信息安全概论第二讲 密码学-new.ppt

guojpeng@whu.edu.cn 1. 2. 3. 4. 5.PGP QQ 32315476 1 A B DES 1977 RSA1977 -- -- 1.1 : <-> (Cryptology) = (Cryptography) + (Cryptoanalysis)

1.2 cipher algorithm AB A B A restricted C=EM M C C M M=DC key key A B C=EM M C C M M=DC m m m

1.2.3 cryptosystem 1.2.3.1 symmetric algorithm Alice Bob Alice Bob / Alice Bob BobAlice / Bob Alice A B m c c m m

1.2.3.2 n =n(n-1)/2 10 45 100 4950 public key private key public-key algorithm AliceBob AliceBob Bob Alice AliceBob Bob Bob Alice A B Bob Alice 1.2.3.3 VS m c c m m DES IDEAAES

1.2.3.3 VS A B RSAElGamal Rabin C 1 = E K (M 1 )C 2 = E K (M 2 ) C i = E K (M i ) M 1 M 2 M i K M 1 C 1 = E K (M 1 ) M 2 C 2 = E K (M 2 ) MiC i = E K (M i ) K C i+1 =E K (M i+1 ) M i+1

M 1 C 1 = E K (M 1 ) M 2 C 2 = E K (M 2 ) MiC i = E K (M i ) M 1 M 2 M i K C i+1 = E K (M i+1 ) M i+1 QQ QQ QQ C 1 M 1 = D K (C 1 ) C 2 M 2 = D K (C 2 ) CiM i = D K (C i ) C 1, C 2 K 1.3.2 K

2. 2.1 ( ) 2.1.1 440

2.1.2 DATA SECURITY 34 1 2 3 4 1 2413 D A T A S E C U R I T Y :? AEI AUY DSR TCT 2.1.3 2.1.3 1. 2. 3. 4. Beale 1 50 System models Vbvwhp prghov ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC 2 1861~1865 Discrete and System Dsrtadytm Iceensse D s r t a d y t m i c e e n s s e P188

3 4 2001117 ****** System Beale 5 6- C= 115 73 24 818 37 52 49 17 31 62 657 22 7 15 M= I have deposited 2.2 VS stream algorithm stream cipher ( ) block block algorithm block cipher

2.2.1 DES DES 20 70 1972 NBS 1973 5 NBS 19748 NBS IBM 20 70 LUCIFER 1976 NBS DES19761123 1977115 6 NBS,, P190 6-7 DES DES 56 F E 32 S P 32 48 48 48 32 32 28 28 k i 28 28 32 32 3DES 2.2.2 AES 56bit DES 1997 NIST AES Advanced Encryption Standard 2001 19988 AES 15 19993 AES 5 MARS, RC6, Rijndael, SerpentTwofish 200010 NIST Joan Daemen Vincent Rijmen Rijndael AES 2001 NIST FIPS Rijndael AES

128bit192bit 256bit 128bit192bit 256bit 4 S- ShiftRow MixColum RC Rijndael RC RSA RC4 RC 2048 DES 10 RC4 128 RC4 RC4 IDEA 1990 XuejiaLaiJamesMassey PES(Proposed Encryption Standard) 2.2.3 RSA 1976 W.Diffie Hellman RSA Rivest, Shamir & Adleman 1977 IDEA(Internetional Data Encryption Algorithm) RSA 0n-1 n 1024 309

m m c c m p=5,q=11,n=55, f(n)=(5-1)(11-1)=40,e=3,d=27 ={355} ={27,55} RSA 1. pqp=5,q=11 2. N=pqN φ(n)=(p-1)(q-1) 3. e gcde, φ(n)=1 (eφ(n) )e 4. d ed 1 mod φ(n)d ={e,n} ={d,n} p=5,q=11,n=55, f(n)=(5-1)(11-1)=40,e=3,d=27 ={355} ={27,55} M=5 C C=M e mod N, where 0M<N M=C d mod N en dn M ed = M mod N M e C d en d RSA M: {e,n} : C=M e mod N, where 0M<N C: {d,n} : M=C d mod N M N RSA RSA S = M d mod N <- M = S e mod N RSA M d e =M e d = M (mod N) <--

={e,n} ={d,n} en d ed 1 mod φ(n) eφ(n) d f(n) N)!!! φ(n)= N=p*q φ(n)=(p-1)(q -1) N 2.2.4 Rabin ElGamal ECC 3 10 public key private key ===

DSS 4 Message-Digest Algorithm H (x) HASH 128 H (x) xh (x) H (x) ( ) MM H(M)= H(M ) MD2 128 MD4 M M 128 H(M )H(M) M M H(M )H(M) MD5 MD4 128

SHA 160 Alice Bob Bob SHA-1 SHA Bob Alice SHA-256SHA-383 SHA-512 256 383 512 MD5 MD5 Alice Bob Bob Alice Bob Alice MM H(M)= H(M ) MD5 MD5 MD5 MD5 Reverse Lookup WebSite MD5 Reverse Lookup http://www.md5lookup.com/ MD5 + The latest iteration of the database has the following character set: 1-5 Length: a-z, A-Z, 0-9, 6-7 Length: a-z, 0-9 8-10 Length: 0-9 And is 416Gb, with approximately 98 billion rows.

- MD5 (MAC) + A B MD5(A)=MD5(B) HMACKeyed-Hashing for Message Authencication A B MD5 HMAC HMAC-MD5 SHA-1 HMAC HMAC-SHA1 HMAC HMAC H( K XOR opad, H(K XOR ipad, text)) ipad = the byte 0x36 B opad = the byte 0x5C B. B=,MD5 B=64 K 0 B H(A,B) AB text HMAC HMAC H( K XOR opad, H(K XOR ipad, text)) Trudy Trudy Alice h(alice s password) h(alice s password) Bob AliceBob HMAC HMAC / Challenge/Response A B B HMAC-MD5 A HMAC-MD5

PGP PGP PGP RSA DSS/SHARSA/SHA, RSAMD5, CAST-128IDEA3DES + Diffie-HellmanRSA ZIP Radix 64 M : Ks : session key KRa: A KUa: A EP : DP : EC : DC : H : : Z : ZIP

PGP PGP Desktop 9.0.2 Keyserver.pgp.com Keyserver.pgp.com Keyserver.pgp.com StrongDisk