Block cipher

Similar documents
(Requirements in communication) (efficiently) (Information Theory) (certainly) (Coding Theory) (safely) (Cryptography) I 1


15 mod 12 = 3, 3 mod 12 = 3, 9 mod 12 = N N 0 x, y x y N x y (mod N) x y N mod N mod N N, x, y N > 0 (1) x x (mod N) (2) x y (mod N) y x

1 UTF Youtube ( ) / 30

2001 Miller-Rabin Rabin-Solovay-Strassen self-contained RSA RSA RSA ( ) Shor RSA RSA 1 Solovay-Strassen Miller-Rabin [3, pp


21 Key Exchange method for portable terminal with direct input by user

mahoro/2011autumn/crypto/

さくらの個別指導 ( さくら教育研究所 ) A 2 P Q 3 R S T R S T P Q ( ) ( ) m n m n m n n n

°Å¹æµ»½Ñ¤Î¿ôÍý¤È¤·¤¯¤ß --- ¥á¡¼¥ë¤Ç¤¸¤ã¤ó¤±¤ó¡©¤¹¤ëÊýË¡ ---

セアラの暗号




2012 A, N, Z, Q, R, C

x, y x 3 y xy 3 x 2 y + xy 2 x 3 + y 3 = x 3 y xy 3 x 2 y + xy 2 x 3 + y 3 = 15 xy (x y) (x + y) xy (x y) (x y) ( x 2 + xy + y 2) = 15 (x y)

II


1/68 A. 電気所 ( 発電所, 変電所, 配電塔 ) における変圧器の空き容量一覧 平成 31 年 3 月 6 日現在 < 留意事項 > (1) 空容量は目安であり 系統接続の前には 接続検討のお申込みによる詳細検討が必要となります その結果 空容量が変更となる場合があります (2) 特に記載

one way two way (talk back) (... ) C.E.Shannon 1948 A Mathematical theory of communication. 1 ( ) 0 ( ) 1

2011 Future University Hakodate 2011 System Information Science Practice Group Report Project Name Visualization of Code-Breaking RSA Group Name RSA C

() x + y + y + x dy dx = 0 () dy + xy = x dx y + x y ( 5) ( s55906) 0.7. (). 5 (). ( 6) ( s6590) 0.8 m n. 0.9 n n A. ( 6) ( s6590) f A (λ) = det(a λi)

a m 1 mod p a km 1 mod p k<s 1.6. n > 1 n 1= s m, (m, = 1 a n n a m 1 mod n a km 1 mod n k<sn a 1.7. n > 1 n 1= s m, (m, = 1 r n ν = min ord (p 1 (1 B

Proposal of addition of new cipher suites to TLS to support Camellia, EPOC, and PSEC Shiho Moriai NTT Laboratories th

> > <., vs. > x 2 x y = ax 2 + bx + c y = 0 2 ax 2 + bx + c = 0 y = 0 x ( x ) y = ax 2 + bx + c D = b 2 4ac (1) D > 0 x (2) D = 0 x (3

09 II 09/12/ (3D ) f(, y) = 2 + y 2 3D- 1 f(0, 0) = 2 f(1, 0) = 3 f(0, 1) = 4 f(1, 1) = 5 f( 1, 2) = 6 f(0, 1) = z y (3D ) f(, y) = 2 + y

さくらの個別指導 ( さくら教育研究所 ) 1 φ = φ 1 : φ [ ] a [ ] 1 a : b a b b(a + b) b a 2 a 2 = b(a + b). b 2 ( a b ) 2 = a b a/b X 2 X 1 = 0 a/b > 0 2 a


1 1 n 0, 1, 2,, n n 2 a, b a n b n a, b n a b (mod n) 1 1. n = (mod 10) 2. n = (mod 9) n II Z n := {0, 1, 2,, n 1} 1.

untitled


Literacy 2 Mathematica Mathematica 3 Hiroshi Toyoizumi Univ. of Aizu REFERENCES [1] C.P Williams [2] [3] 1 Literacy 2 Mathematica Ma

( ) X x, y x y x y X x X x [x] ( ) x X y x y [x] = [y] ( ) x X y y x ( ˆX) X ˆX X x x z x X x ˆX [z x ] X ˆX X ˆX ( ˆX ) (0) X x, y d(x(1), y(1)), d(x

LCM,GCD LCM GCD..,.. 1 LCM GCD a b a b. a divides b. a b. a, b :, CD(a, b) = {d a, b }, CM(a, b) = {m a, b }... CM(a, b). q > 0, m 1, m 2 CM

