Khảo sát Mã dòng và ứng dụng - Stream Ciphers

TRNG I HC KHOA HC T NHIN
KHOA CNG NGH THNG TIN

B MN CNG NGH TRI THC

NGUYN XUN HUY TRN QUC HUY

KHO ST M DNG V NG DNG

KHA LUN TT NGHIP C NHN CNTT

TP. HCM, 2011
Trang 1

TRNG I HC KHOA HC T NHIN
KHOA CNG NGH THNG TIN
B MN CNG NGH TRI THC

NGUYN XUN HUY 0712196
TRN QUC HUY 0712204

KHO ST M DNG V NG DNG
KHA LUN TT NGHIP C NHN CNTT

GIO VIN HNG DN
PGS.TS. NGUYN NH THC

KHA 2007 2011
Trang 2

NHN XT CA GIO VIN HNG DN

TpHCM, ngy .. thng nm
Gio vin hng dn

Trang 3

NHN XT CA GIO VIN PHN BIN

Kha lun p ng yu cu ca Kha lun c nhn CNTT.
TpHCM, ngy .. thng nm
Gio vin phn bin

Trang 4

LI CM N
Chng em xin chn thnh cm n B mn Cng ngh Tri thc cng nh Khoa Cng
ngh Thng tin, trng i hc Khoa hc T nhin to iu kin tt cho chng em
thc hin ti kha lun tt nghip ny.
Chng em xin chn thnh cm n thy Nguyn nh Thc tn tnh hng dn, ch
bo v ng gp kin cho chng em trong sut qu trnh thc hin ti.
Chng em xin chn thnh cm n qu thy c trong Khoa tn tnh ging dy v
trang b cho chng em nhng kin thc v k nng qu bu trong nhng nm hc ti
trng va qua.
Chng con xin ni ln lng bit n su sc i vi ng B, Cha M chm sc, nui
dng chng con thnh ngi.
Xin chn thnh cm n cc anh ch v bn b ng h, gip v ng vin chng
em trong sut thi gian hc tp v nghin cu.
Mc d c gng hon thnh kha lun trong phm vi v kh nng cho php nhng
chc chn s khng trnh khi nhng thiu st. Chng em knh mong nhn c s
cm thng v tn tnh ch bo ca qu thy c v cc bn.

Sinh vin
Nguyn Xun Huy Trn Quc Huy
Thng 07/2011

Trang 5

MC LC
Chng 1. M U ...................................................................................................... 15
1.1. L do cn n m dng hin nay ........................................................................ 16
1.2. Mc tiu ca ti .............................................................................................. 18
1.3. Yu cu ca ti ............................................................................................... 20
1.4. B cc lun vn ................................................................................................... 20
Chng 2. L THUYT M DNG ........................................................................... 23
2.1. So snh m dng vi m khi ............................................................................. 25
2.2. Phn loi m dng ............................................................................................... 27
2.3. Mt s kin trc m dng.................................................................................... 29
2.3.1. M dng ng b cng ................................................................................. 29
2.3.2. M dng t ng b cng ............................................................................ 30
2.3.3. M dng ng b khng cng ...................................................................... 31
2.3.4. Phng php m dng s dng m khi ...................................................... 33
2.3.5. M phn phi hp tc ................................................................................... 36
2.4. Cc loi Generator ............................................................................................... 40
2.4.1. My trng thi hu hn v b sinh dng kha ............................................. 41
2.4.2. B sinh da trn b m .............................................................................. 42
2.4.3. B sinh s hc .............................................................................................. 44
Trang 6

2.4.4. B sinh da trn thanh ghi dch chuyn ....................................................... 48
2.5. Trng hu hn ) ( p GF v ) (
m
p GF ............................................................... 57
2.5.1. Trng hu hn (trng Galois) .................................................................. 57
2.5.2. Cch biu din phn t trong trng hu hn ............................................. 59
2.5.3. Tnh ton trn trng hu hn ..................................................................... 61
2.6. Cc kha cnh mt m ca Sequence .................................................................. 64
2.6.1. phc tp tuyn tnh v a thc cc tiu ................................................. 64
2.6.2. Phn phi mu ca dng kha ..................................................................... 73
2.6.3. Hm tng quan ........................................................................................... 74
2.6.4. phc tp cu ........................................................................................... 77
2.7. Tnh an ton ca m hnh m dng ..................................................................... 81
2.7.1. Tnh an ton da trn kin trc m dng ..................................................... 82
2.7.2. Tnh an ton da trn cc kha cnh mt m ca dng kha ....................... 83
2.7.3. Tnh an ton da trn kin trc ca generator ............................................. 85
Chng 3. M DNG TRN MNG DI NG ........................................................ 98
3.1. Gii thiu v mng di ng ................................................................................. 99
3.1.1. Cc chun mng di ng .............................................................................. 99
3.1.2. Bo mt trn mng di ng ........................................................................ 100
3.2. M dng ZUC ................................................................................................... 101
Trang 7

3.2.1. Cu to ca ZUC ........................................................................................ 101
3.2.2. Cu to v hot ng ca LFSR ................................................................. 102
3.2.3. Ti cu trc dy bit ..................................................................................... 103
3.2.4. Hm phi tuyn F......................................................................................... 104
3.2.5. Hot ng ca ZUC ................................................................................... 106
3.3. ng dng ca ZUC ........................................................................................... 110
3.3.1. M ha 128-EEA3...................................................................................... 110
3.3.2. Chng thc 128-EIA3 ................................................................................ 112
3.4. Tiu ch thit k v tnh an ton ca ZUC ........................................................ 114
3.4.1. Tiu ch thit k LFSR ............................................................................... 114
3.4.2. Tiu ch thit k ca BR ............................................................................. 116
3.4.3. Thit k v tnh an ton ca hm phi tuyn F ............................................ 118
Chng 4. CHNG TRNH THC HIN .............................................................. 127
4.1. Gii thiu ........................................................................................................... 128
4.2. M hnh ng dng ............................................................................................. 129
4.2.1. Yu cu chc nng chng trnh ............................................................... 129
4.2.2. Phng php to keystream ....................................................................... 129
4.2.3. M hnh hot ng ca chng trnh ......................................................... 130
4.2.4. Giao din chng trnh v hng dn thc thi .......................................... 131
Trang 8

4.3. Kt qu thc nghim ......................................................................................... 134
4.4. Tng kt chng ............................................................................................... 135
KT LUN .................................................................................................................. 137
HNG PHT TRIN ............................................................................................... 139
TI LIU THAM KHO ............................................................................................ 140
Ph lc A. Mt s thuc tnh mt m khc ca hm Boolean ..................................... 145
A.1. Bc i s ca hm Boolean ............................................................................ 145
A.2. min i s ca hm Boolean ..................................................................... 148
Ph lc B. S-box trong AES ........................................................................................ 149
Ph lc C. Mt s khi nim khc ............................................................................... 150
C.1. Lng tin .......................................................................................................... 150
C.2. Cc tin ngu nhin Golomb ....................................................................... 151

Trang 9

DANH SCH HNH V
Hnh 1. Logo ca t chc 3GPP. ................................................................................... 16
Hnh 2. S khc nhau gia m khi v m dng. .......................................................... 26
Hnh 3. M dng ng b cng. ..................................................................................... 28
Hnh 4. M dng t ng b cng. ................................................................................ 30
Hnh 5. Keystream Generator nh my trng thi hu hn t iu khin. ................... 41
Hnh 6. B m vi hm ra phi tuyn. ........................................................................... 43
Hnh 7. Mt s generator da trn b m. ................................................................... 43
Hnh 8. Mt m hnh ca loi thanh ghi Fibonacci. ...................................................... 49
Hnh 9. Mt m hnh ca loi thanh ghi Galois. .......................................................... 49
Hnh 10. M hnh generator s dng b trn knh. ...................................................... 50
Hnh 11. M hnh generator dng v chy. .............................................................. 51
Hnh 12. Hot ng ca generator bc lun phin trong trng hp u ra ca
thanh ghi iu khin l 1. .............................................................................................. 52
thanh ghi iu khin l 0. .............................................................................................. 52
Hnh 14. M hnh hot ng ca thanh ghi trong generator co. ................................... 53
Hnh 15. Generator kt hp phi tuyn. .......................................................................... 54
Hnh 16. M hnh ca Generator php cng. ................................................................ 55
Trang 10

Hnh 17. M hnh generator lc. .................................................................................... 56
Hnh 18. M hnh NLFSR Galois. .................................................................................. 56
Hnh 19. M hnh NLFSR Fibonacci. ............................................................................ 57
Hnh 20. LFSR tng qut th hin s quy. ................................................................ 65
Hnh 21. Kin trc tng qut ca ZUC. ....................................................................... 102
Hnh 22. Kin trc ca S-box S
0
. .................................................................................. 121
Hnh 23. M hnh hot ng ca ng dng Voice Chat ch cng khai. .............. 130
Hnh 24. M hnh hot ng ca ng dng Voice Chat ch ring t. ................. 131
Hnh 25. Giao din chng trnh SCVoiceChat-server.exe. ........................................ 132
Hnh 26. Giao din chng trnh SCVoiceChat-Client.exe ......................................... 133
Hnh 27. Biu so snh tc thc thi gia 128-EEA3 v AES. ............................. 135

Trang 11

DANH SCH BNG
Bng 1. Cc phi tuyn ca cc hm cn bng. ......................................................... 90
Bng 2. Kho st s thay i ca cc hm nh phn thnh phn f
j
khi bit u vo th i
b thay i i vi S-box trong AES. .............................................................................. 96
Bng 3. S-box S
0
. .......................................................................................................... 106
Bng 4. S-box S
1
. .......................................................................................................... 106
Bng 5. Bin i P
1
. ..................................................................................................... 121
Bng 6. Bin i P
2
. ..................................................................................................... 121
Bng 7. Bin i P
3
. ..................................................................................................... 121
j
khi bit u vo th i
b thay i i vi S-box S
0
ca hm phi tuyn F. ....................................................... 122
j
khi bit u vo th i
1
ca hm phi tuyn F. ....................................................... 124
Bng 10. So snh cc tnh cht ca S-box trong AES v hai S-box S
0
v S
1
trong hm
phi tuyn F. ................................................................................................................... 125
Bng 11. So snh tc thc thi gia gii thut 128-EEA3 v gii thut AES. ......... 134
Trang 12

THUT NG, VIT TT V K HIU
GSM H thng thng tin di ng ton cu
3GPP Hip hi d n i tc th h th 3
DACAS Trung tm nghin cu an ton tuyn thng v bo mt d liu ca Vin
hn lm khoa hc Trung Quc
UMTS H thng vin thng di ng ton cu
AES Chun m ha Advanced Encryption Standard
DES Chun m ha Data Encryption Standard
CD M phn phi hp tc
SG B sinh dy
FSM My trng thi hu hn
GF Trng Galois (v d GF(2
n
))
NSG B sinh dy t nhin
LFSR Thanh ghi dch chuyn hi tip tuyn tnh
ZUC Phng php m dng ZUC
SAC Strict Avalanche Criterion
ANF Dng chun i s ca hm Boolean
S-box Bng thay th
Php XOR lun l
Trang 13

Php cng trong module 2
32

a || b Php ni hai dy bit a v b
a
H
Ly 16 bit bn tri ca s nguyn a
a
L
Ly 16 bit bn phi ca s nguyn a
a <<<
n
k Quay c nh thanh ghi a (di n bit) v bn tri k bit
a >> 1 Dch phi s a 1 bit
(a
1
, a
2
,, a
n
)(b
1
, b
2
,, b
n
) Php gn cc gi tr a
i
cho gi tr b
i
tng ng

Trang 14

TM TT KHA LUN
Vn nghin cu:
Tm hiu v nghin cu cc l thuyt v m dng. Kho st m dng trn mng di
ng. Hin thc ha ng dng Voice Chat s dng m dng ZUC m bo tnh b
mt d liu trn ng truyn, bn cnh tin hnh thc nghim chng minh tc
ca m dng nhanh hn so vi m khi. Phn tch tnh an ton v thc nghim o
c cc c tnh mt m quan trng ca m dng ZUC.
Hng tip cn:
Tm hiu cc khi nim cn bn v m dng.
Xc nh v tin hnh xy dng chng trnh thc hin s dng m dng ZUC.
Xc nh cc vn nghin cu c th ca m dng.
Nghin cu cc nguyn l thit k m hnh m dng.
Nghin cu cc l thuyt v ton hc lin quan n m dng.
Nghin cu cc c tnh mt m quan trng nh hng n tnh an ton ca m hnh
m dng.
Tm hiu mt s m dng trn mng di ng.
Kho st chi tit m hnh m dng ZUC.
Phn tch v thc nghim o c cc c tnh mt m quan trng m dng ZUC.
Thc nghim so snh tc gia m dng ZUC (thng qua thut ton m ha 128-
EEA3) v m khi AES.
Trang 15

Chng 1. M U

Tm tt chng:
Ni dung chng m u trnh by l do cn n m dng hin nay, mc tiu v
yu cu ca lun vn. Tm tt ca tng chng s c trnh by trong phn b
cc lun vn.
Trang 16

1.1. L do cn n m dng hin nay
Ngy nay vi s pht trin vt bt ca cng ngh thng tin v truyn thng em li
rt nhiu nhng ng dng tin dng n vi ngi dng. Xu hng pht trin ca cng
ngh hin i l trn mi trng mng, trong mng di ng ang v s c nhiu ha
hn. Trong tng lai gn nh mi ng dng u c th a ln chic in thoi gn
nh. Vn bo mt ngy nay khng ch cp bch trong mng internet ton cu, m
ngay c mng di ng cng rt cn c s quan tm. Nhu cu m bo b mt khi
thc hin cc cuc gi, hay cc dch v thng qua mng di ng l iu m ngi dng
rt quan tm. iu ny cng c quan tm hn khi c s xut hin thm hng lot
nhng cng ngh mng di ng mi nh GPRS, 3G, EPS (LTE SAE), . Cc cng
ngh ny u do t chc 3GPP cng b. Di y l Logo ca t chc 3GPP, c ly
t trang web ca t chc (http://www.3gpp.org):

Hnh 1. Logo ca t chc 3GPP.
p ng cc nhu cu bo mt trn mng di ng th cc cng ngh di ng
u phi p dng cc k thut m ha ph hp. Trong tt c cc k thut m ha, m
dng (stream cipher) l thch hp p dng trong mng di ng. y l mt k thut
m ha thuc loi m i xng (symmetric cryptography). Vic bo mt bng cch
dng m dng trong GSM c nhng mc ch nh: m ha m bo b mt d liu,
chng thc, m bo tnh ton vn [2]. C hai loi m i xng l: m khi (block
Trang 17

cipher) v m dng (stream cipher). Trong nh ta bit, m khi s lm vic bng
cch chia khi d liu cn m ha ban u thnh nhng khi d liu nht nh, ngha l
phi bit trc kch thc cng nh bn thn khi d liu . Cc d liu c lu
thng trn mng di ng in hnh nht l d liu ca mt cuc gi dng nh khng
c bit trc kch thc, hay cn gi l d liu c sinh ra v bin thin theo thi
gian (time-varying). Do yu cu x l tn hiu bin thin theo thi gian ny ca mng
di ng nn i hi k thut m ha p dng cng phi tha mn c ch ny. M dng
hot ng vi bin i ca n bin thin theo thi gian trn nhng khi bn r
(plaintext) ring bit [1], cc phn sau ca lun vn s lm sng t chi tit v kh nng
p ng c cc yu cu ca m dng trn mng di ng. l l do cho thy tm
quan trng ca vic ng dng m dng trong vn bo mt mng di ng.
Nhn v qu kh, ta thy k nguyn ca m dng thc s l vo nhng nm
1960. Vo thi gian , rt nhiu t chc s dng n m dng nh: nhng nhu cu
ca qun i v ngoi giao, cc t chc gin ip, cc t chc cung cp dch v vin
thng, cc doanh nghip, Nhng thit b m ha in t bn dn bt u xut
hin. Do cc thit b ny c b nh vi dung lng rt thp nn m dng tr nn ph
bin hn m khi. Tuy nhin ngy nay vi s pht trin cng ngh trn cc thit b, cc
vn khng cn l tr ngi, nn m khi li chim u th hn. Bng chng l
ngay c trn nn tng GSM, th h th 3 m khi Kasumi thay th m dng A5/x
th h th 2. Trn cng ngh Wi-Fi, phin bn IEEE 802.11a/b cn ang s dng
m dng RC4, nhng sang phin bn IEEE 802.11i th c thay th bi m khi AES
[6].
Nhng khng v vy m m dng li khng th pht trin c. Hi tho The
State of the Art of Stream Ciphers (SASC), mt hi tho chuyn v m dng c t
chc bi ECRYPT (http://www.ecrypt.eu.org), vn ang c thu ht. ng Steve
Babbage (cng tc ti Vodafone Group R&D) c cp, m dng rt hu dng v tc
Trang 18

rt nhanh, c hiu lc v nh gn i vi nhng thit b b hn ch nh: nhng
thit b c ngun nng lng (pin) thp nh trong RFID; hay nh Smart cards (8-bit
processors) [7]. Trong bi bo ca mnh ([6]), Adi Shamir (mt trong nhng ngi
pht minh ra RSA) c cp, ng dng mt m ca RFID c nghin cu rng ri
Hn Quc, ng cho rng n s l mt cng ngh rt quan trng v thnh cng trong
thp k ti. V ng cng mong i rng cc ng dng trn RFID ny s dng m dng
nhiu hn l m khi. Cui cng ng cn nhn xt rng, tnh trng kin thc v s t
tin ca chng ta v m dng cn yu. Ngha l chng ta hon ton c th tin tng
vo mt tng lai ca vic ng dng m dng.
Cc thut ton bo mt trong mng GSM xut pht t ba thut ton m ha l
A3, A5 v A8. GSM s dng mt s thut ton c nh A5/1, A5/2 v A5/3 cho vic
bo mt. Tuy nhin chng c th b b bi mt vi cc tn cng [3]. Ngy cng c
thm cc th h mi ca mng di dng, nh th h mi nht l cng ngh EPS, mt
cng ngh mi nht ang c d nh pht trin ln thnh th h 4G. Bi vy hin
nay c nhng bn tho v cc thut ton bo mt mi ng dng vo cc cng ngh
mi ny, in hnh l cc bn tho nhng thut ton ca t chc 3GPP nh 128-EEA3
v 128-EIA3 cho cng tc bo mt trn cng ngh EPS [2].
M dng thch hp cho vic hin thc ha bng phn mm hay phn cng. N
rt thch hp ci t trc tip trn cc thit b phn cng c cu hnh thp. Nn n c
th c hin thc ha trn cc my in thoi di ng.
1.2. Mc tiu ca ti
Vi vic hiu c nhu cu cn thit ca m dng, chng ti tin hnh xy dng
chng trnh th nghim s dng m dng da vo m ngun m c, t nhn
din ra cc vn nghin cu lin quan.
Trang 19

M dng l mt ch nghin cu rng, y thch thc, v ang c cc nh
nghin cu m quan tm v kh nng ng dng quan trng ca n trn mng di ng
ton cu. C s l thuyt ca m dng c lin quan vi L thuyt s [4] v l thuyt v
Trng (c th l trng Galois hay Galoa), nn chc chn n tn dng c nhng
phng php v lp lun mnh ca cc lnh vc ton hc ny. y l mt im y th
thch nhng cng rt th v i vi chng ti khi nghin cu v ti ny. Vi mt
mong mun lm sng t nhng chn l ca c s l thuyt m dng, chng ti mnh
dn u t cng sc i su tm hiu nhng c s l thuyt m dng y. Phn u
ca lun vn ny trnh by nhng c s l thuyt v cc nguyn l thit k cc m
hnh ca m dng.
Cc thut ton m dng thc cht c chia thnh hai thnh phn trong kin
trc ca n. Mt thnh phn l qu trnh lm vic ca b sinh dng kha (keystream
generator), v phn th hai nhn cc keystream c sinh ra bi b sinh dng kha ny
tin hnh cng vic m ha (hay chng thc, m bo tnh ton vn) ca mnh. i
vi cc thut ton m dng, phn th hai ny c th ch n gin l thc hin nhim v
XOR dng kha v bn r to thnh bn m. Do tm quan trng ca cc thut
ton m dng tp trung ch yu vo cc generator [4]. Lun vn i su phn tch kin
trc v c ch hot ng ca cc generator khc nhau.
i vi mt thut ton/m hnh mt m ni chung hay m dng ni ring, tnh
an ton l yu t quan trng hng u. Do lun vn s i su phn tch cc kha
cnh mt m lin quan n tnh an ton ca m hnh m dng.
Lun vn tm hiu mt s m hnh m dng ng dng trong mng di ng. Trong
bao gm c cc thut ton cha c cng b chnh thc ng dng trong mng di ng
cho nhng cng ngh mi, m mi ch l nhng bn tho. in hnh l m dng ZUC
[31] do DACAS (Trung tm nghin cu an ton tuyn thng v bo mt d liu ca
Trang 20

Vin hn lm khoa hc Trung Quc) thit k, lun vn s i su phn tch m hnh m
dng ny.
1.3. Yu cu ca ti
Nghin cu cc c s l thuyt ca m dng.
Phn tch, nm r kin trc v nguyn l hot ng ca cc thut ton m dng v
generator tng ng.
Tm hiu cc m hnh m dng c ng dng trong mng di ng. Kho st chi tit
m hnh m dng ZUC.
Hin thc chng trnh minh ha.
Thc nghim, o c cc tnh cht mt m quan trng ca m hnh m dng ZUC.
1.4. B cc lun vn
Ni dung ca lun vn c trnh by gm:
Chng 1. M U trnh by l do cn n m dng hin nay trong thc t, mc tiu
thc hin ti m dng, ng thi xc nh c cc yu cu t ra ca lun vn.
Chng 2. L THUYT M DNG trnh by v h thng ha cc kin thc cn
bn ca m dng, ng thi so snh s khc nhau gia m dng v m khi, nu ra cc
loi kin trc m dng, cc loi b sinh dng kha; gii thiu li l thuyt v trng
hu hn (trng Galois) ng vai tr c s ton hc quan trng hiu r cc khi
nim lin quan n m dng nh: dng kha c sinh ra bi b sinh, LFSR, S-box;
trnh by cc kha cnh mt m ca dng kha: phc tp tuyn tnh v a thc cc
tiu, phn phi mu, hm tng quan, phc tp cu; sau cng l trnh by v h
thng phn rt quan trng, l tnh an ton ca m hnh m dng vi cc tng:
Trang 21

tnh an ton da vo kin trc m dng, tnh an ton da vo cc kha cnh mt m ca
dng kha, c bit l tnh an ton da vo kin trc ca b sinh s i su phn tch v
kho st cc c tnh mt m quan trng ca hm Boolean v S-box nh hng n
tnh an ton ca b sinh nh: tnh phi tuyn (nonlinearity) v tiu chun SAC (Strict
Avalanche Criterion) ca hm Boolean, tnh ng nht sai phn ca S-box.
Chng 3. M DNG TRN MNG DI NG trnh by gii thiu v mng di
ng v cc thut ton bo mt c trn mng di ng; trnh by li m hnh m dng
ZUC v cc ng dng ca n trong hai thut ton bo mt l: thut ton m ha 128-
EEA3 v thut ton chng thc thng ip 128-EIA3; trnh by cc tiu ch thit k cc
lp (layer) trong cu to ca ZUC, c bit i su phn tch v thc nghim o c
kim tra cc c tnh mt m quan trng ca hai S-box S
0
v S
1
trong hm phi tuyn F
l: tnh phi tuyn ca S-box, tnh ng nht sai phn ca S-box, tiu chun SAC v tnh
cn bng (balance) ca cc hm thnh phn ca S-box.
Chng 4. CHNG TRNH THC HIN trnh by kt qu v ng dng th
nghim Voice Chat, c hin thc thng qua thut ton m ha 128-EEA3 dng
generator ZUC m bo b mt d liu trn ng truyn gia nhng ngi thc
hin cuc hi thoi vi nhau; trnh by m hnh ca ng dng vi cc yu cu chc
nng v m hnh hot ng; thc nghim so snh tc gia 128-EEA3 v AES; tng
kt cc kt qu t c v cha t c ca chng trnh thc hin.

Ph lc A trnh by mt s c tnh mt m khc ca hm Boolean v ca S-box nh
hng n tnh an ton ca b sinh l bc i s (algebraic degree) v min i s
(algebraic immunity).
Ph lc B trnh by li cu trc v s an ton ca S-box trong thut ton m khi AES.
Trang 22

Ph lc C trnh by mt s khi nim khc nh: lng tin, cc tin ngu nhin
Golomb.
Trang 23

Chng 2. L THUYT M DNG

Tm tt chng:
Chng 2 h thng ha v kho st cc l thuyt lin quan n m dng. Ni
dung chng ny trnh by cc vn chnh sau:
o Trnh by tm tt m dng v so snh s khc nhau gia m dng v m
khi.
o Trnh by cc loi m dng: m dng ng b v m dng t ng b;
trnh by v phn tch tnh cht ca cc kin trc m dng: m dng
ng b cng, m dng t ng b cng, m dng ng b khng cng,
phng php m dng s dng m khi, m phn phi hp tc; trnh by
cc loi b sinh c th c dng trong m hnh m dng.
o Gii thiu li cc kin thc cn thit v trng hu hn (trng Galois),
ng vai tr nn tng hiu r cc khi nim lin quan n m dng
nh: dng kha c sinh ra bi b sinh, LFSR, S-box.
o Trnh by v h thng cc kha cnh mt m ca dng kha c sinh
ra: phc tp tuyn tnh v a thc cc tiu, phn phi mu, hm
tng quan, phc tp cu.
o H thng v phn tch cc vn lin quan n tnh an ton ca m hnh
m dng, vi 3 tng l: tnh an ton da trn kin trc m dng, tnh
an ton da trn cc kha cnh mt m ca dng kha, tnh an ton da
trn kin trc ca b sinh. tng v tnh an ton da trn kin trc ca
b sinh c kho st v phn tch k lng v cc c tnh mt m quan
Trang 24

trng ca hm Boolean v S-box nh hng n tnh an ton ca b sinh
nh: tnh phi tuyn (nonlinearity) v tiu chun SAC (Strict Avalanche
Criterion) ca hm Boolean, tnh ng nht sai phn ca S-box.

