~h

-^_

I HC QUOc GiA H NI KHOA CNG NGH

Phan nh Diu
a

L thuyt mt m &

AN TON THNG TIN

NXB I HC Quoc GIA H NI - 2002

++

L thuyt mt m

& An ton thng tn

+ L thuyt mt m & An ton thng tin

Phan nh Diu
i hc Quc gia H Ni

Khoa Cng ngh- HQG H ni

NI DUNG

Li m u. ........................................ 4 Chng 1 Gii thiu chung v mat m. 1.1. S loc lch s v khoa mt m .......................................................... 8 1.2. H thng mt m. M theo khi v m theo dng ............................. 12 1.3. Mt m kha i xng v mt m c kha cng khai.... 15 1.4. Cc bi ton an ton thng tin ........................................................... 16 1.5. Thm m v tnh an ton ca cc h mt m .................................... 18

Chng 2. C s ton hoc ca l thuyt mat m

20

2.1.S hc cc s nguyn.Thut ton Euclide .......................................... 20 2.2. Xc sut v thut ton xc sut ......................................................... 31 2.3. phc tp tnh ton ........................................................................ 36 2.4.S nguyn t. Phn tch thnh tha s.Lgarit ri rc.... 42

Chng 3
Cc h mt m kho Ti xng ............................ 55 3.1. Cc h mt m c in ..................................................................... 55 3.2. Thm m i vi cc h mt m c in ........................................... 63 3.3. Mt m theo dng v cc dy s'" gi ngu nhin ............................ 72 3.4. H mt m chun DES ............................................ 80

Chng 4 Cc h mt m kho cng khai 92 4.1. Gii thiu m u ............................................................................. 92 4.1. H mt m kho cng khai RSA ....................................................... 97 4.2. H mt m kho cng khai Rabin.................................................... 101 4.3. H mt m kho cng khai ElGamal ............................................... 103 4.4. Cc h mt m da trn cc bi ton NP-y ............................. 107 4.5. Cc h mt m xc sut kho cng khai .......................................... 111

ton xc nhn v Ch k in t

Chng 5 Bi 115

5.1. Bi ton xc nhn v s ch k ................................................. 115 5.2. S ch k ElGamal v chun ch k i t............................... 118 5.3. Hm bm v ch k ....................................................................... 122 5.4. Mt s' s ch k khc .............................................................. 127

5.5.

Ch k khng ph nh c&khng chi b c 131

Chng 6 Cc s xng danh v xc nhn danh tnh 136 6.1. Vn xng danh ........................................................................... 136 6.2. S xng danh Schnorr ................................................................ 137 6.3. S xng danh Okamoto .............................................................. 140 6.4. S xng danh Guillou-Quisquater .............................................. 142 6.5. Giao thc Feige-Fiat-Shamir ........................................................... 145 6.6. Php chng minh khng l tri thc ................................................. 147

Chng 7 Vn phn phTi kho v thoa thun kho 152 7.1. Qun tr kho trong cc mng truyn tin ......................................... 152 7.2. Mt s h phn phi kho ............................................................... 153 7.3. Trao i kho v tho thun kho ................................................... 157

Ch dn v ti liu tham kho.......................................................................... 163

Li m u
T khi con ngi c nhu cu trao i thng tin, th t cho nhau th nhu cu gi b mt v bo v tnh ring t ca nhng thng tin, th t c trao i cng ny sinh. Hnh thc thng tin c trao i ph bin v sm nht l di dng cc vn bn, gi b mt ca thng tin ngi ta sm ngh n cch che du ni dung cc vn bn bng cch bin dng cc vn bn ngi ngoi khng c hiu c, ng thi c cch khi phuc li nguyn dng ban u ngi trong cuc vn c hiu c; theo cch gi ngy nay th dng bin i ca vn bn c gi l mt m ca vn bn, cch lp mt m cho mt vn bn c gi l php lp mt m, cn cch khi phuc li nguyn dng ban u ca vn bn t bn mt m c gi l php gii m. Php lp mt m v php gii m c thc hin nh mt cha kho ring no m ch nhng ngi trong cuc c bit, sau y ta s gi l kho mt m. Ngi ngoi cuc khng c bit kho mt m, nn d c "n cp" c bn mt m trn ng truyn tin, v nguyn tc cng khng th gii m hiu c ni dung ca vn bn truyn i. Hin nhin, tiu chun ca mt bn mt m l to c tnh b mt cho vn bn; v vy khi nim bmtl khi nim ct li nht i vi mt l thuyt v mt m. C th c mt nh ngha khoa hc cho khi nim b mt hay khng? c nhiu cch tip cn tm hiu ni dung ca khi nim b mt, nhng mt nh ngha khoa hc, hay hn na, mt nh ngha ton hc cho khi nim th cha c. Mt cch tip cn kh ph bin l gn khi nim b mt vi khi nim "ngu nhin", nu mt vn bn r c mt ni dung xc nh th iu ta mong mun l bn mt m ca n phi l mt bn gm cc k t c sp xp hn n, c v nh ngu nhin khin

ngi ngoi nhn vo khng th xc nh c ni dung ca vn bn gc. Tuy nhin, nu "b mt" l khi nim cha nh ngha c, th khi nim "ngu nhin", hay cu th hn, khi nim "dy bit ngu nhin", cng kh inh ngha nh vy, ta cha qui nh c mt tiu chun ton hc xc nh mt dy bit c l "ngu nhin" hay khng, m ch mi tm hiu c mt s thuc tnh gn vi "ngu nhin", dng lm cn c tm xc nh mt dy bit c l "gi ngu nhin" theo ngha c cc thuc tnh hay khng m thi. T my thp nin gn y, bc vo k nguyn my tnh, cng nh i vi nhiu lnh vc khc, lnh vc mt m cng c nhng chuyn bin to ln t giai on mt m truyn thng sang giai on mt m my tnh; my tnh in t c s dung ngy cng ph bin trong vic lp mt m, gii mt m, v nhng chuyn bin kch thch vic nghin cu cc gii php mt m, bin vic nghin cu mt m thnh mt khoa hc c i tng ngy cng rng ln v c s dung c hiu qu trong nhiu phm vi hot ng ca cuc sng. V cc nghip vu ch yu ca mt m c thc hin bng my tnh, nn cc khi nim b mt, ngu nhin cng dn c "my tnh ho", v vi s ra i ca L thuyt v phc tp tnh ton vo gia nhng nm 1960, cc khi nim tm c mt ni dung chung c th c nghin cu mt cch ton hc l tnh phc tp. By gi ta c th ni, mt bn mt m i vi anh l b mt, nu t bn mt m tm ra bn r anh phi thc hin mt tin trnh tnh ton m phc tp ca n vt qu mi nng lc tnh ton (k c mi my tnh) ca anh; mt dy bit c th xem l ngu nhin , nu da vo mt on bit bit tm mt bit tip theo ca dy anh cng phi thc hin mt tin trnh tnh ton c phc tp cc ln tng t nh ni trn. Vic chuyn sang giai on mt m my tnh trc ht c tc dung pht trin v hin i ho nhiu h thng mt m theo kiu truyn thng, lm cho cc h thng c cc cu trc tinh t hn, i hi lp mt m v gii m phc tp hn, do hiu qu gi b mt ca cc gii php mt m c nng cao hn trc rt nhiu. Tuy nhin, mt bc chuyn c tnh cht cch mng m mt m my tnh mang li l vic pht minh ra cc h mt m c kho cng khai, bt u t cui nhng nm 1970, c s l thuyt ca cc pht

minh l s tn ti ca cc hm mt pha (one-way function), tc l nhng hm s'" s'" hc y = f (x) m vic tnh theo pha thun t x tnh y l tng i d, nhng vic tnh theo pha ngc t y tm li x(x = /-1(y) l cc k phc tp. Cc h mt m c kho cng khai lm thay i v bn cht vic t chc cc h truyn thng bo mt, lm d dng cho vic bo mt trn cc h truyn thng cng cng, v do tnh cht c bit chng l c s cho vic pht trien nhiu giao thc an ton thng tin khc khi s dung mng truyn thng cng cng, chang hn cc loi giao thc v xc nhn ngun tin v nh danh ngi gi, ch k in t, cc giao thc xc nhn khng e l thng tin g khc ngoi vic xc nhn, cc giao thc trao i kho trong t chc truyn tin bo mt v trong xc nhn, v.v..., v gn y trong vic pht trien nhiu giao thc c th khc trong cc giao dch ngn hng v thng mi in t, pht hnh v mua bn bng tin in t,... Cng cn ni thm l l thuyt mt m hin i, tc l mt m my tnh trn c s l thuyt v phc tp tnh ton tuy c nhiu ng dung c sc v c trien vng to ln, nhng cng mi ang trong giai on pht trien bc u, cn phi khc phuc nhiu kh khn v tm kim thm nhiu c s vng chc mi e tip tuc hon thin v pht trien. Chang hn, nh trn ni, mt c s quan trng ca l thuyt mt m hin i l s tn ti ca cc hm mt pha, nhng ngay c tht tn ti cc hm mt pha hay khng cng cn l mt bi ton cha c cu tr li! Ta ch mi ang c mt s hm mt pha theo s hiu bi't ca con ngi hin nay, nhng cha chng minh c c mt hm cu the no chc chn l hm mt pha! Tuy nhin, nu theo quan iem khoa hc hin i, ta khng xem muc ch khoa hc l i tm nhng chn l chc chn tuyt i, m l i tm nhng cch gii quyt vn (problem solving) gp trong thc tin, th ta vn c the tin vo nhng gii php "tng i" rt c hiu qu m l thuyt hin i v mt m ang cng hin cho con ngi hin nay. Tp gio trnh L thuyt mt m v an ton thng tin ny c son e phuc vu cho vic hc tp ca sinh vin cc lp theo chng trnh i hc hoc cao hc thuc ngnh Cng ngh thng tin ca i hc Quc gia H ni. Trong khong mi nm gn y, trn th gii xut hin nhiu sch v ti liu c tnh cht gio khoa

hoc tham kho v l thuyt mt m hin i v ng dung. Ngi vit tp gio trnh ny ch c c gng la chn v sp xp mt s ni dung m mnh ngh l cn thit v thch hp nht trong mt phm vi hn ch v thi gian (v khng gian) trnh by v gii thiu c cho ngi hc mt cch tng i h thng nhng kin thc c bn v l thuyt mt m hin i, bao gm c mt s kin thc ton hc cn thit. Gio trnh ny c ging dy cho sinh vin cc kho cao hc v Cng ngh thng tin thuc i hc Bch khoa H ni v khoa Cng ngh i hc Quc gia H ni t nm 1997 n 2004. Ngi vit chn thnh cm n cc bn ng nghip v ngi c ch cho nhng ch thiu st c th kp thi sa cha cho nhng ln in sau, nu c.

Thng 12 nm 2002

Phan nh Diu

CHNG I

lch s v mat m.

Gii thiu chung v mat m 1.1.

S lc

Nh gii thiu trong Li m u, nhu cu s dung mt m xut hin t rt sm, khi con ngi bit trao i v truyn a thng tin cho nhau, c bit khi cc thng tin c th hin di hnh thc ngn ng, th t. Lch s cho ta bit, cc hnh thc mt m s khai c tm thy t khong bn nghn nm trc trong nn vn mnh Ai cp c i. Tri qua hng nghn nm lch s, mt m c s dung rng ri trn khp th gii t ng sang Ty gi b mt cho vic giao lu thng tin trong nhiu lnh vc hot ng gia con ngi v cc quc gia, c bit trong cc lnh vc qun s, chnh tr, ngoi giao. Mt m trc ht l mt loi hot ng thc tin, ni dung chnh ca n l gi b mt thng tin (chang hn di dng mt vn bn) t mt ngi gi A n mt ngi nhn B, A phi to cho vn bn mt bn m mt tng ng, v thay v gi vn bn r th A ch gi cho B bn m mt, B nhn c bn m mt v s c cch t khi phuc li vn bn r hiu c thng tin m A mun gi cho mnh. V bn gi i thng c chuyn qua cc con ng cng khai nn ngi ngoi c th "ly trm" c, nhng do l bn mt m nn khng c hiu c, cn A c th to ra bn m mt v B c th gii bn m mt thnh bn r hiu c l do gia hai ngi c mt tha thun v mt cha kha chung, ch vi cha kha chung ny th A mi to c bn m mt t bn r, v B mi t bn m mt khi phuc li c bn r. Sau ny ta s gi n gin cha kha chung l kha mt m. Tt nhin thc hin c mt php mt m, ta

cn cn c mt thut ton bin bn r, cng vi kha mt m, thnh bn m mt, v mt thut ton ngc li, bin bn m mt, cng vi kha mt m, thnh bn r. Cc thut ton c gi tng ng l thut ton lp mt m v thut ton gii mt m. Cc thut ton ny thng khng nht thit phi gi b mt, m ci cn c gi tuyt mt lun lun l kha mt m. Trong thc tin, c hot ng bo mt th cng c hot ng ngc li l khm ph b mt t cc bn m mt "ly trm" c, ta thng gi hot ng ny l m thm, hot ng ny quan trng khng km g hot ng bo mt! V cc thut ton lp mt m v gii mt m khng nht thit l b mt, nn m thm thng c tp trung vo vic tm kha mt m, do cng c ngi gi cng vic l ph kha.

Sut my nghn nm lch s, cc thng bo, th t c truyn a v trao i vi nhau thng l cc vn bn, tc l c dng cc dy k t trong mt ngn ng no ; v vy, cc thut ton lp mt m thng cng n gin l thut ton xo trn, thay i cc k t c xc inh bi cc php chuyn dch, thay th hay hon v cc k t trong bng k t ca ngn ng tng ng; kha mt m l thng tin dng thc hin php lp mt m v gii mt m cu th, th du nh s v tr i vi php chuyn dch, bng xc nh cc cp k t tng ng i vi php thay th hay hon v,... Mt m cha phi l mt khoa hc, do cha c nhiu kin thc sch v li, tuy nhin hot ng bo mt v thm m trong lch s cc cuc u tranh chnh tr, ngoi giao v qun s th ht sc phong ph, v mt m c nhiu tc ng rt quan trng a n nhng kt qu lm khi c ngha quyt nh trong cc cuc u tranh . Do trong mt thi gian di, bn thn hot ng mt m cng c xem l mt b mt, nn cc ti liu k thut v mt m c ph bin n nay thng ch ghi li cc kin thc kinh nghim, thnh thong mi c mt vi "pht minh" nh cc h mt m Vigenre vo th k 16 hoc h mt m Hill ra i nm 1929 l cc h m thc hin php chuyn dch (i vi m Vigenre) hay php thay th (m Hill) ng thi trn mt nhm k t ch khng phi trn tng k t ring r. Vn thm m, ngc li, khi thnh cng thng a n nhng cng hin ni tri v n tng trong nhng
9

tnh hung gay cn ca cc cuc u tranh, v cng thng i hi nhiu ti nng pht hin vi nhng kinh nghim v suy lun tinh t hn, nn e li nhiu chuyn hp dn hn. Nhiu cu chuyn k th ca lch s thm m c thut li trong quyen sch ni ting ca David Kahn The Codebreakers . The Story of Secret Writing, xut bn nm 1967 (sch c dch ra nhiu th ting, c bn dch ting Vit Nhng ngi m thm, 3 tp, xut bn ti H ni nm 1987).

Bc sang th k 20, vi nhng tin b lin tuc ca k thut tnh ton v truyn thng, ngnh mt m cng c nhng tin b to ln. Vo nhng thp nin u ca th k, s pht trien ca cc k thut bieu din, truyn v x l tn hiu c tc ng gip cho cc hot ng lp v gii mt m t th cng chuyen sang c gii ha ri in t ha. Cc vn bn, cc bn mt m trc y c vit bng ngn ng thng thng nay c chuyen bng k thut s thnh cc dy tn hiu nh phn, tc cc dy bit, v cc php bin i trn cc dy k t c chuyen thnh cc php bin i trn cc dy bit, hay cc dy s, vic thc hin cc php lp m, gii m tr thnh vic thc hin cc hm s s hc. Ton hc v k thut tnh ton bt u tr thnh cng cu cho vic pht trien khoa hc v mt m. Khi nim trung tm ca khoa hc mt m l khi nim b mt l mt khi nim ph bin trong i sng, nhng liu c the cho n mt ni dung c the nh ngha c mt cch ton hc khng? Nh lc qua trong Li m u, khi nim b mt thot u c gn vi khi nim ngu nhin, ri v sau trong nhng thp nin gn y, vi khi nim phc tp, cu the hn l khi nim phc tp tnh ton. Vic s dung l thuyt xc sut v ngu nhin lm c s e nghin cu mt m gip C.Shannon a ra khi nim b mt hon ton ca mt h mt m t nm 1948, khi u cho mt l thuyt xc sut v mt m. Trong thc tin lm mt m, ccdy bit ngu nhin c dng e trn vi bn r (di dng mt dy bit xc nh) thnh ra bn mt m. Lm th no e to ra cc dy bit ngu nhin? C the to ra bng phng php vt l n gin nh sau: ta tung ng xu ln, nu ng xu ri xung mt sp th ta ghi bit 0, mt nga th ta ghi bit 1; tung n ln ta s c mt dy n

bit, dy bit thu c nh vy c th c xem l dy bit ngu nhin. Nhng to ra theo cch nh vy th kh c th s dung mt cch ph bin, v khng th tm ra qui lut theo m sinh ra dy bit ngu nhin c. y ta gp mt kh khn c tnh bn cht: nu c qui lut th khng cn l ngu nhin na ri! Nh vy, nu ta mun tm theo qui lut, th khng bao gi c th tm ra cc dy bit ngu nhin, m cng lm cng ch c th c cc dy bit gn ngu nhin, hay gi ngu nhin, m thi. T nhiu chuc nm nay, ngi ta nghin cu xut nhiu thut ton ton hc sinh ra cc dy bit gi ngu nhin, v cng a ra nhiu thuc tnh nh gi mt dy bit gi ngu nhin c ng c xem l "gn" ngu nhin hay khng. Mt vi thuc tnh ch yu m ngi ta xut l: cho mt dy bit X= (xx, .................. ,x,...); dy c xem l gi ngu nhin "tt" nu xc sut xut hin bit 0 hay bit 1 trong ton dy cng nh trong mi dy con bt k ca n u bng 1/2; hoc mt tiu chun khc: nu mi chng trnh sinh ra c on u n bit ca dy u phi c phc tp (hay di) c nk t ! V sau ny, khi l thuyt v phc tp tnh ton c pht trin th tiu chun v ngu nhin cng c qui v tiu chun phc tp tnh ton, cu th mt dy bit X c xem l gi ngu nhin "tt" nu mi thut ton tm c bit th n (xn) khi bit cc bit trc (x1,,...,xn_1) vi xc sut ng > 1/2 u phi c phc tp tnh ton thuc lp NPkh! L thuyt v phc tp tnh ton ra i t gia nhng nm 1960 cho ta mt cch thch hp qui yu cu b mt hoc ngu nhin v mt yu cu c th nh ngha c l yu cu v phc tp th ton. By gi ta c th ni: mt gii php mt m l bo m b mt, nu mi thut ton thm m, nu c, u phi c thc hin vi phc tp tnh ton cc ln! Cc ln l bao nhiu? L vt qu gii hn kh nng tnh ton (bao gm c my tnh) m ngi thm m c th c. V l thuyt, c th xem l nhng phc tp tnh ton vi tc tng vt qu hm m, hoc thuc loi NP-kh. Tuy nhin, l thuyt phc tp tnh ton khng ch cng hin cho ta mt khi nim gip chnh xc ha tiu chun b mt ca cc gii php mt m, m cn m ra mt giai on mi ca ngnh mt m, bin ngnh mt m thnh mt khoa hc c ni dung

l lun phong ph v c nhng ng dung thc tin quan trng trong nhiu lnh vc ca i sng hin i. Bc ngot c tnh cch mng trong lch s khoa hc mt m hin i xy ra vo nm 1976 khi hai tc gi Diffie v Hellman a ra khi nim v mt m kha cng khai v mt phng php trao i cng khai to ra mt kha b mt chung m tnh an ton c bo m bi kh ca mt bi ton ton hc cu th (l bi ton tnh "lgarit ri rc"). Hai nm sau, nm 1978, Rivest, Shamir v Adleman tm ra mt h mt m kha cng khai v mt s ch k in t hon ton c th ng dung trong thc tin, tnh bo mt v an ton ca chng c bo m bng phc tp ca mt bi ton s hc ni ting l bi ton phn tch s nguyn thnh cc tha s nguyn t. Sau pht minh ra h mt m (m nay ta thng gi l h RSA), vic nghin cu pht minh ra cc h mt m kha cng khai khc, v ng dung cc h mt m kha cng khai vo cc bi ton khc nhau ca an ton thng tin c tin hnh rng ri, l thuyt mt m v an ton thng tin tr thnh mt lnh vc khoa hc c pht trin nhanh trong vi ba thp nin cui ca th k 20, li cun theo s pht trin ca mt s b mn ca ton hc v tin hc. Trong cc chng v sau ca tp gio trnh ny ta s ln lt lm quen vi mt s thnh qu ch yu ca l thuyt . 1.2. Cc h thng mt m. 1.2.1. S h thTng mt m. Mt m c s dung bo v tnh b mt ca thng tin khi thng tin c truyn trn cc knh truyn thng cng cng nh cc knh bu chnh, in thoi, mng truyn thng my tnh, mng Internet, v.v... Gi th mt ngi gi A mun gi n mt ngi nhn B mt vn bn (chang hn, mt bc th) p, bo mt A lp cho p mt bn mt m c, v thay cho vic gi p, A gi cho B bn mt m c, B nhn c c v "gi m" c li c vn bn p nh A nh gi. A bin p thnh c v B bin ngc li c thnh p , A v B phi tha thun trc vi nhau cc thut ton lp m v gii m, v c bit mt kha mt m chung K thc hin cc thut ton . Ngi ngoi, khng bit cc thng tin (c bit, khng bit kha

K), cho d c ly trm c ctrn knh truyn thng cng cng, cng khng the tm c vn bn p m hai ngi A, B mun gi cho nhau. Sau y ta s cho mt nh ngha hnh thc v s mt m v cch thc thc hin e lp mt m v gii mt m. nh ngha 1.2.1. Mt s h thng mt m l mt b nm S= (P, C K E, D) tha mn cc iu kin sau y: P l mt tp hu hn cc k t bn r, C l mt tp hu hn cc k t bn m, K l mt tp hu hn cc kha, E l mt nh x t KxP vo C ,, c gi l php lp mt m; v D l mt nh x t KxC vo P, c gi l php gii m. Vi mi KG K, ta i ngha eK : P , dK : l hai hm cho bi: JxsP : eK(x) = (Kx) ; Jys C : dK) = DK). eK v dK c gi ln lt l hm lp m v hm gii m ng vi kha mt m K Cc hm phi tha mn h thc. Jxe P : dKeKx) = x. V sau, thun tin ta s gi mt danh sch (1) tho mn cc tnh cht k trn l mt s h thng mt m, cn khi chn c nh mt kho K th danh sch (P , C, eK , dK) l mt h mt m thuc s . Trong inh ngha ny, php lp mt m (gii m) c nh ngha cho tng k t bn r (bn m). Trong thc t, bn r ca mt thng bo thng l mt dy k t bn r, tc l phn t ca tp P *, v bn mt m cng l mt dy cc k t bn m, tc l phn t ca tp C*, vic m rng cc hm eK v dK ln cc min tng ng P * v C c cc thut ton lp mt m v gii m dng trong thc t s c trnh by trong tit sau. Cc tp k t bn r v bn m thng dng l cc tp k t ca ngn ng thng thng nh ting Vit, ting Anh (ta k hiu tp k t ting Anh l A tc A = {a / b / c,.. / x / y / z} gm 26 k t; tp k t nh phn Bch gm hai k t (1)

0 v 1; tp cc s nguyn khng m b hn mt s n no (ta k hiu tp ny l Zn tc Zn = {0,1,2,...., n-1}). Ch rng c th xem B = Z2 thun tin, ta cng thng ng nht tp k t ting Anh A vi tp gm 26 s nguyn khng m u tin Z26 = {0,1,2,...., 24,25} vi s tng ng sau y: abcdeghijklmnopqrstuvwxyz
0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25. i khi ta

cng dng vi t cch tp k t bn r hay bn m l cc tp tch ca cc tp ni trn, c bit l cc tp Am , B m , Zm . M theo khTi v m theo dng.

1.2.2.

Nh ni trn, bn r ca thng bo m ta mun gi i thng l mt dy k t, trong khi theo nh ngha ca s mt m, hm lp mt m v hm gii m c nh ngha cho tng k t. T cc nh ngha ca hm lp mt m v hm gii m, ta m rng thnh thut ton lp m (v gii m) xc nh cho mi bn r (bn m) nh sau: Theo cch m theo khi (block cipher), trc ht ta xc nh mt di khi (chang hn l k), tip m rng khng gian kha t K thnh K , v vi mi K =Kl...Kk 8 K, ta m rng eK v dK thnh cc thut ton eK : Pk^ C k v dK : C k ^P k nh sau: vi mi xl...xk EPk v y...yk ECk ta c
e

K (x i---- x k

)_e

K 1 (X1 ')---- e K k ( x k ) d K (yi y k ) _ (yi ')---- <d K i ) .

Gi th bn r m ta mun lp mt m cho n l dy k t X E P* .Ta ct X thnh tng khi, mi khi c di k, khi cui cng c th c di <k ta lun c th gi thit l c th b sung vo phn cui ca khi mt s" k t qui c no n cng c di k Do ta c th gi thit X = X1....Xm , trong mi X,...,X m l mt khi c di k V ta nh ngha bn mt m ca Xl: eKX) = eKx....Xm ) = eK(X 1 )....eK(Xm). t Y = e (X 1 )....e (X m ), ta c th vit Y = Y.... Y m vi Y =e(X), v do c

dKY) = dY)....^) = X1....Xm = X Cch m theo khi n gin v thng dung nht l khi ta chn di khi k =1. Khi vi mi bn r X = x 1 ...x m E P* ta c
e X

k ) = e K x i.... x m ) = KO^Kx).

Vi cch m theo dng (stream cipher), trc ht ta phi xc nh mt dng kha, tc l mt phn t K = K1...Km E K*, vi dng kha ta xc nh vi mi bn r X = x1...xm E P * bn m tng ng l
e X

K = eK (X V X ) = e K ( X l)- e K m ( X )
(X

Gii m Y= eKX) ta c
d

K Y = d Ki (e K 1

1 )) d K m (e K (x m

))

= X1 xm = x .

s dung cch lp mt m theo dng, ngoi s mt m gc ta cn phi c mt dng kha, tc l mt dy c di ty cc k t kha. thng l cc dy cc k t kha c sinh ra bi mt b "to dy ngu nhin" no xut pht t mt "mm" chn trc. Trong cc ng dung thc t, ngi ta thng dng cch m theo dng c s mt m gc l s Vernam vi P = C = K= {0,1} v cc hm lp m v gii m c xc nh bi
e

K x ) = x + K mod 2, dKy) = y+Kmod 2 (K = 0 hoc 1); dng kha

l dy bit ngu nhin c sinh ra bi mt b to dy bit ngu nhin no .

1.3. Mat m kha i xng v mat m c kha cng khai. Theo nh ngha 1.2.1 v s mt m, c mi ln truyn tin bo mt, c ngi gi A v ngi nhn B phi cng tha thun trc vi nhau mt kha chung K, sau ngi gi dng e K lp mt m cho thng bo gi i, v ngi nhn dng d K gii m bn mt m nhn c. Ngi gi v ngi nhn cng c mt kha

chung K c gi nh b mt ring ca hai ngi, dng c cho lp mt m v gii m, ta gi nhng h mt m vi cch s dung l mt m kha i xng, i khi cng gi l mt m truyn thng, v l cch c s dung t hng ngn nm nay. Tuy nhin, v nguyn tc hai hm lp m v gii m l khc nhau, khng nht thit phi phu thuc cng mt kha. Nu ta xc nh mi kha Kgm c hai phn K= (K', K"), K'danh cho vic lp mt m (v ta c hm lp m e K , ), K" dnh cho vic gii m (v c hm gii m d K "), cc hm lp m v gii m tha mn h thc d K " (e(x) = x vi mi x e P , th ta c mt h mt m kha phi i xng. Nh vy, trong mt h mt m kha phi i xng, cc kha lp m v gii m (K'v K'' ) l khc nhau, nhng tt nhin c quan h vi nhau. Trong hai kha , kha cn phi gi b mt l kha gii m K", cn kha lp m K' c th c cng b cng khai; tuy nhin iu ch c ngha thc tin khi vic bit K' tm K" l cc k kh khn n mc hu nh khng th thc hin c. Mt h mt m kha phi i xng c tnh cht ni trn, trong kha lp mt m K' ca mi ngi tham gia u c cng b cng khai, c gi l h mt m kha cng khai. Khi nim mt m kha cng khai mi c ra i vo gia nhng nm 1970, v ngay sau tr thnh mt khi nim trung tm ca khoa hc mt m hin i. Ta s dnh phn ln ni dung gio trnh ny cho cc h mt m v nhng ng dung ca chng vo cc vn an ton thng tin. 1.4. Cc bi ton v an ton thng tin. Chng ta ang sng trong mt thi i bng n thng tin. Nhu cu trao i thng tin v cc phng tin truyn a thng tin pht trin mt cch nhanh chng. V cng vi s pht trin , i hi bo v tnh b mt v an ton ca thng tin cng cng ngy cng to ln v c tnh ph bin. C nhiu bi ton khc nhau v yu cu an ton thng tin ty theo nhng tnh hung khc nhau, nhng tu

trung c mt s bi ton chung nht m ta thng gp trong thc tin l nhng bi ton sau y: - bo mt : gi thng tin c b mt i vi tt c mi ngi, tr mt t ngi c thm quyn c c, bit thng tin ; - ton vn thng tin : bo m thng tin khng b thay i hay xuyn tc bi nhng k khng c thm quyn hoc bng nhng phng tin khng c php; - nhn thc mt thc th: xc nhn danh tnh ca mt thc th, chang hn mt ngi, mt my tnh cui trong mng, mt th tn dung,... ; - nhn thc mt thng bo : xc nhn ngun gc ca mt thng bo c gi n ; - ch k: mt cch gn kt mt thng tin vi mt thc th, thng dng trong bi ton nhn thc mt thng bo cng nh trong nhiu bi ton nhn thc khc ; - y quyn : chuyn cho mt thc th khc quyn c i din hoc c lm mt vic g ; - cp chng ch: cp mt s xc nhn thng tin bi mt thc th c tn nhim ; - bo nhn : xc nhn mt thng bo c nhn hay mt dch vu c thc hin ; - lm chng : kim th vic tn ti mt thng tin mt thc th khc vi ngi ch s hu thng tin ; - khng chi b c : ngn nga vic chi b trch nhim i vi mt cam kt c (th du k vo mt vn bn) ; - n danh : che giu danh tnh ca mt thc th tham gia trong mt tin trnh no (thng dng trong giao dch tin in t) ; - thu hi : rt li mt giy chng ch hay y quyn cp; - vn vn ........... C s ca cc gii php cho cc bi ton k trn l cc phng php mt m, c bit l mt m kha cng khai, ta s xem xt k mt vi bi ton trong cc chng tip theo.

1.5. Thm m v tnh an ton ca cc h mt m. 1.5.1. Vn thm m. Mt m c s dung trc ht l bo m tnh b mt cho cc thng tin c trao i, v do bi ton quan trng nht ca thm m cng l bi ton ph b tnh b mt , tc l t bn mt m c th thu c d dng (trn cc knh truyn tin cng cng) ngi thm m phi pht hin c ni dung thng tin b che giu trong bn mt m , m tt nht l tm ra c bn r gc ca bn mt m . Tnh hung thng gp l bn thn s h thng mt m, k c cc php lp m v gii m (tc cc thut ton v D ), khng nht thit l b mt, do bi ton qui v vic tm cha kha mt m K hay cha kha gii m K", nu h mt m c kha phi i xng. Nh vy, ta c th qui c xem bi ton thm m c bn l bi ton tm kha mt m K (hay kha gii m K". gii bi ton , gi thit ngi thm m bit thng tin v s h mt m c dng, k c cc php lp m v gii m tng qut E v D . Ngoi ra, ngi thm m c th bit thm mt s' thng tin khc, ty theo nhng thng tin c bit thm ny m ta c th phn loi bi ton thm m thnh cc bi ton cu th nh sau: - bi ton thm m ch bit bn m : l bi ton ph bin nht, khi ngi thm m ch bit mt bn mt m Y - bi ton thm m khi bi't c bn r : ngi thm m bit mt bn mt m Y cng vi bn r tng ng X; - bi ton thm m khi c bn r c chn : ngi thm m c th chn mt bn r X, v bit bn mt m tng ng Y. iu ny c th xy ra khi ngi thm m chim c (tm thi) my lp m; - bi ton thm m khi c bn m c chn : ngi thm m c th chn mt bn mt m Y, v bit bn r tng ng X. iu ny c th xy ra khi ngi thm m chim c tm thi my gii m. 1.5.2. Tnh an ton ca mt h mt m.

Tnh an ton ca mt h thng mt m phu thuc vo kh khn ca bi ton thm m khi s dung h mt m . Ngi ta xut mt s cch hiu cho khi nim an ton ca h thng mt m, trn c s cc cch hiu nghin cu tnh an ton ca nhiu h mt m khc nhau, sau y ta gii thiu vi cch hiu thng dung nht: - An ton v iu kin : gi thit ngi thm m c c thng tin v bn m. Theo quan nim l thuyt thng tin, nu nhng hiu bit v bn m khng thu hp c bt nh v bn r i vi ngi thm m, th h mt m l an ton v iu kin, hay theo thut ng ca C. Shannon, h l b mt hon ton. Nh vy, h l an ton v iu kin, nu bt nh v bn r sau khi ngi thm m c c cc thng tin (v bn m) bng bt nh v bn r trc . Tnh an ton v iu kin c nghin cu cho mt s h mt m kha i xng m ta s trnh by trong chng 3. - An ton c chng mih : mt h thng mt m c xem l c an ton c chng minh nu ta c th chng minh c l bi ton thm m i vi h thng kh tng ng vi mt bi ton kh bit, th du bi ton phn tch mt s nguyn thnh tch cc tha s nguyn t, bi ton tm lgarit ri rc theo mt muyn nguyn t, v.v... (kh tng ng c ngha l nu bi ton ny gii c th bi ton kia cng gii c vi cng mt phc tp nh nhau). - An ton tih ton : h mt m c xem l an ton (v mt) tnh ton, nu mi phng php thm m bit u i hi mt ngun nng lc tnh ton vt mi kh nng (k c phng tin thit b) tnh ton ca mt k th gi nh. An ton theo ngha ny, ni theo ngn ng ca l thuyt v phc tp tnh ton, l bao hm c khi nim an ton theo nghia "c chng minh" ni trn. Tnh an ton theo ngha c chng minh hay tnh ton c s dung nhiu trong vic nghin cu cc h thng mt m hin i, c bit l cc h thng mt m kha cng khai, ta s trnh by ring cho tng h mt m c trnh by trong cc chng v sau. muc
19

1,4 ta gii thiu mt s bi ton v an ton thng tin ni chung. Cc bi ton u c ht nhn l tnh an ton ca mt h mt m no , cho nn vic nghin cu tnh an ton ca cc h mt m cng gp phn gii quyt cc vn an ton thng tin k trn.

CHNG II

C s ton hoc ca l thuyt mt m

2.1. ST hoc cc sT nguyn. Thuat ton Euclide. Ta k hiu Z l tap hp cc s' nguyn, Z= { ...................... ,-2,-1,0,1,2,....}, v Z+ l tp hp cc s nguyn khng m, Z+= {0,1,2, ..................... }. Trong muc ny ta s nhc li mt s kin thc v s hc ca cc s nguyn cn cho vic trnh by l thuyt mt m. V tp gio trnh khng qu di dng, cc kin thc s c nhc n ch yu l cc khi nim, cc mnh s c s dung, v.v..., cn cc phn chng minh s c lc b, bn c no mun tm hiu k hn c th tham kho cc sch chuyn v S hc.

2.1.1.

Tnh chia ht ca cc s" nguyn.

Tp hp Z l ng kn i vi cc php cng, tr v nhn, nhng khng ng kn i vi php chia: chia mt s nguyn cho mt s nguyn khng phi bao gi cng c kt qu l mt s nguyn! V vy, trng hp chia ht, tc khi chia s nguyn a cho s nguyn b c thng l mt s nguyn q , a= b.q, c mt ngha c bit. Khi , ta ni a chia ht cho b, b chia ht a, a l bi s ca b, b l c s ca a, v k hiu l b\ a. D thy ngay rng s 1 l c

s ca mi s nguyn bt k, s 0 l bi s ca mi s nguyn bt k, mi s nguyn a l c s, ng thi l bi s, ca chnh n. Cho hai s nguyn bt k a v b, b > 1. Thc hin php chia a cho b ta s c hai s qv rsao cho a= b.q + r, 0 < r< b. S q c gi l s'thng ca php chia a cho b, k hiu a divb v s r c gi l s'd ca php chia a cho b, k hiu a modb Th du: 25 div 7 = 3 v 25 mod 7 = 4, 25 div 7 = -4 v -25 mod 7 = 3. Mt s nguyn d c gi l c s'chung ca hai s nguyn a v b nu d \a v d \ b. S nguyn d c gi l c s'chung ln nht ca a v b nu d > 0, d l c s chung ca a v b, v mi c s chung ca a v b u l c s ca d. Ta k hiu c s chung ln nht ca a v bl gcd(ab). Th du gcd(12,18) = 6, gcd(-18, 27) = 3. D thy rng vi mi s nguyn dng a ta c gcd(a,0) = a, ta cng s qui c xem rng gcd(0, 0) = 0. Mt s nguyn a> 1 c gi l s nguyn t, nu a khng c c s no ngoi 1 v chnh a ; v c gi l hp s, nu khng phi l nguyn t. Th du cc s 2 ,3 , 5, 7 l s nguyn t; cc s 4, 6, 8, 10, 12, 14, 15 l hp s. Hai s a v b c gi l nguyn ' vi nhau, nu chng khng c c s chung no khc 1, tc l nu gcd(ab) = 1. Mt s nguyn n> 1 bt k u c th vit di dng: a _ i _ ak n = Pi1- P2 Pk trong px , p2 ,..., pk l cc s nguyn t khc nhau, a , a2 ,..., ak l cc s m nguyn dng. Nu khng k th t cc tha s nguyn t, th dng biu din l duy nht, ta gi l dng khai trin chh tc ca n. Th du dng khai trin chnh tc ca 1800 l 233252. Cc s nguyn t v cc vn v s nguyn t c mt vai tr quan trng trong s hc v trong ng dung vo l thuyt mt m, ta s xt ring trong mt muc sau. nh l 2.1.1. Nu b > 0 v b \ a th gcd(a ,b) = b.

