1

i hc quc gia h ni
Khoa cng ngh

Phan nh Diu
L thuyt mt m
&
an ton thng tin






NXB i hc quc gia h ni - 2002

2


L thuyt mt m
&
An ton thng tin

3


L thuyt mt m
&
An ton thng tin
Phan nh Diu
i hc Quc gia H Ni







Khoa Cng ngh- HQG H ni


1
Ni dung
Li m u.................................................................4
Chng 1
Gii thiu chung v mt m......8
1.1. S loc lch s v khoa mt m.................................. ........ 8
1.2. H thng mt m. M theo khi v m theo dng ........ 12
1.3. Mt m kha i xng v mt m c kha cng khai.... 15
1.4. Cc bi ton an ton thng tin ........................................... 16
1.5. Thm m v tnh an ton ca cc h mt m................... 18

Chng 2.
C s ton hc ca l thuyt mt m................20

2.1.S hc cc s nguyn.Thut ton Euclide.......................... 20
2.2. Xc sut v thut ton xc sut......... ............................... 31
2.3. phc tp tnh ton......................................................... 36

2.4.S nguyn t. Phn tch thnh tha s.Lgarit ri rc.... 42


2

Chng 3
Cc h mt m kho i xng ...... 55
3.1. Cc h mt m c in........................................................ 55
3.2. Thm m i vi cc h mt m c in ......................... 63
3.3. Mt m theo dng v cc dy s gi ngu nhin ...........72
3.4. H mt m chun DES ........................................ 80

Chng 4
Cc h mt m kho cng khai ...........92
4.1. Gii thiu m u.................................................................92
4.1. H mt m kho cng khai RSA ........................................97
4.2. H mt m kho cng khai Rabin.................................... 101
4.3. H mt m kho cng khai ElGamal................................103
4.4. Cc h mt m da trn cc bi ton NP-y ............107
4.5. Cc h mt m xc sut kho cng khai...........................111

Chng 5
Bi ton xc nhn v Ch k in t......115
5.1. Bi ton xc nhn v s ch k................................ 115
5.2. S ch k ElGamal v chun ch k i t.......... 118
5.3. Hm bm v ch k......................................................... 122
5.4. Mt s s ch k khc............................................... 127
5.5.Ch k khng ph nh c&khng chi b c 131


3
Chng 6
Cc s xng danh v xc nhn danh tnh 136
6.1. Vn xng danh..............................................................136
6.2. S xng danh Schnorr..................................................137
6.3. S xng danh Okamoto................................................140
6.4. S xng danh Guillou-Quisquater..............................142
6.5. Giao thc Feige-Fiat-Shamir...............................................145
6.6. Php chng minh khng l tri thc..................................147

Chng 7
Vn phn phi kho v tho thun kho 152
7.1. Qun tr kho trong cc mng truyn tin.........................152
7.2. Mt s h phn phi kho................................................153
7.3. Trao i kho v tho thun kho....................................157

Ch dn v ti liu tham kho..................................................163










4



Li m u

T khi con ngi c nhu cu trao i thng tin, th t cho
nhau th nhu cu gi b mt v bo v tnh ring t ca nhng thng
tin, th t c trao i cng ny sinh. Hnh thc thng tin c
trao i ph bin v sm nht l di dng cc vn bn, gi b
mt ca thng tin ngi ta sm ngh n cch che du ni dung
cc vn bn bng cch bin dng cc vn bn ngi ngoi
khng c hiu c, ng thi c cch khi phc li nguyn dng
ban u ngi trong cuc vn c hiu c; theo cch gi ngy
nay th dng bin i ca vn bn c gi l mt m ca vn bn,
cch lp mt m cho mt vn bn c gi l php lp mt m, cn
cch khi phc li nguyn dng ban u ca vn bn t bn mt m
c gi l php gii m. Php lp mt m v php gii m c
thc hin nh mt cha kho ring no m ch nhng ngi trong
cuc c bit, sau y ta s gi l kho mt m. Ngi ngoi cuc
khng c bit kho mt m, nn d c "n cp" c bn mt m
trn ng truyn tin, v nguyn tc cng khng th gii m
hiu c ni dung ca vn bn truyn i.
Hin nhin, tiu chun ca mt bn mt m l to c tnh
b mt cho vn bn; v vy khi nim b mt l khi nim ct li nht
i vi mt l thuyt v mt m. C th c mt nh ngha khoa hc
cho khi nim b mt hay khng? c nhiu cch tip cn tm
hiu ni dung ca khi nim b mt, nhng mt nh ngha khoa
hc, hay hn na, mt nh ngha ton hc cho khi nim th
cha c. Mt cch tip cn kh ph bin l gn khi nim b mt vi
khi nim "ngu nhin", nu mt vn bn r c mt ni dung xc
nh th iu ta mong mun l bn mt m ca n phi l mt bn
gm cc k t c sp xp hn n, c v nh ngu nhin khin

5
ngi ngoi nhn vo khng th xc nh c ni dung ca vn
bn gc. Tuy nhin, nu "b mt" l khi nim cha nh ngha
c, th khi nim "ngu nhin", hay c th hn, khi nim "dy bit
ngu nhin", cng kh nh ngha nh vy, ta cha qui nh c
mt tiu chun ton hc xc nh mt dy bit c l "ngu nhin"
hay khng, m ch mi tm hiu c mt s thuc tnh gn vi
"ngu nhin", dng lm cn c tm xc nh mt dy bit c l
"gi ngu nhin" theo ngha c cc thuc tnh hay khng m thi.
T my thp nin gn y, bc vo k nguyn my tnh,
cng nh i vi nhiu lnh vc khc, lnh vc mt m cng c
nhng chuyn bin to ln t giai on mt m truyn thng sang
giai on mt m my tnh; my tnh in t c s dng ngy
cng ph bin trong vic lp mt m, gii mt m, v nhng chuyn
bin kch thch vic nghin cu cc gii php mt m, bin
vic nghin cu mt m thnh mt khoa hc c i tng ngy cng
rng ln v c s dng c hiu qu trong nhiu phm vi hot
ng ca cuc sng. V cc nghip v ch yu ca mt m c
thc hin bng my tnh, nn cc khi nim b mt, ngu nhin cng
dn c "my tnh ho", v vi s ra i ca L thuyt v phc
tp tnh ton vo gia nhng nm 1960, cc khi nim tm c
mt ni dung chung c th c nghin cu mt cch ton hc l
tnh phc tp. By gi ta c th ni, mt bn mt m i vi anh l
b mt, nu t bn mt m tm ra bn r anh phi thc hin
mt tin trnh tnh ton m phc tp ca n vt qu mi nng
lc tnh ton (k c mi my tnh) ca anh; mt dy bit c th xem l
ngu nhin , nu da vo mt on bit bit tm mt bit tip
theo ca dy anh cng phi thc hin mt tin trnh tnh ton c
phc tp cc ln tng t nh ni trn.
Vic chuyn sang giai on mt m my tnh trc ht c
tc dng pht trin v hin i ho nhiu h thng mt m theo kiu
truyn thng, lm cho cc h thng c cc cu trc tinh t hn,
i hi lp mt m v gii m phc tp hn, do hiu qu gi b
mt ca cc gii php mt m c nng cao hn trc rt nhiu.
Tuy nhin, mt bc chuyn c tnh cht cch mng m mt m
my tnh mang li l vic pht minh ra cc h mt m c kho cng
khai, bt u t cui nhng nm 1970, c s l thuyt ca cc pht

6
minh l s tn ti ca cc hm mt pha (one-way function), tc
l nhng hm s s hc y = f (x) m vic tnh theo pha thun t x
tnh y l tng i d, nhng vic tnh theo pha ngc t y tm li
x (x = f
--1
(y)) l cc k phc tp. Cc h mt m c kho cng khai
lm thay i v bn cht vic t chc cc h truyn thng bo mt,
lm d dng cho vic bo mt trn cc h truyn thng cng cng,
v do tnh cht c bit chng l c s cho vic pht trin
nhiu giao thc an ton thng tin khc khi s dng mng truyn
thng cng cng, chng hn cc loi giao thc v xc nhn ngun tin
v nh danh ngi gi, ch k in t, cc giao thc xc nhn
khng l thng tin g khc ngoi vic xc nhn, cc giao thc trao
i kho trong t chc truyn tin bo mt v trong xc nhn, v.v...,
v gn y trong vic pht trin nhiu giao thc c th khc trong
cc giao dch ngn hng v thng mi in t, pht hnh v mua
bn bng tin in t,... Cng cn ni thm l l thuyt mt m hin
i, tc l mt m my tnh trn c s l thuyt v phc tp tnh
ton tuy c nhiu ng dng c sc v c trin vng to ln, nhng
cng mi ang trong giai on pht trin bc u, cn phi khc
phc nhiu kh khn v tm kim thm nhiu c s vng chc mi
tip tc hon thin v pht trin. Chng hn, nh trn ni,
mt c s quan trng ca l thuyt mt m hin i l s tn ti ca
cc hm mt pha, nhng ngay c tht tn ti cc hm mt pha hay
khng cng cn l mt bi ton cha c cu tr li! Ta ch mi ang
c mt s hm mt pha theo s hiu bit ca con ngi hin nay,
nhng cha chng minh c c mt hm c th no chc chn
l hm mt pha! Tuy nhin, nu theo quan im khoa hc hin i,
ta khng xem mc ch khoa hc l i tm nhng chn l chc chn
tuyt i, m l i tm nhng cch gii quyt vn (problem
solving) gp trong thc tin, th ta vn c th tin vo nhng gii
php "tng i" rt c hiu qu m l thuyt hin i v mt m
ang cng hin cho con ngi hin nay.
Tp gio trnh L thuyt mt m v an ton thng tin ny
c son phc v cho vic hc tp ca sinh vin cc lp theo
chng trnh i hc hoc cao hc thuc ngnh Cng ngh thng tin
ca i hc Quc gia H ni. Trong khong mi nm gn y, trn
th gii xut hin nhiu sch v ti liu c tnh cht gio khoa

7
hoc tham kho v l thuyt mt m hin i v ng dng. Ngi
vit tp gio trnh ny ch c c gng la chn v sp xp mt s ni
dung m mnh ngh l cn thit v thch hp nht trong mt
phm vi hn ch v thi gian (v khng gian) trnh by v gii thiu
c cho ngi hc mt cch tng i h thng nhng kin thc
c bn v l thuyt mt m hin i, bao gm c mt s kin thc
ton hc cn thit. Gio trnh ny c ging dy cho sinh vin
cc kho cao hc v Cng ngh thng tin thuc i hc Bch khoa
H ni v khoa Cng ngh i hc Quc gia H ni t nm 1997
n 2004. Ngi vit chn thnh cm n cc bn ng nghip v
ngi c ch cho nhng ch thiu st c th kp thi sa cha
cho nhng ln in sau, nu c.


Thng 12 nm 2002
Phan nh Diu








8


CHNG I

Gii thiu chung v mt m

1.1. S lc lch s v mt m.
Nh gii thiu trong Li m u, nhu cu s dng mt
m xut hin t rt sm, khi con ngi bit trao i v truyn
a thng tin cho nhau, c bit khi cc thng tin c th
hin di hnh thc ngn ng, th t. Lch s cho ta bit, cc hnh
thc mt m s khai c tm thy t khong bn nghn nm
trc trong nn vn mnh Ai cp c i. Tri qua hng nghn nm
lch s, mt m c s dng rng ri trn khp th gii t ng
sang Ty gi b mt cho vic giao lu thng tin trong nhiu lnh
vc hot ng gia con ngi v cc quc gia, c bit trong cc
lnh vc qun s, chnh tr, ngoi giao. Mt m trc ht l mt loi
hot ng thc tin, ni dung chnh ca n l gi b mt thng
tin (chng hn di dng mt vn bn) t mt ngi gi A n mt
ngi nhn B, A phi to cho vn bn mt bn m mt tng
ng, v thay v gi vn bn r th A ch gi cho B bn m mt, B
nhn c bn m mt v s c cch t khi phc li vn bn r
hiu c thng tin m A mun gi cho mnh. V bn gi i
thng c chuyn qua cc con ng cng khai nn ngi ngoi
c th "ly trm" c, nhng do l bn mt m nn khng c
hiu c, cn A c th to ra bn m mt v B c th gii bn m
mt thnh bn r hiu c l do gia hai ngi c mt tha
thun v mt cha kha chung, ch vi cha kha chung ny th A
mi to c bn m mt t bn r, v B mi t bn m mt khi
phc li c bn r. Sau ny ta s gi n gin cha kha chung
l kha mt m. Tt nhin thc hin c mt php mt m, ta

9
cn cn c mt thut ton bin bn r, cng vi kha mt m, thnh
bn m mt, v mt thut ton ngc li, bin bn m mt, cng vi
kha mt m, thnh bn r. Cc thut ton c gi tng ng l
thut ton lp mt m v thut ton gii mt m. Cc thut ton ny
thng khng nht thit phi gi b mt, m ci cn c gi tuyt
mt lun lun l kha mt m. Trong thc tin, c hot ng bo
mt th cng c hot ng ngc li l khm ph b mt t cc bn
m mt "ly trm" c, ta thng gi hot ng ny l m thm,
hot ng ny quan trng khng km g hot ng bo mt! V cc
thut ton lp mt m v gii mt m khng nht thit l b mt, nn
m thm thng c tp trung vo vic tm kha mt m, do
cng c ngi gi cng vic l ph kha.

Sut my nghn nm lch s, cc thng bo, th t c
truyn a v trao i vi nhau thng l cc vn bn, tc l c
dng cc dy k t trong mt ngn ng no ; v vy, cc thut
ton lp mt m thng cng n gin l thut ton xo trn, thay
i cc k t c xc nh bi cc php chuyn dch, thay th hay
hon v cc k t trong bng k t ca ngn ng tng ng; kha
mt m l thng tin dng thc hin php lp mt m v gii mt
m c th, th d nh s v tr i vi php chuyn dch, bng xc
nh cc cp k t tng ng i vi php thay th hay hon v,...
Mt m cha phi l mt khoa hc, do cha c nhiu kin thc
sch v li, tuy nhin hot ng bo mt v thm m trong lch
s cc cuc u tranh chnh tr, ngoi giao v qun s th ht sc
phong ph, v mt m c nhiu tc ng rt quan trng a n
nhng kt qu lm khi c ngha quyt nh trong cc cuc u
tranh . Do trong mt thi gian di, bn thn hot ng mt m
cng c xem l mt b mt, nn cc ti liu k thut v mt m
c ph bin n nay thng ch ghi li cc kin thc kinh nghim,
thnh thong mi c mt vi "pht minh" nh cc h mt m
Vigenre vo th k 16 hoc h mt m Hill ra i nm 1929 l cc
h m thc hin php chuyn dch (i vi m Vigenre) hay php
thay th (m Hill) ng thi trn mt nhm k t ch khng phi
trn tng k t ring r. Vn thm m, ngc li, khi thnh cng
thng a n nhng cng hin ni tri v n tng trong nhng

10
tnh hung gay cn ca cc cuc u tranh, v cng thng i hi
nhiu ti nng pht hin vi nhng kinh nghim v suy lun tinh t
hn, nn li nhiu chuyn hp dn hn. Nhiu cu chuyn k th
ca lch s thm m c thut li trong quyn sch ni ting
ca David Kahn The Codebreakers . The Story of Secret Writing ,
xut bn nm 1967 (sch c dch ra nhiu th ting, c bn
dch ting Vit Nhng ngi m thm, 3 tp, xut bn ti H ni
nm 1987).

Bc sang th k 20, vi nhng tin b lin tc ca k thut
tnh ton v truyn thng, ngnh mt m cng c nhng tin b
to ln. Vo nhng thp nin u ca th k, s pht trin ca cc k
thut biu din, truyn v x l tn hiu c tc ng gip cho cc
hot ng lp v gii mt m t th cng chuyn sang c gii ha
ri in t ha. Cc vn bn, cc bn mt m trc y c vit
bng ngn ng thng thng nay c chuyn bng k thut s
thnh cc dy tn hiu nh phn, tc cc dy bit, v cc php bin i
trn cc dy k t c chuyn thnh cc php bin i trn cc dy
bit, hay cc dy s, vic thc hin cc php lp m, gii m tr
thnh vic thc hin cc hm s s hc. Ton hc v k thut tnh
ton bt u tr thnh cng c cho vic pht trin khoa hc v mt
m. Khi nim trung tm ca khoa hc mt m l khi nim b mt.
l mt khi nim ph bin trong i sng, nhng liu c th cho
n mt ni dung c th nh ngha c mt cch ton hc khng?
Nh lc qua trong Li m u, khi nim b mt thot u
c gn vi khi nim ngu nhin, ri v sau trong nhng thp
nin gn y, vi khi nim phc tp, c th hn l khi nim
phc tp tnh ton. Vic s dng l thuyt xc sut v ngu nhin
lm c s nghin cu mt m gip C.Shannon a ra khi
nim b mt hon ton ca mt h mt m t nm 1948, khi u
cho mt l thuyt xc sut v mt m. Trong thc tin lm mt m,
ccdy bit ngu nhin c dng trn vi bn r (di dng mt
dy bit xc nh) thnh ra bn mt m. Lm th no to ra cc
dy bit ngu nhin? C th to ra bng phng php vt l n gin
nh sau: ta tung ng xu ln, nu ng xu ri xung mt sp th ta
ghi bit 0, mt nga th ta ghi bit 1; tung n ln ta s c mt dy n

11
bit, dy bit thu c nh vy c th c xem l dy bit ngu nhin.
Nhng to ra theo cch nh vy th kh c th s dng mt cch
ph bin, v khng th tm ra qui lut theo m sinh ra dy bit
ngu nhin c. y ta gp mt kh khn c tnh bn cht: nu
c qui lut th khng cn l ngu nhin na ri! Nh vy, nu ta
mun tm theo qui lut, th khng bao gi c th tm ra cc dy bit
ngu nhin, m cng lm cng ch c th c cc dy bit gn ngu
nhin, hay gi ngu nhin, m thi. T nhiu chc nm nay, ngi
ta nghin cu xut nhiu thut ton ton hc sinh ra cc
dy bit gi ngu nhin, v cng a ra nhiu thuc tnh nh
gi mt dy bit gi ngu nhin c ng c xem l "gn" ngu
nhin hay khng. Mt vi thuc tnh ch yu m ngi ta xut
l: cho mt dy bit X = (x
1
,x
2
,.....,x
n
,...); dy c xem l gi ngu
nhin "tt" nu xc sut xut hin bit 0 hay bit 1 trong ton dy
cng nh trong mi dy con bt k ca n u bng 1/2; hoc mt
tiu chun khc: nu mi chng trnh sinh ra c on u n bit
ca dy u phi c phc tp (hay di) c n k t ! V sau
ny, khi l thuyt v phc tp tnh ton c pht trin th
tiu chun v ngu nhin cng c qui v tiu chun phc tp tnh
ton, c th mt dy bit X c xem l gi ngu nhin "tt" nu mi
thut ton tm c bit th n (x
n
) khi bit cc bit trc (x
1
,,...,x
n-1
)
vi xc sut ng > 1/2 u phi c phc tp tnh ton thuc lp
NP-kh!
L thuyt v phc tp tnh ton ra i t gia nhng nm
1960 cho ta mt cch thch hp qui yu cu b mt hoc ngu
nhin v mt yu cu c th nh ngha c l yu cu v phc
tp tnh ton. By gi ta c th ni: mt gii php mt m l bo
m b mt, nu mi thut ton thm m, nu c, u phi c
thc hin vi phc tp tnh ton cc ln! Cc ln l bao nhiu?
L vt qu gii hn kh nng tnh ton (bao gm c my tnh) m
ngi thm m c th c. V l thuyt, c th xem l nhng
phc tp tnh ton vi tc tng vt qu hm m, hoc thuc loi
NP-kh. Tuy nhin, l thuyt phc tp tnh ton khng ch cng
hin cho ta mt khi nim gip chnh xc ha tiu chun b mt
ca cc gii php mt m, m cn m ra mt giai on mi ca
ngnh mt m, bin ngnh mt m thnh mt khoa hc c ni dung

12
l lun phong ph v c nhng ng dng thc tin quan trng
trong nhiu lnh vc ca i sng hin i. Bc ngot c tnh cch
mng trong lch s khoa hc mt m hin i xy ra vo nm 1976
khi hai tc gi Diffie v Hellman a ra khi nim v mt m kha
cng khai v mt phng php trao i cng khai to ra mt
kha b mt chung m tnh an ton c bo m bi kh ca
mt bi ton ton hc c th (l bi ton tnh "lgarit ri rc"). Hai
nm sau, nm 1978, Rivest, Shamir v Adleman tm ra mt h mt
m kha cng khai v mt s ch k in t hon ton c th
ng dng trong thc tin, tnh bo mt v an ton ca chng c
bo m bng phc tp ca mt bi ton s hc ni ting l bi
ton phn tch s nguyn thnh cc tha s nguyn t. Sau pht
minh ra h mt m (m nay ta thng gi l h RSA), vic nghin
cu pht minh ra cc h mt m kha cng khai khc, v ng
dng cc h mt m kha cng khai vo cc bi ton khc nhau ca
an ton thng tin c tin hnh rng ri, l thuyt mt m v an
ton thng tin tr thnh mt lnh vc khoa hc c pht trin
nhanh trong vi ba thp nin cui ca th k 20, li cun theo s
pht trin ca mt s b mn ca ton hc v tin hc. Trong cc
chng v sau ca tp gio trnh ny ta s ln lt lm quen vi mt
s thnh qu ch yu ca l thuyt .

1.2. Cc h thng mt m.
1.2.1. S h thng mt m.
Mt m c s dng bo v tnh b mt ca thng tin khi
thng tin c truyn trn cc knh truyn thng cng cng nh cc
knh bu chnh, in thoi, mng truyn thng my tnh, mng
Internet, v.v... Gi th mt ngi gi A mun gi n mt ngi
nhn B mt vn bn (chng hn, mt bc th) p, bo mt A lp
cho p mt bn mt m c, v thay cho vic gi p, A gi cho B bn mt
m c, B nhn c c v "gi m" c li c vn bn p nh A
nh gi. A bin p thnh c v B bin ngc li c thnh p , A v B
phi tha thun trc vi nhau cc thut ton lp m v gii m, v
c bit mt kha mt m chung K thc hin cc thut ton .
Ngi ngoi, khng bit cc thng tin (c bit, khng bit kha

13




K), cho d c ly trm c c trn knh truyn thng cng cng,
cng khng th tm c vn bn p m hai ngi A, B mun gi cho
nhau. Sau y ta s cho mt nh ngha hnh thc v s mt m
v cch thc thc hin lp mt m v gii mt m.
nh ngha 1.2.1. Mt s h thng mt m l mt b nm
S = (P , C , K , E , D ) (1)
tha mn cc iu kin sau y:
P l mt tp hu hn cc k t bn r,
C l mt tp hu hn cc k t bn m,
K l mt tp hu hn cc kha,
E l mt nh x t KxP vo C , , c gi l php lp mt m;
v D l mt nh x t KxC vo P , c gi l php gii m. Vi
mi KK , ta nh ngha e
K
: P C , d
K
:C P l hai hm cho bi :
x P : e
K
(x) = E (K,x) ; y C : d
K
(y) = D (K,y).
e
K
v d
K
c gi ln lt l hm lp m v hm gii m ng vi
kha mt m K. Cc hm phi tha mn h thc:
x P : d
K
(e
K
(x)) = x.
V sau, thun tin ta s gi mt danh sch (1) tho mn cc
tnh cht k trn l mt s h thng mt m , cn khi chn c
nh mt kho K, th danh sch (P , C , e
K
, d
K
) l mt h mt m
thuc s .
Trong nh ngha ny, php lp mt m (gii m) c nh
ngha cho tng k t bn r (bn m). Trong thc t, bn r ca mt
thng bo thng l mt dy k t bn r, tc l phn t ca tp P *,
v bn mt m cng l mt dy cc k t bn m, tc l phn t ca
tp C *, vic m rng cc hm e
K
v d
K
ln cc min tng ng P *
v C * c cc thut ton lp mt m v gii m dng trong thc
t s c trnh by trong tit sau. Cc tp k t bn r v bn m
thng dng l cc tp k t ca ngn ng thng thng nh ting
Vit, ting Anh (ta k hiu tp k t ting Anh l A tc A =
{a,b,c,...,x,y,z } gm 26 k t; tp k t nh phn B ch gm hai k t

0 v 1; tp cc s nguyn khng m b hn mt s n no (ta k
hiu tp ny l Z
n
tc Z
n
= {0,1,2,...., n- 1}). Ch rng c th xem B
= Z
2
. thun tin, ta cng thng ng nht tp k t ting Anh A
vi tp gm 26 s nguyn khng m u tin Z
26
= {0,1,2,...., 24,25}
vi s tng ng sau y:
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25.
i khi ta cng dng vi t cch tp k t bn r hay bn m l cc
tp tch ca cc tp ni trn, c bit l cc tp A
m
, B
m
, Z
n
m
.

1.2.2. M theo khi v m theo dng.
Nh ni trn, bn r ca thng bo m ta mun gi i
thng l mt dy k t, trong khi theo nh ngha ca s mt
m, hm lp mt m v hm gii m c nh ngha cho tng k
t. T cc nh ngha ca hm lp mt m v hm gii m, ta m
rng thnh thut ton lp m (v gii m) xc nh cho mi bn r
(bn m) nh sau:
Theo cch m theo khi (block cipher), trc ht ta xc nh
mt di khi (chng hn l k), tip m rng khng gian kha
t K thnh K
k
, v vi mi K =K
1
...K
k
K
k
, ta m rng e
K
v d
K

thnh cc thut ton e
K
: P
k
C
k
v d
K
: C
k
P
k
nh sau: vi mi
x
1
...x
k
P
k

v y
1
...y
k
C
k
ta c
14
e x x e x e x
1
1 1
( .... ) ( ).... ( );
k
K k K K k
=
1
1 1
( .... ) ( ).... ( )
k
K k K K k
d y y d y d y = .
Gi th bn r m ta mun lp mt m cho n l dy k t X P *
.Ta ct X thnh tng khi, mi khi c di k, khi cui cng c
th c di <k, ta lun c th gi thit l c th b sung vo phn
cui ca khi mt s k t qui c no n cng c di k.
Do ta c th gi thit X = X
1
....X
m
, trong mi X
1
,...,X
m
l mt
khi c di k. V ta nh ngha bn mt m ca X l:
e
K
(X) = e
K
(X
1
....X
m
) = e
K
(X
1
)....e
K
(X
m
).
t Y = e
K
(X
1
)....e
K
(X
m
), ta c th vit Y = Y
1
....Y
m
vi Y
i
=e
K
(X
i
), v do
c

d
K
(Y) = d
K
(Y
1
)....d
K
(Y
m
) = X
1
....X
m
= X.
Cch m theo khi n gin v thng dng nht l khi ta chn
di khi k =1. Khi vi mi bn r X = x
1
...x
m
P * ta c
e
K
(X) = e
K
(x
1
....x
m
) = e
K
(x
1
)....e
K
(x
m
).

Vi cch m theo dng (stream cipher), trc ht ta phi xc
nh mt dng kha, tc l mt phn t K = K
1
...K
m
K
*

, vi dng
kha ta xc nh vi mi bn r X = x
1
...x
m
P * bn m tng
ng l
e
K
(X) =
1
1 1
( ... ) ( )... ( ).
m
K m K K m
e x x e x e x =
Gii m Y = e
K
(X) ta c
d
K
(Y) = .
1 1
1 1
( ( )).... ( ( )) ....
m m
K K K K m m
d e x d e x x x X = =
s dng cch lp mt m theo dng, ngoi s mt m
gc ta cn phi c mt dng kha, tc l mt dy c di ty cc
k t kha. thng l cc dy cc k t kha c sinh ra bi
mt b "to dy ngu nhin" no xut pht t mt "mm" chn
trc. Trong cc ng dng thc t, ngi ta thng dng cch m
theo dng c s mt m gc l s Vernam vi
P = C = K = {0,1}
v cc hm lp m v gii m c xc nh bi
e
K
(x) = x + K mod 2, d
K
(y) = y +K mod 2 (K = 0 hoc 1);
dng kha l dy bit ngu nhin c sinh ra bi mt b to dy bit
ngu nhin no .

1.3. Mt m kha i xng v mt m c kha cng khai.

Theo nh ngha 1.2.1 v s mt m, c mi ln truyn tin
bo mt, c ngi gi A v ngi nhn B phi cng tha thun
trc vi nhau mt kha chung K, sau ngi gi dng e
K
lp
mt m cho thng bo gi i, v ngi nhn dng d
K
gii m
bn mt m nhn c. Ngi gi v ngi nhn cng c mt kha
15

16
chung K, c gi nh b mt ring ca hai ngi, dng c cho lp
mt m v gii m, ta gi nhng h mt m vi cch s dng l
mt m kha i xng, i khi cng gi l mt m truyn thng, v
l cch c s dng t hng ngn nm nay.

Tuy nhin, v nguyn tc hai hm lp m v gii m l khc
nhau, khng nht thit phi ph thuc cng mt kha. Nu ta xc
nh mi kha K gm c hai phn K = (K' , K'' ), K' dnh cho vic lp
mt m (v ta c hm lp m e
K'
), K'' dnh cho vic gii m (v c
hm gii m d
K''
), cc hm lp m v gii m tha mn h thc
d
K''
(e
K'
(x)) = x vi mi x P ,
th ta c mt h mt m kha phi i xng. Nh vy, trong mt
h mt m kha phi i xng, cc kha lp m v gii m (K' v K''
) l khc nhau, nhng tt nhin c quan h vi nhau. Trong hai kha
, kha cn phi gi b mt l kha gii m K'' , cn kha lp m K'
c th c cng b cng khai; tuy nhin iu ch c ngha thc
tin khi vic bit K' tm K'' l cc k kh khn n mc hu nh
khng th thc hin c. Mt h mt m kha phi i xng c tnh
cht ni trn, trong kha lp mt m K' ca mi ngi tham gia
u c cng b cng khai, c gi l h mt m kha cng khai.
Khi nim mt m kha cng khai mi c ra i vo gia nhng
nm 1970, v ngay sau tr thnh mt khi nim trung tm ca
khoa hc mt m hin i. Ta s dnh phn ln ni dung gio trnh
ny cho cc h mt m v nhng ng dng ca chng vo cc
vn an ton thng tin.

1.4. Cc bi ton v an ton thng tin.
Chng ta ang sng trong mt thi i bng n thng tin.
Nhu cu trao i thng tin v cc phng tin truyn a thng tin
pht trin mt cch nhanh chng. V cng vi s pht trin , i
hi bo v tnh b mt v an ton ca thng tin cng cng ngy cng
to ln v c tnh ph bin. C nhiu bi ton khc nhau v yu cu
an ton thng tin ty theo nhng tnh hung khc nhau, nhng tu

17
trung c mt s bi ton chung nht m ta thng gp trong thc
tin l nhng bi ton sau y:

- bo mt : gi thng tin c b mt i vi tt c mi
ngi, tr mt t ngi c thm quyn c c, bit thng tin ;
- ton vn thng tin : bo m thng tin khng b thay i
hay xuyn tc bi nhng k khng c thm quyn hoc bng nhng
phng tin khng c php;
- nhn thc mt thc th : xc nhn danh tnh ca mt thc
th, chng hn mt ngi, mt my tnh cui trong mng, mt th
tn dng,... ;
- nhn thc mt thng bo : xc nhn ngun gc ca mt
thng bo c gi n ;
- ch k : mt cch gn kt mt thng tin vi mt thc th,
thng dng trong bi ton nhn thc mt thng bo cng nh
trong nhiu bi ton nhn thc khc ;
- y quyn : chuyn cho mt thc th khc quyn c i
din hoc c lm mt vic g ;
- cp chng ch : cp mt s xc nhn thng tin bi mt thc
th c tn nhim ;
- bo nhn : xc nhn mt thng bo c nhn hay mt
dch v c thc hin ;
- lm chng : kim th vic tn ti mt thng tin mt thc
th khc vi ngi ch s hu thng tin ;
- khng chi b c : ngn nga vic chi b trch nhim
i vi mt cam kt c (th d k vo mt vn bn) ;
- n danh : che giu danh tnh ca mt thc th tham gia
trong mt tin trnh no (thng dng trong giao dch tin in
t) ;
- thu hi : rt li mt giy chng ch hay y quyn cp;
- vn vn........
C s ca cc gii php cho cc bi ton k trn l cc phng php
mt m, c bit l mt m kha cng khai, ta s xem xt k mt vi
bi ton trong cc chng tip theo.


18
1.5. Thm m v tnh an ton ca cc h mt m.

1.5.1. Vn thm m.
Mt m c s dng trc ht l bo m tnh b mt cho
cc thng tin c trao i, v do bi ton quan trng nht ca
thm m cng l bi ton ph b tnh b mt , tc l t bn mt
m c th thu c d dng (trn cc knh truyn tin cng cng)
ngi thm m phi pht hin c ni dung thng tin b che giu
trong bn mt m , m tt nht l tm ra c bn r gc ca bn
mt m . Tnh hung thng gp l bn thn s h thng mt
m, k c cc php lp m v gii m (tc cc thut ton E v D ),
khng nht thit l b mt, do bi ton qui v vic tm cha kha
mt m K, hay cha kha gii m K'', nu h mt m c kha phi i
xng. Nh vy, ta c th qui c xem bi ton thm m c bn l bi
ton tm kha mt m K (hay kha gii m K''). gii bi ton ,
gi thit ngi thm m bit thng tin v s h mt m c
dng, k c cc php lp m v gii m tng qut E v D . Ngoi
ra, ngi thm m c th bit thm mt s thng tin khc, ty theo
nhng thng tin c bit thm ny m ta c th phn loi bi ton
thm m thnh cc bi ton c th nh sau:

- bi ton thm m ch bit bn m : l bi ton ph bin nht,
khi ngi thm m ch bit mt bn mt m Y;
- bi ton thm m khi bit c bn r : ngi thm m bit
mt bn mt m Y cng vi bn r tng ng X;
- bi ton thm m khi c bn r c chn : ngi thm m
c th chn mt bn r X, v bit bn mt m tng ng Y . iu
ny c th xy ra khi ngi thm m chim c (tm thi) my lp
m;
- bi ton thm m khi c bn m c chn : ngi thm m
c th chn mt bn mt m Y, v bit bn r tng ng X. iu ny
c th xy ra khi ngi thm m chim c tm thi my gii m.

1.5.2. Tnh an ton ca mt h mt m.


19
Tnh an ton ca mt h thng mt m ph thuc vo kh
khn ca bi ton thm m khi s dng h mt m . Ngi ta
xut mt s cch hiu cho khi nim an ton ca h thng mt
m, trn c s cc cch hiu nghin cu tnh an ton ca nhiu
h mt m khc nhau, sau y ta gii thiu vi cch hiu thng
dng nht:

- An ton v iu kin : gi thit ngi thm m c c
thng tin v bn m. Theo quan nim l thuyt thng tin, nu nhng
hiu bit v bn m khng thu hp c bt nh v bn r i
vi ngi thm m, th h mt m l an ton v iu kin, hay theo
thut ng ca C. Shannon, h l b mt hon ton. Nh vy, h l an
ton v iu kin, nu bt nh v bn r sau khi ngi thm m
c c cc thng tin (v bn m) bng bt nh v bn r trc
. Tnh an ton v iu kin c nghin cu cho mt s h mt
m kha i xng m ta s trnh by trong chng 3.
- An ton c chng minh : mt h thng mt m c xem
l c an ton c chng minh nu ta c th chng minh c l
bi ton thm m i vi h thng kh tng ng vi mt bi
ton kh bit, th d bi ton phn tch mt s nguyn thnh tch
cc tha s nguyn t, bi ton tm lgarit ri rc theo mt muyn
nguyn t, v.v... (kh tng ng c ngha l nu bi ton ny gii
c th bi ton kia cng gii c vi cng mt phc tp nh
nhau).
- An ton tnh ton : h mt m c xem l an ton (v mt)
tnh ton, nu mi phng php thm m bit u i hi mt
ngun nng lc tnh ton vt mi kh nng (k c phng tin
thit b) tnh ton ca mt k th gi nh. An ton theo ngha ny,
ni theo ngn ng ca l thuyt v phc tp tnh ton, l bao
hm c khi nim an ton theo nghia "c chng minh" ni trn.

Tnh an ton theo ngha c chng minh hay tnh ton c
s dng nhiu trong vic nghin cu cc h thng mt m hin i,
c bit l cc h thng mt m kha cng khai, ta s trnh by ring
cho tng h mt m c trnh by trong cc chng v sau. mc

20
1,4 ta gii thiu mt s bi ton v an ton thng tin ni chung.
Cc bi ton u c ht nhn l tnh an ton ca mt h mt m
no , cho nn vic nghin cu tnh an ton ca cc h mt m
cng gp phn gii quyt cc vn an ton thng tin k trn.

CHNG II

C s ton hc ca l
thuyt mt m

2.1. S hc cc s nguyn. Thut ton Euclide.
Ta k hiu Z l tp hp cc s nguyn, Z = {.....,-2,-1,0,1,2,....},
v Z
+
l tp hp cc s nguyn khng m, Z
+
= {0,1,2,.....}. Trong mc
ny ta s nhc li mt s kin thc v s hc ca cc s nguyn cn
cho vic trnh by l thuyt mt m. V tp gio trnh khng qu
di dng, cc kin thc s c nhc n ch yu l cc khi nim,
cc mnh s c s dng, v.v..., cn cc phn chng minh s
c lc b, bn c no mun tm hiu k hn c th tham kho
cc sch chuyn v S hc.

2.1.1. Tnh chia ht ca cc s nguyn.
Tp hp Z l ng kn i vi cc php cng, tr v nhn,
nhng khng ng kn i vi php chia: chia mt s nguyn cho
mt s nguyn khng phi bao gi cng c kt qu l mt s
nguyn! V vy, trng hp chia ht, tc khi chia s nguyn a cho s
nguyn b c thng l mt s nguyn q , a = b.q, c mt ngha
c bit. Khi , ta ni a chia ht cho b, b chia ht a, a l bi s ca b,
b l c s ca a, v k hiu l ba. D thy ngay rng s 1 l c

s ca mi s nguyn bt k, s 0 l bi s ca mi s nguyn bt
k, mi s nguyn a l c s, ng thi l bi s, ca chnh n.
Cho hai s nguyn bt k a v b , b > 1. Thc hin php chia a cho b
ta s c hai s q v r sao cho
a = b.q + r , 0 < r < b .
S q c gi l s thng ca php chia a cho b, k hiu a divb, v
s r c gi l s d ca php chia a cho b, k hiu a modb. Th
d: 25 div 7 = 3 v 25 mod 7 = 4, -25 div 7 = -4 v -25 mod 7 = 3.
Mt s nguyn d c gi l c s chung ca hai s nguyn a v b
nu d a v d b. S nguyn d c gi l c s chung ln nht
ca a v b nu d > 0, d l c s chung ca a v b, v mi c s
chung ca a v b u l c s ca d . Ta k hiu c s chung ln
nht ca a v b l gcd(a,b). Th d gcd(12,18) = 6, gcd(-18, 27) = 3.
D thy rng vi mi s nguyn dng a ta c gcd(a,0) = a , ta cng
s qui c xem rng gcd(0, 0) = 0.
Mt s nguyn a > 1 c gi l s nguyn t, nu a khng c c
s no ngoi 1 v chnh a ; v c gi l hp s , nu khng phi l
nguyn t. Th d cc s 2 ,3 , 5, 7 l s nguyn t; cc s 4, 6, 8, 10,
12, 14, 15 l hp s. Hai s a v b c gi l nguyn t vi nhau,
nu chng khng c c s chung no khc 1, tc l nu gcd(a,b) =
1. Mt s nguyn n > 1 bt k u c th vit di dng:

1 2
1 2
. ...
k
k
n p p p

=
trong p
1
, p
2
,..., p
k
l cc s nguyn t khc nhau,
1
,
2
,...,
k
l
cc s m nguyn dng. Nu khng k th t cc tha s nguyn
t, th dng biu din l duy nht, ta gi l dng khai trin
chnh tc ca n . Th d dng khai trin chnh tc ca 1800 l 2
3
3
2
5
2
.
Cc s nguyn t v cc vn v s nguyn t c mt vai tr quan
trng trong s hc v trong ng dng vo l thuyt mt m, ta s xt
ring trong mt mc sau.
nh l 2.1.1. Nu b > 0 v b a th gcd(a ,b) = b.
21

Nu a = bq + r th gcd(a,b) = gcd(b,r).
Mt s nguyn m c gi l bi s chung ca a v b nu a m v
bm. S m c gi l bi s chung b nht ca a v b , v c k
hiu l lcm(a ,b), nu m > 0, m l bi s chung ca a v b , v mi
bi s chung ca a v b u l bi ca m . Th d lcm(14,21) = 42.
Vi hai s nguyn dng a v b bt k ta c quan h
lcm(a,b).gcd(a,b) = a.b.
T nh l 2.1.1 ta suy ra thut ton sau y thc hin vic
tm c s chung ln nht ca hai s nguyn bt k:
Thut ton Euclide tm c s chung ln nht :
INPUT: hai s nguyn khng m a v b , vi a b .
OUTPUT: c s chung ln nht ca a v b.
1. Trong khi cn b > 0, thc hin:
1.1. t r a modb , a b , b r.
2. Cho ra kt qu (a).
Th d: Dng thut ton Euclide tm gcd( 4864, 3458), ta ln
lt c cc gi tr gn cho cc bin a, b v r nh sau:

22

4864 = 1. 3458 + 1406
3458 = 2. 1406 + 646
1406 = 2. 646 + 114
646 = 5. 114 + 76
114 = 1. 76 + 38
76 = 2. 38 + 0
a b r
4864
3458
1406
646
114
76
38
3458
1406
646
114
76
38
0

1406
646
114
76
38
0


23
V thut ton cho ta kt qu: gcd(4864, 3458) = 38.
Ta bit rng nu gcd(a,b) = d, th phng trnh bt nh
a.x + b.y = d
c nghim nguyn (x,y), v mt nghim nguyn (x,y) nh vy c th
tm c bi thut ton Euclide m rng nh sau:
Thut ton Euclide m rng :
INPUT: hai s nguyn khng m a v b vi a b.
OUTPUT: d = gcd(a,b) v hai s x,y sao cho a.x + b.y = d.
1. Nu b = 0 th t d a , x 1, y 0, v cho ra (d,x,y).
2. t x
2
= 1, x
1
= 0 , y
2
= 0 , y
1
= 1.
3. Trong khi cn b >

0, thc hin:
3.1. qa divb, r a modb , x x
2
qx
1
, y y
2
qy
1
.
3.2. a b, b r , x
2
x
1
, x
1
x , y
2
y
1
v y
1
y.
4. t d a, x x
2
, y y
2
, v cho ra kt qu (d,x,y).
Th d: Dng thut ton Euclide m rng cho cc s a = 4864 v b =
3458, ta ln lt c cc gi tr sau y cho cc bin a, b, q, r, x, y,
x
1
, x
2
, y
1
, y
2
(sau mi chu trnh thc hin hai lnh 3.1 v 3.2) :

a b
q
r x y
x
1
x
2
y
1
y
2
4864 3458 0 1 1 0
3458 1406 1 1406 1 -1 1 0 -1 1
1406 646 2 646 -2 3 -2 1 3 -1
646 114 2 114 5 -7 5 -2 -7 3
114 76 5 76 -27 38 -27 5 38 -7

24
76 38 1 38 32 -45 32 -27 -45 38
38 0 2 0 -91 128 -91 32 128 -45

Ta d th li rng sau mi ln thc hin chu trnh gm hai lnh 3.1
v 3.2, cc gi tr x,y,r thu c lun tho mn 4864.x + 3458.y = r ,
v do khi kt thc cc vng lp (ng vi gi tr b = 0), thc hin
tip lnh 4 ta c kt qu d = 38, x = 32 v y = -45, cp s (32,-45)
tho mn: 4864.32 + 3458. (-45) = 38.