Trang 25

2.1. So snh m dng vi m khi
M ha i xng c chia lm hai loi l: m khi (block ciphers) v m dng
(stream ciphers).
i vi m khi, khi m ha, d liu ban u c chia thnh cc khi (block)
thng c kch thc bng nhau, v kch thc ny s ty thuc vo thut ton m ha
c dng nh DES, 3DES, AES, RC2,. Nu p dng DES th cc khi d liu phi
c kch thc l 64 bits, cn nu p dng AES th kch thc ny phi l 128 bits. M
khi cn n mt kha k trong sut qu trnh m ha, kha ny cng ty thuc vo
thut ton m ha p dng nh trn. Trong thc t khi p dng m khi th d liu ban
u phi bit trc v kch thc. Ngha l p dng m khi cho d liu bit trc
c th. Sau khi d liu ban u c chia ra thnh cc khi c kch thc nht nh,
qu trnh m ha s s dng n mt trong cc kiu hot ng (mode of operation)
to thnh bn m tng ng cho d liu ban u. Cc mode of operations nh ECB,
CBC, CFB, OFB, CTR.
Trang 26

Hnh 2. S khc nhau gia m khi v m dng.
i vi m dng, trong thc t khi c p dng th d liu thng dng bin
thin theo thi gian. Ngha l khng bit trc c d liu ban u. Mi phn ca d
liu hin ti s c m ha cng vi mt kha z
j
tng ng, ) , 0 [ e j . Cc z
j
to
thnh mt dng kha (keystream), mi z
j
c gi l mt keyword. Hm m ha n
gin nht trong thc t c th ch n gin l mt php XOR gia cc bits bn r v
keystream tng ng. Chnh xc hn l mi k t (character) ca bn r XOR vi z
j
.
M hnh m dng s dng mt kha k ban u sinh ra cc z
j
. Thc th m nhim
chc nng sinh dng kha ny c gi l b sinh dng kha (keystream generator).
Ta c th biu th keystream l ...
2 1 0
z z z z =
[4].
Mt m hnh m dng c tnh tun hon (c chu k - periodic) nu keystream
lp li sau d k t vi d l gi tr c th [4]. Ngha l s gi tr cc keyword z
j
l hu
hn (d gi tr) mc d chui keystream l v hn trong trng hp tng qut.
Hay ta c mt nh ngha tng qut ca m dng:
Trang 27

nh ngha m dng [16]: Cho K l mt khng gian kha ca mt h m v cho
K k k e
2 1
l mt dng kha. H m ny c gi l mt m dng nu vic m ha
trn chui bn r
2 1
m m thu c bng cch p dng lp i lp li ca php m ha
trn nhng n v thng ip bn r,
j j k
c m E
j
= ) ( , v nu d
j
l nghch o ca k
j
, vic
gii m xy ra nh
j j d
m c D
j
= ) ( vi 1 > j . Nu tn ti mt gi tr N l e sao cho
j l j
k k =
+
vi mi N j e , ta gi m dng tun hon vi chu k l.
2.2. Phn loi m dng
V cn bn mt thut ton m dng thuc v mt trong hai loi: m dng ng b
(synchronous cipher), v m dng t ng b (self-synchronous cipher) hay cn c tn
gi khc l m dng bt ng b (asynchronous cipher). Tuy nhin, nhng ngi t d
n eSTREAM cho mt nh ngha tng qut hn v m dng, h xem mt m dng
nh mt thc th c mt trng thi ni ti bin thin theo thi gian (time-varying
internal state), v xem m dng ng b v m dng t ng b l hai trng hp c
bit [10].
Trong m dng ng b, trng thi tip theo (next state) ca h thng m ha
c m t c lp vi bn r v bn m. Trng thi (state) l gi tr ca mt tp hp
cc bin mang li duy nht mt s m t cho trng thi ca thit b [1]. Ta hiu trng
thi nh l gi tr ca mt mng nhiu phn t. Thit b y c hiu nh l mt
thnh phn trong cu to ca b sinh dng kha (generator). N c th l mt thanh ghi
(register) bao gm nhiu phn.
Trang 28

Hnh 3. M dng ng b cng.
Hnh trn din t quy tc m ha v gii m ca m hnh m dng ng b cng. Khi
m ha, ln lt cc k t bn r c + (cng) vi keyword z
i
sinh ra k t bn
m tng ng. Khi gii m th lm ngc li bng cch - (tr). + v - y ch
mang ngha c trng cho qu trnh m ha v gii m. Chng c th ch n gin l
php XOR chng hn. T hnh r rng ta thy qu trnh sinh keystream hon ton c
lp vi bn r v bn m.
Ngc li, i vi m dng t ng b, mi k t ca keystream c suy ra t
mt s n c nh ca nhng k t bn m trc . V vy, nu mt k t bn m b
mt hoc b h (thay i) trong qu trnh truyn d liu, li s b lan truyn cho n k t
trong qu trnh gii m. Nhng n s t ng b li sau n k t bn m nhn c [4].
Chng hn ta kho st trong trng hp n = 1:
Gi s ta c chui cc k t bn m C b thay i ti
1 j
c .
- Khi dng m dng t ng b theo cng thc m ha:
) , ( ); (
1
= =
j j j z j
c k f z m E c
j
. Suy ra cng thc gii m:
) , ( ); (
1
= =
j j j z j
c k f z c D m
j
. Ta thy hin nhin
1 j
c b thay i th kt qu
gii m
1 j
m b li (khng ng nh ban u trc khi m ha). Do
1 j
c b
thay i lm cho
j
z b sai, nn kt qu gii m
j
m b li. Trong khi , vic
Trang 29

gii m
1 + j
m li ph thuc vo
j
c (
j
c khng b thay i) nn kt qu gii m
1 + j
m khng b li. Nh vy ch cn sau mt k t bn m, qu trnh gii
m t ng b. iu ny cng ng cho trng hp
1 j
c b mt.
- Cn khi dng m dng ng b theo cng thc m ha:
j j j
m z c = . Suy
ra cng thc gii m
j j j
c z m = . Trong trng hp
1 j
c b thay i th d
dng nhn thy qu trnh gii m ch b li ti
1 j
m . Tuy nhin, khi
1 j
c b
mt, lc chui cc k t bn m b tht li li mt k t. Ngha l
j
c ng
vai tr ca
1 j
c ,
1 + j
c ng vai tr ca
j
c ,. Ni cch khc, k t
1 j
c tr v
sau tt c cc k t bn m u b li. Dn n qu trnh gii m tt c cc
k t sau u b li.
Nh trn ta gii thch v mt s khc nhau th v gia hai loi m dng. Ngoi ra,
m dng t ng b khng c tnh tun hon bi v mi k t kha z
j
ph thuc vo
ton b cc k t bn r trc [4]. iu ny th ngc li i vi m dng ng b
v thng thng n c tnh tun hon.
2.3. Mt s kin trc m dng
C nhiu phng php m dng khc nhau, thuc vo nhng loi di. c bit vi
mt s phng php, ta thy c bng dng ca m khi trong vic ng dng vo m
dng.
2.3.1. M dng ng b cng
Nh cp trn, m dng ng b cng (additive synchronous stream ciphers)
sinh dng kha c lp vi d liu bn r. Thut ton sinh dng kha phi c thc
hin sao cho dng kha c th c ti lp cho qu trnh gii m. M dng ng b
cng nh theo Hnh 3 l mt loi m dng ng b quan trng.
Trang 30

Nh phn 2.2. Phn loi m dng gii thch v s ng b ca loi kin trc m
dng ny. Cn tnh cng trong kin trc ny c th hiu l do php cng/tr gia
dng kha v bn r/bn m, hay ch n gin l mt php XOR.
Nhn xt:
Vn chnh trong loi m dng ny l thit k b sinh dng kha. Bi v vic kt hp
nhng k t bn r v bn m l rt n gin, i hi b sinh dng kha cho m dng
ng b cng phi c mnh [4].
2.3.2. M dng t ng b cng

Hnh 4. M dng t ng b cng.
Trong mt m dng t ng b, mi k t dng kha nhn c t mt s n c nh
ca nhng k t bn m trc . Phn 2.2. Phn loi m dng cng gii thch v
s t ng b ca kin trc m dng ny. Nhng m nh m kha t ng (autokey
ciphers) v h thng m hi tip (cipher feedback systems) l nhng v d ca m
dng t ng b cng (additive self-synchronous stream ciphers) [4].
Mt m kha t ng c kha nhn c t d liu bn r m n m ha. Mt lp
quan trng cc m dng t ng b cng khc, trong qu trnh m phn hi ti b
sinh dng kha nh trong Hnh 4.
Trang 31

Nhn xt:
Nhng vn chnh lin quan n loi m dng ny l vic thit k b sinh dng kha
v cch m k t bn m phn hi c dng trong b sinh dng kha. Loi m dng
ny kh thit k v phn tch hn do lin quan n s phn hi [4].
2.3.3. M dng ng b khng cng
C hai loi m khi v m dng cng u c nhng im thun li v bt li. M
dng ng b cng c im bt li ch, vi mt cp k t bn m-bn r s tit l
ngay k t kha dng tng ng khi k t bn r c m ha. iu ny c th to
iu kin cho mt s loi tn cng phc hi kha (key-recovering attacks) nh tn
cng tng quan (correlation attacks) v tn cng ng (collision attacks), tn cng
ng lng-my (equivalent-machine attacks) nh mt tn cng da trn thut ton
Berlekamp-Massey, tn cng xp x-my (approximate-machine attacks) da trn xp
x tuyn tnh. Mt im thun li ca n l kha dng bin thin theo thi gian (time-
varying), m bo rng cng mt k t bn r thng cho ra nhng k t bn m khc
nhau tng ng cc thi im khc nhau. iu ny thng che y mt s thuc tnh
xc sut ca bn r [4]. S d kin trc m dng ny c gi l m dng ng b
khng cng (nonadditive synchronous stream cipher) l bi do n khng cn l m
dng ng b cng, m c nng cp t m dng ng b cng cng vi m khi
to nn mt kin trc m dng an ton hn.
M khi c im bt li ch, kha ca n khng th c thay i thng
xuyn do vn qun l kha, ch quy c dng duy nht mt kha. Hn na, cng
mt khi (block) bn r lun lun cho ra tng ng cc khi bn m ging nhau nu
mt kha c chn v c nh. iu ny c th to iu kin cho nhiu tn cng nh
tn cng sai phn (differential attacks) trn mt s khi bn m thch hp. Mt im
Trang 32

thun li ca n l c th pht hin s thay i ca bn r bi v bn r c m ha
theo tng khi [4].
gi c cc u im ca c hai loi m dng cng v m khi, nhng
cng trit tiu cc khuyt im ca c hai phng php, mt phng php m khi
ng (dynamic block ciphering approach) s c m t nh bn di. Vi phng
php ny, mt b sinh dng kha v mt thut ton m khi bit trc c kt hp
vi nhau. Cc k t dng kha sinh ra bi b sinh dng kha c dng lm kha
ng ca thut ton m khi cho mi khi bn r [4].
Cho mt thut ton m khi vi chiu di khi bn r l n, gi E
k
(.) v D
k
(.) l cc k
hiu tng ng vi hm m ha v gii m, y k l kha. dng thut ton m
khi cho vic m ha v gii m ng, mt kha ng k
i
cho thut ton c sinh ra
bi mt b sinh dy (sequence generator) SG l (
1 1
,..., ,
+ + t ti ti ti
z z z ), y t l mt s
nguyn dng, v
z k hiu dy c sinh ra bi SG. Tham s t c th l 1 hoc mt

hng s c nh khc. V vy cng thc m ha v gii m c th hin nh sau:

), (
), (
i k i
i k i
c D m
m E c
i
i
=
=

y, m
i
l khi bn r, c
i
l khi bn m ln th i. Bi v kha k
i
bin thin theo
thi gian, nn phng php m ny l m khi ng hay cn gi l phng php m
dng ng b khng cng. Kha ca h thng bao gm c b sinh dng kha SG [4],
ngha l bn thn b sinh dng kha c s dng trong kin trc m dng ny
phi c giu kn.
V d: Gi s ta xt trn thut ton m ha AES vi di kha l 128. Ta mun bin
n tr thnh thut ton m ha khi ng hay m dng ng b khng cng, bng cch
s dng mt generator sinh kha ng. Generator ny sinh dy bao gm cc keyword
Trang 33

vi kch thc 32 bit. Nh vy kha ng
i
k phi bao gm 4 keyword, do
) , , , (
3 4 2 4 1 4 4 + + +
=
i i i i i
z z z z k . Trong trng hp ny t = 4.
Nhn xt:
Trong kin trc m dng ny, thng khng nht thit phi c mt phc tp tuyn
tnh (linear complexity) (xem phn: 2.6. Cc kha cnh mt m ca Sequences) ln i
vi dy sinh ra ca SG. Nu h thng theo kin trc m dng ng b khng cng
c thit k tt th phn ln nhng tn cng c bit i vi m dng cng v m
khi khng p dng c cho h thng ny. tn cng n, ta cn n nhng phng
thc mi [4].
Vic s dng nhng b sinh dy nhanh v nhng thut ton m khi nhanh trong h
thng, s mang li tc cho m hnh m dng p dng kin trc ny.
2.3.4. Phng php m dng s dng m khi
C mt s loi kiu hot ng (mode of operation) ca m khi. Ph bin l bn loi:
Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback
Chaining (CFB) v Output Feedback Chaining (OFB).
Trong kiu ECB, qu trnh m (m ha, gii m) c p dng theo tng khi c lp.
Cho M = M
1
M
2
M
t
l bn r, sau khi m ha thu c kt qu theo [4]:
) (
i k i
M E C = vi i = 1, 2, , t
V vy bn m tng ng l C = C
1
C
2
C
t
. S gii m c m t bi:
) (
i k i
C D M = vi i = 1, 2, , t,
y ) (x D
k
l hm ngc ca ) (x E
k
. Kiu hot ng ny kh n iu v cng nhc.
Trang 34

Trong kiu CBC, cc khi c kt li nhau vi mt gi tr khi to IV. Trong kiu ny
ta gi s rng khng gian bn r v bn m l ng nht, v khng gian khi (block
space) ny l mt nhm Aben (Abelian group) vi ton t +. Khi bn m u tin
c xc nh nh [4]:
), (
1 1
IV M E C
k
+ =
y IV l mt gi tr khi to thuc khng gian khi. Cc khi bn m khc sau
c tnh nh sau:
) (
1
+ =
i i k i
C M E C vi i = 2, 3, , t
gii m, khi bn r u tin thu c nh:
, ) (
1 1
IV C D M
k
=
y l ton t ngc ca +. Nhng khi bn r khc sau c tnh nh:
, ) (
1
=
i i k i
C C D M vi i = 2, 3, , t.
Nu ta so snh cc cng thc m ca CBC trn vi cng thc m ca m dng
tng qut Hnh 2, r rng c th xem kiu CBC lm cho m khi tr thnh m dng
vi b nh ni ti (internal memory). B nh ni ti trong CBC y, c th hiu l
m ha C
i
phi cn n C
i-1
, vy phi cn mt s nh li khi bn m m ha
c trc , iu ny cn n mt b nh. i vi m dng ng b cng, b
nh ni ti ny nm trong b sinh dng kha ca h thng, m mt v d in hnh l
LFSR (xem Phn 2.4.4.1). LFSR chnh l thanh ghi (register) nu hin thc bng phn
cng, n ng vai tr quan trng trong vic to ra dng kha [4].
Kiu CFB trong m khi cn c dng cho qu trnh thc hin m dng. Gi s rng
ta c mt m khi vi khng gian khi bn r v bn m l A
n
, y (A, +) l mt
Trang 35

nhm Aben. Cho E
k
(x) l hm m ha, rchop
u
(x) l k hiu hm c chc nng xa b u
k t phi nht ca i s x, v lchop
u
(x) l k hiu hm c chc nng xa b u k t
tri nht ca i s x. Mt bin th ca kiu CFB c m t nh sau. Chn m l s
nguyn nm gia 1 v n. M dng da trn m khi xt trn (A
m
, +), y ton t +
trn A
m
l ton t m rng ca + trn A. V d:
), ,..., ( ) ,.., ( ) ,..., (
1 1 1 1 m m m m
y x y x y y x x + + = +
y
m
m
A x x e ) ,..., (
1
v
m
m
A y y e ) ,..., (
1
. Chn mt gi tr khi to X
1
, vic m ha k
t bn r th i (
m
i
A M e ) nh sau [4]:
)), ( (
i k m n i i
X E rchop M C

+ = , || ) (
1 i i m i
C X lchop X =
+

y || l k hiu php ghp (hai chui d liu). Cn gii m nh sau:
)), ( (
i k m n i i
X E rchop C M

= . || ) (
1 i i m i
C X lchop X =
+

Trong trng hp ny, kiu CFB c thc hin nh m dng, cng cn n
mt thanh ghi ni ti. Thanh ghi ni ti (internal register) ny c dng cp nht
X
i
nh theo cng thc
i i m i
C X lchop X || ) (
1
=
+
. Cng thc ny l mt cng thc quy np,
r rng vic tnh gi tr X
i+1
phi dng n gi tr ca X
i
. Do vy gi tr X
i
ny phi
c lu tr bc trc bi thanh ghi v c cp nht sau bi X
i+1
.
Kiu OFB trong m khi cng c dng cho qu trnh thc hin m dng. Nh trong
kiu CFB, ban u mt m khi vi khng gian c bn r v bn m l A
n
, y (A, +)
l mt nhm Aben. M dng da trn m khi c m t nh sau. Khng gian bn r
v bn m ca m dng l A
m
, y m c th c chn ty gia 1 v n. M dng c
mt thanh ghi ni ti cp nht gi tr
n
i
A X e . Cho X
1
l gi tr khi to ca thanh
ghi. Vic m ha k t bn r th i (
m
i
A M e ) nh [4]:
Trang 36

)), ( (
i k m n i i
X E rchop M C

+ = ), (
1 i k i
X E X =
+

Gii m c nh ngha bi:
)), ( (
i k m n i i
X E rchop C M

= ). (
1 i k i
X E X =
+

D thy s khc nhau duy nht gia CFB v OFB l s cp nht ca thanh
ghi ni ti.
Trong bn kiu hot ng ca m khi nh trn, c ba kiu c th dng thc
hin m dng. Nh vy c rt nhiu cch s dng m khi cho m dng. Ngay c
m dng ng b khng cng nh c cp phn trc cng da trn m
khi.
Kin trc m phn phi hp tc c trnh by ngay phn di y cng s dng n
m khi.
2.3.5. M phn phi hp tc
H thng m phn phi hp tc (cooperatively distributed (CD) cipher) hay cn gi l
m CD c thit k nhm mc ch gi c cc u im ca c hai loi m dng
cng v m khi, nhng ng thi cng trit tiu cc khuyt im ca c hai phng
php trn [4].
H thng m phn phi hp tc gm c s thnh phn: s thut ton m khi cho
trc, vi kch thc khi ca tt c l nh nhau; thit b iu khin qu trnh m
(m ha hay gii m) l mt b sinh dy vi b nh ni ti, k hiu l SG. SG sinh ra
dy cc phn t trn tp }. 1 ,..., 1 , 0 { = s Z
s

Cho k
0
, , k
s-1
l cc kha tng ng vi cc thut ton m khi cho trc;
) , ( ),..., , (
1 1 0 0
- -
s s
k E k E l cc hm m ha vi cc kha tng ng;
Trang 37

) , ( ),..., , (
1 1 0 0
- -
s s
k D k D l cc hm gii m vi cc kha tng ng. Cho k
sg
l kha ca
b sinh dy, z
i
l k t sinh ra ca SG ti thi im i. mi thi im, ch duy nht
mt trong cc thut ton m khi cho c dng n (cho c m ha ln gii m).
Chng ta c cng thc m ha [4]:
). , (
i z z i
m k E c
i i
=
y m
i
v c
i
l khi bn r v bn m th i. Tng t, cng thc gii m c nh
ngha bi:
). , (
i z z i
c k D m
i i
=
Trong kin trc m CD ny, SG quyt nh hot ng ca mi thnh phn m khi, n
quyt nh thnh phn m khi no s c dng cho vic m ha/gii m mt khi
d liu ti mt thi im. C th c trng hp cc hm m ha E
0
, , E
s-1
ging
nhau, nhng khi cc kha k
0
, , k
s-1
s phi khc nhau tng i mt [4].
Tnh an ton ca kin trc m dng ny c th c phn tch thng qua ng
cnh b tn cng nh sau. u tin, ta xem xt tn cng trn m khi. Tt c cc tn
cng trn m khi c thc hin di s gi nh rng kha c c nh v c duy
nht mt thut ton m ha (gii m tng ng). Nhng tn cng nh tn cng sai
phn v tn cng tuyn tnh. Cc tn cng ny u khng th p dng c ti h
thng m CD ny vi cch n gin, nu chng ta c t nht hai thut ton m ha khc
nhau hoc t nht hai kha khc nhau trn m khi trong h thng ny. Th hai phn
ln trong s cc tn cng trn m dng p dng cho cc b sinh dng kha ca m
dng cng. Nu h thng m CD c thit k ng n sao cho b sinh dng kha an
ton trc cc tn cng, th nhng tn cng s khng hiu nghim.
H thng m CD l mt qu trnh thc hin theo m dng, mc d n l mt s
t hp ca m khi v m dng. Mt thng ip bn r thng tng ng vi cc bn
Trang 38

m khc nhau ti cc thi im khc nhau. Mc ch ca s hp tc v phn phi l
lm v hiu cc tn cng c bit trn c m khi v m dng cng [4].
Nu h thng c thit k ng n, ta c th to mt m CD rt mnh t mt
s m khi rt yu v mt b sinh dy yu. iu ny li cho thy sc mnh ca s
hp tc v phn phi.
Nhng thnh phn v thit b iu khin trong h thng CD s c chn mt cch chu
o. Di y chng ta xem xt h thng bao gm hai thnh phn m khi [4].
Cho K
0
v K
1
l cc khng gian kha ca hai m khi tng ng. Gi s rng
mi kha c th thuc K
0
hay K
1
. Cho ) 1 Pr( ), 0 Pr(
1 0
= = = = z p z p v
{ } . 1 , 0 , ) , ( | ) , ( = = e = i c m k E K k c m n
i i i i i

Cho Pr(m, c) l xc sut sao cho c l mt khi bn m tng ng ca khi bn r m. Ta
thy rng [4]:
. 1 , 0 ,
) , (
)) , ( ; Pr(
,
) , ( ) , (
) , Pr(
1
1
1
0
0
0
= = =
+ =
i
K
c m n
p c m i z
K
c m n
p
K
c m n
p c m
i
i
i

p dng cng thc Bayes ta c kt qu cc xc sut c iu kin sau:
) , ( ) , (
) , (
)) , ( | 1 Pr(
,
) , ( ) , (
) , (
)) , ( | 0 Pr(
1 1 0 0 0 1
1 1 0
1 1 0 0 0 1
0 0 1
c m n p K c m n p K
c m n p K
c m z
c m n p K c m n p K
c m n p K
c m z
+
= =
+
= =

Do , ta c h thc sau cho lng tin trung bnh (average mutual information)
[5][40]:
Trang 39

) , ( ) , (
) , (
log
) , ( ) , (
) , (
) , ( ) , (
) , (
log
) , ( ) , (
) , (
)) , ( ; (
1 1 0 0 0 1
1 1 0
1 1 0 0 0 1
1 1 0
1 1 0 0 0 1
0 0 1
1 1 0 0 0 1
0 0 1
c m n p K c m n p K
c m n p K
c m n p K c m n p K
c m n p K
c m n p K c m n p K
c m n p K
c m n p K c m n p K
c m n p K
c m z I
+
+
=

cc tiu ha lng tin trung bnh ny th:
1
1
1
0
0
0
) , ( ) , (
K
c m n
p
K
c m n
p =
Ch rng:
. 1
) , ( ) , (
1
1
0
0
= =

e e C c C c
K
c m n
K
c m n

Ko theo:
.
) , ( ) , (
1
1
1
1
0
0
0 0
p
K
c m n
p
K
c m n
p p
C c C c
= = =

e e

Suy ra p
0
= p
1
= v

.
) , ( ) , (
1
1
0
0
K
c m n
K
c m n
=
Vi nhng phn tch trn, ta thu c nguyn tc thit k sau. Cho h thng m
CD vi hai thnh phn m khi, cc tham s cn t cc gi tr nh sau [4]:
1. ;
2
1
0
~ p
2.
1
1
0
0
) , ( ) , (
K
c m n
K
c m n
~ , v nu mt trong ) , (
0
c m n hay ) , (
1
c m n bng 0, th gi tr cn
li cng phi bng 0.
Nhn xt:
Trang 40

R rng mt m c an ton chng li cc tn cng da vo duy nht bn m nu
n c an ton chng li cc tn cng bit trc bn r. Cho mt s cp khi bn
r-bn m, vic u tin ca mt nh thm m l c gng ly mt t thng tin v dng
kha v sau c gng phc hi li kha ca SG hoc xy dng mt b sinh sinh
ra kt qu ging nh vy, bng cch phn tch cc tham s ) , (
0
c m n v ) , (
1
c m n ca hai
m khi i vi cc cp bn r-bn m cho. Nu hai m khi khng c thit k
tt, v nh thm m bit c 0 ) , (
0
= c m n , th sau anh ta bit ngay l gi tr sinh ra
ca b sinh l 1, ngha l m khi c chn l E
1
. Nu mt tn cng trn SG thnh
cng, th sau n ch cn vic tn cng vo hai m khi theo mt cch thng thng.
Nh vy ngha l ngha ca s hp tc b mt i. Nguyn tc thit k trn c dng
lm v hiu loi tn cng chia tr ny.
Mt khc, SG s c thit k sao cho dy sinh ra ca n c cc phn phi mu
(pattern distribution) (xem phn: 2.6. Cc kha cnh mt m ca Sequences) tt. Nu
dy iu khin (dy kt qu sinh ra bi SG) l 11110000, th s hp tc hin nhin
rt yu.
Mt h thng CD c th c an ton hn so vi cc m khi. Nu SG c thit k
tt, m CD c th tn dng c cc m khi yu [4].
2.4. Cc loi Generator
Nh tng cp, b sinh dng kha (generator) l mt thnh phn quan trng trong
mt m hnh m dng. N c nhim v sinh ra dng kha p ng nhu cu m ha v
gii m (cng nh m bo tnh ton vn, chng thc,) trong mt m hnh p dng
m dng. Trong trng hp tng qut ta c th ni, kt qu ca b sinh dng kha l
mt dy (sequence) hay mt dy gi ngu nhin (ngu nhin), hoc l cc s gi ngu
nhin (pseudo-random numbers).
Trang 41

C nhiu loi generator khc nhau vi cu to v nguyn l hot ng cho ra
kt qu khc nhau. C nhiu generator c m hnh bi cc my trng thi hu hn
(finite state machine FSM). Ta bt u vi vic cp ti cc my trng thi hu hn
ny.
2.4.1. My trng thi hu hn v b sinh dng kha
Cc my trng thi hu hn l nhng h thng quan trng cho vic m hnh ha cc
thit b mt m. C nhng v d tiu biu v cc h thng m dng vi mt my trng
thi hu hn c th c m hnh bi s kt hp ca cc thanh ghi dch chuyn (shift-
register) [8]. Cc my trng thi hu hn l nhng i tng ton hc quan trng cho
vic m hnh ha phn cng in t. Trong mt m dng ng b, generator kha
chy (running-key generator) c th c xem i khi nh mt my trng thi hu
hn t iu khin (autonomous), nh c th hin Hnh 5.