Nu a = bq + r th gcd(a,b) = gcd(b,r). Mt s nguyn m c gi l bi s chung ca a v b nu a \m v b\m. S m c gi l bi s chung b nht ca a v b , v c k hiu l lcm(a ,b), nu m > 0, m l bi s chung ca a v b, v mi bi s chung ca a v b u l bi ca m . Th du lcm(14,21) = 42. Vi hai s nguyn dng a v bbt k ta c quan h lcm(a,b).gcd(a,b) = a.b. T nh l 2.1.1 ta suy ra thut ton sau y thc hin vic tm c s chung ln nht ca hai s nguyn bt k: Thuat ton Euclide tm c s'chung ln nht : INPUT: hai s nguyn khng m a v b, vi a >b. OUTPUT: c s chung ln nht ca a v b. 1. Trong khi cn b > 0, thc hin: 1.1. t r ^a modb , a , b < r. 2. Cho ra kt qu (a). Th du: Dng thut ton Euclide tm gcd( 4864, 3458), ta ln lt c cc gi tr gn cho cc bin a, b v r nh sau:

a 4864 4864 = 1. 3458 + 1406 3458 = 2. 1406 + 646 1406 = 2. 646 + 114 646 = 5. 114 + 76 114 = 1. 76 + 38 76 = 2. 38 + 0 3458 1406 646 114 76 38

b 3458 1406 646 114 76 38 0

1406 646 114 76 38 0

V thut ton cho ta kt qu: gcd(4864, 3458) = 38. Ta bit rng nu gcd(ab) = d, th phng trnh bt nh a.x + b.y = d c nghim nguyn (xy), v mt nghim nguyn (xy) nh vy c th tm c bi thut ton Euclide m rng nh sau: Thut ton Euclde m rng: INPUT: hai s nguyn khng m a v b vi a>b. OUTPUT: d = gcd(ab) v hai s" x,y sao cho a.x + b.y = d. 1. Nu b = 0 th t d a, x 1, y 0, v cho ra (d,x,y). 2. t x2 = 1, x1 = 0 , y2 = 0 , y1 = 1. 3. Trong khi cn b > 0, thc hin: 3.1. qa divb, r amodb, x x2 qxx , y y2 qy. 3.2. a b, b r, x2 x1 , x1 x, y2 y1 v y-y.

4. t d a, x -x2 , y y2 , v cho ra kt qu (dxy). Th du: Dng thut ton Euclide m rng cho cc s a = 4864 v b = 3458, ta ln lt c cc gi tr sau y cho cc bin a, b, q, r, x y, x1 , x2 , y1 , y2 (sau mi chu trnh thc hin hai lnh 3.1 v 3.2) :

a 4864 3458 1406 646 114

b 3458 1406 646 114 76

x 0

y 1 -1 3 -7 38

y2 0 1 -1 3 -7

1 0 1 -2 5

1 2 2 5

1406 646 114 76

1 -2 5 -27

-1 3 -7 38

1 -2 5 -27

76 38

38 0

1 2

38 0

32 -91

-45 128

32 -91

-27 32

-45 128

38 -45

Ta d th li rng sau mi ln thc hin chu trnh gm hai lnh 3.1 v 3.2, cc gi tr xyr thu c lun tho mn 4864.x + 3458.y = r, v do khi kt thc cc vng lp (ng vi gi tr b = 0), thc hin tip lnh 4 ta c kt qu d = 38, x = 32 v y= -45, cp s (32,-45) tho mn: 4864.32 + 3458. (-45) = 38.

2.1.2.

ng d v phng trnh ng d tuyn tnh. Cho n l mt s nguyn dng. Ta ni hai s nguyn a v b l ng d vi

nhau theo muyn n, v vit a = b (modn ), nu n \ ab (tc cng l nu a b chia ht cho n , hay khi chia a v b cho n ta c cng mt s d nh nhau). Th du: 23 = 8 (mod 5 ), v 23 8 = 5.3, -19 = 9 (mod 7) v -19 9 = -4 . 7. Quan h ng d (theo mt muyn n ) trn tp hp cc s nguyn c cc tnh cht phn x, i xng v bc cu,tc l mt quan h tng ng, do n to ra mt phn hoch trn tp hp tt c cc s nguyn Z thnh ra cc lp tng ng: hai s nguyn thuc cng mt lp tng ng khi v ch khi chng cho cng mt s d nu chia cho n. Mi lp tng ng nh vy c i din bi mt s duy nht trong tp hp Zn = {0, 1, 2, 3,...., n -1}, l s d chung khi chia cc s trong lp cho n. V vy, ta c th ng nht Zn vi tp hp tt c cc lp tng ng cc s nguyn theo modn; trn tp ta c th xc nh cc php tnh cng, tr v nhn theo modn. Th du: Z25 = {0, 1, 2, ..., 24}. Trong Z25 , 15 + 14 = 4, v 15 + 14 = 29 = 4 (mod 25). Tng t, 15.14 = 10 trong Z 25 .

x = b (modn ),

(1)

trong Cho n l ccMtnguyn, n > x e Zn c gi l nghch o ca a theo mod n , a, b, a EZn . s s nguyn 0, x l n s. Phng trnh c nghim khi v nu khi = = gcd(a,n ) Nuv khi n vyngta ni a l theo nghch,Thc vy, t a ch a.x d 1 (modn). \ b, c s xnh c th d nghim kh modn. v k hiu x l a'1a/d, bu = du 22-1 mod25 = 8,ta thy.8 = 176 = 1 (mod25). T nh ngha ta c vi = modn. Th b/d , nU = n/d, v 22 phng trnh ng d (1) tng ng th suy ra rng a l phng trnh kh nghch theo modn khi v ch khi gcd(a,n ) = 1, tc l khi a v n nguyn t vi nhau. aU.x = bu (modnU ), Ta nh ngha php chia trong Zn nh sau: a: b (mod n) = a.b 1 gcd(aU,nU ) = 1, nn phng trnh ny c mt nghim theo modnu : Vmodn. Php chia ch thc hin c khi b l kh nghch theo modn Th du 15 : 22 (mod25) = 15.22-1mod 25 = 20. x = x0 = bu.au
_1

(modnU ),

By gi ta xt cc phng trnh ng d tuyn tnh. Phng phng trnh (1) c d nghim theo v do trnh ng d tuyn tnh c dng modn l : x = x0 , x0 + nu, .... , x0 + (d 1)nU (modn). Tt c d nghim khc nhau theo modn, nhng cng ng d vi nhau theo modnU.

By gi ta xt h thng cc phng trnh ng d tuyn tnh. Mt h nh vy c th a v dng X\ a\ (mod n\) x 2 a2 (mod n2) Xk - ak(mod nk) Ta k hiu: n = n1.n2....nk , N = n/ni . Ta c nh l sau y: nh l 2.2.1 (nh l s' d Trung quc). Gi s cc s' nguyn nv n2,....,nk l tng cp nguyn t' vi nhau. Khi , h phng trnh ng d tuyn tnh (2) c mt nghim duy nht theo modn. Nghim duy nht ni trong nh l 2.2.1 c cho bi biu thc: k x = ^ a .N M mod n, Z J=\ trong M = N"1modni (c M v N v n nguyn t vi nhau). Th du: Cp phng trnh x 3 (mod7) v x 7 (mod13) c mt nghim duy nht x 59 (mod91). Nu (n , n2) = 1, th cp phng trnh x a (modn) v x a (modn2) c nghim duy nht x a (modn) theo modn vi n = nn . 2.1.3. Thng d thu gon v phn t nguyn thu.

Tp Zn = { 0,1,2,..., n 1} thng c gi l tp cc thng d y theo modn v mi s nguyn bt k u c th tm c trong Zn mt s ng d vi mnh (theo modn ). Tp Zn l ng i vi cc php tnh cng, tr v nhn theo modn, nhng khng ng i vi php chia, v php chia cho a theo modn ch c th thc hin c khi a v n nguyn t vi nhau, tc khi gcd( a ,n) =1.

By gi ta xt tp Zn* = { a E Zn : gcd( a ,n) = 1} , tc Zn * l tp con ca Zn bao gm tt c cc phn t nguyn t vi n. Ta gi tp l tp cc thng d thu gn theo modn. Mi s nguyn nguyn t vi n u c th tm thy trong Zn * mt i din ng d vi mnh theo modn . Ch rng nu p l mt s nguyn t th Zp * = {1,2,...,p- 1}. Tp Zn * lp thnh mt nhm con i vi php nhn ca Zn, v trong Zn * php chia theo modn bao gi cng thc hin c, ta s gi Zn * l nhm nhn ca Zn . Theo i s hc, ta gi s cc phn t trong mt nhm l cp ca nhm . Ta k hiu (r) l s" cc s nguyn dng b hn n v nguyn t vi n. Nh vy, nhm Zn * c cp (r) , v nu p l s nguyn t th nhm Zp * c cp p -1. Ta ni mt phn t g EZn * c cp m, nu m l s nguyn dng b nht sao cho g =1 trong Zn * . Theo mt nh l trong i s, ta c m \ (r) . V vy, vi mi b EZn * ta lun c b(n) = 1 modn . Nu p l s nguyn t, th do (p) = p 1, ta c vi mi b EZ p * : b p =1 (mod p) (3)

Nu b c cp p - 1, tc p - 1 l s m b nht tho mn cng thc (3), th cc phn t b, b2,...., bP-1 u khc nhau v theo modp, chng lp thnh Zp * . Theo thut ng i s, khi ta ni Zp * l mt nhm cyclic v b l mt phn t sinh, hay phn t nguyn thu ca nhm . Trong l thuyt s, ngi ta chng minh c cc tnh cht sau y ca cc phn t nguyn thu:

1. Vi mi s nguyn t p, Zp * l nhm cyclic, v c (p-1) phn t nguyn thu. 2. Nu p 1 = pl^P2\-pas l khai trin chnh tc ca p -1, v nu

p1 p 1 a Pl = 1(mod p), 1(mod p),

, ap =

th a l phn t nguyn thu theo modp (tc ca Zp * ). 3. Nu g l phn t nguyn thu theo modp, th 3 = g modp vi mi i m gcd(i p -1) = 1, cng l phn t nguyn thu theo modp. Ba tnh cht l c s gip ta tm cc phn t nguyn thu theo modp, vi p l s nguyn t bt k. Ngoi ra, ta cng ch mt s tnh cht sau y, c th c s dung nhiu trong cc chng sau: a) Nu p l s nguyn t v gcd(a,p) =1, th a p-1= 1 (modp) (inh l Fermat ). b) Nu aeZ*, th a (n) = 1(mod n). Nu r = s (mod (n)) th a r = a s (mod n) (nh

lEule). 2.1.4. Phng trnh ng d bac hai v thng d bac hai.

Ta xt phng trnh ng d bc hai c dng n gin sau y: x2 = a (mod n), trong n l mt s nguyn dng, a l s nguyn vi gcd(a,n) =1, v x l n s. Phng trnh khng phi bao gi cng c nghim, khi n c nghim th ta ni a l mt thng d bc haimodn ; nu khng th ni a l mt bt thng d bc hai modn. Tp cc s nguyn nguyn t vi n c phn hoch thnh hai tp con: tp Qn cc thng d bc hai modn, v tp Q cc bt thng d modn. Khi n = p l s nguyn t, ta c tiu chun Euler sau y: S a l thng d bc hai modp nu v ch nu chun c chng minh nh sau: Gi s c xsao cho x2 = a (mod p), khi ta cng s c a(p1)/2 = (x2)(p1)/2 = xp1 = 1(mod p) . a(p 1)/2 = 1(mod p). Tiu

Ngc li, gi s a(p 1) 2 =l(mod p). Khi a Z*. Ly b l mt phn t nguyn thu modp , t c mt s i no sao cho a = V mod p .T ,

a (p-1)/2 ^ bi(P-1)/2 = 1(mod p). = Phn t b c cp p - 1, do (p - 1) chia ht i(p - l)/2, i phi l s" chn, i = 2/ , v a c cn bc hai l b ymodp. Cho p l mt s nguyn t l. Vi mi a> 0 ta nh ngha a k hiu Legendre nh sau:

0 , khi a = 0(mod p); 1 , khi a Qp ; -1, khi a Qp .

T nh ngha ta suy ra ngay a l thng d bc hai modp khi v chi khi a p = 1. V theo tiu chun Euler ni trn, vi mi a > 0, ta c:

= a(P-1)/2 (mod p). By gi ta m rng k hiu Legendre c k hiu Jacobi i vi mi s nguyn l n >1 v mi s nguyn a> 0, cng c k hiu bi v c nh ngha nh sau: Gi s a c khai trin chnh tc

thnh tha s nguyn t l n = p"1.p2*2....pkak th a a 1 a IP1 J { P2 J

a

a I Pk J

Khi n = p l s nguyn t th gi tr ca cc k hiu Legendre v Jacobi l nh nhau. Vic tnh k hiu Legendre c the phc tp khi p rt ln, trong khi vic tnh k hiu Jacobi c the thun li hn do c the s dung cc tnh cht 1-4 sau y: mx _ ' m2 '
, ,
n

1. Nu m = m2 (mod n), th

2. mvm2 .
3

1, khi n = 1 (mod 8), 1 1, khi n = 3 (mod 8).

_

, ,

mx

'

'

ln

ln ln)
n

4. Nu m v n u l s" l, th , khi m = 3(mod 4) & n = 3(mod 4),

m s
y n

/\ m ,n ,

, khi m = 1(mod4) V n = 1(mod4).

m

K , Th du: Dng cc tnh cht , ta tnh c: 7411 '9283' 928 3 117 7 4 117 7 1 1 7411 9283 / V c rng 7411 l bt thng d bc hai mod 9283 , hay phng trnh X 2 = 7411(mod 9283) 5
1

1872'
1

2'
1

4 117 '
1

17411 J 7411 117 117' 5

7411 J 40 117 = 2' [5 J 1.

7411J

7411J

117

117

9283 l mt s nguyn t. Do , gi tr -1 ca k hiu Jacobi cng l gi tr ca cng k hiu Legendre , v ta kt lun

l v nghim. By gi ta xt vic gii phng trnh ng d bc hai x 2 = a (mod n) (4)

trong mt trng hp c bit khi n = p l s nguyn t c dng p = 4m +3, tc p ng d vi 3 theo mod4, v a l mt s nguyn nguyn t vi p. Theo tiu chun Euler ta bit phng trnh (4) c nghim khi v ch khi a ( p1)2 =1(mod p). Khi ta c:
p1 2

+1

a = a (mod p), a2i>+1) = a (mod p), do x = am+1 (modp) l hai nghim ca phng trnh (4). 2.2. Xc sut v thut ton xc sut. 2.2.1. Khi nim xc sut.

Ta xt mt tp hp , c gi l khng gian cc s kin s cp (hay khng gian mu). Cc phn t ca , tc cc s kin s cp hay cc mu, c th c xem nh cc kt qu c th c (v loi tr ln nhau) ca mt thc nghim no . V sau ta ch xt cc khng gian ri rc, tc tp l hu hn, gi s = {,s2 ,...,s }. Mt phn b xc sut P trn c nh ngha l mt tp cc s thc khng m P = { p1, p2,...,pd c tng xp = 1. S p c coi l xc sut ca s kin s cp si . Mt tp con EC c gi l mt s kin . Xc sut ca s kin E c nh ngha bi p (E) = ^ p(s). seE Gi s E l mt s kin trong khng gian xc sut . Ta nh ngha s kin b ca E k hiu E, l s kin gm tt c cc s kin s cp

trong m khng thuc E . Dng cc thut ng ca l thuyt tp hp, ta c th nh ngha ccs kin hp E1 UE2 v s kin giao E1 nE2 ca hai s kin E1 v E2 bt k. V ta c:

1) Gi s E l mt s kin. Khi 0 < p (E) < 1 v p(E) = 1 - p (E). Ngoi ra, p () = 1 v p (0) = 0. 2) Gi s E1 v E2 l hai s kin. Nu E1 CE2 th p (E1) < p (E2) . V c p (E1UE2) + p (E1 nE2) =p (E1) + p (E2) . Do p (E1UE2) =p (E1) + p (E2) khi v ch khi E 1 nE2 = 0, tc l khi E1 v E2 l hai s kin loi tr ln nhau. Cho E1 v E2 l hai s kin, vi p (E2) > 0. Ta nh ngha xc sut c iu kin ca E1 khi c E2 , k hiu p (E1 |E2) l p( E1IE2)= T nh ngha ta suy ra cng thc Bayes:

p( E2)

Ta ni hai s kin E1 v E2 l c lp vi nhau, nu p (E1 nE2) = p(E1).p(E2). Khi ta c: p (E1 \E2 )=p (E1 ) v p(E2 |E1 )=p( E2 ).

Gi s l mt khng gian mu vi mt phn b xc sut P. Ta gi mt i lng ngu nhin trn l mt nh x gn cho mi s e mt s thc (s ). Hin nhin, nu v n l cc i lng ngu nhin trn , th +n , -V c nh ngha bi :

Vs : (

+n

) (s )

= (s) + n

(s ) , (

n ) (s) = (s)-n (s).

cng l cc i lng ngu nhin trn . Gi s l mt i lng ngu nhin trn khng gian mu . iu c ngha l vi mi s , ly gi tr bng (s) vi xc sut ps). Ta nh ngha gi tr k vng (hay trung bnh, hay k vng ton hc) ca l

E ( )=E (s )p(s).
s Phng sai ca i lng ngu nhin c gi tr trung bnh c nh ngha l Var ( ) = E(( )2 ). Cn bc hai khng m ca Var ( )c gi l lch chun ca .

2.2.2.

Tnh b mt hon ton ca mt h mt m.

Nm 1949, C. Shannon cng b cng trnh L thuyt truyn thng ca cc h b mt, a ra nhiu quan nim lm c s cho vic nh gi tnh b mt ca cc h mt m, trong c khi nim tnh b mt hon ton ca mt h mt m c nh ngha nh sau: Cho h mt m S = (P, C , K , E, D) . Gi th trn cc tp P , C v K c xc inh tng ng cc phn b xc sut pP(.), pC(.) v pK(.). Nh vy, vi mi x , y C v KEK, pP(X, pC(y v pK(K) tng ng l cc xc sut k t bn r l x, k t bn m l y v kho l K Xc sut c iu kin, chang hn, xc sut ca vic bn r l x khi bn m l y, c k hiu l p(xy. Mt h mt m c gi l b mt hon ton, nu vi mi x P , y C c p(xy = px). iu c ngha l vic bit xc sut bn r l x l nh nhau d bit hay khng bit bn m l y ; ni cch khc, c thng tin v bn m

khng cho ta bit g thm v bn r; bn r v bn m, vi t cch cc bin ngu nhin, l c lp vi nhau. Ta c inh l sau y: inh l 2.2.1. Gi s = (P , C, K , E, D) l mt h mt m vi iu kin \P \ = \C \ = \K\ , tc cc tp P , C , Kc s'cc phn t bng nhau. Khi , h l b mt hon ton nu v ch nu mi kho K EK c dng vi xc sut bng nhau l 1/1 JC\ , v vi mi x eP, E C c mt kho duy nht K EK sao cho eK (x) = y. Chng minh. a) Gi th h l b mt hon ton. Khi , vi mi x eP v y e C c pP(xy) = pp(^). Ngoi ra ta c th gi thit p C (y) > 0 vi mi yE C . T theo cng thc Bayes ta c pcyx ) = pC(y > 0 . iu c ngha l c t nht mt kho Ksao cho e K ( x ) = y . V vy, nu c inh mt x e P th ta c

\ C I = \{ e(x): K E K }\ < \ K \ . Theo gi thit ca inh l, \ C \ = \ K \ , do \{ eKx): KeX}\ = \K\ . Nhng iu ny li c ngha l khng th c hai kho K ^ K2 sao cho e K (x) = e K (x). Vy ta chng minh c vi mi x E Pv yE C c ng mt kho K sao cho e K (x) = y. K hiu n = \K\ v t K= {K,..., K n }. C inh mt yE C v gi th e K (X ) = y vi P = x, ............. , x n }, 1< i < n. Dng cng thc Bayes ta li c
(X |y) P

= P C (y|x). P P (X) = P K (K ).P P (X) P C (y ) P C (y)

34

Do gi thit h l b mt hon ton, ta c p P(xi |y) = pP(xi ). T suy ra vi mi i, 1< i < n, p K (K) = p C (y. Vy cc p K (K i ) (1< i < n) u bng nhau, v do u bng 1/1 K| . b) By gi ta chng minh iu ngc li. Gi thit pk(K) = 1/1 K| vi mi K eK , v vi mi x eP , y e C c ng mt kho KeK sao cho e K (x) = y. Ta tnh:

PC

( )

y=

2 PK
KGK =K

(K )

. p P (d K ( y )) =
(d

2 Kpp
KGK | |
k

(d

K (y))=

|K KeK

2 PP

K (y)).

Khi K chy qua tp kho K th d K (y) chy qua tp P , do

2 PP
KeK

(d

K (y)) =

2 PP
xeP

(x)

>

v ta c pC (y) = 1/|K| vi mi ye C . Mt khc, gi Kl kho duy nht m e K (x) = y, ta c PC ( J \ x ) = ) = 1/|K| . Dng cng thc Bayes ta lai c vi mi x eP , y e C :
PK
(K

(x|y) = p P

*y rM x )

= P P PP
(

PC

y)

1/

lKl

Vy h l b mt hon ton. nh l c chng minh. 2.2.3. Thut ton xc sut:

Khi nim thut ton m ta thng hiu l thut ton tt nh, l mt tin trnh thc hin cc php ton trn d liu u vo v cho kt qu u ra. Theo D.E. Knuth, thut ton c 5 thuc tnh c bn: tnh hu hn, thut ton lun kt thc sau mt s hu hn bc; tnh xc ih, mi bc ca thut ton phi c xc nh mt cch chnh xc; tp hp u vo v u ra ca mi thut ton cng c xc nh r rng; v tnh hiu qu, mi php ton trong thut ton phi l c bn, c th c thc hin chnh xc trong mt thi gian xc nh. Thut ton l khi nim c bn i vi vic lp trnh trn my tnh, v c s dung rt ph bin. Nhng nh ta bit, i vi nhiu bi ton trong thc t, khng phi bao gi ta cng tm c thut ton gii chng vi phc tp tnh ton chp nhn c (ta s xt qua vn ny trong mt tit sau). V vy, cng vi cc thut ton tt nh, i vi mt s bi ton ta s xt thm cc thut ton xc sut, l nhng thut ton m cng vi d liu u vo ta b sung thm gi tr ca mt i lng ngu nhin tng ng no , thng l cc s ngu nhin. Cc thut ton xc sut thng c xy dng cho cc bi ton quyt nh, tc cc bi ton xc nh trn mt tp hp d liu sao cho ng vi mi d liu bi ton c mt tr li c hoc khng . Ngi ta chia cc thut ton xc sut thnh hai loi: loi thut ton Monte Carlo v loi thut ton Las Vegas. Thut ton Monte Carlo lun kt thc vi kt qu c hoc khng i vi mi d liu u vo bt k; cn thut ton Las Vegas tuy cng kt thc vi mi d liu, nhng c th kt thc vi mt thng bo khng c tr li c hoc khng. Thut ton Monte Carlo c gi l thin v c, nu n cho tr li c th tr li chc chn l ng, cn nu n cho tr li khng th tr li c th sai vi mt xc sut no . Tng t, mt thut ton Monte Carlo c gi l thin v khng, nu n cho tr li khng th tr li chc chn l ng, cn nu n cho tr li c th tr li c th sai vi mt xc sut no . Cn vi thut ton Las Vegas, nu n kt thc vi tr li c hoc khng, th tr li chc chn ng, v n c th kt thc vi thng bo khng c tr

li vi mt xc sut no . Trong tit 2.8 sau y ta s cho vi th du cu th v mt s thut ton xc sut thuc c hai loi . 2.3. phc tap tnh ton. 2.3.1. Khi nim v phc tap tnh ton.

L thuyt thut ton v cc hm s tnh c ra i t nhng nm 30 ca th k 20 t nn mng cho vic nghin cu cc vn tnh c, gii c trong ton hc, a n nhiu kt qu rt quan trng v l th. Nhng t ci tnh c mt cch tru tng, hiu theo ngha tim nng,n vic tnh c trong thc t ca khoa hc tnh ton bng my tnh in t, l c mt khong cch rt ln. Bit bao nhiu th c chng minh l tnh c mt cch tim nng, nhng khng tnh c trong thc t, d c s h tr ca nhng my tnh in t ! Vn l do ch nhng i hi v khng gian vt cht v v thi gian thc hin cc tin trnh tnh ton nhiu khi vt qu xa nhng kh nng thc t. T , vo khong gia nhng nm 60 (ca th k trc), mt l thuyt v phc tp tnh ton bt u c hnh thnh v pht trin nhanh chng, cung cp cho chng ta nhiu hiu bit su sc v bn cht phc tp ca cc thut ton v cc bi ton, c nhng bi ton thun tu l thuyt n nhng bi ton thng gp trong thc t. Sau y ta gii thiu s lc mt s khi nim c bn v vi kt qu s c dng n ca l thuyt . Trc ht, ta hiu phc tp th ton (v khng gian hay v thi gian) ca mt tin trnh tnh ton l s nh c dng hay s cc php ton s cp c thc hin trong tin trnh tnh ton . D liu u vo i vi mt thut ton thng c biu din qua cc t trong mt bng k t no . di ca mt t l s k t trong t .

Cho mt thut ton A trn bng k t (tc c u vo l cc t trong ) . phc tp tnh ton ca thut ton A c hiu l mt hm s f A (n ) sao cho vi mi s n , f A (n ) l s nh, hay s php ton s cp ti a m A cn thc hin tin trnh tnh ton ca mnh trn cc d liu vo c di < n . Ta ni thut ton A c phc tp thi gian a thc, nu c mt a thc P (n ) sao cho vi mi n ln ta c f A (n) < P(n ), trong f A (n ) l phc tp tnh ton theo thi gian ca A. V sau khi ni n cc bi ton, ta hiu l cc bi ton qut nh , mi bi ton Pnh vy c xc nh bi: - mt tp cc d liu vo I (trong mt bng k t no ), - mt cu hi Qtrn cc d liu vo, sao cho vi mi d liu vo x e I, cu hi c mt tr li ng hoc sai. Ta ni bi ton quyt nh Pl gii c, nu c thut ton gii n, tc l thut ton lm vic c kt thc trn mi d liu vo ca bi ton, v cho kt qu ng hoc sai tu theo cu hi Q trn d liu c tr li ng hoc sai. Bi ton Pl gii c trong thi gian a thc, nu c thut ton gii n vi phc tp thi gian a thc. Sau y l vi th du v cc bi ton quyt nh: Bi ton SATISFIABILITY (vit tt l SAT): - mi d liu vo l mt cng thc F ca lgich mnh , c vit di dng hi chun tc, tc dng hi ca mt s cc clause. - Cu hi l: cng thc F c tho c hay khng ? Bi ton CLIQUE: - mi d liu vo l mt graph G v mt s nguyn k . - Cu hi l: Graph G c mt clique vi > k nh hay khng ? (mt clique ca G l mt graph con y ca G). Bi ton KNAPSACK :

- mi d liu l mt b n +1 s nguyn dng I= (s v ...,s n ; T). - Cu hi l: c hay khng mt vect Boole (xx,...,x) sao cho Y n_ X s _T ? i_1 (vect boole l vect c cc thnh phn l 0 hoc 1). Bi ton thng d bc hai: - mi d liu gm hai s nguyn dng (a, n ). - Cu hi l: a c l thng d bc hai theo modn hay khng ? Bi ton hp s : - mi d liu l mt s nguyn dng N - Cu hi: N l hp s hay khng ? Tc c hay khng hai s m, n >1 sao cho N=m . n ? Tng t, nu t cu hi l N l s nguyn t hay khng? th ta c bi ton s nguyn t . i vi tt c cc bi ton k trn, tr bi ton hp s v s nguyn t, cho n nay ngi ta u cha tm c thut ton gii chng trong thi gian a thc. Lp phc tap. Ta xt mt vi lp cc bi ton c xc nh theo phc tp tnh ton

2.3.2.

ca chng. Trc ht, ta inh ngha P l lp tt c cc bi ton c th gii c bi thut ton trong thi gian a thc. Gi s cho hai bi ton p v P2 vi cc tp d liu trong hai bng k t tng ng l Ex v E2 . Mt thut ton f: * ^ e2 c gi l mt php qui dn bi ton p v bi ton P2 , nu n bin mi d liu xca bi ton p thnh mt d liu f(x ) ca bi ton P2 , v sao cho cu hi ca p trn x c tr li ng khi v ch khi cu hi ca P2 trn f(x) cng c tr li ng. Ta ni bi ton p qui dn c v bi ton P 2 trong thi gian a thc, v k hiu p rc P2 , nu c thut ton f vi phc tp thi gian a thc qui dn bi ton p v bi ton p .Ta d thy rng, nu p rc P 2 v P2 E P , th cng c p E P . Mt lp quan trng cc bi ton c nghin cu nhiu l lp cc bi ton kh thng gp trong thc t nhng cho n nay
39

cha c kh nng no chng t l chng c th gii c trong thi gian a thc. l lp cc bi ton NP-dy m ta s nh ngha sau y: Cng vi khi nim thut ton tt nh thng thng (c th m t chnh xc chang hn bi my Turing tt nh), ta xt khi nim thut ton khng n nh vi mt t thay i nh sau: nu i vi my Turing tt nh, khi my ang mt trng thi q v ang c mt k t a th cp (q,a ) xc nh duy nht mt hnh ng k tip ca my, cn i vi my Turing khng n nh, ta qui c rng (q,) xc rnh khng phi duy nht m l mt tp hu hn cc hnh ng k tip; my c th thc hin trong bc k tip mt trong cc hnh ng . Nh vy, i vi mt d liu vo x, mt thut ton khng n rnh (c xc nh chang hn bi mt my Turing khng n nh) khng phi ch c mt tin trnh tnh ton duy nht, m c th c mt s hu hn nhng tin trnh tnh ton khc nhau. Ta ni thut ton khng n nh A chp nhn d liu x, nu vi d liu vo x thut ton A c t nht mt tin trnh tnh ton kt thc trng thi chp nhn (tc vi kt qu ng). Mt bi ton Pc gi l gii c bi thut ton khng n nh trong thi gian a thc nu c mt thut ton khng n nh A v mt a thc p(n) sao cho vi mi d liu vo x c di n , x P (tc cu hi ca P c tr li ng trn x) khi v ch khi thut ton A chp nhn xbi mt tin trnh tnh ton c phc tp thi gian < p(n ). Ta k hiu lp tt c cc bi ton gii c bi thut ton khng n nh trong thi gian a thc l NP. Ngi ta chng t c rng tt c nhng bi ton trong cc th du k trn v rt nhiu cc bi ton t hp thng gp khc u thuc lp NP, d rng hu ht chng u cha c chng t l thuc P. Mt bi ton P c gi l NP.-y , nu P NP v vi mi Q NP u c Qcx P. Lp NP c mt s tnh cht sau y:

1) P c NP, 2) Nu P rc P2 v P2 eNP , th P1 e NP . 3) Nu P1 ,P2 eNP , P1 rc P2 , v P l NP-y , th P2 cng l NP -y . 4) Nu c Psao cho P l NP-y v Pe P , th P = NP. T cc tnh cht ta c th xem rng trong lp NP , P l lp con cc bi ton d nht, cn cc bi ton NP-y l cc bi ton kh nht; nu c t nht mt bi ton NP-y c chng minh l thuc P , th lp tc suy ra P = NP , d rng cho n nay tuy c rt nhiu c gng nhng ton hc vn cha tm c con ng no hy vng i n gii quyt vn [P = NP ?], thm ch vn cn c xem l mt trong 7 vn kh nht ca ton hc trong thin nin k mi!

2.3.3.

Hm mt pha v ca sp mt pha.

Khi nim phc tp tnh ton cung cp cho ta mt cch tip cn mi i vi vn b mt trong cc vn bo mt v an ton thng tin. D ngy nay ta c nhng my tnh in t c tc tnh ton c hng t php tnh mt giy ng h, nhng vi nhng thut ton c phc tp tnh ton c f(n ) = 2n , th ngay vi nhng d liu c di khong n = 1000, vic thc hin cc thut ton khng th xem l kh thi, v n i hi thc hin khong 10300 php tnh! Nh vy, mt gii php mt m chang hn c th xem l c bo mt cao, nu gii m cn phi thc hin mt tin trnh tnh ton c phc tp rt ln. Do , vic pht hin v s dung cc hm s c phc tp tnh ton rt ln l c ngha ht sc quan trng i vi vic xy dng cc gii php v mt m v an ton thng tin. Hm s s hc y = f (x ) c gi l hm mt pha (one-way function), nu vic tnh thun t x ra y l d, nhng vic tnh
41

ngc t y tm li x l rt kh, y cc tnh t d v kh khng c cc inh ngha chnh xc m c hiu mt cch thc hnh, ta c th hiu chang hn d l tnh c trong thi gian a thc (vi a thc bc thp), cn kh l khng tnh c trong thi gian a thc! Thc t th cho n hin nay, vic tm v chng minh mt hm s no l khng tnh c trong thi gian a thc cn l vic rt kh khn, cho nn kh thng khi ch c hiu mt cch n gin l cha tm c thut ton tnh n trong thi gian a thc! Vi cch hiu tng i nh vy v d v kh, ngi ta a ra mt s th du sau y v cc hm mt pha: Th du 1. Cho p l mt s nguyn t, v a l mt phn t nguyn thu modp. Hm s y = ax modp (t Zp vo Zp) l mt hm mt pha, v hm ngc ca n, tnh t y tm x m ta k hiu X _ log (y), l mt hm c phc tp tnh ton rt ln. Th du 2. Cho n =p.q l tch ca hai s nguyn t ln. Hm s y= x2 modn (t Z n vo Z n ) cng c xem l mt hm mt pha. Th du 3. Cho n =p.q l tch ca hai s nguyn t ln, v a l mt s nguyn sao cho gcd(a, 4>(n)) =1. Hm s y= x a modn (t Zn vo Zn ) cng l mt hm mt pha, nu gi thit l bit n nhng khng bit p,q. Hm y = f (x ) c gi l hm ca sp mt pha (trapdoor one-way function), nu vic tnh thun t x ra y l d, vic tnh ngc t y tm li x l rt kh, nhng c mt ca sp vi s tr gip ca ca sp th vic tnh xt yv ^ li tr thnh d. Th du 4 (tip tuc th du 3). Hm s y= xa modn khi bit p v q l hm ca sp mt pha. T xtnh yl d, t y tm x (nu ch bit n , a ) l rt kh, nhng v bit p v q nn bit (r) = (p-1)(q -1), v dng thut ton Euclide m rng tm c b sao cho a.b = 1 (mod0(n)) , t d tnh c x = yb modn. y, c th xem b l ca sp.

2.4.

S' nguyn t. Phn tch thnh tha sT. Logarit ri rac.

Trong tit ny ta s xt ba bi ton c vai tr quan trng trong l thuyt mt m, l ba bi ton: th tnh nguyn t ca mt s nguyn, phn tch mt s nguyn thnh tch ca cc tha s nguyn t, v tnh logarit ri rc ca mt s theo mt muyn nguyn t. 2.4.1. Th tnh nguyn t" ca mt s.

Bi ton t ra rt n gin: Cho mt s nguyn dng n bt k. Hy th xem n c l s nguyn t hay khng? Bi ton c t ra t nhng bui u ca s hc, v tri qua hn 2000 nm n nay vn l mt bi ton cha c c nhng cch gii d dng. Bng nhng phng php n gin nh phng php sng Euratosthne, t rt sm ngi ta xy dng c cc bng s nguyn t u tin, ri tip tuc bng nhiu phng php khc tm thm c nhiu s nguyn t ln. Tuy nhin, ch n giai on hin nay ca l thuyt mt m hin i, nhu cu s dung cc s nguyn t v th tnh nguyn t ca cc s mi tr thnh mt nhu cu to ln v ph bin, i hi nhiu phng php mi c hiu qu hn. Trong muc ny ta s lc qua vi tnh cht ca s nguyn t, sau gii thiu mt vi phng php th tnh nguyn t ca mt s nguyn bt k. Ta bit mt s tnh cht sau y ca cc s nguyn t v hp s (trong cc pht biu di y, k hiu AI ch cho s phn t ca tp hp A): 1. Tiu chun Euler-Solovay-Strassen: a) Nu n l s nguyn t, th vi mi s nguyn dng a [ n-1: = a (n1)72 mod n.

b) Nu n l hp s , th

a :1 < a < n 1,

= a(n 1)/2 mod n

<n 1

2. Tiu chun Solovay-Strassen-Lehmann : a) Nu n l s nguyn t, th vi mi s nguyn dng a [ n -1: a b) Nu n l hp s, th {a :1 < a < n 1, a (n1) 2 = 1mod n} 3. Tiu chun Miller-Rabin : a) Cho n l s nguyn l, ta vit n -1 = 2e .u, vi u l s l. Nu n l s nguyn t, th vi mi s nguyn dng a [ n -1: (a = 1 mod n) V 3 < e(a 2 ' u = 1 mod n). b) Nu n l hp s, th < n1 ( n1)/2 = 1(mod n).

{a : 1 < a < n 1, (au = 1 mod n) V3k < e(a 2 u = 1 mod n)}

<

n1

Cc tiu chun k trn l c s ta xy dng cc thut ton xc sut kiu MonteCarlo th tnh nguyn t (hay hp s) ca cc s nguyn. Chang hn, t tiu chun th nht ta c thut ton Euler- Solovay-Strassen sau y: D liu vo: s nguyn dng n v t s ngu nhin a,...,a (1[ aln -1 ) , 1. for i = 1 to t do

2. if 3. 4. else 5.

= a(n 1) 2 mod n, then answer n l s nguyn t

answer n l hp s and quit

Thut ton ny nu cho tr li n l hp s th ng n l hp s, nhng nu n cho tr li n l s nguyn t th tr li c th sai vi mt xc sut s no . Nh vy, thut ton l mt thut ton xc sut Monte-Carlo thin v c nu xem n l thut ton th tnh l hp s; cn n l mt thut ton xc sut thin v khng nu xem n l thut ton th tnh nguyn tca cc s" nguyn. Tng t nh vy, da vo cc tiu chun 2 v 3 ta cng c th xy dng cc thut ton xc sut Solovay-Strassen-Lehmann v Miller-Rabin kiu MonteCarlo th tnh nguyn t (hay l hp s) ca cc s nguyn. Hai thut ton ch khc thut ton Euler- Solovay-Strassen k trn ch cng thc trong hng lnh th 2 cn c thay tng ng bi a(n1)72 = 1mod n hay (au = 1mod n) V3k < e(a2 u = 1mod n) trong u v e c xc nh bi: n- 1 = 2e. u, u l s l. Xc sut sai lm 8 khi nhn c kt qu n l s nguyn t trong cc thut ton c tnh nh sau: Gi s n l mt s l trong khong N v 2N , tc N<n < 2N. Gi A l s kin n l hp s , v B l s kin thut ton cho kt qu tr li n l s nguyn t . Ta phi tnh xc sut 8 =p (A| B). Theo tnh cht b) ca tiu chun Euler-Solovay-Strassen, nu n l hp s, th s kin

= a(n 1) 2 mod n

i vi mi a ngu nhin (1[a [n - 1) c xc sut [ 1/2, v vy ta c p ( B / A ) < 2.