2011 Future University Hakodate 2011 System Information Science Practice Group Report Project Name Visualization of Code-Breaking Group Name Implemati


II R n k +1 v 0,, v k k v 1 v 0,, v k v v 0,, v k R n 1 a 0,, a k a 0 v 0 + a k v k v 0 v k k k v 0,, v k σ k σ dimσ = k 1.3. k

1.2 y + P (x)y + Q(x)y = 0 (1) y 1 (x), y 2 (x) y 1 (x), y 2 (x) (1) y(x) c 1, c 2 y(x) = c 1 y 1 (x) + c 2 y 2 (x) 3 y 1 (x) y 1 (x) e R P (x)dx y 2

A B P (A B) = P (A)P (B) (3) A B A B P (B A) A B A B P (A B) = P (B A)P (A) (4) P (B A) = P (A B) P (A) (5) P (A B) P (B A) P (A B) A B P

AI n Z f n : Z Z f n (k) = nk ( k Z) f n n 1.9 R R f : R R f 1 1 {a R f(a) = 0 R = {0 R 1.10 R R f : R R f 1 : R R 1.11 Z Z id Z 1.12 Q Q id

SAMA- SUKU-RU Contents p-adic families of Eisenstein series (modular form) Hecke Eisenstein Eisenstein p T

#2 (IISEC)

{ 8. { CHAPTER 8. Å (sampling time) x[k] =x(kå) u(ú) t t + Å (u[k]) x[k + 1] =A d x[k] +B d u[k] (8:) (diãerence equation) A d =e AÅ ; B d = Z Å 0 e A

2.2 ( y = y(x ( (x 0, y 0 y (x 0 (y 0 = y(x 0 y = y(x ( y (x 0 = F (x 0, y(x 0 = F (x 0, y 0 (x 0, y 0 ( (x 0, y 0 F (x 0, y 0 xy (x, y (, F (x, y ( (


, = = 7 6 = 42, =

( )/2 hara/lectures/lectures-j.html 2, {H} {T } S = {H, T } {(H, H), (H, T )} {(H, T ), (T, T )} {(H, H), (T, T )} {1

取扱説明書 [d-01H]



1. A0 A B A0 A : A1,...,A5 B : B1,...,B

SOWC04....

50 2 I SI MKSA r q r q F F = 1 qq 4πε 0 r r 2 r r r r (2.2 ε 0 = 1 c 2 µ 0 c = m/s q 2.1 r q' F r = 0 µ 0 = 4π 10 7 N/A 2 k = 1/(4πε 0 qq

¥µ¥¤¥Ü¥¦¥º¡¦¥é¥Ü¥æ¡¼¥¹ À®²ÌÊó¹ð

II Time-stamp: <05/09/30 17:14:06 waki> ii

Part () () Γ Part ,


, x R, f (x),, df dx : R R,, f : R R, f(x) ( ).,, f (a) d f dx (a), f (a) d3 f dx 3 (a),, f (n) (a) dn f dx n (a), f d f dx, f d3 f dx 3,, f (n) dn f

ALGEBRA I Hiroshi SUZUKI Department of Mathematics International Christian University

資料5:聖ウルスラ学院英智小・中学校 提出資料(1)

18 ( ) I II III A B C(100 ) 1, 2, 3, 5 I II A B (100 ) 1, 2, 3 I II A B (80 ) 6 8 I II III A B C(80 ) 1 n (1 + x) n (1) n C 1 + n C




.,.,..,? 2.,.?.,...,...,.,.,.,.,,..,..,,.,,.,.,..,..,....,.,.,.,?,...,,.... Dr.Hener, i

Q&A(最終版).PDF

1 12 ( )150 ( ( ) ) x M x 0 1 M 2 5x 2 + 4x + 3 x 2 1 M x M 2 1 M x (x + 1) 2 (1) x 2 + x + 1 M (2) 1 3 M (3) x 4 +

卓球の試合への興味度に関する確率論的分析

x p v p (x) x p p-adic valuation of x v 2 (8) = 3, v 3 (12) = 1, v 5 (10000) = 4, x 8 = 2 3, 12 = 2 2 3, = 10 4 = n a, b a