2.1.2. ng d v phng trnh ng d tuyn tnh.
Cho n l mt s nguyn dng. Ta ni hai s nguyn a v b
l ng d vi nhau theo muyn n , v vit a b (modn ), nu n
ab (tc cng l nu a b chia ht cho n , hay khi chia a v b cho n
ta c cng mt s d nh nhau).
Th d: 23 8 (mod 5 ), v 23 8 = 5.3, -19 9 (mod 7) v -19 9
= -4 . 7.
Quan h ng d (theo mt muyn n ) trn tp hp cc s
nguyn c cc tnh cht phn x, i xng v bc cu,tc l mt
quan h tng ng, do n to ra mt phn hoch trn tp hp
tt c cc s nguyn Z thnh ra cc lp tng ng: hai s nguyn
thuc cng mt lp tng ng khi v ch khi chng cho cng mt
s d nu chia cho n. Mi lp tng ng nh vy c i din
bi mt s duy nht trong tp hp Z
n
= {0, 1, 2, 3,...., n -1}, l s d
chung khi chia cc s trong lp cho n. V vy, ta c th ng nht
Z
n
vi tp hp tt c cc lp tng ng cc s nguyn theo modn ;
trn tp ta c th xc nh cc php tnh cng, tr v nhn theo
modn.
Th d: Z
25
= {0, 1, 2, ..., 24}. Trong Z
25
, 15 + 14 = 4, v 15 + 14 = 29 =
4 (mod 25). Tng t, 15.14 = 10 trong Z
25
.

25
Cho a Z
n
. Mt s nguyn x Z
n
c gi l nghch o
ca a theo mod n , nu a.x 1 (modn). Nu c s x nh vy th ta
ni a l kh nghch, v k hiu x l a
-1
modn. Th d 22
-1
mod25 = 8,
v 22 .8 = 176 1 (mod25). T nh ngha ta c th suy ra rng a l
kh nghch theo modn khi v ch khi gcd(a,n ) = 1, tc l khi a v n
nguyn t vi nhau.
Ta nh ngha php chia trong Z
n
nh sau: a : b (mod n) = a.b
-
1
modn. Php chia ch thc hin c khi b l kh nghch theo
modn. Th d 15 : 22 (mod25) = 15.22
-1
mod 25 = 20.
By gi ta xt cc phng trnh ng d tuyn tnh.
Phng trnh ng d tuyn tnh c dng
a.x b (modn ), (1)
trong a, b, n l cc s nguyn, n > 0, x l n s. Phng trnh
c nghim khi v ch khi d = gcd(a,n )b, v khi n c ng d
nghim theo modn. Thc vy, t a

= a/d , b = b/d , n = n/d ,
ta thy phng trnh ng d (1) tng ng vi phng trnh
a .x b (modn ),
V gcd(a ,n ) = 1, nn phng trnh ny c mt nghim theo
modn :
x = x
0
b .a
-1
(modn ),
v do phng trnh (1) c d nghim theo modn l :
x = x
0
, x
0
+ n , .... , x
0
+ (d 1)n (modn).
Tt c d nghim khc nhau theo modn , nhng cng ng d vi
nhau theo modn .

By gi ta xt h thng cc phng trnh ng d tuyn tnh.
Mt h nh vy c th a v dng

1 1 1
2 2 2
(mod )
(mod )
........................
(mod )
k k k
x a n
x a n
x a n

(2)
Ta k hiu: n = n
1
.n
2
....n
k
, N
i
= n/n
i
. Ta c nh l sau y:
nh l 2.2.1 (nh l s d Trung quc). Gi s cc s
nguyn n
1
, n
2
,....,n
k
l tng cp nguyn t vi nhau. Khi , h
phng trnh ng d tuyn tnh (2) c mt nghim duy nht theo
modn.

Nghim duy nht ni trong nh l 2.2.1 c cho bi biu thc:
x =
1
. . mod ,
k
i i i
i
a N M n
=

trong M
i
= N
i
-1
modn
i
(c M
i
v N
i
v n
i
nguyn t vi nhau).
Th d: Cp phng trnh x 3 (mod7) v x 7 (mod13) c mt
nghim duy nht x 59 (mod91).
Nu (n
1
, n
2
) = 1, th cp phng trnh x a (modn
1
) v x a
(modn
2
) c nghim duy nht x a (modn) theo modn vi n = n
1
n
2
.
2.1.3.Thng d thu gn v phn t nguyn thu.
Tp Z
n
= { 0,1,2,..., n 1} thng c gi l tp cc thng d y
theo modn, v mi s nguyn bt k u c th tm c trong Z
n

mt s ng d vi mnh (theo modn ). Tp Z
n
l ng i vi cc
php tnh cng, tr v nhn theo modn , nhng khng ng i vi
php chia, v php chia cho a theo modn ch c th thc hin c
khi a v n nguyn t vi nhau, tc khi gcd( a ,n ) =1.
26

By gi ta xt tp Z
n

*
= { a Z
n
: gcd( a ,n ) = 1} , tc Z
n

*
l tp con
ca Z
n
bao gm tt c cc phn t nguyn t vi n. Ta gi tp l
tp cc thng d thu gn theo modn. Mi s nguyn nguyn t vi
n u c th tm thy trong Z
n

*
mt i din ng d vi mnh
theo modn . Ch rng nu p l mt s nguyn t th Z
p

*
= {1,2,...,p-
1}.
Tp Z
n

*
lp thnh mt nhm con i vi php nhn ca Z
n
, v trong
Z
n

*
php chia theo modn bao gi cng thc hin c, ta s gi Z
n

*

l nhm nhn ca Z
n
.
Theo i s hc, ta gi s cc phn t trong mt nhm l cp ca
nhm . Ta k hiu (n) l s cc s nguyn dng b hn n v
nguyn t vi n. Nh vy, nhm Z
n

*
c cp (n) , v nu p l s
nguyn t th nhm Z
p

*
c cp p -1.
Ta ni mt phn t g Z
n

*
c cp m , nu m l s nguyn dng b
nht sao cho g
m
=1 trong Z
n

*
. Theo mt nh l trong i s, ta c
m (n) . V vy, vi mi b Z
n

*
ta lun c b
(n )
1 modn .
Nu p l s nguyn t, th do (p) = p 1, ta c vi mi b Z
p

*
:
27
p (3)
1
1 (mod )
p
b

Nu b c cp p - 1, tc p - 1 l s m b nht tho mn cng thc (3),

th cc phn t b, b
2
,...., b
P-1
u khc nhau v theo modp, chng lp
thnh Z
p

*
. Theo thut ng i s, khi ta ni Z
p

*
l mt nhm
cyclic v b l mt phn t sinh, hay phn t nguyn thu ca nhm
. Trong l thuyt s, ngi ta chng minh c cc tnh cht
sau y ca cc phn t nguyn thu:
1. Vi mi s nguyn t p, Z
p

*
l nhm cyclic, v c (p-1) phn
t nguyn thu.
2. Nu
1 2
1 2
1 . ....
s
s
p p p p

= l khai trin chnh tc ca p -1, v
nu


1
1 1
1(mod ),....., 1(mod ),
s
p p
p p
a p a p


th a l phn t nguyn thu theo modp (tc ca Z
p

*
).
3. Nu g l phn t nguyn thu theo modp , th = g modp
vi mi i m gcd(i, p -1) = 1, cng l phn t nguyn thu theo
modp .
i
n
Ba tnh cht l c s gip ta tm cc phn t nguyn thu theo
modp , vi p l s nguyn t bt k. Ngoi ra, ta cng ch mt s
tnh cht sau y, c th c s dng nhiu trong cc chng sau:
a) Nu p l s nguyn t v gcd(a,p) =1, th a
p -1
1 (modp) (nh l
Fermat ).
b) Nu aZ
n
*
, th . Nu
th (nh l Euler).
( )
1(mod )
n
a

(mod ( )) r s n
(mod )
r s
a a n
2.1.4. Phng trnh ng d bc hai v thng d bc hai.
Ta xt phng trnh ng d bc hai c dng n gin sau y:

2
(mod ) x a n ,
trong n l mt s nguyn dng, a l s nguyn vi gcd(a,n) =1,
v x l n s. Phng trnh khng phi bao gi cng c nghim,
khi n c nghim th ta ni a l mt thng d bc hai modn ; nu
khng th ni a l mt bt thng d bc hai modn. Tp cc s
nguyn nguyn t vi n c phn hoch thnh hai tp con: tp Q
n

cc thng d bc hai modn , v tp
n
Q cc bt thng d modn.
Khi n = p l s nguyn t, ta c tiu chun Euler sau y: S a l
thng d bc hai modp nu v ch nu . Tiu
chun c chng minh nh sau:
( 1)/2
1(mod )
p
a p

Gi s c x sao cho
2
(mod ) x a p
p
, khi ta cng s c
.
( 1)/2 2 ( 1)/2 1
( ) 1(mod )
p p p
a x x


28

Ngc li, gi s . Khi . Ly b l mt
phn t nguyn thu modp , t c mt s i no sao cho
.T ,
( 1)/2
1(mod )
p
a p

*
p
a Z
mod
i
a b p =
29
p
( 1)/2 ( 1)/2
1(mod ).
p i p
a b


Phn t b c cp p - 1, do (p - 1) chia ht i(p - 1)/2, i phi l s
chn, i = 2j , v a c cn bc hai l b
j
modp.
Cho p l mt s nguyn t l. Vi mi a 0 ta nh ngha
k hiu Legendre
a
p

nh sau:

0, 0(mod );
1 , ;
1, .
p
p
khi a p
a
khi a Q
p
khi a Q

i i

T nh ngha ta suy ra ngay a l thng d bc ha modp kh v ch
khi
a
p

= 1. V theo tiu chun Euler ni trn, vi mi a 0, ta c:

( 1)/2
(mod ).
p
a
a p
p

By gi ta m rng k hiu Legendre c k hiu Jacobi i vi
mi s nguyn l n 1 v mi s nguyn a 0, cng c k hiu
bi
a
n

v c nh ngha nh sau: Gi s a c khai trin chnh tc
thnh tha s nguyn t l th
1 2
1 2
. ....
k
k
n p p p

=

1 2
1 2
. .... .
k
k
a a a a
n p p p

Khi n = p l s nguyn t th gi tr ca cc k hiu Legendre v
Jacobi l nh nhau. Vic tnh k hiu Legendre c th phc tp khi p
rt ln, trong khi vic tnh k hiu Jacobi c th thun li hn do c
th s dng cc tnh cht 1-4 sau y:
1. Nu , th
1 2
(mod ) m m n
1 2
m m
n n



=




.
2.
1, 1(mod8),
2
1, 3(mod8).
khi n
khi n n

3.
1 2 1 2
.
. .
m m m m
n n n



=

4. Nu m v n u l s l, th

, 3(mod4)& 3(mod4),
, 1(mod4) 1(mod4).
n
khi m n
m m
n n
khi m n
m

Th d: Dng cc tnh cht , ta tnh c:

4
3
7411 9283 1872 2 117
.
9283 7411 7411 7411 7411
117 7411 40 2 5
.
7411 117 117 117 117
5 117
117 5



= = = =







= = = =

2
1.
5

= =





9283 l mt s nguyn t. Do , gi tr -1 ca k hiu Jacobi
7411
9283

cng l gi tr ca cng k hiu Legendre , v ta kt lun

c rng 7411 l bt thng d bc hai mod 9283 , hay phng trnh

2
7411(mod9283) x
30

l v nghim.
By gi ta xt vic gii phng trnh ng d bc hai

2
(mod ) x a n
p
(4)
trong mt trng hp c bit khi n = p l s nguyn t c dng p
= 4m +3, tc p ng d vi 3 theo mod4, v a l mt s nguyn
nguyn t vi p. Theo tiu chun Euler ta bit phng trnh (4) c
nghim khi v ch khi . Khi ta c:
( 1)/2
1(mod )
p
a

1
1
2
2( 1)
(mod ),
(mod ),
p
m
a a
a a

+
+

p
p

do x a
m +1

(modp) l hai nghim ca phng trnh (4).
2.2. Xc sut v thut ton xc sut.
2.2.1. Khi nim xc sut.
Ta xt mt tp hp , c gi l khng gian cc s kin s cp
(hay khng gian mu). Cc phn t ca , tc cc s kin s cp hay
cc mu, c th c xem nh cc kt qu c th c (v loi tr ln
nhau) ca mt thc nghim no . V sau ta ch xt cc khng gian
ri rc, tc tp l hu hn, gi s . { }
1 2
, ,...,
n
s s s =
Mt phn b xc sut P trn c nh ngha l mt tp cc s
thc khng m P = { p
1
, p
2
,...,p
n
} c tng p
i
= 1. S p
i
c coi l
xc sut ca s kin s cp s
i
.
Mt tp con E c gi l mt s kin . Xc sut ca s kin E
c nh ngha bi p (E ) = ( )
s E
p s

.
Gi s E l mt s kin trong khng gian xc sut . Ta nh ngha
s kin b ca E, k hiu E , l s kin gm tt c cc s kin s cp
31

trong m khng thuc E . Dng cc thut ng ca l thuyt tp
hp, ta c th nh ngha ccs kin hp E
1
E
2
v s kin giao E
1
E
2
ca hai s kin E
1
v E
2
bt k. V ta c:

1) Gi s E l mt s kin. Khi 0 p (E ) 1 v p( E ) = 1 - p (E ).
Ngoi ra, p () = 1 v p () = 0.
2) Gi s E
1
v E
2
l hai s kin. Nu E
1
E
2
th p (E
1
) p (E
2
) .
V c p (E
1
E
2
) + p (E
1
E
2
) =p (E
1
) + p (E
2
) . Do p (E
1
E
2
) =p
(E
1
) + p (E
2
) khi v ch khi E
1
E
2
= , tc l khi E
1
v E
2
l hai s
kin loi tr ln nhau.
Cho E
1
v E
2
l hai s kin, vi p (E
2
) > 0. Ta nh ngha xc su c
iu kin ca E
t
1
khi c E
2
, k hiu
(
1 2
p E E
)
, l

1 2
1 2
2
( )
( )
( )
p E E
p E E
p E
.

=
T nh ngha ta suy ra cng thc Bayes :

( )
( ) ( )
( )
1 2 1
1 2
2
.
.
p E p E E
p E E
p E
= .
Ta ni hai s kin E
1
v E
2
l c lp vi nhau, nu p (E
1
E
2
) =
p(E
1
).p(E
2
). Khi ta c:
( ) ( )
1 2 1
p E E p E = v
2 1 2
( ) ( ). p E E p E =
Gi s l mt khng gian mu vi mt phn b xc sut P . Ta gi
mt i lng ngu nhin trn l mt nh x gn cho mi s
mt s thc (s ). Hin nhin, nu v l cc i lng ngu
nhin trn , th + , . c nh ngha bi :
32

s : (+ ) (s ) = (s) + (s ) , (. ) (s) = (s). (s).
cng l cc i lng ngu nhin trn .
Gi s l mt i lng ngu nhin trn khng gian mu . iu
c ngha l vi mi s , ly gi tr bng (s ) vi xc sut p(s).
Ta nh ngha gi tr k vng (hay trung bnh, hay k vng ton
hc) ca l
33
p s . ( ) ( ). ( )
s
E s

Phng sai ca i lng ngu nhin c gi tr trung bnh c

nh ngha l Var ( ) = E (( )
2
).
Cn bc hai khng m ca Var ( )c gi l lch chun ca .

2.2.2. Tnh b mt hon ton ca mt h mt m.
Nm 1949, C. Shannon cng b cng trnh L thuyt truyn
thng ca cc h b mt , a ra nhiu quan nim lm c s cho vic
nh gi tnh b mt ca cc h mt m, trong c khi nim tnh
b mt hon ton ca mt h mt m c nh ngha nh sau: Cho
h mt m S = (P , C , K , E , D ) . Gi th trn cc tp P , C v K c
xc nh tng ng cc phn b xc sut p
P
(.), p
C
(.) v p
K
(.). Nh
vy, vi mi x P , y C v K K , p
P
(x), p
C
(y) v p
K
(K) tng ng
l cc xc sut k t bn r l x, k t bn m l y v kho l K.
Xc sut c iu kin, chng hn, xc sut ca vic bn r l x khi
bn m l y, c k hiu l p
P
(xy). Mt h mt m c gi l b
mt hon ton, nu vi mi x P , y C c p
P
(xy) = p
P
(x). iu
c ngha l vic bit xc sut bn r l x l nh nhau d bit hay
khng bit bn m l y ; ni cch khc, c thng tin v bn m

khng cho ta bit g thm v bn r; bn r v bn m, vi t cch
cc bin ngu nhin, l c lp vi nhau. Ta c nh l sau y:
nh l 2.2.1. Gi s S = (P , C , K , E , D ) l mt h mt m vi
iu kin P = C = K , tc cc tp P , C , K c s cc phn t bng
nhau. Khi , h l b mt hon ton nu v ch nu mi kho K K
c dng vi xc sut bng nhau l 1/K , v vi mi x P , y C
c mt kho duy nht K K sao cho e
K
(x ) = y.
Chng minh. a) Gi th h S l b mt hon ton. Khi , vi mi x
P v y C c p
P
(xy) = p
P
(x). Ngoi ra ta c th gi thit p
C
(y) > 0
vi mi y C . T theo cng thc Bayes ta c p
C
(yx ) = p
C
(y) > 0 .
iu c ngha l c t nht mt kho K sao cho e
K
(x ) = y . V vy,
nu c nh mt x P th ta c
C = { e
K
(x ): K K } K .
Theo gi thit ca nh l, C = K , do
{ e
K
(x ): K K } = K .
Nhng iu ny li c ngha l khng th c hai kho K
1
K
2
sao
cho Vy ta chng minh c vi mi x P v y C
c ng mt kho K sao cho e
1 2
( ) ( ).
K K
e x e x =
K
(x ) = y .
K hiu n = K v t K = {K
1
,..., K
n
}. C nh mt y C v gi th
vi P = {x ( )
i
K i
e x y =
1
,....., x
n
}, 1 i n. Dng cng thc Bayes ta li
c

( ). ( )
( ). ( )
( )
( ) ( )
C i P i
.
K i P i
P i
C C
p y x p x
p K p x
p x y
p y p y
= =
34

Do gi thit h l b mt hon ton, ta c p
P
(x
i
y) = p
P
(x
i
). T suy
ra vi mi i , 1 i n, p
K
(K
i
) = p
C
(y). Vy cc p
K
(K
i
) (1 i n )
u bng nhau, v do u bng 1/K .
b) By gi ta chng minh iu ngc li. Gi thit p
K
(K) = 1/K vi
mi K K , v vi mi x P , y C c ng mt kho KK sao cho
e
K
(x ) = y . Ta tnh:

1
( ) ( ). ( ( )) ( ( ))
1
( ( )).
C K P K P K
K K
P K
K
p y p K p d y p d y
p d y

= = =
=

K K
K
K
K

Khi K chy qua tp kho K th d
K
(y ) chy qua tp P , do
( ( )) ( ) 1
P K P
K x
p d y p x

, = =

K P

v ta c p
C
(y ) = 1/K vi mi y C .
Mt khc, gi K l kho duy nht m e
K
(x ) = y , ta c
p
C
(y x) = p
K
(K) = 1/K .
Dng cng thc Bayes ta li c vi mi x P , y C :

( ). ( ) ( ).1/
( ) ( )
( ) 1/
P C P
P P
C
p x p y x p x
p x y p x
p y
= = =
K
K
.
Vy h l b mt hon ton. nh l c chng minh.
2.2.3. Thut ton xc sut:
35

36
Khi nim thut ton m ta thng hiu l thut ton tt nh,
l mt tin trnh thc hin cc php ton trn d liu u vo v
cho kt qu u ra. Theo D.E. Knuth, thut ton c 5 thuc tnh c
bn: tnh hu hn, thut ton lun kt thc sau mt s hu hn
bc; tnh xc nh, mi bc ca thut ton phi c xc nh
mt cch chnh xc; tp hp u vo v u ra ca mi thut ton
cng c xc nh r rng; v tnh hiu qu, mi php ton trong
thut ton phi l c bn, c th c thc hin chnh xc trong mt
thi gian xc nh. Thut ton l khi nim c bn i vi vic lp
trnh trn my tnh, v c s dng rt ph bin. Nhng nh ta
bit, i vi nhiu bi ton trong thc t, khng phi bao gi ta cng
tm c thut ton gii chng vi phc tp tnh ton chp nhn
c (ta s xt qua vn ny trong mt tit sau). V vy, cng vi
cc thut ton tt nh, i vi mt s bi ton ta s xt thm cc
thut ton xc sut, l nhng thut ton m cng vi d liu u
vo ta b sung thm gi tr ca mt i lng ngu nhin tng ng
no , thng l cc s ngu nhin.
Cc thut ton xc sut thng c xy dng cho cc bi ton
quyt nh, tc cc bi ton xc nh trn mt tp hp d liu sao
cho ng vi mi d liu bi ton c mt tr li c hoc khng .
Ngi ta chia cc thut ton xc sut thnh hai loi: loi thut ton
Monte Carlo v loi thut ton Las Vegas . Thut ton Monte Carlo
lun kt thc vi kt qu c hoc khng i vi mi d liu u vo
bt k; cn thut ton Las Vegas tuy cng kt thc vi mi d liu,
nhng c th kt thc vi mt thng bo khng c tr li c hoc
khng. Thut ton Monte Carlo c gi l thin v c, nu n cho
tr li c th tr li chc chn l ng, cn nu n cho tr li
khng th tr li c th sai vi mt xc sut no . Tng t,
mt thut ton Monte Carlo c gi l thin v khng, nu n cho
tr li khng th tr li chc chn l ng, cn nu n cho tr li
c th tr li c th sai vi mt xc sut no . Cn vi thut
ton Las Vegas, nu n kt thc vi tr li c hoc khng , th tr li
chc chn ng, v n c th kt thc vi thng bo khng c tr

37
li vi mt xc sut no . Trong tit 2.8 sau y ta s cho vi th
d c th v mt s thut ton xc sut thuc c hai loi .
2.3. phc tp tnh ton.
2.3.1. Khi nim v phc tp tnh ton.
L thuyt thut ton v cc hm s tnh c ra i t
nhng nm 30 ca th k 20 t nn mng cho vic nghin cu
cc vn tnh c, gii c trong ton hc, a n nhiu
kt qu rt quan trng v l th. Nhng t ci tnh c mt cch
tru tng, hiu theo ngha tim nng,n vic tnh c trong thc
t ca khoa hc tnh ton bng my tnh in t, l c mt khong
cch rt ln. Bit bao nhiu th c chng minh l tnh c mt
cch tim nng, nhng khng tnh c trong thc t, d c s h
tr ca nhng my tnh in t ! Vn l do ch nhng i hi
v khng gian vt cht v v thi gian thc hin cc tin trnh
tnh ton nhiu khi vt qu xa nhng kh nng thc t. T , vo
khong gia nhng nm 60 (ca th k trc), mt l thuyt v
phc tp tnh ton bt u c hnh thnh v pht trin nhanh
chng, cung cp cho chng ta nhiu hiu bit su sc v bn cht
phc tp ca cc thut ton v cc bi ton, c nhng bi ton thun
tu l thuyt n nhng bi ton thng gp trong thc t. Sau y
ta gii thiu s lc mt s khi nim c bn v vi kt qu s c
dng n ca l thuyt .
Trc ht, ta hiu phc tp tnh ton (v khng gian hay v thi
gian) ca mt tin trnh tnh ton l s nh c dng hay s cc
php ton s cp c thc hin trong tin trnh tnh ton .
D liu u vo i vi mt thut ton thng c biu din qua
cc t trong mt bng k t no . di ca mt t l s k t
trong t .

38
Cho mt thut ton A trn bng k t (tc c u vo l cc t
trong ) . phc tp tnh ton ca thut ton A c hiu l mt
hm s f
A
(n ) sao cho vi mi s n , f
A
(n ) l s nh, hay s php
ton s cp ti a m A cn thc hin tin trnh tnh ton ca
mnh trn cc d liu vo c di n . Ta ni thut ton A c
phc tp thi gian a thc , nu c mt a thc P (n ) sao cho vi
mi n ln ta c f
A
(n) P(n ), trong f
A
(n ) l phc tp tnh
ton theo thi gian ca A.
V sau khi ni n cc bi ton, ta hiu l cc bi ton quyt nh
, mi bi ton P nh vy c xc nh bi:
- mt tp cc d liu vo I (trong mt bng k t no ),
- mt cu hi Q trn cc d liu vo, sao cho vi mi d liu
vo x I , cu hi Q c mt tr li ng hoc sai.
Ta ni bi ton quyt nh P l gii c , nu c thut ton
gii n, tc l thut ton lm vic c kt thc trn mi d liu vo
ca bi ton, v cho kt qu ng hoc sai tu theo cu hi Q trn
d liu c tr li ng hoc sai. Bi ton P l gii c trong thi
gian a thc , nu c thut ton gii n vi phc tp thi gian a
thc. Sau y l vi th d v cc bi ton quyt nh:
Bi ton SATISFIABILITY (vit tt l SAT ):
- mi d liu vo l mt cng thc F ca lgich mnh ,
c vit di dng hi chun tc, tc dng hi ca mt s cc
clause.
- Cu hi l: cng thc F c tho c hay khng ?
Bi ton CLIQUE :
- mi d liu vo l mt graph G v mt s nguyn k .
- Cu hi l: Graph G c mt clique vi k nh hay khng ?
(mt clique ca G l mt graph con y ca G ).
Bi ton KNAPSACK :

- mi d liu l mt b n +1 s nguyn dng I = (s
1
,...,s
n
; T ).
- Cu hi l: c hay khng mt vect Boole (x
1
,...,x
n
) sao cho

1
. ?
n
i i
i
x s T
=
=

(vect boole l vect c cc thnh phn l 0 hoc 1).
Bi ton thng d bc hai :
- mi d liu gm hai s nguyn dng (a , n ).
- Cu hi l: a c l thng d bc hai theo modn hay khng ?
Bi ton hp s :
- mi d liu l mt s nguyn dng N.
- Cu hi: N l hp s hay khng ? Tc c hay khng hai s
m, n >1 sao cho N =m . n ?
Tng t, nu t cu hi l N l s nguyn t hay khng? th ta
c bi ton s nguyn t .
i vi tt c cc bi ton k trn, tr bi ton hp s v s
nguyn t, cho n nay ngi ta u cha tm c thut ton gii
chng trong thi gian a thc.

2.3.2. Lp phc tp.
Ta xt mt vi lp cc bi ton c xc nh theo phc
tp tnh ton ca chng. Trc ht, ta nh ngha P l lp tt c cc
bi ton c th gii c bi thut ton trong thi gian a thc.
Gi s cho hai bi ton P
1
v P
2
vi cc tp d liu trong hai bng k
t tng ng l
1
v
2
. Mt thut ton c gi l
mt php qui dn bi ton P
*
1
: f
*
2
1
v bi ton P
2
, nu n bin mi d
liu x ca bi ton P
1
thnh mt d liu f (x ) ca bi ton P
2
, v sao
cho cu hi ca P
1
trn x c tr li ng khi v ch khi cu hi ca P
2

trn f (x ) cng c tr li ng. Ta ni bi ton P
1
qui dn c v
bi ton P
2
trong thi gian a thc , v k hiu P
1
P
2
, nu c thut
ton f vi phc tp thi gian a thc qui dn bi ton P
1
v bi
ton P
2
.Ta d thy rng, nu P
1
P
2
v P
2
P , th cng c P
1
P .
Mt lp quan trng cc bi ton c nghin cu nhiu l
lp cc bi ton kh thng gp trong thc t nhng cho n nay
39

40
cha c kh nng no chng t l chng c th gii c trong thi
gian a thc. l lp cc bi ton NP-dy m ta s nh ngha
sau y:
Cng vi khi nim thut ton tt nh thng thng (c th
m t chnh xc chng hn bi my Turing tt nh), ta xt khi
nim thut ton khng n nh vi mt t thay i nh sau: nu
i vi my Turing tt nh, khi my ang mt trng thi q v
ang c mt k t a th cp (q,a ) xc nh duy nht mt hnh
ng k tip ca my, cn i vi my Turing khng n nh, ta
qui c rng (q,a) xc nh khng phi duy nht m l mt tp hu
hn cc hnh ng k tip; my c th thc hin trong bc k tip
mt trong cc hnh ng . Nh vy, i vi mt d liu vo x ,
mt thut ton khng n nh (c xc nh chng hn bi mt
my Turing khng n nh) khng phi ch c mt tin trnh tnh
ton duy nht, m c th c mt s hu hn nhng tin trnh tnh
ton khc nhau. Ta ni thut ton khng n nh A chp nhn d
liu x , nu vi d liu vo x thut ton A c t nht mt tin trnh
tnh ton kt thc trng thi chp nhn (tc vi kt qu ng).
Mt bi ton P c gi l gii c bi thut ton khng n nh
trong thi gian a thc nu c mt thut ton khng n nh A
v mt a thc p(n ) sao cho vi mi d liu vo x c di n , x P
(tc cu hi ca P c tr li ng trn x ) khi v ch khi thut ton A
chp nhn x bi mt tin trnh tnh ton c phc tp thi gian
p(n ). Ta k hiu lp tt c cc bi ton gii c bi thut ton
khng n nh trong thi gian a thc l NP.
Ngi ta chng t c rng tt c nhng bi ton trong
cc th d k trn v rt nhiu cc bi ton t hp thng gp khc
u thuc lp NP, d rng hu ht chng u cha c chng t
l thuc P. Mt bi ton P c gi l NP.-y , nu P NP v
vi mi Q NP u c Q P .
Lp NP c mt s tnh cht sau y:

41
1) P NP,
2) Nu P
1
P
2
v P
2
NP , th P
1
NP .
3) Nu P
1
,P
2
NP , P
1
P
2
, v P
1
l NP-y , th P
2
cng
l NP -y .
4) Nu c P sao cho P l NP-y v P P , th P = NP.
T cc tnh cht ta c th xem rng trong lp NP , P l lp
con cc bi ton d nht, cn cc bi ton NP-y l cc bi
ton kh nht; nu c t nht mt bi ton NP-y c
chng minh l thuc P , th lp tc suy ra P = NP , d rng cho n
nay tuy c rt nhiu c gng nhng ton hc vn cha tm c
con ng no hy vng i n gii quyt vn [P = NP ?], thm
ch vn cn c xem l mt trong 7 vn kh nht ca ton
hc trong thin nin k mi!

2.3.3. Hm mt pha v ca sp mt pha.
Khi nim phc tp tnh ton cung cp cho ta mt cch
tip cn mi i vi vn b mt trong cc vn bo mt v an
ton thng tin. D ngy nay ta c nhng my tnh in t c tc
tnh ton c hng t php tnh mt giy ng h, nhng vi
nhng thut ton c phc tp tnh ton c f (n ) = 2
n
, th ngay vi
nhng d liu c di khong n = 1000, vic thc hin cc thut
ton khng th xem l kh thi, v n i hi thc hin khong
10
300
php tnh! Nh vy, mt gii php mt m chng hn c th
xem l c bo mt cao, nu gii m cn phi thc hin mt
tin trnh tnh ton c phc tp rt ln. Do , vic pht hin v
s dng cc hm s c phc tp tnh ton rt ln l c ngha ht
sc quan trng i vi vic xy dng cc gii php v mt m v an
ton thng tin.
Hm s s hc y = f (x ) c gi l hm mt pha (one-way
function), nu vic tnh thun t x ra y l d, nhng vic tnh

ngc t y tm li x l rt kh, y cc tnh t d v kh
khng c cc nh ngha chnh xc m c hiu mt cch thc
hnh, ta c th hiu chng hn d l tnh c trong thi gian a
thc (vi a thc bc thp), cn kh l khng tnh c trong thi
gian a thc! Thc t th cho n hin nay, vic tm v chng minh
mt hm s no l khng tnh c trong thi gian a thc cn l
vic rt kh khn, cho nn kh thng khi ch c hiu mt cch
n gin l cha tm c thut ton tnh n trong thi gian a
thc! Vi cch hiu tng i nh vy v d v kh, ngi ta
a ra mt s th d sau y v cc hm mt pha:
Th d 1. Cho p l mt s nguyn t, v l mt phn t nguyn
thu modp. Hm s y =
x
modp (t
*
p
Z vo
*
p
Z ) l mt hm mt
pha, v hm ngc ca n, tnh t y tm x m ta k hiu
log ( ) x y

= , l mt hm c phc tp tnh ton rt ln.

Th d 2. Cho n =p.q l tch ca hai s nguyn t ln. Hm s y = x
2
modn (t Z
n
vo Z
n
) cng c xem l mt hm mt pha.
Th d 3. Cho n =p.q l tch ca hai s nguyn t ln, v a l mt s
nguyn sao cho gcd(a , (n)) =1. Hm s y = x
a
modn (t Z
n
vo Z
n

) cng l mt hm mt pha, nu gi thit l bit n nhng khng bit
p,q .
Hm y = f (x ) c gi l hm ca sp mt pha (trapdoor
one-way function), nu vic tnh thun t x ra y l d, vic tnh
ngc t y tm li x l rt kh, nhng c mt ca sp z vi s
tr gip ca ca sp z th vic tnh x t y v z li tr thnh d.
Th d 4 (tip tc th d 3). Hm s y = x
a
modn khi bit p v q l
hm ca sp mt pha. T x tnh y l d, t y tm x (nu ch bit n , a
) l rt kh, nhng v bit p v q nn bit (n) = (p -1)(q -1), v dng
thut ton Euclide m rng tm c b sao cho a.b 1 (mod(n)) ,
t d tnh c x = y
b
modn . y, c th xem b l ca sp.
42

2.4. S nguyn t. Phn tch thnh tha s. Logarit ri
rc.
Trong tit ny ta s xt ba bi ton c vai tr quan trng trong
l thuyt mt m, l ba bi ton: th tnh nguyn t ca mt s
nguyn, phn tch mt s nguyn thnh tch ca cc tha s nguyn
t, v tnh logarit ri rc ca mt s theo mt muyn nguyn t.
2.4.1. Th tnh nguyn t ca mt s.
Bi ton t ra rt n gin: Cho mt s nguyn dng n bt
k. Hy th xem n c l s nguyn t hay khng? Bi ton c t
ra t nhng bui u ca s hc, v tri qua hn 2000 nm n nay
vn l mt bi ton cha c c nhng cch gii d dng. Bng
nhng phng php n gin nh phng php sng Euratosthne,
t rt sm ngi ta xy dng c cc bng s nguyn t u
tin, ri tip tc bng nhiu phng php khc tm thm c nhiu
s nguyn t ln. Tuy nhin, ch n giai on hin nay ca l
thuyt mt m hin i, nhu cu s dng cc s nguyn t v th
tnh nguyn t ca cc s mi tr thnh mt nhu cu to ln v ph
bin, i hi nhiu phng php mi c hiu qu hn. Trong mc
ny ta s lc qua vi tnh cht ca s nguyn t, sau gii thiu
mt vi phng php th tnh nguyn t ca mt s nguyn bt k.
Ta bit mt s tnh cht sau y ca cc s nguyn t v hp s
(trong cc pht biu di y, k hiu A ch cho s phn t ca tp
hp A ):
1. Tiu chun Euler-Solovay-Strassen:
a) Nu n l s nguyn t, th vi mi s nguyn dng a [ n -1:

( 1)/ 2
mod
n
a
a n
n

.
b) Nu n l hp s , th
43


( 1)/2
1
:1 1, mod .
2
n
a n
a a n a n
n

2. Tiu chun Solovay-Strassen-Lehmann :
a) Nu n l s nguyn t, th vi mi s nguyn dng a [ n -1:

( 1)/2
1(mod ).
n
a n

b) Nu n l hp s, th

{ }
( 1)/2
1
:1 1, 1mod .
2
n
n
a a n a n

3. Tiu chun Miller-Rabin :
a) Cho n l s nguyn l, ta vit n - 1 = 2
e
.u, vi u l s l. Nu n l
s nguyn t, th vi mi s nguyn dng a [ n -1:

2 .
( 1mod ) ( 1mod
k
u u
a n k e a < ). n
b) Nu n l hp s, th

{ }
2 .
1
:1 1,( 1mod ) ( 1mod )
4
k
u u
n
a a n a n k e a n

< .
Cc tiu chun k trn l c s ta xy dng cc thut ton xc
sut kiu Monte-Carlo th tnh nguyn t (hay hp s) ca cc s
nguyn. Chng hn, t tiu chun th nht ta c thut ton Euler-
Solovay-Strassen sau y:
D liu vo: s nguyn dng n v t s ngu nhin a
1
,...,a
t

(1[a
i
[n -1),
1. for i = 1 to t do
2. if
( 1)/2
mod
n i
i
a
a n
n

, then
3. answer n l s nguyn t
4. else
5. answer n l hp s and quit
44

Thut ton ny nu cho tr li n l hp s th ng n l hp s,
nhng nu n cho tr li n l s nguyn t th tr li c th sai
vi mt xc sut no . Nh vy, thut ton l mt thut ton
xc sut Monte-Carlo thin v c nu xem n l thut ton th tnh
l hp s ; cn n l mt thut ton xc sut thin v khng nu
xem n l thut ton th tnh nguyn t ca cc s nguyn.
Tng t nh vy, da vo cc tiu chun 2 v 3 ta cng c
th xy dng cc thut ton xc sut Solovay-Strassen-Lehmann v
Miller-Rabin kiu Monte-Carlo th tnh nguyn t (hay l hp s)
ca cc s nguyn. Hai thut ton ch khc thut ton Euler-
Solovay-Strassen k trn ch cng thc trong hng lnh th 2 cn
c thay tng ng bi

( 1)/2
1mod
n
a n

hay
45
n
trong u v e c xc nh bi: n - 1 = 2
2 .
( 1mod ) ( 1mod )
k
u u
a n k e a <
e
.u , u l s l.
Xc sut sai lm khi nhn c kt qu n l s nguyn t
trong cc thut ton c tnh nh sau: Gi s n l mt s l
trong khong N v 2N , tc N <n < 2N . Gi A l s kin n l hp
s , v B l s kin thut ton cho kt qu tr li n l s nguyn t
. Ta phi tnh xc sut =p (A B). Theo tnh cht b) ca tiu chun
Euler-Solovay-Strassen, nu n l hp s, th s kin

( 1)/2
mod
n
a
a n
n

i vi mi a ngu nhin (1[a [n - 1) c xc sut [ 1/2, v vy ta c
( )
1
.
2
t
p B A
Theo cng thc Bayes ta c

( )
( ) ( )
( ) ( )
. ( ) . ( )
.
( ) . ( ) . ( )
p B A p A p B A p A
p A B
p B p B A p A p B A p A
= =
+

Theo nh l v s nguyn t, s cc s nguyn t gia N v 2N
xp x ,
ln ln
N n
N n
s cc s l l ,
2 2
N n
do
2
( ) ,
ln
p A
n
v
2
( ) 1 .
ln
p A
n
D nhin ta c
( )
1. p B A = Thay cc gi tr vo
cng thc trn, ta c
( )
1
2
2 (1 )
ln 2
ln
2 2
ln 2 2
2 (1 )
ln ln
t
t
t
n
n
p A B
n
n n

=
+
+
. (5)
nh gi cng ng i vi thut ton Solovay-Strassen-
Lehmann, cn i vi thut ton Miler-Rabin th ta c mt nh
gi tt hn, c th l
( )
2 1
ln 2
.
ln 2 2
t
n
p A B
n
+

=
+
(6)
Ch rng khi t =50 th i lng v phi ca (5) , v
v phi ca (6) ; do nu chn cho d liu vo thm
khong 50 s ngu nhin a
13
10

28
10

i
th cc thut ton Euler-Solovay-
Strassen v Solovay-Strassen-Lehmann s th cho ta mt s l
nguyn t vi xc sut sai lm [ 10
-13
v thut ton Miller-Rabin vi
xc sut sai lm [ 10
-28
!
Ta c th tnh c rng phc tp tnh ton v thi gian
ca cc thut ton xc sut k trn l vo c a thc ca logn , tc l
a thc ca i biu din ca d liu vo (l s n ), tuy nhin cc
thut ton ch cho ta th tnh nguyn t ca mt s vi mt xc
sut sai lm no , d l rt b. Trong nhiu ng dng, ta mun
c c nhng s nguyn t vi chc chn 100% l s nguyn t.
Do , d c cc thut ton xc sut nh trn, ngi ta vn
khng ngng tm kim nhng thut ton tt nh th tnh
nguyn t vi chnh xc tuyt i. Trong my chc nm gn y,
46

mt s thut ton c xut, trong c nhng thut ton
c sc nh thut ton th tng Jacobi, c pht hin bi Adleman,
Pomerance v Rumely, sau c n gin ho bi Cohen v
Lenstra; thut ton th bng ng cong elliptic, c xut bi
Goldwasser, Kilian, Adleman v Huang, c tip tc hon thin
bi Atkin v Morain, cc thut ton ny c dng tm nhiu
s nguyn t rt ln, th d dng thut ton Atkin-Morain chng
t c s (2
3539
+ 1)/3 c 1065 ch s thp phn l s nguyn t. Gn
y, vo thng 8/2002, cc nh ton hc n Agrawal, Kayal v
Saxena a ra mt thut ton tt nh mi th tnh nguyn t c
phc tp tnh ton thi gian a thc kh n gin, thut ton
c m t nh sau:
Thut ton Agrawal-Kayal-Saxena:
Input: integer n > 1
1. if (n is of the form a
b
, b > 1 ) ouput COMPOSITE;
2. r =2;
3. while (r < n ) {
4. if (gcd(n , r ) 1) ouput COMPOSITE;
5. if (r is prime )
6. let q be the largest prime factor of r - 1;
7. if ( 4 log ) q r n and
1 r
( 1(mod ))
q
n r
8. break;
9. r r + 1;
10. }
11. for a = 1 to 2 log r n
12. if (( ) ( )(mod 1, ))
n n r
x a x a x n ouput
COMPOSITE;
13. output PRIME;
47

48
Thut ton ny c mt s nh ton hc kim nghim ,
nh gi cao v xem l mt thut ton p, c th dng cho vic
kim th tnh nguyn t ca cc s nguyn.
Trong thc tin xy dng cc gii php mt m, thng c
nhu cu c cc s nguyn t rt ln. tm c cc s nh vy,
ngi ta thng chn ngu nhin mt s rt ln, ri dng trc cho
n mt thut ton xc sut chng hn nh thut ton Miller-Rabin;
nu thut ton cho ta kt qu l s nguyn t vi mt xc sut sai
no , th sau ta dng tip mt thut ton tt nh (chng hn
nh thut ton trn y) bo m chc chn 100% rng s l
s nguyn t. Thut ton Agrawal-Kayal-Saxena trn y c
chng t l c phc tp thi gian a thc c O((logn)
12
) khi th
trn s n ; v nu s nguyn t c th c dng Sophie Germain,
tc dng 2p +1, th phc tp thi gian s ch l c O((logn)
6
).