Theo cng thc Bayes ta c

( )_ p (b/a). p( A ) _ p (B/A).p (A)_ _ { p ( B ) p ( B / A ) . p ( A ) + p [ B / a). p( A)

Theo inh l v s nguyn t, s cc s nguyn t gia Nv 2N . N n ^ N n , , , ,-. 2 xp xi , s cc s le l , do p(A) ^, v r ln N ln n 2 2 ln n p ( A ) ^1 ----- . D nhin ta c p (b/a)_1. Thay cc gi tri vo ln n cng thc trn, ta c 2
(1 2

Inn) _ ln n

p( A B ) < _ lnn 2 _ lnn-2 + 2ln n (5)2 2 2 -. 2 (1----^_) + ^ + ln n ln n nh gi cng ng i vi thut ton Solovay-Strassen- Lehmann, cn i vi thut ton Miler-Rabin th ta c mt nh gi tt hn, cu th l p( A / B )_- lnn-22,-. v ln n 2 + 2 +1 (6)

Ch rng khi t =50 th i lng v phi ca (5) ^ 10 13, v v phi ca (6) ^ 1028; do nu chn cho d liu vo thm khong 50 s ngu nhin a i th cc thut ton Euler-Solovay- Strassen v Solovay-Strassen-Lehmann s th cho ta mt s l nguyn t vi xc sut sai lm [ 10-13 v thut ton Miller-Rabin vi xc sut sai lm [ 10-28 ! Ta c th tnh c rng phc tp tnh ton v thi gian ca cc thut ton xc sut k trn l vo c a thc ca logn , tc l a thc ca i biu din ca d liu vo (l s n ), tuy nhin cc thut ton ch cho ta th tnh nguyn t ca mt s vi mt xc sut sai lm no , d l rt b. Trong nhiu ng dung, ta mun c c nhng s nguyn t vi chc chn 100% l s nguyn t. Do , d c cc thut ton xc sut nh trn, ngi ta vn khng ngng tm kim nhng thut ton tt inh th tnh nguyn t vi chnh xc tuyt i. Trong my chuc nm gn y,

mt s thut ton c xut, trong c nhng thut ton c sc nh thut ton th tng Jacobi, c pht hin bi Adleman, Pomerance v Rumely, sau c n gin ho bi Cohen v Lenstra; thut ton th bng ng cong elliptic, c xut bi Goldwasser, Kilian, Adleman v Huang, c tip tuc hon thin bi Atkin v Morain, cc thut ton ny c dng tm nhiu s nguyn t rt ln, th du dng thut ton Atkin-Morain chng t c s (2 3539+ 1)/3 c 1065 ch s thp phn l s nguyn t. Gn y, vo thng 8/2002, cc nh ton hc n Agrawal, Kayal v Saxena a ra mt thut ton tt nh mi th tnh nguyn t c phc tp tnh ton thi gian a thc kh n gin, thut ton c m t nh sau: Thut ton Agrawal-Kayal-Saxena: Input: integer n > 1 1. if ( n is of the form a, b > 1 ) ouput COMPOSITE; 2. r=2; 3. while (r< n ) { 4. if (gcd(n, r)^ 1) ouput COMPOSITE; 5. if (r is prime ) 6. let q be the largest prime factor of r- 1; r1 7.
if

(q > 4vr log n ) and (n q ^ 1(mod r))

8. break; 9. r ^ r + 1; 10. } 11. for a = 1 to 2yfr log n 12. if ((x a) n ^ (x n a)(mod x r 1, n)) ouput COMPOSITE;

13. output PRIME;

Thut ton ny c mt s nh ton hc kim nghim , nh gi cao v xem l mt thut ton p, c th dng cho vic kim th tnh nguyn t ca cc s nguyn. Trong thc tin xy dng cc gii php mt m, thng c nhu cu c cc s nguyn t rt ln. tm c cc s nh vy, ngi ta thng chn ngu nhin mt s rt ln, ri dng trc cho n mt thut ton xc sut chang hn nh thut ton Miller-Rabin; nu thut ton cho ta kt qu l s nguyn t vi mt xc sut sai no , th sau ta dng tip mt thut ton tt nh (chang hn nh thut ton trn y) bo m chc chn 100% rng s l s nguyn t. Thut ton Agrawal-Kayal-Saxena trn y c chng t l c phc tp thi gian a thc c O(logn)12) khi th trn s n ; v nu s nguyn t c th c dng Sophie Germain, tc dng 2p +1, th phc tp thi gian s ch l c O(logn) 6). 2.4.2. Phn tch thnh tha s" nguyn t. Bi ton phn tch mt s nguyn > 1 thnh tha s nguyn t cng c xem l mt bi ton kh thng c s dung trong l thuyt mt m. Bit mt s n l hp s th vic phn tch n thnh tha s mi l c ngha; do thng khi gii bi ton phn tch n thnh tha s, ta th trc n c l hp s hay khng (chang hn bng mt trong cc thut ton muc trc); v bi ton phn tch n thnh tha s c th dn v bi ton tm mt c s ca n, v khi bit mt c s d ca n th tin trnh phn tch n c tip tuc thc hin bng cch phn tch d v n/ d. Bi ton phn tch thnh tha s', hay bi ton tm c s ca mt s nguyn cho trc, c nghin cu nhiu, nhng cng cha c mt thut ton hiu qu no gii n trong trng hp tng qut; do ngi ta c khuynh hng tm thut ton gii n trong nhng trng hp c bit, chang hn khi n c mt c s nguyn t p vi p -1 l B-mn vi mt cn B >0 no , hoc khi n l s Blum, tc l s" c dng tch ca hai s" nguyn t" ln no (n =p.q).

Ta xt trng hp th nht vi (p-1)-thut tan Pollard nh sau: Mt s nguyn n c gi l B-mn, nu tt c cc c s nguyn t ca n u <B chnh cha trong (p-1)- thut ton Pollard l nh sau: Gi s n l B-mn. K hiu Q\ bi chung b nht ca tt c cc lu tha ca cc s nguyn t <B m bn thn chng <n. Nu q1 <n th llnq < lnn, tc l < ln q Ta c Q = n q[ln n/ln q| q<B trong tch ly theo tt c cc s nguyn t khc nhau q <B. Nu p l mt tha s nguyn t ca n sao cho p -1 l B-mn, th p -11Q v do vi mi a bt k tha mn gcd(ap) = 1, theo nh l Fermat ta c a Q = 1 (modp). V vy, nu ly d =gcd(aQ - 1, n) th p I d. Nu d= n th coi nh thut ton khng cho ta iu mong mun, tuy nhin iu chc khng xy ra nu n c t nht hai tha s nguyn t khc nhau. T nhng lp lun ta c: (p - 1)-thut ton Pollard phn tch thnh tha s INPUT: mt hp s n khng phi l lu tha ca mt s nguyn t. OUTPUT: mt tha s khng tm thng ca n . 1. Chn mt cn cho mn B. 2. Chn ngu nhin mt s nguyn a , 2< a < n- 1, v tnh d = gcd(a,n). Nu d > 2 th cho ra kt qu (d). 3. Vi mi s nguyn t q < B thc hin: ln n 3.1 Tnh l= ln q
ln n

(I x| l s nguyn b nht ln hn x).

3.2

Tnh a ^ a q modn.

4. Tnh d = gcd(a -1, n). 5. Nu 1< d < n th cho ra kt qu (d ). Nu ngc li th thut ton coi nh khng c kt qu. Th du: Dng thut ton cho s n = 19048567. Ta chn B =19, v a =3, v tnh c gcd(3,n ) =1. Chuyn sang thc hin bc 3 ta c bng sau y (mi hng ng vi mt gi tr ca q ) :

q 2 3 5 7 11 13 17 19

l 24 15 10 8 6 6 5 5

a 2293244 13555889 16937223 15214586 9685355 13271154 11406961 554506

Sau ta tnh d =gcd(554506-1,19048567) = 5281. Vy ta c mt tha s p = 5281, v do mt tha s na l q = n/ p = 3607. C hai tha s u l nguyn t. Ch rng y p -1 = 5280 = 25.3.5.11 , c tt c cc c s nguyn t u < 19, do chc chn thut ton s kt thc c kt qu. Thut ton s kt thc khng c kt qu khi mn B c chn qu b khng mt tha s nguyn t p no ca n m p -1 ch cha cc c s nguyn t < B. Nh vy, c th xem (p -1)-thut ton Pollard phn tch n thnh tha s nguyn t l c hiu qu i vi nhng s nguyn n l Bmn, ngi ta tnh c thi gian cn thc hin thut ton l c O(B lnn /lnB) php nhn theo muyn. By gi ta xt trng hp cc s nguyn Blum, tc l cc s c dng n = p.q, tch ca hai s nguyn t ln. Trc ht ta ch rng

nu ta bit hai s nguyn khc nhau x v y sao cho X2 = y 2 (mod n) th ta d tm c mt tha s ca n . Thc vy, t X 2 = y 2 (mod n) ta c X2 y 2 _ (X + y)(X y) chia ht cho n, do n khng l c s ca x + y hoc x - y nn gcd(x- y n) phi l mt c s ca n, tc bng p hoc q. Ta bit nu n = p.q l s Blum, th phng trnh ng d X 2 = a 2 (mod n) c 4 nghim, hai nghim tm thng l x = a v x = -a . Hai nghim khng tm thng khc l b, chng l nghim ca hai h phng trnh ng d bc nht sau y:

Bng lp lun nh trn, ta thy rng nu n l s Blum, a l mt s nguyn t vi n, v ta bit mt nghim khng tm thng ca phng trnh X 2 = a 2 (mod n), tc bit mt x ^ a sao cho X 2 = a 2 (mod n) th gcd(x- a, n) s l mt c s ca n . Nhng iu trn y l cn c cho mt s phng php tm c s nguyn t ca mt s nguyn dng Blum; chung ca cc phng php l dn v vic tm mt nghim khng tm thng ca mt phng trnh dng X 2 = a 2 (mod n), chang hn nh phng trnh X 2 = 1(mod n). Mt trng hp kh l th trong l thuyt mt m l khi ta bit hai s a ,b l nghich o ca nhau theo mod (n ) (nhng khng bit (n) ), v tm mt phn tch thnh tha s ca n. Bi ton c t ra cu th l: Bit n c dng Blum, bit a v b sao cho ab = 1(mod (n)). Hy tm mt c s nguyn t ca n , hay tm mt nghim khng tm thng ca phng trnh X 2 = 1 (mod n). Ta gi thit ab- 1 = 2s. r vi rl s le. Ta pht trin mt thut ton xc sut kiu Las Vegas nh sau: Ta chn mt s ngu nhin v (1< v < n- 1). Nu may mn vl bi s ca p hay q, th ta c ngay mt c s ca n l gcd( vn ). Nu v nguyn t vi n , th ta tnh cc bnh phng lin tip k t v r , c v r , v 2r , v 4r , .. cho n khi c v 2 r = 1(modn) vi mt t no

. S t nh vy bao gi cng t c, v c 2 s. r = 0 (mod0(n )) nn c v2 r = 1(mod n). Nh vy, ta tm c mt s x=v 2 r sao cho x 2 = 1(mod n). Tt nhin c x^ 1 modn . Nu cng c x^ -1 (modn ) th xl nghim khng tm thng ca x 2 = 1(mod n), t ta c th tm c s ca n . Nu khng th thut ton coi nh tht bi, cho ta kt qu khng ng. Ngi ta c th c lng xc sut cho kt qu khng ng vi mt ln th vi mt s v l < 1/2, do nu ta thit k thut ton vi m s ngu nhin v1,...vm , th s c th t c xc sut cho kt qu khng ng l < 1/2m !

2.4.3.

Tnh logarit ri rac theo muyn nguyn t.

Cho p l mt s nguyn t, v a l mt phn t nguyn thu theo modp, tc l phn t nguyn thu ca nhm Z*. Bi ton tnh logaiit ri rc theo modp l bi ton tm, vi mi s 3 e Z* ,mt s a ( 1< a < p -1) sao cho 3 = aa modp , tc l a = log 3 (modp 1). Mt thut ton tm thng gii bi ton ny l thut ton duyt ton b cc s a t 1 n p -1, cho n khi tm c a tho mn 3 = aa modp . Tt nhin, thut ton ny l khng hiu qu nu p l s nguyn t rt ln. Mt bin dng ca thut ton vi t nhiu hiu qu hn l thut ton Shanks sau y: t m = yjp 1 . Ta tm a di dng

a = mj + i,0 < j,i < m 1. R rng 3 = aa modp khi v ch khi

a mj = 3a' (mod p). Ta lp hai danh sch gm cc cp (j, am]) v cc cp (i,3a)vi /v i chy t 0 n m - 1. Khi pht hin ra c hai cp t hai danh sch c hai phn t th hai bng nhau l ta c kt qu a = mj + i, chnh l gi tr log a3 m ta cn tm. Thut ton Shanks c phc tp c O(m) php ton nhn v O(m) b nh (cha k Om2) php so snh). Mt thut ton khc, thut ton Polig-Hellman, thng c dng c hiu qu trong trng hp p -1 ch c cc tha s nguyn t

tc l

b, c ni dung nh sau: Gi thit rng p - 1 c dng phn tch chnh

p 1 = Y[p < t i=1 tm a = log^ (modp -1), ta tm cc s a sao cho a = a mod p Ci vi i = 1,...,k. Sau khi tm c cc a nh vy, th h phng trnh x = a modp Ci (i = 1,...,k),c gii theo nh l s d Trung quc, s cho ta li gii x = a (mod p 1) cn tm. Vy, vn l xc nh cc a modp Ci (i = 1,...,k). Vn ny c pht biu li nh sau: Gi s q l mt c s nguyn t ca p - 1, v q c I p - 1 nhng khng cn q
c+ 1

I p - 1 . Ta cn tm X = a modq c . Ta biu din X di dng s q - phn nh

sau:
x

=^m (0 < xi < q 1). i=0

V X = a modq c nn a vit c di dng a= x+ q c '. s, v v a p1 = 1(mod p), nn ta c p1 a p (p1) x0 /3 q = a q = (a= a q (mod p). Ta t Y = a (p1)7 q, v tnh ln lt Y 0, YY 2,..., ng thi so snh vi 3 (p1)7q mod p, ta s tm c i sao cho Y' = 3 (p1)7q mod p. Ta ly s i l X0, tc x0 = i . Nu c= 1 th x = x0 , ta tm xong x. Nu c>1 th bng cch t 3' = 3a~x v x' = log 3'modq c ta d thy rng
x

'= x >qi. i=1

T ta suy ra 3
,(p1)7q2

= a(p1)x1/ q mod p.

Tng t nh bc trn, tnh ln lt Y 0, Y1, Y 2, , ng thi so snh vi 3

(p1)7 q

, ta s tm c X.
53

C lm nh vy, ta s tm c dn tt c cc gi tri xi vi i = 0, 1,...,c-1, tc l tnh c x. Sau khi tm c tt c cc gi tri x ng vi mi c s nguyn t q ca p, th theo mt nhn xt trn, ch cn gii tip mt h phng trnh ng d bc nht theo cc muyn tng cp nguyn t vi nhau (bng phng php s d Trung quc), ta s tm c s a cn tm, a = log^ theo modp. Th du: Cho p = 29 v a = 2. Hy tnh a =log 218 theo mod29. Ta c p - 1 = 28 = 22. 71 . Theo thut ton Polig-Hellman, ta tm ln lt a mod 4 v a mod 7. Theo cc bc tnh ton nh m t trn, ta s tm c a mod 4 = 3 v a mod 7 =4 .T gii h phng trnh x = 3 (mod 4), |X = 4(mod7) ta c nghim x = 11 (mod28), tc c 11 = log 218 theo mod29. Thut ton Polig-Hellman cho ta mt cch tnh logarit ri rc kh hiu qu, nhng ch khi p -1 ch c cc tha s nguyn t b. V vy, nu p -1 c t nht mt tha s nguyn t ln th thut ton kh c thc hin c hiu qu, tc trong trng hp bi ton tnh logarit ri rc theo modp vn l mt bi ton kh. Mt lp cc s nguyn t pm p- 1 c t nht mt c s nguyn t ln l lp cc s nguyn t dng p = 2q + 1, trong q l nguyn t. Nhng s nguyn t dng c gi l s nguyn t Sophie Germain, c vai tr quan trng trong vic xy dng mt lp kh thng dung cc h mt m c kho cng khai. Ngi ta cng nghin cu pht trin nhiu thut ton khc, c thut ton tt inh, c thut ton xc sut, tnh logarit ri rc, nhng cha c thut ton no c chng t l c phc tp tnh ton vi thi gian a thc.

55

CHNG III

Cc h mt m kha i xng
3.1. Mt sT h mt m c in. Trong chng ny ta s gii thiu mt s h mt m c kha i xng, tc l nhng h mt m m kha lp mt m v kha gii mt m l trng nhau, v v vy kha mt m chung phi c gi b mt, ch ring hai i tc (ngi lp mt m e gi i v ngn nhn mt m gi n) c bit m thi. Trong sut mt thi k lch s di t thi c i cho n vi ba thp nin gn y, cc phng php mt m c s dung trong thc t u l mt m kho i xng, t h mt m Ceasar c dng hn nghn nm trc cho n cc h mt m c s dung vi s tr gip ca k thut my tnh hin i trong thi gian gn y. Trc ht ta hy bt u vi mt s h mt m c in.

3.1.1.

M chuyn dch (shift cipher)

Cc h mt m dng php chuyn dch ni trong muc ny cng nh nhiu h mt m tip sau u c bng k t bn r v bng k t bn m l bng k t ca ngn ng vit thng thng. V bng k t ting Vit c dng nhiu du phu lm cho cch xc nh k t kh thng nht, nn trong ti liu ny ta s ly bng k t ting Anh minh ho, bng k t ny gm c 26 k t, c nh s t 0 n 25 nh trnh by tit 1.2.1, ta c th ng nht n vi tp Z26. Nh vy, s cc h mt m chuyn dch c nh ngha nh sau: S= (P, C K E, D) , trong P = C = K = , cc nh x E v D c cho bi:

vi mi K, x, <E Z26: E (K, x) = x+K mod26, D (K ) = - K mod26. Cc h mt m c xc inh nh vy l ng n, v vi mi K x, E Z26 ta u c: df(eX) = (x+K) - K mod26 = x. Cc h mt m chuyn dch c s dung t rt sm, theo truyn thuyt, h m vi K=3 c dng bi J. Caesar t thi quc La m, v c gi l h m Caesar. Th du: Cho bn r hengapnhauvaochieuthuba, chuyn dy k t thnh dy s" tng ng ta c: x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24. Nu dng thut ton lp mt m vi kho K = 13, ta c bn m l: y = 20 17 0 19 13 2 0 20 13 7 8 13 1 15 20 21 17 7 6 20 7 14 13 11, chuyn di dng k t thng thng ta c bn mt m l: uratiicaunhinbpuv rhguhonl. gii bn mt m , ta ch cn chuyn n li di dng s'" ( c dy y, ri thc hin thut ton gii m, tc tr tng s hng vi 13 (theo muyn 26), c li dy x, chuyn thnh dy k t l c bn r ban u. Cc h mt m chuyn dch tuy d s dung, nhng vic thm m cng kh d dng, s cc kho c th c l 26; nhn c mt bn m, ngi thm m ch cn th dng ln lt ti a l 26 kho gii m, t s pht hin ra c kho dng v c bn r!

3.1.2. M thay th (substitution cipher). S cc h mt m thay th c nh ngha nh sau: S= (P, C K E, D) , trong P = C = Z26, Kl tp hp tt c cc php hon v trn Z26 cc nh x E v D c cho bi:

e (x)

n = n( d(y) = ~ y),

n 1(

vi mi xe P, y e C, n e Kl mt php hon v trn Z6 Ta thng ng nht Z6 vi bng k t ting Anh, do php hon v trn
Z

26 cng c hiu l mt php hon v trn tp hp cc k t ting Anh, th du mt

php hon v n c cho bi bng : a x b n c y d a e h f p g o h g i z j q k w l b m t n s o f p l q r r c

s v

t m

u u

v e

w k

x
j

y d

z i

Vi h mt m thay th c kho n, bn r x = hengapnhauvaochieuthubay s c chuyn thnh bn mt m y = ghsoxlsgxuexfygzhumgunxd Thut ton gii m vi kho n, ngc li s bin y thnh bn r x. S h mt m c s kho c th bng s cc php hon v trn tp Z6 , tc l 26! kho, l mt s' rt ln (26!> 4.1026). Do , vic duyt ln lt tt c cc kho c the e thm m l khng thc t, ngay c dng my tnh. Tuy vy, c nhng phng php thm m khc hiu qu hn, lm cho cc h mt m thay th khng th c xem l an ton.

3.1.3.

M apphin. S cc h mt m apphi c nh ngha nh sau:

57

S = (P, C K E, D) , trong P = C = Z6, K = { (ab) e Z26 x Z26 I gcd(a, 26) = 1} , cc nh x E v D c cho bi:
e

Kx) = ax + b mod26, dKy) =

x(y - b) mod26, vi mi xe P, ye C, K = (a, b) e K . C iu kin gcd (a, 26) = 1 l bo m c phn t nghch o 1mod26 ca a, lm cho thut ton gii m dK lun thc hin c. C tt c 0(26) = 12 s a e Z6 nguyn t vi 26, l cc s 1, 3, 5, 7 ,9, 11, 15, 17, 19, 21, 23, 25, v cc s nghch o theo mod26 tng ng ca chng l 1, 9, 21, 15, 3, 19, 7, 23, 11, 5, 17, 25. Th du vi bn r hengapnhauvaochieuthubay, c dy s tng ng l: x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24. Nu dng h mt m apphin vi kho K=(5, 6) ta s c bn mt m y = 15 0 19 10 6 3 19 15 6 2 7 6 24 16 15 20 0 2 23 15 2 11 6 22, chuyn sang dng k t ting Anh ta c bn mt m di dng patkgdtpgchgyqpuacxpclgw. V c 12 s thuc Z6 nguyn t vi 26, nn s cc kho c th c (do , s cc h mt m apphin) l bng 12x26 =312, mt con s khng ln lm nu ta s dung my tnh thc hin vic thm m bng cch duyt ln lt tt c cc kho c th; nh vy, m apphin cng khng cn c xem l m an ton !

3.1.4.

M Vigenre.

S mt m ny ly tn ca Blaise de Vigenre, sng vo th k 16. Khc vi cc h mt m k trc, cc h mt m Vigenre khng thc hin trn tng k t mt, m c thc hin trn tng b m k t (m l s nguyn dng). S cc h mt m Vigenre c inh ngha nh sau: S= (P , C K E, D) , trong P = C = K = Zm , cc nh x E v D c cho bi: iKxl/..., xm ) = (
x , k , , ) mod26 1+ 1 .... xm+km

d^v..^ m ) = ( y-k1 ,..., m-km) mod26 vi mi x=(xl,..., xm ) e P

=(l,..., m) e C, K = (k1,...,km)e K.

S m Vigenre c th c xem l m rng ca s m chuyn dch, nu m chuyn dch thc hin vic chuyn dch tng k t mt th m Vigenre thc hin ng thi tng b m k t lin tip. Th du ly m = 6 v K= (2, 8, 15, 7, 4, 17). lp mt m cho bn r hengapnhauvaochieuthuba, ta cng chuyn n thnh dy s v tch thnh tng on 6s lin tip: x = 7 4 13 6 0 15| 13 7 0 20 21 0| 14 2 7 8 4 20 |19 7 20 1 0 24. (nu di ca x khng phi l bi s ca 6, ta c th qui c thm vo on cui ca xmt s phn t no , chang hn l cc s 0, bao gi cng c th xem l x tch c thnh cc on c 6 s lin tip). Cng theo mod26 cc s trong tng on vi cc s tng ng trong kho K ta s c bn mt m = 9 12 2 13 4 6 |15 15 15 1 25 17| 16 10 22 15 8 11| 21 15 9 8 4 15 chuyn sang dy k t ta c bn m l jmcnegpppbzrqkwpilvpjiep.

T bn m , dng thut ton gii m tng ng ta li thu c bn r ban u. Tp K c tt c l 26m phn t, do vi mi m c tt c l 26m h mt m Vigenre khc nhau (vi m = 6 th s l 308,915,776), duyt ton b chng y kho thm m bng tnh th cng th kh, nhng nu dng my tnh mnh th cng khng n ni kh lm!

3.1.5. M Hill. S mt m ny c xut bi Lester S. Hill nm 1929. Cng ging nh s m Vigenre, cc h m ny c thc hin trn tng b m k t lin tip, iu khc l mi k t ca bn m c xc nh bi mt t hp tuyn tnh (trn vnh Z26) ca m k t trong bn r. Nh vy, kho s c cho bi mt ma trn cp m, tc l mt phn t ca K e Z m xm. php bin i tuyn tnh xc nh bi ma trn K c php nghch o, bn thn ma trn K cng phi c ma trn nghch o K"1 theo mod26; m iu kin cn v K c nghch o l nh thc ca n, k hiu detK nguyn t vi 26. Vy, s mt m Hill c inh ngha l s S= (P, C K E, D) , trong P = C = z26 , K = {K e Zm :gcd(detK,26) = 1}, cc nh x E v D c cho bi: eKx,..., xm ) = (x,..., xm ).K mod26,
d

K(yl,..., ym ) = (yl,..., ym). K_1 mod26

vi mi x =(x,..., xm ) e P, y=(y1,...,ym) e C, Ke K. (118 8\ 3 7, Th du : Chn m = 2, v K=

Vi b hai k t x = x ,x2) ta c m y = (y , y2).K c tnh bi: y = 11 xx + 3x2 mod26 y2 = 8x1 + 7x2 mod26 Ta ly li bn r hengapnhauvaochieuthubay, ta cng chuyn n thnh dy s" v tch thnh tng on 2 s'" lin tip: x = 7 4 |13 6| 0 15| 13 7 |0 201 21 0| 14 2 |7 8| 4 20 |19 7| 20 1| 0 24. Lp mt m cho tng on hai s lin tip, ri ni ghp li ta c y = 11 6|5 16| 19 1|8 21|8 2|23 12|4 22|23 8|0 16|22 19|15 11|20 12. V t ta c bn mt m di dng dy k t l lgfqtbivicxmewxiaqwtplum. Ch rng

V 3 7)

(mod 26) =

V 2311)

v gii m bng cch nhn tng on hai s lin tip ca yvi K"1 ta s c li dy x, v t c li bn r. Vi mi s m cho trc, s cc kho c th c l bng s cc ma trn K c detK nguyn t vi 26. Ta khng c cng thc tnh con s , tuy bit rng khi m ln th s cng l rt ln, v tt nhin vic thm m bng cch duyt ln lt ton b cc h m Hill c cng s m l khng kh thi. Mc d vy, t lu ngi ta cng tm c nhng phng php thm m khc i vi h m Hill mt cch kh hiu qu m ta s gii thiu trong mt phn sau. 3.1.6. M hon v. Cc h m hon v cng c thc hin trn tng b m k t lin tip, nhng bn mt m ch l mt hon v ca cc k t trong tng b m k t ca bn r. Ta k hiu Sm l tp hp tt c cc php hon v ca tp hp { 1,2, ... ,m }. S cc php m hon v c cho bi S= (P, C K E, D) ,

trong P = C = Z26 , K = Sm , cc nh x E v D c cho bi:

e

K(xl,, xm ) = (xn(1)--- xn(m)), dKy,..., ym ) = -1(1),-, n m)),

-1

vi mi x=(xx,..., xm ) 6 P, y =(y,...,ym) 6 C, K = n 6 Sm , n ca n

l hon v nghch o

Th du: Chn m = 6 v php hon v n 6S6 c cho bi: i = 1 2 3 4 5 6 ( 1642 Khi php hon v n s l j = 1 2 3 4 5 6 n n -l (j )=361524 Vi bn r hengapnhauvaochieuthubay, tc cng l vi x = 7 4 13 6 0 15| 13 7 0 20 21 0| 14 2 7 8 4 20 |19 7 20 1 0 24. ta s c bn m tng ng l: y = 13 0 7 15 6 4 0 21 13 0 20 7 7 4 14 20 8 2 20 0 19 24 1 7

n {) = 3 5

chuyn thnh dy k t l nahpgeavnauhheouicuatybh Dng cho tng b 6 k t lin tip ca bn mt m ny (tc l ca y) php gii m dK ta s thu li c xv bn r ban u. Ch rng m hon v l mt trng hp ring ca m Hill. Thc vy, cho php hon v n trn {1,2,...,m } , ta xc nh ma trn Kr = (k j ) vi k = 1 nu i= n(j), v = 0 nu ngc li, th d thy rng m Hill vi kho Kr cho cng mt php mt m nh m lon v vi kho n. Vi mi m cho trc, s cc h mt m hon v c th c l m !

3.2. Thm m i vi cc h mt m c in. 3.2.1. Mt vi nhn xt chung.

Nh trnh by trong tit 1.5 chng 1, muc ch ca vic thm m l da vo thng tin v bn mt m c th thu thp c trn ng truyn tin m pht hin li c bn r ca thng bo. V s ca h mt m c s dung thng kh m gi c b mt, nn ta thng gi thit thng tin xut pht ca bi ton thm m l s h mt m c s dung v bn mt m ca thng bo, nhim vu ca thm m l tm bn r ca thng bo . Ngoi cc thng tin xut pht , tu trng hp cu th, cn c th c thm cc thng tin b sung khc, v vy bi ton thm m c phn thnh cc loi bi ton khc nhau nh: thm m ch da vo bn m, thm m khi bit c bn r, thm m khi c bn r c chn, thm m khi c bn m c chn (xem muc 1.5, chng 1). Trong tit ny ta s trnh by mt vi phng php thm m i vi cc h mt m c in m t trong tit trc. V ta cng gi thit cc bn r cng nh bn m u c xy dng trn bng k t ting Anh, v hn na cc thng bo l cc vn bn ting Anh. Nh vy, ta lun c P = C = Z6 hay Zm, v c thm thng tin l cc bn r tun theo cc qui tc t php v c php ca ngn ng ting Anh. y l mt cn c quan trng ca cc phng php thm m i vi cc h mt m c in. Tic l vic dng mt m truyn a thng tin ting Vit khng li cho ta nhiu t liu nghin cu, v nhng nghin cu v t php v c php cng cha cho ta nhng qui tc thng k xc sut tin cy, nn trong ti liu ny ta cha trnh by c trn cc th du mt m bng ngn ng Vit, ta nh tm mn cc th du bng vn bn ting Anh minh ho, mong c bn c b sung sau. Cc kt qu ch yu c s dung nhiu nht trong thm m l cc qui tc thng k tn sut xut hin cc k t hay cc b i, b ba,...k t lin tip trong cc vn bn ting Anh. Trn c s phn tch cc s liu thng k t mt lng rt ln cc vn bn th t, sch v, bo ch, v.v... ngi ta

thu c nhng kt qu m cc tc gi Beker v Piper tng hp li nh sau: Phn b xc sut xut hin ca cc k t c sp xp theo th t: 1. K t e c xc sut xut hin cao nht l 0. 127, 2. Cc k t t, a, o, i, n, s, h, r c xc sut t 0. 060 n 0. 090, 3. Cc k t d, l c xc sut khong 0. 04, 4. Cc k t c, u, m,w, f g y p, b c xc sut t 0. 015 n 0.028, 5. Cc k t v, k, x q, z c xc sut di 0. 01. Ba mi b i k t c xc sut xut hin cao nht l (k t cao xung): th, he, in, er, an, re, ed, on, es, s en, at, to, nt, ha, nd, ou, ea, ng, as, or, ti, is, e i ar, te, se, hi, of Mi hai b ba k t c xc sut xut hin cao nht l: the, ing, and, her, ere, en tha, nth, was, eth, for, dth. Sau y l bng phn b xc sut ca tt c cc k t:

A (0) E (4) I (8)

0.082 0.127 0.070

B (1) F (5) J (9)

0.015 0. 022 0.002

C (2) G (6) K (10) O (14) S (18) W (22)

0.028 0.020 0.008 0.075 0.063 0.023

D (3) 0.043 H (7) 0. 061 L (11) 0.040 P (15) 0.019 T (19) 0.091 X (23) 0.001

M (12) 0.024 Q (16) 0.001 U (20) 0.028 Y (24) 0.020

N (13) 0.067 R (17) 0.060 V (21) 0.010 Z (25) 0.001.

3.2.2.

Thm m i vi m apphin. Kho m apphin c dng K= (a,B) vi a, b E Z26 v gcd(a,26)=1. K t

m y v k t bn r xtng ng c quan h y = a.x + b mod 26. Nh vy, nu ta bit hai cp (x, y khc nhau l ta c c hai phng trnh tuyn tnh t tm ra gi tr hai n s a,b' tc l tm ra K.

Th du: Ta c bn mt m: fmxvedkaphferbndkrxrsrefmorudsdkdvshvufedkaprkdlyevlrhhrh. Hy tm kho mt m v bn r tng ng. Ta thy trong bn mt m ni trn, r xut hin 8 ln, d 7 ln, e, k h mi k t 5 ln, f s, vmi k t 4 ln, v.v...; vy c th phn on r l m ca e , d l m ca t khi c 4a + b = 17 mod26, 19a + b = 3 mod26, gii ra c a = 6 , b = 19. V gcd(a, 26) = 2 ^ 1, nn (a b) khng th l kho c, phn on trn khng ng. Ta li th chon mt phn on khc: rl m ca e, h l m ca t. Khi c: 4 4a + b = 17 mod26, 19a + b = 7 mod26, ta gii ra c a = 3, b= 5. V (a, 26) = 1 nn K= (3,5) c th l kha cn tm. Khi php lp mt m l e(x) = 3x +5 mod26, v php gii m tng ng l dK (y = 9) = 9- 19 mod26. Dng php gii m cho bn m ta s c (di dng k t) bn r l: algorithmsarequitegeneraldefiiitionsofarithmeticprocesses . Ta c th kt lun kho ng l K = (3, 5) v dng trn l bn r cn tm.

3.2.3.

Thm m i vi m Vigenre. M Vigenre c th coi l m chuyn dch i vi tng b m k t. Kho m

l mt b K= (kk) gm m s nguyn mod 26. Vic thm m gm hai bc: bc th nht xc nh di m, bc th hai xc nh cc s k1,., km. C hai phng php xc nh di m : php th Kasiski v phng php dng ch s trng hp.

Php th Kasiski ( xut t 1863). Php th da vo nhn xt rng hai on trng nhau ca bn r s c m ho thnh hai on trng nhau ca bn m, nu khong cch ca chng trong vn bn r (k t k t u ca on ny n k t u ca on kia) l bi s ca m. Mt khc, nu trong bn m, c hai on trng nhau v c di kh ln (> 3 chang hn) th rt c kh nng chng l m ca hai on trng nhau trong bn r. V vy, ta th tm mt on m (c ba k t tr ln) xut hin nhiu ln trong bn m, tnh khong cch ca cc ln xut hin , chang hn c dpd.-.dt; khi ta c th phn on m= d= gcd(d, d 2 d t )- c s chung ln nht ca d, d.., dt ; hoc m l c s ca d. Phng php dng ch s trng hp: (inh ngha ch s trng hp do W.Friedman a ra nm 1920). nh ngha 3.1. Cho x = x, x2... xn l mt dy gm n k t. Xc sut ca vic hai phn t ca x trng nhau c gi l ch s trng hp ca x , k hiu l ix). K hiu f0, fv..., f25 ln lt l tn sut xut hin ca a, b' ... ,ztrong x, ta c:

1(f) j,,+1) i=0V' _ i=0 _________ IC (x) =

n

n(n +1)

Gi s xl mt dy k t (ting Anh). Ta c th hy vng rng: ( - p = 0,065 , i=0 trong p l xc sut ca k t ng vi s hiu i cho bi bng phn b xc sut cc k t (trang 61) Nu xl mt dy k t hon ton ngu nhin th ta c: Ic - 26. (1/26)2 = 1/26 = 0,038

Da vo cc iu ni trn, ta c phng php on di m ca m Vigenre nh sau: Cho bn m y = yy.., y. Ta vit li y theo bng c m (m > 1) hng nh sau: y= y ym+1 ............... ytm+1
y y

2 m+2 ....... ytm+2

m yem.........y(tm+1)m

ngha l vit ln lt theo cc ct m k t cho n ht. Ta k hiu y1, y2,..., ym l cc xu k t theo m hng trong bng . Ch rng cc k t mi hng yi u thu c t cc k t vn bn gc bng cng mt php dch chuyn nu m ng l di ca kho, do nu m l di ca kho th ta c th hy vng rng vi mi i, 1 < i< m: I(y)* 0,065 . on di m, ta ln lt chia y theo cch trn thnh m =

1, 2, 3... hng, v tnh cc I(y) (1 < i< m), cho n khi no c mt s m m vi mi

i, 1 < i < m, u c Cy) ~ 0,065 th ta c th chc m l di ca kho. Th du: Cho bn m chreevoahmaeratbiaxxwtnxbeeophbsbqmqeqerbwrvxuoakxa osxxweahbwgmmqmnkgrfvgxwtrzxwiaklxfpskautemndemg tsxmxbtuiadngmgpsrelxnelxvrvprtulhdnqwtwdtygbphxtfal hasvbfxngllchrzbwelekmsiknbhwrignmgsglxfeyphagnbieqt mrvlcrremndglxrrimgnsnrwchrqhaeyevtaqebbipeewevkakoe wadremxmtbhhchrtkdnvrzchrclqohpwqaiiwxnrmgwoiifkee. Dng php th Kasiski, ta nhn thy rng chr xut hin 5 ln, khong cch ca cc ln xut hin lin tip l 165, 70, 50, 10. c s

chung ca cc s l 5. Vy ta c th phn on di kho m l 5. Dng phng php ch s trng hp, vi m = 1 ta c mt ch s trng hp l 0,045; vi m = 2 c hai ch s l 0,046 v 0,041; vi m = 3 c ba ch s l 0,043; 0,050 v 0,047 ; vi m = 4 c bn ch s l 0,042; 0, 0, 039; 0,046 v 0,043; vi m = 5, ta thu c nm ch s l 0,063; 068; 0,069; 0,061 v 0,072, u kh gn vi 0,065. Vy c th phn on

di kho l 5. C hai phng php cho kt qu nh nhau. By gi n bc th hai l xc nh cc gi tr k1, k2,...km. Ta cn mt khi nim mi l ch s' trng hp tng h, c nh ngha nh sau: nh ngha 3.2. Gi s x = x1x2... xn v y= yy.. n l hai dy k t c di n v n'. Ch s' trng hp tng h ca x v y, k hiu MC(xy), c nh ngha l xc sut ca vic mt phn t ca x trng vi mt phn t ca y. K hiu f0, f25 v f ng. Khi , ta c: 25 MIx,) =
0

f l f 2

l tn sut xut hin ca a, b,...,z trong xv y tng

f,f\
. n.n

By gi vi m xc nh, ta vit bn m y ln lt theo tng ct c m hng y,..ym nh phn trn. Ta tm kho m K = (k1,k2,...km). Gi s x l bn r v x,../xm l cc phn bn r tng ng vi ,,m. Ta c th xem phn b xc sut ca cc k t trn x, v cng trn cc x,., xm l xp x vi phn b xc sut ca cc k t trn vn bn ting Anh ni chung. Do , xc sut ca vic mt k t ngu

nhin ca yi bng a l p_k , bng b l pl k , v.v... V ta c th nh gi

MI

C (y > yj)

Ph-k Ph-.kj = h=0 h=0

Ph Ph+k - kj

i lng ch phu thuc vo k - k, ta gi l dch chuyn tng i ca y v y. Ta ch rng biu thc:

z
mi l> 0 .

Ph

Ph+1 h=0 c gi tr ln nht khi l = 0 l 0,065, v c gi tr bin thin gia 0,031 v 0,045 vi

Nhn xt rng y phi dch chuyn l= k - kj bc (hay dch chuyn l k t trong bng ch ci) c y , nn nu k hiu yg l dch chuyn g bc ca y, th ta c hy vng khi tnh ln lt cc i lng MIyvyf ) vi 0 < g < 25, ta s t c mt gi tr xp x 0, 065 vi g = l v cc gi tr khc u khong gia 0,031 v 0,045. iu cho ta mt phng php c lng cc dch chuyn k - kj , tc l c mt s phng trnh dng k - kj = l, t gip ta tnh ra cc gi tr k, k2,..., km. Trong th du ca bn m ang xt, ta tnh c cc gi tr MICy.i s yg vi 1 < i< j< 5, 0 < g< 25, nh trong bng trang sau y (trong bng , bn phi mi cp (i j) l mt ngn gm c 26 gi tr ca MICy , yg) ng vi cc gi tr ca g= 0,1,2,..., 25). Nhn bng , ta thy cc gi tr MlCy , yg xp x 0.065 (nh c in m v gch di trong bng) ng vi cc b gi tr (i j,g ) ln lt bng (1,2,9), (1,5,16), (2,3,13), (2,5,7), (3,5,20) v (4,5,11).

