Bin i d liu

Hon v khi to IP

Ni dung bi ging:

Xo trn 64 bit d liu v chia 2 na R0, L0 (32 bit)

Cc php tnh vng th i trong 16 vng lp

DES (Tip theo)

S dng DES trong thc t

Hm m rng E(Ri-1) (32 bit 48 bit)

XOR vi kha Ki
8 S-box (6 bit 4 bit)
Hon v P xo 32 bit nhn c
XOR vi Li-1 cho ra Ri
Tm li : Ri = Li-1 XOR P( S(E(Ri-1) XOR Ki) )
Cn :
Li = Ri-1 (vng 16 khng o ch R16 v L16)

Hon v kt thc FP ( = IP-1 )

116

117

Hon v khi to

L0

(Initial Permutation IP)

L bc u ca qu trnh
tnh ton, lm thay i trt
t cc bit ngun
Cc bit chn chn vo na
trn, l vo na di
Ni chung khng tng
an ton ca TT m ch lm
cho TT phc tp hn
V d:
IP(675a6967 5e5a6b5a) =
(ffb2194d 004df6fb)
Khi to plaintext

67

ff

5a

b2

69

19

67

4d

62 54 46 38 30 22 14 6

5e

00

64 56 48 40 32 24 16 8

5a

4d

6b

f6

5a

fb

58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4

57 49 41 33 25 17 9

IP
6464

R0

59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5

Khi to plaintext:
IP(67 5a 69 67 5e 5a 6b 5a) = (ff b2 19 4d 00 4d f6 fb)

63 55 47 39 31 23 15 7

118

119

Hm m rng E

Cc php tnh vng i

(Expansion Function E)

Hm phi tuyn f bao gm:

M rng E (32 48 bit)

XOR vi kha 48-bit
Thay th S
Hon v P

Kt qu XOR vi na
phi ca khi:
Ri = Li-1 XOR
P( S [E(Ri-1) XOR Ki ] )
Li = Ri-1

M rng phn phi R ca khi bit

ngun t 32 ln 48
Chia 32 bit ngun thnh 8 nhm
mi nhm 4 bit
Sau lp li cc bit nh hnh
bn to nn cc nhm 6 bit
Sau XOR vi kha Ki to
ra dy 48 bit cho cc S-boxes
E(Ri-1) Ki
R0

32

10

11

12

13

12

13

14

15

16

17

16

17

18

19

20

21

20

21

22

23

24

25

24

25

26

27

28

29

28

29

30

31

32

V d: E(00 4d f6 fb) =
20 00 09 1b 3e 2d 1f 36

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

20 00 09 1b 3e 2d 1f 36 XOR
K1: 38 09 1b 26 2f 3a 27 0f
= 18 09 12 3d 11 17 38 39
120

1 1

ff

0 1

b2

0 0

19

1 0

4d

0 0

00

1 0

1 1

0 1

0 0
0 0

1
0

0
0

0
0

0
0

E(R0) = E(00 4d f6 fb) =

20 00 09 1b 3e 2d 1f 36
L0
0 0 32
1
2
3
4
5

0 0

0 0

0 0

E(R0)

K1

0 0

0 0

0 0

10

11

12

13

0 0

4d

0 0

12

13

14

15

16

17

f6

0 0

0 0

16

17

18

19

20

21

fb

0 0

0 0

20

21

22

23

24

25

0 0

24

25

26

27

28

29

0 0

0 0

28

29

30

31

32

0
0

R0(32 bit)

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

0
0

48 bit

0 0

0 0

0 0

25

26

27

28

29

30

0 0

31

32

33

34

35

36

0 0

37

38

39

40

41

42

0 0

43

44

45

46

47

48

A = E(R0) XOR K1 :
20 00 09 1b 3e 2d 1f 36
XOR 38 09 1b 26 2f 3a 27 0f
=
18 09 12 3d 11 17 38 39
A(48 bit)
122

121

123

Cc S-box
Ta c 8 S-box, mi ci s
bin i 6 bit thnh 4 bit
Mi S-box c 4 hng v 16
ct (c nh s t 0)
Trong 1 hng l 1 hon v ca
cc s hexa: 0-f (Mi hng c
th coi nh 1 S-box nh 4 bit)

0
1
2
3

0
e
0
4
f

2 bit 1,6 to thnh ch s

hng (0-3) (S-box nh)
4 bit 2,3,4,5 to thnh ch
s ct (0-f)
Kt qu l s 4-bit nm ti
giao im (L php thay
th trong S-box nh)

1
4
f
1
c

2
d
7
e
8

3
1
4
8
2

4
2
e
d
4

5
f
2
6
9

6
b
d
2
1

7
8
1
b
7

8
3
a
f
5

9
a
6
c
b

a
6
c
9
3

b
c
b
7
e

c
5
9
3
a

d
9
5
a
0

e
0
3
5
6

f
7
8
0
d

S1
VD: Ta c 6 bit : (011000)2
Khi :
Hng = (00)2 = 0
Ct = (1100)2 = c
S1(011000)2 = 516 =
(0101)2

S1

0 0 0
0 0 0

0 1
1 0

0
0

0
1

1
0

1
0

4
9

S2
S3

f
d

0 0 1

1 1

S4

0 0 0
0 0 0

1 0
1 0

0
1

0
1

1
1

1
1

8
b

S5
S6

5
e

0 0 1
0 0 1

1 1
1 1

0
0

0
0

0
1

2
3

c
c

S7
S8

0
3

Hng
A(48 bit)

0 2 c 4 1 7 a b 6 8 5 3 f d 0 e 9
1 e b 2 c 4 7 d 1 5 0 f a 3 9 8 6

2 4 1 e 8 d 6 2 b f c 9 7 3 a 5 0

2 4 2 1 b a d 7 8 f 9 c 5 6 3 0 e

3 f c 8 2 4 9 1 7 5 b 3 e a 0 6 d

3 b 8 c 7 1 e 2 d 6 f 0 9 a 4 5 3

2
1
2
3

a
5
f
9

6
1
2
3

c
a
9
4

1
f
e
3

a
4
f
2

f
2
5
c

9
7
2
9

2
c
8
5

6
9
c
f

8
5
3
a

0
6
7
b

d
1
0
e

3
d
4
1

4
e
a
7

e
0
1
6

7
b
d
0

5
3
b
8

b
8
6
d

3 a 0 9 e 6 3 f 5 1 d c 7 b 4 2 8
1 d 7 0 9 3 4 6 a 2 8 5 e c b f 1

7
1
2
3

4
d
1
6

b
0
4
b

2
b
b
d

e
7
d
8

f
4
c
1

0
9
3
4

8
1
7
a

d
a
e
7

3
e
a
9

c
3
f
5

9
5
6
0

7
c
8
f

5
2
0
e

d
f
5
2

6
8
9
3

1
6
2
c

8
1
2
3

d
1
7
2

2
f
b
1

8
d
4
e

4
8
1
7

6
a
9
4

f
3
c
a

b
7
e
8

1
4
2
d

a
c
0
f

9
5
6
c

3
6
a
9

e
b
d
0

5
0
f
3

0
e
3
5

c
9
5
6

7
2
8
b

f
3
0
d

1
d
e
8

8
4
7
a

e
7
b
1

6
f
a
3

b
2
4
f

3
8
d
4

4
e
1
2

9
c
5
b

7
0
8
6

2
1
c
7

d
a
6
c

c
6
9
0

0
9
3
5

5
b
2
e

4 7 d e 3 0 6 9 a 1 2 8 5 b c 4 f
1 d 8 b 5 6 f 0 3 4 7 2 c 1 a e 9
2 a 6 9 0 c b 7 d f 1 3 e 5 2 8 4
3 3 f 0 6 a 1 d 8 9 4 5 b c 7 2 e
124