Nobelman 絵文字一覧

) ] [ h m x + y + + V x) φ = Eφ 1) z E = i h t 13) x << 1) N n n= = N N + 1) 14) N n n= = N N + 1)N + 1) 6 15) N n 3 n= = 1 4 N N + 1) 16) N n 4

n ( (

:00-16:10


2016プライムハンドブック(甲府市) のコピー


6kg 1.1m 1.m.1m.1 l λ ϵ λ l + λ l l l dl dl + dλ ϵ dλ dl dl + dλ dl dl 3 1. JIS 1 6kg 1% 66kg 1 13 σ a1 σ m σ a1 σ m σ m σ a1 f f σ a1 σ a1 σ m f 4

n Y 1 (x),..., Y n (x) 1 W (Y 1 (x),..., Y n (x)) 0 W (Y 1 (x),..., Y n (x)) = Y 1 (x)... Y n (x) Y 1(x)... Y n(x) (x)... Y n (n 1) (x) Y (n 1)

S K(S) = T K(T ) T S K n (1.1) n {}}{ n K n (1.1) 0 K 0 0 K Q p K Z/pZ L K (1) L K L K (2) K L L K [L : K] 1.1.


表1_表4

..3. Ω, Ω F, P Ω, F, P ). ) F a) A, A,..., A i,... F A i F. b) A F A c F c) Ω F. ) A F A P A),. a) 0 P A) b) P Ω) c) [ ] A, A,..., A i,... F i j A i A

TOP URL 1

入試の軌跡

ii

r 1 m A r/m i) t ii) m i) t B(t; m) ( B(t; m) = A 1 + r ) mt m ii) B(t; m) ( B(t; m) = A 1 + r ) mt m { ( = A 1 + r ) m } rt r m n = m r m n B

36 3 D f(z) D z f(z) z Taylor z D C f(z) z C C f (z) C f(z) f (z) f(z) D C D D z C C 3.: f(z) 3. f (z) f 2 (z) D D D D D f (z) f 2 (z) D D f (z) f 2 (

数理解析研究所講究録 第1955巻

27

2 3

数学Ⅲ立体アプローチ.pdf

PDF


.1 z = e x +xy y z y 1 1 x 0 1 z x y α β γ z = αx + βy + γ (.1) ax + by + cz = d (.1') a, b, c, d x-y-z (a, b, c). x-y-z 3 (0,

10 4 2

yamato_2016_0915_色校_CS3.indd

Contents

meiji_resume_1.PDF

wiles05.dvi

Transcription:

18 12 9 1 2 1.1............................... 2 1.2.................. 2 1.3................................. 4 1.4 Block cipher............................. 4 1.5 Stream cipher............................ 5 1.6.......................... 5 2 6 2.1 Diffie-Hellman........................ 6 2.2............................... 8 2.3...................... 8 2.4 DLP........................... 10 2.5........................ 10 2.6 ElGamal....................... 11 2.7 RSA........................... 11 2.8............................. 12 2.9............................... 13 2.10................................. 17 Douglas R. Stinson Cryptography: Theory and Practice CRC Press, 1995. 1

1 1.1 (Alice) (Bob) (Oscar) Oscar 1.2 2 1.1. ASCII A 01000001, B 01000010,... 2 8 8 (2 8 0 255) 1.2. ( ) 26 0 25 K 26 26 K 1.3. K=3 iloveyou 8, 11, 14, 21, 4, 24, 14, 20 11, 14, 17, 24, 7, 1, 17, 23 loryhbrx 1.4. 2

1. P: (plaintext) 2. C: (ciphertext) 3. K: (key) 4. e : K P C: (encryption function) 5. d : K C P: (decryption function) x P, k K, d(k, e(k, x)) = x. k x k e(k, x) d(k, ) d(k, e(k, x)) = x k 1.5. K = C = P = Z/26 := {0, 1,..., 25} mod 26 e(k, x) = x + k, d(k, y) = y k 1.6. d(k, ) d(k, ) : C P, y d(k, y) (break the cipher) K e(k, x) k K d(k, ) P k P 26 K k K e(k, ) : P C 3

e C e success, balloon c,s,l,o ii,aa q u k P C P P 2 128 2 256 1.3 P, C, K, e, d Oscar Oscar Alice Bob k K Oscar k Oscar Oscar (known plaintext attack) Oscar k Oscar Oscar Alice Oscar (chosen plaintext attack) 1.4 Block cipher P C P P = C 256 e(k, ) : P C 4