Gi tr ca MICy , yg .028 .027 .028 .034 .039 .037 .026 .02 5 .05 2
.068

1 2 1 3 1 4

.05 .043 .037 .043 .037 .028 .041 .041 .036 .03 .029 1 .03 .05 .04 .04 .039 .039 .033 .040 .034 .028 .053 . .048 .033 .05 .04 4 7 5 2 6 0 5 .040 .036 .037 .032 .027 037 .036 .03 .03 .037 1 .029 .034 .039 .044 .044 7 .05 .02 .02 .034 .043 .025 .027 .038 .049 .040 .032 5 9 4 .034 .039 .045 .044 .037 .055 .047 .032 .027 .039 .037 .039 .035 .043 .033 .028 .046 .043 .044 .024 .019 .048 .070 .044 .028 .039 .031 .026 .030 .036 .040 .041 .038 .044 .043 .047 .033 .026 .046 .036 .033 .040 .035 .043 030 .02 .03 .03 .02 .040 4 9 4 9 .027 .030 .033 .045 .052 .042 .045 040 .048 .044 .033 .024 .040 ,032 .056 .043 .028 .028 .080 .050 .029 .031 .045 .039

.04 4

.02 6

.037

1 5

2 3

.046 .048 .041 .032 .036 .035

.067

.041 .033 .037 .045 .033

2 4

.046 .034 .043 .044 .034 .031 .028 .042 .039 .026 .034 .050

2 5

.033 .033 .036 .046 .026 .018 .037 .027 .026 .031 .039 .040

.037 .041 .046 .045 .043 .035 .030 .035 .041 .029 .058 .035 .035 .034 .028 .046 .032 .051 .032 .034 .030 .043 .050 .025 .041 .051 .050 .035 .030 .072 .035 .034 .032 .043 .027 .037 .048 .028 .028 .036 .061 .033 .043 .033 .027 .030 .039 .048 .035

3 4

.038 .036 .040 .033 .036 .060 .053 .030 .032 .035 .036 .036

3 5

.035 .034 .034 .036 .030 .043 .032 .033 .033 .052 .031 .027

4 5

.052 .038 .033 .038 .041 .043 .033 .032 .052 .034 .027 .039

T ta c cc phng trnh (theo mod26): k1 - k2 = 9 k2 - k5 = 7 k - k5 = 16 k3 - k5 = 20 k2 - k3 = 13 k4 - k5 = 11 . H phng trnh ch c 4 phng trnh c lp tuyn tnh, m c 5 n s, nn li gii phu thuc mt tham s, ta chn l k v c 70

(ky k2, k, k4, k5) = (k, k + 17, k1 + 4, k1 + 21, k + 10)mod26. Th vi cc gi tr c th ca k1 (0 < k1 < 26), cui cng ta c th tm c bn r nh sau y vi kho l JANET (k1 = 9): the almond tree was in tentative blossom the days were longer often ending with magnificent evenings of corrugated pink skies the hunting season was over with hounds and guns put away for six months the vineyards were busy again as the well organized farmers treated their vines and the more lackadaisical neighbors hurried to do the pruning they should have done in november. 3.2.4. Thm m i vi m Hill. Mt m Hill kh b khm ph bi vic thm m ch da vo bn m, nhng li l d b khm ph nu c th s dung php thm m kiu bit c bn r. Trc ht ta gi thit l bit gi tr m. Muc ch ca thm m l pht hin c kho mt m K trong trng hp m Hill l mt ma trn cp m c cc thnh phn trong Z6. Ta chn mt bn r c cha t nht m b m khc nhau cc k t:
X

1 = (X11, > X1m X , xm = (xm1, , Xmm X

v gi thit bit m tng ng ca chng l: >1 =(yu,..; y1m X--> ym =(y m1 ? ? ymm ) Ta k hiu X v Y l hai ma trn cp m, X=(xij), Y= (y i j~). Theo nh ngha m Hill, ta c phng trnh Y =X.K Nu cc x c chn sao cho ma trn X c nghch o X1

th ta tm c K= X-1.Y , tc l tm c kho ca h m c s dung.

Th du: Gi s m Hill c s dung c m =2, v ta bit bn r friday cng bn m tng ng pqcku. Nh vy ta bit

e(5,17) =(15,16), e(8,3) =(2,5), v e(0,24) =(10,20). T hai phng trnh u ta c (15 16 6] ( 5 17 ) 83 t c K= ng. Tr li vi vn xc nh m. Nu m khng qua ln, ta c th th cch trn ln lt vi m = 2,3,4,... cho n khi tm c kho, v kho Kxem l tm c nu ngoi m cp b m (x1,1),..., (xm , y) dng tm kho, Kvn nghim ng vi cc cp b m khc m ta c th chn th. 3.3. Mt m theo dng v cc dy sT gi ngu nhin. 3.3.1. Mt m theo dng. . Vi K phng trnh th ba cng nghim

Cc h mt m c xt trong cc tit trn u thuc loi mt m theo khi, vn bn r c chia thnh tng khi v vic lp mt m cho vn bn c thc hin cho tng khi ri sau ni ghp li, lp mt m cho tt c cc khi u theo cng mt kho chung K. Vi cch lp mt m theo dng, theo m t trong tit 1.2, cc khoa dng cho cc khi vn bn ni trn c th khc nhau, do , cng vi s mt m gc, ta cn cn c mt b sinh dng kho vi mi mm kho s cho trc n sinh ra mt dng kho KK2K(..., mi K dng lp mt m cho khi xi ca vn bn. Mi t kho Ki , ngoi vic phu thuc vo mm kho s cn c th phu thuc vo on t kho K1...Ki_1 c sinh ra trc v c vo cc yu t khc, chang hn nh on vn bn x1...x-1 c lp mt m trc . Nh vy, ta c th nh ngha li nh sau: Mt s h mt m theo dng c cho bi mt b

(1)

tha mn cc iu kin sau y: P l mt tp hu hn cc k t bn r, C l mt tp hu hn cc k t bn m, R l mt tp hu hn cc mm kho, K l mt tp hu hn cc kha, F = { , f2,....}l b sinh dng kho, trong mi ; l mt nh x t R 3JC- 13P i-1vo K, E l mt nh x t J(3P vo C ,, c gi l php lp mt m; v D l mt nh x t K3C vo P, c gi l php gii m. Vi mi Ks K, ta nh ngha eK : P , dK : l hai hm cho bi: JxsP : eK(x) = (K,x); Jys C : djjy = D(Ky). eK v dK c gi ln lt l hm lp m v hm gii m ng vi kha mt m K Cc hm phi tha mn h thc. Jxe P : dKeKx) = x. Khi cho trc mm kho r sR, vi mi bn r x = x1x2....xm E P *, ta c bn mt m tng ng ly = y y2.... ym, vi y = E(Kx) , trong K = (r, Kl,...,K-1, xxx1....xi_x), (i=1,2,...,m). iu c ngha l t mm kho r v bn r x sinh ra c dng kho K1K2...Km , v vi dng kho lp c bn mt m y theo tng k t mt. Nu b sinh dng kho khng phu thuc vo vn bn r, tc l nu mi l mt nh x t R3K-1 vo K, th ta gi b sinh dng kho l ng b; dng kho ch phu thuc vo mm kho v l nh nhau i vi mi vn bn r. Mt dng kha K=K_KiKi.. c gi l tun hon vi chu k d nu c s" nguyn N sao cho K+d = K vi mi i> N . Ch rng m Vigenre vi di kha m c th c coi l m dng vi dng kho c chu k m, v c cc php lp m v gii m theo m chuyn dch. i vi cc h m theo dng, bo mt thng c quyt nh bi ngu nhin ca dng kho, tc l tnh ngu nhin ca

vic xut hin cc k t trong dng kho, m t phu thuc vo bn thn php lp mt m, do cc php lp mt m eK (v c php gii m dK ) u c th c chn l cc php n gin; trong cc ng dung thc t, ngi ta thng dng h m vi P = C = K = Z, v vi cc php lp m v gii m c cho bi

eK (x) = x + K mod 2, dK (y) = y + K mod 2 3.3.2. M dng vi dng kho sinh bi h thc truy ton.

(2)

Cc h mt m dng vi dng kho sinh bi h thc truy ton l cc h m theo s (1) vi P = C = K = Z , R = Zm (m > 1), mi mm kho r = r1....rm to ra mt dng kho ng b K= z1z2....zi.... vi

zt = r, (i = 1,..., m)
z

i = C1 -m + ... + cmzi-1 mod 2 (i > m + 1).

(3)

trong c1 ,..., cm l cc hng s thuc Z ; cc php lp mt m v gii m cho tng k t c cho bi cc cng thc (2). Cc dng kho sinh bi h thc truy ton nh trn l cc dng kho tun hon, ta c th chn mm sao cho t c dng kho c chu k ln nht l 2m-1. H to sinh cc dng kho bi h thc truy ton c th c thc hin bi mt thit b k thut n gin bng cch dng mt thanh ghi chuyn dch phn hi tuyn tnh (linear feedback shift register); v nh vy ch cn thm mt b cng mod2 na l ta c c mt my lp mt m v gii m t ng; do cc my mt m kiu ny c s dung kh pho bin trong mt giai on trc y. Th du: chn m = 4 v h thc truy ton

zi = zi- 4 + zi_ 3 mod2 (i>4)

ta s c vi mi mm K = z1z2z3z4 ^ 0000 mt dng kho tun hon c chu k 15. Chng hn, vi r = 1000 ta s c dng kho:

10001001101011110001001 ..............
Dng kho c sinh bi thanh ghi chuyn dch phn hi tuyn tnh sau y:

3.3.3.

M dng vi dng kho l dy s' gi ngu nhin.

Nh xt trong cc muc trn, s m theo dng c th c xem l bao gm hai b phn: mt s mt m nn (cho vic lp mt m v gii m trn tng k t),v mt c ch' to dng kha. Tng t nh vi h m dng c dng kho sinh bi thanh ghi chuyn dch trong muc trn, ta s xt s mt m nn l s S= (P, C K E, D) , trong P = C = K = Z2 , E v D c cho bi: (K x) = x+ K mod2 , D(K y) = y+ K mod2 . C ch to dng kho c th xem l mt nh x ty : R K , xc

nh vi mi mm kho r gR = Z2 (m > 1) v mi s nguyn i > 0, mt s" hng zi = ty (r,i) E Kca dng kho ng b K= z1z2....zi..... Mt h mt m dng l c bo mt cao, nu bn thn s mt m nn c bo mt cao (chng hn, l b mt hon ton theo nh ngha Shannon), v c ch to dng kho to ra c cc dng kho l cc dy bit ngu nhin. D thy rng, s mt m nn m t trn tho mn cc iu kin ca nh l 2.2.1 , do n l b mt

hon ton; v vy c c cc h m dng vi bo mt cao ta ch cn chn c cc c ch to dng kho bo m sinh ra cc dy bit ngu nhin. Mt dy bit z1z1....z..... c xem l ngu nhin, nu mi z l mt bin ngu nhin vi p(zi = 0) = p(zi = 1) = 0.5, v cc bin ngu nhin z v z j (i^ j) l c lp vi nhau. Vi ngha , ta khng c cch no on nhn mt dy bit cho trc c l ngu nhin hay khng, v chng mt dy bit, nu c sinh ra bi mt s hu hn qui tc no , th khng cn c th xem l ngu nhin c na. V vy, thay cho i hi phi to ra cc dy bit ngu nhin, thng ta ch yu cu to ra c cc dy bit gi ngu nhin, tc l c mt tnh cht no gn vi ngu nhin, m thi. Yu cu thng dung nht i vi tnh gi ngu nhin ca mt dy bit z1z2....zi.... l bit trc mt on u z1z2....z-1 kh m on c bit tip theo z Ta th chnh xc ho tng ny nh sau: Khng gian cc mm kho R = Zm (m > 1) c tt c l 2m mm kho khc nhau, gi s tt c chng u c xc sut xut hin nh nhau, tc l bng 1/2 m. Ta xt tp hp tt c cc dng kho c th c vi di l (l>m), tc l tp Z1 , v trn tp ta xc nh mt phn b xc sut p1 sao cho p1(z1....zl) =1/2m nu z1....zl l mt dng kho sinh ra c t mt mm kho r gR no , v p1(z1....z) = 0 nu ngc li. Ta ni phn b xc sut p 1 trn Z1 l c cm sinh t phn b" xc sut u trn khng gian cc mm kho R . Cn chnh phn b xc sut u trn Z1 s c k hiu l p0. Gi s p : R XZ K l c ch to dng kho ca mt h mt m dng, v rER . Ta ni Bl mt thut ton on bit ti'p theo (i vi p v r ) nu vi mi s nguyn i (0< i < l)v mi t z1...zi_1GZi-1, ta c : B (i, z1...zi-1) = p (r,i). R rng nu ta mun c ch p to ra cc dng kho gi ngu nhin tt th ta khng mong c thut ton on bit tip theo lm vic c hiu qu (chang hn tnh ton c trong thi gian a thc). Gim nh yu cu on ng bit tip theo, ta s

ni thut ton B l s-on bit ti'p theo (i vi ty v r ) nu c

(4) z . Pi(Z1 ...Zi-1) = p(ri)) > 2 + s. z eZi-1 i... i-i (ch rng biu thc v tri l k vng ton hc ca vic on ng bit th i tip theo ca cc dng kho gm i-1 bit). z

Nh vy, ta c th xem mt c ch to dng kho ty l an ton s dung cho cc h mt m theo dng, nu vi mi mm kho r v mi s > 0 bt k, khng th c thut ton s-on bit tip theo lm vic trong thi gian a thc. Di y, ta s da vo cc hm s hc mt pha xy dng mt s c ch to cc dy s gi ngu nhin c h c th dng lm c ch to dng kho cho cc h mt m theo dng m ta ang xt. To bit gi ngu nhin RSA. C ch to dy bit gi ngu nhin RSA c m t nh sau : Chn s nguyn n =p.q l tch ca hai s nguyn t p v q c biu din nh phn vi di c m/2 bit (nh vy n c biu din nh phn c m bit), v mt s b sao cho gcd(b,^ (n)) = 1. Ly R = Z*, v vi mi rER xc nh dy s s0, s, s2,.... nh sau: k =r > U+1=simod n v sau nh ngha zi =ty (r ,i) = si mod2, tc zi l bit thp nht trong biu din nh phn ca s s. Dy K= z1z2....zi.... l dng bit ng b c to ra bi mm r. Th du : Ly n = 91261 = 263.347, b =1547, r =75634. C th tnh cc s sx,...,s20 ln lt l: 31483, 31238, 51968, 39796, 28716, 14089, 5923, 44891, 62284, 11889, 43467, 71215, 10401, 77444, 56794, 78147, 72137, 89592, 29022, 13356. V 20 bit u tin ca dng bit gi ngu nhin c sinh ra l:

z...z20 = 10000111011110011000. To bit gi ngu nhin BBS (Blum-Blum-Shub): C ch to bit gi ngu nhin BBS c m t nh sau : Chn n =p.q l tch ca hai s nguyn t dng 4m +3, tc p = 3(mod4) v q= 3 (mod4). Gi QR(n) l tp cc thng d bc hai theo modn. Ly R=QR(n) , v vi mi r gR xc nh dy s s0, sl, s2,.... nh sau: \s0 =r > \si+i = s mod f n v sau nh ngha zi =(p (r ,i) = si mod2, tc zi l bit thp nht trong biu din nh phn ca s s. Dy K= z1z2....zi.... l dng bit ng b c to ra bi mm r. Th du : Ly n = 192649 = 383.503, r = 20749 (= 1013552 modn). C th tnh 20 s u ca dy s,...,s20,... ln lt l: 143135, 177671, 97048, 89992, 174051, 80649, 45663, 69442, 186894, 177046, 137922, 123175, 8630, 114386, 14863, 133015, 106065, 45870, 137171, 18460. V 20 bit u ca dng bit gi ngu nhin c sinh ra l: z1...z20 = 11001110000100111010. To bit gi ngu nhin da vo bi ton logarit ri rc: Chn p l mt s nguyn t ln, v a l mt phn t nguyn thu theo modp. Tp cc mm kho l R = Z*. Vi mi mm kho rgR ta xc nh dy s s0,...,si.... bi :
s

0=r> S+1 =aSi mod p.

Sau nh ngha z = p (r,i)(i=1,2,....) nh sau: zi = 1 nu si>p/2, v zi = 0 nu si < p/2. V K=z1....z. ...................... l dng kho, tc dng bit gi ngu nhin, c to ra. Trn y l mt vi c ch to dng kho, v cc dng kho c to ra l nhng dng bit gi ngu nhin tt, ta c da vo mt s bi ton s hc kh theo ngha l cha tm c nhng thut ton lm vic trong thi gian a thc gii chng, nh cc bi ton RSA, bi ton thng d bc hai v bi ton lgarit ri rc. Cc c ch to dng kho c xem l an ton nu ta chng minh c rng khng th c cc thut ton s-on bit tip theo i vi chng; hay mt cch khc, nu c thut ton s-on bit tip theo i vi chng th cng s c thut ton (tt nh hoc xc sut) gii cc bi ton s hc tng ng. Tic thay, n nay ta cha chng minh c mt kt qu no theo hng mong mun ; tuy nhin cng c mt vi kt qu yu hn, th du, i vi b to bit gi ngu nhin BBS ngi ta chng minh c rng : nu vi mi s > 0 c thut ton s- on bit c trc (i vi (p v r) th vi mi 5 > 0 cng c th xy dng mt thut ton xc sut gii bi ton thng d bc hai vi xc sut tr li sai l < 5 (nh ngha ca thut ton s- on bit c trc tng t nh vi thut ton s- on bit tip theo, ch khc l thay cng thc (4) bi cng thc sau y
z

z. P1( ^..^.p^^ z 1 . .. z -1 ) = z 0 ) > 2+ s . 1-zi-1ezi-1 2

trong z0 = s0 mod2 l bit c trc dy z1...zi-1). Trong thc tin, cc h m dng vi dng kho l dy bit ngu nhin c s dung t lu v cn c s dung cho n ngy nay, vi dng bit ngu nhin c to ra mt cch c hc nh vic tung ng xu lin tip v ghi lin tip cc kt qu sp, nga ca cc ln tung. Cc h m dng vi dng kho ngu nhin v vi s mt m nn cho bi cc h thc (2) c th c xem l b mt hon ton theo ngha Shannon, do rt c a chung trong ng dung thc t, chng thng c gi l cc h m mt ln (one-time pad), c m t v s dung u tin bi Gilbert Vernam nm 1917. Tuy nhin, vic to cc dng bit ngu nhin mt cch th cng l khng hiu qu, vic gi b mt cc dng kho nh vy li
79

cng kh hn, nn khng th s dung mt cch ph bin c, do ngy nay cc h m nh vy ch cn c s dung trong nhng trng hp tht c bit. 3.4. H mt m chun DES. 3.4.1. Gii thiu h m chun. Bc sang k nguyn my tnh, vic s dung my tnh nhanh chng c ph cp trong mi hot ng ca con ngi, v tt nhin vic dng my tnh trong truyn tin bo mt c ht sc ch . Cc h mt m vi cc thut ton lp mt m v gii m thc hin bng my tnh c pht trin nhanh chng, ng thi cc lnh vc truyn tin cn s dung mt m cng c m rng sang nhiu a ht kinh t x hi ngoi cc a ht truyn thng. Vo u thp nin 1970, trc tnh hnh pht trin nay sinh nhu cu phi chun ho cc gii php mt m c s dung trong x hi, mt mt, hng dn cc thnh vin trong x hi thc hin quyn truyn tin bo mt hp php ca mnh, mt khc, bo m s qun l v gim st ca nh nc i vi cc hot ng bo mt . Do , ti Hoa k, ngy 15/5/1973, Vn phng quc gia v Chun (NBS - National Bureau of Standards) cng b mt yu cu cng khai xy dng v xut mt thut ton mt m chun, p ng cc i hi ch yu l: - Thut ton phi c nh ngha y v d hiu; - Thut ton phi c an ton cao, an ton phi khng phu thuc vo s gi b mt ca bn thn thut ton, m ch nm s gi b mt ca kho; - Thut ton phi c sn sng cung cp cho mi ngi dng; - Thut ton phi thch nghi c vi vic dng cho cc ng dung khc nhau; - Thut ton phi ci t c mt cch tit kim trong cc thit b in t; - Thut ton phi s dung c c hiu qu; - Thut ton phi c kh nng c hp thc ho;

- Thut ton phi xut khu c. Vo thi im NBS a ra yu cu ni trn, cha c mt c quan no xut c mt gii php p ng tt c cc i hi . Mt nm sau, ngy 27/4/1974, yu cu li c nhc li; v ln ny hng IBM chp nhn d tuyn vi sn phm s c trnh l mt thut ton ci tin t mt thut ton c pht trin trc l LUCIFER. Kt qu l, sn phm DES (Data Encryption Standard) c cng b, ln u tin vo ngy 17/3/1975. Sau nhiu tranh lun, cui cng DES c chp nhn nh mt chun lin bang vo ngy 23/11/1976, v c cng b ngy 15/1/1977; n nm 1980 li cng b thm cc cch dng DES, cho php ngi dng c th s dung DES theo nhiu cch khc nhau. T , DES c ci t sn vo cc thit b cng thnh cc my m, hoc c ci t nh mt phn mm trong cc thit b tnh ton a dung, v c s dung rng ri trong cc lnh vc qun l hnh chnh, kinh t, thng mi, ngn hng, v.v... khng nhng Hoa k m cn nhiu quc gia khc. Theo qui nh ca NBS, vn phng quc gia v chun ca Hoa k, c khong 5 nm DES li phi c xem xt li mt ln c ci tin v b sung. Sau khi cc h mt m c kho cng khai c pht trin v s dung rng ri, cng c nhiu kin ngh thay i chun mi cho cc h mt m, nhng trn thc t, DES vn cn c s dung nh mt chun cho n ngy nay trong nhiu lnh vc hot ng. 3.4.2. M t h mt m chun DES. S khi qut. Di y ta s trnh by s ca thut ton lp mt m DES. H mt m DES l mt h mt m theo khi, mi khi bn r l mt t 64 bit, tc l mt phn t thuc Z 24, v cc khi bn m cng l cc t 64 bit, nh vy P = C = Z64. DES c tp kho K = Z 26, tc mi kho l mt t 56 bit. Vi mi kho Kv bn r x, qu trnh lp mt m din ra nh sau: Thot u, dng mt php hon v ban u IP, t x 64 bit s bin thnh mt t mi IP(x), t ny c chia thnh hai na L0 v R0 , mi na l mt t 32 bit. T y, s dng 15 ln nhng php ton ging nhau lin tip c cc cp (LR ),...., (L ,Ri5 ), sau dng php hon v nghch

o IP '1 cho t o ngc R15L15 ta s c bn m y tng ng. S khi qut ca php lp mt m c cho bi hnh v sau y:

S khi qut ca thut ton lp mt m DES hon chnh s thut ton lp mt m, ta cn phi trnh by cc thut ton IP ( v do , c IP- ), thut ton f, v thut ton G to ra cc kho K,...,K6 . IPl mt php hon v v tr ca cc k t trong mi t 64 bit, t v tr th 1 n v tr th 64. Bng di y cho ta php hon v IP, vi cch hiu l bit th nht ca IP(x) l bit th 58 ca t x (c

64 bit), bit th hai ca IP(x) l bit th 50 ca x, v.v... Bng ca php hon v IP1 cng c hiu tng t. IP 58 60 62 64 57 59 61 63 50 52 54 56 49 51 53 55 42 44 46 48 41 43 45 47 34 36 38 40 33 35 37 39 26 28 30 32 25 27 29 31 18 20 22 24 17 19 21 23 10 12 14 16 9 11 13 15 2 4 6 8 1 3 5 7

IP-1 40 39 38 37 36 35 34 33 8 7 6 5 4 3 2 1 48 47 46 45 44 43 42 41 16 15 14 13 12 11 10 9 56 55 54 53 52 51 50 49 24 23 22 21 20 19 18 17 64 63 62 61 60 59 58 57 32 31 30 29 28 27 26 25

S hm f: Hm f ly u vo l hai t : Rc 32 bit v Kc 48 bit, v c kt qu u ra l t f (R,K) c 32 bit, c xc nh bi s sau y:

R (32 bit)

K (48 bit)

-- w -E(R 48 bit y +
V

B2

B3

B4

B5

Mi B l mt t 6 bit

Mi Ci l mt t 4 bit

f (R,K) 32 bit

Trong s trn ca hm f, E l mt php hon v m rng theo ngha l n bin mi t R 32 bit thnh t E(R ) bng cch hon v 32 bit ca R nhng c mt s cp bit c lp li e E(R ) thnh mt t c 48 bit, cu the php hon v m rng c cho bi bng sau y :

Php hon v 32 1 2 4 5 6 9 8 10 12 13 14 16 17 18 20 21 22 24 25 26 28 29 30

m rng E 3 4 5 7 9 8 11 12 13 15 16 17 19 20 21 23 24 25 27 28 29 31 32 1

Theo inh ngha , mi t R = aaa ....................... a32 s bin thnh t E(R ) = a a ...... . Sau khi thc hin E E(R) s c cng (tng bit theo mod2) vi K , c mt t 48 bit, chia thnh 8 on Bv ..., B8 . Mi hp S i (i = 1,...,8) l mt php thay th, bin mi t B 6 bit thnh mt t Cj 4 bit; cc hp S c cho bi cc bng di y vi cch hieu nh sau: mi t B = bbbbbb 0ng vi mt v tr (rs) hng th r v ct th s trong bng, cc hng c nh s" t th 0 n th 3 ng vi bieu din nh phn b1b6 v cc ct c nh s t th 0 n th 15 ng vi bieu din nh phn b2bb4b . Gi tr ca S (Bj )= C = cccc l mt t 4 bit, bieu din nh phn ca s ti hng r ct s trong bng. Th du ta c S(101110) = 0101, S(011000) = 1110, v.v...

S 14 0 4 15 4 15 1 12 13 7 14 8

1 4 8 2

2 14 13 4

15 2 6 9

11 13 2 1

8 1 11 7
S 4 14 1 2

3 10 15 5

10 6 12 11

6 12 9 3

12 11 7 14

5 9 3 10

9 5 10 0

0 3 5 6

7 8 0 13

15 3 0 13

1 8 14 13 4 7 14 7 11 8 10 1

6 11 3 15 2 8 10 4 13 3 15 4

9 12 5 11 S3 1 2 11 4

7 0 8 6

2 1 12 7

13 10 6 12

12 6 9 0

0 9 3 5

5 11 2 14

10 5 15 9

10 13 13 1

0 7 6 10

9 0 4 13

14 9 9 0

6 3 8 6

3 4 15 9

15 6 3 8

5 10 0 7

13 8 1 15

12 7 5 14 2 12 14 3

11 12 5 11

4 11 10 5

2 1 5 1 4 2

8 1 7 12

7 13 10 3

13 8 6 15

14 11 9 0

3 5 0 6

0 6 12 10

6 15 11 1

9 0 7 1 3

S4 10 1 3 4 13 15 8 9 S 6 1 8 13

2 7 1 4

8 2 3 5

5 12 14 11

11 1 5 12

12 10 2 7

4 14 8 2

15 9 4 14

2 14 4 11

12 11 2 8

4 2 1 12

1 12 11 7

7 4 1 0 1

10 11 7 13 13 7 14 2

8 5 15 6

5 0 9 15

3 15 13 15 10 3 12 5 6 0 9 10

0 9 3 4

1 4 8 0 5

9 6 14 3

12 10 9 4

1 15 14 3

10 15 4 2 15 5 2 12

9 7 2 9

2 6 1 9 2 1 8 2 5 15

S6 80 56 37 10 11 S

13 3 1 13 0 4 14 1

4 14 10 7

1 4 0 1 6

7 11 13 0

5 3 1 1 8

11 8 6 13

4 13 1 6

11 0 4 11

2 11 11 13

14 7 13 8

15 4 12 1

0 9 3 4

8 1 7 1 0 11 7 14 8

13 10 14 7

3 14 10 9

12 9 7 3 5 12 15 6 8 5 0 15

5 2 0 14

10 15 5 2

6 8 9 3

1 6 2 12

13 1 7 2

2 15 11 1

8 13 4 14

4 8 1 7

6 15 10 3 9 12 4 10

S 1 10 4 12 20 13 15

9 5 6 12

3 6 10 9

14 11 13 0

5 0 15 3

0 14 3 5

1 2 9 5 6

7 2 8 11

Php hon v Ptrong s ca hm f c cho bi bng trang sau y. Nh vy, hm f c xc nh hon ton. Ch rng cc hp S,..., S8 l phn quan trng nht trong vic bo m tnh b mt ca h m DES.

P 16 29 1 5 2 32 19 22 7 12 15 18 8 27 13 11 20 28 23 31 24 3 30 4 21 17 26 10 14 9 6 25

S thut ton G tao cc tkho K..,K6: K

o h

f PC-1 A \/ C0 Do

' \t S thut ton G / D1 >( PC2 > K D

T

\ t\

T
PC2 K

Thut ton G tao ra cc t kho K1,...,K6 t kho mt m K c thc hin theo s thut ton m t trn. Kho mt m Kl mt t 56 bit, ta chia thnh 8 oan, mi oan 7 bit, ta thm cho mi oan 7 bit mt bit th tnh chn l vo v tr cui e c mt t 64 bit, ta vn k hiu l K, t mi Kny l t xut pht cho qu trnh tnh ton ca thut ton G (nh s thy v sau, cc bit th tnh chn l m ta thm vo ch c dng e pht hin sai trong tng oan bit ca kho ch thc t khng tham gia vo chnh qu trnh tnh ton ca G).

Trc tin, thut ton PC-1 bin K thnh mt t 56 bit m ta chia thnh hai na CQDQ , mi na c 28 bit. Php hon v PC-1 c xc nh bi bng sau y (ch l trong bng khng c cc s 8,16,24,32,40,48,56,64 l v tr ca nhng bit c thm vo khi hnh thnh t mi K). Nh rng theo qui c ca php hon v, bit th nht ca PC-1(x) l bit th 57 ca x, bit th hai ca PC-1(x) l bit th 49 ca x, v.v...

57 1 10 19 63 7 14 21

49 58 2 11 55 62 6 13

41 50 59 3 47 54 61 5

PC-1 33 25 42 34 51 43 60 52 39 31 46 38 53 45 28 20

17 26 35 44 23 30 37 12

9 18 27 36 15 22 29 4

Vi mi i = 1,2,...16, LS l php chuyn dch vng sang tri, chuyn dch mt v tr nu i = 1,2,9,16, v chuyn dch hai v tr vi nhng gi tr i cn li. Cui cng, php hon v PC-2 bin mi t 56 bit CD (i =1,2,...16) thnh t 48 bit K theo bng di y:

14 3 23 16 41 30 44 46

17 28 19 7 52 40 49 42

PC-2 11 24 15 6 12 4 27 20 31 37 51 45 39 56 50 36

1 21 26 13 47 33 34 29

5 10 8 2 55 48 53 32

Nh vy, ta m t y qu trnh tnh ton ca thut ton G t khoa m ban u Kthu c cc t kho K ,..., K6 cung cp cho thut ton f v t cho ton b thut ton lp mt m DES. Ta ch rng mi K c 48 bit u do hon v 56 bit (c b bt 8 bit) ca K m thnh, do c th cho trc tip bng cch cho cc bng m t cc php hon v . Bn c c th tm c 16 bng ng vi 16 K trong sch ca D.R. Stinson (c trong phn Sch tham kho). Vi vic trnh by s khi qut cng vi cc bng, cc s ca cc thut ton phu, ta hon thnh vic gii thiu thut

ton lp mt m E ca h mt m DES, cho ta y = E (K,x ) vi mi kho Kv bn r X. Thut ton gii m D cho ta X =D (K ,y ), c thc hin bng cng mt qu trnh tnh ton nh qu trnh lp m, ch khc l th t dng cc K c o ngc li theo th t K1b,K15,...,Kx. C the thc hin th cc thut ton lp m v gii m ke trn vi th du sau y: Cho Kv xl K= 12695BC9B7B7F8 X = 0123456789ABCDEF, y cc s c vit theo c s 16 (hexadecimal), mi k t thay cho 4 bit. Bn m y tng ng s l y = 85E813540F0AB405. 3.4.3. Cc cch dng DES.

Nm 1981, NBS cng b cc chun x l thng tin lin bang c lin quan n DES, trong hp thc ho bn cch dng DES trong thc t l cc cch: ECB (electronic codebook mode), CFB (cipher feedback mode), CBC ( cipher block chaining mode) v OFB (output feedback mode). ECB l cch s dung thng thng v n gin ca DES. Vi cch s dung , ta chia bn r (l mt dy bit) thnh tng khi 64 bit X = x1x2....xn , v dng cng mt kho K e m cc khi ri ghp li e c bn m y = yy... yn, trong yi = eK Xi ). Vi cch dng CFB, e c khi m y ta dng DES cho khng phi xi m l cho xy _x ,tc l c yi = eK (x/-0yi_1) vi mi i > 1. Trong hai cch CBC v OFB, ta dng DES to ra mt dng t kho z1...zi...... ri sau lp m yi = X Z (i > 1). Dng kho Z-..Zj..... trong cch CBC c xc nh bi z0 = K* (l mt t 64 bit c chn t kho K), z = eK (z-1); cn trong cch OFB c xc nh bi y> = K* z = eK(Ji-1) yi = xi z (i>1). Trong thc t, cc cch ECB v CBC c nhiu ngn hng dng lm chun mt m ca mnh, cn cc cch CFB v B thng c dng c vi cc muc ch xc nhn. 3.4.4. Ve' tnh an ton v vic thm m i vi DES.

1. V ti an ton bo mt ca DES. Sau khi DES c cng b" nh mt chun chnh thc cho truyn tin bo mt ca quc gia, nhiu vn v tnh an ton v kh nng bo mt ca DES c t ra v nhiu bin php thm m cng c nghin cu, trong sut hn hai mi nm qua v cho n nay. Ta ch rng trong cu trc ca thut ton DES, mi vng lp u c cc php chuyn dch v thay th xen k lin tip nhau, c tc dung tng thm bo mt ca mt m. Thut ton DES ni chung p ng cc yu cu m NBS ra t u cho mt chun mt m, v do yu t bo mt ch yu tp trung vo vic gi b mt ca kho, hay ni cch khc, thm m ch yu phi l pht hin kho c s dung. Trong cc khu ca s DES th cc yu t phi tuyn duy nht nm cc hp S,..., S8. Ngi ta khng bit ngi thit k cc hp ch chng theo nhng tiu chun no, v Cuc an ninh quc gia NSA c ci vo nhng ca sp no khng; nhng sau nhiu c gng thm m khng thnh cng, ngi ta cng b mt s cc tiu chun chon cc hp S,..., S8 nh sau: 1. Mi hng ca mt hp S phi l mt hon v ca 0,1,...,15; 2. Khng mt hp Si no l mt hm tuyn tnh hay apphin i vi cc u vo ca n; 3. Vi mi hp Sj , vic thay i mt bit u vo gy ra s thay i t nht hai bit u ra ca n; 4. Nu hai t vo ca mt hp S ging nhau hai bit u v hai bit cui, th hai t ra phi khc nhau hai bit; 5. Nu hai t vo ca mt hp S khc nhau hai bit u v ging nhau hai bit cui, th hai t ra phi khc nhau; 6. Vi mi hp S , nu ta c inh gi tr mt bit vo v xt gi tr ca bit ra mt v tr no , th s cc t vo to ra gi tr 0 v s cc t vo to ra gi tr 1 cngv tr phi xp x bng nhau. Ni chung, bo mt ca DES c th thch qua hn hai mi nm s dung v c chng t l tin cy. Cc phng php thm m, tuy c tm kim kh nhiu, nhng gn nh khng trnh c phc tp ca cch tm thng l duyt ton b, m theo cch ny th d l thm m theo kiu bit c bn r ta cng phi duyt qua 256 kho c th c, iu i hi mt lng tnh ton khng l kh m khc phuc ni ! V vic thm m i vi DES. H m chun DES c th xem l h m u tin c dng ph bin mt cch rng ri khng ch trong mt quc gia m c trn phm vi ton th gii, ton b cu trc thut ton c cng b cng khai, c php lp m v gii m, thm ch cc sn phm phn cng cng nh phn mm ca n c thng mi ho; do b mt ca thng tin c truyn i ch cn nm cha kho c

chon, l mt t 56 bit. Vic thm m i vi DES d hp dn nhiu nh ton hc v chuyn gia mt m nghin cu, xut nhiu phng php khc nhau. Ngoi phng php duyt ton b nh ni trn, ngi ta xut mt s phng php khc, nh: - phng php phn tch chnh lch (differential analysis) do Biham v Shamir xut nm 1990, - phng php phn tch lin quan n kho, do Biham xut vo khang 1992-1994, - phng php phn tch tuyn tnh, do Matsui a ra nm 1993-1994, - phng php phn tch chnh lch-tuyn tnh, do Langfort v Hellman a ra nm 1994, - v.v... Cc phng php ny u cha ng nhiu tng su sc v tinh t, nhng vn i hi nhng khi lng tnh ton rt ln, nn trong thc t vn ch dng lai nhng minh hoa tng i n gin ch cha c s dung thc s.

CHNG IV

Cc h mt m kho cng khai

4.1. Gii thiu m u. S ra i ca mt m kho cng khai. Trong chng I ta gii thiu qua nh ngha ca cc khi nim h mt m kho i xng v h mt m kho cng khai. S ra i ca khi nim h mt m kho cng khai l mt tin b c tnh cht bc ngot trong lch s mt m ni chung, gn lin vi s pht trien ca khoa hc tnh ton hin i. Ngi ta c the xem thi iem khi u ca bc ngot l s xut hin tng ca W. Diffie v M.E. Hellman c trnh by vo thng su nm 1976 ti Hi ngh quc gia hng nm ca AFIPS (Hoa k) trong bi Multiuser cryptographic techniques. Trong bi , cng vi tng chung, hai tc gi cng a ra nhng th du cu the e thc hin tng , v mc d cc th du cha c ngha thuyt phuc ngay i vi tc gi, th tng v cc h mt m kho cng khai cng rt r rng v c sc hp dn i vi nhiu ngi. V ngay sau , cng vic tm kim nhng the hin cu the c kh nng ng dung trong thc t bt u thu ht s quan tm ca nhiu chuyn gia. Mt nm sau, nm 1977, R.L. Rivest, A. Shamir v L.M. Adleman xut mt h cu the v mt m kho cng khai m an ton ca h da vo bi ton kh phn tch s nguyn thnh tha s nguyn t, h ny v sau tr thnh mt h ni ting v mang tn l h RSA, c s dung rng ri trong thc tin bo mt v an ton thng tin. Cng vo thi gian , M.O. Rabin cng xut mt h mt m kho cng khai da vo cng bi ton s hc kh ni trn. Lin tip sau , nhiu h mt m kha cng khai c xut, m kh ni ting v c quan tm nhiu l cc h: h McEliece c a ra nm 1978 da trn NP-kh ca bi ton gii m i vi cc h m cyclic tuyn tnh, h Merkle- Hellman da trn tnh NP- y ca bi ton xp ba l(knapsack problem), h mt m ni ting ElGamal da trn kh ca bi ton lgarit ri rc, h ny v sau c m rng e pht trien nhiu 4.1.1.

h tng t da trn kh ca cc bi ton tng t lgarit ri rc trn cc cu trc nhm cyclic hu hn, nhm cc im nguyn trn ng cong eliptic, v.v... e tng bo mt, h mt m ElGamal cn dng vi t cch u vo cho thut ton lp mt m ca mnh, ngoi kho cng khai v bn r, mt yu t ngu nhin c chn tu , iu lm cho h mt m tr thnh mt h mt m xc sut kho cng khai. Mt s" h mt m xc sut kho cng khai cng c pht trin sau bi Goldwasser-Micali v Blum- Goldwasser. Tt c cc h mt m kho cng khai k trn s c trnh by trong chng ny cng vi mt s tnh cht lin quan ca chng. Mt s' bi ton c bn. Sau y ta s nhc li mt s bi ton s hc c s dung n khi xy dng cc h mt m kho cng khai nh ni trn. Cc bi ton ny phn ln c trnh by trong chng II, mt s c pht trin thm cho cc ng dung trc tip khi xy dng cc h m cu th, ta lit k di y mt ln thun tin cho cc ch dn v sau. 4.1.2. Bi tonpphn tch s nguyn (thnh tha s nguyn t). Cho s nguyn dng n, tm tt c cc c s nguyn t ca n, hay l tm dng phn tch chnh tc ca n = pa.pa...pa, trong p l cc s nguyn t tng cp khc nhau v cc a > 1. Bi ton ny c lin h mt thit vi cc bi ton th tnh nguyn t hay th tnh hp s ca mt s nguyn, nhng vi nhng g m ta bit n nay, n dng nh kh hn nhiu so vi hai bi ton th tnh nguyn t v tnh hp s. Trong l thuyt mt m, bi ton ny thng c s dung vi cc d liu n l s nguyn Blum, tc cc s nguyn dng c dng tch ca hai s nguyn t ln no . Bi ton RSA (Rivest-Shamir-Adleman): Cho s nguyn dng n l tch ca hai s nguyn t l khc nhau, mt s nguyn dng e sao cho gcd(e,^ (n)) =1, v mt s nguyn c; tm mt s" nguyn m sao cho me = c (mod n). iu kin gcd(e,^ (n)) =1 bo m cho vic vi mi s nguyn c e {0,1,...,n -1} c ng mt s m e {0,1,...,n -1} sao cho me = c (mod n). D thy rng nu bit hai tha s nguyn t ca n, tc l bit n =p.q th s bit (r) = (p -1)(q-1), v t , do gcd(e,^ (n)) =1 s

tm c d =e~1m.od (n), v do s tm c m =cd modn. Nh vy, bi ton RSA c the qui dn trong thi gian a thc v bi ton phn tch s nguyn. Tuy rng cho n nay cha c mt chng minh no cho vic qui dn ngc li nhng nhiu ngi vn tin rng hai bi ton l tng ng vi nhau v phc tp tnh ton. Bi ton thng d bc hai : Cho mt s" nguyn l n l hp s, v mt s" nguyn a e Jn , tp tt c cc s a c k hiu Jacobi =1. Hy quyt inh xem a c {l l thng d bc hai theo modn hay khng? Trong l thuyt mt m, bi ton ny cng thng c xt vi trng hp n l s nguyn Blum, tc n l tch ca hai s nguyn t pv q, n =p.q. Ta ch rng trong trng hp ny, nu a &Jn , th a l thng d bc hai theo modn khi v ch khi =1, iu kin p \r / ny c the th c d dng v n tng ng vi iu kin a (p- 1)/2= 1 (modp). Nh vy, trong trng hp ny, bi ton thng d bc hai c the qui dn trong thi gian a thc v bi ton phn tch s nguyn. Mt khc, nu khng bit cch phn tch n thnh tha s nguyn t th cho n nay, khng c cch no gii c bi ton thng d bc hai trong thi gian a thc. iu cng c thm nim tin rng bi ton thng d bc hai v bi ton phn tch s nguyn l c kh tng ng nhau. Bi ton tm cn bc hai modn : Cho mt s nguyn l n l hp s Blum, v mt s a &Qn , tc a l mt thng d bc hai theo modn . Hy tm mt cn bc hai ca a theo modn, tc tm xsao cho x2= a (modn). Nu bit phn tch n thnh tha s nguyn t, n =p.q, th bng cch gii cc phng trnh x2= a theo cc modp v modq, ri sau kt hp cc nghim ca chng li theo inh l s d Trung quc ta s c nghim theo modn, tc l cn bc hai ca a theo modn cn tm. V mi phng trnh x2= a theo modp v modq c hai nghim (tng ng theo modp v modq ), nn kt hp li ta c bn nghim, tc bn cn bc hai ca a theo modn Ngi ta tm c mt s thut ton tng i n gin (trong thi gian a thc) gii phng trnh x 2= a (modp) vi p l s nguyn t.

Nh vy, bi ton tm cn bc hai modn c th qui dn trong thi gian a thc v bi ton phn tch s nguyn. Ngc li, nu c thut ton gii bi ton tm cn bc hai modn th cng c the? xy dng mt thut ton gii bi ton phn tch s nguyn nh sau: Chn ngu nhin mt s x vi gcd(xn) =1, v tnh a =x2modn. Dng thut ton cho a tm mt cn bc hai modn ca a. Gi cn bc hai tm c l y. Nu y= x (modn), th php th coi nh tht bi, v ta phi chn tip mt s x khc. cn nu y x (modn), th gcd(x-y n) chc chn l mt c s khng tm thng ca n, cu the l p hay l q. V n c 4 cn bc hai modn nn xc sut ca thnh cng mi ln th l 1/2, v do s trung bnh (k vng ton hc) cc php th e thu c mt tha s p hay q ca n l 2, t ta thu c mt thut ton gii bi ton phn tch s nguyn (Blum) vi thi gian trung bnh a thc. Tm li, theo mt ngha khng cht ch lm, ta c the xem hai bi ton phn tch s nguyn v tm cn bc hai modn l kh tng ng nhau. Bi ton lgarit ri rc : Cho s nguyn t p, mt phn t nguyn thu a theo modp (hay a l phn t nguyn thu ca Z*), v mt phn t p E Z* .Tm s nguyn x (0< x < p - 2) sao cho ax = p (modp). Trong muc 2.4.3 ta gii thiu qua bi ton ny, v bit rng trong trng hp chung, cho n nay cha c mt thut ton no gii bi ton ny trong thi gian a thc. Bi ton ny cng c suy rng cho cc nhm cyclic hu hn nh sau: Bi ton lgarit ri rc suy rng : Cho mt nhm cyclic hu hn G cp n, mt phn t sinh (nguyn thu) a ca G v mt phn t p e G. Tm s nguyn x (0< x< n- 1) sao cho ax = p. Cc nhm c quan tm nhiu nht trong l thuyt mt m l: nhm nhn ca trng hu hn GF (p) - ng cu vi nhm Z* ca trng Zp ,nhm nhn F*m ca trng hu hn GF (2m), nhm nhn zn ={a :0 < a < n -1, gcd(a, n) = 1} ca trng Zn vi n l hp s, nhm gm cc im trn mt ng cong elliptic xc nh trn mt trng hu hn, v.v... Bi ton Diie-Hellman: Cho s nguyn t p, mt phn t nguyn thu a theo modp (tc phn t sinh ca z*), v cc phn t aa mod p v a mod p.

Hy tm gi tri aab mod p . C th chng minh c rng bi ton Diffie-Hellman qui dn c v bi ton lgarit ri rc trong thi gian a thc. Thc vy, gi s c thut ton gii bi ton lgarit ri rc. Khi , cho mt b d liu vo ca bi ton Diffie-Hellman gm p, a, aa mod p v a mod p; trc ht dng thut ton cho (p, a ,a mod p) ta tm c a, v sau tnh c aab mod p _ (a)a mod p. Ngi ta cng chng minh c hai bi ton lgarit ri rc v Diffie- Hellman l tng ng v mt tnh ton trong mt s trng hp, v du p -1 l B-mn vi B = O ((lnp)c ),c l hng s. Tng t nh vi bi ton lgarit ri rc, ta cng c th inh ngha cc bi ton Diffie-Hellman suy rng cho cc nhm cyclic hu hn khc. Bi ton tng tp con (hay bi ton KNAPSACK) : Cho mt tp cc s nguyn dng {al3a2,...,a } v mt s nguyn dng s. Hy xc inh xem c hay khng mt tp con cc j m tng ca chng bng s. Mt cch tng ng, hy xc inh xem c hay khng cc x e{0,1} (1< i< n) sao cho ^aixi _ s. Bi ton ny l mt bi ton NP- y , tc l thuc lp nhng bi ton kh m cho n nay cha tm c thut ton gii chng trong thi gian a thc ! Bi ton gii m i vi m tuyn ti: M tuyn tnh l mt lp m truyn tin c tnh cht t sa sai c s dung trong k thut truyn tin s ho. Khng i vo chi tit ca lp m ny, ta c th pht biu trc tip bi ton gii m i vi m tuyn tnh nh sau: Cho mt ma trn cp n xm A=(aj gm cc thnh phn l 0 hoc 1, mt vect y=(1,2,...,n) cc gi tri 0 v 1, v mt s nguyn dng K. Hi: c hay khng mt vect x =(x1,x2,...,xn) gm cc s 0 hoc 1 v c khng nhiu hn Ks 1 sao cho vi mi j (1< j< m):

i_1 Ch rng y, x l vect thng tin, v y l vect m, php gii m l tm li xkhi nhn c y bi ton ny tic thay li l mt bi ton kh; Berlekamp, McEliece v Tilborg nm 1978 chng minh n thuc lp cc bi ton NP- y !

i- y-(mod2) ?

= (P , K , E , D) (1)

4.2. P l tp k t cng khail tp k t bn m, K l tp cc kho K, mi kho K trong H mt m kho bn r, RSA. 4.2.1.c hai phn K =(K,K"), K' l kho cng khai dnh cho vic lp mt m, cn K" M t h mt m RSA. gm S chung ca h gii m. Vi mi khai bn r XG bi l kho b mt dnh cho vicmt m kho cngk t c cho P , thut ton lp m E cho ta k t m tng ng y=E(K', x) G , v vi k t m y thut ton gii m D s cho ta li k t bn r x: D(K", y) = D(K", E(K', x)) =x. xy dng mt h mt m kho cng khai RSA, ta chn trc mt s nguyn n =p.q l tch ca hai s nguyn t ln, chn mt s e sao cho gcd(e, (n)) =1, v tnh s d sao cho e.d = 1(mod^ (n)). Mi cp K =(K,K"), vi K' =(n,) v K" = d s l mt cp kho ca mt h mt m RSA cu the cho mt ngi tham gia. Nh vy, s chung ca h mt m RSA c nh ngha bi danh sch (1), trong : P = = Zn , trong n l mt s nguyn Blum, tc l tch ca hai s nguyn t; K = |K=(K,K"): K' ={n,e) v K'' = d, gcd(e, (n)) =1, e.d = 1(mod^ (n))}; E v D c xc nh bi: E(K', x) = x e modn, vi mi x G P, D(K", y) = 1 modn, vi mi y G. chng t inh ngha trn l hp thc, ta phi chng minh rng vi mi cp kho K=(K',K"), v mi XG P , ta u c D(K , E(K', x)) = x . Thc vy, do e.d= 1(mod^ (n)) ta c th vit e.d= t.(r) +1. Nu x nguyn t vi n, th dng nh l Euler (xem 2.1.3) ta c D(K' E(K, x)) = x ed = x t(n)+1 = x t (n ).x(modn) = x. Nu x khng nguyn t vi n, th do n =p.q, hoc x chia ht cho p v nguyn t vi q, hoc xchia ht cho q v nguyn t vi p, v (n) =(p -1).(q-1),trong c hai trng hp ta u c x t{n )+1 = x (mod p), x t{n )+1 = x (mod q);

t suy ra x t{n)+1 = x(mod n), tc D(K", (K' x) =x. Th du. Gi s chn n =p.q = 2357.2551 = 6012707, ta s c (n) = p -1).(q 1)=2356.2550 = 6007800. Chn e = 3674911, v tnh c d = 422191 sao cho e.d = 1(mod^ (n)). Mt ngi dng A c th chn kho cng khai l K'=(n =6012707, e = 3674911) v gi kho b mt K" = d =422191. Mt i tc B mun gi cho A mt thng bo x =5234673, s dng kho cng khai to bn mt m y=x = 52346733674911mod6012707 = 3650502. A nhn c y gii m s c bn r x =3650502422191mod 6012707 =5234673. Thc hin h mt m RSA. thc hin h mt m RSA cho mt mng truyn tin bo mt, ngoi vic xy dng cc chng trnh tnh ton hm E (vi tham bin u vo l n ,e v x) v hm D (vi tham bin u vo l n ,d v y, ta cn phi chn cho mi ngi tham gia mt b (n,e,) to cc kho cng khai K' v kho b mt K". H m ca mi ngi tham gia ch c kh nng bo mt khi n =pql s nguyn rt ln (v do pq cng phi l nhng s nguyn t rt ln); rt ln c ngha l pq phi c biu din thp phn c hn 100 ch s, do n c c hn 200 ch s thp phn, hay n > 10200! Tnh ton cc s ed, hay thc hin cc hm E, D, u ch yu l thc hin cc php tnh s hc trn cc s nguyn rt ln; v vn ny trong my chuc nm qua, khoa lp trnh my tnh xut nhiu chng trnh my tnh lm vic rt c hiu qu, ta c th tham kho s dung khi thc thi cc h mt m RSA cng nh nhiu h mt m khc. 4.2.2. Tnh bo mt ca mt m RSA. Bi ton thm m (khi ch bit bn m) i vi mt m RSA l. bit kho cng khai K'=(n,), bit bn m y =xe modn, tm x. Bi ton ny chnh l bi ton RSA c trnh by trong muc 4.1.2. Trong muc ta chng t rng nu bit hai tha s p,q ca n th d tm c xt y, v ni chung c bng chng coi rng bi ton RSA (hay bi ton thm m RSA) l c kh tng ng vi bi ton phn tch s nguyn (Blum) thnh tha s nguyn t. Do , gi tuyt mt kho b mt d, hay gi tuyt mt cc tha s p,q, l c ngha rt quyt nh n vic bo v tnh an ton ca h mt m RSA. 4.2.3. Mt mng truyn tin bo mt s dung s cc h mt m RSA c xem l an ton, nu tun th cc iu kin c bn. mi

ngi tham gia phi c lp la chn cc tham s n, e,d ca ring mnh, chn n cng c ngha l chn cc tha s" pq ca n (n =p.q), v do c pq nn tnh c (n) = (p 1).(q -1), v t tm c ed tng i d dng; nhng cng chnh v vy m sau khi chn th mi ngi tham gia phi gi tuyt i b mt cc gi tr p,q,d, ch cng b kho cng khai (ne) m thi. Tuy nhin, l iu kin chung, cn trong thc t vn c th cn nhiu s h m ngi thm m c th li dung tn cng vo tnh bo mt ca cc h m RSA kh m lng trc ht c; sau y l mt s trng hp n gin bit m ta cn ch . 1. Dng muyn n chung. Gi s c hai ngi tham gia A v B cng s dung mt muyn chung n trong kho cng khai ca mnh, chang hn A chn kho cng khai (ne) v gi kho b mt d B chn kho cng khai (na) v gi kho b mt b. Mt ngi tham gia th ba C gi mt vn bn cn bo mt x n c A v B th dng cc kho cng khai ni trn gi n A bn mt m y =x emodn v gi n B bn mt m z = xa mod n. Ta s chng t rng mt ngi thm m O c th da vo nhng thng tin n,e,a,y,z trn ng cng khai m pht hin ra bn r xnh sau. a. Tnh c= e-1moda, b. Sau tnh h= (ce-1)/a c. V ta c x = (zh)-1 modn. Thc vy, theo nh ngha trn, ce -1 chia ht cho a, v tip theo ta c. y (zh)-1modn = x ec . (xa (ce-1 )/a )-1 mod n = xce .(xce-1)-1 mod n = x. Nh vy, trong trng hp ny vic truyn tin bo mt khng cn an ton na. V vy, ta cn nh khi dng cc h RSA t chc mng truyn tin bo mt, cn trnh dng muyn n chung cho cc ngi tham gia khc nhau! 2. Dng s'm lp m e b. cho vic tnh ton hm lp m c hiu qu, ta d c xu hng chn s m e ca hm lp m l mt s nguyn b, chang hn e =3. Tuy nhin, nu trong mt mng truyn tin bo mt dng cc h mt m RSA, nu c nhiu ngi cng chn s m lp m e b ging nhau th s c nguy c b tn cng bi vic thm m nh sau . Gi s c ba ngi tham gia chn ba kho cng khai l (n, e), (n2, e), (n3, e) vi cng s m e =3. Mt ngi tham gia A mun gi mt thng bo x cho c ba ngi , v bo mt, gi bn m ci = x3modni cho ngi th i Ba muyn ni l khc nhau, v c phn chc l tng cp nguyn t vi nhau. Mt ngi thm m c th dng inh l s d Trung quc tm mt s m (0< m < nnn) tho mn

m - c1 mod n1 \m c2 mod n2 m c3 mod n3 V x< n , nn x < n1n2n3 , do t c m =x3. Vy l ta a c bi ton tm cn bc ba theo ngha ng d modni v bi ton tm cn bc ba theo ngha s hc thng thng: tm cn bc ba ca m ta c x, tc c bn r! Vi nhng l do khc, ngi ta c nhng bng chng chng t rng h RSA cng khng bo m an ton nu ta dng cc kho c s m gii m dl s nguyn b, d rng khi thut ton gii m c lm vic hiu qu hn. V th, khi s dung cc h mt m RSA, bo m an ton ta nn chn cc s m e v d l nhng s nguyn ln, c kch c ln gn nh bn thn s n. 3. Li dung ti nhn ca ham lp m. Ta ch rng hm lp m f(x) = x e modn c tnh nhn (multiplicative property), ngha l f(x.) = f(x).f(y). Da vo tnh cht , ta thy rng nu cl mt m ca bn r x, th c _ c.u e modn s l mt m ca bn r xu. Do , khi ly c bn mt m c , pht hin bn r x ngi thm m c th chn ngu nhin mt s u ri to ra bn m c ,v nu ngi thm m c kh nng thm m theo kiu c bn m c chn (xem 1.5.1), tc c kh nng vi c c chn tm ra bn r tng ng l x =xu ,th bn r gc cn pht hin s l x = x.u - mod n . Tt nhin, kh nng ngi thm m c nng lc gii quyt bi ton thm m theo kiu c bn m c chn l rt him, nhng du sao y cng l mt trng hp m vn bo mt d bi tn cng, ta khng th khng tnh n tm cch trnh! 4. Tn cng bng cch lp php m. Ta cng ch rng hm lp m f(x) = x e modn l mt php hon vi trn tp Zn ={0,1,...,n -1}, do vi mi c GZn nu ta thc hin lp php lp m c c0 _ c,c1 _ c e modn,c2 _ c e modn,...,ci _ c e modn,...
3

t s tm c s k > 1 sao cho ck _ c e mod n _ c . Nu c l bn m ca mt bn r x no , c=x emodn, th ngi thm m c th xut pht t c thc hin lp php lp m nh trn s tm c s k > 1 b nht sao cho ck =c. V khi ta s c s hng trc ck_1=x, l bn r cn pht hin. Thut ton v hnh thc l kh n gin, nhng hiu qu thc hin khng ng hy vng lm, v s php lp cn thc hin ni chung c th l rt ln, c bng s cc php hon vi trn Zn , tc l bng n !, vi s n c khong 200 ch s thp phn. Trn thc t, phng theo thut ton ni trn ta c th d dng c mt thut ton phn tch n thnh tha s nguyn t, m mt thut

ton nh vy lm vic c hiu qu thit thc, nh trnh by trong mt phn trn, l cha c! V vy, nguy c b thm m bng thut ton n gin ni trn i vi tnh an ton ca h mt m RSA l khng ng ngi lm. 5. V kh nng che giu ca bn mt m. Mt m, s d n gi c b mt, l do kh nng che giu thng tin ca n, tc l bit bn m y kh lng tm c thng tin no pht hin ra bn r x. Mt cch th thin, ta ni bn r xl khng che giu c qua php lp mt m RSA eK (x =x e modn, nu eK (x =x. Ni cch khc, x l khng che giu c nu bn m ca x cng chnh l x. Tic rng vi bt k h mt m RSA no cng c nhng bn r khng che giu c, l nhng bn r x = -1, 0, 1 modn (v s m e lun lun l s l). Ngi ta chng minh c rng nu n =p.<q th s cc bn r x GZn khng che giu c l bng
(1

+gcd(e -1, p -1)).(1+gcd(e -1, q -1)).

V e -1, p -1, q -1 l cc s chn, nn s t nht l 9, nn mi h RSA c t nht 9 bn r khng che giu c. Tuy nhin, thng n, v do c p v q, u rt ln, nn t l cc bn r khng che giu c ni chung l b khng ng k, v do kh nng gp cc bn r khng che giu c khng to nn mt nguy c ng ke no i vi vic dng cc h mt m RSA. 4.3. H mt m kho cng khai Rabin. 4.3.1. M t h mt m Rabin. S h mt m kho cng khai Rabin c cho bi S= (P, K E, D), trong : P = = Zn , trong n l mt s nguyn Blum, n =p.q, vi pv ql hai s nguyn t c tnh cht p = 3(mod4), q= 3(mod4), K = {K- (K', K) : K' =(n,B), K'' =(pq), 0<B < n -1}, cc thut ton E v D c xc nh bi E(K' ,x) = x(x+B) modn,
D (K ,y

" ) =^~4~+y - ^2mod n.

(k hiu cn bc hai s c gii thch sau).

Trong mt mng truyn tin bo mt vi s mt m Rabin, mi ngi tham gia chn cho mnh cc yu t n,B,p,q lp nn kho cng khai v kho b mt ca mnh. Ta ch rng vi mi b kho K cc thut ton eK, = (K' ,.) v d K ,, = D (K'',.) khng lp thnh mt cp song nh, cu th l e K , khng phi l mt n nh, v nu w l mt cn bc hai ca 1 theo BB modn th e K , (w(x + ) ) = e K , (x), m ta c n 4 cn bc hai ca 1 theo modn ,tc l ta c 4 gi tr khc nhau ca i s x cho cng mt gi tr e K , (x). By gi ni n thut ton gii m d K = D(K'',.). t C = B2/4 +y, ta c d K . (y) = vc - B / 2 m o d n , do c d K . (y), ta cn tnh \fc modn, tc cn gii phng trnh z 2 = C modn . Phng trnh tng ng vi h thng gm hai phng trnh sau y. j z2 = c mod p, (2) " z 2 = c mod q.
p-1
2 2

q-1

V p v ql cc s nguyn t nn ta c c = 1mod p, c = 1mod q. Theo gi thit, p = 3(mod4) v q = 3(mod4), nn p +1 va' q +1 l cc s nguyn; v ta c (c^) ^c (modp), (c^) ^c (mod q).
2 2

Do ,phng trnh z 2 = Cmodn , hay h phng trnh (2), c 4 nghim theo modn, tng ng vi 4 h phng trnh sau y . z = c (p +1)/4 (mod p ) z = c (p +1)/4 (mod p ) "[z = c (q+1)/4 (mod q) "z = - c (q+1)/4(mod q) z =- c (p+1)/4 (mod p) z = - c (p+1)/4 (mod p) "z = c (q+1)/4 (mod q) "z = - c (q+1)/4(mod q) C 4 nghim ca 4 h phng trnh theo modn u c vit chung di mt k hiu l 4c modn, v v vy thut ton gii m d K (y) thc t s cho ta 4 gi tr khc nhau theo modn m bn r l mt trong 4 gi tr . Vic chn gi tr no trong 4 gi tr tm c lm bn r l tu thuc vo nhng c trng khc ca bn r m ngi gii m nhn bit (th du bn r di dng s phi c biu din nh phn l m ca mt vn bn ting Anh thng thng).

Th du : Gi s n =77 = 7.11, B =9 ( y p =7, q =11). Ta c e K , (x) = x 2 + 9xmod77, d K " (y) = + y - 43mod77, v 2-1=39mod77, 9.2-1 =9.39 =43mod77, B2=4mod77, B2/4 =1mod 77. Vi x =44 ta c e K " (x) = 442+9.44 =2332 =22mod77, bn m tng ng vi xl y= 22. By gi gii m vi bn m y =22, bng th tuc ni trn ta c th tm c 4 gi tri ca ^1 + y _>/1 + 22 = >/23 theo mod77 l 10,67,32,45, t 4 gi tri c th c ca d K " (y) l dK," (y = 44, 24, 66, 2. Bn r nm trong 4 gi tri , trong trng hp ny l 44. 4.3.2. Tnh an ton ca h mt m Rabin.

Trong inh ngha ca h mt m Rabin, kho cng khai l (n,B), kho b mt l (pq) tc l cp tha s nguyn t ca n . Nh vy, tnh an ton ca h mt m nm vic gi b mt cc tha s p v q. inh ngha ca php gii m cng cho ta thy rng yu t c ngha quyt inh trong php gii m l vic tnh cn bc hai ca mt s theo modn. Trong muc 4.1.2 bi ton tm cn bc hai theo modn (vi n l hp s Blum) c chng t l c kh tng ng vi bi ton ph n tch n thnh tha s nguyn t. V vy, bi ton gii m i vi h mt m Rabin, cng l bi ton gi b mt kho b mt (pq), v bi ton phn tch s nguyn thnh tha s nguyn t l c kh tng ng nhau. V cng l yu t bo m tnh an ton ca h mt m Rabin !

4.4. H mt m kho cng khai ElGamal. 4.4.1. M t h mt m ElGamal.

H mt m ElGamal c T. ElGamal xut nm 1985, da vo phc tp ca bi ton tnh lgarit ri rc, v sau nhanh chng c s dung rng ri khng nhng trong vn bo mt truyn tin m cn trong cc vn xc nhn v ch k in t. S h mt m kho cng khai ElGamal c cho bi S= (P, C K E, D), trong : P = Z*, C = Z* X Z*, vi p l mt s nguyn t; K ={K = (K, K) : K' =(p,a ,p) , K" = a , P a a modp},

 y a l mt phn t nguyn thu theo modp, tc ca z*. Cc thut ton lp m e K " = E(K' ,.) v gii m d K . = D(K'',.) c xc nh nh sau: Vi mi XG P = zp, lp mt m cho x trc ht ta chn thm mt s ngu nhin k G Z?-1 ri tnh: t = t \ y = 1
a mod ,

K'

(xk)

= y2

), vi

[y 2 = x.3 mod p. Vi mi s ngu nhin kbt k, ta u xem e K " (x,k) l mt m ca x. V thut ton gii m c xc nh bi
d

K" y v y2) = y2.( y a )-1 mod p.

Cc php lp mt m v gii m c xc nh nh vy l hp thc, v ta c vi mi XG P=z p v mi k G Z?-1 : d K (e K " (xk)) = x.p k .(a k a ) -1 modp = x.3 .p~ k mod p = x. Ta ch rng trong mt mng truyn thng bo mt vi vic dng s mt m ElGamal, mi ngi tham gia t chn cho mnh cc tham s p,a, , ri tnh p, sau lp v cng b kho cng khai K' =(p,a ,P), nhng phi gi tuyt mt kho b mt K" = a. Bi ton bit kho cng khai tm ra kho b mt chnh l bi ton tnh lgarit ri rc c k n trong muc 4.1.2, mt bi ton kh cho n nay cha c mt thut ton no lm vic trong thi gian a thc gii c n. Th du : Chn p = 2579, a =2, a =765, ta tnh c /3 = 2765 = 949 mod2579. Ta c kho cng khai (2579, 2, 949) v kho b mt 765. Gi s lp mt m cho x =1299, ta chn ngu nhin k =853, s c eK" (1299, 853) = (2853, 1299. 9498"3)mod2579 = (453, 2396). V gii m ta c li dK. (453, 2396) = 2396. (453765)-1mod2579 = 1299. Tnh an ton ca h mt m ElGamal. Nh trnh by trn, nu ta xem tnh an ton ca h mt m ElGamal l vic gi tuyt mt kho b mt K", th ta c th yn tm v bi ton pht hin kho b mt c kh tng ng vi bi ton tnh lgarit ri rc, m bi ton ny th nh cc muc 4.1.2 v 2.4.3 chng t, cho n nay cha c mt thut ton no lm vic trong thi gian a thc gii c n. C mt iu cnh bo l nn ch chn muyn p l s nguyn t sao cho p -1 c t nht mt c s nguyn t ln (xem 2.4.3). iu l thc hin c 4.4.2.

nu s nguuyn t p c chn l s nguyn t Sophie Germain (tc c dng 2q+1, vi qcng l s nguyn t ln). Ngoi ra, cn c kh nng kho b mt K" = a b l do cu th trong vic s dung s ngu nhin k, c bit l khi l s k c dng. Thc vy, nu l s k, th kho b mt a c tnh ra ngay theo cng thc sau y. a = (x - ky 2 ) y-1 mod( p -1). Nh vy,mt ngi thm m c kh nng tn cng theo kiu bit c bn r (xem 1.5.1) c th pht hin ra kho a nu bit k. Mt trng hp khc lm mt tnh an ton ca h mt m ElGamal l vic dng cng mt s' k cho nhiu ln lp mt m. Thc vy, gi s dng cng mt s ngu nhin k cho hai ln lp m, mt ln cho x1 , mt ln cho x2 , v c cc bn m tng ng y,y2) v (zvz2). V cng dng mt s k nn y1=z1. V do theo cng thc lp m ta c z2/y2 = x2/x1, tc l x2 = x1.z2/y2. Nh vy, mt ngi thm m, mt ln bit c bn r d dng pht hin c bn r trong cc ln sau. 4.4.3. Cc h mt m tng t ElGamal. H mt m ElGamal c xy dng da trn cc yu t . mt nhm hu

hn cyclic (Z*), mt phn t nguyn thu (a e Z*) sao cho bi ton tnh lgarit ri rc (tnh a = \ogaP, tc cho 0 tm a sao cho 0 = a a modp) l rt kh thc hin. V vy, nu c cc yu t th ta c th xy dng cc h mt m tng t ElGamal. Nh vy, s ca mt h mt m tng t ElGamal c cho bi S= (P, C K E, D), trong . P = G, C = G X G, vi G l mt nhm cyclic hu hn; K ={K = (K', K") : K' =(G,a,0) , K'' = a , p= a a }, y a l mt phn t nguyn thu ca nhm G. Cc thut ton lp m e K , = (K' ,.) v gii m d K . = D(K",.) c xc nh nh sau. Vi mi XG P=G, lp mt m cho x trc ht ta chn thm mt s ngu nhin k (0 <k < |G|) ri tnh.
e

K' (xk = (l, y2), vi 1y1 ~

a n k

[ y2 = x.0k

Vi mi s ngu nhin kbt k, ta u xem eK, (x,k) l mt m ca x. V thut ton gii m c xc nh bi K" y y2) = y2( y1a )-1 mod p. Php nhn trong cc biu thc ni trn u l php nhn ca G.
d

lp thnh nhm nhn ca trng GF (p),v ngi ta chng minh c rng nhm nhn l cyclic.

C hai lp nhm thng c s nhm xy cp p-1. tah mt m tng Nh vy, nhm G= GF(p)\{0} l dung cyclic dng cc c th chn mt t ElGamal l nhm ca nhm trng thit lpGF(p) v lgarit cng ca mtng, t phn t nguyn thu nhn ca , v Galois bi ton nhm ri rc tng ng cong elliptic xc inh trn mt trng ElGamal. xy dng c h mt m tng t hu hn. 1. Nhm nhn ca ng cong elliptic Trng l mt s nguyn t ca 2. Nhm cng ca trng Galois GFp): :Gi s pGalois GF(p) l trng> 3. cc a cong elliptic y2s"3+a.x+b trn Z theo muyn l mt a thc bc n bt kh qui; thc vi h =x trong Zp ly , trong ng p vi<=Z l cc hng s tho mnphp cng 0 (modp), c inh ngha l tp hp. a,b php cng v php nhn l 4a3+27b v php nhn a thc theo muyn tt p Trng c p phn Zp X c tho xem phng trnh l mt a thc bc n -1 vi h s c cc im (xy) e t, Zp th mn mi phn t thuc Zp = {0,1,2,...,p -1}, 2 x+a.x+b (modp), cng vi mt phnthnh phn l cc y thm ch l mt vect n chiu m cc t c bit m ta h s ca a thc . Tp tt c cc a thc khc k hiu l O . Tp hp c k hiu l E Trn tp E ta xc inh mt php cng nh sau : Gi s P =( xv y) v Q = (x2, y2) l hai im ca E Nu x1=x2 v y= -y th ta inh ngha P + Q=O ; nu khng th P + Q = (x3, y), trong vi x = 2-x!-x2 , y = (x!-x?) - y ,
_ (

y2 - y) /(x2- x1), khi P * ; |(3Xj2 + a) / 2yj, khi P _ Q.

Ngoi ra, ta inh ngha thm : P+O = +P = P Tp Evi php ton cng lp thnh mt nhm. Nu I E| =ql s nguyn t th nhm cng l nhm cyclic, v mi phn t khc khng (*O ) u l phn t nguyn thu. Ta nh rng trong trng hp ny, phn t nghich o l phn t i, php nng ln lu tha n l php nhn vi s n, php lgarit tng ng vi mt kiu php chia. Ta c th xut pht t nhm Eny xy dng h mt m tng t ElGamal.

4.5. Cc h mt m da trn cc bi ton NP-y . 4.5.1. Nguyn tc chung. Nh gii thiu trong chng II, cc bi ton NP-y l cc bi ton m cho n nay cha tm c mt thut ton vi phc tp tnh ton a thc no gii chng. V tnh kh ca cc bi ton li c bo m bng s kin l ch cn c mt thut ton vi phc tp a thc gii mt bi ton NP-y no th lp tc mi bi ton NP-y u gii c trong thi gian a thc. i vi mt s bi ton NP-y , tuy khng c thut ton vi phc tp a thc gii i vi mi d liu ca bi ton, nhng c th c mt lp cc d liu m i vi chng c thut ton gii vi thi gian chp nhn c. Vi nhng bi ton nh vy ta c th s dung xy dng cc h mt m kho cng khai vi nguyn tc chung nh sau : H mt m s c php gii m tng ng vi vic tm li gii cho bi ton NP-y ; tuy nhin c mt th tuc bin mt d liu ni chung ca bi ton NP-y thnh mt d liu thuc lp c bit m i vi n c th gii c bi mt thut ton vi phc tp thi gian chp nhn c. Nh vy, ta bin c php lp m thnh mt hm ca sp mt pha , v l c s xy dng h mt m kho cng khai tng ng. Ta s xt sau y hai trng hp xy dng c cc h mt m kho cng khai theo cch nh vy : mt l h mt m Merkle- Hellman da trn bi ton sp ba l (hay bi ton tng tp con), v hai l h mt m Mc-Eliece da trn bi ton gii m tuyn tnh t sa sai. 4.5.2. H mt m Merkle-Hellman. Bi ton sp ba l (tc bi ton KNAPSACK, cng c gi l bi ton tng tp con) c t ra nh sau: Cho mt tp cc s nguyn dng {a17a2 ,...,a } v mt s nguyn dng s. Hy xc nh xem c hay khng mt tp con cc m tng ca chng bng s. Mt cch tng ng, hy xc nh xem c hay khng cc x i g{0,1} (1< i < n) sao cho ^ a.x. = s.

Bi ton ny l NP-y , tuy nhin nu ta hn ch bi ton trn cc d liu I =( {a 1 , a 2 ,..., a n } ,T ), trong {a 1 , a 2 ,..., an} l dy siu tng, tc l dy tho mn iu kin
j -1 Vj = 2, 3, . . ., n : a } >

2a ,
t

i =1

th vic tm tr li l kh d dng, chang hn c th bng thut ton n gin di y: 1. for i=n downto 1 do if T> ai then T = T - ai , xi = 1, else xi = 0 n 2. if 2 x. a. = T then X = (x1, . .., x ) is the solution of problem, i=1 else there is no solution. By gi, chun b xy dng mt s mt m Merkle-Hellman, ta chn trc mt s nguyn dng n v mt s nguyn t p ln. Vi mi ngi tham gia s c chn mt b kho K = (K', K"), trong kho b mt K" = (A, p, a) gm mt dy siu tng A= n |a17a2,...,a } tho mn 2a < p, v mt s a, 1< a < p ; kho cng i=1 khai K' = {b1,...,bn} vi b = a.ai modp. S h mt m Merkle-Hellman c nh ngha bi S= (P, C K, E, D), trong P = {0,1}n , C ={0,1,...,n(p -1)}, K l tp cc b kho K = (K', K") nh c xy dng trn. Cc thut ton lp mt m v gii m c xc nh bi: Vi mi x = (Xj,..., x ) e P thut ton lp m cho ta S(K', X) = xb ; i =1 v vi mi s , ta tnh =a' x .y modp, ri sau gii bi ton sp bal i vi d liu I=({a13a2,...,a n },z) ta s c li gii (Xj,...,x n ), li gii l gi tr ca D (K", y). Th du: Chn n =6, kho b mt c p = 737, A={12, 17, 33, 74, 157, 316}, a =635. Tnh c kho cng khai l {250, 477, 319, 559, 200, 196}. Vi bn r x = 101101 ta c bn m tng ng l y= 1324. gii m, trc ht tnh z = a A .y modp = 635-1.1324 mod737 = 435, sau gii bi ton sp bal vi dy siu tng A v zta c 435 = 12 + 33 + 74 + 316, tc c li gii X = (1,0,1,1,0,1).

H mt m Merkle-Hellman c xut kh sm, t nm 1978, n nm 1985 Shamir tm c mt phng php thm m trong thi gian a thc da vo mt thut ton ca Lenstra gii bi ton qui hoch ng. Tuy nhin, sau , vo nm 1988, Chor v Rivest c a ra mt cch khc xy dng h mt m cng da vo bi ton sp bal, cho n nay vn gi c an ton. 4.5.3. H mt m McEliece. H mt m McEliece c xy dng da vo tnh NP-y ca bi ton gii m tuyn tnh t sa sai (trong l thuyt truyn tin). Bi ton c t ra nh sau: gi s ngun tin l tp cc t k bit nh phn, tc tp hp |0,1}k, c truyn i trn mt knh c nhiu, tc l nu truyn trc tip cc dy t kbit th thng tin m ta nhn c c th b sai lch v ta khng nhn c ng thng tin c truyn i. e khc phuc nhng sai lch ngi ta tm cch m ho ngun tin gc bng cch thm cho mi t kbit mang thng tin mt s bit dng t hiu chnh, tc l thc hin mt php m ho bin mi t k bit ban u thnh mt t n bit, vi n > k c gi l t m. Php m ho tuyn tnh l php m ho c thc hin bng cch nhn t kbit ban u xvi mt ma trn G cp kxn c t m n bit y, y =x. G (cc php ton cng v nhn c thc hin theo mod2). Ta nh ngha khong cch Hamming gia hai t m n bit l s cc v tr m ti hai t m c gi tr khc nhau; khong cch d ca h m l khong cch Hamming b nht gia hai t m bt k. Nh vy, mt h m tuyn tnh c xc nh bi mt ma trn G (gi l ma trn sinh), v c c trng bi ba s [.nkd ]. Nu d= 2t+1, th h m c kh nng t sa sai n t sai ngu nhin nhim phi do nhiu ca knh truyn. Tuy nhin, vic t sa sai (tc l khi nhn c t m c th c n tsai ta tm li c ng t k bit thng tin ban u) ca cc h m tuyn tnh nh vy ni chung kh phc tp, v bi ton gii m tuyn tnh t sa sai c chng minh l mt bi ton NP-kh, tc cho n nay cha bit c thut ton no lm vic trong thi gian a thc gii c n. Mc du vy, ngi ta tm c mt s lp ring cc h m tuyn tnh m i vi chng c th xy dng c nhng thut ton gii m t sa sai lm vic c hiu qu, cc h m Goppa l mt lp nh vy. H m Goppa l mt loi h m tuyn tnh c cc c trng n = 2m, d =2t+1, k =n -mt, c ma trn sinh G cp kxn c xy dng da trn mt s tnh cht i s ca trng GF(2n)-m y ta khng i vo cc chi tit. e c mt h mt m McEliece, trc ht ta chn mt h m Goppa vi ma trn sinh G v cc c trng trn, sau dng mt

ma trn Skh nghich cp kxk trn Z2 v mt ma trn hon vi Pcp n xn (cng c cc phn t trong Z) bin h m Goppa vi ma trn sinh G thnh mt h m tuyn tnh ph bin vi ma trn sinh G* =SGP vy l bin h m Goppa c thut ton gii m hiu qu thnh mt h m tuyn tnh ni chung m ta ch bit vic gii m t sa sai i vi n l NP-kh. H mt m m ta xy dng s c thut ton gii m l d i vi ngi trong cuc nh gii m Goppa, v l kh i vi ngi ngoi nh gii m tuyn tnh ni chung! Nh vy, mt h mt m khoa cng khai McEliece c xc inh bi S= (P, 6 K E, D), trong P ={0,1}k, 6 = {0,1}n, K l tp hp cc b kho K = (K', K"), vi kho b mt K" = (GSP) gm mt ma trn sinh G ca mt h m Goppa, mt ma trn kh nghich S cp kxk trn Z2 v mt ma trn hon vi P cp n xn ; kho cng khai K' = G* l ma trn c bin i ni trn. Thut ton lp mt m E(K',.): P -^6 c xc inh bi (K\ x) = x. G* + e, trong e G {0,1}n l mt vect ngu nhin c trng s t, tc c t thnh phn l 1. Thut ton gii m D(K'',.) c thc hin theo ba bc nh sau vi mi y&C = {0,1}n: 1 Tmh y = 2. Gii m Goppa i vi y, gi s c xv 3. Tnh D(K", y) = x. S'\ D th li rng cc thut ton lp mt m v gii m xc inh nh trn l hp thc, v vi mi x e P ={0,1}k, ta u c D(K", E(K', x)) = x, ng thc ng vi mi vect e bt k c trng s < t. H mt m ny cng tng t nh h mt m ElGamal ch khi lp mt m ta c th chn thm cho d liu vo mt yu t ngu nhin; v sau ta s gi nhng h mt m nh vy l h mt m xc sut. Yu t ch yu bo m tnh an ton ca cc h mt m McEliece l ch t kho cng khai G* kh pht hin ra kho b mt (GSP) v tnh NP-kh ca bi ton gii m tuyn tnh t sa sai ni chung. Cng cn nh rng an ton cn phu thuc vo vic chn cc tham s knt ln; theo gi ca cc nghin cu thc nghim th ln c ngha l 1024, k 644, t& 38. Vi nhng i hi th kch c ca cc ma trn G S P v G* s qu

ln, kh bt tin cho vic thc thi trong thc t, v vy m cc h mt m McEliece cha c s dung ph bin lm. 4.6. Cc h mt m xc sut kho cng khai. 4.6.1. t vn v nh ngha. Mt m xc sut l mt tng c xut bi Goldwasser v Micali t nm 1984, xut pht t yu cu gii quyt mt vn sau y: Gi thit ta c mt h mt m kho cng khai, v ta mun lp mt m cho bn r ch gm mt bit. iu thng gp khi ta mun b mt truyn i mt thng tin ch c ni dung l c hoc khng, tc l mt thng tin c bit quan trng nhng ch gm mt bit. Nu ta dng mt h mt m kho cng khai thng thng, th bn mt m c truyn i s l eK" (0) hoc eK" (1), mt ngi thm m c th khng bit cch gii m, nhng li hon ton c th tnh trc cc gi tr eK" (0) v eK" (1), v khi ly c bn m truyn i trn knh truyn tin cng cng, ch cn so snh bn m nhn c vi hai bn eK" (0) v eK" (1) c tnh sn l bit c thng tin mt c truyn i l 0 hay l 1. Cc h mt m kho cng khai s d c c tnh bo mt l v t thng tin v bn m kh lng khai thc c thng tin g v bn r, nhng r rng iu khng cn c bo m nu s cc bn r l rt t, chang hn nh khi cc bn r c di cc ngn, hay nh trng hp trn, s cc bn r ch l hai, cu th l 0 v 1. Muc ch ca vic xy dng mt m xc sut l bo m khng mt thng tin no v bn r c th khai thc c (trong thi gian a thc) t bn m; iu ny, i vi cc h mt m kho cng khai, c th c thc hin bng cch to cho mt bn r nhiu bn m khc nhau thu c mt cch ngu nhin vi vic s dung cc s ngu nhin trong tin trnh lp m. Sau y l nh ngha v mt h mt m xc sut kho cng khai: nh ngha. Mt h mt m xc sut kho cng khai c xc nh bi mt b S = (P , K , E , D R), trong P , , K c hiu nh i vi cc h mt m kho cng khai thng thng, R l mt tp cc phn t ngu nhin, v vi mi K= (K', K")G K, thut ton lp mt m eK" = E(K' ,.): P xR ^ v gii m dK,, = D(K'',.): -^-P tho mn ang thc: vi mi x GP , r gR, dK" (eK" (x,r )) = x. Ngoi ra, ta mong mun mt iu kin an ton nh trong nh ngha sau y c tho mn: ta k hiu pKx l phn b xc

sut trn tp , trong pKx() l xc sut ca vic yl bn m khi bit Kl kho v xl bn r (xc sut c tnh cho tt c r G R). Ta ni hai phn b xc sut pt v p2 trn l 8-phn bit c nu c mt thut ton 8-phn bit hai phn b xc sut , tc l mt thut ton A : ^ {0,1} tho mn tnh cht I EA(p1) - EA(P2)\ ^ 8, trong
E (

A p) =

2
yGC

p i (y). p( A ( y )

1)

By gi iu kin an ton c pht biu nh sau: H mt m xc sut kho cng khai S l an ton nu c 8>0 sao cho vi mi KeK v mi x x , cc phn b xc sut pKx v PKX l khng 8-phn bit c. 4.6.2. H mt m xc sut Goldwasser-Micali. Sau y l m t s ca h mt m xc sut kho cng khai trn tp vn bn mt bit do Goldwasser v Micali xut nm 1984. Mt h nh vy c cho bi mt danh sch S = (P , K , S , D R), trong P ={0,1}, = R = Z*, n =p.q l tch ca hai s nguyn t ln, K l tp hp cc b kho K = (K', K"), trong kho cng khai K' = (n ,m) vi m G Q = J - Q l mt gi thng d bc hai modn, v kho b mt K" = (p,q). Cc thut ton lp mt m v gii m c xc nh bi eK, (xr) = im.r2 modn,
kh Q A y n y K" U . Q [ 1 , m y Gq vi mi xeP , reR,y G. H mt m Goldwasser-Micali lp mt m cho bn r mt bit: mt m ca bit 0 lun lun l mt thng d bc hai modn, v mt m ca bit 1 l mt gi thng d bc hai modn . Vic gii m l kh d dng khi ta bit kho b mt K" = (p,q). Thc vy, vi mi

- 0,

yG Q u Q ta c ry1

r j =

1. V bit K" = (pq), nn ta tnh c

z = y 2 mod p, p ^. ry1 ) v do d th c y G Q o = 1, v tnh c K, (y. Ip)

H mt m xc sut Blum-Goldwasser. H mt m xc sut kho cng khai Blum-Goldwasser c xy dng trn nn ca cc h mt m theo dng vi dng kho l dy s' gi ngu nhin Blum-Blum-Shub (xem 3.3.3), yu t" ngu nhin r e R y s c s dung nh mm sinh ra dy s gi ngu nhin ca dng kho . S ca h mt m xc sut Hio cng kiai Blum-Goldwasser c cho bi danh sch S = (P , 6 K , E , D R), trong P = Z*, 6 = Z 2 X Z, R =Q, n = p.q l tch ca hai s nguyn t ln vi p q 3 mod 4; K l tp hp cc b kho K = (K', K"), trong kho cng khai K' = n, v kho b mt K" = (pq). Thut ton lp m eK" = (K' ,.) : P xR ^6 c tnh theo cc bc sau: 1. Cho x=(x1,...,Al)eP v r^R. T mm rtheo thut ton BlumBlum-Shub tnh dy s (s0 ,s1,...,sl+1) theo cng thc k _r, U+1 _ si2 modn sau tnh dy s gi ngu nhin (zv...,z) bi z =si mod2. 2. Tnh y=y,...,y) vi yi = xi +zimod2 (1< i< l). 3. Bn m l e K"(x,r) = y s+t) =(y1,...,y1 ;sl+1). Thut ton gii m dK" = D(K'',.): 6^-P c thc hin theo cc bc sau y sau khi nhn c bn m y,...,y ;sl+1) : 1. Tnh 4.6.3.
a _ ( ( p +1) / 4 ) 1 ' +1 mod(p -1), a2 _ ( ( q +1) / 4)1+1 mod(q -1).

2. Tnh bj _ s+j mod p, b2 _ mod q. 3. Tm s0 =r bng cch gii h phng trnh

s0 b mod p [ s 0 b 2 mod q

4. Vi s0 theo thut ton BBS ta tm li c dy bit (z1,...,z/). 5. Cui cng ta c dK (y1,...,y1;s+1) = (xx,...,x), vi xi = y; +zi-mod2 (1< i< l). Nh vy l h mt m Blum-Goldwasser c inh ngha y . Ta ch rng nu bn r x gm I bit th trong bn m tng ng, ngoi cc bit m y,...,y ta phi gi thm s sl+1, s

 c s dung trong cc bc 1-3 ca thut ton gii m tm li mm s0 cn thit cho vic tm dng kho ngu nhin (Z\_,...,z). Ta chng minh rng s s0 tnh c theo thut ton gii m ng l mm s0 m ta cn tm. Thc vy, theo nh ngha, ta c vi mi i=0,1,...,/ +1, st- u l thng d bc hai, v vi mi i=0,...,l , si u l cn bc hai ca si+1 theo modn ; iu cng ng i vi modp v modq. V p 3 mod4, nn mi thng d bc hai x theo modpu c duy nht mt cn bc hai modpcng l thng d bc hai modp, l x+1)/4modp. Thc vy, v x+1)/2= x modp, nn xp+1)/4modp l cn bc hai theo modp ca x ; mt khc ta li c x = 1, nn x(p+1)/4modp cng l mt thng d bc

p) hai modp. T nhn xt ta suy ra vi mi i (i = 0,1,..,/ ): s , - si+T1)/4 (mod p'X do , s 0 = s/(+p+1)/4)l+1 mod p = sl+1 mod p. Xt tng t i vi q, ta cng c s0 = mod q. Vy s s0 tnh theo cc bc 1-3 ca thut ton gii m ng l mm s0=rm ta cn tm. Cc thut ton lp mt m v gii m nh c nh ngha trn l hp thc. Th du : Chn n = 192649 = 383.503. Cho bn r x= 11010011010011101101. (l = 20) Gi s chn ngu nhin s0=r = 20749. Ta tnh c dy z : z= 11001110000100111010. Ta tnh thm c s21=94739, v bn m c gi i l = y s+o = 0^ 94739^ trong y = 00011101010111010111. gii m, trc ht ta tm s0 t s21 = 94739. Ta c (p+1)/4 =96, (q+1)/4 =126. Theo thut ton gii m: al = 9621mod382 =266,
e

K"

(x,r)

T tnh c

a2 = 12621mod502 = 486.

b = 94739266mod383 =67, b\ = 94739486mod503 = 126. Gii h phng trnh ng d: s - 67 (mod 383) \s0 -126(mod503)

ta c s0=20749, t tnh li c dy z, cng mod2 tng bit vi yta li thu c bn r x.

CHNG V

Bi ton xc nhn v ch k in t
5.1. Bi ton xc nhn v s ch k. 5.1.1. t vn . Trong chng I, tit 1.3, ta lit k mt s bi ton ch yu v an ton thng tin, trong ngoi bi ton quan trng nht l bo mt thng tin th cc bi ton k tip l: xc nhn thng bo v xc nhn ngi gi (cng vi thng bo), xng danh v xc nhn danh tnh ca mt ch the giao dch, v.v... Bi ton bo mt c p ng bng cc gii php mt m l ni dung ca cc chng III v IV, trong chng ny v chng sau ta s cp n cc bi ton xc nhn v nhn thc ke trn, chng V ny s dnh cho bi ton xc nhn thng bo v ngi gi thng bo, chng VI tip theo s xt bi ton xng danh v xc nhn danh tnh. Trong cch thc truyn thng, thng bo c truyn i trong giao dch thng di dng cc vn bn vit tay hoc nh my c km thm ch k (vit tay) ca ngi gi bn di vn bn. Ch k l bng chng xc nhn thng bo ng l ca ngi k, tc l ca ch the giao dch, v nu t giy mang vn bn khng b ct, dn, ty, xo, th tnh ton vn ca thng bo cng c chng thc bi ch k . Ch k vit tay c nhiu u iem quen thuc nh d kiem th, khng sao chp c, ch k ca mt ngi l ging nhau trn nhiu vn bn, nhng mi ch k gn lin vi mt vn bn cu the, v.v... Khi chuyen sang cch thc truyn tin bng phng tin hin i, cc thng bo c truyn i trn cc mng truyn tin s ho, bn thn cc thng bo cng c bieu din di dng s ho, tc di dng cc dy bit nh phn, ch k nu c cng di dng cc dy bit, th cc mi quan h t nhin ke trn khng cn gi c na. Chang hn, ch k ca mt ngi gi trn nhng vn bn khc nhau phi the hin c s gn kt trch nhim ca

ngi gi i vi tng vn bn th tt yu phi khc nhau ch khng the l nhng on bit ging nhau nh cc ch k ging nhau trn cc vn bn thng thng. Ch k vit tay c the c kiem th bng cch so snh vi nguyn mu, nhng ch k in t th khng the c nguyn mu e m so snh, vic kiem th phi c thc hin bng nhng thut ton c bit. Mt vn na l vic sao chp mt vn bn cng ch k. Nu l vn bn cng ch k vit tay th d phn bit bn gc vi bn sao, do kh m dng li c mt vn bn c ch k tht. Cn vi vn bn in t cng ch k in t th c the nhn bn sao chp tu thch, kh m phn bit c bn gc vi bn sao, cho nn nguy c dng li nhiu ln l c thc, do cn c nhng bin php e trnh nguy c . Mt ch k, nu mun the hin c trch nhim ca ngi gi trn ton vn bn, th phi mang c mt cht gn b no vi tng bit thng tin ca vn bn, v vy, theo hnh dung ban u, di ca ch k cng phi di theo di ca vn bn; e c c ch k ngn nh trong trng hp vit tay ngi ta phi dng mt k thut ring gi l hm bm m ta s trnh by cui chng. By gi, trc ht ta s gii thiu nh ngha v s ch k (in t). 5.1.2. nh ngha s ch k. nh ngha 5.1. Mt s ch k l mt b nm = (P, A, K, S, V ), trong : P l mt tp hu hn cc thng bo c th c, A l mt tp hu hn cc ch k c th c, K l mt tp hu hn cc kho, mi kho K E K gm c hai phn K =(K,K"), K l kho b mt dnh cho vic k, cn K" l kho cng khai dnh cho vic kiem th ch k. Vi mi K=(K,K"), trong S c mt thut ton k sigK, :P ^ A , v trong Vc mt thut ton kim th verK,, : P xA ^{ng,sai} tho mn iu kin sau y i vi mi thng bo xeP v mi ch k ^A : ver K" (x y = ng y=sigK'(x). Vi s trn, mi ch th s hu mt b kho K=(K,K"), cng b cng khai kho K'' e mi ngi c the kiem th ch k ca mnh, v gi b mt kho K e thc hin ch k trn cc thng bo m

mnh mun gi i. Cc hm verK,, v sigK, (khi bit K ) phi tnh c mt cch d dng (trong thi gian a thc), tuy nhin hm y = sigK, (x) l kh tnh c nu khng bit K - iu bo m b mt cho vic k, cng tc l bo m chng gi mo ch k. Bi ton xc nhn vi ch k in t, theo mt ngha no , c the xem l i ngu vi bi ton bo mt bng mt m, nh c minh ho bi th du s ch k RSA, i ngu vi s mt m RSA, di y : 5.1.3. S ch k RSA. S ch k RSA c cho bi b nm S = (P, A, K, S, V ), trong P =A =Zn , vi n =p.ql tch ca hai s nguyn t ln p,q, K l tp cc cp kho K=(K,K"), vi K = a v K" = (n,b), a v b l hai s thuc Z* tho mn a.b = 1(mod^(n)). Cc hm sigK' v verK ,, c xc nh nh sau: sigK, (x) = xa modn , verK, (x,y ) = ng o X = yb (modn ). D chng minh c rng s c inh ngha nh vy l hp thc, tc l vi mi xeP v mi ch k ye A:
ver

K" (x y = ng y=sigK'(x).

Ch rng tuy hai vn xc nhn v bo mt theo s RSA l c b ngoi ging nhau, nhng ni dung ca chng l hon ton khc nhau: Khi A gi thng bo x cho B, e B c cn c xc nhn ng thc l thng bo do A gi, A phi gi km theo ch k sigK, (a), tc l A gi cho B (x, sigK, (x), trong cc thng tin gi i , thng bo xhon ton khng c gi b mt. Cng tng t nh vy, nu dng s mt m RSA, khi mt ch the A nhn c mt bn mt m eK, (x) t B th A ch bit rng thng bo x c bo mt, ch khng c g xc nhn xl ca B. Nu ta mun h truyn tin ca ta va c tnh bo mt va c tnh xc nhn, th ta phi s dung ng thi c hai h mt m v xc nhn (bng ch k). Gi s trn mng truyn tin cng cng, ta c c hai h mt m kho cng khai S v h xc nhn bng ch k S2. Gi s B c b kho mt m K = (K', K") vi K' = (n, e) v K" = d trong h S, v A c b kho ch k K = (K', K") vi K'= a v K = (n, b) trong h S2. A c th gi n B mt thng bo va bo

mt va c ch k xc nhn nh sau: A k trn thng bo X trc, ri thay cho vic gi n B vn bn cng ch k (x sigK, (X) th A s gi cho B bn mt m ca vn bn c lp theo kho cng khai ca B, tc l gi cho B eK, ((x, sigK, (X). Nhn c vn bn mt m B s dng thut ton gii m dK ca mnh thu c (x s igK, (X), sau dng thut ton kim th ch k cng khai verK,, ca A xc nhn ch k sigK, (X) ng l ca A trn X. 5.2. S ch k ElGamal v chun ch k in t. 5.2.1. S ch k ElGamal. S ch k ElGamal c Xut nm 1985, gn nh ng thi vi s h mt m ElGamal, cng da trn kh ca bi ton lgarit ri rc. S c thit k c bit cho muc ch k trn cc vn bn in t, c m t nh mt h S = (P, A, K, S, V), trong P = Z*, A = Z* X Z _1, vi p l mt s nguyn t sao cho bi ton tnh lgarit ri rc trong Z* l rt kh. Tp hp K gm cc cp kho K=(K,K"), vi K = a l mt s'" thuc Zp, K" =(p, a, p), a l mt phn t nguyn thu ca Z*, v p= aa modp. K l kho b mt dng k, v K" l kho cng khai dng kim th ch k. Cc thut ton k v kim th ch k c Xc nh nh sau: Vi mi thng bo X, to ch k trn X ta chn thm mt s ngu nhin ke Z*_, ri tnh
si

gK' (Xk) = (,), vi

Y = ak modp, 5 = (X _ a)k_ mod(p -1). Thut ton kim th c nh ngha bi: verK,, (x,(Y,5) ) = ng o pr.5 = aX (modp). D thy rng s ch k c nh ngha nh trn l hp thc. Thc vy, nu sigK' (X,k) = (Y, 5), th ta c : P.5 = o?r.ot5 modp = ax modp, v k5 +a= X mod(p -1). Do , verK,, (X, (Y, 5)) = ng.

Th du: Gi s p = 467, a = 2, a = 127. Khi p = 2127mod467=132. Cho x =100; ta chn ngu nhin k =213 (e Z466) v c k_1mod466 =431. Ch k trn vn bn x =100 vi s ngu nhin k =213 l (y 5), trong Y=2213mod467 = 29 v 5 = (100 - 127.29).431mod466 =51. kim th ta tnh : Pr.5= 13229.2951 = 189 (mod467), ax = 2100 = 189 (mod467), hai gi tr ng d vi nhau theo mod467, ch k(Y 5)=(29,51) c xc nhn l ng. 5.2.2. Tnh an ton ca s ch k ElGamal. S ch k ElGamal c xem l an ton, nu vic k trn mt vn bn l khng the gi mo c, ni cch khc, khng the c mt ngi no ngoi ch the hp php c the gi mo ch k ca ch the hp php trn mt vn bn bt k. V vy, vic gi b mt kho K' = a dng e to ch k l c ngha quyt nh i vi vic bo m tnh an ton ca ch k. C the e l kho b mt K' = a trong nhng trng hp no, v c the khng e l K' = a m vn gi mo ch k c khng? Ta s xt sau y mt vi trng hp n gin : 1) Kh nng l kho K' = a: Cng nh i vi s h mt m ElGamal, kho b mt a c the b pht hin trong trng hp e l s ngu nhin k mt ln k no , hoc s dung cng mt s ngu nhin k hai ln k khc nhau. Nu s ngu nhin k c s dung khi k trn vn bn xb l, th kho b mt K' = a c tnh theo cng thc sau y: a = (x - k5). '1 mod(p 1). By gi ta xt trng hp dng cng mt s ngu nhin k cho hai ln k khc nhau, chang hn cho x1 v x2. Khi ta c ch k trn x1 l (y,5x), trn x2 l (y,52), vi thnh phn th nht bng nhau (v bng Y=ak modp), v cc ch k tho mn pr Y5 =ax1 (modp), pY.Y5 =ax2 (modp). T ta c ax1- x2 = y51 -52 =ak 5 (modp),
-5)

iu tng ng vi x1 - x2 = k 5 - 52) (mod(p -1)). t d = gcd(5x - 52, p -1). C ba s 51 - 52, p -1 v x1 - x2 u chia ht cho d, ta t

X = XXL , 5' = l-2, p' = P_1. d dd Khi ng d thc trn tr thnh X' = k.5' (mod p'). V gcd (5 ' , p') =1, nn c th tnh s = 5'-1 mod p', v sau gi tr k theo mod p': k = X'. mod p', tc l k = X',s+ i.p' mod(p-l) vi i l mt gi tr no , 0< i < d -1. Th ln lt iu kin Y = ak modp vi cc gi tr ca i , ta s tm c k;sau t ktnh c a cn tm. 2) Kh nng gi mo ch k trn mt vn bn cho trc: Gi s ch th A chn s ch k ElGamal vi cp kho K =(K,K"), trrong K' = a l kho b mt. Mt ngi ngoi O khng bit kho b mt K' = a m mun gi mo ch k ca A trn mt vn bn x th phi c kh nng to ra c ch k (Y,5 ) m khng cn bit a. C hai cch : hoc chn trc Yri tm 5 tng ng, hoc ngc li, chn trc 5 ri tm Y tng ng. Nu chn trc Yri tm 5, th 5 phi l 5 = (X - a)k-1 mod(p -1) = ((X - a) logY a mod(p -1) = log a (aX p7 ). logr a = logr a p 7 mod(p -1); l mt bi ton tnh lgarit ri rc, m ta bit rng rt kh. Nu chn trc 5 ri tm Y th phi gii phng trnh pr Y = aX modp vi n s Y. Ta cha bit c cch gii hu hiu no khng, nhng chc l khng d hn bi ton tnh lgarit ri rc. Nh vy, ta c the tin rng kh nng gi mo ch k trn mt vn bn cho trc khi khng bit kho b mt K' = a l rt t, do khng c nh hng ng ke n tnh an ton ca s ch k. 3) Gi mo ch k cng vi vn bn c k: C mt kh nng gi mo khc l gi mo c vn bn gi i xcng vi ch k (Y,5 ) trn x. Kh nng xy ra khi k gi mo chn c xv (y,5) tho mn iu kin kiem th, cu the khi chn c x,Y,5 c dng sau y : = .p modp,

5 = _Y. j 1 mod(p -1), X = -y.i.j -1 mod(p -1), trong i,j l cc s nguyn sao cho 0< i,j < p -2, gcdj, p -1) = 1 v j 1 c tnh theo mod(p -1). Thc vy, khi ta c 37.5-P7(aipj)~y'J modp pr.a^iri .p r modp - ax modp, tc iu kin kim th c tho mn, ( ,5) c th c Xc nhn hp thc l ch k trn X. C th c mt cch gi mo khc na, nu k gi mo s dung ch k ng ( ,5) trn mt vn bn X c t trc to ra mt ch k (, ju) mi cho mt vn bn mi x' nh sau: = Yh a .p1 modp, . = 5(h Y - j5)-1 mod(p-1), x' = (hx + i5)(h Y - j5)_ mod(p -1). C th th li rng iu kin kim th ng i vi ch k (, ju) v vn bn x', tc l P.fi ax modp. C hai cch gi mo ni trn u cho ch k tho mn iu kin kim th i vi vn bn tng ng, tuy nhin vn bn khng phi l vn bn c chn theo mun ca ngi gi mo, cho nn kh nng s dung cc cch gi mo trong thc t cng khng c gi tr , do khng th gy nguy hi ng k cho tnh an ton ca s ch k ni chung. 5.2.3. Chun ch k s' (Digital Signature Standard). Chun ch k s (DSS) c Xut t nm 1991 v c chp nhn vo cui nm 1994 s dung trong mt s lnh vc giao dch in t ti Hoa k. DSS da vo s ch k ElGamal, vi mt vi sa i. bo m an ton , s nguyn t p cn phi ln, biu din nh phn ca p phi c t 512 bit tr ln (cu th t 512 n 1024 bit, s bit l mt bi ca 64). Tuy nhin, di ch k theo s ElGamal l gp i s bit ca p, m trong nhiu ng dung ngi ta li mong mun c ch k di ngn, nn gii php sa i c Xut l: trong khi vn dng pln vi di biu din 512 bit tr ln, th s hn ch di ca Y v 5 trong ch k (Y,5 ) vo khong 160 bit (nh vy c ch k s c di khong 320 bit); iu ny c thc hin bng cch dng mt nhm con cyclic Z* ca Z* thay cho chnh bn thn Z *, do mi tnh ton

vn c thc hin nh trong Z * nhng cc d liu v thnh phn ch k li thuc zq . Ta c s chun ch k s'DSS nh m t sau y: Chn p l mt s" nguyn t" ln c di bieu din > 512 bit sao cho bi ton tnh logarit ri rc trong Zp l kh, q l mt c s nguyn t ca p -1, c di biu din c 160 bit. Gi a e z* l mt cn bc qca 1 theo modp. t P = zp, A = z*x zq. Chn a e zq v tnh p = aa modp. Xc inh kho K =(K,K"), trong kho b mt K = a, v kho cng khai K" = (p,q,a,p. Thut ton k v thut ton kiem th c nh ngha nh sau: Vi x e P =z*, ta chn thm mt s ngu nhin k (0<k < q-1), v nh ngha ch k sigK, (x,k) = (Y, 5), trong Y = (ak modp) modq, 5 = (x + a).k modq. Thut ton kim th c nh ngha bi: verK (x, (y,5) ) = ng o (aei .p2 modp)modq = Y, trong
-1

ej = x.5^1 modq v e2 = y.5- modq. Ch rng ta phi c 5 ^ 0 modq ? c th? tnh c 5_1modq dng trong thut ton kiem th, v vy nu chn k m c 5= 0 mod q th phi chn li s kkhc e c c 5^ 0 modq. 5.3. Hm bm v ch k. 5.3.1. Hm bm (hash function). Trong cc phn trn, ta gii thiu mt vi s ch k in t. Theo cc s , ch k c xc nh cho tng khi ca vn bn, v nu vn bn gm nhiu khi th ch k cho ton vn bn cng phi do ghp ch k trn tng khi li vi nhau m thnh; m ch k trn tng khi vn bn thng c di bng (hoc thm ch gp i) di ca khi vn bn, do ch k chung cng c di tng ng vi di vn bn. l mt iu bt tin. Ta mong mun, nh trong trng hp vit tay, ch k ch c di ngn v hn ch cho d vn bn c the di bao nhiu cng c. i vi ch k in t, v ch k phi c k cho tng bit ca vn bn, nn mun c ch k di hn ch trn vn bn c di tu th phi tm cch rt ngn di vn bn. Nhng bn thn vn bn khng the rt ngn c, nn ch cn cch l tm cho mi vn bn mt bn tm lc c di hn ch, ri thay cho vic k trn ton b vn bn, ta k trn bn tm lc

, xem ch k trn bn tm lc c t cch l ch k trn vn bn. Gi s l tp hp tt c cc vn bn c the c (tt nhin, trong mt lnh vc no ), v l tp hp tt c cc bn tm lc c the c s dung. Vic tm cho mi vn bn mt bn tm lc tng ng xc nh mt hm h : ^ . Mt hm h nh vy ngi ta gi l mt hm bm (hash function). Thng thng, l tp hp cc dy bit c di tu , v l tp hp cc dy bit c mt di n c nh, nn ngi ta cng nh ngha hm bm l cc hm h : ^ vi cc tp hp v (tc cc hm h : {0,1] ^ {0,1)). Dng hm bm h, ta xem = h(x) l tm lc ca x, i din cho x, v ta s xem ch k trn l ch k trn vn bn x; v c di hn ch, nn ch k trn xcng c di hn ch. Mt vn c t ra l: vy hm h : ^ phi tho mn nhng iu kin g e h(x) xng ng c xem l i din ca x trong vic to lp ch k ? Hai iu kin sau y thng c ngi ta xem l hai iu kin ch yu cho mt hm bm: 1. Hm bm phi l hm mt pha, ngha l cho x tnh = h(x) l vic d, nhng ngc li, bit tnh x l vic cc kh (c the qui c d hay kh theo ngha tnh c trong thi gian a thc hay khng). 2. Hm bm phi l hm khng va chm manh theo ngha sau y: khng c thut ton tnh c trong thi gian a thc gii bi ton tm x 1 v x2 thuc sao cho x1 ^ x2 v h (x1) =h (x2); ni cch khc, tm hai vn bn khc nhau c cng mt i din l cc k kh. (Cn c mt khi nim khng va chm yu c nh ngha nh sau: Cho x e. Hm h l khng va chm yu i vi xnu rt kh tm c X' e, x ^ xv h (x ) = h (x)). Ta mong mun di ca ch k l ngn, tc l di ca cc tm lc cng ngn. Nhng ngn bao nhiu l va? Ngn bao nhiu th c the bo m tnh khng va chm mnh? V y ta gp mt kieu tn cng, thng c gi l tn cng ngy sinh c lin quan n kh nng va chm mnh, ni rng trong mt nhm gm 23 ngi c chn mt cch ngu nhin th t nht c hai ngi c cng ngy sinh (tc c va chm mnh!). Mt cch tng qut, ngi ta chng minh c rng: Nu c tt c n bn tm lc,
' '

v k &. 2n ln1, th trong k vn bn c chon ngu nhin c t V 1 -s nht mt va chm manh (tc c X' ^ x v h (x') = h (x)) vi xc sut s.

Khi s =1, ta c k 1,1 lyfn . Trong trng hp ngy sinh, ta c n =365, do k 22,3 23. Tr li vi vn chn di (ca biu din nh phn) cho cc tm lc, nu ta ly chang hn di 40 bit, th n = 240, v do t k 220 (khong mt triu) vn bn s c mt va chm mnh vi Xc sut 1/2, nh vy kh bo m c an ton. Nhng nu ta ly d di ca bn tm lc l 128, tc n =2128, th va chm mnh c th Xy ra vi Xc sut 1/2 khi s cc vn bn c th l ktt 264, mt con s kh ln (so vi s vn bn c th ny sinh trong thc t), do hy vng tnh an ton s c bo m. C th v vy m trong chun DSS ngi ta chn di ca cc tm lc l 160 bit. 5.3.2. Hm bm Chaum-van Heijst-Pfitzmann. Di y ta s gii thiu mt th du cu th v mt hm bm c Xy dng da trn tnh kh ca bi ton lgarit ri rc, do cc tc gi Chaum, van Heijst v Pfitzmann Xut nm 1992. Hm bm c Xy dng nh sau: Gi s p l mt s nguyn t ln dng Sophie Germain, tc c dng p = 2q +1, trong q cng l s nguyn t. Chn a v p l hai phn t nguyn thu ca Z*. Vic tnh loga p, khi bit a v p, l rt kh. Hm bm h: Zq X Zq ^ Zp -{0} c nh ngha nh sau: vi mi x, x2 e Z ta c h(xj, x2) = ax1 .flx2 modp. Ta gi hm bm h c nh ngha nh vy l hm bm Chaumvan Heijst-Pfitzmann. Hm bm c cc tnh cht l hm mt pha v khng va chm mnh nh yu cu i vi mt hm bm. Tnh mt pha ca hm c suy ra t tnh mt pha ca hm lgarit ri rc. Cn tnh khng va chm mnh ca h c chng minh bi nh l sau y : Nu bit mt va chm mnh i vih th c th tnh c logaP mt cch c hiu qu. Gi s c mt va chm h( x, x2) = h( x3, x4), trong (xx) ^ (X3,X4). Nh vy ta c aV2 ax3.px4 (modp), tc l ax1 -x3 px4-x2 (modp). t d =gcd(X4 - X2, p -1). V p -1 = 2q v q l s nguyn t, nn ta c d e {1,2,q, p -1}. Ta Xt ln lt bn kh nng ca d. Gi s d=1. Khi , t y= (X4 - X2)-1mod(p -1), ta c

p = p X4 - x2) y (modp) = aX1 -X3)y (modp), v ta c the tnh logarit ri rc loga p nh sau : ga p = (x1 - x3)(x4 - x2)-1 mod(p-1). By gi gi s d = 2. V p -1 = 2q v q l s l, ta phi c gcd(x4 x2, q) =1. Cng t y= (x4 - x2)-1modq, ta c (x4 - x2)y= kq-+1 vi kl mt s nguyn no , v ta c p x4-x2) y = pkq+1 (modp) = (-1)k p (modp) (v pq =-1 (modp)) = p (modp). Nh vy ta c p(X4 -*2).y = a( x - x3) y (modp) = p (modp). T suy ra ga p = (x1 - x3 )y mod(p -1) hay l loga p = (x - X3)y +qmod(p-1). C the th e xc nh gi tr no trong hai gi tr ng l lo ga p . By gi ta xt trrng hp d=q. V 0 < x2 , x4 < q-1, nn -( -1) q < x4 - x2 < q-1. Do khng the c gcd(x4 - x2, p -1) = q, trng hp ny khng the xy ra. Cui cng l trng hp d = p -1. iu ny ch xy ra nu x2 = x4. Nhng khi ta c aX1PX2 = aX3PX2 (modp) aX1 =ax (modp) v xx=x3. Nh vy x, x2) = (x3, x4), mu thun vi gi thit. Vy trng hp ny cng khng the xy ra. nh l ni trn c chng minh. Hm bm Chaum-van Heijst-Pfitzmann l khng va chm mnh. Ch rng nu p c di bieu din nh phn l t bit, tc Zp l tp con ca ={0,1}f , th qc di t-1 bit, v ZqxZq l tp con ca = {0,1}m vi m =2(t-1). Hm bm h c nh ngha trn c the xem l hm h : ^ . Vi muc ch ch k, ta mun c nhng hm bm h : ^ vi l tp cc t c s bit hn ch, nhng li l tp cc t c di tu . Mun vy, ta phi c kh nng m rng hm bm; nh l sau y cho ta kh nng .
lo lo

5.3.3. M rng hm bm. By gi gi s h : Zm ^ Z2 ( y Z ={0,1}) l mt hm bm khng va chm mnh tho mn m> t+1 (hm bm trong muc trn tho mn iu kin ). Ta s dng h e xy dng mt hm bm h*: Z* ^ Z2 nh sau : Gi s xe Z *, ta ct x thnh cc on c cng di l bit, trong l = m-t-1, nu on cui cng cha c l bit, th ta b sung thm cc bit 0 cho , v e ghi nh s b sung (chang hn l dbit) ta thm cho x mt on cui xk+1 l bieu din nh phn l bit ca s d. Nh vy mi xe Z2 c vit li di dng x x x = 1 2 --- xkxk+v trong vi mi i =1,2,...,k, k +1, x e Z2 (ta ch rng nu bit x di dng ny ta s khi phuc li c x dng gc ban u). Ta nh ngha mt cch qui dy t g1, g2,..., gk +1e Z2 v hm h" nh sau : g = h (0t+1x1), gi+1=h (gi1xi+1) (i=1,...,k) h (A) = gk+1 . Nh vy, gi tr ca hm bm h* l mt t c di tbit. Ngi ta chng minh c nh l sau y : Nu hm bm h c tnh cht khng va chm manh th hm bm m rng h cng c tnh cht khng va chm mnh. 5.3.4. Xy dng hm bm t cc h mt m. C mt phng php chung e xy dng hm bm l s dung cc h mt m kho i xng. Gi s (P, C K , D) l mt h mt m kho i xng m an ton c th nghim. tin trnh by, ta c th gi thit rng P =C =K = Zn. Nn chn n kh ln, c n > 128 trnh kiu tn cng ngy sinh. Chang hn, c the chn h mt m l h DES (c the vi nhng iu chnh cn thit c di cc k t trong P , C, K thch hp). Xut pht t hm lp mt m E ta xc nh mt hm f: Zn X Zn ^ Zn sao cho vi mi (x y) e Zn X Z2, gi tr caf X, y) c tnh theo x, y v hm E. By gi gi s cho xe Z2. Nh trong muc trn, ta c th vit xdi dng ghp ni lin tip ca kon k t, mi on c n bit : x= x1x2....xk . Tip , ta chn mt gi tr ban u g0e Zn, v xy dng tip gv g2,...,gk theo qui tc

gi = f ( X , gi-1) vi i=1,2,...,k. V cui cng, ta nh ngha gi tr hm bm h (x) = gk . Hm bm h c nh ngha nh vy l mt hm nh x z2 vo zn; trong trng hp chung c th khng bo m tnh an ton, nhng ngi ta chng t c rng n l an ton trong cc trng hp hm f c chn nh sau: f (x, y) = X E (yx), f (x, y) = X y E(y,x), f (x, y) = X E(y,x y), f (x, y) = X y E(y,x y) , trong l php cng mod2 tng cp bit mt ca hai t c s bit bng nhau. 5.4. Mt s' s ch k khc. 5.4.1. S ch k Rabin. Tng t nh s ch k RSA, s ch k Rabin cng s dung s nguyn n l tch ca hai s nguyn t ln p v q, n =p.q, vi hm mt pha y l hm ly bnh phng ca mt s nguyn theo modn, c hm ngc l hm tm cn bc hai theo modn, mt hm khng tnh c mt cch d dng nu khng bit cc tha s p ,q ca n. Nh vy, mt cch i the, s ch k Rabin c the c m t l mt b = (P, A, K, S, V), trong P= Qn , A = Zn, K l tp cc cp kho K=(K,K"), trong K" = n l kho cng khai dng e? kiem th ch k,n l tch ca hai s nguyn t ln p v q, n =p.q, vi p = q = 3 (mod4), cn K = d vi d= (n-p -q +5)/8 l kho b mt dng e k. Cc hm sigK, v verK, c xc nh nh sau: sigK, (x) = xdmodn , verK,, (x,y ) = ng o X = y 2 (modn ). Ta ch rng nu p v q c chn vi tnh cht ni trn th vi mi x eP =Qn , x dmodn l mt cn bc hai ca xtheo modn, v 2d 8 4 2(p-1)(q-1)+4 (p-1)(q-1) f1 X = X = X = X (modn) ; v cc hm sigK, v verK c inh ngha nh trn l hp thc. Y tng c bn v mt s ch k Rabin ch n gin l nh th, tuy nhin e c mt s ch k dng c trong thc t,

ngi ta mun tp cc vn bn P khng hn ch trong Qn , m rng ri hn, l Zn chang hn, nhng c nh vy, ta phi dng thm mt hm R chuyn mt X eP ban u v mt gi tr m no c quan h gn gi vi mt thng d bc hai theo modn s ch k theo tng ni trn c th vn hnh c. thc hin c mt s ch k sa i nh vy, ngi ta s dng mt b ton hc sau y: B 5.4.1. Gi s p v q l cc s nguyn t khc nhau cng ng d vi 3 theo mod4, v n = p.q. Khi ta c: 1) Nu gcd(X,n) =1, th x(p-1)(q-1)/2 1 (modn) 2) Nu x e Q , th x('n-p-q+5) 8 modn l mt cn bc hai ca X theo modn.

x, khix e Qn, n - x, khi x 4) Nu p ^ q (mod8) th Q. = -1. Do , nhn mt s nguyn Xbt k vi 2 hay vi 2-1modn u o ngc k hiu Jacobi ca X Ngi c c th t chng minh ly b trn. By gi mt s ch k Rabin sa i c th c Xy dng nh sau : Trc ht ta Xc nh cho mi thc th tham gia mt cp kho K=(K,K"), vi kho cng khai K = n, kho b mt K" = (p,q) hay = d = (n -p -q +5)/8,trong p v q l hai s nguyn t c tnh cht p 3(mod8) v q 7(mod8),n =p.q ;p v qc chn v gi b mt. Thc th A c kho K =(K,K) s to ch k trn mt vn bn X (XeZn, X < (n -6)/16) bng cc bc sau y : a. Tnh m=R(X) =16x+6.

c. Nu J=1 th tnh s=mdmodn, nu J= -1 th tnh s =(m/2)d modn. d. s l ch k ca A trn X. Vic kim th ch k s ca A bng cch dng kha cng khai n c thc hin bi cc bc sau y: a. Tnh irt=s2modn b. Nu m 6(mod8), th ly m =m*, nu m 3(mod8), th ly m =2m*, nu m 7(mod8), th ly m =n -m*,

nu mt= 2(mod8), th ly m =2(n -m *). c. Th iu kin m = 6 (mod16), nu sai th bc b ch k. d. Nu iu kin trn ng th ly X = R _1(m) = (m -6)/16. (Theo nh ngha ca php kiem th th ta c the vit iu d l: thut ton kiem th xc nhn sl ch k ca A trn vn bn xnu X = R _1(m) = (m -6)/16). Ta c the chng minh tnh hp thc ca cc thut ton k v kiem th nh sau: Cc bc to ch k b-c cho ta ch k Rabin ca v =m hay v =m/2 tu theo k hiu Jacobi bng 1 hay khng. Theo iu 4 ca b 5.4.1, c ng mt kh nng hoc m, hoc m/2 c gi tr k hiu Jacobi bng 1. Gi tr v c k l = 3 hoc = 6 (mod8). Theo iu 3 ca b , s2modn =vhoc = n -v l tu theo ve Qn hay khng. V n = 5 (mod8), c the xc nh mt cch duy nht mt trong hai trng hp . Th du: Gi th chn p=19, q =31, do n =589 v d=68. A c kho cng khai n =589 v kho b mt d =68. Khng gian k gm cc gi tr ca m ng vi cc gi tr x= 0,1,2,...,32,33 cng vi cc gi tr ca k hiu Jacobi tng ng c cho bi bng sau y:

m ( j 1589 J m ( ^ 1589 J m (m^ 1589 J m m 1589 J

m m

6 -1

22 1

54 -1

70 -1

86 1

102 1

118 1

134 1

150 -1

166 182 198 214 230 246 1 -1 1 1 1 1 326 358 374 390 406 422 -1 -1 -1 -1 -1 1 486 502 -1 1

262 278 -1 1 438 454 1 1

294 -1 470 -1

518 ; 534 550 566 582 -1 1 1 -1

Ta to ch k vi thng bo X =12. Tnh m = R(12) =198, ^ = 1^1 = 1, v s= 19868mod589 = 102. Ch k l s =102. Dng thut ton kim th ta c: m*= s2modn = 1022mod589 =391. V m = 7 (mod8), ta ly m =n -m*= 589-391=198. Cui cng, tnh x= R_1(m) = (198-6)/16 =12, v ch k c xc nhn.