Hnh 5. Keystream Generator nh my trng thi hu hn t iu khin.
Keystream generator nh mt my trng thi hu hn gm c mt b ra (output
alphabet) v mt tp trng thi, cng vi hai hm v mt trng thi khi to. Hm
trng thi tip (next state function) f
s
nh x trng thi hin ti S
j
thnh mt trng thi
mi S
j+1
t tp trng thi, v hm ra (output function) f
0
nh x trng thi hin ti S
j

Trang 42

thnh mt k t ra z
j
t b ra. Kha k c th c dng cho hm trng thi tip v
hm ra cng nh trng thi khi to [4].
Vn c bn ca vic thit k mt keystream generator l tm mt hm trng thi
tip f
s
v mt hm ra f
0
, c m bo sinh ra mt kha chy
z tha mn cc yu
cu mt m nht nh nh phc tp tuyn tnh ln v tnh n nh phc tp
tuyn tnh tt, t tng quan tt, phn phi mu u,(xem Phn 2.6) [4].
c c nhng yu cu trn, nhng loi my trng thi hu hn c trng c
dng nh nhng generator kha chy. ng tic l l thuyt v my t ng iu khin
c hm trng thi phi tuyn khng c pht trin tt. C nhiu loi keystream
generator c xut. Mt s d thi hnh (implement), nhng tnh an ton ca chng
kh iu khin. Mt s an ton chng li cc loi tn cng no , nhng li thi hnh
tng i chm. Cc generator s hc (number-theoretic generator) v generator m
(counter generator) l nhng generator in hnh c m hnh t cc my trng thi
hu hn [4].
2.4.2. B sinh da trn b m
B m (counter) l my t ng n gin nht c mt chu k (period), m thng
c ly l q
n
, y q l mt s dng. Mt b m chu k N m cc s 0, 1, , N
1 theo chu k. Dy kt qu (output sequence) ca b m c chu k ln, nhng thiu
cc thuc tnh c yu cu khc. m, dy kt qu c th c dn ra thng qua
mt bin i kt qu phi tuyn (nonlinear output transformation) [9]. Hay chnh l vic
ng dng mt hm phi tuyn (nonlinear function) cho mt b m xy dng
keystream generator nh Hnh 6 [4].
Trang 43

Hnh 6. B m vi hm ra phi tuyn.
Trong loi generator ny, kha c dng iu khin hm (logic). Cc gi tr
khi to ca b m c th c xem nh mt phn ca kha hoc nh mt gi tr
ngu nhin. Mt xut c bit c cho bi Diffie v Hellman l dng mt thnh
phn c nh ca mt thut ton m khi nh l hm ra (logic) cho generator trong
Hnh 6 [4].

Hnh 7. Mt s generator da trn b m.
Nu ta xem xt cc b m vi chu k N bt k, v dng mt hm xc nh f(x)
t Z
N
vo mt nhm Aben G, ta c mt generator nh Hnh 7(b). Trong generator ny,
kha k l mt trong cc s nguyn 0, 1, , N 1, v b m bt u chu k m ca
n gi tr kha. Cc i s x ca f(x) l nhng gi tr nguyn lin tip c cung cp
bi b m. Nh vy dy hay dng kha sinh ra trong G c cho bi [4]:
), mod ) (( N k i f z
i
+ =
Trang 44

y phn d modulo N nhn gi tr nguyn t 0 ti N 1.
C t im khc nhau gia hai generator trong Hnh 7. Trong generator Hnh
7(a), kha hoc mt phn kha c dng iu khin hm ra, trong khi trong
generator Hnh 7(b) hm f(x) c xc nh v kha n gin l gi tr khi to ca
thanh ghi (register). Generator Hnh 7(b) c gi l b sinh dy d nhin (natural
sequence generator NSG), bi v mi dy tun hon (dy c chu k) c th thu c
bi generator ny theo mt cch t nhin, v nhiu kha cnh an ton ca generator
ny c th c phn tch v iu khin. M dng ng b cng (additive synchronous
stream cipher) da trn loi generator ny c gi l m dng t nhin cng
(additive natural stream cipher) [4].
Nhn xt:
Mt keystream generator c thit k khng ng n c th b b bi mt tn cng
sai phn hoc mt s tn cng khc. Nu generator c thit k ng n, NSG c
th khng li tt c cc tn cng [4]. NSG l i tng m cc nh nghin cu m
hay cp trong cc nghin cu m dng.
2.4.3. B sinh s hc
Mt s h thng thc t sm nht c dng hot ng nh cc generator s gi
ngu nhin (pseudo random number generator) hn l cc generator dng kha
(keystream generator) [1]. Cc s gi ngu nhin c cn n khng ch trong mt
m, m cn trong nhng m phng s hc cho cc phng thc Monte Carlo, ly mu,
phn tch s hc, kim tra sai xt ca chp my tnh, lp trnh my chi bc (slot
machine). Tuy nhin, nhng ng dng khc nhau yu cu cc thuc tnh ngu nhin
ca cc s khc nhau. Chng hn nhng s ngu nhin cho cc m phng (Monte
Carlo) th khc so vi cho cc mc ch mt m [4]. Mt s generator thuc vo loi
ny nh: generator ng d tuyn tnh (congruential generator), generator 1/p,
Trang 45

generator ly tha (power generator), generator da trn php m (generator based
on the exponential operation) [4].
2.4.3.1. Generator ng d tuyn tnh
Mt generator ng d tuyn tnh (Linear Congruential Generator LCG) thng
c dng sinh ra cc s ngu nhin, v s tip theo X
i+1
trong mt dy cc s X
i

c nh ngha nh cch sau:
, mod ) (
1
M b aX X
i i
+ =
+
(2.4.3.1)
y 1 0 s s M X
i
. Trong (a, b, M) l nhng tham s nh ngha generator v X
0

l gi tr khi u ca dy (c th cho b bn s a, b, M, X
0
l kha ca generator).
Cc generator ng d tuyn tnh c s dng rng ri trong thc t cc phng
thc Monte Carlo, nhng chng yu v mt mt m [4], vi nhng minh chng sau:
R rng phng php ny khng c tnh an ton mt m nu mun M c
bit. Trong trng hp ny, c th gii tm x nh vo ng d thc:
M X X x X X mod ) ( ) (
0 1 1 2
; (Gi tr ca x chnh l a, t c th tnh c b). Sau
phn cn li ca dy c th c tnh chnh xc bng cch dng h thc:
M X x X X x X
i i
mod )) ( ( ) (
0 1 1
+ =
+
, [11].
Ngoi ra, mt vn t ra l khi a, b, M v X
0
u khng c bit th phi tn
cng nh th no. Cn phi c mt cch thc suy on tm cc gi tr ca dy. Ta
c thut ton sau gii quyt vn ny:
Thut ton Plumstead [12]: Gi s LCG c cho nh theo cng thc (2.4.3.1) vi a,
b, M v X
0
khng bit, v khng c thuc tnh no trong chng c gi nh g, ngoi
) , , max(
0
X b a M > . Thut ton s tm mt ng d thc: , mod )
(
1
M b X a X
i i
+ =
+
c th
Trang 46

vi a v b khc nhng sinh ra dy tng t nh ng d thc ban u. Qu trnh suy
on bao gm hai giai on nh sau. Cho
i i i
X X Y =
+1
.
Giai on 1: Trong giai on ny, ta s tm a v b
nh sau:
1. Tm t nh nht sao cho ) ,..., , gcd(
1 0 t
Y Y Y d = v d chia ht Y
t+1
.
2. Vi mi i vi t i s s 0 , tm u
i
sao cho:
.
0
d Y u
t
i
i i
=
=

3. Gn
=
+
=
t
i
i i
Y u
d
a
0
1
1
, v
0 1
X a X b = .
Giai on ny s cho , mod )
(
1
M b X a X
i i
+ =
+
vi tt c 0 > i .
Giai on 2: Trong giai on ny, ta bt u d on X
i+1
v nu cn thit c th thay
i mun M. Khi mt d on X
i
c thc hin, gi tr ng thc s s c sn
sng cho thut ton suy on ( i chiu ng sai). Ban u, gn i = 0, = M v
gi s X
0
v X
1
c bit trc (chng ta c th ti s dng cc s giai on trc).
Lp cc bc sau:
1. Gn i = i + 1 v d on:
. mod )
(
1
M b X a X
i i
+ =
+

2. Nu X
i+1
khng ng, gn ). , gcd(
1 i i
Y Y a M M =

Phn tch thut ton Plumstead: r rng mi bc trong c hai giai on c thc
hin trong thi gian a thc theo ln ca M. Theo Plumstead, chng minh rng t
trong Giai on 1 c gii hn bi
(
M t
2
log s , s d on sai c thc hin trong
Trang 47

Giai on 2 c gii hn bi M
2
log 2 + . V vy thut ton ti u vi phc tp
) (log
2
M O trong trng hp xu nht [12].
Mt ln na vi nhng minh chng trn, ta c th kt lun: generator ng d tuyn
tnh yu v mt mt m.
2.4.3.2. Cc generator s hc khc
Generator 1/p: c khai trin hu t [4]:
... ... .
1
1 2 1 0 +
=
j j
d d d d d
p

Khai trin ny c thc hin trong c s d. Ta ni (p, d) l cc tham s nh ngha
generator, v khi u l mt v tr xc nh j ca s ngu nhin u tin. V d, cho
dy ngu nhin xc nh bi cng thc: x
n
= d
j+n
vi . 0 > n
Generator ly tha: c nh ngha bi [4]:
, mod
1
N x x
d
n n
=
+

trong (d, N) l cc tham s nh ngha generator v x
0
l gi tr khi u. C hai
trng hp c bit ca generator ly tha, c hai u xy ra khi N = p
1
.p
2
l tch ca
hai s nguyn t l phn bit. Nu d c chn sao cho 1 )) ( , gcd( = N d | (d v ) (N |
nguyn t cng nhau), th nh x
d
x x l mt hon v trn Z
N
*
, v generator ny cn
c gi l generator RSA. y ) (N | l phi hm Euler ca N.
Nu ta chn d = 2 v N = p
1
p
2
vi p
1
= p
2
= 3 mod 4, th y gi l generator bnh
phng (square generator) [4].
Generator s hc da trn php m: c cho bi [4]:
Trang 48

, mod
1
N g x
n
x
n
=
+

trong (g, N) l cc tham s nh ngha generator v x
0
l gi tr khi u.
Nhn xt cc b sinh s hc: cc b sinh ny c th thc hin kh chm khi mun M
ln. Bng cch thay i cc b sinh trn, c th thu c mt s b sinh bit s hc.
Chng hn b sinh bit RSA hay b sinh bnh phng (Rabin) vi vic cho ra dy cc
bit b nht (least significant bit LSB). Cc b sinh bit s hc ny c tc nhanh
hn hn [13].
2.4.4. B sinh da trn thanh ghi dch chuyn
Thanh ghi dch chuyn (shift register) thng c s dng to b sinh v hai l do
c bn. u tin cc generater ny to ra cc dy ph hp vi tinh thn ca cc tin
ngu nhin Golomb (xem Ph lc). ng thi hot ng ca cc b sinh da trn
thanh ghi dch chuyn ph hp cho vic phn tch bng phng php i s hn.
2.4.4.1. Thanh ghi dch chuyn hi tip tuyn tnh
Trong cc thanh ghi dch chuyn th thanh ghi dch chuyn hi tip tuyn tnh (linear
feedback shift register LFSR) thng c p dng trong vic to cc generator hn
v loi thanh ghi ny ph hp cho ci t cc x l c tc cao v c th c ci t
trn phn cng ln phn mm. Ngoi ra n cn mang cc thuc tnh thng k tt.
Thanh ghi ny c chia lm n (stage), mi c nh s t tri sang phi vi cc
gi tr 0, 1, 2, , n-1. Mi u cha thng tin v thng tin ca tt c n trong thanh
ghi c gi l mt trng thi (state). Trong generator, sau mt xung tn hiu thanh ghi
s thay i trng thi ca n: thng tin ca stage i s chuyn sang stage i-1, thng tin
ca stage 0 s c ly ra ngoi. Thng tin ca stage n-1 c to bng cch s dng
cc php bin i tuyn tnh trn thng tin cc stage khc, cng vic ny gi l hi tip
Trang 49

(feedback). Cn c vo cch thay i trng thi ngi ta phn ra lm hai loi thanh ghi
khc nhau: thanh ghi Fibonacci v thanh ghi Galois.

Hnh 8. Mt m hnh ca loi thanh ghi Fibonacci.

Hnh 9. Mt m hnh ca loi thanh ghi Galois.
Do vic s dng cc bin i tuyn tnh nn cc b sinh da trn loi thanh ghi ny c
th to ra cc chui c phc tp tuyn tnh d on. iu lm tng nguy c tn
cng da trn phc tp tuyn tnh. Ngi ta phi tm cch s dng cc bin i phi
tuyn ln cc b sinh. C hai hng tip cn vn ny nh sau.
- Dng generator kt hp (combinication generator): dng nhiu thanh ghi v kt
hp cc u ra ca cc thanh ghi ny bng mt hm phi tuyn.
- Dng generator lc (filter generator): ch s dng mt thanh ghi v dng mt
hm phi tuyn bin i trng thi ca thanh ghi thnh keystream.
Trang 50

2.4.4.2. Generator kt hp
2.4.4.2.1. S dng b trn knh (Multiplexer)
B trn knh l thit b vt l dng thu nhn cc tn hiu t mt ngun u vo.
Vic thu nhn tn hiu ny li chu s iu khin t mt ngun u vo khc. Generator
c th s dng b trn knh theo cch kt hp hai thanh ghi li vi nhau. Sau mt xung
thi gian, generator ly k bit t thanh ghi th nht v dng mt hm bin i k bit ny
thnh mt s t nhin n. Sau generator s ly n bit t thanh ghi th 2 lm
keystream.

Hnh 10. M hnh generator s dng b trn knh.
2.4.4.2.2. iu khin tn hiu nh thi
Sau mt khong thi gian nht nh thanh ghi s thay i trng thi. Trong generator
s dng phng php iu khin tn hiu nh thi th mt thanh ghi s quyt nh sau
khong thi gian mt thanh ghi khc c c quyn thay i trng thi khng. M
hnh u tin ca generator loi ny l generator dng v chy (stop-and-go
generator) s dng hai thanh ghi. Khi thanh ghi th nht thay i trng thi nu u ra
ca thanh ghi th nht l 1 th thanh ghi th hai s thay i trng thi, ngc li thanh
Trang 51

ghi th hai s khng thay i v u ra thanh ghi th hai s ging vi u ra ca ln
trc [23]. Gunther ci tin loi generator ny thnh loi generator bc lun
phin (alternating step generator). M hnh ca Gunther s dng ba thanh ghi, thanh
ghi th nht s quyt nh vic thay i trng thi ca hai thanh ghi cn li. Sau mt
xung thi gian, nu u ra ca thanh ghi th nht l 0 th thanh ghi th hai s c thay
i trng thi cn thanh ghi th ba khng thay i. Ngc li nu u ra ca thanh ghi
th nht l 1 th ch thanh ghi th ba c thay i trng thi [24]. Mt hng ci tin
khc ca generator dng v chy s dng kt ni dng thc nc (cascade
connection) nhiu thanh ghi sp theo th t trong u ra ca thanh ghi pha trc s
quyt nh vic thay i trng thi ca thanh ghi sau n.

Hnh 11. M hnh generator dng v chy.

Trang 52

thanh ghi iu khin l 1.

thanh ghi iu khin l 0.
2.4.4.2.3. Generator co (shrinking generator)
Mt trong nhng hng kt hp cc thanh ghi khc ca generator l phng php lm
co u ra ca cc thanh ghi li. Phng php ny cng c xem l dng m rng ca
phng php iu khin tn hiu nh thi. Ngi ta chia generator s dng phng
php ny lm hai loi: generator co v generator t co (self-shrinking generator). M
hnh n gin ca generator co gm hai thanh ghi. Ging nh generator dng v
Trang 53

chy nu bit u ra ca thanh ghi th nht l 1 th thanh ghi th hai cp nht trng thi
bnh thng. Nhng nu bit u ra l 0 th thanh ghi th hai khng thay i v cng
khng to ra bit u ra no. Khi , trong cung mt thi gian thanh ghi th hai s ra s
lng bit t hn mt thanh ghi bnh thng.

Hnh 14. M hnh hot ng ca thanh ghi trong generator co.
Trong m hnh generator t co thay v s dng mt thanh ghi lm tham s iu
khin v mt thanh ghi lm u ra ngi ta s gom hai chc nng ny vo cng mt
thanh ghi [25]. Cch ci t ny s tit kim khng gian phn cng trong khi s lng
bit u ra ca generator cng khng thay i so vi cch s dng hai thanh ghi.
2.4.4.2.4. Generator kt hp phi tuyn
Trang 54

Hnh 15. Generator kt hp phi tuyn.
Keystream c sinh ra thng qua mt hm phi tuyn f ca cc kt qu sinh ra ca cc
thnh phn LFSR. Generator ny c gi l generator kt hp phi tuyn (nonlinear
combination generator), v f c gi l hm kt hp (combining function). Bc phi
tuyn (nonlinear order) ca f l gi tr ln nht trong cc bc ca cc s hng xut hin
trong biu din i s thng thng ca n. V d
5 4 3 1 5 4 3 2 5 4 3 2 1
1 ) , , , , ( x x x x x x x x x x x x x f = c bc phi tuyn l 4 [18]. Bc phi
tuyn ca hm Boolean cn c tn gi khc l bc i s ca hm Boolean (xem thm
Ph lc).
Mt generator c th thuc loi ny l generator php cng (summation generator).
Trong tin hc php cng hai s nguyn (interger) s c trnh bin dch tnh
ton trn byte. i vi cc php ton m trnh bin dch thc hin , php chn s d
l mt php bin i phi tuyn trn bit. Tnh cht ny c p dng to ra generator
php cng. Generator php cng dng nhiu thanh ghi, u ra ca thanh ghi s c
a vo nh l cc s cng hng n v ca mt php cng. Mt thit b s c nhim
v cng cc gi tr u ra, to v lu s d ng thi xut ra kt qu cng [26].
Trang 55

Hnh 16. M hnh ca Generator php cng.
Hnh 16 din t mt m hnh generator php cng sinh ra dng kha trn trng
GF(2).
2.4.4.3. Generator lc phi tuyn
Generator lc l loi generator s dng mt thanh ghi v mt hm phi tuyn f to ra
keystream. Hm phi tuyn f c u vo trng thi ca thanh ghi nhng thng thng
hm ny ch dng mt s stage c nh trn thanh ghi. u ra ca hm f l mt bit hay
mt dy bit lm keystream. Nh vy an ton ca generator lc s ph thuc vo
tnh cht ca hm f. Loi generator ny cng c p dng trong cc phng php m
ha da trn generator ZUC (xem Phn 3.2).
Trang 56

Hnh 17. M hnh generator lc.
2.4.4.4. Thanh ghi dch chuyn hi tip phi tuyn
Thanh ghi dch chuyn hi tip phi tuyn (nonlinear feedback shift register NLFSR)
cng c cu trc ging nh LFSR: gm mt dy cc stage v thay i trng thi khi c
tn hiu nh thi. Nhng khc bit ch hm hi tip (feedback function) trong
NLFSR l mt hm phi tuyn. V d vi x
i
l thng tin cc stage i ca thanh ghi, hm
hi tip trong LFSR s c dng tuyn tnh, v d:
f(x)= x
1
+ x
2
+ x
3
+ x
4.

Trong khi vi NLFSR th hm hi tip s l mt hm phi tuyn, v d:
f(x) = x
1
x
2
x
3
+ x
4.

Hnh 18. M hnh NLFSR Galois.
Trang 57

Hnh 19. M hnh NLFSR Fibonacci.
Do tnh cht bin i phi tuyn nn thanh ghi phi tuyn c an ton hn thanh ghi
tuyn tnh, cc generator s dng thanh ghi phi tuyn khng cn dng cc phng php
phi tuyn ha nh kt hp cc thanh ghi hay lc thanh ghi. Nhng b li thanh ghi
phi tuyn kh ci t hn v chy chm hn. Trong thc t ngi ta thng kt hp c
2 loi thanh ghi ny to generator, nh trong loi m dng Grain ngi ta s dng
mt thanh ghi LFSR 80-bit v mt thanh ghi NLFSR 80-bit [27].
2.5. Trng hu hn ) ( p GF v ) (
m
p GF
Phn ny trnh by l thuyt cn bn v cc trng hu hn (finite field) cn thit
trong vic nh ngha cc dy (sequence) cng nh keystream c to bi cc
generator. Tht vy, bn cht ca dy m ta kho st c sinh ra bi generator l bao
gm cc phn t (element), mt phn t c th l mt keyword trong dy keystream
(keystream sequence). Cc phn t ny c th thuc v mt trong hai trng hu
hn ) ( p GF hay ) (
m
p GF .
Phn ny c xem nh l mt c s ton hc ca m dng.
2.5.1. Trng hu hn (trng Galois)
Trng vi mt s hu hn cc phn t c gi l trng hu hn, vi nh ngha:
nh ngha 2.5.1 [14]: Mt trng hu hn } , , { - + F gm c mt tp hu hn F, v hai
php ton + v - tha mn cc tnh cht sau:
Trang 58

1. F b a F b a F b a e - e + e , , ,
2. a b b a a b b a F b a - = - + = + e , , ,
3. ) ( ) ( ), ( ) ( , , , c b a c b a c b a c b a F c b a - - = - - + + = + + e
4. c a b a c b a F c b a - + - = + - e ) ( , , ,
5. a a a a a a F = - = - = + = + e - 1 1 , 0 0 , 1 , 0
6. F a F a e - e ) ( , sao cho 0 ) ( ) ( = + = + a a a a
F a F a e - e =
1
, 0 sao cho 1
1 1
= - = -

a a a a
Trng hu hn cn c tn gi khc l trng Galois (Galois Field). S phn t
trong mt trng Galois c th l mt s nguyn t hoc ly tha ca mt s nguyn
t. Chng hn ) 7 ( GF , ) 2 ( ) 8 (
3
GF GF = v ) 2 (
8
GF c s phn t tng ng l 7, 8 v
256 l cc trng Galois, cn ) 6 ( GF c s phn t l 6 khng phi l mt trng
Galois. T y tr i ta k hiu p l s nguyn t. ) (
m
p GF l trng hu hn vi p
m

phn t, cn c gi l trng m rng ca ) ( p GF v p c gi l c s
(characteristic) [14][21].
Mt s nh ngha khc lin quan n trng hu hn ) (
m
p GF :
nh ngha 2.5.2 [14]: Bc ca mt trng hu hn l s phn t trong trng hu
hn .
nh ngha 2.5.3 [14]: Cho o l mt phn t khc 0 ca ) (
m
p GF , bc ca o l s
nguyn dng nh nht, k hiu ord(o ), sao cho
) (o
o
ord
l phn t n v ca
) (
m
p GF .
Trang 59

nh ngha 2.5.4 [14]: Khi 1 ) ( =
m
p ord o , o c gi l mt phn t c bn ca
) (
m
p GF .
nh ngha 2.5.5 [14]: a thc vi cc h s ca n l cc phn t ca ) (
m
p GF c
gi l a thc trn ) (
m
p GF .
nh ngha 2.5.6 [14]: Mt a thc trn ) (
m
p GF l a thc bt kh quy nu n khng
th c phn tch thnh nhn t ca cc a thc khng tm thng (bc > 0) trn
trng tng t ( ) (
m
p GF ).
Trong mt s ti liu ting Vit, a thc bt kh quy cn c tn gi khc l a
thc nguyn t.
2.5.2. Cch biu din phn t trong trng hu hn
biu din mt phn t trong trng Galois, c nhiu cch khc nhau nh: biu din
ly tha (power representation), biu din c s thng thng (normal basis), biu din
c s chun (standard basis) [14], . y l cc cch biu din cho trng ) (
m
p GF ,
cn i vi trng GF(p) nh ta bit cc phn t ca n l tp hp {1, 2, , p 1}.
Ngoi ra GF(p) cn c cch k hiu khc l Z
p
.
o Trong cch biu din ly tha, tp hp cc phn t ca ) (
m
p GF c th c
biu din nh sau [14]:
} ,... , , 1 , 0 {
2 2
m
p
o o o

y o l mt phn t c bn ca ) (
m
p GF .
o Trong cch biu din c s thng thng, mi phn t c s c lin h n
bt k mt phn t no trong cc phn t c s, bng cch p dng nh x ly
Trang 60

tha bc p lp i lp li, y p l c s (characteristic) ca trng, iu
ni rng [14]:
Cho ) (
m
p GF l trng vi p
m
phn t, v | l mt phn t ca n, sao cho m phn t:
} ,..., , , {
1 2 m
p p p
| | | |
c lp tuyn tnh.
o Cn biu din c s chun l mt cch biu din t nhin ca cc phn t
trng hu hn nh cc a thc trn mt trng nn, cn c gi l biu din
a thc. nh ngha c th nh sau [14]:
Cho ) (
m
p GF e o l nghim ca mt a thc bt kh quy (irreducible polynomial) bc
m trn ) ( p GF . Chun hay c s a thc ca ) (
m
p GF l:
} ..., , 1 , 0 {
1 m
o o
V vy trong biu din ny, mi phn t ca ) (
m
p GF c biu din nh mt a
thc
1
1
2
2 1 0
...

+ + + +
m
m
c c c c o o o trn ) ( p GF . Trng nn y l ) ( p GF . Nh vy
cch biu din c s chun da trn biu din a thc thng qua mt a thc bt
kh quy. Mi a thc bt kh quy bc m trn ) ( p GF nh ngha duy nht mt trng
) (
m
p GF . Phn tip theo (2.5.3) gip hiu r vai tr ca a thc ny trong cch biu
din ny.
(Trong cch biu din ny, ta c th khng cn quan tm n nghim c th o
ca a thc bt kh quy l g, m c th i din bng mt bin x. Do ta cn c
cch ni, mi phn t ca ) (
m
p GF c biu din nh mt a thc
1
1
2
2 1 0
...

