mat ma khoa cong khai

Nguyn Khanh Vn Mt m v An ton Thng tin HBKHN-2000

H THNG M VI KHA CNG KHAI PUBLIC KEY CRYPTOSYSTEMS

1976, Diffie & Hellman.

Khi nim Cc h thng m nghin cu trong chng trc c th gi l cc h m kha i xng (Symmtric Key Cryptosystems) do hai bn gi v nhn tin u thng nht chung mt kho b mt. Cc h ny cn c cc tn gi khc l: H m vi kha s hu ring (Private Key Cryptosystems) H m vi kha b mt (Secret Key Cryptosystems) H m truyn thng (Conventional Cryptosystems) -- tu theo cc ng cnh khc nhau. KAC KBC

KAB A

C

B

KCD KAD

KCD D im yu ca h m i xng l: Vn qun l kho (To, lu mt, trao chuyn ...) l rt phc tp v cng ngy cng

kh khi s dng trong mi trng trao i tin gia rt nhiu ngi dng. Vi s lng user l n th s lng kho cn to lp l n(n-1)/2. Mi ngi dng phi to v lu n-1 kho b mt lm vic vi n-1 ngi khc trn mng. Nh vy rt kh khn v khng an ton khi n tng ln.

Vn th hai l trn c s m i xng, khng th thit lp c khi nim ch k in t (m th hin c cc chc nng ca ch k tay trong thc t) v cng do khng c dch v non-repudiation1 (khng th ph nhn c) cho cc giao dch thng mi trn mng.

Vn l ch trong m ho vi kho b mt, thng tin mt u c chia s chung bi c hai bn Alice v Bob, do Alice c th lm c bt k ci g m Bob lm v ngc li (ch k y l m ho ca ti liu theo kho i xng v do c hai bn u c th to c, tc l khng tho mn tnh mt ch duy nht nh ch k tay thng). Gii php duy nht cho vn ny l phi c thm mt thnh phn th ba trong bt c giao dch no gia 1 Dch v non-repudiation cho php trong mi trng hp ca mt qu trnh giao dch gia hai bn Alice (A v B(Bob), mi bn u c bng chng chng gian nhng trng hp pha bn kia chi b mt giao dch no , chng hn nh Alice c th ci ly c l mt k no khc mo nhn l mnh tin hnh giao dch x no vi Bob t trc.

Chng III - 1 -


Alice v Bob, c gi l trusted authorty, tc l mt ngi c thm quyn m c Alice v Bob u tin tng l trung thc. Ngi ny s lm chng v trng ti trong trng hp xy ra tranh ci gia hai bn trung thc. Ngi ny s lm chng v trng ti trong trng hp xy ra tranh ci gia hai bn Alice v Bob. Tuy nhin theo s th cng vic ca ngi trng ti ny s rt nng v phi tham gia vo tt c cc giao dch ca cc bn, v sm mun cng s tr thnh im qu ti v giao thng truyn tin cng nh tc x l - bottleneck). Diffie & Hellman trong cc cng trnh ca mnh (1975-76) xut nhng t tng v mt loi h m vi nguyn tc mi, trong h m c gn vi mt user (ngi s dng) nht nh ch khng phi l gn vi mt cuc truyn tin gia mt cp user. Trong h thng mi ny, mi user c hai kho, mt c gi l kho b mt (secret key hay private key) v mt c gi l kho cng khai (public key). Kho th nht ch mnh user bit v gi b mt, cn kho th hai th anh ta c th t do ph bin cng khai. Kho th nht thng i lin vi thut ton gii m, cn kho th hai thng i lin vi thut ton sinh m, tuy nhin iu khng phi l bt buc. Ta hy k hiu chng l z (kha ring) v Z (kha cng khai) Hot ng ca chng l i xng X = D(z, E(Z, X)) (1) v X = E(Z, D(z, X)) (2) Trong (1) c s dng cho truyn tin mt: B,C,D mun gi tin cho A ch vic m ho thng tin vi kho CK (ZA) ca A ri gi i. Ch c A mi c th kho ring gii m (zA) v c c tin, E d c nghe trm cng khng th gii m ly c tin v khng c kho zA. Cn (2) s c s dng xy dng cc h ch k in t nh sau ny ta s nghin cu (K bng E(ZA) v kim nh bng D(zA) ). H m theo nguyn tc ni trn c gi l h m vi kho cng khai (public key cryptosystems - PKC) hay cn c gi l m phi i xng (asymmetric key cryptosystems). Nguyn tc cu to mt h PK (trapdoor)