5.4.2. S ch k Fiat-Shamir. Mi s ch k Fiat-Shamir s dung mt hm bm h : Z2* ^ Z2k ,bin mi dy k t nh phn X di tu thnh mt dy c di kbit, c gi l tm lc ca X . Mi thc th A to cho mnh cp kho K=(K,K") bng cch: chn hai s nguyn t khc nhau p v q, v t n =p.q; sau chn ngu nhin k s nguyn khc nhau s,..., sk e Z*, v tnh vi mi j (1< j < k) v. = s-2 modn. Xc nh kho b mt K l b k (s,..., sk ), v kho cng khai K"l gm b k (v1,...,vk) v muyn n. Ly P = Z2 , A = Z2 X Z , v Xc inh cc thut ton k v kim th nh sau: to ch k trn vn bn X eP = Z2, A chn ngu nhin mt s nguyn dng r eZn , tnh u =r2modn, tnh e =(e,..., ek ) = h(X II u), trong X II u l dy k t nh phn thu c bng cch ni ghp biu din nh phn ca s u tip sau biu din nh phn ca s X. Ch k ca A trn Xc nh ngha l (e,s), trong s = r.nk se modn. 1 j=1 j kim th (e,s) c ng l ch k ca A trn Xhay khng, ta dng kho cng khai (v,..., vk) v muyn n tnh w = s2 .nk vej modn, j=1 j ri tnh e = h(X II w); v Xc nhn (e,s) ng l ch k ca A trn X khi v ch khi e = e . D chng minh rng nu (e,s ) l ch k ca A trn X th e= e, v ngc li, tc cc thut ton k v kim th Xc nh nh trn l hp thc. 5.4.3. S ch k Schnorr. S ch k Schnorr cng c Xy dng tng t nh s Fiat-Shamir, nhng y ta dng mt hm bm mt pha da trn bi ton kh tnh lgarit ri rc. Mi thc th A to cho mnh cp kho K=(K,K") bng cch: Chn mt s nguyn t ln p, mt s nguyn t q l c s ca p-1, mt phn t acp qca Z*, v mt s a , 1< a < q-1. Gi K=a l kho b mt , v cng b kho cng khai K" = (p,q,a,r, trong r =aa modp. Chn mt hm bm h : Z*2^ Z . Ly P = Z* v A = Z X Z .

 k trn mt thng bo x eP =Z* A chn thm mt s ngu nhin ke Zq v tnh y =ak modp, e = h( XII y) v s = ae+k modq. Ch k ca A trn xc xc nh l cp s (s, e). e kim th xem cp s (s, e) c ng l ch k ca A trn x hay khng, ta dng kho cng khai K" = (p,q,a,r) tnh v = asr~ modp v e' = h(XII v), v xc nhn (s, e) ng l ch k ca A trn xkhi v ch khi e' = e . Ta c th chng minh rng cc thut ton k v kim th xc nh nh y l hp thc. Thc vy, nu ch k(s, e) c k bi A trn x, th v = aa r~ modp = as' a~aemodp = ak modp =y, do e' = h(X II v) = h(X II y) =e. Ngc li, cng d chng t rng nu e' = e th (s, e) ng l ch k ca A trn x.
e e

5.5.Ch k khng ph nh c v khng chTi b c 5.5.1. t vn . Trong cc phn trc ta trnh by mt vi s ch k in t ; trong cc s , vic kiem th tnh ng n ca ch kl do ngi nhn thc hin. Nh vy, c vn bn cng ch k c th c sao chp v tn pht cho nhiu ngi m khng c php ca ngi gi. e trnh kh nng , ngi ta a ra cc s ch k khng ph nh c vi mt yu cu l ch k khng the c kiem th nu khng c s hp tc ca ngi k. S hp tc c thc hin thng qua mt giao thc mi hi v tr li gia ngi nhn v ngi gi (cng l ngi k), gi l giao thc kim th. Khi ch k i hi c xc nhn bng mt giao thc kim th th mt vn khc li ny sinh l lm th no ngn cn ngi k chi b mt ch k m anh ta k bng cch tuyn b rng ch k l gi mo? e p ng yu cu , cn c thm mt giao thc chi b, thng qua giao thc ny ngi k c th chng minh mt ch k khng phi ca mnh ng thc l gi mo. Nu anh ta t chi khng tham gia giao thc th c bng chng chng t rng anh ta khng chng minh c l ch k gi mo, tc khng chi b c ch k ca mnh! Nh vy, mt s ch k khng ph nh c s gm ba phn : mt thut ton k, mt giao thc kim th v mt giao thc chi b. 5.5.2. S ch k Chaum-van Antverpen. S ch k khng ph nh c u tin c Chaum v van Antverpen xut nm 1989. Mt ch th A chn mt s nguyn t dng Sophie Germain p =2q +1, trong q cng l s

nguyn t; chn a e Z * l mt phn t cp q . Gi Gl nhm con (theo php nhn) cp q sinh bi a ca Zp. S ch k Chaum - van Antverpen ca A gm c: P =A =G, cp kho K=(K,K,r) gm c kho b mt K = a v kho cng khai K" = (p,a, a, P), trong a l mt s nguyn dng < p1, v p= aa modp. Thut ton k: A k trn vn bn xeP =G vi ch k y= sigK, (x) = Xa modp. Giao thc kim th : Vi vn bn x v ch k y ngi nhn B cng ngi k A thc hin giao thc kim th sau y: 1. B chn ngu nhin hai s ex,e2 eZq, tnh c = yei .p2 modp v gi ccho A, 2. A tnh d = ca modqmodp v gi d cho B. 3. B chp nhn y l ch k ca A trn x nu d = Xe1.ae2 modp . Giao thc chi b: gm cc bc sau y: 1. B chn ngu nhin hai s e1,e2 eZ*, tnh c = yei.p2 modp v gi ccho A, 2. A tnh d = ca modqmodpv gi d cho B, 3. B th iu kin d Xe1 a (mod p). 4. B chn tip hai s fx,f2 eZ*, tnh C = yf1.pf2modp v gi C cho A, 5. A tnh D = Ca"modq modpv gi Dcho B, 6. B th iu kin D Xf ,af (mod p) 7. B kt lun y l ch k gi mo, nu (dae2)f = (Da~ f2)e1 (modp). 5.5.3. Tnh hp thc ca cc giao thc. Ta s chng minh hai nh l sau y chng t tnh hp thc ca cc giao thc kim th v chi b ca s ch k Chaum-van Antverpen. nh l 5.5.1. a)N'u y ng l ch k ca A trn x tc y a =x modp, th vic B chp nhn y l ch k ca A trn x theo giao thc kim th l ng. b) Nu y x a(modp), tc y khng phi l ch k ca A trn x th vic B theo giao thc kim th, chp nhn y l ch k ca A trn x c th xy ra vi xc sut 1/ q. Chng minh. a) Gi s y xa modp. Khi , ya = x(mod p). (ch rng tt c cc s m u c tnh theo modq). Ta cng c

pa a(mod p). Do , d ca- P2^ xea2 (modp), v theo giao thc kim th, B chp nhn y l ch k ca A trn X, vic chp nhn l ng. b)By gi gi th y X a(modp). Trc ht ta ch rng mi li mi hi c tng ng vi ng qcp (e, e2), v yv p\ cc phn t ca nhm nhn G cp q. Khi A nhn c cu hi c, A khng c cch g bit l B dng cp (e, e2) no trong qcp c th . Ta chng minh rng, do y X a(modp), nn trong q cp ch c ng mt cp tho mn ng d thc d xeae2 (modp). Thc vy, ta c th t c = , d = a, x = ak, y = a1 vi i, j, k, l e Zq ,v a l phn t sinh ca G ,v hai ng d thc c ye1^e2(modp) v d xeae2 (modp) tng ng vi hai phng trnh i le1 + ae2 (modq) j ke + e2(modq). a T gi thit y X (modp) suy ra l - ak 0 (modq), tc nh thc ca h phng trnh ni trn (vi cc n s e1, e2) l 0 (modq). Nh vy, mi d e Gl cu tr li ng (theo giao thc kim th) ch vi mt cp (e, e2) trong q cp c th. V vy, nu y X a(modp) , th Xc sut B chp nhn yl ch k ca A trn X(theo giao thc) l bng 1/ q. nh l c chng minh. i vi giao thc chi b, ta c nh l sau y : nh l 5.5.2. a) Nu y X a(modp), v c A,B u tun theo giao thc chi b, th (daTe2)f (DaT f2' (modp), tc giao thc cho kt qu chnh Xc. b) Nu yXa modp, A v B u tun theo giao thc, v c d xe1.ae2(modp) D xf ,af2 (mod p) Khi , ng d thc (dae2)f (Da f2)e1 (modp) ng vi Xc sut 1/q, tc nu y ng l ch k ca A trn X th theo giao thc, B c th kt lun rng n l gi mo (mt cch sai lm) vi Xc sut 1/q. Chne minh. a) Gi th y x (mod p) , v A,B cng thc hin giao thc chi b. Do y khng l ch k ca A trn X nn B s kim th ng cc bt ng d thc trong cc bc 3 v 6 ca giao thc. V p aa (modp), nn ta c (da e2)f ((yei pe2 )a a~e2)f (modp)

= y\A = yea f (modp).

f1

(modp)

Tng t, ta cng c (DTf2)e = yei f (modp). Nh vy, ng d thc im 7 ca giao thc c nghim ng, v kt lun yl ch k gi mo ca A trn xl chnh xc, khng the bc b c. b) By gi gi thit y = xa (modp), v A, B cng thc hin giao thc chi b. t x0 = d1 e1a *2/e1 modp, ta c x0a = da/e!.a~ae2/e1 (xea2)a e1a e1 = xa = y (modp). Theo im b) trong nh l 5.5.1, B c th chp nhn y l ch k ca A trn X , tc l c ng d thc D = xf1af2 (modp), vi xc sut 1/ q. Nhng ng d thc tng ng vi ng d thc (da*2)f = (Da f2)e1 (modp), tc ng d thc ny cng c th xy ra vi xc sut 1/ q. inh l c chng minh. Ta ch rng trong giao thc chi b, cp (e, e2) c s dung to ra x0 vi xa ymodp); cn cp f1, f2) c dng kiem th xem yc l ch k ca A trn x0 hay khng.
/ ae2/

Th du minh hoa. Chn p = 467, q =233 (p= 2q +1), a =4 l phn t sinh ca mt nhm con G cp 233 ca Z467. Chn a =101, khi ta c p=aamodp = 4101mod467 =449. A c cp kho K=(K,K,r) vi K =101, v K" = (467, 4, 449). Gi th A k trn vn bn x =119 vi ch k y = 119101mod467 =129. 1) B c the dng giao thc kiem th e bit y c ng l ch k ca A trn x hay khng nh sau: B chn ngu nhin e=38, e2=397, v tnh c=13; A s tr li li bng d=9. B th iu kin d = xei a*2 modp, tc l 9= 38 397 119 .4 (mod467). ng d thc ng. B chp nhn 129 ng l ch k ca A trn vn bn 119. 2) By gi ta th thc hin giao thc chi b. Gi th A gi vn bn x =286 vi ch k y = 83. B chn ngu nhin e=45, e2=237, ri tnh c =305 v gi cho A; A tr li li bng d =109. B th iu kin d xe1.ae2(modp), iu kin c tho mn v

109^149(=28645.4237mod467). B li tip tuc phn sau ca giao thc bng cch chn ngu nhin f =125, f =9, v tnh C=270, gi cho A, A tr li li bng D =68. B li th iu kin D Xf .af (modp), iu kin ny cng c tho mn v 68^25(=286125.49mod467). By gi B li th iu kin cui cng ca giao thc bng cch tnh (da 2)f = (109.4-237))125 = 188(mod467) (DaT f2)e1 = (68.4-9)45 = 188(mod467) Hai gi tr bng nhau. B c the kt lun y khng phi l ch k ca A trn x vi xc sut sai lm l 1/233! Th du ny c trnh by vi muc ch minh ho, nn ch s dung cc s nguyn t p, q b cho d tnh. Trong thc t ng dung, bo m tnh an ton, ta phi dng cc s p, q rt ln, chang hn phi l cc s c biu din nh phn c 512 bit, khi ta c q > 2510, tc l 1/ q < 2-510, mt xc sut rt b, c th b qua; v v vy, cc yu cu i vi cc giao thc kim th v giao thc chi b nh cp n trong phn t vn (5.5.1) c th xem l c tho mn.

CHNG VI

Cc s xng danh v xc nhn danh tnh

6.1. Vn xng danh. Trong chng trc ta thy cc k thut mt m c the c ng dung e xy dng nhiu gii php an ton cho vn xc nhn cc thng bo cng vi ngi gi trn cc mng truyn tin cng cng. Trong chng ny ta s xt vic ng dung cng cc k thut cho bi ton xy dng cc s xng danh v xc nhn danh tnh, cng l mt bi ton quan trng v thng gp trong mi hot ng giao lu thng tin, c bit giao lu qua mng. Vic xng danh v xc nhn danh tnh ca mt ngi thng l cn thit trong nhng tnh hung nh: - e rt tin t cc my rt tin t ng (ATM), ta cn xng danh bng cch dng mt th rt tin cng vi mt s" PIN (s" xng danh c nhn) ca mnh - e mua hng hoc thanh ton mt khon tin qua mng in thoi, ta cn thng bo s th tn dung (cng ngy ht hn) ca mnh. - e truy nhp vo mt my tnh trn mt mng, ta cn khai bo tn ngi dng cng mt hiu (password) ca mnh. - v.v... Trong thc t cuc sng, vic xng danh theo thi quen thng khng i hi tnh an ton, chang hn cc s PIN, mt khu thng khng c g e bo m l c gi kn, ngi ngoi khng bit c. Tuy nhin, cuc sng cng ngy cng c tin hc ho, phn ln cc giao dch c thc hin trn cc mng tin hc, vic xem thng cc yu cu v an ton trong cc khu xng danh v xc nhn danh tnh l khng the tip tuc c; cn phi c nhng gii php bo m tnh an ton cho cc hot ng . Muc tiu an ton ca vic xng danh l bo m sao cho khi nghe mt ch the A xng danh vi mt ch the B, bt k mt ai

khc A cng khng th sau mo mhn mnh l A, k c chnh B cng khng th mo xng mnh l A sau khi c A xng danh vi mnh. Ni cch khc, A mun chng minh c i tc xc nhn danh tnh ca mnh m khng l bt c thng tin no v vic chng minh danh tnh . Vic xng danh thng phi thng qua mt giao thc hi- p no , qua giao thc , B c th xc nhn danh tnh ca A, B t cho A mt cu hi; A phi tr li, trong tr li A phi chng t cho B bit l A c s hu mt b mt ring A mi c, iu thuyt phuc B tin chc rng ngi tr li ng l A v do xc nhn danh tnh ca A. Vn kh y l A phi lm cho B bit l A c s hu mt b mt ch ring A mi c, nhng li khng c l cho B bit ci b mt ring A mi c l ci g. Mt khc, cho vic A c s hu mt b mt ca ring A l ng tin (d l khng bit) th cn c chng thc bi mt bn th ba no ,chng hn bi mt c quan c u thc (trusted authority). Tt nhin c quan c u thc ny cng khng bit bn thn b mt ca A, nhng bit v chng nhn A l ch s hu ca mt yu t" cng khai m vic A s dung n chng t A c ci b mt ni trn. Trong tit ngay sau y ta s gii thiu mt s xng danh in hnh minh ho cc tng ni trn. 6.2. S xng danh Schnorr. Trong s xng danh ny c s tham gia ca mt c quan c u thc m ta k hiu l TA. TA s chn cc tham s cho s xng danh nh sau: - mt s nguyn t ln p sao cho bi ton tnh lgarit ri rc theo modp l rt kh; v mt c s nguyn t q ca p -1 (ngi ta khuyn nn chn p > 2512 v q> 2140 ). - mt phn t a&Z* c cp q (mt phn t a nh vy c th ly l mt lu tha bc (p -1)/q ca mt phn t nguyn thu theo modp. - mt tham s an ton tsao cho q > 2t C th ly t =40. - TA chn cho mnh mt s ch k gm mt thut ton k(b mt) sigTA v mt thut ton kim th (cng khai)verTA. - mt hm bm an ton (mt pha v khng va chm mnh). Ta gi thit l mi thng tin u c tm lc bi hm bm trc khi c k; tuy nhin trong m t sau y cho n gin ta s b qua cc bc s dung hm bm. Cc tham s p, q, a, thut ton kim th verTA v hm bm u c th c cng b cng khai.

By gi, mt ch th A cn xng danh s yu cu TA cp cho mnh mt chng ch. Th tuc cp chng ch cho A c tin hnh nh sau: 1. TA xc lp cc thng tin v danh tnh ca A nh h,tn, ngy sinh, s chng minh hoc h chiu, v.v... di dng mt dy k t m ta k hiu l IA hay D(A). 2. A chn b mt mt s'" ngu nhin a (0< a < q-1), tnh v = a a mod p v chuyn s vcho TA. 3. TA to ch k s =sgTA(IA, v) v cp cho A chng ch C(A) = (IDA), v, s). Nh vy, chng ch m TA cp cho A gm (IA, v) v ch k ca TA trn thng tin (IA, v) . Ch rng TA cp chng ch cho A m hon ton khng bit g v thng tin b mt ca A l s a. By gi, vi chng ch C(A) , A c th xng danh vi bt k i tc B no bng cch cng B thc hin mt giao thc xc nhn danh tnh nh sau: 1. A chn thm mt s ngu nhin k (0< k < q-1), tnh Y = a k modp, v gi cho B cc thng tin C(A) v Y 2. B kim th ch k ca TA trong chng ch C(A) bi h thc verTA(ID(A), v, s) =ng. Kim th xong, B chn mt s ngu nhin r (1< r < 2t) v gi r cho A. 3. A tnh y=k+armodqv gi ycho B. 4. B th iu kin Y = ayvr (modp) v nu iu kin c tho mn th xc nhn danh tnh ca A. Thc hin giao thc , A s chng minh c danh tnh ca mnh, v avr = ak+arvr m ak+ara-ar m ak (modp) = Y(modp), tc iu kin m B cn th l ng. S xng danh cng vi giao thc xc nhn danh tnh nh m t trn c cc tnh cht p ng cc yu cu nh ra t phn t vn tit 6.1. iu va chng minh trn chng t rng nu A tun th giao thc th B xc nhn danh tnh ca A l ng (B tin rng A qu thc c s hu mt b mt a, d B cng khng bit ci b mt a l s no). By gi ta xt kh nng mt ngi O mun gi danh A giao dch vi B. Kh nng th nht l O to ra mt chng ch gi mo vi danh tnh ca A, mt chng ch nh vy c dng

C(A) = (ID(A), v, s), trong v ^ v. e to ra mt chng ch nh vy th O phi to ra c s l ch k ca TA trn (D(A), va), O khng bit thut ton k sigTA nn khng the to ra ch k ng ca TA c, v nu ly s l mt ch k gi mo, th khi thc hin iem 2 ca giao thc xc nhn danh tnh the no B cng pht hin ra. Kh nng th hai l O vn dng chng ch tht C(A) ca A, t chn mt s k v tnh s Y tng ng theo iem 1 ca giao thc xc nhn danh tnh. Vn y l khi B gi n s r, O phi tr li li bng mt s y sao cho iu kin Y = a v (modp) c nghim ng. iu ny xem ra l rt kh, t nht cng kh nh l O bit b mt v s a ca A vy. Thc vy, gi s O c kh nng ni trn, khi ta cho hai ln hi r1 v r2 O s c hai tr li y v y, v ta c Y = ay vh =a a vr2 (mod p), t suy ra -y2 -r a = v h ( modp). V v = a ta c y y2 = a(r2 r) (mod). V ql s nguyn t > 2l v 0< |r2 - ri I < 2l , nn gcd(r2 - rv q) =1, v O c th tnh c a = (y1 - y2)(r2 - r1)-1 modq. Th du : Ly p =88667, q = 1031 v t =10. Phn t a = 70322 c cp q trong Z*. Gi s A chn s m b mt l a = 755, khi v = 13136. A v B c th thc hin giao thc xc nh danh tnh nh sau: A chn k = 543, v tnh Y =70322543mod88667 =84109 ri gi Y cho B. Gi s B gi r =1000 cho A, A tr li li bng y =k +ar modq = =543+755.1000mod1031 = 851. B th iu kin Y = av r (modp), trong trng hp ny l: 84109 = 70322851131361000 (mod 88667), l ng d thc ng. B xc nhn danh tnh ca A. By gi vn vi cc tham s trn, gi thit O c kh nng tr li ng hai cu hi r=1000 v r2=19 ca B bng y=851 v y=454. Khi O c the tnh c a ( = yi y2)( r2- ri)-1 modq = (851-454)(191000)-1 mod1031 = 755, ng l s b mt ca A. S xng danh Schnorr, vi giao thc xc nhn danh tnh nh nh ngha trn, l c tnh cht y (vic c b mt a bo m A chng minh c danh tnh ca mnh), v ng n ( vic gi danh A thnh cng cng kh nh bit b mt ca A); tuy nhin nh va trnh by trong th du trn, s cha phi l an ton,

vic gi danh l kh nu O khng h bit g v s xng danh , ch nu, chng hn, O c A xng danh vi t nht hai ln (tc hai ln bit c hai cp s (r, y) v (r2, y2)) th c kh nng O pht hin c b mt ca A, nh vy vic xng danh ca A khng cn an ton na! khc phuc im yu ca s Schnorr, Okamoto xut mt sa i lm cho s tr nn an ton, sa i ny da trn tnh kh ca mt bi ton c bit v tnh lgarit ri rc. Ta trnh by trong tit sau y s c sa i . 6.3. S xng danh Okamoto. Cng nh i vi s Schnorr, s xng danh Okamoto cn c mt c quan u thc TA cp chng ch cho cc ngi tham gia. TA ch trc cc s nguyn t p v q nh i vi s Schnorr. Sau , TA chn hai s a1,a2 e Z*, cng c cp q . Gi tr c = log a2 (tc gi tr c sao cho aC =a2) c gi tuyt mt i vi mi ngi tham gia, k c A; ni cch khc, ta gi thit rng vic tnh ra c l cc k kh i vi bt k ai (chng hn, A,O, hoc thm ch lin minh ca A v O,...). Th tuc cp chng ch cho A c tin hnh nh sau: 1. TA xc lp cc thng tin v danh tnh ca A di dng mt dy k t m ta k hiu l IA hay D(A). 2. A chn b mt hai s ngu nhin a1, a2 (0< a1, a2 < q-1), tnh v = a1-aia-a2 mod p, v chuyn s vcho TA. 3. TA to ch k s =sigTA(IA, v) v cp cho A chng ch C(A) = (IDA), v, s). By gi, vi chng ch C(A) , A c th xng danh vi bt k i tc B no bng cch cng B thc hin mt giao thc xc nhn danh tnh nh sau: 1. A chn thm hai s ngu nhin k1,k2 (0< kk < q-1), tnh Y = a^a2 modp, v gi cho B cc thng tin C(A) v Y 2. B kim th ch k ca TA trong chng ch C(A) bi h thc verTA(ID(A), v, s) =ng. Kim th xong, B chn mt s ngu nhin r (1< r < 2t ) v gi r cho A. 3. A tnh y =k1 +a1rmodq, y2 =k2 +a2rmodq, v gi y1,y2 cho B. 4. B th iu kin

Y = a1 yia22 vr (modp) v nu iu kin c tho mn th xc nhn danh tnh ca A. Thc hin giao thc , A s chng minh c danh tnh ca mnh, v aavr = ak1+airak2+a2ra-va-a2r (modp) = a^ak2 (modp) = Y (modp) tc iu kin m B cn th l ng. Nh vy, do bit cp s b mt (a1, a2), nn A c th thc hin thng sut giao thc xc nhn chng minh danh tnh ca mnh. Ngc li, mt ngi khc A, do khng bit cp s b mt (a1, a2), nn kh c kh nng tnh ng c (y1,y2) tr li B bc 3 ca giao thc, tc l khng vt qua c s kim th ca giao thc mo nhn mnh l A. By gi gi s c mt ngi O c th thc hin thng sut giao thc xc nhn c th c mo nhn l A, chang hn t nht hai ln. iu c ngha l O bit c hai s r ^ s v hai cp s 0^2), (z\z) sao cho Y = a fay vr = a^a^2 vs (modp). t b = (y - z )(r - s)-1 mod q,
b

2 =(y2- z2)(r - s)-1 modq,

ta s c v = a-b1a-b2 (modp), do a1-ba;-b2 =aj-a1a-a2 (modp), tc l a b1 = af-a2 (modp). Gi thit rng O v A lin minh vi nhau, khi bit c c cc s a1, a2, b]_, b2. Nu gi thit (a1, a2) ^ (b1, b2) th a2 ^ b2 , v -1 (b2 - a2) modq tn ti, v lgarit ri rc cc tnh bi = loa1 a2 = (a1 - b1)(b2 - a2)-1 modq. Nh vy, nu O c th thc hin thng sut giao thc xc nhn c mo nhn l A th khi O v A lin minh vi nhau c th tm c kh d dng lgarit ri rc c. Nhng t u ta gi thit vic tm ra c l cc k kh i vi bt k ai (l A, l O, thm ch l lin minh ca A v O,...), nn cng s cc k kh O thc hin c thng sut giao thc xc nhn vi muc ch mo xng l A. Vy l ta chng minh c tnh an ton ca s xng danh
c

Okamoto vi giao thc xc nhn danh tnh nh m t trn. Trong chng minh cn mt s ch tinh t cn uc bo sung thm, chang hn nh v sao c the gi thit (a1, a2) ^ (b1, b2), thc ra ngi ta chng minh c rng xc sut ca kh nng (a15 a2) = (b15 b2) l rt b, khng ng ke. Tuy nhin, e n gin trnh by, xin php c b qua mt vi chi tit chng minh tinh t . 6.4. S xng danh Guillou-Quisquater. S Guillou-Quisquater cng c xy dng theo cng mt cch thc nh cc s Schnorr v Okamoto ke trn, nhng bi ton kh m ta da vo y khng phi l bi ton tnh lgarit ri rc m l bi ton RSA. S cng cn c s tham gia ca mt c quan u thc TA e cp chng ch cho cc ngi tham gia. TA chn hai s nguyn t ln p v q v tnh tch n =pq, gi b mt p ,q v cng khai n. Cc tham s c chn sao cho bi ton phn tch n thnh tha s l rt kh. TA cng chn thm mt s b l s nguyn t c ln khong 240 nh l mt tham s an ton. S b cng c xem l s m tho mn iu kin RSA, ngha l vic tnh v = u modn l d, nhng vic tnh ngc u t vl rt kh, nu khng bit p,q. Th tuc cp chng ch cho mt ngi tham gia A c tin hnh nh sau: 1. TA xc lp cc thng tin v danh tnh ca A di dng mt dy k t m ta k hiu l IA hay D(A). 2. A chn b mt mt s ngu nhin u (0< u < n-1), tnh v = (u~l)h modn, v chuyn s vcho TA. 3. TA to ch k s =sigTA(IA, v) v cp cho A chng ch C(A) = IDA), v, s). Nh vy, chng ch m TA cp cho A gm (IA, v) v ch k ca TA trn thng tin (IA, v) . Ch rng TA cp chng ch cho A m c the khng bit g v thng tin b mt ca A l s u. By gi, vi chng ch C(A) , A c the xng danh vi bt k i tc B no bng cch cng B thc hin mt giao thc xc nhn danh tnh nh sau: 1. A chn thm mt s ngu nhin k (0< k < n-1), tnh Y = kh modn, v gi cho B cc thng tin C(A) v Y 2. B kim th ch k ca TA trong chng ch C(A) bi h thc verTA(ID(A), v, s) =ng. Kiem th xong, B chn mt s ngu nhin r (1< r < b-1 ) v gi r cho A.

3. A tnh y =k. u r modn v gi y cho B. 4. B th iu kin Y = vryb (modn) v nu iu kin c tho mn th xc nhn danh tnh ca A. Cng nh cc trng hp trc, vic chng minh tnh y ca s l rt n gin: vryh = (ub )r (kur )b (mod n) = uhrkhhr (mod n) = kh = Y(mod n). Mt ngi khc A, do khng bit s b mt u, nn khng th tnh ng c s y bc 3 ca giao thc c B xc nhn (nh l A) bc 4, tc khng th mo nhn mnh l A; l tnh ng n ca s . Gi s c mt ngi O c th thc hin thng sut giao thc xc nhn c th c mo nhn l A, chng hn t nht hai ln. iu c ngha l O bit c hai s r ^ r2 v hai sy1, y2 sao cho Y = vr1 yh = vr2 yh (mod n). Gi thit r1 > r2, khi ta c vr1 -r2 = (y-i! y)h(mod n). Do 0< r1 -r2< bv b l s nguyn t nn gcd(r -r2, b) =1, c th tnh c d dng t=(r -r2)-1modb, v c v(ri-r2)'t = (y2 / y1 )h (modn). Do t=(r -r2)_1modbnn ta c (r -r2)=/h +1 vi / l mt s nguyn dng no , v vy, v/h+1 = (y2/ yht (modn), hay l =(y2/ y:)h (v _1)/h (modn). Nng c hai v ln lu tha bc b_1mod^ (n), ta c u = (y2/ yj (v~1)1 (mod n). cui cng, tnh nghch o ca hai v theo modn ta c u = (yj yiv1 modn. Nh vy, O tnh c s b mt u trong thi gian a thc! Theo gi thit, iu khng th xy ra, v vy, gi thit v vic O c th thc hin thng sut giao thc xc nhn c mo nhn danh tnh l A l khng ng; s xng danh c chng minh l an ton.
v

Th du: Gi s TA chn p =467, q =479, nh vy n =223693, TA cng chn thm b =503. Gi s A chn s b mt u =101576, v tnh v=(101576-1) mod223693 =89888. TA to ch k s =sigTA(ID(A), v) v cp cho A chng ch C(a) = (D(A),v,s). Gi thit A mun xng danh vi B, A chn k =187485, v gi cho B gi tr Y =187485503mod223693 =24412. B dng thut ton kim th verTA th iu kin verTA(ID(A), v,s = ng, sau gi n A cu hi r = 375. A s tr li li bng y=187485.101576375 mod223693 = 93725. B th iu kin Y = vryb (modn), trong trng hp ny l 24412 = 89888375. 93725503(mod 223693), ng d thc ng. Vy B xc nhn danh tnh ca A. By gi ta li gi thit l O bit c hai s r=401, r2=375 v cc s tng ng y=103386 v y=93725. O bit rng v401.103386b = v375. 93725b (modn). O s tnh t=(r1- r2)-1 modb= (401-375)-1mod503 =445, sau tnh c = (r -r2)t -1 = (401 - 375)445 -1 = 23 b 503 ' Cui cng, O s tm c gi tr b mt u l u = (y1 / y2)V modn = (103386/93725)445.8988823 mod 223693 = 101576, l s b mt ca A. Ch : S xng danh Guillou-Quisquater, cng nh cc s Schnorr v Okamoto trc , u cn c chng ch ca TA cho mi ngi tham gia. Ta c th thay oi cht t bin s xng danh thnh mt s xng danh da vo danh tnh m khng cn c chng ch nh sau: S dng mt hm bm cng khai h , v thay cho vic cp chng ch C(A) cho ngi tham gia A, TA s cp cho A danh tnh IDA cng mt s u c tnh bi cng thc u =(h(ID(A))~1)a modn . (a l mt s m b mt ca TA). S u c A gi ring cho mnh. Khi A cn xng danh vi B, A v B cng thc hin mt giao thc xc nhn danh tnh sau y: 1. A chn mt s ngu nhin k, 0< k < n -1, v tnh Y= kb modn,

ri gi D(A) v Y cho B. 2. B tnh v =h(D(A)); chn mt s ngu nhin r (0< r<1) v gi rcho A. 3. A tnh y=kur modn v gi ycho B. 4. B th iu kin Y= vry (modn) xc nhn danh tnh ca A. Khi xng danh theo giao thc ni trn vi B, A ch cn bit gi tr u l mt gi tr c tnh bi TA (v ch TA tnh c gi tr ). O khng the gi mo danh tnh ca A v O khng bit gi tr u. 6.5. Giao thc Feige-Fiat-Shamir. Giao thc xng danh Feige-Fiat-Shamir m ta s gii thiu trong tit ny thng c xem l mt giao thc ien hnh, trong mt ch the t xng danh bng cch chng minh l mnh bit mt b mt vi vic dng mt kieu chng minh m ta s gi l chng mi khng l tri thc (zeroknowledge proof), tc l trong chng minh khng tit l bt c mt thng tin d nh no lin quan n gi tr b mt ca ch th xng danh. y,thut ng tri thc ch c dng vi mt ngha rt hn ch e ni v vic bit mt b mt ca mt ch the, m ci bit ny thng khi ch l bit mt bit (0 hoc 1, ng hoc sai), khng l tri thc l khng tit l ci bit v mt bit . Trong tit sau ta s cp n cc chng minh khng l tri thc vi mt ngha rng hn, khi tri thc s c ngha l bit chng minh ca mt bi ton, v chng minh khng l tri thc s c ngha l thuyt phuc mt i tc tin rng mnh bit cch chng minh ca bi ton , v ngoi vic b thuyt phuc ra th i tc khng khai thc c bt c thng tin g khc e c the lp li chng minh c. By gi ta tr li vi vic trnh by giao thc xng danh FeigeFiat-Shamir. bc chun b, trung tm c u thc (TA) cng b mt muyn chung n =pq cho mi ngi tham gia, sau khi chn v gi b mt hai s nguyn t ln p v q, mi s ny u ng d vi 3 theo mod4. Bi ton phn tch n thnh tha s c gi thit l cc kh. Mt s nguyn n nh trn l s nguyn Blum, vi -1 l mt gi thng d bc hai theo modn (tc l mt bt thng d bc hai c k hiu Jacobi bng +1). Mi ngi tham gia thc hin cc vic chun b nh sau: Chn ks nguyn ngu nhin s1, s2,...,sk trong tp {1,...,n 1}, v kbit ngu nhin b, b2,..., bk. - Tnh v. = (-1)bi (s2)-1 mod n vi mi 1 < i < k.

- Mi ch th A ng k vi TA kho cng khai (v1v.., vk ; n) ca mnh, v gi cho ring mnh kho b mt (s1 ,...,sk). Hot ng ca giao thc xng danh s gm vic thc hin t vng hi-p sau y; B s chp nhn danh tnh ca A nu tt c t vng u thnh cng. Gi thit B c kho cng khai ca A. Mi vng gm cc bc : (a) A chn s nguyn ngu nhin r (1< r < n -1), v mt bit ngu nhin b, tnh x = (-1)h.r2 mod n ; v gi xcho B nh mt bng chng. (b) B gi cho A mt vect gm kbit ngu nhin (e1,..., ek ) nh mt cu hi hay li thch . (c) A tnh v gi cho B y = r .n = sej modn, nh cu tr li. (d) B tnh z=y nk= vej modn, v th iu kin z=x v z^0 . Ch rng trong giao thc trn y,cc s k v t l cc tham s an ton nh s c gii thch trong mt on sau. Th du : Gi s trung tm TA chn p =683 v q =811, v cng b n = pq = 553913. Chn cc tham s k =3, t=1. Gi s A chn s1 =157, s2 =43215, s3 =4646, v 3 bit b=1, b2=0, b=1. Tnh ra v=441845, v=338402, v=124423. Kho cng khai ca A l (441845, 338402, 124423; 553913), kho b mt l (157, 43215, 4646). Giao thc xng danh ca A c th c thc hin nh sau: a) A chn r=1279, b =1, tnh c x =25898, v gi cho B, b) B ra li thch (e, e2, e3)=(0,0,1). c) A tr li li bng y=rs3 modn = 403104. d) B tnh z = y2v3modn = 25898 v th ng z =+x v z^0 . Do B chp nhn danh tnh ca A. i vi giao thc Feige-Fiat-Shamir, ngi ta chng minh c rng kh nng thnh cng ca vic mo xng danh tnh c xc sut nhiu lm l 2k , do nu chn kv t sao cho kt =20 chng hn th xc sut l khong 1 phn triu, v nu kt =40 th xc sut l khong 1 phn triu triu, c th coi l khng th xy ra. Tnh an ton ca giao thc da trn kh ca bi ton khai cn bc hai theo muyn l mt hp s ln kh phn tch thnh tha s. Giao thc cng c tnh cht l mt chng minh khng l tri thc theo ngha l nh bit kho b mt m A thc hin vic tr li trong cc vng hi-p mt cch tri chy, nhng ton b cc tr li ca A khng l bt k mt cht b mt no ngi khc (k c B) c th khai thc nhm pht hin (kho) b mt ca A. 6.6. Php chng minh khng l tri thc.

(zero-knowledge proof) Nh gii thiu trong phn m u 6.1, bi ton xng danh v xc nhn danh tnh ng mt vai tr c ngha to ln trong mi hot ng giao dch ca x hi. vic xng danh c an ton, mt yu cu quan trng l cn chng c vic mo xng danh tnh ca ngi khc trong giao dch. Khi vic giao dch c in t ho mt cch rng ri, yu cu an ton t ra nhiu vn cn c gii quyt bng nhng gii php khoa hc. Nhng gii php n gin v th s nh trnh tn tuoi, mt hiu (password),... khng cn an ton, v kh gi c b mt lm cho ngi khc c th d dng bt chc mo xng. Trong cc phn trn ca chng ny, ta trnh by mt s s xng danh da vo cc giao thc hi-p, ngi kim th a ra cc cu hi, v ngi xng danh tr li, da trn cc tr li ngi kim th hoc a thm nhng cu hi mi, hoc chp nhn (hay bc b) danh tnh ca ngi xng danh. Phn ln cc giao thc hi-p trong cc s xng danh u c t nhiu tnh cht ca mt chng minh khng l tri thc, d tri thc m ta cp n ch l vic bit hay khng bit mt b mt (ca kho xng danh). Khi nim chng minh khng l tri thc ban u xut pht t vic nghin cu cc s xng danh, v sau c m rng cho nhiu loi bi ton khc. Cc bi ton m ta s tm kim cho chng nhng chng minh khng l tri thc thng l nhng bi ton quyt inh, l nhng bi ton c xc nh bi mt tp d liu v mt tnh cht n, v ni dung ca bi ton l xt xem vi mi xe , xc tnh cht n hay khng. Mt s lp cc bi ton quyt nh nh vy c xt n khi ta nghin cu v phc tp tnh ton trong chng II. Tham gia vo mt giao thc chng minh gm c hai ngi: mt l ngi chng minh (k hiu l P-prover) v mt l ngi kim th (k hiu V- verifier). Giao thc gm cc cu hip gia V v P, thng l V a ra cc cu hi hay thch , v V a ra cc cu tr li. Gi th P bit chc chn rng x c tnh cht n, P c th dng mt giao thc chng minh thuyt phuc V tin rng x c tnh cht n, v mt giao thc chng minh c gi l khng l tri thc, nu ngoi vic thuyt phuc c V tin l xc tnh cht n ra, P khng l bt c mt thng tin no c th gip ngi khc (k c V) dng chng minh x c tnh cht n. Trc khi a ra c cc nh ngha ton hc v cc khi nim , ta hy xt mt th du v mt bi ton quen thuc l bi ton ang cu graph, vi tp d liu l tp cc cp graph (G, G2), v ni dung bi ton l cu hi: hai graph G1 v G2 c ang cu vi nhau khng. Trong l

thuyt v phc tp tnh ton, bi ton ny c mt vai tr c bit, v l mt bi ton cha bit c thut ton no vi thi gian a thc gii n hay khng, nhng cng cha c chng minh no chng t n l NP-y . Di y l s tng tc chng minh khng l tri thc ca bi ton ang cu graph: Gi s cho hai graph G v G2 c tp nh {1, 2,...,n}. Gi s P bit G1 v G2 ang cu vi nhau (chang hn do bit mt hon v trn tp {1, 2,...,n} sao cho G1 l nh ca G2 qua hon v ). S tng tc chng minh G1 v G2 ang cu gm m vng hi- p, mi vng c 4 bc sau y: 1. P chn mt hon v ngu nhin nca {1, 2,...,n}, lp graph H l nh ca G1 qua hon v n, v gi Hcho V. 2. V chn s ngu nhin i e {1, 2} v gi n cho P. 3. P tnh mt hon v p trn {1, 2,...,n} sao cho H l nh ca Gi qua p (cu th, nu i=1 th ly p =n, nu i=2 th lyp =n .), ri gi p cho V. 4. V th xem H c l nh ca Gi qua p hay khng. V s chp nhn chng minh ca P nu V th ng iu kin 4 tt c m vng hi-p . Th du: Ta minh ho hot ng ca giao thc tng tc chng minh s ang cu ca hai graph bng th du di y: Gi s G = (V E) v G2 = (VE2) l hai graph vi tp nh V={1, 2, 3, 4} v cc tp cnh E ={12,13,14,34}, E2={12,13,23,24}. Gi s P bit G2 ang cu vi G qua hon v = {4 1 3 2}.

3 Mt vng ca giao thc c th xy ra nh sau: 1. P chn ngu nhin hon v n= {2 4 1 3}. Graph Hs c tp cnh {12,13,23,24}, l nh ca G1 qua n. P gi H cho V. 2. V chn i=2 v gi cho P nh mt cu hi. 3. P th thy hon v p =n . ={3 2 1 4} nh x G2 thnh H v do gi p cho V. 4. V th ng H l nh ca G2 qua hon v p. Ta kt lun vng hip ny thnh cng. Ton b giao thc gm c m = log2n vng.

) ca V, P s p li bng php hon v p =n. R rng l V chp nhn cu tr li l ng, v vng hi-p thnh cng. Nh vy, P la c V mt vng, v xc sut thnh cng bng xc sut P on trc ng cu hi m V s a ra, tc l khng ln hn 1/2. Vy nu G1 v G2 khng ng cu vi nhau th kh nng V b la m vy, nu G11v G2 cu vi Gl (hay chnh xc hn, nu -m = 2Nh tin rng G ng ng cu 2 c xc sut khng qa 2 A bit logn G1 ng cu vi G2 ) v mi ngnhc th tn trng, th rt ln. iu = 1/n, mt gi tr khng qui k c b qua v n giao thc thnh cng v rng nu P vic V chp nhn G 2 ng cu vi nhau l P cng cng, ni xc sut ca khng bit G1 v chng minh l 1. thtnh y khng giao thc. ca th li dung giao thc m la V rng P bit G1 v G2 ng cu. l tnh ng n ca giao thc. Mt khc, nu G1 v G2 khng ng cu vi nhau, th cch duy nht By gi ta ni nhntnh khng thc l mi vng thc p,trn. Ta P la V chp n theo giao l tri thc ca giao hi- ni P on thy ng c cu hi (s /) m V ca giao thc, tt trcrng thc hin mi vng hi-p s a ra bc c nhng g m P a do cho bc 1, chn ngu nhin mt hon v G2, gi cho 2, vn V l mtPbn sao H ng cu vi G v n vv mt hon v p thc hin l nh cu t G1 ti H hoc t tr li cu hi (l s V graph Hs ngca Gi qua n, ri bc 3G2 ti H (nhng khng phi c hai !). T cc thng tin khng V thit lp c ngay mt php ng cu ca G1 v G2 (ta ch hon v p m P chuyn cho V l p =n hoc p=n., t khng d g tm c ). Mt cch trc gic, iu chng t l giao thc khng l tri thc. c mt inh ngha ton hc cho khi nim khng l tri thc, ta xt k hn lp lun trn y. Ta hy xem qua mt chng minh tng tc nh trn P v V li nhng thng tin g. Ngoi thng tin v hai graph G v G2, mi vng hip, P v V trao i cc thng tin v mt graph H mt cu hi i, v mt tr li p. Nh vy, ta c th nh ngha mt bn ghi T ca mt chng minh tng tc l T = ((G ,G2); (Hvh,p1) ;....; (Hm,im pm)). Thng tin v mt chng minh tng tc c cha ng y trong mt bn ghi T. By gi ta ch rng mt bn ghi cng c th c to ra mt cch gi mo. Thc vy, ta c th chn ngu nhin mt s i e {1, 2}, mt hon v p, sau tnh Hl nh ng cu ca

Gi qua p. Thc hin m ln nh vy, ta c m b ba (Hip), v cng vi (G ,G2) ta s to c mt bn ghi gi mo, v khng phi l mt bn ghi trung thc theo vic thc hin thc mt chng minh ng theo giao thc tng tc, nhng khng c cch no phn bit mt giao thc hp thc vi mt giao thc gm cc bn ghi gi mo. Thut ton to ra cac bn ghi gi mo c gi l mt m phng. By gi ta c th a ra mt nh ngha cho khi nim khng l tri thc nh sau: Gi s c mt h chng minh tng tc i vi bi ton quyt nh n, v mt m phng S1, v x l mt d liu ca bi ton c tr li ng i vi cu hi n. K hiu T(x) l tp tt c cc bn ghi hp thc c th c, v F(x) l tp hp tt c cc bn ghi gi mo c th sinh ra bi S Gi thit rng T(x) =F(a). Vi mi TeT(x) k hiu pq(T) l xc sut ca vic T l bn ghi sinh ra t mt chng minh tng tc, v pF (T) l xc sut ca vic T l mt bn ghi gi mo sinh ra bi m phng S. Nu ppT) = pF (T) vi mi TeT(x) , tc l cc phn b xc sut trn T(x v F(x) l trng nhau, th ta ni rng h chng minh tng tc ca ta l khng l tri thc hon ho (perfect zero-knowledge) i vi V. i vi bi ton ang cu hai graph v vi s chng minh tng tc k trn, ngi ta chng minh c rng hai phn b xc sut trn T(x) v F(x) trng nhau, do , vi nh ngha ca khi nim khng l tri thc hon ho, ta c th kt lun : i vi bi ton ang cu hai graph, c mt s tng tc chng mi khng l tri thc hon ho. By gi ta gii thiu thm di y mt s tng tc chng minh khng l tri thc i vi bi ton thng d bc hai, l mt bi ton NP-y . Cho mt s" nguyn n l tch ca hai s" nguyn t" ln p v q c gi b mt. Gi thit P bit x l mt thng d bc hai theo modn v u l mt cn bc hai ca n (tc u2= x (modn)).S chng minh tng tc gm m vng, mi vng gm 4 bc sau y: 1. P chn ngu nhin mt s ve Z*, tnh y = v2modn, v gi y cho V. 2. V chn ngu nhin mt s i e {0, 1} v gi cho P.

Thng thng ngi ta gi thit l ngi kim th V, cng nh b m phng V, u l cc thut ton c kh nng tnh ton trong thi gian a thc.

3. P tnh z = uvmodn, v gi zcho V. 4. V th iu kin z = xiy (modn) . Nu qua m vng, V u th ng iu kin trn th V chp nhn chng minh ca P rng xl thng d bc hai theo modn Giao thc chng minh tng tc ny cng c cc tnh cht y , ng n, v l khng l tri thc, nhng cha phi l khng l tri thc hon ho. Vic nghin cu cc s tng tc chng minh khng l tri thc l mt ch c nhiu ngi quan tm trong vi thp nin va qua, v thu c nhiu kt qu l th, trong l th nht c l l cc kt qu lin quan n cc bi ton NP-y . Ngi ta chng t rng khng c cc chng minh khng l tri thc hon ho i vi cc bi ton NP-y ; tuy nhin, nu khng i hi cht ch iu kin khng l tri thc hon ho, m ch i hi mt iu kin nh hn cht t v khng l tri thc tnh ton (computational zero-knowledge), th ngi ta chng minh c rng i vi nhiu bi ton NP-y nh bi ton thng d bc hai theo modn trn hay bi ton t ba mu mt graph l c th xy dng tng ng cc s tng tc chng minh khng l tri thc tnh ton. Ri t , do mi bi ton trong lp NP u c th qui dn trong thi gian a thc v mt bi ton NP-y , chang hn bi ton t ba mu mt graph, nn c th chng minh c l i vi mi bi ton trong lp NPu c mt s tng tc chng minh khng l tri thc (tnh ton). Khi nim khng l tri thc tnh ton ch khc khi nim khng l tri thc hon ho mt im l nu trong inh ngha ca khng l tri thc hon ho ta i hi hai phn b xc sut trn 7(X) v F(x) trng nhau, th i vi khi nim khng l tri thc tnh ton, ta ch i hi hai phn b xc sut l khng phn bit c theo mt ngha tng t nh khng s-phn bit c m ta xt n trong muc 4.6.1, chng IV.
2

CHNG VII

Vn ' phn phi kho v tho thun kho

7.1. Qun tr kho trong cc mang truyn tin. Trong cc chng trc, ta lm quen vi cc phng php lp mt m v cc bi ton quan trng khc lin quan n vic truyn tin bo mt trn cc mng truyn tin cng cng ni chung. Ta cng thy rng cc h mt m kho cng khai c nhiu u vit hn cc h mt m kho i xng trong vic lm nn tng cho cc gii php an ton thng tin, v c bit nu i vi cc h mt m kho i xng vic thc hin i hi nhng knh b mt chuyn kho hoc trao oi kho gia cc i tc, th v nguyn tc, i vi cc h mt m kho cng khai, khng cn c nhng knh b mt nh vy, v cc kho cng khai c the c truyn hoc trao i cho nhau mt cch cng khai qua cc knh truyn tin cng cng. Tuy nhin, trn thc t, bo m cho cc hot ng thng tin c tht s an ton, khng phi bt c thng tin no v cc kho cng khai ca mt h mt m, ca mt thut ton kim th ch k, ca mt giao thc xc nhn thng bo hay xc nhn danh tnh, v.v... cng pht cng khai mt cch trn lan trn mng cng cng, m du l cng khai nhng ngi ta cng mong mun l nhng ai cn bit th mi nn bit m thi. Do , du l dng cc h c kho cng khai, ngi ta cng mun c nhng giao thc thc hin vic trao i kho gia nhng i tc thc s c nhu cu giao lu thng tin vi nhau, k c trao i kho cng khai. Vic trao i kho gia cc ch th trong mt cng ng no c th c thit lp mt cch t do gia bt c hai ngi no khi c nhu cu trao i thng tin, hoc c th c thit lp mt cch tng i lu di trong mt thi hn no trong c cng ng vi s iu phi ca mt c quan c u thc (m ta k hiu l TA-trusted authority). Vic trao i kho trong trng hp th nht ta gi n gin l tho thun kho, cn trong trng hp th hai ta gi l phn phi kho, TA l ni thc hin vic phn phi, cng tc l ni qun tr kho. Vic tho thun kho ni chung khng cn c s tham gia ca mt TA no v ch c th xy ra khi

cc h bo mt m ta s dung l h c kho cng khai, cn vic phn phi kho th c th xy ra i vi cc trng hp s dung cc h kho i xng cng nh cc h c kho cng khai. Vic phn phi kho vi vai tr qun tr kho ca mt TA l mt vic bnh thng, tn ti t rt lu trc khi c cc h mt m kho cng khai. Ta s bt u vi vic gii thiu mt vi h phn phi kho nh vy, ri tip sau s gii thiu mt s h phn phi hoc trao i kho khi dng cc s an ton v bo mt c kho cng khai. 7. 2. Mt s' h phn phi kho. 7. 2.1. S phn phi kho Blom. Gi s ta c mt mng gm c n ngi dng, v mi ngi dng u c nhu cu trao i thng tin b mt vi mi ngi trong mng. Gi s s mt m c s dung l mt s mt m kho i xng (chang hn, DES). Ton b mng cn c kho khc nhau cho chng y cp ngi dng khc nhau trong mng. Mt c quan c u thc TA qun l chng y kho v phi chuyn cho mi ngi dng n -1 kho chung vi n -1 ngi cn li trong mng, nh vy TA phi truyn bng nhng knh b mt tt c l n (n -1) lt kho n cho tt c n ngi dng. Blom (1985) ngh mt s phn phi kho, m sau y ta gi l s Blom, trong trng hp n gin nht c m t nh sau: TA chn mt s nguyn t p > n, v chn cho mi ngi dng A mt s rAeZp. S p v cc s rA c cng b cng khai. Sau , TA chn ba s ngu nhin a,b,c e Zp , v lp a thc f (x, y) = a + b(x + y) + cxy modp Vi mi ngi dng A, TA tnh gA(x) = f (x,rA) = aA + bAx modp, trong aA = a + brA mod p, bA = b + crA mod p TA chuyn b mt cp s (aA, bA) cho A; nh vy, A bit gA (x) = aA + bAx. So vi vic TA phi truyn b mt n (n -1) lt kho k trn th vi s Blom, TA ch phi truyn n lt cc cp s (aA, bA ) m thi. Sau khi thc hin xong cc cng vic chun b , by gi nu hai ngi dng A v B mun to kho chung truyn tin bng mt m cho nhau, th kho chung KA B s l : A,B = gA (rB ) = gB (rA ) = f (rA , rB X m mi ngi A v B tnh c bng nhng thng tin mnh c.
K

Nh vy, theo s phn phi ny, TA phn phi cho mi ngi dng mt phn b mt ca kho, hai ngi dng bt k phi hp phn b mt ca ring mnh vi phn cng khai ca ngi kia e cng to nn kho b mt chung cho hai ngi. S ny l an ton theo ngha sau y: Bt k mt ngi th ba C no (k c C l mt ngi tham gia trong mng) c the pht hin c kho b mt ring ca hai ngi A v B. Thc vy, d C c l ngi tham gia trong mng i na, th ci m C bit nhiu lm l hai s aC, hC do TA cp cho. Ta chng minh rng vi nhng g m C bit th bt k gi tr l e Zp no cng c th c chp nhn l KA B . Nhng g m C bit, k c vic chp nhn l = KA B , c th hin thnh
a

+ h(rA + rB ) + crArB = a+ hrC + crC = hC

H thng phng trnh , nu xem a,h,c l n s, c nh thc cc h s h v phi l

r

A + rB rArB = (rC - rA )(rC - rB ) ,

rC theo gi thit chn cc s r, nh thc khc 0, do h phng trnh lun c nghim (a,h,c), tc vic chp nhn l l gi tr ca KAB l hon ton c th. Bt k gi tr le Zp no cng c th c C chp nhn l KA,B , iu ng ngha vi vic C khng bit KA,B l s no! Tuy nhin, nu c hai ngi tham gia C v D, khc A,B, lin minh vi nhau pht hin KA B , th li rt d dng, v c C v D bit

01

a + hrC

=a h + crC = hC

= ar h + crD = Bn phng trnh xc nh (a,h,c), t tm c KAB . Ta c th m rng s Blom ni trn c mt s Blom tng qut, trong mi kho chung KA B ca hai ngi dng A v B l b mt hon ton i vi bt k lin minh no gm k ngi ngoi A v B, nhng khng cn l b mt i vi mi lin minh gm k +1 ngi tham gia trong mng. Mun vy, ta ch cn

a + hrD

thay a thc f (x,y ) ni trn bng mt a thc i xng bc 2k sau y :

f(

x y )=

v 'y } mod p, i =0 j =0

a x

trong a je Zp ,0 < i,j < k,ai j = a .. vi mi i, j. 7.2.2. H phn phTi kho Kerberos. Kerberos l tn ca mt h dch vu phn phi (hay cp pht) kho phin (session key) cho tng phin truyn tin bo mt theo yu cu ca ngi dng trong mt mng truyn tin. H mt m c s dung thng l h c kho i xng, chang hn DES. thc hin h ny, trc ht, c quan c u thc (hay trung tm iu phi) TA cn chia s mt kho DES b mt KA vi mi thnh vin A trong mng. Sau , mi ln A c nhu cu truyn tin bo mt vi mt thnh vin khc B th yu cu TA cp mt kho phin cho c A v B. Vic cp pht s c thc hin bng mt giao thc phn phi kho nh sau: 1. TA chn ngu nhin mt kho phin K xc nh mt tem thi gian T v mt thi gian sng L (nh th c ngha l kho phin Kc gi tr s dung trong khong thi gian t T n T+L). 2. TA tnh
m = e K (K, ID(B), T, L), m 2 = e K B (K, ID(A), T, L).

v gi (m15 m2) n A. 3. A dng hm gii m dK cho mj thu c K TL,D(B). Sau tnh m3 = eK (ID( A), T), v gi (m3, m2) cho B. 4. B dng cc hm gii m dK cho m2 v dK cho m3 thu c K,T, L,ID(A) v ID(A),T. Nu th thy hai gi tr ca ID(A) v ca T trng nhau, th B tnh tip m 4 = eK (T+1) v gi m4 cho A. 5. A dng hm gii m dK cho m4, v th xem kt qu thu c c ng l T+1 hay khng.

Trong giao thc k trn, cc k hiu D(A) v D(B) l ch cho danh tnh ca A v ca B, cc thng tin l cng khai. Hon thnh giao thc gm 5 bc ni trn, TA (cng vi A v B) thc hin xong vic cp pht mt kho phin K cho hai ngi dng A v B truyn tin mt m cho nhau. Tt c cc vic trao i thng tin ca giao thc u c thc hin trn cc knh cng cng, d kho Kvn l b mt, ch A, B (v TA) l c bit m thi. Ngoi vic cp pht kho, giao thc cn thc hin c vic xc nhn kho: B v A u tin chc c rng i tc ca mnh thc s c kho K do kt qu ca vic thc hin cc php th bc 4 v 5; thm na, c A v B cn bit c thi hn c hiu lc ca kho. Phn phi kho b mt theo giao thc Kerberos l c tin cy cao, tuy nhin trong thc t, vic s dung n cng i hi tn nhiu thi gian, nn ngy nay cng ch c dng trong nhng trng hp hn ch. 7. 2.3. H phn phi kho Diffie-Hellman. H phn phi kho Diffie-Hellman khng i hi TA phi bit v chuyn bt k thng tin b mt no v kho ca cc ngi tham gia trong mng h thit lp c kho chung b mt cho vic truyn tin vi nhau. Trong mt h phn phi kho Diffie-Hellman, TA ch vic chn mt s nguyn t ln p v mt phn t nguyn thu a theo modp, sao cho bi ton tnh loga trong Z* l rt kh. Cc s p v a c cng b cng khai cho mi ngi tham gia trong mng. Ngoi ra, TA c mt s ch k vi thut ton k (b mt) sigTA v thut ton kim th (cng khai) verTA. Mt thnh vin bt k A vi danh tnh IDA tu chn mt s aA (0 a < A < p - 2) v tnh bA = aaA modp. A gi b mt aA v ng k cc thng tin (D(A), bA ) vi TA. TA cp cho A chng ch C(A) = (IDA), bA, a(D(A), bA)). Cc chng ch ca cc thnh vin trong mng c th c lu gi trong mt c s d liu cng khai, hoc u thc cho TA lu gi v cung cp cng khai cho cc thnh vin mi khi cn n. Khi hai thnh vin A v B trong mng cn c mt kho b mt chung truyn tin bo mt cho nhau, th A dng thng tin cng khai bB c trong C(B) kt hp vi s b mt ca mnh l aA to nn kho

KAB = hBA modp = aBA mod p Kho chung B cng to ra c t cc thng tin cng khai h A ca A v s b mt a B ca mnh: KAB = bAB modp = aaAB modp bo m c cc thng tin v b B v b A l chnh xc, A v B c th dng thut ton verTA kim th ch k xc nhn ca TA trong cc chng ch C(B) v C(A) tng ng. an ton ca h phn phi kho Diffie-Hellman c bo m bi iu sau y: Bit h A v h B tnh KA,B chnh l bi ton DiffieHellman m ta cp ti trong muc 4.1, chng IV: bit a a mod p v a h mod p , tnh a ah mod p . y l mt bi ton kh tng ng bi ton tnh lgarit ri rc hay bi ton ph mt m ElGamal. 7.3. Trao i kho v thoa thun kho. 7.3.1. Giao thc trao i kho Diffie-Hellman. H phn phi kho Diffie-Hellman ni trong muc trc c th d dng bin i thnh mt giao thc trao i (hay tho thun) kho trc tip gia cc ngi s dung m khng cn c s can thip ca mt TA lm nhim vu iu hnh hoc phn phi kho. Mt nhm bt k ngi s dung c th tho thun cng dng chung mt s nguyn t ln p v mt phn t nguyn thu a theo modp, hai ngi bt k trong nhm A v B mi khi mun truyn tin bo mt cho nhau c th cng thc hin giao thc say y trao i kho: 1. A chn ngu nhin s aA (0< aA< p -2), gi b mt aA, tnh h A = a A mod p v gi bA cho B. 2. Tng t, B chn ngu nhin s aB (0< aB < p-2), gi b mt aB , tnh hB = aB mod p v gi bB cho B. 3. A v B cng tnh c kho chung KAB = haBA modp = hAB modp(= aAB modp). Giao thc trao i kho Diffie-Hellman c cc tnh cht sau: 1. Giao thc l an ton i vi vic tn cng thu ng, ngha l mt ngi th ba, d bit bA v bB s kh m bit c KA B . Ta bit rng bi ton bit bA v bB tm KAB chnh l bi ton DiffieHellman, v trong muc 7.2.3 ta c ni rng bi ton tng

ng vi bi ton ph mt m ElGamal. By gi ta chng minh iu ny. Php mt m ElGamal vi kho K = (p,a,a ,p), trong p = aa mod p, cho ta t mt bn r x v mt s ngu nhin k e Z -1 lp c mt m eK (x, k) = (y1, y2), trong y1 = ak mod p, y2 = xpk mod p. V php gii m c cho bi
d

K (y^ y2) = y2( ya )-1 mod p.

Gi s ta c thut ton A gii bi ton Diffie-Hellman. Ta s dng A ph m ElGamal nh sau: Cho mt m (y15 y2). Trc ht, dng A cho y1 = ak mod p v p = aa mod p, ta c A(yvP) = aka = pk mod p, v sau ta thu c bn r x t f v y2 nh sau : x = y2(fik)-1 mod p. Ngc li, gi s c thut ton B ph m ElGamal, tc
B

(p,a, p, y:, y2) = x = y2 (y1a )-1 mod p.

p dung B cho p = bA, y1 = bB, y2 = 1, ta c B(p,a,A,B,1)-1 = (1.(bBA)-1)-1 = aaAClB modp, tc l gii c bi ton Diffie-Hellman. 2. Giao thc l khng an ton i vi vic tn cng ch ng bng cch nh tro gia ng, ngha l mt ngi th ba C c th nh tro cc thng tin trao i gia A v B, chang hn, C thay aA m A nh gi cho B bi aaA ,v thay am B nh gi cho A bi aa'B, nh vy, sau khi thc hin giao thc trao i kho, A lp mt kho chung aaAa'B vi C m vn tng l vi B, ng thi B lp mt kho chung aaAaB vi C m vn tng l vi A; C c th gii m mi thng bo m A tng nhm l mnh gi n B, cng nh mi thng bo m B tng nhm l mnh gi n A ! Mt cch khc phuc kiu tn cng ch ng ni trn l lm sao A v B c th kim th xc nhn tnh ng n ca cc kho cng khai bA v bg .a vo giao thc trao i kho Diffie- Hellman thm vai tr iu phi ca mt TA c mt h phn phi kho Diffie-Hellman nh muc 7.2.3 l mt cch khc phuc nh vy. Trong h phn phi kho Diffie-Hellman, s can thip ca TA l rt yu, thc ra TA ch lm mi mt vic l cp chng ch xc nhn kho cng khai cho tng ngi dng ch khng i hi bit thm bt c mt b mt no ca ngi dng. Tuy nhin, nu cha

tho mn vi vai tr hn ch ca TA, th c th cho TA mt vai tr xc nhn yu hn, khng lin quan g n kho, chang hn nh xc nhn thut ton kim th ch k ca ngi dng, cn bn thn cc thng tin v kho (c b mt v cng khai) th do cc ngi dng trao i trc tip vi nhau. Vi cch khc phuc c vai tr rt hn ch ca TA, ta c giao thc sau y: 7.3.2. Giao thc trao i kho DH c chng ch xc nhn. Mi ngi dng A c mt danh tnh D(A) v mt s ch k vi thut ton k sgA v thut ton kim th verA. TA cng c mt vai tr xc nhn, nhng khng phi xc nhn bt k thng tin no lin quan n vic to kho mt m ca ngi dng (d l kho b mt hay l kho cng khai), m ch l xc nhn mt thng tin t quan h khc nh thut ton kim th ch k ca ngi dng. Cn bn thn cc thng tin lin quan n vic to kho mt m th cc ngi dng s trao i trc tip vi nhau. TA cng c mt s ch k ca mnh, gm mt thut ton k sigTA v mt thut ton kim th (cng khai) verTA. Chng ch m TA cp cho mi ngi dng A s l = (IDA) verA , sigTA(ID(A), eO). R rng trong chng ch TA khng xc nhn bt k iu g lin quan n vic to kho ca A c. Vic trao i kho gia hai ngi dng A v B c thc hin theo giao thc sau y: 1. A chn ngu nhin s aA (0 < aA < p - 2), tnh bA =aA modp, v gi bA cho B. 2. B chn ngu nhin s aB (0 < aB < p - 2), tnh bB =aB modp, tnh tip K = bAB mod p, yB = sigB (bB , bA X v gi (C(B),b5 , y) cho A. 3. A tnh K= bBA mod p, XA = sgA(bA , b ) v gi (C(A), yA) cho B. 4. B dng verA kim th yA ,v dng verTA kim th C(A). Nu tt c cc bc c thc hin v cc php kim th u cho kt qu ng n, th giao thc kt thc, v c A v B u c c kho chung K. Do vic dng cc thut ton kim th nn A bit chc gi tr b l ca B v B bit chc gi tr bA l ca A, loi dng verB kim th yB , dng verTA kim th C(B), sau tnh
C(A)

tr kh nng mt ngi C no khc nh tro cc gi tr gia ng. 7.3.3. Giao thc trao i kho Matsumoto-Takashima- Imai. Giao thc trnh by trong muc trn cn dng ba ln chuyn tin qua li thit lp mt kho chung. Cc tc gi Nht Matsumoto, Takashima v Imai ngh mt ci tin ch dng mt giao thc gm hai ln chuyn tin (mt t A n B v mt t B n A) tho thun kho nh sau: Ta gi th rng trc khi thc hin giao thc, TA k cp chng ch cho mi ngi dng A theo cch lm muc 7.2.3: C(A) = (ID(A), A, taIDA), bA)), v thut ton kim th ch k verTA ca TA l cng khai. Trong giao thc ny, cc bA khng trc tip to nn cc kho mt m cho truyn tin, m vi mi phin truyn tin bo mt, kho phin (sesion key) s c to ra cho tng phin theo giao thc. Giao thc trao i kho phin MTI gm ba bc (trong c hai ln chuyn tin) nh sau: 1. A chn ngu nhin s rA (0 < rA < p - 2), tnh sA = arA mod p, v gi (C(A), sA ) cho B. 2.B chn ngu nhin s" rB (0 < rB < p - 2), tnh sB =arB mod p, v gi (C(B),s ) cho A. 3. A tnh K = sBA B mod p, vi gi tr bB thu c t C(B), B tnh K = sAB A mod p, vi gi tr bA thu c t C(A). Hai cch tnh u cho cng mt gi tr K = a rA B +rB A mod p. Giao thc ny cng c kh nng gi b mt kho K nh i vi giao thc Diffie-Hellman trc s tn cng thu ng. Tuy nhin, v khng c chng ch i vi cc gi tr sA , 5b nn vn c nguy c ca s tn cng tch cc bng vic nh tro gia ng bi mt C no theo kiu sau y: C(A), a C(A), arA A C(B), arB C C(B), a B < ------------ ----------- < ------------------------- ------------ng l A gi n B (C(A),sA) th C nh tro bng cch nhn (C(A),5a) v gi n B (C(A), s'A), vi s'A = a A mod p, v ngc li,

ng l B gi n A (C(B), s) th C nh tro bng cch nhn (C(B), s) v gi n A (C(B),s'B), vi s'B =arB modp . Khi , A tnh c kho K1 =arAaB+rBaA mod p, v B tnh c kho K2 =arAaB+rBaA modp. Hai gi tr K1 v K2 ny khc nhau, nn khng gip A v B truyn tin c cho nhau, nhng C khng c kh nng tnh c gi tr no trong hai gi tr (v khng bit aA v aB ), nn khc vi giao thc Diffie-Hellman muc 7.2.3, y C ch c th ph ri, ch khng th nh cp thng tin c. 7.3.4. Giao thc Girault trao i kho khng chng ch. Giao thc Girault c xut nm 1991. Trong giao thc ny, ngi s dung A khng cn dng chng ch C(A), m thay bng mt kho cng khai t chng thc, c cp trc bi mt TA. Phng php ny s dung kt hp cc c tnh ca cc bi ton RSA v lgarit ri rc. Gi th n l tc ca hai s nguyn t ln p v q, n =p.q, p v q c dng p =2p1+1, q =2q+1, trong pr v q cng l cc s nguyn t. Nhm nhn Z* ang cu vi tch Z* X Z*. Cp cao nht ca mt phn t trong Z* l bi chung b nht ca p -1 v q-1, tc l bng 2p1q1. Gi s a l mt phn t cp 2p1q1 ca Z*. Nhm cyclic sinh bi a c k hiu l G, bi ton tnh lgarit ri rc theo c s" a trong G c gi thit l rt kh. Cc s n v a l cng khai. Ch TA bit p,q. TA chn s m cng khai e, vi gcd(e (n ))=1,v gi b mt d=e1mod (n). Mi ngi dng A c mt danh tnh D(A), chn ngu nhin mt s aA e G, gi b mt aA v tnh bA=aaA modn, ri gi aA ,bA cho TA. TA th li iu kin bA = aA modn, ri cp cho A mt kho cng khai t chng thc pA = (bA- ID(A))d modn . Trong kho cng khai pA khng c thng tin v aA , nhng TA cn bit aA th iu kin bA=aaA mod n . Giao thc Girault trao i kho gia hai ngi dng A v B c thc hin bi cc bc sau y: 1. A chn ngu nhin rAeG, tnh sA = arA modn, v gi cho B (D(A), ,s ) PA A .

2. B chn ngu nhin rB eG , tnh sB = arB mod n, v gi cho A ( JD(B), PB , s5). 3. A tnh kho K = saBA (pB + ID(V))rA modn, B tnh kho K = sAB (peA + ID(A))rB mod n. C hai gi tr ca K u bng nhau v bng K = arAB+rBA modn. Bng cc lp lun nh trong muc trc, ta d thy rng mt ngi th ba C kh m to ra cc thng tin gi mo gi n A hoc B, nu tn cng bng cch nh tro gia ng th c th ph ri ngn cn A v B to lp kho chung, nhng khng th nh cp thng tin trao i gia A v B. Cn li mt vn : Ti sao TA cn bit aA v th iu kin aA bA=a modn trc khi cp pA cho A? Ta gi th rng TA khng bit aA v cp pA= (bA- D(A))d modn cho A, v th xem c th xy ra chuyn g? Mt ngi th ba C c th chn mt gi tr rm aA , v tnh b' =aa'A mod n, ri tnh b'c = b'A - ID(A) - ID(C), v a (ID(C), b'C ) cho TA. TA s cp cho C mt "kho cng khai t chng thc p'c = (b'c - ID(C))d mod n. V b'c - ID(C) = b'A - ID(A), nn thc t C c cp p'c= pA = (bA- ID (A))d mod n. By gi gi s A v B thc hin giao thc trao i kho, v C xen vo gia, nh vy, A gi n B (ID(A), pA,arA modn), nhng do b C nh tro nn B li nhn c (ID (A), p'A ,arA mod n), do B v C tnh c cng mt kho K' = arAaB+rBaA modn = sA (pB + ID(B))rA modn, cn A tnh c kho K = arAB+rBA modn. ID(A),pA,arA ID(A), pA,arA A ID(B),pBarB C ID(B),pB, arB B M
---------------- < -----------------------------------------------

B v C c cng mt kho khc vi kho ca A, nhng B vn ngh rng mnh c chung kho vi A. V th, C c th gii m mi thng bo m B gi cho A, tc nh cp cc thng tin t B n A. Vic TA bit aA v th iu kin bA=aaA mod n trc khi cp pA cho A l loi tr kh nng nh tro nh vy ca mt k tn cng C.

CH DN V SCH THAM KHQ

Sch bo v Khoa hc mt m tuy mi c cng khai xut bn t khong ba thp nin gn y, nhng do nhu cu nghin cu v ng dung rt ln nn pht trin rt nhanh chng, trong c c nhng ti liu gio khoa do cc trng i hc xut bn cng nh cng trnh nghin cu ng ti trn cc tp ch khoa hc v cc tp cng trnh ca cc hi ngh khoa hc quc t hng nm v Mt m. l ngun ti liu ht sc phong ph v qu gi cho tt c nhng ai quan tm n vic hc tp v nghin cu v khoa hc mt m. Tp gio trnh ny c bin son ch yu da vo mt s sch chuyn kho tr thnh gio khoa cho nhiu trng i hc trn th gii, c xut bn trong nhng nm gn y: 1. Douglas R. Stinson. Cryptography. Theory and Practice, CRC Press,1995. 2. A.J. Menezes, P.C. van Oorschot, S.A. Vanstone. Handbook of Applied Cryptography, CRC Press, 1997. 3. Bruce Schneier. Applied Cryptography. Protocols, Algorithms and Source Code in C. John Wiley &Son,Inc, 1996. 4. S. Goldwasser, M. Bellare. Lecture Notes on Cryptography. MIT Laboratory of Computer Science, 2001. 5. J.Seberry, J. Pieprzyk. Cryptography. An introduction to Computer Security. Prentice Hall, 1989. 6. Vitor Shoup. A computational Introduction to Number Theory and Algebra, New York University, 2003.