2.4.2. Phn tch thnh tha s nguyn t.
Bi ton phn tch mt s nguyn > 1 thnh tha s nguyn t
cng c xem l mt bi ton kh thng c s dng trong l
thuyt mt m. Bit mt s n l hp s th vic phn tch n thnh
tha s mi l c ngha; do thng khi gii bi ton phn tch
n thnh tha s, ta th trc n c l hp s hay khng (chng hn
bng mt trong cc thut ton mc trc); v bi ton phn tch n
thnh tha s c th dn v bi ton tm mt c s ca n, v khi
bit mt c s d ca n th tin trnh phn tch n c tip tc thc
hin bng cch phn tch d v n/d.
Bi ton phn tch thnh tha s, hay bi ton tm c s ca mt
s nguyn cho trc, c nghin cu nhiu, nhng cng cha
c mt thut ton hiu qu no gii n trong trng hp tng
qut; do ngi ta c khuynh hng tm thut ton gii n trong
nhng trng hp c bit, chng hn khi n c mt c s nguyn
t p vi
p -1 l B-mn vi mt cn B >0 no , hoc khi n l s Blum, tc l
s c dng tch ca hai s nguyn t ln no (n =p.q ).

Ta xt trng hp th nht vi (p -1)-thut tan Pollard nh sau:
Mt s nguyn n c gi l B-mn, nu tt c cc c s nguyn t
ca n u B. chnh cha trong (p-1)- thut ton Pollard l nh
sau: Gi s n l B-mn. K hiu Q l bi chung b nht ca tt c cc
lu tha ca cc s nguyn t B m bn thn chng n. Nu q
l

n th l lnq lnn , tc
ln
ln
n
l
q

( x


l s nguyn b nht ln hn x ).
Ta c

ln /ln
,
n q
q B
Q q

trong tch ly theo tt c cc s nguyn t khc nhau q B . Nu
p l mt tha s nguyn t ca n sao cho p -1 l B-mn, th p -1Q, v
do vi mi a bt k tha mn gcd(a,p) = 1, theo nh l Fermat
ta c
a
Q
1 (modp ). V vy, nu ly d =gcd(a
Q
- 1, n ) th p d. Nu d = n
th coi nh thut ton khng cho ta iu mong mun, tuy nhin iu
chc khng xy ra nu n c t nht hai tha s nguyn t khc
nhau. T nhng lp lun ta c:
(p - 1)-thut ton Pollard phn tch thnh tha s :
INPUT: mt hp s n khng phi l lu tha ca mt s nguyn t.
OUTPUT: mt tha s khng tm thng ca n .
1. Chn mt cn cho mn B.
2. Chn ngu nhin mt s nguyn a , 2 a n - 1, v tnh d
= gcd(a,n ). Nu d 2 th cho ra kt qu (d ).
3. Vi mi s nguyn t q B thc hin:
3.1 Tnh
ln
.
ln
n
l
q


=




3.2 Tnh mod .
l
q
a a n
49

50

4. Tnh d = gcd(a -1, n).
5. Nu 1< d < n th cho ra kt qu (d ). Nu ngc li th
thut ton coi nh khng c kt qu.
Th d: Dng thut ton cho s n = 19048567. Ta chn B =19,
v a =3, v tnh c gcd(3,n ) =1. Chuyn sang thc hin bc 3 ta
c bng sau y (mi hng ng vi mt gi tr ca q ) :


q l a
2
3
5
7
11
13
17
19
24
15
10
8
6
6
5
5
2293244
13555889
16937223
15214586
9685355
13271154
11406961
554506

Sau ta tnh d =gcd(554506-1,19048567) = 5281. Vy ta c mt
tha s p = 5281, v do mt tha s na l q = n/p = 3607. C hai
tha s u l nguyn t.
Ch rng y p -1 = 5280 = 2
5
.3.5.11 , c tt c cc c s nguyn
t u 19, do chc chn thut ton s kt thc c kt qu. Thut
ton s kt thc khng c kt qu khi mn B c chn qu b
khng mt tha s nguyn t p no ca n m p -1 ch cha cc c
s nguyn t B. Nh vy, c th xem (p -1)-thut ton Pollard
phn tch n thnh tha s nguyn t l c hiu qu i vi nhng s
nguyn n l B-mn, ngi ta tnh c thi gian cn thc hin
thut ton l c O(B lnn /lnB ) php nhn theo muyn.

By gi ta xt trng hp cc s nguyn Blum, tc l cc s c
dng n = p.q , tch ca hai s nguyn t ln. Trc ht ta ch rng

nu ta bit hai s nguyn khc nhau x v y sao cho
2 2
(mod ) x y n
th ta d tm c mt tha s ca n . Thc vy, t
2 2
(mod ) x y n ta
c
2 2
( )( ) x y x y x y = + chia ht cho n , do n khng l c s ca x
+ y hoc x - y, nn gcd(x - y, n) phi l mt c s ca n, tc bng p
hoc q .
Ta bit nu n = p.q l s Blum, th phng trnh ng d

2 2
(mod ) x a n
c 4 nghim, hai nghim tm thng l x = a v x = -a . Hai nghim
khng tm thng khc l b , chng l nghim ca hai h phng
trnh ng d bc nht sau y:


( )
(mod )
(mod )
mod (mod )
x a p
x a p
x a q x a q

Bng lp lun nh trn, ta thy rng nu n l s Blum, a l mt s
nguyn t vi n, v ta bit mt nghim khng tm thng ca
phng trnh
2 2
(mod ) x a n , tc bit mt x a sao cho
2 2
(mod ) x a n th gcd(x - a , n ) s l mt c s ca n . Nhng iu
trn y l cn c cho mt s phng php tm c s nguyn t
ca mt s nguyn dng Blum; chung ca cc phng php l
dn v vic tm mt nghim khng tm thng ca mt phng
trnh dng
2 2
(mod ) x a n , chng hn nh phng trnh
2
1(mod ) x n .
Mt trng hp kh l th trong l thuyt mt m l khi ta bit hai
s a ,b l nghch o ca nhau theo mod (n ) (nhng khng bit
(n ) ), v tm mt phn tch thnh tha s ca n. Bi ton c t ra
c th l: Bit n c dng Blum, bit a v b sao cho ab 1(mod (n )).
Hy tm mt c s nguyn t ca n , hay tm mt nghim khng
tm thng ca phng trnh
2
1(mod ) x n . Ta gi thit ab - 1 = 2
s
. r
vi r l s l. Ta pht trin mt thut ton xc sut kiu Las Vegas
nh sau: Ta chn mt s ngu nhin v (1 v n - 1). Nu may mn
v l bi s ca p hay q, th ta c ngay mt c s ca n l gcd(v,n
). Nu v nguyn t vi n , th ta tnh cc bnh phng lin tip k t
v
r
, c cho n khi c vi mt t no
2 4
, , ,...
r r r
v v v (
2.
1 mod
t
r
v n )
51

52
) n
. S t nh vy bao gi cng t c, v c 2
s
. r 0 (mod(n ))
nn c Nh vy, ta tm c mt s (
2 .
1 mod .
s
r
v
1
2 .
t
r
x v

= sao
cho
2
1(mod ) x n . Tt nhin c x 1 modn . Nu cng c x -1
(modn ) th x l nghim khng tm thng ca
2
1(mod ) x n , t
ta c th tm c s ca n . Nu khng th thut ton coi nh tht
bi, cho ta kt qu khng ng. Ngi ta c th c lng xc sut
cho kt qu khng ng vi mt ln th vi mt s v l < 1/2, do
nu ta thit k thut ton vi m s ngu nhin v
1
,...v
m
, th s c
th t c xc sut cho kt qu khng ng l < 1/2
m
!

2.4.3. Tnh logarit ri rc theo muyn nguyn t.
Cho p l mt s nguyn t, v l mt phn t nguyn thu theo
modp, tc l phn t nguyn thu ca nhm
*
p
Z . Bi ton tnh
logarit ri rc theo modp l bi ton tm, vi mi s
*
p
Z ,mt s a (
1 a p -1) sao cho =
a
modp , tc l a = log

(modp -1). Mt
thut ton tm thng gii bi ton ny l thut ton duyt ton
b cc s a t 1 n p - 1, cho n khi tm c a tho mn =
a

modp . Tt nhin, thut ton ny l khng hiu qu nu p l s
nguyn t rt ln. Mt bin dng ca thut ton vi t nhiu hiu
qu hn l thut ton Shanks sau y:
t 1 m p

=


. Ta tm a di dng
R rng = ,0 , 1. a mj i j i m = +
a
modp khi v ch khi
(mod )
mj i
p . Ta lp hai danh sch gm cc cp ( , v cc
cp vi j v i chy t 0 n m - 1. Khi pht hin ra c hai
cp t hai danh sch c hai phn t th hai bng nhau l ta c
kt qu chnh l gi tr log
)
m j
j
( , )
i
i

, a mj i = +

m ta cn tm. Thut
ton Shanks c phc tp c O(m) php ton nhn v O(m) b
nh (cha k O(m
2
) php so snh).
Mt thut ton khc, thut ton Polig-Hellman, thng c
dng c hiu qu trong trng hp p -1 ch c cc tha s nguyn t

b, c ni dung nh sau: Gi thit rng p - 1 c dng phn tch chnh
tc l

1
1 .
i
k
c
i
i
p p
=
=

tm a = log

(modp -1), ta tm cc s a
i
sao cho
vi i = 1,...,k. Sau khi tm c cc a
mod
i
c
i i
a a p
i
nh vy, th h phng trnh
mod ( 1,..., )
i
c
i i
x a p i = k

,c gii theo nh l s d Trung quc, s

cho ta li gii cn tm. Vy, vn l xc nh cc
. Vn ny c pht biu li nh sau: Gi s
q l mt c s nguyn t ca p - 1, v q
(mod 1) x a p
mod ( 1,..., )
i
c
i i
a p i =
c
p - 1 nhng khng cn q
c + 1
p - 1 . Ta cn tm x = a modq
c
. Ta biu din x di dng s q -
phn nh sau:

1
0
(0 1).
c
i i i
i
x x q x q

=
=

V x = a modq
c
nn a vit c di dng a = x + q
c.
. s , v v
1
1(mod )
p
p

, nn ta c

0
( 1) 1 1
1
( ) (mod
a
q
p x p p
a
p q q q
p

).
Ta t , v tnh ln lt , ng thi so snh
vi
( 1)/ p q


=
0 1 2
, , ,...
( 1)/
mod ,
p q
p

ta s tm c i sao cho
( 1)/
mod .
i p q
p

Ta
ly s i l x
0
, tc x
0
= i . Nu c = 1 th x = x
0
, ta tm xong x .
Nu c >1 th bng cch t v
0
'
x

= ' log 'mod

c
x q

= ta d
thy rng

1
1
'
c
i i
i
x x q

=
=

.
T ta suy ra

2
1
( 1) / ( 1)/
' m
p x q p q
od . p


Tng t nh bc trn, tnh ln lt , ng thi so
snh vi ta s tm c x
0 1 2
, , ,...
2
( 1)/
'
p q

,
1
.
53

C lm nh vy, ta s tm c dn tt c cc gi tr x
i
vi i =
0,1,...,c -1, tc l tnh c x. Sau khi tm c tt c cc gi tr x
ng vi mi c s nguyn t q ca p , th theo mt nhn xt
trn, ch cn gii tip mt h phng trnh ng d bc nht theo
cc muyn tng cp nguyn t vi nhau (bng phng php s
d Trung quc), ta s tm c s a cn tm, a = log

theo
modp.
Th d: Cho p = 29 v = 2. Hy tnh a =log
2
18 theo mod29.
Ta c p - 1 = 28 = 2
2
. 7
1
. Theo thut ton Polig-Hellman, ta tm
ln lt a mod 4 v a mod 7. Theo cc bc tnh ton nh m t
trn, ta s tm c a mod 4 = 3 v a mod 7 =4 .T gii h
phng trnh

3(mod4),
4(mod7)
x
x

ta c nghim x 11 (mod28), tc c 11 = log

2
18 theo
mod29. Thut ton Polig-Hellman cho ta mt cch tnh logarit ri
rc kh hiu qu, nhng ch khi p -1 ch c cc tha s nguyn t
b. V vy, nu p -1 c t nht mt tha s nguyn t ln th thut
ton kh c thc hin c hiu qu, tc trong trng hp
bi ton tnh logarit ri rc theo modp vn l mt bi ton kh.
Mt lp cc s nguyn t p m p - 1 c t nht mt c s nguyn
t ln l lp cc s nguyn t dng p = 2q + 1, trong q l
nguyn t. Nhng s nguyn t dng c gi l s nguyn
t Sophie Germain, c vai tr quan trng trong vic xy dng
mt lp kh thng dng cc h mt m c kho cng khai.
Ngi ta cng nghin cu pht trin nhiu thut ton khc, c
thut ton tt nh, c thut ton xc sut, tnh logarit ri rc,
nhng cha c thut ton no c chng t l c phc tp
tnh ton vi thi gian a thc.



54

55







55

CHNG III
Cc h mt m kha i xng

3.1. Mt s h mt m c in.
Trong chng ny ta s gii thiu mt s h mt m c kha
i xng, tc l nhng h mt m m kha lp mt m v kha gii
mt m l trng nhau, v v vy kha mt m chung phi c
gi b mt, ch ring hai i tc (ngi lp mt m gi i v
ngn nhn mt m gi n) c bit m thi. Trong sut mt thi
k lch s di t thi c i cho n vi ba thp nin gn y, cc
phng php mt m c s dng trong thc t u l mt m
kho i xng, t h mt m Ceasar c dng hn nghn nm
trc cho n cc h mt m c s dng vi s tr gip ca k
thut my tnh hin i trong thi gian gn y. Trc ht ta hy bt
u vi mt s h mt m c in.

3.1.1. M chuyn dch (shift cipher)
Cc h mt m dng php chuyn dch ni trong mc ny
cng nh nhiu h mt m tip sau u c bng k t bn r v
bng k t bn m l bng k t ca ngn ng vit thng thng. V
bng k t ting Vit c dng nhiu du ph lm cho cch xc nh
k t kh thng nht, nn trong ti liu ny ta s ly bng k t
ting Anh minh ho, bng k t ny gm c 26 k t, c nh
s t 0 n 25 nh trnh by tit 1.2.1, ta c th ng nht n vi
tp Z
26
. Nh vy, s cc h mt m chuyn dch c nh ngha
nh sau:
S = (P , C , K , E , D ) ,
trong P = C = K = Z
26
, cc nh x E v D c cho bi:
56
vi mi K, x , y Z
26
: E (K, x) = x +K mod26,
D (K, y) = y - K mod26.
Cc h mt m c xc nh nh vy l ng n, v vi
mi K, x , y Z
26
ta u c:
d
K
(e
K
(x)) = (x +K ) - K mod26 = x.
Cc h mt m chuyn dch c s dng t rt sm,
theo truyn thuyt, h m vi K =3 c dng bi J. Caesar t
thi quc La m, v c gi l h m Caesar.
Th d: Cho bn r hengapnhauvaochieuthubay, chuyn dy
k t thnh dy s tng ng ta c:
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
Nu dng thut ton lp mt m vi kho K = 13, ta c bn m l:
y = 20 17 0 19 13 2 0 20 13 7 8 13 1 15 20 21 17 7 6 20 7 14 13 11,
chuyn di dng k t thng thng ta c bn mt m l:
uratncaunhinbpuv rhguhonl .
gii bn mt m , ta ch cn chuyn n li di dng s (
c dy y), ri thc hin thut ton gii m, tc tr tng s hng
vi 13 (theo muyn 26), c li dy x, chuyn thnh dy k t l
c bn r ban u.
Cc h mt m chuyn dch tuy d s dng, nhng vic thm
m cng kh d dng, s cc kho c th c l 26; nhn c mt
bn m, ngi thm m ch cn th dng ln lt ti a l 26 kho
gii m, t s pht hin ra c kho dng v c bn r!

3.1.2. M thay th (substitution cipher).
S cc h mt m thay th c nh ngha nh sau:
S = (P , C , K , E , D ) ,
trong P = C = Z
26
, K l tp hp tt c cc php hon v trn Z
26

cc nh x E v D c cho bi:

vi mi x P , y C , K l mt php hon v trn Z
1
( ) ( ),
( ) ( ),
e x x
d y y

=
=
26
.
Ta thng ng nht Z
26
vi bng k t ting Anh, do
php hon v trn Z
26
cng c hiu l mt php hon v trn tp
hp cc k t ting Anh, th d mt php hon v c cho bi
bng :
a b c d e f g h i j k l m n o p q r
x n y a h p o g z q w b t s f l r c

s t u v w x y z
v m u e k j d i
Vi h mt m thay th c kho , bn r
x = hengapnhauvaochieuthubay
s c chuyn thnh bn mt m
y = ghsoxlsgxuexfygzhumgunxd .
Thut ton gii m vi kho , ngc li s bin y thnh bn r x.
S h mt m c s kho c th bng s cc php hon v
trn tp Z
26
, tc l 26! kho, l mt s rt ln (26!> 4.10
26
). Do ,
vic duyt ln lt tt c cc kho c th thm m l khng thc
t, ngay c dng my tnh. Tuy vy, c nhng phng php thm
m khc hiu qu hn, lm cho cc h mt m thay th khng th
c xem l an ton.



3.1.3. M apphin.
S cc h mt m apphin c nh ngha nh sau:
57
58
S = (P , C , K , E , D ) ,
trong P = C = Z
26
, K = { (a,b) Z
26
x Z
26
gcd(a, 26) = 1} ,
cc nh x E v D c cho bi:
e
K
(x ) = ax + b mod26,
d
K
(y ) = a
-1
(y - b) mod26,
vi mi x P , y C , K = (a, b) K .
C iu kin gcd (a, 26) = 1 l bo m c phn t nghch
o a
-1
mod26 ca a , lm cho thut ton gii m d
K
lun thc hin
c. C tt c (26) = 12 s a Z
26
nguyn t vi 26, l cc s
1, 3, 5, 7 ,9, 11, 15, 17, 19, 21, 23, 25,
v cc s nghch o theo mod26 tng ng ca chng l
1, 9, 21, 15, 3, 19, 7, 23, 11, 5, 17, 25.
Th d vi bn r hengapnhauvaochieuthubay, c dy s
tng ng l:
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
Nu dng h mt m apphin vi kho K=(5, 6) ta s c bn mt
m
y = 15 0 19 10 6 3 19 15 6 2 7 6 24 16 15 20 0 2 23 15 2 11 6 22,
chuyn sang dng k t ting Anh ta c bn mt m di dng
patkgdtpgchgyqpuacxpclgw .
V c 12 s thuc Z
26
nguyn t vi 26, nn s cc kho c th
c (do , s cc h mt m apphin) l bng 12x26 =312, mt con s
khng ln lm nu ta s dng my tnh thc hin vic thm m
bng cch duyt ln lt tt c cc kho c th; nh vy, m apphin
cng khng cn c xem l m an ton !

3.1.4. M Vigenre.
S mt m ny ly tn ca Blaise de Vigenre, sng vo
th k 16. Khc vi cc h mt m k trc, cc h mt m
Vigenre khng thc hin trn tng k t mt, m c thc hin
trn tng b m k t (m l s nguyn dng).
S cc h mt m Vigenre c nh ngha nh sau:
S = (P , C , K , E , D ) ,
trong P = C = K =
26
m
Z , cc nh x E v D c cho bi:
e
K
(x
1
,..., x
m
) = ( x
1
+k
1
,...., x
m
+k
m
) mod26
d
K
(y
1
,..., y
m
) = ( y
1
-k
1
,..., y
m
-k
m
) mod26
vi mi x =(x
1
,..., x
m
) P , y =(y
1
,..., y
m
) C , K = (k
1
,...,k
m
) K .
S m Vigenre c th c xem l m rng ca s m
chuyn dch, nu m chuyn dch thc hin vic chuyn dch tng
k t mt th m Vigenre thc hin ng thi tng b m k t lin
tip. Th d ly m = 6 v K = (2, 8, 15, 7, 4, 17). lp mt m cho
bn r
hengapnhauvaochieuthubay,
ta cng chuyn n thnh dy s v tch thnh tng on 6s lin
tip:
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
(nu di ca x khng phi l bi s ca 6, ta c th qui c thm
vo on cui ca x mt s phn t no , chng hn l cc s 0,
bao gi cng c th xem l x tch c thnh cc on c 6 s lin
tip). Cng theo mod26 cc s trong tng on vi cc s tng
ng trong kho K ta s c bn mt m
y = 9 12 2 13 4 6 15 15 15 1 25 17 16 10 22 15 8 11 21 15 9 8 4
15
chuyn sang dy k t ta c bn m l
jmcnegpppbzrqkwpilvpjiep .
59
T bn m , dng thut ton gii m tng ng ta li thu c
bn r ban u.
Tp K c tt c l 26
m
phn t, do vi mi m c tt c l
26
m
h mt m Vigenre khc nhau (vi m = 6 th s l
308,915,776), duyt ton b chng y kho thm m bng tnh
th cng th kh, nhng nu dng my tnh mnh th cng
khng n ni kh lm!

3.1.5. M Hill.
S mt m ny c xut bi Lester S. Hill nm 1929.
Cng ging nh s m Vigenre, cc h m ny c thc hin
trn tng b m k t lin tip, iu khc l mi k t ca bn m
c xc nh bi mt t hp tuyn tnh (trn vnh Z
26
) ca m k t
trong bn r. Nh vy, kho s c cho bi mt ma trn cp m, tc
l mt phn t ca K Z
m xm
. php bin i tuyn tnh xc nh
bi ma trn K c php nghch o, bn thn ma trn K cng phi c
ma trn nghch o K
-1
theo mod26; m iu kin cn v K c
nghch o l nh thc ca n, k hiu detK, nguyn t vi 26. Vy,
s mt m Hill c nh ngha l s
S = (P , C , K , E , D ) ,
trong P = C =
26
m
Z , K =
{ }
26
:gcd(det ,26) 1
m m
K Z K

= ,
cc nh x E v D c cho bi:
e
K
(x
1
,..., x
m
) = (x
1
,..., x
m
).K mod26,
d
K
(y
1
,..., y
m
) = (y
1
,..., y
m
). K
-1
mod26
vi mi x =(x
1
,..., x
m
) P , y =(y
1
,..., y
m
) C , K K .
Th d : Chn m = 2, v K = .
11 8
3 7



60
Vi b hai k t x = (x
1
,x
2
) ta c m y = (y
1
, y
2
).K c tnh bi:
y
1
= 11x
1
+ 3x
2
mod26
y
2
= 8x
1
+ 7x
2
mod26 .
Ta ly li bn r hengapnhauvaochieuthubay, ta cng chuyn n
thnh dy s v tch thnh tng on 2 s lin tip:
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
Lp mt m cho tng on hai s lin tip, ri ni ghp li ta c
y = 11 65 16 19 18 218 223 124 2223 80 1622 1915 1120 12.
V t ta c bn mt m di dng dy k t l
lgfqtbivicxmewxiaqwtplum .
Ch rng
61

K
-1
= ,
1
11 8 7 18
(mod26)
3 7 2311

=


v gii m bng cch nhn tng on hai s lin tip ca y vi K
-1
ta
s c li dy x, v t c li bn r.
Vi mi s m cho trc, s cc kho c th c l bng s cc ma trn
K c detK nguyn t vi 26. Ta khng c cng thc tnh con s
, tuy bit rng khi m ln th s cng l rt ln, v tt nhin vic
thm m bng cch duyt ln lt ton b cc h m Hill c cng s
m l khng kh thi. Mc d vy, t lu ngi ta cng tm c
nhng phng php thm m khc i vi h m Hill mt cch kh
hiu qu m ta s gii thiu trong mt phn sau.
3.1.6. M hon v.
Cc h m hon v cng c thc hin trn tng b m k t
lin tip, nhng bn mt m ch l mt hon v ca cc k t trong
tng b m k t ca bn r. Ta k hiu S
m
l tp hp tt c cc php
hon v ca tp hp { 1,2, ... ,m }. S cc php m hon v c
cho bi
S = (P , C , K , E , D ) ,
trong P = C =
26
m
Z , K = S
m
, cc nh x E v D c cho bi:
e
K
(x
1
,..., x
m
) =
(1) ( )
( ,..., ),
m
x x

d
K
(y
1
,..., y
m
) =
vi mi x =(x
1 1
(1) ( )
( ,..., ),
m
y y


1
,..., x
m
) P , y =(y
1
,..., y
m
) C , K = S
m
,
-1
l hon
v nghch o ca .
Th d: Chn m = 6 v php hon v S
6
c cho bi:
i = 1 2 3 4 5 6
( (i) = 3 5 1 6 4 2 .
Khi php hon v
-1
s l
j = 1 2 3 4 5 6

-1
(j ) = 3 6 1 5 2 4 .
Vi bn r hengapnhauvaochieuthubay, tc cng l vi
x = 7 4 13 6 0 15 13 7 0 20 21 0 14 2 7 8 4 20 19 7 20 1 0 24.
ta s c bn m tng ng l:
y = 13 0 7 15 6 4 0 21 13 0 20 7 7 4 14 20 8 2 20 0 19 24 1 7
chuyn thnh dy k t l nahpgeavnauhheouicuatybh . Dng cho
tng b 6 k t lin tip ca bn mt m ny (tc l ca y) php gii
m d
K
ta s thu li c x v bn r ban u.
Ch rng m hon v l mt trng hp ring ca m Hill.
Thc vy, cho php hon v trn {1,2,...,m } , ta xc nh ma trn
K

= (k
i j
) vi k
i j
= 1 nu i = (j ), v = 0 nu ngc li, th d thy
rng m Hill vi kho K

cho cng mt php mt m nh m lon
v vi kho . Vi mi m cho trc, s cc h mt m hon v c th
c l m !



62
3.2. Thm m i vi cc h mt m c in.
3.2.1. Mt vi nhn xt chung.
Nh trnh by trong tit 1.5 chng 1, mc ch ca vic
thm m l da vo thng tin v bn mt m c th thu thp c
trn ng truyn tin m pht hin li c bn r ca thng bo.
V s ca h mt m c s dng thng kh m gi c b
mt, nn ta thng gi thit thng tin xut pht ca bi ton thm
m l s h mt m c s dng v bn mt m ca thng bo,
nhim v ca thm m l tm bn r ca thng bo . Ngoi cc
thng tin xut pht , tu trng hp c th, cn c th c thm
cc thng tin b sung khc, v vy bi ton thm m c phn
thnh cc loi bi ton khc nhau nh: thm m ch da vo bn m,
thm m khi bit c bn r, thm m khi c bn r c chn, thm
m khi c bn m c chn (xem mc 1.5, chng 1).
63
m
Trong tit ny ta s trnh by mt vi phng php thm m
i vi cc h mt m c in m t trong tit trc. V ta cng gi
thit cc bn r cng nh bn m u c xy dng trn bng k
t ting Anh, v hn na cc thng bo l cc vn bn ting Anh.
Nh vy, ta lun c P = C = Z
26
hay
26
Z , v c thm thng tin l
cc bn r tun theo cc qui tc t php v c php ca ngn ng
ting Anh. y l mt cn c quan trng ca cc phng php thm
m i vi cc h mt m c in. Tic l vic dng mt m
truyn a thng tin ting Vit khng li cho ta nhiu t liu
nghin cu, v nhng nghin cu v t php v c php cng cha
cho ta nhng qui tc thng k xc sut tin cy, nn trong ti liu
ny ta cha trnh by c trn cc th d mt m bng ngn ng
Vit, ta nh tm mn cc th d bng vn bn ting Anh minh
ho, mong c bn c b sung sau. Cc kt qu ch yu c s
dng nhiu nht trong thm m l cc qui tc thng k tn sut xut
hin cc k t hay cc b i, b ba,...k t lin tip trong cc vn
bn ting Anh. Trn c s phn tch cc s liu thng k t mt
lng rt ln cc vn bn th t, sch v, bo ch, v.v... ngi ta
64
thu c nhng kt qu m cc tc gi Beker v Piper tng hp
li nh sau:
Phn b xc sut xut hin ca cc k t c sp xp theo
th t: 1. K t e c xc sut xut hin cao nht l 0. 127,
2. Cc k t t, a, o, i, n, s, h, r c xc sut t 0. 060 n 0. 090,
3. Cc k t d , l c xc sut khong 0. 04,
4. Cc k t c, u, m,w, f, g, y, p, b c xc sut t 0. 015 n 0.028,
5. Cc k t v, k, j, x, q, z c xc sut di 0. 01.
Ba mi b i k t c xc sut xut hin cao nht l (k t cao
xung): th, he, in, er, an, re, ed, on, es, st, en, at, to, nt, ha, nd, ou, ea,
ng, as, or, ti, is, et, it, ar, te, se, hi, of.
Mi hai b ba k t c xc sut xut hin cao nht l: the, ing, and,
her, ere, ent, tha, nth, was, eth, for, dth.
Sau y l bng phn b xc sut ca tt c cc k t:
A (0) 0.082 B (1) 0.015 C (2) 0.028 D (3) 0.043
E (4) 0.127 F (5) 0. 022 G (6) 0.020 H (7) 0. 061
I (8) 0.070 J (9) 0.002 K (10) 0.008 L (11) 0.040
M (12) 0.024 N (13) 0.067 O (14) 0.075 P (15) 0.019
Q (16) 0.001 R (17) 0.060 S (18) 0.063 T (19) 0.091
U (20) 0.028 V (21) 0.010 W (22) 0.023 X (23) 0.001
Y (24) 0.020 Z (25) 0.001.

3.2.2. Thm m i vi m apphin.
Kho m apphin c dng K = (a,b) vi a, b Z
26
v
gcd(a,26)=1. K t m y v k t bn r x tng ng c quan h
y = a.x + b mod 26.
Nh vy, nu ta bit hai cp (x, y) khc nhau l ta c c hai
phng trnh tuyn tnh t tm ra gi tr hai n s a,b, tc l
tm ra K.
65
Th d: Ta c bn mt m:
fmxvedkaphferbndkrxrsrefmorudsdkdvshvufedkaprkdlyevlrhhrh .
Hy tm kho mt m v bn r tng ng.
Ta thy trong bn mt m ni trn, r xut hin 8 ln, d 7 ln, e, k, h
mi k t 5 ln, f, s, v mi k t 4 ln, v.v...; vy c th phn on r
l m ca e , d l m ca t, khi c
4a + b = 17 mod26,
19a + b = 3 mod26,
gii ra c a = 6 , b = 19. V gcd(a, 26) = 2 1, nn (a, b) khng th
l kho c, phn on trn khng ng. Ta li th chon mt phn
on khc: r l m ca e, h l m ca t . Khi c:
4 4a + b = 17 mod26,
19a + b = 7 mod26,
ta gii ra c a = 3, b = 5. V (a, 26) = 1 nn K = (3,5) c th l kha
cn tm. Khi php lp mt m l e
K
(x ) = 3x +5 mod26, v php
gii m tng ng l d
K
(y) = 9) = 9y - 19 mod26. Dng php gii m
cho bn m ta s c (di dng k t) bn r l:
algorithmsarequitegeneraldefinitionsofarithmeticprocesses .
Ta c th kt lun kho ng l K = (3, 5) v dng trn l bn r cn
tm.

3.2.3. Thm m i vi m Vigenre.
M Vigenre c th coi l m chuyn dch i vi tng b m
k t. Kho m l mt b K = (k
1
,..., k
m
) gm m s nguyn mod 26.
Vic thm m gm hai bc: bc th nht xc nh di m, bc
th hai xc nh cc s k
1
,..., k
m
.
C hai phng php xc nh di m : php th Kasiski
v phng php dng ch s trng hp.
Php th Kasiski ( xut t 1863). Php th da vo nhn
xt rng hai on trng nhau ca bn r s c m ho thnh hai
on trng nhau ca bn m, nu khong cch ca chng trong vn
bn r (k t k t u ca on ny n k t u ca on kia) l
bi s ca m. Mt khc, nu trong bn m, c hai on trng nhau
v c di kh ln ( 3 chng hn) th rt c kh nng chng l m
ca hai on trng nhau trong bn r. V vy, ta th tm mt on
m (c ba k t tr ln) xut hin nhiu ln trong bn m, tnh
khong cch ca cc ln xut hin , chng hn c d
1
,d
2
...,d
t
; khi
ta c th phn on m = d = gcd(d
1
, d
2
,..., d
t
)- c s chung ln
nht ca d
1
, d
2
..., d
t
; hoc m l c s ca d.
Phng php dng ch s trng hp: (nh ngha ch s trng
hp do W.Friedman a ra nm 1920).
nh ngha 3.1. Cho x = x
1
, x
2
... x
n
l mt dy gm n k t. Xc sut
ca vic hai phn t ca x trng nhau c gi l ch s trng hp
ca x , k hiu l I
C
(x).
K hiu f
0
, f
1
,..., f
25
ln lt l tn sut xut hin ca a, b, ... ,z trong x,
ta c:
( )
( )
25
0
25
2
0
2
( 1
( )
( 1)
i
i
f
i i
i
C n
f f
I x
n n
= =
) +

= =
+

.
Gi s x l mt dy k t (ting Anh). Ta c th hy vng rng:
I
C
(x)
25
2
0
i
i
p
=

= 0,065 ,
trong p
i
l xc sut ca k t ng vi s hiu i cho bi bng phn
b xc sut cc k t (trang 61)
Nu x l mt dy k t hon ton ngu nhin th ta c:
I
C
26. (1/26)
2
= 1/26 = 0,038 .
66
67
(
Da vo cc iu ni trn, ta c phng php on di m
ca m Vigenre nh sau: Cho bn m y = y
1
y
2
..., y
n
. Ta vit li y
theo bng c m (m 1) hng nh sau:
y = y
1
y
m+1
..... y
tm+1

y
2
y
m+2
..... y
tm+2

.

..........................
y
m
y
em
..... y
(tm+1)m

ngha l vit ln lt theo cc ct m k t cho n ht. Ta k hiu y
1
,
y
2
,..., y
m
l cc xu k t theo m hng trong bng . Ch rng cc
k t mi hng y
i
u thu c t cc k t vn bn gc bng
cng mt php dch chuyn nu m ng l di ca kho, do
nu m l di ca kho th ta c th hy vng rng vi mi i, 1 i
m:
I
C
y
i
) 0,065 .
on di m, ta ln lt chia y theo cch trn thnh m =
1, 2, 3... hng, v tnh cc I
C
(y
i
) (1 i m), cho n khi no c mt
s m m vi mi i, 1 i m, u c I
C
(y
i
) 0,065 th ta c th chc m
l di ca kho.
Th d: Cho bn m
chreevoahmaeratbiaxxwtnxbeeophbsbqmqeqerbwrvxuoakxa
osxxweahbwgjmmqmnkgrfvgxwtrzxwiaklxfpskautemndemg
tsxmxbtuiadngmgpsrelxnjelxvrvprtulhdnqwtwdtygbphxtfalj
hasvbfxngllchrzbwelekmsjiknbhwrignmgjsglxfeyphagnbieqjt
mrvlcrremndglxrrimgnsnrwchrqhaeyevtaqebbipeewevkakoe
wadremxmtbhhchrtkdnvrzchrclqohpwqaiiwxnrmgwoiifkee.
Dng php th Kasiski, ta nhn thy rng chr xut hin 5 ln,
khong cch ca cc ln xut hin lin tip l 165, 70, 50, 10. c s
chung ca cc s l 5. Vy ta c th phn on di kho m l
5.
Dng phng php ch s trng hp, vi m = 1 ta c mt ch s
trng hp l 0,045; vi m = 2 c hai ch s l 0,046 v 0,041; vi m = 3
c ba ch s l 0,043; 0,050 v 0,047 ; vi m = 4 c bn ch s l 0,042;
0,039; 0,046 v 0,043; vi m = 5, ta thu c nm ch s l 0,063;
0,068; 0,069; 0,061 v 0,072, u kh gn vi 0,065. Vy c th phn
on di kho l 5. C hai phng php cho kt qu nh nhau.
By gi n bc th hai l xc nh cc gi tr k
1
, k
2
,...k
m
. Ta
cn mt khi nim mi l ch s trng hp tng h, c nh
ngha nh sau:
nh ngha 3.2. Gi s x = x
1
x
2
... x
n
v y = y
1
y
2
... y
n
l hai dy k t c
di n v n'. Ch s trng hp tng h ca x v y, k hiu
MI
C
(x,y), c nh ngha l xc sut ca vic mt phn t ca x
trng vi mt phn t ca y.
K hiu
0 1 25
, ,..., f f f v
' ' '
0 1 25
, ,..., f f f l tn sut xut hin ca a, b,...,z
trong x v y tng ng. Khi , ta c:
MI
C
(x,y) =
25
'
0
.
. '
i i
i
f f
n n
=

.
By gi vi m xc nh, ta vit bn m y ln lt theo tng ct
c m hng y
1
,...y
m
nh phn trn. Ta tm kho m K =
(k
1
,k
2
,...k
m
).
Gi s x l bn r v x
1
,...,x
m
l cc phn bn r tng ng vi
y
1
,...,y
m
. Ta c th xem phn b xc sut ca cc k t trn x, v cng
trn cc x
1
,..., x
m
l xp x vi phn b xc sut ca cc k t trn vn
bn ting Anh ni chung. Do , xc sut ca vic mt k t ngu
68
nhin ca y
i
bng a l
i
k
p

, bng b l
1
i
k
p

, v.v... V ta c th nh
gi

25 25
0 0
( , ) . . .
i j i
C i j h k h k h h k k
h h
MI y y p p p p
+
= =
=

j
i lng ch ph thuc vo k
i
- k
j
, ta gi l dch chuyn tng
i ca y
i
v y
j
. Ta ch rng biu thc:

25
0
.
h h l
h
p p
+
=

c gi tr ln nht khi l = 0 l 0,065, v c gi tr bin thin gia 0,031

v 0,045 vi mi l > 0 .
Nhn xt rng y
j
phi dch chuyn l = k
i
- k
j
bc (hay dch chuyn l
k t trong bng ch ci) c y
i
, nn nu k hiu y
j
g
l dch
chuyn g bc ca y
j
, th ta c hy vng khi tnh ln lt cc i
lng MI
C
(y
i
,y
j
g
) vi 0 g 25, ta s t c mt gi tr xp x
0,065 vi g = l, v cc gi tr khc u khong gia 0,031 v 0,045.
iu cho ta mt phng php c lng cc dch chuyn k
i
-
k
j
, tc l c mt s phng trnh dng k
i
- k
j
= l, t gip ta
tnh ra cc gi tr k
1
, k
2
,..., k
m
.
Trong th d ca bn m ang xt, ta tnh c cc gi tr
MI
C
(y
i
, y
j
g
) vi 1 i j 5, 0 g 25, nh trong bng trang sau
y (trong bng , bn phi mi cp (i, j ) l mt ngn gm c 26
gi tr ca MI
C
(y
i
, y
j
g
) ng vi cc gi tr ca g = 0,1,2,..., 25).
Nhn bng , ta thy cc gi tr MI
C
(y
i
, y
j
g
) xp x 0.065 (nh
c in m v gch di trong bng) ng vi cc b gi tr (i, j,g )
ln lt bng (1,2,9), (1,5,16), (2,3,13), (2,5,7), (3,5,20) v (4,5,11).

69
70
i j
Gi tr ca MI
C
(y
i
, y
j
g
)
1 2
.028 .027 .028 .034 .039 .037 .026 .025 .052 .068 .044 .026 .037
.043 .037 .043 .037 .028 .041 .041 .034 .037 .051 .045 .042 .036

1 3
.039 .033 .040 .034 .028 .053 .048 .033 .029 .056 .050 .045 .039
.040 .036 .037 .032 .027 . 037 .036 .031 .037 .055 .029 .024 .037
1 4 .034 .043 .025 .027 .038 .049 .040 .032 .029 .034 .039 .044 .044
.034 .039 .045 .044 .037 .055 .047 .032 .027 .039 .037 .039 .035
1 5 .043 .033 .028 .046 .043 .044 .039 .031 .026 .030 .036 .040 .041
.024 .019 .048 .070 .044 .028 .038 .044 .043 .047 .033 .026 .046
2 3 .046 .048 .041 .032 .036 .035 .036 030 .024 .039 .034 .029 .040
.067 .041 .033 .037 .045 .033 .033 .027 .033 .045 .052 .042 .030
2 4 .046 .034 .043 .044 .034 .031 .040 .045 040 .048 .044 .033 .024
.028 .042 .039 .026 .034 .050 .035 ,032 .040 .056 .043 .028 .028
2 5 .033 .033 .036 .046 .026 .018 .043 .080 .050 .029 .031 .045 .039
.037 .027 .026 .031 .039 .040 .037 .041 .046 .045 .043 .035 .030
3 4 .038 .036 .040 .033 .036 .060 .035 .041 .029 .058 .035 .035 .034
.053 .030 .032 .035 .036 .036 .028 .046 .032 .051 .032 .034 .030
3 5 .035 .034 .034 .036 .030 .043 .043 .050 .025 .041 .051 .050 .035
.032 .033 .033 .052 .031 .027 .030 .072 .035 .034 .032 .043 .027
4 5 .052 .038 .033 .038 .041 .043 .037 .048 .028 .028 .036 .061 .033
.033 .032 .052 .034 .027 .039 .043 .033 .027 .030 .039 .048 .035
T ta c cc phng trnh (theo mod26):
k
1
- k
2
= 9 k
2
- k
5
= 7
k
1
- k
5
= 16 k
3
- k
5
= 20
k
2
- k
3
= 13 k
4
- k
5
= 11 .
H phng trnh ch c 4 phng trnh c lp tuyn tnh, m c
5 n s, nn li gii ph thuc mt tham s, ta chn l k
1
, v c
(k
1
, k
2
, k
3
, k
4
, k
5
) = (k
1
, k
1
+ 17, k
1
+ 4, k
1
+ 21, k
1
+ 10)mod26.
Th vi cc gi tr c th ca k
1
(0 k
1
26), cui cng ta c th tm
c bn r nh sau y vi kho l JANET (k
1
= 9):
the almond tree was in tentative blossom the days were longer often
ending with magnificent evenings of corrugated pink skies the
hunting season was over with hounds and guns put away for six
months the vineyards were busy again as the well organized
farmers treated their vines and the more lackadaisical neighbors
hurried to do the pruning they should have done in november.
3.2.4. Thm m i vi m Hill.
Mt m Hill kh b khm ph bi vic thm m ch da vo
bn m, nhng li l d b khm ph nu c th s dng php thm
m kiu bit c bn r. Trc ht ta gi thit l bit gi tr m. Mc
ch ca thm m l pht hin c kho mt m K, trong trng
hp m Hill l mt ma trn cp m c cc thnh phn trong Z
26
.
Ta chn mt bn r c cha t nht m b m khc nhau cc k t:
71
m

1 11 1 1
( ,..., ),....., ( ,..., ),
m m m m
x x x x x x = =
v gi thit bit m tng ng ca chng l:
1 11 1 1
( ,..., ),...., ( ,..., ).
m m m m
y y y y y y
m
= =
Ta k hiu X v Y l hai ma trn cp m , X=(x
i j
), Y= (y
i j
). Theo nh
ngha m Hill, ta c phng trnh Y =X.K. Nu cc x
i
c chn sao
cho ma trn X c nghch o X
-1
th ta tm c K = X
-1
.Y , tc l tm
c kho ca h m c s dng.
Th d: Gi s m Hill c s dng c m =2, v ta bit bn r
friday cng bn m tng ng pqcfku. Nh vy ta bit
e
K
(5,17) =(15,16), e
K
(8,3) =(2,5), v e
K
(0,24) =(10,20).
T hai phng trnh u ta c

15 16 5 17
. ,
2 5 8 3
K

=


72

i
t c K = . Vi K phng trnh th ba cng nghim
ng.
7 19
8 3

Tr li vi vn xc nh m. Nu m khng qua ln, ta c
th th cch trn ln lt vi m = 2,3,4,... cho n khi tm c kho,
v kho K xem l tm c nu ngoi m cp b m (x
1
,y
1
),..., (x
m
, y
m
)
dng tm kho, K vn nghim ng vi cc cp b m khc m ta
c th chn th.
3.3. Mt m theo dng v cc dy s gi ngu nhin.
3.3.1. Mt m theo dng.
Cc h mt m c xt trong cc tit trn u thuc loi mt
m theo khi, vn bn r c chia thnh tng khi v vic lp mt
m cho vn bn c thc hin cho tng khi ri sau ni
ghp li, lp mt m cho tt c cc khi u theo cng mt kho
chung K. Vi cch lp mt m theo dng, theo m t trong tit 1.2,
cc khoa dng cho cc khi vn bn ni trn c th khc nhau, do
, cng vi s mt m gc, ta cn cn c mt b s nh dng kho
vi mi mm kho s cho trc n sinh ra mt dng kho
K
1
K
2
K
3
..., mi K
i
dng lp mt m cho khi x
i
ca vn bn. Mi
t kho K
i
, ngoi vic ph thuc vo mm kho s cn c th ph
thuc vo on t kho K
1
...K
i-1
c sinh ra trc v c vo
cc yu t khc, chng hn nh on vn bn x
1
...x
i-1
c lp
mt m trc . Nh vy, ta c th nh ngha li nh sau: Mt s
h mt m theo dng c cho bi mt b
S = (P , C , R, K , F, E , D ) (1)
73

f



f
tha mn cc iu kin sau y:
P l mt tp hu hn cc k t bn r,
C l mt tp hu hn cc k t bn m,
R l mt tp hu hn cc mm kho,
K l mt tp hu hn cc kha,
F = { f
1
, f
2
,....}l b sinh dng kho, trong mi
i
l mt nh
x t R 3K
i- 1
3P
i- 1
vo K ,
E l mt nh x t K3P vo C , , c gi l php lp mt m;
v D l mt nh x t K 3C vo P , c gi l php gii m. Vi
mi KK , ta nh ngha e
K
: P C , d
K
:C P l hai hm cho bi :
x P : e
K
(x) = E (K,x) ; y C : d
K
(y) = D (K,y).
e
K
v d
K
c gi ln lt l hm lp m v hm gii m ng vi
kha mt m K. Cc hm phi tha mn h thc:
x P : d
K
(e
K
(x)) = x.
Khi cho trc mm kho r R , vi mi bn r x = x
1
x
2
....x
m

P
*
, ta c bn mt m tng ng l y = y
1
y
2
.... y
m
, vi
y
i
= E (K
i
,x
i
) , trong K
i
= f
i
(r, K
1
,...,K
i- 1
, x
1
x
2
....x
i- 1
), (i =1,2,...,m).
iu c ngha l t mm kho r v bn r x sinh ra c dng
kho K
1
K
2
...K
m
, v vi dng kho lp c bn mt m y theo
tng k t mt.
Nu b sinh dng kho khng ph thuc vo vn bn r, tc
l nu mi
i
l mt nh x t R 3K
i- 1
vo K , th ta gi b sinh dng
kho l ng b ; dng kho ch ph thuc vo mm kho v l
nh nhau i vi mi vn bn r. Mt dng kha K =K
1
K
2
K
3
.. c
gi l tun hon vi chu k d nu c s nguyn N sao cho K
i+d
= K
i

vi mi i N . Ch rng m Vigenre vi di kha m c th
c coi l m dng vi dng kho c chu k m, v c cc php lp
m v gii m theo m chuyn dch.
i vi cc h m theo dng, bo mt thng c quyt
nh bi ngu nhin ca dng kho, tc l tnh ngu nhin ca
vic xut hin cc k t trong dng kho, m t ph thuc vo bn
thn php lp mt m, do cc php lp mt m e
K
(v c php
gii m d
K
) u c th c chn l cc php n gin; trong cc
ng dng thc t, ngi ta thng dng h m vi P = C = K = Z
2
,
v vi cc php lp m v gii m c cho bi

( ) mod2,
(2)
( ) mod2
K
K
e x x K
d y y K
= +

= +

3.3.2. M dng vi dng kho sinh bi h thc truy ton.
74
)
Cc h mt m dng vi dng kho sinh bi h thc truy ton
l cc h m theo s (1) vi P = C = K = Z
2
, R = , mi
mm kho r = r
2
( 1
m
Z m
1
....r
m
to ra mt dng kho ng b K = z
1
z
2
....z
i
....
vi
1 1
,( 1,..., )
... mod2,( 1),
i i
i i m m i
z r i m
z c z c z i m

= =

= + + +

(3)
trong c
1
,..., c
m
l cc hng s thuc Z
2
; cc php lp mt m v
gii m cho tng k t c cho bi cc cng thc (2).
Cc dng kho sinh bi h thc truy ton nh trn l cc
dng kho tun hon, ta c th chn mm sao cho t c dng
kho c chu k ln nht l 2
m
-1.
H to sinh cc dng kho bi h thc truy ton c th c
thc hin bi mt thit b k thut n gin bng cch dng mt
thanh ghi chuyn dch phn hi tuyn tnh (linear feedback shift
register); v nh vy ch cn thm mt b cng mod2 na l ta c
c mt my lp mt m v gii m t ng; do cc my mt
m kiu ny c s dng kh ph bin trong mt giai on
trc y.
Th d: chn m = 4 v h thc truy ton
z
i
= z
i - 4
+ z
i - 3
mod2 (i >4)
ta s c vi mi mm K = z
1
z
2
z
3
z
4
0000 mt dng kho tun
hon c chu k 15. Chng hn, vi r = 1000 ta s c dng kho:
10001001101011110001001........
Dng kho c sinh bi thanh ghi chuyn dch phn hi tuyn
tnh sau y:



3.3.3. M dng vi dng kho l dy s gi ngu nhin.
Nh xt trong cc mc trn, s m theo dng c th
c xem l bao gm hai b phn: mt s mt m nn (cho vic
lp mt m v gii m trn tng k t),v mt c ch to dng kha.
Tng t nh vi h m dng c dng kho sinh bi thanh ghi
chuyn dch trong mc trn, ta s xt s mt m nn l s
S = (P , C , K , E , D ) ,
trong P = C = K = Z
2
, E v D c cho bi:
E (K, x ) = x + K mod2 , D (K, y ) = y + K mod2 .
75
) v
C ch to dng kho c th xem l mt nh x : R XZ K , xc
nh vi mi mm kho r R = mi s nguyn i 0,
mt s hng z
2
( 1
m
Z m
i
= (r ,i ) K ca dng kho ng b K = z
1
z
2
....z
i
.....
Mt h mt m dng l c bo mt cao, nu bn thn s
mt m nn c bo mt cao (chng hn, l b mt hon ton theo
nh ngha Shannon), v c ch to dng kho to ra c cc dng
kho l cc dy bit ngu nhin. D thy rng, s mt m nn m
t trn tho mn cc iu kin ca nh l 2.2.1 , do n l b mt
hon ton; v vy c c cc h m dng vi bo mt cao ta
ch cn chn c cc c ch to dng kho bo m sinh ra cc dy
bit ngu nhin. Mt dy bit z
1
z
2
....z
i
..... c xem l ngu nhin, nu
mi z
i
l mt bin ngu nhin vi p(z
i
= 0) = p(z
i
= 1) = 0.5, v cc
bin ngu nhin z
i
v z
j
(i j ) l c lp vi nhau. Vi ngha , ta
khng c cch no on nhn mt dy bit cho trc c l ngu
nhin hay khng, v chng mt dy bit, nu c sinh ra bi mt
s hu hn qui tc no , th khng cn c th xem l ngu nhin
c na. V vy, thay cho i hi phi to ra cc dy bit ngu
nhin, thng ta ch yu cu to ra c cc dy bit gi ngu nhin,
tc l c mt tnh cht no gn vi ngu nhin, m thi. Yu cu
thng dng nht i vi tnh gi ngu nhin ca mt dy bit
z
1
z
2
....z
i
..... l bit trc mt on u z
1
z
2
....z
i- 1
kh m on c
bit tip theo z
i
. Ta th chnh xc ho tng ny nh sau:
76
) Khng gian cc mm kho R = c tt c l 2
2
( 1
m
Z m
m
mm
kho khc nhau, gi s tt c chng u c xc sut xut hin nh
nhau, tc l bng 1/2
m
. Ta xt tp hp tt c cc dng kho c th c
vi di l (l >m), tc l tp Z
l
, v trn tp ta xc nh mt phn
b xc sut p
1
sao cho p
1
(z
1
....z
l
) =1/2
m
nu z
1
....z
l
l mt dng kho
sinh ra c t mt mm kho r R no , v p
1
(z
1
....z
l
) = 0 nu
ngc li. Ta ni phn b xc sut p
1
trn Z
l
l c cm sinh t
phn b xc sut u trn khng gian cc mm kho R . Cn chnh
phn b xc sut u trn Z
l
s c k hiu l p
0
.
Gi s : R XZ K l c ch to dng kho ca mt h mt m
dng, v r R . Ta ni B l mt thut ton on bit tip theo (i vi
v r ) nu vi mi s nguyn i (0 i l )v mi t z
1
...z
i-1
Z
i -1
, ta
c : B (i, z
1
...z
i- 1
) = (r ,i ). R rng nu ta mun c ch to ra cc
dng kho gi ngu nhin tt th ta khng mong c thut ton on
bit tip theo lm vic c hiu qu (chng hn tnh ton c trong
thi gian a thc). Gim nh yu cu on ng bit tip theo, ta s
ni thut ton B l -on bit tip theo (i vi v r ) nu c

1
1 1
1 1 1 1 1
...
1
( ... ). ( ( , ... ) ( , )) .
2 i
i
i i
z z Z
p z z p B i z z r i

= +

(4)
(ch rng biu thc v tri l k vng ton hc ca vic on
ng bit th i tip theo ca cc dng kho gm i -1 bit).
Nh vy, ta c th xem mt c ch to dng kho l an ton
s dng cho cc h mt m theo dng, nu vi mi mm kho r
v mi > 0 bt k, khng th c thut ton -on bit tip theo lm
vic trong thi gian a thc.
Di y, ta s da vo cc hm s hc mt pha xy dng
mt s c ch to cc dy s gi ngu nhin c h c th dng lm
c ch to dng kho cho cc h mt m theo dng m ta ang
xt.
To bit gi ngu nhin RSA.
C ch to dy bit gi ngu nhin RSA c m t nh sau :
Chn s nguyn n =p.q l tch ca hai s nguyn t p v q c biu
din nh phn vi di c m/2 bit (nh vy n c biu din nh
phn c m bit), v mt s b sao cho gcd(b, (n)) = 1. Ly R =
n
Z

, v
vi mi r R xc nh dy s s
0
, s
1
, s
2
,.... nh sau:

0
1
,
mod ,
b
i i
s r
s s n
+
=

v sau nh ngha z
i
= (r ,i ) = s
i
mod2, tc z
i
l bit thp nht
trong biu din nh phn ca s s
i
. Dy K = z
1
z
2
....z
i
.... l dng bit
ng b c to ra bi mm r.
Th d : Ly n = 91261 = 263.347, b =1547, r =75634. C th tnh cc
s s
1
,...,s
20
ln lt l:
31483, 31238, 51968, 39796, 28716, 14089, 5923, 44891,
62284, 11889, 43467, 71215, 10401, 77444, 56794, 78147,
72137, 89592, 29022, 13356.
V 20 bit u tin ca dng bit gi ngu nhin c sinh ra l:
77
z
1
...z
20
= 10000111011110011000.

To bit gi ngu nhin BBS (Blum-Blum-Shub) :
C ch to bit gi ngu nhin BBS c m t nh sau : Chn
n =p.q l tch ca hai s nguyn t dng 4m +3, tc p 3(mod4) v
q 3 (mod4). Gi QR(n ) l tp cc thng d bc hai theo modn. Ly
R =QR(n ) , v vi mi r R xc nh dy s s
0
, s
1
, s
2
,.... nh sau:

0
2
1
,
mod ,
i i
s r
s s n
+
=

v sau nh ngha z
i
= (r ,i ) = s
i
mod2, tc z
i
l bit thp nht
trong biu din nh phn ca s s
i
. Dy K = z
1
z
2
....z
i
.... l dng bit
ng b c to ra bi mm r.
Th d : Ly n = 192649 = 383.503, r = 20749 (= 101355
2
modn). C
th tnh 20 s u ca dy s
1
,...,s
20
,... ln lt l:
143135, 177671, 97048, 89992, 174051, 80649, 45663,
69442, 186894, 177046, 137922, 123175, 8630, 114386,
14863, 133015, 106065, 45870, 137171, 18460.
V 20 bit u ca dng bit gi ngu nhin c sinh ra l:
z
1
...z
20
= 11001110000100111010.
To bit gi ngu nhin da vo bi ton logarit ri rc :
Chn p l mt s nguyn t ln, v l mt phn t nguyn
thu theo modp. Tp cc mm kho l R =
p
Z

. Vi mi mm kho
r R ta xc nh dy s s
0
,...,s
i
.... bi :

0
1
,
mod .
i
s
i
s r
s p
+
=
=
78
79
s
Sau nh ngha z
i
= (r ,i )(i =1,2,....) nh sau: z
i
= 1 nu s
i
> p/2,
v z
i
= 0 nu
i
< p/2. V K =z
1
....z
i
...... l dng kho, tc dng bit gi
ngu nhin, c to ra.
Trn y l mt vi c ch to dng kho, v cc dng
kho c to ra l nhng dng bit gi ngu nhin tt , ta c
da vo mt s bi ton s hc kh theo ngha l cha tm c
nhng thut ton lm vic trong thi gian a thc gii chng,
nh cc bi ton RSA, bi ton thng d bc hai v bi ton lgarit
ri rc. Cc c ch to dng kho c xem l an ton nu ta
chng minh c rng khng th c cc thut ton -on bit tip
theo i vi chng; hay mt cch khc, nu c thut ton -on bit
tip theo i vi chng th cng s c thut ton (tt nh hoc xc
sut) gii cc bi ton s hc tng ng. Tic thay, n nay ta cha
chng minh c mt kt qu no theo hng mong mun ; tuy
nhin cng c mt vi kt qu yu hn, th d, i vi b to bit
gi ngu nhin BBS ngi ta chng minh c rng : nu vi mi
> 0 c thut ton - on bit c trc (i vi v r ) th vi mi
> 0 cng c th xy dng mt thut ton xc sut gii bi ton thng
d bc hai vi xc sut tr li sai l < (nh ngha ca thut ton
- on bit c trc tng t nh vi thut ton - on bit tip
theo, ch khc l thay cng thc (4) bi cng thc sau y

1
1 1
1 1 1 1 1 0
...
1
( ... ). ( ( , ... ) ) .
2 i
i
i i
z z Z
p z z p B i z z z

= +

trong z
0
= s
0
mod2 l bit c trc dy z
1
...z
i-1
).
Trong thc tin, cc h m dng vi dng kho l dy bit
ngu nhin c s dng t lu v cn c s dng cho n
ngy nay, vi dng bit ngu nhin c to ra mt cch c hc nh
vic tung ng xu lin tip v ghi lin tip cc kt qu sp, nga
ca cc ln tung. Cc h m dng vi dng kho ngu nhin v vi
s mt m nn cho bi cc h thc (2) c th c xem l b mt
hon ton theo ngha Shannon, do rt c a chung trong
ng dng thc t, chng thng c gi l cc h m mt ln
(one-time pad), c m t v s dng u tin bi Gilbert Vernam
nm 1917. Tuy nhin, vic to cc dng bit ngu nhin mt cch th
cng l khng hiu qu, vic gi b mt cc dng kho nh vy li
80
cng kh hn, nn khng th s dng mt cch ph bin c, do
ngy nay cc h m nh vy ch cn c s dng trong nhng
trng hp tht c bit.

3.4. H mt m chun DES.
3.4.1. Gii thiu h m chun.
Bc sang k nguyn my tnh, vic s dng my tnh nhanh
chng c ph cp trong mi hot ng ca con ngi, v tt
nhin vic dng my tnh trong truyn tin bo mt c ht sc
ch . Cc h mt m vi cc thut ton lp mt m v gii m thc
hin bng my tnh c pht trin nhanh chng, ng thi cc lnh
vc truyn tin cn s dng mt m cng c m rng sang nhiu
a ht kinh t x hi ngoi cc a ht truyn thng. Vo u thp
nin 1970, trc tnh hnh pht trin ny sinh nhu cu phi
chun ho cc gii php mt m c s dng trong x hi, mt
mt, hng dn cc thnh vin trong x hi thc hin quyn truyn
tin bo mt hp php ca mnh, mt khc, bo m s qun l v
gim st ca nh nc i vi cc hot ng bo mt . Do , ti
Hoa k, ngy 15/5/1973, Vn phng quc gia v Chun (NBS -
National Bureau of Standards) cng b mt yu cu cng khai xy
dng v xut mt thut ton mt m chun, p ng cc i hi
ch yu l:
- Thut ton phi c nh ngha y v d hiu;
- Thut ton phi c an ton cao, an ton phi khng
phu thuc vo s gi b mt ca bn thn thut ton, m ch nm
s gi b mt ca kho;
- Thut ton phi c sn sng cung cp cho mi ngi dng;
- Thut ton phi thch nghi c vi vic dng cho cc ng
dng khc nhau;
- Thut ton phi ci t c mt cch tit kim trong cc
thit b in t;
- Thut ton phi s dng c c hiu qu;
- Thut ton phi c kh nng c hp thc ho;
- Thut ton phi xut khu c.
Vo thi im NBS a ra yu cu ni trn, cha c mt c
quan no xut c mt gii php p ng tt c cc i hi .
Mt nm sau, ngy 27/4/1974, yu cu li c nhc li; v ln
ny hng IBM chp nhn d tuyn vi sn phm s c trnh l
mt thut ton ci tin t mt thut ton c pht trin trc
l LUCIFER. Kt qu l, sn phm DES (Data Encryption Standard)
c cng b, ln u tin vo ngy 17/3/1975. Sau nhiu tranh
lun, cui cng DES c chp nhn nh mt chun lin bang vo
ngy 23/11/1976, v c cng b ngy 15/1/1977; n nm 1980
li cng b thm cc cch dng DES, cho php ngi dng c th
s dng DES theo nhiu cch khc nhau. T , DES c ci t
sn vo cc thit b cng thnh cc my m, hoc c ci t nh
mt phn mm trong cc thit b tnh ton a dng, v c s
dng rng ri trong cc lnh vc qun l hnh chnh, kinh t, thng
mi, ngn hng, v.v... khng nhng Hoa k m cn nhiu quc
gia khc. Theo qui nh ca NBS, vn phng quc gia v chun ca
Hoa k, c khong 5 nm DES li phi c xem xt li mt ln
c ci tin v b sung. Sau khi cc h mt m c kho cng khai
c pht trin v s dng rng ri, cng c nhiu kin ngh
thay i chun mi cho cc h mt m, nhng trn thc t, DES vn
cn c s dng nh mt chun cho n ngy nay trong nhiu
lnh vc hot ng.
3.4.2. M t h mt m chun DES.
S khi qut. Di y ta s trnh by s ca thut
ton lp mt m DES. H mt m DES l mt h mt m theo khi,
mi khi bn r l mt t 64 bit, tc l mt phn t thuc
64
2
Z , v cc
khi bn m cng l cc t 64 bit, nh vy P = C =
64
2
Z . DES c tp
kho K =
56
2
Z , tc mi kho l mt t 56 bit. Vi mi kho K v bn
r x, qu trnh lp mt m din ra nh sau: Thot u, dng mt
php hon v ban u IP, t x 64 bit s bin thnh mt t mi IP (x ),
t ny c chia thnh hai na L
0
v R
0
, mi na l mt t 32 bit.
T y, s dng 15 ln nhng php ton ging nhau lin tip
c cc cp (L
1
,R
1
),...., (L
15
,R
15
), sau dng php hon v nghch
81
82
o IP
-1
cho t o ngc R
15
L
15
ta s c bn m y tng ng. S
khi qut ca php lp mt m c cho bi hnh v sau y:














K
1





K
2








K
16

L
0
R
0
f
L
1
R
1
f
L
15
R
15
f
R
16
L
16
+
+
IP
-1





Thut ton
G to
cc kho
K
1
,....., K
16
t
kho K
I
+
P
Bn r x Kho K














Bn m y


S khi qut ca thut ton lp mt m DES

hon chnh s thut ton lp mt m, ta cn phi trnh by
cc thut ton IP ( v do , c IP
-1
), thut ton f , v thut ton G
to ra cc kho K
1
,...,K
16
.
IP l mt php hon v v tr ca cc k t trong mi t 64 bit,
t v tr th 1 n v tr th 64. Bng di y cho ta php hon v
IP, vi cch hiu l bit th nht ca IP (x ) l bit th 58 ca t x (c
82
64 bit), bit th hai ca IP (x) l bit th 50 ca x, v.v... Bng ca php
hon v IP
-1
cng c hiu tng t.
IP
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

IP
-1

40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25

S hm f : Hm f ly u vo l hai t : R c 32 bit v K c 48 bit,
v c kt qu u ra l t f (R,K ) c 32 bit, c xc nh bi s
sau y:

R (32 bit)
E (R) 48 bit
E
+
K (48 bit)









Mi B
i
l mt t 6 bit
B
1
B
2
B
3
B
4
B
5
B
6
B
7
B
8





Mi C
i
l mt t
4 bit


S
1
S
2
S
3
S
4
S
5
S
6
S
8
S
8
C
1
C
2
C
3
C
4
C
5
C
6
C
7
C
8
P
83
f (R,K ) 32 bit
Trong s trn ca hm f , E l mt php hon v m rng
theo ngha l n bin mi t R 32 bit thnh t E (R ) bng cch hon
v 32 bit ca R nhng c mt s cp bit c lp li E (R ) thnh
mt t c 48 bit, c th php hon v m rng c cho bi
bng sau y :

Php hon v m rng E
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1









Theo nh ngha , mi t R = a
1
a
2
a
3
......a
32
s bin thnh t
E (R ) = a
32
a
1
a
2
a
3
a
4
a
5
a
4
a
5
a
6
a
7
a
8
a
9
a
8
a
9
.......a
32
a
1
.
Sau khi thc hin E, E (R ) s c cng (tng bit theo mod2) vi K ,
c mt t 48 bit, chia thnh 8 on B
1
, ..., B
8
. Mi hp S
i
(i =
1,...,8) l mt php thay th, bin mi t B
j
6 bit thnh mt t C
j
4
bit; cc hp S
i
c cho bi cc bng di y vi cch hiu nh
sau: mi t B
j
= b
1
b
2
b
3
b
4
b
5
b
6
ng vi mt v tr (r,s) hng th r v
ct th s trong bng, cc hng c nh s t th 0 n th 3 ng
vi biu din nh phn b
1
b
6
v cc ct c nh s t th 0 n
th 15 ng vi biu din nh phn b
2
b
3
b
4
b
5
. Gi tr ca S
i
(B
j
)= C
j
=
c
1
c
2
c
3
c
4
l mt t 4 bit, biu din nh phn ca s ti hng r ct s
trong bng. Th d ta c S
1
(101110) = 0101, S
2
(011000) = 1110, v.v...

S
1
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

S
2
15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10
3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9

S
3
10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1
13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12
84


S
4
7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14

S
5
2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9
14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6
4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14
11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3

S
6
12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11
10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8
9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6
4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13

S
7
4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12

S
8
13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7
1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2
7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11

Php hon v P trong s ca hm f c cho bi bng trang
sau y. Nh vy, hm f c xc nh hon ton. Ch rng
cc hp S
1
,..., S
8
l phn quan trng nht trong vic bo m tnh b
mt ca h m DES.

P
16 7 20 21
29 12 28 17
1 15 23 26
5 18 31 10
2 8 24 14
32 27 3 9
19 13 30 6
22 11 4 25









85

S thut ton G to cc t kho K
1
,...,K
16
:



S thut ton G

Kho K
PC-1
C
0
D
0






LS1 LS1












............................................ ............... ..............
K
1 PC2
C
1
D
1
K
2 PC2
C
2
D
2
K
16 PC2
LS16
C
16
D
16
LS2
LS16
LS2









Thut ton G to ra cc t kho K
1
,...,K
16
t kho mt m K c
thc hin theo s thut ton m t trn. Kho mt m K l mt
t 56 bit, ta chia thnh 8 on, mi on 7 bit, ta thm cho mi on
7 bit mt bit th tnh chn l vo v tr cui c mt t 64
bit, ta vn k hiu l K , t mi K ny l t xut pht cho qu trnh
tnh ton ca thut ton G (nh s thy v sau, cc bit th tnh chn
l m ta thm vo ch c dng pht hin sai trong tng on
bit ca kho ch thc t khng tham gia vo chnh qu trnh tnh
ton ca G ).
86
Trc tin, thut ton PC-1 bin K thnh mt t 56 bit m ta
chia thnh hai na C
0
D
0
, mi na c 28 bit. Php hon v PC-1 c
xc nh bi bng sau y (ch l trong bng khng c cc s
8,16,24,32,40,48,56,64 l v tr ca nhng bit c thm vo khi hnh
thnh t mi K ). Nh rng theo qui c ca php hon v, bit th
nht ca PC-1(x ) l bit th 57 ca x , bit th hai ca
PC-1(x ) l bit th 49 ca x , v.v...

PC-1
57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 60 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4

Vi mi i = 1,2,...16, LS
i
l php chuyn dch vng sang tri, chuyn
dch mt v tr nu i = 1,2,9,16, v chuyn dch hai v tr vi nhng
gi tr i cn li.
Cui cng, php hon v PC-2 bin mi t 56 bit C
i
D
i
(i =1,2,...16)
thnh t 48 bit K
i
theo bng di y:

PC-2
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32

Nh vy, ta m t y qu trnh tnh ton ca thut ton G
t khoa m ban u K thu c cc t kho K
1
,..., K
16
cung cp
cho thut ton f, v t cho ton b thut ton lp mt m DES.
Ta ch rng mi K
i
c 48 bit u do hon v 56 bit (c b bt 8 bit)
ca K m thnh, do c th cho trc tip bng cch cho cc bng
m t cc php hon v . Bn c c th tm c 16 bng ng vi
16 K
i
trong sch ca D.R. Stinson (c trong phn Sch tham
kho).

Vi vic trnh by s khi qut cng vi cc bng, cc s
ca cc thut ton ph, ta hon thnh vic gii thiu thut
87
ton lp mt m E ca h mt m DES , cho ta y = E (K,x ) vi
mi kho K v bn r x.
Thut ton gii m D, cho ta x =D (K ,y ), c thc hin
bng cng mt qu trnh tnh ton nh qu trnh lp m, ch khc l
th t dng cc K
i
c o ngc li theo th t K
16
,K
15
,...,K
1
.
C th thc hin th cc thut ton lp m v gii m k trn
vi th d sau y: Cho K v x l
K = 12695BC9B7B7F8
x = 0123456789ABCDEF,
y cc s c vit theo c s 16 (hexadecimal), mi k t thay
cho 4 bit. Bn m y tng ng s l
y = 85E813540F0AB405.

3.4.3. Cc cch dng DES.

Nm 1981, NBS cng b cc chun x l thng tin lin bang
c lin quan n DES, trong hp thc ho bn cch dng DES
trong thc t l cc cch: ECB (electronic codebook mode), CFB
(cipher feedback mode), CBC ( cipher block chaining mode) v OFB
(output feedback mode).
ECB l cch s dng thng thng v n gin ca DES. Vi
cch s dng , ta chia bn r (l mt dy bit) thnh tng khi 64
bit x = x
1
x
2
....x
n
, v dng cng mt kho K m cc khi ri
ghp li c bn m y = y
1
y
2
... y
n
, trong y
i
= e
K
(x
i
).
Vi cch dng CFB, c khi m y
i
ta dng DES cho
khng phi x
i
m l cho x
i
y
i -1
,tc l c y
i
= e
K
(x
i
y
i -1
) vi mi
i > 1.
Trong hai cch CBC v OFB, ta dng DES to ra mt dng
t kho z
1
...z
i
....., ri sau lp m y
i
= x
i
z
i
(i 1). Dng kho
z
1
...z
i
..... trong cch CBC c xc nh bi
z
0
= K* (l mt t 64 bit c chn t kho K),
z
i
= e
K
(z
i -1
);
cn trong cch OFB c xc nh bi
y
0
= K*
z
i
= e
K
(y
i -1
)
y
i
= x
i
z
i
(i 1).
Trong thc t, cc cch ECB v CBC c nhiu ngn hng dng
lm chun mt m ca mnh, cn cc cch CFB v B thng c
dng c vi cc mc ch xc nhn.

3.4.4. V tnh an ton v vic thm m i vi DES.

88
1.V tnh an ton bo mt ca DES. Sau khi DES c cng
b nh mt chun chnh thc cho truyn tin bo mt ca quc gia,
nhiu vn v tnh an ton v kh nng bo mt ca DES c
t ra v nhiu bin php thm m cng c nghin cu, trong
sut hn hai mi nm qua v cho n nay.
Ta ch rng trong cu trc ca thut ton DES, mi vng
lp u c cc php chuyn dch v thay th xen k lin tip nhau,
c tc dng tng thm bo mt ca mt m. Thut ton DES ni
chung p ng cc yu cu m NBS ra t u cho mt chun
mt m, v do yu t bo mt ch yu tp trung vo vic gi b
mt ca kho, hay ni cch khc, thm m ch yu phi l pht hin
kho c s dng. Trong cc khu ca s DES th cc yu t
phi tuyn duy nht nm cc hp S
1
,..., S
8
. Ngi ta khng bit
ngi thit k cc hp ch chng theo nhng tiu chun no,
v Cc an ninh quc gia NSA c ci vo nhng ca sp no
khng; nhng sau nhiu c gng thm m khng thnh cng, ngi
ta cng b mt s cc tiu chun chon cc hp S
1
,..., S
8
nh sau:
1. Mi hng ca mt hp S
i
phi l mt hon v ca 0,1,...,15;
2. Khng mt hp S
i
no l mt hm tuyn tnh hay apphin
i vi cc u vo ca n;
3. Vi mi hp S
i
, vic thay i mt bit u vo gy ra s
thay i t nht hai bit u ra ca n;
4. Nu hai t vo ca mt hp S
i
ging nhau hai bit u
v hai bit cui, th hai t ra phi khc nhau hai bit;
5. Nu hai t vo ca mt hp S
i
khc nhau hai bit u v
ging nhau hai bit cui, th hai t ra phi khc nhau;
6. Vi mi hp S
i
, nu ta c nh gi tr mt bit vo v xt
gi tr ca bit ra mt v tr no , th s cc t vo to ra gi tr 0
v s cc t vo to ra gi tr 1 cngv tr phi xp x bng
nhau.
Ni chung, bo mt ca DES c th thch qua hn
hai mi nm s dng v c chng t l tin cy. Cc phng
php thm m, tuy c tm kim kh nhiu, nhng gn nh
khng trnh c phc tp ca cch tm thng l duyt ton
b, m theo cch ny th d l thm m theo kiu bit c bn r ta
cng phi duyt qua 2
56
kho c th c, iu i hi mt lng
tnh ton khng l kh m khc phc ni !

V vic thm m i vi DES.
H m chun DES c th xem l h m u tin c dng
ph bin mt cch rng ri khng ch trong mt quc gia m c trn
phm vi ton th gii, ton b cu trc thut ton c cng b
cng khai, c php lp m v gii m, thm ch cc sn phm phn
cng cng nh phn mm ca n c thng mi ho; do b
mt ca thng tin c truyn i ch cn nm cha kho c
89
chon, l mt t 56 bit. Vic thm m i vi DES d hp dn
nhiu nh ton hc v chuyn gia mt m nghin cu, xut
nhiu phng php khc nhau. Ngoi phng php duyt ton
b nh ni trn, ngi ta xut mt s phng php khc,
nh:
- phng php phn tch chnh lch (differential analysis)
do Biham v Shamir xut nm 1990,
- phng php phn tch lin quan n kho, do Biham
xut vo khang 1992-1994,
- phng php phn tch tuyn tnh, do Matsui a ra nm
1993-1994,
- phng php phn tch chnh lch-tuyn tnh, do Langfort
v Hellman a ra nm 1994,
- v.v...
Cc phng php ny u cha ng nhiu tng su sc
v tinh t, nhng vn i hi nhng khi lng tnh ton rt ln,
nn trong thc t vn ch dng li nhng minh ho tng i n
gin ch cha c s dng thc s.







90



CHNG IV

Cc h mt m kho cng khai


4.1. Gii thiu m u.

4.1.1. S ra i ca mt m kho cng khai.
Trong chng I ta gii thiu qua nh ngha ca cc khi
nim h mt m kho i xng v h mt m kho cng khai. S ra
i ca khi nim h mt m kho cng khai l mt tin b c tnh
cht bc ngot trong lch s mt m ni chung, gn lin vi s
pht trin ca khoa hc tnh ton hin i. Ngi ta c th xem thi
im khi u ca bc ngot l s xut hin tng ca W.
Diffie v M.E. Hellman c trnh by vo thng su nm 1976 ti
Hi ngh quc gia hng nm ca AFIPS (Hoa k) trong bi
Multiuser cryptographic techniques. Trong bi , cng vi
tng chung, hai tc gi cng a ra nhng th d c th
thc hin tng , v mc d cc th d cha c ngha thuyt
phc ngay i vi tc gi, th tng v cc h mt m kho cng
khai cng rt r rng v c sc hp dn i vi nhiu ngi. V
ngay sau , cng vic tm kim nhng th hin c th c kh nng
ng dng trong thc t bt u thu ht s quan tm ca nhiu
chuyn gia. Mt nm sau, nm 1977, R.L. Rivest, A. Shamir v L.M.
Adleman xut mt h c th v mt m kho cng khai m
an ton ca h da vo bi ton kh phn tch s nguyn thnh
tha s nguyn t, h ny v sau tr thnh mt h ni ting v
mang tn l h RSA, c s dng rng ri trong thc tin bo mt
v an ton thng tin. Cng vo thi gian , M.O. Rabin cng
xut mt h mt m kho cng khai da vo cng bi ton s hc
kh ni trn. Lin tip sau , nhiu h mt m kha cng khai
c xut, m kh ni ting v c quan tm nhiu l cc h:
h McEliece c a ra nm 1978 da trn NP-kh ca bi
ton gii m i vi cc h m cyclic tuyn tnh, h Merkle-
Hellman da trn tnh NP- y ca bi ton xp ba l(knapsack
problem), h mt m ni ting ElGamal da trn kh ca bi
ton lgarit ri rc, h ny v sau c m rng pht trin nhiu
92
h tng t da trn kh ca cc bi ton tng t lgarit ri rc
trn cc cu trc nhm cyclic hu hn, nhm cc im nguyn trn
ng cong eliptic, v.v... tng bo mt, h mt m ElGamal
cn dng vi t cch u vo cho thut ton lp mt m ca mnh,
ngoi kho cng khai v bn r, mt yu t ngu nhin c chn
tu , iu lm cho h mt m tr thnh mt h mt m xc sut
kho cng khai. Mt s h mt m xc sut kho cng khai cng
c pht trin sau bi Goldwasser-Micali v Blum-
Goldwasser. Tt c cc h mt m kho cng khai k trn s c
trnh by trong chng ny cng vi mt s tnh cht lin quan ca
chng.

4.1.2. Mt s bi ton c bn.
Sau y ta s nhc li mt s bi ton s hc c s dng
n khi xy dng cc h mt m kho cng khai nh ni trn.
Cc bi ton ny phn ln c trnh by trong chng II, mt
s c pht trin thm cho cc ng dng trc tip khi xy dng
cc h m c th, ta lit k di y mt ln thun tin cho cc
ch dn v sau.

Bi ton phn tch s nguyn (thnh tha s nguyn t):
Cho s nguyn dng n , tm tt c cc c s nguyn t ca
n, hay l tm dng phn tch chnh tc ca n =
1 2
1 2
. ...
k
k
p p p

, trong
p
i
l cc s nguyn t tng cp khc nhau v cc
i
1.
Bi ton ny c lin h mt thit vi cc bi ton th tnh
nguyn t hay th tnh hp s ca mt s nguyn, nhng vi
nhng g m ta bit n nay, n dng nh kh hn nhiu so vi
hai bi ton th tnh nguyn t v tnh hp s.
Trong l thuyt mt m, bi ton ny thng c s dng
vi cc d liu n l s nguyn Blum, tc cc s nguyn dng c
dng tch ca hai s nguyn t ln no .

Bi ton RSA (Rivest-Shamir-Adleman) :
Cho s nguyn dng n l tch ca hai s nguyn t l khc
nhau, mt s nguyn dng e sao cho gcd(e, (n)) =1, v mt s
nguyn c ; tm mt s nguyn m sao cho . (mod )
e
m c n
iu kin gcd(e, (n)) =1 bo m cho vic vi mi s
nguyn c {0,1,...,n -1} c ng mt s m {0,1,...,n -1} sao cho
. (mod )
e
m c n
D thy rng nu bit hai tha s nguyn t ca n, tc l bit
n =p.q th s bit (n) = (p -1)(q -1), v t , do gcd(e, (n)) =1 s
93
tm c d =e
-1
mod (n), v do s tm c m =c
d
modn. Nh
vy, bi ton RSA c th qui dn trong thi gian a thc v bi ton
phn tch s nguyn. Tuy rng cho n nay cha c mt chng
minh no cho vic qui dn ngc li nhng nhiu ngi vn tin
rng hai bi ton l tng ng vi nhau v phc tp tnh
ton.
Bi ton thng d bc hai :
Cho mt s nguyn l n l hp s, v mt s nguyn a J
n
,
tp tt c cc s a c k hiu Jacobi
a
n

=1. Hy quyt nh xem a c

l thng d bc hai theo modn hay khng?

Trong l thuyt mt m, bi ton ny cng thng c xt
vi trng hp n l s nguyn Blum, tc n l tch ca hai s nguyn
t p v q , n =p.q. Ta ch rng trong trng hp ny, nu a J
n
,
th a l thng d bc hai theo modn khi v ch khi
a
p

=1, iu kin
ny c th th c d dng v n tng ng vi iu kin a
(p -
1)/2
1 (modp). Nh vy, trong trng hp ny, bi ton thng d
bc hai c th qui dn trong thi gian a thc v bi ton phn tch
s nguyn. Mt khc, nu khng bit cch phn tch n thnh tha
s nguyn t th cho n nay, khng c cch no gii c bi ton
thng d bc hai trong thi gian a thc. iu cng c thm
nim tin rng bi ton thng d bc hai v bi ton phn tch s
nguyn l c kh tng ng nhau.
Bi ton tm cn bc hai modn :
Cho mt s nguyn l n l hp s Blum, v mt s a Q
n
,
tc a l mt thng d bc hai theo modn . Hy tm mt cn bc hai
ca a theo modn, tc tm x sao cho x
2
a (modn).
Nu bit phn tch n thnh tha s nguyn t, n =p.q , th
bng cch gii cc phng trnh x
2
a theo cc modp v modq, ri
sau kt hp cc nghim ca chng li theo nh l s d Trung
quc ta s c nghim theo modn , tc l cn bc hai ca a theo
modn cn tm. V mi phng trnh x
2
a theo modp v modq c
hai nghim (tng ng theo modp v modq ), nn kt hp li ta
c bn nghim, tc bn cn bc hai ca a theo modn. Ngi ta
tm c mt s thut ton tng i n gin (trong thi gian
a thc) gii phng trnh x
2
a (modp) vi p l s nguyn t.
94
Nh vy, bi ton tm cn bc hai modn c th qui dn trong thi
gian a thc v bi ton phn tch s nguyn. Ngc li, nu c
thut ton gii bi ton tm cn bc hai modn th cng c th xy
dng mt thut ton gii bi ton phn tch s nguyn nh sau:
Chn ngu nhin mt s x vi gcd(x,n) =1, v tnh a =x
2
modn.
Dng thut ton cho a tm mt cn bc hai modn ca a. Gi
cn bc hai tm c l y. Nu y x (modn), th php th coi
nh tht bi, v ta phi chn tip mt s x khc. cn nu y x
(modn), th gcd(x-y, n) chc chn l mt c s khng tm thng
ca n, c th l p hay l q. V n c 4 cn bc hai modn nn xc sut
ca thnh cng mi ln th l 1/2, v do s trung bnh (k
vng ton hc) cc php th thu c mt tha s p hayq ca n
l 2, t ta thu c mt thut ton gii bi ton phn tch s
nguyn (Blum) vi thi gian trung bnh a thc. Tm li, theo mt
ngha khng cht ch lm, ta c th xem hai bi ton phn tch s
nguyn v tm cn bc hai modn l kh tng ng nhau.
Bi ton lgarit ri rc :
Cho s nguyn t p, mt phn t nguyn thu theo modp
(hay l phn t nguyn thu ca
p
Z

), v mt phn t
p
Z

.Tm
s nguyn x (0 x p - 2) sao cho
x
(modp).
Trong mc 2.4.3 ta gii thiu qua bi ton ny, v bit
rng trong trng hp chung, cho n nay cha c mt thut ton
no gii bi ton ny trong thi gian a thc.
Bi ton ny cng c suy rng cho cc nhm cyclic hu
hn nh sau:
Bi ton lgarit ri rc suy rng :
Cho mt nhm cyclic hu hn G cp n, mt phn t sinh
(nguyn thu) ca G, v mt phn t G. Tm s nguyn x (0
x n - 1) sao cho
x
=.
Cc nhm c quan tm nhiu nht trong l thuyt mt m
l: nhm nhn ca trng hu hn GF (p) - ng cu vi nhm
p
Z

ca trng Z
p
,nhm nhn
2
m

F ca trng hu hn GF (2
m
), nhm
nhn { } :0 1,gcd( , ) 1
n
Z a a n a n

= = ca trng Z
n
vi n l hp s,
nhm gm cc im trn mt ng cong elliptic xc nh trn mt
trng hu hn, v.v...

Bi ton Diffie-Hellman :
Cho s nguyn t p, mt phn t nguyn thu theo modp
(tc phn t sinh ca
p
Z

), v cc phn t mod
a
p v mod
b
p .
95
Hy tm gi tr mod
ab
p .
C th chng minh c rng bi ton Diffie-Hellman qui
dn c v bi ton lgarit ri rc trong thi gian a thc. Thc
vy, gi s c thut ton gii bi ton lgarit ri rc. Khi , cho
mt b d liu vo ca bi ton Diffie-Hellman gm p, , mod
a
p
v mod
b
p ; trc ht dng thut ton cho (p, , mod
a
p ) ta
tm c , v sau tnh c a mod ( ) mod .
ab b a
p p = Ngi ta
cng chng minh c hai bi ton lgarit ri rc v Diffie-
Hellman l tng ng v mt tnh ton trong mt s trng hp,
v d p -1 l B-mn vi B = O ((lnp)
c
),c l hng s.
Tng t nh vi bi ton lgarit ri rc, ta cng c th nh
ngha cc bi ton Diffie-Hellman suy rng cho cc nhm cyclic
hu hn khc.

Bi ton tng tp con (hay bi ton KNAPSACK) :
{ }
1 2
, ,...,
n
a a a Cho mt tp cc s nguyn dng v mt s
nguyn dng s. Hy xc nh xem c hay khng mt tp con cc a
j

m tng ca chng bng s. Mt cch tng ng, hy xc nh
xem c hay khng cc x
i
{0,1} (1 i n) sao cho
1
.
n
i i
i
a x s
=
=

Bi ton ny l mt bi ton NP- y , tc l thuc lp
nhng bi ton kh m cho n nay cha tm c thut ton gii
chng trong thi gian a thc !

Bi ton gii m i vi m tuyn tnh :
M tuyn tnh l mt lp m truyn tin c tnh cht t sa
sai c s dng trong k thut truyn tin s ho. Khng i vo
chi tit ca lp m ny, ta c th pht biu trc tip bi ton gii m
i vi m tuyn tnh nh sau:
Cho mt ma trn cp n xm A=(a
ij
) gm cc thnh phn l 0
hoc 1, mt vect y =(y
1
,y
2
,...,y
m
) cc gi tr 0 v 1, v mt s nguyn
dng K. Hi: c hay khng mt vect x =(x
1
,x
2
,...,x
n
) gm cc s 0
hoc 1 v c khng nhiu hn K s 1 sao cho vi mi j (1 j m):
?
1
. (mod
n
i ij j
i
x a y
=

2)
Ch rng y, x l vect thng tin, v y l vect m, php gii
m l tm li x khi nhn c y, bi ton ny tic thay li l mt bi
ton kh; Berlekamp, McEliece v Tilborg nm 1978 chng minh
n thuc lp cc bi ton NP- y !

96

4.2. H mt m kho cng khai RSA.
4.2.1. M t h mt m RSA.
S chung ca h mt m kho cng khai c cho bi
S = (P , C , K , E , D ) (1)
trong P l tp k t bn r, C l tp k t bn m, K l tp cc
kho K , mi kho K gm c hai phn K =(K,K''), K' l kho cng
khai dnh cho vic lp mt m, cn K'' l kho b mt dnh cho vic
gii m. Vi mi k t bn r xP , thut ton lp m E cho ta k
t m tng ng y =E (K', x) C , v vi k t m y thut ton gii
m D s cho ta li k t bn r x : D (K'', y) = D (K'', E (K', x)) =x.

xy dng mt h mt m kho cng khai RSA, ta chn
trc mt s nguyn n =p.q l tch ca hai s nguyn t ln, chn
mt s e sao cho gcd(e, (n)) =1, v tnh s d sao cho
e.d 1(mod (n)).
Mi cp K =(K,K''), vi K' =(n,e) v K'' =d s l mt cp kho ca
mt h mt m RSA c th cho mt ngi tham gia.

Nh vy, s chung ca h mt m RSA c nh ngha
bi danh sch (1), trong :
P = C = Z
n
, trong n l mt s nguyn Blum, tc l tch
ca hai s nguyn t;
K = {K =(K,K''): K' =(n,e) v K'' =d, gcd(e, (n)) =1,
e.d 1(mod (n))};
E v D c xc nh bi:
E (K', x) = x
e
modn, vi mi x P ,
D (K'', y) = y
d
modn, vi mi y C .

chng t nh ngha trn l hp thc, ta phi chng minh rng
vi mi cp kho K =(K' ,K'' ), v mi x P , ta u c
D (K'', E (K', x)) =x .
Thc vy, do e.d 1(mod (n)) ta c th vit e.d = t . (n) +1. Nu x
nguyn t vi n , th dng nh l Euler (xem 2.1.3) ta c
D (K'', E (K', x)) =
( ) 1 ( )
. (mod ) .
ed t n t n
x x x x n
+
x =
Nu x khng nguyn t vi n , th do n =p.q , hoc x chia ht cho p
v nguyn t vi q, hoc x chia ht cho q v nguyn t vi p, v
(n) =(p -1).(q -1),trong c hai trng hp ta u c

( ) 1
( ) 1
(mod ),
(mod );
t n
t n
x x p
x x q

+
+

97
t suy ra
( ) 1
(mod ),
t n
x x n
+
tc D (K'', E (K', x)) =x.
Th d: Gi s chn n =p.q = 2357.2551 = 6012707, ta s c (n) =
(p -1).(q -1)=2356.2550 = 6007800. Chn e = 3674911, v tnh c
d = 422191 sao cho e.d 1(mod (n)). Mt ngi dng A c th
chn kho cng khai l K' =(n =6012707, e = 3674911) v gi kho b
mt K'' =d =422191. Mt i tc B mun gi cho A mt thng bo
x =5234673, s dng kho cng khai to bn mt m y =x
e
=
5234673
3674911
mod6012707 = 3650502. A nhn c y, gii m s
c bn r x =3650502
422191
mod 6012707 =5234673.

4.2.2. Thc hin h mt m RSA.
thc hin h mt m RSA cho mt mng truyn tin bo
mt, ngoi vic xy dng cc chng trnh tnh ton hm E (vi
tham bin u vo l n ,e v x) v hm D (vi tham bin u vo l
n ,d v y), ta cn phi chn cho mi ngi tham gia mt b (n,e,d)
to cc kho cng khai K' v kho b mt K'' . H m ca mi
ngi tham gia ch c kh nng bo mt khi n =p.q l s nguyn rt
ln (v do p,q cng phi l nhng s nguyn t rt ln); rt ln
c ngha l p,q phi c biu din thp phn c hn 100 ch s, do
n c c hn 200 ch s thp phn, hay n 10
200
!
Tnh ton cc s e,d , hay thc hin cc hm E , D , u ch
yu l thc hin cc php tnh s hc trn cc s nguyn rt ln; v
vn ny trong my chc nm qua, khoa lp trnh my tnh
xut nhiu chng trnh my tnh lm vic rt c hiu qu, ta c th
tham kho s dng khi thc thi cc h mt m RSA cng nh
nhiu h mt m khc.

4.2.3. Tnh bo mt ca mt m RSA.
Bi ton thm m (khi ch bit bn m) i vi mt m RSA
l: bit kho cng khai K' =(n,e), bit bn m y =x
e
modn, tm x. Bi
ton ny chnh l bi ton RSA c trnh by trong mc 4.1.2.
Trong mc ta chng t rng nu bit hai tha s p,q ca n th
d tm c x t y, v ni chung c bng chng coi rng bi ton
RSA (hay bi ton thm m RSA) l c kh tng ng vi bi
ton phn tch s nguyn (Blum) thnh tha s nguyn t. Do ,
gi tuyt mt kho b mt d , hay gi tuyt mt cc tha s p,q , l
c ngha rt quyt nh n vic bo v tnh an ton ca h mt
m RSA.

Mt mng truyn tin bo mt s dng s cc h mt m
RSA c xem l an ton, nu tun th cc iu kin c bn: mi
98
ngi tham gia phi c lp la chn cc tham s n, e,d ca ring
mnh, chn n cng c ngha l chn cc tha s p,q ca n (n =p.q),
v do c p,q nn tnh c (n) = (p -1).(q -1), v t tm c
e,d tng i d dng; nhng cng chnh v vy m sau khi
chn th mi ngi tham gia phi gi tuyt i b mt cc gi tr
p,q,d , ch cng b kho cng khai (n,e) m thi.
Tuy nhin, l iu kin chung, cn trong thc t vn c
th cn nhiu s h m ngi thm m c th li dng tn cng
vo tnh bo mt ca cc h m RSA kh m lng trc ht c;
sau y l mt s trng hp n gin bit m ta cn ch :
1.Dng muyn n chung. Gi s c hai ngi tham gia A v
B cng s dng mt muyn chung n trong kho cng khai ca
mnh, chng hn A chn kho cng khai (n,e) v gi kho b mt d,
B chn kho cng khai (n,a) v gi kho b mt b. Mt ngi tham
gia th ba C gi mt vn bn cn bo mt x n c A v B th dng
cc kho cng khai ni trn gi n A bn mt m y =x
e
modn
v gi n B bn mt m z = mod
a
x n . Ta s chng t rng mt
ngi thm m O c th da vo nhng thng tin n,e,a,y,z trn
ng cng khai m pht hin ra bn r x nh sau:
a. Tnh c = e
-1
moda,
b. Sau tnh h = (ce -1)/a ,
c. V ta c x = y
c
(z
h
)
-1
modn.
Thc vy, theo nh ngha trn, ce -1 chia ht cho a, v tip theo ta
c: y
c
(z
h
)
-1
modn = x
ec
.
( 1)/ 1 1 1
( ) mod .( ) mod
a ce a ce ce
x n x x n x

= = . Nh
vy, trong trng hp ny vic truyn tin bo mt khng cn an
ton na. V vy, ta cn nh khi dng cc h RSA t chc mng
truyn tin bo mt, cn trnh dng muyn n chung cho cc ngi
tham gia khc nhau!
2. Dng s m lp m e b. cho vic tnh ton hm lp
m c hiu qu, ta d c xu hng chn s m e ca hm lp m
l mt s nguyn b, chng hn e =3. Tuy nhin, nu trong mt
mng truyn tin bo mt dng cc h mt m RSA, nu c nhiu
ngi cng chn s m lp m e b ging nhau th s c nguy c b
tn cng bi vic thm m nh sau : Gi s c ba ngi tham gia
chn ba kho cng khai l (n
1
, e), (n
2
, e), (n
3
, e) vi cng s m e =3.
Mt ngi tham gia A mun gi mt thng bo x cho c ba ngi
, v bo mt, gi bn m c
i
= x
3
modn
i
cho ngi th i. Ba
muyn n
i
l khc nhau, v c phn chc l tng cp nguyn t vi
nhau. Mt ngi thm m c th dng nh l s d Trung quc
tm mt s m (0 m n
1
n
2
n
3
) tho mn
99

1 1
2 2
3 3
mod
mod
mod
m c n
m c n
m c n

V x n
i
, nn x
3
n
1
n
2
n
3
, do t c m =x
3
. Vy l ta a c
bi ton tm cn bc ba theo ngha ng d modn
i
v bi ton tm
cn bc ba theo ngha s hc thng thng: tm cn bc ba ca m ta
c x, tc c bn r!
Vi nhng l do khc, ngi ta c nhng bng chng
chng t rng h RSA cng khng bo m an ton nu ta dng
cc kho c s m gii m d l s nguyn b, d rng khi thut
ton gii m c lm vic hiu qu hn. V th, khi s dng cc h
mt m RSA, bo m an ton ta nn chn cc s m e v d l
nhng s nguyn ln, c kch c ln gn nh bn thn s n.
3. Li dng tnh nhn ca hm lp m. Ta ch rng hm
lp m f (x) = x
e
modn c tnh nhn (multiplicative property), ngha
l f (x.y) = f (x).f (y). Da vo tnh cht , ta thy rng nu c l mt
m ca bn r x, th . mod
e
c c u n = s l mt m ca bn r xu. Do
, khi ly c bn mt m c , pht hin bn r x ngi thm
m c th chn ngu nhin mt s u ri to ra bn m c ,v nu
ngi thm m c kh nng thm m theo kiu c bn m c
chn (xem 1.5.1), tc c kh nng vi c c chn tm ra bn r
tng ng l x =xu ,th bn r gc cn pht hin s l x
=
1
. mod x u

n . Tt nhin, kh nng ngi thm m c nng lc gii

quyt bi ton thm m theo kiu c bn m c chn l rt him,
nhng du sao y cng l mt trng hp m vn bo mt d
b tn cng, ta khng th khng tnh n tm cch trnh!
4. Tn cng bng cch lp php m. Ta cng ch rng hm
lp m f (x) = x
e
modn l mt php hon v trn tp Z
n
={0,1,...,n -1},
do vi mi c Z
n
nu ta thc hin lp php lp m c

2
0 1 2
, mod , mod ,..., mod ,...
i
e e e
i
c c c c n c c n c c n = = = =
t s tm c s k 1 sao cho mod
k
e
k
c c n c = = . Nu c l bn m
ca mt bn r x no , c =x
e
modn, th ngi thm m c th xut
pht t c thc hin lp php lp m nh trn s tm c s k 1
b nht sao cho c
k
=c . V khi ta s c s hng trc c
k -1
=x, l
bn r cn pht hin. Thut ton v hnh thc l kh n gin,
nhng hiu qu thc hin khng ng hy vng lm, v s php lp
cn thc hin ni chung c th l rt ln, c bng s cc php hon
v trn Z
n
, tc l bng n !, vi s n c khong 200 ch s thp phn.
Trn thc t, phng theo thut ton ni trn ta c th d dng c
mt thut ton phn tch n thnh tha s nguyn t, m mt thut
100
ton nh vy lm vic c hiu qu thit thc, nh trnh by
trong mt phn trn, l cha c! V vy, nguy c b thm m bng
thut ton n gin ni trn i vi tnh an ton ca h mt m
RSA l khng ng ngi lm.
5. V kh nng che giu ca bn mt m. Mt m, s d n
gi c b mt, l do kh nng che giu thng tin ca n, tc l
bit bn m y kh lng tm c thng tin no pht hin ra bn
r x. Mt cch th thin, ta ni bn r x l khng che giu c qua
php lp mt m RSA e
K
(x) =x
e
modn, nu e
K
(x) =x. Ni cch
khc, x l khng che giu c nu bn m ca x cng chnh l x.
Tic rng vi bt k h mt m RSA no cng c nhng bn r
khng che giu c, l nhng bn r x = -1, 0, 1 modn (v s
m e lun lun l s l). Ngi ta chng minh c rng nu n
=p.q, th s cc bn r x Z
n
khng che giu c l bng
(1+gcd(e -1, p -1)).(1+gcd(e -1, q -1)).
V e -1, p -1, q -1 l cc s chn, nn s t nht l 9, nn mi h
RSA c t nht 9 bn r khng che giu c. Tuy nhin, thng n,
v do c p v q, u rt ln, nn t l cc bn r khng che giu
c ni chung l b khng ng k, v do kh nng gp cc
bn r khng che giu c khng to nn mt nguy c ng k
no i vi vic dng cc h mt m RSA.
4.3. H mt m kho cng khai Rabin.
4.3.1. M t h mt m Rabin.
S h mt m kho cng khai Rabin c cho bi
S = (P , C , K , E , D ),
trong : P =C = Z
n
, trong n l mt s nguyn Blum, n =p.q, vi
p v q l hai s nguyn t c tnh cht p 3(mod4), q 3(mod4),
K ={K =(K', K'') : K' =(n,B), K'' =(p,q), 0B n 1},
cc thut ton E v D c xc nh bi
E (K' ,x) = x (x +B) modn ,
D (K'',y) =
2
mod .
4 2
B B
y n +
(k hiu cn bc hai s c gii thch sau).
101
Trong mt mng truyn tin bo mt vi s mt m Rabin,
mi ngi tham gia chn cho mnh cc yu t n,B,p,q lp nn
kho cng khai v kho b mt ca mnh.
Ta ch rng vi mi b kho K, cc thut ton
K
e

= E (K' ,.)
v
K
d

= D (K'',.) khng lp thnh mt cp song nh, c th l
K
e


khng phi l mt n nh, v nu w l mt cn bc hai ca 1 theo
modn th
K
e

(w(x +
2
B
) -
2
B
) =
K
e

(x), m ta c n 4 cn bc hai ca
1 theo modn ,tc l ta c 4 gi tr khc nhau ca i s x cho cng
mt gi tr
K
e

(x).
By gi ni n thut ton gii m
K
d

= D (K'',.). t C =
B
2
/4 +y, ta c
K
d

(y) = / 2mod C B n , do c
K
d

(y), ta cn
tnh C modn, tc cn gii phng trnh z
2
C modn . Phng
trnh tng ng vi h thng gm hai phng trnh sau y:
(2)
2
2
mod ,
mod .
z C p
z C q

V p v q l cc s nguyn t nn ta c
1
2
1mod
p
C p

,
1
2
1mod
q
C q

.
Theo gi thit, p 3(mod4) v q 3(mod4), nn
1
4 4
p q 1 + +
va` l cc
s nguyn; v ta c

1 1
2 2
4 4
( ) (mod ), ( ) (mod ).
p q
C C p C C
+ +
q
Do ,phng trnh z
2
C modn , hay h phng trnh (2), c 4
nghim theo modn , tng ng vi 4 h phng trnh sau y :

( 1)/4 ( 1)/4
( 1)/4 ( 1)/4
(mod ) (mod )
(mod ) (mod )
p p
q q
z C p z C p
z C q z C q
+ +
+ +







( 1)/4 ( 1)/4
( 1)/4 ( 1)/4
(mod ) (mod )
(mod ) (mod )
p p
q q
z C p z C p
z C q z C q
+ +
+ +






C 4 nghim ca 4 h phng trnh theo modn u c vit
chung di mt k hiu l C modn, v v vy thut ton gii m
K
d

(y) thc t s cho ta 4 gi tr khc nhau theo modn m bn r l
mt trong 4 gi tr . Vic chn gi tr no trong 4 gi tr tm c
lm bn r l tu thuc vo nhng c trng khc ca bn r m
ngi gii m nhn bit (th d bn r di dng s phi c biu
din nh phn l m ca mt vn bn ting Anh thng thng).
102
Th d : Gi s n =77 = 7.11, B =9 ( y p =7, q =11). Ta c

K
e

(x) = x
2
+ 9x mod77,

K
d

(y) = 1 43mod77 y + ,
v 2
-1
=39mod77, 9.2
-1
=9.39 =43mod77, B
2
=4mod77, B
2
/4 =1mod 77.
Vi x =44 ta c
K
e

(x) = 44
2
+9.44 =2332 =22mod77, bn m tng
ng vi x l y = 22. By gi gii m vi bn m y =22, bng th tc
ni trn ta c th tm c 4 gi tr ca 1 1 22 y + = + = 23 theo
mod77 l 10,67,32,45, t 4 gi tr c th c ca
K
d

(y) l

K
d

(y) = 44, 24, 66, 2.
Bn r nm trong 4 gi tr , trong trng hp ny l 44.
4.3.2. Tnh an ton ca h mt m Rabin.
Trong nh ngha ca h mt m Rabin, kho cng khai l
(n,B), kho b mt l (p,q) tc l cp tha s nguyn t ca n . Nh
vy, tnh an ton ca h mt m nm vic gi b mt cc tha s p
v q. nh ngha ca php gii m cng cho ta thy rng yu t c
ngha quyt nh trong php gii m l vic tnh cn bc hai ca
mt s theo modn. Trong mc 4.1.2 bi ton tm cn bc hai theo
modn (vi n l hp s Blum) c chng t l c kh tng
ng vi bi ton ph n tch n thnh tha s nguyn t. V vy,
bi ton gii m i vi h mt m Rabin, cng l bi ton gi b
mt kho b mt (p,q), v bi ton phn tch s nguyn thnh tha
s nguyn t l c kh tng ng nhau. V cng l yu t
bo m tnh an ton ca h mt m Rabin !

4.4. H mt m kho cng khai ElGamal.
4.4.1. M t h mt m ElGamal.
H mt m ElGamal c T. ElGamal xut nm 1985, da
vo phc tp ca bi ton tnh lgarit ri rc, v sau
nhanh chng c s dng rng ri khng nhng trong vn bo
mt truyn tin m cn trong cc vn xc nhn v ch k in t.
S h mt m kho cng khai ElGamal c cho bi
S = (P , C , K , E , D ),
trong : P =
p
Z

, C =
p p
Z Z

, vi p l mt s nguyn t;
K ={K =(K', K'') : K' =(p, ,) , K'' =a ,
a
modp},
103
y l mt phn t nguyn thu theo modp, tc ca
p
Z

.
Cc thut ton lp m
K
e

= E (K' ,.) v gii m
K
d

= D (K'',.)
c xc nh nh sau: Vi mi xP =
p
Z

, lp mt m cho x
trc ht ta chn thm mt s ngu nhin k Z
p -1
ri tnh:

K
e

(x,k ) = (y
1
, y
2
), vi
1
2
mod ,
. mod
k
k
y p
y x p

.
Vi mi s ngu nhin k bt k, ta u xem
K
e

(x,k ) l mt m ca
x. V thut ton gii m c xc nh bi

K
d

(y
1
, y
2
) =
1
2 1
.( ) mod .
a
y y p

Cc php lp mt m v gii m c xc nh nh vy l
hp thc, v ta c vi mi xP =
p
Z

v mi k Z
p -1
:

K
d

(
K
e

(x,k )) =
. 1
. .( ) mod . . mod
k k a k k
. x p x p x

= =
Ta ch rng trong mt mng truyn thng bo mt vi
vic dng s mt m ElGamal, mi ngi tham gia t chn cho
mnh cc tham s p,, a, ri tnh , sau lp v cng b kho cng
khai K' =(p, ,), nhng phi gi tuyt mt kho b mt K'' =a. Bi
ton bit kho cng khai tm ra kho b mt chnh l bi ton tnh
lgarit ri rc c k n trong mc 4.1.2, mt bi ton kh cho
n nay cha c mt thut ton no lm vic trong thi gian a
thc gii c n.
Th d : Chn p = 2579, =2, a =765, ta tnh c = 2
765
= 949
mod2579. Ta c kho cng khai (2579, 2, 949) v kho b mt 765.
Gi s lp mt m cho x =1299, ta chn ngu nhin k =853, s c

K
e

(1299, 853) = (2
853
, 1299. 949
853
)mod2579
= (453, 2396).
V gii m ta c li

K
d

(453, 2396) = 2396. (453
765
)
-1
mod2579 = 1299.

4.4.2. Tnh an ton ca h mt m ElGamal.
Nh trnh by trn, nu ta xem tnh an ton ca h mt
m ElGamal l vic gi tuyt mt kho b mt K'', th ta c th yn
tm v bi ton pht hin kho b mt c kh tng ng vi
bi ton tnh lgarit ri rc, m bi ton ny th nh cc mc 4.1.2
v 2.4.3 chng t, cho n nay cha c mt thut ton no lm
vic trong thi gian a thc gii c n. C mt iu cnh bo l
nn ch chn muyn p l s nguyn t sao cho p -1 c t nht
mt c s nguyn t ln (xem 2.4.3). iu l thc hin c
104
nu s nguuyn t p c chn l s nguyn t Sophie Germain
(tc c dng 2q +1, vi q cng l s nguyn t ln).
Ngoi ra, cn c kh nng kho b mt K'' =a b l do cu th
trong vic s dng s ngu nhin k, c bit l khi l s k c
dng. Thc vy, nu l s k, th kho b mt a c tnh ra ngay
theo cng thc sau y:

1
2 1
( ) mod( 1). a x ky y p

=
Nh vy,mt ngi thm m c kh nng tn cng theo kiu
bit c bn r (xem 1.5.1) c th pht hin ra kho a nu bit k .
Mt trng hp khc lm mt tnh an ton ca h mt m
ElGamal l vic dng cng mt s k cho nhiu ln lp mt m.
Thc vy, gi s dng cng mt s ngu nhin k cho hai ln lp
m, mt ln cho x
1
, mt ln cho x
2
, v c cc bn m tng ng
(y
1
,y
2
) v (z
1
,z
2
). V cng dng mt s k nn y
1
=z
1
. V do theo
cng thc lp m ta c z
2
/y
2
= x
2
/x
1
, tc l x
2
= x
1
.z
2
/y
2
. Nh vy,
mt ngi thm m, mt ln bit c bn r d dng pht hin
c bn r trong cc ln sau.

4.4.3. Cc h mt m tng t ElGamal.
H mt m ElGamal c xy dng da trn cc yu t :
mt nhm hu hn cyclic (
p
Z

), mt phn t nguyn thu (

p
Z

)
sao cho bi ton tnh lgarit ri rc (tnh a =log

, tc cho tm a
sao cho =
a
modp) l rt kh thc hin. V vy, nu c cc
yu t th ta c th xy dng cc h mt m tng t ElGamal.
Nh vy, s ca mt h mt m tng t ElGamal c cho bi
S = (P , C , K , E , D ),
trong : P =G, C =G G , vi G l mt nhm cyclic hu hn;
K ={K =(K', K'') : K' =(G, ,) , K'' =a , =
a
},
y l mt phn t nguyn thu ca nhm G.
Cc thut ton lp m
K
e

= E (K' ,.) v gii m
K
d

= D (K'',.)
c xc nh nh sau: Vi mi xP =G, lp mt m cho x trc
ht ta chn thm mt s ngu nhin k (0 ) k G ri tnh:
K
e

(x,k ) = (y
1
, y
2
), vi
1
2
.
k
k
y
y x

Vi mi s ngu nhin k bt k, ta u xem
K
e

(x,k ) l mt m ca
x. V thut ton gii m c xc nh bi

K
d

(y
1
, y
2
) =
1
2 1
.( ) mod .
a
y y p

Php nhn trong cc biu thc ni trn u l php nhn ca G.

105
C hai lp nhm thng c s dng xy dng cc h
mt m tng t ElGamal l nhm nhn ca trng Galois GF(p
n
)
v nhm cng ca mt ng cong elliptic xc nh trn mt
trng hu hn.
1. Nhm nhn ca trng Galois GF(p
n
) : Trng Galois
GF(p
n
) l trng ca cc a thc vi h s trong Z
p
ly theo
muyn l mt a thc bc n bt kh qui; vi php cng v php
nhn l php cng v php nhn a thc theo muyn . Trng
c p
n
phn t, c th xem mi phn t l mt a thc bc n -1 vi
h s thuc Z
p
={0,1,2,...,p -1}, thm ch l mt vect n chiu m cc
thnh phn l cc h s ca a thc . Tp tt c cc a thc khc
0 lp thnh nhm nhn ca trng GF (p
n
),v ngi ta chng minh
c rng nhm nhn l cyclic.
Nh vy, nhm G = GF (p
n
){0} l nhm cyclic cp p
n
-1. ta
c th chn mt phn t nguyn thu ca nhm , v thit lp bi
ton lgarit ri rc tng ng, t xy dng c h mt m
tng t ElGamal.
2. Nhm cng ca ng cong elliptic : Gi s p l mt s
nguyn t > 3. ng cong e p c y lli ti
;
2
=x
3
+a.x+b trn Z
p
, trong
a,b Z
p
l cc hng s tho mn 4a
3
+27b
2
0 (modp), c nh
ngha l tp hp tt c cc im (x,y) Z
p
Z
p
tho mn phng
trnh
y
2
x
3
+a.x+b (modp),
cng vi mt phn t c bit m ta k hiu l O . Tp hp
c k hiu l E. Trn tp E ta xc nh mt php cng nh sau :
Gi s P =(x
1
, y
1
) v Q = (x
2
, y
2
) l hai im ca E. Nu x
1
=x
2
v
y
1
= -y
2
th ta nh ngha P +Q =O ; nu khng th P +Q = (x
3
, y
3
),
trong
x
3
=
2
-x
1
-x
2
, y
3
= (x
1
-x
3
) - y
1
,
vi

2 1 2 1
2
1 1
( )/( ),
(3 )/ 2 , .
y y x x khi P Q
x a y khi P Q

+ =

Ngoi ra, ta nh ngha thm : P +O = O+P = P.
Tp E vi php ton cng lp thnh mt nhm. Nu E =q l s
nguyn t th nhm cng l nhm cyclic, v mi phn t khc
khng (O ) u l phn t nguyn thu. Ta nh rng trong trng
hp ny, phn t nghch o l phn t i, php nng ln lu
tha n l php nhn vi s n , php lgarit tng ng vi mt kiu
php chia. Ta c th xut pht t nhm E ny xy dng h mt
m tng t ElGamal.
106


4.5. Cc h mt m da trn cc bi ton NP-y .
4.5.1. Nguyn tc chung.
Nh gii thiu trong chng II, cc bi ton NP-y l
cc bi ton m cho n nay cha tm c mt thut ton vi
phc tp tnh ton a thc no gii chng. V tnh kh ca
cc bi ton li c bo m bng s kin l ch cn c mt
thut ton vi phc tp a thc gii mt bi ton NP-y
no th lp tc mi bi ton NP-y u gii c trong thi
gian a thc.
i vi mt s bi ton NP-y , tuy khng c thut ton
vi phc tp a thc gii i vi mi d liu ca bi ton,
nhng c th c mt lp cc d liu m i vi chng c thut ton
gii vi thi gian chp nhn c. Vi nhng bi ton nh vy
ta c th s dng xy dng cc h mt m kho cng khai vi
nguyn tc chung nh sau : H mt m s c php gii m tng
ng vi vic tm li gii cho bi ton NP-y ; tuy nhin c
mt th tc bin mt d liu ni chung ca bi ton NP-y
thnh mt d liu thuc lp c bit m i vi n c th gii
c bi mt thut ton vi phc tp thi gian chp nhn c.
Nh vy, ta bin c php lp m thnh mt hm ca sp
mt pha , v l c s xy dng h mt m kho cng khai
tng ng.
Ta s xt sau y hai trng hp xy dng c cc h mt
m kho cng khai theo cch nh vy : mt l h mt m Merkle-
Hellman da trn bi ton sp ba l (hay bi ton tng tp con), v
hai l h mt m Mc-Eliece da trn bi ton gii m tuyn tnh t
sa sai.

4.5.2. H mt m Merkle-Hellman.
Bi ton sp ba l (tc bi ton KNAPSACK, cng c gi
l bi ton tng tp con) c t ra nh sau: Cho mt tp cc s
nguyn dng { }
1 2
, ,...,
n
a a a v mt s nguyn dng s. Hy xc
nh xem c hay khng mt tp con cc a
j
m tng ca chng bng
s. Mt cch tng ng, hy xc nh xem c hay khng cc x
i

{0,1} (1 i n) sao cho
1
.
n
i i
i
a x s
=
=

107
Bi ton ny l NP-y , tuy nhin nu ta hn ch bi ton
trn cc d liu I =({ }
1 2
, ,...,
n
a a a ,T ), trong { }
1 2
, ,...,
n
a a a l dy
siu tng, tc l dy tho mn iu kin

1
1
2,3,..., : ,
j
j i
i
j n a

=
= a

>
th vic tm tr li l kh d dng, chng hn c th bng thut ton
n gin di y:
1. for i =n downto 1 do
if T > a
i
then T =T a
i
, x
i
=1, else x
i
=0
2. if
1
.
n
i i
i
x a T
=
=

then
1
( ,..., )
n
X x x = is the solution of problem,
else there is no solution.

By gi, chun b xy dng mt s mt m Merkle-Hellman,
ta chn trc mt s nguyn dng n v mt s nguyn t p
ln. Vi mi ngi tham gia s c chn mt b kho K =(K', K''),
trong kho b mt K'' =(A, p, a) gm mt dy siu tng A=
{ }
1 2
, ,...,
n
a a a tho mn v mt s a, 1< a < p ; kho cng
khai K' ={b
1
,
n
i
i
a p
=

<
1
,...,b
n
} vi b
i
= a.a
i
modp.
S h mt m Merkle-Hellman c nh ngha bi
S = (P , C , K , E , D ),
trong P = {0,1}
n
, C ={0,1,...,n(p -1)}, K l tp cc b kho K =
(K', K'') nh c xy dng trn. Cc thut ton lp mt m v
gii m c xc nh bi:
Vi mi
1
( ,..., )
n
x x x = P thut ton lp m cho ta
E (K', x) =
1
.
n
i i
i
x b
=

;
v vi mi yC , ta tnh z =a
-1
.y modp, ri sau gii bi ton sp
bal i vi d liu I =({ }
1 2
, ,...,
n
a a a ,z ) ta s c li gii
1
( ,..., )
n
x x ,
li gii l gi tr ca D (K'', y).
Th d: Chn n =6, kho b mt c p = 737, A={12, 17, 33, 74, 157,
316}, a =635. Tnh c kho cng khai l {250, 477, 319, 559, 200,
196}. Vi bn r x = 101101 ta c bn m tng ng l y =1324.
gii m, trc ht tnh z = a
-1
.y modp =635
-1
.1324 mod737 =435, sau
gii bi ton sp bal vi dy siu tng A v z ta c
435 =12 +33 +74 +316,
tc c li gii x =(1,0,1,1,0,1).

108
H mt m Merkle-Hellman c xut kh sm, t nm
1978, n nm 1985 Shamir tm c mt phng php thm m
trong thi gian a thc da vo mt thut ton ca Lenstra gii bi
ton qui hoch ng. Tuy nhin, sau , vo nm 1988, Chor v
Rivest c a ra mt cch khc xy dng h mt m cng da vo
bi ton sp bal, cho n nay vn gi c an ton.
4.5.3. H mt m McEliece.
H mt m McEliece c xy dng da vo tnh NP-y
ca bi ton gii m tuyn tnh t sa sai (trong l thuyt truyn
tin). Bi ton c t ra nh sau: gi s ngun tin l tp cc t k
bit nh phn, tc tp hp {0,1}
k
, c truyn i trn mt knh c
nhiu, tc l nu truyn trc tip cc dy t k bit th thng tin m ta
nhn c c th b sai lch v ta khng nhn c ng thng tin
c truyn i. khc phc nhng sai lch ngi ta tm cch
m ho ngun tin gc bng cch thm cho mi t k bit mang thng
tin mt s bit dng t hiu chnh, tc l thc hin mt php m
ho bin mi t k bit ban u thnh mt t n bit, vi n > k, c
gi l t m. Php m ho tuyn tnh l php m ho c thc
hin bng cch nhn t k bit ban u x vi mt ma trn G cp kn
c t m n bit y, y =x.G (cc php ton cng v nhn c
thc hin theo mod2). Ta nh ngha khong cch Hamming gia
hai t m n bit l s cc v tr m ti hai t m c gi tr khc
nhau; khong cch d ca h m l khong cch Hamming b nht
gia hai t m bt k. Nh vy, mt h m tuyn tnh c xc
nh bi mt ma trn G (gi l ma trn sinh), v c c trng bi
ba s [n,k,d ]. Nu d = 2t +1, th h m c kh nng t sa sai n t
sai ngu nhin nhim phi do nhiu ca knh truyn. Tuy nhin,
vic t sa sai (tc l khi nhn c t m c th c n t sai ta tm
li c ng t k bit thng tin ban u) ca cc h m tuyn tnh
nh vy ni chung kh phc tp, v bi ton gii m tuyn tnh t
sa sai c chng minh l mt bi ton NP-kh, tc cho n
nay cha bit c thut ton no lm vic trong thi gian a thc
gii c n. Mc du vy, ngi ta tm c mt s lp ring
cc h m tuyn tnh m i vi chng c th xy dng c
nhng thut ton gii m t sa sai lm vic c hiu qu, cc h m
Goppa l mt lp nh vy. H m Goppa l mt loi h m tuyn
tnh c cc c trng n = 2
m
, d =2t +1, k =n -mt , c ma trn sinh G
cp kn c xy dng da trn mt s tnh cht i s ca trng
GF(2
n
)-m y ta khng i vo cc chi tit.
c mt h mt m McEliece, trc ht ta chn mt h m
Goppa vi ma trn sinh G v cc c trng trn, sau dng mt
109
ma trn S kh nghch cp kk trn Z
2
v mt ma trn hon v P cp
n n (cng c cc phn t trong Z
2
) bin h m Goppa vi ma
trn sinh G thnh mt h m tuyn tnh ph bin vi ma trn
sinh G* =SGP; vy l bin h m Goppa c thut ton gii m
hiu qu thnh mt h m tuyn tnh ni chung m ta ch bit vic
gii m t sa sai i vi n l NP-kh. H mt m m ta xy
dng s c thut ton gii m l d i vi ngi trong cuc nh
gii m Goppa, v l kh i vi ngi ngoi nh gii m tuyn
tnh ni chung!
Nh vy, mt h mt m kho cng khai McEliece c xc
nh bi
S = (P , C , K , E , D ),
trong P ={0,1}
k
, C = {0,1}
n
, K l tp hp cc b kho K =(K', K''),
vi kho b mt K'' = (G,S,P ) gm mt ma trn sinh G ca mt h
m Goppa, mt ma trn kh nghch S cp kk trn Z
2
v mt ma
trn hon v P cp n n ; kho cng khai K' = G* l ma trn
c bin i ni trn.
Thut ton lp mt m E (K',.): P C c xc nh bi
E (K', x) = x. G* + e ,
trong e {0,1}
n
l mt vect ngu nhin c trng s t , tc c t
thnh phn l 1. Thut ton gii m D (K'',.) c thc hin theo ba
bc nh sau vi mi y C = {0,1}
n
:
1. Tnh y
1
= y.P
1
,
2. Gii m Goppa i vi y
1
, gi s c x
1
.
3. Tnh D (K'', y) = x
1
. S
-1
.
D th li rng cc thut ton lp mt m v gii m xc
nh nh trn l hp thc, v vi mi x P ={0,1}
k
, ta u c
D (K'', E (K', x)) =x ,
ng thc ng vi mi vect e bt k c trng s t . H mt
m ny cng tng t nh h mt m ElGamal ch khi lp mt
m ta c th chn thm cho d liu vo mt yu t ngu nhin; v
sau ta s gi nhng h mt m nh vy l h mt m xc sut.
Yu t ch yu bo m tnh an ton ca cc h mt m
McEliece l ch t kho cng khai G* kh pht hin ra kho b
mt (G,S,P ) v tnh NP-kh ca bi ton gii m tuyn tnh t
sa sai ni chung. Cng cn nh rng an ton cn ph thuc
vo vic chn cc tham s k,n,t ln; theo gi ca cc nghin
cu thc nghim th ln c ngha l n 1024, k 644, t 38. Vi
nhng i hi th kch c ca cc ma trn G, S, P v G* s qu
110
ln, kh bt tin cho vic thc thi trong thc t, v vy m cc h
mt m McEliece cha c s dng ph bin lm.

4.6. Cc h mt m xc sut kho cng khai.
4.6.1. t vn v nh ngha.
Mt m xc sut l mt tng c xut bi Goldwasser
v Micali t nm 1984, xut pht t yu cu gii quyt mt vn
sau y: Gi thit ta c mt h mt m kho cng khai, v ta mun
lp mt m cho bn r ch gm mt bit. iu thng gp khi ta
mun b mt truyn i mt thng tin ch c ni dung l c hoc
khng, tc l mt thng tin c bit quan trng nhng ch gm mt
bit. Nu ta dng mt h mt m kho cng khai thng thng, th
bn mt m c truyn i s l
K
e

(0) hoc
K
e

(1), mt ngi thm
m c th khng bit cch gii m, nhng li hon ton c th tnh
trc cc gi tr
K
e

(0) v
K
e

(1), v khi ly c bn m truyn i
trn knh truyn tin cng cng, ch cn so snh bn m nhn c
vi hai bn
K
e

(0) v
K
e

(1) c tnh sn l bit c
thng tin mt c truyn i l 0 hay l 1. Cc h mt m kho
cng khai s d c c tnh bo mt l v t thng tin v bn m
kh lng khai thc c thng tin g v bn r, nhng r rng iu
khng cn c bo m nu s cc bn r l rt t, chng hn
nh khi cc bn r c di cc ngn, hay nh trng hp trn, s
cc bn r ch l hai, c th l 0 v 1.
Mc ch ca vic xy dng mt m xc sut l bo m
khng mt thng tin no v bn r c th khai thc c (trong
thi gian a thc) t bn m; iu ny, i vi cc h mt m kho
cng khai, c th c thc hin bng cch to cho mt bn r
nhiu bn m khc nhau thu c mt cch ngu nhin vi vic s
dng cc s ngu nhin trong tin trnh lp m. Sau y l nh
ngha v mt h mt m xc sut kho cng khai:
nh ngha. Mt h mt m xc sut kho cng khai c
xc nh bi mt b
S = (P , C , K , E , D, R ),
trong P , C , K c hiu nh i vi cc h mt m kho cng
khai thng thng, R l mt tp cc phn t ngu nhin, v vi
mi K =(K', K'')K , thut ton lp mt m
K
e

= E (K' ,.): P R C
v gii m
K
d

= D (K'',.): C P tho mn ng thc:
vi mi x P , r R ,
K
d

(
K
e

(x,r )) = x.
Ngoi ra, ta mong mun mt iu kin an ton nh trong
nh ngha sau y c tho mn: ta k hiu p
K,x
l phn b xc
111
sut trn tp C , trong p
K,x
(y) l xc sut ca vic y l bn m khi
bit K l kho v x l bn r (xc sut c tnh cho tt c r R ). Ta
ni hai phn b xc sut p
1
v p
2
trn C l -phn bit c nu c
mt thut ton -phn bit hai phn b xc sut , tc l mt thut
ton A : C {0,1} tho mn tnh cht
E
A
(p
1
) - E
A
(p
2
) ,
trong
E
A
(p
i
) = ( ). ( ( ) 1)
i
y
p y p A y

C
.
By gi iu kin an ton c pht biu nh sau: H mt m xc
sut kho cng khai S l an ton nu c >0 sao cho vi mi K K
v mi x x' , cc phn b xc sut p
K,x
v ,
, K x
p
l khng -phn bit
c.

4.6.2. H mt m xc sut Goldwasser-Micali.
Sau y l m t s ca h mt m xc sut kho cng
khai trn tp vn bn mt bit do Goldwasser v Micali xut nm
1984. Mt h nh vy c cho bi mt danh sch
S = (P , C , K , E , D, R ),
trong P ={0,1}, C =R =
n
Z

, n =p.q l tch ca hai s nguyn t

ln, K l tp hp cc b kho K =(K', K''), trong kho cng khai
K' =(n ,m) vi m

n n
Q J Q
n
= l mt gi thng d bc hai modn,
v kho b mt K'' =(p,q ). Cc thut ton lp mt m v gii m
c xc nh bi

K
e

(x,r ) = m
x
.r
2
modn ,

K
d

(y) =
0,
1,
n
n
khi y Q
khi y Q

vi mi x P , r R , y C .
H mt m Goldwasser-Micali lp mt m cho bn r mt
bit: mt m ca bit 0 lun lun l mt thng d bc hai modn , v
mt m ca bit 1 l mt gi thng d bc hai modn . Vic gii m l
kh d dng khi ta bit kho b mt K'' =(p,q ). Thc vy, vi mi
y
n
Q Q
n
ta c 1.
y
n

=


V bit K'' =(p,q ), nn ta tnh c

1
2
mod ,
p
y
y p
p

=



v do d th c 1,
n
y
y Q
p

=


v tnh c
K
d

(y).
112

4.6.3.H mt m xc sut Blum-Goldwasser.
H mt m xc sut kho cng khai Blum-Goldwasser c
xy dng trn nn ca cc h mt m theo dng vi dng kho l
dy s gi ngu nhin Blum-Blum-Shub (xem 3.3.3), yu t ngu
nhin r R y s c s dng nh mm sinh ra dy s gi
ngu nhin ca dng kho . S ca h mt m xc sut kho
cng khai Blum-Goldwasser c cho bi danh sch
S = (P , C , K , E , D, R ),
trong P =
2
, Z

C =
2
,
n
Z Z

R = , n = p.q l tch ca hai s

nguyn t ln vi
n
Q
3mod4; p q K l tp hp cc b kho K =(K',
K''), trong kho cng khai K' =n, v kho b mt K'' =(p,q ).
Thut ton lp m
K
e

= E (K' ,.) : P R C c tnh theo
cc bc sau:
1. Cho x =(x
1
,...,x
l
)P v r R . T mm r theo thut ton
Blum-Blum-Shub tnh dy s (s
0
,s
1
,...,s
l +1
) theo cng thc

0
2
1
,
mod ,
i i
s r
s s n
+
=

sau tnh dy s gi ngu nhin (z

1
,...,z
l
) bi z
i
=s
i
mod2.
2.Tnh y =(y
1
,...,y
l
) vi y
i
= x
i
+z
i
mod2 (1 i l ).
3. Bn m l
K
e

(x ,r ) = (y, s
l+1
) =(y
1
,...,y
l
;s
l+1
).
Thut ton gii m
K
d

= D (K'',.): C P c thc hin theo
cc bc sau y sau khi nhn c bn m (y
1
,...,y
l
;s
l+1
) :
1. Tnh

1
1
1
2
(( 1)/ 4) mod( 1),
(( 1)/ 4) mod( 1).
l
l
a p p
a q q
+
+
= +
= +

2. Tnh
1 2
1 1 2 1
mod , mod .
a a
l l
b s p b s q
+ +
= =
3. Tm s
0
=r bng cch gii h phng trnh

0 1
0 2
mod
mod
s b
s b q

p
4. Vi s
0
theo thut ton BBS ta tm li c dy bit (z
1
,...,z
l
).
5. Cui cng ta c

K
d

(y
1
,...,y
l
;s
l+1
) = (x
1
,...,x
l
), vi x
i
= y
i
+z
i
mod2 (1 i l ).

Nh vy l h mt m Blum-Goldwasser c nh
ngha y . Ta ch rng nu bn r x gm l bit th trong bn
m tng ng, ngoi cc bit m y
1
,...,y
l
ta phi gi thm s s
l+1
, s
113
c s dng trong cc bc 1-3 ca thut ton gii m tm
li mm s
0
cn thit cho vic tm dng kho ngu nhin (z
1
,...,z
l
).
Ta chng minh rng s s
0
tnh c theo thut ton gii m
ng l mm s
0
m ta cn tm. Thc vy, theo nh ngha, ta c vi
mi i =0,1,...,l +1, s
i
u l thng d bc hai, v vi mi i =0,...,l , s
i

u l cn bc hai ca s
i+1
theo modn ; iu cng ng i vi
modp v modq. V p 3 mod4, nn mi thng d bc hai x theo
modp u c duy nht mt cn bc hai modp cng l thng d bc
hai modp, l x
(p+1)/4
modp. Thc vy, v x
(p+1)/2
x modp, nn
x
(p+1)/4
modp l cn bc hai theo modp ca x ; mt khc ta li c
( 1)/ 4
( 1)/4
1
p
p
x x
p p
+
+

=


= , nn x
(p+1)/4
modp cng l mt thng d bc
hai modp. T nhn xt ta suy ra vi mi i (i =0,1,..,l ):

( 1)/4
1
(mod ),
p
i i
s s p
+
+

do ,

1
1
(( 1)/4)
0 1 1
mod mod .
l
a p
l l
s s p s p
+
+
+ +
= =
Xt tng t i vi q, ta cng c

2
0 1
mod .
a
l
s s q
+
=
Vy s s
0
tnh theo cc bc 1-3 ca thut ton gii m ng l
mm s
0
=r m ta cn tm. Cc thut ton lp mt m v gii m nh
c nh ngha trn l hp thc.
Th d : Chn n = 192649 = 383.503.
Cho bn r x = 11010011010011101101. (l = 20)
Gi s chn ngu nhin s
0
=r = 20749. Ta tnh c dy z :
z = 11001110000100111010.
Ta tnh thm c s
21
=94739, v bn m c gi i l

K
e

(x ,r ) = (y, s
l+1
) = (y, 94739),
trong y = 00011101010111010111.
gii m, trc ht ta tm s
0
t s
21
= 94739. Ta c
(p +1)/4 =96, (q +1)/4 =126.
Theo thut ton gii m:
a
1
= 96
21
mod382 =266,
a
2
= 126
21
mod502 = 486.
T tnh c
b
1
= 94739
266
mod383 =67,
b
2
= 94739
486
mod503 = 126.
Gii h phng trnh ng d:


( )
0
0
67 mod383
126(mod503)
s
s

114
ta c s
0
=20749, t tnh li c dy z, cng mod2 tng bit vi
y ta li thu c bn r x .


115


CHNG V


Bi ton xc nhn v
ch k in t


5.1. Bi ton xc nhn v s ch k.
5.1.1. t vn .
Trong chng I, tit 1.3, ta lit k mt s bi ton ch yu
v an ton thng tin, trong ngoi bi ton quan trng nht l bo
mt thng tin th cc bi ton k tip l: xc nhn thng bo v xc
nhn ngi gi (cng vi thng bo), xng danh v xc nhn danh
tnh ca mt ch th giao dch, v.v... Bi ton bo mt c p
ng bng cc gii php mt m l ni dung ca cc chng III
v IV, trong chng ny v chng sau ta s cp n cc bi
ton xc nhn v nhn thc k trn, chng V ny s dnh cho bi
ton xc nhn thng bo v ngi gi thng bo, chng VI tip
theo s xt bi ton xng danh v xc nhn danh tnh.
Trong cch thc truyn thng, thng bo c truyn i
trong giao dch thng di dng cc vn bn vit tay hoc nh
my c km thm ch k (vit tay) ca ngi gi bn di vn
bn. Ch k l bng chng xc nhn thng bo ng l ca
ngi k, tc l ca ch th giao dch, v nu t giy mang vn bn
khng b ct, dn, ty, xo, th tnh ton vn ca thng bo cng
c chng thc bi ch k . Ch k vit tay c nhiu u im
quen thuc nh d kim th, khng sao chp c, ch k ca mt
ngi l ging nhau trn nhiu vn bn, nhng mi ch k gn lin
vi mt vn bn c th, v.v...
Khi chuyn sang cch thc truyn tin bng phng tin hin
i, cc thng bo c truyn i trn cc mng truyn tin s ho,
bn thn cc thng bo cng c biu din di dng s ho, tc
di dng cc dy bit nh phn, ch k nu c cng di dng
cc dy bit, th cc mi quan h t nhin k trn khng cn gi
c na. Chng hn, ch k ca mt ngi gi trn nhng vn
bn khc nhau phi th hin c s gn kt trch nhim ca
115
ngi gi i vi tng vn bn th tt yu phi khc nhau ch
khng th l nhng on bit ging nhau nh cc ch k ging
nhau trn cc vn bn thng thng. Ch k vit tay c th c
kim th bng cch so snh vi nguyn mu, nhng ch k in
t th khng th c nguyn mu m so snh, vic kim th
phi c thc hin bng nhng thut ton c bit. Mt vn
na l vic sao chp mt vn bn cng ch k. Nu l vn bn cng
ch k vit tay th d phn bit bn gc vi bn sao, do kh m
dng li c mt vn bn c ch k tht. Cn vi vn bn in t
cng ch k in t th c th nhn bn sao chp tu thch, kh m
phn bit c bn gc vi bn sao, cho nn nguy c dng li
nhiu ln l c thc, do cn c nhng bin php trnh nguy
c .
Mt ch k, nu mun th hin c trch nhim ca
ngi gi trn ton vn bn, th phi mang c mt cht gn b
no vi tng bit thng tin ca vn bn, v vy, theo hnh dung
ban u, di ca ch k cng phi di theo di ca vn bn;
c c ch k ngn nh trong trng hp vit tay ngi ta
phi dng mt k thut ring gi l hm bm m ta s trnh by
cui chng. By gi, trc ht ta s gii thiu nh ngha v s
ch k (in t).

5.1.2. nh ngha s ch k.
nh ngha 5.1. Mt s ch k S l mt b nm
S = (P, A, K, S, V ),
trong : P l mt tp hu hn cc thng bo c th c,
A l mt tp hu hn cc ch k c th c,
K l mt tp hu hn cc kho, mi kho K K gm c
hai phn K =(K,K''), K' l kho b mt dnh cho vic k, cn K'' l
kho cng khai dnh cho vic kim th ch k.
Vi mi K =(K,K''), trong S c mt thut ton k P A , v
trong Vc mt thut ton kim th P A {ng,sai} tho
mn iu kin sau y i vi mi thng bo xP v mi ch k
yA :
'
:
K
sig
"
:
K
ver

" K
ver (x, y) = ng y =
' K
sig (x ).

Vi s trn, mi ch th s hu mt b kho K =(K,K''), cng b
cng khai kho K'' mi ngi c th kim th ch k ca mnh,
v gi b mt kho K thc hin ch k trn cc thng bo m
116
mnh mun gi i. Cc hm
" K
ver v
' K
sig (khi bit K ) phi tnh
c mt cch d dng (trong thi gian a thc), tuy nhin hm
y =
' K
sig (x ) l kh tnh c nu khng bit K - iu bo m
b mt cho vic k, cng tc l bo m chng gi mo ch k.
Bi ton xc nhn vi ch k in t, theo mt ngha no ,
c th xem l i ngu vi bi ton bo mt bng mt m, nh
c minh ho bi th d s ch k RSA, i ngu vi s
mt m RSA, di y :

5.1.3. S ch k RSA.
S ch k RSA c cho bi b nm
S = (P, A, K, S, V ),
trong P =A =Z
n
, vi n =p.q l tch ca hai s nguyn t ln p,q,
K l tp cc cp kho K =(K,K''), vi K =a v K'' =(n,b), a v b l
hai s thuc
n
Z

tho mn a.b 1(mod(n)). Cc hm

' K
sig v
" K
ver c xc nh nh sau:

' K
sig (x) = x
a
modn ,

K
ver

(x,y ) =ng x y
b
(modn ).
D chng minh c rng s c nh ngha nh vy l hp
thc, tc l vi mi xP v mi ch k yA:

" K
ver (x, y) = ng y =
' K
sig (x ).

Ch rng tuy hai vn xc nhn v bo mt theo s
RSA l c b ngoi ging nhau, nhng ni dung ca chng l hon
ton khc nhau: Khi A gi thng bo x cho B, B c cn c xc
nhn ng thc l thng bo do A gi, A phi gi km theo ch
k
' K
sig (x), tc l A gi cho B (x,
' K
sig (x)), trong cc thng tin gi
i , thng bo x hon ton khng c gi b mt. Cng tng
t nh vy, nu dng s mt m RSA, khi mt ch th A nhn
c mt bn mt m
K
e

(x) t B th A ch bit rng thng bo x
c bo mt, ch khng c g xc nhn x l ca B.
Nu ta mun h truyn tin ca ta va c tnh bo mt va c
tnh xc nhn, th ta phi s dng ng thi c hai h mt m v
xc nhn (bng ch k). Gi s trn mng truyn tin cng cng, ta
c c hai h mt m kho cng khai S
1
v h xc nhn bng ch k
S
2
. Gi s B c b kho mt m K =(K', K'') vi K' =(n, e) v K'' =d
trong h S
1
, v A c b kho ch k ( , )
s s s
K K K = vi v
trong h S
s
K a =
( , ) K n b =
s 2
. A c th gi n B mt thng bo va bo
117
mt va c ch k xc nhn nh sau: A k trn thng bo x
trc, ri thay cho vic gi n B vn bn cng ch k (x,
s
K
sig

(x))
th A s gi cho B bn mt m ca vn bn c lp theo kho
cng khai ca B, tc l gi cho B
K
e

((x,
s
K
sig

(x)). Nhn c vn
bn mt m B s dng thut ton gii m
K
d

ca mnh thu
c (x,
s
K
sig

(x)), sau dng thut ton kim th ch k cng
khai
s
K
ver

ca A xc nhn ch k
s
K
sig

(x) ng l ca A trn x.
5.2. S ch k ElGamal v chun ch k in t.
5.2.1. S ch k ElGamal.
S ch k ElGamal c xut nm 1985, gn nh
ng thi vi s h mt m ElGamal, cng da trn kh ca
bi ton lgarit ri rc. S c thit k c bit cho mc ch
k trn cc vn bn in t, c m t nh mt h

S = (P, A, K, S, V),
trong P = ,
p
Z

A =
1 p p
Z Z

, vi p l mt s nguyn t sao cho

bi ton tnh lgarit ri rc trong
p
Z

l rt kh. Tp hp K gm cc
cp kho K =(K,K''), vi K =a l mt s thuc
p
Z

, K'' =(p, , ),
l mt phn t nguyn thu ca
p
Z

, v =
a
modp. K l kho b
mt dng k, v K'' l kho cng khai dng kim th ch k.
Cc thut ton k v kim th ch k c xc nh nh sau: Vi
mi thng bo x, to ch k trn x ta chn thm mt s ngu
nhin k
1 p
Z

, ri tnh

' K
sig (x,k ) = ( , ), vi

k
= modp,

1
( ). x a k

= mod(p -1).
Thut ton kim th c nh ngha bi:

" K
ver (x, ( , ) ) = ng

.


x
(modp).
D thy rng s ch k c nh ngha nh trn l hp
thc. Thc vy, nu
' K
sig (x,k ) = ( , ), th ta c :

.


a
.
k
modp

x
modp,
v k +a x mod(p -1). Do ,
" K
ver (x, ( , ) ) = ng.
118
Th d: Gi s p = 467, = 2, a =127. Khi = 2
127
mod467=132.
Cho x =100; ta chn ngu nhin k =213 (
466
Z

) v c k
-1
mod466
=431. Ch k trn vn bn x =100 vi s ngu nhin k =213 l (, ),
trong =2
213
mod467 = 29 v = (100 - 127.29).431mod466 =51.
kim th ta tnh :

.

= 132
29
.29
51
189 (mod467),

x
= 2
100
189 (mod467),
hai gi tr ng d vi nhau theo mod467, ch k(, )=(29,51)
c xc nhn l ng.
5.2.2. Tnh an ton ca s ch k ElGamal.
S ch k ElGamal c xem l an ton, nu vic k trn
mt vn bn l khng th gi mo c, ni cch khc, khng th
c mt ngi no ngoi ch th hp php c th gi mo ch k
ca ch th hp php trn mt vn bn bt k. V vy, vic gi
b mt kho dng to ch k l c ngha quyt nh i
vi vic bo m tnh an ton ca ch k. C th l kho b mt
trong nhng trng hp no, v c th khng l
m vn gi mo ch k c khng? Ta s xt sau y mt vi
trng hp n gin :
K = a
a K = K a =
1) Kh nng l kho K a = : Cng nh i vi s h
mt m ElGamal, kho b mt a c th b pht hin trong trng
hp l s ngu nhin k mt ln k no , hoc s dng cng
mt s ngu nhin k hai ln k khc nhau.
Nu s ngu nhin k c s dng khi k trn vn bn x b
l, th kho b mt K a = c tnh theo cng thc sau y:
a = (x - k ).
-1
mod(p 1).
By gi ta xt trng hp dng cng mt s ngu nhin k
cho hai ln k khc nhau, chng hn cho x
1
v x
2
. Khi ta c ch
k trn x
1
l ( ,
1
), trn x
2
l ( ,
2
), vi thnh phn th nht bng
nhau (v bng =
k
modp), v cc ch k tho mn

1
.
x
1
(modp),

2
.
x
2
(modp).
T ta c

1 2 1 2 1 2
( x x k )




(modp),
iu tng ng vi
x
1
- x
2
k (
1
-
2
) (mod(p -1)).
t d = gcd(
1
-
2
, p -1). C ba s
1
-
2
, p -1 v x
1
- x
2
u chia ht
cho d, ta t
119

1 2 1 2
1
, ,
x x p
x p .

= = =
d d d

Khi ng d thc trn tr thnh
. x k (mod p ).
V gcd( , ) p =1, nn c th tnh
1


= mod p , v sau gi tr k
theo mod : k = p . x mod p , tc l
k = . . x i p + mod(p -1)
vi i l mt gi tr no , 0 i d 1. Th ln lt iu kin
k
= modp
vi cc gi tr ca i , ta s tm c k ;sau t k tnh c a cn
tm.
2) Kh nng gi mo ch k trn mt vn bn cho trc :
Gi s ch th A chn s ch k ElGamal vi cp kho K
=(K,K''), trrong K a = l kho b mt. Mt ngi ngoi O khng
bit kho b mt K a = m mun gi mo ch k ca A trn mt
vn bn x th phi c kh nng to ra c ch k (, ) m khng
cn bit a. C hai cch : hoc chn trc ri tm tng ng, hoc
ngc li, chn trc ri tm tng ng.
Nu chn trc ri tm , th phi l

1
( ) x a k

= mod(p -1) = ( ( )log x a

mod(p -1)
= log ( ).log log
x x



= mod(p -1);
l mt bi ton tnh lgarit ri rc, m ta bit rng rt kh.
Nu chn trc ri tm th phi gii phng trnh
.
x
modp
vi n s . Ta cha bit c cch gii hu hiu no khng, nhng
chc l khng d hn bi ton tnh lgarit ri rc.
Nh vy, ta c th tin rng kh nng gi mo ch k trn
mt vn bn cho trc khi khng bit kho b mt l rt t,
do khng c nh hng ng k n tnh an ton ca s ch
k.
K = a
3)Gi mo ch k cng vi vn bn c k :
C mt kh nng gi mo khc l gi mo c vn bn gi i
x cng vi ch k (, ) trn x. Kh nng xy ra khi k gi mo
chn c x v (, ) tho mn iu kin kim th, c th khi chn
c x,, c dng sau y :
.
i j
= modp,
120

1
.j

= mod(p -1),

1
. . x i j

= mod(p -1),
trong i, j l cc s nguyn sao cho 0 i, j p 2, gcd(j, p 1) =1, v
j
1
c tnh theo mod(p 1). Thc vy, khi ta c

1
.
. ( )
i j j

modp

1
. .
i j

modp

x
modp ,
tc iu kin kim th c tho mn, (, ) c th c xc nhn
hp thc l ch k trn x.
C th c mt cch gi mo khc na, nu k gi mo s
dng ch k ng (, ) trn mt vn bn x c t trc to ra
mt ch k ( , ) mi cho mt vn bn mi x nh sau:
. .
h i j
= modp,

1
(h j )

= mod(p -1),

1
( )( ) x hx i h j

= + mod(p -1).
C th th li rng iu kin kim th ng i vi ch k
( , ) v vn bn x , tc l
.
x


modp.
C hai cch gi mo ni trn u cho ch k tho mn iu
kin kim th i vi vn bn tng ng, tuy nhin vn bn
khng phi l vn bn c chn theo mun ca ngi gi mo,
cho nn kh nng s dng cc cch gi mo trong thc t cng
khng c gi tr , do khng th gy nguy hi ng k cho tnh an
ton ca s ch k ni chung.

5.2.3. Chun ch k s (Digital Signature Standard).
Chun ch k s (DSS) c xut t nm 1991 v c
chp nhn vo cui nm 1994 s dng trong mt s lnh vc
giao dch in t ti Hoa k. DSS da vo s ch k ElGamal,
vi mt vi sa i. bo m an ton , s nguyn t p cn phi
ln, biu din nh phn ca p phi c t 512 bit tr ln (c th t
512 n 1024 bit, s bit l mt bi ca 64). Tuy nhin, di ch k
theo s ElGamal l gp i s bit ca p, m trong nhiu ng
dng ngi ta li mong mun c ch k di ngn, nn gii php
sa i c xut l: trong khi vn dng p ln vi di biu
din 512 bit tr ln, th s hn ch di ca v trong ch k
(, ) vo khong 160 bit (nh vy c ch k s c di khong
320 bit); iu ny c thc hin bng cch dng mt nhm con
cyclic
q
Z

ca
p
Z

thay cho chnh bn thn

p
Z

, do mi tnh ton
121
vn c thc hin nh trong
p
Z

nhng cc d liu v thnh phn

ch k li thuc
q
Z

. Ta c s chun ch k s DSS nh m
t sau y:
Chn p l mt s nguyn t ln c di biu din 512 bit
sao cho bi ton tnh logarit ri rc trong Z
p
l kh, q l mt c s
nguyn t ca p -1, c di biu din c 160 bit. Gi
p
Z

l mt
cn bc q ca 1 theo modp.
t P =
p
Z

, A =
q
Z

q
Z

. Chn
q
a Z

v tnh
a
modp.
Xc nh kho K =(K,K''), trong kho b mt K = a, v kho
cng khai K'' =(p,q,,). Thut ton k v thut ton kim th c
nh ngha nh sau: Vi x P =
p
Z

, ta chn thm mt s ngu

nhin k (0k q -1), v nh ngha ch k

' K
sig (x,k ) = ( , ), trong
(
k
= modp) modq,

1
( ). x a k

= + modq.
Thut ton kim th c nh ngha bi:

" K
ver (x, ( , ) ) = ng
1
( .
e e
2
modp)modq = ,
trong
1
1
. e x

= modq v
1
2
. e

= modq.
Ch rng ta phi c 0 modq c th tnh c
-1
modq
dng trong thut ton kim th, v vy nu chn k m c 0
modq th phi chn li s k khc c c 0 modq.

5.3. Hm bm v ch k.
5.3.1. Hm bm (hash function).
Trong cc phn trn, ta gii thiu mt vi s ch k
in t. Theo cc s , ch k c xc nh cho tng khi ca
vn bn, v nu vn bn gm nhiu khi th ch k cho ton vn
bn cng phi do ghp ch k trn tng khi li vi nhau m
thnh; m ch k trn tng khi vn bn thng c di bng
(hoc thm ch gp i) di ca khi vn bn, do ch k
chung cng c di tng ng vi di vn bn. l mt
iu bt tin. Ta mong mun, nh trong trng hp vit tay, ch
k ch c di ngn v hn ch cho d vn bn c th di bao
nhiu cng c. i vi ch k in t, v ch k phi c k
cho tng bit ca vn bn, nn mun c ch k di hn ch trn
vn bn c di tu th phi tm cch rt ngn di vn bn.
Nhng bn thn vn bn khng th rt ngn c, nn ch cn
cch l tm cho mi vn bn mt bn tm lc c di hn ch,
ri thay cho vic k trn ton b vn bn, ta k trn bn tm lc
122
, xem ch k trn bn tm lc c t cch l ch k trn vn bn.
Gi s l tp hp tt c cc vn bn c th c (tt nhin, trong mt
lnh vc no ), v l tp hp tt c cc bn tm lc c th
c s dng. Vic tm cho mi vn bn mt bn tm lc tng
ng xc nh mt hm h : . Mt hm h nh vy ngi ta gi
l mt hm bm (hash function). Thng thng, l tp hp cc
dy bit c di tu , v l tp hp cc dy bit c mt di n
c nh, nn ngi ta cng nh ngha hm bm l cc hm h :
vi cc tp hp v (tc cc hm h : { } { } 0,1 0,1
n
).
Dng hm bm h , ta xem z = h(x) l tm lc ca x , i
din cho x, v ta s xem ch k trn z l ch k trn vn bn x ; v z
c di hn ch, nn ch k trn x cng c di hn ch.
Mt vn c t ra l: vy hm h : phi tho mn
nhng iu kin g h(x) xng ng c xem l i din ca x
trong vic to lp ch k ? Hai iu kin sau y thng c
ngi ta xem l hai iu kin ch yu cho mt hm bm:
1. Hm bm phi l hm mt pha, ngha l cho x tnh z = h(x)
l vic d, nhng ngc li, bit z tnh x l vic cc kh (c th qui
c d hay kh theo ngha tnh c trong thi gian a thc hay
khng).
2. Hm bm phi l hm khng va chm mnh theo ngha sau
y: khng c thut ton tnh c trong thi gian a thc gii bi
ton tm x
1
v x
2
thuc sao cho x
1
x
2
v h (x
1
) =h (x
2
); ni cch
khc, tm hai vn bn khc nhau c cng mt i din l cc k
kh.
(Cn c mt khi nim khng va chm yu c nh ngha
nh sau: Cho x . Hm h l khng va chm yu i vi x nu rt
kh tm c , x x x v h ( x ) = h (x )).
Ta mong mun di ca ch k l ngn, tc l di ca
cc tm lc cng ngn. Nhng ngn bao nhiu l va? Ngn bao
nhiu th c th bo m tnh khng va chm mnh? V y ta
gp mt kiu tn cng, thng c gi l tn cng ngy sinh
c lin quan n kh nng va chm mnh, ni rng trong mt
nhm gm 23 ngi c chn mt cch ngu nhin th t nht c
hai ngi c cng ngy sinh (tc c va chm mnh!). Mt cch tng
qut, ngi ta chng minh c rng: Nu c tt c n bn tm lc,
v
1
2 ln ,
1
k n

th trong k vn bn c chn ngu nhin c

nht mt va chm mnh (tc c
t
x x v h ( x ) = h (x )) vi xc sut
.
123
Khi
1
2
= , ta c 1,17 k n . Trong trng hp ngy sinh, ta
c n =365, do 22,3 23. k
Tr li vi vn chn di (ca biu din nh phn) cho
cc tm lc, nu ta ly chng hn di 40 bit, th n = 2
40
, v do
t k 2
20
(khong mt triu) vn bn s c mt va chm mnh
vi xc sut 1/2, nh vy kh bo m c an ton. Nhng nu ta
ly d di ca bn tm lc l 128, tc n =2
128
, th va chm mnh c
th xy ra vi xc sut 1/2 khi s cc vn bn c th l k 2
64
, mt
con s kh ln (so vi s vn bn c th ny sinh trong thc t), do
hy vng tnh an ton s c bo m. C th v vy m trong
chun DSS ngi ta chn di ca cc tm lc l 160 bit.

5.3.2. Hm bm Chaum-van Heijst-Pfitzmann.
Di y ta s gii thiu mt th d c th v mt hm bm
c xy dng da trn tnh kh ca bi ton lgarit ri rc, do cc
tc gi Chaum, van Heijst v Pfitzmann xut nm 1992. Hm
bm c xy dng nh sau:
Gi s p l mt s nguyn t ln dng Sophie Germain, tc
c dng p = 2q +1, trong q cng l s nguyn t. Chn v l
hai phn t nguyn thu ca
p
Z

. Vic tnh log

, khi bit v ,
l rt kh. Hm bm { } :
q q p
h Z Z Z 0 c nh ngha nh sau:
vi mi
1 2
,
q
x x Z ta c

1
1 2
( , ) .
x x
h x x
2
= modp.
Ta gi hm bm h c nh ngha nh vy l hm bm
Chaum-van Heijst-Pfitzmann. Hm bm c cc tnh cht l hm
mt pha v khng va chm mnh nh yu cu i vi mt hm
bm. Tnh mt pha ca hm c suy ra t tnh mt pha ca
hm lgarit ri rc. Cn tnh khng va chm mnh ca h c
chng minh bi nh l sau y : Nu bit mt va chm mnh i
vi h th c th tnh c log

mt cch c hiu qu.

Gi s c mt va chm

1 2 3 4
( , ) ( , ), h x x h x x =
trong (x
1
,x
2
) (x
3
,x
4
). Nh vy ta c

3 1 2
.
x x x x
4
. (modp),
tc l

1 3 4 2
x x x x


(modp).
t d =gcd(x
4
- x
2
, p -1). V p -1 = 2q v q l s nguyn t, nn ta c
d {1,2,q, p -1}. Ta xt ln lt bn kh nng ca d.
Gi s d =1. Khi , t y = (x
4
- x
2
)
-1
mod(p -1), ta c
124
(modp)
4 2
( ) x x y

(modp),
1 3
( ) x x y

v ta c th tnh logarit ri rc log

nh sau :
log

= (x
1
- x
3
)(x
4
- x
2
)
-1
mod(p 1).
By gi gi s d = 2. V p -1 = 2q v q l s l, ta phi c
gcd(x
4
- x
2
, q) =1. Cng t y = (x
4
- x
2
)
-1
modq, ta c
(x
4
- x
2
)y = kq +1
vi k l mt s nguyn no , v ta c

4 2
( ) 1 x x y kq

+
(modp)
( 1)
k
(modp) (v (modp)) 1
q

(modp).
Nh vy ta c
(modp)
1 3 4 2
( ) ( ) x x y x x y

(modp).
T suy ra

1 3
log ( ) x x y

= mod(p -1)
hay l
1 3
log ( ) x x y

= +q mod(p -1).
C th th xc nh gi tr no trong hai gi tr ng l
log

.
By gi ta xt trrng hp d =q. V 0 x
2
, x
4
q -1, nn
-(q -1) x
4
- x
2
q -1.
Do khng th c gcd(x
4
- x
2
, p -1) = q, trng hp ny khng th
xy ra.
Cui cng l trng hp d = p -1. iu ny ch xy ra nu x
2

= x
4
. Nhng khi ta c

3 1 2 2
x x x x
(modp)

3 1
x x
(modp)
v x
1
=x
3
. Nh vy (x
1
, x
2
) = (x
3
, x
4
), mu thun vi gi thit. Vy
trng hp ny cng khng th xy ra. nh l ni trn c
chng minh. Hm bm Chaum-van Heijst-Pfitzmann l khng va
chm mnh.
Ch rng nu p c di biu din nh phn l t bit, tc Z
p

l tp con ca ={0,1}
t
, th q c di t -1 bit, v Z
q
Z
q
l tp con
ca = {0,1}
m
vi m =2(t -1). Hm bm h c nh ngha trn c
th xem l hm h : . Vi mc ch ch k, ta mun c nhng
hm bm h : vi l tp cc t c s bit hn ch, nhng li
l tp cc t c di tu . Mun vy, ta phi c kh nng m
rng hm bm; nh l sau y cho ta kh nng .


125
5.3.3. M rng hm bm.
By gi gi s h :
2
m
2
t
Z Z ( y Z
2
={0,1}) l mt hm bm
khng va chm mnh tho mn m t +1 (hm bm trong mc trn
tho mn iu kin ). Ta s dng h xy dng mt hm bm
nh sau :
2
:
t
h Z Z

2
Gi s x
2
Z

, ta ct x thnh cc on c cng di l bit,

trong l = m-t-1, nu on cui cng cha c l bit, th ta b
sung thm cc bit 0 cho , v ghi nh s b sung (chng hn
l d bit) ta thm cho x mt on cui x
k +1
l biu din nh phn l bit
ca s d . Nh vy mi x
2
Z

c vit li di dng
x = x
1
x
2
....x
k
x
k +1
,
trong vi mi i =1,2,...,k, k +1, x
i 2
l
Z (ta ch rng nu bit x
di dng ny ta s khi phc li c x dng gc ban u). Ta
nh ngha mt cch qui dy t g
1
, g
2
,..., g
k +1 2
t
Z v hm h

nh sau :
g
1
= h (0
t +1
x
1
),
g
i+1
=h (g
i
1x
i+1
) (i =1,...,k)
h

(x) = g
k+1
.
Nh vy, gi tr ca hm bm h

l mt t c di t bit.
Ngi ta chng minh c nh l sau y : Nu hm bm h c
tnh cht khng va chm mnh th hm bm m rng cng c
tnh ch khng va chm mnh.
h

t

5.3.4. Xy dng hm bm t cc h mt m.
C mt phng php chung xy dng hm bm l s
dng cc h mt m kho i xng. Gi s (P , C , K , E , D ) l mt h
mt m kho i xng m an ton c th nghim. tin
trnh by, ta c th gi thit rng P =C =K =
2
n
Z . Nn chn n kh
ln, c n 128 trnh kiu tn cng ngy sinh. Chng hn, c
th chn h mt m l h DES (c th vi nhng iu chnh cn
thit c di cc k t trong P , C , K thch hp). Xut pht t
hm lp mt m E ta xc nh mt hm f :
2
n
Z
2
n
Z
2
n
Z sao cho vi
mi (x ,y)
2
n
Z
2
n
Z , gi tr ca f(x, y) c tnh theo x, y v hm E .
By gi gi s cho x
2
Z

. Nh trong mc trn, ta c th vit

x di dng ghp ni lin tip ca k on k t, mi on c n bit :
x = x
1
x
2
....x
k
.
Tip , ta chn mt gi tr ban u g
0

2
n
Z , v xy dng tip
g
1
, g
2
,...,g
k
theo qui tc
126
g
i
= f (x
i
, g
i -1
) vi i =1,2,...,k.
V cui cng, ta nh ngha gi tr hm bm h (x ) = g
k
. Hm bm h
c nh ngha nh vy l mt hm nh x
2
Z

vo
2
n
Z ; trong
trng hp chung c th khng bo m tnh an ton, nhng ngi
ta chng t c rng n l an ton trong cc trng hp hm f
c chn nh sau:
f (x, y) =x E (y,x),
f (x, y) =x y E (y,x),
f (x, y) =x E (y,x y),
f (x, y) =x y E (y,x y) ,
trong l php cng mod2 tng cp bit mt ca hai t c s bit
bng nhau.

5.4. Mt s s ch k khc.
5.4.1. S ch k Rabin.
Tng t nh s ch k RSA, s ch k Rabin cng s
dng s nguyn n l tch ca hai s nguyn t ln p v q, n =p.q ,
vi hm mt pha y l hm ly bnh phng ca mt s
nguyn theo modn, c hm ngc l hm tm cn bc hai theo
modn, mt hm khng tnh c mt cch d dng nu khng bit
cc tha s p ,q ca n.
Nh vy, mt cch i th, s ch k Rabin c th c
m t l mt b

S = (P, A, K, S, V),

trong P= Q
n
, A = Z
n
, K l tp cc cp kho K =(K,K''), trong
K'' =n l kho cng khai dng kim th ch k,n l tch ca hai
s nguyn t ln p v q, n =p.q , vi p q 3 (mod4), cn K =d
vi d = (n -p -q +5)/8 l kho b mt dng k. Cc hm
' K
sig v
" K
ver c xc nh nh sau:

' K
sig (x) = x
d
modn ,

K
ver

(x,y ) =ng x y
2
(modn ).
Ta ch rng nu p v q c chn vi tnh cht ni trn th vi
mi x P =Q
n
, x
d
modn l mt cn bc hai ca x theo modn, v

( 1)( 1) 4 ( 1)( 1)
2 1
8 4
p q p q
x x x
+
+

2d
x (modn) ;
v cc hm
' K
sig v
" K
ver c nh ngha nh trn l hp thc.
Y tng c bn v mt s ch k Rabin ch n gin l
nh th, tuy nhin c mt s ch k dng c trong thc t,
127
ngi ta mun tp cc vn bn P khng hn ch trong Q
n
, m
rng ri hn, l Z
n
chng hn, nhng c nh vy, ta phi
dng thm mt hm R chuyn mt x P ban u v mt gi tr
m no c quan h gn gi vi mt thng d bc hai theo modn
s ch k theo tng ni trn c th vn hnh c.
thc hin c mt s ch k sa i nh vy, ngi ta s dng
mt b ton hc sau y:
B 5.4.1. Gi s p v q l cc s nguyn t khc nhau
cng ng d vi 3 theo mod4, v n = p.q. Khi ta c:
1) Nu gcd(x,n) =1, th
( 1)( 1)/2
1
p q
x

(modn)
2) Nu
n
x Q , th modn l mt cn bc hai ca x
theo modn.
( 5 n p q
x
+ )/8
3) Nu x l s nguyn c 1,
x
n

=


v d =(n -p -q +5)/8, th
2
x
d
modn =
, ,
, .
n
n
x khi x Q
n x khi x Q

4) Nu p q (mod8) th
2
1.
n

=


Do , nhn mt s
nguyn x bt k vi 2 hay vi 2
-1
modn u o ngc k
hiu Jacobi ca x.
Ngi c c th t chng minh ly b trn.
By gi mt s ch k Rabin sa i c th c xy dng nh
sau : Trc ht ta xc nh cho mi thc th tham gia mt cp kho
K =(K,K''), vi kho cng khai K =n, kho b mt K'' =(p,q) hay =d
=(n -p -q +5)/8,trong p v q l hai s nguyn t c tnh cht p
3(mod8) v q 7(mod8),n =p.q ;p v q c chn v gi b mt.
Thc th A c kho K =(K,K'') s to ch k trn mt vn
bn x (xZ
n
, x (n -6)/16) bng cc bc sau y :
a. Tnh m =R(x) =16x +6.
b. Tnh k hiu Jacobi .
m
J
n

=



c. Nu J =1 th tnh s =m
d
modn,
nu J = -1 th tnh s =(m/2)
d
modn.
d. s l ch k ca A trn x.
Vic kim th ch k s ca A bng cch dng kha cng
khai n c thc hin bi cc bc sau y:
a. Tnh m*=s
2
modn
b. Nu m* 6(mod8), th ly m =m*,
nu m* 3(mod8), th ly m =2m*,
nu m* 7(mod8), th ly m =n -m*,
128
nu m* 2(mod8), th ly m =2(n -m *).
c. Th iu kin m 6 (mod16), nu sai th bc b ch k.
d. Nu iu kin trn ng th ly x = R
-1
(m) = (m -6)/16.
(Theo nh ngha ca php kim th th ta c th vit iu d l:
thut ton kim th xc nhn s l ch k ca A trn vn bn x nu x
= R
-1
(m) = (m -6)/16).
Ta c th chng minh tnh hp thc ca cc thut ton k v
kim th nh sau: Cc bc to ch k b-c cho ta ch k Rabin ca
v =m hay v =m/2 tu theo k hiu Jacobi bng 1 hay khng. Theo
iu 4 ca b 5.4.1, c ng mt kh nng hoc m, hoc m/2 c
gi tr k hiu Jacobi bng 1. Gi tr v c k l 3 hoc 6
(mod8). Theo iu 3 ca b , s
2
modn =v hoc = n -v l tu
theo vQ
n
hay khng. V n 5 (mod8), c th xc nh mt cch
duy nht mt trong hai trng hp .
Th d: Gi th chn p =19, q =31, do n =589 v d =68. A c kho
cng khai n =589 v kho b mt d =68. Khng gian k gm cc gi
tr ca m ng vi cc gi tr x = 0,1,2,...,32,33 cng vi cc gi tr ca
k hiu Jacobi tng ng c cho bi bng sau y:

m

589
m




6 22 54 70 86 102 118 134 150
-1 1 -1 -1 1 1 1 1 -1

m

589
m



166 182 198 214 230 246 262 278 294
1 -1 1 1 1 1 -1 1 -1

m

589
m

326 358 374 390 406 422 438 454 470
-1 -1 -1 -1 -1 1 1 1 -1
m

589
m

486 502 518 534 550 566 582
-1 1 -1 -1 1 -1 1

Ta to ch k vi thng bo x =12. Tnh m = R(12) =198,
198
1,
589
m
n

=


= v s = 198
68
mod589 = 102. Ch k l s =102.
Dng thut ton kim th ta c: m* = s
2
modn = 102
2
mod589
=391. V m* 7 (mod8), ta ly m =n -m*= 589-391=198. Cui cng,
tnh x = R
-1
(m) = (198-6)/16 =12, v ch k c xc nhn.

129
5.4.2. S ch k Fiat-Shamir.
Mi s ch k Fiat-Shamir s dng mt hm bm h :
2
k
2
Z Z

,bin mi dy k t nh phn x di tu thnh mt dy

c di k bit, c gi l tm lc ca x .
Mi thc th A to cho mnh cp kho K =(K,K'') bng cch:
chn hai s nguyn t khc nhau p v q, v t n =p.q ; sau chn
ngu nhin k s nguyn khc nhau s
1
,..., s
k

n
Z

, v tnh vi mi j
(1 j k)
2
j j
v s

= modn. Xc nh kho b mt K l b k (s
1
,..., s
k
),
v kho cng khai K'' l gm b k (v
1
,...,v
k
) v muyn n.
Ly P =
2
Z

, A =
2
k
n
Z Z , v xc nh cc thut ton k v
kim th nh sau:
to ch k trn vn bn x P =
2
Z

, A chn ngu nhin

mt s nguyn dng r Z
n
, tnh u =r
2
modn , tnh e =(e
1
,..., e
k
) =
h(x u), trong x u l dy k t nh phn thu c bng cch
ni ghp biu din nh phn ca s u tip sau biu din nh phn
ca s x. Ch k ca A trn x c nh ngha l (e,s ), trong


1
.
j
k
e
j
j
s r s
=
=

modn.
kim th (e,s ) c ng l ch k ca A trn x hay khng,
ta dng kho cng khai (v
1
,...,v
k
) v muyn n tnh

2
1
.
j
k
e
j
j
w s v
=
=

modn ,
ri tnh e = h(x w); v xc nhn (e,s ) ng l ch k ca A trn x
khi v ch khi e = e .

D chng minh rng nu (e,s ) l ch k ca A trn x th

e = e, v ngc li, tc cc thut ton k v kim th xc nh nh
trn l hp thc.

5.4.3. S ch k Schnorr.
S ch k Schnorr cng c xy dng tng t nh s
Fiat-Shamir, nhng y ta dng mt hm bm mt pha da
trn bi ton kh tnh lgarit ri rc.
Mi thc th A to cho mnh cp kho K =(K,K'') bng cch:
Chn mt s nguyn t ln p, mt s nguyn t q l c s ca
p -1, mt phn t cp q ca
p
Z

, v mt s a , 1 a q -1. Gi K=a
l kho b mt , v cng b kho cng khai K'' =(p,q,,r), trong r
=
a
modp.
Chn mt hm bm h :
2 q
Z Z

. Ly P =
2
Z

v A =
q q
Z Z .
130
k trn mt thng bo x P =
2
Z

A chn thm mt s
ngu nhin k Z
q
v tnh y =
k
modp, e = v s =ae+k
modq. Ch k ca A trn x c xc nh l cp s (s, e).
( ) h x y
kim th xem cp s (s, e) c ng l ch k ca A trn x
hay khng, ta dng kho cng khai K'' =(p,q,,r) tnh

s e
v r

= modp v ( ) e h x v = ,
v xc nhn (s, e) ng l ch k ca A trn x khi v ch khi . e e =
Ta c th chng minh rng cc thut ton k v kim th xc
nh nh y l hp thc. Thc vy, nu ch k(s, e) c k bi A
trn x, th

s e
v r

= modp =
s ae

modp =
k
modp =y,
do = =e. Ngc li, cng d chng t rng
nu th (s, e) ng l ch k ca A trn x.
( ) e h x v = ( h x y )
e e =

5.5.Ch k khng ph nh c v khng chi b c
5.5.1. t vn . Trong cc phn trc ta trnh by
mt vi s ch k in t ; trong cc s , vic kim th tnh
ng n ca ch kl do ngi nhn thc hin. Nh vy, c vn
bn cng ch k c th c sao chp v tn pht cho nhiu ngi
m khng c php ca ngi gi. trnh kh nng , ngi
ta a ra cc s ch k khng ph nh c vi mt yu cu
l ch k khng th c kim th nu khng c s hp tc ca
ngi k. S hp tc c thc hin thng qua mt giao thc
mi hi v tr li gia ngi nhn v ngi gi (cng l ngi k),
gi l giao thc kim th. Khi ch k i hi c xc nhn bng
mt giao thc kim th th mt vn khc li ny sinh l lm th
no ngn cn ngi k chi b mt ch k m anh ta k bng
cch tuyn b rng ch k l gi mo? p ng yu cu ,
cn c thm mt giao thc chi b, thng qua giao thc ny ngi
k c th chng minh mt ch k khng phi ca mnh ng thc
l gi mo. Nu anh ta t chi khng tham gia giao thc th c
bng chng chng t rng anh ta khng chng minh c l
ch k gi mo, tc khng chi b c ch k ca mnh!
Nh vy, mt s ch k khng ph nh c s gm ba
phn : mt thut ton k, mt giao thc kim th v mt giao thc
chi b.
5.5.2. S ch k Chaum-van Antverpen.
S ch k khng ph nh c u tin c Chaum v
van Antverpen xut nm 1989. Mt ch th A chn mt s
nguyn t dng Sophie Germain p =2q +1, trong q cng l s
131
nguyn t; chn
p
Z

l mt phn t cp q . Gi G l nhm con
(theo php nhn) cp q sinh bi ca
p
Z

. S ch k Chaum -
van Antverpen ca A gm c: P =A =G, cp kho K =(K,K'') gm
c kho b mt K = a v kho cng khai K'' =(p,, a, ), trong
l mt s nguyn dng < p -1, v =
a
modp.
Thut ton k: A k trn vn bn x P =G vi ch k
y = ( )
a
K
sig x x

= modp.
Giao thc kim th : Vi vn bn x v ch k y ngi nhn B cng
ngi k A thc hin giao thc kim th sau y:
1. B chn ngu nhin hai s
1 2
, ,
q
e e Z

tnh
1
.
e e
c y
2
= modp
v gi c cho A,
2. A tnh
1
a
d c

=
q mod
modp v gi d cho B.
3. B chp nhn y l ch k ca A trn x nu
1 2
. mod
e e
d x p .
Giao thc chi b: gm cc bc sau y:
1. B chn ngu nhin hai s
1 2
, ,
q
e e Z

tnh
1
.
e e
c y
2
= modp v
gi c cho A,
2. A tnh
1
a
d c

=
q mod
modp v gi d cho B,
3. B th iu kin d
1 2
. (mod
e e
x p . )
4.B chn tip hai s
1 2
, ,
q
f f Z

tnh
1
.
2
f f
C y = modp v gi C
cho A,
5. A tnh
1
mod a
D C

=
q
modp v gi D cho B,
6. B th iu kin D .
1 2
. (mod
f f
x p)
)

7. B kt lun y l ch k gi mo, nu
(modp).
2 1 2 1
( ) (
e f f e
d D

5.5.3. Tnh hp thc ca cc giao thc.

Ta s chng minh hai nh l sau y chng t tnh hp
thc ca cc giao thc kim th v chi b ca s ch k
Chaum-van Antverpen.
nh l 5.5.1. a)Nu y ng l ch k ca A trn x, tc y
x
a
modp,th vic B chp nhn y l ch k ca A trn x theo giao
thc kim th l ng.
b) Nu y x
a
(modp), tc y khng phi l ch k ca A trn
x, th vic B, theo giao thc kim th, chp nhn y l ch k ca A
trn x, c th xy ra vi xc sut 1/q.
Chng minh. a) Gi s y x
a
modp. Khi ,
(ch rng tt c cc s m u c tnh theo modq). Ta cng c
1
(mod .
a
y x

p)
132
1
(mod .
a

p) Do ,

1 1 1
1 2 1
e a e a e e a
d c y x
2


(modp),
v theo giao thc kim th, B chp nhn y l ch k ca A trn x,
vic chp nhn l ng.
b)By gi gi th y x
a
(modp). Trc ht ta ch rng mi
li mi hi c tng ng vi ng q cp (e
1
, e
2
), v y v l cc phn
t ca nhm nhn G cp q. Khi A nhn c cu hi c , A khng c
cch g bit l B dng cp (e
1
, e
2
) no trong q cp c th . Ta
chng minh rng, do y x
a
(modp), nn trong q cp ch c ng
mt cp tho mn ng d thc
1 2
e e
d x (modp). Thc vy, ta c
th t , , ,
i j k
c d x y
l
= = = = vi i, j, k, l Z
q
,v l phn t
sinh ca G ,v hai ng d thc v
1 2
(
e e
c y p mod )
1 2
e e
d x (modp) tng ng vi hai phng trnh

1 2
1 2
(
(
i le ae
e e
+
+
q
j k q .

mod )
mod )
)

)
)
)
T gi thit y x
a
(modp) suy ra l ak 0 (modq), tc nh thc ca
h phng trnh ni trn (vi cc n s e
1
, e
2
) l 0 (modq). Nh
vy, mi d G l cu tr li ng (theo giao thc kim th) ch vi
mt cp (e
1
, e
2
) trong q cp c th. V vy, nu y x
a
(modp) , th
xc sut B chp nhn y l ch k ca A trn x (theo giao thc) l
bng 1/q. nh l c chng minh.

i vi giao thc chi b, ta c nh l sau y :
nh l 5.5.2. a) Nu y x
a
(modp), v c A,B u tun
theo giao thc chi b, th (modp), tc giao thc
cho kt qu chnh xc.
2 1 2 1
( ) (
e f f e
d D

b) Nu y x
a
modp, A v B u tun theo giao thc, v c
d .
1 2
. (mod
e e
x p
D .
1 2
. (mod
f f
x p
Khi , ng d thc (modp) ng vi xc sut
1/q , tc nu y ng l ch k ca A trn x, th theo giao thc, B c
th kt lun rng n l gi mo (mt cch sai lm) vi xc sut 1/q.
2 1 2 1
( ) (
e f f e
d D

Chng minh. a) Gi th y (mod

a
x p) , v A,B cng thc
hin giao thc chi b. Do y khng l ch k ca A trn x nn B s
kim th ng cc bt ng d thc trong cc bc 3 v 6 ca giao
thc. V
a
(modp), nn ta c
(modp)
1
2 1 1 2 2 1
( ) (( )
e f e e e f a
d y

)
133
(modp)
1 1
1 1 2 1 2 1
a e f e a f e f
y

(modp).
1
1 1
e a f
y

Tng t, ta cng c

1
2 1 1 1
( )
f e e a
D y

f
(modp).
Nh vy, ng d thc im 7 ca giao thc c nghim ng,
v kt lun y l ch k gi mo ca A trn x l chnh xc, khng th
bc b c.
b) By gi gi thit
a
y x (modp), v A, B cng thc hin
giao thc chi b. t modp , ta c
1 2
1/ /
0
e e e
x d

=
1
/ /
0
.
a e ae e a
x d

1 2 1 2 1
/ /
( )
e e a e ae e a

1 2 1
x x y

(modp).
Theo im b) trong nh l 5.5.1, B c th chp nhn y l ch k ca
A trn x
0
, tc l c ng d thc

1 2
0
f f
D x (modp),
vi xc sut 1/q. Nhng ng d thc tng ng vi ng
d thc
(modp),
2 1 2 1
( ) (
e f f e
d D

tc ng d thc ny cng c th xy ra vi xc sut 1/q. nh l

c chng minh.
Ta ch rng trong giao thc chi b, cp (e
1
, e
2
) c s
dng to ra x
0
vi
0
a
x y(modp); cn cp (f
1
, f
2
) c dng
kim th xem y c l ch k ca A trn x
0
hay khng.

Th d minh ho. Chn p = 467, q =233 (p = 2q +1), =4 l
phn t sinh ca mt nhm con G cp 233 ca
467
Z

. Chn a =101,
khi ta c =
a
modp = 4
101
mod467 =449.
A c cp kho K =(K,K'') vi K =101, v K'' =(467, 4, 449).
Gi th A k trn vn bn x =119 vi ch k
y = 119
101
mod467 =129.
1)B c th dng giao thc kim th bit y c ng l ch
k ca A trn x hay khng nh sau: B chn ngu nhin e
1
=38,
e
2
=397, v tnh c =13; A s tr li li bng d =9. B th iu kin
,
1 2
. mod
e e
d x p
tc l 9 119
38
.4
397
(mod467).
ng d thc ng. B chp nhn 129 ng l ch k ca A trn
vn bn 119.
2) By gi ta th thc hin giao thc chi b. Gi th A gi
vn bn x =286 vi ch k y = 83. B chn ngu nhin e
1
=45, e
2
=237,
ri tnh c =305 v gi cho A; A tr li li bng d =109. B th iu
kin d , iu kin c tho mn v
1 2
. (mod
e e
x p)
134
109149(=286
45
.4
237
mod467). B li tip tc phn sau ca giao thc
bng cch chn ngu nhin f
1
=125, f
2
=9, v tnh C =270, gi cho A,
A tr li li bng D =68. B li th iu kin D , iu
kin ny cng c tho mn v 6825(=286
1 2
. (mod
f f
x p)
125
.4
9
mod467). By gi B
li th iu kin cui cng ca giao thc bng cch tnh

2 1
2 1
237) 125
9 45
( ) (109.4 ) 188(mod467)
( ) (68.4 ) 188(mod467)
e f
f e
d
D

Hai gi tr bng nhau. B c th kt lun y khng phi l ch k
ca A trn x vi xc sut sai lm l 1/233!
Th d ny c trnh by vi mc ch minh ho, nn ch
s dng cc s nguyn t p, q b cho d tnh. Trong thc t ng
dng, bo m tnh an ton, ta phi dng cc s p, q rt ln,
chng hn phi l cc s c biu din nh phn c 512 bit, khi ta
c q 2
510
, tc l 1/q 2
-510
, mt xc sut rt b, c th b qua; v v
vy, cc yu cu i vi cc giao thc kim th v giao thc chi b
nh cp n trong phn t vn (5.5.1) c th xem l c
tho mn.
135




CHNG VI

Cc s xng danh v
xc nhn danh tnh

6.1. Vn xng danh.
Trong chng trc ta thy cc k thut mt m c th
c ng dng xy dng nhiu gii php an ton cho vn
xc nhn cc thng bo cng vi ngi gi trn cc mng truyn
tin cng cng. Trong chng ny ta s xt vic ng dng cng cc
k thut cho bi ton xy dng cc s xng danh v xc nhn
danh tnh, cng l mt bi ton quan trng v thng gp trong
mi hot ng giao lu thng tin, c bit giao lu qua mng. Vic
xng danh v xc nhn danh tnh ca mt ngi thng l cn
thit trong nhng tnh hung nh:
- rt tin t cc my rt tin t ng (ATM), ta cn xng
danh bng cch dng mt th rt tin cng vi mt s PIN (s
xng danh c nhn) ca mnh
- mua hng hoc thanh ton mt khon tin qua mng
in thoi, ta cn thng bo s th tn dng (cng ngy ht hn)
ca mnh.
- truy nhp vo mt my tnh trn mt mng, ta cn khai
bo tn ngi dng cng mt hiu (password) ca mnh.
- v.v...
Trong thc t cuc sng, vic xng danh theo thi quen
thng khng i hi tnh an ton, chng hn cc s PIN, mt khu
thng khng c g bo m l c gi kn, ngi ngoi khng
bit c. Tuy nhin, cuc sng cng ngy cng c tin hc ho,
phn ln cc giao dch c thc hin trn cc mng tin hc, vic
xem thng cc yu cu v an ton trong cc khu xng danh v
xc nhn danh tnh l khng th tip tc c; cn phi c nhng
gii php bo m tnh an ton cho cc hot ng .
Mc tiu an ton ca vic xng danh l bo m sao cho khi
nghe mt ch th A xng danh vi mt ch th B, bt k mt ai
136
khc A cng khng th sau mo mhn mnh l A, k c chnh B
cng khng th mo xng mnh l A sau khi c A xng danh vi
mnh. Ni cch khc, A mun chng minh c i tc xc
nhn danh tnh ca mnh m khng l bt c thng tin no v
vic chng minh danh tnh .
Vic xng danh thng phi thng qua mt giao thc hi-
p no , qua giao thc , B c th xc nhn danh tnh ca
A, B t cho A mt cu hi; A phi tr li, trong tr li A phi
chng t cho B bit l A c s hu mt b mt ring A mi c, iu
thuyt phc B tin chc rng ngi tr li ng l A v do xc
nhn danh tnh ca A. Vn kh y l A phi lm cho B bit l
A c s hu mt b mt ch ring A mi c, nhng li khng c
l cho B bit ci b mt ring A mi c l ci g. Mt khc,
cho vic A c s hu mt b mt ca ring A l ng tin (d l
khng bit) th cn c chng thc bi mt bn th ba no
,chng hn bi mt c quan c u thc (trusted authority). Tt
nhin c quan c u thc ny cng khng bit bn thn b mt
ca A, nhng bit v chng nhn A l ch s hu ca mt yu t
cng khai m vic A s dng n chng t A c ci b mt ni trn.
Trong tit ngay sau y ta s gii thiu mt s xng danh
in hnh minh ho cc tng ni trn.

6.2. S xng danh Schnorr.
Trong s xng danh ny c s tham gia ca mt c quan
c u thc m ta k hiu l TA. TA s chn cc tham s cho s
xng danh nh sau:
- mt s nguyn t ln p sao cho bi ton tnh lgarit ri rc
theo modp l rt kh; v mt c s nguyn t q ca p -1 (ngi ta
khuyn nn chn p 2
512
v q 2
140
).
- mt phn t
p
Z

c cp q (mt phn t nh vy c th
ly l mt lu tha bc (p -1)/q ca mt phn t nguyn thu theo
modp.
- mt tham s an ton t sao cho q 2
t
. C th ly t =40.
- TA chn cho mnh mt s ch k gm mt thut ton
k(b mt) sig
TA
v mt thut ton kim th (cng khai)ver
TA
.
- mt hm bm an ton (mt pha v khng va chm mnh).
Ta gi thit l mi thng tin u c tm lc bi hm bm
trc khi c k; tuy nhin trong m t sau y cho n gin
ta s b qua cc bc s dng hm bm.
Cc tham s p, q, , thut ton kim th ver
TA
v hm bm
u c th c cng b cng khai.
137
By gi, mt ch th A cn xng danh s yu cu TA cp
cho mnh mt chng ch. Th tc cp chng ch cho A c tin
hnh nh sau:
1.TA xc lp cc thng tin v danh tnh ca A nh h,tn,
ngy sinh, s chng minh hoc h chiu, v.v... di dng mt dy
k t m ta k hiu l I
A
hay ID(A).
2. A chn b mt mt s ngu nhin a (0 a q-1), tnh
mod
a
v

= p
v chuyn s v cho TA.
3. TA to ch k s =sig
TA
(I
A
, v) v cp cho A chng ch
C(A) = (ID(A), v, s ).
Nh vy, chng ch m TA cp cho A gm (I
A
, v) v ch k ca TA
trn thng tin (I
A
, v) . Ch rng TA cp chng ch cho A m
hon ton khng bit g v thng tin b mt ca A l s a.
By gi, vi chng ch C(A) , A c th xng danh vi bt
k i tc B no bng cch cng B thc hin mt giao thc xc nhn
danh tnh nh sau:
1. A chn thm mt s ngu nhin k (0 k q-1), tnh
k
= p mod ,
v gi cho B cc thng tin C(A) v .
2. B kim th ch k ca TA trong chng ch C(A) bi h
thc ver
TA
(ID(A), v, s) =ng. Kim th xong, B chn mt s ngu
nhin r (1 r 2
t
) v gi r cho A.
3. A tnh y =k +ar modq v gi y cho B.
4. B th iu kin
y r
v (modp)
v nu iu kin c tho mn th xc nhn danh tnh ca A.
Thc hin giao thc , A s chng minh c danh tnh
ca mnh, v

y r k ar r k ar ar k
v v
+ +
(modp)
(modp),
tc iu kin m B cn th l ng.
S xng danh cng vi giao thc xc nhn danh tnh nh
m t trn c cc tnh cht p ng cc yu cu nh ra t phn
t vn tit 6.1. iu va chng minh trn chng t rng
nu A tun th giao thc th B xc nhn danh tnh ca A l ng (B
tin rng A qu thc c s hu mt b mt a, d B cng khng bit
ci b mt a l s no).
By gi ta xt kh nng mt ngi O mun gi danh A
giao dch vi B. Kh nng th nht l O to ra mt chng ch gi
mo vi danh tnh ca A, mt chng ch nh vy c dng
138
C(A) = (ID(A), v , s),
trong v v. to ra mt chng ch nh vy th O phi to ra
c s l ch k ca TA trn (ID(A), v ), O khng bit thut ton
k sig
TA
nn khng th to ra ch k ng ca TA c, v nu ly
s l mt ch k gi mo, th khi thc hin im 2 ca giao thc xc
nhn danh tnh th no B cng pht hin ra. Kh nng th hai l O
vn dng chng ch tht C(A) ca A, t chn mt s k v tnh s
tng ng theo im 1 ca giao thc xc nhn danh tnh. Vn
y l khi B gi n s r , O phi tr li li bng mt s y sao cho
iu kin (modp) c nghim ng. iu ny xem ra l
rt kh, t nht cng kh nh l O bit b mt v s a ca A vy.
Thc vy, gi s O c kh nng ni trn, khi ta cho hai ln hi r
y r
v
1

v r
2
O s c hai tr li y
1
v y
2
, v ta c

1 1 2 2
mod )
y r y r
v v p ( ,
t suy ra
modp).
1 2 2 1
(
y y r r
v

V v =
-a
, ta c
y
1
y
2
a(r
2
r
1
) (modq).
V q l s nguyn t > 2
t
v 0< r
2
- r
1
< 2
t
, nn gcd(r
2
- r
1
, q) =1, v
O c th tnh c
1
1 2 2 1
( )( a y y r r )

= modq .
Th d : Ly p =88667, q = 1031 v t =10. Phn t = 70322 c cp q
trong
p
Z

. Gi s A chn s m b mt l a = 755, khi v = 13136.

A v B c th thc hin giao thc xc nh danh tnh nh sau: A
chn k = 543, v tnh =70322
543
mod88667 =84109 ri gi cho B.
Gi s B gi r =1000 cho A, A tr li li bng y =k +ar modq =
=543+755.1000mod1031 = 851. B th iu kin (modp),
trong trng hp ny l:
y r
v
84109 70322
851
13136
1000
(mod 88667),
l ng d thc ng. B xc nhn danh tnh ca A.
By gi vn vi cc tham s trn, gi thit O c kh nng tr
li ng hai cu hi r
1
=1000 v r
2
=19 ca B bng y
1
=851 v y
2
=454.
Khi O c th tnh c

1
1 2 2 1
( )( a y y r r )

= modq
= (851-454)(19-1000)
-1
mod1031 = 755,
ng l s b mt ca A.
S xng danh Schnorr, vi giao thc xc nhn danh tnh
nh nh ngha trn, l c tnh cht y (vic c b mt a bo
m A chng minh c danh tnh ca mnh), v ng n ( vic
gi danh A thnh cng cng kh nh bit b mt ca A); tuy nhin
nh va trnh by trong th d trn, s cha phi l an ton,
139
vic gi danh l kh nu O khng h bit g v s xng danh ,
ch nu, chng hn, O c A xng danh vi t nht hai ln (tc
hai ln bit c hai cp s (r
1
, y
1
) v (r
2
, y
2
)) th c kh nng O pht
hin c b mt ca A, nh vy vic xng danh ca A khng cn
an ton na!
khc phc im yu ca s Schnorr, Okamoto
xut mt sa i lm cho s tr nn an ton, sa i ny da
trn tnh kh ca mt bi ton c bit v tnh lgarit ri rc. Ta
trnh by trong tit sau y s c sa i .

6.3. S xng danh Okamoto.
Cng nh i vi s Schnorr, s xng danh Okamoto
cn c mt c quan u thc TA cp chng ch cho cc ngi
tham gia.
TA ch trc cc s nguyn t p v q nh i vi s
Schnorr. Sau , TA chn hai s
1 2
, ,
p
Z

cng c cp q . Gi tr
1
2
log c

= (tc gi tr c sao cho
1
c
2
= ) c gi tuyt mt i
vi mi ngi tham gia, k c A; ni cch khc, ta gi thit rng
vic tnh ra c l cc k kh i vi bt k ai (chng hn, A,O, hoc
thm ch lin minh ca A v O,...).
Th tc cp chng ch cho A c tin hnh nh sau:
1. TA xc lp cc thng tin v danh tnh ca A di dng
mt dy k t m ta k hiu l I
A
hay ID(A).
2. A chn b mt hai s ngu nhin a
1
, a
2
(0 a
1
, a
2
q-1), tnh

1 2
1 2
mod
a a
v

= p ,
v chuyn s v cho TA.
3. TA to ch k s =sig
TA
(I
A
, v) v cp cho A chng ch
C(A) = (ID(A), v, s ).
By gi, vi chng ch C(A) , A c th xng danh vi bt
k i tc B no bng cch cng B thc hin mt giao thc xc nhn
danh tnh nh sau:
1. A chn thm hai s ngu nhin k
1
,k
2
(0 k
1
,k
2
q-1), tnh
1 2
1 2
k k
= p mod ,
v gi cho B cc thng tin C(A) v .
2. B kim th ch k ca TA trong chng ch C(A) bi h
thc ver
TA
(ID(A), v, s) =ng. Kim th xong, B chn mt s ngu
nhin r (1 r 2
t
) v gi r cho A.
3. A tnh y
1
=k
1
+a
1
r modq ,
y
2
=k
2
+a
2
r modq ,
v gi y
1
,y
2
cho B.
4. B th iu kin
140
1 2
1 2
y y r
v (modp)
v nu iu kin c tho mn th xc nhn danh tnh ca A.
Thc hin giao thc , A s chng minh c danh tnh
ca mnh, v
(modp)
1 2 1 1 2 2 1 2
1 2 1 2 1 2
y y k a r k a r a r a r r
v
+ +

1 2
1 2
k k
(modp)
(modp)
tc iu kin m B cn th l ng. Nh vy, do bit cp s b mt
(a
1
, a
2
), nn A c th thc hin thng sut giao thc xc nhn
chng minh danh tnh ca mnh.
Ngc li, mt ngi khc A, do khng bit cp s b mt
(a
1
, a
2
), nn kh c kh nng tnh ng c (y
1
,y
2
) tr li B
bc 3 ca giao thc, tc l khng vt qua c s kim th ca
giao thc mo nhn mnh l A.
By gi gi s c mt ngi O c th thc hin thng sut
giao thc xc nhn c th c mo nhn l A, chng hn t nht
hai ln. iu c ngha l O bit c hai s r s v hai cp s
(y
1
,y
2
), (z
1
,z
2
) sao cho
(modp).
1 2 1 2
1 2 1 2
y y z z r
v
s
v
t

1
1 1 1
1
2 2
( )( ) mod
( )( )
b y z r s
y z r s

=
=
2
q,
b q mod ,

ta s c

1
1 2
b b
v
2


(modp),
do

1 2 1
1 2 1 2
b b a a
2


(modp),
tc l

1
1 2
1 2
a b
b a

(modp).
Gi thit rng O v A lin minh vi nhau, khi bit c c cc s
a
1
, a
2
, b
1
, b
2
. Nu gi thit (a
1
, a
2
) (b
1
, b
2
) th a
2
b
2
, v
(b
2
- a
2
)
-1
modq tn ti, v lgarit ri rc c c tnh bi

1
1
2 1 1 2 2
log ( )( ) c a b b

a

= = modq.
Nh vy, nu O c th thc hin thng sut giao thc xc nhn
c mo nhn l A th khi O v A lin minh vi nhau c th tm
c kh d dng lgarit ri rc c. Nhng t u ta gi thit
vic tm ra c l cc k kh i vi bt k ai (l A, l O, thm ch l
lin minh ca A v O,...), nn cng s cc k kh O thc hin
c thng sut giao thc xc nhn vi mc ch mo xng l A.
Vy l ta chng minh c tnh an ton ca s xng danh
141
Okamoto vi giao thc xc nhn danh tnh nh m t trn. Trong
chng minh cn mt s ch tinh t cn uc b sung thm,
chng hn nh v sao c th gi thit (a
1
, a
2
) (b
1
, b
2
), thc ra ngi
ta chng minh c rng xc sut ca kh nng (a
1
, a
2
) = (b
1
, b
2
)
l rt b, khng ng k. Tuy nhin, n gin trnh by, xin
php c b qua mt vi chi tit chng minh tinh t .

6.4. S xng danh Guillou-Quisquater.
S Guillou-Quisquater cng c xy dng theo cng
mt cch thc nh cc s Schnorr v Okamoto k trn, nhng
bi ton kh m ta da vo y khng phi l bi ton tnh
lgarit ri rc m l bi ton RSA.
S cng cn c s tham gia ca mt c quan u thc TA
cp chng ch cho cc ngi tham gia. TA chn hai s nguyn t
ln p v q v tnh tch n =pq, gi b mt p ,q v cng khai n. Cc
tham s c chn sao cho bi ton phn tch n thnh tha s l
rt kh. TA cng chn thm mt s b l s nguyn t c ln
khong 2
40
nh l mt tham s an ton. S b cng c xem l s
m tho mn iu kin RSA, ngha l vic tnh v =u
b
modn l d,
nhng vic tnh ngc u t v l rt kh, nu khng bit p,q.
Th tc cp chng ch cho mt ngi tham gia A c tin
hnh nh sau:
1.TA xc lp cc thng tin v danh tnh ca A di dng mt
dy k t m ta k hiu l I
A
hay ID(A).
2. A chn b mt mt s ngu nhin u (0 u n-1), tnh
,
1
( ) mod
b
v n

= u
v chuyn s v cho TA.
3. TA to ch k s =sig
TA
(I
A
, v) v cp cho A chng ch
C(A) = (ID(A), v, s ).
Nh vy, chng ch m TA cp cho A gm (I
A
, v) v ch k ca TA
trn thng tin (I
A
, v) . Ch rng TA cp chng ch cho A m c
th khng bit g v thng tin b mt ca A l s u.
By gi, vi chng ch C(A) , A c th xng danh vi bt
k i tc B no bng cch cng B thc hin mt giao thc xc nhn
danh tnh nh sau:
1. A chn thm mt s ngu nhin k (0 k n-1), tnh
b
k = n mod ,
v gi cho B cc thng tin C(A) v .
2. B kim th ch k ca TA trong chng ch C(A) bi h
thc ver
TA
(ID(A), v, s) =ng. Kim th xong, B chn mt s ngu
nhin r (1 r b -1 ) v gi r cho A.
142
3. A tnh y =k.u
r
modn v gi y cho B.
4. B th iu kin
r b
v y (modn)
v nu iu kin c tho mn th xc nhn danh tnh ca A.
Cng nh cc trng hp trc, vic chng minh tnh y
ca s l rt n gin:

( ) ( ) (mod )
(mod )
(mod ).
r b b r r b
br b br
b
v y k
k
k

u u
u u n
n
n
Mt ngi khc A, do khng bit s b mt u , nn khng th
tnh ng c s y bc 3 ca giao thc c B xc nhn
(nh l A) bc 4, tc khng th mo nhn mnh l A; l tnh
ng n ca s .
Gi s c mt ngi O c th thc hin thng sut giao thc
xc nhn c th c mo nhn l A, chng hn t nht hai ln.
iu c ngha l O bit c hai s r
1
r
2
v hai s y
1
, y
2
sao cho

1 2
1 2
(mod )
r r b b
v y v y n .
Gi thit r
1
> r
2
, khi ta c

1 2
2 1
( / ) (mod )
r r b
v y y

. n
Do 0< r
1
-r
2
< b v b l s nguyn t nn gcd(r
1
-r
2
, b) =1, c th tnh
c d dng t =(r
1
-r
2
)
-1
modb , v c
(modn).
1 2
( )
2 1
( / )
r r t bt
v y y

Do t =(r
1
-r
2
)
-1
modb nn ta c
(r
1
-r
2
)t =lb +1
vi l l mt s nguyn dng no , v vy,
(modn),
1
2 1
( / )
lb bt
v y y
+

hay l
(modn).
1
2 1
( / ) ( )
bt lb
v y y v

Nng c hai v ln lu tha bc b

-1
mod (n), ta c

1 1
2 1
( / ) ( ) (mod ).
t l
y y v

u n
cui cng, tnh nghch o ca hai v theo modn ta c
u = modn .
1 2
( / )
t l
y y v
Nh vy, O tnh c s b mt u trong thi gian a thc! Theo gi
thit, iu khng th xy ra, v vy, gi thit v vic O c th
thc hin thng sut giao thc xc nhn c mo nhn danh
tnh l A l khng ng; s xng danh c chng minh l an
ton.
143
Th d: Gi s TA chn p =467, q =479, nh vy n =223693, TA
cng chn thm b =503.
Gi s A chn s b mt u =101576, v tnh
v =(101576
-1
)
503
mod223693
= 89888.
TA to ch k s =sig
TA
(ID(A), v) v cp cho A chng ch
C(A) = (ID(A),v,s).
Gi thit A mun xng danh vi B, A chn k =187485, v gi
cho B gi tr =187485
503
mod223693 =24412. B dng thut ton
kim th ver
TA
th iu kin ver
TA
(ID(A),v,s) = ng, sau gi
n A cu hi r = 375. A s tr li li bng
y =187485.101576
375
mod223693
= 93725.
B th iu kin (modn), trong trng hp ny l
r b
v y
24412 89888
375
. 93725
503
(mod 223693),
ng d thc ng. Vy B xc nhn danh tnh ca A.
By gi ta li gi thit l O bit c hai s r
1
=401, r
2
=375 v
cc s tng ng y
1
=103386 v y
2
=93725. O bit rng
v
401
.103386
b
v
375
. 93725
b
(modn).
O s tnh
t =(r
1
- r
2
)
-1
modb = (401-375)
-1
mod503 =445,
sau tnh c

1 2
( ) 1 (401 375)445 1
23
503
r r t
l
b

= = = .
Cui cng, O s tm c gi tr b mt u l
modn
1 2
( / )
t l
y y v = u
= (103386/93725)
445
.89888
23
mod 223693
= 101576,
l s b mt ca A.
Ch : S xng danh Guillou-Quisquater, cng nh cc s
Schnorr v Okamoto trc , u cn c chng ch ca TA cho
mi ngi tham gia. Ta c th thay i cht t bin s xng
danh thnh mt s xng danh da vo danh tnh m khng
cn c chng ch nh sau: S dng mt hm bm cng khai h ,
v thay cho vic cp chng ch C(A) cho ngi tham gia A, TA s
cp cho A danh tnh ID(A) cng mt s u c tnh bi cng thc
u =(h(ID(A))
-1
)
a
modn .
(a l mt s m b mt ca TA). S u c A gi ring cho mnh.
Khi A cn xng danh vi B, A v B cng thc hin mt giao thc
xc nhn danh tnh sau y:
1. A chn mt s ngu nhin k, 0 k n -1, v tnh
= k
b
modn ,
144
ri gi ID(A) v cho B.
2. B tnh v =h(ID(A)); chn mt s ngu nhin r (0 r 1) v
gi r cho A.
3. A tnh y =ku
r
modn v gi y cho B.
4. B th iu kin v y
r b
(modn) xc nhn danh tnh ca
A.
Khi xng danh theo giao thc ni trn vi B, A ch cn bit
gi tr u l mt gi tr c tnh bi TA (v ch TA tnh c gi tr
). O khng th gi mo danh tnh ca A v O khng bit gi tr u.

6.5. Giao thc Feige-Fiat-Shamir.
Giao thc xng danh Feige-Fiat-Shamir m ta s gii thiu
trong tit ny thng c xem l mt giao thc in hnh, trong
mt ch th t xng danh bng cch chng minh l mnh bit
mt b mt vi vic dng mt kiu chng minh m ta s gi l
chng minh khng l tri thc (zero-knowledge proof), tc l trong
chng minh khng tit l bt c mt thng tin d nh no lin
quan n gi tr b mt ca ch th xng danh. y,thut ng tri
thc ch c dng vi mt ngha rt hn ch ni v vic bit
mt b mt ca mt ch th, m ci bit ny thng khi ch l bit
mt bit (0 hoc 1, ng hoc sai), khng l tri thc l khng tit l
ci bit v mt bit . Trong tit sau ta s cp n cc chng
minh khng l tri thc vi mt ngha rng hn, khi tri thc s
c ngha l bit chng minh ca mt bi ton, v chng minh
khng l tri thc s c ngha l thuyt phc mt i tc tin rng
mnh bit cch chng minh ca bi ton , v ngoi vic b thuyt
phc ra th i tc khng khai thc c bt c thng tin g khc
c th lp li chng minh c.
By gi ta tr li vi vic trnh by giao thc xng danh
Feige-Fiat-Shamir.
bc chun b, trung tm c u thc (TA) cng b mt
muyn chung n =pq cho mi ngi tham gia, sau khi chn v
gi b mt hai s nguyn t ln p v q , mi s ny u ng d vi
3 theo mod4. Bi ton phn tch n thnh tha s c gi thit l
cc kh. Mt s nguyn n nh trn l s nguyn Blum, vi -1 l
mt gi thng d bc hai theo modn (tc l mt bt thng d bc
hai c k hiu Jacobi bng +1).
Mi ngi tham gia thc hin cc vic chun b nh sau:
- Chn k s nguyn ngu nhin s
1
, s
2
,...,s
k
trong tp {1,...,n -1},
v k bit ngu nhin b
1
, b
2
,..., b
k
.
- Tnh
2 1
( 1) ( ) mod
i
b
i i
v s

= n vi mi 1 i k .
145
- Mi ch th A ng k vi TA kho cng khai (v
1
,..., v
k
; n)
ca mnh, v gi cho ring mnh kho b mt (s
1
,...,s
k
) .

Hot ng ca giao thc xng danh s gm vic thc hin t
vng hi-p sau y; B s chp nhn danh tnh ca A nu tt c t
vng u thnh cng. Gi thit B c kho cng khai ca A. Mi
vng gm cc bc :
(a) A chn s nguyn ngu nhin r (1 r n 1), v mt bit ngu
nhin b , tnh x = (-1)
b
.r
2
mod n ; v gi x cho B nh mt bng chng.
(b) B gi cho A mt vect gm k bit ngu nhin (e
1
,..., e
k
) nh mt
cu hi hay li thch .
(c) A tnh v gi cho B y =
1
.
j
k
e
j
j
r s
=

modn , nh cu tr li.
(d) B tnh
2
1
.
j
k
e
j
j
z y v
=
=

modn , v th iu kin z =x v z 0 .
Ch rng trong giao thc trn y,cc s k v t l cc tham s an
ton nh s c gii thch trong mt on sau.
Th d : Gi s trung tm TA chn p =683 v q =811, v cng
b n = pq = 553913. Chn cc tham s k =3, t =1.
Gi s A chn s
1
=157, s
2
=43215, s
3
=4646, v 3 bit b
1
=1, b
2
=0,
b
3
=1. Tnh ra v
1
=441845, v
2
=338402, v
3
=124423.
Kho cng khai ca A l (441845, 338402, 124423; 553913),
kho b mt l (157, 43215, 4646).
Giao thc xng danh ca A c th c thc hin nh sau:
a) A chn r =1279, b =1, tnh c x =25898, v gi cho B,
b) B ra li thch (e
1
, e
2
, e
3
)=(0,0,1).
c) A tr li li bng y=rs
3
modn = 403104.
d) B tnh z = y
2
v
3
modn

=25898 v th ng z =+x v z 0 .
Do B chp nhn danh tnh ca A.
i vi giao thc Feige-Fiat-Shamir, ngi ta chng minh c
rng kh nng thnh cng ca vic mo xng danh tnh c xc sut
nhiu lm l 2
-kt
, do nu chn k v t sao cho kt =20 chng hn th
xc sut l khong 1 phn triu, v nu kt =40 th xc sut l
khong 1 phn triu triu, c th coi l khng th xy ra. Tnh an
ton ca giao thc da trn kh ca bi ton khai cn bc hai
theo muyn l mt hp s ln kh phn tch thnh tha s. Giao
thc cng c tnh cht l mt chng minh khng l tri thc theo
ngha l nh bit kho b mt m A thc hin vic tr li trong cc
vng hi-p mt cch tri chy, nhng ton b cc tr li ca A
khng l bt k mt cht b mt no ngi khc (k c B) c
th khai thc nhm pht hin (kho) b mt ca A.

6.6. Php chng minh khng l tri thc.
146
(zero-knowledge proof)
Nh gii thiu trong phn m u 6.1, bi ton xng
danh v xc nhn danh tnh ng mt vai tr c ngha to ln
trong mi hot ng giao dch ca x hi. vic xng danh c
an ton, mt yu cu quan trng l cn chng c vic mo xng
danh tnh ca ngi khc trong giao dch. Khi vic giao dch c
in t ho mt cch rng ri, yu cu an ton t ra nhiu vn
cn c gii quyt bng nhng gii php khoa hc. Nhng gii
php n gin v th s nh trnh tn tui, mt hiu (password),...
khng cn an ton, v kh gi c b mt lm cho ngi khc c
th d dng bt chc mo xng. Trong cc phn trn ca
chng ny, ta trnh by mt s s xng danh da vo cc
giao thc hi-p, ngi kim th a ra cc cu hi, v ngi
xng danh tr li, da trn cc tr li ngi kim th hoc a
thm nhng cu hi mi, hoc chp nhn (hay bc b) danh tnh
ca ngi xng danh. Phn ln cc giao thc hi-p trong cc s
xng danh u c t nhiu tnh cht ca mt chng minh
khng l tri thc, d tri thc m ta cp n ch l vic bit hay
khng bit mt b mt (ca kho xng danh). Khi nim chng
minh khng l tri thc ban u xut pht t vic nghin cu cc s
xng danh, v sau c m rng cho nhiu loi bi ton
khc.
Cc bi ton m ta s tm kim cho chng nhng chng
minh khng l tri thc thng l nhng bi ton quyt nh, l
nhng bi ton c xc nh bi mt tp d liu v mt tnh
cht , v ni dung ca bi ton l xt xem vi mi x , x c tnh
cht hay khng. Mt s lp cc bi ton quyt nh nh vy
c xt n khi ta nghin cu v phc tp tnh ton trong
chng II. Tham gia vo mt giao thc chng minh gm c hai
ngi: mt l ngi chng minh (k hiu l P-prover) v mt l
ngi kim th (k hiu V- verifier). Giao thc gm cc cu hi-
p gia V v P, thng l V a ra cc cu hi hay thch , v V
a ra cc cu tr li. Gi th P bit chc chn rng x c tnh cht
, P c th dng mt giao thc chng minh thuyt phc V tin
rng x c tnh cht , v mt giao thc chng minh c gi l
khng l tri thc, nu ngoi vic thuyt phc c V tin l x c tnh
cht ra, P khng l bt c mt thng tin no c th gip ngi
khc (k c V) dng chng minh x c tnh cht . Trc khi a
ra c cc nh ngha ton hc v cc khi nim , ta hy xt mt
th d v mt bi ton quen thuc l bi ton ng cu graph, vi
tp d liu l tp cc cp graph (G
1
, G
2
), v ni dung bi ton l
cu hi: hai graph G
1
v G
2
c ng cu vi nhau khng. Trong l
147
thuyt v phc tp tnh ton, bi ton ny c mt vai tr c
bit, v l mt bi ton cha bit c thut ton no vi thi gian a
thc gii n hay khng, nhng cng cha c chng minh no
chng t n l NP-y .
Di y l s tng tc chng minh khng l tri thc
ca bi ton ng cu graph:
Gi s cho hai graph G
1
v G
2
c tp nh {1, 2,...,n}. Gi s P
bit G
1
v G
2
ng cu vi nhau (chng hn do bit mt hon v
trn tp {1, 2,...,n} sao cho G
1
l nh ca G
2
qua hon v ).
S tng tc chng minh G
1
v G
2
ng cu gm m vng hi-
p, mi vng c 4 bc sau y:
1. P chn mt hon v ngu nhin ca {1, 2,...,n}, lp graph
H l nh ca G
1
qua hon v , v gi H cho V.
2. V chn s ngu nhin i {1, 2} v gi n cho P.
3. P tnh mt hon v trn {1, 2,...,n} sao cho H l nh ca
G

i
qua (c th, nu i =1 th ly = , nu i =2 th ly = . ), ri
gi cho V.
4. V th xem H c l nh ca G
i
qua hay khng.
V s chp nhn chng minh ca P nu V th ng iu kin
4 tt c m vng hi-p .
Th d: Ta minh ho hot ng ca giao thc tng tc
chng minh s ng cu ca hai graph bng th d di y:
Gi s G
1
= (V, E
1
) v G
2
= (V,E
2
) l hai graph vi tp nh
V ={1, 2, 3, 4} v cc tp cnh E
1
={12,13,14,34}, E
2
={12,13,23,24}. Gi
s P bit G
2
ng cu vi G
1
qua hon v = {4 1 3 2}.

2 4 1 2 2 4


3 1 4 3 1 3
H G
1
G
2


Mt vng ca giao thc c th xy ra nh sau:
1. P chn ngu nhin hon v = {2 4 1 3}. Graph H s c tp
cnh {12,13,23,24}, l nh ca G
1
qua . P gi H cho V.
2. V chn i =2 v gi cho P nh mt cu hi.
3. P th thy hon v = . ={3 2 1 4} nh x G
2
thnh H
v do gi cho V.
4. V th ng H l nh ca G
2
qua hon v . Ta kt lun
vng hi-p ny thnh cng.
Ton b giao thc gm c m = log
2
n vng.
148
Nh vy, nu G
1
ng cu vi G
2
(hay chnh xc hn, nu A
bit G
1
ng cu vi G
2
) v mi qui nh c tn trng, th giao
thc thnh cng, v xc sut ca vic V chp nhn chng minh
l 1. l tnh y ca giao thc.
Mt khc, nu G
1
v G
2
khng ng cu vi nhau, th cch
duy nht P la V chp nhn theo giao thc l mi vng hi-
p, P on trc ng c cu hi (s i) m V s a ra bc
2, v do bc 1, P chn ngu nhin mt hon v v gi cho
V graph H l nh ca G
i
qua , ri bc 3 tr li cu hi (l s
i ) ca V, P s p li bng php hon v = . R rng l V chp
nhn cu tr li l ng, v vng hi-p thnh cng. Nh
vy, P la c V mt vng, v xc sut thnh cng bng xc
sut P on trc ng cu hi m V s a ra, tc l khng ln
hn 1/2. Vy nu G
1
v G
2
khng ng cu vi nhau th kh nng
V b la m tin rng G
1
v G
2
ng cu l c xc sut khng qa 2
-m
= 2
-logn
= 1/n , mt gi tr khng ng k c th b qua v n rt ln.
iu cng ni rng nu P khng bit G
1
v G
2
ng cu vi
nhau th P cng khng th li dng giao thc m la V rng P
bit G
1
v G
2
ng cu. l tnh ng n ca giao thc.
By gi ta ni n tnh khng l tri thc ca giao thc ni
trn. Ta thy rng thc hin mi vng hi-p ca giao thc, tt c
nhng g m P a n cho V l mt bn sao H ng cu viG
1
v
G
2
, v mt hon v thc hin s ng cu t G
1
ti H hoc t G
2

ti H (nhng khng phi c hai !). T cc thng tin khng
V thit lp c ngay mt php ng cu ca G
1
v G
2
(ta ch
hon v m P chuyn cho V l = hoc = . , t khng d
g tm c ). Mt cch trc gic, iu chng t l giao thc
khng l tri thc. c mt nh ngha ton hc cho khi nim
khng l tri thc, ta xt k hn lp lun trn y.
Ta hy xem qua mt chng minh tng tc nh trn P v
V li nhng thng tin g. Ngoi thng tin v hai graph G
1
v G
2
,
mi vng hi-p, P v V trao i cc thng tin v mt graph
H, mt cu hi i , v mt tr li . Nh vy, ta c th nh ngha
mt bn ghi T ca mt chng minh tng tc l
T = ((G
1
,G
2
); (H
1
,i
1
,
1
) ;....; (H
m
,i
m
,
m
)).
Thng tin v mt chng minh tng tc c cha ng y
trong mt bn ghi T . By gi ta ch rng mt bn ghi cng c th
c to ra mt cch gi mo. Thc vy, ta c th chn ngu nhin
mt s i {1, 2}, mt hon v , sau tnh H l nh ng cu ca
149
G
i
qua . Thc hin m ln nh vy, ta c m b ba (H,i,), v
cng vi (G
1
,G
2
) ta s to c mt bn ghi gi mo, v khng
phi l mt bn ghi trung thc theo vic thc hin thc mt chng
minh ng theo giao thc tng tc, nhng khng c cch no
phn bit mt giao thc hp thc vi mt giao thc gm cc bn
ghi gi mo. Thut ton to ra cac bn ghi gi mo c gi l mt
m phng. By gi ta c th a ra mt nh ngha cho khi
nim khng l tri thc nh sau:
Gi s c mt h chng minh tng tc i vi bi ton
quyt nh , v mt m phng S
1
, v x l mt d liu ca bi ton
c tr li ng i vi cu hi . K hiu T(x) l tp tt c cc
bn ghi hp thc c th c, v F(x) l tp hp tt c cc bn ghi gi
mo c th sinh ra bi S. Gi thit rng T(x) =F(x). Vi mi T T(x)
k hiu p
T
(T ) l xc sut ca vic T l bn ghi sinh ra t mt chng
minh tng tc, v p
F
(T ) l xc sut ca vic T l mt bn ghi gi
mo sinh ra bi m phng S . Nu p
T
(T ) = p
F
(T ) vi mi T T(x) ,
tc l cc phn b xc sut trn T(x) v F(x) l trng nhau, th ta ni
rng h chng minh tng tc ca ta l khng l tri thc hon ho
(perfect zero-knowledge) i vi V.
i vi bi ton ng cu hai graph v vi s chng
minh tng tc k trn, ngi ta chng minh c rng hai phn
b xc sut trn T(x) v F(x) trng nhau, do , vi nh ngha ca
khi nim khng l tri thc hon ho, ta c th kt lun : i vi
bi ton ng cu hai graph, c mt s tng tc chng minh
khng l tri thc hon ho.
By gi ta gii thiu thm di y mt s tng tc
chng minh khng l tri thc i vi bi ton thng d bc hai, l
mt bi ton NP-y .
Cho mt s nguyn n l tch ca hai s nguyn t ln p v q
c gi b mt. Gi thit P bit x l mt thng d bc hai theo
modn, v u l mt cn bc hai ca n (tc u
2
x (modn)).S
chng minh tng tc gm m vng, mi vng gm 4 bc sau y:
1. P chn ngu nhin mt s v
n
Z

, tnh y =v
2
modn , v gi
y cho V.
2. V chn ngu nhin mt s i {0, 1} v gi cho P.

1
Thng thng ngi ta gi thit l ngi kim th V, cng nh b m phng V,
u l cc thut ton c kh nng tnh ton trong thi gian a thc.
150
3. P tnh z = u
i
v modn, v gi z cho V.
4. V th iu kin (modn) .
2 i
z x y
Nu qua m vng, V u th ng iu kin trn th V chp
nhn chng minh ca P rng x l thng d bc hai theo modn.
Giao thc chng minh tng tc ny cng c cc tnh cht
y , ng n, v l khng l tri thc, nhng cha phi l
khng l tri thc hon ho. Vic nghin cu cc s tng tc
chng minh khng l tri thc l mt ch c nhiu ngi quan
tm trong vi thp nin va qua, v thu c nhiu kt qu l
th, trong l th nht c l l cc kt qu lin quan n cc bi
ton NP-y . Ngi ta chng t rng khng c cc chng
minh khng l tri thc hon ho i vi cc bi ton NP-y ;
tuy nhin, nu khng i hi cht ch iu kin khng l tri thc
hon ho, m ch i hi mt iu kin nh hn cht t v khng
l tri thc tnh ton (computational zero-knowledge), th ngi ta
chng minh c rng i vi nhiu bi ton NP-y nh bi
ton thng d bc hai theo modn trn hay bi ton t ba mu mt
graph l c th xy dng tng ng cc s tng tc chng
minh khng l tri thc tnh ton. Ri t , do mi bi ton trong
lp NP u c th qui dn trong thi gian a thc v mt bi ton
NP-y , chng hn bi ton t ba mu mt graph, nn c th
chng minh c l i vi mi bi ton trong lp NPu c mt
s tng tc chng minh khng l tri thc (tnh ton).
Khi nim khng l tri thc tnh ton ch khc khi nim
khng l tri thc hon ho mt im l nu trong nh ngha ca
khng l tri thc hon ho ta i hi hai phn b xc sut trn
T(x) v F(x) trng nhau, th i vi khi nim khng l tri thc
tnh ton, ta ch i hi hai phn b xc sut l khng phn
bit c theo mt ngha tng t nh khng -phn bit c
m ta xt n trong mc 4.6.1, chng IV.







151

CHNG VII

Vn phn phi kho
v tho thun kho

7.1. Qun tr kho trong cc mng truyn tin.
Trong cc chng trc, ta lm quen vi cc phng
php lp mt m v cc bi ton quan trng khc lin quan n
vic truyn tin bo mt trn cc mng truyn tin cng cng ni
chung. Ta cng thy rng cc h mt m kho cng khai c
nhiu u vit hn cc h mt m kho i xng trong vic lm nn
tng cho cc gii php an ton thng tin, v c bit nu i vi
cc h mt m kho i xng vic thc hin i hi nhng knh b
mt chuyn kho hoc trao i kho gia cc i tc, th v
nguyn tc, i vi cc h mt m kho cng khai, khng cn c
nhng knh b mt nh vy, v cc kho cng khai c th c
truyn hoc trao i cho nhau mt cch cng khai qua cc knh
truyn tin cng cng. Tuy nhin, trn thc t, bo m cho cc
hot ng thng tin c tht s an ton, khng phi bt c thng
tin no v cc kho cng khai ca mt h mt m, ca mt thut
ton kim th ch k, ca mt giao thc xc nhn thng bo hay
xc nhn danh tnh, v.v... cng pht cng khai mt cch trn lan
trn mng cng cng, m du l cng khai nhng ngi ta cng
mong mun l nhng ai cn bit th mi nn bit m thi. Do ,
du l dng cc h c kho cng khai, ngi ta cng mun c
nhng giao thc thc hin vic trao i kho gia nhng i tc
thc s c nhu cu giao lu thng tin vi nhau, k c trao i kho
cng khai. Vic trao i kho gia cc ch th trong mt cng ng
no c th c thit lp mt cch t do gia bt c hai ngi
no khi c nhu cu trao i thng tin, hoc c th c thit lp
mt cch tng i lu di trong mt thi hn no trong c cng
ng vi s iu phi ca mt c quan c u thc (m ta k hiu
l TA-trusted authority). Vic trao i kho trong trng hp th
nht ta gi n gin l tho thun kho, cn trong trng hp th
hai ta gi l phn phi kho , TA l ni thc hin vic phn phi,
cng tc l ni qun tr kho. Vic tho thun kho ni chung
khng cn c s tham gia ca mt TA no v ch c th xy ra khi
152
cc h bo mt m ta s dng l h c kho cng khai, cn vic
phn phi kho th c th xy ra i vi cc trng hp s dng
cc h kho i xng cng nh cc h c kho cng khai. Vic phn
phi kho vi vai tr qun tr kho ca mt TA l mt vic bnh
thng, tn ti t rt lu trc khi c cc h mt m kho cng
khai. Ta s bt u vi vic gii thiu mt vi h phn phi kho
nh vy, ri tip sau s gii thiu mt s h phn phi hoc trao
i kho khi dng cc s an ton v bo mt c kho cng khai.

7. 2. Mt s h phn phi kho.
7. 2.1. S phn phi kho Blom.
Gi s ta c mt mng gm c n ngi dng, v mi ngi
dng u c nhu cu trao i thng tin b mt vi mi ngi
trong mng. Gi s s mt m c s dng l mt s mt
m kho i xng (chng hn, DES). Ton b mng cn c
( 1
2
n n )

kho khc nhau cho chng y cp ngi dng khc nhau trong
mng. Mt c quan c u thc TA qun l chng y kho v
phi chuyn cho mi ngi dng n -1 kho chung vi n -1 ngi
cn li trong mng, nh vy TA phi truyn bng nhng knh b
mt tt c l n (n -1) lt kho n cho tt c n ngi dng.
Blom (1985) ngh mt s phn phi kho, m sau y
ta gi l s Blom, trong trng hp n gin nht c m t
nh sau:
TA chn mt s nguyn t p n, v chn cho mi ngi
dng A mt s r
A
Z
p
. S p v cc s r
A
c cng b cng khai.
Sau , TA chn ba s ngu nhin a,b,c Z
p
, v lp a thc
( , ) ( ) f x y a b x y cxy = + + + modp.
Vi mi ngi dng A, TA tnh ( ) ( , )
A A A A
g x f x r a b x = = + modp,
trong . TA chuyn b mt
cp s
mod , mod
A A A A
a a br b b cr = + = + p p
( , )
A A
a b cho A; nh vy, A bit ( )
A A A
g x a b x = + . So vi vic
TA phi truyn b mt n (n -1) lt kho k trn th vi s Blom,
TA ch phi truyn n lt cc cp s ( , )
A A
a b m thi.
Sau khi thc hin xong cc cng vic chun b , by gi
nu hai ngi dng A v B mun to kho chung truyn tin
bng mt m cho nhau, th kho chung K
A,B
s l :

,
( ) ( ) ( , ),
A B A B B A A B
K g r g r f r r = = =
m mi ngi A v B tnh c bng nhng thng tin mnh c.
153
Nh vy, theo s phn phi ny, TA phn phi cho mi
ngi dng mt phn b mt ca kho, hai ngi dng bt k phi
hp phn b mt ca ring mnh vi phn cng khai ca ngi kia
cng to nn kho b mt chung cho hai ngi. S ny l an
ton theo ngha sau y: Bt k mt ngi th ba C no (k c C l
mt ngi tham gia trong mng) c th pht hin c kho b mt
ring ca hai ngi A v B. Thc vy, d C c l ngi tham gia
trong mng i na, th ci m C bit nhiu lm l hai s do
TA cp cho. Ta chng minh rng vi nhng g m C bit th bt k
gi tr l Z
,
C C
a b
p
no cng c th c chp nhn l K
A,B
. Nhng g m
C bit, k c vic chp nhn l =K
A,B
, c th hin thnh

( )
A B A B
C C
C C
a b r r cr r l
a br a
b cr b
+ + + =
+ =
+ =

H thng phng trnh , nu xem a,b,c l n s, c nh thc cc
h s v phi l

1
1 0 ( )( )
0 1
A B A B
C C A C
C
r r r r
r r r r
r
+
B
r = ,
theo gi thit chn cc s r , nh thc khc 0, do h phng
trnh lun c nghim (a,b,c), tc vic chp nhn l l gi tr ca K
A,B

l hon ton c th. Bt k gi tr l Z
p
no cng c th c C
chp nhn l K
A,B
, iu ng ngha vi vic C khng bit K
A,B
l
s no!
Tuy nhin, nu c hai ngi tham gia C v D, khc A,B, lin
minh vi nhau pht hin K
A,B
, th li rt d dng, v c C v D
bit

C C
C C
D D
D D
a br a
b cr b
a br a
b cr b
+ =
+ =
+ =
+ =

Bn phng trnh xc nh (a,b,c), t tm c K
A,B
.
Ta c th m rng s Blom ni trn c mt s
Blom tng qut, trong mi kho chung K
A,B
ca hai ngi dng
A v B l b mt hon ton i vi bt k lin minh no gm k
ngi ngoi A v B, nhng khng cn l b mt i vi mi lin
minh gm k +1 ngi tham gia trong mng. Mun vy, ta ch cn
154
thay a thc f (x,y ) ni trn bng mt a thc i xng bc 2k sau
y :

0 0
( , ) mod ,
k k
i j
ij
i j
f x y a x y
= =
=

p
trong vi mi i, j. ,0 , ,
i p i
a Z i j k a a =
j ji j

7.2.2. H phn phi kho Kerberos.
Kerberos l tn ca mt h dch v phn phi (hay cp pht)
kho phin (session key) cho tng phin truyn tin bo mt theo
yu cu ca ngi dng trong mt mng truyn tin. H mt m
c s dng thng l h c kho i xng, chng hn DES.
thc hin h ny, trc ht, c quan c u thc (hay
trung tm iu phi) TA cn chia s mt kho DES b mt K
A
vi
mi thnh vin A trong mng. Sau , mi ln A c nhu cu truyn
tin bo mt vi mt thnh vin khc B th yu cu TA cp mt kho
phin cho c A v B. Vic cp pht s c thc hin bng mt
giao thc phn phi kho nh sau:
1. TA chn ngu nhin mt kho phin K, xc nh mt tem
thi gian T v mt thi gian sng L (nh th c ngha l kho
phin K c gi tr s dng trong khong thi gian t T n T +L).
2. TA tnh

1
2
( , ( ), , ),
( , ( ), , ).
A
B
K
K
m e K ID B T L
m e K ID A T L
=
=
v gi ( ) n A.
1 2
, m m
3. A dng hm gii m
A
K
d cho thu c K, T,L,ID(B).
Sau tnh
1
m

3
( ( ),
K
m e ID A T) = ,
v gi cho B.
3 2
( , m m )
4. B dng cc hm gii m
B
K
d cho m
2
v d
K
cho m
3
thu
c K ,T, L,ID(A) v ID(A),T . Nu th thy hai gi tr ca ID(A)
v ca T trng nhau, th B tnh tip
m
4
= e
K
(T +1)
v gi m
4
cho A.
5. A dng hm gii m d
K
cho m
4
, v th xem kt qu thu
c c ng l T +1 hay khng.
155
Trong giao thc k trn, cc k hiu ID(A) v ID(B) l ch cho
danh tnh ca A v ca B, cc thng tin l cng khai.
Hon thnh giao thc gm 5 bc ni trn, TA (cng vi A
v B) thc hin xong vic cp pht mt kho phin K cho hai
ngi dng A v B truyn tin mt m cho nhau. Tt c cc vic
trao i thng tin ca giao thc u c thc hin trn cc
knh cng cng, d kho K vn l b mt, ch A, B (v TA) l c
bit m thi. Ngoi vic cp pht kho, giao thc cn thc hin
c vic xc nhn kho: B v A u tin chc c rng i tc ca
mnh thc s c kho K do kt qu ca vic thc hin cc php
th bc 4 v 5; thm na, c A v B cn bit c thi hn c
hiu lc ca kho.
Phn phi kho b mt theo giao thc Kerberos l c tin
cy cao, tuy nhin trong thc t, vic s dng n cng i hi tn
nhiu thi gian, nn ngy nay cng ch c dng trong nhng
trng hp hn ch.

7. 2.3. H phn phi kho Diffie-Hellman.
H phn phi kho Diffie-Hellman khng i hi TA phi
bit v chuyn bt k thng tin b mt no v kho ca cc ngi
tham gia trong mng h thit lp c kho chung b mt cho
vic truyn tin vi nhau.
Trong mt h phn phi kho Diffie-Hellman, TA ch vic
chn mt s nguyn t ln p v mt phn t nguyn thu theo
modp, sao cho bi ton tnh log

trong
p
Z

l rt kh. Cc s p v
c cng b cng khai cho mi ngi tham gia trong mng. Ngoi
ra, TA c mt s ch k vi thut ton k (b mt) sig
TA
v thut
ton kim th (cng khai) ver
TA
.
Mt thnh vin bt k A vi danh tnh ID(A) tu chn mt
s v tnh . A gi b mt (0 2)
A A
a a p mod
A
a
A
b = p
A
a v ng
k cc thng tin (ID(A),
A
b ) vi TA. TA cp cho A chng ch
C(A) = (ID(A),
A
b , sig
TA
(ID(A),
A
b )).
Cc chng ch ca cc thnh vin trong mng c th c
lu gi trong mt c s d liu cng khai, hoc u thc cho TA lu
gi v cung cp cng khai cho cc thnh vin mi khi cn n.
Khi hai thnh vin A v B trong mng cn c mt kho b
mt chung truyn tin bo mt cho nhau, th A dng thng tin
cng khai c trong C(B) kt hp vi s b mt ca mnh l
B
b
A
a
to nn kho
156

,
mod mod
A B A
a a a
A B B
K b = = p p.
Kho chung B cng to ra c t cc thng tin cng khai
A
b ca
A v s b mt ca mnh:
B
a

,
mod mod
B A B
a a a
A B A
K b = = p p.
bo m c cc thng tin v v
B
b
A
b l chnh xc, A
v B c th dng thut ton ver
TA
kim th ch k xc nhn ca
TA trong cc chng ch C(B) v C(A) tng ng.
an ton ca h phn phi kho Diffie-Hellman c bo
m bi iu sau y: Bit
A
b v tnh K
B
b
A,B
chnh l bi ton
Diffie-Hellman m ta cp ti trong mc 4.1, chng IV: bit
mod
a
p v mod
b
p , tnh mod
ab
p . y l mt bi ton kh
tng ng bi ton tnh lgarit ri rc hay bi ton ph mt m
ElGamal.

7.3. Trao i kho v tho thun kho.
7.3.1. Giao thc trao i kho Diffie-Hellman.
H phn phi kho Diffie-Hellman ni trong mc trc c
th d dng bin i thnh mt giao thc trao i (hay tho thun)
kho trc tip gia cc ngi s dng m khng cn c s can
thip ca mt TA lm nhim v iu hnh hoc phn phi kho.
Mt nhm bt k ngi s dng c th tho thun cng dng
chung mt s nguyn t ln p v mt phn t nguyn thu theo
modp , hai ngi bt k trong nhm A v B mi khi mun truyn
tin bo mt cho nhau c th cng thc hin giao thc say y
trao i kho:
1. A chn ngu nhin s a
A
(0 a
A
p -2), gi b mt a
A
, tnh
v gi b mod
A
a
A
b = p
p
p
i i i
A
cho B.
2. Tng t, B chn ngu nhin s a
B
(0 a
B
p -2), gi b mt
a
B
, tnh v gi b mod
B
a
B
b =
B
cho B.
3. A v B cng tnh c kho chung
.
,
mod mod ( mod )
A B A B
a a a a
A B B A
K b p b p = = =
Giao thc trao i kho Diffie-Hellman c cc tnh cht sau:
1. G ao thc l an ton vi v c tn cng th ng, ngha l
mt ngi th ba, d bit b
A
v b
B
s kh m bit c K
A,B
.
Ta bit rng bi ton bit b
A
v b
B
tm K
A,B
chnh l bi ton
Diffie-Hellman, v trong mc 7.2.3 ta c ni rng bi ton tng
157
ng vi bi ton ph mt m ElGamal. By gi ta chng minh
iu ny. Php mt m ElGamal vi kho K = (p,,a , ), trong
mod
a
p = , cho ta t mt bn r x v mt s ngu nhin
1 p
k Z


lp c mt m
1 2
( , ) ( , ),
K
e x k y y =
trong
1 2
mod , mod .
k k
y p y x = = p
V php gii m c cho bi

1
1 2 2 1
( , ) ( ) mod .
a
K
d y y y y p

=
Gi s ta c thut ton A gii bi ton Diffie-Hellman. Ta s
dng A ph m ElGamal nh sau: Cho mt m . Trc
ht, dng A cho v
1 2
( , ) y y
1
mod
k
y p = mod
a
p = , ta c
A(y
1
,) = mod ,
ka k
p =
v sau ta thu c bn r x t
k
v y
2
nh sau :

1
2
( ) mod
k
. x y p

=
Ngc li, gi s c thut ton B ph m ElGamal, tc
B .
1
1 2 2 1
( , , , , ) ( ) mod
a
p y y x y y

= = p
1 p dng B cho
1 2
, ,
A B
b y b y = = = , ta c
B
1 1 1
( , , , ,1) (1.( ) ) mod ,
A A B
a a a
A B B
p b b b p

= =
tc l gii c bi ton Diffie-Hellman.
2. Giao thc l khng an ton i vi vic tn cng ch ng
bng cch nh tro gia ng, ngha l mt ngi th ba C c
th nh tro cc thng tin trao i gia A v B, chng hn, C
thay
A
a
m A nh gi cho B bi
A
a

,v thay
B
a
m B nh gi cho
A bi
B
a

, nh vy, sau khi thc hin giao thc trao i kho, A
lp mt kho chung
A B
a a

vi C m vn tng l vi B, ng thi
B lp mt kho chung
A B
a a

vi C m vn tng l vi A; C c
th gii m mi thng bo m A tng nhm l mnh gi n B,
cng nh mi thng bo m B tng nhm l mnh gi n A !
Mt cch khc phc kiu tn cng ch ng ni trn l lm
sao A v B c th kim th xc nhn tnh ng n ca cc
kho cng khai b
A
v b
B
.a vo giao thc trao i kho Diffie-
Hellman thm vai tr iu phi ca mt TA c mt h phn
phi kho Diffie-Hellman nh mc 7.2.3 l mt cch khc phc
nh vy. Trong h phn phi kho Diffie-Hellman, s can thip ca
TA l rt yu, thc ra TA ch lm mi mt vic l cp chng ch xc
nhn kho cng khai cho tng ngi dng ch khng i hi bit
thm bt c mt b mt no ca ngi dng. Tuy nhin, nu cha
158
tho mn vi vai tr hn ch ca TA, th c th cho TA mt vai
tr xc nhn yu hn, khng lin quan g n kho, chng hn nh
xc nhn thut ton kim th ch k ca ngi dng, cn bn thn
cc thng tin v kho (c b mt v cng khai) th do cc ngi
dng trao i trc tip vi nhau. Vi cch khc phc c vai tr rt
hn ch ca TA, ta c giao thc sau y:

7.3.2. Giao thc trao i kho DH c chng ch xc nhn.
Mi ngi dng A c mt danh tnh ID(A) v mt s ch
k vi thut ton k sig
A
v thut ton kim th ver
A
. TA cng c
mt vai tr xc nhn, nhng khng phi xc nhn bt k thng tin
no lin quan n vic to kho mt m ca ngi dng (d l
kho b mt hay l kho cng khai), m ch l xc nhn mt thng
tin t quan h khc nh thut ton kim th ch k ca ngi dng.
Cn bn thn cc thng tin lin quan n vic to kho mt m th
cc ngi dng s trao i trc tip vi nhau. TA cng c mt s
ch k ca mnh, gm mt thut ton k sig
TA
v mt thut ton
kim th (cng khai) ver
TA
. Chng ch m TA cp cho mi ngi
dng A s l
C(A) = (ID(A), ver
A
, sig
TA
(ID(A), ver
A
)).
R rng trong chng ch TA khng xc nhn bt k iu g lin
quan n vic to kho ca A c. Vic trao i kho gia hai ngi
dng A v B c thc hin theo giao thc sau y:
1.A chn ngu nhin s (0 2),
A A
a a p tnh
v gi b
mod ,
A
a
A
b p =
A
cho B.
2. B chn ngu nhin s (0 2),
B B
a a p tnh
tnh tip
mod ,
B
a
B
b p =
mod ,
B
a
A
K b p =
( , ),
B B B A
y sig b b =
v gi (C(B),b
B
, y
B
) cho A.
3. A tnh K = mod ,
A
a
B
b p
dng ver
B
kim th y
B
, dng ver
TA
kim th C(B), sau tnh
y
A
= sig
A
(b
A
, b
B
),
v gi (C(A), y
A
) cho B.
4.B dng ver
A
kim th y
A
,v dng ver
TA
kim th C(A).
Nu tt c cc bc c thc hin v cc php kim th
u cho kt qu ng n, th giao thc kt thc, v c A v B u
c c kho chung K . Do vic dng cc thut ton kim th nn
A bit chc gi tr b
B
l ca B v B bit chc gi tr b
A
l ca A, loi
159
tr kh nng mt ngi C no khc nh tro cc gi tr gia
ng.

7.3.3. Giao thc trao i kho Matsumoto-Takashima-
Imai.
Giao thc trnh by trong mc trn cn dng ba ln chuyn
tin qua li thit lp mt kho chung. Cc tc gi Nht
Matsumoto, Takashima v Imai ngh mt ci tin ch dng
mt giao thc gm hai ln chuyn tin (mt t A n B v mt t B
n A) tho thun kho nh sau:
Ta gi th rng trc khi thc hin giao thc, TA k cp
chng ch cho mi ngi dng A theo cch lm mc 7.2.3:
C(A) = (ID(A),
A
b , sig
TA
(ID(A),
A
b )),
v thut ton kim th ch k ver
TA
ca TA l cng khai. Trong
giao thc ny, cc b
A
khng trc tip to nn cc kho mt m cho
truyn tin, m vi mi phin truyn tin bo mt, kho phin (sesion
key) s c to ra cho tng phin theo giao thc.
Giao thc trao i kho phin MTI gm ba bc (trong c
hai ln chuyn tin) nh sau:
1. A chn ngu nhin s (0 2),
A A
r r p tnh
v gi (C(A), s
mod ,
A
r
A
s p =
A
) cho B.
2. B chn ngu nhin s (0 2),
B B
r r p tnh mod ,
B
r
B
s p =
v gi (C(B),s
B
) cho A.
3. A tnh . mod
A A
a r
B B
, K s b p = vi gi tr b
B
thu c t C(B),
B tnh . mod
B B
a r
A A
, K s b p = vi gi tr b
A
thu c t C(A).
Hai cch tnh u cho cng mt gi tr mod .
A B B A
r a r a
K p
+
=
Giao thc ny cng c kh nng gi b mt kho K nh i vi
giao thc Diffie-Hellman trc s tn cng th ng. Tuy nhin, v
khng c chng ch i vi cc gi tr s
A
, s
B
nn vn c nguy c ca
s tn cng tch cc bng vic nh tro gia ng bi mt C no
theo kiu sau y:
C(A),
A
r
C(A),
A
r

A C(B),
B
r

C C(B),
B
r
B

ng l A gi n B (C(A),s
A
) th C nh tro bng cch nhn
(C(A),s
A
) v gi n B ( ( ), ),
A
C A s vi , v ngc li, mod
A
r
A
s

= p
160
ng l B gi n A (C(B), s
B
) th C nh tro bng cch nhn (C(B),
s
B
) v gi n A ( ( ), )
B
C B s , vi . Khi , A tnh c
kho
mod
B
r
B
s

= p

1
mod
A B B A
r a r a
K p
+
= ,
v B tnh c kho

2
mod .
A B B A
r a r a
K p
+
=
Hai gi tr K
1
v K
2
ny khc nhau, nn khng gip A v B truyn
tin c cho nhau, nhng C khng c kh nng tnh c gi tr
no trong hai gi tr (v khng bit a
A
v a
B
), nn khc vi giao
thc Diffie-Hellman mc 7.2.3, y C ch c th ph ri, ch
khng th nh cp thng tin c.

7.3.4. Giao thc Girault trao i kho khng chng ch.
Giao thc Girault c xut nm 1991. Trong giao thc
ny, ngi s dng A khng cn dng chng ch C(A), m thay
bng mt kho cng khai t chng thc , c cp trc bi mt
TA. Phng php ny s dng kt hp cc c tnh ca cc bi
ton RSA v lgarit ri rc.
Gi th n l tc ca hai s nguyn t ln p v q, n =p.q , p v
q c dng p =2p
1
+1, q =2q
1
+1, trong p
1
v q
1
cng l cc s
nguyn t. Nhm nhn
n
Z

ng cu vi tch
p q
Z Z

. Cp cao nht
ca mt phn t trong
n
Z

l bi chung b nht ca p -1 v q -1, tc

l bng 2p
1
q
1
. Gi s l mt phn t cp 2p
1
q
1
ca
n
Z

. Nhm
cyclic sinh bi c k hiu l G, bi ton tnh lgarit ri rc theo
c s trong G c gi thit l rt kh.
Cc s n v l cng khai. Ch TA bit p ,q . TA chn s m
cng khai e , vi gcd(e, (n ))=1,v gi b mt d =e
-1
mod (n ).
Mi ngi dng A c mt danh tnh ID(A), chn ngu nhin
mt s a
A
G, gi b mt a
A
v tnh b
A
= , ri gi a mod
A
a
n
A
,b
A
cho
TA. TA th li iu kin b
A
= , ri cp cho A mt kho
cng khai t chng thc p
mod
A
a
n
A
= (b
A
- ID(A))
d
modn . Trong kho cng
khai p
A
khng c thng tin v a
A
, nhng TA cn bit a
A
th iu
kin b
A
= . mod
A
a
n
Giao thc Girault trao i kho gia hai ngi dng A v B
c thc hin bi cc bc sau y:
1. A chn ngu nhin r
A
G, tnh v gi cho B
(ID(A),p
mod ,
A
r
A
s = n
A
, s
A
).
161
2. B chn ngu nhin r
B
G , tnh v gi cho A
(ID(B), p
mod ,
B
r
B
s = n
d ,
B
, s
B
).
3. A tnh kho ( ( )) mo
A A
a r e
B B
K s p ID V n = +
B tnh kho ( ( )) mo
B B
a r e
A A
d . K s p ID A n = +
C hai gi tr ca K u bng nhau v bng
mod .
A B B A
r a r a
K n
+
=
Bng cc lp lun nh trong mc trc, ta d thy rng mt
ngi th ba C kh m to ra cc thng tin gi mo gi n A
hoc B, nu tn cng bng cch nh tro gia ng th c th ph
ri ngn cn A v B to lp kho chung, nhng khng th nh
cp thng tin trao i gia A v B.
Cn li mt vn : Ti sao TA cn bit a
A
v th iu kin
b
A
= trc khi cp p mod
A
a
n
A
cho A? Ta gi th rng TA khng
bit a
A
v cp p
A
= (b
A
- ID(A))
d
modn cho A, v th xem c th xy
ra chuyn g?
Mt ngi th ba C c th chn mt gi tr rm ,
A
a v tnh
ri tnh b b mod ,
A
a
A
b

= n ID A ID C ( ) ( ),
C A
= ) v a ( ( ),
C
ID C b
cho TA. TA s cp cho C mt kho cng khai t chng thc
( ( )) mo
d
C C
p b ID C = d . n
d . n
V nn thc t C c cp ( ) ( ),
C A
b ID C b ID A =
( ( )) mo
d
C A A
p p b ID A = =
By gi gi s A v B thc hin giao thc trao i kho, v C xen
vo gia, nh vy, A gi n B ( ( ), , mod ),
A
r
A
ID A p n nhng do b
C nh tro nn B li nhn c ( ( ), , mod ),
A
r
A
ID A p n

do B v C
tnh c cng mt kho
mod ( ( )) mod ,
A B B A A A
r a r a a r e
B B
K n s p ID B n
+
= = +
cn A tnh c kho
mod .
A B B A
r a r a
K n
+
=
ID(A), p
A
,
A
r
ID(A),
A
p ,
A
r

A ID(B),p
B
,
B
r
C ID(B),p
B
,
B
r
B

B v C c cng mt kho khc vi kho ca A, nhng B vn
ngh rng mnh c chung kho vi A. V th, C c th gii m mi
thng bo m B gi cho A, tc nh cp cc thng tin t B n A.
Vic TA bit a
A
v th iu kin b
A
= trc khi cp p mod
A
a
n
A
cho
A l loi tr kh nng nh tro nh vy ca mt k tn cng C.

162
Ch dn v sch tham kho

Sch bo v Khoa hc mt m tuy mi c cng khai xut
bn t khong ba thp nin gn y, nhng do nhu cu nghin cu
v ng dng rt ln nn pht trin rt nhanh chng, trong c
c nhng ti liu gio khoa do cc trng i hc xut bn cng
nh cng trnh nghin cu ng ti trn cc tp ch khoa hc v cc
tp cng trnh ca cc hi ngh khoa hc quc t hng nm v Mt
m. l ngun ti liu ht sc phong ph v qu gi cho tt c
nhng ai quan tm n vic hc tp v nghin cu v khoa hc mt
m. Tp gio trnh ny c bin son ch yu da vo mt s
sch chuyn kho tr thnh gio khoa cho nhiu trng i hc
trn th gii, c xut bn trong nhng nm gn y:
1. Douglas R. Stinson. Cryptography. Theory and Practice, CRC
Press,1995.
2.A.J. Menezes, P.C. van Oorschot, S.A. Vanstone. Handbook of
Applied Cryptography, CRC Press, 1997.
3.Bruce Schneier. Applied Cryptography. Protocols, Algorithms
and Source Code in C. John Wiley &Son,Inc, 1996.
4. S. Goldwasser, M. Bellare. Lecture Notes on Cryptography. MIT
Laboratory of Computer Science, 2001.
5.J.Seberry, J. Pieprzyk. Cryptography. An introduction to
Computer Security. Prentice Hall, 1989.
6.Vitor Shoup. A computational Introduction to Number Theory
and Algebra, New York University, 2003.




163