1 1

5 0 1 2 3 4 5 6 7 8 9 a b c d e f

0 e 4 d 1 2 f b 8 3 a 6 c 5 9 0 7
1 0 f 7 4 e 2 d 1 a 6 c b 9 5 3 8

2 d 6 4 9 8 f 3 0 b 1 2 c 5 a e 7
3 1 a d 0 6 9 8 7 4 f e 3 b 5 2 c

Kt qu l 8*4 bit = 32 bits

0 0 0

1 0 1 2 3 4 5 6 7 8 9 a b c d e f

VD: S(18 09 12 3d 11 17 38 39) = 5f d2 5e 03

125

Hon v P
(Permutation P)
P xo trn cc bit u ra ca
cc S-box cho bc tip
sau
Cc s xut hin ln xn
nhng vn theo 1 trt t nht
nh, bo m s xo trn n
tt c cc bit (u ra ca cc
S-box)
V d:
P(B) = P(5f d2 5e 03)
= 74 6f c9 1a

Ct
B(32 bit)

B = S(A) = S(E(R0) XOR K1):

16

20

21

29

12

28

17

15

23

26

18

31

10

24

14

32

27

19

13

30

22

11

25

S(18 09 12 3d 11 17 38 39) = 5f d2 5e 03
126

127

16

0
1

1
1

1
1

0
1

6
f

1
1

1
0

0
0

0
1

c
9

20

21

29

12

28

17

15

23

26

18

31

10

24

14

32

27

19

13

30

22

11

25

Cng vo na L v i ch L, R

Sau khi tnh hm f, kt qu c XOR vi na tri L

i ch 2 na R v L (tr vng cui)
Ri = Li-1 XOR P( S(E(Ri-1) XOR Ki) ), Li = Ri-1
V d: L0 = ff b2 19 4d, P(B) = 74 6f c9 1a,
R1 = L0 XOR P(B) = 8b dd d0 57
P(B)
L1 = R0 = 00 4d f6 fb
Kt qu sau vng 1
L0
f

P(B) =
P(5f d2 5e 03) = 74 6f c9 1a

1
0

1
1

1
1

1
1

1
0

1
1

1
0

1
0

1
0

0
1

1
1

1
0

0
1

0
1

1
1

0
1

R1 1
L0 0

0
0

0
0

0
1

1
1

0
0

1
0

1
1

1
0

1
1

0
0

1
0

1
1

1
1

0
0

1
1

R1 1

f
128

129

Hon v kt thc
(Final Permutation FP)
0

L bc cui cng sau 16

vng tnh ton
Kt qu chnh l u ra ca
DES
Chnh l nghch o ca IP
FP = IP-1
V d:
FP(06 8d dd cd 1d 4c ce bf ) =
(97 4a ff bf 86 02 2d 1f )

40

8 48 16 56 24 64 32

06

97

4a

8d

dd

ff

cd

bf

1d

86

FP
6464

39

7 47 15 55 23 63 31

38

6 46 14 54 22 62 30

4c

02

37

5 45 13 53 21 61 29

ce

2d

bf

1f

4 44 12 52 20 60 28

36
35

3 43 11 51 19 59 27

34

2 42 10 50 18 58 26

33

1 41

Kt qu sau
16 vng

49 17 57 25

Kt qu cui cng:
FP(06 8d dd cd 1d 4c ce bf ) = (97 4a ff bf 86 02 2d 1f )
130

131

Gii m DES

Chy th DES

gii m 1 khi cn tho g tt c cc bc ca qu

trnh tnh ton
Vi thit k Feistel, cc bc gii m s c cu trc
tng t nh cc bc m ha
Ch khc l cn phi s dng cc kha con vi th t
ngc li (K16 trc tin, sau K15 .v.v.)
Nhn xt rng IP s s tho g FP trong TT m ha
Vng u s dng kha con K16 tho g vng th 16
trong TT m ha
Cho n vng th 16 s dng kha con K1 tho g
vng th nht trong TT m ha
V FP s tho g IP trong TT m ha
Cui cng ta khi phc c d liu ban u

