Криптология. Вчера, сегодня, завтра
.PDF. , / ,.
) ! ' ' !
5 ! '
RSA.
8 DCA " EI & 9 DI & J
( 6
' '
' * ,
' X )
' ! S EI ( X ) ! '
8 (
- ( (
X S X DI (S ) X=X’ 4
( 4 (
) ! '
( &, (
. / ( 0 1 ) ( ,
( ,
,
, , ! ' , t
) ! ' #5 0 %
(
|
|
|
||
|
|
|
||
|
|
|
|
|
I e |
|
I e |
|
|
|
|
E p |
D p |
|
Ee |
De |
|
|
|
|
|
C I E p ( Ie U De ) |
|
|
|
|
|
||
S E e |
( X ) |
|
Ie |
U De D p (C I ) |
|
|
|
||
|
|
|
X De ( S ) |
|
|
|
|
X X ? |
|
|
|
|
|
|
|
|
|
|
|
X , S , C I |
|
|
|
|
|
5 0 J ! ' ! ' |
|||
|
|
, |
|
) ! ' &,
( |
( , DCA (Ee , De ) . |
|
a |
De |
' ' ! ' |
-' |
' |
( , ! Ie |
,
! |
|
' |
' |
CI E p ( Ie UDe ) |
- |
! , |
- |
' ,
S Ee ( X ) ' ! S !
-' ' (
- (
' ' ! ,
( Ie UDe ) Dp (CI ) Q ,
X De (S ) 4 X’ =X (
6 ( #, ' ' %
( J
' 8 ,
. , / ,.
) ! '
(
a 6
( $! FBC
DCA
R 5 7 5 1 ( $
! ' 6 , ! ' "
V
( !
6 , & $
' a $
! ' &
|
|
|
||
+ " |
|
|
|
|
|
|
|||
|
, |
|
, |
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
$%-. |
|
$%-. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 7 6$ ! ' |
|
|||
|
|
|
|
|
6 ! ' |
||||
( |
||||
DA_F‚` 8 |
||||
,!! $ |
||||
( , |
|
|
||
) ( |
|
|
||
$! FBC |
|
|
+ " |
|
|
|
|
, |
|
||
|
|
|
|
|
|
|
|
|
||
|
, |
|
|
|
|
|
|
|
|
|
|
$%-. |
$%-. |
|
|
|
|
|
|
5 1 6 ! '
#5 7 5 1% (
( # % $
( $! DCA
$ U
J ! ' DCA
5 O
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
E IC |
|
D IC |
|
E e |
|
|
|
|
|
|
|
E p |
|
D p |
|
||
|
|
|
|
D e |
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CI E p ( De ) |
|
|
|
|
|
|||
|
|
CIC Ee (DIC ) |
|
|
|
|
|
|
|||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EIC |
CIC |
CI |
D e |
|
D p ( C I |
) |
|
|
|
|
|||
|
|
|
D IC |
D e ( C IC |
) |
|
Y |
E I C ( X |
) |
X |
|
D I C ( Y ) |
|
X |
X |
|
||||
|
|
|
|
5 O J ! ' DCA
( " ( "
! ) (
'
R ( $
* ( >O? ' DCA '
,
R ( !
SaJ ;/.7W&/2 ' >.1? ,
( R (
#‚EL%
8 $ (
$ ' >.O?
+ FBC
'
ACy@ #Awwmc\igcvn&Cwe\czc\ yngeskigel @ck\ucgf%
|
: ( |
73 |
1O |
R ( |
a ' |
$300,000 |
18 c |
0 |
O3 |
:$ |
$10,000,000 |
0.005 c |
O |
W3 |
o N |
$300,000,000 |
0.0002 c |
12 c |
W1 |
' " FBC W1
(
&
FBC ( @L@ # ' $! % BFB #$! &
$! &$! %
) ƒ„ DCA (
N ( * & $ ,
,
R N p V V ƒLemm\vke„
.O33 yngekneg ( .;2
' J ' ` … L Dvxfhi• DCA ]ixvkigvkcef >./? .22W †. 333 333
-, B`H DCA
' '
|
|
|
!" # |
$ |
!% # |
& |
' " # |
J
( ;331 >./ .2?
|
2 (. |
|
|
1. |
D. Kahn, The Codebreakers, The Story of Secret Writing, abridget ed. |
New |
York, |
|
NY: Signet, 1973. |
|
|
2. |
T 8 6 " T |
8 5 |
! ' V " *p .2O0 ;70&00;
3.W.Diffie and M.E.Hellman, "New directions in cryptography," IEEE Trans. Informat. Theory, vol. 1 T-22, pp.644-654, Nov. 1976.
4.T 8 V 6 " T 8 +
& V " *p .2O0 ;70&00;
5.Judy H. Moore, "Protocol Failures in Cryptosystems," IEEE Trans. Informat. Theory, vol. 5 T-76, pp.594-602, May 1988.
6.Marc Joye and Jean-Jacques Quisquater, "Attacks on systems using Chinese remaindering." Internet: www.dice.ucl.ac.be/crypto/ techreports.html
7.) * 86V ; V " V .2WW
8.R. Silver, "The computation of indices modulo P," Mitre Corporation, Working Paper WP-07062, p.3, May 7, 1964.
9.S. C. Pohlig and M.E.Hellman, "An improved algorithm for computing logarithms in GF(p) and its cryptographic significance," IEEE Trans. Informat. Theory, vol. IT-24, pp.106-110, Jan. 1978.
10.D. Coppersmith, A. M. Odlyzko, and R. Schroeppel, "Discrete logarithms in GF(p)," Algorithmica, vol.1, pp. 1-16, 1986.
11.Z. Shmuely, "Composite Diffie-Hellman public-key generating systems are hard to break," Computer Science Departmant, Technion, Haifa, Israel, Technical Rep. 356, Feb. 1985.
12.K. S. McCurley, "A key distribution system equivalent to factoring, "Department of Mathematics, University of Southern California, June 3, 1987.
13.G. I. Davida, "Chosen signature cryptanalysis of the RSA (MIT) public key cryptosystem," Tech. Rep. TR-82-2, Dept. of Electrical Engineering and Computer Science, Univ. of Wisconsin, Milwaukee, WI, Oct. 1982.
14.D. E. Denning, "Digital signatures with RSA and other public-key cryptosystems," in Comm. of the ACM, vol.27, pp. 388-392, Apr. 1984.
15.6 a = !
SaJ ;/.7W&/2 # " J V VN*%
16. 6 a & :
o * ! " *Roa NS ‡.; #;3% .22O W2&/0
17. N p + : ˆ0 ! & ( Q ! '
! ‡7 & .22O \ ;.&0W
18.M.J.Robshaw, «Security Estimates for 512-bit RSA», RSA Laboratories, June 29, 1995.
19.Andrew M. Odlyzko, «The future of integer factorization», AT&T Bell Laboratories, July 11, 1995.