+ + + +
m
m
x c x c x c c trn ) ( p GF ).
Trang 61

Do tnh n gin ca n, nn cch biu din c s chun c s dng rng ri [14].
V trong lun vn ny ch cp n p dng ca cch biu din ny cho cc dy c
sinh ra bi generator.
2.5.3. Tnh ton trn trng hu hn
Thng thng hai trng ) ( p GF v ) 2 (
m
GF hay c ng dng trong mt m, nn ta
ch cc php tnh trn hai trng ny.
y, lun vn ch cp cc php tnh cn bn trn trng ) 2 (
m
GF .
Cho hai phn t ) 2 ( ,
m
GF B A e , vi biu din c s chun tng ng l
=
=
1
0
) (
m
i
i
i
x a x A
v
=
=
1
0
) (
m
i
i
i
x b x B thng qua ) (x f l a thc bt kh quy trn GF(2) bc m.
o Php cng:
=
+
1
0
) ( ) ( mod )) ( ) ( ( ) (
m
i
i
i i
x b a x f x B x A x C .
o Php nhn:
=
= - =
1
0
) ( mod ) ( ) ( ) ( ) ( ) (
m
i
i
i
x f x B x A x c x B x A x C
o Php nghch o: Tnh ) ( mod
1
x f A
. Ta c thut ton Euclid nh phn m

rng [15]:
Thut ton (tnh nghch o) Euclid nh phn m rng (Binary Extended Euclidean
Algorithm - BEA)
Input: 0 ), 2 ( = e A GF A
m

Output: ) ( mod
1
x f A

Trang 62

1 : b 1, c 0, u A, v f.
2 : while x divides u do
3 : u u/x.
4 : if x divides b then
5 : b b/x.
6 : else
7 : b (b+ f )/x.
8 : end if
9 : end while
10 : if u = 1 then
11 : return b
12 : end if
13 : if deg(v) < deg(u) then
14 : u v, b c.
15 : end if
16 : u u + v, b b+ c.
17 : goto step 2
Thut ton BEA cha hai ng thc bt bin l bA + df = u v cA + e f = v, vi
d v e khng c tnh r rng (khng cn quan tm trong thut ton). Thut ton kt
Trang 63

thc khi deg(u) = 0, vi trng hp u = 1 v do bA + df = 1, hay ) (mod 1 f Ab . V
th ) ( mod
1
x f A b

= [15].
V d: Xt trn trng ) 2 (
8
GF , cho a thc 1 ) (
5 6 8
+ + + + = x x x x x f bt kh quy trn
GF(2), 1 ) (
3 7
+ + + = x x x x A v 1 ) (
4
+ = x x B l hai phn t thuc ) 2 (
8
GF c biu
din di dng a thc thng qua ) (x f . Ta tnh:
Cng: x x x x x x x x x x B x A + + + = + + + + = +
3 4 7 0 3 4 7
) 1 1 ( ) ( ) (
Nhn:
x x x x x x x
x x x x x x x f x x x x x B x A
+ + = + + + +
+ + + + + + = + + + + = -
2 7 5 6 8
3 4 5 7 11 4 3 7
) 1 mod(
1 2 )) ( mod( ) 1 ( ) 1 ( ) ( ) (

Nghch o B(x): p dng thut ton BEA, ta s c c:
1 ) 1 ( ) 1 ( ) 1 (
2 5 6 8 2 3 4 6 4
= + + + + + + + + + + x x x x x x x x x x . Hay:
)) ( mod( 1 ) 1 ( ) 1 (
2 3 4 6 4
x f x x x x x + + + + + . Suy ra:
. 1 )) ( mod(
2 3 4 6 1
+ + + + =
x x x x x f B
Nu xem trng ) 2 (
8
GF l tp hp bao gm cc bytes. Ta c:
A x A = =10001011 ) ( , B x B = = 00010001 ) ( .
Cng cng vi cc kt qu nh trn, khi thc hin php cng, nhn (hai dy
bits) v nghch o (ca B), ta s thu c:

. 01011101
, 10000110
, 10011010 00010001 10001011
1
=
= -
= = +
B
B A
B A

Trang 64

2.6. Cc kha cnh mt m ca Sequence
Cc kha cnh mt m (cryptographic aspect) ca dy (hay dng kha) l cc c tnh
ca dy, l cc nhn t c th cn thit cho s an ton ca mt m dng no .
i vi dy ca m dng ng b cng, c mt s o mt m v sc mnh
ca n nh: phc tp tuyn tnh (linear complexity), phc tp cu (sphere
complexity), phn phi mu (pattern distribution) v tnh t tng quan [4].
Sau y l cc kha cnh mt m ca dy trn trng hu hn. Ta ni mt dy
trn mt trng ngha l tt c cc phn t ca dy thuc trng .
2.6.1. phc tp tuyn tnh v a thc cc tiu
A. Khi nim chung v phc tp tuyn tnh v a thc cc tiu:
Cho mt a thc f(x) thuc GF(q)[x] (q nguyn t) c ton t a thc f(E) c nh
ngha nh di. Nu mt dy trn trng hu hn GF(q), v ) (x f trn GF(q) c cho
bi [4]:
, ... ) (
1
1 1 0
+ + + =
L
L
x c x c c x f
ta nh ngha:
. ... ) (
1 1 1 1 0 +
+ + + =
L j L j j j
s c s c s c s E f
Cho s
n
k hiu mt dy
1 1 0

n
s s s vi chiu di n trn trng hu hn GF(q).
Nu n l s hu hn, ta gi dy l dy hu hn. Ngc li ( = n ), ta gi dy l dy
na v hn (semi-infinite sequence). Mt a thc ] )[ ( ) ( x q GF x f e c l x f s )) ( deg( v
0
0
= c c gi l a thc c trng ca dy s
n
nu:
0 ) ( =
j
s E f vi mi j vi . l j >
Trang 65

Nu cc phng trnh trn ng cho l, th chng cng ng cho 1 + l . V vy vi
mi a thc c trng, tn ti mt gi tr nh nht ) deg( f l > sao cho cc phng trnh
trn ng. Ta gi l nh nht l di lin kt hi tip (associated recurrence length)
ca ) (x f cho dy. Ngoi ra a thc t trng c gi l a thc cc tiu (minimal
polynomial) v di lin kt hi tip c gi l phc tp tuyn tnh (linear
complexity) ca dy. phc tp tuyn tnh c k hiu l L(s
n
).
Nhn xt (*): Nu mt dy na v hn
s l tun hon, th a thc cc tiu ca n l

duy nht vi iu kin 1
0
= c . Nu dy s
n
tun hon c a thc cc tiu l f, ta lun c
) deg( ) ( f s L
n
= .
B. phc tp tuyn tnh v a thc cc tiu ca thanh ghi dch chuyn hi tip
tuyn tnh (Linear Feedback Shift Register LFSR):

Hnh 20. LFSR tng qut th hin s quy.
Trong LFSR vi chiu di L Hnh 8, cc khi ang cha s
j-1
, s
j-2
, , s
j-L+1
, s
j-L
l
nhng n v nh hay on (stage), v vi mi nhp ng h (clock tick) gi tr ca
n v nh phi nht c xut ra, trong khi cc gi tr ca cc n v nh khc c
dch chuyn qua bn n v nh ngay bn phi mt cch tun t [4]. Cc gi tr khi
Trang 66

to s
0
, s
1
, , s
L-1
ca L on trng vi L k s (digit hay keyword) xut ra u tin ca
LFSR, cc k s xut ra cn li c tnh duy nht thng qua biu thc quy:
=

=
L
i
i j i j
s c s
1
, . , 2 , 1 , + + = L L L j
Cc k s xut ra v cc h s hi tip c
1
, c
2
, , c
L
c cho nm trong cng
mt trng, c th l mt trng hu hn GF(q) hoc mt trng v hn (nh trng
s thc). LFSR c gi l khng suy bin khi 0
1
= c [17].
nh l 2.6.1 [17]: Nu c mt s LFSR vi chiu di L sinh ra dy s
N
= s
0
, s
1
, , s
N-1

nhng khng sinh ra c dy s
N+1
= s
0
, s
1
, , s
N-1
, s
N
, th bt k LFSR c chiu di L
sinh ra dy s
N+1
lun tha mn:
. 1 ' L N L + >
a thc cc tiu c gi l a thc hi tip i vi LFSR. Cc h s c
i
nh trong
Hnh 8 l cc h s ca a thc:
L
L
D c D c D c c D C + + + + =
2
2 1 0
) ( . a thc ny l a
thc hi tip hay cn c gi l a thc kt ni ca LFSR. Ta cn vit ) ( , D C L l k
hiu ca mt LFSR, vi chiu di L v a thc kt ni l C(D) [18]. Theo Nhn xt (*)
trn, nn LFSR c duy nht mt a thc kt ni ngi ta cho c
0
= 1. Nn
L
L
D c D c D c D C + + + + =
2
2 1
1 ) ( .
Nu ] )[ ( ) ( D q GF D C e l mt a thc c bn (primitive polynomial) vi bc L, th
) ( , D C L c gi l mt maximum-length LFSR. a thc c bn ) (D C l a thc
cc tiu c nghim l phn t c bn o ca ) (
L
q GF . Kt qu ca mt maximum-
length LFSR vi trng thi khi to khc khng (non-zero) c gi l m-sequence.
m-sequence tha mn cc tin ngu nhin Golomb (xem Ph lc) [18]. V d: Cho
Trang 67

4
1 ) ( D D D C + + = l mt a thc c bn trn GF(2), LFSR
4
1 , 4 D D+ + l mt
maximum-length LFSR. T dy kt qu ca LFSR ny l mt m-sequence vi chu
k ti a c th l 15 1 2
4
= = N .
Lu rng, mt a thc c bn cng ng thi l mt a thc bt kh quy,
nhng iu ngc li th khng ng.
K hiu L
N
(s) l chiu di nh nht ca LFSR sinh ra dy s
N
.
nh l 2.6.2 [17]: Nu c mt s LFSR vi chiu di L
N
(s), sinh ra dy s
N
= s
0
, s
1
, ,
s
N-1
v c dy s
N+1
= s
0
, s
1
, , s
N-1
, s
N
, th ) ( ) (
1
s L s L
N N
=
+
. Ngc li, nu c mt s
LFSR vi chiu di L
N
(s) sinh ra dy s
N
nhng khng sinh c dy s
N+1
, th
)]. ( 1 ), ( max[ ) (
1
s L N s L s L
N N N
+ =
+

nh l 2.6.2 lm c s thit lp thut ton Berlekamp-Massey [17] tm ra
mt LFSR ngn nht vi chiu di L
n
(s) sinh ra dy s
0
, s
1
, , s
n-1
. Cng theo Nhn xt
(*), v do LFSR sinh ra dy tun hon nn ) ( )) ( deg( ) ( s L D C s L
n
n
= = . iu ny c c
l do bc ca a thc kt ni lun bng chiu di ca LFSR. T c th hiu rng
thut ton sau y cng ng thi xc nh c phc tp tuyn tnh ca dy
1 1 0
, , ,

n
s s s .
Thut ton Berlekamp Massey
Input: Dy s
n
= s
0
, s
1
, , s
n-1
vi chiu di n.
Output: LFSR ngn nht sinh ra s
n
vi phc tp tuyn tnh L(s
n
) (chiu di LFSR
ngn nht) v a thc kt ni C(D).
1: Khi to: ) ( 1 D C ) ( 1 D B x 1
Trang 68

L 0 b 1 N 0
2: Nu N = n, dng. Ngc li, tnh:
.
1
=

+ =
L
i
i N i N
s c s d
3: Nu d = 0, x x +1 , v i ti bc 6.
4: Nu 0 = d v 2L > N
) ( ) ( ) (
1
D C D B D db D C
x

x x +1 , v i ti bc 6.
5: Nu 0 = d v N L s 2
) ( ) ( D T D C ; [T(D) l bin tm ca C(D)]
) ( ) ( ) (
1
D C D B D db D C
x

L L N +1
) ( ) ( D B D T
b d
x 1
6: N N +1 v quay v bc 2.
Nu phc tp tuyn tnh ca mt dng kha l L, th ch cn mt dng kha
con ca n c chiu di t nht 2L (ng vai tr l Input ca thut ton Berlekamp-
Massey) l xc nh c LFSR vi chiu di L sinh ra y dng kha ban
Trang 69

u [18]. V vy, phc tp tuyn tnh ln l yu t mt m cn nhng khng ca
cc dng kha i vi m dng cng. iu ny s c lm r khi ta gii thiu v
phc tp cu (sphere complexity). Tuy nhin nh ta c ni trong Phn 2.3.3, i
vi mt s m dng khng cng th phc tp tuyn tnh ln ca m dng khng phi
l mt yu cu mt m cn thit.
T nh l 2.6.2 v thut ton Berlekamp-Massey, ta c c nh l sau:
nh l 2.6.3 [17]: Gi s thut ton Berlekamp-Massey c p dng vi dy s
n
= s
0
,
s
1
, , s
n-1
v cho L, C(D), x v B(D) k hiu cc gi tr khi thut ton kt thc. Nu
n L s 2 , th C(D) l a thc kt ni ca LFSR duy nht vi chiu di nh nht L sinh ra
dy. Nu n L > 2 , th tp cc a thc l tp cc a thc kt ni cho tt c LFSR vi
chiu di nh nht L sinh ra dy.
Mt vn na, theo Khi nim phn A th c a thc kt ni, cng nh dy s
n
u
ang xt trn cng mt trng ) (q GF . Nhng nu xt trng hp s
n
= s
0
, s
1
, , s
n-1
l
dy trn trng ) (
m
q GF . phc tp tuyn tnh ca s
n
i vi trng con GF(q), k
hiu ) (
) (
n
q GF
s L , c nh ngha l s t nhin nh nht L sao cho tn ti cc h s
) ( , , ,
2 1
q GF c c c
L
e tha:
, 0
1 1
= + + +
L j L j j
s c s c s vi mi . n j L < s
Lc , theo cc nh nghin cu th phc tp tuyn tnh ) (
) (
n
q GF
s L l s tng
qut ha ca phc tp tuyn tnh thng thng. Bt ng thc sau hin nhin ng
[4]:
). ( ) (
) (
n
q GF
n
s L s L s
Trang 70

(ta hiu phc tp tuyn tnh thng thng l khi c a thc kt ni, cng nh dy
s
n
u ang xt trn cng trng ) (q GF )
Kt qu thc nghim thut ton Berlekamp-Massey:
Chng ti hin thc thut ton Berlekamp-Massey i vi dy nh phn (trn trng
GF(2)) tnh phc tp tuyn tnh v tm ra LFSR sinh ra dy nh phn c cho
trc. Sau y l thut ton Berlekamp-Massey i vi dy nh phn [18]:
Input: Mt dy nh phn s
n
= s
0
, s
1
, s
2
, , s
n-1
vi chiu di n.
Output: phc tp tuyn tnh L ( n L s s 0 ) ca dy v a thc hi tip C(D) ca
LFSR sinh ra dy.
1. Khi to: 1 ) ( D C , 0 L , 1 m , 1 ) ( D B , 0 N .
2. While (N < n) do
. 2 mod ) (
1
=

+
L
i
i N i N
s c s d
If d = 1 then
) ( ) ( D C D T
. ) ( ) ( ) (
m N
D D B D C D C

+
If 2 / N L s then
L N L + 1 , N m , ) ( ) ( D T D B .
Trang 71

1 + N N .
3. Return L, C(D).

V d cho dy nh phn A = 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0,
1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1,
0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1,
1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0,
1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0,
0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0.
Kt qu chy thut ton Berlekamp-Massey cho c phc tp tuyn tnh ca A l
9.
Theo nh trn th ta c th ch dng mt dy con vi chiu di t nht l 2*9 = 18
tm ra c a thc hi tip C(D) ca LFSR sinh ra A. Ta th kim chng.
y ta dng mt dy con bt k c chiu di 18, chng hn dy (trong phn in
m trn ca dy A) B = 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0.
Kt qu chy thut ton cho ta c phc tp tuyn tnh vn l 9 v a thc
kt ni
9
1 ) ( D D C + = .
Nh vy thng qua kt qu thc nghim ta thy, vic tn cng (chng hn bit trc
bn r) LFSR l hon ton c th thc hin mt cch n gin bng thut ton
Berlekamp-Massey.
C. Mt s vn v a thc cc tiu:
Nh c cp, phc tp tuyn tnh ca dy tun hon trn trng hu hn
th ng bng bc a thc cc tiu ca n. V mt mt m, ta cn bit n khng ch
Trang 72

phc tp tuyn tnh ca dy m cn a thc cc tiu [4]. Sau y l mt s kt qu
ca cc nh nghin cu v a thc cc tiu ca dy tun hon.
Khi nim hm sinh (generating function hay formal power) [4]: Hm sinh ca mt
dy na v hn
s trn GF(q) c nh ngha bi:
=
=
0
. ) (
i
i
i
x s x s
Nu
s tun hon vi chu k N, ta c:
=
= =
1
0
. ) ( ) ( ) 1 (
N
i
i
i
N N
x s x s x s x
Cc mnh sau y ng:
Mnh 2.6.4 [4]: Hm sinh ca mi dy tun hon
s c th c biu din nh:

) (
) (
) (
x f
x g
x s = (2.6.1)
vi 0 ) 0 ( = f v ). deg( ) deg( f g <
Biu thc trong (2.6.1) c gi l dng t s (rational form) ca hm sinh s(x)
ca dy
s . Nu 1 )) ( ), ( gcd( = x f x g , th n c gi l dng t s rt gn (reduced

rational form).
K hiu f
s
l a thc cc tiu ca mt dy
s . Hai mnh kinh in sau rt hu ch:

Mnh 2.6.5 [4]: Cho
s l mt dy tun hon trn GF(q) v:

,
) (
) (
) (
x f
x r
x s = 1 ) 0 ( = f
Trang 73

l mt dng t s ca hm sinh ca
s . Khi ) (x f l a thc cc tiu ca dy nu

1 )) ( ), ( gcd( = x f x r .
Mnh sau p dng cho tng ca hai dy tun hon.
Mnh 2.6.6 [4]: Cho cc dng t s rt gn ca hai dy tun hon
s v
t ring
bit:
,
) (
) (
) (
x f
x r
x s
s
s
= .
) (
) (
) (
x f
x r
x t
t
t
=
Khi a thc cc tiu ca dy tng ca hai dy c xc nh nh:
.
) , gcd(
s t t s t s
t s
t s
f r f r f f
f f
f
+
=
+

2.6.2. Phn phi mu ca dng kha
Cho
s l mt dy vi chu k N trn GF(q), y N khng nht thit l chu k nh

nht. Vector ) , , , (
1 1
+ +
+
k
t t t
s s s
t t
c gi l mt mu ca di k (pattern of length k)
vi cc khong ) , , , (
2 1 1 2 1

k k
t t t t t . Mt mu ) , (
t + t t
s s cn c gi l mt
bigram t . [4]
Phn phi mu (pattern distribution) l mt yu t mt m quan trng ca dng
kha. thy c tm quan trng ca mt phn phi mu no , ta c lut bo ton
ca mu nh bn di [4].
By gi xem xt cc mu vi chiu di k v cc khong ) , , , (
2 1 1 2 1

k k
t t t t t .
Cho mt dy vi chu k nh nht N trn ) (q GF , bin vector ) , , , (
1 1
+ +
+
k
t t t
s s s
t t
nhn
gi tr trn khng gian
k
q GF ) ( khi t chy t 0 n 1 N . Cho ) ) , , , ((
1 1
a s s s n
k
t t t
= +

+ + t t

Trang 74

l k hiu s ln m bin vector ) , , , (
1 1
+ +
+
k
t t t
s s s
t t
nhn gi tr
k
q GF a ) ( e khi t chy
t 0 n 1 N . [4]
nh l 2.6.7 (Lut bo ton ca mu) [4]: Cho cc k hiu nh trn, ta lun c:
. ) ) , , , ((
) (
1 1
N a s s s n
k
k
q GF a
t t t
= = +
e
+ +

t t

R rng nh l ny c ngha l ) ) , , , ((
1 1
a s s s n
k
t t t
= +

+ + t t
c bo ton. Hng
s
N
a s s s n
k
t t t
) ) , , , ((
1 1
= +

+ + t t
c k hiu l ) Pr(a , l xc sut ) , , , (
1 1
+ +
+
k
t t t
s s s
t t

nhn gi tr a. Ko theo:
e
=
k
q GF a
a
) (
. 1 ) Pr(
Nhn chung, cc mu xu (bad pattern) thng c xc sut nh trong dng kha. Nu
trong mt dy vi chu k N trn ) (q GF , phn ln phn phi mu c th c vi di k
v cc khong ) , , , (
2 1 1 2 1

k k
t t t t t c yu cu sao cho ) ) , , , ((
1 1
a s s s n
k
t t t
= +

+ + t t

xp x bng mt hng s, l
k
q
N
. S cn thit ca phn phi mu c lin quan n
tn cng sai phn (thm m sai phn) trn generator dy t nhin. Sau khi thc hin
tn cng, nhng mu xu cho nhiu thng tin v kha hn l cc mu khc (tt hn)
[4].
2.6.3. Hm tng quan
u tin ta xem xt nh ngha c trng ca nhm (character of group) nm bt
c ni dung ca cc hm tng quan.
nh ngha 2.6.8 (c trng ca mt nhm) [19]: Cho G l nhm bt k. Mt c
trng (character) ca G l mt ng cu nhm:
Trang 75

. :
-
C G _
Tha mn cc s kin ng sau:
(1) Tp hp G
ca cc c trng ca G l mt nhm vi php nhn tng phn:

), ( ) ( ) )( (
1 1 2 1
x x x _ _ _ _ =
php nghch o c nh ngha nh
1 1
) ( ) )( (

= x x _ _ , v n v ng cu
thng . 1 x
(2) Nu G l mt nhm hu hn vi bc n, tt c c trng nhn gi tr trong
tp:
}, 1 | { = e =
n
n
z C z
trong C l tp s phc, v nghch o
1
_ ca mt c trng cn l lin
hp phc _ .
Mt khi nim na l c trng b sung ca trng hu hn (Additive characters of
finite field) [19]: nu ) (q GF l mt trng hu hn vi
u
p q = (p nguyn t) phn t,
ta c mt s ng cu ca cc nhm
u u
) / ( ) ( ) ( Z Z ~ ~ p p GF q GF . Cc c trng ca
u
) / ( Z Z p c gi l cc c trng b sung ca ) (q GF , k hiu l ) (
q F G hay
q
F
.
y trng Z Z p / cn c cch k hiu thng dng khc m ta quen thuc l Z
p
[21].
nh l 2.6.9 [20]: Cho ) (q GF be , hm
p
bc iTr
b
e c
) ( 2
) (
t
_ =
i vi tt c ) (q GF ce
l mt c trng b sung ca ) (q GF , v mi c trng b sung ca ) (q GF c thu
theo cch ny.
Trong Tr l nh x c nh ngha nh sau [19]:
Trang 76

Tr :
p
q
p p
x x x x x
p GF q GF
+ + + +
2
) ( ) (

c bit Tr(x)
p
= Tr(x).
Cho ) (q GF l mt trng hu hn. Cho _ l mt c trng b sung ca ) (q GF .
s v
t l hai dy vi chu k tng ng l N v M, v } , { N M lcm P = (bi chung nh nht).

Hm h tng tun hon (periodic crosscorrelation function) ca hai dy c nh
ngha bi [4]:
. ) ( ) ( ) ( ) (
1
0
1
0
,

=
+
=
+
= =
P
i
l i i
P
i
l i i t s
t s t s l CC _ _ _ (2.6.3.1)
Nu hai dy ng nht, th P = M = N v hm h tng c gi l hm t tng
quan tun hon (periodic autocorrelation function) ca
s , c nh ngha bi:
. ) ( ) ( ) ( ) (
1
0
1
0

=
+
=
+
= =
N
i
l i i
N
i
l i i s
s s s s l AC _ _ _ (2.6.3.2)
Nu q = 2, th
a
a ) 1 ( ) ( = _ l mt c trng b sung ca ) 2 ( GF , y ta ng
nht ) 2 ( GF vi
2
Z . Lc (2.6.3.1) v (2.6.3.2) tng ng l cc hm h tng v t
tng quan thng thng ca dy nh phn.
Cho
s v
t l hai dy vi chu k tng ng l N v M, v } , { N M lcm P = , hm h

tng phi tun hon (aperiodic crosscorrelation function) ca hai dy c nh ngha
bi:
. ) ( ) ( ) ( ) , , (
,
=
+
=
+
= =
v
u i
l i i
v
u i
l i i t s
t s t s v u l ACC _ _ _
Trang 77

Nu hai dy ng nht, th P = M = N v hm h tng c gi l hm t
tng quan phi tun hon (aperiodic autocorrelation function) ca
s , c nh
ngha bi:
. ) ( ) ( ) ( ) , , (

=
+
=
+
= =
v
u i
l i i
v
u i
l i i s
s s s s v u l ACC _ _ _
Cc kt qu t tng quan phi tun hon c l c tnh mt m quan trng hn so vi
cc kt qu t tng quan tun hon. Ni chung t tng quan tun hon th c nhiu
lin h d dng kim sot hn so vi t tng quan phi tun hon [4].
2.6.4. phc tp cu
Cho x l mt dy hu hn vi chiu di n trn ) (q GF . phc tp trng s (weight
complexity) ca dy hu hn c nh ngha bi [4]:
), ( min ) (
) (
y x L x WC
u y WH
u
+ =
=

y ) ( y WH l k hiu trng s Hamming ca y (y cng trn ) (q GF ), ngha l s cc
phn t ca y khc khng(zero) [22] (ta xem x v y ng vai tr nh hai vector
thuc khng gian
n
q GF ) ( ).
By gi xt khng gian
n
q GF ) ( vi khong cch Hamming d
H
. Khong cch
Hamming gia hai vector l s v tr (ta ) m hai phn t tng ng trn hai vector
khc nhau [22], vector y l mt khi nim tng qut cn trong trng hp c th
c th l dy bit khi xt trn khng gian
n
GF ) 2 ( . V d: Xt 2 dy bit cng chiu di l
a = 01111010, b = 10111011, ta c d
H
(a, b) = 3.
K hiu } ) , ( : { ) , ( u y x d y u x S
H
= = , theo nh ngha ta c [4]:
). ( min ) (
) , (
y L x WC
u x S y
u
e
=
Trang 78

iu ny ni ln rng phc tp trng s l bin nh nht ca phc tp tuyn tnh
ca tt c cc dy vi chiu di n trn mt cu ) , ( u x S .
Cho } ) , ( 0 : { ) , ( u y x d y u x O
H
s < = l hnh cu vi tm x. phc tp cu
(sphere complexity) c nh ngha bi:
). ( min ) ( min ) (
0 ) , (
x WC y L x SC
v
u v u x O y
u
s < e
= =
Tng t, cho
s l mt dy vi chu k N (khng nht thit l chu k nh nht) trn

) (q GF . phc tp trng s v phc tp cu ca dy c xc nh tng ng
nh:
) ( min ) (
), ( min ) (
0
) (
s <
=
+ =
s WC s SC
t s L s WC
v
u v
u
u t WH
u
N

trong
t cng c chu k l N.
C s mt m ca cc phc tp ny l: mt s dng kha (keystream) vi phc
tp tuyn tnh ln c th c tnh xp x bi mt s dy vi phc tp tuyn tnh
thp hn. phc tp cu v phc tp trng s c da trn m hnh xp x
LFSR. Tri ngc vi phc tp tuyn tnh c da trn LFSR ngn nht sinh ra
mt dy, phc tp cu ) (

s SC
k
th c da trn LFSR ngn nht sinh ra mt dy
khc vi mt xc sut ging nhau (ph hp) khng nh hn
N
k
1 , y N l chu k
ca dy
s ng vi phc tp cu. phc tp trng s ) (

s WC
k
c da trn
LFSR ngn nht sinh ra mt dy khc vi xc sut ging nhau ng bng
N
k
1 .
Trang 79

Ta s thy tm quan trng ca hai phc tp da trn m hnh xp x LFSR ny trong
trng hp c mt thut ton hiu qu tm LFSR cho vic xp x generator gc nh
di y.
Ta xem xt mt cch tn cng nh sau: gi s rng dng kha dng nh phn v
phc tp tuyn tnh ca dng kha ca i phng rt km bn vng, nh ph m
(cryptanalyst) c th c gng xy dng mt LFSR xp x generator dng kha
gc, theo cc bc sau [4]:
Bc 1: Khi u
- Dng thut ton Berlekamp-Massey xy dng mt LFSR sinh ra dy
1 1 0
=
n
n
z z z z .
- Sau dng LFSR c xy dng gii m mt mu ln bn m.
- Nu ch c c phn trm (hng s ny c th linh hot, chng hn nh nh
hn 15) bn m c gii m khng th cm nhn c, th chp nhn LFSR
ny v dng. Ngc li i n Bc 2.
Bc 2: Chy vng lp
- Cho i = 0 ti n 1, thc hin:
+ 1 =
i i
z z
+ p dng thut ton Berlekamp-Massey i vi dy mi (sau khi thc
hin php trn) xy dng mt LFSR sinh ra dy mi.
+ Sau dng LFSR c xy dng gii m mt mu ln bn m.
+ Nu ch c c phn trm (hng s ny c th linh hot, chng hn nh
nh hn 15) bn m c gii m khng th cm nhn c, th chp
Trang 80

nhn LFSR ny v dng. Ngc li, lp li bc ny i vi i = i + 1 nu
i < n 1, v i n Bc 3 nu i = n 1.
Bc 3: Chy vng lp
- Cho cp (i, j) vi i < j v } 1 ,..., 1 , 0 { , e n j i , thc hin:
+ 1 =
i i
z z v 1 =
j j
z z .
+ p dng thut ton Berlekamp-Massey i vi dy mi (sau khi thc
hin php cc trn) xy dng mt LFSR sinh ra dy mi.
+ Sau dng LFSR c xy dng gii m mt mu ln bn m.
+ Nu ch c c phn trm (hng s ny c th linh hot, chng hn nh
nh hn 15) bn m c gii m khng th cm nhn c, th chp
nhn LFSR ny v dng. Ngc li, lp li bc ny i vi cp tip
theo (i, j) vi i < j nu y l mt cp trong s cn li, v xut tht bi
(fail) ri dng nu y khng phi l mt cp cn li (chy ht vng lp).
Bi v phc tp ca thut ton Berlekamp-Massey i vi cc dy c chiu
di n l ) (
2
n O , nn phc tp ca tn cng trn l ) (
4
n O . V vy nu
s l mt
keystream sao cho phc tp tuyn tnh ca n l rt ln (chng hn v d nh 2
40
) v
) (

s SC
k
nh (chng hn v d nh nh hn 1000) vi k rt nh, th tn cng ny c
th thnh cng. tng c bn ca tn cng ny l, ta mong i rng dy keystream
c th c biu din nh:

+ = v u z
Trang 81

sao cho
u v
v c chu k l N, t s
N
v WH
N
) (
rt nh v dy
u c phc tp
tuyn tnh nh. iu ny c th c thc hin khi phc tp tuyn tnh ca
keystream rt km bn vng. Trong trng hp ny, ta mong i rng keystream c
bit
n
z c th c biu din nh:
n n n
v u z + =
vi 2 ) ( s
n
v WH nu
k
N
n
2
< .
Do dn n vn l nh thit k ca mt m dng ng b cng phi m bo
rng k rt nh, phc tp cu ) (

s SC
k
ln. Ni cch khc, nh thit k ca mt
m dng ng b cng s m bo rng dng kha c sinh ra khng th b xp x
bi mt dy vi phc tp tuyn tnh nh, bi v thut ton thi gian a thc trn c
th c dng tm mt LFSR xp x dy keystream gc nu phc tp tuyn
tnh ca n rt km bn vng. iu ny ni ln rng phc tp cu l yu t mt
m quan trng ca dng kha.
2.7. Tnh an ton ca m hnh m dng
Nhng phn trn cng c lc cp n vn an ton ca m hnh m dng.
Trong mt m ni chung v m dng ni ring, vn an ton lun gn lin vi vn
tn cng, nn khi bn v tnh an ton ta cng s cp n cc yu t tn cng ny. R
rng nu mt m hnh m dng v hiu c cc tn cng th m hnh thc s
mnh. Tuy nhin do gii hn ca mt lun vn i hc, nn lun vn ny s khng i
qu su vo cc tn cng cng nh cc phng php thm m, c nhc th cng ch
cp v s hin din ca cc tn cng trong cc m hnh m dng c th. Nh Phn 2.3.
Mt s kin trc m dng c cp, s an ton ca mt m hnh m dng ph thuc
vo kin trc m dng c dng. Cc kha cnh mt m ca dy hay dng kha
Trang 82

c sinh ra bi generator cng nh hng n tnh an ton ca m hnh m dng, bi
v c cc tn cng xut pht t dy v ph thuc vo cc kha cnh mt m ny. Bn
thn kin trc ca generator cng ng vai tr rt ln trong vic m bo tnh an ton
ca m hnh m dng tng ng, v d tnh phi tuyn hay vic s dng hm Boolean
trong kin trc ca generator. Trong kin trc ca generator khng ch c cc hm
Boolean m cn c th c cc thnh phn phc tp hn nh S-box, mt thnh phn
cng hay gp thy trong kin trc ca cc h m khi. Cc c tnh mt m ca hm
Boolean v S-box nh hng ln n an ton ca generator.
Mt vn na trong mt m, l vic cn nhc gia tnh an ton v tc
cng nh kh ci t ca mt thut ton hay phng php mt m. M dng cng
khng ngoi l. Mt s h thng m dng d ci t nhng khng an ton, mt s th
kh ci t nhng tnh an ton ca chng li cao, mt s khc c th c c s ci t d
dng v tnh an ton l tng nhng li chm. iu ny lm cho nh thit k m hnh
m dng phi cn nhc ty theo yu cu i hi, hoc nn thit k mt cch c s cn
bng gia cc yu cu v kh ci t, tnh an ton v tc .
Phn ny cng ch i su nghin cu tnh an ton ca cc m hnh m dng
dng generator da trn thanh ghi dch chuyn, do tnh ph dng ca n trong thc t
m dng.
2.7.1. Tnh an ton da trn kin trc m dng
Khi m hnh m dng p dng kin trc m dng ng b cng, y l mt loi m
hnh hay c dng trong thc t. Cng vic chnh ca m hnh l s lm vic ca
generator sinh ra dng kha, vic cn li ch n gin l php XOR. Nn tnh an
ton ca m hnh da vo kin trc ny ph thuc vo tnh an ton ca generator, iu
ny s c cp Phn 2.7.3 bn di.
Trang 83

Khi m hnh m dng p dng kin trc m dng t ng b cng, th tnh an ton
c tng hn so vi m dng ng b cng do dng kha sinh ra ph thuc vo bn
r. Tuy nhin, m hnh loi ny kh phn tch v thit k do lin quan n s phn hi
ca cc k t bn m ti generator.
Khi m hnh m dng p dng kin trc m dng ng b khng cng, nu c thit
k tt, dng nh nhng tn cng nhm vo m dng cng v m khi khng p dng
c cho m hnh ny. Ngoi ra nu p dng generator v thut ton m khi nhanh, s
ci thin rt nhiu tc ca loi m hnh ny.
Cn i vi m hnh m dng p dng kin trc phn phi hp tc (CD), tnh an ton
ph thuc vo vic chn cc thnh phn m khi v generator iu khin. Nu cc
thnh phn m khi v generator c chn cng an ton th m hnh m dng cng
c an ton. Thm ch nu kin trc ca m hnh ny c thit k tt, ta vn c th
s dng c cc m khi yu cho m hnh, m vn chng c cc tn cng ln cc
thnh phn m khi v generator.
Tm li cc kin trc m dng khc nhau th c an ton khc nhau ty thuc
vo cht lng ca thit k. Nhng kin trc khc kin trc m dng cng c v an
ton hn, tuy nhin li phc tp hn so vi n. Do tnh n gin ca m dng cng nn
trong thc t cc m hnh m dng thng p dng kin trc ny. an ton lc
ph thuc vo generator, vi kin trc ca n v dng kha m n sinh ra. Chnh v
vy m s pht trin trng tm ca m dng l ch yu nghin cu v generator.
2.7.2. Tnh an ton da trn cc kha cnh mt m ca dng
kha
Cc dng kha l sn phm c sinh ra bi cc generator, cc c tnh (kha cnh)
ca n c th ni ln nhiu iu v tnh an ton ca generator hay c m hnh m dng
tng ng, bi v c cc tn cng da vo chnh cc dng kha ny, in hnh nh tn
Trang 84

cng da vo thut ton Berlekamp-Massey truy ra c kin trc ca generator
(LFSR) v c dng kha khi bit mt phn ca dng kha vi chiu di t nht 2L (L l
phc tp tuyn tnh). Nn phc tp tuyn tnh ln khng phi l yu cu
cho mt m dng cng c an ton, n ch mc cn thit. Trong khi i vi m
dng khng cng th khng cn quan tm ti phc tp tuyn tnh l ln hay nh, v
n khng cn thit (xem Phn 2.6.1).
i vi c tnh phn phi mu, cc dng kha c phn phi mu xu to iu kin
cho cc tn cng sai phn, iu ny c kh nng l thng tin v kha rt nhiu sau
tn cng (xem Phn 2.6.2). Trong m hnh m dng da trn kin trc phn phi hp
tc, SG phi c thit k sao cho dng kha c sinh ra c cc phn phi mu tt
s hp tc trong kin trc ny c pht huy "sc mnh" ca n (xem Phn 2.3.5).
Cn vi phc tp cu, nu cc dng kha c mt phc tp tuyn tnh rt ln
trong khi phc tp cu nh, th generator (LFSR) ca m hnh m dng chc
chn s b tn cng. Cc nh thit k phi xy dng c generator sao cho dng kha
sinh ra c mt phc tp cu ln. Nh ta ni trn, phc tp tuyn tnh ln
cha generator c an ton, th lc ny dng nh c th hiu rng vi chnh
phc tp cu ln s b sung v lm cho generator c an ton hn. Do phc
tp cu rt quan trng (xem Phn 2.6.4).
Mt iu cn lu , xt trng hp cc m hnh m dng khng c cng b c th
kin trc ca n, nh khng cho bit phc tp tuyn tnh v a thc kt ni ca
LFSR. iu ny c v khng phi l tiu ch thit k hay c dng trong thc t, bi
v trong thc t cu trc ca cc phng php m phi c cng b, an ton ca
phng php m ch ph thuc vo kha b mt v phng php m an ton khi
kha b mt kh b tn cng tm ra c. Gi s khi cng b kin trc generator
ca mt m hnh m dng dng generator LFSR, nu k tn cng bit trc mt phn
bn r, anh ta c th d dng tn cng thnh cng v tm ra c kha cng nh c
Trang 85

dng kha c sinh ra bi generator bng thut ton Berlekamp-Massey. Nn c th
ni LFSR l mt generator rt yu. Do ta cn phi c nhng generator c thit
k vi nhng kin trc "phc tp" hn m bo tnh an ton ca n, iu ny s
c cp chi tit trong phn ngay di y.
2.7.3. Tnh an ton da trn kin trc ca generator
C nhiu cch khc phc c im yu ca LFSR trong kin trc generator ca m
hnh m dng, l cc cch: thay th LFSR bng NLFSR vi hm hi tip (feedback
function) dng phi tuyn, dng n kin trc generator php cng hay tng qut hn
l generator kt hp phi tuyn, kin trc generator lc vi vic s dng cc c tnh
lin quan n hm Boolean (Boolean function) trong n.
V hm Boolean trong thit k kin trc ca generator, lun vn cng cp
n cc thuc tnh ca hm Boolean lin quan n tnh an ton ca generator nh:
phi tuyn, tiu chun SAC (Strict Avalanche Criterion). phi tuyn ca hm
Boolean l khi nim c s xy dng khi nim tng qut hn l phi tuyn ca
S-box, mt thnh phn cu to quan trng trong generator ZUC.
Tiu chun SAC cng l yu t nh gi an ton ca S-box c dng
trong kin trc ca generator. Ngoi ra lun vn cn cp n tnh ng nht sai
phn (differential uniformity) ca S-box.
2.7.3.1. Khi dng NLFSR
Dng kha c sinh ra c th c phc tp tuyn tnh rt ln [4]. iu ny cho
thy n tin b hn so vi LFSR. Tuy nhin nh tng cp trong phn ni v tnh
an ton da trn cc kha cnh mt m ca dng kha, phc tp tuyn tnh ln ch
l mt iu kin cn ch khng m bo cho generator an ton.
Trang 86

2.7.3.2. Khi dng generator kt hp phi tuyn, generator lc phi
tuyn
Dng n generator kt hp phi tuyn l mt cch khc phc rt nhiu im yu
ca LFSR. Tuy nhin loi generator ny lun tim n kh nng b cc tn cng tng
quan (correlation attack). Nn hm kt hp f s c la chn cn thn sao cho khng
c s ph thuc xc sut no gia bt k tp con nh no ca n dy LFSR v dng
kha. iu kin ny c th c tha mn nu f c chn l min tng quan bc m
(m
th
-order correlation immune). (hm phi tuyn f nh gii thiu trong Phn
2.4.4.2.4).
nh ngha 2.7.1 (min tng quan bc m) [18]: Xt dy trn trng GF(2). Cho
n
X X X ,..., ,
2 1
l cc bin nh phn c lp, mi bin nhn gi tr 1 hay 0 u vi xc
sut
2
1
. Mt hm lun l (Boolean) ) ,..., , (
2 1 n
x x x f l min tng quan bc m nu vi
mi tp con ca m bin ngu nhin
m
i i i
X X X ,..., ,
2 1
vi n i i i
m
s < < < s
2 1
1 , bin ngu
nhin ) ,..., , (
2 1 n
X X X f Z = l c lp xc sut ca vector ngu nhin ) ,..., , (
2 1 m
i i i
X X X ,
tng ng vi 0 ) ,..., , ; (
2 1
=
m
i i i
X X X Z I .
y I l lng tin (mutual information) (xem thm Ph lc).
V d, hm
n n
x x x x x x f =
2 1 2 1
) ,..., , ( l min tng quan bc (n 1). Ta s d
thy rng v d ny tha mn nh l sau.
nh l 2.7.2 [18]: Nu mt hm Boolean ) ,..., , (
2 1 n
x x x f l min tng quan bc m,
y n m< s 1 , th bc phi tuyn ca f c gi tr ln nht l n m. Hn na, nu f c
cn bng (balanced), ngha l c ng mt na cc gi tr sinh ra ca f l 0, th bc
phi tuyn ca f c gi tr ln nht l n m 1 vi 2 1 s s n m .
Trang 87

i vi generator php cng, mc d dng kha c sinh ra c chu k,
phc tp tuyn tnh v min tng quan ln, nhng n c th b tn thng do cc tn
cng tng quan chc chn v cc tn cng bit trc bn r da trn min 2-adic
[18].
Tng t i vi vic dng n generator lc phi tuyn. Mt v d ca loi generator
ny l knapsack generator vi hm lc lun l phi tuyn l Q a x x f
L
i
i i
mod ) (
1
=
= .
y a
1
, a
2
, , a
L
l kha b mt, L l chiu di ca LFSR, ] , ,..., [
1 2
x x x x
L
= l mt trng
thi ca thanh ghi,
L
Q 2 = . R rng f(x) l phi tuyn v, nu x v y l hai trng thi th
trong trng hp tng qut ) ( ) ( ) ( y f x f y x f + = .
2.7.3.3. phi tuyn v tiu chun SAC ca hm Boolean
A. Hm Boolean v phi tuyn ca hm Boolean:
Nh trn c cp n hm Boolean. Cc tiu chun cho mt hm Boolean mnh
v mt m nh l: tnh c cn bng (balancedness), phi tuyn (nonlinearity), tiu
chun lan truyn (propagation criterion) hay SAC (Strict Avalanche Criterion) [32].
Sau y l cc vn lin quan n hm Boolean.
nh ngha 2.7.3 (Hm Boolean) [32]: Hm Boolean l hm f nh x GF(2)
n
thnh
GF(2). Cn gi n gin f l hm trn GF(2)
n
.
R rng tng qut hn hm Boolean l hm nh x GF(p)
n
thnh GF(p).
Cho f l hm trn GF(2)
n
. Dy nh ngha bi ) ) 1 ( ,..., ) 1 ( , ) 1 ((
) (
) ( ) (
1 2 1 0

n
f
f f
o
o o

c gi l sequence ca f. Dy nh phn nh ngha bi )) ( ),..., ( ), ( (
1 2
1 0

n
f f f o o o
c gi l bng chn tr (truth table) ca f. y
i
o vi 1 2 0 s s
n
i l cc vector
Trang 88

trong GF(2)
n
m s nguyn do n biu din l i (xem vector nh chui bits). Lu
rng bng chn tr c tnh th t.
V d v bng chn tr ca mt hm Boolean f vi cc bin u vo l x
1
, x
2
, x
3
:
x
1
x
2
x
3
f(x)
0 0 0 0
0 0 1 1
0 1 0 0
0 1 1 0
1 0 0 0
1 0 1 1
1 1 0 0
1 1 1 1

Nh vy bng chn tr ca f l dy bit: 01000101.
Bng chn tr gi l c cn bng (balanced) nu n cha s cc bit 1 bng
vi s cc bit 0. Hm c cn bng nu bng chn tr ca n c cn bng. Ta thy,
chiu di ca bng chn tr sinh ra l 2
n
, do nu hm c cn bng th s bit 1 ca
n l 2
n-1
hay ni cch khc, trng s hamming ca bng chn tr bng 2
n-1
. Generator
m dng hm Boolean cn bng th dy to ra s c s ngu nhin tt hn.
Trang 89

Hm affine f trn GF(p)
n
l hm c dng c x a x a x a x f
n n
=
2 2 1 1
) ( ,
y n j GF c a
j
,..., 2 , 1 ); 2 ( , = e . Ngoi ra f c gi l hm tuyn tnh nu c = 0.
Sequence ca hm affine (hoc tuyn tnh) c gi l affine (linear) sequence.
Cho hai hm f v g trn GF(2)
n
, khong cch Hamming gia chng c nh
ngha nh ) , ( ) , (
g f H H
d g f d = , y
f
v
g
tng ng l cc bng chn tr ca f
v g.
nh ngha 2.7.4 ( phi tuyn) [32]: phi tuyn (nonlinearity) ca f, k hiu bi N
f

, l khong cch Hamming nh nht gia f v tt c hm affine trn GF(2)
n
. Ngha l
) , ( min
1 2 ,..., 1 , 0
1
i H
i
f
f d N
n

=
+
= , y
0
,
1
, ,
1 2
1
+ n
l cc k hiu ca cc hm affine
trn GF(2)
n
.
Nu generator c kin trc p dng hm Boolean cn bng c phi tuyn cng ln
th an ton ca generator cng cao chng li cc tn cng thm m tuyn
tnh (Linear Cryptanalysis).
C nhiu cch ci thin ln phi tuyn ca hm Boolean nh: kt ni, phn
chia, iu chnh cc dy [32].
Mt s kt qu v hm cn bng vi phi tuyn ln nh sau:
Trong [32], bng cch p dng mt th tc lp (p dng cc cch kt ni, iu
chnh dy) ci thin hn phi tuyn ca hm c xy dng, cc nh nghin cu
xy dng hm tha nh l sau.
nh l 2.7.5 [32]: Cho bt k s chn 4 > n , tn ti mt hm cn bng f
*
trn GF(2)
n

m phi tuyn ca n l:
Trang 90

+ = + + + + +
= + + + +
>
+ + + + + +

). 1 2 ( 2 ), 2 2 2 2 2 (
2
1
2
, 2 ); 2 2 2 2 2 (
2
1
2
1 1 2 ) 1 2 ( 2 ) 1 2 ( 2 ) 1 2 ( 2 1 ) 1 2 ( 2
2 2 2 2 1 2
2 1
2 2 1
*
t n
n
N
s t t t t t t
m
f
s s s
m m m

phi tuyn ca cc hm cn bng trn GF(2)
4
, GF(2)
6
, GF(2)
8
, GF(2)
10
, GF(2)
12
v
GF(2)
14
c xy dng bng cch ny cho trong bng sau [32]:
Khng gian
vector
GF(2)
4
GF(2)
6
GF(2)
8
GF(2)
10
GF(2)
12
GF(2)
14

Cc i 4 26 118 494 2014 8126
Bng cch
iu chnh
4 26 116 492 2010 8120
Bng cch kt
ni
4 24 112 480 1984 8064
Bng 1. Cc phi tuyn ca cc hm cn bng.
Kt qu thc nghim phi tuyn:
Trong phm vi lun vn, chng ti cng tin hnh thc nghim o c phi tuyn ca
hm Boolean. R rng c th da trc tip vo nh ngha 2.4.7 xc nh phi
tuyn ca hm Boolean bng mt c ch lp trnh kh phc tp. Nhng thc ra c mt
cch thun li hn, l s dng bin i Walsh-Hadamard (Walsh-Hadamard
transform) da trn ma trn Walsh-Hadamard.
Ma trn Walsh-Hadamard c nh ngha nh [32]:
H
0
= 1, ,... 2 , 1 ,
1 1
1 1
1
=
(
=

n H H
n n

Trang 91

y l tch Kronecker, c nh ngha khi B A vi A l ma trn n m v B l
ma trn t s c kt qu l ma trn nt ms :
(
(
(
(
=
B a B a B a
B a B a B a
B a B a B a
B A
mn m m
n
n
...
...
...
...
2 1
2 22 21
1 12 11

vi a
ij
l phn t dng i v ct j
ca ma trn A.
Ta c:
(
=
1 1
1 1
1
H ;
(
(
(
(

=
(
=
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1
1 1
2
H H
H H
H ;
(
(
(
(
(
(
(
(
(
(

=
(
=
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
2 2
2 2
3
H H
H H
H
Qu trnh ny c tip din v c th gi n l bin i Walsh-Hadamard.
Trong khi cc bng chn tr ca tt c cc hm tuyn tnh bc 3 nh sau:
Trang 92

1 0 0 1
0 0 1 1
0 1 0 1
1 1 1 1
0 1 1 0
1 1 0 0
1 0 1 0
0 0 0 0
0 1 1 0
1 1 0 0
1 0 1 0
0 0 0 0
0 1 1 0
1 1 0 0
1 0 1 0
0 0 0 0
:
:
:
:
:
:
:
: 0
0 1 2
1 2
0 2
2
0 1
1
0
x x x
x x
x x
x
x x
x
x
+ +
+
+
+

Gi cc bng chn tr ny l bng cc bng chn tr tuyn tnh 3 bin.
Nu thay cc phn t c gi tr 1 thnh 0 v -1 thnh 1 trong H
3
th ta thy lc H
3

trng vi bng bng chn tr trn. Tng t ta c th kim chng rng vi mi H
n
(n >
3) lun c mt bng cc bng chn tr n bin tng ng vi n. T y ta c tng,
dng bin i Walsh-Hadamard xc nh cc bng chn tr ca cc hm Boolean
tuyn tnh n bin khi cn tnh phi tuyn ca mt hm Boolean f no c n bin.
Vi mt lu rng, sau bin i Walsh-Hadamard ta vn cha xc nh c cc truth
table ca cc hm affine n bin cn li, tuy nhin y l mt vic ht sc d dng. Bi
v cc hm affine cn li l cc hm tuyn tnh tng ng XOR vi 1, nn ch cn
ly tt c cc phn t ca cc bng chn tr ca cc hm tuyn tnh tng ng XOR vi
1 l ta c c cc bng chn tr ca cc hm affine cn li. ri sau tip tc dng
cho vic so snh cc khong cch Hamming trong qu trnh tnh phi tuyn ca f.
Vi t tng , cc th tc cn thit (c dng bin i Walsh-Hadamard) c hin
thc (lp trnh) tnh phi tuyn ca hm Boolean.
Sau y l bng thng k phi tuyn ca cc hm Boolean trn GF(2)
8
vi bng
chn tr c chn ngu nhin:
STT
Bng chn tr phi
tuyn
Trang 93

1
101011101000011101101111101000101011100001011111111100
000001000011011111110000000110111001100001111100001100
010011110001011000110001001010101000000000100100000010
011100000010010010100011011011101011111111111011000010
0110111111111101010001110110000100111000
100
2
001000011110000001001100010100100100000111001110011011
111001011111111011001100001010101111101110101111000110
000011111111010111100001110011111111110010011001111000
010110001111110000100100100001010011011011110111000100
1101011001011111011110100010111001001001
102
3
100110111010111010110001011110010111010011010100000001
110100111000011001111011011111011111010001111010110001
110010010001011111100100111011110100111000011001111110
000111101110011001100010110110101111111111100101011001
0011100011111100011011010010100100000011
100
4
111011001101111101111011110011001110010000010011011111
011111100101111001100101101000010110000010000100011001
110111010101000111111100110001111100111110001010111111
111001110110101100010001111101000011000101011100110110
1010010101110100010111101000011010110010
103
5
110111010000011011100001010010011001010011001000101101
101011010000101101011011100110010011110011111100011010
101111111010101011000001010000010101100100001010001101
101000101000101001001101000001000001000101000111111100
107
Trang 94

1001011110110111011101110011010111101100
6
001100010101001100110010010000101101001101010000001010
011110010000000101101100100000011100110000101110110101
000101100001110011010010110110111111001000110101101111
001100000000000001001001110010011100001000110000011110
1101000111000101010101000110011110011010
103
7
011110000000101111001011000010110011011010010001000010
000001101100000001111011100110100100011100111000010000
001001011000101010110100001110101011000011101101110010
110011011000001110000101100001111101111010101001000010
0101010001100000011011011011111110010111
105

Ta nhn thy cc phi tuyn cho trong bng ny r rng nh hn phi tuyn
cc i vi gi tr l 118 cc hm Boolean trn GF(2)
8
cho trong Bng 1.
B. Tiu chun SAC ca hm Boolean:
nh ngha 2.7.6 [32]: Mt hm f trn GF(2)
n
c gi l tha mn tiu chun SAC
nu ) ( ) ( o x f x f l mt hm cn bng vi bt k
n
GF ) 2 ( e o m trng s
Hamming ca n l 1.
Nu xt hm f trn GF(p)
n
, ta c nh ngha tng qut v tiu chun SAC nh sau:
nh ngha 2.7.7 (tng qut SAC) [33]: Hm ) ( ) ( : ) ( p GF p GF x f
n
tha tiu chun
SAC khi v ch khi
n
p GF a
p
a x f a x f ) ( ,
1
) ) ( ) ( Pr( e = + = + tha WH(a) = 1.
Trang 95

Trong kin trc ca generator c th bao gm cc S-box (bng thay th), generator
ZUC l mt v d. Tiu chun SAC cng nh hng n an ton ca S-box.
Xt n m S-box gm m bit u vo v n bit u ra. C th xem S-box ny gm
n hm f
0
, f
1
, f
n-1
, trong hm ) 2 ( ) 2 ( : GF GF f
m
j
xc nh bit th j trong kt
qu c S-box ( n j < s 0 ) [33]. Cc hm ny l cc hm Boolean v c gi l cc
hm thnh phn ca S-box.
Mt trong nhng tiu ch nh gi an ton ca S-box l tng hm f
j
phi t
hay gn t tiu chun SAC, tc l nu 1 bit u vo ca S-box b thay i th mi
bit u ra s b thay i vi xc sut xp x [33].
Chng hn trong Bng 2 [33], phn t ti dng i ct j l s trng hp gi tr ca
hm f
j
b thay i khi bit u vo th i b thay i i vi S-box trong thut ton AES.
Mc d tt c cc hm f
j
th S-box ca AES khng tha tiu ch SAC nhng s trng
hp kt qu ca f
j
b thay i khi bit u vo th i b thay i xp x 128. Nh vy, khi
1 bit u vo b thay i, mi bit u ra s thay i vi xc sut xp x [33]. Do
cc hm thnh phn ca S-box gn t tiu chun SAC.
f
0
f
1
f
2
f
3
f
4
f
5
f
6
f
7

bit 0 132 132 116 144 116 124 116 128
bit 1 120 124 144 128 124 116 128 136
bit 2 132 132 128 120 144 128 136 128
bit 3 136 136 120 116 128 136 128 140
bit 4 116 128 116 132 128 128 140 136
Trang 96

bit 5 116 132 132 120 120 140 136 136
bit 6 136 136 120 132 120 136 136 124
bit 7 132 144 132 136 124 136 124 132
j
khi bit u vo th i
b thay i i vi S-box trong AES.
2.7.3.4. Tnh ng nht sai phn ca S-box
nh ngha 2.7.8 (tnh ng nht sai phn) [34]: Cho G
1
v G
2
l cc nhm Abel hu
hn. nh x
2 1
: G G f c gi l ng nht sai phn (differential uniformity) mc
o nu:
{ } o | o | o o s = + e e = e ) ( ) ( | , , 0 ,
1 2 1
z f z f G z G G (2.7.3.4)
y o c gi l mc ng nht sai phn ca f.
Nu f l mt m n S-box, ) 2 (
1
n
GF G = v ) 2 (
2
m
GF G = , th biu thc (2.7.3.4)
trong nh ngha trn c th vit l:
{ } o | o | o o s = + e e = e ) ( ) ( | , , 0 ,
1 2 1
z f z f G z G G . V trn ) 2 (
m
GF , php cng
( ) cng chnh l php tr. D thy iu ny da vo nh ngha php cng trn
trng GF(2
m
) (xem Phn 2.5.3), v vi mt lu rng trn trng GF(2) php cng
cng chnh l php tr (ch : 0 1 = -1 = 1 mod 2).
Gi tr o cng nh th nh x f cng an ton i vi tn cng mt m sai phn
v tn cng mt m tuyn tnh [33].
i vi m n S-box, mc ng nht sai phn b chn di l
1
min
2
+
=
m n
o . S-
box t c mc ng nht
min
o c gi l Almost Perfect Nonlinear (APN). Tuy
nhin, khng tn ti APN S-box c n bit u vo v n bit u ra vi n chn. V vy,
Trang 97

trong thut ton AES s dng 8 8 S-box, mc ng nht sai phn ti thiu (l tng)
l o = 2
2
= 4 [33].
Trang 98

Chng 3. M DNG TRN MNG DI NG

Tm tt chng:
Chng 3 h thng v kho st cc vn lin quan n ng dng ca m dng
trn mng di ng. Ni dung chng ny trnh by cc vn chnh sau:
o H thng ha v mng di ng, cc thut ton bo mt c trn mng
di ng.
o H thng li m hnh m dng ZUC vi cu to ca ZUC cng nh kin
trc v hot ng ca 3 lp: LFSR, BR, hm phi tuyn F; trnh by hot
ng ca ZUC.
o Trnh by hai ng dng ca ZUC l thut ton m ha 128-EEA3 v
thut ton chng thc thng ip 128-EIA3.
o H thng, phn tch cc tiu ch thit k v tnh an ton ca ZUC: trnh
by v phn tch tiu ch thit k ca lp LFSR; trnh by tiu ch thit k
ca lp BR; h thng v phn tch tiu ch thit k v tnh an ton ca
hm phi tuyn F, c bit i su phn tch v thc nghim o c
kim tra cc c tnh mt m quan trng ca hai S-box S
0
v S
1
l: tnh
phi tuyn ca S-box, tnh ng nht sai phn ca S-box, tiu chun SAC
v tnh cn bng (balance) ca cc hm thnh phn ca S-box.
Trang 99

3.1. Gii thiu v mng di ng
3.1.1. Cc chun mng di ng
GSM l tn vit tt ca H thng thng tin di ng ton cu (Global System for Mobile
Communications). y l mt chun dnh cho mng thng tin di ng v hin nay
c s dng rt ph bin trn th gii. GSM c cng b vo nm 1982 v c
xem l chun mng th h th hai (Second Generation 2G). GSM dng m hnh
mng chia (cellcular network). Mng ny c phn thnh nhiu (cell) vi nm
loi kch thc khc nhau. in thoi di ng s c kt ni vo mng GSM bng
cch tm kim gn n nht. c mng GSM xc nhn, mi in thoi phi c
mt moun xc nhn ngi ng k (Subscriber Identity Module) hay cn c gi
n gin l th SIM. Mng GSM hot ng trn nhiu bng tn khc nhau. Cc bng
tn c s dng nhiu nht l 900 MHz v 1800 MHz.
UMTS ra i sau GSM v c xem l chun mng thuc th h th ba (Third
Generation 3G). UMTS l tn vit tt ca H thng vin thng di ng ton cu
(Universal Mobile Telecommunications System). So vi GSM mng UMTS c tc
truyn ti cao hn do s dng k thut tri ph (wideband). V l thuyt tc truyn
ti ti a ca mng UMTS c th ln n 45Mbit/s. UMTS s dng cp di bng tn
ring cho thao tc ti ln (upload) v ti xung (download). Cp bng tn ny thay i
ty vo mi quc gia v chun loi UMTS s dng.
ESP l chun mng c pht trin t UMTS v hin vn cn ang c nghin cu
v xy dng. EPS l tn ca h thng gi tin tin ha (Elvovled Packet System). Chun
mng ny thuc th h th t (4G) v k tha cc u im t hai chun mng GSM v
UMTS. C hai chun c quan tm nhiu trong EPS l chun LTE (Long Term
Evolution) v chun SAE (Service Architecture Evolution). LTE quan tm n sng
Trang 100

truyn v giao tip (Interface) vi thit b, trong khi SAE quan tm n vic xy dng
mng li (Core Network).
3.1.2. Bo mt trn mng di ng
Mng GSM c thit k cho cc ng dng bo mt khng qu phc tp. Trong chng
thc, GSM s dng kha qui c trc (pre-shared key) v phng php thch thc
tr li (challenge-response authentication ). Cp thut ton chng thc A3 v A8 s
c ci sn trong SIM gii m gi tin thch thc v to kha b mt truyn d
liu. Khi SIM gi yu cu kt ni n mng, h thng mng s to mt s ngu nhin
RAND ri gi li cho SIM. SIM v h thng mng cng s dng thut ton A3 vi u
vo l kha b mt K1 (kha b mt ca SIM ny v h thng mng) v s ngu nhin
RAND cn u ra l gi tr SRES di 32-bit. Nu hai gi tr SRES ca SIM v h thng
mng ging nhau th SIM c chng thc thnh cng. Khi SIM cng h thng
mng dng thut ton A8 to ra kha phin nhm m ha d liu trao i [28].
GSM dng nhm thut ton A5 m ha gi tin. Trong nhm thut ton A5 ny c
hai thut ton ang c p dng rng ri l A5/1 v A5/2 v mt thut ton ang c
pht trin da trn m ha Kasumi l A5/3.
bo mt EPS s dng cp thut ton l EEA v EIA. EEA l thut ton m ha
trn EPS (EPS Encyption Algorithms) cn EIA l thut ton chng thc trn EPS
(EPS Integrity Algorithms). Cp thut ton u tin m EPS s dng l 128-EEA1 v
128-EIA1. Cc thut ton ny c xy dng da trn m dng SNOW 3G v s dng
kha di 128 bit. Sau cp thut ton 128-EEA2 v 128-EIA2 [41] c xy dng v
pht trin da trn m ha khi AES. Hin nay hng nghin cu thut ton bo mt
trn EPS l pht trin vo m dng ZUC [31] lm c s cho cp thut ton 128-EEA3
v 128-EIA3.
Trang 101

3.2. M dng ZUC
3.2.1. Cu to ca ZUC
ZUC s dng b sinh phi tuyn. B sinh trong ZUC bao gm mt thanh ghi LFSR v
mt hm phi tuyn F. Hnh di y m t cu trc tng qut ca ZUC. Ta chia ZUC
ra lm 3 lp chnh nh sau: lp trn cng l thanh ghi LFSR c 16 stage, lp gia
c gi l lp ti cu trc dy bit (Bit-reorganization - BR), lp di cng l hm
phi tuyn F [31]:
Trang 102

Hnh 21. Kin trc tng qut ca ZUC.
3.2.2. Cu to v hot ng ca LFSR
Thanh ghi dch chuyn hi tip tuyn tnh trong ZUC l mt thanh ghi Fibonacci c 16
stage. Mi stage cha 31 bit v nhn d liu trong khong {1,2,3,, 2
31
-1}. Sau mi
xung tn hiu nh thi, thanh ghi s dch chuyn cc bit sang tri v gi hm hi tip
(feedback). Thanh ghi c 2 cch hi tip l dng thit lp v dng hot ng.
Trang 103

dng thit lp, thanh ghi LFSR nhn d liu u vo l mt t (word) u di
31 bit. T ny c to ra bng cch ly word w t u ra ca hm phi tuyn F v b
i bit thp nht (u=W>>1). Quy trnh bao gm cc bc sau:
LFSRWithInitialisationMode(u) {
1. v = 2
15
s
15
+2
17
s
13
+2
21
s
10
+2
20
s4
+(1+2
8
)s
0
mod (2
31
-1);
2. s
16
= (v+u) mod (2
31
-1);
3. If s
16
= 0, then set s
16
= 2
31
-1;
4. (s
1
,s
2
, ,s
15
,s
16
) (s
0
,s
1
, ,s
14
,s
15
) ;
}

dng hot ng, thanh ghi thc hin cc thao tc sau:
LFSRWithWorkMode() {
1. s
1 6
= 2
15
s
15
+2
17
s
13
+2
21
s
10
+2
20
s
4
+(1+2
8
)s
0
mod (2
31
-1);
2. If s
16
= 0, then set s
16
= 2
31
-1;
3. (s
1
,s
2
, ,s
15
,s
16
) (s
0
,s
1
, ,s
14
,s
15
) ;
}

3.2.3. Ti cu trc dy bit
Trong b sinh phi tuyn, hm phi tuyn F thng khng s dng ht cc stage ca
thanh ghi LFSR m ch s dng mt s stage chn sn. Vic chn stage c thc hin
lp ti cu trc dy bit (the bit-reorganization). lp ny cc stage s
0
, s
2
, s
5
, s
7
, s
9
,
Trang 104

s
11
, s
14
, s
15
ca thanh ghi s c kt hp li to thnh bn word 36-bit l X
0
, X
1
, X
2
, X
3
.
Ba word u s c s dng trong hm phi tuyn F, word X
3
cn li dng to ra
keystrean. Hot ng ca lp ny c miu t bi hm sau:
Bitreorganization() {
1. X
0
=s
15H
|| s
14L
;
2. X
1
=s
11L
|| s
9H
;
3. X
2
=s
7L
|| s
5H
;
4. X
3
=s
2L
||s
0H
.
}

Trong hm Bitreorganization(), s
xL
l 16 bit cao ca stage s
x
, s
xH
l 16 bit thp
ca stage s
x
. Cn php bin i a || b l php ni hai dy bit a v b thnh mt dy bit
duy nht trong dy a nm v pha bn tri cn dy b nm pha bn phi ca dy bit
mi ny.
3.2.4. Hm phi tuyn F
Hm phi tuyn F nhn u vo l 3 word X
0
, X
1
, X
2
t lp trn. u ra ca hm l 2
word W. Trong lp ny c hai bin nh l R
1
v R
2
. Hot ng ca hm F bao gm cc
bc sau:
F (X
0
, X
1
, X
2
) {
1. W=( X
0
XOR R
1
) + R
2
mod 2
32
;
2. W
1
= R
1
+ X
1
mod 2
32
;
3. W
2
= R
2
XOR X
2
;
Trang 105

4. R
1
=S(L
1
(W
1L
||W
2H
));
5. R
2
=S(L
2
(W
2L
||W
1H
));
}

Trong hm F c s dng cc hm con S(), L
1
() v L
2
(). Hm S() l mt 32x32 S-
box nhn vo mt word (32 bit) v tr v mt word tng ng. L
1
() v L
2
() l cc hm
bin i tuyn tnh. Cu trc ca tng hm c trnh by chi tit trong phn tip theo.
3.2.4.1. S-box S
32x32 S-box trong ZUC gm bn 8x8 S-box ghp li l S
0
, S
1
, S
2
, S
3
. Trong S
0
= S
2

v S
1
= S
3
. M hnh ca cc S-box con S
0
v S
1
c th hin qua cc s bn di.
tnh S(X) vi X l mt word 32 bit ta phi tch X thnh 4 byte khc nhau: X=
X
0
|| X
1
|| X
2
|| X
3
. Gi Y=S(X) , khi Y= S
0
(X
0
) || S
1
(X
1
) || S
2
(X
2
) || S
3
(X
3
). tnh gi
tr qua S-box con, v d S
0
(X
0
), ta tch X
0
thnh hai phn mi phn 4 bit c th hin
dng thp lc phn, v d X
0
=H
0
||L
0
. Khi gi tr S
0
(X
0
) s nm ti hng th H
0
v
ct th L
0
trong bng S-box S
0
. V d vi X= 0x12345678 th Y=S(X) = S
0
(0x12) ||
S
1
(0x34) || S
2
(0x56) || S
3
(0x78)=0xF9C05A4E.

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 3E 72 5B 47 CA E0 00 33 04 D1 54 98 09 B9 6D CB
1 7B 1B F9 32 AF 9D 6A A5 B8 2D FC 1D 08 53 03 90
2 4D 4E 84 99 E4 CE D9 91 DD B6 85 48 8B 29 6E AC
3 CD C1 F8 1E 73 43 69 C6 B5 BD FD 39 63 20 D4 38
4 76 7D B2 A7 CF ED 57 C5 F3 2C BB 14 21 06 55 9B
5 E3 EF 5E 31 4F 7F 5A A4 0D 82 51 49 5F BA 58 1C
6 4A 16 D5 17 A8 92 24 1F 8C FF D8 AE 2E 01 D3 AD
7 3B 4B DA 46 EB C9 DE 9A 8F 87 D7 3A 80 6F 2F C8
8 B1 B4 37 F7 0A 22 13 28 7C CC 3C 89 C7 C3 96 56
9 07 BF 7E F0 0B 2B 97 52 35 41 79 61 A6 4C 10 FE
A BC 26 95 88 8A B0 A3 FB C0 18 94 F2 E1 E5 E9 5D
B D0 DC 11 66 64 5C EC 59 42 75 12 F5 74 9C AA 23
Trang 106

C 0E 86 AB BE 2A 02 E7 67 E6 44 A2 6C C2 93 9F F1
D F6 FA 36 D2 50 68 9E 62 71 15 3D D6 40 C4 E2 0F
E 8E 83 77 6B 25 05 3F 0C 30 EA 70 B7 A1 E8 A9 65
F 8D 27 1A DB 81 B3 A0 F4 45 7A 19 DF EE 78 34 60
Bng 3. S-box S
0
.

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 55 C2 63 71 3B C8 47 86 9F 3C DA 5B 29 AA FD 77
1 8C C5 94 0C A6 1A 13 00 E3 A8 16 72 40 F9 F8 42
2 44 26 68 96 81 D9
45
3E 10 76 C6 A7 8B 39 43 E1
3 3A B5 56 2A C0 6D B3 05 22 66 BF DC 0B FA 62 48
4 DD 20 11 06 36 C9 C1 CF F6 27 52 BB 69 F5 D4 87
5 7F 84 4C D2 9C 57 A4 BC 4F 9A DF FE D6 8D 7A EB
6 2B 53 D8 5C A1 14 17 FB 23 D5 7D 30 67 73 08 09
7 EE B7 70 3F 61 B2 19 8E 4E E5 4B 93 8F 5D DB A9
8 AD F1 AE 2E CB 0D FC F4 2D 46 6E 1D 97 E8 D1 E9
9 4D 37 A5 75 5E 83 9E AB 82 9D B9 1C E0 CD 49 89
A 01 B6 BD 58 24 A2 5F 38 78 99 15 90 50 B8 95 E4
B D0 91 C7 CE ED 0F B4 6F A0 CC F0 02 4A 79 C3 DE
C A3 EF EA 51 E6 6B 18 EC 1B 2C 80 F7 74 E7 FF 21
D 5A 6A 54 1E 41 31 92 35 C4 33 07 0A BA 7E 0E 34
E 88 B1 98 7C F3 3D 60 6C 7B CA D3 1F 32 65 04 28
F 64 BE 85 9B 2F 59 8A D7 B0 25 AC AF 12 03 E2 F2
Bng 4. S-box S
1
.
3.2.4.2. Hm bin i tuyn tnh
L
1
v L
2
l hai hm bin i tuyn tnh. Hai hm ny nh x nh x mt word 32-bit
ny thnh mt word 32-bit khc. C php c th ca hm nh sau:
L
1
(X)=X(X<<<
32
2)(X<<<
32
10)(X<<<
32
18)(X<<<
32
24),
L
2
(X)=X(X<<<
32
8)(X<<<
32
14)(X<<<
32
22)(X<<<
32
30).
3.2.5. Hot ng ca ZUC
xy dng m dng t b sinh phi tuyn ca ZUC ta phi hon thnh cc cng vic
sau y:
Trang 107

o a thng tin ca kha v ca vector khi to (instant vector IV) vo
b sinh.
o Thit lp trng thi ban u cho thanh ghi LFSR.
o Thc hin li nhiu ln hot ng generator cho n khi thu c
keystream c di ph hp.
M dng ZUC s dng tin trnh np kha thit lp thng tin ban u cho
LFSR v tin trnh thc thi pht sinh keystream. Tin trnh thc thi trong ZUC li
c chia lm hai bc: bc khi to v bc hot ng.
3.2.5.1. Np kha
ZUC s dng kha k di 128 bit v vector khi to iv di 128 bit. IV v kha khi a
vo ZUC s c khai trin thnh thng tin ban u cho thanh ghi LFSR. Tin trnh
gi l np kha (loading key procedure). Trong tin trnh, mt chui hng s D c
s dng. Hng s D di 240 bit v c chia thnh cc dy con, mi dy di 15 bit nh
sau:
D = d
0
||d
1
||||d
15
,
d
0
= 100010011010111
2
, d
1
= 010011010111100
2
,
d
2
= 110001001101011
2
, d
3
= 001001101011110
2
,
d
4
= 101011110001001
2
, d
5
= 011010111100010
2
,
d
6
= 111000100110101
2
, d
7
= 000100110101111
2
,
d
8
= 100110101111000
2
, d
9
= 010111100010011
2
,
d
10
= 110101111000100
2
, d
11
= 001101011110002
2
,
Trang 108

d
12
= 101111000100110
2
, d
13
= 011110001001101
2
,
d
14
= 111100010011010
2
, d
15
= 100011110101100
2
.
to thng tin cho cc stage ca thanh ghi LFSR, k v iv ln lt c chia nh
thnh 16 dy con, mi dy di 8 bit.
k = k
0
|| k
1
|| k
2
|| || k
15

iv = iv
0
|| iv
1
|| iv
2
|| || iv
15

Khi trng thi ca stage th i trong thanh ghi LFSR s c khi to nh sau:
s
i
= k
i
|| d
i
|| iv
i
.
3.2.5.2. Bc khi to
Trong bc khi to (initialization stage) ny, thut ton ZUC gi tin trnh np kha
(phn 3.2.5.1) pht sinh d liu ban u cho generator. ng thi cc thanh ghi nh
R
1
, R
2
c gn gi tr 0. Vic khi to c thc thi 25 ln bng cc hm sau:
1. Bitreorganization();
2. w=F(X
0
, X
1
, X
2
);
3. LFSRWithInitialisationMode(w>>1).

Sau on lnh trn thanh ghi LFSR s thay i trng thi cc thanh ghi nh R
1

v R
2
c cp nht. Lc by gi ZUC cha to ra keystream.
Trang 109

3.2.5.3. Bc hot ng
Sau khi thc hin xong bc khi to, ZUC chuyn sang bc hot ng (working
stage). bc ny hm gi tr u ra w ca hm phi tuyn F khng c s dng
thay i trng thi thanh ghi LFSR. Bc hot ng bao gm chui lnh sau:
2. F(X0, X1, X2);
3. LFSRWithWorkMode().

Chui lnh ny c ZUC thc hin mt ln v khng to ra keystream. Sau khi
thc hin xong chui lnh trn, ZUC mi to ra keystream bng cch thc thi chui
lnh di y:
2. Z = F(X0, X1, X2) X3;
3. LFSRWithWorkMode().

Chui lnh ny to ra mt word Z di 32 bit. Z ny chnh l keyword u ra ca
ZUC. Chui lnh s c thc hin lp li nhiu ln to keystream c kch thc
p ng c yu cu m ha.
Trang 110

3.3. ng dng ca ZUC
3.3.1. M ha 128-EEA3
3.3.1.1. Gii thiu
M dng 128-EEA3 dng m ha v gii m d liu vi cc dng d liu lin tc c
di t 1 n 20000 bit. u vo v u ra ca gii thut ny nh sau:

Tham s
Kch thc
(bits)
Ghi ch
u vo
COUNT 32 Bin m
BEARER 5 Xc nh sng mang (bearer)
DIRECTION 1
Xc nh hng chuyn d liu l
upload hay download
CK 128 Kha mt
LENGTH 32
Chiu di (bits) ca d liu u
vo
M LENGTH Chui bit u vo (bn r)
u ra C LENGTH Chui bit u ra (bn m)

Trong bng trn cc bin COUNT, BEARER, DIRECTION l cc tham s dng
thit lp generator. B ba bin ny kt hp li to thnh bin nonce cho qu trnh m
ha, gii m v c nh km vo bn m.
3.3.1.2. To keystream
Trong phn thit lp, 128-EEA3 s to ra cc i s chy ZUC l: kha v vector
khi to. Bin CK c dng lm kha ca ZUC. Qu trnh to vector khi to c
bt u bng vic tch cc bin COUNT ra thnh tng byte:
COUNT = COUNT
0
COUNT
1
COUNT
2
COUNT
3

Trang 111

Dng bin IV 128-bit lm vector khi to s dng cho ZUC. IV s c tch
nh thnh tng byte v c gn gi tr cho tng byte ny:
IV = IV
0
IV
1
IV
2
IV
15

IV
0
= COUNT
0
, IV
1
= COUNT
1
, IV
2
= COUNT
2
,
IV
3
= COUNT
3
, IV
4
= BEARERDIRECTION00
2
,
IV
5
= IV
6
= IV
7
= 00000000
2
,
IV
8
= IV
0
, IV
9
= IV
1
, IV
10
= IV
2
, IV
11
= IV
3
,
IV
12
= IV
4
, IV
13
= IV
5
, IV
14
= IV
6
, IV
15
= IV
7
.
Lc by gi hai bin CK v IV s c np ZUC hot ng. Sau mi vng
lp, ZUC s to ra mt word 32-bit. to keystream m ha d liu c kch
thc LENGTH th cn thc hin s vng lp
(
32 / LENGTH L = . Sau L vng lp ZUC
sinh ra keystream z c kch thc LENGTH bit.
3.3.1.3. M ha v gii m
Trong qu trnh m ha, ta XOR tng bit ca thng tin cn m ha M vi keystream z
m ZUC va to ra. Do 128-EEA3 dng kin trc m dng ng b cng. Qu
trnh m ha v gii m c tin hnh nh sau:
o M ha: C = M XOR z.
o Gii m: M = C XOR z.
Qu trnh m ha v gii m c thc hin trn tng bit mt.
Trang 112

3.3.2. Chng thc 128-EIA3
3.3.2.1. Gii thiu
Gii thut 128-EIA3 dng chng thc mt thng ip c di t 1 n 20000 bit.
128-EIA3 s dng mt kha IK to ra m xc thc thng ip (Message
authentication code MAC). u vo v u ra ca gii thut ny nh sau:
Tham s
Kch thc
(bits)
Ghi ch
u vo
COUNT 32 Bin m
BEARER 5 Xc nh sng mang (bearer)
DIRECTION 1 Xc nh hng chuyn d liu l
upload hay download
IK 128 Kha
LENGTH 32 Chiu di (bits) ca thng ip u
vo
M LENGTH Thng ip u vo
u ra
IM 32 MAC - M chng thc thng ip

3.3.2.2. To keystream
Ging nh 128-EEA3, gii thut 128-EIA3 cng cn truyn cho ZUC kha v vector
khi to. Bin IK c dng lm kha ca ZUC. Bin COUNT cng c tch thnh
tng byte:
COUNT=COUNT
0
COUNT
1
COUNT
2
COUNT
3

Dng bin IV 128-bit lm vector khi to s dng cho ZUC. IV s c tch
nh thnh tng byte v c gn gi tr cho tng byte ny. Cch gn gi tr trong gii
thut ny khc vi trong 128-EEA3:
IV
0
= COUNT
0
, IV
1
= COUNT
1
, IV
2
= COUNT
2
,
Trang 113

IV
3
= COUNT
3
, IV
4
= BEARER000
2
, IV
5
=00000000
2
,
IV
6
= 000000002, IV
7
= 00000000
2
, IV
8
= IV
0
(DIRECTION << 7),
IV
9
= IV
1
, IV
10
= IV
2
, IV
11
= IV
3
, IV
12
= IV
4
,
IV
13
= IV
5
, IV
14
= IV
6
(DIRECTION << 7), IV
15
= IV
7

Lc by gi hai bin CK v IV s c np ZUC hot ng. S ln word u
ra ca ZUC trong gii thut ny l
(
2 32 / + = LENGTH L . Tch keystream z m ZUC
va sinh ra thnh tng bit:
z = z
0
|| z
1
|| || z
32L
1
.
nh ngha z[i] vi i trong khong [0,, 32(L1)]
z[i] = z
i
||z
i+1
||||z
i+31
.
3.3.2.3. Tnh gi tr MAC
Cho T l mt word 32 bit v c gn gi tr 0. Gi tr MAC c tnh bng on m
gi sau:
For each i=0,1,2,,LENGTH1
if M[i] = 1, then
T=Tz[i]
end if
end for
T = T z[ LENGTH ]
Trang 114

IM = T z[ 32(L1) ]

Bin IM chnh l gi tr MAC u ra ca gii thut 128-EIA3.
3.4. Tiu ch thit k v tnh an ton ca ZUC
Cc nh nghin cu gn y ngh cc tiu ch cng nh cch thc thit k c 3
lp ca ZUC. Tiu ch thit k no cng c nguyn nhn ca n, c bit tiu ch v
cch thit k ca hm phi tuyn F ng vai tr rt quan trng trong vic quyt nh
n tnh an ton ca ZUC.
3.4.1. Tiu ch thit k LFSR
Tiu ch thit k LFSR bn cht nm ch vic la chn a thc c bn f(x), l a
thc kt ni ca LFSR. Sau y l tiu ch la chn f(x) [35]:
1. Trng s Hamming ca mi h s khc khng l thp nht c th. Phi hiu
trng s Hamming ca h s l trng s Hamming ca biu din nh phn ca
h s .
2. Tng cc trng s Hamming ca cc h s khc khng (tr s hng x
16
) l mt
s chn.
3. H s ca s hng vi bc cao th hai phi khc khng.
4. Cc bc ca s hng vi cc h s khc khng (tr s hng x
16
) phi khc nhau
i mt.
5. Cc v tr ca 1 ca cc h s khc khng trong biu din 2-adic ca chng
phi khc nhau i mt.
Trang 115

Trong biu din 2-adic ca mt h s ) ( p GF ue l biu din c dng:
30
30
2
2 1 0
2 ... 2 2 u u u u u + + + + =
y p = 2
31
1 l s nguyn t [35]; u
i
nhn gi tr 0 hoc 1, i = 0, 1, , 30. Biu
din 2-adic cng chnh l biu din nh phn nh ta bit.
a thc sau c chn tha tiu ch nu trn:
)). 1 2 ( 2 2 2 2 ( ) (
8 4 20 10 21 13 17 15 15 16
+ + + + + = x x x x x x f
Ta nhn thy cch thc tnh cc phn t dy s
j
( 16 > j ) c sinh ra bi LFSR ny c
phn ngc so vi LFSR c nghin cu trong Chng 2. C th trong Chng 2,
th s
j
c tnh theo:

. ...
16 16 1 1
16
1

=

= =
j j
i
i j i j
s c s c s c s

Cn trong trng hp lp LFSR ny th:
. ...
16 0 1 15
0
15
) 16 (
=

= =
j j
i
i j i j
s c s c s c s
(3.4.1)
iu ny c th c gii thch, bi v ton t a thc f(E) (xem Phn 2.6.1) i vi
lp LFSR ny l . ... ) (
16 0 1 15 16
+ + + =
j j j j
s c s c s c s E f Trong khi i vi LFSR c
nghin cu Chng 2 l . ... ) (
16 16 1 1 0
+ + + =
j j j j
s c s c s c s E f Mi h c c
i
( 16 0 s s i ) l
h s tng ng vi s hng x
i
ca a thc ) (x f trn.

L do ti sao s
j
c tnh theo cng thc (3.4.1) trn trong Phn 2.6.1 c
cp, nhm m bo 0 ) ( =
j
s E f vi mi j vi . l j > l y l phc tp tuyn tnh
ca dy c sinh ra, cng ng thi l chiu di ca LFSR (l = 16).
Trang 116

Ta d dng kim tra c f(x) tha mn tiu ch trn vi biu din nh phn ca cc h
s nh sau:
2
15
= 1000000000000000.
2
17
= 100000000000000000.
2
21
= 1000000000000000000000.
2
20
= 100000000000000000000.
2
8
+ 1 = 100000001.
V f(x) l mt a thc c bn trn GF(p), nn LFSR s sinh mt m-sequence vi
chu k
496 16
2 1 ~ p v tha mn cc tin ngu nhin Golomb (xem Ph lc), iu
ny m bo v ngu nhin ca dy sinh ra bi lp LFSR ny.
3.4.2. Tiu ch thit k ca BR
Lp BR l khp ni gia LFSR v hm phi tuyn F, n trch 128 bit t cc (cell) ca
LFSR v to thnh bn 32-bit word. Thit k chnh ca BR da vo tiu ch sau [35]:
1. Ph hp cho ci t phn mm.
2. Bn 32-bit word t BR c tnh ngu nhin tt v mt thng k.
3. S cc bit ph nhau ca bn 32-bit word trong cc thi im lin tip nh.
Da trn tiu ch trn, BR lm vic nh cp:
a) ; ||
14 15 0 L H
s s X =
b) ; ||
9 11 1 H L
s s X =
c) ; ||
5 7 2 H L
s s X =
Trang 117

d) , ||
0 2 3 H L
s s X =
y X
i
(i = 0, 1, 2, 3) l u ra ca BR, v ch s H v L ca mt s s cho bit tng
ng 16 bit cao v 16 bit thp ca s.
Trong thut ton ZUC, v cc phn t trong GF(p) c xc nh trong tp {1, 2, ,
p}, cho nn trong sut qu trnh hi tip ca 16-stage LFSR, gi tr 0 s c thay th
bi p. Ch rng LFSR s sinh mt m-sequence vi chu k p
16
1. Nn trong mt chu
k ca sequence nh vy, s khng c trng thi no m khi tt c gi tr cc u
bng p. Cc kt qu sau c trch dn trong [35]:
nh l 3.4.1 [35]: Pr(s
i
=p) = (p
15
1)/(p
16
1), v cho bt k 1 1 s s p a ta c:
) 1 /( ) Pr(
16 15
= = p p a s
i

nh l 3.4.2 [35]:
) 1 /( ) 1 2 ( ) 0 Pr( ) 0 Pr(
16 15 15
= = = = p p s s
iL iH
,
) 1 /( ) 1 2 ( ) 1 2 Pr( ) 1 2 Pr(
16 15 15 16 16
= = = = p p s s
iL iH
,
), 1 /( 2 ) Pr( ) Pr(
16 15 15
= = = = p p a s a s
iL iH

Trong a l mt chui nh phn 16-bit m khng l all-zero (tt c cc bit u l 0)
hay all-one (tt c cc bit u l 1).
Cho X
0
, X
1
, X
2
, X
3
l bn 32-bit word c thu bi x l ca BR.
T nh l 3.4.2 v cc thuc tnh thng k tiu biu ca m-sequence, [35] cng kt
lun sau:
H qu 3.4.3 [35]: Cho a v b l hai chui nh phn 16-bit bt k m khng l all-zero
hay all-one, th:
Trang 118

Pr(X
0
=(a,b))= 2
15
p
15
/(p
16
-1)2
15
p
15
/(p
16
-1)
H qu 3.4.4 [35]: Cho a l mt chui nh phn 16-bit bt k m khng l all-zero hay
all-one, 1 l mt chui nh phn 16-bit all-one, th ta c:
Pr(X
0
=(a,1))= Pr(X
0
=(1, a))= 2
15
p
15
/(p
16
-1)(2
15
p
15
-1)/(p
16
-1)
H qu 3.4.5 [35]: Cho a l mt chui nh phn 16-bit bt k m khng l all-zero hay
all-one, 0 l mt chui nh phn 16-bit all- zero, th ta c:
Pr(X
0
=(a,0))= Pr(X
0
=(0, a))= 2
15
p
15
/(p
16
-1)(2
15
-1)p
15
/(p
16
-1)
H qu 3.4.6 [35]: Cho 1 l mt chui 16-bit all-one, 0 l mt chui 16-bit all-zero, th
ta c:
Pr(X
0
=(0,1))= Pr(X
0
=(1,0))= (2
15
p
15
-1)/(p
16
-1)(2
15
-1)p
15
/(p
16
-1)
H qu 3.4.7 [35]: Cho 0 l mt chui 16-bit all-zero, th ta c:
Pr(X
0
=0)= (2
15
-1)p
15
/(p
16
-1)(2
15
-1)p
15
/(p
16
-1)
H qu 3.4.8 [35]: Cho 1 l mt chui 16-bit all-one, th ta c:
Pr(X
0
=1)= (2
15
p
15
-1)/(p
16
-1)(2
15
p
15
-1)/(p
16
-1)
H qu 3.4.9 [35]: Cc bin ngu nhin X
0
, X
1
, X
2
v X
3
c cng phn phi xc sut.
Da vo cc h qu trn, ta c th xem nh X
0
, X
1
, X
2
, X
3
c phn phi xc sut u.
3.4.3. Thit k v tnh an ton ca hm phi tuyn F
Tnh an ton ca ZUC ph thuc ng k vo hm phi tuyn F. Trong thc t c s
dng cc m hnh generator, LFSR phi kt hp vi cc thanh ghi (LFSR) khc hay
dng lc thanh ghi phi tuyn ha nhm em n s an ton hn cho m hnh
Trang 119

generator. V trong kin trc ca ZUC, s lc thanh ghi (lp LFSR) c thc hin
nh (lp) hm phi tuyn F.
Hm phi tuyn F l mt hm nn t 96 bit cn 32 bit. Thit k ca n thng qua
mt s cu trc ly t thit k ca m khi (block cipher). Xem xt c nhng yu cu
an ton v hiu nng, thit k ca hm phi tuyn F ch yu da vo tiu ch sau [35]:
1. Nhn u vo 96 bit v u ra l mt 32-bit word.
2. Hm phi tuyn F phi mang b nh.
3. Hm phi tuyn F phi s dng cc S-box c c phi tuyn cao v cc
thuc tnh mt m khc.
4. Hm phi tuyn F phi s dng php bin i tuyn tnh vi s khuch tn tt.
5. Dy sinh ra ca hm phi tuyn F phi cn bng v kh c th on ra c (kh
nng khng th on ra c cao).
6. Hm phi tuyn F phi ph hp i vi ci t phn mm ln phn cng.
7. Chi ph ci t phn cng ca hm phi tuyn F phi thp.
3.4.3.1. Thit k v tnh an ton ca cc S-box S
0
v S
1

Hai S-box c dng trong hm phi tuyn F tng ng l S
0
v S
1
. V lp LFSR c
thit k tt nhm chng li cc tn cng i s trn GF(2), do min i s
(algebraic immunity) (xem Ph lc) khng l u tin cao nht trong thit k ca cc S-
box [35].
Phn 2.7.3.3 cp n nh ngha v phi tuyn ca hm Boolean. Trong khi
, ta c bit S-box c th xem nh c cu to t nhiu hm Boolean (gi l cc
hm thnh phn ca S-box), v ta cng c nh ngha v phi tuyn ca S-box:
Trang 120

nh ngha 3.4.10 ( phi tuyn ca S-box) [37] [38]: phi tuyn ca mt S-box l
phi tuyn nh nht trong s cc phi tuyn ca cc t hp tuyn tnh khc khng
ca cc hm thnh phn S-box. Ngha l:
)}. 0 ,..., 0 , 0 ( ) ,..., , ( , | {
2 1
1
min
= = =

=
m j j
m
j
g
g
F
c c c f c g N N
trong , ) ,..., (
1 m
f f F = l hm nh x t
n
GF ) 2 ( thnh
m
GF ) 2 ( (cc f
i
vi i = 0, 1, ,
m l cc hm Boolean nh x t
n
GF ) 2 ( thnh ) 2 ( GF ). c
1
, c
2
,

, c
m
) 2 ( GF e . F chnh
l mt m n S-box.
A. Thit k ca S-box S
0
:
Thit k ca S-box S
0
ch yu da vo 3 tiu ch sau [35]:
1. Chi ph ci t phn cng thp.
2. phi tuyn cao.
3. Mc ng nht sai phn thp.
Da trn s xem xt trn, S-box S
0
c thit k s dng mt kin trc Feistel, nh
hnh sau:
Trang 121

Hnh 22. Kin trc ca S-box S
0
.
Trong Hnh 22, c hai x
1
v x
2
l cc chui 4-bit, m = 5. V P
1
, P
2
, P
3
l cc bin i
trn trng GF(16), c nh ngha tng ng trong cc bng Bng 5, Bng 6, Bng
7.
Input 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Output 9 15 0 14 15 15 2 10 0 4 0 12 7 5 3 9
Bng 5. Bin i P
1
.
Input 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Output 8 13 6 5 7 0 12 4 11 1 14 10 15 3 9 2
Bng 6. Bin i P
2
.
Input 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Output 2 6 10 6 0 13 10 15 3 3 13 5 0 9 12 13
Bng 7. Bin i P
3
.
Kt qu thc nghim:
Trong phm vi ca lun vn, da vo nh ngha phi tuyn v tnh ng nht sai
phn ca S-box, nhng th tc cn thit c hin thc (lp trnh) xc nh gi
Trang 122

tr cc i lng ny i vi S
0
. C th phi tuyn v mc ng nht sai phn ca
S
0
c o c v c kt qu tng ng l 96 v 8. Ngoi ra theo DACAS, bc i
s v min i s (xem Ph lc) ca S
0
tng ng l 5 v 2.
Lun vn cng kho st tiu chun SAC i vi cc hm thnh phn ca S
0
. Sau
y l bng th hin s liu v s thay i gi tr u ra ca cc hm thnh phn f
j
khi
bit u vo th i thay i i vi S
0
(xt ti dng i ct j):
f
0
f
1
f
2
f
3
f
4
f
5
f
6
f
7

bit 0 96 116 136 132 104 128 120 120
bit 1 128 88 124 144 116 96 128 120
bit 2 120 120 128 128 140 120 96 160
bit 3 136 124 136 132 112 128 128 128
bit 4 128 112 144 144 112 128 128 128
bit 5 128 160 144 112 144 128 128 128
bit 6 128 112 128 128 112 128 128 128
bit 7 128 128 144 160 144 128 128 128
j
khi bit u vo th i
0
ca hm phi tuyn F.
Ta thy s trng hp kt qu ca f
j
b thay i khi bit u vo th i b thay i
rt xp x 128. Nh vy, khi 1 bit u vo b thay i, mi bit u ra s thay i vi
xc sut xp x . Do cc hm thnh phn ca S
0
gn t tiu chun SAC.
B. Thit k ca S-box S
1
:
Trang 123

Thit k ca S-box S
1
ch yu da vo 2 tiu ch sau [35]:
1. phi tuyn ca S-box S
1
ln nht c th.
2. Mc ng nht sai phn ca S-box S
1
l thp nht c th.
Theo tiu ch trn, S-box S
1
c cng thc nh sau:
B Mx S + =
1
1

y
1
x l nghch o ca x trn trng GF(2
8
) c nh ngha thng qua a thc
bt kh quy 1 ) (
3 7 8
+ + + + = x x x x x f trn GF(2) bc 8. B = 0x55, M l mt ma trn
kch thc 8 8 v c nh ngha nh sau:
|
|
|
|
|
|
|
|
|
|
|
.
|
\
|
=
1 0 1 1 0 1 1 1
1 1 0 1 1 0 1 1
1 1 1 0 1 1 0 1
0 1 1 1 1 1 1 0
1 1 0 0 0 1 1 1
0 1 1 0 1 0 1 1
0 0 1 1 1 1 0 1
1 0 0 1 1 1 1 0
M
V S-box S
1
tng ng vi S-box ca chun m ha nng cao AES, do S
1
c
nhiu thuc tnh ging vi S-box ca AES, bao gm phi tuyn, mc ng nht sai
phn, bc i s v min i s.
Kt qu thc nghim:
phi tuyn, mc ng nht sai phn ca S
1
tng ng l 112, 4. Ta thy gi tr
phi tuyn l 112 gn t ngng cc i l 118 (i vi hm Boolean trn GF(2)
8
),
mc ng nht sai phn 4 l gi tr ti tiu (l tng) ca mt 8 8 S-box nh
cp trong Phn 2.7.3.4. Trong phm vi ca lun vn, gi tr ca phi tuyn v mc
Trang 124

ng nht sai phn ca S
1
c kim chng thng qua vic o c bng cc c ch
lp trnh da vo nh ngha ca chng. Ngoi ra theo DACAS, bc i s v min
i s ca S
1
tng ng l 7 v 2.
i vi tiu chun SAC, sau y l bng th hin s liu o c c v s thay i
gi tr u ra ca cc hm thnh phn f
j
khi bit u vo th i thay i i vi S
1
(xt ti
dng i ct j):
f
0
f
1
f
2
f
3
f
4
f
5
f
6
f
7

bit 0 140 124 120 120 144 124 136 132
bit 1 120 120 136 132 136 124 140 136
bit 2 132 136 144 132 124 136 124 136
bit 3 120 144 128 136 124 128 144 120
bit 4 140 128 140 128 132 136 136 144
bit 5 116 140 136 120 120 124 124 136
bit 6 120 136 136 132 112 124 124 124
bit 7 132 136 124 128 124 132 132 136
j
khi bit u vo th i
1
ca hm phi tuyn F.
Ta thy s trng hp kt qu ca f
j
b thay i khi bit u vo th i b thay i
xp x 128. Nh vy, khi 1 bit u vo b thay i, mi bit u ra s thay i vi xc
sut xp x . Do cc hm thnh phn ca S
1
cng gn t tiu chun SAC.
Nhn xt:
Trang 125

Hai S-box S
0
v S
1
c thit k da trn kin trc Feistel v S-box trong AES
tng ng. Kin trc Feistel l mt kin trc ni ting trong vic thit k cc thut
ton m khi, in hnh l thut ton DES. Vic m phng theo cch thc S-box trong
AES, gip cho S
1
t c s an ton cn thit, iu ny c gii thch thm trong
phn Ph lc ca phn S-box trong AES v vai tr ca nh x nghch o (xem Ph
lc). ZUC ni chung v hm phi tuyn F ni ring s dng c hai S-box S
0
v S
1
.
Trong khi AES ch s dng mt S-box tng ng vi S
1
v c cng nhn l an
ton hin nay, nn ta c th t nim tin vo an ton ca thnh phn phi tuyn ca
ZUC. Vi mt phi tuyn cao v mc ng nht sai phn thp, c bit l i vi S-
box S
1
, hm phi tuyn F gip cho ZUC c kh nng chng li cc tn cng thm m
tuyn tnh v thm m sai phn. Ngoi ra, cc hm thnh phn ca S
0
v S
1
cng c
cn bng, c th qua thc nghim cho c kt qu l tt c cc bng chn tr ca cc
hm thnh phn ca chng u cn bng (c 128 phn t gi tr 1). Nh tnh cn bng
ny m kt qu u ra ca hm phi tuyn F c ngu nhin cao, do vy dng kha
m ZUC sinh ra cng c ngu nhin cao.
Sau y l bng so snh cc tnh cht ca S-box trong AES v hai S-box S
0
v S
1
trong
hm phi tuyn F:
S-box phi tuyn Mc ng nht sai phn SAC
S-box trong AES 112 4 ~ 1/2
S-box S
0
trong F 96 8 ~ 1/2
S-box S
1
trong F 112 4 ~ 1/2
Gi tr ti u 118 4 1/2
Bng 10. So snh cc tnh cht ca S-box trong AES v hai S-box S
0
v S
1
trong hm
phi tuyn F.
Trang 126

Trong , cc gi tr ca cc tnh cht i vi S-box trong AES c o c
kim chng li.

Trang 127

Chng 4. CHNG TRNH THC HIN

Tm tt chng:
Chng 4 trnh by kt qu ca ng dng do chng ti thc hin, vi m hnh
ng dng th nghim m dng thng qua thut ton m ha 128-EEA3 s dng
generator ZUC. Ni dung chng ny trnh by cc vn chnh sau:
o Gii thiu tng quan v ng dng Voice Chat dng thut ton m ha
128-EEA3 m bo tnh b mt ca d liu cuc hi thoi trn ng
truyn.
o Trnh by m hnh ca ng dng vi cc ni dung: cc yu cu chc
nng ca chng trnh; m hnh hot ng ca chng trnh bao gm:
m hnh hot ng ch cng khai, m hnh hot ng ch ring
t; giao din chng trnh v hng dn thc thi.
o Thc nghim so snh tc gia thut ton m ha 128-EEA3 v thut
ton m ha AES.
o Tng kt, nh gi cc kt qu t c v cha t c ca chng
trnh thc hin.
Trang 128

4.1. Gii thiu
Trong phm vi ca lun vn, chng ti xy dng th nghim chng trnh ng dng
phng php m dng. C th l chng ti chn m dng ZUC l phng php
c dng trong m hnh ng dng ny. Thut ton m ha 128-EEA3 c dng n,
s dng generator ZUC.
Chng ti chn ng dng Voice Chat hin thc vic p dng m dng vo m
bo b mt d liu trn ng truyn. Vic chn Voice Chat nhm minh ha hai
tng chnh: (1) Ch ngi c kha mi hiu nhau v (2) vic m ha gii m khng
nh hng n qu trnh m thoi.
M dng l mt phng php m i xng. Do nhng ngi mun ni chuyn vi
nhau thng qua ng dng Voice Chat m d liu c m ha, phi dng chung
mt kha mt cho trc. y chnh l kha i xng ni chung trong phng php m
ha i xng. Vic dng kha i xng ny m bo rng ch c nhng ngi c c
kha mt mi c th hiu c ni dung ca cuc hi thoi, cn nhng k khc khng
c kha cho d c c gng nghe ln cng khng th no hiu c ni dung l g.
cng chnh l ngha hng n v nhm mang li ca chng trnh thc hin ny.
ZUC l vit tt ca Zu Chongzhi, mt nh ton hc v thin vn hc ngi Trung
Quc vo th k th 5. Generator ZUC v cc ng dng ca n (128-EEA3, 128-EIA3)
c thit k bi Trung tm nghin cu an ton tuyn thng v bo mt d liu
(Data Assurance and Communication Security Research Center DACAS) ca Vin
hn lm khoa hc Trung Quc.
Trang 129

4.2. M hnh ng dng
4.2.1. Yu cu chc nng chng trnh
ng dng c xy dng p ng yu cu to ra mt chng trnh Voice Chat trc
tuyn c h tr m ha d liu. Chng trnh theo cu trc Client Server. Thng qua
mt my ch (Server), cc my trm (Client) c th kt ni v trao i d liu m
thanh cho nhau. Cc my trm c th hot ng hai ch : ch cng khai (public
mode) v ch ring t (private mode). Trong ch cng khai, d liu c gi m
khng c m ha. iu ny dn n nguy c d liu c th b nghe ln bi ngi
trung gian. Trong ch ring t cc d liu s c m ha bng thut ton 128-
EEA3 (xem chi tit Phn 3.3.1) trc khi gi i nhm m bo khng b nghe ln
bi k trung gian (Man in the midle).
Chng trnh c vit bng ngn ng C++ v c th chy trn cc phin bn ca h
iu hnh Window.
4.2.2. Phng php to keystream
s dng phng php m ha 128-EEA3 ta phi to ra mt keystream t ZUC
m ha tng bit trong gi tin cn m ha. Nhng nu vic to keystream din ra cng
lc vi qu trnh m ha d liu th tc m ha s b chm li. iu ny lm hn ch
u im v tc ca m ha dng. Phng n thit k ca nhm chng ti l to
keystream tnh t kha ngi dng trc khi thc hin m ha. Nh vy khi gi gi tin
ta ch vic kt hp tng bit ca gi tin vi tng bit ca keystream c sn.
Vn ca phng n thit k trn l kch thc keystream tnh cn phi t gi tr bao
nhiu m bo an ton cho vic m ha. Do kch thc mt chu k ca keystream do
ZUC to ra l rt ln ((2
31
1)
16
1 bit) nn ta khng th lu c tt c thng tin
keystream ca ZUC. Nhm chng ti xut thm phng n s dng hai keystream
Trang 130

tnh khc nhau. Kch thc ca mi keystream tnh l 10MB. Khi m ha ta s dng
mt trong hai keystream trn v sau mi khong thi gian xc nh th ta li chuyn i
keystream.
4.2.3. M hnh hot ng ca chng trnh
o M hnh hot ng ch cng khai:

Hnh 23. M hnh hot ng ca ng dng Voice Chat ch cng khai.
Trong m hnh trn Client1 v Client 2 l hai my khch kt ni v trao i d liu m
thanh vi nhau thng qua Server. Client 3 l my khch c th kt ni vi server v
nghe trm c thng tin trao i gia hai my trn.
o M hnh hot ng ch ring t:
Trang 131

Hnh 24. M hnh hot ng ca ng dng Voice Chat ch ring t.
Trong m hnh ch ring t ny, hai my Client 1 v Client 2 trao i cho nhau
trc mt kha cho trc (pre-shared key). Cc d liu trc khi gi s c m ha
bng thut ton 128-EEA3 da trn kha ny. My khch Client 3 c th bt c d
liu trn ng truyn nhng khng gii m c do khng c kha, nn khng th
nghe trm c thng tin trao i gia hai my trn. Nh c kha m khi d liu
c gi n bn kia, n s c gii m Clien 1 (Client 2) c th hiu c ni
dung thng ip Voice Chat gia hai my.
4.2.4. Giao din chng trnh v hng dn thc thi
Ti my ch, chy chng trnh SCVoiceChat-server.exe. Chng trnh ny c giao
din nh sau:
Trang 132

Hnh 25. Giao din chng trnh SCVoiceChat-server.exe.
to h thng Voice Chat, ta chn cng dch v ri nhn nt Start, danh sch cc
thng tin my khch truy cp s c hin th trong bng Client List.
ng nhp my ch ta chy chng trnh SCVoiceChat-client.exe my khch.
Chng trnh c giao din nh sau:
Trang 133

Hnh 26. Giao din chng trnh SCVoiceChat-Client.exe
Ta chn tn ng nhp, in a ch mng ca my ch v cng tng ng. Nu s
dng ch ring t ta chn chc nng m ha d liu v nhp kha vo. Sau khi kt
ni thnh cng vi server ta c th chn mt my khch trong h thng tr chuyn.
Chng trnh ny h tr hai phng php m ha d liu l m dng vi thut ton
128-EEA3 v m ha khi s dng thut ton AES kiu hot ng CTR (CTR mode
of operation).
Trang 134

4.3. Kt qu thc nghim
minh ha s khc bit gia m khi v m dng, nhm chng ti so snh tc m
ha v gii m ca gii thut 128-EEA3 trong ng dng trn vi gii thut AES da
trn kch thc ca khi d liu. Kt qu so snh c th hin trong bng sau:
STT
Kch thc
(byte)
Thi gian thc thi (miligiy)
M ha 128-
EEA3
M ha AES Gii m
128-EEA3
Gii m
AES
1 100 0 0 0 0
2 500 0 0 0 0
3 1,000 0 0 0 0
4 5,000 0 0 0 0
5 10,000 0 0 0 0
6 50,000 0 1 0 1
7 100,000 1 3 0 3
8 500,000 4 14 7 13
9 1,000,000 9 29 15 24
10 5,000,000 57 140 67 139
11 10,000,000 121 276 112 286
12 50,000,000 587 1389 569 1419
13 100,000,000 1252 2937 1203 3024
14 500,000,000 5893 14445 6005 14745
15 1,000,000,000 11774 28401 11852 28860
Bng 11. So snh tc thc thi gia gii thut 128-EEA3 v gii thut AES.
Trang 135

Hnh 27. Biu so snh tc thc thi gia 128-EEA3 v AES.
Kt qu thc nghim cho thy: khi d liu cng ln th tc m ha d liu ca gii
thut 128-EEA3 cng cao hn ca m khi AES.
Thc nghim trn thc hin trn my c cu hnh: CPU Intel Core 2 Duo 2.10GHz;
DDRAM2 1GB; Processor 32 bit.
4.4. Tng kt chng
Sau khi c hin thc, chng trnh c th nghim kim tra hiu nng mang
li. D liu m thanh c m ha v gii m bng 128-EEA3 s dng generator ZUC
vi thi gian khng ng k i vi kh nng nghe ca tai ngi. Ngha l tr ca
ng dng Voice Chat khng ng k, v m thanh nghe c kh trong (clear), p
ng c yu cu v tc ca mt ng dng Voice Chat. Thc nghim da trn ng
dng ny cho thy m ha dng c tc cao hn m ha khi. S chnh lch v tc
Trang 136

cng th hin r khi ta m ha trn bn r cng ln. c bit vi cc ng dng hin
i c lu lng truyn ti ln nh video chat, xem phim trc tuyn m dng ZUC s
c u th hn m khi do tc thc thi nhanh hn. Ngoi ra vi nhng vn
nghin cu v an ton ca generator ZUC (xem Phn 3.4), ng dng ny mang n
s an ton cho cuc hi thoi Voice Chat.
Tuy nhin ng dng cn mt s hn ch nh cha gii quyt c bi ton ng b d
liu gia hai my khi gii m trong trng hp c mt hay nhiu gi tin b sai hoc tht
lc trn ng truyn (xem Phn 2.2 v 2.3.1).

Trang 137

KT LUN
Lun vn t c cc kt qu sau:
Lun vn kho st v h thng ha kh y cc l thuyt quan trng v
m dng.
Chng ti kho st, phn tch cng nh thc nghim v o c cc c tnh
mt m quan trng ca m dng ZUC, in hnh nht l hm phi tuyn F trong
kin trc ca ZUC. Vi nhng kho st , chng ti lm sng t cc yu t
quyt nh n tnh an ton ca mt m hnh m dng ni chung v m dng
ZUC ni ring.
Chng ti cng xy dng thnh cng ng dng Voice Chat s dng m dng
ZUC m bo tnh b mt d liu trn ng truyn. Qua minh ha c
u th ca m dng ZUC so vi m khi AES v mt tc bng nhng thc
nghim vi chng trnh c xy dng.
Song cng vi cc kt qu t c , lun vn ca chng ti cng cha thc s hon
ho do nhng kt qu cha t c sau:
Do thi gian thc hin hn hp nn chng ti cha xut ra c mt m hnh
m dng no nh mong mun trc khi bt tay vo ti.
Tnh an ton ca mt h m ni chung v m dng ni ring s c lm sng
t hn nu n c tri qua s th nghim ca cc phng php thm m. Do
kh v su ca cc phng php thm m nn chng ti cng cha nghin
cu trong lun vn i hc ny.
Chng trnh thc hin ca chng ti c mt s im cn tn ti nh: cha gii
quyt c bi ton ng b d liu gia hai my khi gii m trong trng hp
Trang 138

c mt hay nhiu gi tin b sai hoc tht lc trn ng truyn; chng trnh ch
c hin thc chy trn my tnh thng (my bn v xch tay) m cha
th chy trn my in thoi di ng.
Trang 139

HNG PHT TRIN
Da trn cc kt qu cp, chng ti a ra hng pht trin ca lun vn nh
sau:
Pht trin ng dng Voice Chat cho in thoi di ng dng m dng ZUC
m bo tnh b mt ca d liu trn ng truyn, ng dng chy trn cc h
iu hnh nh Window Mobile, Android.
Nghin cu cc phng php thm m trn m dng, p dng cc phng php
thm m ny kim nh tnh an ton ca m dng ZUC.
Nghin cu cc phng php kim nh tnh ngu nhin ca dy (sequence),
nhm p dng cho dng kha c sinh ra bi ZUC.

Trang 140

TI LIU THAM KHO
[1] M.J.B. Robshaw, Stream Ciphers, RSA Laboratories Technical Report TR-
701, 1995, pp. 1 3.
[2] Trang web ca hip hi GSMA, GSM Security Algorithms,
http://gsmworld.com/our-work/programmes-and-initiatives/fraud-and-
security/gsm_security_algorithms.htm
[3] Majithia Sachin, Dinesh Kumar, Implementation and Analysis of AES, DES
and Triple DES on GSM Network, IJCSNS International Journal of Computer
Science and Network Security, VOL.10 No.1, January 2010, pp. 1 2.
[4] Thomas W.Cusick, Cunsheng Ding, Ari Renvall ,Stream Ciphers and Number
Theory, North-Holland Mathematical Library, 2003.
[5] Tom Carter, An introduction to information theory and entropy, Complex
Systems Summer School, June 2007, pp. 55 58.
[6] Adi Shamir, Stream Ciphers: Dead or Alive?, ASIACRYPT, 2004, pp. 22
41.
[7] Steve Babbage, Stream Ciphers What does industry want?, The State of the
Art of Stream Ciphers, Thursday October 14, 2004, pp. 9 11.
[8] Franz Pichler, Finite state machine modeling of cryptographic systems in
loops, Springer, 1998, pp. 1 2.
[9] W. Diffie, M. Hellman, Privacy and authentication An introduction to
cryptography, Proc. IEEE 67(3), 1979, pp. 415 417.
Trang 141

[10] Joseph Lano, CRYPTANALYSIS AND DESIGN OF SYNCHRONOUS
STREAM CIPHERS, Katholieke Universiteit Leuven Faculteit
Ingenieurswetenschappen Arenbergkasteel, B-3001 Heverlee (Belgium), 2006.
[11] Joan B. Plumstead, Inferring a sequence generated by a linear congruence,
Springer, 1998, pp. 317 318.
[12] Chung-Chih Li, Bo Sun, Using Linear Congruential Generators for
Cryptographic Purposes, Computer Science Department Lamar University
Beaumont, TX 77710, pp. 2 3.
[13] Werner Alexi, Benny Chor, Oded Goldreich, Claus P. Schnorr, RSA and Rabin
functions: certain parts are as hard as the whole, Society for Industrial and
Applied Mathematics Philadelphia, PA, USA, ISSN: 0097-5397, 1988, pp. 197
208.
[14] Edgar Ferrer, Acceleration of Finite Field Arithmetic with an Application to
Reverse Engineering Genetic Networks, University of Puerto Rico at
Mayaguez, 2008.
[15] J. Guajardo, S. S. Kumar, C. Paar, J. Pelzl, Efficient Software-Implementation
of Finite Fields with Applications to Cryptography, Springer Science +
Business Media B.V. 2006, pp. 3 9.
[16] Richard A. Mollin, An Introduction to Cryptography 2nd ed, Taylor &
Francis Group, LLC, 2007.
[17] James L. Massey, Shift-Register Synthesis and BCH Decoding, IEEE
TRANSACTIONS ON INFORMATION THEORY, 1969, pp. 122 125.
Trang 142

[18] A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied
Cryptography, CRC Press, 1997.
[19] E. Kowalski, Exponential sums over finite fields, I: elementary methods, ETH
Zurich D-MATH, Ramistrasse 101, 8092 Zurich, Switzerland, pp. 1 15.
[20] Jnos Follth, Pseudorandom Binary Sequences Over Fields of Characteristic
2, International Conference on Uniform Distribution Marseille, CIRM, 21-
25/01/2008, pp. 8 11.
[21] Nguyn Chnh T, L thuyt m rng trng v Galois, Gio trnh in t,
Khoa Ton HSP Hu, 12 2006.
[22] Randy Yates, A Coding Theory Tutorial, Digital Signal Labs, 19Aug2009.
[23] T.Beth and F.Piper. The stop-and-go generator, T. Beth and N. Cot and I.
Ingemarsson, editors, Advances in Cryptology Eurocrypt '84, pp. 88-92,
Springer-Verlag, Berlin, 1984, pp. 88 92.
[24] D. Gollmann, Pseudo-random properties of cascade connections of clock
controlled shift registers, T. Beth, N. Cot, and I. Ingemarsson, editors,
Advances in Cryptology Eurocrypt '84, pp. 93-98, Springer-Verlag, Berlin,
1985, pp. 93 98.
[25] W. Meier and O. Staffelbach, The self-Shrinking generator, Advances in
Cryptology Eurocrypt '94, Springer-Verlag, 1995, pp. 205 214.
[26] Dong Hoon Lee, Jaeheon Kim, Jin Hong, Jae Woo Han, Dukjae Moon,
Algebraic Attacks on Summation Generators, Fast Software Encryption
2004, 2004, pp. 34 48.
Trang 143

[27] Martin Hell, Thomas Johansson, Willi Meier, Grain - a stream cipher for
constrained environments, International Journal of Wireless and Mobile
Computing, Vol. 2, No. 1, 2007, pp. 86 93.
[28] Paul Yousef, GSM-Security a Survey and Evaluation of the Current Situation
, Master's thesis, Linkoping Institute of Technology, 5-Mar-2004.
[29] 3rd Generation Partnership Project, Technical Specification Group Services and
System Aspects, Specification of the A5/3 Encryption Algorithms for GSM and
ECSD, and the GEA3 Encryption Algorithm for GPRS. Document 1: A5/3 and
GEA3 Specifications (Release 6), Sep-2003.
System Aspects, Specification of the 3GPP Confidentiality and Integrity
Algorithms 128-EEA3 & 128-EIA3. Document 1: 128-EEA3 and 128-EIA3
Specification, 4-Jan-2011.
Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification, 4-Jan-
2011.
[32] Jennifer Seberry, Xian-Mo Zhang, Yuliang Zheng, Nonlinearity and
Propagation Characteristics of Balanced Boolean Functions, Department of
Computer Science The University of Wollongong, pp. 2 25.
[33] Trn Minh Trit, Nghin cu v pht trin cc phng php bo v thng tin
da trn AES, Lun n Tin s, i hc Khoa hc T nhin Tp.HCM, 2009.
[34] K. Nyberg, Differentially uniform mappings for cryptography, EUROCRYPT
93, LNCS vol. 765, Springer-Verlag, 1993, pp. 57 65.
Trang 144

Algorithms 128-EEA3 & 128-EIA3. Document 4: Design and Evaluation
Report, 18-Jan-2011.
[36] Claude Carlet, Boolean Functions for Cryptography and Error Correcting
Codes, University of Paris 8, France.
[37] Josef Pieprzyk, Chris Charnes, Jennifer Seberry, On the Immunity of S-boxes
against Linear Cryptanalysis, Center for Computer Security Research,
Department of Computer Science, University of Wollongong, pp. 1 9.
[38] Xian-Mo Zhang, Yuliang Zheng, On Nonlinear Resilient Functions,
EUROCRYPT95, France, May 1995, pp. 3 15.
[39] Simon Fischer, Willi Meier, Algebraic Immunity of S-boxes and Augmented
Functions, FHNW, CH-5210 Windisch, Switzerland.
[40] H Vn Qun, L thuyt thng tin, Khoa CNTT HBK TPHCM, pp. 45
53.
[41] Ghizlane ORHANOU, Sad EL HAJJI, Youssef BENTALEB, Jalal LAASSIRI
EPS Confidentiality and Integrity mechanisms Algorithmic Approach, IJCSI
International Journal of Computer Science Issues, Vol. 7, Issue 4, No 4, July
2010, pp. 15 22.

Trang 145

Ph lc A. Mt s thuc tnh mt m khc ca
hm Boolean

Ngoi cc thuc tnh mt m quan trng ca hm Boolean, nh hng n tnh an ton
ca generator nh: tnh cn bng (balancedness), phi tuyn (nonlinearity), tiu
chun SAC, min tng quan (correlation immunity), cn c cc thuc tnh khc ca
hm Boolean cng nh hng n tnh tan ton ca generator l bc i s
(algebraic degree), min i s (algebraic immunity). Ging nh phi tuyn, khi
nim bc i s v min i s khng ch c hm Boolean m cn c S-box, ph
lc cn trnh by khi nim ca chng i vi S-box.
A.1. Bc i s ca hm Boolean
Mt cch biu din ca hm Boolean hay c dng trong mt m l biu din a thc
n bin trn GF(2), c dng [36]:
, ) (
) ( ) (
I
I
N P I I i
i I
N P I
x a x a x f
e e e
= |
.
|
\
|
=

y P(N) l k hiu tp ly tha (power set) ca } , , 2 , 1 { n N = (tp ly tha ca N l
tp bao gm tt c cc tp con ca N). Dng biu din ny c gi l dng chun i
s (Algebraic Normal Form ANF) ca hm Boolean. Mi hm Boolean tn ti duy
nht mt ANF [36].
Bc ca ANF c k hiu l f d v c gi l bc i s (algebraic degree) ca
hm f : } 0 / | max{| = =
I
a I f d , y | | I l k hiu kch thc ca I. Bc i s cn
c tn gi khc l bc phi tuyn (nonlinear order).
Trang 146

V d [36]: Cho hm f vi truth-table l:

x
1
x
2
x
3
f(x)
0 0 0 0
0 0 1 1
0 1 0 0
0 1 1 0
1 0 0 0
1 0 1 1
1 1 0 0
1 1 1 1

N l tng ca cc hm nguyn t (atomic function) f
1
, f
2
v f
3
vi cc truth-table tng
ng l:

x
1
x
2
x
3
f
1
(x) f
2
(x) f
3
(x)
0 0 0 0 0 0
0 0 1 1 0 0
Trang 147

0 1 0 0 0 0
0 1 1 0 0 0
1 0 0 0 0 0
1 0 1 0 1 0
1 1 0 0 0 0
1 1 1 0 0 1

Hm f
1
(x) nhn gi tr 1 nu v ch nu 1 1
1
= x , 1 1
2
= x v 1
3
= x , iu ny xy ra
nu v ch nu 1 ) 1 )( 1 (
3 2 1
= x x x . V vy ANF ca ca f
1
c th thu c bng trin
khai ca tch
3 2 1
) 1 )( 1 ( x x x . Tng t i vi f
2
v f
3
, t ta xem ANF ca f bng
3 3 2 3 2 1 3 2 1 3 2 1 3 2 1
) 1 ( ) 1 )( 1 ( x x x x x x x x x x x x x x x = . T y d dng nhn ra
bc i s ca f l 3.
Trong trng hp hm f c nhiu bit u vo hn (tng ng vi truth-table phc
tp hn), c mt thut ton gip ta tnh c ANF ca f t truth-table ca n, l
thut ton Fast Mobius Transform. y l mt thut ton dng phng php chia tr
[36].
Cc hm mt m phi c bc i s cao. Thc vy, tt c cc h thng mt m s dng
cc hm Boolean phi mang li s hn n cho phng php m, nh kt hp hoc lc
cc hm trong m dng, cc hm Boolean n trong S-box ca m khi [36], hay S-box
c dng thut ton ZUC.
Trang 148

Trong trng hp dng kiu generator lc trong m dng, nu L l chiu di
ca LFSR v nu a thc hi tip (kt ni) l a thc c bn, th phc tp tuyn tnh
ca dy u ra ca generator tha:
=
|
|
.
|
\
|
s
f d
i
i
L
LC
0

Nh vy bc i s ca f c gi tr cao sao cho phc tp tuyn tnh c th c gi tr
cao. Nu phng php m s dng hm Boolean vi bc i s thp c th gy ra
kh nng b tn cng sai phn cao [36].
Bc i s ca hm Boolean l c s xy dng khi nim v bc i s ca S-box,
nh sau:
nh ngha bc i s ca S-box [38]: Bc i s ca S-box l bc i s nh nht
trong s cc bc i s ca cc t hp tuyn tnh khc khng ca cc hm thnh phn
S-box. Ngha l:
)}. 0 ,..., 0 , 0 ( ) ,..., , ( , | {
2 1
1
min
= = =

=
m j j
m
j g
c c c f c g g d F d
trong , ) ,..., (
1 m
f f F = l hm nh x t
n
GF ) 2 ( thnh
m
GF ) 2 ( (cc f
i
vi i =
0, 1, , m l cc hm Boolean nh x t
n
GF ) 2 ( thnh ) 2 ( GF ). F chnh l mt m n
S-box.
A.2. min i s ca hm Boolean
nh ngha [36]: Cho hm Boolean f , tm hm g vi bc nh nht d, sao cho 0 = g f
hoc 0 ) 1 ( = + g f . min i s (algebraic immunity) ca f l d.
nh l [36]: Cho bt k hm Boolean f vi n bin, min i s ln nht l
(
2 / n .
Trang 149

min i s cng ln th phng php m s dng hm Boolean cng an ton chng
li cc tn cng i s (Algebraic attacks).
Cho mt S-box S, ta c nim v cc phng trnh n (implicit equations) c dng
F(x, y) = 0 vi mi
n
GF x ) 2 ( e v y = S(x). Phng trnh ny c dng ANF l:
0 ) , (
,
= =
| o
| o
y x c y x F mod 2, vi cc h s ) 2 (
,
GF c e
| o
;
n
GF ) 2 ( , e | o ;
) (
1
1
n
n
x x x
o o o
= . Nu bit trc y, phng trnh c th c vit 0 ) ( = x F
y
, gi l
phng trnh iu kin (conditional equation). Ta c nim bc d ca phng trnh
iu kin theo x l: n c WH d s = = } 1 ), ( max{
,| o
o vi ) (o WH l trng s Hamming ca
o . Vn t ra l phng trnh 0 ) ( = x F
y
no c bc nh nht tng ng vi mt u
ra y cho trc, lc ta gi phng trnh iu kin vi bc nh nht.
Sau y cng gii thiu v nh ngha min i s ca S-box:
nh ngha min i s ca S-box [39]: Xt mt S-box S:
m n
GF GF ) 2 ( ) 2 ( . Cho
mt s u ra y c nh, xc nh d l bc nh nht ca mt phng trnh iu kin
0 ) ( = x F
y
ng vi mi ) (
1
y S x

e . min i s ca S c nh ngha l gi tr d
nh nht trn mi
m
GF y ) 2 ( e .
Ph lc B. S-box trong AES
Trong AES, mi byte y c thay th s dng bng thay th (c nh) S-box c xc
nh nh sau [33]:
- Ly nghch o ) 2 (
8 1
GF y z e =

vi quy c 0
-1
= 0.
- Cho ) ,..., , (
7 1 0
z z z l biu din nh phn ca z . Thc hin nh x affine trn
trng GF(2
8
) vi biu din nh phn z . Kt qu ) ,..., , (
7 1 0
t t t t = c xc
nh nh sau:
Trang 150

|
|
|
|
|
|
|
|
|
|
|
.
|
\
|
+
|
|
|
|
|
|
|
|
|
|
|
.
|
\
|
|
|
|
|
|
|
|
|
|
|
|
.
|
\
|
=
|
|
|
|
|
|
|
|
|
|
|
.
|
\
|
0
1
1
0
0
0
1
1
1 1 1 1 1 0 0 0
0 1 1 1 1 1 0 0
0 0 1 1 1 1 1 0
0 0 0 1 1 1 1 1
1 0 0 0 1 1 1 1
1 1 0 0 0 1 1 1
1 1 1 0 0 0 1 1
1 1 1 1 0 0 0 1
7
6
5
4
3
2
1
0
7
6
5
4
3
2
1
0
z
z
z
z
z
z
z
z
t
t
t
t
t
t
t
t

Thnh phn chnh ca S-box trong AES l nh x nghch o trn trng GF(2
8
). Nh
c nh x nghch o ny, gip S-box t c tnh an ton ti u i vi phng
php thm m sai phn v phng php thm m tuyn tnh [33].
Trong S-box ny, nh x affine trn GF(2
8
) c s dng lm bc hu x l nhm
loi b cc im bt bin ( 0 0 , 1 1 ) trong nh x nghch o [33].
Ph lc C. Mt s khi nim khc
C.1. Lng tin
Lng tin (measure of information) l mt khi nim trong L thuyt thng tin dng
so snh nh lng cc tin tc vi nhau [40].
Nu s tin trong tp cc tin cng nhiu th s mang li mt lng tin cng ln khi nhn
c mt tin (gi s cc tin c kh nng xut hin bnh ng nh nhau). Mt tin c xc
sut xut hin cng nh th c lng tin cng ln. Sau y l nh ngha ca lng tin.
Xt mt ngun A = {a
1
, a
2
,, a
m
} vi cc xc sut xut hin l Pr(a
i
), i = 1, 2, , m.
K hiu lng tin ca mi tin a
i
l I(a
i
)
nh ngha (lng tin) [40]:
Trang 151

o Lng tin ca mt tin c o bng logarit ca nghch o xc sut xut hin
ca tin :
) Pr( log
) Pr(
1
log ) ( x
x
x I = =
o Lng tin cha trong mt dy x = a
1
a
2
a
n
vi A a
i
e l:
=
= =
n
i
i
a
x
x I
1
) Pr( log
) Pr(
1
log ) (
n v ca lng tin ty thuc vo cch chn c s logarit. Nu c s l 2 th n v l
bits, c s l e th n v l nats, c s l 10 th n v l Hartley. Ta khng cn quan
tm n c s, thng thng nu c ghi l log(x) ta hiu l log
2
(x).
Lng tin ring ca mt tin A a
i
e ch c ngha i vi chnh tin ch khng phn
nh c gi tr tin tc ca ngun A. T dn n khi nim lng tin trung bnh
nh sau.
nh ngha (lng tin trung bnh) [40]: Lng tin trung bnh ca mt ngun tin A l
lng tin trung bnh cha trong mt k hiu bt k ca ngun tin. N c k hiu l
I(A) v cng thc tnh:

e e
= =
A a
i i i
A a
i
i i
a a a I a A I ) Pr( log ) Pr( ) ( ) Pr( ) ( .
C.2. Cc tin ngu nhin Golomb
Ta kho st trn dy nh phn.
Cho s l mt dy (sequence). Mt run ca s l mt dy con ca s bao gm lin tip cc
phn t 0 hoc 1. Run ca 0 gi l gap, ca 1 gi l block.
Trang 152

V d: Dy 0100111, c 4 run l: 0, 1, 00, 111.
Ngoi nhng g cp v hm t tng quan ca dy trn trng GF(q) trong Phn
2.6.3, ta cn c nh ngha v hm t tng quan ca dy nh phn nh sau:
nh ngha (hm t tng quan ca dy nh phn) [18]: Cho s = s
0
, s
1
, s
2
, l mt
dy tun hon vi chu k N. Hm t tng quan ca s l hm C(t) c nh ngha
nh:
=
+
=
1
0
) 1 2 ( ) 1 2 (
1
) (
N
i
t i i
s s
N
t C , vi 1 0 s s N t .
Sau y l n nh ngha cc tin ngu nhin Golomb:
nh ngha cc tin ngu nhin Golomb [18]: Cho s l mt dy tun hon vi chu
k N. Cc tin ngu nhin Golomb nh sau:
1. Trong chu k s
N
ca s, s phn t 1 khc s phn t 0 nhiu nht 1 n v.
2. Trong chu k s
N
, c t nht 1/2 cc run c chiu di 1, t nht 1/4 c chiu di 2,
t nht 1/8 c chiu di 3,. Lu s lng cc run tng ng vi mi chiu
di nh nht l 1. Hn na, i vi mi chiu di ny, s cc gap v cc block
gn nh nhau. Nh vy tin 2 ny c bao hm c tin 1 trn.
3. Hm t tng quan C(t) nhn hai gi tr. Cho mt s s nguyn K,
s s
=
= =

=
+
1 1 ,
0 ,
) 1 2 ( ) 1 2 ( ) (
1
0
N t K
t N
s s t C N
N
i
t i i

Mt dy nh phn tha mn cc tin ngu nhin Golomb c gi l mt pseudo-
noise sequence hoc mt pn-sequence. Trong thc t, cc pn-sequence nh cc dy
m-sequence c sinh ra t maximum-length LFSR (xem Phn 2.6.1).
Trang 153

V d: Xem xt mt dy tun hon s c chu k N = 15. Vi dy chu k:
s
15
= 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1.
Xem xt s vi cc tin Golomb:
1. Trong s
15
, s cc bit 0 l 7, cc bit 1 l 8.
2. Trong s
15
, c 8 run. C 4 run chiu di 1, c 2 run chiu di 2, c 1 run chiu di
3, c 1 run chiu di 4.
3. Hm t tng quan C(t) nhn hai gi tr: C(0) = 1 v C(t) = -1/15 vi 14 1 s st .
V vy s l mt pn-sequence.

Khảo sát Mã dòng và ứng dụng - Stream Ciphers

Cargado por

Información del documento

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Khảo sát Mã dòng và ứng dụng - Stream Ciphers

Cargado por

Copyright:

Formatos disponibles

TRNG I HC KHOA HC T NHIN

KHOA CNG NGH THNG TIN

z k hiu dy c sinh ra bi SG. Tham s t c th l 1 hoc mt

. Ta c thut ton Euclid nh phn m

s l tun hon, th a thc cc tiu ca n l

s trn GF(q) c nh ngha bi:

s tun hon vi chu k N, ta c:

s c th c biu din nh:

s . Nu 1 )) ( ), ( gcd( = x f x g , th n c gi l dng t s rt gn (reduced

s . Hai mnh kinh in sau rt hu ch:

s l mt dy tun hon trn GF(q) v:

s . Khi ) (x f l a thc cc tiu ca dy nu

s l mt dy vi chu k N trn GF(q), y N khng nht thit l chu k nh

ca cc c trng ca G l mt nhm vi php nhn tng phn:

t l hai dy vi chu k tng ng l N v M, v } , { N M lcm P = (bi chung nh nht).

t l hai dy vi chu k tng ng l N v M, v } , { N M lcm P = , hm h

s l mt dy vi chu k N (khng nht thit l chu k nh nht) trn

s ng vi phc tp cu. phc tp trng s ) (

También podría gustarte