c th hiu DES k cn chy th DES, t nht l cho

1 vng lp
Desert l chng trnh kim tra ci t ca DES
Cho trc b 3 chun: (key plain cipher)
u tin m ha plain s dng key v so snh kt qu
vi cipher
Sau gii m cipher s dng key v so snh kt qu
vi plain
Cn phi th hin cc thng tin sau mi vng lp:
S vng f(Na phi khi R (32-bit), SK-48 (8x6bit)
kha con) = kt qu XOR L
(khng th hin c th L v bng R ca vng trc )
132

Kha ban u: K = (5b5a5767, 6a56676e)

D liu u vo: P = (675a6967, 5e5a6b5a)
IP(P) = (L0 = ffb2194d, R0 = 004df6fb)
Vng 1
f(R00= 004df6fb, SK01 =(38 09 1b 26 2f 3a 27 0f)) = 746fc91a
Vng 2
f(R01= 8bddd057, SK02 =(28 09 19 32 1d 32 1f 2f)) = 7add38ae
Vng 3
f(R02= 7a90ce55, SK03 =(39 05 29 32 3f 2b 27 0b)) = a5e3f499
Vng 4
f(R03= 2e3e24ce, SK04 =(29 2f 0d 10 19 2f 1d 3f)) = c5403e1c
Vng 5
f(R04= bfd0f049, SK05 =(03 25 1d 13 1f 3b 37 2a)) = 91a62c82
Vng 6
f(R05= bf98084c, SK06 =(1b 35 05 19 3b 0d 35 3b)) = 6aeb6bc3
Vng 7
f(R06= d53b9b8a, SK07 =(03 3c 07 09 13 3f 39 3e)) = 1e9f7513
Vng 8
f(R07= a1077d5f, SK08 =(06 34 26 1b 3f 1d 37 38)) = 59d1851c
Vng 9
f(R08= 8cea1e96, SK09 =(07 34 2a 09 37 3f 38 3c)) = 0fc4b474
Vng 10 f(R09= aec3c92b, SK10 =(06 33 26 0c 3e 15 3f 38)) = 8de55e67
Vng 11 f(R10= 010f40f1, SK11 =(06 02 33 0d 26 1f 28 3f)) = dced7991
Vng 12 f(R11= 722eb0ba, SK12 =(14 16 30 2c 3d 37 3a 34)) = 898d0def
Vng 13 f(R12= 88824d1e, SK13 =(30 0a 36 24 2e 12 2f 3f)) = 34cee3c3
Vng 14 f(R13= 46e05379, SK14 =(34 0a 38 27 2d 3f 2a 17)) = 6a4754b1
Vng 15 f(R14= e2c519af, SK15 =(38 1b 18 22 1d 32 1f 37)) = 5bac9dc6
Vng 16 f(R15= 1d4ccebf, SK16 =(38 0b 08 2e 3d 2f 0e 17)) = e448c462
L16= 068dddcd, R16= 1d4ccebf
Kt qu m ha: C = FP(L16, R16) = (974affbf, 86022d1f)

133

Bi luyn tp
L00
L01
L02
L03
L04
L05
L06
L07
L08
L09
L10
L11
L12
L13
L14
L15

Trong v d to kha hy:

Ch ra, lm th no to ra kha con vng th 3:
SK03 = (39 05 29 32 3f 2b 27 0b) t kha ban u:
K = 5b 5a 57 67 6a 56 67 6e

Trong v d m hahy:
Hy chy th bng tay vng tnh ton th 3:
Vng 3 f(R02=7a 90 ce 55, SK03=(39 05 29 32 3f 2b
27 0b)) = a5 e3 f4 99

134

135

Kha yu

Kha yu v hi yu

(Weak Keys)