256 256 e(k, ) C 256 AES 2 256 26 1.5 Stream cipher k k 1, k 2,..., k n P n Alice Bob k K k 1, k 2,..., k n Alice i P e(k i, ) Bob Bob d(k i, ) SNOW2.0 F 2 16 e(k i, ) k i F 2 k i x 1,..., x i 1 1.6 Shannon e : K P C x P e(, x) : K C P n Alice K n (k 1, k 2,..., k n ) Bob x 1, x 2,..., x n e(k 1, x 1 ), e(k 2, x 2 ),..., e(k n, x n ) k 1,..., k n (one-time pad) k i P n 5

2 2.1 Diffie-Hellman DH Alice Bob Oscar Alice Bob Oscar k Alice S s A S Alice Bob Oscar s A Bob Oscar Bob s B s A s B Alice Bob Oscar s A Bob Oscar Alice Oscar Alice Bob f s A f(s A ) Bob Alice s B f(s A ) g(s B ) Bob Alice s A, g(s B ) 6

Bob f(s A ), s B Oscar f(s A ), g(s B ) f, g Alice, Bob f g f(s A ) s A Oscar Oscar Alice s A g(s B ) f(s A ) s B f(s A ) g(s B ) Alice Bob Diffie-Hellman S T S T T,, s, t s t s 1 (s 2 t) = s 2 (s 1 t) S, T t T Alice s A S Bob s B S Alice s A t Bob Bob s B t Alice Alice s B (s A t) Bob s A (s B t) Oscar s A t, s B t s A s B t t s t r NP=P (discrete log problem, DLP) G S = N, T = G, N G G, (n, g) g n (g, g n ) n DLP (Z/p), F pn, DLP 7

DLP Alice (g r A ) Bob Bob (g r B ) Alice Alice (g r A ) r B Bob (g r B ) r A (g, g r A, g r B ) g r Ar B DH intruder in the middle Oscar Alice Bob Alice Bob Bob Alice Alice Alice Bob Bob 2.2 G g n g n n O(log n) n = 13 = (1101) 2 1, 11, 110, 1101 4 ( 2 ) g, g 11 = g 10 g, g 110 = (g 11 ) 10, g 1101 = (g 110 ) 10 g 2 (binary method) 2.3 DH G, g G g G g < g > G G G = Z/N (N ) Z/N Z/N O((log N)) Z/N g, z Z/N z = rg r z rg mod N 8

r z = rg + bn r b x, y, z ax + by = z a, b a, b a x + b y = z (a a )x + (b b )y = 0 d := gcd(x, y), x = x 0 d, y = y 0 d (a a )x 0 = (b b)y 0 x 0 y 0 x 0 y 0 m a a = my 0, b b = mx 0 (m Z) d z d z ax + by = d a, b z/d a, b d ax + by qx + y y x r x + qr x r x, y d O(log α N) α (1 + 5)/2 O(log 2 N) = O(log 2 (α) log α (N)) = O(log α N) 9

O(log N) Z/N DLP φ : Z/N = G, n g n DH 1, r A, r B r A r B φ DLP DH 2.4 DLP n S n n DLP g, y S n y = g r r g {1, 2,..., n} y g i n i y = g r i r i r r i mod n i r 2.5 Alice Bob k e k d e : K e P C d : K d C P e(k e, ) d(k d, ) = id P (k e, k d ) K e K d 10

Alice k e k d k e k d Bob Alice Bob e(k e, ) Oscar Alice d(k d, ) k e k d k e d(k d, ) Alice Bob Bob k e k d k e 2.6 ElGamal G g G P := G, C := G G, K e = G, K d := Z Alice k e := g a k d := a Bob e(k e, x) = (g r, xk r e) (= (g r, xg ar )) r Bob e Alice d(k d, (y, z)) = zy k d (= (zy a )) 2.7 RSA RSA 1977 Alice G m Alice a ab 1 mod m b P = C = G K e = K d = Z/φ(n) Alice G k e := a k d := b 11

e(x, a) := x a d(y, b) := y b (x a ) b = x ab = x 1 ab 1 mod m m m Oscar a b G RSA n G := (Z/n) φ(n) φ(n) n φ(n) Alice p, q n = pq φ(n) = (p 1)(q 1) n n = pq φ(n) p + q = n φ(n) + 1 pq = n p, q ( 2 500 ) 2.8 RSA Alice private 12