Mt h m PKC c th c to dng trn c s s dng mt hm kiu one - way (1 chiu). Mt hm f c gi l one-way nu: 1. i vi mi X tnh ra Y = f(X) l d dng. 2. Khi bit Y rt kh tnh ra X. V d. Cho n s nguyn t p1, p2, ...pn ta c th d dng tnh c N = p1 * p2 * ... * pn, tuy nhin khi bit N, vic tm cc tha s nguyn t ca n l kh khn hn rt nhiu, c bit l khi N ln v cc tha s nguyn t ca n cng ln.

Chng III - 2 -


Chng ta cn mt hm one-way c bit m c trng b mt trap door (ca by), sao cho nu bit trapdoor ny th vic tnh X khi bit f(X)( tc l i tm nghch o ca f) l d dng, cn ngc li th vn kh nh thng. Mt hm one-way c trap door nh th c th dng to ra mt h m PKC. Ly Ez (hm sinh m) l hm one- way c trap-door. Trap- door chnh kho mt, m nu bit n th c th d dng tnh c ci nghch o ca Ez tc l bit Dz, cn nu khng bit th rt kh tnh c. Sau y chng ta s kho st hai v d v vic xy dng trap-door cho mt hm one-way. V d u tin l mt c gng nhng tht bi, h Trapdoor Knapsack. V d th hai l mt h thnh cng v rt ni ting, l h RSA. Trapdoor Knapsack da trn bi ton ng thng 1978, hai ng Merkle - Hellman xut mt thut ton m ho theo m hnh PKC da trn bi ton NG THNG nh sau: Cho 1 tp hp cc s dng ai, 1in v 1 s T dng. Hy tm 1 tp hp ch s S {1,2,...,n } sao cho:

ai = T iS

Bi ton ny l mt bi ton kh, theo ngha l cha tm c thut ton no tt hn l thut ton th-vt cn v nh vy thi gian x l s c tnh theo lu tha vi s m l s lng n s dng cho trc. VD: (a1, a2, a3, a4) = (2, 3, 5, 7) T = 7. Nh vy ta c 2 p s S = (1, 3) v S = (4). T bi ton ng thng ny chng ta s kho st cc kh nng vn dng to ra thut ton m khi PKC. S u tin nh sau: Chn mt vector a = (a1, a2, ... , an) - c gi l vector mang (cargo vector) Vi mt khi tin X = (X1,X2,X3 ..., Xn), ta thc hin php m ho nh sau:

T= aiXi (*) i=1,n

Vic gii m l: Cho m T, vector mang a, tm cc Xi sao cho tho mn (*). Trong s ny th hin mt hm one-way vi vic sinh m rt d dng nhng vic gii m l rt kh. By gi ta phi tm cch xy dng mt trapdoor vic gii m c th lm c d dng. Merkle s dng mt mo l p dng mt vector mang c bit l vector siu tng (super-increasing), trong thnh phn i+1 l ln hn tng gi tr ca cc thnh phn ng trc n (1i). Khi vic gii m c th din ra d dng nh v d bng s sau: V d:

Chng III - 3 -


Vector mang siu tng: a=(1,2,4,8) Cho T=14, ta s thy vic tm X=(X1,X2,X3,X4) sao cho T= aiXi l d dng: t T=T0

X4=1 T1=T0-X4=6 (X1 X2 X3 1) X3=1 T2=T1-X3=2 (X1 X2 1 1) X2=1 T3=T2-2=0 (X1 1 1 1)