Kha yu (HEX)
Trong nhiu TT khi c nhng kha cn phi trnh dng
v n s lm gim phc tp ca TT
V d nh cc kha ch to ra c 1 kha con duy nht
trong tt c cc vng lp
nh ngha:
Kha k ca DES gi l yu (weak) nu Ek(Ek(x)) = x, x
Cp kha (k1, k2) ca DES gi l hi yu (semi-weak)
nu: Ek1(Ek2(x)) = x, x
Cc kha hi yu ch to ra c 2 kha con khc nhau trong
tt c cc vng lp
DES c 4 kha yu v 6 cp hi yu
DES cn c nhng kha ch to ra 4 kha con khc nhau

C0

D0

}28

{ 0 }28

FEFE FEFE FEFE FEFE

{ 1 }28

{ 1 }28

1F1F 1F1F 0E0E 0E0E

E0E0 E0E0 F1F1 F1F1

}28

{ 1 }28
{ 0 }28

0101

0101 0101 0101

{0

{0
{ 1 }28

C0 D0
Kha hi yu (HEX)
{01}14 {01}14 01FE 01FE 01FE 01FE FE01 FE01 FE01 FE01

C0 D0
{10}14 {10}14

{01}14 {10}14 1FE0 1FE0 0EF1 0EF1

E01F E01F F10E F10E

{10}14 {01}14

{01}14

{0}28

E001

{10}14 {0}28

{01}14

{1}28 1FFE 1FFE 0EFE 0EFE

01E0 01E0

{0}28 {01}14 011F 011F

{1}28

{01}14

01F1 01F1

010E 010E

E0FE E0FE F1FE F1FE

E001 F101 F101

FE1F FE1F FE0E FE0E

{10}14 {1}28

1F01

0E01 0E01

{0}28

{10}14

FEE0 FEE0 FEF1 FEF1

{1}28

{10}14

1F01

136

137

DES trong thc t

c im thit k DES
Phi trnh cc kha yu trong chng trnh to kha

Cn ci tin DES trnh TT vt cn kha

DES 3 lp (Triple DES) s dng DES 3 ln:

Thit k S-box
L 4 hm thay th, mt trong s c chn bi cp
2 bits 1 v 6
Mi hm s thay th cc bit 2,3,4,5 bi cc bit ch
Cn to ra hiu ng thc v tnh ton vn

C = DESK3 { DES-1K2 { DESK1 (P) } }

Tng thch vi DES (K1=K2=K3)
S dng 2 kha (khi K1=K3)

Hin vn cha b b m, s dng rng ri, tuy nhin

tc chm (gim 3 ln)
DES c cc kiu s dng (mode of use) trong thc
t nh sau:

Thit k hon v
C 5 hon v: IP, IP-1, P, E, PC1, PC2
IP, IP-1, PC1 l nhng hm to nn lin kt DES vi
bn ngoi
E, P, PC2 lm vic vi S-box: bo m s ph thuc
ca cc bit ch vo kha v cc bit ngun
Cn h tr to ra hiu ng thc v tnh ton vn

Kiu khi (Block Modes):

X l thng ip trong cc khi (ECB, CBC)
Kiu lung (Stream Modes):
X l thng ip nh l cc dng bit/byte (CFB, OFB)
138

139

Electronic Codebook (ECB)

Thng ip
c chia
thnh cc khi
c lp, c
m ha ring
r
Mi khi l mt
gi tr 64 bits
c thay th
bng mt gi
tr 64 bits khc
Cc khi hon
ton c lp
vi nhau
Ci = DESK (Pi)

u v khuyt ca ECB
Cc tnh cht ca ECB
Khi ngun (gn) ging nhau s to nn cc khi
m (gn) ging nhau v ngc li
Cc khi c lp vi nhau: Thay i th t cc
khi ngun s ch lm thay i trt t cc khi m

Do cc khi m c lp nn k l c th xen
vo 1 khi m ngi nhn khng th bit
Hn na s lp li cc khi ging nhau s
to iu kin cho vic thm m
Do ECB ch c tc dng tt khi s lng
cc khi ca thng ip ngun khng ln
140

u v khuyt ca CBC

Cipher Block Chaining (CBC)

Thng ip c
chia thnh cc khi
Nhng chng lin kt
vi nhau trong quy
trnh m ha
Cc khi m s c
buc vo cc khi
ngun trc
S dng vector khi
to bit (Initial
Vector - IV) bt
u m:
C0 = IV
Ci = DESK (Pi XOR Ci-1)
( i = 1..n )

141

Mi khi ch ph thuc vo tt c cc khi ngun

trc
Thay i trn ng truyn hoc thay i khi
ngun s c th hin khi m sau khi xy ra s
thay i
Vector khi to (IV) cn c thng bo cho c
ngi gi ln ngi nhn
Tuy nhin nu IV c gi cng khai, k l c th thay
i IV v cc bit khi th nht cho ph hp
Do IV cn c c nh hoc c m ha v gi
bng ECB phn u ca thng ip

X l kh nng khi cui cng < 8 bytes

142

B sung thm cc byte cho 8

VD: [b1 b2 b3] [b1 b2 b3 00 00 00 00 05] thm 5 byte143

IV

Cipher FeedBack (CFB)

J1

Thng ip c chia thnh cc khi 64 bit

Mi khi coi l 1 dng bit s c XOR vi 64 bit
u ra ca DESK(J) (J1 IV)
Kt qu C cn dng lm u vo cho vng sau
Khi : ( i = 1..n )
Ji = Ci-1 ; vi C0 = IV
Ci = Pi XOR DESK (Ji) ;
C khi m ha v gii m CFB thut ton khi lun
trng thi m ha
Li nu xy ra s b lan truyn cho cc khi sau

J2

64

Jn
64

64

DES

DES

..

DES

64

64

64

64

64

64

C1
64

P1

C2

Cn

64

P2

64

M ha CFB

Pn

144

IV

Output FeedBack (OFB)

J1

J2

64

Jn
64

64

DES

..

DES

64

64

Thng ip ngun c chia thnh cc

khi 64 bit P v s c coi nh l 1
dng bit
u ra ca TT khi mt mt XOR vi cc
khi P cho cc khi C, mt khc s
lm ngun cho TT khi sau:

DES
64

Oi = DESK (Oi-1) ; vi O0 = IV; i=1..n

Ci = Pi XOR Oi

64
64 C1

P1

145

64

P2

C2
Gii m CFB

64 Cn

Cc Oi khng ph thuc vo thng ip

Pn
146

147

IV

IV

J1

J2

64

Jn

64

DES

64

C1
P1

..

64

64

64

64

64

DES

J1

64

P2

64

DES

64

64

64

64

..

DES

DES
64

64

64 C1

Cn

Jn

64

DES

64

C2

J2

64

C2

64 Cn

64

M ha OFB

Pn

P1

P2

Gii m OFB

Pn

148

Mt s dng thm m

149

Bi tp

C mt s kiu thm m TT m ha khi sau:

Vt cn kha (Exhaustive Key Search)

Gi s DES c ci t nh l mt hm nhn
8 bytes d liu u vo, 8 bytes kha v xut
ra kt qu 8 bytes.

Tn cng cu trc (Structural Attacks)

Thm m vi phn (differential cryptanalysis)
Thm m tuyn tnh (linear cryptanalysis)
Tn cng kha (related key attacks)

1. Hy xy dng chng trnh m ha mt dng d

liu di ty s dng mt trong cc kiu s dng
ECB, CBC, CFB v OFB.
2. Xy dng chng trnh cho php la chn mt
trong bn kiu s dng trn y m ha.

Tn cng thc hin (Implementation Attacks)

Thm m thi gian (timing attacks)
Thm m nng sut (power attacks)
Thm m sai st (differential fault analysis)

Tn cng o (Inventing Attacks)

150

151