Oscar 2 500 2 n 1 (Mersenne Prime ) 2 500 2 501 1 2.9 N N 2 500 Fermat 2.1. (Fermat ) n a (Z/n) a n 1 = 1 mod n. (Z/n) n 1 Fermat 1. a Z/n, a 0 2. a n 1 mod n 3. 1 n 1 n n a n 2.2. a (Z/n) {0} Fermat n Carmichael 10000 Carmichael 561, 1105, 1729, 2465, 2821, 6601, 8911 Carmichael Fermat Miller-Rabin 13

Miller-Rabin 2.3. n 3 a (Z/n) {0} n 1 2 n 1 = 2 r d, d a d = 1 a 2kd = 1 0 k < r. a 2rd = 1 a 2kd 1 0 k < r a d = 1 (a 2kd ) 2 = 1 x 2 1 = 0 1, 1 n 3 k a 2kd = 1 Miller Rabin n 3 1. n 1 = 2 r d, d: 2. a Z/n, a 0 3. a d, a 2d, a 4d,... a 2r 1d 1 1 n 4. n n a (witness) Carmichael Fermat Miller-Rabin Fermat 2.4. n (Z/n) Miller-Rabin 1/4 n a (Z/n) Miller-Rabin 3/4 n 1/4 n 100 Miller-Rabin 4 100 = 2 200 10 30 100 Miller-Rabin n 2.4 3 14

2.5. p (Z/p e ) (p 1)p e 1 2.6. 3 G > H > N H/N G/N G/H = (G/N)/(H/N). ( 2.4 ) n = p e 1 1 p e s s (Z/n) = (Z/(p e 1 1 )) (Z/(p e s s )) a (a 1,..., a s ) a (Z/n) a d = 1 k a 2kd = 1 a ( a) d = 1 k 0 a a 0 k r 1 K L := {a (Z/n) a 2Kd = ±1} K {a : } L a a d = 1 a 2kd = 1 (0 k < r) [(Z/n) : L] 4 L := {a = (a 1,..., a s ) a 2K d i = ±1( i)} < (Z/n) L > L f := ( ) 2Kd : (Z/n) (Z/n) L = f 1 ({(1, 1,..., 1), ( 1, 1,..., 1)}), 15

L = f 1 ({(±1, ±1,..., ±1)}), ±1 K a 2Kd = 1 a f : L {(1, 1,..., 1), ( 1, 1,..., 1)} a a = (a 1,..., a s ) a i 1 a a 2 Kd = (±1,..., ±1) 2.6 f : L ({(±1, ±1,..., ±1)}) L /L = (L/ ker f)/(l / ker f) = {(±1, ±1,..., ±1)})/({(1, 1,..., 1), ( 1, 1,..., 1)}). s 3 2 s 1 4 s = 1 n = p e 2.5 (Z/(p e )) (p 1)p e 1 L 2 K+1 d p e 1 p 1 1/p e 1 1/4 p = 3, e = 2 (Z/9) = {1, 2, 4, 5, 7, 8} 2,4,5,7 1/4 s = 2 n = p e 1 1 p e 2 2 [L : L] = 2 [(Z/n) : L ] 2 (Z/n) = L L 2 K d ±1 a 2K+1d = 1 2 K+1 d n 1 n Carmichael 2.7. n Carmichael 1. n Z/n = Z/(p e 1 1 ) Z/(p es s ) (p i 1)p e i 1 i n 1 1 (p i 1)p ei 1 n 1 p i e i = 1 n = pq p 1 pq 1 mod (p 1) pq 1 q 1 p 1 q 1 q 1 p 1 p = q 16

2.10 Alice x P Alice identify 2.8. (signature scheme) P A K s : K v : s : K s P A: v : K v P A {T, F }: k s K s, k v K v v(k v, x, a) = T a = s(k s, x) Alice k s k v k v k s x Alice x s(k s, x) (x, s(k s, x)) Alice Bob (x, a) Alice k v v(k v, x, a) T (True) a Alice Oscar Alice k s k v Alice k s Alice Oscar Alice x Alice Bob Alice (x, a) Bob e(k e,b, (x, a)) Bob Bob (x, a) Alice k v Alice Alice Bob Alice Oscar e(k e,b, (x, a)) Bob Bob Alice 17

Alice Bob RSA n = pq P = A = Z/n k s, k v Z/φ(n), k s k v = 1 s(k s, x) := x k s, v(k v, x, a) := a kv = x RSA Alice k s k d,a k v k e,a Alice x a a = x k d,a Bob ( ) k e,b Bob Bob ( ) (x, a) x a k e,a Alice 18

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック