版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
CHAPTER6:MORE
ON
SYMMETRIC
CIPHERS南京信息工程大学计算机与软件学院沈剑16.1.多重加密与三重DES算法DES—穷举攻击一种方法AES另一种方法用DES进行多次加密,且使用多个密钥—三重DES(3DES)对简单的多重加密两次加密、两个密钥,如图(Figure
6.1a).给定明文P,两个密钥K1
和K2,密文C如下算得:C
=
E(K2,
E(K1,
P))26.1.多重加密与三重DES算法解密时逆序使用两个密钥:P
=
D(K1,
D(K2,
C))密钥长度:56
x
2=112
bits36.1.多重加密与三重DES算法约化为单次加密有以下说法:对所有的56位密钥,给定K1
和K2,可能存在K3
满足E(K2,
E(K1,
P))=E(K3,
P)
若以上说法成立,则两层加密实际上是不管用的,因为它的效果等同于用一个密钥进行一次DES加密的效果。结论:E(K2,E(K1,P))=E(K3,P)结论不成立,双DES和单DES映射不同。DES的加密就是64-bit映射.共有264
可能的输入,DES加密之后都是唯一的64-bit的映射。264
的输入,共有多少一对一的映射?另一方面,DES为每个密钥定义了一个映射,映射总数为:256>101746.1.多重加密与三重DES算法5中间相遇攻击
双DES的结果和单DES的结果是不同的。但是有一种方法仍然可以攻击,而且可以不依赖与DES的任何特性,并对任意分组密钥都有效。该方称之为中间相遇攻击C
=
E(K2,
E(K1,
P))X
=
E(K1,
P)
=
D(K2,
C)给定明密文对(P,C),攻击如下:1、将P按所有可能的密钥K1
加密,得到的256
个结果按X的值排序放在一个表内。
2、然后将C用所有可能的密钥K2解密,每解密一次就将解密结果与表中的值比较,看看是否有相等的。
3、如果有相等的,就用刚才测试的两个密钥对一个新的明密文对进行验证。如果两个密钥产生了正确的密文,就认定这两个密钥是正确的密钥。6.1.多重加密与三重DES算法使用两个密钥的三重DES对抗中间相遇攻击:使用三个不同的密钥进行三次加密。缺点:密钥长度为56
x
3=168
bits,非常笨拙。
Tuchman建议仅使用两个密钥进行三次加密,过程为:加密-解密-加密
encrypt-decrypt-encrypt(EDE),如图(Figure
6.1b):C
=
E(K1,
D(K2,
E(K1,
P)))66.1.多重加密与三重DES算法7使用两个密钥的三重DES目前,还没有对3DES的可行攻击方法。
对3DES的穷举攻击的代价是2112
,且差分密码分析的代价是按指数增长的,与单DES相比,超过1052.
虽然对3DES的攻击都不实际,但一些攻击方法也许对以后产生好的攻击方法有所裨益。Merkle
and
Hellman.需要256
选择明密文对。6.1.多重加密与三重DES算法使用两个密钥的三重DES86.1.多重加密与三重DES算法9使用三个密钥的三重DES
虽然对上述的3DES的攻击不实用,但总是觉得双密钥的三重DES有点悬。因此很多人觉得使用三个密钥的三重DES才是最好的方案。C
=
E(K3,
D(K2,
E(K1,
P)))应用PGP和S/MIME,参见Chapter
15.6.2.电码本模式A
block
cipher
algorithm
is
a
basicbuilding
block
for
providing
datasecurity.A
mode
of
operation
is
a
techniquefor
enhancing
the
effect
of
acryptographic
algorithm
oradapting
the
algorithm
for
anapplicationThese
modes
are
intended
for
usewith
any
symmetric
block
cipher,including
triple
DES
and
AES.
Themodes
are
summarized
in
Table6.1.106.2.
Block
Cipher
Modes
ofOperationElectronic
Codebook
ModeThe
simplest
mode
is
the
electronic
codebook
(ECB)
mode
plaintext
is
handled
one
block
at
a
time
and
each
block
of
plaintext
is
encrypted
using
thesame
key
(Figure
6.3).116.2.
Block
Cipher
Modes
ofOperation12Electronic
Codebook
Mode
For
a
message
longer
than
b
bits,
the
procedure
is
simply
to
break
the
messageinto
b-bit
blocks,
padding
the
last
block
if
necessary.The
ECB
method
is
ideal
for
a
short
amount
of
data,
such
as
an
encryption
key.DES
keyThe
most
significant
characteristic
of
ECB
is
that
the
same
b-bit
block
of
plaintext.For
lengthy
messages,
the
ECB
mode
may
not
be
secure.
If
the
message
ishighly
structured,
it
may
be
possible
for
a
cryptanalyst
to
exploit
these
regularities.6.2.
Block
Cipher
Modes
ofOperationCipher
Block
Chaining
Mode
To
overcome
the
security
deficiencies
of
ECB,
we
would
like
a
technique
in
whichthe
same
plaintext
block,
if
repeated,
produces
different
ciphertext
blocks.
A
simple
way
to
satisfy
this
requirement
is
the
cipher
block
chaining
(CBC)
mode(Figure
6.4).
Initialization
Vector
(IV)136.2.
Block
Cipher
Modes
ofOperationCipher
Feedback
Mode
A
stream
cipher
eliminates
the
need
to
pad
a
message
to
be
an
integral
numberof
blocks.
It
also
can
operate
in
real
time.
Thus,
if
a
character
stream
is
beingtransmitted,
each
character
can
be
encrypted
and
transmitted
immediately
usinga
character-oriented
stream
cipher.