X1= 0 (0 1 1 1) Bi ton c gii quyt dn qua cc bc. bc i, tng ch l Ti (tc l phi tm cc aj tng bng Ti). Ta em so snh Ti vi thnh phn ln nht trong phn cn li ca vector, nu ln hn th thnh phn ny c chn tc l Xi tng ng bng 1, cn ngc li th Xi tng ng bng 0. Sau tip tc chuyn sang bc sau vi Ti+1 = Ti-Xi. Mc d ta thy vector siu tng cho php gii m d dng nhng tt nhin n cha th em p dng thng tut ngay v phi lm sao cho ch c ngi ch mi bit c n cn k th th khng, tc l ngi ch phi tm cch ch ng ngu trang vector siu tng ch c anh ta mi bit cn ngi ngoi khng th ln ra c. S sau y s trnh by mt c ch ngu trang nh vy. To kho: 1. Alice chn mt vector siu tng:

a = (a1,a2,...,an) a c gi b mt tc l mt thnh phn ca kho b mt 2. Sau chn mt s nguyn m > ai, gi l mo-dul ng d v mt s nguyn ngu

nhin , gi l nhn t, sao cho nguyn t cng nhau vi m. Kho cng khai ca Alice s l vector a l tch ca a vi nhn t :

a = (a1,a2,...,an) ai=ai (mod m); i=1,2,3...n

Cn kho b mt s l b ba (a, m, ) Sinh m: Khi Bob mun gi mt thng bo X cho Alice, anh ta tnh m theo cng thc:

T= aiXi Gii m: Alice nhn c T, gii m nh sau: 1. b lp ngu trang c ta trc ht tnh -1 (l gi tr nghch o ca , tc l -1

=1 mod m, s gii thiu thut ton tnh sau), ri tnh T=T-1 (mod m) 2. Alice bit rng T = a. X nn c ta c th d dng gii ra c X theo siu tng a. Ch thch: y ta c

T = T-1 = aiXi-1 = aiXi-1 = (ai-1)Xi-1 = aiXi = a.X

Chng III - 4 -


Nh vy chng ta xem xt xong s c th ca Merkle-Hellman v mt h PKC da trn bi ton ng thng. Brute Force Attack (tn cng v phu) Vi nhng k khng bit trapdoor (a, m, ), gii m i hi phi tm kim vt cn qua 2n kh nng ca X. S v ca gii php dng Knapsack (1982-1984). Shamir-Adleman ch ra ch yu ca GP ny bng cch i tm 1 cp (,m) sao cho n c th bin i ngc a v a (t Public key v Private key). 1984, Brickell tuyn b s v ca h thng Knapsack vi dung lng tnh ton khong 1 gi my Cray -1, vi 40 vng lp chnh v c 100 trng s. Thut ton tm gi tr nghch o theo modul ng d

Vic xy dng Knapsack vi ca by i hi phi tnh gi tr nghch o ca theo modul m. Thut ton tm x = -1 mod m, sao cho x. = 1 (mod m) c gi l thut ton GCD m rng hay Euclide m rng (GCD - Greatest common divior - c s chung ln nht). S d nh vy l v trong khi i tm c s chung ln nht ca hai s nguyn n1 v n2, ngi ta s tnh lun cc gi tr a,b sao cho GCD(n1, n2) = a.n1 + b.n2. T suy ra nu ta bit (n1,n2)=1 th thut ton ny s cho ta tm c a, b tho mn a.n1+b.n2=1, tc l n1 chnh l nghch o ca a theo modulo n2 (tc l m) Sau y l s thut ton v v d bng s

Start

n1, n2 n1>0

Initialization: a=1, b1=0

a2 = 0, b2 = 1

Compute quotient q and remainder r

when n1 is divided by a2

r=0 g = n2 a = a2 b = b2

g,a,b

UPDATE:

n1=n2

n2 = r

t=a2

a2 = a1 - q* a2

a1 = t

t=b2

b2=b1-q*b2

b1 = t

yes No

Chng III - 5 -


V d tnh bng s: Tm ngch o ca 11 theo modulo 39

t n1=39, n2=11 ta c bng tnh minh ha cc bc nh sau:

n1 n2 r q a1 b1 a2 b2

39 11 6 3 1 0 0 1

11 6 5 1 0 1 1 -3

6 5 1 1 1 -3 -1 4

5 1 -1 4 2 -7

Bi tp: Bn hy t minh l gii s khi thut ton gcd trn. Tnh nghch o ca 23

theo modulo 40.

K t nm 1976, nhiu gii php cho PKC c nu ra nhng kh nhiu trong s b ph v: chng minh c l khng an ton. Trong s nhng sn phm c coi l an ton th mt s cng b ch l khng thc dng do dung lng tnh ton ln hoc thng tin n ra qu ln khi m ho. Mt h thng PKC c th p ng 2 mc ch: i) Bo mt thng tin v truyn tin. ii) Chng thc v ch k in t. Hai thut ton p ng cc ng dng trn thnh cng nht l RSA v Elgamal. Ni chung thut ton PKC l chm v khng thch hp cho m trn dng truyn tin cn tc cao, v vy ch thng c s dng khi cn n tnh an ton cao v chp nhn tc chm. Ngoi ra ngi ta thng s dng kt hp PKC v SKC (symmetric key cryptosystems) vi PKC c tc dng khi ng mi cho SKC: dng PKC thit lp thut ton to ra kho b mt thng nht chung gia hai bn truyn tin sau s dng kho b mt trn cho pha truyn tin chnh bng SKC sau .

RSA Public key cryptosystems RSA l h PK ph bin v cng a nng nht trong thc t, pht sinh bi Rivest, Shamir & Adleman. N l chun bt thnh vn i vi PKC, cung cp tnh secretcy, authentication v digital signature. RSA da trn tnh kh ca bi ton phn tch cc s ln ra tha s nguyn t: Bit mt s nguyn t nhn chng vi nhau thu c mt hp s l d cn bit hp s, phn tch n ra tha s nguyn t l kh.

Chng III - 6 -


tng(Motivation)

tng ca cc nh pht minh l gn cc thut ton sinh m v m ho vi php ton ly lu tha trn trng Zn = {0,1,2,..n-1}. Chng hn, vic sinh m cho tin X s c thc hin qua:

Y = nX e (K hiu a = b + n ngha l a = b + k. n m a Zn cn k = 1,2,3,..., v d 7 = 33 + 10) cn vic gii m:

X = nY d (e - encryption, d-decryption) Do e v d phi c chn sao cho Xed = X (mod n) Ngi ta tm c cch xy dng cp s (e,d) ny trn c s cng thc nh sau:

1)( =nX (mod n) (nh l - le) Trong (n) l s cc thuc Zn m nguyn t cng nhau vi n. Ngi ta chn e*d sao cho chia (n) d 1, hay d= e-1 (mod (n), khi ta s c iu cn thit:

Xed = Xk.(n)+1 =(X(n))d.X = 1.X =X (n) c th tnh c khi bit cng thc phn tch tha s nguyn t ca n, c th l nu bit n = p.q (p.q l s nguyn t) th (n) = (p-1) (q=1). Ni cch khc nu nh cho trc mt s e th nu bit cng thc phn tch tha s nguyn t ca n ta c th d dng tm c d sao cho d = e-1 (mod (n)) hay l Xed = X (mod n), cn nu khng bit th rt kh. Va ri l phn trnh by dn dt v ci ngun ca thut ton, sau y l thut ton c th.

Thut ton RSA

Cc tham s 1. Chn hai s nguyn t ln p v q. Tnh n = p x q v m = (n) = (p = 1) x (q-1). 2. Chn e, 1 e m -1, sao cho gcd (e, m) = 1. 3. Tm d sao cho e x d = 1 (mod m), tc l tnh d = e-1 (mod m), gii theo thut ton gcd m rng trnh by phn trc. Kha cng khai (Public key) l (e, n) Kho dng ring (Private key) l d, p, q) Gi s X l mt khi tin gc (plaintext), Y l mt khi m tng ng ca X, v l cc thnh phn cng khai v ring ca kho ca Alice

),( AA Zz

M ho. Nu Bob mun gi mt thng bo m ho cho Alice th anh ta ch vic dng kho cng khai ca Alice thc hin:

nXXEY eZ A == )(

Chng III - 7 -


Gii m: Khi Alice mun gii m Y, c ta ch vic dng kho ring zA = d thc hin nh sau:

nYYD dzA =)( V d: Chn P = 11 v q = 13 N=11*13=143 m= (p-1)(q-1) =10 *12=120 e=37 gcd (37,120) =1 S dng thut ton gcd tm sao cho e * d =1 120, ta tm c d= 13 (e*d =481) m ho mt xu nh phn, ta phi b ra thnh nhiu on di l u bit, sao cho 2^u < = 142. Do u = 7. Mi on nh vy s l mt con s nm trong khon 0 - 127 v ta c th tnh m Y theo cng thc:

120= eXY Chng hn vi X = (0000010) =2, ta c

14312)( 37 == XXEZ Y= (00001100) Gii m nh sau:

143212)( 13 === YDX z tin cho vi giao dch trn mng c s dng truyn tin mt, ngi ta c th thnh lp cc Public Directory (th mc kho cng khai), lu tr cc kho cng khai ca cc user. Th mc ny c t ti mt im cng cng trn mng sao cho ai cng c th truy nhp ti c ly kho cng khai ca ngi cn lin lc.

User (n,e) Alice (85,23) Bob (117,5) Hua (4757,11) . . . . . .

ng dng thut ton RSA

a. Bo mt trong truyn tin (Confidentiality)

A s gi cho B, Bit ZB nn c th d dng gii m. )(XE BZ

b. Chc thc + Alice k ln tin cn gi bng cch m ho vi kho b mt ca c ta v gi

cho Bob

)(XDAz

))(,(),( XDXSXAz

=+ Khi Bob mun kim tra tnh tin cy ca tin nhn c, anh ta ch vic tnh

v kim tra nu X = X th tc l tin nhn c l ng tin

cy (authentic).

))(()(' XDEXEXAAA zZZ

==

Chng III - 8 -


Ch y 1: Trong qa trnh ny c tnh ton vn ca thng bo c kim tra v danh tnh ca ngi gi c chng thc cng mt lc. Vi v th nht l v ch mt bit ca tin m b thay i th s lp tc b pht hin ngay do ch k khng khp. Ngoi ra khng ai c th to ra c thng bo ngoi Alice v ch c duy nht Alice bit zA. Ch 2: Alice c th k vo gi tr bm (hast) ca X thay v k thng ln X. Khi ton b m m Alice s chuyn cho Bob l . H() l mt hm bm cng khai. )))((,( XHDX

Az

Phng php ny l hiu qu hn do tit kim (hm bm lun cho ra mt xu di c nh v thng thng nh hn xu u vo nhiu ln. c. Kt hp tnh mt v tin cy. Chng ta c th lm nh sau kt hp c hai kh nng a v b nh trn. A gi cho B ))(( XDEY

AB zZ=

B phc hi x nh sau: ))))(((())(( XDEDEYDEXABBABA zZzZzZ

== c bng chng nhm i ph vi vic Alice c th sau ny ph nhn gi thng bo (non -repudiation) th Bob phi lu gi )(XD

Az

Mt s vn xung quanh thut ton RSA

Vn chn p v q:

+ p v q phi l nhng s nguyn t ln, t nht l c 100 ch s. + p v q phi ln c xp x nhau ( v di cng 100 ch s chng hn). Bi tp: Ti sao li c iu kin th 2?

Mt vi con s v tc thut ton trong ci t:

So snh vi DES th RSA: + c tc chm hn rt nhiu. + Kch thc ca kho mt ln hn rt nhiu. Nu nh p v q cn biu din c 300 bits th n cn 600 bits. Php nng ln lu tha l kh chm so vi n ln, c bit l nu s dng phn mm (chng trnh). Ngi ta thy rng thc hin mt php nhn c m + 7 nhp Clock khi kch thc n l m bit. +Tc hin thi:

S dng phn cng c chng: n c 507 bits th t c tc khong 220Kb/s Phn mm: n c 512 bits th t c tc khong 11Kb/s

V bi ton phn tch ra tha s nguyn t

Gii thut tt nht vn l phng php sng s. Mt c lng v thi gian thc hin ca gii thut l:

n2log5017.9

10+

L(n) Trong log2n cho s bit s bit cn biu din n, s cn phn tch ra tha s nguyn t. T rt ra, nu tng n ln thm 50 bit (qung 15 ch s thp phn) th thi gian lm phn tch ra tha s nguyn t tng ln 10 ln.

Chng III - 9 -


Ngi ta c lng thy, vi n=200, L(n) 55 ngn nm. i vi kh nng thc hin bng x l song song, mt trong cc kt qu tt nht v phn tch TSNT vi s ln cho bit phn tch mt s c 129 ch s, phn b tnh ton trn ton mng Internet v mt trn 3 thng. Ngy nay, vi nhng ng dng c i hi an ton c bit cao ngi ta s dng i lng modulo ca RSA ny ln n 1024 bit v thm ch 2048 bit.

Vn i tm s nguyn t ln:

Mt thut ton to ra tt c cc s nguyn t l khng tn ti, tuy nhin c nhng thut ton kh hiu qu kim tra xem mt s cho trc c phi l nguyn t hay khng (bi ton kim tra tnh nguyn t). Qua vic tm cc s nguyn t ln cho RSA l mt vng lp gm cc bc: 1. Chn mt s ngu nhin p nm trong mt khong c ln yu cu (tnh theo bit) 2. Kim tra tnh nguyn t ca p, nu l nguyn t th dng li, nu khng th quay li bc 1. Nhng thut ton tt nh kim tra tnh nguyn t khng phi l tm thng v i hi c thc hin trn my tnh rt kho. Tuy nhin ngi ta cng cn s dng cc thut ton on xem mt s c phi nguyn t khng. Cc thut ton on ny c th a ra li gii c tnh chnh xc cao, ph thuc vo thi gian b ra chy n. y ta hay xt v d mt thut ton on, da trn phng php sau y ca Lehman. P/p Lehman: Gi s n l mt s l, vi mi s nguyn a ta hy k hiu:

nan

2

1

e(a,n) = { }{ }1,..2,1

,:),(*

*

==

nZZanaeG

n

n

V d: Vi n=7, ta c 23=1, 33=6, 43=1, 53=6, 63=1 Tc l G= {1,6}. nh l Lehman: Nu n l mt s l th G={1,n-1} khi v ch khi n l s nguyn t. Theo nh l ny ta c php th sau: 1. Chn ngu nhin mt s a Zn* 2. If (gcd(a,n) >1) return (l hp s) else

)1||1( 21

21

== nn

aaIf3. If ( return ( c th l nguyn t) else return (l hp s)

Nu nh thc hin php th ny 100 ln v u thu c cu tr li c th l nguyn t th xc xut n khng phi l s nguyn t (on nhm) s ch l 2-100. Bng phng php on ny ta c th loi b nhanh chng cc hp s v ch thc hin php kim tra tt nh cui cng vi cc s tr li dng tnh bc on.

Chng III - 10 -


Gii thut tnh lu tha nhanh

Lu tha c th c tnh nh thng thng bng php nhn lin tc tuy nhin tc s chm. Lu tha trong trng Zn (modulo n) c th tnh nhanh hn nhiu bng gii thut sau y. Gii thut ny s dng hai php tnh l tnh bnh phng v nhn. tnh X (modul n): 1. Xc nh cc h s i trong khai trin ca trong h nh phn:

= 020 + 121 + 222 + ... + k2k 2. Dng vng lp k bc tnh k gi tr n, vi i=1,k : iX 2

11 222

224

2

... =

==

kkk

XXX

XXXXXX

3. Do cng thc nn ta tnh c X n bng cch em nhn vi nhau cc gi tr n tnh bc 2 nu nh i tng ng ca n l 1:

i

X 2

=

==1,

0,1)(

22

i

ii

ii

XX

V d: Xt RSA vi n=179, e=73. Vi X= 2 ta c Y= 273 179 73 = 64+8+1 = 26+23+20. Y=264+8+1 = 264 28 21 im yu ca gii thut RSA

Trong h RSA, khng phi tt c cc thng tin u c che giu tt, tc l mi kho u tt v u lm TIN thay i hon ton. V d: n = 35 = 5 x 7, m = 4 x 6 e = 5 (GCD (5,24) = 1) X = 8 Y = Xe 35 = 8 = X! i vi bt k kho no tn ti t nht 9 TIN b phi mt, tuy nhin i vi n 200 iu khng cn quan trng. Mc d vy phi ch l nu e khng c chn cn thn th c th gn n 50% tin b l. V d: Vi n = 35, e = 17 {1, 6, 7, 8, 13, 14, 15, 20, 21, 27, 28, 29, 34} khng che c Ngi ta cho rng c th trnh c tnh hung ny nu s nguyn t c chn l AN TON. Mt s nguyn t c gi l AN TON nu p=2p+1 trong p cng l s nguyn t.

Chng III - 11 -


nh gi v an ton ca thut ton RSA

S an ton ca thnh phn kho mt (private key) ph thuc vo tnh kh ca vic PTTSNT cc s ln. K hiu Z= (e,n) l kho cng khai. Nu bit PTTSNT ca n l n=pq th s tnh c m=(n) =(p-1)(q-1). Do tnh c d=e-1(mod m) theo thut ton gcd m rng. Tuy nhin nu khng bit trc p,q th nh bit khng c mt thut ton hiu qu no phn tch TSNT c n, tc l tm c p,q, khi n ln. Ngha l khng th tm c m v do khng tnh c d. Ch : an ton ca RSA cha chc hon ton tng ng vi tnh kh ca bi ton PTTSNT, tc l c th tn ti php tn cng ph v c RSA m khng cn phi bit PTTSNT ca n, chng hn nu nh c k thnh cng trong cc dng tn cng sau: 1. i tm thnh phn mt: K th bit X v Y vi Y=Dz(X). tm d n phi gii phng trnh:

X = Ydn Hay l tnh d = logYX 2. i tm TIN: K th bit Y v e, tm c TIN X n phi tm cch tnh cn thc bc e theo ng d, gii phng trnh

Y=Xe

Mt s dng tn cng c iu kin quan trng: i vi mt s h ci t ri vo mt s iu kin c bit c th b mt an ton. 1. Common modulus attack: Khi mt nhm user s dng cc kho cng khai Z=(e,n)

khc nhau thnh phn e nhng ging nhau modul ng d n. Khi , nu k th tm c hai on M: + ca cng mt TIN m c m ho bi kho PK khc nhau (t hai user khc nhau) + hai thnh phn e tng ng l nguyn t cng nhau th n s c cch gii c TIN. C th l nu k th bit e1,e2,N,Y1,Y2, n s suy ra ng thi:

Y1=Xe1 (mod N) Y2=Xe2 (mod N)

V (e1,e2)=1 nn n c th tm c a v b sao cho: ae1+be2 = 1

Suy ra k th c th tm c X t: Y1aY2b= Xe1aXe2b=Xe1a+e2b=X

Tm li nn trnh s dng chung modul ng d (common modulus) gia nhng user thuc v mt nhm lm vic no .

Chng III - 12 -


2. Low exponent attack: Tn cng ny xy ra vi iu kin l gi tr e c chn nh (e m nh th thut ton m ho trong truyn tin mt cng nh kim nh ch k s nhan hn).

Nu k th c th tm c e(e+1)/2 M m c m ho t nhng TIN ph thuc tuyn tnh th h thng s b nguy him. Tuy nhin nu cc TIN ny l khng c quan h vi nhau th khng sao. V vy nn ghp thm vo cc TIN nhng xu nh phn ngu nhin m bo cho chng l khng b ph thuc. 3. Low decryption attack: Nu thnh phn kha mt d m nh hn N/4 v e


y =gu (mod p) By gi kha cng khai ca Alice c ly l (p,g,y), kho mt l u. Sinh m: 1. Nu Bob mun m ho mt tin X truyn cho Alice th trc ht anh ta chn mt s

ngu nhin k sao cho (k,p-1) =1 2. Tnh

a=gk (mod p) b=ykX (mod p)

M l Y=(a,b) v c di gp i TIN. Gii m: Alice nhn c Y= (a,b) v gii ra X theo cng thc sau:

uabX = (mod p)

V d: p=11, g=3, u=6. Th th y=36=3 (mod 11). Kho cng khai l (p,g,y)=(11,3,3) cn kho b mt l u=6. m ho cho tin X=6, Bob chn ngu nhin k=7 v tnh

a=37=9(mod 11), b=376 = 10 (mod 11) M l (a,b) = (9,10) By gi Alice nhn c (a,b) s gii m nh sau

X = b/(au) = 10/(97) = 10 5 =6 (mod 11)

Chng III - 14 -

mat ma khoa cong khai

Documents