mix cols, mi ct ca ma trn state c nhn vi
a thc

9 v modulo cho a thc

1. Hay
vit di dng ma trn

C th d dng kim tra cc tnh cht sau trong GF(2
8
)

1 1
v

v t chng minh c Inverse mix cols l php bin i ngc ca Mix columns
Mc ch ca Mix columns:
Vic nhn mi ct vi a thc v modulo l cho mi byte trong ct kt
qu u ph thuc vo bn byte trong ct ban u. Thao tc Mix columns kt hp vi Shift
02 03 01 01

01 02 03 01
01 01 02 03
03 01 01 02
0E 0B 0D 09

09 0E 0B 0D
0D 09 0E 0B
0B 0D 09 0E
=



1 0 0 0

0 1 0 0
0 0 1 0
0 0 0 1
s
01
s
11
s
21
s
31


0E 0B 0D 09

09 0E 0B 0D
0D 09 0E 0B
0B 0D 09 0E
s
01
s
11
s
21
s
31


=



87
6E
46
A6
F2
4C
E7
8C
4D
90
4A
D8
97
EC
C3
95
47
37
94
ED
40
D4
E4
A5
A3
70
3A
A6
4C
9F
42
BC
s
01
s
11
s
21
s
31


02 03 01 01

01 02 03 01
01 01 02 03
03 01 01 02
s
01
s
11
s
21
s
31


=



S
00

S
10

S
20

S
30

S
01

S
11

S
21

S
31


S
02

S
12

S
22

S
32

S
03

S
13

S
23

S
33

S
00

S
10

S
20

S
30

S
01

S
11

S
21

S
31


S
02

S
12

S
22

S
32

S
03

S
13

S
23

S
33


147

rows m bo rng sau mt vi vng bin i, 128 bt trong kt qu u ph thuc vo tt
c 128 bt ban u. iu ny to ra tnh khuch tn (diffusion) cn thit cho m ha.
9.4.4 Add row key
Trong thao tc Add row key, 128 bt ca ma trn state s c XOR vi 128 bt ca
kha con ca tng vng. V s dng php XOR nn php bin i ngc ca Add row key
cng chnh l Add row key.
Vic kt hp vi kha b mt to ra tnh lm ri (confusion) ca m ha. S phc tp
ca thao tc Expand key gip gia tng tnh lm ri ny.
9.4.5 Expand key
Thao tc Expand key c input l 16 byte (4 word) ca kha b mt, v sinh ra mt
mng 44 word (176 byte). 44 word ny c s dng cho 11 vng m ha ca AES, mi
vng dng 4 word.
T bn word u vo w0w1w2w3, trong ln lp u tin thao tc Expand key sinh ra
bn word w4w5w6w7, ln lp th 2 t w4w5w6w7 sinh ra w8w9w10w11 , c nh th cho n
ln lp th 10 sinh ra bn word cui cng w40w41w42w43 nh hnh v bn di

Trong mi ln lp sinh ra 4 word, word u tin sinh ra theo quy tc wi = wi-4 g
vi g = SubWord(RotWord(wi-1)) Rcon[i/4]. Ba word tip theo sinh ra theo quy tc wi =
wi-4 wi-1. Sau y chng ta s tm hiu cc hm SubWord, RotWord v mng Rcon.
RotWord: dch vng tri mt byte. Gi s word u vo c 4 byte l [b0, b1, b2, b3]
th kt qu ca RotWord l [b1, b2, b3, b4].
SubWord: thay th mi byte trong word u vo bng cch tra cu bng S-box trong
thao tc Substitute Bytes.
k
0

k
1

k
2

k
3

k
4

k
5

k
6

k
7

k
8

k
9

k
10

k
11

k
12

k
13

k
14

k
15

w
0
w
1
w
2
w
3

w
4
w
5
w
6
w
7






g
w
8
w
9
w
10
w
11






g
If i mod 4 = 0:
g = SubWord(RotWord(wi-1)) Rcon[i/4]
wi = wi-4 g
If i mod 4 = 0:
wi = wi-4 wi-1
148

Rcon: l mt mng hng s. Mng ny gm 10 word ng vi 10 vng AES. Bn byte
ca mt phn t Rcon[ j] l (RC[ j], 0, 0, 0) vi RC[ j] l mng 10 byte nh sau:
j 1 2 3 4 5 6 7 8 9 10
RC[ j] 1 2 4 8 10 20 40 80 1B 36
(RC[ j] = RC[ j-1]*2 vi php nhn thc hin trong GF(2
8
)
Mc ch ca Expand key: dng chng li known-plaintext attack
- Bit mt s bt ca kha hay kha con cng khng th tnh cc bt cn li.
- Khng th tnh ngc: bit mt kha con cng khng th tnh li cc kha con
trc .
- Tnh khuch tn: mt bt ca kha chnh tc ng ln tt c cc bt ca cc kha
con.
9.4.6 Kt lun
Phng php m ha AES n gin, c th thc hin hiu qu trn cc vi x l 8 bt
(dng trong smartcard) cng nh trn cc vi x l 32 bt, ch dng php XOR v php
Shift bt. y chnh l yu t c bn phng php ny c chn lm chun m ha ca
Hoa K.
M ha AES cn c 1 s bin th khc cho php chiu di ca kha c th l 192 bt
v 256 bt. Nu kha l 192 bt th kch thc kha m rng l 52 word 4 byte v do
AES thc hin 12 vng, nu kha l 256 bt th kch thc kha m rng l 60 word v
AES thc hin 14 vng.



149

CHNG 10.M HA NG CONG ELLIPTIC

Trong chng 4 v m ha kha cng khai, chng ta tm hiu phng php m
ha RSA v phng php trao i kha Diffie-Hellman. RSA dng hm mt chiu l php
phn tch mt s ln thnh tch hai tha s nguyn t. Diffie-Hellman dng hm mt chiu
l hm logarit ri rc. Trong chng ny chng ta tip tc tm hiu mt loi hm mt chiu
khc da trn s hc Elliptic. T chng ta s xy dng mt phng php m ha ng
cong Elliptic (ECC) v phng php trao i kha phin ECDiffie-Hellman. i vi
phng php RSA, bo m an ton, chng ta phi chn s N ln (1024 bt), iu ny
khin cho RSA thc hin chm. M ha ECC gii quyt vn ny khi dng cc tham s
c kch thc ngn hn (168 bt) tuy nhin vn m bo an ton nh RSA 1024 bt.
10.1 ng cong Elliptic trn s thc
ng cong Elliptic l ng cong c dng:


Trc khi kho st th ca ng cong Elliptic, chng ta xem li ng bc 3 sau:


Nu n iu tng.
Nu c 4 trng hp sau: t 4

27




T chng ta c cc trng hp sau y ca ng cong Elliptic (khng s dng
trng hp =0 v lc ny ng cong b gy):


Hnh di minh ha hai ng cong Elliptic

1



150


Trong ng cong Elliptic, chng ta nh ngha thm mt im O (im v cc).
Gi E(a, b) l tp cc im thuc ng cong

cng vi im O. ta
nh ngha php cng trn tp cc im thuc E(a, b) nh sau:
1) im O l phn t n v ca php cng. Nh vy vi
. Trong phn tip theo, ta gi nh .
2) Phn t nghch o ca im P trong php cng, k hiu P, l im i xng vi
P qua trc honh, nh vy
3) Vi 2 im P, Q bt k, k mt ng thng i qua P v Q th s ct ng cong
Elliptic ti mt im th 3 l im S. Php cng P v Q s l

Trong trng hp P v Q i xng qua trc honh, hay ni cch khc
th ng thng ni P, Q s ct ng cong Elliptic ti v cc, hay
. iu ny ph hp vi nh ngha 2.
4) tnh , ta v ng thng tip tuyn vi ng cong Elliptic ti P, ng
thng ny ct ng cong ti im S, lc



P
R = P+P
-R

P
Q
R= P+Q= -S
S
P
Q
R= P+Q= -S
S

P
Q

1
0
-1
1
-1 1
151

C th thy, tp E(a, b) cng vi php cng nh ngha nh trn to thnh mt nhm
Abel
Tnh gi tr ca php cng:
Gi ta ca im

, ca im

. Ta tnh ta im
nh sau:
t h s gc ng thng l A:


a tnh c:



Chng minh:
ngn gn, k hiu

. Ta c:

(1)

(2)

(3)

(im S thuc ng thng ni P v Q) (4)


Thay (4) vo (3):


Thay

vo phng trnh trn, ta c:

(5)
Ly (2) tr cho (1) ta c:

(6)
Thay (6) vo (5) ta c:


Hay ni cch khc

, t ta c pcm.

Tng t, thc hin tnh ta ca im , khi

ta c:
152

(
3

(
3



Chng minh:
Khng mt tng qut xt mt na ng cong elliptic:


Gi A l h s gc ca tip tuyn vi ng cong elliptic ti im P, nh vy:


1
2
3


Tng t nh trong cch tnh ta cng c phng trnh (5), trong
(x3, y3) l ta im S:


Vy ta c:

v t suy ra pcm.

10.2 ng cong Elliptic trn trng Zp.
ng cong Elliptic trn trng Zp l ng cong c cc h s thuc trng Zp,
ng cong ny c dng:


V d trong trng Z23, chn 1 1 9 7 ta c:
7

23 9

9 1 23
49 23 739 23 3
Khc vi ng cong Elliptic trong trng s thc, chng ta khng th biu din
ng cong Elliptic Zp bng th hm s lin tc. Bng bn di lit k cc im (x, y)
ca ng cong trong trng Z23 vi a=1, b=1:

(0, 1) (6, 4) (12, 19)
(0, 22) (6, 19) (13, 7)
(1, 7) (7, 11) (13, 16)
(1, 16) (7, 12) (17, 3)
(3, 10) (9, 7) (17, 20)
(3, 13) (9, 16) (18, 3)
(4, 0) (11, 3) (18, 20)
153

(5, 4) (11, 20) (19, 5)
(5, 19) (12, 4) (19, 18)

Cng tng t nh khi nim i xng qua trc honh ca ng cong Elliptic s
thc, ng cong Elliptic Zp cng i xng theo ngha i xng modulo. Gi s im (x, y)
thuc ng cong Elliptic Zp trn th im (x, p - y) cng thuc ng cong trn v:


V d (1, 7) i xng vi (1, 16) v 7+16 = 0 mod 23. Hnh v bn di minh ha
tnh i xng ny.
















Cc im i xng vi nhau qua ng y = 11.5 . Ring im (4, 0) xem nh l i
xng vi chnh n.
Cng tng t nh nhm Abel nh ngha trn ng cong Elliptic s thc,
chng ta cng nh ngha mt nhm Abel

gm cc im ca ng cong Elliptic
Zp cng vi im v cc O.
1) im O l phn t n v ca php cng. .
2) Phn t nghch o ca im P trong php cng, k hiu P, l im i xng vi
P, nh vy
3) Vi 2 im P, Q bt k, php cng c xc nh bng cng thc:


Trong :
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

22
21
20
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
0

154


{


(
3

)


Ch rng khi nim k ng thng khng cn p dng trong ng cong Elliptic
Zp. Do , vi cch tnh trn, ta cn chng minh tnh ng, tc

l im thuc
ng cong. Xt trng hp :

(1)

(2)

(3)

(x3, y3 l ta im S) (4)
Ta cn chng minh (x3, y3) thuc ng cong, ngha l:

(5)
V p l s nguyn t nn tn ti phn t nghch o ca

trong php modulo


p. Do (5) tng ng vi:

(6)
chng minh (6), ly (2) tr cho (1) ta cng c:

(7)
T (3) ta c:


Thay (7) vo phng trnh trn ta c:


Vy (6) ng, ngha l im

thuc ng cong, do

cng
thuc ng cong. Chng minh tng t cho trng hp .

V d: trong

11, chn P = (3,10), Q=(9,7), vy:


23

23 24 23 11

11

3 9 23 17
155

113 17 1 23 2
(17, 20) l im thuc ng cong

11
10.3 ng cong Elliptic trn trng GF(2
m
).
ng cong Elliptic trn trng GF(2
m
) l ng cong c cc h s thuc trng
GF(2
m
), ng cong ny c dng hi khc so vi trn Zp:



ng cong

trn trng s thc


By gi chng ta s xt tp

gm cc im trn ng cong Elliptic ny


cng vi im v cc O.
V d, xt trng GF(2
4
) vi a thc ti gin l

1. Phn t sinh g
ca trng ny c iu kin

1 . Bng cc ly tha ca g l:
Biu din
ly tha
a thc trong
GF(2
3
)
S nh
phn
Biu din
ly tha
a thc
trong GF(2
3
)
S nh
phn
0 0 0000 g
7
g
3
+g+1 1011
g
0
1 0001 g
8
g
2
+ 1 0101
g
1
g 0010 g
9
g
3
+ g 1010
g
2
g
2
0100 g
10
g
2
+g+1 0111
g
3
g
3
1000 g
11
g
3
+ g
2
+g 1110
g
4
g+1 0011 g
12
g
3
+ g
2
+g+1 1111
g
5
g
2
+ g 0110 g
13
g
3
+ g
2
+ 1 1101
g
6
g
3
+ g
2
1100 g
14
g
3
+ 1 1001

Xt v d v ng cong Elliptic trn GF(2
4
):

1
Bng bn di lit k cc im thuc ng cong ny
(0, 1) (g
5
, g
3
) (g
9
, g
13
)
(1, g
6
) (g
5
, g
11
) (g
10
, g)
(1, g
13
) (g
6
, g
8
) (g
10
, g
8
)
(g
3
, g
8
) (g
6
, g
14
) (g
12
, 0)
(g
3
, g
13
) (g
9
, g
10
) (g
12
, g
12
)

Tng t nh nhm Abel

, chng ta cng xy dng mt nhm Abel

gm cc im ca ng cong Elliptic GF(2


m
) cng vi im v cc O.
1) im O l phn t n v ca php cng. .

156

2) Phn t nghch o ca im P trong php cng, k hiu P, l im i xng vi
P, k hiu P


3) Vi 2 im P, Q bt k (P= Q) php cng c xc nh bng cng
thc:


Trong :


4) php cng c xc nh bng cng thc:


Trong :


10.4 ng cong Elliptic trong m ha - ECC
i vi m ha ng cong Elliptic, chng ta xy dng hm mt chiu nh sau:
Trong nhm Abel

xy dng t ng cong Elliptic Zp, xt phng trnh:


(im Q l tng ca k im P, k < p)
Cho trc k v P, vic tnh Q thc hin d dng. Tuy nhin nu cho trc P v Q,
vic tm ra k l cng vic kh khn. y chnh l hm logarit ri rc ca ng cong
Elliptic. V d:
Xt nhm

917 vi phng trnh :

23

9 7 23


Cho im P=(16, 5), Q=(4, 5), chng ta ch c cch l vt cn cc gi tr ca k t 2
n p-1 tm ra k:
165 2 22 3 1414 4 192 5 131
6 73 7 87 8 1217 9 45
V 9P = Q nn ta xc nh c k = 9. Trong thc t chng ta s s dng ng cong
Elliptic Zp vi gi tr p ln, sao cho vic vt cn l bt kh thi. Hin nay ngi ta tm ra
phng php tm k nhanh hn vt cn l phng php Pollar rho.
Da vo hm mt chiu trn chng ta c 2 cch s dng ng cong Elliptic trong
lnh vc m ha l trao i kha EC Diffie-Hellman v m ha EC.
10.4.1 Trao i kha EC Diffie-Hellman
Trong chng 4 chng ta tm hiu vn trao i kha Diffie-Hellman da trn
tnh mt chiu ca hm logarit ri rc. Trong phn ny chng ta cng xem xt mt phng
thc trao i kha tng t dng hm mt chiu ca ng cong Elliptic.
Trc tin ta chn mt s nguyn q ln, vi q l s nguyn t (nu s dng ng
cong Elliptic Zp) hoc q c dng 2
m
(nu chn ng cong GF(2
m
)), v chn 2 tham s a, b
tng ng to thnh nhm

. Ta gi G l im c s ca nhm nu tn ti mt s
nguyn n sao cho . S nguyn n nh nht nh vy c gi l hng ca G.
157

Trong trao i kha EC Diffie-Hellman, ta chn mt im G c hng n ln, v giao
thc trao i kha gia Alice v Bob tin hnh nh sau:
1) Alice chn mt s

v gi b mt s

ny. Sau trong

Alice
tnh

v gi

cho Bob.
2) Tng t Bob chn mt s b mt

, tnh

v gi

cho Alice.
3) Alice to kha phin b mt l


4) Bob to kha phin b mt l

(nhm Abel c
tnh giao hon) ging vi kha ca Alice.
Trudy c th chn c

, tuy nhin ch c th tnh c:


tnh c

, Trudy phi tm c

. Tuy nhin
iu ny l bt kh thi nh ta thy phn trn.
Ch : kha phin K l mt im trong ng cong Elliptic, s dng kha ny cho
m ha i xng nh DES hay AES, ta cn chuyn K v dng s thng.
10.4.2 M ha v gii m EC
Tng t nh vn trao i kha, trong vn m ha/gii m, ta cng chn cc
tham s to mt nhm Abel

v chn mt im c s G c hng n ln.


Cc thnh phn kha kha ring v cng khai trong m ha EC c nh ngha nh
sau:


Trong v vi d l mt s b mt do ngi sinh kha chn. Do tnh
cht ca hm mt chiu t E v G khng th suy ra c d.
T chng ta c hai cch thc thc hin m ha/ gii m nh sau:
1) Phng php Elgamal:
Gi s Alice mun gi mt thng ip M cho Bob, trc tin Alice chuyn M t
dng dy bt sang dng im PM =(x, y). Bn m CM (dng kha cng khai ca Bob) c
tnh l mt cp im nh sau:

vi k l mt s ngu nhin do Alice chn


gii m dng kha ring, Bob s nhn im th nht trong CM
vi d, sau ly
im th hai tr cho kt qu:


Trong phng thc m ha, Alice che giu PM bng cch cng PM
vi kE. gii
m, Bob cn tr ra li kE. Thay v gi trc tip k cho Bob Bob tnh kE (Trudy c th
chn c), Alice gi mt du hiu l kG . Da vo kG v d, Bob c th tnh kE. Cn
Trudy, d bit G v kG, tuy nhin vn khng th tnh c k do tnh cht ca hm mt
chiu.
V d: chn p = 751, a = 1, b = 188 ta c ng cong Elliptic trn Z
751
nh sau

751

188 751


158

Chn im c s l G =(0, 376).
Gi s Alice cn m ha bn r l im PM = (562, 201) dng kha cng khai E =
(201, 5). Alice chn k = 386. Ta c:
386(0, 376) = (676, 558)
(562,201) + 386(201, 5) = (385, 328)
Vy bn m l cp im { (676, 558), (385, 328) }
2) Phng php Menezes - Vanstone:
Thng ip M ca Alice c tch thnh hai phn M=(m1, m2) sao cho m1, m2 e Zp.
Alice chn mt s ngu nhin k, kt hp vi kha cng khai ca Bob, Alice tnh im P
nh sau:


Bn m CM gm ba thnh phn:


gii m dng kha ring, t du hiu kG, Bob tnh:


v t tnh nghch o ca

trong php modulo p. Cui cng, bn


gii m l:


Tng t nh phng php Elgamal, d bit G v kG, Trudy cng khng th tnh
c k tnh P.
10.4.3 an ton ca ECC so vi RSA
Hin nay, phng php nhanh nht tnh logarit ng cong Elliptic (tnh k bit G
v kG) l phng php Pollar rho. Bng sau y lit k kch thc kha ca phng php
ECC v phng php RSA da trn s tng ng v chi ph ph m.

M ha i xng
(s bt ca kha)
M ha ECC
(s bt ca n)
M ha RSA
(s bt ca N)
56 112 512
80 160 1024
112 224 2048
128 256 3072
192 384 7680
256 512 15360

Nh vy vi cng mt an ton th m ha ECC ch dng cc php tnh c s bt
nh hn nhiu ln so vi m ha RSA.
10.5 Chun ch k in t (Digital Signature Standard DSS)
Trong chng 5, chng ta tm hiu v cch s dng hm hash cng vi m ha
RSA to ch k in t. Hnh bn di trnh by li m hnh ny:
159


DSS l mt cch thc hin ch k in t khc c xut vo nm 1991. Khc
vi RSA, DSS khng th dng m ha hay trao i kha. Tuy nhin v c bn DSS
cng thuc lnh vc kha cng khi. M hnh thc hin ca DSS c minh ha trong hnh
bn di.

Phng php DSS cng dng hm Hash. k l mt s ngu nhin do bn gi t chn.
K
UG
l mt tp cc tham s cng khai s dng chung cho tt c cc bn. Th tc Sign s
dng kha b mt cho ra ch k gm hai tham s s v r. Th tc Verify s dng kha
cng khai cho ra mt thng s. Thng s ny c so snh vi r kim tra ch k. Chi
tit ca th tc Sign v Verify c gi l thut ton k (Digital Sinature Algorithm
DSA), c trnh by trong phn tip theo.
DSA cng s dng hm mt chiu l php logarith ri rc nh c dng trong trao
i kha Diffie-Hellman. Tuy nhin cch thc thc hin th theo s Elgamal-Schnor. S
ny gm cc thng s nh sau:
- Thng s cng khai ton cc (K
UG
):
- p l s nguyn t, 2

512 124 v L chia ht cho


64. (ngha l s bt ca p t 512 n 1024 v chia ht cho 64)
- q l mt tha s nguyn t ca p-1, q c chiu di 160 bt
-

vi h l s nguyn bt k trong khong (1, p-1) v

1.
- Kha ring ca ngi gi (K
RA
): l s ngu nhin 1
M
Tnh
Hash

M
HA
So snh
Bn gi Bn nhn
Sign

s
Verify
M
k
B sinh kha
Tnh Hash

HB
KRA
KUG
r
KUA KUG
M
Tnh Hash

M
HA
So snh
Bn gi Bn nhn
M ha

DS
Gii m
M
KRA
KUA
B sinh kha
HA
Tnh Hash

HB
DS: Data signature ch k in t
160

- Kha cng khai ca ngi gi (K
UA
):

. Do tnh mt chiu ca
logarith ri rc t y, g v p khng th tnh li kha ring x
- S ngu nhin 1
- Hm Sign:
- 1

.
- 2

M l thng ip cn gi,
H l hm SHA-1
- Output ca hm Sign l cp (r, s) ng vai tr l ch k in t
- Hm Verify (s , r, M l cc gi tr ngi nhn nhn c):
- 3

.
- 1 []
- 2
- Output ca hm verify: 4

]
- c so snh vi , nu khp th M = M chnh l thng ip ca ngi gi.
Chng ta c th biu din li hm Sign v Verify trn bng hnh bn di:



M
Tnh
Hash

f2

p q g
a) Qu trnh k
x q
f1

r
k
s
M
Tnh
Hash

f3

p q g
q
f4

r'
s'
v
b) Qu trnh kim tra
so snh
161

CHNG 11.MT S VN AN TON BO MT

11.1 Giu tin trong nh s
Tng t nh m ha - cryptography, giu tin - steganography cng l mt cch
thc nhm che giu thng tin cho ngi ngoi khng nhn bit. Cch thc hin ca m
ha l bin i d liu thnh mt dng khng nhn ra, cn cch thc hin ca giu tin l s
dng mt vt mang, sau a thng tin vo vt mang ny nhm che giu thng tin, ngi
khc khng nhn bit c l c thng tin trong vt mang . Phn ny trnh by mt k
thut giu tin n gin, trong vt mang l mt nh Bitmap. Tn gi ca k thut ny l
LSB (Least Significant Bit).
Trn my tnh, mt tm nh c biu din di dng mt ma trn 2 chiu cc im
nh. Mi im nh mang mt gi tr mu sc xc nh (xanh, , vng,). Tp hp cc gi
tr mu sc ca cc im nh ny to nn cm nhn ca con ngi v ni dung tm nh.
y chng ta ch xem xt mt nh dng nh Bitmap ph bin l nh dng RGB
24 bt, tc mi im nh l mt gi tr 24 bt ca 3 mu (R), xanh l (G), v xanh lam
(B), mi mu 8 bt. S kt hp 3 mu ny to thnh mu sc mong mun. Nh vy mi
mu c 255 gi tr biu din mc ng gp ca mu vo mu sc cui cng. V d:
R=255: mu sc c hm lng cao (, ti, cam, hng )
R=0: mu sc khng c hm lng (xanh, xanh da tri, xanh l, xanh l)
G=255: mu sc c hm lng xanh l cy cao.
Bng di l v d mt s mu sc kt hp t 3 mu R,G,B:
(R, G, B) Mu
255, 0, 0
0, 255, 0 Xanh l
0, 0, 255 Xanh lam
0, 0, 0 en
255, 255, 255 Trng
255, 255, 0 Vng
128, 0, 0 sm
255, 128, 0 Cam

Mi mu R, G, B c biu din bi 8 bt, do nu ta thay i bt cui cng (bt
th 8, least significant bit) th gi tr mu ch thay i mt n v, v d: 255254, 198
199, 2524, 7273,Vic thay i ny c tc ng rt t n mu sc cui cng m mt
ngi khng phn bit c. y l c im chnh tin hnh giu tin vo nh bitmap,
1 bt d liu c giu vo 8 bt mu. V d:
Gi tr mu R Bt giu Mu kt qu
00110001 (25)
0 00110000 (24)
1 00110001 (25)
01001000 (72)
0 01001000 (72)
1 01001001 (73)
162

Mt im nh c th giu c 3 bt d liu. Do , mt tm nh RGB 24 bt kch
thc c th giu c 38 byte d liu.
D nhin cch giu tin nh trn l rt n gin, nu ngi ngoi bit c quy tc
giu th c th do ra ni dung c giu. Trong thc t, ngi ta dng mt kha b mt v
da trn kha ny la chn ra mt s im nh dng cho vic giu tin m thi.
Ngoi nh s, m thanh cng c th dng giu tin v con ngi cng khng th
pht hin ra nhng s thay i nh trong tn hiu m thanh.
11.2 Li phn mm
Cc phn mm lun lun c li. Nhng li ny lm cho phn mm hot ng khng
nh mun ngi dng. Tu h cnh Mars Lander ca NASA m vo sao Ha do li
phn mm trong vic chuyn i t n v o Anh sang n v metric. Li trong phn
mm qun l hnh l khin sn bay Denver khai trng mun 11 thng vi thit hi 1 triu
USD/ngy. Trong phn ny chng ta quan tm n mt s loi li phn mm m hacker c
th li dng xm nhp h thng thc hin cc hnh vi ph hoi.
11.2.1 Trn b m (Buffer Overflow)
Li trn b m thng xy ra i vi loi d liu mng, khi d liu nhp vo vt
qu kch thc mng. V d chng trnh sau:
void checkserial() {
char sn[16];
scanf(%s, sn);
}
int main() {
checkserial();
int i= 7;
return 0;
}
Khi hm main() gi hm checkserial(), trc tin a ch ca lnh i= 7 s
c push vo stack sau khi hm checkserial thc hin xong th my tnh c th thi
hnh tip lnh i= 7. Sau , my tnh dnh tip 16 byte trong stack cho mng sn. Hnh
sau minh ha tnh trng b nh.
163


Sau khi hm checkserial thc hin xong, lnh RET s np li gi tr 128 ti a ch
401 trong stack vo con tr lnh IP quay v li lnh i= 7.
Nu trong hm checkserial, ngi s dng nhp vo chui t hn 16 k t th
chng trnh hot ng bnh thng, tuy nhin nu ngi s dng nhp vo chui 16 k t
tr ln th lc ny nh 401 s b bi k t th 16, tnh trng trn b m xy ra. Lc
ny khi lnh RET ca hm checkserial thc hin, con tr lnh IP s c 1 gi tr khc
ch khng phi l 128, do lnh i= 7 s khng c thc hin. Hacker c th li dng
iu ny tin hnh cc hot ng ph hoi. Xt chng trnh c th sau:
void checkserial() {
char sn[16];
printf(\nEnter a serial number\n);
scanf(%s, sn);
if (!strncmp(sn, S123N456, 8)) {
printf(Serial number is correct);
}
}
int main() {
checkserial();
int i=7;
return 0;
}
Mc ch ca chng trnh trn l khi ngi dng nhp vo chui S123N456 th
chng trnh s in ra cu Serial number is correct, nu khng th khng in g c.

checkserial()
i=7
ret


scanf(%s,sn)
ret






128
120
128
132


200
300


3F0

400
401
hm main()
hm checkserial()
Code segment
Stack segment
Vng nh
cho bin sn
IP
SP
P
164

Li dng li trn b m hacker s tm cch nhp vo mt chui g (khc
S123N456) m chng trnh vn in ra cu Serial number is correct. Chng ta s minh
ha cch thc thc hin bng chng trnh OllyDebugger.

Hnh trn minh ha hm main c np vo b nh. Ti a ch 0040130C l lnh
gi hm checkserial, ti a ch 00401311 l lnh thc hin lnh i= 7. Khi thc
hin lnh gi hm checkserial th tnh trng ca Stack segment nh sau:

165

a ch quay v hm main (ti lnh i=7) 00401311 c a vo stack ti a ch
0022FF2C. Mng sn c cp 16 byte bt u ti a ch 0022FF10 n a ch 0022FF1F
(t 0022FF20 n 0022FF2B , gm 12 byte, b trng). Do khi thc hin hm scanf, nu
ngi dng nhp vo 32 k t, th cc k t th 29, 30, 31, 32 s ln a ch quay v
00401311 to thnh mt a ch quay v mi. Hacker c th la chn gi tr nhp vo sao
cho a ch quay v l theo ca hacker. Gi s hacker mun in ra cu Serial number is
correct, hacker c th chn gi tr nhp vo sao cho a ch quay v l 004012D4 (nu
biu din bng k t ASCII, 40: @; D4: ;12: Ctrl+R). Do hacker s nhp vo chui
sau:
AAAAAAAAAAAAAAAAAAAAAAAAAAAA^R@
Lc ny tnh trng b nh stack s l:

(41 l m ASCII ca k t A)
nh 0022FF2C trong stack by gi c gi tr 004012D4. Do , sau khi hm
checkserial thc hin xong th lnh RETN (ti nh 004012E1) s khng nhy n lnh i=
7 ca hm main na m nhy n lnh in cu Serial number is correct ti nh
004012D4. Lnh ny in ra mn hnh nh bn di.
166


Lu : C th thc hin kt qu nh trn m khng cn bit source code, ch cn
dng chng trnh debug. Source code phn trn mang tnh cht minh ha.
Nu sn l mt mng di vi trm k t th hacker c th chn vo mt on lnh ph
hoi (shell code - trong v d trn ta n gin ch nhp cc k t A) v sau thi hnh
on lnh ph hoi ny. y chnh l cch thc m su Code Red vo nm 2001 s
dng ly nhim vo hn 750.000 my tnh trn khp th gii, da vo mt li buffer
overflow trong phn mm Microsoft IIS.
11.2.2 Chn cu lnh SQL (SQL Injection)
Trong cc phn mm ng dng s dng c s d liu quan h nh Oracle, SQL
Server, MySql, cc phn mm thng s dng cu truy vn SQL (Structure Query
Language) gi yu cu thao tc d liu n h qun tr CSDL. H qun tr CSDL x l
cu SQL v gi tr li d liu kt qu cho phn mm.



Khc vi ngn ng lp trnh, cu SQL khng c bin dch sn. Ch khi no phn
mm ng dng to cu SQL v gi cho H qun tr CSDL th lc H qun tr CSDL
mi bin dch v thc hin cu SQL. Trong qu trnh to cu SQL, phn mm ng dng
thng s dng tham s do ngi dng nhp vo. y chnh l c im m hacker c th
li dng, tin hnh thay i cu SQL theo ring ca hacker.
minh ha, chng ta xt chc nng ng nhp m hu ht cc phn mm u c.
qun l ngi dng, ngi lp trnh to mt table Users trong c s d liu nh sau (v
d dng h qun tr SQL Server).
username password email
admin tu8a9xk admin@xyz.com
nam 34bux8kt nam@xyz.com
son krt87ew son@xyz.com
cho php ngi dng ng nhp, ngi lp trnh thit k mt form nh sau (v d
dng C# v ADO.NET).

Phn mm
ng dng
H Qun
tr CSDL
Cu SQL
Kt qu
167

V x l s kin nhn nt Login nh sau:
private void btnLogin_Click(object sender, EventArgs e)
{
string sql = " SELECT * FROM Users " +
" WHERE Username = '" + txtUser.Text + "' AND " +
" Password = '" + txtPass.Text + "'";
SqlCommand cmd = new SqlCommand(sql, strConnect);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read()){
// login ok
}
else{
// login failed
}
dr.Close();
}
Nu ngi dng nhp vo user l admin v password l abc th cu SQL l:
SELECT * FROM Users WHERE Username=admin AND Password=abc
Cu SQL ny hot ng bnh thng theo ng ngi lp trnh. Tuy nhin nu
hacker nhp vo user l admin -- v b trng password th cu SQL tr thnh:
SELECT * FROM Users WHERE Username=admin -- AND Password=
Trong SQL Server du ngha l ch thch. Nh vy cu SQL trn cho ra kt qu l
mt record c username l admin. iu ngha l hacker ng nhp vi quyn admin m
khng cn bit password.
y du v du -- m hacker nhp vo lm thay i cu trc cu SQL m
ngi lp trnh khng ng ti.
Nu hacker nhp user l ; DELETE FROM Users -- th cu SQL tr thnh:
SELECT * FROM Users WHERE Username=; DELETE FROM Users -- AND Password=
By gi c hai cu SQL, cu th nht truy xut bng Users v cu th 2 xa ton b
bn Users, chng trnh b kha khng ng nhp c.
Xt v d th 2, gi s chng trnh trn l chng trnh bn hng, trong c s d
liu c table Products nh sau:
ProductID PName PDescription
1 HTC Wildfire Android, camera 5.0, 3G, Wifi, GPS
2 Samsung Omnia Windows Mobile, Wifi, GPS, FM Radio
3 Motorola Milestone Android 2.2, camera 8.0, HDMI

Trong phn mm, chng ta c mt mn hnh tm kim sn phm theo tn nh sau:
168



Gi s cu SQL tm kim c xy dng nh sau:
string sql = " SELECT ProductID, PName, PDescription FROM Products " +
" WHERE PName like '%" + txtName.Text + "%'";
Nu hacker nhp vo textbox t tm kim l:
aaa UNION SELECT 0, Username, Password FROM Users --
th cu SQL to thnh nh sau:
SELECT ProductID, PName, PDescription FROM Products
WHERE Pname like %aaa
UNION SELECT 0, Username, Password FROM Users --%
iu c ngha l danh sch cc ngi dng cng vi password s c lit k vo
danh sch nh hnh bn di:


chng li tn cng SQL Injection, chng ta s dng 2 cch:
X l cc k t t bit nh du trong d liu nhp trc khi to cu SQL
S dng parameter truyn tham s cho cu SQL.
11.2.3 Chn cu lnh script (Cross-site Scripting XSS)
Ba yu t c bn to nn mt trang web l HTML, CSS v JavaScript. Trong
JavaScript l mt dng ngn ng lp trnh. JavaScript lm cho trang web linh ng hn,
gip nh pht trin trang web c th tin hnh mt s x l ngay ti trnh duyt (client-
side) hn l phi x l ti webserver (server-side).
JavaScript l mt ngn ng lp trnh dng script, ngha l chng khng c bin
dch trc. Khi trnh duyt download trang web, lc ny Javascript mi c bin dch v
thc hin (ging nh cu lnh SQL, cng ch c bin dch lc thi hnh). iu ny to c
169

hi cho hacker c th chn cc cu lnh javascript c hi vo trang web cng tng t
nh chn cc truy vn c hi vo cu SQL. Chng ta xem xt mt v d n gin minh
ha cch thc thc hin ca phng php tn cng ny.
Gi s c mt website cho php ngi duyt post bnh lun (comment), c s d liu
lu tr bnh lun l bng Comments sau:
CommentID DatePost Email Content
1 12/05/10 admin@xyz.com This is a cool website!
2 15/06/10 nam@xyz.com Excellent!!!
3 21/07/10 son@xyz.com 5-stars website!
Ngi lp trnh web thit k mt trang web post bnh lun nh sau:

Dng ngn ng lp trnh web, ngi lp trnh to mt trang HTML hin th cc
bnh lun nh sau:
<html>
<head> <title> Bnh lun </title> </head>
<body>
<h2>CC KIN CA BN C </h2>
<div>
<h3>admin@xyz.com</h3>
<p> This is a cool website! </p>
</div>
<div>
<h3>nam@xyz.com</h3>
<p> Excellent!!! </p>
</div>
<div>
<h3>son@xyz.com </h3>
<p> 5-stars website! </p>
</div>
</body>
</html>
Trang HTML trn hin th nh hnh bn di theo ng mun ngi lp trnh

170

Tuy nhin nu nam@xyz.com l mt hacker, v nam@xyz.com nhp mt comment
nh sau:
Excellent!!! <script type="text/javascript"> alert("I'm hacker"); </script>
Th trang HTML tr thnh:
<html>
<head> <title> Bnh lun </title> </head>
<body>
<h2>CC KIN CA BN C </h2>
<div>
<h3>admin@xyz.com</h3>
<p> This is a cool website! </p>
</div>
<div>
<h3>nam@xyz.com</h3>
<p> Excellent!!! <script type="text/javascript">
alert("I'm hacker"); </script>
</p>
</div>
<div>
<h3>son@xyz.com </h3>
<p> 5-stars website! </p>
</div>
</body>
</html>
Lc ny on <script type="text/javascript"> alert("I'm hacker"); </script> khng
cn l ni dung bnh lun na m bin thnh mt on JavaScript c th thc hin cc lnh
m ngi lp trnh khng mong mun.

Hay hacker c th g vo mt comment nh sau:
Excellent!!! <IMG src=http://hackerurl.com/hack.php />
Khi hin th trang trnh duyt thy c th IMG nn s truy xut a ch
http://hackerurl.com/hack.php. y l mt website cha m c ca hacker.
chng li li chn cu lnh script, chng ta cn kim tra k d liu nhp vo, nu
gp nhng k t nh < v >, cn chuyn chng sang dng &lt; v &gt;
11.3 Bi tp thc hnh
1. Vit chng trnh giu tin trong nh bitmap theo giao din bn di:
171



2. Vit chng trnh v thc hin tn cng buffer overflow nh trong phn 2.1

172

PH LC 1
Chi Tit cc S-box ca m ha DES










































0 1 2 3 4 5 6 7 8 9 A B C D E F
0 F 1 8 E 6 B 3 4 9 7 2 D C 0 5 A
1 3 D 4 7 F 2 8 E C 0 1 A 6 9 B 5
2 0 E 7 B A 4 D 1 5 8 C 6 9 3 2 F
3 D 8 A 1 3 F 4 2 B 6 7 C 0 5 E 9

b
1
b
2
b
3
b
4

b
0
b
5

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 7 D E 3 0 6 9 A 1 2 8 5 B C 4 F
1 D 8 B 5 6 F 0 3 4 7 2 C 1 A E 9
2 A 6 9 0 C B 7 D F 1 3 E 5 2 8 4
3 3 F 0 6 A 1 D 8 9 4 5 B C 7 2 E

b
1
b
2
b
3
b
4

b
0
b
5

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 2 C 4 1 7 A B 6 8 5 3 F D 0 E 9
1 E B 2 C 4 7 D 1 5 0 F A 3 9 8 6
2 4 2 1 B A D 7 8 F 9 C 5 6 3 0 E
3 B 8 C 7 1 E 2 D 6 F 0 9 A 4 5 3

b
1
b
2
b
3
b
4

b
0
b
5

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 A 0 9 E 6 3 F 5 1 D C 7 B 4 2 8
1 D 7 0 9 3 4 6 A 2 8 5 E C B F 1
2 D 6 4 9 8 F 3 0 B 1 2 C 5 A E 7
3 1 A D 0 6 9 8 7 4 F E 3 B 5 2 C

b
1
b
2
b
3
b
4

b
0
b
5

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 E 4 D 1 2 F B 8 3 A 6 C 5 9 0 7
1 0 F 7 4 E 2 D 1 A 6 C B 9 5 3 8
2 4 1 E 8 D 6 2 B F C 9 7 3 A 5 0
3 F C 8 2 4 9 1 7 5 B 3 E A 0 6 D

b
1
b
2
b
3
b
4

b
0
b
5

DES S-box 1
DES S-box 2
DES S-box 3
DES S-box 4
DES S-box 5
173




































0 1 2 3 4 5 6 7 8 9 A B C D E F
0 C 1 A F 9 2 6 8 0 D 3 4 E 7 5 B
1 A F 4 2 7 C 9 5 6 1 D E 0 B 3 8
2 9 E F 5 2 8 C 3 7 0 4 A 1 D B 6
3 4 3 2 C 9 5 F A B E 1 7 6 0 8 D

b
1
b
2
b
3
b
4

b
0
b
5

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 4 B 2 E F 0 8 D 3 C 9 7 5 A 6 1
1 D 0 B 7 4 9 1 A E 3 5 C 2 F 8 6
2 1 4 B D C 3 7 E A F 6 8 0 5 9 2
3 6 B D 8 1 4 A 7 9 5 0 F E 2 3 C

b
1
b
2
b
3
b
4

b
0
b
5

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 D 2 8 4 6 F B 1 A 9 3 E 5 0 C 7
1 1 F D 8 A 3 7 4 C 5 6 B 0 E 9 2
2 7 B 4 1 9 C E 2 0 6 A D F 3 5 8
3 2 1 E 7 4 A 8 D F C 9 0 3 5 6 B

b
1
b
2
b
3
b
4

b
0
b
5

DES S-box 6
DES S-box 7
DES S-box 8
174

PH LC 2
Thut ton Euclid
1) Thut ton Euclid
Thut ton Euclid dng tm c s chung ln nht ca hai s nguyn a v b. Ta
k hiu c s chung ln nht ny l gcd(a, b). Thut ton ny da trn nh l sau:
nh l: vi mi s nguyn a 0 v b > 0 th:
gcd(a, b) = gcd(b, a mod b)
Chng minh:
Gi d l c s chung ln nht ca a v b. Gi r l phn d ca php chia a mod b:
a = bq + r (1)
Ta s chng minh hai iu sau:
- b v r chia ht cho d:
V a v b u chia ht cho d nn t ng thc (1) ta c r phi chia ht cho d.
- Khng tn ti e > d m b v r chia ht cho e:
Gi s tn ti s e > d m b v r chia ht cho e. Nh vy t ng thc (1) ta
c a cng chia ht cho e. Vy a v b u chia ht cho e l tri vi gi thit d
l c s chung ln nht ca a v b.
Vy c s chung ln nht ca b v r cng l d (pcm).
V gcd(b, 0) = b nn p dng lin tip nh l trn cho n khi r = 0 ta s tm c
gcd(a,b). C th ta c thut ton Euclid sau p dng cho trng hp a b > 0:
/* Thut ton Euclid tnh gcd(a,b) */
EUCLID (a,b)
A = a; B = b;
while B<>0 do
R = A mod B;
A = B;
B = R;
end while
return A;

Thut ton c minh ha qua hnh sau:










A1 = B1q + R1
A2 = B2q + R2
A3 = B3q + R3
.
An = Bnq + 0
An+1 0 gcd(a,b)
V d: a= 57, b = 42
57 = 42 1 + 15
42 = 15 2 + 12
15 = 12 1 + 3
12 = 3 4 + 0
3 0
175

2) Thut ton Euclid m rng
Thut ton ny m rng thut ton Euclid im trong trng hp a v b nguyn t
cng nhau, gcd(a, b) = 1 vi a b > 0, th thut ton cho bit thm gi tr nghch o b
-1

ca b trong php chia modulo a (tc bb
-1
1 mod a)
/* Thut ton Euclid m rng tr v hai gi tr: */
/* - gcd(a,b); */
/* - nu gcd(a,b)=1; tr v b
-1
mod a */
EXTENDED_EUCLID(a,b)
A1 = 1; A2 = 0; A3 = a;
B1 = 0; B2 = 1; B3 = b;
while (B3<>0)AND(B3<>1) do
Q = A3 div B3;
R1 = A1 - QB1;
R2 = A2 - QB2;
R3 = A3 - QB3; /* A3 mod B3 */
A1 = B1; A2 = B2; A3 = B3;
B1 = R1; B2 = R2; B3 = R3;
end while
If B3=0 then return A3; no inverse;
If B3=1 then return 1; B2;

Trc khi vo vng lp ta c tnh cht sau:
aA1 + bA2 = A3 (1)
aB1 + bB2 = B3 (2)
do ln lp th nht:
aR1 + bR2 = aA1 - aQB1 + bA2 - bQB2
= A3 QB3
aR1 + bR2 = R3 (3)
Vy trong sut qu trnh lp ca thut ton cc ng thc (1), (2), (3) lun c tha
mn.
Trong trng hp gcd(a, b) <> 1, thut ton trn hot ng tng t nh thut ton
Euclid chun (A3 v B3 tng t nh A v B trong thut ton chun). Khi kt thc vng lp
B3 = 0, A
3
l c s chung ln nht).
Trong trng hp gcd(a, b) = 1. Theo thut ton Euclid chun th A3 = 1, B3= 0. Suy
ra trong ln lp ngay trc B3 = 1. Trong thut ton m rng vng lp s kt thc khi B3
= 1. Ta c:
aB1 + bB2 = B3
aB1 + bB2 = 1
bB2 1 mod a
Vy B2 l nghch o ca b trong php modulo m.

176

V d: a = 63, b= 35








V d: a = 25, b= 7








Phng php kim tra s nguyn t ln Miller-Rabin
kim tra xem mt s p c phi l s nguyn t hay khng, mt thut ton c in
l kim tra xem p c chia ht cho 2 v p chia ht cho cc s l t 3 n hay khng.
Nu p khng chia ht cho cc s trn th p l s nguyn t, ngc li ch cn p chia ht cho
mt trong cc s trn, th p khng phi l s nguyn t. Tuy nhin nu p l s nguyn t
ln th vic kim tra cc s nh vy khng hiu qu v mt thi gian.
i vi s nguyn t, ta c hai b sau:
B 1: vi p l s nguyn t, x l s nguyn, x
2
1 mod p khi v ch khi x 1 mod
p hoc x (p1) mod p.
Chng minh: x
2
1 mod p x
2
- 1 0 mod p (x 1)(x+1) 0 mod p (*)
V p l s nguyn t nn (*) tng ng vi x10 mod p hay x+1 0 mod p. Hay
ni cc khc x 1 mod p hay x (p1) mod p. (pcm)
B 2: vi p l s nguyn t, vit li p di dng p = 2
k
q + 1 trong q l s l.
Vi a l s nguyn dng nh hn p, ta c kt lun sau:
*) Hoc

1
**) Hoc trong dy s

tn ti mt s m ng d vi
1 (mod p)
Chng minh:
t

ta vit li dy s trn thnh


A3 B3 Q R3 A2 B2 Q R2
63 = 35 1 + 28 0 = 1 1 - 1
35 = 28 1 + 7 1 = -1 1 + 2
28 = 7 4 + 0 -1 = 2 4 - 9
0
Khng c nghch o
A3 B3 Q R3 A2 B2 Q R2
25 = 7 3 + 4 0 = 1 3 - 3
7 = 4 1 + 3 1 = -3 1 + 4
4 = 3 1 + 1 -3 = 4 1 - 7
1 -7
Nghch o l: -7 + 25 = 18 (7*18 = 126 1 mod 25)
177

Theo nh l Fermat, ta c

1

suy ra

1
hay

1
Nh vy trong dy s

c s cui cng ng d vi 1. Vn
dng b 1, ta c kt lun sau:
- Hoc l 1 v do cc phn t cn li trong dy u ng d vi
1. Trong trng hp ny ta c kt lun *).
- Hoc l c mt s

1 tuy nhin


1 . o
theo b 1 th

p 1 . Trong trng hp ny ta c kt lun


**). (pcm)
Nh vy nu p l s nguyn t th p phi tha mn hai b trn. Tuy nhin mnh
ngc li th cha chc ng, c ngha l mt s hp s cng c th tha mn hai b
ny.
T nhn xt trn, ngi ta xy dng thut ton kim tra s nguyn t Miller-Rabin
nh sau:
/* Thut ton Miller-Rabin kim tra tnh nguyn t ca s nguyn p /*
TEST(p)
Tm k, q vi k> 0, q l tha mn 2

1
Chn s ngu nhin a trong khong [2, p - 1]
If

1 Then return p c th l s nguyn t;


For j= 0 to k-1 do
If

1 Then return p c th l s nguyn t;


return p khng phi l s nguyn t;

V d 1 : kim tra s p = 29
29 2

7 1 do k = 2, q = 7.
Nu chn a = 10: 10
7
mod 29 = 17 do ta s tip tc tnh (10
7
)
2
mod 29 = 28 th
tc kim tra s tr v c th l s nguyn t.
Nu chn a = 2: 2
7
mod 29 = 12 do ta s tip tc tnh (2
7
)
2
mod 29 = 28 th tc
cng s tr v c th l s nguyn t.
V vy, nu ch th mt vi gi tr a, ta cha th kt lun g v tnh nguyn t ca p.
Tuy nhin nu th ht cc gi tr a t 2 n 28 ta u nhn c kt qu c th l s
nguyn t. V vy c th chc chn rng 29 l s nguyn t.
V d 2 : kim tra s p = 221
221 2

55 1 do k = 2, q = 55.
Nu chn a = 5: 5
55
mod 221 = 112 do ta s tip tc tnh (5
55
)
2
mod 29 = 168,
do th tc kim tra s tr v khng phi l s nguyn t. iu ny ng v
221 = 13 x 17.
178

Tuy nhin nu chn a = 21: 21
55
mod 221 = 200 do ta s tip tc tnh (21
55
)
2

mod 29 = 220, lc ny th tc s tr v c th l s nguyn t. Ngha l trong
mt s trng hp ca a, thut Miller-Rabin khng xc nh c tnh nguyn t ca 221.
Ngi ta tnh c xc sut trong trng hp p l hp s, thut ton Miller-
Rabin a ra khng nh khng phi l s nguyn t l 75%. Trong 25% cn li,
Miller-Rabin khng xc nh c p nguyn t hay hp s. Do nu chng ta p dng
thut ton t ln (mi ln vi cc gi tr a khc nhau) th xc sut khng xc nh (trong c t
ln) l (0.25)
t
. Vi t bng 10, xc sut trn l rt b, nh hn 0.000001.
Tm li nguyn tc kim tra tnh nguyn t ca s nguyn p thc hin nh sau:
- Thc hin thut ton Miller-Rabin 10 ln vi 10 s a ngu nhin khc nhau.
- Nu c 10 ln thut ton cho ra kt qu c th l s nguyn t, th ta
khng nh p l s nguyn t.
- Ch cn mt ln thut ton cho ra kt qu khng phi l s nguyn t,
th ta khng nh p l hp s.
V d 3: p = 41, 41 2

5 1 do k = 3, q = 5, p-1 = 40 .
a a
q
mod p a
2q
mod p a
4q
mod p
7 38 9 40
8 9 40
9 9 40
12 3 9 40
13 38 9 40
16 1
24 14 32 40
25 40
31 40
37 1
41 l s nguyn t
V d 4: p = 133, 133 2

33 1 do k = 2, q = 33, p-1 = 132 .


a a
q
mod p a
2q
mod p
11 1
17 83 106
27 132
30 1
38 76 57
58 1
75 132
94 132
102 1
121 1
133 khng phi l s nguyn t (133 = 7 * 19)
Tuy tnh ton hi phc tp nhng thut ton Miller-Rabin l thut ton kim tra s
nguyn t hiu qu nht, thc hin nhanh nht trong cc thut ton kim tra s nguyn t
bit.
179

nh l s d Trung Hoa
nh l s d Trung Hoa cho php thay v phi thc hin cc php ton mod T trong
trng hp T ln, ta c th chuyn v tnh ton trn cc php mod ti , vi cc ti nh hn T.
Do nh l s d Trung Hoa gip tng tc tnh ton ca thut ton RSA.
Gi s:

. Trong cc s



nguyn t cng nhau
tng i mt. Xt tp ZT v tp X l tch Decarte ca cc tp

(ZT l tp cc s nguyn t
0 n T-1):


Ta c hai nh l s d Trung Hoa sau:
nh l 1: Tn ti mt song nh gia tp ZT v tp X. Ngha l:
-

sao cho A = f(a1, a2, , ak)


- v

sao cho (a1, a2, , ak) = f


-1
(A)
Chng minh:
1) nh x thun: chuyn A thnh (a1, a2, , ak), ta c th tnh ai = A mod ti .
2) nh x nghch: chuyn (a1, a2, , ak) thnh A, ta thc hin nh sau:
Phng n 1 (do nh ton hc ngi Trung Quc Chin Chiu-Shao xut vo nm 1247):
t Ti = T/ti = t1.t2ti-1.ti+1...tk , nh vy Ti 0 mod tj , ij. Ngoi ra cn c Ti
nguyn t cng nhau vi t
i
(theo gi thit cc t
i
u nguyn t cng nhau). Suy ra tn ti
phn t nghch o

sao cho :

.
Ta tnh A bng cng thc:


bo m nh x nghch l ng, ta cn chng minh ai = A mod ti . Ta c:

(v T chia ht cho ti)


(v Tj 0 mod ti , ij)

(v

(pcm)
Phng n 2 (do nh ton hc H.L.Garner xut vo nm 1959):
Trong phng n ny dng thut ton Euclid m rng, chng ta lp

hng s

1 nh sau:


j i t1 t2 t3 t4
t1 c12 c13 c14
t2 c23 c24
t3 c34
t4

180

V tnh k gi tr trung gian bi nh sau:


V A c tnh theo cng thc:


bo m nh x nghch l ng, ta cn chng minh ai = A mod ti . Ta c:


Ta c:

, ta c:


Vy ta c kt lun:



nh l 2: Cc php ton s hc modulo thc hin trn Z
M
c th c thc hin
bng k php ton tng t ln lt trn:

. C th, nu A (a1, a2, , ak), B


(b1, b2, , bk) th:


Da vo nh l ny nu A, B, M l cc s rt ln thuc khng gian ZT kh tnh ton,
ta c th chuyn i A, B, M v dng ai, bi, ti . Sau thc hin tnh ton trn khng gian
cc tp

, cui cng chuyn ngc kt qu li v khng gian ZT. Do nu s php tnh


nhiu, th vic thc hin trn khng gian cc tp

s mang li hiu qu cao so vi chi ph


chuyn i.
181

V d nh l s d Trung Hoa:
Cho T = 1813 = 37 x 49. Tnh X+Y = 678+973 mod 1813.
Ta c t1 = 37, t2 = 49.
Vy X c biu din thnh: (678 mod 37, 678 mod 49) = (12, 41). Y c biu
din thnh (973 mod 37, 973 mod 49) = (11, 42). Do :
(678+973) mod 1813 = ((12+11) mod 37, (41+42) mod 49) = (23, 34)
V cui cng kt qu ca php cng l:
Theo phng n 1:
T1 = 49, T2 = 37

34

4
23 49 34 34 37 4 1813
= 38318 532 1813
= 4335 1813
= 1651 chnh l 678 973
Theo phng n 2:
c12 = 4
b1 = 23, b2 = (34 23)4 mod 49 = 44

23 4437 = 1651.

Ci t giao thc SSL cho Web server IIS
(Xem ni dung ti MSOpenLab http://msopenlab.com/index.php?article=68)




182

TI LIU THAM KHO

[1]. Bo mt thng tin, m hnh v ng dng Nguyn Xun Dng Nh xut bn
Thng K 2007.
[2]. Cryptography and Network Security Principles and Practices, 4
th
Edition
William Stallings Prentice Hall 2005.
[3]. Information Security Principles and Practices Mark Stamp John
Wiley&Son, Inc 2006.
[4]. Applied Cryptography, 2
nd
Edition Bruce Sneider John Wiley&Son, Inc
1996.
[5]. AES Proposal: Rijndael Block Cipher Joan Deamen, Vincent Rijmen.
[6]. Differential Cryptanalysis of DES-like cryptosystem Edi Biham, Adi Shamir.
- 1990
[7]. Linear Cryptanalysis Method for DES cipher Matsui Springer-Velag
1998
[8]. Guide to elliptic curve cryptography Hankerson, Menezes, Vanstone
Springer, 2004
[9]. How Secure Is Your Wireless Network Lee Barken Prentice Hall 2003


183






































B GIO DC V O TO
TRNG I HC NHA TRANG
KHOA CNG NGH THNG TIN
----- -----









BI GING

AN TON V BO MT
THNG TIN

(Lu hnh ni b)














Nha Trang, thng 6 nm 2008
184

















BI GING

AN TON V BO MT
THNG TIN


Bin son: Trn Minh Vn
(Ti liu tham kho chnh: Cryptography and Network Security Principles and Practices,
4
th
Edition William Stallings Prentice Hall 2005)