One
desirable
property
of
a
stream
cipher
is
that
the
ciphertext
be
of
the
samelength
as
the
plaintext.
Figure
6.5
depicts
the
CFB
scheme.
In
the
figure,
it
is
assumed
that
the
unit
oftransmission
is
s
bits;
a
common
value
is
s
=
8.
As
with
CBC,
the
units
of
plaintextare
chained
together,
so
that
the
ciphertext
of
any
plaintext
unit
is
a
function
of
allthe
preceding
plaintext.
In
this
case,
rather
than
units
of
b
bits,
the
plaintext
isdivided
into
segments
of
s
bits.146.2.
Block
Cipher
Modes
ofOperationOutput
Feedback
ModeThe
output
feedback(OFB)
mode
is
similarin
structure
to
that
ofCFB,
as
illustrated
inFigure
6.6.
As
can
beseen,
it
is
the
output
ofthe
encryption
functionthat
is
fed
back
to
theshift
register
in
OFB,whereas
in
CFB
theciphertext
unit
is
fedback
to
the
shiftregister.156.2.
Block
Cipher
Modes
ofOperationCounter
ModeApplication:
ATM
(asynchronoustransfer
mode)
networksecurity
and
IPSec
(IPsecurity)
Figure
6.7
depicts
the
CTRmode.
A
counter,
equal
to
theplaintext
block
size
is
used.The
only
requirementstated
in
SP
800-38A
is
thatthe
counter
value
must
bedifferent
for
each
plaintextblock
that
is
encrypted.166.3.
Stream
Ciphers
andRC4Stream
Cipher
Structure
A
typical
stream
cipher
encrypts
plaintext
one
byte
at
a
time,
although
a
streamcipher
may
be
designed
to
operate
on
one
bit
at
a
time
or
on
units
larger
than
abyte
at
a
time.
Figure
6.8
is
a
representative
diagram
of
stream
cipher
structure.
In
this
structure
a
key
is
input
to
a
pseudorandom
bit
generator
that
produces
astream
of
8-bit
numbers
that
are
apparently
random.176.3.
Stream
Ciphers
andRC418Stream
Cipher
StructureImportant
design
considerations
for
a
stream
cipher:
The
encryption
sequence
should
have
a
large
period.
A
pseudorandom
number
generatoruses
a
function
that
produces
a
deterministic
stream
of
bits
that
eventually
repeats.
The
keystream
should
approximate
the
properties
of
a
true
random
number
stream
asclose
as
possible.
Note
from
Figure
6.8
that
the
output
of
the
pseudorandom
number
generator
isconditioned
on
the
value
of
the
input
key.
To
guard
against
brute-force
attacks,
the
keyneeds
to
be
sufficiently
long.
With
a
properly
designed
pseudorandom
number
generator,
a
stream
cipher
canbe
as
secure
as
block
cipher
of
comparable
key
length.
The
primary
advantage
ofa
stream
cipher
is
that
stream
ciphers
are
almost
always
faster
and
use
far
lesscode
than
do
block
ciphers.
Table
6.2
compares
execution
times
of
RC4
with
three
well-known
symmetric
blockciphers.
For
applications
that
require
encryption/decryption
of
a
stream
of
data,
such
asover
a
data
communications
channel
or
a
browser/Web
link,
a
stream
ciphermight
be
the
better
alternative.
For
applications
that
deal
with
blocks
of
data,
suchas
file
transfer,
e-mail,
and
database,
block
ciphers
may
be
more
appropriate.6.3.
Stream
Ciphers
andRC419The
RC4
Algorithm
RC4
is
a
stream
cipher
designed
in
1987
by
Ron
Rivest
for
RSA
Security.
It
is
avariable
key-size
stream
cipher
with
byte-oriented
operations.
The
algorithm
isbased
on
the
use
of
a
random
permutation.
RC4
is
used
in
the
SSL/TLS
(Secure
Sockets
Layer/Transport
Layer
Security)
standardsthat
have
been
defined
for
communication
between
Web
browsers
and
servers.
It
is
also
used
in
the
WEP
(Wired
Equivalent
Privacy)
protocol
and
the
newer
WiFiProtected
Access
(WPA)
protocol
that
are
part
of
the
IEEE
802.11
wireless
LAN
standard.RC4
was
kept
as
a
trade
secret
by
RSA
Security.
The
RC4
algorithm
is
remarkably
simply
and
quite
easy
to
explain.
A
variable-length
key
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 有机化学原料的工艺流程模拟与优化考核试卷
- 铁路隧道照明与通风设计考核试卷
- 化学实验室数据记录与分析考核试卷
- 蔬果罐头生产过程中的工艺参数调整与优化考核试卷
- 乡村旅游消费者行为分析
- 锑冶炼产品质量检测考核试卷
- 1.2 成长不仅仅是身体 (解析版)
- 非公开募集基金参与网络安全项目投资考核试卷
- 糕点店顾客关系管理与忠诚度计划考核试卷
- 中国城市群一体化报告
- 变电站接地网施工方案
- 《食品雕刻》授课教案
- 澳洲签证-在校证明-常规版(模板)
- 企业发展规划部工作总结
- 咖啡厅室内设计PPT
- 北师大一年级数学上册期中测试卷及答案
- 小学二年级上册美术课件-5.17漂亮的钟-岭南版(14张)ppt课件
- 《回忆鲁迅先生》知识点整理(共4页)
- 新建时速200公里客货共线铁路设计暂行规定
- 实行特殊工时工作制实施方案
- 微波测量概述及信号源测量技术:4微波频谱分析仪工作原理第四章
评论
0/150
提交评论