Beruflich Dokumente
Kultur Dokumente
Cryptoshn PDF
Hochgeladen von
Nga NgoOriginaltitel
Copyright
Verfügbare Formate
Dieses Dokument teilen
Dokument teilen oder einbetten
Stufen Sie dieses Dokument als nützlich ein?
Sind diese Inhalte unangemessen?
Dieses Dokument meldenCopyright:
Verfügbare Formate
Cryptoshn PDF
Hochgeladen von
Nga NgoCopyright:
Verfügbare Formate
Bpmc Hnanep
Hpnxnanau xpnn1orpaqnu
2-e nsanne
Hporokont, anropnrmt n ncxonte rekcrt na xstke C
COEPAHHE
Yn1qnnp nqqn. Dpepncnonne
Bnepenne
Fnaea 1
Ocnonnme nonu1nu
1.1 Tepmnnonornx
1.2 Creranorpa|nx
1.3 Hocranonounte n nepecranonounte mn|pt
1.4 Hpocroe XOR
1.5 Onopasonte noknort
1.6 Komntmrepnte anropnrmt
1.7 Fontmne uncna
Hac1u 1 Kpnn1orpaqnueckne npo1okonm
Fnaea 2
3neuen1m npo1oxonon
2.1 Bneenne n nporokont
2.2 Hepeaua nn|opmannn c ncnontsonannem cnmmerpnunon kpnnrorpa|nn
2.3 Ononanpannennte |ynknnn
2.4 Ononanpannennte x+m-|ynknnn
2.5 Hepeaua nn|opmannn c ncnontsonannem kpnnrorpa|nn c orkptrtmn kn muamn
2.6 Hn|ponte nonncn
2.7 Hn|ponte nonncn n mn|ponanne
2.8. Ienepannx cnyuanntx n ncenocnyuanntx nocneonarentnocren
Fnaea 3
Ocnonnme npo1oxonm
3.1 Omen knmuamn
3.2 Vocronepenne nonnnnocrn
3.3 Vocronepenne nonnnnocrn n omen knmuamn
3.4 uopmantntn ananns nporokonon nponepkn nonnnnocrn n omena knmuamn
3.5 Kpnnrorpa|nx c neckontknmn orkptrtmn knmuamn
3.6 Pasenenne cekpera
3.7 Conmecrnoe ncnontsonanne cekpera
3.8 Kpnnrorpa|nueckax samnra as anntx
Fnaea 4
Hpoueay1ounme npo1oxonm
4.1 Cnyxt merok npemenn
4.2 Hocosnarentntn kanan
4.3 Heorpnnaemte nn|ponte nonncn
4.4 Honncn ynonnomouennoro cnnerenx
4.5 Honncn no onepennocrn
4.6 Ipynnonte nonncn
4.7 Honncn c onapyxennem noenkn
4.8 Btuncnennx c samn|ponanntmn anntmn
4.9 Bpyuenne nron
4.10 Hopactnanne "uecrnon" monert
4.11 Mtcnenntn nokep
4.12 Ononanpannennte cymmaropt
4.13 Packptrne cekperon "nce nnn nnuero"
4.14 Vcnonnoe npyuenne knmuen
Fnaea #
Pasnn1me npo1oxonm
5.1 okasarentcrna c nynentm snannem
5.2 Hcnontsonanne okasarentcrna c nynentm snannem nx nenrn|nkannn
5.3 Cnente nonncn
5.4 hnunocrnax kpnnrorpa|nx c orkptrtmn knmuamn
5.5 Paccexnnax nepeaua
5.6 Paccexnnte nonncn
5.7 Ononpemennax nonnct konrpakra
5.8 3nekrponnax noura c nornepxennem
5.9 Ononpemenntn omen cekperamn
Fnaea 6
3so1epnuecxne npo1oxonm
6.1 Fesonacnte ntopt
6.2 Fesonacnte ntuncnennx c neckontknmn yuacrnnkamn
6.3 Anonnmnax mnpokonemarentnax nepeaua coomennn
6.4 3nekrponnte nannunte
Hac1u 11 Kpnn1orpaqnueckne ue1opm
Fnaea 7
nnna xnmua
7.1 nnna cnmmerpnunoro knmua
7.2 nnna orkptroro knmua
7.3 Cpannenne nnn cnmmerpnuntx n orkptrtx knmuen
7.4 Bckptrne n ent poxennx npornn ononanpannenntx x+m-|ynknnn
7.5 Kakon onxnt trt nnna knmua?
7.6 Caveat emptor
Fnaea 8
Ynpannenne xnmuaun
8.1 Ienepannx knmuen
8.2 Hennnennte npocrpancrna knmuen
8.3 Hepeaua knmuen
8.4 Hponepka knmuen
8.5 Hcnontsonanne knmuen
8.6 Ononnenne knmuen
8.7 Xpanenne knmuen
8.8 Pesepnnte knmun
8.9 Ckomnpomernponannte knmun
8.10 Bpemx xnsnn knmuen
8.11 Paspymenne knmuen
8.12 Vnpannenne orkptrtmn knmuamn
Fnaea 9
Tnnm anropn1uon n xpnn1orpaqnuecxne peanum
9.1 Pexnm +nekrponnon mn|ponantnon knnrn
9.2 Honrop noka
9.3 Pexnm cnennennx nokon mn|pa
9.4 Horokonte mn|pt
9.5 Camocnnxponnsnpymmnecx norokonte mn|pt
9.6 Pexnm oparnon cnxsn no mn|py
9.7 Cnnxponnte norokonte mn|pt
9.8 Pexnm ntxonon oparnon cnxsn
9.9 Pexnm cuerunka
9.10 pyrne pexnmt nountx mn|pon
9.11 Btop pexnma mn|pa
9.12 Hpocnannanne
9.13 Fnounte mn|pt npornn norokontx mn|pon
Fnaea 10 (Tekcf rnaeL ua aurnuckor, IHHO. Hepeeopuk, noxoe, ycfan :-)
Hcnonnsonanne anropn1uon
10.1 Btop anropnrma
10.2 Kpnnrorpa|nx c orkptrtm knmuom npornn cnmmerpnunon kpnnrorpa|nn
10.3 Bn|ponanne kommynnkannonntx kananon
10.4 Bn|ponanne xpannmtx anntx
10.5 Annaparnoe mn|ponanne npornn nporpammnoro mn|ponannx
10.6 Komnpeccnx, konponanne n mn|ponanne
10.7 Btxnnenne mn|ponannx
10.8 Ckptrne mn|prekcra n mn|prekcre
10.9 Paspymenne nn|opmannn
Hac1u 111 Kpnn1orpaqnueckne anropn1um
Fnaea 11
Ma1eua1nuecxne ocnonm
11.1 Teopnx nn|opmannn
11.2 Teopnx cnoxnocrn
11.3 Teopnx uncen
11.4 Pasnoxenne na mnoxnrenn
11.5 Ienepannx npocroro uncna
11.6 nckpernte norapn|mt n koneunom none
Fnaea 12
C1anap1 mnqponannu annmx DES
12.1 Bneenne
12.2 Onncanne DES
12.3 Fesonacnocrt DES
12.4 n||epennnantntn n nnnenntn kpnnroananns
12.5 Peantnte kpnrepnn npoekrnponannx
12.6 Bapnanrt DES
12.7 Hackontko esonacen ceronx DES?
Fnaea 13
pyrne nounme mnqpm
13.1 LUCIEER
13.2 MADRYGA
13.3 NewDES
13.4 EEAL
13.5 REDOC
13.6 LOKI
13.7 KHUEU n KHAERE
13.8 RC2
13.9 IDEA
13.10 MMB
13.11 CA-1.1
13.12 SKIPJACK
Fnaea 14
H eme o nounmx mnqpax
14.1 IOCT
14.2 CAST
14.3 BLOWEISH
14.4 SAEER
14.5 3-WAY
14.6 CRAB
14.7 SXAL8/MBAL
14.8 RC5
14.9 pyrne nounte anropnrmt
14.10 Teopnx npoekrnponannx nounoro mn|pa
14.11 Hcnontsonanne ononanpannenntx x+m-|ynknnn
14.12 Btop nounoro anropnrma
Fnaea 15
Oennenne nounmx mnqpon
15.1 nonnoe mn|ponanne
15.2 Tponnoe mn|ponanne
15.3 Vnoenne nnnt noka
15.4 pyrne cxemt mnorokparnoro mn|ponannx
15.5 Vmentmenne nnnt knmua n CDME
15.6 Orennnanne
15.7 Mnorokparnoe nocneonarentnoe ncnontsonanne nountx anropnrmon
15.8 Oennenne neckontknx nountx anropnrmon
Fnaea 16
Ienepa1opm ncenocnyuannmx nocneona1ennnoc1en n no1oxonme mnqpm
16.1 hnnennte konrpy+nrnte reneparopt
16.2 Cnnronte perncrpt c nnnennon oparnon cnxstm
16.3 Hpoekrnponanne n ananns norokontx mn|pon
16.4 Horokonte mn|pt na ase LESR
16.5 A5
16.6 Hughes XPD/KPD
16.7 Nanoteq
16.8 Rambutan
16.9 Anrnnnte reneparopt
16.10 Gifford
16.11 Anropnrm M
16.12 PKZIP
Fnaea 17
pyrne no1oxonme mnqpm n renepa1opm nac1oumnx cnyuannmx
nocneona1ennnoc1en
17.1 RC4
17.2 SEAL
17.3 WAKE
17.4 Cnnronte perncrpt c oparnon cnxstm no nepenocy
17.5 Horokonte mn|pt, ncnontsymmne ECSR
17.6 Cnnronte perncrpt c nennnennon oparnon cnxstm
17.7 pyrne norokonte mn|pt
17.8 Cncremno-reopernuecknn noxo k npoekrnponannm norokontx mn|pon
17.9 Cnoxnocrno-reopernuecknn noxo k npoekrnponannm norokontx mn|pon
17.10 pyrne noxot k npoekrnponannm norokontx mn|pon
17.11 Bn|pt c kackaom neckontknx norokon
17.12 Btop norokonoro mn|pa
17.13 Ienepannx neckontknx norokon ns onoro reneparopa ncenocnyuannon nocneonarentnocrn
17.14 Ieneparopt peantntx cnyuanntx nocneonarentnocren
Fnaea 18
Ononanpannennme x+m-qynxnnn
18.1 Ocnont
18.2 Snefru
18.3 -x+m
18.4 MD4
18.5 MD5
18.6 MD2
18.7 Anropnrm esonacnoro x+mnponannx ( Secure Hash Algorithm, SHA)
18.8 RIPE-MD
18.9 HAVAL
18.10 pyrne ononanpannennte x+m-|ynknnn
18.11 Ononanpannennte x+m-|ynknnn, ncnontsymmne cnmmerpnunte nounte anropnrmt
18.12 Hcnontsonanne anropnrmon c orkptrtm knmuom
18.13 Btop ononanpannennon x+m-|ynknnn
18.14 Kot nponepkn nonnnnocrn coomennx
Fnaea 19
Anropn1um c o1xpm1mun xnmuaun
19.1 Ocnont
19.2 Anropnrmt pmksaka
19.3 RSA
19.4 Pohlig-Hellman
19.5 Rabin
19.6 ElGamal
19.7 McEliece
19.8 Kpnnrocncremt c +nnnnrnuecknmn kpnntmn
19.9 LUC
19.10 Kpnnrocncremt c orkptrtm knmuom na ase koneuntx anromaron
Fnaea 20
Anropn1um nnqponon nonncn c o1xpm1mu xnmuou
20.1 Anropnrm nn|ponon nonncn (DIGITAL SIGNATURE ALGORITHM, DSA)
20.2 Bapnanrt DSA
20.3 Anropnrm nn|ponon nonncn IOCT
20.4 Cxemt nn|ponon nonncn c ncnontsonannem nckperntx norapn|mon
20.5 ONG-SCHNORR-SHAMIR
20.6 ESIGN
20.7 Knerounte anromart
20.8 pyrne anropnrmt c orkptrtm knmuom
Fnaea 21
Cxeum nen1nqnxannn
21.1 EEIGE-EIAT-SHAMIR
21.2 GUILLOU-QUISQUATER
21.3 SCHNORR
21.4 Hpeopasonanne cxem nenrn|nkannn n cxemt nonncn
Fnaea 22
Anropn1um ouena xnmuaun
22.1 DIEEIE-HELLMAN
22.2 Hporokon "rouka-rouka"
22.3 Tpexnpoxontn nporokon Bamnpa
22.4 COMSET
22.5 Omen samn|ponanntmn knmuamn
22.6 3amnmennte neperonopt o knmue
22.7 Pacnpeenenne knmua nx kon|epennnn n cekpernax mnpokonemarentnax nepeaua
Fnaea 23
Cnennannnme anropn1um nu npo1oxonon
23.1 Kpnnrorpa|nx c neckontknmn orkptrtmn knmuamn
23.2 Anropnrmt pasenennx cekpera
23.3 Hocosnarentntn kanan
23.4 Heorpnnaemte nn|ponte nonncn
23.5 Honncn, nornepxaemte onepenntm nnnom
23.6 Btuncnennx c samn|ponanntmn anntmn
23.7 Fpocanne "uecrnon" monert
23.8 Ononanpannennte cymmaropt
23.9 Packptrne cekperon "nce nnn nnuero"
23.10 uecrnte n orkasoycronunnte kpnnrocncremt
23.11 ZERO-KNOWLEDGE PROOES OE KNOWLEDGE
23.12 Cnente nonncn
23.13 Hepeaua c satnannem
23.14 Fesonacnte ntuncnennx c neckontknmn yuacrnnkamn
23.15 Bepoxrnocrnoe mn|ponanne
23.16 Knanronax kpnnrorpa|nx
Hac1u 18 Peanunm unp
Fnaea 24
Hpnuepm peannsannn
24.1 Hporokon ynpannennx cekperntmn knmuamn komnannn IBM
24.2 MITRENET
24.3 ISDN
24.4 STU-III
24.5 KERBEROS
24.6 KRYPTOKNIGHT
24.7 SESAME
24.8 Omax kpnnrorpa|nueckax apxnrekrypa IBM
24.9 Cxema nponepkn nonnnnocrn ISO
24.10 Houra c nontmennon cekpernocrtm PRIVACY-ENHANCED MAIL (PEM)
24.11 Hporokon esonacnocrn coomennn
24.12 PRETTY GOOD PRIVACY (PGP)
24.13 Hnrennekryantnte kaproukn
24.14 Cranaprt kpnnrorpa|nn c orkptrtmn knmuamn
24.15 Vnnnepcantnax cncrema +nekrponntx nnarexen
24.16 CLIPPER
24.17 CAPSTONE
24.18 Fesonacntn rene|on AT&T MODEL 3600 TELEPHONE SECURITY DEVICE (TSD)
Fnaea 25
Honn1nxa
25.1 Arenrcrno nannonantnon esonacnocrn (NSA)
25.2 Hannonantntn nenrp komntmrepnon esonacnocrn (NCSC)
25.3 Hannonantntn nncrnryr cranapron n rexnnkn
25.4 RSA Data Security, Inc.
25.5 PUBLIC KEY PARTNERS
25.6 Mexynaponax acconnannx kpnnronornuecknx nccneonannn
25.7 Onenka npnmnrnnon nenocrnocrn RACE (RIPE)
25.8 Vcnonntn ocryn nx Enpont (CAEE)
25.9 ISO/lEC 9979
25.10 Hpo|eccnonantnte n npomtmnennte rpynnt, a rakxe rpynnt samnrn nkon rpaxancknx cnoo
25.11 Sci.crypt
25.12 Bn|ponankn
25.13 Harenrt
25.14 3kcnoprnoe sakonoarentcrno CBA
25.15 3kcnopr n nmnopr kpnnrorpa|nn sa pyexom
25.16 Hpanonte nonpoct
Ma11 Bnes. Docnecnonne
Hac1u 8 Hcxopnme kopm
1. DES
2. LOKI91
3. IDEA
4. GOST
5. BLOWEISH
6. 3-WAY
7. RC5
8. A5
9. SEAL
Bnnnorpaqnn
Hpnxnanau xpnn1orpaqnu
2-e nsanne
Hpo1oxonm, anropn1um n ncxonme
1exc1m na usmxe C
Bpmc Hnanep
Dpepncnonne
Yn1qnnp nqqn
Hcropnx nnreparypt no kpnnrorpa|nn onontno nmontrna . Cekpernocrt, koneuno xe, ncera nrpana naxnym
pont, no o Hepnon mnponon nonnt o naxntx paspaorkax npemx or npemenn coomanoct n neuarn n kpnnrorp a-
|nx pasnnnanact rakxe, kak n pyrne cnennannsnponannte ncnnnnnnt. B 1918 roy n nne nayunoro oruera u a-
crnon haoparopnn Pnnep+nk ntmna n cner monorpa|nx Bnntxma u. upnmana Horasame.i coenaoeuu u eeo
npu+eueuu e rpunmoepaquu (Index of Coincidence and Its Applications in Crvptographv ) |577], ona ns onpee-
nxmmnx paor 20-ro cronernx. H +ro necmorpx na noenntn sakas, no koropomy tna cenana +ra paora. B rom xe
roy 3nap X. Xeepn ns Oknena, Kann|opnnx, nonyunn nepntn narenr |710] na poropnym mamnny, ycrponcr-
no, na koropom ocnontnanact noennax kpnnrorpa|nx n reuenne nourn 50 ner.
Hocne Hepnon mnponon nonnt, onako, nce nsmennnoct. Oprannsannn apmnn n |nora Coennenntx Braron,
nonnocrtm sacekpernn cnon paort, onnnct |ynamenrantntx ycnexon n kpnnrorpa|nn. B reuenne 30 -x n 40-x
roon n orkptron nnreparype no annomy npemery noxnnxnnct rontko orentnte ocnonnte paort n monorp a-
|nn, no uem antme, rem mentme onn coornercrnonann peantnomy nonoxennm en. K konny nonnt nepexo no n-
nocrtm sanepmnncx. Orkptrax nnreparypa ymepna sa ncknmuennem onoro samernoro ncknmuennx, paort Knoa
B+nnona "The Communication Theory of Secrecy systems" ( Teopu cesu +ewov cerpemui+u cucme+a+u ), nane-
uarannon n 1949 roy n Bell Svstem Technical Journal |1432]. 3ra crartx, kak n paora upnmana n 1918 roy,
xnnnact pesyntrarom nccneonannn B+nnona no npemx nonnt. Hocne okonuannx Bropon mnponon nonnt ona tna
paccekpeuena, nosmoxno no omnke.
C 1949 no 1967 nnreparypa no kpnnrorpa|nn tna eccoepxarentnon. B 1967 roy ona nononnnnact paoron
pyroro rnna, ncropnen +nna Kana euuqpoeuru (The Codebreakers) |794]. B +ron knnre ne tno nontx
nen, no ona coepxana ocrarouno nonnym ncropnm npemera, nknmuax ynomnnanne o nekoroptx nemax, nce
eme sacekpeuenntx npannrentcrnom. 3nauenne euuqpoeuroe saknmuanoct ne rontko n snaunrentnom oxnare
npemera, knnra nmena samerntn kommepuecknn ycnex n nosnakomnna c kpnnrorpa|nen rtcxun nmen, pantme n
ne saymtnanmnxcx o ee cymecrnonannn. Tonentknm pyuenkom nauann noxnnxrtcx nonte paort no kpnnrorp a-
|nn.
Hourn n ro xe npemx Xopcra uencrena, panee paoranmero na npnopom "cnon/uyxon" nx BBC, na ncm
antnenmym xnsnt oxnarnna crpacrt k kpnnrorpa|nn, n on nepemen n Vorcononckym haoparopnm |npmt IBM,
pacnonoxennym n Hopkrayn Xanrc, Htm-Hopk. Tam on nauan paspaorky roro, uro sarem crano cranaprom DES
(U.S. Data Encryption Standard, Cranapr mn|ponannx anntx Coennenntx Braron). B nauane 70-x roon IBM
onynnkonana px rexnnuecknx orueron no kpnnrorpa|nn, ntnonnenntx uencrenom n ero konneramn |1482, 1484,
552].
Takono tno nonoxenne, kora n konne 1972 roa x nauan paorart n +ron onacrn. hnreparypa no kpnnr o-
rpa|nn onntnon ne tna, no n nen moxno tno nanrn px cnepkammnx camopokon.
B kpnnrorpa|nueckon nayke ecrt ocoennocrt, orcyrcrnymmax n otuntx akaemnuecknx ncnnnnnnax: neo -
xonmocrt nsanmoencrnnx kpnnrorpa|nn n kpnnroanannsa. Hpnunnon +roro xnnxercx orcyrcrnne rpeonannn k
nepeaue peantnon nn|opmannn, cneonarentno, nerpyno npenoxnrt cncremy, koropax kaxercx nenorpemnmon.
Mnorne akaemnueckne paspaorkn nacrontko cnoxnt, uro yymnn kpnnroanannrnk ne snaer c uero nauart. O -
napyxnrt tpt n +rnx npoekrax namnoro cnoxnee, uem paspaorart nx. B pesyntrare nenosmoxno copennonanne,
xnnxmmeecx onnm ns cnntnenmnx mornnon n akaemnuecknx nccneonannn.
Kora Maprnn Xennman n x n 1975 roy npenoxnnn kpnnrorpa|nm c orkptrtmn knmuamn |496], onnm ns
kocnenntx acnekron namero npenoxennx tno noxnnenne nponemt, pemenne koropon ne kaxercx npocrtm.
Tenept uecronmnntn npoekrnponmnk mor cosart uro-ro - nnonne pasymnym kpnnrocncremy, pemammym onee
omnpnte saaun, uem npocroe npenpamenne snaunmoro rekcra n uenyxy. B pesyntrare snaunrentno nospocno
uncno nmen, sannmammnxcx kpnnrorpa|nen, uncno npononmtx ncrpeu n uncno onynnkonanntx knnr n craren.
B peun no nonoy npncyxennx mne conmecrno c Maprnnom Xennmanom npemnn onanta E. unnka
(npncyxaemon sa nyumym noxcnnrentnym crartm n xypnane IEEE) x ckasan, uro, nanncan "Privacy and Authenti-
cation" ("Cekpernocrt n yocronepenne nonnnnocrn"), x nonyunn ontr, koroptn neotuen axe nx ntammn x-
cx yuentx, nonyunnmnx npemnn IEEE. nanncan crartm, koropym x xoren t nsyunrt, kora x nnepnte ceptesno
sannrepeconancx kpnnrorpa|nen, n koropym ne cmor nanrn. Ecnn t x ceronx ornpannncx n Cr+n|opckym n -
nnoreky n copan t conpemennte paort no kpnnrorpa|nn, x, nosmoxno, nonyunn t npecrannenne o npemere
ropaso pantme. Ho ocentm 1972 roa tnn ocrynnt rontko neckontko knaccnuecknx paor n px rymanntx
rexnnuecknx orueron.
V ceronxmnero nccneonarenx ner rakon nponemt. Ceronx ocnonnax cnoxnocrt cocronr n ntope, c uero
nauart cpen rtcxu craren n ecxrkon knnr. A ceronxmnne nporpammncrt n nnxenept, koropte npocro xorxr
ncnontsonart kpnnrorpa|nm? K kaknm ncrounnkam nm opamartcx? o cnx nop neoxonmo tno npononrt
onrne uact, ntncknnax nayunym nnreparypy n nsyuax ee, npexe uem yananoct nauart paspaorky kpnnrorp a-
|nuecknx npnnoxennn, rak rnako onncanntx n nonynxpntx crartxx.
Hmenno +ror npomexyrok n npnsnana sanonnnrt Hpur.aoua rpunmoepaqu Fpmca Bnanepa. Hauan c nenen
sacekpeunnannx nepeaun anntx n +nemenrapntx npnmepon nporpamm nx ocrnxennx +rnx nenen, Bnanep pa s-
nopaunnaer nepe namn nanopamy pesyntraron 20 ner orkptrtx nccneonannn. Coepxanne knnrn nonnocrtm
onpeenxercx ee nasnannem, nt nanere n nen onncanne pasnnuntx npnnoxennn, or sacekpeunnannx rene|onnoro
pasronopa o +nekrponntx ener n kpnnrorpa|nueckoro oecneuennx ntopon.
He yonnernopenntn npocrtm nsnoxennem anropnrmon n onncannem koa, Bnanep nknmunn n knnry ocy x-
enne pasnnuntx mnpontx oprannsannn, cnxsanntx c paspaorkon n npnmenennem kpnnrorpa|nuecknx cpecrn,
or Mexynaponon acconnannn kpnnronornuecknx nccneonannn o NSA (National Security Agency, Arenrcrno
nannonantnon esonacnocrn).
Kora na pyexe 70-x n 80-x roon nospoc omecrnenntn nnrepec k kpnnrorpa|nn, NSA, o|nnnantntn kpnn-
rorpa|nueknn opran CBA, npenpnnxno px nontrok noannrt +ror nnrepec. Hepnon rakon nontrkon tno
nnctmo craporo corpynnka NSA, no nnnmomy encrnonanmero no cnoemy ycmorpennm. Hnctmo tno nocnano n
IEEE n npeynpexano, uro nynnkannx marepnanon no kpnnrorpa|nn xnnxercx napymennem Hpannn mexyn a-
ponon npoaxn opyxnx (International Traffic in Arms Regulations, ITAR) . 3ra rouka spennx, kak okasanoct, ne
noepxnnaemax camnmn npannnamn, n xnnom nne coepxamnmn ntrort nx nynnkyemtx marepnanon, cosana
neoxnannym peknamy ncnontsonannm kpnnrorpa|nn n Cemnnapy no reopnn nn|opmannn 1977 roa.
Fonee ceptesnax nontrka tna npenpnnxra n 1980 roy, kora NSA |nnancnponano nsyuenne nonpoca Ame-
pnkancknm conerom no opasonannm c nentm yenrt Konrpecc ysakonnrt konrpont na nynnkannxmn n onacrn
kpnnrorpa|nn. Pesyntrart, okasanmnecx aneknmn or oxnannn NSA, npnnenn k nporpamme oponontnoro pe-
nensnponannx paor no kpnnrorpa|nn. Or nccneonarenen norpeonann nepe nynnkannen sanpamnnart mnenne
NSA, ne npnnecer nn packptrne pesyntraron nccneonannn npe nannonantntm nnrepecam.
K cepenne 80-x roon ocnonntm oekrom nnnmannx crana ne reopnx, a npakrnka kpnnrorpa|nn. Cymec r-
nymmne sakont amr NSA npano c nomomtm Iocenapramenra perynnponart +kcnopr kpnnrorpa|nueckoro o o-
pyonannx. Tak kak nsnec nce ontme n ontme npnnnmaer mexynapontn xapakrep n amepnkanckax uacrt m n-
ponoro ptnka ymentmaercx, nospacraer xenanne ncnontsonart enntn npoykr n nx nnyrpennero, n nx nnemn e-
ro ptnka. Takne npoykrt xnnxmrcx cyekramn konrponx na +kcnoprom, n no+romy NSA nonyunno nosmoxnocrt
konrponnponart ne rontko +kcnoprnpyemte kpnnrorpa|nueckne npoykrt, no n npoanaemte n Coennenntx
Brarax.
B ro npemx, kora nncannct +rn crpokn, nosnnkno nonoe npenxrcrnne nx omecrnennoro ncnontsonannx kpn n-
rorpa|nn. Hpannrentcrno ononnnno mnpoko onynnkonanntn n ncnontsyemtn anropnrm DES sacekpeuenntm
anropnrmom, peannsonanntm n mnkpocxemax namxrn, nesanncxmen or npemenn. 3rn mnkpocxemt yyr coepxart
kon|nnnponanntn mexannsm npannrentcrnennoro konrponx. Orpnnarentnte acnekrt rakon nporpa m-
mt-rpoxnckoro konx npocrnpamrcx or norennnantno rynrentnoro packptrnx rannt nnu nocrn o ntcokon cron-
mocrn annaparnon moepnnsannn npoykron, panee peannsonanntx nporpammno. Taknm opasom, npenaraemoe
nononneenne ne ntsnano +nrysnasma n noneprnoct mnpokon kpnrnke, ocoenno co cropont nesanncnmtx kpn n-
rorpa|on. Px nmen, onako, nnxr cnoe yymee n nporpammnponannn, a ne n nonnrnke n ynannamr cnon yc n-
nnx, crpemxct npecrannrt mnpy momnte cpecrna kpnnrorpa|nn.
3naunrentnoe orcrynnenne or nosmoxnocrn roro, uro sakon o konrpone na +kcnoprom ormennr Hepnym n o-
npanky
1
, kasanoct tno cenan n 1980 roy, kora n onynnkonannte n Federal Register ncnpannennx ITAR nomno
cneymmee nonoxenne: "...nonoxenne tno oanneno c nentm nokasart, uro perynnponanne +kcnopra rexnnu e-
cknx anntx ne npnneer k kon|nnkry c npanamn nnunocrn, onpeenxemtmn Hepnon nonpankon". Ho ro, uro ko n-
|nnkr mexy Hepnon nonpankon n sakonamn o konrpone na +kcnoprom ne paspemen okonuarentno, onxno trt
ouennno ns saxnnennn, cenanntx na kon|epennnn, npononmon RSA Data Security. Hpecrannrent NSA ns or-
ena konrponx na +kcnoprom ntpasnn mnenne, uro nmn, nynnkymmne kpnnrorpa|nueckne nporpammt, nax o-
xrcx " n cepon sone" no ornomennm k sakony. Ecnn +ro rak, ro nmenno +ry "cepym sony" nemnoro ocnernno nepnoe
nsanne +ron knnrn. 3kcnopr npnnoxennn nx +ron knnrn tn paspemen c nornepxennem roro, uro onynnk o-
nannte marepnant ne nonaamr no mpncnknnm Conera no konrponm na noopyxennem. Onako, +kcnoprnp o-
nart onynnkonannte nporpammt na ncke tno sanpemeno.
Hsmenenne crparernn NSA or nontrok konrponnponart kpnnrorpa|nueckne nccneonannx k ycnnennm peryn n-
ponannx n onacrn paspaorkn n pasneprtnannx kpnnrorpa|nuecknx npoykron no nnnmomy oycnonneno oco s-
nannem roro, uro nce nennuanmne kpnnrorpa|nueckne paort ne samnrnnn nn onoro nra nn|opmannn. Fyyun
1
K koncrnrynnn CBA
nocrannen n mka|, +ror rom ne cenaer nnuero nonoro no cpannennm c npemecrnymmnmn knnramn n paoramn,
no ncnontsonanne ero coepxannx na paouen crannnn, re nnmercx kpnnrorpa|nuecknn ko, moxer npnnecrn k
nnomy pesyntrary.
Vnr|nn n||n
Maynr+nn Btm, Kann|opnnx.
Bnepenne
Kpnnrorpa|nx tnaer nyx rnnon: kpnnrorpa|nx, koropax nomemaer unrart namn |annt namen mnamen c e-
crpe, n kpnnrorpa|nx, koropax nomemaer unrart namn |annt xxm ns npannrentcrna. 3ra knnra o nropom rnne
kpnnrorpa|nn.
Ecnn x epy nnctmo, knay ero n cen| re-nnyt n Htm-Hopke, sarem nenm Bam npounrart +ro nnctmo, ro +ro
ne esonacnocrt. 3ro nenonxrno uro. C pyron cropont, ecnn x epy nnctmo n knay ero n cen|, sarem nepeam
+ror cen| Bam nmecre c erantntm onncannem, nepeam rakxe cornm noontx cen|on c nx komnnannxmn, ur o-
t Bt n nyumne "menexarnnkn" mnpa mornn nsyunrt cncremy samkon, a nt nce panno ne cmoxere orkptrt cen|
n npounrart nnctmo - nor +ro n ecrt esonacnocrt.
B reuenne mnornx ner +ror rnn kpnnrorpa|nn ncnontsonancx ncknmunrentno n noenntx nenxx. Arenrcrno n a-
nnonantnon esonacnocrn Coennenntx Braron Amepnkn (National Security Agency, NSA) n ero ananorn n tn-
mem Conerckom Comse, Anrnnn, upannnn, Hspanne n npounx crpanax rparnnn mnnnnapt onnapon na ouent
ceptesnym nrpy n oecneuenne esonacnocrn cocrnenntx nnnnn cnxsn, ononpemenno ntraxct nsnomart nce o c-
rantnte. Orentnte nnunocrn, onaammne snaunrentno mentmnmn cpecrnamn n ontrom, tnn ecnomomnt
samnrnrt cnon cekpert or npannrentcrn.
B reuenne nocnennx 20 ner snaunrentno ntpoc oem orkptrtx akaemnuecknx nccneonannn. Hoka otunte
rpaxane ncnontsonann knaccnueckym kpnnrorpa|nm, co npemen Bropon mnponon nonnt komntmrepnax kpnnr o-
rpa|nx no ncem mnpe npnmenxnact ncknmunrentno n noennon onacrn. Ceronx nckyccrno komntmrepnon kpnnr o-
rpa|nn ntpnanoct ns cren noenntx neomcrn. Henpo|eccnonant nonyunnn nosmoxnocrt cpecrna, nosnonxmmne
nm oesonacnrt cex or morymecrnennenmnx npornnnnkon, cpecrna, oecneunnammne samnry or noenntx n e-
omcrn.
A nyxna nn otunomy uenoneky rakax kpnnrorpa|nx? a. hmn moryr nnannponart nonnrnueckym kamnannm,
ocyxart nanorn, necrn nesakonnte encrnnx. Onn moryr paspaartnart nonte nsennx, ocyxart ptnounym
nonnrnky nnn nnannponart saxnar konkypnpymmen |npmt. Onn moryr xnrt n crpane, koropax ne conmaer s a-
npera na nropxenne n nnunym xnsnt cnonx rpaxan. Onn moryr enart uro-nno, uro ne kaxercx nm nesakonntm,
xorx rakontm n xnnxercx. Ho mnornm npnunnam annte n nnnnn cnxsn onxnt trt nnuntmn, ranntmn n s a-
kptrtmn or nocroponnero ocryna.
3ra knnra ntxonr n cner n ecnokonnoe npemx. B 1994 roy amnnncrpannx Knnnrona npnnxna Cranapr y c-
nonnoro mn|ponannx (Escrowed Encryption Standard), nknmuax mnkpocxemy Clipper n nnary Eortezza, n npenpa-
rnno Fnnnt o Hn|ponon rene|onnn n sakon. 3rn nnnnnarnnt ntramrcx ynennunrt nosmoxnocrn npannrentcrna
npononrt +nekrponntn konrpont.
Bcrynamr n cnny nekoropte onacnenmne omtcnt Opy+nna: npannrentcrno nonyuaer npano npocnymnnart
nnunte neperonopt, a c uenonekom, ntrammnmcx ckptrt cnon cekpert or npannrentcrna, moxer uro-nnyt cn y-
unrtcx. 3akonoarentcrno ncera paspemano cnexky no pemennm cya, no nnepnte nmn camn onxnt npenp n-
nnmart kakne-ro marn, urot coe.amic oocmvnui+u nx cnexkn. 3rn nnnnnarnnt ne npocro npenoxennx npa-
nnrentcrna n nekon rymannon c|epe, +ro ynpexammax n onocroponnxx nontrka npncnonrt npexe npnnan e-
xamne nmxm npana.
3akononpoekrt o mnkpocxeme Clipper n Hn|ponon rene|onnn ne cnococrnymr coxpanennm rannt, no ecno u-
nenno sacrannxmr nmen cunrart, uro npannrentcrno ynaxaer nx rannt. Te xe camte nnacrn, koropte nesakonno
sannctnann rene|ont Maprnna hmrepa Knnra, moryr nerko npocnymart rene|on, samnmenntn mnkpocxemon
Clipper. B neannem npomnom nonnnenckne nnacrn na mecrax tnn npnnneuent k rpaxanckon nnn yrononnon
ornercrnennocrn sa nesakonnoe npocnymnnanne no mnornx cyax - n M+pnnene, Konnekrnkyre, Bepmonre,
xopxnn, Mnccypn n Henae. Hex pasnepnyrt rexnonornm, koropax moxer npnnecrn k noxnnennm nonnne n-
ckoro rocyapcrna - +ro nnoxax nex.
eno n rom, uro neocrarouno samnrnrt cex sakonamn, nam nyxno samnrnrt cex maremarnkon. Bn|pon a-
nne nmeer cnnmkom ontmoe snauenne, urot ocrannrt ee ncnontsonanne rontko npannrentcrnam .
3ra knnra cnanr Bac nncrpymenrapnem, nosnonxmmnm samnrnrt namn rannt. Hepeaua kpnnrorpa|nu e-
cknx npoykron moxer trt oxnnena nesakonnon, nepeaua nn|opmannn - nnkora .
Kax un1a1n +1y xnnry
nanncan Hpur.aouvr rpunmoepaqur kak xnnoe nneenne n kpnnrorpa|nm n kak nceoemnmmnn cnp a-
nounnk. ntrancx couerart unraemocrt rekcra c xeprnennon rounocrtm, no +ra knnra nncanact ne kak mare-
marnueckax paora. Xorx x ne nckaxan nn|opmannm ymtmnenno, roponxct, x onyckan reopnm . nx nnrepe-
cymmnxcx reopernuecknmn ntknakamn npnneent omnpnte cctnkn na akaemnueckym nnreparypy .
Inana 1 npecrannxer coon nneenne n kpnnrorpa|nm, onnctnaer mnoxecrno repmnnon, n nen kparko pa c-
cmarpnnaercx okomntmrepnax kpnnrorpa|nx .
Inant co 2 no 6 (uacrt I) onnctnamr kpnnrorpa|nueckne nporokont - uro nmn moryr cenart c nomomtm
kpnnrorpa|nn - or npocrtx (nepeaua mn|ponanntx coomennn or onoro uenoneka pyromy) o cnoxntx
(menkante moneron no rene|ony) n ranntx (cekpernoe n anonnmnoe opamenne +nekrponntx ener ). Hekoropte
ns +rnx nporokonon ouennnt, pyrne - ynnnrentnt. Mnoxecrno nmen n ne npecrannxer mnorne ns nponem,
koropte moxer pemnrt kpnnrorpa|nx.
Inant c 7 no 10 (uacrt II) coepxar ocyxenne meroon kpnnrorpa|nn. Bce +rn uertpe rnant naxnt nx
camtx pacnpocrpanenntx npnmenennn kpnnrorpa|nn. B rnanax 7 n 8 pacckastnaercx o knmuax: kakona onxna
trt nnna esonacnoro knmua, kak renepnponart, xpannrt n pacnpeenxrt knmun, n r.. Vnpannenne knmuamn
npecrannxer coon rpynenmym uacrt kpnnrorpa|nn n uacro xnnxercx axnnneconon nxron cncrem, esonacntx no
ncem ocrantnom. B rnane 9 paccmarpnnamrcx pasnnunte cnocot ncnontsonannx kpnnrorpa|nuecknx anropnrmon,
a rnana 10 onnctnaer ocoennocrn n nenn ncnontsonannx +rnx anropnrmon - kak nx ntnpart, peannsontnart n
npnmenxrt.
Inant c 11 no 23 (uacrt III) onnctnamr +rn anropnrmt. Inana 11 npecrannxer coon maremarnueckym asy n
xnnxercx oxsarentnon rontko, ecnn nt nnrepecyerect anropnrmamn c orkptrtmn knmuamn . Ecnn nt conpaerect
ncnontsonart DES (nnn uro-ro noxoxee), ee moxno nponycrnrt. B rnane 12 ocyxaercx anropnrm DES, ero nc-
ropnx, esonacnocrt n pasnonnnocrn. B rnanax 13, 14 n 15 pacckastnaercx o pyrnx nountx anropnrmax. Ecnn
nam nyxno uro-ro onee naexnoe uem DES, cpasy nepexonre k pasenam o IDEA n rponnom DES. Hpn xenannn
ysnart o rpynne anropnrmon, nekoropte ns koroptx moryr trt esonacnee DES, npounranre ncm rnany. B rnanax
16 n 17 ocyxamrcx norokonte anropnrmt. B rnane 18 nopono paccmarpnnamrcx ononanpannennte
x+m-|ynknnn, cpen koroptx camtmn xnnxmrcx MDS n SHA, xorx x ocranannnnamct n na mnornx pyrnx. B rna-
ne 19 paccmarpnnamrcx anropnrmt mn|ponannx c orkptrtm knmuom , a n rnane 20 - anropnrmt nn|ponon no-
nncn c orkptrtm knmuom. B rnane 21 ocyxamrcx anropnrmt nenrn|nkannn c orkptrtm knmuom , a n rnane
22 - anropnrmt omena c orkptrtm knmuom. Camtmn naxntmn xnnxmrcx anropnrmt RSA, DSA, unar-Bamnpa
(Eiat-Shamir) n n||n-Xenmana (Diffie-Hellman). Inana 23 coepxnr px +sorepnuecknx anropnrmon n nporok o-
non c orkptrtm knmuom, maremarnka n +ron rnane ocrarouno cnoxna, rak uro npncrernnre pemnn .
Inant 24 n 25 (uacrt IV) nepenocxr nac n peantntn mnp kpnnrorpa|nn. B rnane 24 ocyxamrcx nekoropte
conpemennte npnmenennx anropnrmon n nporokonon, n ro npemx kak rnana 25 kacaercx nekoroptx nonnrnuecknx
acnekron kpnnrorpa|nn. Hecomnenno, +rn rnant ne xnnxmrcx nceoxnartnammnmn .
B knnry rakxe nknmuent ncxonte kot 10 anropnrmon, paccmorpenntx n uacrn III. ne cmor nknmunrt nect
ko, koroptn xoren, ns-sa ero ontmoro oema, kpome roro, kpnnrorpa|nueckne kot n nmom cnyuae nentsx
+kcnoprnponart. (hmontrno, uro Iocenapramenr paspemnn +kcnoprnponart nepnoe nsanne +ron knnrn c n c-
xontm koom, no ne paspemnn +kcnoprnponart komntmrepntn nck c remn xe ncxontmn koamn. Cmorpn p n-
cynok.) Coornercrnymmnn naop nckon c ncxontm koom coepxnr cymecrnenno ontme ncxontx koon, uem
x cmor nknmunrt n +ry knnry, nosmoxno, +ro camax ontmax noopka kpnnrorpa|nuecknx ncxontx koon, no x-
nnnmaxcx sa npeenamn noenntx neomcrn. Cenuac x mory nepecnart +rn nckn c ncxontm koom rontko rpa x-
anam CBA n Kanat, xnnymnm n +rnx crpanax, no, nosmoxno, kora-nnyt nce nsmennrcx. Ecnn nt conpa e-
rect ncnontsonart nnn nonpoonart +rn anropnrmt, oytre nck . Hoponocrn na nocnenen crpannne knnrn. .
K neocrarkam +ron knnrn ornocnrcx ro, uro ns-sa ee +nnnknonenueckon npnpot nocrpaana unraemocrt
knnrn. xoren nanncart enntn cnpanounnk nx rex, kro mor ncrpernrtcx c kaknm-nno anropnrmom n akaem n-
ueckon nnreparype nnn npn ncnontsonannn kakoro-ro npoykra , n sapanee nsnnnxmct nepe remn, kro pastcknna-
er yuenoe nocone. Bnepnte nce mnoxecrno cenannoro n kpnnrorpa|nn copano no onon onoxkon . Hecmor-
px na +ro, coopaxennx oema sacrannnn menx ocrannrt mnoroe sa npeenamn +ron knnrn, x nknmunn re remt,
koropte mne nokasannct naxntmn, npakrnuecknmn nnn nnrepecntmn. Ecnn x ne mor nonnocrtm oxnarnrt remy, x
npnnonn cctnkn na coornercrnymmne paort n crartn .
cenan nce, uro mor, ntraxct ntnonnrt n ncnpannrt nce omnkn n knnre, no mnorne nmn ynepxnn menx,
uro +ro nce panno nenosmoxno. Koneuno, no nropom nsannn omnok mentme, uem n nepnom. Hepeuent omnok
moxno nonyunrt y menx, on rakxe nepnonueckn pacctnaercx n renekon|epennnn Usenet sci.crypt. Ecnn kro-
nnyt ns unrarenen onapyxnr omnky, noxanyncra, nycrt coomnr mne o +rom. Kaxomy, kro nepntn on a-
pyxnr annym omnky n knnre, x ecnnarno nomnm nck c ncxontm koom .
Buaeoapuocmu
Hepeuent nmen, npnnoxnnmnx pyky k cosannm +ron knnrn, moxer nokasartcx eckoneuntm, no nce onn o c-
ronnt ynomnnannx. Mne xorenoct t nonaroapnrt ona Antnapeca ( Don Alvarez), Pocca Anepcona (Ross An-
derson), +nna Fennencona (Dave Balenson), Kapna Fapmca (Karl Barms), Crnna Fennonnna (Steve Bellovin), +na
Fepncranna (Dan Bernstein), 3nn Fanem (Ell Biham), xoan Foxp (Joan Boyar), Kapen Kynep (Karen Cooper), Bn-
ra n||n (Whit Diffie), xoan uenrenaym (Joan Eeigenbaum), unna Kana (Phil Karn), Hnna Konnna (Neal
Koblitz), Kcyena han (Xuejia Lai), Toma hepanra (Tom Leranth), Manka Mapkonnna (Mike Markowitz), Pant|a
Mepkna (Ralph Merkle), Fnnna Harrena (Bill Patten), Hnrepa Hnpcona (Peter Pearson), uapntsa H|nerepa (Charles
Pfleeger), Kena Hnnnnnn (Ken Pizzini), Fapra Hpenena (Bart Preneel), Mapka Pnopana (Mark Riordan), Hoaxnma
Bypmana (Joachim Schurman) n Mapka Bnapna (Marc Schwartz) sa urenne n peakrnponanne ncero nepnoro ns-
annx nnn ero uacren; Mapka Boknepa (Marc Vauclair) sa nepeno nepnoro nsannx na |pannyscknn; 3na Apa-
xama (Abe Abraham), Pocca Anepcona (Ross Anderson), +nna Fenncapa (Dave Banisar), Crnna Fennonnna (Steve
Bellovin), 3nn Fanem (Ell Biham), M+rra Fnmona (Matt Bishop), M+rra Fn+nsa (Matt Blaze), I+pn Kaprepa (Gary
Carter), +ana Komennma (Jan Comenisch), Knoa Kpeno (Claude Crepeau), xoan +nmon (Joan Daemon), Xopxe
annna (Jorge Davila), 3a oycona (Ed Dawson), Bnra n||n (Whit Diffie), Kapna 3nnncona (Carl Ellison),
xoan uenrenaym (Joan Eeigenbaum), Hnntca ueprmcona (Niels Eerguson), Marra upanknnna (Matt Eranklin),
Posapno Cennapo (Rosario Cennaro), nrepa Konmana (Dieter Collmann), Mapka Iopeckn (Mark Goresky), Pnuapa
Ip+nnmana (Richard Graveman), Crmapra Xaepa (Stuart Haber), xnnrmana Xe (Jingman He), Foa X+nra (Bob
Hague), Kennera Annepcona (Kenneth Iversen), Mapkyca xekocona (Markus Jakobsson), Fepra Kannckn (Burt
Kaliski), unna Kana (Phil Karn), xona Kencn (John Kelsey), xona Kennen (John Kennedy), hapca Knycena
(Lars Knudsen), Hona Kouepa (Paul Kocher), xona h+nnra (John Ladwig), Kcyena han (Xuejia Lai), Axena
hencrpt (Arjen Lenstra), Hona hennana (Paul Leyland), Manka Mapkonnna (Mike Markowitz), xnma M+ccn
(Jim Massey), Fpmca MakHenpa (Bruce McNair), Bnntxma Xtm Mmppex (William Hugh Murray), Poxepa Hnx+-
ma (Roger Needham), Knn|a Henmana (Clif Neuman), Kency Hanepr (Kaisa Nyberg), hmka O'Konnopa (Luke
O'Connor), Hnrepa Hnpcona (Peter Pearson), Pene Hepantra (Rene Peralta), Fapra Hpenena (Bart Preneel), Hspannx
Paan (Yisrael Radai), M+rra Pomoy (Matt Robshaw), Mankna Poy (Michael Roe), unna Pory+x (Phil Rogaway),
3nn Pynna (Avi Rubin), Hona Pynna (Paul Rubin), Cennnna Paccena (Selwyn Russell), Kasye Cako (Kazue Sako),
Maxmya Canmacnsaexa (Mahmoud Salmasizadeh), Mapkyca Cranepa (Markus Stadler), mnrpnx Tnrona
(Dmitry Titov), xnmmn Anrona (Jimmy Upton), Mapka Boknepa (Marc Vauclair), Cepxa Boenex (Serge Vaude-
nay), Ineona Rnana (Gideon Yuval), Inena 3opna (Glen Zorn) n mnornx estmxnntx npannrentcrnenntx cny-
xamnx sa urenne n peakrnponanne ncero nroporo nsannx nnn ero uacren ; hopn Fpayna (Lawrie Brown), hnsy
K+nn (Leisa Candle), xoan +nmon (Joan Daemon), Hnrepa Iyrmana (Peter Gutmann), Anana Hncnn (Alan
Insley), Kpnca xoncrona (Chris Johnston), xona Kencn (John Kelsey), Kcyena han (Xuejia Lai), Fnnna hennnn-
repa (Bill Leininger), Manka Mapkonnna (Mike Markowitz), Pnuapa Ayrpnxa (Richard Outerbridge), Hnrepa
Hnpcona (Peter Pearson), Kena Hnnnnnn (Ken Pizzini), K+nma Hnama (Calm Plumb), RSA Data Security, Inc.,
Mankna Poy (Michael Roe), Mankna Bya (Michael Wood) n unna Hnmmepmana (Phil Zimmermann) sa npeocran-
nennte ncxonte kot; Hona MakHepnana (Paul MacNerland) sa cosanne pncynkon k nepnomy nsannx; Kapen
Kynep (Karen Cooper) sa peakrnponanne nroporo nsannx; Fora upnmana (Both Eriedman) sa cnepky nroporo
nsannx; K+pon Kennen (K+pon Kennedy) sa paory na npemerntm ykasarenem nx nroporo nsannx ; unrarenen
sci.crypt n nouronoro cnncka Cypherpunks sa kommenrnponanne nen, ornert na nonpoct n nonck omnok nepnoro
nsannx; P+nn Cmcc (Randy Seuss) sa npeocrannenne ocryna k Internet; xe||a anrepmana (Jeff Duntemann)
n xona 3pnkcona (Jon Erickson) sa ro, uro nomornn mne nauart; cemtm Insley (n nponsnontnom nopxke) sa crn-
mynxnnm, nooymennenne, noepxky, ecet, pyxy n oet ; n AT&T Bell Labs, saxermen menx n cenanmen
nosmoxntm nce +ro. Bce +rn nmn nomornn cosart ropaso nyumym knnry, uem x t cmor cosart n onnouky .
Fpmc Bnanep
Oak Hapk, Hnnnnonc
schneiercounterpane.com
O an1ope
FPRC BHAHEP - npesnenr Counterpane Systems, Oak Hapk, Hnnnnonc, |npma-koncyntranr, cnennanns n-
pymmaxcx n kpnnrorpa|nn n komntmrepnon esonacnocrn . Fpmc rakxe nanncan E-Mail Securitv, John Wiley &
Sons, 1995, (Besonacuocmi o.ermpouuo no:mi) n Protect Your Macintosh, Peachpit Press, 1994, (3aumu ceo
Maruumou). On xnnxercx anropom mxnn craren no kpnnrorpa|nn n ocnonntx xypnanax . On rakxe copeakrop
Dr. Dobbs Journal (vpua. oormopa oooa), re on peakrnpyer kononky "Annex anropnrmon" , n copeakrop
Computer and Communications Securitv Reviews (Osop esonacnocrn komntmrepon n nnnnn cnxsn) . Fpmc nxonr
n coner npekropon Mexynaponon Acconnannn Kpnnronornuecknx Hccneonannn ( International Association for
Cryptologic Research), xnnxercx unenom Koncyntrannonnoro conera Henrpa Cekpernocrn 3nekrponnon Hn|opma-
nnn (Electronic Privacy Information Center ) n nxonr n komnrer nporpammt Cemnnapa no Hontm napanrmam
Fesonacnocrn (New Security Paradigms Workshop). K romy xe, on naxonr npemx nx uacrtx neknnn no kpnnr o-
rpa|nn, komntmrepnon esonacnocrn n cekpernocrn .
Fnana 1
Ocnonnme nonn1nn
1.1 Tepunnonornn
Omnpaeumeuo u nouyuameuo
Hpenonoxnm, uro ornpannrent xouer nocnart coomenne nonyuarenm . Fonee roro, +ror ornpannrent xouer
nocnart cnoe coomenne esonacno: on xouer trt ynepen, uro nepexnarnnmnn +ro coomenne ne cmoxer ero np o-
uecrt.
Cooueuua u uuqpoeauue
Camo coomenne nastnaercx o1xpm1mu 1exc1ou (nnora ncnontsyercx repmnn knep). Hsmenenne nna coo-
mennx rak, urot cnpxrart ero cyrt nastnaercx mnqponanneu. Bn|ponannoe coomenne nastnaercx mnqpo-
1exc1ou. Hponecc npeopasonannx mn|porekcra n orkptrtn rekcr nastnaercx emnqpnponanneu. 3ra nocne-
onarentnocrt nokasana na 0th.
(Ecnn nt xornre cneonart cranapry ISO 7498-2, ro n anrnnncknx rekcrax ncnontsynre repmnnt "enchipher"
nmecro " encrypt" ("samn|pontnart") n "dechipher" nmecro " decrypt" ("emn|pontnart")).
Hckyccrno n nayka esonacntx coomennn, nastnaemax xpnn1orpaqnen, nonnomaercx n xnsnt xpnn1orpa-
qaun. Kpnn1oanann1nxaun nastnamrcx re, kro nocroxnno ncnontsymr xpnn1oananns, nckyccrno n nayky
nsnamtnart mn|porekcr, ro ecrt, packptnart, uro naxonrcx no mackon . Orpacnt maremarnkn, oxnartnammax
kpnnrorpa|nm n kpnnroananns, nastnaercx kpnnronornen, a nmn, koropte en sannmamrcx, - xpnn1onoraun.
Conpemenntm kpnnronoram npnxonrcx nennoxo snart maremarnky .
Luqpoeauue
emuqpupoeauue
HepeouaanuuL
ofkpLfL fekcf
OfkpLfL fekcf
Luqpofekcf
Pnc. 1-1. Hnqponanne n emnqpnponanne
Oosnaunm orkptrtn rekcr kak M (or message, coomenne), nnn P (or plaintext, orkptrtn rekcr). 3ro moxer
trt norok nron, rekcrontn |ann, nronoe nsopaxenne, onn|ponanntn snyk, nn|ponoe nneonsopaxenne.
a uro yrono. nx komntmrepa M - +ro npocro nonunte annte. (Bo ncex cneymmnx rnanax +ron knnrn pac-
cmarpnnamrcx rontko nonunte annte n komntmrepnax kpnnrorpa|nx .) Orkptrtn rekcr moxer trt cosan
nx xpanennx nnn nepeaun. B nmom cnyuae , M - +ro coomenne, koropoe onxno trt samn|ponano .
Oosnaunm mn|porekcr kak C (or ciphertext). 3ro roxe nonunte annte, nnora roro xe pasmepa, uro n M,
nnora ontme. (Ecnn mn|ponanne conponoxaercx cxarnem, C moxer trt mentme uem M. Onako, camo mn|-
ponanne ne oecneunnaer cxarne nn|opmannn.) uynknnx mn|ponannx E encrnyer na M, cosanax C. Hnn, n ma-
remarnueckon sanncn:
E(M) C
B oparnom nponecce |ynknnx emn|pnponannx D encrnyer na C, noccranannnnax M.
D(C) M
Hockontky cmtcnom mn|ponannx n nocneymmero emn|pnponannx coomennx xnnxercx noccranonnenne ne p-
nonauantnoro orkptroro rekcra, onxno ntnonnxrtcx cneymmee panencrno :
D(E(M)) M
Hpoeepra nouuuuocmu, ueuocmuocmo u ueompuuauue aemopcmea
Kpome oecneuennx kon|nennnantnocrn kpnnrorpa|nx uacro ncnontsyercx nx pyrnx |ynknnn :
Hponepxa nonnnnoc1n. Honyuarent coomennx moxer nponepnrt ero ncrounnk, snoymtmnennnk ne
cmoxer samacknponartcx no koro-nno.
- Henoc1noc1n. Honyua1enn coomennu uoae1 nponepn1n, ne mno nn coomenne nsueneno n nponecce
oc1anxn, snoyummnennnx ne cuoae1 nouenn1n npannnnnoe coomenne noanmu.
- Heo1pnnanne an1opc1na. O1npann1enn ne cuoae1 noano o1pnna1n o1npanxy coomennu.
Cymecrnymr xnsnenno naxnte rpeonannx k omennm npn nomomn komntmrepon, rakxe kak cymecrnymr ana-
nornunte rpeonannx npn omennn nnnom k nnny. To, uro kro-ro xnnxercx nmenno rem, sa koro on cex ntaer .
uro utn-ro okymenrt - nonrentckne npana, mennnnckax crenent nnn nacnopr - nacroxmne . uro okymenr, no-
nyuenntn or koro-ro, nonyuen nmenno or +roro uenoneka. Kak pas +ro oecneunnamr nponepka nonnnnocrn,
nenocrnocrt n neorpnnanne anropcrna.
Aueopumm u rumuu
Kpnn1orpaqnuecxnn anropn1u, rakxe nastnaemtn mnqpou, npecrannxer coon maremarnueckym |ynk-
nnm, ncnontsyemym nx mn|ponannx n emn|pnponannx . (Otuno +ro ne cnxsanntx |ynknnn: ona nx mn |-
ponannx, a pyrax nx emn|pnponannx.)
Ecnn esonacnocrt anropnrma ocnonana na coxpanennn camoro anropnrma n ranne, +ro orpannuennmn anro-
pnrm. Orpannuennte anropnrmt npecrannxmr rontko ncropnuecknn nnrepec, no onn conepmenno ne coornerc r-
nymr ceronxmnnm cranapram. Fontmax nnn nsmenxmmaxcx rpynna nontsonarenen ne moxer ncnontsonart rakne
anropnrmt, rak kak ncxknn pas, kora nontsonarent noknaer rpynny, ee unent onxnt nepexonrt na pyron
anropnrm. Anropnrm onxen trt samenen n, ecnn kro-nnyt nsnne cnyuanno ysnaer cekper.
uro eme xyxe, orpannuennte anropnrmt ne onyckamr kauecrnennoro konrponx nnn cranaprnsannn. V ka x-
on rpynnt nontsonarenen onxen trt cnon ynnkantntn anropnrm . Takne rpynnt ne moryr ncnontsonart or-
kptrte annaparnte nnn nporpammnte npoykrt - snoymtmnennnk moxer kynnrt rakon xe npoykr n packptrt
anropnrm. Hm npnxonrcx paspaartnart n peannsontnart cocrnennte anropnrmt. Ecnn n rpynne ner xopomero
kpnnrorpa|a, ro kak ee unent nponepxr, uro onn nontsymrcx esonacntm anropnrmom?
Hecmorpx na +rn ocnonnte neocrarkn orpannuennte anropnrmt neotuanno nonynxpnt nx npnnoxennn c
nnsknm yponnem esonacnocrn. Hontsonarenn nno ne nonnmamr nponem, cnxsanntx c esonacnocrtm cnonx
cncrem, nno ne saorxrcx o nnx.
Conpemennax kpnnrorpa|nx pemaer +rn nponemt c nomomtm xnmua K. Takon knmu moxer trt nmtm
snauennem, ntpanntm ns ontmoro mnoxecrna. Mnoxecrno nosmoxntx knmuen nastnamr npoc1panc1nou
xnmuen. H mn|ponanne, n emn|pnponanne +ror knmu (ro ecrt, onn sanncxr or knmua, uro oosnauaercx nne k-
com K), n renept +rn |ynknnn ntrnxxr kak:
E
K
(M)C
D
K
(C)M
Hpn +rom ntnonnxercx cneymmee panencrno (cm -1-n):
D
K
(E
K
(M))M
nx nekoroptx anropnrmon npn mn|ponannn n emn|pnponannn ncnontsymrcx pasnnunte knmun (cm -2-n).
To ecrt knmu mn|ponannx, K
1
, ornnuaercx or coornercrnymmero knmua emn|pnponannx, K
2
. B +rom cnyuae:
E (M)C
D (C)M
D (E (M))M
K
K
K K
1
2
2 1
Fesonacnocrt +rnx anropnrmon nonnocrtm ocnonana na knmuax, a ne na eranxx anropnrmon. 3ro snaunr, uro
anropnrm moxer trt onynnkonan n npoanannsnponan. Hpoykrt, ncnontsymmne +ror anropnrm, moryr mnpoko
rnpaxnponartcx. He nmeer snauennx, uro snoymtmnennnky nsnecren nam anropnrm, ecnn emy ne nsnecren ko n-
kperntn knmu, ro on ne cmoxer npouecrt namn coomennx .
Kpnn1ocnc1eua npecrannxer coon anropnrm nnmc nce nosmoxnte orkptrte rekcrt, mn|porekcrt n knmun .
Luqpoeauue
emuqpupoeauue
HepeouaanuuL
ofkpLfL fekcf
OfkpLfL fekcf Luqpofekcf
Knk
Knk
Pnc. 1-2. Hnqponanne n emnqpnponanne c xnmuou
Luqpoeauue
emuqpupoeauue
HepeouaanuuL
ofkpLfL fekcf
OfkpLfL fekcf
Luqpofekcf
Knk
muqpoeauun
Knk
pemuqpupoeauun
Pnc. 1-3. Hnqponanne n emnqpnponanne c nyuu pasnnunmun xnmuaun
Cuempuuume aueopumm
Cymecrnyer na ocnonntx rnna anropnrmon, ocnonanntx na knmuax: cnmmerpnunte n c orkptrtm knmuom .
Cnuue1pnunme anropn1um, nnora nastnaemte ycnonntmn anropnrmamn, npecrannxmr coon anropnrmt, n
koroptx knmu mn|ponannx moxer trt paccunran no knmuy emn|pnponannx n naoopor . B ontmnncrne cnm-
merpnuntx anropnrmon knnun mn|ponannx n emn|pnponannx onn n re xe . 3rn anropnrmt, rakxe nastnaemte
anropnrmamn c cekperntm knmuom nnn anropnrmamn c onnm knmuom, rpeymr, urot ornpannrent n nonyuarent
cornaconann ncnontsyemtn knmu nepe nauanom esonacnon nepeaun coomennn . Fesonacnocrt cnmmerpnunoro
anropnrma onpeenxercx knmuom, packptrne knmua osnauaer, uro kro yrono cmoxer mn|ponart n emn|pnp o-
nart coomennx. Hoka nepeanaemte coomennx onxnt trt ranntmn, knmu onxen xpannrtcx n cekpere .
Bn|ponanne n emn|pnponanne c ncnontsonannem cnmmerpnunoro anropnrma oosnauaercx kak :
E
K
(M)C
D
K
(C)M
Cnmmerpnunte anropnrmt enxrcx na ne kareropnn . Onn anropnrmt opaartnamr orkptrtn rekcr nonrno
(nnora noanrno), onn nastnamrcx no1oxonmun anropn1uaun nnn no1oxonmun mnqpaun. pyrne paoram c
rpynnamn nron orkptroro rekcra. Ipynnt nron nastnamrcx nokamn, a anropnrmt - nounmun anropn1uaun
nnn nounmun mnqpaun. nx anropnrmon, ncnontsyemtx n komntmrepntx moemax, rnnnuntn pasmep noka
cocrannxer 64 nra - ocrarouno ontmoe snauenne, urot nomemart anannsy, n ocrarouno neontmoe n yonoe
nx paort. (o noxnnennx komntmrepon anropnrmt otuno opaartnann orkptrtn rekcr nocnmnontno . Takon
napnanr moxer paccmarpnnartcx kak norokontn anropnrm, opaartnammnn norok cnmnonon .)
Aueopumm c omrpmmm rumuo
Anropn1um c o1xpm1mu xnmuou (nastnaemte acnmmerpnuntmn anropnrmamn) paspaorant raknm opa-
som, uro knmu, ncnontsyemtn nx mn|ponannx, ornnuaercx or knmua emn|pnponannx . Fonee roro, knmu e-
mn|pnponannx ne moxer trt (no kpannen mepe n reuenne pasymnoro nnrepnana npemenn ) paccunran no knmuy
mn|ponannx. Anropnrmt nastnamrcx "c orkptrtm knmuom", noromy uro knmu mn|ponannx moxer trt orkpt-
rtm: kro yrono moxer ncnontsonart knmu mn|ponannx nx mn|ponannx coomennx, no rontko konkperntn u e-
nonek c coornercrnymmnm knmuom emn|pnponannx moxer pacmn|ponart coomenne. B +rnx cncremax knmu
mn|ponannx uacro nastnaercx o1xpm1mu knmuom, a knmu emn|pnponannx - saxpm1mu. 3akptrtn knmu nno-
ra nastnaercx cekperntm knmuom, no urot ne tno nyrannnt c cnmmerpnuntmn anropnrmamn, +ror repmnn ne
ncnontsyercx n annon knnre. Bn|ponanne c orkptrtm knmuom K oosnauaercx kak:
E
K
(M)C
Xorx orkptrtn n sakptrtn knmun pasnnunt, emn|pnponanne c coornercrnymmnm sakptrtm knmuom o o-
snauaercx kak:
D
K
(C)M
Hnora coomennx mn|pymrcx sakptrtm knmuom, a emn|pnpymrcx orkptrtm, uro ncnontsyercx nx nn |-
ponon nonncn (cm. pasen 2.6). Hecmorpx na nosmoxnym nyrannny +rn onepannn, coornercrnenno, oosnauam r-
cx kak:
E
K
(M)C
D
K
(C)M
Kpunmoauauus
Cmtcn kpnnrorpa|nn - n coxpanennn orkptroro rekcra (nnn knmua, nnn n roro, n pyroro) n ranne or sn o-
ymtmnennnkon (rakxe nastnaemtx nsnommnkamn , conepnnkamn, nparamn, nepexnarunkamn). Hpenonaraercx,
uro snoymtmnennnkn nonnocrtm konrponnpymr nnnnn cnxsn mexy ornpannrenem n nonyuarenem .
Kpnnroananns - +ro nayka nonyuennx orkptroro rekcra, ne nmex knmua . Vcnemno nponeenntn kpnnroananns
moxer packptrt orkptrtn rekcr nnn knmu. On rakxe moxer onapyxnrt cnate mecra n kpnnrocncremax, uro n
konne konnon npnneer k npetymemy pesyntrary . (Packptrne knmua ne kpnnronornuecknmn cnocoamn nas t-
naercx xounpoue1annen.)
Hontrka kpnnroanannsa nastnaercx ncxpm1neu. Ocnonnoe npenonoxenne kpnnroanannsa, nnepnte c|o p-
mynnponannoe n enxrnanarom neke arumanom A. Kepkxo|com ( Dutchman A. Kerckhoffs), icocronr n rom, uro
esonacnocrt nonnocrtm onpeenxercx knmuom |794]. Kepkxo|c npenonaraer, uro y kpnnroanannrnka ecrt no n-
noe onncanne anropnrma n ero peannsannn. (Koneuno xe, y HPV ne n otuae coomart Mocca o cnonx kpnnr o-
rpa|nuecknx anropnrmax, no Mocca nosmoxno nce panno oyer nx .) Xorx n peantnom mnpe kpnnroanannrnkn
ne ncera onaamr noponon nn|opmannen, rakoe npenonoxenne xnnxercx xopomen paouen rnnoreson . Ecnn
npornnnnk ne cmoxer nsnomart anropnrm, axe snax, kak on paoraer, ro rem onee npar ne cmoxer nckptrt a n-
ropnrm es +roro snannx.
Cymecrnyer uertpe ocnonntx rnna kpnnroanannrnueckoro nckptrnx . nx kaxoro ns nnx, koneuno, npeno-
naraercx, uro kpnnroanannrnk onaaer ncen nonnoron snannx o ncnontsyemom anropnrme mn|ponannx :
1. Bcxpm1ne c ncnonnsonanneu 1onnxo mnqpo1exc1a. V kpnnroanannrnka ecrt mn|porekcrt neckont-
knx coomennn, samn|ponanntx onnm n rem xe anropnrmom mn|ponannx . 3aaua kpnnroanannrnka
cocronr n packptrnn orkptroro rekcra kak moxno ontmero uncna coomennn nnn, uro nyume, nonyu e-
nnn knmua (knmuen), ncnontsonannoro nx mn|ponannx coomennn, nx emn|pnponannn pyrnx c o-
omennn, samn|ponanntx remn xe knmuamn.
ano: C
1
E
k
(P
1
), C
2
E
k
(P
2
), . . . C
i
E
k
(P
i
)
Honyunrt: hno P
1
, P
2
, . . . P
i
; k; nno anropnrm, kak nonyuart P
i1
ns C
i1
E
k
(P
i1
)
2. Bcxpm1ne c ncnonnsonanneu o1xpm1oro 1exc1a. V kpnnroanannrnka ecrt ocryn ne rontko k mn|p o-
rekcram neckontknx coomennn, no n k orkptromy rekcry +rnx coomennn . Ero saaua cocronr n nony-
uennn knmua (nnn knmuen), ncnontsonannoro nx mn|ponannx coomennn, nx emn|pnponannn p y-
rnx coomennn, samn|ponanntx rem xe knmuom (knmuamn) .
ano: P
1
, C
1
E
k
(P
1
), P
2
, C
2
E
k
(P
2
), . . . P
i
, C
i
E
k
(P
i
)
Honyunrt: hno k; nno anropnrm, kak nonyuart P
i1
ns C
i1
E
k
(P
i1
)
3. Bcxpm1ne c ncnonnsonanneu nmpannoro o1xpm1oro 1exc1a. V kpnnroanannrnka ne rontko ecrt
ocryn k mn|porekcram n orkptrtm rekcram neckontknx coomennn, no n nosmoxnocrt ntnpart o r-
kptrtn rekcr nx mn|ponannx. 3ro npeocrannxer ontme napnanron uem nckptrne c ncnontsonannem
orkptroro rekcra, rak kak kpnnroanannrnk moxer ntnpart mn|pyemte nokn orkptroro rekcra, uro
moxer art ontme nn|opmannn o knmue. Ero saaua cocronr n nonyuennn knmua (nnn knmuen), n c-
nontsonannoro nx mn|ponannx coomennn, nnn anropnrma, nosnonxmmero emn|pnponart nonte c o-
omennx, samn|ponannte rem xe knmuom (nnn knmuamn) .
ano: P
1
, C
1
E
k
(P
1
), P
2
, C
2
E
k
(P
2
), . . . P
i
, C
i
E
k
(P
i
)
re kpnnroanannrnk moxer ntnpart P
1
, P
2
, . . . P
i
Honyunrt: hno k; nno anropnrm, kak nonyuart P
i1
ns C
i1
E
k
(P
i1
)
4. Aan1nnnoe ncxpm1ne c ncnonnsonanneu o1xpm1oro 1exc1a. 3ro uacrntn cnyuan nckptrnx c nc-
nontsonannem ntpannoro orkptroro rekcra . Kpnnroanannrnk ne rontko moxer ntnpart mn|pyemtn
rekcr, no rakxe moxer crponrt cnon nocneymmnn ntop na ase nonyuenntx pesyntraron
mn|ponannx. Hpn nckptrnn c ncnontsonannem ntpannoro orkptroro rekcra kpnnroanannrnk mor nt-
part nx mn|ponannx rontko onn ontmon nok orkptroro rekcra, npn aanrnnnom nckptrnn c n c-
nontsonannem ntpannoro orkptroro rekcra on moxer ntpart mentmnn nok orkptroro rekcra, sarem
ntpart cneymmnn nok, ncnontsyx pesyntrart nepnoro ntopa n rak anee .
Cymecrnyer no kpannen mepe eme rpn rnna kpnnroanannrnueckon nckptrnx .
5. Bcxpm1ne c ncnonnsonanneu nmpannoro mnqpo1exc1a. Kpnnroanannrnk moxer ntpart pasnnu-
nte mn|porekcrt nx emn|pnponannx n nmeer ocryn k emn|pnponanntm orkptrtm rekcram . Ha-
npnmep, y kpnnroanannrnka ecrt ocryn k "uepnomy xmnky", koroptn ntnonnxer anromarnueckoe e-
mn|pnponanne. Ero saaua cocronr n nonyuennn knmua.
ano: C
1
, P
1
D
k
(C
1
), C
2
, P
2
D
k
(C
2
), . . . C
i
, P
i
D
k
(C
i
)
Honyunrt: k
Takon rnn nckptrnx otuno npnmennm k anropnrmam c orkptrtm knmuom n ocyxaercx n pasene
19.3. Bckptrne c ncnontsonanne ntpannoro mn|porekcra nnora rakxe +||ekrnnno npornn cnmme r-
pnuntx anropnrmon. (Hnora nckptrne c ncnontsonannem ntpannoro orkptroro rekcra n nckptrne c
ncnontsonannem ntpannoro mn|porekcra nmecre nastnamr nckptrnem c ncnontsonannem ntpannoro
rekcra.)
6. Bcxpm1ne c ncnonnsonanneu nmpannoro xnmua. Takon rnn nckptrnx osnauaer ne ro, uro kpnnro a-
nannrnk moxer ntnpart knmu, a uro y nero ecrt nekoropax nn|opmannx o cnxsn mexy pasnnuntmn
knmuamn. 3ror crpanntn, sanyranntn n ne ouent npakrnuntn rnn nckptrnx ocyxaercx n pasene
12.4.
7. Bann1cxnn xpnn1oananns. Kpnnroanannrnk yrpoxaer, manraxnpyer nnn ntraer koro-nnyt, noka
ne nonyunr knmu. Bsxrounnuecrno nnora nastnaercx ncxpm1neu c noxynxon xnmua. 3ro ouent
momnte cnocot nckptrnx, uacro xnnxmmnecx nannyumnm nyrem nsnomart anropnrm .
Bckptrnx c nsnecrntm orkptrtm rekcrom n c ncnontsonannem ntpannoro orkptroro rekcra ncrpeuamrcx
uame, uem moxno noymart. He xnnxercx nenosmoxntm nx kpnnroanannrnka otrt orkptrtn rekcr mn|p o-
nannoro coomennx nnn nokynnrt koro-nnyt, kro samn|pyer ntpannoe coomenne . Moxer n ne norpeo-
nartcx nnkoro nokynart - nepean nnctmo nocny, nt, nosmoxno, onapyxnre, uro nnctmo yer samn|ponano n
ornpanneno n ero crpany nx nsyuennx. Mnorne coomennx nmemr cranaprnte nauano n okonuanne, uro moxer
trt nsnecrno kpnnroanannrnky. Ocoenno yxsnnm mn|ponanntn ncxontn ko ns-sa uacroro ncnontsonannx
knmuentx cnon: #define, struct, else, return. Te xe nponemt n y mn|ponannoro ncnonnnmoro koa : |ynknnn,
nnknnueckne crpykrypt n rak anee. Bckptrnx c nsnecrntm orkptrtm rekcrom (n nckptrnx c ntpanntm mn|-
porekcrom) ycnemno ncnontsonannct n opte c nemnamn n xnonnamn n xoe Bropon mnponon nonnt . Hcropnue-
ckne npnmept nckptrnn rakoro rnna moxno nanrn n knnrax +nna Kana |794,795,796].
H ne satnanre o npenonoxennn Kepkxo|ca : ecnn momt namen nonon kpnnrocncremt onnpaercx na ro, uro
nsnommnk ne snaer, kak paoraer anropnrm, nt nponann . Ecnn nt cunraere, uro xpanenne npnnnnna paort a n-
ropnrma n cekpere nyume samnrnr namy kpnnrocncremy, uem npenoxenne akaemnueckomy coomecrny npoan a-
nnsnponart anropnrm, nt omnaerect. A ecnn nt ymaere, uro kro-ro ne cmoxer esaccemnnponart nam ncxo -
ntn ko n noccranonnrt nam anropnrm, nt nannnt. (B 1994 roy rakoe nponsomno c anropnrmom RC4, cm. pas-
en 17.1.) Hamnmn nyumnmn anropnrmamn xnnxmrcx re, koropte tnn paspaorant orkptro, roamn nsnamtn a-
nnct nyumnmn kpnnrorpa|amn mnpa n nce eme necokpymnmt. (Arenrcrno Hannonantnon Fesonacnocrn xpannr
cnon anropnrmt n cekpere, no y nnx paoramr nyumne kpnnrorpa|t mnpa, a y nac - ner. Kpome roro, onn ocy x-
amr cnon anropnrmt pyr c pyrom, nonaraxct na cnoconocrt ronapnma onapyxnrt nce cnaocrn n cnoen p a-
ore.)
V kpnnroanannrnkon ne ncera ecrt ocryn k anropnrmam (nanpnmep, nckptrne n xoe Bropon mnponon nonnt
Coennenntmn Braramn xnonckoro nnnomarnueckoro koa PURPLE |794]), no uacro onn ero nonyuamr. Ecnn
anropnrm ncnontsyercx n kommepueckon nporpamme esonacnocrn, ro +ro npocro nonpoc npemenn n ener, yac r-
cx nn esaccemnnponart nporpammy n packptrt anropnrm . Ecnn xe anropnrm ncnontsyercx n noennon cncreme
cnxsn, ro +ro npocro nonpoc npemenn n ener kynnrt (nnn ykpacrt) annaparypy n pekoncrpynponart anropnrm .
Te, kro crpemnrcx nonyunrt nepackptnaemtn mn|p, cunrax +ror mn|p rakontm rontko noromy, uro onn camn
ne cmornn ero nsnomart, nno rennn, nno ypakn. K necuacrtm, nocnennx n mnpe ocrarouno mnoro . Ocrepe-
ranrect nmen, pacxnannnammnx naexnocrt cnonx anropnrmon, no orkastnammnxcx nx onynnkonart. on e-
pxrt raknm anropnrmam nentsx.
Xopomne kpnnrorpa|t onnpamrcx na mnenne pyrnx, orenxx xopomne anropnrmt or nnoxnx .
Besonacuocmo aueopumoe
Pasnnunte anropnrmt npeocrannxmr pasnnunte crenenn esonacnocrn n sanncnmocrn or roro, nackontko
rpyno nsnomart anropnrm. Ecnn cronmocrt nsnoma anropnrma ntme, uem cronmocrt samn|ponanntx anntx,
nt, ckopee ncero, n esonacnocrn. Ecnn npemx nsnoma anropnrma ontme, uem npemx, n reuenne koroporo samn |-
ponannte annte onxnt coxpanxrtcx n cekpere, ro nt rakxe, ckopee ncero, n esonacnocrn . Ecnn oem an-
ntx, samn|ponanntx onnm knmuom, mentme, uem oem anntx, neoxonmtn nx nsnoma anropnrma, n rora
nt, ckopee ncero, n esonacnocrn.
ronopm "ckopee ncero", noromy uro cymecrnyer nepoxrnocrt nontx npoptnon n kpnnroanannse . C pyron
cropont, snaunmocrt ontmnncrna anntx naaer co npemenem . Baxno, urot snaunmocrt anntx ncera ocr a-
nanact mentme, uem cronmocrt nsnoma cncremt esonacnocrn, samnmammen annte .
hapc Knycen (Lars Knudsen) pasnn nckptrnx anropnrmon no cneymmnm kareropnxm, npnneenntm n n o-
pxke ytnannx snaunmocrn |858]:
1. Honnoe ncxpm1ne. Kpnnroanannrnk nonyunn knmu, K, rakon, uro D
K
(C) P.
2. Inoannnau eyxnnu. Kpnnroanannrnk nonyunn antrepnarnnntn anropnrm, A, +knnnanenrntn D
K
(C)
es snannx K.
3. Mec1nau (nnn noxannnau) eyxnnu. Kpnnroanannrnk nonyunn orkptrtn rekcr nx nepexnauennoro
mn|porekcra.
4. Hnqopuannonnau eyxnnu. Kpnnroanannrnk nonyunn nekoropym nn|opmannm o knmue nnn orkp t-
rom rekcre. Takon nn|opmannen moryr trt neckontko nr knmua, cneennx o |opme orkptroro rekcra
n rak anee.
Anropnrm xnnxercx esycnonno esonacnmu, ecnn, nesanncnmo or oema mn|porekcron y kpnnroanannrnka,
nn|opmannn nx nonyuennx orkptroro rekcra neocrarouno . Ho cyrn, rontko mn|ponanne onopasontmn nok-
noramn (cm. pasen 1.5) nenosmoxno nckptrt npn eckoneuntx pecypcax . Bce ocrantnte kpnnrocncremt no-
nepxent nckptrnm c ncnontsonannem rontko mn|porekcra npocrtm nepeopom nosmoxntx knmuen n npone p-
kon ocmtcnennocrn nonyuennoro orkptroro rekcra . 3ro nastnaercx nckptrnem rpyon cnnon (cm. pasen 7.1).
Kpnnrorpa|nx ontme nnrepecyercx kpnnrocncremamn, koropte rxxeno nsnomart ntuncnnrentntm cnocoom .
Anropnrm cunraercx nmuncnn1ennno esonacnmu (nnn, kak nnora nastnamr, cnntntm), ecnn on ne moxer
trt nsnoman c ncnontsonannem ocrynntx pecypcon cenuac nnn n yymem . Tepmnn "ocrynnte pecypct" xnnx-
ercx ocrarouno pacnntnuartm. Cnoxnocrt nckptrnx moxno nsmepnrt (cm pasen 11.1) pasnnuntmn cnoco amn:
1. Cnoanoc1n annmx. Oem anntx, ncnontsyemtx na nxoe onepannn nckptrnx .
2. Cnoanoc1n opao1xn. Bpemx, nyxnoe nx nponeennx nckptrnx. uacro nastnaercx xo+qqnnnen1ou
pao1m.
3. Tpeonannu x nauu1n. Oem namxrn, neoxonmtn nx nckptrnx .
B kauecrne +mnnpnueckoro meroa cnoxnocrt nckptrnx onpeenxercx no makcnmantnomy ns +rnx rpex ko+|| n-
nnenron. Px onepannn nckptrnx npenonaramr nsanmocnxst ko+||nnnenron : onee tcrpoe nckptrne nosmoxno
sa cuer ynennuennx rpeonannn k namxrn.
Cnoxnocrt ntpaxaercx nopxkom nennunnt. Ecnn cnoxnocrt opaorkn nx annoro anropnrma cocrannxer
2
128
, ro 2
128
onepannn rpeyercx nx nckptrnx anropnrma . (3rn onepannn moryr trt cnoxntmn n nnrentntmn .)
Tak, ecnn npenonaraercx, uro namn ntuncnnrentnte momnocrn cnocont ntnonnxrt mnnnnon onepannn n c e-
kyny, n nt ncnontsyere nx pemennx saaun mnnnnon napannentntx nponeccopon, nonyuenne knmua sanmer y
nac cntme 10
19
ner, uro n mnnnnap pas npentmaer npemx cymecrnonannx ncenennon .
B ro npemx, kak cnoxnocrt nckptrnx ocraercx nocroxnnon (noka kakon-nnyt kpnnroanannrnk ne npnymaer
nyumero cnocoa nckptrnx), momt komntmrepon pacrer . 3a nocnenne nonneka ntuncnnrentnte momnocrn |e-
nomenantno ntpocnn, n ner nnkaknx npnunn noospenart, uro +ra renennnx ne yer npoonxena . Mnorne kpnn-
rorpa|nueckne nsnomt npnront nx napannentntx komntmrepon: saaua pasnnaercx na mnnnnapt manentknx
kycoukon, pemenne koroptx ne rpeyer mexnponeccopnoro nsanmoencrnnx . Oxnnenne anropnrma esonacntm
npocro noromy, uro ero nenerko nsnomart, ncnontsyx conpemennym rexnnky, n nyumem cnyuae nenaexno. Xop o-
mne kpnnrocncremt npoekrnpymrcx ycronunntmn k nsnomy c yuerom pasnnrnx ntuncnnrentntx cpecrn na mnoro
ner nnepe.
Hcmopuuecrue mepuum
Hcropnueckn repmnn ko ornocnrcx k kpnnrocncreme, cnxsannon c nnnrnncrnuecknmn ennnnamn: cnonamn,
|pasamn, npenoxennxmn n rak anee. Hanpnmep, cnono "OHEhOT" moxer konponart nenym |pasy "HOBOPOT
HAhEBO HA 90 IPAVCOB", cnono "hEEHEH" - |pasy "HOBOPOT HAHPABO HA 90 IPAVCOB", a cnona
"HOCTABI VXO" moryr konponart cnono "IAVFHHA". Kot rakoro rnna ne paccmarpnnamrcx n annon kn n-
re, cm. |794,795]. Kot nonesnt rontko npn onpeenenntx ocroxrentcrnax . Ecnn y nac ner koa nx
"MVPABIEI", nt ne cmoxere nepeart +ro nonxrne. A ncnontsyx mn|p moxno ckasart nce.
1.2 C1eranorpaqnn
C1eranorpaqnu cnyxnr nx nepeaun cekperon n pyrnx coomennxx, rak uro cnpxrano camo cymecrnonanne
cekpera. Kak npannno ornpannrent nnmer kakoe-nnyt nenpnmernoe coomenne, a sarem npxuer cekpernoe coo -
menne na rom xe nncre ymarn. Hcropnueckne npnemt nknmuamr nennnmte uepnnna, nennnmte npocromy rn a-
sy nomerkn y ykn, nnoxo samernte ornnunx n nanncannn ykn, nomerkn kapanamom mamnnonncntx cnmnonon,
pemerkn, nokptnammne ontmym uacrt coomennx kpome neckontknx cnmnonon n romy noonoe.
Fnnxe k ceronxmnemy nm nmn nauann npxrart cekpert n rpa|nuecknx nsopaxennxx, samenxx mnamnn
snauamnn nr nsopaxennx nrom coomennx. Ipa|nueckoe nsopaxenne npn +rom menxnoct concem nesamerno -
ontmnncrno rpa|nuecknx cranapron onpeenxmr ontme nnerontx rpaannn, uem cnocoen pasnnunrt uenon e-
uecknn rnas - n coomenne nsnnekanoct na npornnononoxnom konne . Tak n uepno-enon kaprnnke 1024x1024 nnk-
cena moxno cnpxrart moxno cnpxrart coomenne n 64 Kanr . Mnorne omeocrynnte nporpammt moryr npoe-
ntnart noontn |okyc.
Hun1annonnme qynxnnn Hnrepa V+nnepa (Peter Wayner) macknpymr coomennx. 3rn |ynknnn nsmenxmr
coomenne rak, uro ero crarncrnuecknn npo|nnt cranonnrcx noxoxnm na uro-nnyt eme: pasen The New York
Times, a ntecy Bekcnnpa nnn renekon|epennnm n Internet |1584,1585]. 3ror rnn creranorpa|nn ne oypaunr ue-
noneka, no moxer omanyrt ontmon komntmrep, nmymnn nyxnym nn|opmannm n Internet.
1.3 Dopc1anonounme n nepec1anonounme mnqpm
o noxnnennx komntmrepon kpnnrorpa|nx cocroxna ns anropnrmon na cnmnontnon ocnone . Pasnnunte kpnnro-
rpa|nueckne anropnrmt nno samenxnn onn cnmnont pyrnmn, nno nepecrannxnn cnmnont. hyumne anropnrmt
enann n ro, n pyroe, n no mnoro pas.
Ceronx nce snaunrentno cnoxnee, no |nnoco|nx ocraercx npexnen. Hepnoe nsmenenne saknmuaercx n rom,
uro anropnrmt crann paorart c nramn, a ne cnmnonamn. 3ro naxno xorx t c roukn spennx pasmepa an|annra -
c 26 +nemenron o nyx. Fontmnncrno xopomnx kpnnrorpa|nuecknx anropnrmon o cnx nop komnnnpyer nocr a-
nonkn n nepecranonkn.
Hocmauoeouume uuqpm
Hoc1anonounmu mnqpou nastnaercx mn|p, koroptn kaxtn cnmnon orkptroro rekcra n mn|porekcre s a-
menxer pyrnm cnmnonom. Honyuarent nnneprnpyer nocranonky mn|porekcra, noccranannnnax orkptrtn rekcr .
B knaccnueckon kpnnrorpa|nn cymecrnyer uertpe rnna nocranonountx mn|pon :
Hpoc1on noc1anonounmn mnqp, nnn uonoanqann1nmn mnqp, - +ro mn|p, koroptn kaxtn cnmnon
orkptroro rekcra samenxer coornercrnymmnm cnmnonom mn|porekcra . Hpocrtmn nocranonountmn mn|-
pamn xnnxmrcx kpnnrorpammt n raserax.
Onosnyunmn noc1anonounmn mnqp noxox na npocrym nocranonounym kpnnrocncremy sa ncknmu e-
nnem roro, uro onn cnmnon orkptroro rekcra oropaxaercx na neckontko cnmnonon mn|porekcra . Hanpn-
mep, "A" moxer coornercrnonart 5, 13, 25 nnn 56, "B" - 7, 19, 31 nnn 42 n rak anee.
Honnrpaunmn noc1anonounmn mnqp - +ro mn|p, koroptn nokn cnmnonon mn|pyer no rpynnam . Ha-
npnmep, "ABA" moxer coornercrnonart "RTQ", "ABB" moxer coornercrnonart "SLL" n rak anee.
Honnanqann1nmn noc1anonounmn mnqp cocronr ns neckontknx npocrtx nocranonountx mn|pon .
Hanpnmep, moryr trt ncnontsonant nxrt pasnnuntx npocrtx nocranonountx |nntrpon ; kaxtn cnm-
non orkptroro rekcra samenxercx c ncnontsonannem onoro konkpernoro mn|pa .
3namennrtn mnqp Hesapu, n koropom kaxtn cnmnon orkptroro rekcra samenxercx cnmnonom, naxoxmer o-
cx rpemx cnmnonamn npanee no moynm 26 ("A" samenxercx na "D," "B" - na "E", ... "W" - na " Z ", "X" - na "A",
"Y" - na "B", "Z" - na "C"), npecrannxer coon npocron nocranonountn |nntrp . On encrnnrentno ouent npocr,
rak kak an|annr mn|porekcra npecrannxer coon cmemenntn, a ne cnyuanno pacnpeenenntn an|annr orkptr o-
ro rekcra.
ROTI3 - +ro npocrax mn|ponantnax nporpamma, otuno nocrannxemax c cncremamn UNIX. Ona rakxe xnnxer-
cx npocrtm nocranonountm mn|pom. B +rom mn|pe "A" samenxercx na "N," "B" - na "O" n rak anee. Kaxax
ykna cmemaercx na 13 mecr. Bn|ponanne |anna nporpammon ROTI3 naxt noccranannnnaer nepnonauantntn
|ann.
P ROT13 (ROT13 (P))
ROTI3 ne ncnontsyercx nx esonacnocrn, ona uacro npnmenxercx n noure, sakptnax norennnantno nenpnx r-
ntn rekcr, pemenne ronononomkn n romy noonoe .
Hpocrte nocranonounte mn|pt nerko packptnamrcx, rak kak mn|p ne npxuer uacrort ncnontsonannx pa s-
nnuntx cnmnonon n orkptrom rekcre. urot noccranonnrt orkptrtn rekcr, xopomemy kpnnroanannrnky rpeye r-
cx rontko snart 26 cnmnonon anrnnnckoro an|annra |1434]. Anropnrm nckptrnx raknx mn|pon moxno nanrn n
|578, 587, 1600, 78, 1475, 1236, 880]. Xopomnn komntmrepntn anropnrm npnneen n |703].
Onosnyunte nocranonounte mn|pt ncnontsonannct yxe n 1401 roy n repnorcrne Manrya |794]. Onn onee
cnoxnt nx nckptrnx, uem npocrte nocranonounte mn|pt, xorx n onn ne ckptnamr ncex crarncrnuecknx
cnoncrn xstka orkptroro rekcra. Hpn nomomn nckptrnx c nsnecrntm orkptrtm rekcrom +rn mn|pt packptn a-
mrcx rpnnnantno. Bckptrne c ncnontsonannem rontko mn|porekcra onee rpyoemko, no n ono sannmaer na ko m-
ntmrepe nnmt neckontko cekyn. Hoponocrn npnneent n |1261].
Honnrpamnte nocranonounte mn|pt - +ro mn|pt, koropte konpymr cpasy rpynnt cnmnonon . Bn|p Play-
fair ("uecrnax nrpa"), nsoperenntn n 1854 roy, ncnontsonancx anrnnuanamn n Hepnon mnponon nonne |794]. On
mn|pyer napt cnmnonon, n ero kpnnroananns ocyxaercx n |587,1475,880]. pyrnm npnmepom nonnrpamnoro
nocranonounoro mn|pa xnnxercx mn|p Xnnna ( Hill) |732]. Hnora moxno nnert kak nmecro mn|pa ncnontsye r-
cx konponanne no Xa||many (Huffman), +ro neesonacntn nonnrpamntn nocranonountn mn|p .
Honnan|annrnte nocranonounte mn|pt tnn nsoperent hnnom Farrncron ( Lean Battista) n 1568 roy
|794]. Onn ncnontsonannct apmnen Coennenntx Braron n xoe Ipaxanckon nonnt n Amepnke . Hecmorpx na
ro, uro onn nerko moryr trt nsnomant |819, 577, 587, 794] (ocoenno c nomomtm komntmrepon), mnorne kom-
mepueckne npoykrt komntmrepnon esonacnocrn ncnontsymr rakne mn|pt |1387,1390, 1502]. (Hoponocrn
roro, kak nckptrt +ry cxemy mn|ponannx, ncnontsyemym nporpammon WordPerfect, moxno nanrn n |135,139].)
Bn|p Bnrenepa (Vigenere), nnepnte onynnkonanntn n 1586 roy, n mn|p Fo|opa (Beaufort) rakxe xnnxmrcx
npnmepamn nonnan|annrntx nocranonountx mn|pon.
V nonnan|annrntx nocranonountx mn|pon mnoxecrnennte onoyknennte knmun, kaxtn ns koroptx n c-
nontsyercx nx mn|ponannx onoro cnmnona orkptroro rekcra . Hepntm knmuom mn|pyercx nepntn cnmnon or-
kptroro rekcra, nroptm knmuom - nropon cnmnon, n rak anee . Hocne ncnontsonannx ncex knmuen onn nonropx-
mrcx nnknnueckn. Ecnn npnmenxercx 20 onoyknenntx knmuen, ro kaxax nanarax ykna mn|pyercx rem xe
knmuom. 3ror napamerp nastnaercx nepnoou mn|pa. B knaccnueckon kpnnrorpa|nn mn|pt c nnnntm nepno-
om tno rpynee packptrt, uem mn|pt c koporknm nepnoom. Hcnontsonanne komntmrepon nosnonxer nerko
packptrt nocranonounte mn|pt c ouent nnnntm nepnoom.
Hnqp c erymnu xnmuou (nnora nastnaemtn knnxntm mn|pom), ncnontsymmnn onn rekcr nx mn|p o-
nannx pyroro rekcra, npecrannxer coon pyron npnmep noonoro mn|pa . H xorx nepno +roro mn|pa panen
nnne rekcra, on rakxe moxer trt nerko nsnoman |576,794].
Hepecmauoeouume uuqpm
B nepec1anonounou mnqpe menxercx ne orkptrtn rekcr, a nopxok cnmnonon. B npoc1ou c1onnonou ne-
pec1anonounou mnqpe orkptrtn rekcr nnmercx ropnsonrantno na pasrpa|nennom nncre ymarn |nkcnpona n-
non mnpnnt, a mn|porekcr cunrtnaercx no neprnkann (cm. -3-n). emn|pnponanne npecrannxer coon sannct
mn|porekcra neprnkantno na nncre pasrpa|nennon ymarn |nkcnponannon mnpnnt n sarem cunrtnanne orkp t-
roro rekcra ropnsonrantno.
Kpnnroananns +rnx mn|pon ocyxaercx n |587,1475]. Tak kak cnmnont mn|porekcra re xe, uro n n orkp t-
rom rekcre, uacrorntn ananns mn|porekcra nokaxer, uro kaxax ykna ncrpeuaercx npnnnsnrentno c ron xe
uacroron, uro n otuno. 3ro acr kpnnroanannrnky nosmoxnocrt npnmennrt pasnnunte merot, onpeenxx np a-
nnntntn nopxok cnmnonon nx nonyuennx orkptroro rekcra . Hpnmenenne k mn|porekcry nroporo nepecranono u-
noro |nntrpa snaunrentno nontcnr esonacnocrt . Cymecrnymr n eme onee cnoxnte nepecranonounte |nntrpt,
no komntmrept moryr packptrt nourn nce ns nnx .
Hemenknn mn|p ADECVX, ncnontsonanntn n xoe Hepnon mnponon nonnt, npecrannxn coon nepecrano-
nountn |nntrp n couerannn c npocron nocranonkon . 3ror nx cnoero npemenn ouent cnoxntn anropnrm tn
packptr +opxem Henn+nom (Georges Painvin), |pannyscknm kpnnroanannrnkom |794].
Xorx mnorne conpemennte anropnrmt ncnontsymr nepecranonky, c +rnm cnxsana nponema ncnontsonannx
ontmoro oema namxrn, a rakxe nnora rpeyercx paora c coomennxmn onpeenennoro pasmepa . Hocranonka
onee otuna.
Pomopume auuum
B 1920-x roax nx anromarnsannn nponecca mn|ponannx tnn nsoperent pasnnunte mexannueckne ycrpo n-
crna. Fontmnncrno ncnontsonano nonxrne po1opa, mexannueckoro koneca, ncnontsyemoro nx ntnonnennx no -
cranonkn.
Po1opnau uamnna, nknmuammax knannarypy n naop poropon, peannsyer napnanr mn|pa Bnrenepa. Kaxtn
porop npecrannxer coon nponsnontnoe pasmemenne an|annra, nmeer 26 nosnnnn n ntnonnxer npocrym nocr a-
nonky. Hanpnmep, porop moxer trt ncnontsonan nx sament "A" na " E", "B" na "U", "C'' na "I" n rak anee. Bt-
xonte mrtpn onoro poropa coennent c nxontmn mrtpxmn cneymmero poropa.
OfkpLfL fekcf:COMPUTER GRAPHICS MAY BE SLOW BUT AT LEAST IT'S EXPENSIVE.
COMPUTERGR
APHICSMAYB
ESLOWBUTAT
LEASTITSEX
PENSIVE
Luqpofekcf:CAELP OPSEE MHLAN PIOSS UCWTI TCBIV EMUTE RATSG YAERB TX
Pnc. 1-4. C1onnonmn nepec1anonounmn qnnn1p.
Hanpnmep, n uertpexporopnon mamnne nepntn porop moxer samenxrt "A" na " E", nropon - "E" na "Y", rpernn
- "Y" na "E" n uerneprtn - "E" na "C", "C" n yer koneuntm mn|porekcrom. 3arem nekoropte poropt cmema-
mrcx, n n cneymmnn pas nocranonkn yyr pyrnmn .
Hmenno komnnannx neckontknx poropon n mexannsmon, nnxymnx poropamn, n oecneunnaer esonacnocrt
mamnnt. Tak kak poropt npamamrcx c pasnnunon ckopocrtm, nepno nx n-poropnon mamnnt panen 26
n
. Heko-
ropte poropnte mamnnt rakxe moryr nmert pasnnunte nonoxennx nx kaxoro poropa, uro enaer kpnnroan a-
nns eme onee eccmtcnenntm.
Camtm nsnecrntm poropntm ycrponcrno xnnxercx 3nnrma ( Enigma). 3nnrma ncnontsonanact nemnamn no
Bropon mnponon nonne. Cama nex npnmna n ronony Aprypy Bepnycy ( Arthur Scherbius) n Apnny Iepxapy
ammy (Arvid Gerhard Damm) n Enpone. B Coennenntx Brarax ona tna sanarenronana Aprypom Bepnycom
|1383]. Hemnt snaunrentno yconepmencrnonann asontn npoekr nx ncnontsonannx no npemx nonnt .
V nemenkon 3nnrmt tno rpn poropa, korpote moxno tno ntpart ns nxrn nosmoxntx, kommyrarop, kor o-
ptn cnerka raconan orkptrtn rekcr, n orpaxammnn porop, koroptn sacrannxn kaxtn porop opaartnart o r-
kptrtn rekcr kaxoro nnctma naxt. Hecmorpx na cnoxnocrt 3nnrmt, ona tna nsnomana n reuenne Bropon
mnponon nonnt. Cnauana rpynna nontcknx kpnnrorpa|on nsnomana nemenkym 3nnrmy n oxcnnna packptrtn
anropnrm anrnnuanam. B xoe nonnt nemnt mon|nnnponann 3nnrmy , a anrnnuane npoonxann kpnnroananns
nontx nepcnn. Oxcnenne paort poropntx mn|pon n cnocoon nx packptrnx moxno nanrn n |794, 86, 448,
498, 446, 880, 1315, 1587, 690]. B nyx cneymmnx oruerax ynnekarentno pacckastnaercx o nsnome 3nnrmt |735,
796].
ua auoueueeo umeuua
annax knnra ne xnnxercx knnron no knaccnueckon kpnnrorpa|nn, no+romy anee x ne yy nopono ocrana n-
nnnartcx na +rnx npemerax. Hpekpacntmn knnramn no okomntmrepnon kpnnronornn xnnxmrcx |587, 1475].
|448] coepxnr conpemenntn kpnnroananns mn|ponantntx mamnn . oporn ennnnr (Dorothy Denning) paccmar-
pnnaer mnorne ns +rnx mn|pon n |456], a |880] coepxnr ecnpncrpacrntn cnoxntn maremarnuecknn ananns rex
xe camtx mn|pon. pyrnm onncannem crapon kpnnrorpa|nn, onnctnammnm ananoronym kpnnrorpa|nm, xnnxe r-
cx |99]. Hpekpacntn osop ntnonnen n crarte |579]. Bennkonennt rakxe knnrn no ncropnueckon kpnnrorpa|nn
+nna Kana |794, 795, 796].
1.4 Dpoc1oe XOR
XOR npecrannxer coon onepannm "ncknmuammee nnn" : n xstke C nnn Q n maremarnueckon norannn. 3ro
otunax onepannx na nramn:
0 0 0
0 1 1
1 0 1
1 1 0
Takxe samernm, uro:
a a 0
a b b a
Kasanoct t, sanyranntn anropnrm npocroro XOR no cyrn xnnxercx nnuem nntm, kak nonnan|annrntm mn |-
pom Bnrenepa. 3ect on ynomnnaercx rontko ns-sa pacnpocrpanennocrn n kommepuecknx nporpammntx npoykrax,
no kpannen mepe n mnpe MS-DOS n Macintosh |1502, 1387]. K coxanennm, ecnn o nporpamme komntmrepnon
esonacnocrn saxnnxercx, uro +ro "narenronanntn" anropnrm mn|ponannx, snaunrentno onee tcrptn, uem
DES, ro ckopee ncero ncnontsyercx kakon-ro napnanr cneymmero .
/* Ucnonssosanwe: crypto key input_file output_file */
void main (int argc, char *argv[])
{
FILE *fl, *fo;
char *cp;
int c;
if ((cp = argv[l]) && *cp!= '\0') {
if ((fi = fopen(argvl[2], "rb")) != NULL) {
if ((fo = fopen(argv[3], "wb")) != NULL) {
while ((c = getc(fi)) != EOF) {
if (!*cp) cp = argv[1];
c^= *(cp++);
putc(c,fo);
}
fclose(fo);
}
fclose(fi);
}
}
}
3ro cnmmerpnuntn anropnrm. Orkptrtn rekcr nonepraercx onepannn "ncknmuammee nnn" nmecre c knmu e-
ntm rekcrom nx nonyuennx mn|porekcra. Tak kak nonropnoe npnmenenne onepannn XOR noccranannnnaer opn-
rnnan nx mn|ponannx n emn|pnponannx ncnontsyercx ona n ra xe nporpamma :
P K C
C K P
Hacroxmen esonacnocrn sect nnkora ne tno. 3ror rnn mn|ponannx nerko nckptnaercx, axe es komnt m-
repa |587, 1475]. Ero nsnom na komntmrepe sannmaer neckontko cekyn .
Hpenonoxnm, uro orkptrtn rekcr ncnontsyer anrnnncknn xstk. Fonee roro, nycrt nnna knmua nmoe n e-
ontmoe uncno anr. Hnxe onncano, kak nsnomart +ror mn|p:
1. Onpeennm nnny knmua c nomomtm nponeypt, nsnecrnon kak nocue1 connaennn |577]. Hpnmennm
onepannm XOR k mn|porekcry, ncnontsyx n kauecrne knmua cam mn|porekcr c pasnnuntmn cmem e-
nnxmn, n nocunraem connaammne anrt. Ecnn nennunna cmemennx kparna nnne knmua, ro connaer
cntme 6 nponenron anron. Ecnn ner, ro yyr connaart mentme uem 0.4 nponenra (cunrax, uro otu-
ntn ASCII rekcr konpyercx cnyuanntm knmuom, nx pyrnx rnnon orkptrtx rekcron uncna yyr p y-
rnmn). 3ro nastnaercx noxasa1eneu connaennn. Mnnnmantnoe cmemenne or onoro snauennx, kpa r-
noro nnne knmua, k pyromy n ecrt nnna knmua .
2. Cmecrnm mn|porekcr na +ry nnny n nponeem onepannm XOR nx cmemennoro n opnrnnantnoro mn|-
porekcron. Pesyntrarom onepannn yer yanennx knmua n nonyuenne orkptroro rekcra, noneprnyroro
onepannn XOR c camnm coon, cmemenntm na nnny knmua . Tak kak n anrnnnckom xstke na onn anr
npnxonrcx 1.3 nra encrnnrentnon nn|opmannn (cm pasen 11.1), cymecrnymmax snaunrentnax nst-
rounocrt nosnonxer onpeennrt cnoco mn|ponannx .
Hecmorpx na +ro, konnuecrno nocranmnkon nporpammnoro oecneuennx, nanxstnammnx +ror nrpymeuntn a n-
ropnrm n kauecrne "nourn rakoro xe esonacnoro kak DES", nneuarnxer |1387]. Hmenno +ror anropnrm (c
160-nrntm nonropxmmnmcx "knmuom") NSA n konne konnon paspemnno ncnontsonart n nn|pontx rene|onntx
corontx cerxx nx sakptrnx ronoca. XOR moxer samnrnrt namn |annt or mnamen cecrpt, no nacroxmero
kpnnroanannrnka saepxnr nnmt na cunrannte cekynt.
1.5 Opnopasonme nokno1m
Honepnre nnn ner, no neantntn cnoco mn|ponannx cymecrnyer. On nastnaercx onopasonmu noxno1ou n
tn nsoperen n 1917 roy M+nxopom xose|om Moopnom ( Major Joseph Mauborgne) n Inneprom Bepnamom
(Gilbert Vernam) ns AT&T |794]. (uakrnueckn onopasontn noknor npecrannxer coon ocotn cnyuan nopor o-
non cxemt, cm. pasen 3.7.) B knaccnueckom nonnmannn onopasontn noknor xnnxercx ontmon nenonropxm-
mencx nocneonarentnocrtm cnmnonon knmua, pacnpeenenntx cnyuanntm opasom, nanncanntx na kycoukax
ymarn n npnkneenntx k nncry noknora. Hepnonauantno +ro tna onopasonax nenra nx renerannon . Ornpann-
rent ncnontsonan kaxtn cnmnon knmua noknora nx mn|ponannx rontko onoro cnmnona orkptroro rekcra .
Bn|ponanne npecrannxer coon cnoxenne no moynm 26 cnmnona orkptroro rekcra n cnmnona knmua ns on o-
pasonoro noknora.
Kaxtn cnmnon knmua ncnontsyercx rontko ennoxt n nx enncrnennoro coomennx . Ornpannrent mn|py-
er coomennx n ynnuroxaer ncnontsonannte crpannnt noknora nnn ncnontsonannym uacrt nenrt . Honyuarent,
n cnom ouepet, ncnontsyx rouno rakon xe noknor, emn|pnpyer kaxtn cnmnon mn|porekcra . Pacmn|ponan
coomenne, nonyuarent ynnuroxaer coornercrnymmne crpannnt noknora nnn uacrt nenrt . Honoe coomenne -
nonte cnmnont knmua. Hanpnmep, ecnn coomennem xnnxercx:
ONETIMEPAD
a knmuenax nocneonarentnocrt n noknore:
TBERGEAREM
ro mn|porekcr yer ntrnxert kak:
IPKLPSEHGQ
rak kak
Q T mod 26 I
N B mod 26 P
E E mod 26 K
n r..
B npenonoxennn, uro snoymtmnennnk ne cmoxer nonyunrt ocryn k onopasonomy noknory, ncnontsona n-
nomy nx mn|ponannx coomennx, +ra cxema conepmenno esonacna. annoe mn|ponannoe coomenne na nn
coornercrnyer nmomy orkptromy coomennm roro xe pasmepa.
Tak kak nce knmuente nocneonarentnocrn conepmenno onnakont (nomnnre, cnmnont knmua renepnpymrcx
cnyuanntm opasom), y npornnnnka orcyrcrnyer nn|opmannx, nosnonxmmax noneprnyrt mn|porekcr kpnnroan a-
nnsy. Kycouek mn|porekcra moxer trt noxox na :
POYYAEAAZX
uro emn|pnpyercx kak:
SALMONEGGS
nnn na:
BXEGBMTMXM
uro emn|pnpyercx kak:
GREENELUID
Honropm eme pas: rak kak nce orkptrte rekcrt pannonepoxrnt, y kpnnroanannrnka ner nosmoxnocrn onpee-
nnrt, kakon ns orkptrtx rekcron xnnxercx npannntntm. Cnyuannax knmuenax nocneonarentnocrt, cnoxennax c
necnyuanntm orkptrtm rekcrom, aer conepmenno cnyuanntn mn|porekcr, n nnkakne ntuncnnrentnte momn o-
crn ne cmoryr +ro nsmennrt.
Heoxonmo nanomnnrt, uro cnmnont knmua onxnt renepnponartcx cnyuanntm opasom . hmte nontrkn
nckptrt rakym cxemy cranknnamrcx co cnocoom, koroptm cosaercx nocneonarentnocrt cnmnonon knmua . Hc-
nontsonanne reneparopon ncenocnyuanntx uncen ne cunraercx, y nnx ncera necnyuannte cnoncrna . Ecnn nt
ncnontsyere encrnnrentno cnyuanntn ncrounnk - +ro namnoro rpynee, uem kaxercx na nepntn nsrnx, cm. pa s-
en 17.14 - +ro conepmenno esonacno.
pyron naxntn momenr: knmuenym nocneonarentnocrt nnkora nentsx ncnontsonart nropon pas. axe ecnn
nt ncnontsyere noknor pasmepom n neckontko rnraanr, ro ecnn kpnnroanannrnk nonyunr neckontko rekcron c
nepekptnammnmncx knmuamn, on cmoxer noccranonnrt orkptrtn rekcr . On cnnner kaxym napy mn|porekcron
ornocnrentno pyr pyra n nocunraer uncno connaennn n kaxon nosnnnn. Ecnn mn|porekcrt cmement np a-
nnntno, coornomenne connaennn pesko nospacrer - rounoe snauenne sanncnr or xstka orkptroro rekcra . C +ron
roukn spennx kpnnroananns ne npecrannxer rpya . 3ro noxoxe na nokasarent connaennn, no cpannnnamrcx na
pasnnuntx "nepnoa" |904]. He ncnontsynre knmuenym nocneonarentnocrt nonropno .
Hex onopasonoro noknora nerko pacmnpxercx na nonunte annte. Bmecro onopasonoro noknora, c o-
croxmero ns ykn, ncnontsyercx onopasontn noknor ns nron . Bmecro cnoxennx orkptroro rekcra c knmuom
onopasonoro noknora ncnontsynre XOR. nx emn|pnponannx npnmennre XOR k mn|porekcry c rem xe ono-
pasontm noknorom. Bce ocrantnoe ne menxercx, n esonacnocrt ocraercx rakon xe conepmennon .
Bce +ro xopomo, no cymecrnyer neckontko nponem. Tak kak knmuente nrt onxnt trt cnyuanntmn n ne
moryr ncnontsonartcx cnona, nnna knmuenon nocneonarentnocrn onxna pannxrtcx nnne coomennx . Onopa-
sontn noknor yoen nx neckontknx neontmnx coomennn, no ero nentsx ncnontsonart nx paort no kanany
cnxsn c nponycknon cnoconocrtm 1.544 Mnr/c. Bt moxere xpannrt 650 Manr cnyuanntx anntx na CD-ROM,
no n ryr ecrt nponemt. Bo nepntx, nam nyxno rontko ne konnn cnyuanntx nron, no CD-ROM +konomnunt
rontko npn ontmnx rnpaxax. H no nroptx, nam nyxno ynnuroxart ncnontsonannte nrt. nx CD-ROM ner
pyron nosmoxnocrn yannrt nn|opmannm kpome kak |nsnueckn paspymnrt nect nck . Iopaso ontme noxonr
nn|ponax nenra.
axe ecnn nponemt pacnpeenennx n xpanennx knmuen pement, nam npnercx rouno cnnxponnsnponart p a-
ory ornpannrenx n nonyuarenx. Ecnn nonyuarent nponycrnr nr (nnn neckontko nr nponayr npn nepeaue),
coomenne norepxer ncxknn cmtcn. C pyron cropont, ecnn neckontko nr nsmenxrcx npn nepeaue (n nn onn
nr ne yer yanen nnn oannen - uro ropaso ontme noxoxe na nnnxnne cnyuannoro myma ), ro nnmt +rn nrt
yyr pacmn|ponant nenpannntno. Ho onopasontn noknor ne oecneunnaer nponepky nonnnnocrn .
Onopasonte noknort ncnontsymrcx n ceronx, rnanntm opasom nx cnepxcekperntx kananon cnxsn c nn s-
kon nponycknon cnoconocrtm. Ho cnyxam "ropxuax nnnnx" mexy Coennenntmn Braramn n tnmnm Cone r-
cknm Comsom (a encrnyer nn ona cenuac?) mn|pyercx c nomomtm onopasonoro noknora . Mnorne coomennx
conercknx mnnonon samn|ponant c ncnontsonannem onopasontx noknoron . 3rn coomennx nepackptrt cero-
nx n nancera ocranyrcx nepackptrtmn. Ha +ror |akr ne nonnnxer npemx paort cynepkomntmrepon na +ron
nponemon. axe kora nparn ns cosnesnx Anpomet npnsemnxr cnon rxxente kopann c komntmrepamn n e-
mtcnnmon momnocrn, n onn ne cmoryr npouecrt coomennx conercknx mnnonon, samn|ponannte c nomomtm o -
nopasontx (ecnn, koneuno, onn ne cmoryr nepnyrtcx n npomnoe n otrt nyxnte onopasonte noknort ).
1.6 Kounum1epnme anropn1um
Cymecrnyer mnoxecrno komntmrepntx anropnrmon. Cneymmne rpn ncnontsymrcx uame ncero :
DES (Data Encryption Standard, cranapr mn|ponannx anntx) - camtn nonynxpntn komntmrepntn anr o-
pnrm mn|ponannx, xnnxercx amepnkancknm n mexynapontm cranaprom . 3ro cnmmerpnuntn anropnrm,
onn n ror xe knmu ncnontsyercx nx mn|ponannx n emn|pnponannx .
RSA (nasnan n uecrt cosarenen - Pnnecra (Rivest), Bamnpa (Sharnir) n 3nmana (Adleman)) - camtn no-
nynxpntn anropnrm c orkptrtm knmuom. Hcnontsyercx n nx mn|ponannx, n nx nn|ponon nonncn .
DSA (Digital Signature Algorithm, anropnrm nn|ponon nonncn, ncnontsyercx kak uacrt cranapra nn|p o-
non nonncn, Digital Signature Standard) - pyron anropnrm c orkptrtm knmuom. Hcnontsyercx rontko nx
nn|ponon nonncn, ne moxer trt ncnontsonan nx mn|ponannx .
Hmenno +rn n noonte anropnrmt onnctnamrcx n +ron knnre .
1.7 Bonumne uncna
Ha nporxxennn ncen knnrn x ncnontsym pasnnunte ontmne uncna nx onncannx pasnnuntx nemen n kpnnr o-
rpa|nn. Tak kak nerko sanynrtcx n +rnx uncnax n nx snauennxx, |nsnueckne ananorn nekoroptx uncen npnn e-
ent n 0-n.
3rn uncna onennnamrcx no nopxky nennunnt n tnn oropant ns pasnnuntx ncrounnkon. Mnorne acrpo| n-
snueckne snauennx oxcnxmrcx n paore upnmana ancona ( Ereeman Dyson), "Bpemx es konna: |nsnka n no-
nornx n orkptron Bcenennon" ("Time Without End: Physics and Biology in an Open Universe") n Reviews of Modem
Phvsics, v. 52, n. 3, July 1979, pp. 447-460. Cmeprnocrt n pesyntrare anrokaracrpo| paccunrana c nomomtm crar n-
crnkn Mnnncrepcrna rpancnopra (163 cmeprn mnnnnon uenonek n 1993 roy n nx cpenen npoonxnrentnocrn
xnsnn 69.7 roa.
Tan. 1-1. Bonnmne uncna
unsnuecknn ananor uncno
Bepoxrnocrt trt ynrtm monnnen (n reuenne nx) 1 ns 9 mnnnnapon (2
33
)
Bepoxrnocrt ntnrpart rnanntn npns n rocyapcrnennon norepee CBA 1 ns 4000000 (2
22
)
Bepoxrnocrt ntnrpart rnanntn npns n rocyapcrnennon norepee CBA n
trt ynrtm monnnen n reuenne roro xe nx
1 ns2
61
Bepoxrnocrt yronyrt (n CBA n reuenne roa) 1 ns 59000 (2
16
)
Bepoxrnocrt nornnyrt n anrokaracrpo|e (n CBA n roy) 1 ns 6100 (2
13
)
Bepoxrnocrt nornnyrt n anrokaracrpo|e (n CBA n reuenne npemenn xnsnn) 1 ns 88 (2
7
)
Bpemx o cneymmero oneenennx 14000 (2
14
) ner
Bpemx o npenpamennx Connna n cnepxnonym snesy 10
9
(2
30
) ner
Bospacr nnanert 10
9
(2
30
) ner
Bospacr Bcenennon 10
10
(2
34
) ner
uncno aromon nnanert 10
51
(2
170
)
uncno aromon Connna 10
57
(2
190
)
uncno aromon ranakrnkn 10
67
(2
223
)
uncno aromon Bcenennon 10
77
(2
265
)
Oem Bcenennon 10
84
(2
280
) cm
3
Ecnn Bcenennau xoneuna:
Honnoe npemx xnsnn ncenennon 10
11
(2
37
) ner
10
18
(2
61
) cekyn
Ecnn Bcenennau ecxoneuna:
Bpemx o ocrtnannx nerknx snes 10
14
(2
47
) ner
Bpemx o orptna nnaner or snes 10
15
(2
50
) ner
Bpemx o orptna snes or ranakrnk 10
19
(2
64
) ner
Bpemx o paspymennx opnr rpannrannonnon panannen 10
20
(2
67
) ner
Bpemx o paspymennx uepntx tp nponeccamn Xoknnra 10
64
(2
213
) ner
Bpemx o npenpamennx marepnn n xnkocrt npn nynenon remneparype 10
65
(2
216
) ner
Bpemx o npenpamennx marepnn n rnepoe reno
10
10
26
ner
Bpemx o npenpamennx marepnn n uepnym tpy
10
10
76
ner
Hac1u 1
KPHDTOFPAOHHECKHE DPOTOKO-
RL
Fnana 2
Sneuen1m npo1okonon
2.1 Bnepenne n npo1okonm
Cmtcn kpnnrorpa|nn - n pemennn nponem. (Ho cyrn, n +rom cocronr n cmtcn ncnontsonannx komntmrepon, o
uem mnorne ntramrcx satrt.) Kpnnrorpa|nx pemaer nponemt cekpernocrn, nponepkn nonnnnocrn, nenocrn o-
crn n uenoneueckon neuecrnocrn. Bt moxere ntyunrt nce o kpnnrorpa|nuecknx anropnrmax n meroax, no onn
npecrannxmr rontko akaemnuecknn nnrepec, ecnn ne ncnontsymrcx nx pemennx kakon-nnyt nponemt .
Hmenno no+romy mt conpaemcx cnauana nsrnxnyrt na nporokont .
Hpo1oxon - +ro nopxok encrnnn, npenpnnnmaemtx nymx nnn onee croponamn, npenasnauenntn nx p e-
mennx onpeenennon saaun. 3ro naxnoe onpeenenne. "Hopxok encrnnn" osnauaer, nporokon ntnonnxercx n
onpeenennon nocneonarentnocrn, c nauana o konna . Kaxoe encrnne onxno ntnonnxrtcx n cnom ouepet n
rontko nocne okonuannx npetymero. "Hpenpnnnmaemtx nymx nnn onee croponamn" osnauaer, uro nx pea-
nnsannn nporokona rpeyercx no kpannen mepe na uenoneka, onn uenonek ne cmoxer peannsonart nporokon . ue-
nonek n onnouky moxer ntnonnnrt nekoropte encrnnx, pemax saauy (nanpnmep, nokynax ropr), no +ro ne np o-
rokon. (nx roro, urot nonyunncx nacroxmnn nporokon, kro-ro onxen cecrt ropr .) Hakonen,
"npenasnauenntn nx pemennx onpeenennon saaun " osnauaer, uro nporokon onxen npnnonrt k kakomy-ro
pesyntrary. uro-ro, noxoxee na nporokon, no ne pemammee nnkakon saaun - +ro ne nporokon, +ro norepx
npemenn. V nporokonon ecrt rakxe n pyrne xapakrepncrnkn :
Kaxtn yuacrnnk nporokona onxen snart nporokon n nocneonarentnocrt cocrannxmmnx ero encrnnn .
Kaxtn yuacrnnk nporokona onxen cornacnrtcx cneonart nporokony .
Hporokon onxen trt nenpornnopeunntm, kaxoe encrnne onxno trt onpeeneno rak, urot ne tno
nosmoxnocrn nenonnmannx.
Hporokon onxen trt nonntm, kaxon nosmoxnon cnryannn onxno coornercrnonart onpeenennoe e n-
crnne.
B +ron knnre kaxtn nporokon oprannsonan kak nekoroptn nopxok encrnnn . Btnonnenne nporokona nponc-
xonr no encrnnxm, nnnenno, noka ne yer komant nepenrn k cneymmemy encrnnm . Kaxoe encrnne
nknmuaer no kpannen mepe ono ns nyx: ntuncnennx, ntnonnxemte onon nnn neckontknmn croponamn, nnn
coomennx, koroptmn omennnamrcx cropont.
Kpnn1orpaqnuecxnn npo1oxon - +ro nporokon, ncnontsymmnn kpnnrorpa|nm. Cropont moryr trt pystx-
mn n cneno onepxrt pyr pyry nnn nparamn n ne nepnrt pyr pyry axe npn coomennn npemenn cyrok . Kpnn-
rorpa|nuecknn nporokon nknmuaer nekoroptn kpnnrorpa|nuecknn anropnrm, no, noome ronopx, npenasnauenne
nporokona ntxonr sa pamkn npocron esonacnocrn . Vuacrnnkn nporokona moryr saxorert noennrtcx cekperom
pyr c pyrom, conmecrno renepnponart cnyuannym nocneonarentnocrt, nornepnrt pyr pyry cnom nonn n-
nocrt nnn nonncart konrpakr n onn n ror xe momenr npemenn. Cmtcn ncnontsonannx kpnnrorpa|nn n nporok o-
ne - n npeornpamennn nnn onapyxennn npenrentcrna n momennnuecrna . Ecnn nt nnkora ne cranknnannct c
noontmn nporokonamn, onn moryr pankantno nsmennrt name npecrannenne o rom, uro neonepxmmne pyr
pyry cropont moryr ntnonnnrt, ncnontsyx komntmrepnym cert . Omee npannno moxno c|opmynnponart cne-
ymmnm opasom:
Henosmoxno cenart nnn ysnart ontme, uem onpeeneno n nporokone .
3ro ropaso cnoxnee, uem kaxercx. B cneymmnx neckontknx rnanax x paccmarpnnam mnoxecrno nporokonon .
B nekoroptx ns nnx onn ns yuacrnnkon moxer omanyrt pyroro . B pyrnx, snoymtmnennnk moxer nsnomart
nporokon nnn ysnart cekpernym nn|opmannm. Px nporokonon nponannnamrcx, rak kak nx paspaorunkn neocr a-
rouno rmarentno onpeenxnn rpeonannx. pyrne nponannnamrcx ns-sa roro, uro nx paspaorunkn neocrarouno
rmarentno anannsnponann cnon nporokont. Kak n nx anropnrmon, ropaso nerue okasart nosmoxnym nees o-
nacnocrt nporokona, uem ero nonnym esonacnocrt.
Cmcu npomorouoe
B noncenennon xnsnn nourn nx ncero cymecrnymr ne|opmantnte nporokont : sakas ronapon no rene|ony,
nrpa n nokep, ronoconanne na ntopax. Hnkro ne saymtnaercx o +rnx nporokonax, onn ntpaartnannct n reu e-
nne nnrentnoro npemenn, nce snamr, kak nmn nontsonartcx n onn paoramr ocrarouno xopomo .
Ceronx nce ontme n ontme nmen omamrcx ne nnuno, a ncnontsyx komntmrepnym cert . nx rex xe ne-
men, koropte nmn enamr ne saymtnaxct, komntmrepam nyxnt |opmantnte nporokont . Kora nt nepeesxae-
re ns rocyapcrna n rocyapcrno n onapyxnnaere kannky, conepmenno ornnuammymcx or ron, k koropon nt np n-
ntknn, nt nerko aanrnpyerect. Komntmrept aneko ne rak rnkn .
uecrnocrt n esonacnocrt mnornx nporokonon uenoneueckoro omennx ocnonant na nnunom npncyrcrnnn . Pas-
ne nt anre nesnakomny kyuy ener, urot on kynnn nx nac uro-nnyt n akanee ? Cxere nn nt nrpart n nokep
c rem, kro xyntnnuaer, canax kaprt? Homnere nn nt cnon nsnparentntn mnnerent npannrentcrny, ne yyun
ynepenntm n rannocrn rakoro ronoconannx?
Hannno cunrart, uro nontsonarenn komntmrepntx ceren ncera uecrnt. Takxe nannno cunrart, uro ncera u e-
crnt paspaorunkn komntmrepntx ceren. nx ontmnncrna ns nnx +ro nmenno rak, no axe neckontko xynnkon
moryr npnnecrn mnoro npea. uopmannsnpyx nporokont, moxno nponepnrt cnocot, ncnontsyemte xynnkamn
nx nsnoma nporokonon. Tak mt moxem paspaorart nporokont, ycronunnte k nsnomy.
Kpome |opmannsannn encrnnn, nporokont nosnonxmr acrparnponartcx npn pemennn saaun or cnocoa p e-
mennx. Hporokon cnxsn onn n ror xe n na PC, n na VAX. Moxno nponepnrt nporokon, ne nanaxct n erann ero
peannsannn. Kora mt yenmcx n naexnocrn nporokona, ero moxno yer peannsonart re yrono or komntmr e-
pon o rene|onon n nnrennekryantntx rocrepon .
Heporu
nx emoncrpannn paort nporokonon x ncnontsym neckontko nrpokon (cm. 1-n). Hepnte noe - +ro Annca n
Fo. Onn yuacrnymr no ncex nycroponnnx nporokonax . Kak npannno, Annca (Alice) naunnaer nce nporokont, a
Fo (Bob) orneuaer. Ecnn nx nporokona nyxna rpertx nnn uerneprax cropona, n nrpy ncrynamr K+pon (y) n
+nn (Dave). pyrne nrpokn nrpamr cnennantnte ncnomorarentnte ponn, onn yyr npecrannent no sxe.
Hpomoroum c nocpeuuro
Hocpennx - +ro nesannrepeconannax rpertx cropona, koropon onepeno sanepmenne nporokona (cm. 1-n (a)).
Hesannrepeconannocrt osnauaer, uro y nocpennka ner sannrepeconannocrn n pesyntrare paort nporokona n
cknonnocrn k onon ns cropon. "onepeno" osnauaer, uro nce yuacrnnkn nporokona npnnnmamr nce, uro ckaxer
nocpennk sa ncrnny, nce ero encrnnx - kak npannntnte, n ynepent n rom, uro nocpennk ntnonnnr cnom uacrt
nporokona. Hocpennkn nomoramr peannsonart paory nporokonon nsanmoencrnnx neonepxmmnx pyr pyry
cropon.
B peantnom mnpe n kauecrne nocpennkon uacro ntcrynamr mpncrt . Hanpnmep, Annca npoaer nesnakomomy
en Foy mamnny. Fo xouer sannarnrt uekom, no y Annct ner cnocoa nponepnrt, encrnnrenen nn uek . Annca
xouer, urot pacuer no ueky tn nponsneen npexe, uem npano cocrnennocrn nepener k Foy . Fo, koroptn
nepnr Annce ne ontme, uem ona emy, ne xouer nepeanart uek, ne nonyunn npana cocrnennocrn .
Tan. 2-1. enc1nymmne nnna
Annca Hepntn yuacrnnk ncex nporokonon
Fo Bropon yuacrnnk ncex nporokonon
K+pon Tpernn yuacrnnk n nporokonax c yuacrnem rpex n uertpex cropon
+nn uerneprtn yuacrnnk n nporokonax c yuacrnem rpex n uertpex cropon
Ena 3noymtmnennnk (eavesdropper)
M+nnopn Bsnommnk nporokonon
Tpenr 3acnyxnnammnn onepnx nocpennk
Vonrep Konrponep, samnmaer Anncy n Foa n pxe nporokonon
Herrn Cnnerent
Bnkrop Hponepxer nonnnnocrt
(a) npofokon c nocpepuukor
() apufpauL npofokon
nocne cnyuemerocn
Eo
Tpeuf
Anuca
Anuca Eo Tpeuf
okasafenucfeo okasafenucfeo
(e) caropocfafouL npofokon
Eo
Anuca
Pnc. 2-1. Tnnm npo1oxonon
Hocpennuecrno mpncra ycrponr oonx. C ero nomomtm Annca n Fo moryr ntnonnnrt cneymmnn nporokon,
urot samnrnrt cex or omana:
(1) Annca nepeaer npano cocrnennocrn mpncry.
(2) Fo nepeaer uek mpncry.
(3) Annca enonnpyer uek.
(4) oxanmnct onnart ueka mpncr nepeaer npano cocrnennocrn Foy. Ecnn uek ne onnauen n reuenne onp e-
enennoro npemenn, Annca okastnaer +ror |akr mpncry, n ror nosnpamaer npano cocrnennocrn Annce.
B +rom nporokone Annca nepnr, uro mpncr ne nepeacr Foy npano cocrnennocrn o rex nop, noka uek ne y-
er onnauen, n nepner npano cocrnennocrn Annce, ecnn uek onnauen ne yer. Fo nepnr, uro mpncr yer ona-
art npanom cocrnennocrn o rex nop, noka uek ne yer onnauen, n nepeacr npano cocrnennocrn Foy cpasy
xe nocne onnart ueka. Rpncr ne saornrcx o onnare ueka. On n nmom cnyuae ntnonnnr cnom uacrt nporokona,
net emy sannarxr n nmom cnyuae.
B +rom npnmepe mpncr nrpaer pont nocpennka . Rpncrt uacro ntcrynamr n ponn nocpennkon npn sanema-
nnxx n nnora npn neperonopax o konrpakre . Pasnnunte npxn ntcrynamr n kauecrne nocpennkon mexy nok y-
narenxmn n npoannamn.
B kauecrne nocpennka moxer ntcrynnrt n ank - nx nokynkn mamnnt :
(1) Fo sanonnxer uek n nepeaer ero n ank.
(2) Ecnn na cuery Foa ocrarouno ener nx nokptrnx ueka, ank sanepxer uek n nosnpamaer ero Foy.
(3) Annca nepeaer Foy npano cocrnennocrn, a Fo nepeaer Annce sanepenntn uek.
(4) Annca enonnpyer uek.
3ror nporokon paoraer, noromy uro Annca nepnr ankonckomy cnnerentcrny . Annca nepnr, uro ank coxpa-
nnr entrn Foa nx nee n ne ncnontsyer nx nx |nnancnponannx comnnrentntx onepannn c nennxnmocrtm n
ananontx pecnynnkax.
pyrnm omenpnnxrtm nocpennkom xnnxercx norapnyc . Kora Fo nonyuaer or Annct sanepenntn norapn y-
com okymenr, on yexen, uro Annca nonncana okymenr no cnoemy xenannm n cocrnennopyuno . Hpn neoxo-
nmocrn norapnyc moxer ntcrynnrt n cye n sacnnerentcrnonart +ror |akr .
Honxrne nocpennka crapo kak mnp. Bcera cymecrnonann onpeenennte nmn - noxn, xpent n romy noo -
noe - onaanmne nnnxnnem, nosnonxmmnm nm encrnonart cnpanennno. Hocpennkn nrpamr onpeenennym
pont n namem omecrne, oman onepnx noopnan t sannmaemoe nmn nonoxenne . Rpncrt-nocpennkn, napy-
mammne npannna nrpa, nonepramrcx nakasannm - nanpnmep, ncknmuennm ns konnernn anokaron . 3ro neant-
nax kaprnna, n peantnom mnpe nonoxenne, k coxanennm, moxer ornnuartcx or nee .
3ror nean moxno nepenecrn na mnp komntmrepon, no c komntmrepntmn nocpennkamn cymecrnyer px np o-
nem:
herko nanrn nenrpantnym rpertm cropony, koropon moxno onepxrt, ecnn nt snaere nocpennka n moxere
nnuno ynnert ero. ne cropont, ornocxmnecx pyr k pyry c noospennem, c rem xe noospennem ornecy r-
cx n k esnnkomy nocpennky, sarepxnnomy re-ro n cern .
Komntmrepnax cert onxna oecneunrt noepxky nocpennka. 3anxrocrt mpncron omensnecrna, na koro
n cern nxryr ononnnrentnte naknante pacxot?
Cymecrnyer saepxka, npncymax ncem nporokonam c nocpennkom .
Hocpennk onxen npnnnmart yuacrne n kaxon rpansaknnn, xnnxxct ysknm mecrom n kpynnomacmrantx
peannsannxx nmoro nporokona. Pocr uncna nocpennkon cmxrunr +ry nponemy, no ntpacrer n nena +ron
ycnyrn.
Tak kak kaxtn n cern onxen onepxrt nocpennky, ro nocpennk npecrannxer coon cnaoe mecro cern
npn nontrke ee nsnoma.
Hecmorpx na +ro nocpennuecrno nce eme akrnnno ncnontsyercx. B nporokonax c ncnontsonannem nocpennka
+ry pont yer nrpart Tpenr.
Apumpaxume npomoroum
Hcnontsyemtn ns-sa ntcokon cronmocrn nanma nocpennkon apnrpaxnte nporokon moxer trt pasnr na
na nonpo1oxona nnxnero yponnx. Hepntn npecrannxer coon nporokon es nocpennka, ncnontsyemtn npn
xenannn cropon ntnonnnrt nporokon. pyron npecrannxer coon nporokon c nocpennkom, npnrnamaemtm n
ncknmunrentntx ocroxrentcrnax - npn nannunn pasnornacnn mexy croponamn . Coornercrnymmnn cnennantntn
nocpennk nastnaercx apn1pou (cm. 1-n()).
Apnrp, kak n nocpennk, npecrannxer coon nesannrepeconannoro yuacrnnka nporokona, koropomy onepxmr
oe cropont. B ornnune or nocpennka on nenocpecrnenno ne npnnnmaer yuacrnx n kaxon orentnon peanns a-
nnn nporokona n npnrnamaercx rontko nx nponepkn uecrnocrn ntnonnennx nporokona croponamn .
Hpo|eccnonantntmn apnrpamn xnnxmrcx cytn. B ornnune or norapnycon k cytxm opamamrcx rontko npn
noxnnennn pasnornacnn. Annca n Fo moryr saknmunrt konrpakr es yuacrnx cytn . Cytx nnkora ne ysnaer o
konrpakre, ecnn ona ns cropon ne noacr na pyrym n cy . Hporokon nonncannx konrpakra moxno |opmanns o-
nart cneymmnm opasom:
Honporokon es nocpennka (ntnonnxercx ncera) :
(1) Annca n Fo oronapnnamrcx o ycnonnxx konrpakra.
(2) Annca nonnctnaer konrpakr.
(3) Fo nonnctnaer konrpakr.
Honporokon c ncnontsonannem apnrpa (ntnonnxercx npn nannunn pasnornacnn) :
(4) Annca n Fo npecramr nepe cyten.
(5) Annca npeocrannxer cnon okasarentcrna.
(6) Fo npeocrannxer cnon okasarentcrna.
(7) Cytx npnnnmaer pemenne na ocnonannn okasarentcrn.
Pasnnune ncnontsyemtx n +ron knnre nonxrnn nocpennka n apnrpa cocronr n rom, uro yuacrne apnrpa np o-
ncxonr ne ncera. Cropont opamamrcx k cyte rontko npn pasnornacnxx. Ecnn pasnornacnn ner, cytx ne n y-
xen.
Cymecrnymr apnrpaxnte komntmrepnte nporokont. Onn npenonaramr, uro yuacrnymmne cropont uecrnt,
no npn noospennn o nosmoxnom momennnuecrne no cymecrnymmemy naopy anntx rpertx cropona, koropon
onepxmr yuacrnnkn, cmoxer onapyxnrt |akr momennnuecrna . Xopomnn apnrpaxntn nporokon nosnonxer a p-
nrpy ycranonnrt n nnunocrt momennnka. Apnrpaxnte nporokont onapyxnnamr, a ne npeynpexamr mome n-
nnuecrno. Heornparnmocrt onapyxennx ntcrynaer n kauecrne npeynpenrentnon mept, npeornpamax mome n-
nnuecrno.
Caoocmamouume npomoroum
Cauooc1a1ounmn npo1oxon xnnxercx nyumnm rnnom nporokona. On nonnocrtm oecneunnaer uecrnocrt
cropon (cm. 1-n(n)). nx ntnonnennx nporokona ne nyxen nn nocpennk, ne pemammnn cnopt apnrp . Camo no-
crpoenne nporokona oecneunnaer orcyrcrnne cnopon. Ecnn ona ns cropon nontraercx cmomennnuart, momenn n-
uecrno yer nemenenno onapyxeno pyron croponon, n nporokon npekparnr ntnonnxrtcx. uero t ne ntranact
onrtcx momennnuammax cropona, +romy ne cyxeno cnyunrtcx.
B nyumem mnpe nmon nporokon onxen trt camoocrarountm, no, k necuacrtm, ne cymecrnyer camoocr a-
rountx nporokonon nx kaxon cnryannn.
Honmmru ecrpmmua npomorouoe
Kpnnrorpa|nueckne nontrkn nsnoma moryr trt nanpannent npornn kpnnrorpa|nuecknx anropnrmon, n c-
nontsyemtx n nporokonax, npornn kpnnrorpa|nuecknx meroon, ncnontsyemtx nx peannsannn anropnrmon n
nporokonon nnn nenocpecrnenno npornn nporokonon. Hockontky n +rom pasene knnrn ocyxamrcx nmenno np o-
rokont, x npenonaram, uro kpnnrorpa|nueckne anropnrmt n merot esonacnt , n paccmarpnnam rontko nontr-
kn nckptrnx nporokonon.
hmn moryr ncnontsonart mnoxecrno cnocoon nsnomart nporokon. Hekoropte, ne xnnxxct yuacrnnkamn np o-
rokona, moryr "nocnymnnart" kakym-ro uacrt nnn nect nporokon . 3ro nastnaercx naccnnnmu ncxpm1neu, rak
kak nsnommnk ne nosencrnyer na nporokon. Bce, uro on moxer cenart - +ro npocnenrt sa nporokonom n nont-
rartcx otrt nn|opmannm. 3ror rnn nckptrnx coornercrnyer nckptrnm c ncnontsonannem rontko mn|porekcra,
ocyxanmemycx n pasene 1.1. Tak kak naccnnnte nckptrnx rpyno onapyxnrt, nporokont crpemxrcx npeo r-
npamart, a ne onapyxnnart nx. B +rnx nporokonax pont snoymtmnennnka yer nrpart Ena .
B pyrom cnyuae nsnommnk moxer nontrartcx nsmennrt nporokon nx cocrnennon ntrot . On moxer ntart
cex sa pyroro, nnecrn nonte coomennx n nporokon, samennrt ono coomenne pyrnm, nonropno nepeart cr a-
pte coomennx, pasopnart kanan cnxsn nnn nsmennrt xpanxmymcx n komntmrepe nn|opmannm . Takne encrnnx
nastnamrcx akrnnntm nckptrnem, rak kak onn rpeymr akrnnnoro nmemarentcrna . 3rn |opmt nckptrnx sanncxr
or nna cern.
Haccnnnte nsnommnkn crapamrcx nonyunrt nn|opmannm o yuacrnnkax nporokona . Onn conpamr coome-
nnx, nepeannte pasnnuntmn croponamn, n ntramrcx kpnnroanannsnponart nx . Hontrkn akrnnnoro nckptrnx, c
pyron cropont, npecneymr onee mnpoknn naop nenen. Bsnommnk moxer trt sannrepeconan n nonyuennn
nn|opmannn, yxymennn paort cncremt nnn nonyuennn necanknnonnponannoro ocryna k pecypcam .
Akrnnnte nckptrnx onee ceptesnt, ocoenno n ornomennn nporokonon, n koroptx cropont ne oxsarentno
onepxmr pyr pyry. Bsnommnk ne oxsarentno kro-ro concem nocroponnnn, on moxer trt saperncrpnponanntm
nontsonarenem cncremt n axe cncremntm amnnncrparopom . Moxer trt axe neckontko akrnnntx nsnommn-
kon, paorammnx nmecre. B +ron knnre pont snonamepennoro akrnnnoro nsnommnka yer nrpart M+ nnopn.
Bsnommnkom moxer trt n onn ns yuacrnnkon nporokona . On moxer omantnart, ntnonnxx nporokon, nnn
nonce ne cneonart npannnam nporokona. Takon nsnommnk nastnaercx uomennnxou. Haccnnnme uomennnxn
ntnonnxmr npannna nporokona, no crapamrcx nonyunrt ontme nn|opmannn, uem npeycmorpeno nporokonom .
Ax1nnnme uomennnxn napymamr paory nporokona, ntraxct cmomennnuart .
Ouent rpyno noepxnnart esonacnocrt nporokona, ecnn ontmnncrno ero yuacrnnkon - akrnnnte mome n-
nnkn, no nnora akrnnnoe momennnuecrno moxer trt onapyxeno sakonntmn yuacrnnkamn . Koneuno, nporoko-
nt onxnt trt samnment n or naccnnnoro momennnuecrna .
2.2 Depepaua nnqopuaunn c ncnonusonanneu cnuue1pnuno kpnn1orpaqnn
Kak nym croponam esonacno omennnartcx nn|opmannen? Koneuno xe, mn|pym cnon coomennx. Hocmor-
pnm, uro onxno nponsonrn, kora Annca noctnaer mn|ponannoe coomenne Foy (nonntn nporokon ropaso
cnoxnee).
(1) Annca n Fo ntnpamr cncremy mn|ponannx.
(2) Annca n Fo ntnpamr knmu.
(3) Annca mn|pyer orkptrtn rekcr cnoero coomennx c ncnontsonannem anropnrma mn|ponannx n knmua, n o-
nyuax mn|ponannoe coomenne.
(4) Annca noctnaer mn|ponannoe coomenne Foy.
(5) Fo emn|pnpyer mn|porekcr coomennx c ncnontsonannem anropnrma mn|ponannx n knmua, nonyuax o r-
kptrtn rekcr coomennx.
uro moxer Ena, naxoxct mexy Anncon n Foom, ysnart, nocnymnnax +ror nporokon ? Ecnn ona moxer no-
cnymart rontko nepeauy na +rane (4), en npnercx noneprnyrt mn|porekcr kpnnroanannsy . 3ro naccnnnoe
nckptrne npecrannxer coon nckptrne c ncnontsonannem rontko mn|porekcra, npnmenxemte anropnrmt ycro n-
unnt (nackontko nam nsnecrno) no ornomennm k nmtm ntuncnnrentntm momnocrxm, koroptn moxer sanon y-
unrt Ena nx pemennx nponemt.
Ena, onako, ne rnyna. Ona moxer rakxe nocnymart n +rant (1) n (2). Tora en cranyr nsnecrnt anropnrm n
knmu - rakxe kak n Foy. Kora ona nepexnarnr coomenne na +rane (4), ro en ocranercx rontko emn|ponart ero
camocroxrentno.
B xopomen kpnnrocncreme esonacnocrt nonnocrtm sanncnr or snannx knmua n aconmrno ne sanncnr or sn a-
nnx anropnrma. Hmenno no+romy ynpannenne knmuamn rak naxno n kpnnrorpa|nn . Hcnontsyx cnmmerpnuntn
anropnrm, Annca n Fo moryr orkptro ntnonnnrt +ran (1), no +ran (2) onn onxnt coxpannrt n ranne . Knmu
onxen ocranartcx n cekpere nepe, nocne n n reuenne paort nporokona - o rex nop, noka onxno ocranartcx n
ranne nepeanaemoe coomenne - n npornnnom cnyuae coomenne ryr xe yer packptro . (O kpnnrorpa|nn c or-
kptrtmn knmuamn, pemammen +ry nponemy nnaue, pacckastnaercx n pasene 2.5 .)
M+nnopn, akrnnntn nsnommnk, moxer cenart koe-uro pyroe. On moxer nontrartcx napymnrt nnnnm cnxsn
ne +rane (4), cenan rak, uro Annca noome ne cmoxer nepeanart nn|opmannm Foy . M+nnopn rakxe moxer ne-
pexnarnrt coomenne Annct n samennrt ero cnonm cocrnenntm . Ecnn emy yanoct ysnart knmu (nepexnarnn
omen nn|opmannen na +rane (2) nnn nsnoman kpnnrocncremy), on cmoxer samn|ponart cnoe coomenne n ornp a-
nnrt ero Foy nmecro nepexnauennoro, n Fo ne cmoxer ysnart, uro coomenne ornpanneno ne Anncon. Ecnn M+ n-
nopn ne snaer knmua, on moxer rontko cosart coomenne, npenpamammeecx npn emn|ponke n eccmtcnnny .
Fo, cunrax, uro coomenne ornpanneno Anncon, moxer pemnrt, uro nno y Annct, nno n cern nosnnknn cepte s-
nte nponemt.
A Annca? uro ona moxer cenart, urot ncnoprnrt nporokon? Ona moxer nepeart konnm knmua Ene, n rora
Ena cmoxer unrart nce, uro ronopnr Fo, n naneuarart ero cnona n Hir-Hopr Ta+c. 3ro ceptesno, no nponema
ne n nporokone. Annca n rak moxer nepeanart Ene nmte orkptrte rekcrt, nepeanaemte c ncnontsonannem
nporokona. Koneuno, ro xe camoe moxer cenart n Fo. Hporokon npenonaraer, uro Annca n Fo onepxmr pyr
pyry. Hrak, cnmmerpnuntm kpnnrocncremam npncymn cneymmne nponemt :
Pacnpeenenne knmuen onxno npononrtcx n cekpere . Knmun cront xe naxnt, kak n nce coomennx, s a-
mn|ponannte +rnmn knmuamn, rak kak snanne knmua nosnonxer packptrt nce coomennx . nx pacnpo-
crpanenntx cncrem mn|ponannx saaua pacnpeenennx knmuen - ceptesnenmax saaua . uacro kyptept
nnuno ocrannxmr knmun no nasnauennm.
Ecnn knmu ckomnpomernponan (ykpaen, pasraan, ntntran, nonyuen sa nsxrky n r.. ), ro Ena cmoxer
pacmn|ponart nce coomennx, samn|ponannte +rnm knmuom . Ona cmoxer rakxe ntcrynnrt n kauecrne
onon ns cropon n cosanart noxnte coomennx, ypaua pyrym cropony .
B npenonoxennn, uro kaxax napa nontsonarenen cern ncnontsyer orentntn knmu, omee uncno knmuen
tcrpo nospacraer c pocrom uncna nontsonarenen. Cert ns n nontsonarenen rpeyer n{n - l)/2 knmuen. Ha-
npnmep, nx omennx 10 nontsonarenen mexy coon nyxno 45 pasnnuntx knmuen, nx 100 nontsonarenen
norpeyercx 4950 knmuen. Pemenne nponemt - n ymentmennn uncna nontsonarenen, no +ro ne ncera no s-
moxno.
2.3 Opnonanpannennme qynkunn
Honxrne ononanpannennon qynxnnn xnnxercx nenrpantntm n kpnnrorpa|nn c orkptrtmn knmuamn . He
xnnxxct nporokonamn nenocpecrnenno ononanpannennte |ynknnn npecrannxmr coon kpaeyrontntn kament
ontmnncrna nporokonon, ocyxaemtx n +ron knnre .
Ononanpannennte |ynknnn ornocnrentno nerko ntuncnxmrcx, no nnneprnpymrcx c ontmnm rpyom. To ecrt,
snax x npocro paccunrart f(x), no no nsnecrnomy f(x) nenerko ntuncnnrt x. 3ect, "nenerko" osnauaer, uro nx nt-
uncnennx x no f(x) moryr norpeonartcx mnnnnont ner, axe ecnn na +ron nponemon yyr nrtcx nce komnt m-
rept mnpa.
Xopomnm npnmepom ononanpannennon |ynknnn cnyxnr pasnrax rapenka . herko pasnrt rapenky na rtcxuy
kpomeuntx kycoukon.. Onako, nenerko cnona cnoxnrt rapenky ns +rnx kycoukon .
3ro snyunr kpacnno, no rymanno n nenonxrno. Maremarnueckn crpororo okasarentcrna cymecrnonannx on o-
nanpannenntx |ynknnn ner, ner n peantntx cnnerentcrn nosmoxnocrn nx nocrpoennx |230, 530, 600, 661]. He-
cmorpx na +ro, mnorne |ynknnn ntrnxxr n rounocrn kak ononanpannennte : mt moxem paccunrart nx n, o cnx
nop, ne snaem npocroro cnocoa nnneprnponart nx . Hanpnmep, n orpannuennon okpecrnocrn nerko ntuncnnrt x
2
,
no namnoro cnoxnee x
1/2
. B ocranmencx uacrn pasena x conpamct npnrnopnrtcx, uro ononanpannennte |yn k-
nnn cymecrnymr. Mt noronopnm o +rom n eme pasene 11.2.
Hrak, uro xe xopomero n ononanpannenntx |ynknnxx ? Henocpecrnenno nx nentsx ncnontsonart nx mn|-
ponannx. Coomenne, samn|ponannoe ononanpannennon |ynknnen ecnonesno - ero nenosmoxno emn|ponart .
(Vnpaxnenne: nannmnre na rapenke uro-nnyt, pasenre rapenky na kpomeunte ockonkn n sarem oranre nx
npnxrenm. Honpocnre ero npounrart coomenne. Hocmorpnre, kak on yer osaauen ononanpannennon |ynkn n-
en.) nx kpnnrorpa|nn c orkptrtmn knmuamn nam nyxno uro-ro pyroe (xorx cymecrnymr n nenocpecrnennte
kpnnrorpa|nueckne npnmenennx ononanpannenntx |ynknnn - cm. pasen 3.2).
Ononanpannennau qynxnnu c nmxou - +ro ocotn rnn ononanpannennon |ynknnn, c cekpernon nasenkon .
Ee nerko ntuncnnrt n onom nanpannennn n rpyno - n oparnom . Ho ecnn nam nsnecren cekper, nt moxere nerko
paccunrart n oparnym |ynknnm. To ecrt, nerko ntuncnnrt f(x) no saannomy x, no rpyno no nsnecrnomy f(x)
ntuncnnrt x. Onako, cymecrnyer neontmax cekpernax nn|opmannx , v, nosnonxmmax, npn snannn f(x) n v, nerko
ntuncnnrt x.
B kauecrne xopomero npnmepa ononanpannennon |ynknnn c nmkom paccmorpnm uact . herko pasopart uact
na cornn manmcentknx kycoukon n rpyno cnona copart ns +rnx eranen paorammne uact . Ho, c cekpernon nn-
|opmannen - nncrpyknnen no copke - namnoro nerue pemnrt +ry saauy .
2.4 Opnonanpannennme xam-qynkunn
V ononanpannennon x+m-qynxnnn moxer trt mnoxecrno nmen: |ynknnx cxarnx, |ynknnx cokpamennx
contraction function, kparkoe nsnoxenne, xapakrepntn npnsnak, kpnnrorpa|nueckax konrpontnax cymma, ko ne-
nocrnocrn coomennx (message integrity check, MIC) n ko onapyxennx mannnynxnnn ( manipulation detection
code, MDC). Kak t ona ne nastnanact +ra |ynknnx xnnxercx nenrpantnon n conpemennon kpnnrorpa|nn . Ono-
nanpannennte x+m-|ynknnn - +ro pyrax uacrt |ynamenra mnornx nporokonon .
X+m-|ynknnn, onroe npemx ncnontsymmnecx n komntmrepntx naykax, npecrannxmr coon |ynknnn, mare-
marnueckne nnn nnte, koropte nonyuamr na nxo crpoky nepemennon nnnt (nastnaemym npoopasou) n npeo-
pasymr ee n crpoky |nkcnponannon, otuno mentmen, nnnt (nastnaemym snauennem x+m -|ynknnn). B kauecrne
npocron x+m-|ynknnn moxno paccmarpnnart |ynknnm, koropax nonyuaer npoopas n nosnpamaer anr, npecra n-
nxmmnn coon XOR ncex nxontx anron.
Cmtcn x+m-|ynknnn cocronr n nonyuennn xapakrepnoro npnsnaka npoopasa - snauennx, no koropomy anan n-
snpymrcx pasnnunte npoopast npn pemennn oparnon saaun . Tak kak otuno x+m-|ynknnx npecrannxer co-
on coornomenne "mnorne k onomy", nenosmoxno co ncen onpeenennocrtm ckasart, uro ne crpokn connaamr,
no nx moxno ncnontsonart, nonyuax npnemnemym onenky rounocrn .
Ononanpannennax x+m-|ynknnx - +ro x+m-|ynknnx, koropax paoraer rontko n onom nanpannennn : nerko
ntuncnnrt snauenne x+m-|ynknnn no npoopasy, no rpyno cosart npoopas, snauenne x+m -|ynknnn koroporo
panno saannon nennunne. Vnomnnanmnecx panee x+m-|ynknnn, noome ronopx, ne xnnxmrcx ononanpannenn t-
mn: saan konkperntn anr, ne npecrannxer rpya cosart crpoky anron, XOR koroptx aer saannoe snauenne.
C ononanpannennon x+m-|ynknnen rakoro ne ntner. Xopomen ononanpannennon x+m-|ynknnen xnnxercx
x+m-|ynknnx es c1onxnonennn - rpyno cosart na npoopasa c onnakontm snauennem x+m-|ynknnn.
X+m-|ynknnx xnnxercx orkptron, rannt ee pacuera ne cymecrnyer . Fesonacnocrt ononanpannennon
x+m-|ynknnen saknmuaercx nmenno n ee ononanpannennocrn. V ntxoa ner nnnmon sanncnmocrn or nxoa . Hs-
menenne onoro nra npoopasa npnnon k nsmenennm, n cpenem, nononnnt nron snauennx x+m -|ynknnn. Bt-
uncnnrentno nenosmoxno nanrn npoopas, coornercrnymmnn saannomy snauennm x+m -|ynknnn.
Hocmorpnre na +ro kak na cnoco nonyunrt xapakrepnte npnsnakn |annon . Ecnn nt xornre nponepnrt, uro y
koro-ro ecrt ror xe |ann, uro n y nac, no nt ne xornre, urot +ror |ann tn nepean nam, nonpocnre nocnart nam
snauenne x+m-|ynknnn. Ecnn npncnannoe snauenne x+m-|ynknnn connaer c paccunranntm namn, ro nourn n a-
nepnxka uyxon |ann connaaer c namnm. 3ro ocoenno nonesno npn |nnancontx rpansaknnxx , kora nt ne xorn-
re re-ro n cern npenparnrt cnxrne co cuera $100 n cnxrne $1000. B otuntx ycnonnxx nt moxere ncnontsonart
ononanpannennym x+m-|ynknnm es knmua, rak uro kro yrono moxer nponepnrt snauenne x+m -|ynknnn. Ecnn
nyxno, urot nponepnrt snauenne x+m-|ynknnn mor rontko onn nonyuarent, npournre cneymmnn pasen .
Kom npoeepru nouuuuocmu cooueuua
Ko nponepxn nonnnnoc1n coomennu (message authentication code, MAC), nsnecrntn rakxe kak ko npo-
nepkn nonnnnocrn anntx (data authentication code, DAG), npecrannxer coon ononanpannennym x+m-|ynknnm
c oannennem cekpernoro knmua (cm. pasen 18.14). 3nauenne x+m-|ynknnn xnnxercx |ynknnen n npoopasa, n
knmua. Teopnx ocraercx ron xe, uro n nx x+m-|ynknnn, no rontko ror, kro snaer knmu, moxer nponepnrt snau e-
nne x+m-|ynknnn. MAC moxno cosart c nomomtm x+m-|ynknnn nnn nounoro anropnrma mn|ponannx, cymec r-
nymr rakxe n cnennannsnponannte MAC.
2.5 Depepaua nnqopuaunn c ncnonusonanneu kpnn1orpaqnn c o1kpm1mun knm-
uaun
Bsrnxnnre na cnmmerpnuntn anropnrm kak na cen|. Knmu xnnxercx komnnannen. 3nammnn komnnannm u e-
nonek moxer orkptrt cen|, nonoxnrt n nero okymenr n cnona sakptrt. Kro-ro pyron npn nomomn ron xe ko m-
nnannn moxer orkptrt cen| n sapart okymenr . Tem, kro ne snaer komnnannn, npnercx nayunrtcx nsnamt-
nart cen|t.
B 1976 roy Vnr|nn n||n n Maprnn Xennman nancera nsmennnn +ry napanrmy kpnnrorpa|nn |496].
(NSA saxnnno, uro snano o rakon nosmoxnocrn eme n 1966 roy, no okasarentcrn ne npecrannno .) Onn onncann
xpnn1orpaqnm c o1xpm1mun xnmuaun, ncnontsyx na pasnnuntx knmua - onn orkptrtn n onn sakptrtn .
Onpeenenne sakptroro knmua no orkptromy rpeyer orpomntx ntuncnnrentntx sarpar. Kro yrono, ncnontsyx
orkptrtn knmu moxer samn|ponart coomenne, no ne pacmn|ponart ero. Pacmn|ponart coomenne moxer
rontko nnaenen sakptroro knmua. 3ro noxoxe na npenpamenne kpnnrorpa|nueckoro cen|a n nourontn xmnk .
Bn|ponanne c orkptrtm knmuom ananornuno onyckannm nnctma n nourontn xmnk, nmon moxer cenart +ro,
onycrnn nnctmo n npopest nouronoro xmnka . emn|pnponanne c sakptrtm knmuom nanomnnaer nsnneuenne no u-
rt ns nouronoro xmnka. Otuno +ro ropaso cnoxnee - nam moxer nonaonrtcx cnapountn arperar . Onako,
ecnn nt snaere cekper (y nac ecrt knmu or nouronoro xmnka ), nt es rpya ocranere namy noury.
Maremarnueckon ocnonon nponecca xnnxmrcx panee ocyxanmnecx ononanpannennte x+m-|ynknnn c
nmkom. Bn|ponanne ntnonnxercx n npxmom nanpannennn . Vkasannx no mn|ponannm orkptrt, kaxtn moxer
samn|ponart coomenne. emn|pnponanne ntnonnxercx n oparnom nanpannennn . Ono nacrontko rpyoemko,
uro, ne snax cekpera, axe na komntmrepax Cray sa rtcxun (n mnnnnont) ner nenosmoxno pacmn|ponart coo -
menne. Cekperom, nnn nmkom, n cnyxnr sakptrtn knmu, on enaer emn|pnponanne raknm xe npocrtm, kak n
mn|ponanne. Bor kak, ncnontsyx kpnnrorpa|nm c orkptrtmn knmuamn, Annca moxer nocnart coomenne Foy :
(1) Annca n Fo cornacontnamr kpnnrocncremy c orkptrtmn knmuamn.
(2) Fo noctnaer Annce cnon orkptrtn knmu.
(3) Annca mn|pyer cnoe coomenne n ornpannxer ero Foy.
(4) Fo pacmn|pontnaer coomenne Annct c nomomtm cnoero sakptroro knmua.
Oparnre nnnmanne, uro kpnnrorpa|nx c orkptrtmn knmuamn ycrpanxer nponemy pacnpeenennx knmuen,
npncymym cnmmerpnuntm kpnnrocncremam. Pantme Annca n Fo onxnt tnn ranno oronopnrtcx o knmue .
Annca morna ntpart nmon knmu, no en nyxno tno nepeart ero Foy. Ona morna cenart +ro sapanee, no +ro
rpeyer or nee onpeenennon npeycmorpnrentnocrn . Ona morna t nocnart knmu c cekperntm kyptepom, no nx
+roro nyxno npemx. Kpnnrorpa|nx c orkptrtmn knmuamn nce ynpomaer. Annca moxer ornpannrt Foy cekpernoe
coomenne es kaknx-nno npenapnrentntx encrnnn . V Ent, nocnymnnammen aconmrno nce, ecrt orkptrtn
knmu Foa n coomenne, samn|ponannoe +rnm knmuom, no ona ne cmoxer nonyunrt nn sakptrtn knmu Foa, nn
rekcr coomennx.
Otuno nenax cert nontsonarenen cornacontnaer ncnontsyemym kpnnrocncremy . V kaxoro ns nnx ecrt or-
kptrtn n sakptrtn knmu, orkptrte knmun nomemamrcx n omeocrynnon ase anntx . Tenept nporokon nt-
rnxnr eme npome:
(1) Annca nsnnekaer orkptrtn knmu Foa ns ast anntx.
(2) Annca mn|pyer cnoe coomenne c nomomtm orkptroro knmua Foa n noctnaer ero Foy.
(3) Fo pacmn|pontnaer coomenne Annct c nomomtm cnoero sakptroro knmua.
B nepnom nporokone Fo onxen tn nocnart Annce ee orkptrtn knmu npexe, uem ona morna ornpannrt emy
coomenne. Bropon nporokon ontme noxox na otunym noury. Fo ne yuacrnyer n nporokone o rex nop, noka on
ne nauner unrart coomenne.
Ceuauume rpunmocucmem
Hepnte anropnrmt c orkptrtm knmuom crann nsnecrnt n ro xe npemx, kora npoxonno DES ocyxenne kak
npenonaraemoro cranapra. 3ro npnneno k nsnecrnon naprnsanmnne n kpnnrorpa|nueckom coomecrne . Kak +ro
onnctnan n||n |494]:
Hpekpacnte kpnnrocncremt c orkptrtm knmuom, ocyxaemte n nonynxpnon n nayunon neuarn, rem ne menee, ne namnn
coornercrnymmero orknnka cpen kpnnrorpa|nuecknx unnonnnkon . B rom xe roy, kora tna orkptra kpnnrorpa|nx c orkp t-
rtmn knmuamn, Arenrcrno nannonantnon esonacnocrn ( NSA) npenoxnno yonym kpnnrorpa|nueckym cncremy , paspao-
rannym |npmon IBM, n kauecrne |eepantnoro Cmauoapma uuqpoeauu oauuix (Data Encryption Standard, DES). Maprn
Xennman n x kpnrnkonann +ro npenoxenne ns-sa neocrarounon nnnt knmua, no nponsnonrenn nororonnnnct noepxart
cranapr, n nama kpnrnka tna nocnpnnxra mnornmn kak nontrka nomemart nneennm cranapra pan nponnxennx namen
cocrnennon paort. Kpnnrorpa|nx c orkptrtm knmuom, n cnom ouepet, rakxe nonepranact kpnrnke n nonynxpnon nnrep a-
rype |1125] n rexnnuecknx crartxx |849, 1159], cnonno +ro tn konkypnpymmnn npoykr, a ne neannee nayunoe orkptrne .
3ro, onako, ne nomemano NSA oxnnrt o cnonx sacnyrax n +ron onacrn. Ero npekrop n onon ns craren Encvclopedia Bri-
tannica |1461] ykasan, uro "nyxknmuenax kpnnrorpa|nx tna orkptra n Arenrcrne na ecxrt ner pantme ", xorx okasarentcrna
+roro yrnepxennx ne tnn nynnuno npecrannent.
B peantnom mnpe anropnrmt c orkptrtmn knmuamn ne samenxmr cnmmerpnunte anropnrmt n ncnontsymrcx
ne nx mn|ponannx coomennn, a nx mn|ponannx knmuen no cneymmnm nym npnunnam :
1. Anropnrmt c orkptrtmn knmuamn paoramr menenno. Cnmmerpnunte anropnrmt no kpannen mepe n
1000 pas tcrpee, uem anropnrmt c orkptrtmn knmuamn . a, komntmrept cranonxrcx nce tcrpee n
tcrpee n ner uepes 15 kpnnrorpa|nx c orkptrtmn knmuamn ocrnrner ckopocren, cpannnmtx c cer o-
nxmnen ckopocrtm cnmmerpnunon kpnnrorpa|nn . Ho rpeonannx k oemy nepeanaemon nn|opmannn
rakxe nospacramr, n ncera yer rpeonartcx mn|ponart annte tcrpee, uem +ro cmoxer cenart
kpnnrorpa|nx c orkptrtmn knmuamn.
2. Kpnnrocncremt c orkptrtmn knmuamn yxsnnmt no ornomennm k nckptrnm c ntpanntm orkptrtm
rekcrom. Ecnn C E(P), re P - orkptrtn rekcr ns n nosmoxntx orkptrtx rekcron, ro kpnnroanannrn-
ky nyxno rontko samn|ponart nce n nosmoxntx orkptrtx rekcron n cpannnrt pesyntrart c C
(nomnnre, knmu mn|ponannx omeocrynen). On ne cmoxer packptrt knmu emn|pnponannx, no on
cmoxer onpeennrt P.
Bckptrne c ntpanntm orkptrtm rekcrom moxer trt ocoenno +||ekrnnntm, ecnn uncno nosmoxntx
mn|ponanntx coomennn ornocnrentno mano. Hanpnmep, ecnn P - +ro enexnax cymma n onnapax, mentmax uem
$1000000, ro rakoe nckptrne cpaoraer, kpnnroanannrnk nepeeper nect mnnnnon snauennn . (3ra nponema pe-
maercx c nomomtm nepoxrnocrnoro mn|ponannx, cm. pasen 23.15.) axe ecnn P ne rak xopomo onpeeneno, ra-
koe nckptrne moxer trt ouent +||ekrnnno. Honesntm moxer trt npocroe snanne, uro mn|porekcr ne coo r-
nercrnyer konkpernomy orkptromy rekcry. Cnmmerpnunte kpnnrocncremt ne uyncrnnrentnt k nckptrnxm rakoro
rnna, rak kak kpnnroanannrnk ne moxer ntnonnnrt recrontx emn|ponok c nensnecrntm knmuom .
B ontmnncrne peannsannn kpnnrorpa|nx c orkptrtmn knmuamn ncnontsyercx nx sacekpeunnannx n pacnp o-
crpanennx ceancontx knmuen, koropte ncnontsymrcx cnmmerpnuntmn anropnrmamn nx sakptrnx noroka coo-
mennn |879]. Hnora rakne peannsannn nastnamrcx cmemanntmn (rnpnntmn) kpnnrocncremamn
(1) Fo noctnaer Annce cnon orkptrtn knmu
(2) Annca cosaer cnyuanntn ceancontn knmu, mn|pyer ero c nomomtm orkptroro knmua Foa n nepeaer ero
Foy.
E
B
(K)
(3) Fo pacmn|pontnaer coomenne Annct, ncnontsyx cnon sakptrtn knmu, nx nonyuennx ceanconoro knmua.
D
B
(E
B
(K))K
(4) Oa yuacrnnka mn|pymr cnon coomennx c nomomtm onoro ceanconoro knmua.
Hcnontsonanne kpnnrorpa|nn c orkptrtmn knmuamn nx pacnpeenennx knmuen pemaer ouent naxnym np o-
nemy pacnpeenennx knmuen. B cnmmerpnunon kpnnrorpa|nn knmu mn|ponannx anntx, ecnn on ne ncnonts y-
ercx, nanxercx es ena. Ecnn Ena sanonyunr ero, ona cmoxer pacmn|ponart nce sakptrte +rnm knmuom coom e-
nnx. C nomomtm npnneennoro nporokona npn neoxonmocrn samn|ponart coomennx cosaercx ceancontn
knmu, koroptn ynnuroxaercx no okonuannn ceanca cnxsn . 3ro snaunrentno ymentmaer pnck komnpomerannn c e-
anconoro knmua. Koneuno, k komnpomerannn uyncrnnrenen n sakptrtn knmu, no pncka snaunrentno mentme, rak
kak n reuenne ceanca +ror knmu ncnontsyercx rontko onn pas nx mn|ponannx ceanconoro knmua . Hopono cnx-
sannte c +rnm nonpoct ocyxamrcx n pasene 3.1.
Iouoeouoru Meprua
Pant| Mepkn (Ralph Merkle) nsopen nepnym cxemy kpnnrorpa|nn c orkptrtmn knmuamn . B 1974 roy on sa-
nncancx na kypc no komntmrepnon esonacnocrn n Kann|opnnnckom ynnnepcnrere, Fepknn , koroptn nen hanc
Xo||man (Lance Hoffman). Temon ero kypconon paort, noannon pantme cpoka, tna "Fesonacnax nepeaua
anntx no neesonacntm kananam" |1064]. Xo||man ne nonxn npenoxennx Mepkna, n n konne konnon Mepkn
npekparnn sanxrnx. On npoonxan paorart na nponemon necmorpx na npoonxammeecx nenonnmanne ero p e-
syntraron.
Texnnka Mepkna ocnontnanact na ronononomkax ( "puzzle"), koropte ornpannrenm n nonyuarenm pemnrt ne r-
ue uem snoymtmnennnky. Bor kak Annca moxer nocnart mn|ponannoe coomenne Foy, ne omennnaxct c nnm
knmuom o roro.
(1) Fo cosaer 2
20
(pyrnmn cnonamn, ontme mnnnnona) coomennn rnna: "3ro ronononomka nomep x. 3ro
cekperntn knmu nomep v.", re x - cnyuannoe uncno, a v - cnyuanntn cekperntn knmu. H x, n v ornnuamrcx
n kaxom coomennn. Hcnontsyx cnmmerpnuntn anropnrm, on mn|pyer kaxoe coomenne cnonm 20 n r-
ntm knmuom n nce nx ornpannxer Annce.
(2) Annca ntnpaer ono coomenne n npncrynaer k nckptrnm rpyon cnnon, ntraxct nonyunrt orkptrtn
rekcr. 3ra paora xnnxercx oemnon, no ne nenosmoxnon.
(3) Annca mn|pyer cnoe cekpernoe coomenne npn nomomn nekoroporo cnmmerpnunoro anropnrma nonyuenntm
em knmuom n noctnaer +ro coomenne Foy nmecre c x.
(4) Fo snaer, kakon cekperntn knmu v on ncnontsonan n coomennn x, cneonarentno on moxer pacmn|ponart
coomenne Annct.
Ena moxer nsnomart +ry cncremy, no en npnercx ntnonnnrt ropaso ontme paort uem Annce n Foy . nx
packptrnx coomennx na +rane (3) ona onxna yer nckptrt rpyon cnnon kaxoe ns 2
20
coomennn, ornpan-
nenntx Foom na +rane (1). Cnoxnocrt +roro nckptrnx cocrannr 2
40
. 3nauennx x rakxe ne nomoryr Ene, net onn
na +rane (1) npncnoent cnyuanntm opasom. B omem cnyuae, ntuncnnrentnte sarpart Ent yyr pannt nosn e-
enntm n knapar ntuncnnrentntm sarparam Annct.
3ro ntnrptm (n no ornomennm k n
2
) nenennk no kpnnrorpa|nuecknm cranapram, no npn onpeenenntx ycn o-
nnxx moxer trt ocrarouen. Ecnn Annca n Fo moryr nponepnrt ecxrt rtcxu knmuen n cekyny, kaxomy ns
nnx norpeyercx mnnyra nx ntnonnennx cnonx encrnnn n eme ona mnnyra nx nepeaun ronononomok or Foa k
Annce no nnnnn cnxsn 1.544 Mnr/c. Ecnn ntuncnnrentnte nosmoxnocrn Ent cpannnmt c npnneenntmn, en
norpeyercx okono roa nx nsnoma cncremt. pyrne anropnrmt eme onee ycronunnt k nckptrnm .
2.6 Unqponme nopnncn
Pykonncnte nonncn nsanna ncnontsymrcx kak okasarentcrno anropcrna okymenra nnn, no kpannen mepe,
cornacnx c nnm. uro xe rak npnrxrarentno n nonncn |1392]?
1. Honnct ocronepna. Ona yexaer nonyuarenx okymenra n rom, uro nonncanmnn cosnarentno non n-
can okymenr.
2. Honnct nenoentna. Ona okastnaer, uro nmenno nonncanmnn, n nnkro nnon, cosnarentno nonncan
okymenr.
3. Honnct ne moxer trt ncnontsonana nonropno. Ona xnnxercx uacrtm okymenra, xynnk ne cmoxer
nepenecrn nonnct na pyron okymenr.
4. Honncanntn okymenr nentsx nsmennrt. Hocne roro, kak okymenr nonncan, ero nenosmoxno nsm e-
nnrt.
5. Or nonncn ne nosmoxno orpeutcx. Honnct n okymenr marepnantnt. Honncanmnn ne cmoxer nn o-
cnecrnnn yrnepxart, uro on ne nonnctnan okymenr.
B encrnnrentnocrn, nn ono ns +rnx yrnepxennn ne xnnxercx nonnocrtm cnpanennntm . Honncn moxno
noenart, cnecrn c onoro nncra ymarn na pyron, okymenrt moryr trt nsmenent nocne nonncannx . Onako,
mt mnpnmcx c +rnmn nponemamn ns-sa roro, uro momennnuecrno sarpynnrentno n moxer trt onap yxeno.
Xorenoct t peannsonart uro-nnyt noonoe n na komntmrepax, no ecrt px nponem . Bo nepntx, komntm-
repnte |annt ckonnponart ne npocro, a ouent npocro . axe ecnn nonnct uenoneka rpyno noenart (nanpnmep,
rpa|nueckoe nsopaxenne pykonncnon nonncn), moxno nerko ntpesart npannntnym nonnct ns onoro okyme n-
ra n ncrannrt n pyron. Hpocroe nannune rakon nonncn nnuero ne osnauaer . Bo nroptx, komntmrepnte |annt
ouent nerko moxno nsmennrt nocne roro, kak onn nonncant, ne ocrannxx nn manenmero cnea nsmenennx .
Honuco oryeuma c noouom cuempuuumx rpunmocucme u nocpeuura
Annca xouer nonncart nn|ponoe coomenne n ornpannrt ero Foy. Ona moxer +ro cenart c nomomtm Tpe n-
ra n cnmmerpnunon kpnnrocncremt.
Tpenr - +ro onaammnn nnacrtm nocpennk, koropomy onepxmr . On moxer cnxstnartcx n c Anncon, n c Fo-
om (n co ncemn pyrnmn xenammnmn nonnctnart nn|ponte okymenrt ). On ntaer cekperntn knmu, K
A
, Ann-
ce n pyron cekperntn knmu, K
B
, - Foy. 3rn knmun onpeenxmrcx saonro o nauana encrnnx nporokona n moryr
trt ncnontsonant mnorokparno nx mnornx nonncen .
(1) Annca mn|pyer cnoe coomenne Foy knmuom K
A
n noctnaer ero Tpenry.
(2) Tpenr, snax knmu K
A
, pacmn|pontnaer coomenne.
(3) Tpenr oannxer k pacmn|ponannomy coomennm yrnepxenne, uro on nonyunn +ro coomenne or Annct, n
mn|pyer +ro nonoe coomenne knmuom K
B
.
(4) Tpenr noctnaer nonoe coomenne Foy.
(5) Fo pacmn|pontnaer coomenne knmuom K
B
. On moxer npounrart n coomenne Annct, n nornepxenne
Tpenra, uro coomenne ornpanneno nmenno Anncon.
Orkya Tpenr ysnaer, uro coomenne npnmno nmenno or Annct, a ne or kakoro-ro camosnanna ? On enaer +ror
ntno ns mn|ponannx coomennx.
Takxe nn +ro xopomo, kak nonnct na ymare? Hocmorpnm na rpeyemte cnoncrna:
1. 3ra nonnct ocronepna. Tpenr - +ro sacnyxnnammnn onepnx nocpennk, n Tpenr snaer, uro coom e-
nne nonyueno or Annct. Hornepxenne Tpenra cnyxnr okasarentcrnom nx Foa.
2. 3ra nonnct nenoentna. Tontko Annca (n Tpenr, no emy nce nepxr) snaer K
A
, no+romy rontko Annca
morna nocnart Tpenry coomenne, samn|ponannoe knmuom K
A
. Ecnn kro-nnyt nontraercx ntart ce-
x sa Anncy, Tpenr cpasy samernr +ro na +rane (2) n ne sanepnr nonnnnocrt.
3. 3ry nonnct nentsx ncnontsonart nonropno. Ecnn Fo nontraercx nsxrt nornepxenne Tpenra n np n-
coennnrt ero k pyromy coomennm, Annca sakpnunr "Kapayn!" Hocpennk (Tpenr nnn kro-ro concem
pyron, nmemmnn ocryn k ron xe nn|opmannn) nonpocnr Foa npexnnrt ero coomenne n mn|p o-
nannoe coomenne Annct. 3arem nocpennk samn|pyer coomenne knmuom K
A
n ynnnr, uro ono ne co-
ornercrnyer mn|ponannomy coomennm, nepeannomy Foom . Fo, koneuno xe, ne cmoxer cosart npa-
nnntnoe mn|ponannoe coomenne, noromy uro on ne snaer kn mua K
A
.
4. Honncanntn okymenr nentsx nsmennrt. Ecnn Fo nontraercx, nonyunn okymenr, nsmennrt ero,
Tpenr onapyxnr momennnuecrno yxe onncanntm cnocoom.
5. Or nonncn nenosmoxno orkasartcx. Ecnn nnocnecrnnn Annca saxnnr, uro ona nnkora ne noctnana
coomenne, nornepxenne Tpenra okaxer oparnoe. Homnnre, nce onepxmr Tpenry, nce, ckasannoe
nm - ncrnna.
Ecnn Fo saxouer nokasart K+pon okymenr, nonncanntn Anncon, on ne cmoxer packptrt en cnon cekperntn
knmu. Emy npnercx cnona oparnrtcx k Tpenry:
(1) Fo eper coomenne n yrnepxenne Tpenra, uro coomenne nonyueno or Annct, mn|pyer nx knmuom K
B
n
noctnaer oparno Tpenry.
(2) Tpenr pacmn|pontnaer nonyuenntn naker c nomomtm knmua K
B
.
(3) Tpenr nponepxer cnom asy anntx n nornepxaer, uro ornpannrenem opnrnnantnoro coomennx tna
Annca.
(4) Tpenr mn|pyer nonyuenntn or Foa naker knmuom K
C
, koroptn on ntennn nx K+pon, n noctnaer K+pon
mn|ponanntn naker.
(5) Tpenr pacmn|pontnaer nonyuenntn naker c nomomtm knmua K
C
. Tenept ona moxer npounrart n coome-
nne, n nornepxenne Tpenra, uro coomenne ornpanneno Anncon.
3rn nporokont paoramr, no onn rpeymr or Tpenra nemantx sarpar npemenn. On onxen nentmn nxmn
pacmn|pontnart n mn|ponart coomennx, nocpennuax mexy kaxon napon nmen, koropte xorxr omen n-
nartcx nonncanntmn okymenramn. On onxen xpannrt coomennx n ase anntx (xorx +roro moxno nsexart,
noctnax nonyuarenm konnm mn|ponannoro coomennx ornpannrenx ). On yer ysknm mecrom nmon cncremt
cnxsn, axe ecnn on - npocro ecuyncrnennax komntmrepnax nporpamma. .
Takoro nocpennka kak Tpenr, koropomy yyr onepxrt nce koppecnonenrt, rxxeno nanrn n rxxeno coxp a-
nnrt. Tpenr onxen trt nenorpemnm, ecnn on cenaer xorx t ony omnky na mnnnnon nonncen, nnkro ne
yer nepnrt emy. Tpenr onxen trt aconmrno esonacen . Ecnn ero asa anntx c cekperntmn knmuamn kora-
nnyt packpoercx, nnn kro-nnyt cmoxer nepenporpammnponart ero, nce nonncn cranyr ecnonesntmn . Hox-
nxrcx okymenrt yro t nonncannte rot nasa . 3ro npnneer k xaocy. Hpannrentcrna nayr, n craner npa-
nnrt anapxnx. Takax cxema reopernueckn moxer paorart, no ona neocrarouno xopoma nx npakrnueckoro np n-
menennx.
epeeoa uuqpoemx nonuce
Pant| Mepkn npenoxnn cncremy nn|pontx nonncen, ocnonannym na kpnnrorpa|nn c cekperntm knmuom,
cosammen eckoneunoe konnuecrno onopasontx nonncen, ncnontsyx penonnnym crpykrypy |1067,1068]. Oc-
nonnon neen +ron cxemt xnnxercx nomecrnrt kopent epena n neknn orkptrtn |ann , yocronepxx ero raknm o-
pasom. Kopent nonnctnaer ono coomenne n yocronepxer noysnt epena . Kaxtn ns +rnx ysnon nonnctnaer
ono coomenne n yocronepxer cnon noysnt, n rak anee .
Honuco oryeuma c noouom rpunmoepaquu c omrpmmmu rumuau
Cymecrnymr anropnrmt c orkptrtmn knmuamn, koropte moxno ncnontsonart nx nn|pontx nonncen. B n e-
koroptx anropnrmax - npnmepom xnnxercx RSA (cm. pasen 19.3) - nx mn|ponannx moxer trt ncnontsonan nnn
orkptrtn, nnn sakptrtn knmu. 3amn|pynre okymenr cnonm sakptrtm knmuom, n nt nonyunre naexnym nn |-
ponym nonnct. B pyrnx cnyuaxx - npnmepom xnnxercx DSA (cm. pasen 20.1) - nx nn|pontx nonncen ncnont-
syercx orentntn anropnrm, koroptn nenosmoxno ncnontsonart nx mn|ponannx . 3ra nex nnepnte tna nso-
perena n||n n Xennmanom |496] n n antnenmem tna pacmnpena n yrnynena n pyrnx paorax |1282, 1328,
1024, 1283, 426]. Xopomnn osop +ron onacrn npnneen n |1099]. Ocnonnon nporokon npocr:
(1) Annca mn|pyer okymenr cnonm sakptrtm knmuom, raknm opasom nonnctnax ero.
(2) Annca noctnaer nonncanntn okymenr Foy.
(3) Fo pacmn|pontnaer okymenr, ncnontsyx orkptrtn knmu Annct, raknm opasom nponepxx nonnct.
3ror nporokon ropaso nyume npetymero. Tpenr ne nyxen nn nx nonncn okymenron, nn nx ee nponepkn.
(On nyxen nx nornepxennx, uro orkptrtn knmu npnnanexnr nmenno Annce .) Tpenr ne nyxen croponam axe
nx paspemennx cnopon: Ecnn Fo ne cmor ocymecrnnrt +ran (3), ro on snaer, uro nonnct nenpannntna. Takax
nonnct coornercrnyer ncem rpeonannxm:
1. 3ra nonnct ocronepna. Kora Fo pacmn|pontnaer coomenne c nomomtm orkptroro knmua Annct,
on snaer uro ona nonncana +ro coomenne.
2. 3ra nonnct nenoentna. Tontko Annca snaer cnon sakptrtn knmu.
3. 3ry nonnct nentsx ncnontsonart nonropno. Honnct xnnxercx |ynknnen okymenra n ne moxer trt
nepenecena na pyron okymenr.
4. Honncanntn okymenr nentsx nsmennrt. Hocne nmoro nsmenennx okymenra nonnct ne cmoxer
ontme nornepxartcx orkptrtm knmuom Annct.
5. Or nonncn nenosmoxno orkasartcx. Foy ne rpeyercx nomomt Annct npn nponepke ee nonncn.
Honuco oryeuma u emru epeeuu
Ha camom ene, npn onpeenenntx ycnonnxx Fo cmoxer cmomennnuart . On moxer nonropno ncnontsonart
okymenr n nonnct conmecrno. 3ro ne nmeer snauennx, ecnn Annca nonncana konrpakr (onon konnen nonn-
cannoro konrpakra ontme, onon mentme), no uro ecnn Annca nocrannna nn|ponym nonnct no uekom?
Hpenonoxnm, uro Annca nocnana Foy nonncanntn uek na $100. Fo ornec uek n ank, koroptn nponepnn
nonnct n nepenen entrn c onoro cuera na pyron. Fo, ntcrynammnn n ponn xynnka, coxpannn konnm +ne k-
rponnoro ueka. Ha cneymmen neene on cnona ornec ero n +ror nnn pyron ank . Fank nornepnn nonnct n ne-
penen entrn c onoro cuera na pyron. Ecnn Annca ne nponepxer cnom uekonym knnxky, Fo cmoxer npoen t-
nart +ro roamn.
Ho+romy n nn|ponte nonncn uacro nknmuamr merkn npemenn . ara n npemx nonncannx okymenra oa n-
nxmrcx k okymenry n nonnctnamrcx nmecre co ncem coepxannem coomennx . Fank coxpanxer +ry merky npeme-
nn n ase anntx. Tenept, ecnn Fo nontraercx nonyunrt nannunte no ueky Annct no nropon pas, ank nponepnr
merky npemenn no cnoen ase anntx. Tak kak ank yxe onnarnn uek Annct c ron xe merkon npemenn, ro yer
ntsnana nonnnnx. 3arem Fo nponeer ner 15 n rmptme hnnennopr, nsyuax kpnnrorpa|nueckne nporokont .
Honuco oryeuma c noouom rpunmoepaquu c omrpmmmu rumuau u ououanpaeueuumx x+u-
qyuruu
Ha npakrnke anropnrmt c orkptrtmn knmuamn uacro neocrarouno +||ekrnnnt nx nonncn ontmnx ok y-
menron. nx +konomnn npemenn nporokont nn|ponon nonncn nepeko ncnontsymr nmecre c ononanpannenntmn
x+m-|ynknnxmn |432, 433]. Annca nonnctnaer ne okymenr, a snauenne x+m-|ynknnn nx annoro okymenra . B
+rom nporokone ononanpannennax x+m-|ynknnx n anropnrm nn|ponon nonncn cornacontnamrcx sapanee .
(1) Annca nonyuaer snauenne ononanpannennon x+m-|ynknnn nx okymenra.
(2) Annca mn|pyer +ro snauenne cnonm sakptrtm knmuom, raknm opasom nonnctnax okymenr.
(3) Annca noctnaer Foy okymenr n nonncannoe snauenne x+m-|ynknnn.
(4) Fo nonyuaer snauenne ononanpannennon x+m-|ynknnn nx okymenra, npncnannoro Anncon. 3arem, n c-
nontsyx anropnrm nn|ponon nonncn, on pacmn|pontnaer nonncannoe snauenne x+m-|ynknnn c nomomtm
orkptroro knmua Annct. Ecnn nonncannoe snauenne x+m-|ynknnn connaaer c paccunranntm, nonnct
npannntna.
Ckopocrt samerno nospacraer n, rak kak nepoxrnocrt nonyunrt nx nyx pasnnuntx okymenron onnakonoe
160-nrnoe snauenne x+m-|ynknnn cocrannxer rontko onn manc ns 2
160
, moxno esonacno npnpannxrt nonnct
snauennx x+m-|ynknnn n nonnct okymenra . onxna ncnontsonartcx rontko ononanpannennax x+m-|ynknnx,
nnaue cosart pasnte okymenrt c onnm n rem xe snauennem x+m-|ynknnn nerpyno, n nonnct onoro ok y-
menra npnneer k omnounon nonncn cpasy mnornx okymenron .
V nporokona ecrt n pyrne ntrot. Bo nepntx, nonnct moxer trt orenena or okymenra. Bo nroptx, sn a-
unrentno ymentmamrcx rpeonannx k oemy namxrn nonyuarenx, n koropom xpanxrcx okymenrt n nonncn . Ap-
xnnnax cncrema moxer ncnontsonart +ror nporokon nx nornepxennx cymecrnonannx okymenron, ne xpanx nx
coepxannx. B nenrpantnon ase anntx moryr xpannrtcx nnmt snauennx x+m-|ynknnn nx |annon . Bonce ne
nyxno npocmarpnnart |annt, nontsonarenn nomemamr cnon snauennx x+m-|ynknnn n asy anntx, a asa a n-
ntx xpannr +rn snauennx, nomeuax nx npemenem nonyuennx okymenra. Ecnn n yymem nosnnkner kakoe-nnyt
pasnornacne no nonoy anropa n npemenn cosannx okymenra, asa anntx cmoxer paspemnrt ero npn nomomn
xpanxmerocx n nen snauennx x+m-|ynknnn. Hoonax cncrema nmeer ontmoe snauenne npn xpanennn cekpernon
nn|opmannn: Annca moxer nonncart okymenr n coxpannrt ero n cekpere . En nonaonrcx onynnkonart oky-
menr, rontko ecnn ona saxouer okasart cnoe anropcrno . (Cm. pasen 4.1).
Aueopumm u mepuuouoeua
Cymecrnyer mnoxecrno anropnrmon nn|ponon nonncn. Bce onn npecrannxmr coon anropnrmt c orkptrtmn
knmuamn c sakptron uacrtm nx nonncn okymenron n c orkptron - nx nponepkn nonncn . Hnora nponecc
nonncn nastnamr mnqponanneu c saxpm1mu xnmuou, a nponecc nponepkn nonncn - emnqpnponanneu c
o1xpm1mu xnmuou. 3ro moxer nnecrn n sanyxenne, xnnxxct cnpanennntm rontko nx onoro anropnrma ,
RSA. V pyrnx anropnrmon - pyrne peannsannn. Hanpnmep, ncnontsonanne ononanpannenntx x+m-|ynknnn n
merok npemenn nnora npnnonr k noxnnennm ononnnrentntx +ranon npn nonncannn n nponepke nonncn .
Mnorne anropnrmt moxno ncnontsonart nx nn|ponon nonncn, no nentsx nx mn|ponannx .
B omem cnyuae x yy cctnartcx na nponecct nonncn n nponepkn , ne nanaxct n noponocrn anropnrmon.
Honnct coomennx c sakptrtm knmuom K yer oosnauartcx kak:
S
K
(M)
a nponepka nonncn c nomomtm coornercrnymmero orkptroro knmua kak :
J
K
(M)
Crpoky nron, npncoennennym k okymenry nocne ero nonncannx (n npetymem npnmepe, snauenne on o-
nanpannennon x+m-|ynknnn okymenra, samn|ponannoe saptrtm knmuom), yem nastnart nnqponon nonn-
cnm nnn npocro nonncnm. Bect nporokon, c nomomtm koroporo nonyuarent coomennx nponepxer nnunocrt o r-
npannrenx n nenocrnocrt coomennx, nastnaercx yocronepennem nonnnnocrn. Fonee nopono +rn nporokont
paccmarpnnamrcx n pasene 3.2.
Hecrouoro nonuce
Kak Annce n Foy ononpemenno nonncart onn n ror xe okymenr? B orcyrcrnne ononanpannenntx
x+m-|ynknnn cymecrnyer ne nosmoxnocrn. Annca n Fo moryr nonncart pasnnunte konnn onoro n roro xe
okymenra. Honyuennoe coomenne yer n na pasa nnnnee nepnonauantnoro okymenra . Hnn Annca nonnct-
naer okymenr, a sarem Fo nonnctnaer nonnct Annct. 3ror cnoco paoraer, no nponepnrt nonnct Annct, ne
nponepxx npn +rom nonncn Foa, nenosmoxno.
C nomomtm ononanpannenntx peannsonart neckontko nonncen npocro :
(1) Annca nonnctnaer snauenne x+m-|ynknnn okymenra.
(2) Fo nonnctnaer snauenne x+m-|ynknnn okymenra.
(3) Fo noctnaer cnom nonnct Annce.
(4) Annca noctnaer K+pon okymenr, cnom nonnct n nonnct Foa.
(5) K+pon nponepxer nonncn Annct n Foa.
Annca n Fo moryr ntnonnnrt +rana (1) n (2) nnn napannentno, nnn nocneonarentno . Ha +rane (5) K+pon mo-
xer nponepnrt nmym nonnct nesanncnmo or pyron .
Heeosoxuocmo omrasamoca om uuqpoeo nonucu
Annca moxer cmomennnuart c nn|pontmn nonncxmn, n c +rnm nnuero nentsx noenart. Ona moxer non n-
cart okymenr n sarem yrnepxart, uro ona +roro ne enana. Cnauana ona, kak otuno, nonnctnaer nnctmo. 3 a-
rem ona anonnmno packptnaer cnon sakptrtn knmu nnn repxer n nmnom mecre . Tenept Annca yrnepxaer, uro
ee nonnct tna ckomnpomernponana n ncnontsonana kem-ro pyrnm, ntammnm cex sa nee. Ona esanynpyer
cnom nonnct no ncemn okymenramn, nonncanntmn c nomomtm +roro sakptroro knmua . 3ro nastnaercx orkas
or nonncn.
Merkn npemenn moryr cnnsnrt +||ekr rakoro momennnuecrna, no Annca ncera moxer saxnnrt, uro ee knmu
tn ckomnpomernponan pantme. Ecnn Annca npannntno paccunraer npemx, ona cmoxer nonncart okymenr n
sarem ycnemno saxnnrt, uro ona +roro ne enana . Ho+romy rak mnoro ronopnrcx o xpanennn sakptrtx knmuen n
naexntx mecrax - urot Annca ne morna opartcx o cnoero n snoynorpenrt nm .
Xorx c noontm snoynorpenennem nnuero nentsx cenart, moxno npenpnnxrt nekoropte encrnnx, rapa n-
rnpymmne ro, uro crapte nonncn ne yyr npnsnant neocronepntmn ns-sa pasnornacnn no nontm nonncxm .
(Hanpnmep, Annca moxer "norepxrt" cnon knmu, urot ne nnarnrt Foy sa noepxannym mamnny, koropym on
nuepa en npoan n, n pesyntrare, cenaer neencrnnrentntm cnon ankoncknn cuer .) Honyuarenm nyxno npocran-
nxrt merkn npemenn nx nonyuenntx okymenron |453]. Omax cxema nporokona npnneena n |2, 8]:
(1) Annca nonnctnaer coomenne.
(2) Annca cosaer sarononok, coepxamnn nekoropym nenrn|nkannonnym nn|opmannm. Ona npncoennxer k
sarononky nonncannoe coomenne, nonnctnaer nce nmecre n noctnaer Tpenry.
(3) Tpenr nponepxer nnemnmm nonnct n nornepxaer nenrn|nkannonnym nn|opmannm. On oannxer me r-
ky npemenn k nonncannomy coomennm Annct n nenrn|nkannonnon nn|opmannn. 3arem on nonnctnaer
nce nmecre n noctnaer naker Annce n Foy.
(4) Fo nponepxer nonnct Tpenra, nenrn|nkannonnym nn|opmannm n nonnct Annct.
(5) Annca nponepxer coomenne, koropoe Tpenr nocnan Foy. Ecnn ona ne npnsnaer cnoe anropcrno, ona tcrpo
saxnnxer o +rom.
B pyron cxeme Tpenr ncnontsyercx n kauecrne apnrpa |209]. Honyunn nonncannoe coomenne, Fo noctna-
er konnm Tpenry nx nponepkn. Tpenr moxer nornepnrt nonnct Annct.
Hcnouosoeauue uuqpoemx nonuce
Onnm ns camtx pannnx npenoxenntx npnmenennn nn|pontx nonncen tno ynpomenne nponepkn con m-
ennx oronopon o xepntx ncntrannxx |1454, 1467]. Coennennte Brart n Conercknn Coms (kro-nnyt nom-
nnr Conercknn Coms?) paspemnnn pyr pyry pasmecrnrt na uyxon reppnropnn cencmorpa|t nx cnexennx sa
xepntmn ncntrannxmn. Hponema tna n rom, uro kaxax ns cropon onxna tna ynepena n rom, uro pyrax
cropona ne noenana annte +rnx cencmorpa|on . Ononpemenno, pyrax cropona onxna tna trt ynepena,
uro +rn arunkn noctnamr rontko ry nn|opmannm, koropax nyxna nx cnexennx sa xepntmn ncntrannxmn .
Mero ycnonnoro yocronepennx nonnnnocrn moxer pemnrt nepnym nponemy, no rontko nn|ponte nonncn
moryr pemnrt oe nponemt. Cropona, na reppnropnn koropon cronr cencmorpa|, moxer npouecrt, no ne nsm e-
nnrt annte cencmorpa|a, a cnexmax cropona snaer, uro annte ne tnn noenant .
2.7 Unqponme nopnncn n mnqponanne
Oennnn nn|ponte nonncn n kpnnrorpa|nm c orkptrtmn knmuamn, mt paspaartnaem nporokon, kom n-
nnpymmnn esonacnocrt mn|ponannx n ocronepnocrt nn|pontx nonncen . Cpannnre c nnctmom or namen mant.
Honnct yocronepxer anropcrno a konnepr oecneunnaer ranny .
(1) Annca nonnctnaer coomenne c nomomtm cnoero sakptroro knmua.
S
A
(M)
(2) Annca mn|pyer nonncannoe coomenne orkptrtm knmuom Foa n noctnaer ero Foy.
E
B
(S
A
(M))
(3) Fo pacmn|pontnaer coomenne c nomomtm cnoero sakptroro knmua.
D
B
(E
B
(S
A
(M))) S
A
(M)
(4) Fo nponepxer nonnct c nomomtm orkptroro knmua Annct n noccranannnnaer coomenne.
J
A
(S
A
(M)) M
Honnct nepe mn|ponannem ntrnxnr ecrecrnenno. Kora Annca nnmer nnctmo, ona nonnctnaer ero n s a-
rem knaer n konnepr. Ecnn ona nonoxnr nnctmo n konnepr nenonncanntm, ro Fo moxer saecnokonrtcx, npyr
nnctmo tno ranno nomeneno. Ecnn Fo nokaxer K+pon nnctmo Annct n konnepr, K+pon moxer onnnnrt Foa,
uro on nper o rom, kakoe nnctmo n kakom konnepre npnmno .
B +nekrponnon koppecnonennnn rouno rakxe xnnxercx pasymntm ncnontsonanne nonncn nepe mn|ponann-
em |48]. 3ro ne rontko onee esonacno - npar ne cmoxer yannrt nonnct ns mn|ponannoro coomennx n o a-
nnrt cnom cocrnennym - no cymecrnymr n mpnnueckne coopaxennx : ecnn nonnctnaemtn rekcr ne nnen no-
nnctnammemy, kora on crannr nonnct, ro mpnnueckax cnna nonncn nenennka |1312]. Cymecrnymr rakxe ne-
koropte kpnnrorpa|nueckne cnocot nckptrnx rakon nocneonarentnocrn encrnnn, ncnontsymmen nonncn
RSA (cm. pasen 19.3).
nx Annct ne cymecrnyer npnunn ncnontsonart ony napy knmuen - orkptrtn/sakptrtn - nx mn|ponannx n
nonncn. V nee moxer trt ne napt knmuen: ona nx mn|ponannx n ona nx nonncn . V rakoro pasenennx
ecrt cnon npenmymecrna: Annca moxer nepeart cnon knmu mn|ponannx nonnnnn, ne komnpomernpyx cnom no -
nnct, onn knmu moxer trt ycnonno nepean (cm. pasen 4.13), ne nnnxx na pyron. V knmuen moryr trt pa s-
nnunte nnnt n cpokn encrnnx.
Koneuno xe, nx npeornpamennx nonropnoro ncnontsonannx coomennn c +rnm nporokonom onxnt trt
ncnontsonant merkn npemenn. Merkn npemenn rakxe moryr samnrnrt or pyrnx nosmoxntx nonymek, npnmep
onon ns koroptx npnneen nnxe.
Bosepaueuue cooueuua npu npuee
Paccmorpnm peannsannm +roro nporokona c ononnnrentnon nosmoxnocrtm nornepxennx coomennn - n o-
nyunn coomenne, Fo oxsarentno nosnpamaer nornepxenne npnema .
(1) Annca nonnctnaer coomenne c nomomtm cnoero sakptroro knmua, mn|pyer nonncannoe coomenne or-
kptrtm knmuom Foa n noctnaer ero Foy.
E
B
(S
A
(M))
(2) Fo pacmn|pontnaer coomenne c nomomtm cnoero sakptroro knmua, nponepxer nonnct c nomomtm o r-
kptroro knmua Annct n noccranannnnaer coomenne.
J
A
(D
B
(E
B
(S
A
(M)))) M
(3) Fo nonnctnaer coomenne c nomomtm cnoero sakptroro knmua, mn|pyer nonncannoe coomenne or-
kptrtm knmuom Annct n noctnaer ero Annce oparno.
E
A
(S
B
(M))
(4) Annca pacmn|pontnaer coomenne c nomomtm cnoero sakptroro knmua n nponepxer nonnct c nomomtm
orkptroro knmua Foa. Ecnn nonyuennoe coomenne connaaer c ornpannenntm, ona snaer, uro Fo non y-
unn npannntnoe coomenne.
Ecnn nx mn|ponannx n nponepkn nn|ponon nonncn ncnontsyercx onn n ror xe anropnrm, ro cymecrnyer
nosmoxnocrt nckptrnx |506]. B raknx cnyuaxx onepannx nn|ponon nonncn - npornnononoxnocrt onepannn
mn|ponannx: J
X
E
X
n S
X
D
X
.
Hycrt M+nnopn - saperncrpnponanntn nontsonarent co cnoen napon knmuen: orkptrtm n sakptrtm . Tenept
nocmorpnm, kak on cmoxer unrart noury Foa. Cnauana on sannmer coomenne Annct Foy - +ran (1) . 3arem,
nemnoro norox, on nomner +ro coomenne Foy, yrnepxax, uro ono ornpanneno camnm M+nnopn. Fo, ymax, uro
+ro otunoe coomenne or M+nnopn, emn|pnpyer +ro coomenne cnonm sakptrtm knmuom n ntraercx npon e-
pnrt nonnct M+nnopn, emn|pnpyx ee c nomomtm orkptroro knmua M+nnopn . B pesyntrare nonyuaercx nonnax
uenyxa:
E
A
(D
B
(E
B
(D
A
(M)))) E
M
(D
A
(M))
axe n +rom cnyuae, cneyx nporokony, Fo noctnaer M+nnopn nonyuennoe coomenne :
E
M
(D
B
(E
M
(D
A
(M))))
Tenept M+nnopn ocraercx rontko pacmn|ponart coomenne c nomomtm cnoero sakptroro knmua, samn|p o-
nart ero orkptrtm knmuom Foa, pacmn|ponart cnona c nomomtm cnoero sakptroro knmua n samn|ponart or-
kptrtm knmuom Annct. Joila' M+nnopn nonyuaer M.
Ornmt ne rnyno npenonoxnrt, uro Fo moxer anromarnueckn noctnart M+nnopn knnrannnm. 3ror npor o-
kon, nanpnmep, moxer trt ncrpoen n ero kommynnkannonnoe nporpammnoe oecneuenne n noctnart knnrannnn
anromarnueckn. Hmenno roronnocrt coomnrt o npneme uenyxn n napymaer esonacnocrt . Ecnn Fo nponepnr
coomenne na ocmtcnennocrt nepe ornpankon knnrannnn, on cmoxer nsexart raknx nponem c esonacnocrtm .
Cymecrnymr moepnnsannn +roro cnocoa nckptrnx, npenonarammne, uro M+nnopn nomner Foy coomenne,
ornnunoe or roro, koropoe on xenaer nepexnarnrt . Hnkora ne nonnctnanre nponsnontntx coomennn or pyrnx
nmen n ne nepeananre pesyntrart emn|ponkn nponsnontntx coomennn nntm nmxm .
Ouapyxeuue ecrpmmua, ocuoeauuoeo ua eosepaueuuu cooueuua
Tontko uro onncannoe nckptrne paoraer noromy, uro onepannx mn|ponannx connaaer c onepannen nponepkn
nonncn, a onepannx emn|pnponannx - c onepannen nonncn . Onepannn mn|ponannx n nn|ponon nonncn n
esonacnom nporokone onxnt xorx t cnerka ornnuartcx . Hponemy pemaer ncnontsonanne pasnnuntx knmuen
nx kaxon onepannn, nnn ncnontsonanne nx kaxon onepannn pasnnuntx anropnrmon, nnn npnmenenne merok
npemenn, koropte enamr pasnnuntmn npnnxroe n ornpannxemoe coomennx, nnn nn|ponax nonnct c nomomtm
ononanpannennon x+m-|ynknnn (cm. pasen 2.6). Tora, n omem cnyuae, cneymmnn nporokon, ncnontsymmnn
anropnrm c orkptrtm knmuom, xnnxercx esonacntm:
(1) Annca nonnctnaer coomenne.
(2) Annca mn|pyer nonncannoe coomenne orkptrtm knmuom Foa (ncnontsyx anropnrm, ornnuammnncx or
anropnrma nn|ponon nonncn) n noctnaer ero Foy.
(3) Fo pacmn|pontnaer coomenne c nomomtm cnoero sakptroro knmua
(4) Fo nponepxer nonnct Annct.
Bcrpmmua rpunmoepaquu c omrpmmmu rumuau
Bo ncex noontx nporokonax kpnnrorpa|nn c orkptrtmn knmuamn x ne pacckasan , kak Annca nonyuaer or-
kptrtn knmu Foa. Hopono +ror nonpoc onncan n pasene 3.1, no o nem cronr ynomxnyrt n sect.
Hpome ncero ysnart uen-ro orkptrtn knmu, cunran ero orkya-ro ns esonacnon ast anntx. 3ra asa an-
ntx onxna trt omeocrynna, urot kaxtn mor nonyunrt nyxntn emy knmu. Fasa anntx onxna trt s a-
mnmena or necanknnonnponannon sanncn, n npornnnom cnyuae M+nnopn cmoxer nomennrt orkptrtn knmu
Foa. Hocne +roro Fo yxe ne cymeer unrart apeconannte emy coomennx, saro +ro cmoxer cenart M+nnopn .
axe ecnn orkptrte knmun xpanxrcx n naexnon ase anntx, M+nnopn moxer nomennrt nx npn nepeaue .
urot nocnpenxrcrnonart +romy, Tpenr onxen nonnctnart kaxtn orkptrtn knmu, ncnontsyx cnon cocrne n-
ntn sakptrtn knmu. Tpenra, koroptn encrnyer noontm opasom, uacro nastnamr Opranou cep1nqnxannn
xnmuen nnn Hen1pou pacnpeenennu xnmuen (Key Distribution Center, KDC). Ha npakrnke KDC nonnctnaer
cnoxnoe coomenne, cocroxmee ns nmenn nontsonarenx, ero orkptroro knmua n pyron nn|opmannn o nontson a-
rene. 3ro nonncannoe cnoxnoe coomenne n xpannrcx n ase anntx KDC. Kora Annca nonyuaer knmu Foa,
ona nponepxer nonnct KDC, yocronepxxct n npannntnocrn knmua.
Hpn okonuarentnom anannse nnno, uro n +ro rontko sarpynxer, no ne enaer nenosmoxntm momennnuecrno
M+nnopn. Annca xe onxna orkya-ro nonyunrt orkptrtn knmu KDC. M+nnopn nyxno nomennrt +ror knmu
cnonm orkptrtm knmuom, ncnoprnrt asy anntx n samennrt npannntnte knmun cnonmn (nonncanntmn ero
sakptrtm knmuom, kak ecnn t on n tn KDC), n ero eno cenano. Ho, axe nonncn na ymare moryr trt
noenant, ecnn M+nnopn nceptes nostmercx sa eno. Hopono omen knmuamn paccmarpnnaercx n pasene 3.1.
2.8. Fenepaunn cnyuanmx n ncenpocnyuanmx nocnepona1enunoc1e
Houemy axe n knnre no kpnnrorpa|nn cnona +rn okyunnnte paccyxennx o renepannn cnyuanntx uncen?
Ieneparop cnyuanntx uncen ncrpoen n kaxtn komnnnxrop, otuntn ntson |ynknnn. Houemy t ne ncnonts o-
nart ero? K coxanennm, +rn reneparopt cnyuanntx uncen nourn nanepnxka neocrarouno esonacnt nx kpnnr o-
rpa|nn n, nosmoxno, axe ne concem cnyuannt. Fontmnncrno ns nnx nectma nnoxn.
Ieneparopt cnyuanntx uncen na camom ene concem ne cnyuannt, noromy uro nm n ne nyxno trt raknmn .
nx ontmnncrna npnnoxennn, nanpnmep, komntmrepntx nrp, rpeyercx rak mano cnyuanntx uncen, uro nx ne-
cnyuannocrt npx nn yer samerna. Onako, kpnnrorpa|nx ouent uyncrnnrentna k cnoncrnam reneparopon cn y-
uanntx uncen. Hpnmennre nnoxon reneparop, n y nac noxnxrcx ranncrnennte koppenxnnn n crpannte pesyntrart
|1231, 1238]. Ecnn nama esonacnocrt sanncnr or reneparopa cnyuanntx uncen, ranncrnennte koppenxnnn n
crpannte pesyntrart xnnxmrcx aconmrno ne rem, uero t nt xenann onrtcx.
Hponema n rom, uro reneparop cnyuanntx uncen ne cosaer cnyuannon nocneonarentnocrn . On, nosmoxno,
ne ntaer nnuero axe oranenno nanomnnammero cnyuannym nocneonarentnocrt . Koneuno, nenosmoxno cosa-
nart na komntmrepe uro-ro no nacroxmemy cnyuannoe. onant Knyr npnnnctnan |on Henmany cneymmne
cnona: "Kaxtn, kro sannmaercx apn|mernuecknmn meroamn nonyuennx cnyuanntx uncen, onpeenenno rpemnr "
|863]. Komntmrept - +ro erepmnnnponannte ecrnn: saknatnaercx nsnecrntn marepnan, ntnonnxmrcx nonn o-
crtm npeckasyemte encrnnx, n uro-ro ornnunoe ntnonsaer c pyroro konna. Hoaua onoro n roro xe na nxo n
nyx pasnnuntx cnyuaxx npnneer k onomy n romy xe pesyntrary . 3anoxnre onnakonte ncxonte annte n na
nenrnuntx komntmrepa, n oa onn nocunramr ono n ro xe. Komntmrep moxer naxonrtcx rontko n orpan n-
uennom uncne cocroxnnn (ouent ontmom, no nce xe orpannuennom) , n ntanaemtn pesyntrar ncera yer crporo
onpeenxrtcx ncxontmn anntmn n rekymnm cocroxnnem komntmrepa . 3ro snaunr, uro nmon reneparop cny-
uanntx uncen na komntmrepe (no mentmen mepe, na koneunom anromare), no onpeenennm, nepnonuen. A nce,
uro nepnonuno, no onpeenennm, npeckasyemo . A nce, uro npeckasyemo, ne moxer trt cnyuanntm. nx na-
croxmero reneparopa cnyuanntx uncen nyxno noanart na nxo uro-nnyt cnyuannoe, komntmrep xe ne moxer
oecneunrt +ro rpeonanne.
Hceeocuyuaume nocueoeameuouocmu
hyumee, uro moxer cenart komntmrep - +ro renepa1op ncenocnyuannmx nocneona1ennnoc1en. uro +ro
rakoe? Mnorne ntrannct art ero |opmantnoe onpeenenne, no x yknonmct or +roro. Hcenocnyuannax nocne o-
narentnocrt - +ro uro-ro, ntrnxxmee kak cnyuannoe . Hepno nocneonarentnocrn onxen trt ocrarouno n e-
nnk, no+romy koneunax nocneonarentnocrt pasymnon nnnt - koropax n encrnnrentnocrn n ncnontsyercx - ne
nepnonuna. Ecnn nam nyxen mnnnnap cnyuanntx nr, ne nontsynrect reneparopom nocneonarentnocrn, nonr o-
pxmmencx kaxte mecrnanart rtcxu nr . 3rn ornocnrentno koporkne nenepnonueckne nonocneonarentnocrn
onxnt trt, nackontko +ro nosmoxno, neornnunmt or cnyuanntx nocneonarentnocren . Hanpnmep, n nnx
onxno trt npnmepno onnakonoe konnuecrno ennnn n nynen, okono nononnnt cepnn (nocneonarentnocren
onnakontx nr) onxnt trt ennnunon nnnt, uerneprt - cocroxrt ns nyx nr, noctmax uacrt - ns rpex, n r..
3rn nocneonarentnocrn onxnt trt necxnmaemt. Pacnpeenenne nnn cepnn nx nynen n ennnn onxno
trt onnakontm |643, 863, 99, 1357]. 3rn cnoncrna moryr trt nsmepent ontrntm nyrem n sarem cpannent c
oxnaemtmn crarncrnueckn c nomomtm crarncrnkn xn-knapar . nx namnx nenen reneparop nocneonarentno-
crn cunraercx ncenocnyuanntm, ecnn on onaaer cneymmnm cnoncrnom :
1. On ntrnxnr cnyuanno. 3ro osnauaer, uro on npoxonr nce recrt na cnyuannocrt, koropte nam yanoct
nanrn. (Haunnre c npnneenntx n |863].)
Mnoxecrno ycnnnn tno sarpaueno na cosanne xopomnx ncenocnyuanntx nocneonarentnocren na komnt m-
repe. Ocyxenne reneparopon n ontmom konnuecrne moxno nanrn n akaemnueckon nnreparype nmecre c pa s-
nnuntmn recramn na cnyuannocrt. Bce +rn reneparopt nepnonunt (+roro nenosmoxno nsexart), no, ecnn nx
nepno 2
256
n ntme, onn moryr trt ncnontsonant n camtx ceptesntx npnnoxennxx .
Hponema nmenno n +rnx ranncrnenntx koppenxnnxx n crpanntx pesyntrarax . Kaxtn reneparop ncenocny-
uanntx nocneonarentnocren cosaer rakne crpannocrn, ecnn nt ncnontsyere ero onpeenenntm opasom. A +ro
nmenno ro, uro nyxno kpnnroanannrnky nx nsnoma cncremt.
Kpunmoepaquuecru esonacume nceeocuyuaume nocueoeameuouocmu
Kpnnrorpa|nueckne npnnoxennx npexnnxmr k reneparopy ncenocnyuanntx nocneonarentnocren onee
ntcokne rpeonannx no cpannennm c pyrnmn npnnoxennxmn . Kpnnrorpa|nueckax cnyuannocrt ne orpannunnae r-
cx crarncrnueckon cnyuannocrtm, xorx n nknmuaer ee . urot nocneonarentnocrt tna xpnn1orpaqnuecxn
esonacnon ncenocnyuannon nocneonarentnocrtm, ona onxna onaart cneymmnm cnoncrnom :
2. Ona nenpeckasyema. onxno trt ouent rpyno (c roukn spennx npnmenennx ntuncnnrentntx mo m-
nocren) npeckasart, kaknm yer cneymmnn cnyuanntn nr, axe ecnn nonnocrtm nsnecren anropnrm
nnn ycrponcrno, renepnpymmee nocneonarentnocrt, n nce npetymne nrt noroka.
Kpnnrorpa|nueckn esonacnte ncenocnyuannte nocneonarentnocrn ne onxnt cxnmartcx..., ecnn nam n e-
nsnecren knmu. Knmuom otuno xnnxercx saannoe nauantnoe cocroxnne reneparopa .
Kak n nmon kpnnrorpa|nuecknn anropnrm, reneparopt kpnnrorpa|nueckn esonacntx ncenocnyuanntx n o-
cneonarentnocren npecrannxmr coon npemer nckptrnx . Tak xe kak kpnnrorpa|nuecknn anropnrm, moxer
trt nsnoman n reneparop kpnnrorpa|nueckn esonacntx ncenocnyuanntx nocneonarentnocren . Cosanne yc-
ronunntx k nckptrnm reneparopon xnnxercx ocnonon kpnnrorpa|nn .
Hacmoauue cuyuaume nocueoeameuouocmu
Tenept mt nropraemcx n onacrt, npnnanexamym |nnoco|am . Cymecrnyer nn rakax nemt kak cnyuannocrt ?
uro rakoe cnyuannax nocneonarentnocrt? Kak ysnart, uro nocneonarentnocrt cnyuanna ? nnxercx nn
"101110100" onee cnyuannon uem "l01010101"? Knanronax mexannka yexaer nac n rom, uro n peantnom mnpe
cymecrnyer nacroxmax cnyuannocrt. Ho kak coxpannrt +ry cnyuannocrt n npeonpeenennom mnpe komntmrepntx
mnkpocxem n koneuntx anromaron?
B cropony |nnoco|nm, c namen roukn spennx reneparop nocneonarentnocrn enc1nn1ennno cnyuaen, ecnn
on onaaer rpertnm cnoncrnom:
3. Cosanaemax nm nocneonarentnocrt ne moxer trt ynepenno nocnponsneena. Ecnn nt sanyckaere r e-
neparop cnyuanntx uncen naxt c onnm n rem xe nxoom (no kpannen mepe, nackontko +ro n uenon e-
uecknx cnnax), ro nt nonyunre ne conepmenno nesanncnmte cnyuannte nocneonarentnocrn.
Btxo reneparopa, yonnernopxmmero ncem rpem npnneenntm rpeonannxm, yer ocrarouno xopom nx
onopasonoro noknora, renepannn knmua n pyrnx kpnnrorpa|nuecknx npnmenennn, rpeymmnx renepannn e n-
crnnrentno cnyuanntx nocneonarentnocren. Tpynocrt n rom, urot nonxrt, encrnnrentno nn nocneonaren t-
nocrt cnyuanna? Ecnn x nonropno samn|pym crpoky, ncnontsyx DES n saanntn knmu, x nonyuy xopomnn, nt-
rnxxmnn cnyuanntm opasom pesyntrar, nt ne cmoxere ckasart, uro on ne cnyuaen, noka nt ne nanmere nsno m-
mnka DES ns NSA.
Fnana 3
Ocnonnme npo1okonm
3.1 Ouen knmuaun
Omenpnnxron kpnnrorpa|nueckon rexnnkon xnnxercx mn|ponanne kaxoro nnnnnyantnoro omena coo -
mennxmn orentntm knmuom. Takon knmu nastnaercx ceancontm, rak kak on ncnontsyercx nx enncrnennoro
orentnoro ceanca omena nn|opmannen. B pasene 8.5 ronopnrcx o rom, uro ceanconte knmun nonesnt, rak kak
npemx nx cymecrnonannx onpeenxercx nnrentnocrtm ceanca cnxsn . Hepeaua +roro omero ceanconoro knmua n
pykn omennnammnxcx nn|opmannen npecrannxer coon cnoxnym nponemy .
Oeu rumuau c noouom cuempuuuo rpunmoepaquu
3ror nporokon npenonaraer, uro nontsonarenn cern, Annca n Fo, nonyuamr cekperntn knmu or Henrpa pa c-
npeenennx knmuen (Key Distribution Center, KDC) |1260] - Tpenra namnx nporokonon. Hepe nauanom nporokona
+rn knmun yxe onxnt trt y nontsonarenen. (Hporokon nrnopnpyer ouent nacymnym nponemy ocrankn +rnx
cekperntx knmuen, npenonaraercx, uro knmun yxe y nontsonarenen, n M+nnopn ne nmeer o nnx nnkakon nn|o p-
mannn.)
(1) Annca opamaercx k Tpenry n sanpamnnaer ceancontn knmu nx cnxsn c Foom.
(2) Tpenr renepnpyer cnyuanntn ceancontn knmu. On samn|pontnaer ne konnn knmua: ony nx Annct, a
pyrym - nx Foa. 3arem Tpenr noctnaer oe konnn Annce.
(3) Annca pacmn|pontnaer cnom konnm ceanconoro knmua.
(4) Annca noctnaer Foy ero konnm ceanconoro knmua.
(5) Fo pacmn|pontnaer cnom konnm ceanconoro knmua.
(6) Annca n Fo ncnontsymr +ror ceancontn knmu nx esonacnoro omena nn|opmannen.
3ror nporokon ocnonan na aconmrnon naexnocrn Tpenra, nx ponn koroporo ontme noxonr sacnyx n-
nammax onepnx komntmrepnax nporpamma, uem sacnyxnnammnn onepnx uenonek. Ecnn M+nnopn nonyunr o c-
ryn k Tpenry, ckomnpomernponannon okaxercx ncx cert. B ero pykax okaxyrcx nce cekpernte knmun, ntenennte
nontsonarenxm Tpenrom, on cmoxer npouecrt nce nepeannte coomennx, koropte emy yanoct nepexnarnrt, n
nce yymne coomennx. Emy ocranercx rontko noknmunrtcx k nnnnxm cnxsn n nocnymnnart samn|ponanntn
norok coomennn.
pyron nponemon rakon cncremt xnnxercx ro, uro Tpenr norennnantno xnnxercx ee ysknm mecrom. On onxen
yuacrnonart n kaxom omene knmuamn. Ecnn c nnm uro-ro cnyunrcx, +ro paspymnr ncm cncremy .
Oeu rumuau, ucnouosya rpunmoepaqum c omrpmmmu rumuau
Fasonax cmemannax kpnnrocncrema ocyxanact n pasene 1.5. nx cornaconannx ceanconoro knmua Annca n
Fo npnmenxmr kpnnrorpa|nm c orkptrtmn knmuamn, a sarem ncnontsymr +ror ceancontn knmu nx mn|pon a-
nnx anntx. B nekoroptx peannsannxx nonncannte knmun Annct n Foa ocrynnt n nekoropon ase anntx .
3ro snaunrentno oneruaer nporokon, renept Annca, axe ecnn Fo o nen nnkora ne cntman, moxer esonacno
nocnart Foy coomenne:
(1) Annca nonyuaer orkptrtn knmu Foa ns KDC.
(2) Annca renepnpyer cnyuanntn ceancontn knmu, samn|pontnaer ero orkptrtm knmuom Foa n noctnaer ero
Foy.
(3) Fo pacmn|pontnaer coomenne Annct c nomomtm cnoero sakptroro knmua.
(4) Annca n Fo mn|pymr cnon omen nn|opmannen +rnm ceancontm knmuom.
Bcrpmmue "ueuoeer-e-cepeuue"
B ro npemx, kak Ena ne moxer cenart nnuero nyumero, uem ntrartcx nsnomart anropnrm c orkptrtmn kn m-
uamn nnn ntnonnnrt nckptrne c ncnontsonannem rontko mn|porekcra , y M+nnopn ropaso ontme
nosmoxnocren. On ne rontko moxer nocnymart coomennx Annct n Foa, no n nsmennrt coomennx, yannrt
coomennx n cosart conepmenno nonte. M+nnopn moxer ntart cex sa Foa, coomammero uro-ro Annce, nnn
sa Anncy, coomammym uro-ro Foy. Bor kak yer ntnonneno nckptrne:
(1) Annca noctnaer Foy cnon orkptrtn knmu. M+nnopn nepexnartnaer ero n noctnaer Foy cnon cocrne n-
ntn orkptrtn knmu.
(2) Fo noctnaer Annce cnon orkptrtn knmu. M+nnopn nepexnartnaer ero n noctnaer Annce Foy cocrne n-
ntn orkptrtn knmu.
(3) Kora Annca noctnaer coomenne Foy, samn|ponannoe orkptrtm knmuom "Foa", M+nnopn nepexnartn a-
er ero. Tak kak coomenne n encrnnrentnocrn samn|ponano ero cocrnenntm orkptrtm knmuom, on pa c-
mn|pontnaer ero, cnona samn|pontnaer orkptrtm knmuom Foa n noctnaer Foy.
(4) Kora Fo noctnaer coomenne Annce, samn|ponannoe orkptrtm knmuom "Annct", M+nnopn nepexnar t-
naer ero. Tak kak coomenne n encrnnrentnocrn samn|ponano ero cocrnenntm orkptrtm knmuom, on
pacmn|pontnaer ero, cnona samn|pontnaer orkptrtm knmuom Annct n noctnaer Annce.
3ro nckptrne yer paorart, axe ecnn orkptrte knmun Annct n Foa xpanxrcx n ase anntx . M+nnopn
moxer nepexnarnrt sanpoc Annct k ase anntx n nomennrt orkptrtn knmu Foa cnonm cocrnenntm . To xe
camoe on moxer cenart n c orkptrtm knmuom Annct. Hnn, eme nyume, on moxer ncnornmka nsnomart asy
anntx n nomennrt orkptrte knmun Foo n Annct cnonm . Tenept on moxer npeycnert, npocro oxanmnct,
noka Annca n Fo naunyr omennnartcx coomennxmn, n nauan nepexnartnart n nsmenxrt +rn coomennx .
Takoe ncxpm1ne "uenonex-n-cepenne" paoraer, rak kak y Annct n Foa ner cnocoa nponepnrt, encrn n-
rentno nn onn omamrcx nmenno pyr c pyrom. Ecnn nmemarentcrno M+nnopn ne npnnonr k samerntm saep x-
kam n cern, oa koppecnonenra n ne noymamr, uro kro-ro, cnxmnn mexy nnmn, unraer ncm nx cekpernym no u-
ry.
Hpomorou "epxaco sa pyru"
Hpo1oxon "epaacn sa pyxn", nsoperenntn Ponom Pnnecrom ( Ron Rivest) n 3n Bamnpom (Adi Shamir)
|1327], npeocrannxer nennoxym nosmoxnocrt nsexart nckptrnx "uenonek-n-cepenne" . Bor kak on paoraer:
(1) Annca noctnaer Foy cnon orkptrtn knmu.
(2) Fo noctnaer Annce cnon orkptrtn knmu.
(3) Annca samn|pontnaer cnoe coomenne orkptrtm knmuom Foa. Hononnny samn|ponannoro coomennx
ona ornpannxer Foy.
(4) Fo samn|pontnaer cnoe coomenne orkptrtm knmuom Annct. Hononnny samn|ponannoro coomennx on
ornpannxer Annce.
(5) Annca ornpannxer Foy nropym nononnny samn|ponannoro coomennx.
(6) Fo cknatnaer ne uacrn coomennx Annct n pacmn|pontnaer ero c nomomtm cnoero sakptroro knmua.
Fo ornpannxer Annce nropym nononnny cnoero samn|ponannoro coomennx.
(7) Annca cknatnaer ne uacrn coomennx Foa n pacmn|pontnaer ero c nomomtm cnoero sakptroro knmua.
Hex n rom, uro nononnna samn|ponannoro coomennx ecnonesna es nropon nononnnt, ona ne moxer trt
emn|pnponana. Fo ne cmoxer npounrart nn onon uacrn coomennx Annct o +rana (6), a Annca ne cmoxer
npounrart nn onon uacrn coomennx Foa o +rana (7). Cymecrnyer mnoxecrno cnocoon pasnrt coomenne na
uacrn:
Ecnn ncnontsyercx nountn anropnrm mn|ponannx, nononnna kaxoro noka (nanpnmep, kaxtn nropon
nr) moxer trt nepeana n kaxon nononnne coomennx.
emn|pnponanne coomennx moxer sanncert or nekropa nnnnnannsannn (cm. pasen 9.3), koroptn moxer
trt nepean no nropon uacrn coomennx.
Hepnax nononnna coomennx moxer trt ononanpannennon x+m -|ynknnen mn|ponannoro coomennx
(cm. pasen 2.4), a no nropax nononnna - cocrnenno mn|ponanntm coomennem.
urot nonxrt, kak rakon nporokon nomemaer M+nnopn, ananre paccmorpnm ero nontrky napymnrt nporokon .
Kak n pantme, on moxer nomennrt orkptrte knmun Annct n Foa cnonm na +ranax (1) n (2) . Ho renept, nepe-
xnarnn nononnny coomennx Annct na +rane (3), on ne cmoxer pacmn|ponart ee cnonm sakptrtm knmuom n cn o-
na samn|ponart orkptrtm knmuom Foa. On moxer cosart conepmenno nonoe coomenne n ornpannrt nononnny
ero Foy. Hepexnarnn nononnny coomennx Foa Annce na +rane (4), M+nnopn cronknercx c +ron xe nponemon .
On ne cmoxer pacmn|ponart ee cnonm sakptrtm knmuom n cnona samn|ponart orkptrtm knmuom Annct . Emy
npnercx cosart conepmenno nonoe coomenne n ornpannrt nononnny ero Annce . K romy npemenn, kora on ne-
pexnarnr nropte nononnnt nacroxmnx coomennn na +ranax (5) n (6), nomenxrt cosannte nm nonte coomennx
yer cnnmkom nosno. Omen anntmn mexy Anncon n Foom nsmennrcx pankantno .
M+nnopn moxer nontrartcx nsexart rakoro pesyntrara. Ecnn on ocrarouno xopomo snaer oonx koppecno n-
enron, urot ctmnrnponart nx npn omene anntmn , onn moryr nnkora ne samernrt noment. Ho nce-rakn +ro
cnoxnee, uem npocro cnert mexy koppecnonenramn, nepexnartnax n unrax nx coomennx .
Oeu rumuau c noouom uuqpoemx nonuce
Hcnontsonanne nn|ponon nonncn n nporokone omena ceancontm knmuom rakxe nosnonxer nsexart nckp t-
rnx "uenonek-n-cepenne". Tpenr nonnctnaer orkptrte knmun Annct n Foa . Honncannte knmun nknmuamr
nonncannoe sanepenne nonnnnocrn. Honyunn knmun, n Annca, n Fo nponepxmr nonnct Tpenra . Tenept onn
ynepent, uro npncnanntn orkptrtn knmu npnnanexnr nmenno ykasannomy koppecnonenry . 3arem ntnonnxercx
nporokon omena knmuamn.
M+nnopn cranknnaercx c ceptesntmn nponemamn. On ne moxer ntart cex sa Anncy nnn Foa, net on ne
snaer nx sakptrtx knmuen. On ne moxer nomennrt nx orkptrte knmun cnonm, noromy uro npn nonncn ero
knmua Tpenr ykasan, uro +ro knmu M+nnopn. Bce, uro emy ocraercx - +ro npocnymnnart samn|ponanntn norok
coomennn nnn ncnoprnrt nnnnn cnxsn, memax omeny nn|opmannn Annct n Foa .
Tpenr ntcrynaer yuacrnnkom +roro nporokona, no pnck komnpomerannn KDC mentme, uem n nepnom
nporokone. Ecnn M+nnopn komnpomernpyer Tpenra (nsnamtnaer KDC), on nonyuaer rontko sakptrtn knmu Tpen-
ra. 3ror knmu nosnonnr emy rontko nonnctnart nonte knmun, a ne pacmn|pontnart ceanconte knmun nn u n-
rart nponsnontntn norok coomennn. nx urennx coomennn M+nnopn npnercx ntart cex sa nontsonarenx
cern n omantnart uecrntx nontsonarenen, mn|pyx coomennx cnonm noentntm orkptrtm knmuom .
M+nnopn moxer npenpnnxrt rakoe nckptrne . Hcnontsyx sakptrtn knmu Tpenra, on moxer cosart noen t-
nte nonncannte knmun, urot omanyrt Anncy n Foa . 3arem on moxer nno nomennrt +rnmn knmuamn n a-
croxmne knmun n ase anntx, nno nepexnartnart sanpoct nontsonarenen k ase anntx n noctnart n orner
noentnte knmun. 3ro nosnonnr emy ocymecrnnrt nckptrne "uenonek-n-cepenne" n unrart coomennx nonts o-
narenen.
Takoe nckptrne yer paorart, no nomnnre, uro nx +roro M+nnopn onxen ymert nepexnartnart n nsmenxrt
coomennx. B pxe ceren +ro namnoro cnoxnee, uem npocro naccnnno cnert, npocmarpnnax coomennx n cern no
mepe nx nocrynnennx. B mnpokonemarentntx kananax, raknx kak panocert, nourn nenosmoxno nomennrt ono
coomenne pyrnm - xorx moxno sanrt ncm cert . B komntmrepntx cerxx +ro menee cnoxno n, kaxercx, c kaxtm
nem cranonnrcx npome n npome. Oparnre nnnmanne na nomeny IP-apeca, nckptrne mapmpyrnsaropa n r.n.
Akrnnnoe nckptrne ne oxsarentno osnauaer, uro kro-ro sacontnaer son n nmk, a n ntnonnxrt nx renept moryr
ne rontko npannrentcrnennte arenrcrna.
Hepeaua rumue u cooueuu
Annce n Foy ne oxsarentno ntnonnxrt nporokon omena knmuamn nepe omenom coomennxmn. B +rom
nporokone Annca ornpannxer Foy coomenne es npenapnrentnoro nporokona omena knmuamn :
(1) Annca renepnpyer cnyuanntn ceancontn knmu, K, n samn|pontnaer M +rnm knmuom.
E
K
(M)
(2) Annca nonyuaer orkptrtn knmu Foa ns ast anntx.
(3) Annca mn|pyer K orkptrtm knmuom Foa.
E
B
(K)
(4) Annca noctnaer Foy mn|ponannte coomenne n ceancontn knmu.
E
K
(M), E
B
(K)
nx ononnnrentnon samnrt or nckptrnx "uenonek-n-cepenne" Annca nonnctnaer nepeauy.
(5) Fo pacmn|pontnaer ceancontn knmu Annct, K, ncnontsyx cnon sakptrtn knmu.
(6) Fo, ncnontsyx ceancontn knmu, pacmn|pontnaer coomenne Annct.
Hoonax cmemannax cncrema n ynorpenxercx uame ncero n cncremax cnxsn . Ee moxno coennnrt c nn|po-
ntmn nonncxmn, merkamn npemenn n pyrnmn nporokonamn oecneuennx esonacn ocrn.
Huporoeeuameuouaa paccmura rumue u cooueuu
He cymecrnyer npnunn, sanpemammnx Annce noctnart mn|ponannoe coomenne neckontknm nmxm . B cne-
ymmem npnmepe Annca noctnaer mn|ponannoe coomenne Foy, K+pon n +nny :
(1) Annca renepnpyer cnyuanntn ceancontn knmu, K, n samn|pontnaer M +rnm knmuom.
E
K
(M)
(2) Annca nonyuaer ns ast anntx orkptrte knmun Foa, K+pon n +nna.
(3) Annca mn|pyer K orkptrtmn knmuamn Foa, K+pon n +nna.
E
B
(K), E
C
(K), E
D
(K)
(4) Annca mnpokonemarentno noctnaer mn|ponannoe coomenne n nce mn|ponannte knmun cnonm koppe c-
nonenram.
E
K
(M), E
B
(K), E
C
(K), E
D
(K)
(5) Tontko Fo, K+pon n +nn moryr, kaxtn npn nomomn cnoero sakptroro knmua, pacmn|ponart knmu K.
(6) Tontko Fo, K+pon n +nn moryr pacmn|ponart coomenne Annct, ncnontsyx K.
3ror nporokon moxer trt peannsonan nx ceren +nekrponnon nourt . Henrpantntn cepnep moxer ornpannrt
coomenne Annct Foy, K+pon n +nny nmecre c konkperntm mn|ponanntm knmuom. Cepnep ne onxen trt
naexntm n esonacntm, rak kak on ne moxer pacmn|ponart nn ono ns coomennn.
3.2 Ypoc1onepenne nopnnnnoc1n
Kora Annca noknmuaercx k rnannomy komntmrepy (nnn k anromarnueckomy, nnn k rene|onnon ankonckon
cncreme, nnn k kakomy-nnyt pyromy repmnnany ), kak rnanntn komntmrep ysnaer, kro ona? Orkya rnanntn
komntmrep ysnaer, uro +ro ne Ena, ntrammaxcx ntart cex sa Anncy ? Otuno +ra nponema pemaercx c nomo-
mtm naponen. Annca nnonr cnon napont, n rnanntn komntmrep nponepxer ero npannntnocrt . Taknm opasom, n
Annce, n rnannomy komntmrepy nsnecrna nekoropax cekpernax nn|opmannx, koropym rnanntn komntmrep s a-
npamnnaer ncxknn pas, kora Annca ntr aercx noknmunrcx.
Vocmoeepeuue nouuuuocmu c noouom ououanpaeueuumx qyuruu
Poxep Heex+m (Roger Needham) n Mank Ian (Mike Guy) nokasann, uro rnannomy komntmrepy ne nyxno
snart camn naponn, nnonne ocrarouno, urot rnanntn komntmrep mor ornnuart npannntnte naponn or nenp a-
nnntntx. 3roro nerko ocrnut c nomomtm ononanpannenntx |ynknnn |1599, 526,1274, 1121]. Hpn +rom na
rnannom komntmrepe xpanxrcx snauennx ononanpannenntx |ynknnn naponen, a ne camn naponn .
(1) Annca noctnaer rnannomy komntmrepy cnon napont.
(2) Inanntn komntmrep ntuncnxer ononanpannennym |ynknnm naponx.
(3) Inanntn komntmrep cpannnnaer nonyuennoe snauenne c xpanxmnmcx.
Pas rnanntn komntmrep ontme ne xpannr rannny npannntntx naponen ncex nontsonarenen, cnnxaercx y r-
posa roro, uro kro-ro nponnkner n rnanntn komntmrep n ntkpaer rannny naponen . Cnncok naponen, opaoran-
ntn ononanpannennon |ynknnen, ecnonesen, rak kak ononanpannennym |ynknnm ne yacrcx nnneprnponart
nx nonyuennx naponen.
Bcrpmmua c noouom cuoeapa u "couo"
uann naponen, samn|ponanntx ononanpannennon |ynknnen, rem ne menee, yxsnnm. Hmex sanac npemenn,
M+nnopn moxer cocrannrt cnncok ns mnnnnona nanonee uacro ncrpeuammnxcx naponen . On opaoraer nect
mnnnnon ononanpannennon |ynknnen n coxpannr pesyntrar . Ecnn kaxtn napont cocronr ns noctmn anr, pa s-
mep nonyunnmerocx |anna ne npentcnr 8 Manr, n +ror |ann moxer trt pasmemen ncero na neckontknx na n c-
kerax. Tenept M+nnopn otnaer mn|ponanntn |ann naponen . On cpannnnaer +ror |ann co cnonm |annom mn|-
ponanntx nosmoxntx naponen n nmer connaennx .
3ro ncxpm1ne c nouomnm cnonapu moxer trt ynnnrentno ycnemntm (cm. pasen 8.1). "Conn" - +ro cno-
co sarpynnrt ero. "Cont" npecrannxer coon cnyuannym crpoky, oannxemym k naponxm nepe opaorkon nx
ononanpannennon |ynknnen. 3arem n ase anntx rnannoro komntmrepa coxpanxmrcx n snauenne "conn", n p e-
syntrar ononanpannennon |ynknnn. Hcnontsonanne ocrarouno ontmoro uncna nosmoxntx snauennn "conn"
npakrnueckn ycrpanxer nosmoxnocrt nckptrnx c nomomtm cnonapx, rak kak M+nnopn npnercx ntuncnxrt snau e-
nne ononanpannennon x+m-|ynknnn nx kaxoro nosmoxnoro snauennx "con n". 3ro npocrenmnn npnmep nc-
nontsonanne nekropa nnnnnannsannn (cm. pasen 9.3).
Hex cocronr n rom, urot sacrannrt M+nnopn ntnonnnrt nponoe mn|ponanne kaxoro naponx ns ero cn o-
napx npn kaxon nontrke ysnart uen-ro uyxon napont nmecro onopasonon opaorkn ncex nosmoxntx naponen .
nx +roro nyxno mnoro "conn". Fontmnncrno UNIX-cncrem ncnontsymr nx "conn" 12 nr. Hecmorpx na +ro
+nnen Knxnn (Daniel Klein) nanncan nporpammy pasratnannx naponen, koropax n nekoroptx cncremax sa ne e-
nm uacro nckptnana 40 nponenron naponen |847,848] (cm. pasen 8.1). +nn uentmanep (David Eeldmeier) n
unnnn Kan (Philip Karn) cocrannnn cnncok ns 732000 nanonee uacro ncnontsyemtx naponen, npncoennnn k k a-
xomy ns nnx 4096 nosmoxntx snauennn "conn". Ho nx onenkam 30 nponenron naponen na nmom rnannom ko m-
ntmrepe moryr trt nsnomant c nomomtm +roro cnncka |561].
"Cont" ne xnnxercx nananeen, ynennuenne uncna nr "conn" ne pemnr ncex nponem . "Cont" npeoxpanxer
rontko or camtx otuntx nckptrnn |anna naponen c ncnontsonannem cnonapx, a ne or cornaconannon arake o -
noro naponx. Ona samnmaer nmen, ncnontsymmnx onn n ror xe napont na pasnnuntx mamnnax, no ne enaer
nyume nnoxo ntpanntn napont.
SKEY
SKEY - +ro nporpamma yocronepennx nonnnnocrn, oecneunnammax esonacnocrt c nomomtm ononanpa n-
nennon |ynknnn. 3ro nerko oxcnnrt.
Perncrpnpyxct n cncreme, Annca saaer cnyuannoe uncno , R. Komntmrep ntuncnxer f(R), f(f(R)), f(f(f(R))), n rak
anee, okono cornn pas. Oosnaunm +rn snauennx kak x
1
, x
2
, x
3
, ..., x
100
. Komntmrep neuaraer cnncok +rnx uncen, n
Annca npxuer ero n esonacnoe mecro. Komntmrep rakxe orkptrtm rekcrom crannr n ase anntx noknmuennx k
cncreme n coornercrnne Annce uncno x
101
.
Hoknmuaxct nnepnte, Annca nnonr cnoe nmx n x
100
. Komntmrep paccunrtnaer f(x
100
) n cpannnnaer ero c x
101
,
ecnn snauennx connaamr, npana Annct nornepxamrcx . 3arem komntmrep samenxer n ase anntx x
101
na x
100
.
Annca ntuepknnaer x
100
ns cnoero cnncka.
Annca, npn kaxom noknmuennn k cncreme, nnonr nocnenee nentuepknyroe uncno ns cnoero cnncka: x
i
.
Komntmrep paccunrtnaer f(x
i
) n cpannnnaer ero c x
i1
, xpannnmemcx n ase anntx. Tak kak kaxtn nomep nc-
nontsyercx rontko onn pas, Ena ne cmoxer otrt nnkakon nonesnon nn|opmannn . Ananornuno, asa anntx
ecnonesna n nx nsnommnka. Koneuno xe, kak rontko cnncok Annct ncuepnaercx en npnercx nepeperncrpnp o-
nartcx n cncreme.
Vocmoeepeuue nouuuuocmu c noouom rpunmoepaquu c omrpmmmu rumuau
axe c ncnontsonannem "conn" y nepnoro nporokona ecrt ceptesnte nponemt c esonacnocrtm . Kora Annca
noctnaer cnon napont rnannomy komntmrepy, nmon, y koro ecrt ocryn nyrn nepeaun ee anntx, moxer np o-
uecrt napont. Ona moxer nonyunrt ocryn k cnoemy rnannomy komntmrepy nocpecrnom sanyrannoro nyrn nep e-
aun nn|opmannn, nponoxnn ero uepes uertpex npomtmnenntx konkypenron, rpn pyrnx crpant n na nepe o-
ntx ynnnepcnrera. Ena moxer naxonrtcx n nmon ns +rnx rouek, nocnymnnax nepeanaemym Anncon nocne o-
narentnocrt. Ecnn y Ent ecrt ocryn k oneparnnnon namxrn rnannoro komntmrepa, ona cmoxer nocmorpert n a-
pont o roro, kak rnanntn komntmrep cmoxer ero x+mnponart .
Kpnnrorpa|nx c orkptrtmn knmuamn moxer pemnrt +ry nponemy . Inanntn komntmrep xpannr |ann orkpt-
rtx knmuen ncex nontsonarenen, a nce nontsonarenn xpanxr cnon sakptrte knmun . Bor kak ntrnxnr ynpomennax
nontrka oprannsonart nporokon noknmuennx:
(1) Inanntn komntmrep noctnaer Annce cnyuannym crpoky.
(2) Annca mn|pyer +ry crpoky cnonm sakptrtm knmuom n noctnaer ee oparno rnannomy komntmrepy nmecre
co cnonm nmenem.
(3) Inanntn komntmrep naxonr n ase anntx orkptrtn knmu Annct n emn|pnpyer coomenne, ncnontsyx
+ror orkptrtn knmu.
(4) Ecnn ornpannennax cnauana n pacmn|ponannax crpokn connaamr, rnanntn komntmrep npeocrannxer
Annce ocryn k cncreme
Hnkro pyron ne moxer nocnontsonartcx sakptrtm knmuom Annct, cneonarentno nnkro ne cmoxer ntart
cex sa nee. uro onee naxno, Annca nnkora ne noctnaer na komntmrep cnon sakptrtn knmu . Ena, nocnymnnax
nsanmoencrnne, ne nonyunr nnkaknx cneennn, koropte nosnonnnn t en ntuncnnrt sakptrtn knmu Annct n
ntart cex sa nee.
3akptrtn knmu onxen trt ocrarouno nnnntm n ne onxen trt mnemonnuecknm. On yer anromarnu e-
ckn opaartnartcx annaparypon nontsonarenx nnn nporpammntm oecneuennem cnxsn . 3ro rpeyer ncnontsona-
nnx "ymnoro" repmnnana, koropomy Annca onepxer, no ne rnanntn komntmrep, nn nnnnn cnxsn ne oxsant trt
esonacntmn.
Inyno mn|ponart nponsnontnte crpokn - ne rontko nocnannte noospnrentntm anropon, no n noome nmte .
Hnaue moxer trt ncnontsonano cxema nckptrnx, ocyxaemax n pasene 19.3. Fesonacnte nenrn|nkannonnte
nporokont nmemr cneymmym, onee cnoxnym |opmy :
(1) Annca ntnonnxer ntuncnenne, ocnonannoe na nekoroptx cnyuanntx uncnax n cnoem sakptrom knmue, n n o-
ctnaer pesyntrar na rnanntn komntmrep.
(2) Inanntn komntmrep noctnaer pyroe cnyuannoe uncno.
(3) Annca ntnonnxer nekoropoe ntuncnenne, ocnonannoe na cnyuanntx uncnax (kak cosannom em, rak n non y-
uennom or rnannoro komntmrepa) n cnoem sakptrom knmue, n noctnaer pesyntrar na rnanntn komntmrep.
(4) Inanntn komntmrep ntnonnxer nekoropoe ntuncnenne nx pasnnuntx uncen, nonyuenntx or Annct, n ee
orkptroro knmua, nponepxx, uro en nsnecren ee sakptrtn knmu.
(5) Ecnn nponepka sanepmaercx ycnemno, nnunocrt Annct nornepxaercx.
Ecnn Annct onepxer rnannomy komntmrepy ne n ontmen crenenn, uem ror onepxer Annce, ro ona onxna
norpeonart nornepxennx nonnnnocrn rnannoro komntmrepa ananornuntm opasom .
3ran (1) moxer nokasartcx nenyxntm n sanyranntm, no on neoxonm nx samnrt nporokona or nckptrnx .
Pasnnunte nporokont n anropnrmt nornepxennx nonnnnocrn maremarnueckn nopono onnctnamrcx n pa s-
enax 21.1 n 21.2. Cm. rakxe |935].
Oomuoe yocmoeepeuue nouuuuocmu c ucnouosoeauue npomoroua "epxaco sa pyru"
Hycrt na nontsonarenx, Annca n Fo, xorxr nponepnrt nonnnnocrt pyr pyra . V kaxoro ns nnx ecrt na-
pont, nsnecrntn pyromy nontsonarenm: P
A
y Annct n P
B
y Foa. Bor kak ntrnxnr nporokon, koroptn ue yer
paorart:
(1) Annca n Fo omennnamrcx orkptrtmn knmuamn.
(2) Annca mn|pyer P
A
orkptrtm knmuom Foa n noctnaer ero emy.
(3) Fo mn|pyer P
B
orkptrtm knmuom Annct n noctnaer ero en.
(4) Annca pacmn|pontnaer nonyuennoe na +rane (3) n nornepxaer npannntnocrt naponx.
(5) Fo pacmn|pontnaer nonyuennoe na +rane (2) n nornepxaer npannntnocrt naponx.
M+nnopn moxer npenpnnxrt ycnemnoe nckptrne "uenonek-n-cepenne" (cm. pasen 3.1):
(1) Annca n Fo omennnamrcx orkptrtmn knmuamn. M+nnopn nepexnartnaer oa coomennx, n noctnaer
oonm koppecnonenram cnon cocrnenntn orkptrtn knmu, nomennn nm nx knmun.
(2) Annca mn|pyer P
A
orkptrtm knmuom "Foa" n noctnaer ero emy. M+nnopn nepexnartnaer coomenne,
pacmn|pontnaer P
A
c nomomtm cnoero sakptroro knmua, cnona mn|pyer P
A
orkptrtm knmuom Foa n no-
ctnaer ero emy.
(3) Fo mn|pyer P
B
orkptrtm knmuom "Annct" n noctnaer ero en. M+nnopn nepexnartnaer coomenne, pa c-
mn|pontnaer P
B
c nomomtm cnoero sakptroro knmua, cnona mn|pyer P
B
orkptrtm knmuom Annct n no-
ctnaer ero en.
(4) Annca pacmn|pontnaer P
B
n nornepxaer ero npannntnocrt.
(5) Fo pacmn|pontnaer P
A
n nornepxaer ero npannntnocrt.
nx Annct n Foa nnuero ne nsmennnoct. Onako, M+nnopn snaer n P
A
, n P
B
. onant +nnc (Donald Davies)
n Bnntxm Hpanc (William Price) onnctnamr, kak nporokon "epxact-sa-pykn" (cm. pasen 3.1) npornnoencrnyer
rakomy nckptrnm |435]. Crnn Fennonnn (Steve Bellovin) n Mankn Meppnrr (Michael Merritt) paccmarpnnamr cno-
cot nckptrnx +roro nporokona n |110]. Ecnn Annca - +ro nontsonarent, a Fo - xocr-komntmrep , M+nnopn moxer
npenouecrt trt Foom, ntnonnnrt nepnte +rana nporokona c Anncon n pasopnart coennenne . Cnmynnponanne
myma na nnnnn nnn cerenoro orkasa norpeyer or M+nnopn nacroxmero aprncrnsma, no n pesyntrare M+nnopn
nonyunr napont Annct. 3arem on cmoxer coennnrtcx c Foom n sanepmnrt nporokon, nonyuax n napont Foa .
Hporokon moxno nsmennrt rak, urot Fo nepeanan cnon napont nepe Anncon n npenonoxennn, uro n a-
pont nontsonarenx onee naxen uem napont rnannoro komntmrepa . 3ro npnneer k ycnoxnennm cnocoa nckpt-
rnx, rakxe onncannoro n |110].
SKID
SKID2 n SKID3 - +ro cnmmerpnunte kpnnrorpa|nueckne nporokont nenrn|nkannn, paspaorannte nx np o-
ekra RACE RIPE |1305] (cm. pasen 25.7). Onn ncnontsymr MAC (cm. pasen 2.4) nx oecneuennx esonacnocrn
n npenonaramr, uro Annca n Fo ncnontsymr omnn cekperntn knmu , K. SKID2 nosnonxer Foy okasart cnom
nonnnnocrt Annce. Bor +ror nporokon:
(1) Annca ntnpaer cnyuannoe uncno, R
A
. (okymenramn RIPE onpeenxercx 64-nronoe uncno). Ona noctnaer
+ro uncno Foy.
(2) Fo ntnpaer cnyuannoe uncno, R
B
. (okymenramn RIPE onpeenxercx 64-nronoe uncno). On noctnaer
Annce.
R
B
, H
K
(R
A
, R
B
, B)
H
K
- +ro MAC. (B okymenrax RIPE npenaraercx |ynknnx RIPE-MAC, cm. pasen 18.4.) B - +ro nmx Foa.
(3) Annca paccunrtnaer H
K
(R
A
, R
B
, B) n cpannnnaer pesyntrar co snauennem, nonyuenntm or Foa. Ecnn p e-
syntrart connaamr, Annca yexaercx n rom, uro ona coennnnact nmenno c Foom.
SKID3 oecneunnaer conmecrnym nponepky nonnnnocrn Anncon n Foom . 3rant (1) - (3) connaamr c nporo-
konom SKID2, a sarem ntnonnxmrcx cneymmne encrnnx:
(4) Annca noctnaer Foy:
H
K
(R
B
, A)
A - +ro nmx Annct.
(5) Fo paccunrtnaer H
K
(R
B
, A) n cpannnnaer pesyntrar co snauennem, nonyuenntm or Annct. Ecnn pesyntrart
connaamr, Fo yexaercx n rom, uro ona coennnnact nmenno c Anncon.
3ror nporokon neycronunn k nckptrnm "uenonek-n-cepenne" . B omem cnyuae, nckptrne "uenonek-n-
cepenne" moxer yrpoxart nmomy nporokony, n koroptn ne nxonr kakon-nnyt cekper .
Vocmoeepeuue nouuuuocmu cooueuu
Kora Fo nonyuaer coomenne or Annct, kak emy ysnart, uro +ro coomenne nonnnno? Ecnn Annca nonn-
cana cnoe coomenne, ro nce npocro. Hn|ponax nonnct Annct ocrarouna, urot nornepnrt komy yrono no -
nnnnocrt ee coomennx.
Hekoropym nponepky nonnnnocrn npeocrannxmr n cnmmerpnunte anropnrmt . Kora Fo nonyuaer coome-
nne or Annct, mn|ponannoe nx omnm knmuom, on snaer, uro +ro coomenne or Annct . Hnkro ontme ne snaer
nx knmua. Onako, y Foa ner nosmoxnocrn yenrt n +rom koro-ro eme . Fo ne moxer nokasart coomenne Tpen-
ry n yenrt ero, uro ono ornpanneno Anncon. Tpenr moxer cenart ntno, uro coomenne ornpanneno nnn An n-
con, nnn Foom (rak kak nx cekperntn knmu nnkomy ontme ne npnnanexnr ), no y nero ner cnocoa onpeennrt,
kro xe konkperno anrop coomennx.
Ecnn coomenne ne mn|ponano, Annca moxer rakxe ncnontsonart MAC. 3ro rakxe yenr Foa n nonnnno-
crn coomennx, no nosnnknyr re xe nponemt, uro n nx pemennn cnmmerpnunon kpnnrorpa|nn .
3.3 Ypoc1onepenne nopnnnnoc1n n ouen knmuaun
3rn nporokont oennxmr yocronepenne nonnnnocrn n omen knmuamn nx pemennx ocnonnon komnt m-
repnon nponemt: Annca n Fo xorxr esonacno omennnartcx coomennxmn, naxoxct na pasnnuntx konnax
cern. Kak moryr Annca n Fo omenxrtcx cekperntm knmuom, npn +rom coxpanxx ynepennocrt, uro onn omen n-
namrcx coomennxmn pyr c pyrom, a ne c M+nnopn ? B ontmnncrne nporokonon npenonaraercx, uro kaxomy
nontsonarenm Tpenr ntenxer orentntn cekperntn knmu, n nepe nauanom paort nporokona nce knmun yxe
naxoxrcx y nontsonarenen. Cnmnont, ncnontsyemte n +rnx nporokonax, cneent n 2-n.
Tan. 3-1.
Cnunonm, ncnonnsyeume n npo1oxonax yoc1onepennu nonnnnoc1n n ouena xnmuaun
A Hmx Annct
B Hmx Foa
E
A
Bn|ponanne knmuom, ntenennom Tpenrom Annce
E
B
Bn|ponanne knmuom, ntenennom Tpenrom Foy
I Hopxkontn nomep
K Cnyuannoe ceanconoe uncno
L Bpemx xnsnn
T
A
, T
B
Merkn npemenn
R
A
, R
B
Cnyuannte uncna, ntpannte Anncon n Foom, coornercrnenno
Baeyura c uuporu pmo
Hporokon "hxrymka c mnpoknm prom" ( Wide-Mouth Erog) |283,284], nosmoxno, xnnxercx npocrenmnm cnm-
merpnuntm nporokonom ynpannennx knmuamn, n koropom ncnontsyercx sacnyxnnammnn onepnx cepnep . Annca n
Fo enxr cnon cekperntn knmu c Tpenrom. 3rn knmun ncnontsymrcx rontko nx pacnpeenennx knmuen, a ne nx
mn|ponannx nontsonarentcknx coomennn. Bor kak, ncnontsyx na coomennx, Annca nepeaer Foy ceancontn
knmu:
(1) Annca oennxer merky npemenn, nmx Foa n cnyuanntn ceancontn knmu, sarem mn|pyer cosannoe c o-
omenne omnm c Tpenrom knmuom n noctnaer ero Tpenry nmecre co cnonm nmenem.
A, E
A
(T
A
, B, K)
(2) Tpenr pacmn|pontnaer coomenne or Annct. 3arem on oannxer nonym merky npemenn, nmx Annct n cn y-
uanntn ceancontn knmu, mn|pyer nonyuennoe coomenne omnm c Foom knmuom. Tpenr noctnaer Foy:
E
B
(T
B
, B, K)
Hanontmnm onymennem, cenanntm n +rom nporokone, xnnxercx ro, uro Annca onaaer ocrarounon ko m-
nerenrnocrtm nx renepannn xopomnx ceancontx knmuen . Bcnomnnre, uro cnyuannte uncna renepnponart concem
ne npocro, nx +roro moxer norpeonartcx kro-nnyt nonaexnee Annct .
Yahalom
B +rom nporokone Annct n Fo enxr c Tpenrom cekperntn knmu |283,284].
(1) Annca oennxer cnoe nmx n cnyuannoe uncno, n ornpannxer cosannoe coomenne Foy.
A, R
A
(2) Fo oennxer nmx Annct, ee cnyuannoe uncno, cnoe cnyuannoe uncno, mn|pyer cosannoe coomenne o -
mnm c Tpenrom knmuom n noctnaer ero Tpenry, oannxx cnoe nmx:
B, E
B
(A, R
A
, R
B
)
(3) Tpenr cosaer na coomennx. Hepnoe nknmuaer nmx Foa, cnyuanntn ceancontn knmu, cnyuannte uncna
Foa n Annct n mn|pyercx knmuom, omnm nx Tpenra n Annct. Bropoe cocronr ns nmenn Annct, cn y-
uannoro ceanconoro knmua n mn|pyercx knmuom, omnm nx Tpenra n Foa. Tpenr noctnaer oa coom e-
nnx Annce:
E
A
(B, K, R
A
, R
B
), E
B
(A, K)
(4) Annca pacmn|pontnaer nepnoe coomenne, nsnnekaer K n yexaercx, uro R
A
connaaer co snauennem, or-
npannenntm na +rane (1). Annca noctnaer Foy na coomennx. Onnm xnnxercx coomenne Tpenra, s a-
mn|ponannoe knmuom Foa. Bropoe - +ro R
B
, samn|ponannoe ceancontm knmuom.
E
B
(A, K), E
K
(R
B
),
(5) Fo pacmn|pontnaer nepnoe coomenne, nsnnekaer K n yexaercx, uro R
B
connaaer c ornpannenntm na
+rane (2).
B pesyntrare Annca n Fo yexent, uro onn omamrcx nmenno pyr c pyrom, a ne c rperten croponon . Ho-
nonneenne cocronr n rom, uro nmenno Fo nepntm opamaercx k Tpenry, koroptn rontko noctnaer ono coo -
menne Annce.
Needham-Schroeder
B +rom nporokone, nsoperennom Poxepom Heex+mom (Roger Needham) n Manknom Bpeepom (Michael
Schroeder) |1159], rakxe ncnontsymrcx cnmmerpnunax kpnnrorpa|nx n Tpenr .
(1) Annca noctnaer Tpenry coomenne, coepxamee ee nmx, nmx Foa n cnyuannoe uncno.
A, B, R
A
(2) Tpenr renepnpyer cnyuanntn ceancontn knmu. On mn|pyer coomenne, coepxamee cnyuanntn ceancontn
knmu n nmx Annct, cekperntm knmuom, omnm nx nero n Foa. 3arem on mn|pyer cnyuannoe uncno An n-
ct, nmx Foa, knmu, n mn|ponannoe coomenne cekperntm knmuom, omnm nx nero n Annct. Hakonen, on
ornpannxer mn|ponannoe coomenne Annce:
E
A
(R
A
, B, K, E
B
(K, A))
(3) Annca pacmn|pontnaer coomenne n nsnnekaer K. Ona yexaercx, uro R
A
connaaer co snauennem, or-
npannenntm Tpenry na +rane (1). 3arem ona noctnaer Foy coomenne, samn|ponannoe Tpenrom knmuom
Foa.
E
B
(K, A)
(4) Fo pacmn|pontnaer coomenne n nsnnekaer K. 3arem on renepnpyer pyroe cnyuannoe uncno, R
B
. On
mn|pyer +ro uncno knmuom K n ornpannxer ero Annce.
E
K
(R
B
)
(5) Annca pacmn|pontnaer coomenne c nomomtm knmua K. Ona cosaer uncno R
B
-1 n mn|pyer +ro uncno
knmuom K. 3arem ona noctnaer +ro coomenne oparno Foy.
E
K
(R
B
-1)
(6) Fo pacmn|pontnaer coomenne c nomomtm knmua K n nponepxer snauenne R
B
-1.
Bcx +ra nosnx c R
A
, R
B
, n R
B
-1 cnyxnr nx npeornpamennx ncxpm1nu c non1opnon nepeauen. Hpn rakom
cnocoe nckptrnx M+nnopn moxer sanncart crapte coomennx n nnocnecrnnn ncnontsonart nx npn nontrke
nsnomart nporokon. Hpncyrcrnne R
A
na +rane (2) yexaer Anncy, uro coomenne Tpenra ocronepno n ne xnnxe r-
cx nonropnon nepeauen orknnka, ncnontsonannoro npn onom ns npetymnx npnmenennn nporokona . Kora
Annca ycnemno pacmn|pyer R
B
n nepeaer Foy R
B
-1 na +rane (5), Fo yexaercx, uro coomennx Annct ne xn-
nxercx nonropnon nepeauen coomennn, ncnontsonanntx npn onom ns npetymnx npnmenennn nporokona .
Inannon npopexon +roro nporokona xnnxercx naxnocrt ncnontsonanntx ceancontx knmuen . Ecnn M+nnopn
nonyunr ocryn k crapomy K, on cmoxer npenpnnxrt ycnemnoe nckptrne |461]. Emy nyxno rontko sanncart co-
omennx Annct Foy na +rane (3). Tora, nmex K, on moxer ntart cex sa Anncy:
(1) M+nnopn noctnaer Foy cneymmee coomenne:
E
B
(K, A)
(2) Fo nsnnekaer K, renepnpyer R
B
n ornpannxer Annce:
E
K
(R
B
)
(3) M+nnopn nepexnartnaer coomenne, pacmn|pontnaer ero c nomomtm knmua K n noctnaer Foy:
E
K
(R
B
-1)
(4) Fo yexaercx, uro coomenne "Annct" cocronr ns R
B
-1.
Tenept M+nnopn yenn Fo, uro on n ecrt "Annca". Fonee samnmenntn nporokon, ncnontsymmnn merkn
npemenn, moxer npornnocroxrt +romy nckptrnm |461,456]. Merkn npemenn oannxmrcx k coomennm Tpenra na
+rane (2) n mn|pymrcx knmuom Foa: E
B
(K, A, T). Merkn npemenn rpeymr naexnon n rounon cncremt ennoro
npemenn, uro camo no cee nerpnnnantnax nponema .
Ecnn knmu, omnn nx Tpenra n Annct yer ckomnpomernponan, nocnecrnnx yyr pamarnunt . M+nnopn
cmoxer ncnontsonart ero, nx nonyuennx ceancontx knmuen nx omena coomennxmn c Foom (nnn c kem-nnyt
eme). axe xyxe, M+nnopn npoonxart noonte encrnnx axe nocne sament knmua Annct |90].
Heex+m n Bpeep ntrannct ncnpannrt +rn nponemt n mon|nnnponannon nepcnn cnoero nporokona |1160].
Hx nontn nporokon no cymecrny connaaer c nporokonom Ory+x- Pnca (Otway-Rees), onynnkonannom n rom xe
ntnycke roro xe xypnana.
Otway-Rees
3ror nporokon rakxe ncnontsyer cnmmerpnunym kpnnrorpa|nm |1224].
(1) Annca cosaer coomenne, cocroxmee ns nopxkonoro nomepa, ee nmenn, nmenn Foa n cnyuannoro uncna.
Coomenne mn|pyercx knmuom, omnm nx Annct n Tpenra. Ona noctnaer +ro coomenne Foy nmecre c
nopxkontm nomepom, ee n ero nmenamn:
I, A, B, E
A
(R
A
, I, A, B)
(2) Fo cosaer coomenne, cocroxmee ns nonoro cnyuannoro uncna, nopxkonoro nomepa, nmenn Annct n nm e-
nn Foa. Coomenne mn|pyercx knmuom, omnm nx Annct n Foa. On noctnaer +ro coomenne Tpenry
nmecre mn|ponanntm coomennem Annct, nopxk ontm nomepom, ee n ero nmenamn:
I, A, B, E
A
(R
A
, I, A, B), E
B
(R
B
, I, A, B)
(3) Tpenr renepnpyer cnyuanntn ceancontn knmu. 3arem on cosaer na coomennx. Ono, cocroxmee ns cn y-
uannoro uncna Annct n ceanconoro knmua, mn|pyercx knmuom, omnm nx nero n Annct. pyroe, cocro x-
mee ns cnyuannoro uncna Foa n ceanconoro knmua, mn|pyercx knmuom, omnm nx nero n Foa. On o r-
npannxer na +rnx coomennx nmecre c nopxkontm nomepom Foy:
I, E
A
(R
A
, K), E
B
(R
B
, K)
(4) Fo ornpannxer Annce coomenne, mn|ponannoe ee knmuom, n nopxkontn nomep:
I, E
A
(R
A
, K)
(5) Annca pacmn|pontnaer coomenne, nonyuax cnon knmu n cnyuannoe uncno. Annca yexaercx, uro npn n t-
nonnennn nporokona onn ne nsmennnnct Fo ornpannxer Annce coomenne, mn|ponannoe ee knmuom, n n o-
pxkontn nomep.
Ecnn nce cnyuannte uncna npannntnt, a nopxkontn nomep ne nsmennncx npn ntnonnennn nporokona, Annca
n Fo yexamrcx n nonnnnocrn pyr pyra n nonyuamr cekperntn knmu nx omena coomennxmn .
Kerberos
Kerberos - napnanr nporokona Needham-Schroeder - nopono ocyxaercx n pasene 24.5. B asonom nporo-
kone Kerberos Version 5 y Annct n Foa omne knmun c Tpenrom. Annca xouer renepnponart ceancontn knmu nx
ceanca cnxsn c Foom.
(1) Annca noctnaer Tpenry coomenne co cnonm nmenem n nmenem Foa:
A, B
(2) Tpenr cosaer coomenne, cocroxmee ns merkn npemenn, npemx xnsnn, L, cnyuannoro ceanconoro knmua n
nmenn Annct. On mn|pyer coomenne knmuom, omnm nx nero n Foa. 3arem on oennxer merky np e-
menn, npemx xnsnn, ceancontn knmu, nmx Foa, n mn|pyer nonyuennoe coomenne knmuom, omnm nx n e-
ro n Annct. Oa mn|ponanntx coomennx on ornpannxer Annce.
E
A
(T, L, K, B), E
B
(T, L, K, A)
(3) Annca cosaer coomenne, cocroxmee ns ee nmenn n merkn npemenn, mn|pyer ero knmuom K n ornpannxer
Foy. Annca rakxe noctnaer Foy coomenne or Tpenra, mn|ponannoe knmuom Foa:
E
A
(A, T), E
B
(T, L, K, A)
(4) Fo cosaer coomenne, cocroxmee ns merkn npemenn nnmc ennnna, mn|pyer ero knmuom K n ornpannxer
Annce:
E
K
(T1)
3ror nporokon paoraer, no rontko ecnn uact kaxoro nontsonarenx cnnxponnsnponant c uacamn Tpenra . Ha
npakrnke +||ekr ocrnraercx cnnxponnsannen c naexntm cepnepom npemenn c rounocrtm n neckontko mnnyr n
onapyxennem nonropnon nepeaun n reuenne onpeenennoro nnrepnana npemenn .
Neuman-Stubblebine
Hs-sa neocrarkon cncremt nnn caoraxa cnnxponnsannx uacon moxer trt napymena . Ecnn uact cnnamrcx,
npornn ontmnncrna nporokonon moxer trt ncnontsonan onpeenenntn cnoco nckptrnx |644]. Ecnn uact or-
npannrenx onepexamr uact nonyuarenx, M+nnopn moxer nepexnarnrt coomenne ornpannrenx n nonropno n c-
nontsonart ero nosnee, kora merka npemenn craner rekymen n mecre naxoxennx nonyuarenx . 3ror cnoco, na-
stnammnncx nckptrnem c noannenneu non1opnon nepeaun, moxer npnnecrn k nenpnxrntm nocnecrnnxm.
3ror nporokon, nnepnte onynnkonanntn n |820] n ncnpannen n |1162], ntraercx npornnocroxrt nckptrnm c
noannennem nonropnon nepeaun. 3ror ornnuntn nporokon xnnxercx ynyumennem Yahalom.
(1) Annca oennxer cnoe nmx n cnyuannoe uncno, n ornpannxer cosannoe coomenne Foy.
A, R
A
(2) Fo oennxer nmx Annct, ee cnyuannoe uncno n merky npemenn, mn|pyer cosannoe coomenne omnm c
Tpenrom knmuom n noctnaer ero Tpenry, oannxx cnoe nmx n nonoe cnyuannoe uncno:
B, R
B
, E
B
(A, R
A
, T
B
)
(3) Tpenr renepnpyer cnyuanntn ceancontn knmu. 3arem on cosaer na coomennx. Hepnoe nknmuaer nmx F o-
a, cnyuannoe uncno Annct, cnyuanntn ceancontn knmu, merky npemenn n mn|pyercx knmuom, omnm nx
Tpenra n Annct. Bropoe cocronr ns nmenn Annct, ceanconoro knmua, merkn npemenn n mn|pyercx knmuom,
omnm nx Tpenra n Foa. Tpenr noctnaer oa coomennx Annce nmecre co cnyuanntm uncnom Foa:
E
A
(B, R
A
, K, T
B
), E
B
(A, K, T
B
), R
B
(4) Annca pacmn|pontnaer coomenne, samn|ponannoe ee knmuom, nsnnekaer K n yexaercx, uro R
A
conna-
aer co snauennem, ornpannenntm na +rane (1). Annca noctnaer Foy na coomennx. Onnm xnnxercx c o-
omenne Tpenra, samn|ponannoe knmuom Foa. Bropoe - +ro R
B
, samn|ponannoe ceancontm knmuom.
E
B
(A, K), E
K
(R
B
),
(5) Fo pacmn|pontnaer coomenne, samn|ponannoe ero knmuom, nsnnekaer K n yexaercx, uro snauennx T
B
n R
B
re xe, uro n ornpannennte na +rane (2).
Ecnn oa cnyuanntx uncna n merka npemenn connaamr , Annca n Fo yexamrcx n nonnnnocrn yr pyra n
nonyuamr cekperntn knmu. Cnnxponnsannx uacon ne rpeyercx, rak kak merka npemenn onpeenxercx rontko no
uacam Foa, n rontko Fo nponepxer cosannym nm merky npemenn .
V +roro nporokona ecrt eme ono nonesnoe cnoncrno - Annca moxer ncnontsonart nonyuennoe or Tpenra c o-
omenne nx nocneymmen nponepkn nonnnnocrn Foa n npeenax nekoroporo npemenn . Hpenonoxnm, uro
Annca n Fo ntnonnnnn npnneenntn ntme nporokon, nponenn n sanepmnnn ceanc cnxsn . Annca n Fo moryr
nonropno nponepnrt nonnnnocrt pyr pyra, ne opamaxct k Tpenry .
(1) Annca noctnaer Foy coomenne, npncnannoe en Tpenrom na +rane (3) n nonoe cnyuannoe uncno.
E
B
(A, K, T
B
), R
A
(2) Fo noctnaer Annce pyroe nonoe cnyuannoe uncno n cnyuannoe uncno, npncnannoe Anncon, mn|pyx nx c e-
ancontm knmuom cnxsn.
R
B
, E
K
(R
A
)
(3) Annca noctnaer Foy ero nonoe cnyuannoe uncno, mn|pyx ero ceancontm knmuom cnxsn.
E
K
(R
B
)
Honte cnyuannte uncna samnmamr or nckptrnx c nonropno nepeauen .
DASS
Hporokont Pacnpeenennon cnyxa esonacnocrn n nponepkn nonnnnocrn ( Distributed Authentication Secu-
rity Service, DASS), cosannte n Digital Equipment Corporation, rakxe oecneunnamr oomnym nponepky no-
nnnnocrn n omen knmuamn |604, 1519, 1518]. B ornnune or npetymero nporokona DASS ncnontsyer kak kpnn-
rorpa|nm c orkptrtmn knmuamn, rak n cnmmerpnunym kpnnrorpa|nm . H y Annct, n y Foa ecrt cnon sakptrtn
knmu. Tpenr nonnctnaer konnn nx orkptrtx knmuen.
(1) Annca noctnaer Tpenry coomenne, cocroxmee ns nmenn Foa.
B
(2) Tpenr noctnaer Annce orkptrtn knmu Foa, K
B
, nonncanntn sakptrtm knmuom Tpenra, T. Honncannoe
coomenne coepxnr nmx Foa.
S
T
(B, K
B
)
(3) Annca nponepxer nonnct Tpenra, yexaxct, uro ona encrnnrentno nonyunna orkptrtn knmu Foa. Ona
renepnpyer cnyuanntn ceancontn knmu, K, n cnyuannym napy knmuen orkptrtn/sakptrtn, K
p
. Ona mn|-
pyer merky npemenn knmuom K, a sarem nonnctnaer npemx xnsnn, L, cnoe nmx n cnonm sakptrtm knmuom,
K
A
. Hakonen, ona samn|pontnaer K orkptrtm knmuom Foa n nonnctnaer ero c nomomtm K
p
. Bce +ro ona
ornpannxer Foy.
E
K
(T
A
), S
K
A
(L, A, K
p
), S
K
p
( E
K
B
(K))
(4) Fo noctnaer Tpenry (+ro moxer trt pyron Tpenr) coomenne, cocroxmee ns nmenn Annct.
A
(5) Tpenr noctnaer Foy orkptrtn knmu Annct, K
A
, nonncanntn sakptrtm knmuom Tpenra. Honncannoe
coomenne coepxnr nmx Annct.
S
T
(A, K
A
)
(6) Fo nponepxer nonnct Tpenra, yexaxct, uro on encrnnrentno nonyunna orkptrtn knmu Annct. 3arem
on nponepxer nonnct Annct n nsnnekaer K
p
. Fo ncnontsyer cnon sakptrtn knmu, nsnnekax K. 3arem on
pacmn|pontnaer T
A
, nponepxx, uro +ro coomenne - rekymee.
(7) Ecnn rpeyercx oomnax nponepka nonnnnocrn, Fo mn|pyer nonym merky npemenn knmuom K n noctna-
er ee Annce.
E
K
(T
B
)
(8) Annca pacmn|pontnaer T
B
knmuom K, nponepxx, uro +ro coomenne - rekymee.
SPX, npoykr DEC, ocnonan na DASS. ononnnrentnym nn|opmannm moxno nanrn n |34].
Denning-Sacco
B +rom nporokone rakxe ncnontsyercx kpnnrorpa|nx c orkptrtmn knmuamn |461]. Tpenr neer asy anntx,
xpanxmym orkptrte knmun ncex nontsonarenen.
(1) Annca noctnaer Tpenry coomenne, cocroxmee ns ee nmenn n nmenn Foa.
A, B
(2) Tpenr noctnaer Annce orkptrtn knmu Foa, K
B
, nonncanntn sakptrtm knmuom Tpenra, T. Tpenr rakxe
noctnaer Annce ee cocrnenntn orkptrtn knmu, K
A
, nonncanntn sakptrtm knmuom Tpenra.
S
T
(B, K
B
), S
T
(A, K
A
)
(3) Annca noctnaer Foy cnyuanntn ceancontn knmu n merky npemenn, nonncan nx cnonm sakptrtm knmuom
n samn|ponan orkptrtm knmuom Foa, nmecre c oonmn nonncanntmn knmuamn.
E
B
(S
A
(K, T
A
)), S
T
(A, K
A
), S
T
(B, K
B
)
(4) Fo pacmn|pontnaer coomenne Annct c nomomtm cnoero sakptroro knmua n nponepxer nonnct Annct c
nomomtm ee orkptroro knmua. On rakxe yexaercx, uro merka npemenn npannntna.
C +roro momenra Annca n Fo nonyunnn K n moryr nponecrn esonacntn ceanc cnxsn. 3ro ntrnxn kpacnno,
no ecrt ona ronkocrt - ntnonnnn nporokon c Anncon, Fo cmoxer ntart cex sa Anncy |5]. Cmorpnre:
(1) Fo noctnaer Tpenry cnoe nmx n nmx K+pon.
B, C
(2) Tpenr noctnaer Foy nonncannte orkptrte knmun Foa n K+pon.
S
T
(B, K
B
), S
T
(C, K
C
)
(3) Fo noctnaer K+pon nonncanntn cnyuanntn ceancontn knmu n merky npemenn, panee nonyuennte or
Annct, samn|ponan nx orkptrtm knmuom K+pon, nmecre c nornepxennem Annct n nornepxennem K +-
pon.
E
C
(S
A
(K, T
A
)), S
T
(A, K
A
), S
T
(C, K
C
)
(4) K+pon pacmn|pontnaer coomenne Annct c nomomtm cnoero sakptroro knmua n nponepxer nonnct An n-
ct c nomomtm ee orkptroro knmua. On rakxe yexaercx, uro merka npemenn npannntna.
Tenept K+pon cunraer, uro ona coennnnact c Anncon, Fo ycnemno oypaunn ee . encrnnrentno, Fo cmoxer
ypaunrt nmoro nontsonarenx cern, noka ne sakonunrcx cpok encrnnx merkn npemenn . Ho +ro nerko moxno nc-
npannrt. Hpocro ncrantre nmena n mn|ponannoe coomenne na +rane (3) :
E
B
(S
A
(A, B, K, T
A
)), S
T
(A, K
A
), S
T
(B, K
B
)
Tenept Fo ne cmoxer nonropno nocnart K+pon crapoe coomenne, noromy uro ono xnno npenasnaueno nx
ceanca cnxsn mexy Anncon n Foom.
Woo-Lam
B +rom nporokone rakxe ncnontsyercx kpnnrorpa|nx c orkptrtmn knmuamn |1610, 1611]:
(1) Annca noctnaer Tpenry coomenne, cocroxmee ns ee nmenn n nmenn Foa.
A, B
(2) Tpenr noctnaer Annce orkptrtn knmu Foa, K
B
, nonncanntn sakptrtm knmuom Tpenra, T.
S
T
(K
B
)
(3) Annca nponepxer nonnct Tpenra. 3arem ona noctnaer Foy cnoe nmx n cnyuannoe uncno, mn|ponannoe o r-
kptrtm knmuom Foa.
A, E
B
(R
B
)
(4) Fo noctnaer Tpenry cnoe nmx, nmx Annct n cnyuannoe uncno Annct, mn|ponannoe orkptrtm knmuom
Tpenra, K
T
.
A, B, E
K
T
(R
A
)
(5) Tpenr noctnaer Foy orkptrtn knmu Annct, K
A
, nonncanntn sakptrtm knmuom Tpenra. On rakxe n o-
ctnaer Foy cnyuannoe uncno Annct, cnyuanntn ceancontn knmu, nmena Annct n Foa, nonncan nce +ro
sakptrtm knmuom Tpenra n samn|ponan orkptrtm kn muom Foa.
S
T
(K
A
), E
K
B
(S
T
(R
A
, K, A, B))
(6) Fo nponepxer nonncn Tpenra. 3arem on noctnaer Annce nropym uacrt coomennx Tpenra, nonyuennoro na
+rane (5), n nonoe cnyuannoe uncno, samn|ponan nce orkptrtm knmuom Annct.
E
K
A
(S
T
(R
A
, K, A, B), R
B
)
(7) Annca nponepxer nonnct Tpenra n cnoe cnyuannoe uncno. 3arem ona noctnaer Foy nropoe cnyuannoe un c-
no, mn|ponannoe ceancontm knmuom.
E
K
(R
B
)
(8) Fo pacmn|pontnaer cnoe cnyuannoe uncno n nponepxer, uro ono ne nsmennnoct.
pyeue npomoroum
B nnreparype onncano mnoxecrno nporokonon . Hporokont X.509 paccmarpnnamrcx n pasene 24.9, Kryp-
toKnight - n pasene 24.6, a Bn|ponanntn omen knmuamn ( Encrypted Key Exchange) - n pasene 22.5.
pyrnm nontm nporokonom c orkptrtmn knmuamn xnnxercx Kuperee |694]. Beercx paora na nporokonamn,
ncnontsymmnmn uauxn - sacnyxnnammne onepnx ysnt cern, koropte nenpeptnno n mnpokonemarentno nep e-
amr ocronepnte merkn npemenn |783].
Bmeom
Hs npnneenntx nporokonon, kak ns rex, koropte nckptnamrcx, rak n ns naexntx, moxno nsnneut px na x-
ntx ypokon:
Mnorne nporokont repnxr neyauy, rak kak nx paspaorunkn ntrannct trt cnnmkom ymntmn. Onn onr n-
mnsnponann nporokont, ynpax naxnte +nemenrt - nmena, cnyuannte uncna n r.n. - n ntraxct cenart
nporokont kak moxno onee npospauntmn |43, 44].
Onrnmnsannx - +ra manxmax nonymka - cnntno sanncnr or cenanntx npenonoxennn. Hpnmep: nannune
ocronepnoro npemenn nosnonxer nam peannsonart mnorne nemn, nenosmoxnte n nporn nnom cnyuae.
Btnpaemtn nporokon sanncnr or apxnrekrypt ncnontsyemtx cpecrn cnxsn. Xornre nn nt mnnnmnsnp o-
nart pasmep coomennn nnn nx konnuecrno? Moryr nn cropona nsanmoencrnonart kaxtn c kaxtm nnn
kpyr nx omennx yer orpannuen?
Hmenno noonte nonpoct n npnnenn k cosannm |opmantntx meroon anannsa nporokonon .
3.4 Oopuanunm ananns npo1okonon nponepkn nopnnnnoc1n n ouena knmuaun
Hponema ntenennx esonacnoro ceanconoro knmua nx napt komntmrepon (nnn nmen) n cern nacrontko
|ynamenrantna, uro crana npnunnon mnornx nccneonannn . Hekoropte nccneonannx saknmuannct n paspaorke
nporokonon, noontx paccmarpnnaemtm n pasenax 3.1, 3.2 n 3.3. 3ro, n cnom ouepet, npnneno k noxnnennm
onee naxnon n nnrepecnon saaun: |opmantnomy anannsy nporokonon nponepkn nonnnnocrn n omena
knmuamn. Hnora npopexn n nporokonax, kaxymnxcx nnonne naexntmn, onapyxnnannct cnycrx mnoro ner n o-
cne nx paspaorkn, n paspaorunkam norpeonannct cpecrna, nosnonxmmne cpasy xe nponepxrt esonacnocrt
nporokona. Xorx ontmax uacrt +roro nncrpymenrapnx npnmennma n k onee omnm kpnnrorpa|nuecknm npor o-
konam, ocooe nnnmanne yenxnoct nponepke nonnnnocrn n omeny knmuamn . Cymecrnyer uertpe ocnonntx
noxoa k anannsy kpnnrorpa|nuecknx nporokonon |1045]:
1. Moennponanne n nponepka paort nporokona c ncnontsonannem xstkon onncannx n cpecrn nponepkn,
ne paspaoranntx cnennantno nx anannsa kpnnrorpa|nuecknx nporokonon.
2. Cosanne +kcneprntx cncrem, nosnonxmmnx koncrpykropy nporokona paspaartnart n nccneonart
pasnnunte cnenapnn.
3. Btpaorka rpeonannn k cemencrny nporokonon, ncnontsyx nekym nornky nx anannsa nonxrnn
"snanne" n "onepne".
4. Paspaorka |opmantntx meroon, ocnonanntx na sanncn cnoncrn kpnnrorpa|nuecknx cncrem n anre -
panueckom nne.
Honnoe onncanne +rnx uertpex noxoon n cnxsanntx c nnmn nccneonannn ntxonr sa pamkn annon knnrn.
Xopomee nneenne n +ry remy ano n |1047, 1355], x xe conpamct kocnyrtcx rontko ocnonntx nonpocon .
Hepntn ns noxoon ntraercx okasart npannntnocrt nporokona, paccmarpnnax ero kak otunym komntmre p-
nym nporpammy. Px nccneonarenen npecrannxmr nporokon kak koneuntn anromar |1449, 1565], pyrne ncnont-
symr pacmnpennx meroon ncuncnennx npenkara nepnoro nopxka |822], a rpertn nx anannsa nporokonon nc-
nontsymr xstkn onncannx |1566]. Onako, okasarentcrno npannntnocrn ornmt ne xnnxercx okasarentcrnom
esonacnocrn, n +ror noxo norepnen neyauy npn anannse mnornx "tpxntx" nporokonon . H xorx ero npnmene-
nne nonauany mnpoko nsyuanoct, c pocrom nonynxpnocrn rpertero ns noxoon paort n +ron onacrn tnn n e-
peopnenrnponant.
Bo nropom noxoe nx onpeenennx roro, moxer nn nporokon nepenrn n nexenarentnoe cocroxnne (nanpnmep,
norepx knmua), ncnontsymrcx +kcneprnte cncremt. Xorx +ror noxo aer nyumne pesyntrart npn noncke "tp",
on ne rapanrnpyer esonacnocrn n ne npeocrannxer meronk paspaorkn nckptrnn . On xopom nx nponepkn roro,
coepxnr nn nporokon konkpernym "tpy", no npx nn cnocoen onapyxnrt nensnecrnte "tpt" n nporokone .
Hpnmept rakoro noxoa moxno nanrn n |987,1521], a n |1092] ocyxaercx +kcneprnax cncrema, paspaorannax
apmnen CBA n nasnannax Cneonarenem ( Interrogator).
Tpernn noxo ropaso nonynxpnee. On tn nnepnte nneen Manknom F+ppoysom ( Michael Burrows), Maprn-
nom A+n (Martin Abadi) n Poxepom Heex+mom. Onn paspaorann |opmantnym nornueckym moent nx an a-
nnsa snannx n onepnx, nasnannym BAH-nornxon |283, 284]. FAH-nornka xnnxercx nanonee mnpoko pacnpo-
crpanena npn anannse nporokonon nponepkn nonnnnocrn. Ona paccmarpnnaer nonnnnocrt kak |ynknnm or n e-
nocrnocrn n nonnsnt, ncnontsyx nornueckne npannna nx orcnexnnannx cocroxnnx +rnx arpnyron na nporxxennn
ncero nporokona. Xorx tnn npenoxent pasnnunte napnanrt n pacmnpennx, ontmnncrno paspaorunkon np o-
rokonon o cnx nop opamamrcx k opnrnnantnon paore.
FAH-nornka ne npeocrannxer okasarentcrno esonacnocrn , ona moxer rontko paccyxart o nponepke no-
nnnnocrn. Ona xnnxercx npocron, npxmonnnennon nornkon, nerkon n npnmenennn n nonesnon npn noncke "tp" .
Bor nekoropte npenoxennx FAH-nornkn:
Annca cunraer X. (Annca encrnyer, kak ecnn t X xnnxnoct ncrnnon.)
Annca nnnr X. (Kro-ro nocnan coomenne, coepxamee X, Annce, koropax moxer npounrart n cnona nepeart X - nosmox-
no nocne emn|pnponannx.)
Annca ckasana X. (B nekoroptn momenr npemenn Annca nocnana coomenne, koropoe coepxnr npenoxenne X. He nsnecr-
no, kak anno tno nocnano coomenne, n tno nn ono nocnano n reuennn rekymero ntnonnennx nporokona . Hsnecrno, uro
Annca cunrana X, kora ronopnna X.)
X nono. (X nnkora ne tno nocnano n coomennn o rekymero ntnonnennx nporokona .)
H rak anee. FAH-nornka rakxe npeocrannxer npannna nx paccyxennx o onepnn nporokony . nx okasa-
rentcrna uero-nno n nporokone nnn nx ornera na kakne-ro nonpoct k nornuecknm npenoxennxm o nporokone
moxno npnmennrt +rn npannna. Hanpnmep, onnm ns npannn xnnxercx npannno o snauennn coomennx :
EChH Annca cunraer, uro y Annct n Foa omnn cekperntn knmu, K, n Annca nnnr X, mn|ponannoe K, n Annca ne mn|-
ponana X c nomomtm K, TO Annca cunraer, uro Fo ckasan X.
pyrnm xnnxercx npannno nornepxennx merkn npemenn :
EChH Annca cunraer, uro X morno trt ckasano rontko neanno, n, uro Fo X kora-ro ckasan X, TO Annca cunraer, uro
Fo cunraer X.
FAH-ananns ennrcx na uertpe +rana:
(1) Hpeopasynre nporokon k neantnon |opme, ncnontsyx onncannte ntme npenoxennx.
(2) oantre nce npenonoxennx o nauantnom cocroxnnn nporokona.
(3) Hpncoennnre nornueckne |opmynt k npenoxennxm, nonyuax yrnepxennx o cocroxnnn cncremt nocne
kaxoro npenoxennx.
(4) Hpnmennre nornueckne nocrynart k yrnepxennxm n npenonoxennxm, urot packptrt cocroxnne onepnx
yuacrnnkon nporokona.
Anropt FAH-nornkn "paccmarpnnamr neannsnponannte nporokont kak onee xcnte n nonnte onncannx, uem
rpannnonnte, nanennte n nnreparype..." |283, 284]. pyrne nccneonarenn ne rak onrnmncrnunt n nonepramr
+ro encrnne kpnrnke, rak kak npn +rom peantntn nporokon moxer trt nckaxen |1161, 1612]. antnenmne cno-
pt orpaxent n |221, 1557]. Px kpnrnkon ntraercx nokasart, uro FAH-nornka moxer n nonyunrt ouennno n e-
npannntnte xapakrepncrnkn nporokonon |1161] - cm. konrponot n |285, 1509] - n uro FAH-nornka sannmaercx
rontko onepnem, a ne esonacnocrtm |1509]. Hoponoe ocyxenne npnneeno n |1488, 706, 1002].
Hecmorpx na +ry kpnrnky FAH-nornka ocrnrna onpeenenntx ycnexon . En yanoct onapyxnrt "tpt" n ne-
ckontknx nporokonax, nknmuax Needham-Schroeder n pannmm uepnonym nepcnm nporokona CCITT X.509 |303].
Ona onapyxnna nstrounocrt no mnornx nporokonax, nknmuax Yahalom, Needham-Schroeder n Kerberos. Bo
mnornx onynnkonanntx paorax FAH-nornka ncnontsyercx nx saxnnennx nperensnn o esonacnocrn onnctna e-
mtx nporokonon |40, 1162, 73].
Ftnn onynnkonant n pyrne nornueckne cncremt, nekoropte ns nnx paspaartnannct kak pacmnpennx FAH-
nornkn |645, 586, 1556, 828], a pyrne ocnontnannct na FAH-nornke nx ncnpannennx omyrnmtx cnaocren
|1488, 1002]. Hs nnx nanonee ycnemnon okasanact CNY |645], xorx y nee ecrt px nsxnon |40]. B |292,474] k
FAH-nornke c nepemenntm ycnexom tnn oannent nepoxrnocrnte onepnx . pyrne |opmantnte nornkn onn-
cant n |156, 798,288]. |1514] ntraercx oennnrt ueprt neckontknx nornk . A n |1124, 1511] npecrannent no-
rnkn, n koroptx onepnx nsmenxmrcx co npemenem.
uerneprtn noxo k anannsy kpnnrorpa|nuecknx nporokonon npenaraer moennponart nporokon kak anre -
panueckym cncremy, ntpasnrt cocroxnne snannx yuacrnnkon o nporokone n sarem npoanannsnponart ocrnx n-
mocrt onpeenenntx cocroxnnn. 3ror noxo noka ne npnnnek crontko nnnmannx, kak |opmantnax nornka, no
cocroxnne en menxercx. On nnepnte tn ncnontsonan Manknom Meppnrrom |1076], koroptn nokasan, uro nx
anannsa kpnnrorpa|nuecknx nporokonon moxno ncnontsonart anrepanueckym moent . pyrne noxot paccmor-
pent n |473, 1508, 1530, 1531, 1532, 1510, 1612].
Anannsarop nporokonon Hccneonarentckon naoparopnx BMC ( Navy Research Laboratory, NRL), nosmoxno,
xnnxercx nanonee ycnemntm npnmenennem +rnx meroon |1512, 823, 1046, 1513]. On tn ncnontsonan nx nonc-
ka kak nontx, rak n nsnecrntx "tp" no mnoxecrne nporokonon |1044, 1045, 1047]. Anannsarop nporokonon on-
peenxer cneymmne encrnnx:
Hpnnxrt (Fo, Annca, M, N). (Fo npnnnmaer coomenne M kak npnmemee or Annct n reuenne nokantno-
ro payna Foa N.)
Vsnart (Ena, M). (Ena ysnaer M.)
Hocnart (Annca, Fo, Q, M). (Annca noctnaer M Foy n orner na sanpoc, Q.)
3anpocnrt (Fo, Annca, Q, N). (Fo noctnaer Q Annce n reuenne nokantnoro payna Foa N.)
Hcnontsyx +rn encrnnx, moxno saart rpeonannx . Hanpnmep:
Ecnn Fo npnnxn coomenne M or Annct n kakon-ro npomemnn momenr npemenn, ro Ena ne snaer M n ka-
kon-ro npomemnn momenr npemenn.
Ecnn Fo npnnxn coomenne M or Annct n reuenne nokantnoro payna Foa N, ro Annca nocnana M Foy n
orner na sanpoc Foa n nokantnom payne Foa N.
nx anannsa Anannsaropom nporokonon NRL nccneyemtn nporokon onxen trt onncan c nomomtm npnn e-
enntx koncrpyknnn. 3arem ntnonnxmrcx uertpe |ast anannsa : onpeenenne npannn nepexoa nx uecrntx yua-
crnnkon, onncanne onepannn, nosmoxntx n nx nonnocrtm uecrntx, n nx neuecrntx yuacrnnkon , onncanne aso-
ntx nokon nporokona n onncanne npannn npeopasonannx . Cmtcn ncero +roro n rom, urot nokasart, uro a n-
ntn nporokon yonnernopxer neoxonmtm rpeonannxmn . Hcnontsonanne nncrpymenron, noontx Anannsar o-
py nporokonon NRL, n nrore morno t npnnecrn k cosannm nporokona, koroptn tn t oocnonanno npnsnan
esonacntm.
Xorx |opmantnte merot n ocnonnom npnmenxmrcx k yxe cymecrnymmnm nporokonam, ceronx ecrt rene n-
nnx ncnontsonart nx n npn npoekrnponannn nporokonon . Px npenapnrentntx maron n +rom nanpannennn cenan
n |711]. 3ro xe ntraercx cenart n anannsarop nporokonon NRL |1512, 222, 1513].
Hpnmenenne |opmantntx meroon k kpnnrorpa|nuecknm nporokonam npecrannxer coon kauecrnenno nonym
nem, n rpyno opnconart, k uemy moxer npnnecrn ee peannsannx . C +ron roukn spennx cnaenmnm snenom ka-
xercx nponecc |opmannsannn.
3.5 Kpnn1orpaqnn c neckonuknun o1kpm1mun knmuaun
Otunax kpnnrorpa|nx c orkptrtmn knmuamn ncnontsyer na knmua. Coomenne, samn|ponannoe onnm
knmuom, moxer trt pacmn|ponano pyrnm. Otuno onn knmu xnnxercx sakptrtm, a pyron - orkptrtm .
Hycrt, onn knmu naxonrcx y Annct, a pyron - y Foa. Mt xornm peannsonart cneymmym cxemy: Annca mo-
xer samn|ponart coomenne rak, uro rontko Fo cmoxer pacmn|ponart ero, a Fo moxer samn|ponart coom e-
nne rak, uro rontko Annca cmoxer npounrart ero.
3ra konnennnx tna ooment Konnom Fonom ( Conn Boyd) |217]. Hpecrantre cee napnanr kpnnrorpa|nn
c orkptrtmn knmuamn, ncnontsymmnn rpn knmua : K
A
, K
B
n K
C
, pacnpeenenne koroptx nokasano n 1-n.
Annca moxer samn|ponart coomenne knmuom K
A
rak, uro 3nnen moxer pacmn|ponart ero, ncnontsyx knmun
K
B
n Kc. To xe camoe, cronopnnmnct, moryr cenart Fo n K+pon . Fo moxer samn|ponart coomenne rak, uro
up+nk cmoxer npouecrt ero a K+pon cmoxer samn|ponart coomenne rak, uro ero cmoxer npouecrt +nn. +nn
moxer samn|ponart coomenne knmuom K
A
rak, uro 3nnen cmoxer npouecrt ero, knmuom K
B
rak, uro ero cmoxer
npouecrt up+nk, nnn oonmn knmuamn, K
A
n K
B
, rak, uro coomenne cmoxer npouecrt K+pon. Ananornuno, 3nnen
moxer samn|ponart coomenne rak, uro Annca, nnn +nn, nnn up+nk cmoxer npouecrt ero. Bce nosmoxnte ko m-
nnannn nokasant n , pyrnx ne cymecrnyer.
Tan. 3-2.
Pacnpeenenne xnmuen n 1pexxnmuenon cnc1eue.
Annca K
A
Fo K
B
K+pon K
C
+nn K
A
n K
B
3nnen K
B
n Kc
upank K
C
n K
A
Takax cxema moxer trt pacmnpena na n knmuen. Ecnn nx mn|ponannx coomennx ncnontsyercx saannoe
nomnoxecrno knmuen, ro nx emn|pnponannx coomennx norpeymrcx ocranmnecx knmun .
Huporoeeuameuouaa nepeaua cooueuua
Hpecrantre, uro n nekoen onepannn sanxro 100 namnx ranntx arenron . Bt xornre nmert nosmoxnocrt noct-
nart coomennx rpynnam arenron, no nt ne snaere sapanee cocran rpynn . Moxno nno mn|ponart coomenne or-
entno nx kaxoro koppecnonenra, nno pacnpeennrt knmun nx ncex nosmoxntx komnnannn arenron . nx
peannsannn nepnoro cnocoa norpeyercx mnoxecrno coomennn, nx nroporo - mnoxecrno knmuen .
Kpnnrorpa|nx c neckontknmn knmuamn nosnonxer pemnrt +ry saauy namnoro npome. Mt yem ncnontsonart
rpex arenron: Anncy, Foa n K+pon. Bt ntanre Annce knmu K
A
n K
B
, Foy - K
B
n K
C
, K+pon - K
C
n K
A
. Tenept
nt cmoxere ronopnrt c nmtm nyxntm nomnoxecrnom arenron. Ecnn nt xornre, urot coomenne morna np o-
unrart rontko Annca, samn|pynre ero knmuom K
C
. Kora Annca nonyunr coomenne, ona pacmn|pyer ero, nocn e-
onarentno ncnontsyx knmun K
A
n K
B
. Ecnn nt xornre nocnart coomenne rontko Foy, samn|pynre ero knmuom
K
A
, a coomenne nx K+pon - knmuom K
B
. Ecnn nt xornre, urot nocnannoe coomenne mornn npounrart Annca n
Fo, samn|pynre ero knmuamn K
A
n K
C
.
nx rpex arenron +ro ne cnnmkom nneuarnxer, no nx 100 npenmymecrno ocrarouno omyrnmo. Hnnnnyan t-
nte coomennx osnauamr ncnontsonanne orentnoro knmua nx kaxoro arenra (ncero 100 knmuen) n kaxoro
coomennx. Hepeaua coomennn ncem nosmoxntm nomnoxecrnam osnauaer ncnontsonanne 2
100
-2 pasnnuntx
knmuen (ncknmuent cnyuan coomennx ncem arenram n nnkomy ns nnx) . nx cxemt, ncnontsymmnn kpnnrorpa-
|nm c neckontknmn orkptrtmn knmuamn, nyxno rontko ono mn|ponannoe coomenne n cro pasnnuntx knmuen .
Heocrarkom +ron cxemt xnnxercx ro, uro nam rakxe npnercx mnpokonemarentno nepeanart, kakoe nomnox e-
crno arenron moxer unrart coomenne, nnaue kaxomy nx nnx npnercx nepenpart nce nosmoxnte komnnannn
knmuen n nonckax noxoxmen. axe rontko nepeuncnenne nmen nonyuarenen moxer trt nectma
nnymnrentntm. Kpome roro, kaxomy arenry npnercx xpannrt nemanentknn oem nn|opmannn o knmuax, no
kpannen mepe npn npxmonnnennon peannsannn +ron cxemt.
Cymecrnymr n pyrne cnocot mnpokonemarentnon nepeaun , px ns nnx nosnonxer nsexart onncannon
nponemt. 3rn cnocot ocyxamrcx n pasene 22.7.
Tan. 3-3.
Hnqponanne coomennu n 1pexxnmuenon cnc1eue.
Bn|pyercx knmuamn onxno trt pacmn|ponano knmuamn
K
A
K
B
n Kc
K
B
K
A
n K
C
K
C
K
A
n K
B
K
A
n K
B
K
C
K
A
n K
C
K
B
K
B
n Kc K
A
3.6 Paspenenne cekpe1a
Boopasnre, uro nt nsopenn nontn, cnepxnnnkym, cnepxcnakym cnnnounym rxnyuky nnn coyc nx ramypr e-
pon, koroptn eme esnkycnee, uem y namnx konkypenron. 3ro ouent naxno, n nt xornre coxpannrt nsoperenne n
cekpere. Tontko camtm naexntm paornnkam nt moxere coomnrt rountn cocran nnrpenenron , no npyr n
kro-ro ns nnx nokynnen konkypenramn? Cekper ntkpayr, n nemnoro norox kaxtn n knaprane yer enart
ramyprept c raknm xe esnkycntm coycom, kak nam.
Hpenaraemax cxema nastnaercx pasenenneu cexpe1a. Ecrt cnocot nsxrt coomenne n pasennrt ero na
uacrn |551]. Kaxax uacrt cama no cee nnuero ne snaunr, no cnoxnre nx - n nt nonyunre coomenne . Ecnn +ro
penenr, n y kaxoro paornnka naxonrcx rontko ero uacrt, ro nnmt copanmnct nce nmecre namn cnyxamne cm o-
ryr cenart coyc. Ecnn kro-nnyt ns paornnkon ynonnrcx, npnxnarnn c coon cnom uacrt penenra, packptrax
nn|opmannx no cee yer ecnonesnon.
Ho npocrenmen cxeme coomenne ennrcx mexy nymx nmtmn. Bor nporokon, ncnontsyx koroptn Tpenr e-
nnr coomenne mexy Anncon n Foom:
(1) Tpenr renepnpyer crpoky cnyuanntx nron, R, rakon xe nnnt, uro n coomenne, M.
(2) Tpenr ntnonnxer "ncknmuammee nnn" ( XOR) na M n R, cosanax S.
R M S
(3) Tpenr nepeaer Annce R, a Foy - S.
urot nonyunrt coomenne, Annce n Foy nyxno ntnonnnrt enncrnennoe encrnne:
(4) Annca n Fo ntnonnxmr onepannm na nmemmnmncx y nnx uacrxmn, noccranannnnax coomenne.
R S M
3ror mero npn npannntnom ntnonnennn aconmrno esonacen. Kaxax uacrt n orentnocrn aconmrno e c-
cmtcnenna. uro cymecrnenno, Tpenr mn|pyer coomenne onopasontm noknorom n aer mn|porekcr onomy
uenoneky, a noknor - pyromy. Onopasonte noknort, onaammne aconmrnon esonacnocrtm, ocyxamrcx n
pasene 1.5. Hnkakne ntuncnnrentnte cpecrna ne cmoryr noccranonnrt coomenne rontko no onon ero uacrn .
3ry cxemy nerko pacmnpnrt na ontmee uncno nmen . urot pasennrt coomenne mexy onee uem nymx
nmtmn, ntnonnnre onepannm XOR c ontmnm uncnom crpok cnyuanntx nron. B cneymmem npnmepe Tpenr
ennr coomenne na uertpe uacrn:
(1) Tpenr renepnpyer rpn crpokn cnyuanntx nron, R, S n T, rakon xe nnnt, uro n coomenne, M.
(2) Tpenr ntnonnxer "ncknmuammee nnn" ( XOR) na M n cosanntmn rpemx crpokamn, cosanax U.
M R S T U
(3) Tpenr nepeaer Annce R, Foy - S, K+pon - T, a +nny - U.
Bmecre Annca, Fo, K+pon n +nn moryr noccranonnrt coomenne :
(4) Annca, Fo, K+pon n +nn conpamrcx nmecre n ntuncnxmr:
R S T U M
3ro apnrpaxntn nporokon. Tpenr onaaer aconmrnon nnacrtm n moxer enart nce, uro on xouer . On mo-
xer pasart uenyxy n yrnepxart, uro +ro nacroxmne uacrn cekpernon nn|opmannn, nnkro ne cmoxer +ro npon e-
pnrt, noka, copanmnct nmecre, yuacrnnkn nporokona ne nonpoymr npounrart nnctmo . On moxer ntart uacrn
cekpera Annce, Foy, K+pon n +nny n nosxe saxnnrt ncem, uro rontko Annca, K+pon n +nn nyxnt nx noccr a-
nonnennx cekpera, sacrpennn npn +rom Foa . Ho +ro ne xnnxercx nponemon, rak kak ennmtn cekper npnnan e-
xnr Tpenry.
Onako, ona nponema y +roro nporokona cymecrnyer. Ecnn nmax ns uacren yer norepxna, a Tpenra ne y-
er nonnsocrn, nponaer n nce coomenne . Ecnn K+pon, onaax uacrtm penenra coyca, nepener paorart k ko n-
kypenry, ocrannn cnom uacrt cekpera y cex, snaunr, ocrantntm ne nonesno. Ona ne cmoxer noccranonnrt penenr,
no ne cmoryr, copanmnct, n Annca, Fo n +nn . Ee uacrt rakxe kpnrnuna nx noccranonnennx coomennx, kak n
nmax pyrax. Bce, uro nsnecrno Annce, Foy n +nny - +ro nnna coomennx, n nnuero ontme . 3ro ncrnnno, rak
kak y R, S, T, U n M onnakonax nnna, cneonarentno, kaxomy ns yuacrnnkon nsnecrna nnna M. Homnnre, co-
omenne M ennrcx ne n otunom cmtcne +roro cnona, a nonepraercx onepannn XOR co cnyuanntmn nennunna-
mn.
3.7 Conuec1noe ncnonusonanne cekpe1a
Bt nnonre nporpammy sanycka xepnon pakert n xornre trt ynepenntm, uro nnkakon ncnx n onnouky ne
cmoxer ntsnart nyck. Bt xornre trt ynepenntm, uro n na ncnxa ne cmoryr ntsnart nyck . Bt xornre, urot
nyck nponsomen rontko, ecnn ne mentme rpex ns nxrn o|nnepon yyr ncnxamn .
3ra nponema nerko moxer trt pemena. Cenanre mexannueckoe ycrponcrno konrponx sanycka . Btanre
knmu kaxomy ns nxrn o|nnepon n norpeynre, urot no mentme mepe rpn o|nnepa ncrannnn cnon knmun n coo r-
nercrnymmne rnesa, npexe uem nt paspemnre nm nsopnart roro, koro mt nsptnaem na +ron neene . (Ecnn nt
encrnnrentno nonnyerect, cenanre rnesa noantme pyr or pyra n norpeynre, urot o|nnept ncrannxnn
knmun ononpemenno - nt net ne xorenn t, urot o|nnep, ntkpanmnn neocrammym napy knmuen, cmor t
ncnenennrt Toneo.)
Moxno cenart eme cnoxnee. Hycrt rontko renepan y n nape nonkonnnkon paspemeno sanycrnrt pakery, no e c-
nn renepan sanxr nrpon n ront|, ro sanycrnrt pakery nmemr npano rontko nxrt nonkonnnkon . Cenanre konrpont-
noe ycrponcrno c nxrtm knmuamn. Btanre renepany rpn knmua, a nonkonnnkam no onomy. Ienepan nmecre c
nymx nonkonnnkamn nnn nxrt nonkonnnkon cmoryr sanycrnrt pakery. Onako nn renepan n onnouky, nn uertpe
nonkonnnka ne cmoryr +roro cenart.
Fonee cnoxnax cxema conmecrnoro ncnontsonannx, nastnaemax noporonon cxeuon, moxer pemnrt n +rn saa-
un, n onee cnoxnte - maremarnueckn. Ha ee npocrenmem yponne nt moxere nsxrt nmoe coomenne (cekperntn
penenr, kot sanycka, nam cnncok nx npaueunon n r.n.) n pasennrt ero na n uacren, nastnaemtx 1enuun nnn
onxmn, rak, uro no nmtm m ns nnx moxno noccranonnrt coomenne. Fonee rouno, +ro nastnaercx
(m,n)-noporonon cxeuon.
Hcnontsyx (3,4)-noporonym cxemy, Tpenr moxer pasennrt cnon cekperntn penenr mexy Anncon, Foom, K +-
pon n +nnom rak, uro nmte rpoe ns nnx moryr cnoxnrt cnon renn nmecre n noccranonnrt coomenne. Ecnn K+-
pon n ornycke, ro Annca, Fo n +nn cmoryr noccranonnrt coomenne. Ecnn Fo nonan no anroyc, ro coomenne
cmoryr noccranonnrt Annca, K+pon n +nn. Ho ecnn Fo nonan no anroyc, a K+pon n ornycke, ro Annca n +nn
camocroxrentno ne cmoryr noccranonnrt coomenne.
Boome, noporonte cxemt moryr trt eme onee rnknmn. Moxno ormoennponart nmte cnenapnn conm e-
crnoro ncnontsonannx, koropte nt rontko cmoxere noopasnrt. Moxno pasennrt coomenne mexy nmtmn n
namem sannn rak, uro nx ero noccranonnennx, ecnn ner nnkoro c rpertero +raxa, norpeyercx cemt uenonek c
nepnoro +raxa n nxrt co nroporo, n npornnnom cnyuae ocrarouno npecrannrenx rpertero +raxa nmecre c rpemx
uenonekamn c nepnoro +raxa n nymx co nroporo. Ecnn xe ecrt kro-ro c uerneproro +raxa, ro nx noccranonnennx
coomennx ocrarouno +roro uenoneka n onoro c rpertero +raxa nnn +roro uenoneka nmecre c nymx c nepnoro
+raxa n onoro co nroporo. Ecnn xe ... ny nt ynonnnn nem.
3ra nex tna nesanncnmo ntnnnyra An Bamnpom |1414] n xopxem Fn+knn (George Blakley) |182] n
nnrencnnno tna nsyuena Iycom Cnmmoncom ( Gus Simmons) |1466]. Mnoxecrno pasnnuntx anropnrmon ocyx-
aercx n pasene 23.2.
Coeecmuoe ucnouosoeauue c oueuuurau
Cymecrnyer mnoxecrno cnocoon omanyrt noporonym cxemy. Bor rontko neckontko ns nnx. Cnenapnn 1 : Hon-
konnnkn Annca, Fo n K+pon cnxr n nsonnponannom ynkepe re-ro rnyoko no semnen. Onaxt onn nonyuamr
sakonponannoe coomenne or npesnenra: "3anycrnrt pakert. Mt conpaemcx crepert c nnna 3emnn nmte cn e-
t nccneonannn npornnnnka n onacrn nenponntx ceren ". Annca, Fo n K+pon orkptnamr cnon renn, no K+pon
nnonr cnyuannoe uncno. On na camom ene nann|ncr n ne xouer, urot pakert tnn sanyment . Hockontky
K+pon ne nnena npannntnoe renn, cekpernax nn|opmannx, koropym onn xorenn nonyunrt, okasanact
nenpannntnon. Pakert ocrannct n cnonx maxrax. H camoe nnoxoe, nnkro ne snaer nouemy. axe oennnnmnct
Annca n Fo ne cmoryr okasart, uro rent K+pon nenpannntna.
Cnenapnn 2: Honkonnnkn Annca n Fo cnxr n ynkepe nmecre c M+nnopn. M+nnopn noxno ntaer cex sa
nonkonnnka. Or npesnenra npnxonr ro xe camoe coomenne n nce orkptnamr cnon renn . "Xa-xa-xa!" kpnunr
M+nnopn. " noenan +ro coomenne npesnenra. Tenept x snam oe namnx onn." On yeraer nnepx no necrnn-
ne n ncuesaer npexe, uem ero ycnemr nonmart .
Cnenapnn 3: Honkonnnkn Annca, Fo n K+pon cnxr n ynkepe nmecre c M+nnopn, koroptn cnona samacknpo-
nancx. (Homnnre, y M+nnopn ner npannntnon renn.) Or npesnenra npnxonr ro xe camoe coomenne n nce o r-
kptnamr cnon renn. M+nnopn orkptnaer cnom rent, rontko ycntman nce ocrantnte . Tak kak nx noccranonnennx
cekpera rpeyercx rontko rpn renn, on moxer tcrpo cosart npannntnym rent n orkptrt ee. Hrak, on ne rontko
sanonyunn cekper, no n nnkro ne oraancx, uro on ne xnnxercx uacrtm +ron cncremt . Hekoropte nporokont, ko-
ropte nosnonxmr oportcx c noontmn momennnkamn, paccmarpnnamrcx n pasene 23.2.
Coeecmuoe ucnouosoeauue cerpema es 1peuma
Fank xouer, urot ero nonan mornn orkptrt rpoe ns nxrn o|nnepon, nnex cnon knmun . 3ro ntrnxnr kak
rnnnunax (3,5)-noporonax cxema, no c onon ronkocrtm. Hnkro ne snaer cekpera nennkom. Tpenra, koropte ennr
cekper na nxrt uacren, ner. Cymecrnymr nporokont, ncnontsyx koropte nxrt o|nnepon moryr cosart cekper n
noennrt ero na uacrn rak, uro nnkro ns o|nnepon ne ysnaer cekpera, noka on ne yer noccranonnen . B +ron knn-
re x ne paccmarpnnam +rn nporokont, noponocrn cm. n |756].
Coeecmuoe ucnouosoeauue cerpema es pacrpmmua oue
V +rnx cxem ecrt ona nponema. Kora yuacrnnkn nporokona conpamrcx, urot noccranonnrt cekper, onn
orkptnamr cnon uacrn. Ho packptrne cekpera ne ncera xenarentno. Ecnn pasenxemtn cekper xnnxercx sakpt-
rtm knmuom (nanpnmep, k nn|ponon nonncn), ro kaxtn ns n yuacrnnkon moxer ntnonnnrt uacrnunym nonnct
okymenra. Hocne n-on uacrnunon nonncn okymenr okastnaercx nonncan conmecrno ncnontsyemtm sakptrtm
knmuom, a nn onn ns yuacrnnkon ne moxer ysnart coepxannx uacrn, ncnontsyemon pyrnm yuacrnnkom . Cmtcn
n rom, uro nt moxere nonropno ncnontsonart cekper, n nx paort c nnm nam ne nonaonrcx naexntn nocpe -
nnk. antnenmee pasnnrne +ra nex nonyunna n paorax Hno ecmera (Yvo Desmedt) n Hepa upenkenx (Yair
Erankel) |483, 484].
Homeepxaeoe coeecmuoe ucnouosoeauue cerpema
Tpenr nepeaer Annce, Foy, K+pon n +nny uacrt cekpera (nnn, no kpannen mepe, saxnnxer, uro on +ro
enaer). Enncrnenntn cnoco yenrtcx, uro nx uacrn npannntnt - +ro nontrartcx noccranonnrt cekper . Moxer
trt Tpenr nocnan Foy noentnym uacrt, nnn uacrt Foa cnyuanno ncnoprnnact npn nepeaue no nnnnxm
cnxsn. Hornepxaemoe conmecrnoe ncnontsonanne cekpera nosnonxer kaxomy ns yuacrnnkon nnuno yenrtcx,
uro nx uacrt npannntna, es neoxonmocrn noccranannnnart cekper |558, 1235].
Cxem coeecmuoeo ucnouosoeauua cerpema c epau npeoxpaueuua
Cekper ennrcx cpen 50 uenonek rak, urot nmte 10 mornn copartcx nmecre n noccranonnrt cekper . 3ro
nerpyno. Ho, moxem nn mt peannsonart ry xe cxemy conmecrnoro ncnontsonannx cekpera, oannn rpeonanne,
urot 20 uenonek mornn copartcx nmecre n no+euami ocrantntm, nesanncnmo or nx uncna, noccranonnrt
cekper? Okastnaercx, uro a |153].
Maremarnka ocrarouno cnoxna, no ocnonnax nex n rom, uro kaxtn nonyuaer ne uacrn : uacrt "a" n uacrt
"ner". Kora npnxonr npemx noccranonnrt cekper, nmn npeocrannxmr ony ns cnonx uacren . Kakym konkperno
sanncnr or roro, xorxr nn onn, urot cekper tn packptr. Ecnn npeocranneno m nnn ontme onen "a" n ment-
me uem n onen "ner", ro cekper moxer trt noccranonnen. B npornnnom cnyuae, +ro nenosmoxno.
Koneuno xe, nnuero ne memaer ocrarounomy uncny nmen "a" oronrn n yronok, yennnnmnct or nmen "ner"
(ecnn onn snamr, kro ecrt kro) n noccranonnrt cekper. Ho npn ycnonnn, uro nce nepeamr cnon uacrn n nenrpan t-
ntn komntmrep +ra cxema yer paorart.
Coeecmuoe ucnouosoeauue cerpema c emueprueauue us cnucra
Bt cosann cncremy conmecrnoro ncnontsonannx cekpera n renept xornre sacrpennrt onoro ns nnaentnen
uacrn cekpera. Bt mornn t cosart nonym cxemy, ncknmunn +roro necuacrnoro, no npemx noxnmaer. nx n o-
onon cncremt cymecrnymr cnocot konnponannx . Onn nosnonxmr akrnnnsnponart nonym cxemy conmecrnoro
ncnontsonannx cekpera cpasy xe nocne roro, kak nt nepecrann onepxrt onomy ns yuacrnnkon |1004].
3.8 Kpnn1orpaqnueckan samn1a as pannmx
Fasa anntx unenon oprannsannn - +ro nectma naxnax nemt. C onon cropont nt xornre npeocrannrt k ne
ocryn ncem unenam, xenax, urot onn omannct pyr c pyrom, omennnannct nexmn n ennnnct pyr c pyrom
yreppoamn. C pyron cropont, ecnn nt nycrnre n namy asy anntx koro yrono, cneennx oxsarentno non a-
yr n pykn naoennntx crpaxontx arenron n okyunnntx nocranmnkon ncxkoro xnama no noure .
Kpnnrorpa|nx moxer onerunrt +ry nponemy. Moxno samn|ponart asy anntx rak, urot nonyunrt apec
onoro uenoneka tno nerko, a nsnneut cnncok nourontx apecon ncex unenon - rpyno .
Cxema, npenoxennax n |550, 549], npxmonnnenna. Btepnre ononanpannennym x+m-|ynknnm n cnmmerpn u-
ntn anropnrm mn|ponannx. V kaxon sanncn n ase anntx na nonx. Hnekcntm nonem xnnxercx |amnnnx un e-
na, n nmenno ono opaartnaercx ononanpannennon x+m-|ynknnen . Hone anntx, n koropom xpannrcx nonnoe
nmx n apec unena, mn|pyercx c nomomtm ncnontsyemon n kauecrne knmua |amnnnn . Ecnn nt ne snaere |amn-
nnn, nt nnkora ne cmoxere pacmn|ponart none anntx .
Honck no konkpernon |amnnnn npocr. Cnauana x+mnpyercx |amnnnx, n ntnonnxercx nonck snauennx x+m-
|ynknnn n ase anntx. Hannune neckontknx connaennn osnauaer, uro asa anntx coepxnr nn|opmannm o
neckontknx nmxx c rakon |amnnnen.
B |550] anropt ncnontsymr +ry cncremy nx samnrt cnonapx ns 6000 ncnancknx cnon. Onn coomamr o rom,
uro norepx nponsnonrentnocrn, ntsnannax mn|ponannem, mnnnmantna . B onee cnoxnon cxeme |549] ncnontsy-
ercx nonck no neckontknm nnekcam, no nex ocraercx ron xe . Ocnonnax nponema, cnxsannax c +ron cncremon,
cocronr n rom, uro nt ne cmoxere nanrn uenoneka, ne snax, kak nnmercx ero |amnnnx . Moxno nonpoonart ne-
ckontko napnanron, noka ne yer nanen npannntntn, no neyono nepenpart ncex, utn |amnnnn naunnamrcx
na "Sch" npn noncke "Schneier."
3ra samnra neconepmenna. Ouent nasonnnntn crpaxonon arenr noccranonnr asy anntx unenon oprannsannn
c nomomtm rpyoro nsnoma, nepenpax nce nosmoxnte |amnnnn . Ecnn y nero ecrt rene|onnax asa anntx, on
moxer ncnontsonart nmemmnncx n nen cnncok |amnnnn . 3ro nepexentnanne nomepon moxer sanxrt neckontko
neent, no eno yer cenano. Tem ne menee rakax cxema ycnoxnnr paory nsnommnka ( n mnpe npoaxe ncxkon
uenyxn no noure "ycnoxnnr" tcrpo npenpamaercx n "cenaer cnnmkom oporon". pyron noxo, npenoxenntn
n |185], npenaraer nanpart crarncrnky no mn|ponanntm anntm .
Fnana 4
Dpouey1ounme npo1okonm
4.1 Cnym ue1ok npeuenn
Bo mnornx cnryannxx nmxm nyxno yenrtcx, uro onpeenenntn okymenr yxe cymecrnonan n onpeenenntn
momenr npemenn. Hpnmepom xnnxercx cnop o anropcknx npanax nnn narenre. eno ntnrptnaer cropona, koropax
npecrannr onee pannmm konnm cnopnon paort. Fymaxnte okymenrt sanepxmrcx norapnycamn n xpanxrcx y
mpncron. Ecnn nosnnkaer cnop, norapnyc nnn mpncr cnnerentcrnyer, uro nnctmo cymecrnonano n onpeenenntn
momenr npemenn.
B nn|ponom mnpe nce ropaso cnoxnee. Her cnocoon onapyxnrt npnsnakn noenkn +nekrponnoro okyme n-
ra. Ero moxno eckoneuno konnponart n nsmenxrt, ne ocrannxx nnkaknx cneon . Hecnoxno n nsmennrt npemx cos-
annx komntmrepnoro |anna. Hnkro ne moxer nsrnxnyrt na okymenr n c nonnon ynepennocrtm ckasart: "a, +ror
okymenr tn cosan pantme 4 noxpx 1952 roa "
3ron nponemon saannct Crmapr Xaep ( Stuart Haber) n B. Ckorr Cropnerra (W. Scott Stornetta) ns Bellcore
|682, 683, 92]. Hm norpeonancx nporokon nn|pontx merok npemenn co cneymmnmn cnoncrnamn :
Merka npemenn onxna cymecrnonart cama no cee, nesanncx or |nsnueckon cpet, ncnontsyemon nx ee
xpanennx.
onxno trt nenosmoxno ranno nsmennrt nn ennoro nra okymenra.
onxno trt nenosmoxno saart nx okymenra merky npemenn, ornnunoro or rekymero.
Peueuue c nocpeuuro
B +rom nporokone yuacrnymr Tpenr, onaammnn naexnon cnyxon merok npemenn, n Annca, koropax xouer
saart merky npemenn nx okymenra.
(1) Annca nepeaer konnm okymenra Tpenry.
(2) Tpenr sannctnaer npemx n ary nonyuennx okymenra, ocrannxx y cex konnm nx esonacnoro xpanennx.
Tenept, ecnn kro-nnyt ycomnnrcx n saxnnennom Anncon npemenn cosannx okymenra, ro Annce npocro
nyxno oparnrtcx k Tpenry. On npeocrannr cnom konnm okymenra n nornepnr, uro on nonyunn okymenr n
ykasanntn ent n uac.
3ror nporokon paoraer, no ecrt px ouennntx nponem. Bo nepntx, nenosmoxno coxpannrt ranny - Annca
onxna npeocrannrt konnm okymenra Tpenry. Kro-ro, nocnymnnammnn nnnnm cnxsn, cmoxer npouecrt ok y-
menr. Ona moxer samn|ponart okymenr npn nepeaue, no net on onxen yer xpannrtcx n ase anntx Tpe n-
ra. Hackontko +ra asa esonacna?
Bo nroptx, camon ase anntx npnercx trt ouent ontmon . Bennkn yyr rpeonannx n k nponycknon cno-
conocrn nnnnn cnxsn.
Tpertx nponema cnxsana c nosmoxntmn omnkamn. Omnkn npn nepeaue nnn +nekrpomarnnrnax oma,
nsopnannax re-ro n nenrpantnom komntmrepe Tpenra moryr nonnocrtm cnecrn na ner saxnnenne Annct o merke
npemenn.
H n uerneprtx, moxer okasartcx nenosmoxntm nanrn rakoro uecrnoro Tpenra nx neennx cnyxt merok
npemenn. Moxer trt, Annca ncnontsyer merky npemenn Foa . Hnuro ne ocranonnr Anncy n Foa or cronopa n
nomerkn okymenra rem npemenem, koropoe nm nyxno .
Vuyuueuuoe peueuue c nocpeuuro
Fontmnncrno +rnx nponem nerko cnnmamrcx npn ncnontsonannn ononanpannennon x+m-|ynknnn n nn|p o-
ntx nonncen:
(1) Annca ntuncnxer snauenne ononanpannennon x+m-|ynknnn nx okymenra.
(2) Annca nepeaer +ro snauenne Tpenry.
(3) Tpenr oannxer npemx n ary nonyuennx +roro snauennx n sarem nonnctnaer pesyntrar nn|ponon non n-
ctm.
(4) Tpenr ornpannxer nonncannoe snauenne x+m-|ynknnn nmecre c merkon npemenn Annce.
3ro pemaer nce nponemt, kpome nocnenen. Annce ontme ne nyxno ecnokonrtcx o packptrnn coepxannx
okymenra, ncnontsonanne snauennx x+m-|ynknnn nnonne ocrarouno . Tpenry ontme ne nyxno xpannrt konnn
okymenron (n axe snauennx x+m-|ynknnn), no+romy cnnmamrcx nponemt esonacnocrn n oema coxpanxemtx
anntx (nomnnre, y ononanpannenntx x+m-|ynknnn ner knmua ). Annca moxer nemenenno nponepnrt nonn-
cannym merky npemenn, nonyuennym na +rane (4), n nemenenno onapyxnrt nmte omnkn nepeaun . Enncr-
nennon ocranmencx nponemon ocraercx cronop Annct n Tpenra c nentm cosannx noentnon merkn npemenn .
Hpomorou ceasu
Onnm ns nyren pemennx +ron nponemt xnnxercx ycranonnenne cnxsn mexy merkon npemenn Annct n me r-
kamn npemenn, panee cosanntmn Tpenrom. Bectma nepoxrno, uro +rn merkn tnn cosant ne nx Annct, a nx
pyrnx nmen. Tak kak nopxok, n koropom Tpenr nonyuaer pasnnunte sanpoct o merkax npemenn ne moxer trt
nsnecren sapanee, nepe merkon npemenn nx Annct onxna tna noxnnrtcx pyrax merka npemenn. H rak kak
sanpoc, npnmemnn nosxe, cnxsan c merkon npemenn Annct, ro ee merka onxna tna noxnnrtcx pantme . 3rn
ne merkn coepxar mexy coon sanpoc Annct kak yro n c+nnnue .
Ecnn A - +ro nmx Annct, H
n
- snauenne x+m-|ynknnn, nx koroporo Annca xouer sa|nkcnponart npemx, a T
n-1
-
npetymax merka npemenn, ro nporokon nmeer cneymmnn nn :
(1) Annca noctnaer Tpenry H
n
n A.
(2) Tpenr noctnaer Annce oparno:
T
n
S
K
(n,A,H
n
,T
n
,I
n-1
,H
n-1
,T
n-1
,L
n
)
re cocronr L
n
- +ro nn|opmannx o cneymmen x+mnponannon cnxsn:
L
n
H(I
n-1
,H
n-1
,T
n-1
,L
n-1
)
S
K
ykastnaer, uro coomenne nonncano orkptrtm knmuom Tpenra. Hmx Annct onpeenxer ee kak ornp a-
nnrenx sanpoca. Hapamerp n ykastnaer nocneonarentnocrt sanpocon. 3ro n-ax merka npemenn, koropym
cosan Tpenr. Hapamerp T
n
- +ro npemx. ononnnrentno ncnontsyercx nn|opmannx o nenrn|nkarope, op n-
rnnantnoro snauennx x+m-|ynknnn, npemenn n x+mnponannon merka npetymero okymenra, nomeuennoro
Tpenrom.
(3) Kora Tpenr nomeuaer cneymmnn okymenr, on noctnaer Annce nenrn|nkarop ornpannrenx +roro ok y-
menra: I
n-1
.
Ecnn kro-ro ocnapnnaer merky npemenn Annct, en nao rontko cnxsartcx c ornpannrenxmn npetymero n
cneymmero okymenron: I
n-1
n I
n1
. Ecnn n nx cnnerentcrno no nonpocom, moxno oparnrtcx k anropam ok y-
menron I
n-1
n I
n1
n r.. hmon moxer nokasart, uro ero okymenr tn nomeuen nocne onoro okymenra n nepe
pyrnm.
3ror nporokon memaer Annce n Tpenry oronopnrtcx n cosart okymenr c npemenem cosannx, ornnuntm or
npemenn cosannx nacroxmero okymenra. Tpenr ne moxer nsmennrt ary okymenra Annct na onee pannmm,
rak kak nx +roro nyxno snart sapanee, nx kakoro okymenra nepe anntm yer npocrannxrtcx merka npemenn .
axe ecnn on cmoxer noenart npetymnn okymenr, emy npnercx snart, kakon okymenr npemecrnonan
npetymemy n rak anee. Tpenr ne moxer nsmennrt ary okymenra Annct n na onee nosnmm, noromy uro
merka npemenn onxna trt ncrannena nepe merkon npemenn okymenra, sanepxemoro cpasy xe nocne annoro, a
+ror okymenr yxe cymecrnyer. Enncrnenntn nosmoxntn cnoco cnomart +ry cxemy - +ro nnecrn |nkrnnnym
nenouky okymenron nepe n nocne okymenra Annct, ocrarouno nnnnym, urot nnmnrt repnennx roro, kro
nponepxer merky npemenn okymenra Annct.
Pacnpeeueuum npomorou
hmn ymnpamr, merkn npemenn repxmrcx. Mexy nomerkon okymenra n ero ocnapnnannem moxer nponsonrn
mnoroe, uro nomemaer Annce nonyunrt konnm merkn npemenn I
n-1
. 3ra nponema moxer trt uacrnuno cnxra
ncrankon merok npemenn npetymnx 10 uenonek n merky Annct n nocneymmen nepeaue Annce nmen cney m-
mnx 10 uenonek. Tak y Annct noxnnrcx ropaso ontme nosmoxnocren nanrn nmen, nce eme xpanxmnx cnon
merkn npemenn.
Pasnnnax +ry nem, cneymmnn nporokon nosnonxer oonrnct n es Tpenra:
(1) Hcnontsyx n kauecrne nxoa H
n
, Annca renepnpyer nocneonarentnocrt cnyuanntx uncen c nomomtm kpn n-
rorpa|nueckn esonacnoro reneparopa cnyuanntx uncen.
J
1
, J
2
, J
3
, . . . J
k
(2) Annca paccmarpnnaer kaxoe ns +rnx uncen kak nenrn|nkarop , I, pyroro uenoneka n noctnaer kaxomy
ns +rnx nmen H
n
.
(3) Kaxtn ns nnx oannxer npemx n ary k snauennm x+m-|ynknnn, nonnctnaer pesyntrar n ornpannxer ero
oparno Annce.
(4) Annca conpaer n xpannr nce nonncn kak merky npemenn.
Kpnnrorpa|nueckn esonacntn reneparop cnyuanntx uncen , ncnontsyemtn na +rane (1), nosnonxer Annce ns-
exart npenamepennoro ntopa koppymnnponanntx I n kauecrne cnnerenen. axe ecnn ona cenaer npocren-
mne nsmenennx n cnoem okymenre, ntraxct cosart naop koppymnnponanntx I, ee manct onrtcx +roro npe-
nepexnmo mant. X+m-|ynknnx panomnsnpyer snauennx, n Annca ne moxer na nnx nosencrnonart .
3ror nporokon paoraer, noromy uro noenart merky npemenn Annca moxer, rontko oronopnnmnct o c o-
rpynnuecrne co ncemn k nmtmn. Tak kak na +rane (1) ona ntnpana nx cnyuanntm opasom, nepoxrnocrt +roro
ouent nnska. uem koppymnnponannee omecrno, rem ontme onxno trt uncno k.
Kpome roro, onxen ncnontsonartcx nekoroptn mexannsm, yunrtnammnn ro, uro px nmen ne cmoryr nonp e-
mx nosnparnrt merky npemenn. Bce, uro nyxno nx npannntnon merkn npemenn - +ro nekoropoe nomnoxecrno k.
erann sanncxr or peannsannn.
auoueuaa paoma
antnenmne ynyumennx nporokonon merkn npemenn onncant n |92]. Anropt ncnontsymr nonunte epentx
nx ynennuennx konnuecrna merok npemenn, sanncxmnx or annon merkn, ymentmax nepoxrnocrt cosannx neno u-
kn |antmnntx merok npemenn. Onn rakxe pekomenymr nynnkonart cnncok snauennn x+m-|ynknnn sa npome -
mnn ent n nekoropom omeocrynnom ncrounnke, nanpnmep rasere . 3ro paoraer kak ornpanka snauennx x+m-
|ynknnn cnyuanntm nmxm n pacnpeenennom nporokone. encrnnrentno, merka npemenn noxnnxercx n kaxom
nomepe nockpecnon Hir-Hopr Ta+c c 1992 roa.
3rn nporokont merok npemenn sanarenronant |684, 685, 686]. Harenrt npnnanexar ouepnen komnannn
Bellcore, nasnannon Surety Technologies, koropax npoaer Cncremy nn|ponoro norapnara, noepxnnammym +rn
nporokont. B nepnon nepcnn knnenrt noctnann sanpoct o "sanepennn" na nenrpantntn koopnnnpymmnn nenrp .
Cneyx meronke Mepkna no ncnontsonannm x+m-|ynknnn nx nocrpoennx epenten |1066], cepnep crponr epeno
snauennn x+m-|ynknnn, nncrtx koroporo npecrannxmr coon nce sanpoct, nonyuennte n reuenne annon ceky n-
t, n noctnaer kaxomy anropy sanpoca cnncok snauennn x+m-|ynknnn, onnctnammnn nyrt or ero nncra o ko p-
nx. Knnenrckax uacrt nporpammnoro oecneuennx coxpanxer +ror cnncok n moxer ntart "ceprn|nkar" Hn|pon o-
ro norapnara nx nmoro |anna, koroptn tn ceprn|nnnponan . Hocneonarentnocrt kopnen +rnx epenten opa-
syer "3annct ynnnepcantnoro nornepxennx" ( "Universal Validation Record"), koropax yer ocrynna n +nek-
rponnom nne no mnornx xpannnnmax (n rakxe ntnymena na CD-ROM). Knnenrckax uacrt rakxe coepxnr |ynk-
nnm "nornepxennx", nosnonxmmym nontsonarenm nponepnrt, tn nn sanepena nmenno rekymax |opma |anna
(sanpocnn ns xpannnnma kopent coornercrnymmero epena n cpannnn ero co snauennem x+m-|ynknnn, coornerc r-
nymmnm opasom paccunranntm nx |anna, n ceprn|nkarom ). 3a antnenmen nn|opmannen opamanrect n
Surety Technologies, 1 Main St., Chatham, NJ, 07928; (201) 701-0600; Eax: (201) 701-0601.
4.2 Dopcosna1enunm kanan
Annca n Fo tnn apecronant n ornpannent n rmptmy, on - n myxckym, a ona - n xenckym . Vonrep, nasnpa-
rent, paspemaer Annce n Foy omennnartcx coomennxmn, no on ne paspemaer mn|ponart coomennx . Vonrep
cunraer, uro onn nnannpymr ercrno, no+romy on xouer unrart nce, uro onn nnmyr .
Vonrep naeercx rakxe cymert omanyrt Anncy nnn Foa. On xouer, urot onn ns nnx nocunran npnnxroe nm
noxnoe coomenne nacroxmnm. Annca n Fo mnpxrcx c pnckom nosmoxnoro omana, nnaue onn noome ne cmoryr
omartcx, no nm nyxno cornaconart cnon nnant. nx +roro nm neoxonmo omanyrt nasnparenx n nanrn cnoco
nepeanart cekpernym nn|opmannm. Hm nyxno cosart nocosnarentntn kanan, ckptrtn kanan cnxsn n orkp t-
rtx coomennxx, xorx coomennx camn no cee ne coepxar cekpernon nn|opmannn . C nomomtm omena conep-
menno esonntmn nonncanntmn coomennxmn onn omenxmrcx cekpernon nn|opmannen n oypauar Vonrepa,
axe ecnn on npocmarpnnaer nce coomennx.
Hpocrtm nocosnarentntm kananom moxer trt uncno cnon n npenoxennn. Heuernoe uncno cnon n npen o-
xennn moxer coornercrnonart "1", a uernoe uncno cnon -"0". Tak, noka nt unraere +ror camtn otuntn asan, x
nepean nam coomenne "110". Hponemarnunocrt +roro meroa n rom, uro on xnnxercx otunon creranorpa|nen
(cm. pasen 1.2), knmu ne ncnontsyercx n esonacnocrt sanncnr or cekpernocrn anropnrma .
Iycranyc Cnmmonc npnyman nem oprannsannn nocosnarentnoro kanana c nomomtm otunoro anropnrma
nn|ponon nonncn |1458, 1473]. Tak kak nocosnarentnte coomennx cnpxrant n rom, uro ntrnxnr nopman t-
ntmn nn|pontmn nonncxmn, +ro |opma macknponkn . Vonrep nnnr, kak nonncannte esonnte coomennx
nepeamrcx rya n oparno, no peantnax nepeanaemax nn|opmannx npoxonr nesamerno nx nero no nocosn a-
rentnomy kanany. B encrnnrentnocrn, anropnrm nocosnarentnoro kanana n nonncxx ne ornnunm or nopmantn o-
ro anropnrma n nonncxx, no kpannen mepe nx Vonrepa . Ep ne rontko ne moxer npounrart coomenne, nepe a-
naemoe no nocosnarentnomy kanany, no y nero noome ner nn manenmero npecrannennx o cymecrnonannn rakoro
coomennx. B omem cnyuae nporokon ntrnxnr npnmepno rak:
(1) Annca cosaer esonnoe coomenne, nce panno kakoe.
(2) Hcnontsyx omnn c Foom knmu, Annca nonnctnaer esonnoe coomenne, npxua cnoe nocosnarentnoe
coomenne n nonncn. (3ro cyrt nocosnarentnoro nporokona, cm. pasen 23.3).
(3) Annca noctnaer nonncannoe coomenne Foy uepes Vonrepa.
(4) Vonrep unraer esonnoe coomenne n nponepxer nonnct. He onapyxnn nnuero noospnrentnoro, on n e-
peaer nonncannoe coomenne Foy.
(5) Fo nponepxer nonnct no esonntm coomennem, yexaxct, uro coomenne nonyueno or Annct.
(6) Fo nrnopnpyer esonnoe coomenne n, ncnontsyx omnn c Anncon cekperntn knmu, nsnnekaer nocosn a-
rentnoe coomenne.
A momennnuecrno? Vonrep ne nepnr nnkomy, n nnkro ne nepnr Vonrepy. On ncera moxer nomemart nepeaue
coomennn, no y nero ner nosmoxnocrn noenart coomenne. Tak kak Vonrep ne moxer cosart npannntnon
nonncn, Fo onapyxnr noenky na +rane (5). Vonrep ne moxer unrart nocosnarentnte coomennx - y nero ner
nyxnoro knmua. uro eme naxnee, y nero ner nn manenmero npecrannennx, uro nocosnarentnte coomennx c y-
mecrnymr. Honncannte coomennx, ncnontsymmne anropnrm nn|ponon nonncn na nn nnuem ne ornnuamrcx or
nonncanntx coomennn, coepxamnx nocosnarentnte coomennx n nonncn .
Fonee nponemarnuen oman cnoero naprnepa Anncon nnn Foom. B nekoroptx peannsannxx nocosnarentnoro
kanana cekpernax nn|opmannx, nyxnax Foy nx urennx nocosnarentnoro coomennx, connaaer c nn|opmannen,
nyxnon Annce nx nonncn esonnoro coomennx. Ecnn +ro rak, Fo moxer ntart cex sa Anncy. On moxer
nonncart coomennx, ntan nx sa nocnannte Anncon, n Annca nnuero ne cmoxer c +rnm noenart. Ecnn en n e-
oxonmo ornpannrt emy nocosnarentnoe coomenne, ona onxna nepnrt, uro on ne yer momennnuart c ee s a-
kptrtm knmuom.
B pyrnx peannsannxx nocosnarentnoro kanana rakon nponemt ner. Cekperntn knmu, omnn nx Annct n
Foa, nosnonxer Annce ornpannxrt Foy nocosnarentnte coomennx, no sakptrtn knmu Annct ne nepeaercx, n
Fo ne moxer nonnctnart coomennx ee nonnctm. Annce ne nyxno nepnrt, uro Fo ne yer momennnuart c ee
sakptrtm knmuom.
Hpueueuua nocosuameuouoeo rauaua
Hanonee ouennntm npnmenennem nocosnarentnoro kanana xnnxercx mnnonckax cert. Ecnn kro-ro noctnaer
n npnnnmaer coomennx, ro nepeaua coomennn no nocosnarentnomy kanany n nonncanntx okymenrax ne
yer ntstnart noospennn. Koneuno xe, npaxeckne mnnont moryr enart ro xe camoe.
Hcnontsyx nocosnarentntn kanan, Annca moxer, axe ecnn en yrpoxamr, esonacno nonncart okymenr .
Honnctnax okymenr, ona moxer ncrannrt nocosnarentnoe coomenne, nanncan: " apecronana ". Hnte npnme-
nennx ne rak pocamrcx n rnasa. Komnannx moxer nonncart okymenrt n ncrannrt nocosnarentnte coomennx
nx orcnexnnannx npemenn encrnnx okymenron . Hpannrentcrno moxer "nomernrt" +nekrponnte entrn . Mo-
mennnueckax nporpamma nx nonncn okymenron moxer ncnontsonart nocosnarentnte coomennx n cosana e-
mtx nonncxx nx oprannsannn yreukn cekpernon nn|opmannn . Bosmoxnocrn eckoneunt.
Honucu, ceooume om nocosuameuouoeo rauaua
Annca n Fo omennnamrcx nonncanntmn coomennxmn, oronapnnax cpokn konrpakra. Onn ncnontsymr
nporokon nn|ponon nonncn. Onako, +rn neperonopt na camom ene macknpymr mnnonckym exrentnocrt An n-
ct n Foa. Hcnontsyx anropnrm nn|ponon nonncn, onn ne nonnymrcx o nonnctnaemtx nmn coomennxx. nx
omena cekpernon nn|opmannen onn ncnontsymr nocosnarentntn kanan n nonncxx no okymenramn . Konrp-
pasneka, onako, ne snaer, uro neperonopt o konrpakre n ncnontsyemte nonncannte coomennx xnnxmrcx ron t-
ko npnkptrnem. nx npornnoencrnnx noonon cxeme tnn paspaorant cxemt nonncn, cnoonon or noco s-
narentnoro kanana. Hcnontsyemte n +rnx cxemax nn|ponte nonncn nenosmoxno nsmennrt nx oprannsannn
nocosnarentnoro kanana. Hoponocrn cm. n |480, 481].
4.3 Heo1pnuaeume unqponme nopnncn
Otunte nn|ponte nonncn moryr trt rouno ckonnponant. Hnora +ro cnoncrno nonesno, nanpnmep, npn
pacnpocrpanennn nynnuntx saxnnennn. B pyron pas +ro moxer okasartcx nponemon . Boopasnre nnunoe nnn
enonoe nnctmo, nonncannoe nn|ponon nonnctm. Ecnn pacnpocrpanxercx mnoxecrno konnn +roro okymenra,
kaxax ns koroptx moxer trt nponepena kem yrono, ro +ro moxer npnnecrn k samemarentcrny nnn manraxy .
hyumnm pemennem xnnxercx nn|ponax nonnct, npannntnocrt koropon moxer trt okasana nonyuarenm, no
koropax ne nosnonnr nonyuarenm nokasart rperten cropone nonyuennoe coomenne es cornacnx paspemennx n n-
na, nonncanmero coomenne.
Alice Software Company (Komnannx nporpammnoro oecneuennx Annct) pacnpocrpanxer npoykr DEW (Do-
Everything-Word, enax co cnonom uro yrono). nx rapanrnn orcyrcrnnx nnpycon kaxax konnx coepxnr nn |-
ponym nonnct. Onako, cosarenn xorxr, urot rontko nerantnte nokynarenn npoykra, a ne komntmrepnte
nnpart mornn nponepnrt nonnct. B ro xe npemx, ecnn onapyxnnamrcx konnn DEW, coepxamne nnpyc, y Alice
Software Company ne onxno trt nosmoxnocrn orpnnart npannntnym nonnct .
Heo1pnnaeume nonncn |343,327] yont nx pemennx noontx saau. Kak n otunax nn|ponax nonnct,
neorpnnaemax nn|ponax nonnct sanncnr or nonncannoro okymenra n sakptroro knmua uenoneka, nonncanm e-
ro okymenr. Ho, n ornnune or otuntx nn|pontx nonncen, neorpnnaemax nonnct ne moxer trt nponepena
es paspemennx nonncanmero. Xorx nx +rnx nonncen moxno tno t noopart nasnanne nonyume, nanpnmep,
"nenepeanaemte nonncn", cymecrnymmee nasnanne oycnonneno rem ocroxrentcrnom, uro ecnn Annce npnercx
nno nornepnrt, nno orpnnart nonnct - moxer trt n cye - ona ne cmoxer noxno orpnnart cnom nacroxmym
nonnct. Hecmorpx na cnoxnocrt maremarnkn ocnonnax nex npocra :
(1) Annca npexnnxer Foy nonnct.
(2) Fo cosaer cnyuannoe uncno n noctnaer ero Annce.
(3) Annca ntnonnxer ntuncnennx, ncnontsyx cnyuannoe uncno n cnon sakptrtn knmu, n noctnaer Foy pesyn t-
rar. Annca moxer ntnonnnrt +rn ntuncnennx rontko, ecnn nonnct npannntna.
(4) Fo nponepxer +ro.
Takxe cymecrnyer ononnnrentntn nporokon, nosnonxmmnn Annce okasart, uro ona ne nonnctnana ok y-
menr, n ne onyckammnn nosmoxnocrn noxno orkasartcx or nonncn .
Fo ne moxer nonepnyrtcx n yenrt K+pon, uro nonnct Annct npannntna, noromy uro K+pon ne snaer, uro
uncna Foa cnyuannt. On moxer nerko es nomomn Annct nsnoxnrt nporokon na ymare n nocnart pesyntrar
K+pon. K+pon moxer yocronepnrtcx n npannntnocrn nonncn Annct rontko, ecnn ona cama ntnonnnr +ror np o-
rokon c Anncon. Cenuac kaxercx, uro n +rom nemnoro cmtcna, no on noxnnrcx, kora nt nsrnxnere na maremarnky
pasena 23.4.
3ro pemenne ne conepmenno. Hno ecmer n Morn Rnr (Moti Yung) nokasann, uro n nekoroptx cnyuaxx Fo
moxer yenrt K+pon n npannntnocrn nonncn Annct |489].
Hanpnmep, Fo nokynaer nerantnym konnm DEW. On moxer nornepnrt nonnct no nporpammntm npoyk-
rom, kora saxouer. Tora, Fo moxer yenrt K+pon, uro on paoraer na Alice Software Company, n npoart en
nnparckym konnm DEW. Kora K+pon nontraercx nornepnrt nonnct Foa, on ononpemenno nornepxaer
nonnct y Annct. Kora K+pon noctnaer emy cnyuannoe uncno, on ornpannxer ero Annce. Orner Annct on nepe-
ctnaer K+pon. K+pon yexaercx n rom, uro ona - nerantntn nokynarent, xorx ona rakontm ne xnnxercx . Takoe
nckptrne xnnxercx npmepom nponemt nennkoro rpoccmencrepa n nopono paccmarpnnaercx n pasene 5.2.
Hecmorpx na +ro y neorpnnaemtx nonncen mnoxecrno npnmenennn, no mnornx cnyuaxx Annca ne xouer, ur o-
t kro yrono mor nponepnrt ee nonnct. Ona moxer ne xorert, urot nonnct no ee nnunon koppecnonennnen
morna trt nponepena xypnanncramn, urot ee nnctma tnn onynnkonant n nornepxent nesanncnmo or ko n-
rekcra, nnn npocro, urot nentsx tno onapyxnrt nsmenennx n nnctmax, cenannte em nosxe . Ecnn ona nonn-
ctnaer nn|opmannm, koropym ona npoaer, ro ona ne xouer, urot kro-ro, ne sannarnn sa nn|opmannm, mor no -
rnepnrt ee ocronepnocrt. 3amnrnrt cnon npana Annca moxer konrponnpyx rex, kro nponepxer ee nonnct .
Px napnanron neorpnnaemtx nonncen orenxer cnxst mexy nonncanmnm n coomennem or cnxsn mexy
nonncanmnm n nonnctm |910]. B onon cxeme kro yrono moxer nponepnrt, uro nonnct encrnnrentno tna
cosana ee anropom, a nx nponepkn npannntnocrn nonncn nx annoro coomennx rpeyercx corpynnuecrno
nonncanmero.
Fnnsknm nonxrnem xnnxercx onepn1ennnau neo1pnnaeuau nonncn |1229]. Hpecrantre, uro Annca paora-
er na Toxins, Inc., n nepeaer onnuammne okymenrt n rasery, ncnontsyx nporokon neorpnnaemon nonncn . Ann-
ca moxer nornepnrt cnom nonnct rontko penoprepy rasert n nnkomy ontme . Onako, neroxn Fo noospena-
er, uro ncrounnkom okymenron xnnxercx Annca . On rpeyer, urot Annca ncnontsonana nporokon cnxrnx non n-
cn, urot ouncrnrt cnoe nmx, a Annca orkastnaercx . Fo nacrannaer, uro enncrnennon npnunnon orkasa Annct
xnnxercx ee nnnonnocrt, n ynnaer ee.
onepnrentnte neorpnnaemte nonncn noxoxn na otunte neorpnnaemte nonncn sa ncknmuennem npor o-
kona cnxrnx nonncn, koroptn moxer trt sanymen rontko Tpenrom . Tontko Tpenr, a ne Fo moxer norpeonart
or Annct ncnontsonart nporokon cnxrnx. H ecnn Tpenr npecrannxer cyenym cncremy, ro on ncnontsyer +ror
nporokon rontko nx paspemennx |opmantnoro cnopa .
4.4 Dopnncn ynonnououennoro cnnpe1enn
Alice Software Company onnact ypnoro pocra npoax, npoanax DEW - rakoro, uro Annca ontmym uacrt
npemenn nocnxmaer nornepxennm neorpnnaemtx nonncen, a ne paore na nontmn nosmoxnocrxmn.
Annce xorenoct t nasnaunrt nekoero uenoneka n komnannn ornercrnenntm sa nornepxenne nonncn. An n-
ca, nn nmon pyron nporpammncr, cmoxer nonnctnart okymenrt c nomomtm neorpnnaemoro nporokona. Ho
nce nornepxennx yyr npononrtcx rontko K+pon.
Okastnaercx, +ro nosmoxno c ncnontsonannem nonncn ynonnououennoro cnne1enu |333,1213]. Annca mo-
xer nonncart okymenr, rak uro Fo yenrcx, uro nonnct npannntna, no ne cmoxer yenrt n +rom rperte n n-
no. B ro xe npemx Annca nasnauaer K+pon na onxnocrt yymero cnnerenx cnoen . Annce axe ne nyxno sapa-
nee npocnrt paspemennx y K+pon, en rontko nyxno ncnontsonart orkptrtn knmu K+pon. H K+pon cmoxer no-
rnepnrt nonnct Annct, ecnn Annca yexana ns ropoa, ynonnnact, tna nontmena nnn ymepna .
Honncn ynonnououennoro cnne1enu npecrannxmr coon neknn komnpomncc mexy otuntmn nn|pon t-
mn nonncxmn n neorpnnaemtmn nonncxmn. Onpeenenno cymecrnymr cnyuan, kora Annca saxouer orpannunrt
uncno rex, kro moxer nornepnrt ee nonnct . C pyron cropont, npeocrannenne Annce nonnoro konrponx no-
ptnaer cam nncrnryr nonncen - Annca moxer orkasartcx corpynnuart n n nornepxennn, n n orpnnannn, ona
moxer saxnnrt o norepe knmuen nx nornepxennx nnn orpnnannx, nakonen, ona moxer trt npocro neocrynna .
Honncn ynonnomouennoro cnnerenx moryr npeocrannrt Annce samnry, cosanaemym neorpnnaemon nonnctm,
ononpemenno ne nosnonxx en snoynorpenxrt +ron samnron . Annca axe moxer npenouecrt +ror cnoco: nonn-
cn ynonnomouennoro cnnerenx moryr nomemart noxntm npnmenennxm, samnrnrt ee, ecnn ona encrnnrentno
norepxna cnon knmu, ntpyunrt, ecnn ona n ornycke, n ontnnne nnn axe ymepna .
3ra nex moxer nmert pasnnunte npnmenennx. Hanpnmep, K+pon moxer cenartcx rocyapcrnenntm norapny-
com. Ona onynnkyer n kakom-ro karanore cnon orkptrtn knmu, n nmn nonyuamr nosmoxnocrt nasnauart ee
cnnerenem cnonx nonncen. Honyuax neontmym nnary sa nornepxenne nonncen, ona moxer xnrt npnnena m-
un.
K+pon moxer trt arenrcrnom no oxpane anropcknx npan, npannrentcrnenntm arenrcrnom nnn eme kakon-
nnyt oprannsannen. 3ror nporokon nosnonxer orennrt nmen, nonnctnammnx okymenrt, or nmen, koropte
nomoramr nornepxart nonncn.
4.5 Dopnncn no ponepennoc1n
Honncn ynonnomouennoro cnnerenx nosnonxmr nonncanmemy nasnaunrt koro-ro pyroro nx nornepx e-
nnx nonncn. Hycrt Annca xouer noexart n enonym noesky n nekoe mecro, re ner xopomen komntmrepnon cern
- n a|pnkanckne xynrnn, nanpnmep. Hnn ona ne eecnocona nocne rxxenon onepannn . Ona oxnaer nonyuennx
naxnon +nekrponnon nourt n nncrpykrnpyer cnoero cekperapx Foa ornernrt coornercrnymmnm opasom . Kak
Annca moxer nepeart Foy nonnomounx nonnctnart coomennx sa nee, ne nepeanax emy cnoero sakptroro
knmua?
Pemennem +roro xnnxmrcx nonncn no onepennoc1n |1001]. Annca nepeaer Foy nonnomounx rak, urot
nmenn mecro cneymmne cnoncrna:
Pasuuuuocmo. Kro yrono moxer ornnunrt nonncn no onepennocrn or otuntx nonncen.
Henoeuouocmo. Tontko cam nonnctnammnn n nasnauenntn nm nonnctnammnn no onepennocrn m o-
xer cosart npannntnym nonnct no onepennocrn.
Omuuuue nonucu no onepennocrn. nonnctnammnn no onepennocrn ne moxer cosart npannntnym
nonnct no onepennocrn, koropym moxno ntart sa opnrnnantnym nonnct.
Homeepxaeocmo. Ho nonncn no onepennocrn konrponep onxen yenrtcx n cornacnn nepnon a-
uantnoro nonnctnammero c nonncanntm coomennem.
Heumuquuupyeocmo. Hepnonauantntn nonnctnammnn moxer onpeennrt nnunocrt nonnctnamm e-
ro no onepennocrn no nonncn no onepennocrn.
Heompuuaeocmo. Honnctnammnn no onepennocrn ne moxer cnxrt nm nonnct no onepennocrn, n o-
nyuennym nontsonarenem
B nekoroptx cnyuaxx rpeyercx crporax |opma nenrn|nnnpyemocrn - kro yrono onxen nmert nosmoxnocrt
onpeennrt nnunocrt nonnctnammero no onepennocrn no nonncn no onepennocrn . Cxemt nonncn no one-
pennocrn, ocnonannte na pasnnuntx cxemax nn|ponon nonncn npnneent n |1001].
4.6 Fpynnonme nopnncn
3ra nponema tna nneena +nnom uaymom ( David Chaum) n |330]:
V komnannn ecrt neckontko komntmrepon, nocoennenntx k nokantnon cern . B kaxom orene komnannn ecrt cnon npnn-
rep (rakxe npncoennenntn k cern), n rontko onn uenonek n orene nmeer npano neuarart na npnnrepe cnoero orena. Hepe
neuartm, cneonarentno, npnnrep onxen nponepxrt, uro anntn corpynnk paoraer n +rom orene B ro xe npemx, komnannx
xouer oecneunrt ranny, nmx nontsonarenx ne onxno packptnartcx. Ecnn, onako, kro-ro n konne nx onapyxnr, uro npnnrep
ncnontsyercx cnnmkom uacro, y npekropa onxna trt nosmoxnocrt nanrn roro, kro ncnontsyer npnnrep ne no nasnauennm n
nocnart emy uek.
Pemenne +ron nponemt nastnaercx rpynnonon nonnctm. Ipynnonte nonncn onaamr cneymmnmn cno n-
crnamn:
Tontko unent rpynnt moryr nonnctnart coomennx.
Honyuarent nonncn moxer yenrtcx, uro +ro - npannntnax nonnct rpynnt.
Honyuarent nonncn ne moxer onpeennrt, kro nmenno ns unenon rpynnt nonncan okymenr.
npn cnope nonnct yer packptra nx onpeenennx nnunocrn nonncanmero.
Ipynnoeme nonucu c uaexum nocpeuuro
Cneymmnn nporokon ncnontsyer sacnyxnnammero nocpennka:
(1) Tpenr cosaer ontmym kyuy nap orkptrtn knmu/sakptrtn knmu n ntaer kaxomy uneny rpynnt nn n-
nnyantntn cnncok ynnkantntx sakptrtx knmuen. Onnakontx knmuen n cnnckax ner. (Ecnn n rpynne n
unenon, n kaxtn ns nnx nonyuaer m nap knmuen, ro omee uncno nap knmuen cocrannr n*m.)
(2) Tpenr nynnkyer rnanntn cnncok ncex orkptrtx knmuen nx rpynnt n cnyuannom nopxke, coxpanxx n ce k-
pere, kakon knmu komy npnnanexnr.
(3) Kora unen rpynnt xouer nonncart okymenr, on cnyuanntm opasom ntnpaer knmu ns cnoero cnncka.
(4) Kora kro-ro xouer yenrtcx, uro nonnct npnnanexnr uneny annon rpynnt, on nepenpaer rnanntn
cnncok n nonckax noxoxmero orkptroro knmua n nponepxer nonnct.
(5) B cnyuae cnopon opamamrcx k Tpenry, koroptn snaer, kakne knmun ncnontsyer kaxtn unen rpynnt.
Hponema nporokona cocronr n rom, uro nx nero neoxonm naexntn nocpennk. Tpenr snaer sakptrte
knmun kaxoro n moxer noentnart nonncn. Kpome roro, onxno trt ocrarouno nennko, urot nomemart
nontrkam anannsa c nentm noncka nnaentna kaxoro knmua.
uaym |330] nepeuncnnn px pyrnx nporokonon, n nekoroptx ns nnx Tpenr ne moxer noenart nonncn, a n
pyrnx or n ne nyxen nonce. Eme onn nporokon |348] ne rontko npxuer nnunocrt nonnctnammero, no n nosn o-
nxer oannxrt nontx unenon n rpynny. H eme onn nporokon moxno nanrn n |1230].
4.7 Dopnncn c onapyenneu noppenkn
Hycrt Ena xnnxercx moryunm npornnnnkom. V nee ecrt omnpnte komntmrepnte cern n sant, nanrte ko m-
ntmrepamn Kp+n, na mnoro nopxkon onee momntx, uem ocrynnte Annce . Bce +rn komntmrept nem n noutm
ntxrxr, ntraxct nsnomart sakptrtn knmu Annct. Hakonen - ycnex. Tenept Ena moxer ntanart cex sa Anncy,
npn xenannn noentnax ee nonnct no okymenramn.
Honncn c onapyaenneu noenxn, nneennte Fnpxnrom H|nnmanom ( Birgit Pfitzmann) n Manknom
V+nnepom (Michael Waidner) |1240] npeornpamamr noonoe momennnuecrno. Ecnn nocne rpyoro nsnoma Ena
noentnaer nonncn Annct, Annca cmoxer okasart nonor . Ecnn Annca nonnmer okymenr, a norom oxnnr
cnom nonnct nonoxnon, npana moxer trt okasana cyom.
Ocnonnax nex, croxmax sa nonncxmn c onapyxennem noenkn, cocronr n rom, uro nx kaxomy nosmoxn o-
my orkptromy knmuy coornercrnyer mnoxecrno nosmoxntx sakptrtx knmuen . Kaxtn ns +rnx sakptrtx knmuen
aer mnoxecrno pasnnuntx nn|pontx nonncen. Onako, y Annct ecrt rontko onn sakptrtn knmu, n ona mo-
xer paccunrart rontko ony nonnct. pyrne sakptrte knmun en nensnecrnt.
Ena xouer nsnomart sakptrtn knmu Annct. (Ena rakxe cmoxer trt Anncon, ntuncnnn nx cex nropon s a-
kptrtn knmu.) Ona conpaer nonncannte coomennx n, ncnontsyx mnoxecrno cnonx cynepkomntmrepon, ntr a-
ercx packptrt knmu Annct. axe ecnn en yacrcx packptrt noxoxmnn sakptrtn knmu, raknx knmuen n a-
crontko mnoro, uro, ckopee ncero, ona nonyunr nnon, uem y Annct, knmu . Bepoxrnocrt packptrnx knmua, npnna-
nexamero nmenno Annce, nacrontko mana, uro em moxno npenepeut.
Tenept, kora Ena noenaer nonnct no okymenrom, ncnontsyx nanenntn sakptrtn knmu, noenannax
nonnct yer ornnuartcx or ron nonncn, koropym nocrannna t cama Annca. Hpn opamennn n cy Annca
npexnnr ne pasnnuntx nonncn no onnm n rem xe coomennem n orkptrtn knmu (coornercrnymmnn ee s a-
kptromy knmuy n sakptromy knmuy, nanennomy Enon), urot okasart nonor . C pyron cropont, ecnn Annca
ne moxer npexnnrt ne pasnnunte nonncn, ro nonora ne tno n Annca onxna orneuart sa cnom nonnct .
3ra cxema nonncen npornnocronr nsnomy Enon nonncn Annct c nomomtm neotuanno momntx ntuncn n-
rentntx cpecrn. Ona nnuero ne cmoxer cenart c onee nepoxrnon nontrkon M+nnopn nnomnrtcx n om Annct n
cramnrt ee sakptrtn knmu nnn c nontrkon Annct nonncart okymenr, a sarem "cnyuanno" norepxrt cnon s a-
kptrtn knmu. urot samnrnrtcx or ynomxnyron nontrkn M+nnopn, Annce cronr kynnrt cee xopomym cropox e-
nym coaky, no noonte pekomenannn ntxoxr sa pamkn kpnnrorpa|nn .
ononnnrentnym reopnm n npnmenennx nonncen c onapyxennem noenkn moxno nanrn n |1239, 1241, 730,
731].
4.8 Bmuncnennn c samnqponannmun pannmun
Annca xouer snart pemenne nx nekoropon |ynknnn f(x) nx nekoroporo konkpernoro snauennx x. K necuacrtm,
ee komntmrep cnoman. Fo xouer ntuncnnrt nx nee snauenne f(x), no Annca ne xouer, urot Fo snan ee x. Kak
Annce nosnonnrt Foy nponecrn ntuncnenne f(x)n ne coomnrt emy x?
3ro otunax nponema nmuncnennn c samnqponannmun annmun, rakxe nsnecrntx kak 1annau nnqop-
uannu npopnna1enu. (Hpopnnarenem xnnxercx Fo - on orneuaer na nonpoc .) nx nekoroptx |ynknnn cymecrny-
mr cnocot pemnrt +ry saauy, onn ocyxamrcx n pasene 23.6.
4.9 Bpyuenne n1on
Annca Bennkonennax, ntammaxcx nonmennna , cenuac npoemoncrpnpyer momt cnoero nckyccrna. Ona yr a-
aer kapry, koropym nteper Fo o roro, kak on ee nteper ! Cnenre sa rem, kak Annca sannctnaer cnoe npe -
ckasanne na kycouke ymarn. Bocxnmanrect rem, kak Annca knaer +ror kycouek ymarn n konnepr n saneuartnaer
ero. poxnre or roro, kak Annca oraer saneuaranntn konnepr cnyuannomy spnrenm . "Btepn kapry, Fo, nmym
kapry." On rnxnr na nee n nokastnaer kapry Annce n spnrenxm. 3ro cemepka yen. Tenept Annca sanpaer kon-
nepr y spnrenx n orkptnaer ero. Hpeckasanne, sanncannoe o roro, kak Fo ntpan kapry, coomaer "cemepka
yen"! Annoncmenrt.
nx ycnexa +roro rpmka Annce nyxno nomennrt konnepr n konne |okyca . Onako, kpnnrorpa|nueckne nporo-
kont moryr oecneunrt samnry or nmon nonkocrn pyk. A kakax n +rom nontsa? Bor onee npnsemnennax ncr opnx.
Fnpxenon pokep Annca xouer yenrt nnnecropa Foa, uro ee mero onpeenxrt nepcnekrnnnte aknnn s a-
cnyxnnaer nnnmannx.
Fo: "Hoepnre-ka nx menx nxrok aknnn. Ecnn na nnx yacrcx sapaorart, x nepeam cnon nsnec nam."
Annca: "Ecnn x noepy nxrt aknnn nx nac, nt cmoxere nnoxnrt n nnx entrn, ne sannarnn mne. Houemy t mne ne nokasart
nam nxrt aknnn, koropte x noopan n npomnom mec xne?"
Fo: "Orkya x snam, uro nt ne nomennnn pesyntrart namero ntopa, ysnan nacroxmne. Ecnn nt coomnre mne o cnoem
ntope cenuac, x yy ynepen, uro nt ne nomennre pesyntrar. ne yy nknatnart entrn n +rn aknnn, noka x ne
onnauy namn ycnyrn. Honeptre mne."
Annca: " nyume nokaxy nam cnom noopky aknnn sa npomntn mecxn. ne nomenxna nx. Honeptre mne."
Annca xouer nepeart cnoe npeckasanne (r.e., nr nnn nocneonarentnocrt nron), no ne xouer packptnart
cnoe npeckasanne o nekoroporo npemenn. Fo, c pyron cropont, xouer yocronepnrtcx, uro Annca ne cmoxer
nsmennrt cnoe mnenne nocne roro, kak ona cenana npeckasanne.
Bpyueuue umoe c noouom cuempuuuo rpunmoepaquu
3ror nporokon npyuennx nron ncnontsyer cnmmerpnunym kpnnrorpa|nm :
(1) Fo renepnpyer crpoky cnyuanntx nron, R, n noctnaer ee Annce.
(2) Annca cosaer coomenne, cocroxmee ns cnoero nra, koroptn ona xouer npyunrt, b (n encrnnrentnocrn,
+ro moxer trt n neckontko nron) , n cnyuannym crpoky Foa. Ona mn|pyer coomenne nekoroptm cn y-
uanntm knmuom, K, n noctnaer ero oparno Foy.
E
K
(R,b)
3ra uacrt nporokona npecrannxer coon nponeypy npyuennx . Fo ne moxer pacmn|ponart coomenne, no-
+romy on ne snaer, uro sa nr npncnana Annca .
Kora nx Annct npner npemx packptrt cnon nr, nporokon npoonxaercx :
(3) Annca nepeaer Foy knmu.
(4) Fo pacmn|pontnaer coomennx, ysnanax nr. On nponepxer cnom cnyuannym crpoky, yexaxct n np a-
nnntnocrn nra.
Fes cnyuannon crpokn Foa Annca moxer ranno pacmn|pontnart coomenne, nocnannoe Foy, ncnontsyx
mnoxecrno knmuen, nonpax ror, koroptn nosnonnr npn emn|pnponannn ornpannennoro coomennx nsmennrt
npyuenntn nr. Tak kak y nra rontko na nosmoxntx snauennx, ee nonckn nanepnxka ynenuamrcx ycnexom nocne
neckontknx nontrok. Cnyuannax crpoka Foa ne aer en ncnontsonart +ror cnoco nckptrnx, en npnercx nckart
nontn knmu, koroptn ne rontko nnneprnpyer npyuenntn nr, no n coxpannr nerponyron cnyuannym crpoky Foa .
Ecnn ncnontsyercx ocrarouno xopomnn anropnrm mn|ponannx, nepoxrnocrt yaunoro noncka upesntuanno mana.
Annca ne moxer nsmennrt cnon nr nocne ero npyuennx .
Bpyueuue uma c noouom ououanpaeueuumx qyuruu
3ror nporokon ncnontsyer ononanpannennte |ynknnn:
(1) Annca cosaer ne cnyuanntx crpokn nron, R
1
n R
2
.
R
1
, R
2
(2) Annca cosaer coomenne, cocroxmee ns ee cnyuanntx crpok n nra, koroptn ona xouer npyunrt (n encrn n-
rentnocrn, +ro moxer trt n neckontko nron).
(R
1
, R
2
, b)
(3) Annca ntuncnxer ononanpannennym |ynknnm nx coomennx n noctnaer pesyntrar nmecre c onon ns
cnyuanntx crpok Foy.
H(R
1
, R
2
, b), R
1
3ro coomenne Annct xnnxercx okasarentcrnom npyuennx. Hcnontsonanne ononanpannennon |ynknnn na
+rane (3) memaer Foy, nnneprnpyx |ynknnm, onpeennrt nr .
Kora nx Annct npner npemx packptrt cnon nr, nporokon npoonxaercx :
(4) Annca ornpannxer Foy nepnonauantnoe coomenne.
(R
1
, R
2
, b)
(5) Fo ntuncnxer ononanpannennym |ynknnm nx coomennx n cpannnnaer ero n R
1
co snauennem onona-
npannennon |ynknnn n cnyuannon crpokon, nonyuenntmn na +rane (3). Ecnn onn connaamr, ro nr npan n-
nen.
Hpenmymecrno +roro nporokona nepe npetymnm n rom, uro Foy ne nyxno noctnart nnkaknx coomennn .
Annca noctnaer Foy ono coomenne nx npyuennx nra, a pyroe - nx ero packptrnx .
He nyxna n cnyuannax crpoka Foa, rak kak pesyntrar Anncnnoro npyuennx - +ro coomenne, opaorannoe
ononanpannennon |ynknnen. Annca ne moxer cmomennnuart n noopart pyroe coomenne (R
1
, R
2
, b), nx ko-
roporo H(R
1
, R
2
, b) H(R
1
, R
2
, b). Hoctnax Foy R
1
, ona npyuaer snauenne b. Ecnn Annca ne coxpannr n cekpere
R
2
, ro Fo nonyunr nosmoxnocrt ntuncnnrt H(R
1
, R
2
, b) n H(R
1
, R
2
, b), nonyuax nosmoxnocrt ynnert, uro xe on
nonyunn or Annct.
Bpyueuue uma c noouom eeuepamopa nceeocuyuauo nocueoeameuouocmu
3ror nporokon axe npome |1137]:
(1) Fo cosaer crpoky cnyuanntx nron n noctnaer ee Annce.
R
B
(2) Annca cosaer crapronym nocneonarentnocrt nx reneparopa ncenocnyuanntx nron. 3arem nx kaxoro
nra n crpoke cnyuanntx nron Foa ona noctnaer Foy nno:
(a) ntxo reneparopa, ecnn nr Foa panen 0, nnn
(b) XOR ntxoa reneparopa n nra Foa, ecnn Fnr Foa panen 1.
Kora nx Annct npner npemx packptrt cnon nr, nporokon npoonxaercx :
(3) Annca noctnaer Foy cnom crapronym nocneonarentnocrt.
(4) Fo ntnonnxer +ran (2), yexaxct, uro Annca encrnyer uecrno.
Ecnn crpoka cnyuanntx nron ocrarouno nnnna, a reneparop ncenocnyuanntx nron nenpeckasyem , mo-
mennnuecrno Annct npakrnueckn nenosmoxno.
Blob-ozermm
Crpokn, koropte Annca noctnaer Foy nx npyuennx nra, nnora nastnamr blob-oex1aun. Blob-oekr -
+ro nocneonarentnocrt nron, xorx nporokont +roro n ne rpeymr . Kak ckasan +nnt Fpaccap (Gilles Brassard),
"Onn mornn t trt cenant n ns nonmenon ntnn, ecnn t +ro tno nonesntm " |236]. Blob-oekrt onaamr
cneymmnmn uertptmx cnoncrnamn:
1. Annca moxer npyunrt blob-oekrt. Bpyuax blob-oekr, ona npyuaer nr.
2. Annca moxer orkptrt nmon blob-oekr, koroptn ona npyunna. Kora ona orkptnaer blob-oekr, ona
moxer yenrt Foa n snauennn nra, koroptn tn npyuen nmecre c blob-oekrom. Cneonarentno, ona
ne moxer orkptrt nponsnontntn blob-oekr, nanpnmep, nont nnn ennnny.
3. Fo ne moxer snart, kaknm opasom Annca moxer orkptrt blob-oekr, koroptn ona npyunna. 3ro oc-
raercx cnpanennntm, axe kora Annca orkpoer pyrne blob-oekrt.
4. Blob-oekrt ne necyr nnkakon nn|opmannn, kpome npyuaemoro Anncon nra. Camn no cee blob-
oekrt, rakxe kak n nponecc, c nomomtm koroporo Annca npyuaer n orkptnaer nx, ne cnxsant ne c
uem pyrnm, uro Annca xorena t coxpannrt n cekpere or Foa.
4.10 Doppacmnanne "uec1no" uone1m
Hacrano npemx nponnrnponart xo Knnnana (Joe Kilian) |831]:
Annca n Fo xorenn ctrpart n "opna n pemky", no monert y nnx ne tno. Annca npenoxnna npocron cnoco nopactnart
monerky mtcnenno.
"Cnauana nt saymtnaere cnyuanntn nr, sarem x saymam cnyuanntn nr. 3arem mt ntnonnxem na nramn
"ncknmuammee nnn", - npenoxnna ona.
"Ho ecnn onn ns nac ne yer saymtnart nrt cnyuanntm opasom?", - cnpocnn Fo.
"3ro ne naxno. Ecnn xorx t onn ns nron encrnnrentno cnyuaen, ro n "ncknmuammee nnn" nron onxno trt encrn n-
rentno cnyuanntm", - ornernna Annca, n nocne mnnyrnoro pasymtx Fo cornacnncx.
Hemnoro cnycrx Annca n Fo narknynnct na knnry no nckyccrnennomy nnrennekry, nexamym na oounne oporn. Annca,
oponopxounax rpaxanka, ckasana: "Onn ns nac onxen noopart +ry knnry n cart ee n mpo naxook". Fo cornacnncx,
n npenoxnn ncnontsonart nx nporokon nopactnannx monerkn, uro t onpeennrt, kro ynecer knnry.
"Ecnn nonyuenntn nr yer 0, ro rt nostmemt knnry, a ecnn 1 - ro x", - ckasana Annca. " Kakon y rex nr?"
Fo ornernn: "1".
"Hy nor, n y menx rakon xe", - nykano samernna Annca. - " ymam, y rex ceronx neyauntn ent".
Ouennno, y nporokona nopactnannx monerkn ecrt ceptesntn e|ekr. Xorx +ro npana, uro "ncknmuammee nnn" enc r-
nnrentno cnyuannoro nra, x, n nmoro nesanncnmo pacnpeenennoro nra , v, aer n pesyntrare encrnnrentno cnyuanntn nr,
nporokon Annct ne rapanrnpyer, uro na nra yyr pacnpeenent nesanncnmo. Ha camom ene nerpyno yenrtcx, uro ne c y-
mecrnyer mtcnennoro nporokona, koroptn nosnonnr nym nesanncnmtm croponam nopactnart "uecrnym" monerky. Annca n
Fo ropenann, noka ne nonyunnn nnctmo or nensnecrnoro cryenra c nnnomom no kpnnrorpa|nn. Hn|opmannx n nnctme tna
cnnmkom reopernueckon, urot ee moxno tno npnmennrt nx uero-ro semnoro, no konnepr, n koropom npnmno nnctmo, okasa n-
cx upesntuanno nonesntm.
Kora Annca n Fo n cneymmnn pas saxorenn nopocnrt monerky, onn nsmennnn nepnonauantntn nporokon. Cnauana
nr sayman Fo, no nmecro roro, urot orkptrt ero nemenenno, on sannctnaer cnon nr na nncrke ymarn n knaer nncrok n
konnepr. 3arem Annca oxnnxer cnon nr. Hakonen, Annca n Fo ocramr nr Foa ns konnepra n ntuncnxmr cnyuanntn nr.
3ror nr yxe encrnnrentno cnyuaen, nesanncnmo or uecrnocrn nrpammnx. Annca n Fo nonyunnn paorammnn nporokon, c o-
nnantno snaunmax meura kpnnrorpa|on ocymecrnnnact, n nce onn xnnn onro n cuacrnnno.
3rn konneprt ntrnxxr nectma noxoxnmn na blob-oekrt npyuennx nra. Kora Many+nt Fnam (Manuel
Blum) cronknyncx c nponemon nopactnannx "uecrnon" monert no moemy |194], on pemnn ee, ncnontsyx npo-
rokon npyuennx nra:
(1) Annca npyuaer cnyuanntn nr, ncnontsyx nmym ns cxem npyuennx nra, onncannym n pasene 4.9.
(2) Fo saratnaer cnon nr.
(3) Annca packptnaer nr Foy. Fo ntnrptnaer pocok, ecnn on npannntno saraan nr.
B omem cnyuae, nam nyxen nporokon co cneymmnmn cnoncrnamn:
Annca onxna "pocnrt monery" o roro, kak Fo saraaer cnon nr.
Annca ne onxna nmert nosmoxnocrn nsmennrt pesyntrart cnoero pocka, ysnan nr Foa.
V Foa ne onxno trt nosmoxnocrn ysnart pesyntrar pocka nepe rem, kak on cenaer cnoe npenon o-
xenne.
Cymecrnyer neckontko nosmoxnocren ntnonnnrt +ro .
Bpocor ouemm c noouom ououanpaeueuumx qyuruu
Ecnn Annca n Fo oronopxrcx o ononanpannennon |ynknnn, nporokon npocr :
(1) Annca ntnpaer cnyuannoe uncno, x. Ona ntuncnxer vf(x), re f(x) - ononanpannennax |ynknnx.
(2) Annca noctnaer v Foy.
(3) Fo npenonaraer, uro x uerno nnn neuerno, n noctnaer cnoe npenonoxenne Annce.
(4) Ecnn npenonoxenne Foa npannntno, pesyntrarom pocka xnnxercx "open", ecnn nenpannntno - ro "pemka".
Annca oxnnxer pesyntrar pocka monert n noctnaer x Foy.
(5) Fo nponepxer, uro vf(x).
Fesonacnocrt +roro nporokona oecneunnaercx ononanpannennon |ynknnen . Ecnn Annca cmoxer nanrn x n x,
rakne uro x - uerno, a x - neuerno, n vf(x) f(x), ro ona kaxtn pas cmoxer omantnart Foa . Kpome roro, nan-
mentmnn snauamnn nr f(x) onxen trt nekoppennponan c x. B npornnnom cnyuae Fo cmoxer omantnart An n-
cy, no kpannen mepe nnora. Hanpnmep, ecnn f(x) n 75 nponenrax cnyuaen uerna, ecnn x, y Foa yer npenmymecr-
no. (Hnora nanmentmnn snauamnn nr ne xnnxercx nyumnm ntopom nx ncnontsonannx n npnnoxennn, noromy
uro ero ntuncnenne moxer okasartcx cnnmkom npocrtm.)
Bpocor ouemm c noouom rpunmoepaquu c omrpmmmu rumuau
3ror nporokon paoraer kak c kpnnrorpa|nen c orkptrtmn knmuamn, rak n c cnmmerpnunon kpnnrorpa|nen .
Enncrnennoe ycnonne - nepeknmuenne anropnrma. To ecrt :
D E E M E M
K K K K
1 2 1 2
( ( ( ))) ( ) =
B omem cnyuae +ro cnoncrno ne ntnonnxercx nx cnmmerpnuntx anropnrmon, no cnpanennno nx nekoroptx
anropnrmon c orkptrtmn knmuamn (nanpnmep, RSA c nenrnuntmn moynxmn). 3ror nporokon:
(1) H Annca, n Fo cosamr napt orkptrtn knmu/sakptrtn knmu.
(2) Annca cosaer na coomennx, ono nx "opna", a nropoe - nx "pemkn". 3rn coomennx onxnt nknmuart
nekoropym cnyuannym crpoky, urot ona morna nornepnrt nx nonnnnocrt na nocneymmnx +ranax np o-
rokona. Annca mn|pyer oa coomennx cnonm orkptrtm knmuom n noctnaer nx Foy n nponsnontnom n o-
pxke.
E
A
(M
1
), E
A
(M
2
)
(3) Fo, koropte ne moxer npounrart ne ono coomenne, cnyuanntm opasom ntnpaer ono ns nnx. (On m o-
xer nocunrart nx c nomomtm "3nnkn-ennkn enn napennkn", nocnontsonartcx komntmrepom nx nsnoma
nporokont nnn oparnrtcx k ntranke.) On mn|pyer ntpannoe coomenne cnonm orkptrtm knmuom n n o-
ctnaer ero oparno Annce.
E
B
(E
A
(M))
re M - M
1
nnn M
2
.
(4) Annca, koropax ne moxer npounrart nonyuennoe coomenne, pacmn|pontnaer ero cnonm sakptrtm knmuom
n noctnaer oparno Foy.
D
A
(E
B
(E
A
(M))) E
B
(M
1
), ecnn M M
1
, nnn E
B
(M
2
), ecnn M M
2
.
(5) Fo pacmn|pontnaer coomenne cnonm sakptrtm knmuom, packptnax pesyntrar pocka monert, n noctn a-
er pacmn|ponannoe coomenne Annce.
D
B
(E
B
(M
1
)) nnn D
B
(E
B
(M
2
))
(6) Annca unraer pesyntrar pocka monert n nponepxer, uro cnyuannax crpoka npannntna.
(7) Annca n Fo packptnamr napt cnonx knmuen, urot kaxtn ns cropon morna yenrtcx n orcyrcrnnn m o-
mennnuecrna.
3ror nporokon camoocrarouen. hmax cropona moxer nemenenno onapyxnrt momennnuecrno pyron, n ne
rpeyercx rpertx cropona nn nx yuacrnx n nporokone, nn n kauecrne apnrpa nocne sanepmennx nporokona . urot
nocmorpert, kak +ro paoraer, ananre nontraemcx cmomennnuart .
Ecnn ntnrpart, cmomennnuan, xouer Annca, y nee ecrt rpn nosmoxntx nyrn nonnnxrt na pesyntrar. Bo ne p-
ntx, ona moxer samn|ponart na coomennx nx "opna" na +rane (2). Fo onapyxnr +ro, kora Annca packpoer
cnon knmun na +rane (7). Bo nroptx, ona moxer ncnontsonart kakon-ro pyron knmu nx pacmn|pontnannx c o-
omennx na +rane (4). 3ro npnneer k eccmtcnnne, koropym Fo n onapyxnr na +rane (5). B rpertnx, ona moxer
oxnnrt nenpannntntm coomenne na +rane (6). Fo rakxe onapyxnr +ro na +rane (7), kora Annca ne cmoxer
okasart, nenpannntnocrt coomennx. Koneuno, Annca moxer orkasartcx or yuacrnx n nporokone na nmom +rane,
kora xyntnnuecrno Annct craner nx Foa ouennntm.
Ecnn Fo saxouer momennnueckn ntnrpart, ero nonoxenne nnuyrt ne nyume. On moxer nenpannntno samn |-
ponart coomenne na +rane (3), no Annca onapyxnr oman, nsrnxnyn na saknmunrentnoe coomenne na +rane (6).
On moxer saxnnrt, uro nenpannntno ntnonnnn +ran (5) ns-sa kakoro-ro momennnuecrna co cropont Annct, no +ra
|opma xyntnnuecrna nckpoercx na +rane (7) . Hakonen, on moxer nocnart Annca coomenne o "pemke" na +rane
(5), nesanncnmo or pacmn|ponannoro coomennx, no Annca cmoxer nemenenno nponepnrt ocronepnocrt coo -
mennx na +rane (6).
Bpocor ouemm e rouoeu
Hnrepecno ormernrt, uro no ncex +rnx nporokonax Annca n Fo ysnamr pesyntrar pocka ne ononpemenno . B
kaxom nporokone ecrt momenr, kora ona ns cropon (Annca n nepntx nyx nporokonax n Fo n nocnenem) y s-
naer pesyntrar pocka, no ne moxer nsmennrt ero. 3ra cropona moxer, onako, saepxart packptrne pesyntrara
nx nropon cropont. 3ro nastnaercx pocxou uone1 n xonoen. Hpecrantre cee ntcoxmnn konoen. Annca
cronr pxom c kononem, A Fo - nemnoro noantme. Fo pocaer monery, n ona naaer n konoen. Annca moxer
renept sarnxnyrt n konoen n ynnert pesyntrar, no ona ne moxer cnycrnrtcx nnns n nsmennrt ero . Fo ne cmoxer
ynnert pesyntrar, noka Annca ne nosnonnr emy noonrn n sarnxnyrt n konoen .
Ieuepauua rumue c noouom pocra ouemm
Peantntm npnmenennem +roro nporokona cnyxnr renepannx ceanconoro knmua. Hporokont pocka monert n o-
snonxmr Annce n Foy cosart cnyuanntn ceancontn knmu rak, uro nnkro ns nnx ne cmoxer nonnnxrt na ro, k a-
knm yer +ror knmu. Ecnn Annca n Fo samn|pymr cnon coomennx, nponeypa renepannn knmua k romy xe cr a-
ner esonacnon or snoymtmnennnka.
4.11 Mmcnennm nokep
Hporokon, ananornuntn nporokony pocka monert c nomomtm orkptrtx knmuen, nosnonxer Annce n Foy n r-
part pyr c pyrom n nokep no +nekrponnon noure . Annca nmecro cosannx n mn|ponannx nyx coomennn, on o-
ro nx "opna", a pyroro - nx "pemkn", cosaer 52 coomennx M
1
, M
2
, ..., M
52
, no uncny kapr n konoe. Fo cny-
uanntm opasom ntnpaer nxrt ns nnx, mn|pyer cnonm orkptrtm knmuom n noctnaer oparno Annce. Annca
pacmn|pontnaer coomennx n noctnaer nx oparno Foy, koroptn pacmn|pontnaer nx nx onpeenennx cnoen
"pykn". 3arem on cnyuanntm opasom ntnpaer eme nxrt coomennn n, ne nsmenxx nx, noctnaer Annce. Ona
pacmn|pontnaer nx, n +rn coornercrnymmne kaprt cranonxrcx ee "pykon". B reuenne nrpt +ra xe nponeypa
npnmenxercx nx caun nrpokam ononnnrentntx kapr. B konne nrpt Annca n Fo packptnamr cnon kaprt n n a-
pt knmuen, urot kaxtn mor yenrtcx n orcyrcrnnn momennnuecrna .
Mmcueuum norep c mpea ueporau
Hokep nnrepecnee, ecnn n nrpe yuacrnymr neckontko uenonek. Fasontn nporokon mtcnennoro nokepa nerko
moxer trt pacnpocrpanen na rpex n onee nrpokon . B +rom cnyuae kpnnrorpa|nuecknn anropnrm rakxe onxen
trt kommyrarnnntm.
(1) Annca, Fo n n K+pon cosamr napt orkptrtn knmu/sakptrtn knmu.
(2) Annca cosaer 52 coomennx, no onomy nx kaxon kaprt konot. 3rn coomennx onxnt nknmuart n e-
koropym ynnkantnym cnyuannym crpoky, urot Annca morna nponepnrt nx nonnnnocrt na nocneymmnx
+ranax nporokona. Annca mn|pyer nce coomennx cnonm orkptrtm knmuom n noctnaer nx Foy n npon s-
nontnom nopxke.
E
A
(M
n
)
(3) Fo, koroptn ne moxer npounrart ne ono coomenne, cnyuanntm opasom ntnpaer nxrt ns nnx. On mn |-
pyer nx cnonm orkptrtm knmuom n noctnaer oparno Annce.
E
B
(E
A
(M
n
))
(4) Fo ornpannxer K+pon ocranmnecx 47 coomennn.
E
A
(M
n
)
(5) K+pon, koropax ne moxer npounrart ne ono coomenne, cnyuanntm opasom ntnpaer nxrt ns nnx. Ona
mn|pyer nx cnonm orkptrtm knmuom n noctnaer Annce.
E
C
(E
A
(M
n
))
(6) Annca, koropax ne moxer npounrart nn ono ns nonyuenntx coomennn, pacmn|pontnaer nx cnonm sakp t-
rtm knmuom n noctnaer oparno Foy nnn K+pon (n coornercrnnn c rem, or koro ona nx nonyunna).
D
A
(E
B
(E
A
(M
n
))) E
B
(M
n
)
D
A
(E
C
(E
A
(M
n
))) E
C
(M
n
)
(7) Fo n K+pon pacmn|pontnamr coomennx cnonmn knmuamn, urot ysnart cnon kaprt
D
B
(E
B
(M
n
))
D
C
(E
C
(M
n
))
(8) K+pon cnyuanntm opasom ntnpaer nxrt ns ocranmnxcx 42 coomennn n n octnaer Annce.
E
A
(M
n
)
(9) Annca pacmn|pontnaer coomennx, urot ysnart cnon kaprt.
D
A
(E
A
(M
n
))
(10) B konne nrpt Annca, Fo n K+pon packptnamr cnon kaprt n napt knmuen, urot kaxtn mor yenrtcx n
orcyrcrnnn momennnuecrna.
ononnnrentnte kaprt pasamrcx noontm xe opasom. Ecnn kapra nyxna Foy nnn K+pon, nmon ns nnx
eper samn|ponannym konoy n nonropxer nporokon c Anncon, Ecnn kapra nyxna Annce, ro ror, y koro cenuac
naxonrcx samn|ponannax konoa, noctnaer en cnyuannym kapry .
B neane, +ran (10) xnnxercx oxsarentntm. Cnon "pykn" n konne nporokona onxnt orkptnart ne nce nrpokn,
a rontko re, koropte ne cnaconann. Tak kak +ran (10) n nporokon rontko nx konrponx momennnuecrna, nosmoxnt
kakne-nnyt ynyumennx.
B nokepe nnrepecno rontko, ne cmomennnuan nn noenrent . Bce ocrantnte moryr momennnuart ckontko nne-
ser, pas yx onn nce panno nponrptnamr. (B encrnnrentnocrn +ro ne concem nepno. Kro-ro, nponrptnax, moxer
conpart annte o crnne nrpt n nokep pyrnx nrpokon .) Hrak, nsrnxnem na cnyuan ntnrptma pasnnuntx
nrpokon.
Ecnn ntnrptnaer Annca, ona packptnaer cnom "pyky" n cnon knmun. Fo moxer ncnontsonart sakptrtn knmu
Annct nx nponepkn npannntnocrn encrnnn Annct na +rane (2), ro ecrt nponepnrt, uro kaxoe ns 52 coomennn
coornercrnyer orentnon kapre. K+pon moxer nponepnrt, uro Annca ne nxer o cnoen "pyke", mn|pyx kaprt or-
kptrtm knmuom Annct n nponepxx, uro onn coornercrnymr mn|ponanntm coomennxm, koropte ona nocnana
Annce na +rane (8).
Ecnn ntnrptnamr Fo nnn K+pon, noenrent packptnaer cnon kaprt n knmun. Annca moxer yenrtcx n
npannntnocrn kapr, nponepnn cnon cnyuannte crpokn . Ona moxer rakxe yenrtcx, uro cant tnn nmenno +rn
kaprt, mn|pyx nx orkptrtm knmuom noenrenx n nponepxx, uro onn connaamr c samn|ponanntmn coom e-
nnxmn, nonyuenntmn na +ranax (3) nnn (5).
3ror nporokon ne samnmen or cronopa nrpokon-momennnkon. Annca n pyron nrpok moryr oennnrtcx n
esnakasanno nmecre naynart rpertero nrpoka . Cneonarentno, naxno nponepxrt nce knmun n cnyuannte crpokn
kaxtn pas, kora nrpokn packptnamr cnon kaprt. H ecnn nt cnnre sa nnpryantntm cronom c nymx nrpokamn,
koropte nnkora ononpemenno ne packptnamr cnon kaprt, npnuem onn ns nnx caer (n npetymem nporokone
+ro Annca) konuanre nrpy.
Bce +ro kpacnno n reopnn, no peannsonart nce +ro na komntmrepe nectma nenpocro. B peannsannn nx rpex n r-
pokon na rpex pasnnuntx Sparc-crannnxx nocemt uacon rpeyercx rontko nx raconannx konot, rak uro nyume
nonrpart n nacroxmnn nokep |513].
Bcrpmmua mcueuuoeo norepa
Kpnnrorpa|t nokasann, uro npn ncnontsonannn +rnmn nporokonamn nokepa anropnrma c orkptrtmn knmuamn
RSA nponcxonr neontmax yreuka nn|opmannn |453, 573]. Konkperno, ecnn nonunoe npecrannenne kapr xnnx-
ercx knaparnuntm ocrarkom (cm pasen 11.3), ro samn|ponannte kaprt rakxe xnnxmrcx knaparnuntm ocra r-
kom. 3ro cnoncrno moxer trt ncnontsonano nx "kpannennx" nekoroptx kapr - nanpnmep, ncex ryson . 3ro acr
ne mnoro nn|opmannn o cauax, no n rakon nrpe kak nokep axe uyrt-uyrt nn|opmannn acr npenmymecrno npn
nnrentnon nrpe.
Ba|n Ionnaccep (Shafi Goldwasser) n Cnntnnx Mnkann (Silvia Micali) |624] paspaorann nporokon ymcrnen-
noro nokepa nx nyx nrpokon, koroptn pemaer +ry nponemy, xorx ns-sa cnoen cnoxnocrn on ckopee nmeer ron t-
ko reopernueckoe snauenne. Oomenntn nporokon nokepa nx n nrpokon, ycrpanxmmnn nponemy yreukn nn-
|opmannn, tn paspaoran n |389].
Pesyntrart pyrnx nccneonannn nporokonon nrpt n nokep moxno nanrn n |573, 1634, 389]. Vcnoxnenntn
nporokon, nosnonxmmnn nrpokam ne packptnart cnonx "pyk", npnneen n |390]. on Konnepcmnr (Don Copper-
smith) paccmarpnnaer na cnocoa momennnuecrna n ymcrnennom nokepe, ncnontsymmem anropnrm RSA |370].
Auouuuoe pacnpeeueuue rumue
Xorx nenoxoxe, urot kro-nnyt conpancx ncnontsonart +ror nporokon nx nrpt n nokep no moemy ,
uapnts H|nerep (Charles Pfleeger) paccmarpnnaer cnryannm, n koropon +ror rnn nporokona moxer okasartcx n o-
nesntm |1244].
Paccmorpnm nponemy pacnpeenennx knmuen. Ecnn npenonoxnrt, uro nmn ne moryr camn renepnponart
cnon knmun(knmun onxnt nmert onpeenennym |opmy, nnn onxnt trt nonncant nekoropon oprannsannen,
nnn eme uro-nnyt noonoe), ro nx renepannn n pacctnkn knmuen npnercx cosart Henrp pacnpeenennx
knmuen (Key Distribution Center, KDC). Hponema n rom, uro nyxno nanrn rakon cnoco pacnpeenennx knmuen,
uro nnkro, nknmuax cepnep, ne cmoxer nonxrt, komy kakon knmu ocrancx . Cneymmnn nporokon pemaer +ry npo-
nemy:
(1) Annca cosaer napy orkptrtn knmu/sakptrtn knmu. B +rom nporokone ona coxpanxer n cekpere oa knmua.
(2) KDC renepnpyer nenpeptnntn norok knmuen.
(3) KDC mn|pyer knmun, onn sa pyrnm, cnonm orkptrtm knmuom.
(4) KDC nepeaer samn|ponannte knmun, onn sa pyrnm, no cern.
(5) Annca cnyuanntm opasom ntnpaer knmu.
(6) Annca mn|pyer ntpanntn knmu cnonm orkptrtm knmuom.
(7) Annca xer kakoe-ro npemx (ocrarouno ontmoe, urot cepnep ne mor onpeennrt, kakon knmu ona ntp a-
na) n noctnaer naxt samn|ponanntn knmu n KDC.
(8) KDC pacmn|pontnaer naxt samn|ponanntn knmu c nomomtm cnoero sakptroro knmua, nonyuax knmu,
samn|ponanntn orkptrtm knmuom Annct.
(9) Cepnep noctnaer mn|ponanntn knmu oparno Annce.
(10) Annca pacmn|pontnaer knmu c nomomtm cnoero sakptroro knmua.
V naxoxmencx re-ro n cepenne nporokona Ent ner nn manenmero npecrannennx o ntpannom Anncon
knmue. Ona nnnr nenpeptnntn norok knmuen, cosanaemtx na +rane (4). Kora Annca noctnaer knmu cepnepy
na +rane (7), on mn|pyercx ee orkptrtm knmuom, koroptn rakxe nx +roro nporokona xpannrcx n cekpere . Cno-
coa cnxsart +ro coomenne c norokom knmuen y Ent ner . Kora knmu nosnpamaercx Annce cepnepom na +rane
(9), on rakxe samn|ponan orkptrtm knmuom Annct. Knmu cranonnrcx nsnecrntm, rontko kora Annca pacmn |-
pontnaer ero na +rane (10).
Ecnn nt ncnontsyere RSA, n +rom nporokone nponcxonr yreuka nn|opmannn co ckopocrtm, no mentmen mepe,
onn nr na coomenne. Hpnunnon +roro cnona xnnxmrcx knaparnunte ocrarkn . Ecnn nt conpaerect ncnontso-
nart +ror cnoco nx pacnpeenennx knmuen, yenrect, uro +ra yreuka ne npnneer k kaknm-nno nocnecrnnxm.
Kpome roro, norok knmuen, cosanaemtn KDC onxen trt ocrarouno ontmnm, urot npornnocroxrt nckp t-
rnm rpytm nsnomom. Koneuno xe, ecnn Annca ne moxer nepnrt KDC, ro ona ne onxna nontsonartcx ero knm-
uamn. Momennnuammnn KDC moxer npeycmorpnrentno sannctnart nce cosanaemte nm knmun. Tora on cm o-
xer nanrn cpen nnx knmu, ntpanntn Anncon.
3ror nporokon rakxe npenonaraer, uro Annca yer encrnonart uecrno. Hpn ncnontsonannn RSA cymecrny-
er px encrnnn, koropte moxer npenpnnxrt Annca, urot nonyunrt ontme nn|opmannn, uem en yanoct t
npn pyrom meroe mn|ponannx. B namem cnenapnn +ra nponema ne cymecrnenna, no npn pyrnx ocroxrentc r-
nax ona moxer crart naxnon.
4.12 Opnonanpannennme cyuua1opm
Annca xnnxercx unenom oprannsannn "3aronopmnkn" . Hnora en npnxonrcx ncrpeuartcx c pyrnmn unenamn n
nnoxo ocnemenntx pecropanax n menrart cekpert naneno n nanpano . Fea n rom, uro pecropant nacrontko nnoxo
ocnement, uro ona ne moxer trt ynepena, uro uenonek, cnxmnn nanpornn nee sa cronom, roxe unen opranns a-
nnn.
"3aronopmnkn" moryr ntnpart ns neckontknx pemennn . Kaxtn moxer nocnrt c coon cnncok unenon opr a-
nnsannn. 3ro nneuer sa coon ne cneymmnx nponemt. Bo nepntx, renept kaxtn onxen nocnrt c coon
ontmym asy anntx, n, no nroptx, nm npnercx kak cneyer oxpanxrt +ror cnncok unenon . pyrnm cnocoom
xnnxercx ncnontsonanne nenrn|nkannonntx kapr, ntnymenntx naexntm cekperapem . ononnnrentntm npe-
nmymecrnom +roro cnocoa xnnxercx ro, uro n nocroponnne cmoryr nponepxrt unenon oprannsannn (ncxkne cknkn
n mecrnon akanennon nanke), o nx +roro nyxen naexntn cekperapt. Hnkomy ns "saronopmnkon" nentsx one-
pxrt o rakon crenenn.
Hontm pemennem xnnxercx ncnontsonanne ononanpannennoro cyuua1opa |116]. 3ro uro-ro noxoxee na o-
nonanpannennte x+m-|ynknnn, nx koroptx ntnonnxercx rpeonanne kommyrarnnnocrn. To ecrt, moxno x+m n-
ponart ast anntx unenon oprannsannn n nponsnontnom nopxke n nonyuart ono n ro xe snauenne . Fonee roro,
moxno oannxrt nontx unenon n x+m-rannny n nonyuart nonoe x+m-snauenne, cnona ne sanncxmee or nopxka .
Hrak, nor uro enaer Annca. Ona ntnonnxer pacuer, ncnontsyx mnoxecrno ncex nmen unenon oprannsannn, o r-
nnuntx or nee. 3arem ona coxpanxer +ro nonyuennoe snauenne nmecre co cnonm nmenem. Fo n pyrne unent e-
namr ro xe camoe. Tenept, kora Annca n Fo ncrpeuamrcx n nnoxo ocnemennom pecropane, onn npocro omen n-
namrcx pyr c pyrom ntuncnenntmn snauennxmn n nmenamn. Annca yexaercx, uro pesyntrar, nonyuaemtn npn
oannennn nmenn Foa k snauennm Annct, connaaer c pesyntrarom, nonyuaemtm npn oannennn nmenn An n-
ct k snauennm panno snauennm Foa. Fo enaer ro xe camoe. Tenept onn oa snamr, uro coecennk - rakxe
unen oprannsannn. H n ro xe npemx nnkro ne cmoxer onpeennrt nnunocrn pyrnx unenon oprannsannn .
Fonee roro, paccunrannte snauennx kaxoro unena moryr trt ntant nocroponnnm. Tora Annca cmoxer
nornepnrt cnoe unencrno nocroponnemy (nosmoxno, nx unenckon cknkn n y|ere mecrnon konrppasnekn ), ne
nokastnax emy nect cnncok unenon.
Hontx unenon moxno oannrt npocro nocnan no kpyry nonte nmena. K necuacrtm, yannrt unena moxno
rontko enncrnenntm nyrem: ncem unenam pacctnaercx nontn cnncok n onn nepecunrtnamr cnon snauennx . Ho
"saronopmnkam" npnercx ntnonnxrt +ro encrnne rontko npn orcranke koro-ro ns unenon, meprnte unent moryr
ocrartcx n cnncke. (Crpanno, no +ro ne cosaer nponemt.)
3ro pasymnax nex npnmenxercx n pxe npnnoxennn, kora nt xornre ocrnut +||ekra nn|ponon nonncn es
ncnontsonannx nenrpannsonannon cncremt nonncen.
4.13 Packpm1ne cekpe1on "nce nnn nnuero"
Hpecrantre cee, uro Annca - tnmnn arenr tnmero Conerckoro Comsa, a renept espaornax . urot sapa-
orart, ona npoaer cekpert. Kaxtn, rorontn sannarnrt nasnannym neny, moxer kynnrt cekper . V nee axe ecrt
karanor. Bce ee cekpert c annernrntmn nasnannxmn ynopxouent no nomepam : "Ie xnmmn Xo||a?", "Kro
ranno konrponnpyer Tpexcroponnmm komnccnm?", "Houemy Fopnc Entnnn ncera ntrnxnr, kak yro on nporn o-
rnn xnnym nxrymky?", n r..
Annca ne xouer oranart na cekpera no nene onoro n ne nokastnaer axe uacrn nn|opmannn, kacammencx
nmoro ns cekperon. Fo, norennnantntn nokynarent, ne xouer nnarnrt sa kora n memke . On rakxe ne xouer co-
omart Annce, kakne ns cekperon emy nyxnt. 3ro ne ee eno, n, kpome roro, rora Annca cmoxer oannrt n cnon
karanor nynkr "Cekpert, koroptmn nnrepecyercx Fo" .
Hporokon nokepa ne paoraer n +rom cnyuae, rak kak n konne +roro nporokona Annca n Fo onxnt packptrt
cnon kaprt pyr pyry. K romy xe, cymecrnymr rpmkn, c nomomtm koroptx Fo moxer ysnart cpasy neckontko
cekperon.
Pemenne nastnaercx pacxpm1neu cexpe1on "nce nnn nnuero" (all-or-nothing disclosure of secrets, ANDOS)
|246], noromy uro ecnn Fo nonyunn nmym nn|opmannm o nmom ns cekperon Annct, ro on norepxn nosmox-
nocrt ysnart uro-nno eme o pyrnx ee cekperax .
B kpnnrorpa|nueckon nnreparype moxno nanrn pasnnunte nporokont ANDOS. Hekoropte ns nnx ocyxa-
mrcx n pasene 23.9.
4.14 Ycnonnoe npyuenne knmue
Bor orptnok ns nneennx n remy Cnntnno Mnkann |1084]:
Ceronx nocnymnnanne c paspemennx cya xnnxercx +||ekrnnntm meroom oranart npecrynnnkon n pykn npanocynx .
Ho namemy mnennm eme onee naxno, uro +ro rakxe npeornpamaer antnenmee pacnpocrpanenne npecrynnennx, yepxnnax or
ncnontsonannx otuntx ceren cnxsn c nesakonntmn nenxmn . Cneonarentno, cymecrnyer oocnonannoe ecnokoncrno, uro pa c-
npocrpanenne kpnnrorpa|nn c orkptrtmn knmuamn moxer trt na pyky npecrynntm n reppopncrnuecknm oprannsannxm . en-
crnnrentno, no mnornx sakonax npenonaraercx, uro coornercrnymmne npannrentcrnennte neomcrna npn onpeenenntx ycn o-
nnxx, oronopenntx sakonom, onxnt nmert nosmoxnocrt nonyunrt orkptrtn rekcr nmoro omena nn|opmannen no omeo c-
rynntm cerxm. B nacroxmee npemx many +ro moxer trt rpakronartcx, kak rpeonanne k sakononocnymntm rpaxanam nno
(1) ucno.isoeami c.aoie rpunmocucme+i - r.e., kpnnrocncremt, koropte coornercrnymmne nnacrn (a rakxe kro yrono!) cm o-
ryr nckptrt c nomomtm ymepenntx ycnnnn, nnn (2) sapanee coooami ceou cerpemi nnacrxm. He ynnnrentno, uro rakax ant-
repnarnna sakonno ncrpenoxnna mnornx sannrepeconanntx rpaxan, cosanax n pesyntrare mnenne, uro ranna nnunocrn on x-
na croxrt na nannonantnon esonacnocrtm n ornpannennem sakona .
Vcnonnoe npyuenne knmuen xnnxercx cyrtm nponnraemtx npannrentcrnom CBA nporpammt Clipper n Cran-
apra ycnonnoro mn|ponannx (Escrowed Encryption Standard). Hponema n rom, urot n oecneunrt ranny nnuno-
crn, n n ro xe npemx nosnonnrt paspemennoe cyom nocnymnnanne .
Escrowed Encryption Standard oecneunnaer esonacnocrt c nomomtm samnmennoro oopyonannx . V kaxon
mnkpocxemt mn|ponannx ynnkantntn nenrn|nkannonntn nomep ( ID) n cekperntn knmu. 3ror knmu ennrcx na
ne uacrn n xpannrcx, nmecre c ID, nymx pasnnuntmn oprannsannxmn ycnonnoro npyuennx . Bcxknn pas, kora
mnkpocxema mn|pyer |ann anntx, ona cnauana mn|pyer ceancontn knmu ynnkantntm cekperntm knmuom. 3 a-
rem ona nepeaer samn|ponanntn ceancontn knmu n cnon ID no kanany cnxsn. Kora npanooxpannrentnte opra-
nt xorxr pacmn|ponart norok nn|opmannn, samn|ponannon onon ns +rnx mnkpocxem, onn nsnnekamr ns noroka
ID, nonyuamr coornercrnymmne knmun ns oprannsannn ycnonnoro npyuennx, oennxmr nx c nomomtm onepannn
XOR, pacmn|pontnamr ceancontn knmu n sarem ncnontsymr ero nx emn|pnponannx noroka coomennn . nx
samnrt or momennnkon n +ry cxemy nneent ononnnrentnte ycnoxnennx, nopono onncannte n pasene 24.16.
Ananornunax cxema moxer trt peannsonana n nporpammno c ncnontsonannem kpnnrorpa|nn c orkptrtmn kn m-
uamn |77, 1579, 1580, 1581].
Mnkann nastnaer cnom nem uec1non xpnn1ocnc1euon |1084,10851. (Ionopxr, uro npannrentcrno CBA sa-
nnarnno Mnkann $1000000 sa ncnontsonanne ero narenron |1086, 1087] n cnoem cranapre Escrowed Encryption
Standard, sarem narenr Mnkann kynnn Fankoncknn rpecr.) B raknx kpnnrocncremax sakptrtn knmu ennrcx na
uacrn n pacnpeenxercx cpen pasnnuntx oprannsannn . Kak n cxema c conmecrntm ncnontsonannem cekpera, +rn
oprannsannn moryr oennnrtcx n noccranonnrt sakptrtn knmu. Onako, uacrn knmua onaamr ononnnren t-
ntm cnoncrnom - nx npannntnocrt moxer trt nponepena nesanncnmo es noccranonnennx sakptroro knmua .
Annca moxer cosart cnon cocrnenntn sakptrtn knmu n pacnpeennrt ero uacrn cpen n onepnrentntx
cocrnennnkon. Hn onn ns nnx ne moxer noccranonnrt sakptrtn knmu Annct. Onako kaxtn moxer npon e-
pnrt, uro ero uacrt - +ro npannntnax uacrt sakptroro knmua. Annca ne moxer nocnart komy-ro ns onepnrentntx
cocrnennnkon crpoky cnyuanntx nron n naexrtcx ynnsnyrt. Ecnn cyente nnacrn paspemar nocnymnnanne,
coornercrnymmne npanooxpannrentnte oprant cmoryr nocnontsonartcx nocranonnennem cya nx roro, urot n
onepnrentntx cocrnennnkon ntann cnon uacrn . Copan nce n uacren, nnacrn noccranonxr sakptrtn knmu n
cmoryr nocnymnnart nnnnn cnxsn Annct. C pyron cropont, urot nonyunrt nosmoxnocrt noccranonnrt knmu
Annct n napymnrt ee ranny nnunocrn, M+nnopn npnercx kynnrt ncex n onepnrentntx cocrnennnkon.
Bor kak paoraer +ror nporokon:
(1) Annca cosaer napy sakptrtn knmu/orkptrtn knmu. Ona pasnnaer sakptrtn knmu na neckontko orkp t-
rtx n sakptrtx uacren.
(2) Annca noctnaer orkptrym uacrt n coornercrnymmym sakptrym uacrt kaxomy ns onepnrentntx coc r-
nennnkon. 3rn coomennx onxnt trt samn|ponant. Ona rakxe noctnaer orkptrtn knmu n KDC.
(3) Kaxtn ns onepnrentntx cocrnennnkon nesanncnmo ntnonnxer ntuncnennx na cnonmn sakptron n o r-
kptron uacrxmn, urot yenrtcx n nx npannntnocrn. Kaxtn onepnrentntn cocrnennnk xpannr sakp t-
rym uacrt n kakom-nnyt naexnom mecre n ornpannxer orkptrym uacrt n KDC.
(4) KDC ntnonnxer nnoe ntuncnenne nx orkptrtx uacren n orkptroro knmua. Vennmnct, uro nce npannn t-
no, on nonnctnaer nynnuntn knmu n ornpannxer ero oparno Annce nnn nomemaer n kakym-nnyt asy
anntx.
Hpn nannunn nocranonnennx cya o nocnymnnannn kaxtn ns onepnrentntx cocrnennnkon nepeaer cnom
uacrt n KDC, n KDC nonyuaer nosmoxnocrt noccranonnrt sakptrtn knmu . o +ron nepeaun nn KDC, nn kro-
nno ns onepnrentntx cocrnennnkon ne moxer camocroxrentno noccranonnrt sakptrtn knmu, nx noccrano n-
nennx knmua nyxnt nce onepnrentnte cocrnennnkn .
hmon anropnrm c orkptrtmn knmuamn moxno cenart "uecrntm" noontm opasom . Px konkperntx anro-
pnrmon paccmarpnnaercx n pasene 23.10. B paorax Mnkann |1084, 1085] ocyxamrcx nyrn oennennx onn-
cannoro c noporonon cxemon, urot nx noccranonnennx sakptroro knmua rpeonanoct nekoropoe nomnoxecrno
onepnrentntx cocrnennnkon (nanpnmep, rpoe ns nxrn). On rakxe nokastnaer, kak oennnrt +ro c paccexnnon
nepeauen (cm. pasen 5.5) rak, urot onepnrentnte cocrnennnkn ne snann, uen sakptrtn knmu noccranann n-
naercx.
"uecrnte" kpnnrocncremt neconepmennt. Hpecrynnnk moxer ncnontsonart rakym cncremy, npnmenxx noco s-
narentntn kanan (cm. pasen 4.2.), urot ncrannrt pyron cekperntn knmu n cnom nn|opmannm. Taknm opasom
on moxer esonacno omennnartcx nn|opmannen c kem-nnyt eme, ncnontsyx nocosnarentntn knmu n cone p-
menno ne nonnyxct no nonoy paspemennoro cyom nocnymnnannx . annax nponema pemaercx pyrnm nporoko-
nom, koroptn nastnaercx o1xasoyc1onunnmu ycnonnmu npyuenneu xnmuen|946, 833]. 3ror anropnrm n npo-
rokon onnctnaercx n pasene 23.10.
Houumura ycuoeuoeo epyueuua rumue
Homnmo npannrentcrnenntx nnanon ornocnrentno ycnonnoro npyuennx knmuen pacnpocrpanxmrcx n komme p-
ueckne cncremt c ycnonntm npyuennem knmuen. Bosnnkaer ouennntn nonpoc: kakoe npenmymecrno or ycnonnoro
npyuennx knmuen nonyuaer nontsonarent?
Hy, na camom ene nnkakoro. Hontsonarent ne nonyuaer or ycnonnoro npyuennx knmuen nnuero rakoro, uero on
n cam ne cmor t oecneunrt. On n cam moxer cosart pesepnnym konnm knmuen, ecnn saxouer (cm. pasen 8.8).
Vcnonnoe npyuenne knmuen rapanrnpyer, uro nonnnnx cmoxer nocnymnnart ero pasronopt nnn unrart |annt
anntx, axe kora onn mn|ponant. Ono rapanrnpyer, uro NSA cmoxer nocnymnnart ero mexynaponte
snonkn - es ncxkoro opepa - xorx onn n mn|ponant. Moxer emy yer paspemeno ncnontsonart rakym kpnnr o-
rpa|nm c remn crpanamn, nx koroptx cenuac ycranonnent sanpert, no +ro comnnrentnoe npenmymecrno .
Heocrarkn ycnonnoro npyuennx knmuen nectma omyrnmt. Hontsonarenm npnxonrcx nepnrt n esonacnocrt
encrnnx oprannsannn, sanxrtx ycnonntm npyuennem knmuen rakxe, kak n n uecrnocrt sanxrtx +rnm nmen . Emy
npnercx nepnrt, uro nonnrnka coornercrnymmnx oprannsannn ocranercx nensmennon, npannrentcrno ne nomenxer
sakont, n re, kro nmeer nonnomounx nckptrt ero knmu, yyr enart +ro no sakony n c nonnon ornercrnennocrtm .
Boopasnre nanaenne reppopncron na Htm-Hopk, kakne t orpannuennx ne tnn t cmerent nonnnnen, urot
ocranonnrt nocnecrnnx?
Tpyno npecrannrt cee, uro +rn ycnonnte cxemt mn|ponannx, kak ronopxr nx samnrnnkn, yyr ncnonts o-
nartcx es npnnyxennx nsnne. Cneymmnm ouennntm marom yer sanper na ncnontsonanne ncex pyrnx cn o-
coon mn|ponannx. 3ro, nepoxrno, enncrnenntn cnoco onrtcx kommepueckoro ycnexa +ron cncremt, n +ro,
onpeenenno, enncrnenntn cnoco sacrannrt rexnnueckn rpamorntx npecrynnnkon n reppopncron ncnontsonart
ee. Hoka ne xcno, nackontko rpyno yer oxnnrt ne-ycnonnym kpnnrorpa|nm nne sakona, nnn kak +ro nonnnxer
na kpnnrorpa|nm kak na akaemnueckym ncnnnnnny . Kak x mory nccneonart nporpammno opnenrnponannte
anropnrmt kpnnrorpa|nn, ne nmex ocryna k nporpammnomy oecneuennm ycrponcrn ne-ycnonnoro mn|ponannx,
nyxna nn mne yer cnennantnax nnnensnx?
H pyrne sakonnte nonpoct. Kak ycnonno npyuennte knmun nonnnxmr na ornercrnennocrt nontsonarenen,
onxna nn cranonnrtcx nsnecrnon samn|ponannax nn|opmannx ? Ecnn npannrentcrno CBA ntraercx samnrnrt
oprant ycnonnoro npyuennx, ne yer nn +ro kocnenntm cnnerentcrnom roro, uro ecnn cekper ckomnpomernponan
nno nontsonarenem, nno opranamn ycnonnoro npyuennx, ro nnnonnnkom yer npnsnan nontson arent?
uro ecnn asa anntx rnannon cnyxt ycnonnoro npyuennx knmuen, nce panno rocyapcrnennon nnn komme p-
ueckon, yer ykpaena? uro, ecnn npannrentcrno CBA nontraercx nenaonro ckptrt +ror |akr ? cno, uro nce
+rn nonpoct nonnnxmr na xenanne nontsonarenen nontsonartcx ycnonntm npyuennem knmuen . Ecnn ncnontsona-
nne ne yer oponontntm, ro napa ckananon ntsoner pocr nonnrnueckoro annennx c nentm nno cenart n c-
nontsonanne noontx cncrem oponontntm, nno nnecrn nonte cnoxnte npannna n +ron orpacnn .
Eme onee onacntm yer ckanan, kora ntxcnnrcx, uro roamn no nanmennem naxonncx nonnrnuecknn
onnonenr rekymen amnnncrpannn nnn neknn rpomkoronoctn kpnrnk cnencnyx n nonnnencknx neomcrn . 3ro
cnntno nacrponr omecrnennoe mnenne npornn ycnonnoro mn|ponannx .
Ecnn knmun nonncen yyr mn|ponartcx rem xe cnocoom, uro n knmun mn|ponannx, nosnnknyr ononn n-
rentnte momenrt. onycrnmo nn nx nnacren ncnontsonart knmun nonncen nx nponeennx onepannn npornn
noospenaemoro npecrynnnka? Fyer nn npnsnana cyom nonnnnocrt nonncen, ocnonanntx na knmuax c ycno n-
ntm npyuennem? uem n encrnnrentnocrn yyr nnaert nontsonarenn, ecnn nnacrn encrnnrentno ncnontsymr nx
knmun nontsonarenen nx nonncn kakoro-ro nentronoro konrpakra, nx noepxkn onpeenenntx orpacnen
npomtmnennocrn, nnn npocro, urot ykpacrt entrn ?
Inoantnoe pacnpocrpanenne kpnnrorpa|nn poxaer ononnnrentnte nonpoct. Fyyr nn cxemt ycnonnoro
npyuennx knmuen conmecrnmt n pasnnuntx crpanax ? 3axorxr nn rpancnannonantnte kopnopannn cmnpnrtcx c
cymecrnonannem n kaxon crpane cnonx ycnonno npyuenntx knmuen, conmecrnmtx c pasnnuntm mecrntm sak o-
noarentcrnom? Fes oecneuennx conmecrnmocrn ncuesaer ono ns nponarannpyemtx npenmymecrn cxemt c y c-
nonntm npyuennem knmuen (mexynaponoe ncnontsonanne momntx cpecrn kpnnrorpa|nn) .
uro ecnn px crpan ne npnmer na nepy naexnocrt oprannsannn, cnxsanntx c ycnonntm npyuennem knmuen?
Kak yyr nontsonarenn necrn cnon ena n +rnx crpanax ? Fyyr nn npnsnant cyamn nx +nekrponnte konrpakrt,
nnn ror |akr, uro knmun nx nonncen ycnonno xpanxrcx n CBA, nosnonnr nm yrnepxart re-nnyt n Bnenn a-
pnn, uro +ror +nekrponntn konrpakr mor nonncart kro-ro pyron ? Hnn nx nmen, koropte neyr ena n noo-
ntx crpanax, yyr cnennantnte ncknmuennx?
A uro enart c npomtmnenntm mnnonaxem? Ie rapanrnn, uro crpant, sannmammnecx cenuac npomtmne n-
ntm mnnonaxem nx cnonx naxnenmnx nnn rocyapcrnenntx npenpnxrnx, ne nocnontsymrcx nx +roro cncr e-
mamn c ycnonntm npyuennem knmuen? B camom ene, rak kak nn ona crpana ne conpaercx nosnonxrt pyrnm
crpanam cnenrt sa cnonmn pasnetnarentntmn onepannxmn, pacnpocrpanenne ycnonnoro mn|ponannx nosmoxno
npnneer k ynennuennm nocnymnnannx.
axe ecnn crpant, n koroptx conmamrcx rpaxanckne npana, yyr ncnontsonart ycnonnocrt rakoro mn |-
ponannx rontko nx sakonnoro npecneonannx npecrynnnkon n reppopncron, re-nnyt +rnm oxsarentno no c-
nontsymrcx nx ntcnexnnannx nccnenron, manraxa nonnrnuecknx onnonenron, n r.n. Hn|ponte nnnnn cnxsn
npeocrannxmr nosmoxnocrt ropaso onee rmarentno, uem +ro tno nosmoxno n ananoronom mnpe, konrponnp o-
nart encrnnx rpaxan, nx mnennx, Digital communications offer the opportunity to do a much more thorough lob of
monitoring citizens' actions, opinions, oxot n oennennx.
He xcno, ne yer nn uepes 20 ner npoaxa cncremt c ycnonntm npyuennem knmuen Typnnn nnn Knram nox o-
nrt na npoaxy +nekrpnuecknx ynnok Rxnon A|pnke n 1970 roy nnn na crponrentcrno xnmnueckoro sanoa
n Hpake n 1980 roy. axe xyxe, nerkoe n nesamernoe nocnymnnanne nnnnn cnxsn moxer nckycnrt mnorne np a-
nnrentcrna, koropte pantme, nosmoxno, +rnm n ne sannmannct, cnenrt sa koppecnonennnen cnonx rpaxan . H
ner rapanrnn, uro nnepantnte emokparnn ycroxr nepe noontm nckymennem .
Fnana 5
Pasnn1me npo1okonm
5.1 okasa1enuc1na c nynenmu snanneu
A nor pyrax ncropnx:
Annca: " snam napont komntmrepa ueepantnon Pesepnnon Cncremt, komnonenrt cekpernoro coyca Makonantc n oe p-
xanne 4-ro roma onanta Knyra".
Fo: "Her, rt ne snaemt".
Annca: "Her, x snam".
Fo: "He snaemt".
Annca: "Her, snam".
Fo: "okaxn".
Annca: "Xopomo, x ckaxy ree". Ona menuer Foy na yxo.
Fo: "3ro nnrepecno. Tenept x roxe +ro snam n conpamct pacckasart +ro nce Bauuuemou Hocm".
Annca: "Oooon".
K necuacrtm, otuno Annca moxer okasart uro-nnyt Foy, rontko pacckasan emy nce. Ho rora on roxe
nonyunr nce cneennx. 3arem Fo moxer ntnoxnrt nonyuennte cneennx komy yrono, n Annca nnuero ne cmoxer
c +rnm noenart. (B nnreparype nx onncannx +rnx nporokonon uacro ncnontsymrcx pasnnunte nepconaxn . Herrn
otuno okastnaer, a Bnkrop nponepxer. Hmenno +rn nmena noxnnxmrcx n ncnontsyemtx npnmepax nmecro An n-
ct n Foa.)
Hcnontsyx ononanpannennte |ynknnn, Herrn cmoxer nponecrn oxasa1ennc1no c nynenmu snanneu |626].
3ror nporokon okastnaer Bnkropy, uro y Herrn encrnnrentno ecrt nn|opmannx, no ne aer Bnkropy ne mane n-
men nosmoxnocrn ysnart, uro +ro sa nn|opmannx .
3rn okasarentcrna npnnnmamr |opmy nnrepakrnnnoro nporokona. Bnkrop saaer Herrn px nonpocon. Ecnn
Herrn snaer cekper, ro ona ornernr na nce nonpoct npannntno. Ecnn cekper en nensnecren, y nee ecrt nekoropax
nepoxrnocrt - 50 nponenron n cneymmnx npnmepax - ornernrt npannntno . Hocne npnmepno 10 nonpocon Bnkrop
yenrcx, uro Herrn snaer cekper. Ho nn onn ns nonpocon nnn orneron ne acr Bnkropy nn manenmnx cneennn
o nn|opmannn Herrn, no okaxer snanne Herrn +ron nn|opmannn .
Basoem npomorou c uyueem suauue
+an-+ak Knckarep (Jean-Jacques Quisquater) n hyn Inny (Louis Guillou) noxcnxmr nynenoe snanne ncropnen o
nemepe |1281]. V nemept, nokasannon na 4-n, ecrt cekper. Tor, kro snaer nonmente cnona moxer orkptrt n o-
rannym nept mexy C n D. nx ncex ocrantntx oa npoxoa neyr n rynnk .
+ ,
*
A
Pnc. 5-1. Hemepa nynenoro snannu
Herrn snaer cekper nemept. Ona xouer okasart cnoe snanne Bnkropy, no ne xouer packptnart nonmentx
cnon. Bor kak ona yexaer ero:
(1) Bnkrop naxonrcx n rouke A.
(2) Herrn npoxonr nect nyrt no nemepe, nno o roukn C, nno o roukn D.
(3) Hocne roro, kak Herrn ncuesner n nemepe, Bnkrop nepexonr n rouky B.
(4) Bnkrop kpnunr Herrn, cnpamnnax ee nno o:
(a) nnn ntnrn ns nenoro npoxoa
(b) ntnrn ns npanoro npoxoa.
(5) Herrn ncnonnxer ero npocty, npn neoxonmocrn ncnontsyx nonmente cnona, urot ornepert nept.
(6) Herrn n Bnkrop nonropxmr +rant (1) - (5) n pas.
Hpenonoxnm, uro y Bnkropa ecrt nneokamepa, n on sannctnaer nce, uro nnnr . On sannctnaer, kak Herrn
ncuesaer n nemepe, sannctnaer, kak on cam kpnunr, ykastnax, re Herrn onxna noxnnrtcx, sannctnaer kak Herrn
noxnnxercx. On sannctnaer nce n recron. Ecnn on nokaxer +ry nneosannct K+pon, nonepnr nn ona, uro Herrn sn a-
er nonmente cnona, ornnpammne nept? Her. A uro ecnn Herrn n Bnkrop sapanee oronopnnnct, uro Bnkrop
yer kpnuart, a Herrn yer enart nn, uro ona npomna nect nyrt. Tora ona yer kaxtn pas ntxonrt ns
ykasannoro Bnkropom mecra, ne snax nonmentx cnon. Hnn onn mornn cenart no pyromy. Herrn nxonr n onn
ns npoxoon n Bnkrop cnyuanntm opasom ntkpnknnaer cnon npoctt . Ecnn Bnkrop yratnaer npannntno, xo-
pomo, ecnn ner - onn ntpexyr +ry nontrky ns nneosanncn . B nmom cnyuae Bnkrop moxer nonyunrt nneosa-
nnct, nokastnammym n rounocrn ry nocneonarentnocrt, koropax nonyunnact t, ecnn t Herrn snana nonme -
nte cnona.
3ror ontr nokastnaer ne nemn. Bo nepntx, Bnkrop ne moxer yenrt rpertm cropony n npannntnocrn ok a-
sarentcrna. H no nroptx, anntn nporokon xnnxercx nporokonom c nynentm snannem . Ecnn Herrn ne snaer non-
mentx cnon, ro ouennno, uro Bnkrop ne ysnaer nnuero ns npocmorpa nneosanncn . Ho rak kak ner cnocoa or-
nnunrt peantnym nneosannct or noenannon, ro Bnkrop ne moxer nnuero ysnart ns peantnoro okasarentcrna -
+ro n ecrt nynenoe snanne.
Meronka, ncnontsyemax n +rom nporokone, nastnaercx paspesa1n n nmpa1n ns-sa roro, uro ona noxox na
knaccnuecknn nporokon uecrnoro enennx uero-nno :
(1) Annca ennr nekym nemt nononam.
(2) Fo ntnpaer ony ns nononnn cee.
(3) Annca sanpaer ocranmymcx nononnny.
B nnrepecax Annct uecrno pasennrt na +rane (1), noromy uro Fo nteper na +rane (2) ry nononnny, koropax
emy ontme npannrcx. Mankn Pann (Michael Rabin) nepntm ncnontsonan n kpnnrorpa|nn rexnnky "paspesart n
ntpart" |1282]. Honxrnx nn1epax1nnnoro npo1oxona n nynenoro snannx tnn |opmannsonant nosxe |626,
627].
Hporokon "paspesart n ntpart" paoraer, noromy uro Herrn ne moxer neckontko pas nopx yratnart, ork y-
a Bnkrop nonpocnr ee ntnrn. Ecnn Herrn ne snaer cekpera, on moxer ntnrn rontko ns roro npoxoa, n koroptn
ona samna. B kaxom paynenporokona ee nepoxrnocrt (nnora nastnaemax axxpen1annen) yraart, c kakon
cropont Bnkrop nonpocnr ee ntnrn, cocrannxer 50 nponenron , no+romy ee nepoxrnocrt omanyrt Bnkropa rakxe
panna 50 nponenram. Bepoxrnocrt omanyrt ero n nyx paynax cocrannr 25 nponenron , a no ncex n paynax -
onn manc ns 2
n
. Hocne 16 paynon y Herrn 1 manc ns 65536 omanyrt Bnkropa. Bnkrop moxer ynepenno npeno-
noxnrt, uro ecnn nce 16 okasarentcrn Herrn npannntnt, ro ona encrnnrentno snaer rannte cnona, orkptna m-
mne nept mexy roukamn C n D. (Ananornx c nemepon neconepmenna. Herrn moxer npocro nxonrt c onon cro-
pont n ntxonrt c pyron, nporokon "paspesart n ntpart" ne nyxen . Onako, on neoxonm c nx nynenoro sna-
nnx c maremarnueckon roukn spennx.)
Hpenonoxnm, uro Herrn nsnecrna nekoropax nn|opmannx, koropax xnnxercx pemennem rpynon nponemt .
Fasontn nporokon nynenoro snannx cocronr ns neckontknx paynon .
(1) Herrn ncnontsyer cnom nn|opmannm n cnyuannoe uncno nx npeopasonannx onon rpynon nponemt n
pyrym, nsomop|nym opnrnnantnon nponeme . 3arem ona ncnontsyer cnom nn|opmannm n cnyuannoe uncno
nx pemennx nonon rpynon nponemt.
(2) Herrn npyuaer pemenne nonon nponemt, ncnontsyx cxemy npyuennx nra.
(3) Herrn packptnaer Bnkropy nontn +ksemnnxp nponemt. Bnkrop ne moxer ncnontsonart +ry nonym npon e-
my nx nonyuennx nn|opmannn o nepnonauantnon nponeme nnn ee pemennn.
(4) Bnkrop npocnr Herrn nno
(a) okasart emy, uro nonax n crapax nponema nsomop|nt (r.e., na pasnnuntx pemennx nx nyx cn x-
sanntx nponem), nno
(b) orkptrt pemenne, nonyuennoe na +rane (2) n okasart, uro +ro pemenne nonon nponemt.
(5) Herrn ncnonnxer ero npocty.
(6) Herrn n Bnkrop nonropxmr +rant (1) - (5) n pas.
Homnnre nneokamepy n nporokone nx nemept? 3ect nt moxere cenart ro xe camoe . Bnkrop moxer sann-
cart omen mexy nnm n Herrn. On ne cmoxer ncnontsonart +ry sannct nx yexennx K+pon, no on ncera m o-
xer cronopnrtcx c Herrn c nentm cosart nmnrarop, koroptn noentnaer nn|opmannm Herrn . 3ror aprymenr
moxer trt ncnontsonan, urot okasart, uro ncnontsyercx okasarentcrno c nynentm snannem .
Maremarnueckax ocnona okasarentcrna +roro rnna cnoxna. Hponemt n cnyuannoe npeopasonanne onxnt
ntnpartcx ocropoxno, urot Bnkrop ne nonyunn nnkakon nn|opmannn o pemennn opnrnnantnon nponemt,
axe nocne mnornx nonropennn nporokona . He nce rpynte nponemt moxno ncnontsonart nx okasarentcrn c
nynentm snannem, no ontmnncrno ns nnx.
Hsoopqus epaqa
Oxcnenne +roro nonxrnx, npnmemero ns reopnn rpa|on |619, 622], moxer sanxrt nekoropoe npemx. Ipa|
npecrannxer coon cert nnnnn ,coennxmmnx pasnnunte roukn. Ecnn na rpa|a nenrnunt no ncem, kpome nmen
rouek, onn nastnamrcx nsouopqnmun. nx ouent ontmnx rpa|on okasarentcrno nx nsomop|nocrn moxer n o-
rpeonart nekon komntmrepnoro npemenn, +ro ona ns rak nastnaemtx NP-nonnmx nponem, paccmarpnnaemtx n
pasene 11.1.
Hpenonoxnm, uro Herrn snaer o nsomop|nocrn nyx rpa|on , G
1
n G
2
. Cneymmnn nporokon okaxer Bnk-
ropy snanne Herrn:
(1) Herrn cnyuanntm opasom racyer G
1
, nonyuax pyron rpa|, H, koroptn nsomop|en G
1
. Tak kak Herrn snaer
o nsomop|nsme H n G
1
, ro en rakxe nsnecren nsomop|nsm mexy H n G
2
. nx nmoro pyroro nonck nso-
mop|nsma mexy H n G
1
nnn H n G
2
xnnxercx rakon xe rpynon saauen, kak n nonck nsomop|nsma mexy
G
1
n G
2
.
(2) Herrn noctnaer H Bnkropy.
(3) Bnkrop npocnr Herrn nno
(a) okasart, uro H n G
1
nsomop|nt, nno
(b) okasart, uro H n G
2
nsomop|nt.
(4) Herrn ncnonnxer ero npocty. Ona nno:
(a) okastnaer, uro H n G
1
nsomop|nt, ne okastnax, uro H n G
2
nsomop|nt, nno
(b) okastnaer, uro H n G
2
nsomop|nt, ne okastnax, uro H n G
1
nsomop|nt.
(5) Herrn n Bnkrop nonropxmr +rant (1) - (4) n pas.
Ecnn Herrn ne snaer o nsomop|nsme mexy G
1
n G
2
, ona ne cmoxer cosart rpa| H, nsomop|ntn oonm rpa-
|am. Ona moxer cosart nno rpa|, koroptn nsomop|en G
1
, nno rpa|, koroptn nsomop|en G
2
. Kak n n npet-
ymem npnmepe y nee rontko 50 mancon ns 100 yraart, kakoe okasarentcrno norpeyer or nee Bnkrop na +rane
(3).
3ror nporokon ne aer Bnkropy nnkakon nonesnon nn|opmannn, nomorammen emy ns orneron Herrn ycran o-
nnrt nsomop|nsm mexy G
1
n G
2
. Tak kak Herrn nx kaxoro nonoro payna nporokona renepnpyer nontn rpa| H,
Bnkrop ne cmoxer nonyunrt nn|opmannm nesanncnmo or roro, ns ckontknx paynon yer cocroxrt nx nporokon .
On ne cmoxer ns orneron Herrn ycranonnrt nsomop|nsm mexy G
1
n G
2
.
B kaxom payne Bnkrop nonyuaer nonoe cnyuannoe npeopasonanne H, nmecre c nsomop|nsmom mexy H n G
1
nnn G
2
. Bnkrop moxer rakxe cosart uro-ro noonoe camocroxrentno. Tak kak Bnkrop moxer cosart nmnrannm
nporokona, +ro encrnnrentno okasarentcrno c nynentm snannem .
Iauuomouoem uurum
Bapnanr +roro npnmepa tn nnepnte npecrannen Many+nem Fnmmom ( Manuel Blum) |196]. Herrn snaer
kpyxnon, npoonxnrentntn nyrt nont nnnnn rpa|a, koroptn npoxonr uepes kaxym rouky rontko onn pas .
3ror nyrt nastnaercx raunnn1ononmu nnxnou. Honck ramnntronona nnkna xnnxercx pyron rxxenon saauen .
V Herrn ecrt +ra nn|opmannx - ona, nosmoxno, nonyunna ee cosan rpa| c konkperntm ramnntronontm nnknom -
n ona xouer okasart Bnkropy, uro +ra nn|opmannx en nsnecrna .
Herrn snaer ramnntronon nnkn rpa|a, G. Bnkropy nsnecren G, no ne ero ramnntronon nnkn. Herrn xouer oka-
sart Bnkropy, uro ona snaer ramnntronon nnkn, ne packptnax camoro nnkna . Bor kak ona onxna encrnonart:
(1) Herrn cnyuanntm opasom npeopasontnaer G. Ona nepennraer roukn n nsmenxer nx merkn, cosanax n o-
ntn rpa|, H. Hockontky G n H rononornueckn nsomop|nt (r.e., +ro onn n ror xe rpa|), ecnn en nsnecren
ramnntronon nnkn G, ro ona nerko moxer nanrn ramnntronon nnkn H. Ecnn ona ne cama cosaer H, onpee-
nenne nsomop|nsma mexy nymx rpa|amn yer xnnxrtcx pyron cnoxnon nponemon, pemenne koropon
rakxe norpeyer nekon komntmrepnoro npemenn. 3arem ona mn|pyer H, nonyuax H. (onxno ncnontsonart-
cx nepoxrnocrnoe mn|ponanne kaxon crpoukn H, ro ecrt, mn|ponanntn 0 nnn mn|ponannax 1 nx kaxon
nnnnn H.)
(2) Herrn nepeaer Bnkropy konnm H.
(3) Bnkrop npocnr Herrn nno:
(a) okasart emy, uro H - +ro samn|ponannax nsomop|nax konnx G, nno
(b) nokasart emy ramnntronon nnkn nx H.
(4) Herrn ncnonnxer ero npocty. Ona nno:
(a) okastnaer, uro H - +ro samn|ponannax nsomop|nax konnx G, packptnax npeopasonannx n pacmn|-
pontnax nce, ne nokastnax ramnntronon nnkn nx G nnn H, nno
(b) nokastnaer ramnntronon nnkn nx H, pacmn|pontnax rontko re crpokn, koropte opasymr ramnn t-
ronon nnkn, ne okastnax, uro H n G rononornueckn
nsomop|nt.
(5) Herrn n Bnkrop nonropxmr +rant (1) - (4) n pas.
Ecnn Herrn ne omantnaer, ona cmoxer npexnnrt Bnkropy ono ns okasarentcrn na +rane (3) . Onako, ecnn
ramnntronon nnkn nx G en nensnecren, ona ne cmoxer cosart samn|ponanntn rpa| H, koroptn yonnernopxer
oonm okasarentcrnam. hyumee, uro ona moxer cenart - +ro cosart nnn rpa|, nsomop|ntn G, nnn rpa| c ra-
knm xe uncnom rouek n nnnnn n npannntntm ramnntronontm nnknom . Xorx ee manct yraart, kakoe okasarent-
crno norpeyer Bnkrop na +rane (3), cocrannxmr 50 nponenron, Bnkrop moxer nonropnrt nporokon ocrarounoe
uncno pas, yexaxct, uro Herrn snaer ramnntronon nnkn nx G.
Hapauueuoume orasameuocmea c uyueem suauue
B asonom nporokone c nynentm snannem ncnontsyercx n omenon nn|opmannen mexy Herrn n Bnkropom.
Houemy t ne ntnonnnrt nx napannentno:
(1) Herrn ncnontsyer cnom nn|opmannm n n cnyuanntx uncen nx npeopasonannx rpynon nponemt n n pas-
nnuntx nsomop|ntx nponem. 3arem ona c nomomtm cnoen nn|opmannn n cnyuanntx uncen pemaer n no-
ntx rpyntx nponem.
(2) Herrn npyuaer pemenne n nontx rpyntx nponem.
(3) Herrn packptnaer Bnkropy +rn n nontx rpyntx nponem. Bnkrop ne moxer nocnontsonartcx +rnmn non t-
mn nponemamn nx nonyuennx nn|opmannn o opnrnnantntx nponemax nnn nx pemennn.
(4) nx kaxon nonon rpynon nponemt Bnkrop npocnr Herrn nno
(a) okasart emy, uro crapax n nonax nponemt nsomop|nt, nno
(b) packptrt pemenne, npyuennoe na +rane (2), n okasart, uro ono xnnxercx pemennem annon nonon
nponemt.
(5) Herrn ncnonnxer ero npocty nx kaxon nonon nponemt.
K necuacrtm, nce ne rak npocro. 3ror nporokon, n ornnune or npetymero, ne onaaer raknmn xe cnoncrn a-
mn nynenoro snannx. Ha +rane (4) Bnkrop moxer norpeonart, urot okasarentcrno tno npecranneno n nne
snauennx ononanpannennon x+m-|ynknnn ncex snauennn, npyuenntx na nepnom +rane, enax nenosmoxntm nm n-
rannm sanncn nporokona. 3ro roxe nynenoe snanne, no pyroro poa . Ha npakrnke ono npecrannxercx esonac-
ntm, no nnkro ne snaer, kak +ro okasart. Mt encrnnrentno snaem rontko ro, uro npn onpeenenntx ycnonnxx
onpeenennte nporokont nx onpeenenntx nponem moryr trt ntnonnent napannentno es norepn cnoncrna
nynenoro snannx |247, 106, 546, 616].
Heuumeparmueume orasameuocmea c uyueem suauue
K+pon nenosmoxno yenrt, noromy uro ona ne yuacrnyer n nnrepakrnnnom nponecce nporokon. nx yexennx
K+pon n pyrnx sannrepeconanntx nnn nam nyxen nennrepakrnnntn nporokon .
nx nennrepakrnnntx okasarentcrn c nynentm snannem tn npnyman px nporokonon |477, 198, 478, 197],
koropte ne rpeymr nenocpecrnennoro nsanmoencrnnx. Herrn moxer onynnkonart nx n, raknm opasom, ok a-
sart cnoe snanne ncem, y koro nanercx npemx +ro nponepnrt
Fasontn nporokon noxox na napannentnoe okasarentcrno c nynentm snannem, no mecro Bnkropa sannmaer
ononanpannennax x+m-|ynknnx:
(1) Herrn ncnontsyer cnom nn|opmannm n n cnyuanntx uncen nx npeopasonannx rpynon nponemt n n pas-
nnuntx nsomop|ntx nponem. 3arem ona c nomomtm cnoen nn|opmannn n cnyuanntx uncen pemaer n no-
ntx rpyntx nponem.
(2) Herrn npyuaer pemenne n nontx rpyntx nponem.
(3) Herrn ncnontsyer nce +rn npyuennx n kauecrne nxoa nx ononanpannennon x+m-|ynknnn. (B konne konnon
+rn npyuennx - ne uro nnoe, kak crpokn nron.) 3arem ona coxpanxer nepnte n nron nonyuennoro snauennx
ononanpannennon x+m-|ynknnn.
(4) Herrn eper n nron, nonyuenntx na +rane (3). Ho ouepen nx kaxon n-on rpynon nponemt ona eper
n-tn nr n
(a) ecnn nr panen 0, okastnaer, uro crapax n nonax nponemt nsomop|nt, nno
(b) ecnn nr panen 1, packptnaer pemenne, npyuennoe na +rane (2), n okastnaer, uro ono xnnxercx pem e-
nnem annon nonon nponemt.
(5) Herrn onynnkontnaer nce pemennx, npyuennte na +rane (2), n nce okasarentcrna, nonyuennte na +rane
(4).
(6) Bnkrop, K+pon n nce ocrantnte sannrepeconannte nnna nponepxmr, uro +rant (1)-(5) ntnonnent npannn t-
no.
3ro nneuarnxer: Herrn moxer onynnkonart nekoropte annte, koropte ne coepxar nnkakon nn|opmannn o
ee cekpere, no moryr koro yrono yenrt n cymecrnonannn camoro cekpera . 3ror nporokon moxer trt ncnontso-
nan nponepka onpeenena kak ntuncnenne ononanpannennon x+m-|ynknnn nepnonauantntx coomennn n non n-
ctnaemoro coomennx.
3ra cxema paoraer, noromy uro ononanpannennax x+m-|ynknnx encrnyer kak ecnpncrpacrntn reneparop
cnyuanntx nron. urot momennnuart, Herrn nyxno ymert npeckastnart pesyntrar ononanpannennon x+m-
|ynknnn. (Homnnre, ecnn pemenne rpynon nponemt en nensnecrno , ona moxer cenart na +rane (4) nno (a),
nno (b), no ne oa encrnnx ononpemenno.) Ecnn ona kaknm-ro opasom ysnaer, ntnonnenne kakoro encrnnx
norpeyer or nee ononanpannennax x+m-|ynknnx, ro ona cmoxer cmomennnuart . Onako, Herrn ne cmoxer sa-
crannrt ononanpannennym x+m-|ynknnm ntart onpeenenntn nr nnn oraartcx, kakon nr yer nonyuen .
Ononanpannennax x+m-|ynknnx no cyrn xnnxercx samennrenem Bnkropa n cnyuannom ntope onoro ns nyx
okasarentcrn na +rane (4).
B nennrepakrnnnom nporokone onxno trt ropaso ontme nrepannn n nocneonarentnocrn sanpoc/orner .
Herrn, a ne Bnkrop, ornpaer rpynte nponemt c nomomtm cnyuanntx uncen . Ona moxer nonpart pasnnunte
nponemt, cneonarentno, n pasnnunte nekropt npyuennx, o rex nop , noka x+m-|ynknnx ne ntacr uro-ro, nyx-
noe Herrn. B nnrepakrnnnom nporokone 10 nrepannn - nepoxrnocrt momennnuecrna Herrn cocrannr 1 manc ns 2
10
(1 ns 1024) - moxer trt ocrarouno. Onako, nx nennrepakrnnntx okasarentcrn c nynentm snannem +roro ne
xnarnr. Homnnre, uro M+nnopn ncera moxer ntnonnnrt na +rane (4) nno (a), nno (b). On moxer, ntnonnxx
+rant (1)-(3), nontrartcx oraartcx, uro ero nonpocxr cenart, n nocmorpert, npannntno nn ero
npenonoxenne. Ecnn ner, on nonpoyer cnona n cnona. Cenart 1024 npenonoxennx na komntmrepe nerpyno.
nx npeornpamennx rakoro nckptrnx rpytm nsnomom nx nennrepakrnnntx nporokonon nyxno 64 nnn axe
128 nrepannn.
Inannax nex cocronr n ncnontsonannn ononanpannennon x+m-|ynknnn - Herrn ne moxer npeckasart ntxo
x+m-|ynknnn, noromy uro ona ne moxer npeckasart ee nxo . Bpyuennx, ncnontsyemte na nxoe, cranonxrcx ns-
necrnt rontko nocne pemennx nontx nponem.
Ouue saeuauua
Fnmm (Blum) okasan, uro nmax maremarnueckax reopema moxer trt npeopasonana n rpa|, rakon, uro o-
kasarentcrno reopemt yer +knnnanenrno okasarentcrny cymecrnonannx ramnntronona nnkna nx +roro rpa|a .
B omem nne ro, uro nx nmoro NP-nonnoro yrnepxennx ecrt okasarentcrno c nynentm snannem, ncnontsy m-
mee ononanpannennte |ynknnn n, cneonarentno, xopomne anropnrmt mn|ponannx, okasano n |620]. hmoe
maremarnueckoe okasarentcrno moxer trt npeopasonano n okasarentcrno c nynentm snannem . Hcnontsyx +ry
meronky, nccneonarent moxer okasart mnpy, uro emy nsnecrno okasarentcrno konkpernon reopemt, ne pa c-
kptnax camoro pemennx. Fnmm mor onynnkonart cnon pesyntrart, ne packptnax nx .
Takxe cymecrnymr oxasa1ennc1na c unnnuannnmu pacxpm1neu|590]. nx okasarentcrna c mnnnmant-
ntm packptrnem ntnonnxmrcx cneymmne cnoncrna :
1. Herrn ne moxer omanyrt Bnkropa. Ecnn Herrn ne snaer okasarentcrna, ee manct yenrt Bnkropa n
rom, uro okasarentcrno en nsnecrno, npenepexnmo mant.
2. Bnkrop ne moxer omanyrt Herrn. On ne nonyuaer nn manenmero nameka na okasarentcrno kpome roro
|akra, uro okasarentcrno nsnecrno Herrn. B uacrnocrn, Bnkrop ne moxer npoemoncrpnponart okas a-
rentcrno nnkomy pyromy, ne okasan nce cam c camoro nauana.
V okasarentcrn c nynentm snannem ecrt ononnnrentnoe ycnonne :
3. Bnkrop ne ysnaer or Herrn nnuero rakoro, uero on ne cmor t ysnart n camocroxrentno kpome roro |a k-
ra, uro okasarentcrno nsnecrno Herrn.
Cymecrnyer samernax maremarnueckax pasnnna mexy okasarentcrnamn c mnnnmantntm packptrnem n ok a-
sarentcrnamn c nynentm snannem. 3ro pasnnune naxonrcx nne pamok annon knnrn, no onee nckymennte unr a-
renn moryr npomrynponart pyrym nnreparypy. Honxrnx nsnoxent n in |626, 619, 622]. antnenmax npopaorka
+rnx nen, ocnonannax na pasnnuntx maremarnuecknx npenonoxennxx, ntnonnena n |240, 319, 239].
Cymecrnymr pasnnunte rnnt okasarentcrn c nynentm snannem :
Conepmennoe. Cymecrnyer nmnrarop, koroptn cosaer crenorpammt, nonnocrtm coornercrnymmne pean t-
ntm crenorpammam (npnmept c ramnntronontm nn knom n nsomop|nsmom rpa|on).
C1a1nc1nuecxoe. Cymecrnyer nmnrarop, koroptn cosaer crenorpammt, nonnocrtm coornercrnymmne p e-
antntm crenorpammam, kpome |nkcnponannoro uncna ncknmuennn.
Bmuncnn1ennnoe. Cymecrnyer nmnrarop, koroptn cosaer crenorpammt, neornnunmte or peantntx.
Hencnonnsymmee. Hmnraropa moxer n ne trt, no mt moxem okasart, uro Bnkrop ne ysnaer nnkakon
nn|opmannn ns okasarentcrna (napannentntn npnmep)
Iot rxxenon paort, kak reopernueckon, rak n npnknanon, npncenn k noxnnennm okasarentcrn c mnn n-
mantntm packptrnem n nynentm snannem. Mank Fepmecrep (Mike Burmester) n Hno ecmer nsopenn mnpoko-
nemarentno nnrepakrnnnoe okasarentcrno, re nnaenen cekpera moxer mnpokonemarentno nepeanart ontmon
rpynne konrponepon nnrepakrnnnoe okasarentcrno c nynentm snannem |280]. Kpnnrorpa|t okasann, uro ece,
uro moxer trt okasano c nomomtm nnrepakrnnnoro okasarentcrna, moxer trt okasano n c nomomtm nnr e-
pakrnnnoro okasarentcrna c nynentm snannem |753, 137].
Xopomen osopnon crarten no annon reme xnnxercx |548]. ononnnrentnte maremarnueckne noponocrn,
napnanrt, nporokont n npnnoxennx nmnre n |590, 619, 240, 319, 620, 113,241, 152, 8, 660, 238, 591, 617, 510,
592, 214, 104, 216, 832, 97, 939, 622, 482, 615, 618, 215, 476, 71]. Muoeo :eeo tno nanncano no +romy nonpocy.
5.2 Hcnonusonanne pokasa1enuc1na c nynenmu snanneu pnn npen1nqnkaunn
B peantnom mnpe nx okasarentcrn nonnnnocrn uacro ncnontsymrcx |nsnueckne cnmnont: nacnopra, no n-
rentckne npana, kpenrnte kaproukn n r.. 3rn cnmnont coepxar uro-ro, cnxstnammee nx c konkperntm uen o-
nekom: otuno |ororpa|nm nnn nonnct, no c ron xe nepoxrnocrtm +ro moxer trt orneuarok nantna, cnnmok
ceruarkn rnasa nnn penrrenoncknn cnnmok uenmcrn . Kak tno t sopono enart uro-ro noonoe nn|pontm
opasom?
Hcnontsonart okasarentcrna c nynentm snannem nx okasarentcrna nenrnunocrn tno nnepnte npenox e-
no Vpnenem uanrom (Uriel Eeige), Amocom unarom (Amos Eiat) n An Bamnpom |566, 567]. 3akptrtn knmu
Annct cranonnrcx |ynknnen ee "nenrnunocrn" . Hcnontsyx okasarentcrno c nynentm snannem, ona okastnaer,
uro ona snaer cnon sakptrtn knmu n, raknm opasom, cnom nenrnunocrt . Coornercrnymmne anropnrmt moxno
nanrn n pasene 23.11.
3ro ouent mnorooemammax nex. Ona nosnonxer uenoneky okasart cnom nnunocrt es ncnontsonannx |ns n-
uecknx cnmnonon. Onako, ona ne conepmenna. Bor npnmept nosmoxntx snoynorpenennn.
Hpouea epoccecmepa
Bor kak Annca, axe ne snax npannn maxmar, moxer otrpart rpoccmencrepa. (Hnora +ro nastnaercx npo-
nemon rpoccmencrepa.) Ona noctnaer ntson Iappn Kacnapony n Anaronnm Kapnony, npenarax nrpart n ono
npemx, n onom n rom xe mecrn, no n pasentntx komnarax . Ona nrpaer entmn npornn Kacnapona n uepntmn
npornn Kapnona. Hn onn rpoccmencrep ne snaer o pyrom.
Kapnon, nrpax entmn, enaer cnon xo nepntm. Annca sannctnaer xo n ner n komnary k Kacnapony. Hrpax
entmn, ona enaer ror xe xo na ocke Kacnapona. Kacnapon enaer cnon nepntn xo uepntmn. Annca sannc t-
naer xo, ner n komnary k Kapnony n enaer ror xe xo. 3ro npoonxaercx, noka ona ne ntnrptnaer ony ns
naprnn, nponrptnax pyrym, nnn oe naprnn konuamrcx nnnutm .
Ha camom ene Kacnapon nrpaer c Kapnontm, a Annca npocro nocpennk, nonropxmmnn xot onoro rpoc c-
mencrepa na ocke pyroro. Onako, ecnn Kapnon n Kacnapon ne snamr o npncyrcrnnn pyr pyra, kaxtn ns nnx
yer nopaxen nrpon Annct.
3ror cnoco momennnuecrna moxer trt ncnontsonart npornn okasarentcrna nnunocrn c nynentm snannem
|485, 120]. Kora Annca okastnaer cnom nnunocrt M+nnopn, M+nnopn moxer ononpemenno okasart Foy, uro
on-ro n ecrt Annca.
Oau, emnouueuum aque
Ocyxax cnon nporokon nenrn|nkannn c nynentm snannem , An Bamnp ckasan |1424]: " mory xonrt n
npnnanexamnn ma|nn marasnn xort mnnnnon pas nopx, a onn nce eme ne cmoryr ntart cex sa menx ."
Bor kak ma|nx cmoxer +ro cenart. Annca ecr n pecropanunke Foa, npnnanexamem ma|nn . K+pon enaer
nokynkn n oporom mnennpnom marasnne +nna . Fo n K+pon - ma|nosn, neperonapnnammnecx no norannomy p a-
nokanany. Annca n +nn ne noospenamr o momennnuecrne .
Kora Annca noena n copanact nnarnrt n okastnart cnom nnunocrt Foy, Fo noaer cnrnan K+pon, uro n o-
pa naunnart. K+pon ntnpaer pnnnnanrt noopoxe n conpaercx okastnart cnom nnunocrt +nny . Tenept,
noka Annca okastnaer cnom nnunocrt Foy, ror noaer cnrnan K+pon, n ra ntnonnxer ror xe nporokon c
+nnom. Kora +nn saaer nonpoc no nporokony, K+pon coomaer +ror nonpoc Foy, a Fo saaer ero Annce . Ko-
ra Annca orneuaer, Fo nepeaer npannntntn orner K+pon. Ho cyrn, Annca npocro okastnaer cnom nnunocrt
+nny, a Fo n K+pon npocro, naxoxct nnyrpn nporokona, nepeamr coomennx rya-cma . Kora nporokon sa-
nepmaercx, Annca okasana cnom nnunocrt +nny n sannarnna sa oporne pnnnnanrt (c koroptmn K+pon renept
n ncuesner).
Oau, emnouueuum meppopucmau
Ecnn Annca xouer oennnrtcx c K+pon, ro onn rakxe moryr nponecrn +nna. B +rom nporokone K+pon - n s-
necrnax reppopncrka. Annca nomoraer en nexart n crpany. +nn - o|nnep-norpannunnk, Annca n K+pon omamr-
cx no rannomy panokanany.
Kora +nn saaer K+pon nonpoct n coornercrnnn no nporokony c nynentm snannem, K+pon nepeaer nx An n-
ce, koropax n orneuaer na nonpoct. K+pon nonropxer +rn ornert +nny. Carol recites these answers to Dave. Ho
cyrn, Cnom nnunocrt +nny okastnaer Annca, a K+pon ntcrynaer n ponn nnnnn cnxsn . Kora nporokon sanepma-
ercx, +nn cunraer, uro K+pon - +ro Annca, n paspemaer en nexart n crpany . Cnycrx rpn nx K+pon ncnntnaer y
npannrentcrnennoro sannx nmecre c mnkpoanroycom, nanrom nsptnuarkon .
Hpeuaeaeme peueuua
Oa onncanntx momennnuecrna nosmoxnt, rak kak saronopmnkn ncnontsymr ranntn panokanan. Onnm ns
cnocoon npeornparnrt momennnuecrno xnnxercx nponeenne nponeypt nenrn|nkannn n knerke uapaex, n o-
knpymmen +nekrpomarnnrnoe nsnyuenne. B npnmepe c reppopncrom +ro rapanrnpyer, uro K+pon ne nonyunr orn e-
ron or Annct. B npnmepe c ma|nen Fo moxer nocrponrt |antmnnym knerky uapaex n cnoem pecropane, no y
mnennpa-ro knerka yer paorart , n Fo n K+pon ne cmoryr omennnartcx coomennxmn . nx pemennx npone-
mt rpoccmencrepa Annca onxna cnert na cnoem cryne o konna nrpt.
Torac For (Thomas Both) n Hno ecmer npenoxnnn pyroe pemenne, ncnontsymmee rounte uact |148]. Ec-
nn kaxtn +ran nporokona onxen nponcxonrt n saannoe npemx, y momennnkon ne ocranercx npemenn nx o -
mena nn|opmannen. B cnyuae c nponemon rpoccmencrepa +ro coornercrnyer npenoxennm orpannunrt npemx o -
ymtnannx xoa onon mnnyron - y Annct ne ocranercx npemenn erart ns komnart n komnary . B ncropnn c ma-
|nen y Fo n K+pon ne xnarnr npemenn nepeanart pyr pyry ornert n nonpoct .
Oau c uecrouoruu uuuuocmau
Cymecrnymr n pyrne cnocot snoynorpenrt okasarentcrnamn nenrnunocrn c nynentm snannem, rakxe
paccmarpnnaemte n |485, 120]. B pxe peannsannn nponepka npn perncrpannn uenonekom cnoero knmua ne npon s-
nonrcx. Cneonarentno, y Annct moxer trt neckontko sakptrtx knmuen n, raknm opasom, neckontko nnun o-
cren. 3ro moxer sopono nomout en, ecnn ona saxouer momennnuart c nanoramn . Annca rakxe moxer conepmnrt
npecrynnenne n ckptrtcx. B nepntx, ona cosaer neckontko nnunocren, ona ns koroptx ne ncnontsyercx . 3arem,
ona ncnontsyer +ry nnunocrt nx conepmennx npecrynnennx rak, urot cnnerent nenrn|nnnponan ee kak +ry
nnunocrt. 3arem, ona nemenenno npekpamaer nontsonartcx +ron nnunocrtm. Cnnerent snaer nnunocrt npecryn-
nnka, no Annca nnkora ontme ne yer ncnontsonart +ry nnunocrt - ee nenosmoxno npocnenrt .
nx samnrt or +roro nyxnt mexannsmt, oecneunnammne, urot y kaxoro uenoneka tna rontko ona nn u-
nocrt. B |120] anropamn npenaraercx npnuynnnax nex samnmenntx or noponcrna eren, koropte ne moryr
trt knonnponant, n y koroptx ecrt ynnkantntn nomep, xnnxmmnncx uacrtm nx renernueckoro koa . Onn rakxe
npenoxnnn npncnannart kaxomy peenky nnunocrt npn poxennn . (encrnnrentno, ponrenxm npnercx ce-
nart +ro, rak kak nnaue peenok moxer trt ykpaen .) 3rnm roxe nerko snoynorpenrt - ponrenn moryr cosart
nx ponnmerocx peenka neckontko nnunocren. B konne konnon, ynnkantnocrt nnunocrn ocnonana na onepnn .
Hporam nacnopmoe
Annca xouer noexart n 3anp, no npannrentcrno +ron crpant ne aer en nnst. K+pon npenaraer cart cnom
nnunocrt Annce "nanpokar". (Hepntm +ro npenoxnn Fo, no nosnnk px ouennntx nponem .) K+pon npoaer
Annce cnon sakptrtn knmu n Annca eer n 3anp, ntanax cex sa K+pon .
K+pon nonyuaer ne rontko nnary sa cnom nnunocrt, no n neantnoe annn. Ona conepmaer npecrynnenne, noka
Annca naxonrcx n 3anpe. "K+pon" okasana cnom nnunocrt n 3anpe, kak ona morna conepmnrt npecrynnenne o-
ma?
Koneuno, pasnxsant pykn n y Annct. Ona moxer conepmnrt npecrynnenne nno nepe oresom, nno cpasy
xe nocne nosnpamennx, okono oma K+pon. Cnauana ona nokaxer, uro ona - K+pon (nmex sakptrtn knmu K+pon,
en ne cocrannr rpya cenart +ro), sarem ona conepmnr npecrynnenne n yexnr. Honnnnx yer nckart K+pon .
K+pon yer yrnepxart, uro cana cnom nnunocrt nanpokar Annce, no kro nonepnr n rakym nenepoxrnym ncr o-
pnm?
Hponema n rom, uro Annca okastnaer ne cnom nnunocrt, a ro, uro en nsnecrna nekoropax cekpernax nn|o p-
mannx. Hmenno cnxst mexy +ron nn|opmannen n nnunocrtm n cnyxnr npemerom snoynorpenennx . Pemenne
samnmenntx or noponcrna eren samnrnno t or rakoro momennnuecrna, kak n cosanne nonnnenckoro rocya p-
crna, n koropom nce rpaxane onxnt ouent uacro okastnart cnom nnunocrt (n konne nx, na kaxom yrny n
r..). Homout pemnrt +ry nponemy moryr nomerpnueckne merot - orneuarkn nantnen, cnnmkn ceruarkn rnasa,
sannct ronoca n r.n.
orasameuocmeo uueucmea
Annca xouer okasart Foy, uro ona xnnxercx unenom cynepcekpernon oprannsannn, no ne xouer packptnart
cnom nnunocrt. 3ra nponema, nnskax nponeme okasarentcrna nnunocrn, no ornnuammaxcx or nee, tna ns y-
uena n |887, 906, 907, 1201, 1445]. Px pemennn cnxsan c nponemon rpynnontx nonncen (cm. pasen 4.6).
5.3 Cnenme nopnncn
Baxntm cnoncrnom nporokonon nn|ponon nonncn xnnxercx snanne nonnctnammnm coepxannx nonnc t-
naemoro okymenra. 3ro xopomee cnoncrno, axe kora xouercx oparnoro .
Mt moxem noxenart, urot nmn nonnctnann okymenrt, axe ne snax nx coepxannx . Cymecrnymr cno-
cot, kora nonnctnammnn moxer ne rouno, no no:mu snart, uro on nonnctnaer. Ho nce no nopxky.
Houuocmom cuenme nonucu
Fo - rocyapcrnenntn norapnyc. Annca xouer, urot on nonncan okymenr, ne nmex nn manenmero npe -
crannennx o ero coepxannn. Fo ne orneuaer sa coepxanne okymenra, on rontko sanepxer, uro norapnantno
sacnnerentcrnonan ero n onpeenennoe npemx . On conpaercx encrnonart no cneymmemy nnany:
(1) Annca eper okymenr n ymnoxaer ero na cnyuannoe uncno. 3ro cnyuannoe uncno nastnaercx uacxnpym-
mnu unoan1eneu.
(2) Annca noctnaer samacknponanntn okymenr Foy.
(3) Fo nonnctnaer samacknponanntn okymenr.
(4) Annca yanxer macknpymmnn mnoxnrent, nonyuax opnrnnantntn okymenr, nonncanntn Foom.
3ror nporokon paoraer rontko, ecnn |ynknnx nonncn n ymnoxenne kommyrarnnnt . Ecnn ner, ro nomnmo
ymnoxennx cymecrnymr n pyrne cnocot nsmennrt okymenr . Heckontko noxoxmnx anropnrmon npnneent n
pasene 23.12. A cenuac, nx npocrort maremarnkn ocranonnmcx na ymnoxennn .
Moxer nn o cmomennnuart? Moxer nn on nonyunrt kakym-nnyt nn|opmannm o rom, uro nonnctnaer ?
Ecnn mnoxnrent ocropoxnocrn encrnnrentno cnyuaen n enaer samacknponanntn okymenr encrnnrentno cn y-
uanntm, ro ner. 3amacknponanntn okymenr, nonnctnaemtn Foom na +rane, (2) nnuem ne noxox na opnr n-
nantntn okymenr Annct. 3amacknponanntn okymenr c nonnctm Foa na nem na +rane (3) nnuem ne noxox na
nonncanntn okymenr +rana (4). axe ecnn Fo sanonyunr okymenr co cnoen nonnctm nocne okonuannx np o-
rokona, on ne cmoxer okasart (cee nnn komy-ro pyromy), uro on nonncan ero n +rom konkpernom nporokone .
On snaer, uro ero nonnct npannntna. On moxer, kak n nmon pyron, nponepnrt cnom nonnct . Onako, y nero
ner nnkakon nosmoxnocrn cnxsart nonncanntn okymenr n nmym nn|opmannm, nonyuennym npn ntnonnennn
nporokona. Ecnn on nonncan, ncnontsyx +ror nporokon, mnnnnon okymenron, y nero ne yer cnocoa ysnart
kora kakon okymenr on nonncan. Honnocrtm cnente nonncn onaamr cneymmnmn cnoncrnamn:
1. Honnct Foa no okymenrom npannntna n cnyxnr okasarentcrnom roro, uro Fo nonncan +ror o-
kymenr. Ona yenr Foa n rom, uro on nonncan +ror okymenr, kora okymenr yer nnocnecrnnn
nokasan Foy. Ona rakxe onaaer ncemn cnoncrnamn nn|pontx nonncen, ocyxaemtx n pasene 2.6.
2. Fo ne moxer cnxsart nonncanntn okymenr c nponeccom nonncannx okymenra. axe ecnn y nero
xpanxrcx sanncn oo ncex cenanntx nm cnentx nonncxx, on ne cmoxer onpeennrt, kora on non n-
can konkperntn okymenr.
V Ent, naxoxmencx mexy Anncon n Foom n cnexmen sa nporokonom, nn|opmannn eme mentme, uem y F o-
a.
Cuenme nonucu
C nomomtm nporokona nonnocrtm cnentx nonncen Annca moxer sacrannrt Foa nonncart uro-nnyt np o-
e: "Fo onxen Annce mnnnnon onnapon", "Fo onxen Annce cnoero nepnoro peenka", "Fo onxen Annce
xmnk mokonaa". Bosmoxnocrn eckoneunt, n no+romy no mnornx npnnoxennxx +ror nporokon ecnonesen. .
Onako, cymecrnyer cnoco, c nomomtm koroporo Fo moxer ysnart, uro on nonnctnaer, nmecre c rem coxp a-
nxx nonesnte cnoncrna cnentx nonncen. Henrpantntm momenrom +roro nporokona xnnxercx rexnnka "paspesart
n ntpart". Paccmorpnm cneymmnn npnmep. Mnoxecrno nmen kaxtn ent nesxamr n nekym crpany, n e-
napramenr nmmnrpannn xouer yocronepnrtcx, uro onn ne nnosxr kokann . Cnyxamne moryr otcknnart kaxoro,
no nmecro +roro ncnontsyercx nepoxrnocrnoe pemenne - otcknnaercx kaxtn ecxrtn nesxammnn . Honepra-
ercx ocmorpy nmymecrno onoro uenoneka ns ecxrn, ocrantnte enxrt nponyckamrcx ecnpenxrcrnenno . Hocro-
xnnte konrpaanncrt n ontmnncrne cnyuaen npockaknnamr nesameuenntmn, no c nepoxrnocrtm 10 nponenron
nx nonxr. H ecnn cyenax cncrema paoraer +||ekrnnno, nakasanne sa enncrnennym nonmky na mecre npecry n-
nennx onee uem nepenemnnaer ntrot enxrn yauntx nontrok .
Ecnn enapramenr nmmnrpannn saxouer nontcnrt nepoxrnocrt nonmkn konrpaanncron, cnyxamnm npnercx
otcknnart ontme nmen, saxouer nonnsnrt nepoxrnocrt - moxno yer otcknnart mentme nmen . Vnpannxx
nepoxrnocrxmn, moxno konrponnponart +||ekrnnnocrt nporokona npn nonmke konrpaanncron .
Hporokon cnenon nonncn paoraer ananornuntm opasom. Fo nonyuaer ontmym nauky pasnnuntx samack n-
ponanntx okymenron. On o1xpoe1, nanpnmep, nce kpome onoro n sarem nonnmer nocnennn .
Hocmorpnre na samacknponanntn okymenr kak na nexamnn n konnepre. Hponecc macknponkn okymenra
moxno paccmarpnnart kak nomemenne okymenra n konnepr, a nponecc yanennx mnoxnrenx macknponkn - kak
nckptrne konnepra. Kora okymenr cnpxran n konnepr, nnkro ne cmoxer ero npounrart . okymenr nonnctnaer-
cx c nomomtm kycouka konnponantnon ymarn, nomemennon n konnepr : Kora nonnctnammnn crannr cnom no-
nnct na konnepre, c nomomtm kycouka konnponantnon ymarn +ra nonnct crannrcx n no okymenrom .
B cneymmem cnenapnn encrnyer rpynna arenron konrppasnekn . Hx nnunocrn sacekpeuent, axe camo
Vnpannenne konrppasnekn ne snaer, kro onn rakne . npekropa Vnpannennx xouer ntart kaxomy arenry non n-
canntn okymenr cneymmero coepxannx: "Hoarent +roro nonncannoro okymenra, (ncrantre nmx, no kor o-
ptm encrnyer arenr), onaaer nonnon nnnomarnueckon nenpnkocnonennocrtm". V kaxoro ns arenron ecrt
cnon cnncok ncenonnmon, no+romy Vnpannenne ne moxer npocro pasart nonncannte okymenrt . Arenrt ne
xorxr nepeanart cnon ncenonnmt n Vnpannenne, rak kak npar mor nckptrt komntmrep Vnpannennx . C pyron
cropont, Vnpannenne ne xouer cneno nonnctnart okymenrt, npeocrannennte arenrom. Xnrptn arenr moxer
npecrannrt coomenne, noonoe cneymmemy: "Arenr (nmx) ntmen n orcranky, n emy nasnauena exeronax
nencnx n mnnnnon onnapon. Honncano, Hpesnenr". B +rom cnyuae moryr trt nonesnt cnente nonncn .
Hpenonoxnm, uro y kaxoro arenra no 10 ncenonnmon, ntpanntx nmn camnmn n ontme nnkomy nensnec r-
ntx. Hpenonoxnm rakxe, uro arenram nce panno, no kaknm nmenem onn nonyuar nnnomarnueckym nenpnko c-
nonennocrt. Takxe npenonoxnm, komntmrep ynpannennx nastnaercx Agency's Large Intelligent Computing
Engine (Fontmax Hnrennekryantnax Btuncnnrentnax Mamnna Vnpannennx), nnn ALICE, a namnm konkperntm
arenrom xnnxercx Bogota Operations Branch (Cekrop onepannn n Forore): BOB.
(1) BOB roronnr n okymenron, kaxtn ns koroptx ncnontsyer pasnnuntn ncenonnm, ammnx emy nnnoma-
rnueckym nenpnkocnonennocrt.
(2) BOB macknpyer kaxtn ns okymenron ornnuntm macknpymmnm mnoxnrenem .
(3) BOB ornpannxer n okymenron ALICE.
(4) ALICE cnyuanntm opasom ntnpaer n-1 okymenr n npocnr BOB'a npncnart macknpymmnn mnoxnrent
nx kaxoro ns ntpanntx okymenron.
(5) BOB noctnaer ALICE coornercrnymmne macknpymmne mnoxnrenn.
(6) ALICE orkptnaer (r.e., yanxer macknpymmnn mnoxnrent) n-1 okymenr n yexaercx n rom, uro onn kop-
pekrnt - n ne xnnxmrcx paspemennem na ntnnary nencnn .
(7) ALICE nonnctnaer ocranmnncx okymenr n noctnaer ero BOB'y.
(8) Arenr yanxer macknpymmnn mnoxnrent n unraer cnon nontn ncenonnm : "Mannnonax nonoca." Honncan-
ntn okymenr aer emy nnnomarnueckym nenpnkocnonennocrt no +rnm nmenem .
3ror nporokon naexno samnmen or momennnuecrna BOB'a. urot cmomennnuart, on onxen rouno yraart,
kakon okymenr ALICE ne yer nponepxrt. Bepoxrnocrt +roro - 1 manc ns n - ne cnnmkom nennka. ALICE snaer
+ro n uyncrnyer cex ynepenno, nonnctnax okymenr, koroptn ona ne cmoxer nponepnrt . nx +roro okymenra
paccmarpnnaemtn nporokon nonnocrtm connaaer c npetymnm nporokonom nonnocrtm cnenon nonncn, coxp a-
nxx nce cnoncrna anonnmnocrn.
Cymecrnyer rpmk, koroptn eme ontme ymentmaer nepoxrnocrt momennnuecrna BOB'a. Ha +rane (4) ALICE
cnyuanntm opasom ntnpaer n/2 okymenron nx nponepkn, n BOB npnctnaer en coornercrnymmnn macknpym-
mne mnoxnrenn na +rane (5). Ha +rane (7) ALICE nepemnoxaer nce nenponepennte okymenrt n nonnctnaer
nonyunnmnncx meraokymenr. Ha +rane (8) BOB yanxer nce macknponounte mnoxnrenn. Honnct ALICE yer
npannntnon, rontko ecnn em nonncano nponsneenne n/2 nenrnuntx okymenron. urot cmomennnuart, BOB'y
nyxno rouno yraart, kakoe nomnoxecrno okymenron yer nponepxrt ALICE. Bepoxrnocrt +roro ropaso nnxe,
uem nepoxrnocrt yraart enncrnenntn okymenr, koroptn ALICE ne nponepxna.
BOB moxer cmomennnuart no pyromy. On moxer cosart na pasnnuntx okymenra, onn ns koroptx ALICE
cornacna nonncart, a pyron - ner. 3arem on moxer nontrartcx nanrn na pasnnuntx macknpymmnx mnoxnrenx,
koropte npeopasymr ykasannte okymenrt k onnakonomy nny. Taknm opasom, ecnn ALICE saxouer npone-
pnrt okymenr, BOB nepeacr en macknpymmnn mnoxnrent, npeopasymmnn okymenr k nennnnomy nny . Ecnn
ALICE ne saxouer npocmorpert okymenr n nonnmer ero , on npnmennr ror macknpymmnn mnoxnrent, koroptn
npeopasyer samacknponanntn nonncanntn okymenr n okymenr, xnnxmmnncx nentm momennnuecrna . Xorx
reopernueckn +ro n nosmoxno, maremarnka konkperntx anropnrmon enaer npenepexnmo manon nepoxrnocrt nx
BOB'a nanrn rakym napy. encrnnrentno, ona moxer trt cront nnskon, kak n nepoxrnocrt Foa cosart neox o-
nmym nonnct no nponsnontntm okymenrom camocroxrentno . 3ror nonpoc ocyxaercx nnxe n pasene 23.12.
Ha1en1m. Bnaentnem narenron na px ocoennocren cnentx nonncen xnnxercx uaym ( Chaum) (cm. 4-n).
Tan. 5-1. Ha1en1m Hayua na cnenme nonncn
N na1en1a
CHA
a1a Hasnanne
4759063 19.07.88 Blind Signature Systems |323] (Cncremt cnentx nonncen)
4759064 19.07.88 Blind Unanticipated Signature Systems |324] (Cncremt cnentx neoxnanntx nonncen)
4914698 03.03.90 One-Show Blind Signature Systems |326] (Cncremt cnentx nonncen, nokastnaemtx
onn pas)
4949380 14.08.90 Returned-Value Blind Signature Systems |328] (Cncremt cnentx nonncen c nosnpa-
maemtm snauennem)
4991210 05.02.91 Unpredictable Blind Signature Systems |331] (Cncremt nenpeckasyemtx cnentx no-
nncen)
5.4 Rnunoc1nan kpnn1orpaqnn c o1kpm1mun knmuaun
Annca xouer ornpannrt Foy esonacnoe coomenne . Ona ne xouer nonyuart cnon orkptrtn knmu c cepnepa
knmuen, ona ne xouer nponepxrt nonnct nekoropon sacnyxnnammen onepnx rperten cropont na ceprn|nkare
cnoero orkptroro knmua, n ona axe ne xouer xpannrt orkptrtn knmu Foa n cnoem komntmrepe . Ona xouer npo-
cro nocnart emy esonacnoe coomenne.
3ry nponemy pemamr nnunoc1nme kpnnrocncremt, nnora nastnaemte cncremamn c Hennrepakrnnntm pa s-
enennem knmuen (Non-Interactive Key Sharing, NIKS) |1422]. Orkptrtn knmu Foa ocnontnaercx na ero nmenn
n cerenom apece (rene|onnom nomepe, nouronom apece nnn uem-ro noonom). B otunon kpnnrorpa|nn c or-
kptrtmn knmuamn Annce nyxen nonncanntn ceprn|nkar, cnxstnammnn nnunocrt Foa n ero orkptrtn knmu .
B nnunocrnon kpnnrorpa|nn orkptrtn knmu Foa u ecmi ero nnunocrt. 3ro encrnnrentno cnexax nex xnnxercx
nourn conepmennon nx nouronon cncremt - Ecnn Annca snaer apec Foa, ona moxer esonacno noctnart emy
noury, uro enaer kpnnrorpa|nm npospaunon, nackontko +ro noome nosmoxno .
Cncrema ocnonana na ntaue Tpenrom knmuen nontsonarenxm n sanncnmocrn or nx nnunocrn . Ecnn sakptrtn
knmu Annct yer ckomnpomernponan, en npnercx nsmennrt ono ns cnoncrn, onpeenxmmnx ee nnunocrt .
Ceptesnon nponemon xnnxercx npoekrnponanne cncremt raknm opasom, urot cronop neuecrntx nontsonarenen
ne mor npnnecrn k noenke knmua.
Hpn paspaorke maremarnkn raknx cxem, oecneuenne esonacnocrn koroptx okasanoct snepckn cnoxntm, tn
ntnonnen ontmon oem paort - rnanntm opasom n nonnn . Mnorne npenoxennte pemennx coepxar ntop
Tpenrom cnyuannoro uncna nx kaxoro nontsonarenx - no moemy, +ro yrpoxaer camon nee raknx cncrem. Px
anropnrmon, paccmarpnnaemtx n rnanax 19 n 20, moryr trt nnunocrntmn . Hoponocrn anropnrmon n kpnnro-
cncrem moxno nanrn n |191, 1422, 891, 1022, 1515, 1202, 1196, 908, 692, 674, 1131, 1023, 1516, 1536, 1544, 63,
1210, 314, 313, 1545, 1539, 1543, 933, 1517, 748, 1228]. Anropnrm, koroptn ne ncnontsyer cnyuanntx uncen,
onncan n |1035]. Cncrema, ocyxaemax n |1546, 1547, 1507], nenaexna npornn nckptrnx c ncnontsonannem n t-
pannoro orkptroro knmua, ro xe camoe moxno ckasart n o cncreme, npenoxennon kak NIKS-TAS |1542, 1540,
1541, 993, 375, 1538]. Ho npane ronopx, cpen npenoxennoro ner nnuero ononpemenno npakrnunoro n esona c-
noro.
5.5 Paccennnan nepepaua
Kpnnrorpa| Fo esnaexno ntraercx pasnoxnrt na mnoxnrenn 500-nronoe uncno n. On snaer, uro ono xn-
nxercx nponsneennem nxrn 100-nrontx uncen, n nnuero ontme . (Bor nponema. Ecnn on ne noccranonnr knmu,
emy npnercx paorart cnepxypouno, n on ne nonaer na exeneentnym nrpy c Anncon n mtcnenntn nokep .) uro
xe enart? H nor noxnnxercx Annca:
"Mne nocuacrnnnnnoct ysnart onn ns mnoxnrenen uncna ", - ronopnr ona, - "n x npoam ero ree sa 100 onnapon. Ho on-
napy sa nr." Hokastnax cnom ceptesnocrt, ona conpaercx ncnontsonart cxemy npyuennx nra, npyuax kaxtn nr o rentno.
Fo sannrepeconan, no rontko sa 50 onnapon . Annca ne xouer cpactnart neny n npenaraer npoart Foy nononnny nron
sa nononnny cronmocrn. "3ro samerno cokparnr ree paory", -.
"Ho kak x ysnam, uro rnoe uncno encrnnrentno xnnxercx mnoxnrenem n. Ecnn rt nokaxemt mne uncno n nosnonnmt mne
yenrtcx, uro ono encrnnrentno xnnxercx mnoxnrenem, x cornamyct c rnonmn ycnonnxmn ", - ronopnr Fo.
Onn n naronon cnryannn. Annca ne moxer yenrt Foa n rom, uro ona snaer comnoxnrent n, ne packptn ero, a Fo ne xo-
uer nokynart 50 nron, koropte nnonne moryr okasartcx ecnonesntmn .
3ra ncropnx, yramennax y xo Knnnana |831], nnonr nonxrne pacceunnon nepeaun. Annca nepeaer Foy
rpynny coomennn. Fo nonyuaer nekoropoe nomnoxecrno +rnx coomennn, no Annca ne snaer, kakne ns coom e-
nnn Fo nonyunn. Onako, +ro ne nonnocrtm pemaer nponemy. Kora Fo nonyunr cnyuannym nononnny nron ,
Annce npnercx yexart ero, ncnontsyx okasarentcrno c nynentm snannem, uro ona nocnana uacrt mnoxnrenx
n.
B cneymmem nporokone Annca noctnaer Foy ono ns nyx coomennn. Fo nonyuaer coomenne, no kakoe -
Annca ne snaer.
(1) Annca renepnpyer ne napt orkptrtn knmu/sakptrtn knmu, ncero uertpe knmua . Ona noctnaer oa or-
kptrtx knmua Foy.
(2) Fo ntnpaer knmu cnmmerpnunoro anropnrma (nanpnmep, DES). On ntnpaer onn ns orkptrtx knmuen
Annct n mn|pyer c ero nomomtm cnon knmu DES. On noctnaer mn|ponanntn knmu Annce, ne coomax,
kakon ns ee orkptrtx knmuen on ncnontsonan nx mn|ponannx .
(3) Annca naxt pacmn|pontnaer knmu Foa , ncnontsyx oa cnonx sakptrtx knmua. B onom ns cnyuaen ona
ncnontsyer npannntntn knmu n ycnemno pacmn|pontnaer knmu DES, npncnanntn Foom. B pyrom cnyuae
ona ncnontsyer nenpannntntn knmu n nonyuaer eccmtcnennym nocneonarentnocrt nron, koropax, rem ne
menee, noxoxa na cnyuanntn knmu DES. Tak kak en nensnecren npannntntn orkptrtn rekcr, ona ne moxer
ysnart, kakon ns knmuen npannnen.
(4) Annca samn|pontnaer kaxoe ns cnonx coomennn kaxtm ns knmuen, nonyuenntx em na npetymem
+rane (onn ns koroptx - nacroxmnn, a pyron - eccmtcnenntn ), n noctnaer oa coomennx Foy.
(5) Fo nonyuaer coomennx Annct, ono ns koroptx samn|ponano npannntntm knmuom DES, a pyroe - ec-
cmtcnenntm knmuom DES. Kora Fo pacmn|pontnaer kaxoe ns +rnx coomennn cnonm knmuom DES, on
moxer npounrart ono ns nnx, a pyroe yer nx nero ntrnxert nonnon eccmtcnnnen .
Tenept y Foa ecrt na coomennx Annct, n Annca ne snaer, kakoe ns nnx Foy yanoct ycnemno pacmn|p o-
nart. K necuacrtm, ecnn nporokon ocranonnrcx na +rom +rane, Annca cmoxer cmomennnuart. Heoxonm eme
onn +ran.
(6) Kora nporokon sanepmnrcx, n cranyr nsnecrnt oa nosmoxntx pesyntrara nepeaun , Annca onxna nepe-
art Foy cnon sakptrte knmun, urot on yenrtcx n orcyrcrnnn momennnuecrna . B konne konnon, ona
morna samn|ponart na +rane (4) oonmn knmuamn ono n ro xe coomenne .
B +ror momenr, koneuno xe Fo cmoxer ysnart n nropoe coomenne .
Hporokon naexno samnmen or nsnoma co cropont Annct, noromy uro y nee ner nosmoxnocrn ysnart, kakon
ns nyx knmuen DES xnnxercx nacroxmnm. Oa ns nnx ona ncnontsyer nx mn|ponannx cnonx coomennn, no Fo
moxer ycnemno pacmn|ponart rontko ono ns nnx - o +rana (6) . Hporokon samnmen n or nsnoma co cropont
Foa, noromy uro o +rana (6) on ne cmoxer nonyunrt sakptrtn knmu Annct, urot onpeennrt knmu DES, ko-
roptm samn|ponano pyroe coomenne. Ha nn +ror nporokon moxer nokasartcx npocro ycnoxnenntm cnocoom
pocart "uecrnym" monery no moemy, no on nnrencnnno ncnontsyercx no mnornx cnoxntx nporokonax .
Koneuno xe, nnuro ne moxer nomemart Annce nocnart Foy na conepmenno eccmtcnenntx coomennx :
"Mxy-mxy " n "Tt monokococ". 3ror nporokon rapanrnpyer, uro Annca nepeacr Foy ono ns nyx coomennn, no
ner nnkakon rapanrnn, uro Fo saxouer nonyunrt nmoe ns nnx .
B nnreparype moxno nanrn n pyrne nporokont paccexnnon nepeaun . Hekoropte ns nnx nennrepakrnnnt, r.e.
Annca nynnkyer cnon na coomennx, a Fo moxer npouecrt rontko ono ns nnx . On moxer cenart +ro, kora
saxouer, emy ne nyxno nx +roro cnxstnartcx c Anncon |105].
B encrnnrentnocrn na npakrnke nnkro ne ncnontsyer nporokon paccexnnon nepeaun , no +ro nonxrne xnnxercx
naxntm nokom npn nocrpoennn pyrnx nporokonon . Xorx cymecrnyer mnoro rnnon paccexnnon nepeaun - y menx
ecrt na cekpera, a nt nonyuaere onn, y menx ecrt n cekperon, a nt nonyuaere onn, y menx ecrt onn cekper,
koroptn nt nonyuaere c nepoxrnocrtm 1/2 n rak anee - nce onn +knnnanenrnt |245, 391, 395].
5.6 Pacceunnme nonncn
uecrno ronopx, x ne mory npnymart, uero nx moxno ncnontsonart, no cymecrnyer na rnna paccexnntx no -
nncen |346]:
1. V Annct ecrt n pasnnuntx coomennn. Fo moxer ntpart ono ns nnx, urot Annca ero nonncana, n
y Annct ne yer cnocoa ysnart, uro xe ona nonncana .
2. V Annct ecrt enncrnennoe coomenne. Fo moxer ntpart onn ns n knmuen, koroptm Annca no-
nnmer coomenne, n Annca ne cmoxer ysnart, kakon knmu ona ncnontsonana .
Hex nsxmna, x ynepen, uro re-nnyt ona naner npnmenenne .
5.7 Opnonpeuennan nopnncu kon1pak1a
Honuco roumparma c noouom nocpeuura
Annca n Fo xorxr saknmunrt konrpakr. Onn ocrnrnn cornacnx na cnonax, no nnkro ne xouer crannrt cnom
nonnct, noka ne nocrannena nonnct pyroro. Hpn nnunon ncrpeue +ro ne ntstnaer sarpynennn - oa nonnc t-
namr nmecre. Ha paccroxnnn onn moryr oparnrtcx k nocpennky .
(1) Annca nonnctnaer konnm konrpakra n noctnaer ee Tpenry .
(2) Fo nonnctnaer konnm konrpakra n noctnaer ee Tpenry .
(3) Tpenr noctnaer coomenne n Annce, n Foy, coomammee, uro pyron naprnep nonncan konrpakr .
(4) Annca nonnctnaer ne konnn konrpakra n noctnaer nx Foy .
(5) Fo nonnctnaer oe konnn konrpakra, coxpanxer ony nx cex, n noctnaer pyrym Annce .
(6) Annca n Fo coomamr Tpenry, uro y kaxoro ns nnx ecrt nonncannax oonmn naprnepamn konnx konrpa k-
ra.
(7) Tpenr ynnuroxaer cnon ne konnn konrpakra, c enncrnennon nonnctm no kaxtm .
3ror nporokon paoraer, noromy uro Tpenr samnmaer nmym ns cropon or momennnuecrna pyron . Ecnn Fo
nontraercx orkasartcx or nonncn no konrpakrom na +rane (5), Annca moxer oparnrtcx k Tpenry sa konnen
konrpakra, yxe nonncannoro Foom. Ecnn Annca nontraercx orkasartcx or nonncn no konrpakrom na +rane
(4), Fo moxer cenart ro xe camoe. Kora Tpenr coomaer, uro on nonyunn oa konrpakra na +rane (3), Annca n
Fo ysnamr, uro pyron naprnep yxe nonncan konrpakr . Ecnn Tpenr ne nonyunr oa konrpakra na +ranax (1) n
(2), on ynnuroxaer nmemmymcx y nero konnm, n nn ona ns cropon ne cnxsana onee oxsarentcrnamn konrpakra .
Ouoepeeuuaa nonuco roumparma es nocpeuura (uuuo r uuuy)
Ecnn Annca n Fo ncrpeuamrcx nnnom k nnny, onn moryr nonncart konrpakr cneymmnm opasom |1244]:
(1) Annca nnmer nepnym ykny cnoero nmenn n nepeaer konrpakr Foy.
(2) Fo nnmer nepnym ykny cnoero nmenn n nepeaer konrpakr Annce.
(3) Annca nnmer nropym ykny cnoero nmenn n nepeaer konrpakr Foy.
(4) Fo nnmer nropym ykny cnoero nmenn n nepeaer konrpakr Annce.
(5) 3ro npoonxaercx o rex nop, noka Annca n Fo ne nannmyr cnon nmena nonnocrtm.
Ecnn npenepeut ouennnon nponemon nporokona (nmx Annct nnnnee nmenn Foa), ro on paoraer ocr a-
rouno xopomo. Hanncan rontko ony ykny ns nonncn, Annca snaer, uro nnkakon cytx ne craner sacrannxrt ee
ntnonnxrt ycnonnx konrpakra. Ho nanncannax ykna - +ro akr opon nonn, n Fo orneuaer ananornuntm enc r-
nnem.
Kora kaxax ns cropon nannmer neckontko ykn nonncn, cytx nepoxrno cmoxer yenrtcx, uro oe cropont
nonncann konrpakr. Xorx, ecnn nrnxertcx, cnryannx nectma rymanna . Koneuno xe, ro, uro konrpakr ne ncrynaer
n cnny nocne nanncannx nepntx ykn, rak xe ouennno kak n ro, uro konrpakr cranonnrcx encrnymmnm nocne
roro, kak cropont nannmyr cnon nmena. B kakom mecre nporokona cropont okastnamrcx cnxsanntmn
konrpakrom? Hanncan nononnny cnonx nmen? ne rpern? Tpn uerneprn?
Tak kak nn Annca, nn Fo ne snamr rouno, c kakoro momenra naunnaer encrnonart konrpakr, ro y kaxoro ns
nnx na nporxxennn ncero nporokona ecrt onacenne, uro nx nero nnn nx nee konrpakr yxe ncrynnn n cnny . He
cymecrnyer +rana nporokona, na koropom Fo cmor t ckasart : "Bt nanncann uertpe yknt nonncn, a x rontko
rpn. Bt cnxsant konrpakrom, a x ner. " V Foa ner npnunn npekpamart ntnonnenne nporokona . Fonee roro, uem
ontme cropont ntnonnxmr nporokon, rem ontme nepoxrnocrt roro, uro cytx pemnr, uro konrpakr ncrynnn n
cnny. H cnona, ner npnunnt npeptnart nporokon. B konne konnon, onn oa xorenn nonncart konrpakr, onn npo-
cro ne xorenn nonnctnart ero pantme pyroro naprnepa.
Ouoepeeuuaa nonuco roumparma es nocpeuura (es uuuuo ecmpeuu)
B +rom nporokone ncnontsyercx rakax xe neonpeenennocrt |138]. Annca n Fo no ouepen nnxyrcx ercknmn
maxkamn k nonncannm nporokona.
B +rom nporokone Annca n Fo omennnamrcx pxom nonncanntx coomennn nna : " cornacen, uro c nepo-
xrnocrtm p x cnxsan ycnonnxmn konrpakra."
Honyuarent coomennx moxer npexnnrt ero cyte n, c nepoxrnocrtm p, cytx npnsnaer konrpakr nonncan-
ntm.
(1) Annca n Fo cornacontnamr ary okonuannx nonncannx konrpakra .
(2) Annca n Fo oronapnnamrcx o pasnnunn nepoxrnocren, koroptm onn conpamrcx nontsonartcx. Hanpnmep,
Annca moxer pemnrt, uro ee nepoxrnocrt trt cnxsannon ycnonnxmn konrpakra ne onxna npentmart n e-
poxrnocrt Foa ontme, uem na 2 nponenra . Oosnaunm pasnnune Annct kak a, pasnnune Foa - kak b.
(3) Annca noctnaer Foy nonncannoe coomenne c nepoxrnocrtm p a.
(4) Fo noctnaer Annce nonncannoe coomenne c p a b.
(5) Hycrt p - +ro nepoxrnocrt ns coomennx, nonyuennoro Anncon or Foa na npetymem +rane . Annca noct-
naer Foy nonncannoe coomenne c p p a nnn 1, cmorpx uro mentme.
(6) Hycrt p - +ro nepoxrnocrt ns coomennx, nonyuennoro Foom or Annct na npetymem +rane . Fo noctna-
er Annce nonncannoe coomenne c p p b nnn 1, cmorpx uro mentme.
(7) Annca n Fo npoonxamr ntnonnxrt +rant (5) n (6) o rex nop, noka onn oa ne nonyuar coomennx c p 1
nnn noka ne nacrynnr cornaconannax na +rane (1) ara .
Ho mepe ntnonnennx nporokona n Annca, n Fo cornamamrcx, uro onn okastnamrcx cnxsanntmn konrpakrom
co nce ontmen n ontmen nepoxrnocrtm. Hanpnmep, Annca moxer onpeennrt cnoe a kak 2 nponenra, a Fo cnoe
b - kak 1 nponenr. (hyume t onn ntpann ontmne npnpamennx, a ro mt sacrpxnem na +rom mecre.) B nepnom
coomennn Annca coomaer, uro ona cnxsana konrpakrom c nepoxrnocrtm 2 nponenra . Fo moxer ornernrt, uro on
cnxsan konrpakrom c nepoxrnocrtm 3 nponenra . Cneymmee coomenne Annct moxer yrnepxart, uro ona cnxs a-
na konrpakrom c nepoxrnocrtm 5 nponenra n rak anee, noka nepoxrnocrn oonx ne ocrnrnyr 100 nponenron .
Ecnn n Annca, n Fo sanepmnnn nporokon k oronopennon are , ro nce npekpacno. B npornnnom cnyuae, nmax
ns cropon moxer npexnnrt konrpakr cyte nmecre c nonncanntm nocnennm coomennem pyron cropont.
Hpexe, uem npocmorpert konrpakr, cytx cnyuanntm opasom ntnpaer uncno mexy 0 n 1. Ecnn +ro uncno
mentme nepoxrnocrn, nonncannon nropon croponon, ro oe cropont cnxsant konrpakrom. Ecnn +ro uncno ontme
nepoxrnocrn, nonncannon nropon croponon, ro oe cropont ne cnxsant konrpakrom. (3arem cytx coxpanxer nc-
nontsonannoe uncno na cnyuan pemennx pyroro nonpoca, kacammerocx roro xe konrpakra .) Hmenno +ro n osnaua-
er "trt cnxsanntm konrpakrom c nepoxrnocrtm p".
3ro asontn nporokon, no moryr ncnontsonartcx n ononnnrentnte ycnoxnennx . Cytx moxer npnnnmart pe-
menne n orcyrcrnne onon ns cropon. Pemenne cytn cnxstnaer konrpakrom nno oe cropont, nno nn ony ns
nnx. He cymecrnyer cnryannn, kora ona ns cropon cnxsana konrpakrom, a pyrax - ner . Fonee roro, nporokon
sanepmnrcx, kak rontko ona ns cropon saxouer nmert xort nemnoro ontmym, uem pyrax, nepoxrnocrt trt cn x-
sannon konrpakrom.
Ouoepeeuuaa nonuco roumparma es nocpeuura (c noouom rpunmoepaquu)
3ror kpnnrorpa|nuecknn nporokon ncnontsyer ror xe npnnnnn ercknx maxkon |529]. nx onpeenennocrn
ncnontsyercx DES, xorx nmecro nero moxer trt nmon cnmmerpnuntn anropnrm .
(1) H Annca, n Fo cnyuanntm opasom ntnpamr 2n knmuen DES, crpynnnponanntx nonapno. B napax ner
nnuero ocoennoro, +ro npocro cnoco rpynnnponkn nx annoro nporokona .
(2) H Annca, n Fo cosamr n nap coomennn, L
i
n R
i
, nanpnmep, "3ro nenax nononnna moen i-on nonncn" n
"3ro npanax nononnna moen i-on nonncn". Henrn|nkarop, i, menxercx or 1 o n. B kaxoe coomenne, ne-
poxrno, rakxe yer nxonrt nn|ponax nonnct konrpakra n merka npemenn . Konrpakr cunraercx nonncan-
ntm, ecnn pyrax cropona moxer npexnnrt oe nononnnt, L
i
n R
i
, onon napt nonncen.
(3) H Annca, n Fo mn|pymr cnon napt coomennn napamn knmuen DES, nenoe coomenne - nentm knmuom n
nape , a npanoe - npantm.
(4) Annca n Fo noctnamr pyr pyry cnon naukn ns 2n mn|ponanntx coomennn, noxcnxx, kakne coomennx
kaknmn nononnnamn kaknx nap xnnxmrcx.
(5) Annca n Fo noctnamr pyr pyry nce napt knmuen, ncnontsyx nporokon paccexnnon nepeaun nx kaxon
napt. To ecrt, Annca noctnaer Foy nesanncnmo nx kaxon ns n nap knmuen nno knmu, ncnontsonanntn
nx mn|ponannx nenoro coomennx, nno knmu, ncnontsonanntn nx mn|ponannx npanoro coomennx . Fo
enaer ro xe camoe. Onn moryr noctnart cnon nononnnkn no ouepen, nnn cnauana onn moxer nocnart nce
100, a norom pyron - +ro ne nmeer snauennx . Tenept n y Annct, n y Foa ecrt no onomy knmuy ns kaxon
napt, no nnkro ne snaer, kakne ns nononnnok nonyunn naprnep .
(6) Annca n Fo, ncnontsyx nonyuennte knmun, pacmn|pontnamr re nononnnkn coomennn, koropte onn m o-
ryr pacmn|ponart. Onn yexamrcx, uro pacmn|ponannte coomennx npannntnt .
(7) Annca n Fo noctnamr pyr pyry nepnte nrt ncex 2n knmuen DES.
(8) Annca n Fo nonropxmr +ran (7) nx nroptx nron ncex 2n knmuen DES, sarem rpertnx nron n rak anee,
noka nce nrt ncex knmuen DES ne yyr nepeant.
(9) Annca n Fo pacmn|pontnamr ocranmnecx nononnnkn coomennn, n konrpakr nonncan.
(10) Annca n Fo omennnamrcx sakptrtmn knmuamn, ncnontsonanntmn nx nporokona paccexnnon nepeaun
na +rane (5), n kaxtn ns nnx yexaercx n orcyrcrnnn momennnuecrna .
Houemy Annce n Foy nyxno ntnonnnrt ncm +ry nynym nocneonarentnocrt encrnnn? Hpenonoxnm, uro
Annca xouer cmomennnuart, n nocmorpnm, uro nonyunrcx . Ha +ranax (4) n (5) Annca morna t paspymnrt nporo-
kon, nocnan Foy nnuero ne snauamne crpokn. Fo onapyxnn t +ro na +rane (6) npn nontrke pacmn|ponart
nonyuennte nononnnkn. Fo c nonnon esonacnocrtm moxer ocranonnrtcx o roro, kak Annca cmoxer pacmn|p o-
nart nmym ns nap coomennn Foa.
Ecnn t Annca tna ouent xnrpon, ona morna t paspymnrt rontko nononnny nporokona . Ona morna t no-
cnart ony nononnnky ns kaxon napt npannntno, a nmecro nropon ornpannrt eccmtcnennte crpokn . Bepoxr-
nocrt Foa nonyunrt npannntnym nononnnky cocrannr rontko 50 nponenron , no+romy n nononnne cnyuaen momen-
nnuecrno Annct yacrcx, no rontko nx onon napt. Ecnn t ncnontsonannct rontko ne napt, +ror cnoco mo-
mennnuecrna yacrcx n 25 nponenrax cnyuaen . Bor nouemy n onxno trt nennko. Annce neoxonmo rouno yra-
art pesyntrar n nporokonon paccexnnon nepeaun, ee nepoxrnocrt onrtcx +roro cocrannxer 1 manc ns 2
n
. Ecnn
n 10, y Annct 1 manc ns 1024 omanyrt Foa.
Annca rakxe moxer ornpannrt Foy cnyuannte nrt na +rane (8). Bosmoxno, Fo ne ysnaer, uro ona nocnana
emy cnyuannte nrt, noka ne nonyunr nect knmu n ne nontraercx pacmn|ponart nononnnkn coomennx . Ho cno-
na nepoxrnocrt na cropone Foa. On yxe nonyunn nononnny knmuen, n Annca ne snaer kakym. Ecnn n ocrarouno
nennko, Annca nanepnxka npnmner emy eccmtcnenntn nr nx knmua, koroptn y nero yxe ecrt, n on nemene n-
no ysnaer, uro ona ntraercx ero omanyrt.
Bosmoxno, Annca yer ntnonnxrt +ran (8) o rex nop, noka ona ne nonyunr ocrarouno nron knmuen nx
nckptrnx rpytm nsnomom, n sarem npekparnr nepeauy nron . nnna knmua DES - 56 nron. Ecnn ona nonyunna
40 ns 56 nron, en ocranercx nepepart 2
16
, nnn 65536, knmuen nx emn|ponkn coomennx, a +ra saaua, onp e-
enenno, no cnnam conpemenntm komntmrepam. Ho Fo nonyunr ponno crontko xe nron ee knmuen (nnn, n xy -
mem cnyuae, na onn nr mentme) , cneonarentno, on cmoxer cenart ro xe camoe . V Annct ner pyroro ntopa,
kpome kak npoonxart cneonart nporokony.
Hex n rom, uro Annce npnercx nrpart uecrno, noromy uro nepoxrnocrt omanyrt Foa cnnmkom mana . B kon-
ne nporokona y oenx cropon ecrt n nonncanntx nap coomennn, nmoe ns koroptx ocrarouno nx npannntnon
nonncn.
V Annct ecrt rontko onn cnoco cmomennnuart - ona moxer nocnart Foy onnakonte coomennx na +rane
(5). Fo ne cmoxer onapyxnrt +roro o okonuannx nporokona, no on cmoxer ncnontsonart crenorpammy nporok o-
na, urot yenrt cytm n nynnunocrn Annct.
Hporokont +roro rnna nmemr na cnatx mecra |138]. Bo nepntx, nponema nosnnkaer, ecnn ntuncnnrentnax
momt onon cropont ropaso ontme, uem y pyron . Ecnn, nanpnmep, Annca moxer ntnonnnrt nckptrne rpytm
nsnomom tcrpee Foa, ro ona pano npekparnr nepeauy nron na +rane (8) n packpoer knmun Foa camocroxrent-
no. Foy, koropomy nx raknx xe encrnnn npocro ne xnarnr npemenn, ne noneser .
Bo nroptx, nponema nosnnkaer, ecnn ona ns cropon npekpamaer nporokon pantme npemenn . Ecnn Annca
oopner ntnonnenne nporokona, oa cronknyrcx c onnakontmn ntuncnnrentntmn nponemamn, no y ne xnarnr
pecypcon sanepmnrt ntuncnennx k nyxnomy cpoky . Hponema noxnnxercx, k npnmepy, ecnn konrpakr onpeenxer,
uro Annca onxna cenart uro-ro uepes neenm, a ona npeptnaer nporokon n ror momenr, kora Foy nx ntun c-
nennx ee nonncn norpeyercx nentn ro pacueron . Peantnax cnoxnocrt npn +rom saknmuaercx n nnskon are
npemera konrpakra, k koropon nponecc ne yer sanepmen onon nnn oenmn nonnctnammnmn croponamn .
3rn nponemt cymecrnymr rakxe nx nporokonon pasenon 5.8 n 5.9.
5.8 Snek1ponnan nou1a c nop1neppenneu
Takon xe nporokon ononpemennon paccexnnon nepeaun, ncnontsonanntn nx nonncannx konrpakra, c n e-
ontmnmn nsmenennxmn ncnontsyercx nx +nekrponnon nourt c nornepxennem |529]. Hycrt Annca xouer no-
cnart coomenne Foy, no ne xouer, urot on npounran ero, ne pacnncanmnct n nonyuennn . B peantnon xnsnn +ro
oecneunnaercx nenpnnernnntmn nourontmn cnyxamnmn , no ro xe camoe moxer trt cenano npn nomomn
kpnnrorpa|nn. 3ry nponemy nepntm paccmorpen Vnr|nn n||n n |490].
Ha nepntn nsrnx, +ry nponemy mor t pemnrt nporokon ononpemennoro nonncannx konrpakra. Annca
npocro konnpyer cnoe coomenne knmuom DES. Ee nononnna nporokona ntrnxnr npnmepno rak : "3ro nenax no-
nonnna knmua DES: 32f5", a nononnna nporokona Foa - rak: "3ro nenax nononnna moen knnrannnn." Bce ocrant-
noe ne menxercx.
urot nonxrt, nouemy +ro ne paoraer, ncnomnnre, uro nporokon onnpaercx na ro, uro paccexnnax nepeaua na
+rane (5) npeoxpanxer or momennnuecrna oe cropont. Oa naprnepa snamr, uro onn nocnann pyron cropone
npannntnym nononnny, no nnkro ne snaer kakym. Onn ne momennnuamr na +rane (8), noromy uro nepoxrnocrt
ntnrn cyxnm ns not upesntuanno mana. Ecnn Annca noctnaer Foy ne coomenne, a nononnny knmua DES, ro
Fo ne moxer nponepnrt npannntnocrt knmua DES na +rane (6). Annca xe moxer nponepnrt npannntnocrt kn n-
rannnn Foa, no+romy Foy npnercx trt uecrntm. Annca nerko moxer ornpannrt Foy nenpannntntn knmu a
kora on onapyxnr +ro, ero knnrannnx yxe yer y Annct. Bor nenesyxa, Fo.
Pemenne +ron nponemt norpeyer nekoropon koppeknnn nporokona :
(1) Annca mn|pyer cnoe coomenne cnyuanntm knmuom DES n noctnaer ero Foy.
(2) Annca cosaer n nap knmuen DES. Hepntn knmu kaxon napt renepnpyercx cnyuanntm opasom, a nropon
npecrannxer coon XOR nepnoro knmua n knmua mn|ponannx coomennx .
(3) Annca mn|pyer coomenne-sarnymky kaxtm ns cnonx 2n knmuen.
(4) Annca noctnaer Foy ncm nauky mn|ponanntx coomennn , nponepxx, uro on snaer, kakne coomennx ka-
knmn nononnnamn kaknx nap xnnxmrcx.
(5) Fo cosaer n nap cnyuanntx knmuen DES.
(6) Fo cosaer napy coomennn, opasymmnx npannntnym knnrannnm. Xopomnm napnanramn moryr cnyxnrt
"3ro nenax nononnna moen knnrannnn" n "3ro nenax nononnna moen knnrannnn" c oannennem kakon-
nnyt crpokn cnyuanntx nron. On cosaer n nap knnrannnn, nymepyx kaxym. Kak n n npetymem np o-
rokone knnrannnx cunraercx npannntnon, ecnn Annca moxer npexnnrt oe nononnnt knnrannnn (c onnm
n rem xe nomepom) n nce ee knmun mn|ponannx.
(7) Fo mn|pyer kaxym cnom napy coomennn napamn knmuen DES, i-ym napy coomennn - i-on napon knm-
uen, nenoe coomenne - nentm knmuom n nape , a npanoe - npantm . n nape.
(8) Fo noctnaer Annce cnom nauky mn|ponanntx coomennn , nponepxx, uro ona snaer, kakne coomennx ka-
knmn nononnnamn kaknx nap xnnxmrcx.
(9) Annca n Fo noctnamr pyr pyry nce napt knmuen, ncnontsyx nporokon paccexnnon nepeaun . To ecrt,
Annca noctnaer Foy nesanncnmo nx kaxon ns n nap knmuen nno knmu, ncnontsonanntn nx mn|pon a-
nnx nenoro coomennx, nno knmu, ncnontsonanntn nx mn|ponannx npanoro coomennx . Fo enaer ro xe
camoe. Onn moryr noctnart cnon nononnnkn no ouepen, nnn cnauana onn moxer nocnart nce n, a norom
pyron - +ro ne nmeer snauennx. Tenept n y Annct, n y Foa ecrt no onomy knmuy ns kaxon napt , no nn-
kro ne snaer, kakne ns nononnnok nonyunn naprnep .
(10) Annca n Fo pacmn|pontnamr re nononnnkn coomennn, koropte moryr n yexamrcx, uro pacmn|po-
nannte coomennx npannntnt.
(11) Annca n Fo noctnamr pyr pyry nepnte nrt ncex 2n knmuen DES. (Ecnn onn ecnokoxrcx, uro Ena
cmoxer npounrart +rn nouronte coomennx, ro onn onxnt mn|ponart cnon omen nramn).
(12) Annca n Fo nonropxmr +ran (11) nx nroptx nron ncex 2n knmuen DES, sarem rpertnx nron n rak a-
nee, noka nce nrt ncex knmuen DES ne yyr nepeant.
(13) Annca n Fo pacmn|pontnamr ocranmnecx nononnnkn coomennn. Annca nonyuaer npannntnym knnran-
nnm or Foa, a Fo moxer ntnonnnrt "ncknmuammee nnn" nx nmon napt knmuen n nponyunrt knmu, k o-
roptm samn|ponano opnrnnantnoe coomenne.
(14) Annca n Fo omennnamrcx sakptrtmn knmuamn, ncnontsonanntmn nx nporokona paccexnnon nepeaun,
n kaxtn ns nnx yexaercx n orcyrcrnnn momennnuecrna .
3rant (5)-(8) nx Foa n (9)-(12) nx oenx cropon ne menxmrcx no cpannennm c nporokonom nonncannx ko n-
rpakra. Ornnune - n coomennxx-sarnymkax Annct. Onn npeocrannxmr Foy nosmoxnocrt nponepnrt npannn t-
nocrt ee paccexnnon nepeaun na +rane (10), uro sacrannxer ee ocranartcx uecrnon na +ranax (11)-(13). H, kak n
nx nporokona ononpemennoro nonncannx konrpakra , nx ntnonnennx nporokona rpeymrcx oe nononnnt o -
noro ns coomennn Annct.
5.9 Opnonpeuennm ouen cekpe1aun
Annca snaer cekper A, a Fo - cekper B. Annca conpaercx coomnrt Foy A, ecnn on pacckaxer en B. Fo xo-
uer coomnrt Annce B, ecnn ona pacckaxer emy A. Cneymmnn nporokon, nocnymanntn na mkontnom nope,
paorart ne yer:
(1) Annca: " ckaxy, ecnn rt ckaxemt mne nepntm."
(2) Fo: " ckaxy, ecnn rt ckaxemt mne nepnon."
(3) Annca: "Her, rt nepntn."
(4) Fo: "Hy, xopomo.'' Fo menuer Annce.
(5) Annca: "Xa, a x ree ne ckaxy."
(6) Fo: "3ro ne uecrno."
uecrntm +ro moxer cenart kpnnrorpa|nx. Hpetymne na nporokona xnnxmrcx peannsannxmn onee ome-
ro nporokona, koroptn n nosnonnr Annce n Foy ononpemenno omenxrtcx cekperamn |529]. urot ne nonropxrt
nonnocrtm nect nporokon, x napocam neoxonmte nsmenennx nporokona nourt c nornepxennem .
Annca ntnonnxer +rant (1)-(4), ncnontsyx n kauecrne coomennx A. Fo ntnonnxer +rn xe encrnnx, ncnont-
syx n kauecrne cnoero coomennx B. Annca n Fo ntnonnxmr paccexnnym nepeauy na +rane (9) , pacmn|pontna-
mr na +rane (10) re nononnnkn, koropte moryr , n ntnonnxmr neoxonmte nrepannn na +ranax (11) n (12) . urot
samnrnrtcx or Ent, onn onxnt mn|ponart cnon coomennx . Hakonen, n Annca, n Fo pacmn|pontnamr ocran-
mnecx nononnnt nap coomennx n ntnonnxmr XOR nx nmon napt knmuen, urot nonyunrt knmun, koroptmn
samn|ponant opnrnnantnte coomennx.
3ror nporokon nosnonxer Annce n Foy ononpemenno omennnartcx cekperamn, no ne rapanrnpyer kauecrna
nepeanntx cekperon. Annca moxer nooemart Foy nnan nanpnnra Mnnoranpa n npncnart emy cxemy Focro n-
ckoro merpo. Fo nonyunr rontko ror cekper, koroptn Annca npnmner emy . pyrne nporokont onncant n |1286,
195, 991, 1524, 705, 753, 259, 358, 415].
Fnana 6
Sso1epnueckne npo1okonm
6.1 Besonacnme nmopm
Komntmrepnoe ronoconanne nnkora ne yer ncnontsonano nx otuntx ntopon, noka ne noxnnrcx npor o-
kon, koroptn ononpemenno npeoxpanxer or momennnuecrna n samnmaer ranny nnunocrn. Heantntn nporokon
onxen onaart, no mentmen mepe, cneymmnmn mecrtm cnoncrnamn :
1. Ionoconart moryr rontko re, kro nmeer na +ro npano .
2. Kaxtn moxer ronoconart ne onee onoro pasa .
3. Hnkro ne moxer ysnart, sa koro nporonoconan konkperntn nsnparent .
4. Hnkro ne moxer nporonoconart nmecro pyroro. (3ro okastnaercx camtm rxxentm rpeonannem.)
5. Hnkro ne moxer ranno nsmennrt uen-ro ronoc .
6. Kaxtn ronocymmnn moxer nponepnrt, uro ero ronoc yunrtnancx npn noneennn nroron ronoconannx .
Kpome roro, nx nekoroptx cxem ronoconannx moxer nonaonrtcx cneymmee rpeonanne :
7. Kaxtn snaer, kro ronoconan, a kro ner.
Hpexe uem onnctnart cnoxnte nporokont, nmemmne npnneennte xapakrepncrnkn, ananre nsrnxnem na
pa nporokonon nonpome.
Vnpoueuum npomorou eouocoeauua X1
(1) Kaxtn ronocymmnn mn|pyer cnon mnnerent orkptrtm knmuom Henrpantnon nsnparentnon komnccnn
(HHK).
(2) Kaxtn ronocymmnn noctnaer cnon mnnerent n HHK.
(3) HHK pacmn|pontnaer mnnerenn, nononr nrorn n onynnkontnaer pesyntrart ronoconannx .
3ror nporokon npocro knmnr nponemamn. HHK ne moxer ysnart, orkya nonyuent mnnerenn, n axe, np n-
nanexar nn npncnannte mnnerenn npanomountm nsnparenxm . V nee ner nn manenmero npecrannennx o rom,
ne ronoconann nn npanomounte nsnparenn ontme onoro pasa . Honoxnrentnon croponon xnnxercx nenosmox-
nocrt nsmennrt mnnerent pyroro uenoneka , no nnkro n ne yer ntrartcx +ro cenart, noromy uro ropaso r o-
noconart nonropno, onnaxct nyxntx pesyntraron ntopon.
Vnpoueuum npomorou eouocoeauua X2
(1) Kaxtn ronocymmnn nonnctnaer cnon mnnerent cnonm sakptrtm knmuom .
(2) Kaxtn ronocymmnn mn|pyer cnon mnnerent orkptrtm knmuom HHK .
(3) Kaxtn ronocymmnn noctnaer cnon mnnerent n HHK.
(4) HHK pacmn|pontnaer mnnerenn, nponepxer nonncn, nononr nrorn n onynnkontnaer pesyntrart r o-
noconannx.
3ror nporokon onaaer cnoncrnamn 1 n 2: Tontko npanomounte nsnparenn moryr ronoconart, n nnkro ne
moxer ronoconart onee onoro pasa - HHK moxer sannctnart mnnerenn, nonyuennte na +rane (3). Kaxtn
mnnerent nonncan sakptrtm knmuom ronocymmero, no+romy HHK snaer, kro ronoconan, a kro ner, n, kak ron o-
conan kaxtn nsnparent. Ecnn nonyuen mnnerent, koroptn ne nonncan npanomountm nontsonarenem, nnn
mnnerent, nonncanntn nsnparenem, koroptn yxe nporonoconan , ro rakon mnnerent nrnopnpyercx
komnccnen. Kpome roro, ns-sa nn|ponon nonncn nnkro ne moxer nsmennrt mnnerent pyroro nsnparenx, axe
ecnn cymeer nepexnarnrt ero na +rane (2).
Hponema +roro nporokona n rom, uro nonnct oannxercx k mnnerenm, HHK snaer, kro sa koro ronoconan .
Bn|ponanne mnnerenen orkptrtm knmuom HHK memaer nocroponnnm snoynorpenxrt nporokonom n ysnanart,
kro sa koro ronoconan, no nam npnercx nonnocrtm onepxrt HHK 3ro kak yro n kannke nx ronoconannx nam
uepes nneuo sarnxtnaer +nekrponntn cytx .
na cneymmnx npnmepa nokastnamr, kak rpyno oecneunrt xorx t nepnte rpn rpeonannx k nporokony
esonacnoro ronoconannx.
Iouocoeauue co cuenmu nonucau
Ham nyxno kak-ro orennrt mnnerent or ronocymmero, coxpannn nponeypy nenrn|nkannn nnunocrn .
Hmenno +ro moxno cenart c nomomtm nporokona cnenon nonncn .
(1) Kaxtn nsnparent cosaer 10 naopon coomennn , kaxtn naop coepxnr npannntntn mnnerent nx
kaxoro nosmoxnoro pesyntrara (nanpnmep, ecnn mnnerenem xnnxercx onn ns orneron "a"-"ner", ro ka x-
tn naop cocronr ns nyx mnnerenen, onoro nx "a", a pyroro nx "ner" ). Kaxoe coomenne coepxnr
rakxe cnyuanntm opasom cosanntn nenrn|nkannonntn nomep, ocrarouno ontmon, urot nsexart
nyrannnt c pyrnmn nsnparenxmn.
(2) Kaxtn nsnparent nnuno macknpyer nce coomennx (cm. pasen 5.3) n noctnaer nx n HHK nmecre c ma c-
knpymmnm mnoxnrenxmn.
(3) HHK no cnoen ase anntx nponepxer, uro nontsonarent ne npnctnan pantme nx nonncannx cnon sama c-
knponannte mnnerenn. HHK orkptnaer 9 ns naopon, nponepxx, uro onn npannntno c|opmnponant . 3arem
ona nnnnnyantno nonnctnaer kaxoe coomenne naopa n noctnaer nx oparno nsnparenm, coxpanxx
nmx nsnparenx n cnoen ase anntx.
(4) Hsnparent cnnmaer macknponky c coomennn n nonyuaer naop mnnerenen, nonncanntx HHK . (3rn
mnnerenn nonncant, no ne samn|ponant, no+romy nsnparent nerko ynnnr, kakon ns mnnerenen - "a",
a kakon - "ner". )
(5) Kaxtn nsnparent ntnpaer onn ns mnnerenen (o, emokparnx!) n mn|pyer ero orkptrtm knmuom
HHK.
(6) Hsnparent ornpannxer cnon mnnerent.
(7) HHK pacmn|pontnaer mnnerenn, nponepxer nonncn, nponepxer no ase anntx ynnkantnocrt nenrn| n-
kannonnoro nomepa, coxpanxer nocneonarentntn nomep n nononr nrorn. Ona onynnkontnaer pesyntr a-
rt ronoconannx nmecre c kaxtm nocneonarentntm nomepom n coornercrnymmnm mnnerenem .
M+nnopn, nsnparent-xynnk, ne moxer omanyrt +ry cncremy. Hporokon cnenon nonncn oecneunnaer en n-
crnennocrt ero mnnerenn. Ecnn on nontraercx ornpannrt ror xe mnnerent naxt, HHK onapyxnr ynnp o-
nanne nocneonarentntx nomepon na +rane (7) n ne yer yunrtnart nropon mnnerent. Ecnn on nontraercx no-
nyunrt neckontko mnnerenen na +rane (2), HHK onapyxnr +ro na +rane (3). M+nnopn ne moxer cosart cnon
cocrnennte mnnerenn, noromy uro on ne snaer sakptroro knmua komnccnn . Ho ron xe npnunne on ne moxer
nepexnarnrt n nsmennrt uyxne mnnerenn.
Hporokon "paspesart n ntpart" na +rane (3) onxen oecneunrt ynnkantnocrt mnnerenen. Fes +roro +rana
M+nnopn mor t cosart rouno rakon xe, sa ncknmuennem nenrn|nkannonnoro nomepa, naop mnnerenen n
sanepnrt nx nce n HHK.
Momennnueckax HHK ne cmoxer ysnart, kak ronoconan konkperntn nsnparent. Tak kak nporokon cnenon
nonncn macknpyer nocneonarentnte nomepa mnnerenen o momenra noneennx nroron , HHK ne cmoxer ycra-
nonnrt cnxst mexy nonncanntm em samacknponanntm mnnerenem n notroxnnaemtm mnnerenem . Onynn-
konanne nepeunx nocneonarentntx nomepon n cnxsanntx c nnmn mnnerenen nosnonxer nontsonarenxm yenr t-
cx, uro nx mnnerenn tnn npannntno yurent.
Ho nponemt nce eme ocramrcx. Ecnn +ran (6) ne anonnmen, n HHK moxer sanncart, kro kakon mnnerent
npncnan, ro ona cmoxer ysnart, kro sa koro ronoconan. Onako, +ro nenosmoxno, ecnn komnccnx nonyuaer mnn e-
renn n saneuarannon ypne nx ronoconannx n cunraer nx nosxe . Xorx HHK n ne cmoxer ycranonnrt cnxst mexy
nsnparenxmn n nx mnnerenxmn, ona cmoxer cosart ontmoe konnuecrno nonncanntx n npannntntx mnn e-
renen n cmomennnuart, npncnan nx cama cee . H ecnn Annca onapyxnr, uro HHK nomennna ee mnnerent, ona
ne cmoxer okasart +roro. Ananornuntn nporokon, ntrammnncx ycrpannrt +rn nponemt, onncan n |1195, 1370].
Iouocoeauue c eya Heumpauoumu rouccuau
Onnm ns pemennn xnnxercx pasennrt HHK nononam. Hn y onon ns nnx ne yer ocrarouno nnacrn, urot
cmomennnuart no cnoemy ycmorpennm.
B cneymmem nporokone ncnontsyercx Henrpantnoe ynpannenne perncrpannn (HVP), sannmammeecx npone p-
kon nontsonarenen, n orentnax HHK nx nocuera mnnerenen |1373].
(1) Kaxtn nsnparent ornpannxer nnctmo n HVP, sanpamnnax perncrpannonntn nomep.
(2) HVP nosnpamaer nsnparenm cnyuanntn perncrpannonntn nomep. HVP neer cnncok perncrpannonntx
nomepon. Kpome roro, HVP xpannr cnncok nonyuarenen perncrpannonntx nomepon na cnyuan, ecnn kro-ro
nontraercx nporonoconart naxt.
(3) HVP ornpannxer cnncok perncrpannonntx nomepon n HHK.
(4) Kaxtn nsnparent ntnpaer cnyuanntn nenrn|nkannonntn nomep. On cosaer coomenne c +rnm nom e-
pom, perncrpannonntm nomepom, nonyuenntm n HVP, n cnonm mnnerenem. On noctnaer +ro coomenne n
HHK.
(5) HHK nponepxer perncrpannonnte nomepa no cnncky, nonyuennomy or HVP na +rane (3). Ecnn perncrpan n-
onntn nomep ecrt n cnncke, HHK ntuepknnaer ero (urot nsexart nonropnoro ronoconannx). HHK oa n-
nxer nenrn|nkannonntn nomep k cnncky rex, kro nporonoconan sa onpeenennoro kannara, n npnannxer
ennnuky k coornercrnymmemy nroronomy uncny.
(6) Hocne roro, kak nce mnnerenn yyr nonyuent, HHK nynnkyer pesyntrart nmecre co cnnckamn, coepx a-
mnmn nenrn|nkannonnte nomepa n coornercrnymmne mnnerenn.
Kak n n npetymem nporokone kaxtn nsnparent moxer ynnert cnncok nenrn|nkannonntx nomepon n
nanrn n nem cnon cocrnenntn. Tak on moxer yenrtcx, uro ero mnnerent yuren. Koneuno, nce coomennx, ko-
roptmn omennnamrcx yuacrnnkn nporokona onxnt trt samn|ponant n nonncant, urot nomemart komy-
nnyt ntart cex sa pyroro nnn nepexnarnrt coomennx .
HHK ne moxer nsmennrt mnnerenn, noromy uro kaxtn nsnparent yer nckart cnon perncrpannonntn n o-
mep. Ecnn nsnparent ne naxonr cnon perncrpannonntn nomep nnn naxonr ero n nroronom cnncke c pyrnm pe-
syntrarom ronoconannx, on nemenenno ysnaer, uro nponsomen oman. HHK ne moxer oannrt mnnerent n y p-
ny, koropax naxonrcx no nanmennem HVP. HVP snaer, ckontko nsnparenen saperncrpnponanoct, nx pernc r-
pannonnte nomepa n onapyxnr nmte nsmenennx.
M+nnopn, ne onaammnn nsnparentntmn npanamn, moxer nontrartcx cmomennnuart, yraan npannntntn
perncrpannonntn nomep. Vrposa +roro moxer trt mnnnmnsnponana, ecnn mnoxecrno nosmoxntx perncrpanno n-
ntx nomepon namnoro ontme, uem mnoxecrno peantntx perncrpannonntx nomepon : 100-nronoe uncno nx mnn-
nnona nsnparenen. Koneuno xe, perncrpannonnte nomepa onxnt renepnponartcx cnyuanntm opasom .
Hecmorpx na +ro, HVP onxna trt sacnyxnnammnm onepnx opranom nnacrn - net ona moxer saperncrp n-
ponart nenpanomountx nsnparenen. Ona rakxe moxer saperncrpnponart npanomountx nsnparenen neckontko
pas. 3ror pnck moxer trt cneen k mnnnmymy, ecnn HVP onynnkyer cnncok saperncrpnponanmnxcx nsnpar e-
nen (no es nx perncrpannonntx nomepon). Ecnn uncno nsnparenen n +rom cnncke mentme, uem uncno nocun-
ranntx mnnerenen, ro uro-ro ne rak. Onako, ecnn saperncrpnponanoct ontme nsnparenen, uem tno npncnano
mnnerenen, ro +ro, nosmoxno, osnauaer, uro px saperncrpnponanmnxcx nsnparenen ne nporonoconan . Mnorne,
saperncrpnponanmnct, ne yrpyxamrcx pocnrt n ypny cnon mnnerent .
3ror nporokon essamnren nepe cronopom HHK n HVP. Ecnn onn encrnymr nmecre, onn moryr oennnrt
cnon ast anntx n ysnart, kro sa koro ronocyer .
Iouocoeauue c ouo Heumpauouo rouccue
urot nsexart onacnocrn cronopa mexy HVP n HHK moxno ncnontsonart onee cnoxntn nporokon |1373].
3ror nporokon nenrnuen npetymemy c nymx nsmenennxmn :
HVP n HHK xnnxmrcx ennon oprannsannen, n
nx anonnmnoro pacnpeenennx perncrpannonntx nomepon na +rane (2) ncnontsyercx ANDOS (cm. pasen
4.13).
Tak kak nporokon anonnmnoro pacnpeenennx knmuen ne nosnonxer HHK ysnart, y kakoro nsnparenx kakon
perncrpannonntn nomep, V HHK ner cnocoa cnxsart perncrpannonnte nomepa n nonyuennte mnnerenn . Ho
HHK onxna trt naexntm opranom, urot ne ntanart perncrpannonntx nomepon nenpanomountm nsnpar e-
nxm. 3ry nponemy rakxe moxno pemnrt c nomomtm cnentx nonncen .
Vuyuueuuoe eouocoeauue c ouo Heumpauouo rouccue
B +rom nporokone rakxe ncnontsyercx ANDOS |1175]. On yonnernopxer ncem mecrn rpeonannxm xopomero
nporokona ronoconannx. On ne yonnernopxer cetmomy rpeonannm, no onaaer nymx cnoncrnamn, ononnx m-
mnmn nepeuncnennte n nauane pasena mecrt cnoncrn :
7. Hsnparent moxer nsmennrt cnoe mnenne (r.e., annynnponart cnon mnnerent n nporonoconart sanono )
n reuenne saannoro nepnoa npemenn.
8. Ecnn nsnparent onapyxnnaer, uro ero mnnerent nocunran nenpannntno, on moxer ycranonnrt n n c-
npannrt nponemy, ne pnckyx esonacnocrtm cnoero mnnerenx .
Bor +ror nporokon:
(1) HHK nynnkyer cnncok ncex npanomountx nsnparenen .
(2) B reuenne onpeenennoro cpoka kaxtn nsnparent coomaer n HHK, conpaercx nn on ronoconart .
(3) HHK nynnkyer cnncok nsnparenen, yuacrnymmnx n ntopax .
(4) Kaxtn nsnparent nonyuaer nenrn|nkannonntn nomep , I, c nomomtm nporokona ANDOS.
(5) Kaxtn nsnparent renepnpyer napy orkptrtn knmu/sakptrtn knmu : k, d. If Ecnn v - +ro mnnerent, ro
nsnparent cosaer n noctnaer n HHK cneymmee coomenne :
I,E
k
(I, v)
3ro coomenne onxno trt nocnano anonnmno .
(6) HHK nornepxaer nonyuenne mnnerenx, nynnkyx :
E
k
(I, v)
(7) Kaxtn nsnparent noctnaer HHK:
I, d
(8) HHK pacmn|pontnaer mnnerenn. B konne ntopon ona nynnkyer nx pesyntrart n, nx kaxoro napnanra
ntopa, cnncok coornercrnymmnn snauennn E
k
(I, v).
(9) Ecnn nsnparent onapyxnnaer, uro ero mnnerent nocunran nenpannntno, on nporecryer, noctnax HHK :
I, E
k
(I, v), d
(10) Ecnn nsnparent xouer nsmennrt cnon mnnerent c v na v, on noctnaer HHK:
I, E
k
(I, v), d
pyron nporokon ronoconannx ncnontsyer nmecro ANDOS cnente nonncn, no no cyrn mano uem ornnuaercx
|585]. 3rant (1) - (3) xnnxmrcx npenapnrentntmn. Hx nent cocronr n rom, urot ysnart n onynnkonart ncex
encrnnrentntx nsnparenen. Xorx nekoropte ns nnx, nepoxrno, ne npnmyr yuacrn n ronoconannn, +ro ymentmaer
nosmoxnocrt HHK oannrt noentnte mnnerenn.
Ha +rane (4) na nsnparenx moryr nonyunrt onn n ror xe nenrn|nkannonntn nomep . 3ra nosmoxnocrt mo-
xer trt mnnnmnsnponana, ecnn uncno nosmoxntx nenrn|nkannonntx nomepon yer ropaso ontme, uem
uncno peantntx nsnparenen. Ecnn na nsnparenx npnctnamr mnnerenn c onnakontm nenrn|nkaropom,
HHK renepnpyer nontn nenrn|nkannonntn nomep, I, ntnpaer onoro ns nsnparenen n nynnkyer :
I,E
k
(I, v)
Bnaenen +roro mnnerenx ysnaer o nponsomemen nyrannne n noctnaer cnon mnnerent cnona, nonropxx
+ran (5) c nontm nenrn|nkannonntm nomepom.
3ran (6) aer kaxomy nsnparenm nosmoxnocrt nponepnrt, uro HHK npannntno nonyunna ero mnnerent .
Ecnn ero mnnerent nenpannntno nocunran, on moxer okasart +ro na +rane ( 9). Hpenonarax, uro mnnerent
nsnparenx na +rane (6) npannnen, coomenne, koropoe on noctnaer na +rane (9) okastnaer, uro ero mnnerent
tn nenpannntno nocunran.
Onon ns nponem +roro nporokona xnnxercx ro, uro xyntnnueckax HHK cmoxer nocnontsonartcx nmen, k o-
ropte coomnnn o namepennn ronoconart na +rane (2), no ne ronoconann n encrnnrentnocrn . pyron nponemon
xnnxercx cnoxnocrt nporokona ANDOS. Anropt pekomenymr pasnnart nsnparenen na mentmne rpynnt, n a-
npnmep nsnparentnte okpyra.
Eme onon, onee ceptesnon nponemon xnnxercx ro, uro HHK moxer ne nocunrart kakon-nnyt mnnerent .
3ra nponema nepaspemnma: Annca yrnepxaer, uro HHK namepenno npeneper ee mnnerenem, a HHK yrne p-
xaer, uro Annca nnkora ne ronoconana.
Iouocoeauue es Heumpauouo usupameuouo rouccuu
B cneymmem nporokone HHK ne ncnontsyercx, nsnparenn cnexr pyr sa pyrom . 3ror nporokon, cosanntn
Manknom Meppnrrom |452, 1076, 453], nacrontko rpomosok, uro nosmoxnocrt ero peannsannn ontme uem nx
nxrn uenonek comnnrentna, no nce xe nosnakomnrtcx c nnm yer nonesno.
Annca, Fo, K+pon n +nn ronocymr (a/ner nnn 0/1) no kakomy-ro nonpocy . Hycrt y kaxoro nsnparenx ecrt
orkptrtn n sakptrtn knmun. Hycrt rakxe nce orkptrte knmun nsnecrnt ncem.
(1) Kaxtn ronocymmnn pemaer, kak ronoconart, n enaer cneymmee:
(a) oannxer cnyuannym crpoky k cnoemy mnnerenm.
(b) Bn|pyer pesyntrar +rana (a) orkptrtm knmuom +nna.
(c) Bn|pyer pesyntrar +rana (b) orkptrtm knmuom K+pon.
(d) Bn|pyer pesyntrar +rana (c) orkptrtm knmuom Foa.
(e) Bn|pyer pesyntrar +rana (d) orkptrtm knmuom Annct.
(f) oannxer nonym cnyuannym crpoky k pesyntrary +rana ( e) n mn|pyer nonyunnmeecx orkptrtm knm-
uom +nna. On sannctnaer snauenne cnyuannon crpokn.
(g) oannxer nonym cnyuannym crpoky k pesyntrary +rana ( f) n mn|pyer nonyunnmeecx orkptrtm knm-
uom K+pon. On sannctnaer snauenne cnyuannon crpokn.
(h) oannxer nonym cnyuannym crpoky k pesyntrary +rana ( g) n mn|pyer nonyunnmeecx orkptrtm knm-
uom Foa. On sannctnaer snauenne cnyuannon crpokn.
(i) oannxer nonym cnyuannym crpoky k pesyntrary +rana ( g) n mn|pyer nonyunnmeecx orkptrtm knm-
uom Annct. On sannctnaer snauenne cnyuannon crpokn.
Ecnn E - +ro |ynknnx mn|ponannx, R
i
- cnyuannax crpoka, a J - mnnerent , ro ero coomenne yer ntrnx-
ert cneymmnm opasom:
E
A
(R
5
,E
B
(R
4
,E
C
(R
3
,E
D
(R
2
,E
A
(E
B
(E
C
(E
D
(J,R
1
))))))))
Kaxtn ronocymmnn coxpanxer npomexyrounte pesyntrart na kaxom +rane ntuncnennn. 3rn pesyntrart
yyr ncnontsonartcx na antnenmnx +ranax nporokona nx nornepxennx, uro mnnerent annoro ns n-
parenx yer yuren.
(2) Kaxtn ronocymmnn ornpannxer coomenne Annce.
(3) Annca pacmn|pontnaer nce mnnerenn, ncnontsyx cnon sakptrtn knmu, n yanxer nce cnyuannte crpokn
na +rom yponne.
(4) Annca neperacontnaer nce mnnerenn n noctnaer pesyntrar Foy.
Tenept kaxtn mnnerent yer ntrnxert cn eymmnm opasom:
E
B
(R
4
,E
C
(R
3
,E
D
(R
2
,E
A
(E
B
(E
C
(E
D
(J,R
1
)))))))
(5) Fo pacmn|pontnaer nce mnnerenn, ncnontsyx cnon sakptrtn knmu, nponepxer, ecrt nn ero mnnerent
cpen npncnanntx mnnerenen, yanxer nce cnyuannte crpokn na +rom yponne, racyer mnnerenn n noctn a-
er pesyntrar K+pon.
Tenept kaxtn mnnerent yer ntrnxert cn eymmnm opasom:
E
C
(R
3
,E
D
(R
2
,E
A
(E
B
(E
C
(E
D
(J,R
1
))))))
(6) K+pon pacmn|pontnaer nce mnnerenn, ncnontsyx cnon sakptrtn knmu, nponepxer, ecrt nn ee mnnerent
cpen npncnanntx mnnerenen, yanxer nce cnyuannte crpokn na +rom yponne, racyer mnnerenn n noctn a-
er pesyntrar +nny.
Tenept kaxtn mnnerent yer ntrnxert cn eymmnm opasom:
E
D
(R
2
,E
A
(E
B
(E
C
(E
D
(J,R
1
)))))
(7) +nn pacmn|pontnaer nce mnnerenn, ncnontsyx cnon sakptrtn knmu, nponepxer, ecrt nn ero mnnerent
cpen npncnanntx mnnerenen, yanxer nce cnyuannte crpokn na +rom yponne, racyer mnnerenn n noctn a-
er pesyntrar Annce.
Tenept kaxtn mnnerent yer ntrnxert cn eymmnm opasom:
E
A
(E
B
(E
C
(E
D
(J,R
1
))))
(8) Annca pacmn|pontnaer nce mnnerenn, ncnontsyx cnon sakptrtn knmu, nponepxer, ecrt nn ee mnnerent
cpen npncnanntx mnnerenen, nonnctnaer nce mnnerenn n noctnaer pesyntrar Foy, K+pon n +nny.
Tenept kaxtn mnnerent yer ntrnxert cn eymmnm opasom:
S
A
(E
B
(E
C
(E
D
(J,R
1
))))
(9) Fo nponepxer n yanxer nonncn Annct. On pacmn|pontnaer nce mnnerenn, ncnontsyx cnon sakptrtn
knmu, nponepxer, ecrt nn ero mnnerent cpen npncnanntx mnnerenen, nonnctnaer nce mnnerenn n n o-
ctnaer pesyntrar Annce, K+pon n +nny.
Tenept kaxtn mnnerent yer ntrnxert cn eymmnm opasom:
S
B
(E
C
(E
D
(J,R
1
)))
(10) K+pon nponepxer n yanxer nonncn Foa. Ona pacmn|pontnaer nce mnnerenn, ncnontsyx cnon sakptrtn
knmu, nponepxer, ecrt nn ee mnnerent cpen npncnanntx mnnerenen, nonnctnaer nce mnnerenn n n o-
ctnaer pesyntrar Annce, Foy n +nny.
Tenept kaxtn mnnerent yer ntrnxert cn eymmnm opasom:
S
C
(E
D
(J,R
1
))
(11) +nn nponepxer n yanxer nonncn K+pon. On pacmn|pontnaer nce mnnerenn, ncnontsyx cnon sakptrtn
knmu, nponepxer, ecrt nn ero mnnerent cpen npncnanntx mnnerenen, nonnctnaer nce mnnerenn n n o-
ctnaer pesyntrar Annce, Foy n K+pon.
Tenept kaxtn mnnerent yer ntrnxert cn eymmnm opasom:
S
D
(J,R
1
)
(12) Bce nponepxmr n yanxmr nonnct +nna. Onn yexamrcx, uro nx mnnerenn naxoxrcx cpen nonyue n-
ntx (naxox cnom cnyuannym crpoky).
(13) Bce yanxmr cnyuannte crpokn ns kaxoro mnnerenx n cymmnpyer mnnerenn.
3ror nporokon ne rontko paoraer, on cam xnnxercx cnonm apnrpom . Annca, Fo, K+pon n +nn nemenenno
ysnamr, ecnn kro-nnyt ns nnx nontraercx momennnuart . He nyxno nnkaknx HHK n HVP. urot ynnert, kak
+ro paoraer, nontraemcx cmomennnuart.
Ecnn kro-nnyt ntraercx oannrt mnnerent, Annca onapyxnr +ry nontrky na +rane (3), kora ona nony-
unr mnnerenen ontme uem konnuecrno nmen, yuacrnymmnx n ronoconannn. Ecnn Annca nontraercx oannrt
mnnerent, Fo onapyxnr +ro na +rane (4).
Fonee nonkon xnnxercx nomena onoro mnnerenx pyrnm. Tak kak mnnerenn mn|pymrcx pasnnuntmn or-
kptrtmn knmuamn, kaxtn moxer cosart crontko npannntntx mnnerenen, ckontko nyxno . Hporokon emn|-
pnponannx cocronr ns nyx uacren: nepnax nknmuaer +rant (3)-(7), a nropax - +rant (8)-(11). Homena ronoca na
pasnnuntx +ranax onapyxnnaercx no pasnomy.
Ecnn kro-nnyt samennr onn mnnerent pyrnm no nropon uacrn, ero encrnnx yyr onapyxent neme -
nenno. Ha kaxom +rane mnnerenn nonnctnamrcx n noctnamrcx ncem nsnparenxm . Ecnn onn nsnparent
(nnn neckontko) onapyxnnaer, uro ero mnnerenx ontme ner cpen naopa mnnerenen , on nemenenno npe-
kpamaer ntnonnenne nporokona. Tak kak mnnerenn nonnctnamrcx na kaxom +rane , n rak kak kaxtn moxer
nepnyrtcx no nropon uacrn nporokona na neckontko maron nasa , ro onapyxnrt momennnka, nomennnmero mn-
nerenn, nerko.
3amena onoro mnnerenx pyrnm n nepnon uacrn nporokona onee ronka . Annca ne moxer cenart sameny na
+rane (3), noromy uro Fo, K+pon n +nn onapyxar +ro na +ranax (5), (6) nnn (7). Fo moxer nonpoonart na +ra-
ne (5). Ecnn on samennr mnnerenn K+pon n +nna (nomnnre, on ne snaer, kakon mnnerent uen), K+pon nnn
+nn samerxr +ro na +ranax (6) nnn (7). Onn ne yyr snart, kro nomennn nx mnnerenn (xorx +ro onxen trt
kro-ro, yxe opaoranmnn mnnerenn) , no onn yyr snart, uro nx ronoca nomenent. Ecnn Foy nonesno, n emy
yanoct nomennrt mnnerent Annct, ona ne samernr +roro o nropon uacrn nporokona. Tora ona onapyxnr
ncuesnonenne cnoero ronoca na +rane (8), no ne cmoxer ysnart, kro nomennn mnnerent . B nepnon uacrn mnne-
renn neperacontnamrcx na kaxom +rane n ne nonnctnamrcx, no+romy nnkro ne cmoxer orpaorart nporokon
oparno n onpeennrt, kro nomennn mnnerenn.
pyron |opmon momennnuecrna xnnxercx nontrka ysnart, kro sa koro nporonoconan . Hs-sa neperaconkn mn-
nerenen n nepnon uacrn nnkro ne cmoxer orpaorart nporokon oparno n cnxsart mnnerenn n ronocymmnx . Va-
nenne cnyuanntx crpok n nepnon uacrn rakxe xnnxercx pemammnm nx coxpanennx anonnmnocrn. Ecnn crpokn ne
yanxmrcx, nepememnnanne ronocon moxer trt nnneprnponano npn nomomn nonropnoro mn|ponannx nonyua e-
mtx ronocon orkptrtm knmuom roro, kro nx raconan . Kora nporokon ocranonnrcx, kon|nennnantnocrt mnn e-
renen coxpannrcx.
Fonee roro, ns-sa nauantnon cnyuannon crpokn, R
1
, axe onnakonte mnnerenn mn|pymrcx no pasnomy na
kaxom +rane nporokona. Hnkro ne moxer ysnart snauenne mnnerenx o +rana (11).
Kakont nponemt +roro nporokona? Bo nepntx, nx ntnonnennx nporokona nyxnt rpannosnte ntuncnennx .
B npnneennom npnmepe n ronoconannn npnnnmamr yuacrne rontko uernepo, no n on vwe cnoxen. Takon nporo-
kon ne cmoxer paorart npn peantntx ntopax c ecxrkamn rtcxu ronocymmnx . Bo nroptx, +nn ysnaer pesynt-
rart ntopon pantme ocrantntx. Xorx on n ne moxer nonnnxrt na pesyntrar, on nonyuaer onpeenennoe np e-
nmymecrno. C pyron cropont rakoe rakxe nosmoxno n npn nenrpannsonannon cxeme ronoconannx .
Tpertx nponema saknmuaercx n rom, uro Annca moxer ckonnponart mnnerent pyroro yuacrnnka, axe ne
snax ero coepxannx sapanee. urot nonxrt, nouemy +ro moxer crart nponemon, paccmorpnm ntopt nx rpex
ronocymmnx - Annct, Foa n Ent. Ene ne naxnt pesyntrart ntopon, no ona xouer snart, kak ronoconana Annca .
Ho+romy ona konnpyer mnnerent Annct, n pesyntrar ntopon yer coornercrnonart mnnerenm Annct .
pyeue cxem eouocoeauua
Ftno npenoxeno mnoro cnoxntx esonacntx nporokonon ntopon . Hx moxno pasennrt na na rnna. Cyme-
crnymr nporokont c nepememnnannem, kak "Ionoconanne es Henrpantnon nsnparentnon komnccnn ", n koroptx
nce mnnerenn nepememnnamrcx, urot nnkro ne mor cnxsart mnnerent n nsnp arenx.
Takxe cymecrnymr nporokont c pasenennem, n koroptx nnunte mnnerenn enxrcx mexy pasnnuntmn
cuerntmn komnccnxmn rak, uro nn ona ns nnx ne cmoxer omanyrt nsnparenen |360, 359, 118, 115]. 3rn npo-
rokont 3rn nporokont samnmamr anonnmnocrt nsnparenen rontko, ecnn pasnnunte "uacrn" npannrentcrna (nnn
kro t ne npononn ronoconanne) ne cronapnnamrcx npornn nsnparenx. (Hex pasnrt nenrpantntn opran na
neckontko uacren, koropte nontsymrcx onepnem, rontko kora onn encrnymr napannentno, npnmna ns |316].)
Onn ns nporokonon c pasenennem npenoxen n |1371]. Ocnonnax nex cocronr n rom, uro kaxtn nsnp a-
rent ennr cnon mnnerent na neckontko uacren. Hanpnmep, ecnn t mnnerent coepxan "a" nnn "ner", 1 oo-
snauana t "a", a 0 - "ner", nsnparent mor t cosart neckontko uncen, koropte n cymme anann t 0 nnn 1 .
3rn onn noctnamrcx cuerntm komnccnxm, kaxon no onon, n rakxe mn|pymrcx n coxpanxmrcx . Kaxtn nenrp
cymmnpyer nonyuennte onn (cymecrnymr nporokont, oecneunnammne npannntnocrt nrora ), n okonuarentntn
nror xnnxercx cymmon ncex npomexyrountx nroron . Cymecrnymr rakxe nporokont, rapanrnpymmne, uro onn
kaxoro nsnparenx yyr cnoxent nx nonyuennx 0 nnn 1.
pyron nporokon, npenoxenntn +nnom uaymom |322], nosnonxer npocnenrt nsnparenx, koroptn ntrae r-
cx momennnuart. Onako, ntopt npnercx npononrt nonropno, ncknmunn memammero nontsonarenx. 3ror no -
xo ne npnmennm na npakrnke nx ntopon c ontmnm uncnom nsnparenen .
Eme onn, onee cnoxntn nporokon, pemammnn nekoropte ns +rnx nponem moxno nanrn n |770, 771]. Cy-
mecrnyer axe nporokon, ncnontsymmnn mn|pt co mnornmn knmuamn |219]. pyron nporokon, koroptn, kak
yrnepxaercx, noxonr nx kpynnomacmrantx ntopon, npnneen n |585]. A |347] nosnonxer nsnparenxm ne
ronoconart.
Hporokont ronoconannx paoramr, onn axe oneruamr npoaxy n nokynky ronocon . Kora nokynarent moxer
trt ynepen, uro npoanen nporonocyer, kak oeman, crnmyn kynnrt ronoca cranonnrcx eme cnntnee . Px nporo-
konon tnn cnpoekrnponant es no1nepaennu, ne nosnonxx nsnparenm okasart komy-nno eme, uro on np o-
ronoconan onpeenenntm opasom |117, 1170, 1372].
6.2 Besonacnme nmuncnennn c neckonuknun yuac1nnkaun
Besonacnme nmuncnennu c necxonnxnun yuac1nnxaun npecrannxmr coon nporokon, c nomomtm korop o-
ro rpynna nmen moxer onpeenenntm opasom ntuncnnrt |ynknnm mnornx nepemenntx . Kaxtn n rpynne
oecneunnaer ony nnn neckontko nepemenntx. Pesyntrar ntuncnennn cranonnrcx nsnecrntm kaxomy n rpynne,
no nnkomy ne nsnecrnt snauennx , npeocrannennte pyrnmn unenamn rpynnt, ecnn +ro ne xnnxercx ouennntm
ns pesyntrara ntuncnennn. Hnxe npnneeno neckontko npnmepon:
Hpomorou Xl
Kak moxer rpynna nmen ntuncnnrt cnom cpenmm sapnnary es roro, urot sapnnara onoro crana nsnecrna
pyromy?
(1) Annca oannxer cekpernoe cnyuannoe uncno k cymme cnoen sapnnart, mn|pyer pesyntrar orkptrtm kn m-
uom Foa n noctnaer ero Foy.
(2) Fo pacmn|pontnaer pesyntrar cnonm sakptrtm knmuom. On oannxer cymmy cnoen sapnnart k nonyue n-
nomy or Annct snauennm, mn|pyer pesyntrar orkptrtm knmuom K+pon n noctnaer ero K+pon.
(3) K+pon pacmn|pontnaer pesyntrar cnonm sakptrtm knmuom. Ona oannxer cymmy cnoen sapnnart k non y-
uennomy or Foa snauennm, mn|pyer pesyntrar orkptrtm knmuom +nna n noctnaer ero +nny.
(4) +nn pacmn|pontnaer pesyntrar cnonm sakptrtm knmuom. On oannxer cymmy cnoen sapnnart k non y-
uennomy or K+pon snauennm, mn|pyer pesyntrar orkptrtm knmuom Annct n noctnaer ero Annce.
(5) Annca pacmn|pontnaer pesyntrar cnonm sakptrtm knmuom. Ona ntunraer cnyuannoe uncno, npnannennoe
na +rane (1), nonyuax cymmy ncex sapnnar.
(6) Annca ennr pesyntrar na uncno nmen (n annom cnyuae na uertpe) n oxnnxer pesyntrar.
3ror nporokon nopasymenaer, uro kaxtn yuacrnnk uecren - onn xorx n moryr nmontrcrnonart, no cneymr
nporokony. Ecnn nmon ns yuacrnnkon conxer o cnoen sapnnare, cpenxx sapnnara yer paccunrana nenpannntno.
Fonee ceptesnax nponema cocronr n rom, uro Annca moxer nckaxart nrorontn pesyntrar. Ona moxer ntuecrt na
+rane (5) nmoe uncno, koropoe ee ycrpannaer, n nnkro o +rom ne ysnaer. Homemart Annce cenart +ro moxno,
norpeonan or nee npyunrt ee cnyuannoe uncno c nomomtm onon ns cxem npyuennx nra ns pasena 4.9, no kora
ona orkpoer cnoe cnyuannoe uncno n konne nporokona Fo cmoxer ysnart ee sapnnary.
Hpomorou X2
Annca n Fo nmecre n pecropane n cnopxr o rom, kro crapme. Hnkro, onako, ne xouer coomnrt pyromy cnon
nospacr. Kaxtn ns nnx mor t npomenrart cnon nospacr na ymko onepennon nenrpantnon cropone (nanpnmep,
o|nnnanry), kro mor t cpannnrt uncna n yme n oxnnrt pesyntrar n Annce, n Foy.
V npnneennoro nporokona ecrt ne nponemt. Bo nepntx, ntuncnnrentnte cnoconocrn cpenero o|nnnanr
ne nosnonxm emy opaorart cnryannn onee cnoxntn uem onpeenenne ontmero ns nyx uncen. H no nroptx,
ecnn t Annca n Fo encrnnrentno saornnnct o coxpanennn cnoen nn|opmannn n ranne, nm npnmnoct t yr o-
nnrt o|nnnanra n nanne c mnnepantnon noon, urot on nnuero ne pasonran y|erunky.
Kpnnrorpa|nx c orkptrtmn knmuamn npenaraer cymecrnenno menee xecrkoe pemenne. Cymecrnyer npor o-
kon, n coornercrnnn c koroptm Annca, snax snauenne a, n Fo, snax b, moryr conmecrno onpeennrt nepno nn, uro
ab, rak, urot Annca ne nonyunna nn|opmannn o b, a Fo - o a. Kpome roro, n Annca, n Fo yexent n npo-
nepke npannntnocrn ntuncnennn. Tak kak ncnontsyemtn kpnnrorpa|nuecknn anropnrm xnnxercx cymecrnennon
uacrtm nporokona, noponocrn moxno nanrn n pa sene 23.14.
Koneuno, +ror nporokon ne samnrnr or akrnnntx momennnkon. Hnuro ne cmoxer nomemart Annce (nnn Foy,
kakax pasnnna) conrart o cnoem nospacre. Ecnn t Fo tn komntmrepnon nporpammon, koropax cneno cneonana
t nporokony, Annca morna t ysnart ero nospacr (xnnxercx nn nospacrom komntmrepnon nporpammt orpesok
npemenn c momenra ee nanncannx nnn c momenra ee sanycka?), nonropno ntnonnxx nporokon. Annca morna t yk a-
sart, uro ee nospacr - 60 ner. Vsnan, uro ona crapme, ona morna t ntnonnnrt nporokon cnona, ykasan, uro ee no s-
pacr - 30 ner. Vsnan, uro Fo crapme, ona morna t cnona ntnonnnrt nporokon, ykasan, uro ee nospacr - 45 ner, n
rak anee, noka Annca ne ysnaer nospacr Foa c nmon nyxnon en crenentm rounocrn.
Hpn ycnonnn, uro yuacrnnkn ne omantnamr cnennantno, +ror nporokon nerko pacmnpnrt nx neckontknx
yuacrnnkon. hmoe konnuecrno nmen moxer onpeennrt nopxok nx nospacron c nomomtm nocneonarentntx
uecrntx npnmenennn nporokona, n nnkakon yuacrnnk ne cmoxer ysnart nospacr pyroro.
Hpomorou X3
Annca npannrcx saannxrtcx c nnmmentmn menexmn. B +pornuecknx |anrasnxx Foa naxnoe mecro san n-
mamr mpamopnte cront. Oa nectma crecnxmrcx cnonx npnntuek, no c yonontcrnnem namnn t koro-nnyt,
kro pasennn t c nnmn nx... rm... opas xnsnn.
B Cnyxe esonacntx ntuncnennn c neckontknmn yuacrnnkamn mt cnpoekrnponann nporokon nx noontx
nmen. Mt sanymeponann nneuarnxmmnn cnncok nx npncrpacrnn or "a|pnkancknx mypanteon" o "xnountx
nnporon". Pasenennte moemnon nnnnen cnxsn, Annca n Fo moryr yuacrnonart n esonacnom nporokone c n e-
ckontknmn yuacrnnkamn. Onn nmecre moryr onpeennrt, ecrt nn y nnx omne npnntukn . Ecnn ecrt, onn mornn t
ycrpemnrtcx k oomnomy cuacrtm. Ecnn ner, ro onn mornn t esonacno paccrartcx, coxpanxx ynepennocrt, uro
nx npnntukn ocrannct n ranne. Hnkro, axe Cnyxa esonacntx ntuncnennn c neckontknmn yuacrnnkamn, nnk o-
ra ne ysnaer o nx npncrpacrnxx.
Bor kak +ro paoraer:
(1) C nomomtm ononanpannennon |ynknnn Annca x+mnpyer cnom npnntuky kak cemnsnaunym crpoky .
(2) Hcnontsyx +ry cemnsnaunym crpoky kak rene|onntn nomep, Annca snonnr no +romy nomepy n ocrannxer c o-
omenne Foy. Ecnn nnkro ne orneuaer, nnn nomep ne ocnyxnnaercx. Annca npnmenxer ononanpannennym
|ynknnm k rene|onnomy nomepy o rex nop, noka ne nanercx kro-nnyt, kro noxnarnr nporokon .
(3) Annca coomaer Foy, ckontko pas en npnmnoct npnmenxrt ononanpannennym |ynknnm k cnoen npnnt uke.
(4) Fo x+mnpyer cnom npnntuky crontko xe pas. On rakxe ncnontsyer cemnsnaunym crpoky kak rene|onntn
nomep n cnpamnnaer uenoneka na pyrom konne nponoa, ner nn nx nero coomennn.
Oparnre nnnmanne, uro y Foa ecrt nosmoxnocrt nckptrnx c ncnontsonannem ntpannoro orkptroro rekcra .
On moxer x+mnponart pacnpocrpanennte npnntukn n nosnonnrt no nonyunnmemycx rene|ony, pastcknnax coo -
mennx nx nero. 3ro nporokon peantno paoraer rontko rakoe nckptrne nenpakrnuno ns-sa ocrarounoro uncna
nosmoxntx orkptrtx rekcron coomennn.
Takxe cymecrnyer maremarnuecknn nporokon, noxoxnn na Hporokon X 2 . Annca snaer a, Fo snaer b, n onn
nmecre ntramrcx onpeennrt, nepno nn, uro a b, npnuem rak, urot Fo nnuero ne ysnan o a, a Annca - o b.
Hoponocrn moxno nanrn n pasene 23.14.
Hpomorou X4
Bor pyrax nponema nx esonacntx ntuncnennn co mnornmn yuacrnnkamn |1373]: coner cemn perynxpno
ncrpeuaercx, urot ranno nporonoconart no nekoroptm nonpocam. (Bce n nopxke, onn ynpannxmr mnpom - ne
ronopnre nnkomy, uro x nam nporonopnncx.) Bce unent conera moryr ronoconart "a" nnn "ner". Kpome roro, ne
cropont onaamr "cynep-mnnerenxmn": 5-a n 5-ner. Onn ne oxsant ncnontsonart +rn "cynep-mnnerenn" n,
ecnn xorxr, moryr nocnontsonartcx otuntmn mnnerenxmn. Ecnn nnkro ne ncnontsyer "cynep-mnnerenn", ro
nonpoc pemaercx npocrtm ontmnncrnom ronocon. B cnyuae npnmenennx onoro nnn nyx +knnnanenrntx "cynep-
mnnerenen" nce otunte ronoca nrnopnpymrcx. B cnyuae nyx npornnopeuamnx nonpoc pemaercx ontmnncrnom
otuntx ronocon. Ham nyxen nporokon, koroptn naexno ocymecrnnxer rakym |opmy ronoconannx.
Cneymmne na npnmepa nnnmcrpnpymr nponecc ronoconannx . Hycrt yuacrnymr nxrt otuntx nsnparenen,
or N
1
o N
5
, n na cynepnsnparenx: S
1
n S
2
. Bor ronoconanne no nonpocy X1:
S
1
S
2
N
1
N
2
N
3
N
4
N
5
Cynep-pa uef uef uef uef pa pa
B +rom npnmepe encrnyer rontko onn "cynep-mnnerent" S
1
, n pesyntrar ronoconannx - "a". A nor ronoc o-
nanne no nonpocy X2:
S
1
S
2
N
1
N
2
N
3
N
4
N
5
Cynep-pa Cynep-uef uef uef uef pa pa
B +rom npnmepe na "cynep-mnnerenx" nenrpannsymr pyr pyra, n nonpoc pemaercx ontmnncrnom ot u-
ntx "ner".
Ecnn ne rpeyercx ckptrt nn|opmannm o rom, otuntn nnn cynepmnnerent tn pemammnm, ro +ro npocroe
npnmenenne esonacnoro nporokona ronoconannx. Cokptrne +ron nn|opmannn norpeyer onee cnoxnoro es o-
nacnoro nporokona ntuncnennn c neckontknmn yuacrnnkamn.
3ror nn ronoconannx moxer nponsonrn n peantnon xnsnn. 3ro moxer trt uacrt oprannsannonnon crpykr y-
pt kopnopannn, re nekoropte nmn onaamr ontmen nnacrtm uem pyrne, nnn uacrt nponeypt OOH, re
onn rocyapcrna nmemr ontmee snauenne, uem pyrne.
Besycuoeume esonacume npomoroum c uecrouoruu yuacmuurau
3ro rontko uacrntn cnyuan omen reopemt: nmax |ynknnx c n nxoamn moxer trt ntuncnena n nrpokamn
cnocoom, koroptn nosnonnr ncem ysnart snauenne |ynknnn, no nmoe konnuecrno nrpokon, mentmee, uem n/2, ne
cmoxer nonyunrt nnkakon ononnnrentnon nn|opmannn, ne cneymmen ns nx cocrnenntx nxoon n pesyntrara
ntuncnennn. Hoponocrn moxno nanrn n |136, 334, 1288, 621].
Besonacuaa oueura cxem
Bxo Annct - a, a Foa - b. Onn nmecre xorxr ntuncnnrt nekoropym |ynknnm f(a,b) rak, urot Annca ne
cmorna nnuero ysnart o nxoe Foa, a Fo - o nxoe Annct. Inannax nponema esonacntx ntuncnennn c n e-
ckontknmn yuacrnnkamn rakxe nastnaercx esonacnon onenxon cxeum. Annca n Fo moryr cosart nponsnont-
nym nornueckym cxemy. 3ra cxema nonyuaer na nxo snauennx Annct n Foa n ntaer pesyntrar . Fesonacnax
onenka cxemt xnnxercx nporokonom, koroptn peannsyer cneymmne rpn rpeonannx :
1. Annca moxer nnecrn cnoe snauenne rak, uro Fo ne cmoxer ero ysnart .
2. Fo moxer nnecrn cnoe snauenne rak, uro Annca ne cmoxer ero ysnart .
3. H Annca, n Fo moryr ntuncnnrt pesyntrar, npnuem oe cropont yyr yexent n rom, uro pesyntrar
npannnen n ne noraconan nn onon croponon.
erann nporokona esonacnon onenkn cxemt moxno nanrn n |831].
6.3 Anonnunan mnpokonema1enunan nepepaua coomenn
Bam ne yacrcx nooeart c komnannen kpnnrorpa|on n ne okasartcx cpen oxecrouennon nepenankn . B |321]
+nn uaym nnonr Hponemy oeammnx kpnnrorpa|on :
Tpn kpnnrorpa|a cnxr sa oeom n cnoem nmnmom rpexsnesounom pecropane . Hx o|nnnanr coomaer nm, uro merpo-
rent npnnxn neoxonmte mept, urot cuer moxno tno t onnarnrt anonnmno . 3a oe mor t sannarnrt onn ns kpnnr o-
rpa|on nnn NSA. Tpn kpnnrorpa|a ouent ynaxamr npano kaxoro ns nnx sannarnrt anonnmno, no nm xorenoct t snart, s a-
nnarnr nn NSA.
Kak kpnnrorpa|am Annce, Foy n K+pon ysnart, ne sannarnn nn sa oe kro-nnyt ns nnx, n n ro xe npemx ne
napymnrt anonnmnocrt nnarentmnka? uaym pemaer nponemy:
Kaxtn kpnnrorpa| pocaer necmemennym monery, npnkptnmnct cnonm menm, mexy nnm n kpnnrorpa|om cnpana or n e-
ro rak, uro rontko onn noe moryr nnert pesyntrar. 3arem kaxtn kpnnrorpa| rpomko oxnnxer, ynaann nn ne monert - ona
ero n ona ero nenoro cocea - na ony nnn na pasnnunte cropont. Ecnn nnarentmnk - onn ns kpnnrorpa|on, ro ero yrnepx e-
nne npornnononoxno romy, uro on nnnr. Heuernoe uncno saxnnenntx pasnnunn sa cronom ykastnaer, uro oe onnaunnaer
kpnnrorpa|; uernoe uncno pasnnunn - uro NSA (npn ycnonnn, uro oe moxer trt onnauen rontko onn pas). Onako, ecnn
oe onnaunnaer kpnnrorpa|, nnkro ns nyx pyrnx ne ysnaer ns cenanntx saxnnennn, kro xe konkperno onn arnn oe.
urot ynnert, kak +ro paoraer, noopasnre, uro Annca ntraercx nonxrt, kro ns nyx pyrnx kpnnrorpa|on
sannarnn sa oe (npn ycnonnn, uro ne ona n ne NSA). Ecnn ona nnnr ne pasnnuntx monert, ro nno oa pyrnx
kpnnrorpa|a (Fo n K+pon) ckasann, "onnakonte" nnn oa ckasann, "pasnte". (Homnnre, neuernoe uncno kpn n-
rorpa|on, ronopxmnx "pasnte" ykastnaer, uro onnarnn kro-ro ns nnx.). Ecnn oa ckasann "pasnte", ro nnaren t-
mnk - kpnnrorpa|, cnxmnn nnxe ncero k monere, pesyntrar pocka koropon ror xe, uro n y ckptron monert
(pomennon mexy Foom n K+pon). Ecnn oa ckasann "onnakonte", ro nnarentmnk - kpnnrorpa|, cnxmnn
nnxe ncero k monere, pesyntrar pocka koropon ornnuaercx or pesyntrara pocka ckptron monert. Onako, ecnn
Annca nnnr ne onnakontx monert, ro nnn Fo ckasan, "onnakonte", a K+pon - "pasnte", nnn Fo ckasan
"pasnte", a K+pon - "onnakonte". Ecnn nn ckptrax monera - rakax xe kak n nnnmte en ne monert, ro nn a-
rentmnk - kpnnrorpa|, koroptn ckasan, "pasnte". Ecnn ckptrax monera ornnuna or nnnmtx en nyx moner, ro
nnarentmnk - kpnnrorpa|, koroptn ckasan "onnakonte". urot onpeennrt, kro nnarnn, no ncex +rnx cnyuaxx
Annca onxna snart pesyntrar pocka monert mexy Foom n K+pon.
3ror nporokon moxer trt oomen na nmoe konnuecrno kpnnrorpa|on, koropte cnxr no kpyry n pocamr
monert mexy coon. Kaxax napa kpnnrorpa|on ntnonnxer nporokon . Koneuno, onn snamr, kro nnarnr, no kro-
ro, nanmammnn sa nporokonom moxer ckasart rontko, uro sannarnn onn ns kpnnrorpa|on nnn NSA, no ne co-
xer ykasart, kakon ns kpnnrorpa|on nnarnn.
Hpnmenenne +roro nporokona ntxonr aneko sa npeent oeennoro crona . Bor npnmep esycnonnoro o1-
npann1enu n neo1cneannaeuoro o1npann1enu. Ipynna nontsonarenen cern moxer ncnontsonart +ror nporokon
nx ornpannennx anonnmntx coomennn.
(1) Hontsonarenn ynopxounnamrcx no kpyry.
(2) uepes perynxpnte nnrepnant npemenn cocenne napt nontsonarenen pocamr mexy coon monery, ncnon t-
syx kakon-nnyt esonacntn or snoymtmnennnkon nporokon pocannx "uecrnon" monert .
(3) Hocne kaxoro pocka kaxtn nontsonarent oxnnxer nno "onnakonte", nno "pasnte" .
Ecnn Annca xouer nepeart mnpokonemarentnoe coomenne, ona npocro naunnaer nnneprnponart cnoe yrne p-
xenne n rex paynax, koropte coornercrnymr 1 n nonunom npecrannennn ee coomennx. Hanpnmep, ecnn ee
coomenne tno "1001", ona nnneprnpyer ee yrnepxenne, coomnr npany, coomnr npany, n sarem nnneprnp y-
er cnona yrnepxenne. Hpn ycnonnn, uro pesyntrarom ee pockon tno tnn "pasnte", "onnakonte",
"onnakonte", "onnakonte", ona yer ronopnrt "onnakonte", "onnakonte ", "onnakonte", "pasnte".
Ecnn Annca sameuaer, uro nonntn pesyntrar nporokona ne coornercrnyer coomennm, koropoe ona npoyer n o-
ctnart, ona nonnmaer, uro n +ro xe npemx kro-ro eme ntraercx noctnart coomenne. Tora ona npekpamaer n e-
peauy coomennx n ntxnaer cnyuannoe konnuecrno paynon nepe ouepenon nontrkon. Tounte napamerpt
onxnt trt ntpaorant na ocnone rpa|nka coomennn n cern, no nex ocrarouno nonxrna.
urot cenart eno eme onee nnrepecntm, +rn coomennx moryr trt samn|ponant orkptrtm knmuom p y-
roro nontsonarenx. 3arem, kora kaxtn npnnnmaer coomenne (npakrnueckax peannsannx onxna nknmuart
cranaprnte sarononkn n okonuannx coomennn), rontko onpeenenntn nonyuarent cmoxer pacmn|ponart n
npouecrt coomenne. Hnkro pyron nnuero ne ysnaer npo anropa coomennx n ne cmoxer onpeennrt nonyuarenx
coomennx. axe ecnn yacrcx pacmn|ponart camn coomennx, ro ananns rpa|nka, orcnexnnammnn n conpa m-
mnn |opmt mexnontsonarentckoro omena, ecnone sen.
Antrepnarnnon pocannm moner mexy cocennmn croponamn morno t trt ncnontsonanne |anna cnyua n-
ntx nron. Bosmoxno, cropont mornn t xpannrt |ann na CD-ROM, nnn onn unen napt mor t renepnponart
nauky nron n noctnart nx pyron cropone (koneuno, n samn|ponannom nne). Hnn, onn mornn t oronopnrtcx
ncnontsonart conmecrno kpnnrorpa|nueckn esonacntn reneparop ncenocnyuanntx uncen, n kaxtn ns nnx
cmor t renepnponart nx nporokona ry xe camym nocneonarentnocrt ncenocnyuanntx nron.
Hponemon +roro nporokona xnnxercx ro, uro xorx momennnuammnn yuacrnnk n ne cmoxer unrart nnkaknx c o-
omennn, on moxer nesamerno ncnoprnrt ncm cncremy, nocroxnno omantnax na +rane (3). Cymecrnyer mon|n-
kannx npetymero nporokona, nosnonxmmax onapyxnrt npenrentcrno |1578, 1242]. 3ra nponema nastnaercx
"Oeammne kpnnrorpa|t n nckoreke".
6.4 Snek1ponnme nannunme
Hannunte entrn - +ro nponema. Paspaxaer nx nocnrt, onn cnococrnymr pacnpocrpanennm mnkpoon, n m-
n moryr kpacrt nx y Bac. uekn n kpenrnte kaproukn ymentmnnn konnuecrno nannuntx ener, oopaunnammn x-
cx n omecrne, no nonnoe yanenne nannuntx ener |akrnueckn nenosmoxno. 3roro nnkora ne nponsoner; ro p-
ronnt napkornkamn n nonnrnueckne exrenn nnkora +roro ne onycrxr. uekn n kpenrnte kaproukn moxno np o-
cnenrt, nt ne moxere ckptrtcx or roro, komy ann entrn.
C pyron cropont, uekn n kpenrnte kaproukn nosnonxmr nmxm nroprartcx n namy nnunym xnsnt kak nnk o-
ra npexe. Bt nnkora ne onycrnnn t, urot nonnnnx ncm xnsnt xonna sa namn no nxram, no nonnnenckne
moryr npocnenrt namn |nnanconte onepannn. Onn moryr nnert, re nt nokynaere ras, re nt nokynaere ey,
komy nt snonnre no rene|ony, n nce +ro ne orptnaxct or cnonx komntmrepntx repmnnanon. hmn onxnt ymert
samnrnrt cnom anonnmnocrt, urot samnrnrt cnon nnunte rannt.
K cuacrtm, cymecrnyer cnoxntn nporokon, koroptn paspemaer ncnontsonanne sanepenntx, no neorcnexnna e-
mtx coomennn. honcr Annca moxer nepeart +nex1ponnme ennrn konrpeccmeny Foy rak, urot raserntn
penoprep Ena nnuero ne ysnana t o Annce. Fo moxer sarem nnocnrt +rn +nekrponnte entrn na cnon anko n-
cknn cuer, axe ecnn ank ne nmeer o Annce nnkakoro npecrannennx. Ho ecnn Annca npoyer nokynart kokann
na ry xe camym nopnnm +nekrponntx ener, koropym ona ncnontsonana nx nokyna Foa, ona yer onapyxena
ankom. H ecnn Fo npoyer nnocnrt nopnnm +nekrponntx ener na na pasnnuntx cuera, +ro yer onapyxeno,
no Fo, kak n Annca, ocranercx on anonnmntm. Hnora +ro nastnaercx anonnunmun +nex1ponnmun ennraun,
urot moxno tno ornnunrt nx or orcnexnnaemtx +nekrponntx ener, rnna kpen rntx kaprouek.
B noontx nemax cymecrnyer ontmax omecrnennax neoxonmocrt. C pocrom ncnontsonannx Internet nx
kommepuecknx onepannn pacrer n norpenocrt n cekpernocrn nepeanaemon no cern nn|opmannn n anonnmnocrn
npn neennn en. (Hmeercx nemano npnunn nx roro, urot nmn orkastnannct noctnart nomep nx kpenrnon
kaproukn no Internet.) C pyron cropont, ankn n npannrentcrna, no nnnmomy, ne noxenamr ycrynnrt konrpont
na conpemenntmn ankoncknmn cncremamn. Xorx nm npnercx +ro cenart. Bce, uro norpeyercx, urot +ne k-
rponnte entrn nomnn n moy, - +ro noxnnenne nekoroporo sacnyxnnammero onepnx yupexennx, xenammero
npeopasontnart nn|pt n peantnte entrn.
Hporokont +nekrponntx ener ouent cnoxnt. antme mt mar sa marom nocrponm onn ns nnx . Fonee no-
pono o +rom nporokone moxno npounrart n |318, 339, 325, 335, 340]. Ho nomnnre, +ro rontko onn ns nporoko-
non +nekrponntx ener, cymecrnymr n pyrne .
Hpomorou X1
Hepnte neckontko nporokonon npecrannxmr coon |nsnueckne ananorn kpnnrorpa|nuecknx nporokonon .
Cneymmnn nporokon xnnxercx ynpomenntm |nsnuecknm nporokonom nx anonnmntx enexntx uekon :
(1) Annca roronnr 100 anonnmntx enexntx uekon no $1000 kaxtn.
(2) Annca nknatnaer kaxtn ns nnx n nncrok konnponantnon ymarn n 100 pasnnuntx konnepron n ornocnr
nce konneprt n ank.
(3) Fank orkptnaer 99 konnepron n yexaercx, uro kaxtn uek ntnncan na $1000.
(4) Fank nonnctnaer enncrnenntn ocranmnncx nepacneuaranntm konnepr . C nomomtm konnponantnon yma-
rn nonnct nepenonrcx na uek. Fank nosnpamaer nepacneuaranntn konnepr Annce n cnnctnaer $1000 c ee
cuera.
(5) Annca nckptnaer konnepr n oraer enexntn uek npoanny .
(6) Hpoanen nponepxer ankonckym nonnct, yexaxct n sakonnocrn enexnoro ueka .
(7) Hpoanen ornocnr enexntn uek n ank.
(8) Fank nponepxer cnom nonnct n nauncnxer $1000 na cuer npoanna.
3ror nporokon paoraer. Fank ne nnnr enexntn uek, koroptn on nonnctnaer, no+romy, kora npoanen
npnnecer uek n ank, ank nnkora ne ysnaer, uro +ro uek Annct. Fnaroapx nonncn ank yexen n sakonnocrn
ueka. A ns-sa nporokona "paspesart n ntpart" (cm. pasen 5.1) ank ynepen, uro nepacneuaranntn enexntn uek
- na cymmy $1000 (a ne $100000 nnn $100000000). On nponepxer ocrantnte 99 konnepron, no+romy nepoxrnocrt
omana anka Anncon cocrannxer rontko 1 nponenr. Koneuno, ank nasnaunr sa oman ocrarouno ontmon
mrpa|, rakon, urot ne cronno momennnuart. Bet ecnn ank npocro orkaxercx nonncart nocnennn uek (ecnn
Annca nonmana na omane), ne mrpa|yx Anncy, ona npoonxnr cnon nontrkn, noka en ne noneser. hyumee cpe -
crno ycrpamennx - +ro rmpemnoe saknmuenne.
Hpomorou X2
Hpetymnn nporokon ne aer Annce nanncart uek na cymmy, ornnunym or saxnnennon, no on ne memaer en
orkcepokonnponart uek n ncnontsonart ero naxt. 3ro nastnaercx nponeuon non1opnon onna1m; nx ee pe-
menne npnercx ycnoxnnrt nporokon:
(1) Annca roronnr 100 anonnmntx enexntx uekon no $1000 kaxtn. K kaxomy enexnomy ueky ona oan-
nxer ynnkantnym crpoky, ntpannym cnyuanntm opasom n ocrarouno nnnnym, urot nepoxrnocrt n c-
nontsonannx +ron crpokn pyrnm uenonekom tna npenepexnmo mana.
(2) Annca nknatnaer kaxtn ns nnx n nncrok konnponantnon ymarn n 100 pasnnuntx konnepron n ornocnr
nce konneprt n ank.
(3) Fank orkptnaer 99 konnepron n yexaercx, uro kaxtn uek ntnncan na $1000.
(4) Fank nonnctnaer enncrnenntn ocranmnncx nepacneuaranntm konnepr . C nomomtm konnponantnon yma-
rn nonnct nepenonrcx na uek. Fank nosnpamaer nepacneuaranntn konnepr Annce n cnnctnaer $1000 c ee
cuera.
(5) Annca nckptnaer konnepr n oraer enexntn uek npoanny .
(6) Hpoanen nponepxer ankonckym nonnct, yexaxct n sakonnocrn enexnoro ueka .
(7) Hpoanen ornocnr enexntn uek n ank.
(8) Fank nponepxer cnom nonnct n no cnoen ase anntx yexaercx, uro enexntn uek c rakon ynnkantnon
crpokon panee ne enonnponancx. Ecnn +ro rak, ank nauncnxer $1000 na cuer npoanna n sannctnaer ynn-
kantnym crpoky n asy anntx.
(9) Ecnn enexntn uek yxe tn enonnponan panee, ank orkastnaercx npnnxrt ero.
Tenept, ecnn Annca nontraercx pacnnarnrtcx kcepokonnen enexnoro ueka nnn npoanen nontraercx enon n-
ponart enexntn uek nonropno, ncnontsyx kcepokonnm, ank ysnaer o +rom.
Hpomorou X3
Hpetymnn nporokon samnmaer ank or momennnkon, no ne ycranannnnaer nx nnunocrt . Fank ne snaer, no-
ntrancx nn uenonek, koroptn nonyunn uek (ank nnuero ne snaer o Annce ), omanyrt npoanna, nnn npoanen
ntraercx omanyrt ank. 3ra neonosnaunocrt ncnpannxercx cneymmnm nporokonom :
(1) Annca roronnr 100 anonnmntx enexntx uekon no $1000 kaxtn. K kaxomy enexnomy ueky ona oan-
nxer ynnkantnym crpoky, ntpannym cnyuanntm opasom n ocrarouno nnnnym, urot nepoxrnocrt n c-
nontsonannx +ron crpokn pyrnm uenonekom tna npenepexnmo mana.
(2) Annca nknatnaer kaxtn ns nnx n nncrok konnponantnon ymarn n 100 pasnnuntx konnepron n ornocnr
nce konneprt n ank.
(3) Fank orkptnaer 99 konnepron n yexaercx, uro kaxtn uek ntnncan na $1000, n uro nce cnyuannte crpo-
kn pasnnunt.
(4) Fank nonnctnaer enncrnenntn ocranmnncx nepacneuaranntm konnepr . C nomomtm konnponantnon yma-
rn nonnct nepenonrcx na uek. Fank nosnpamaer nepacneuaranntn konnepr Annce n cnnctnaer $1000 c ee
cuera.
(5) Annca nckptnaer konnepr n oraer enexntn uek npoanny .
(6) Hpoanen nponepxer ankonckym nonnct, yexaxct n sakonnocrn enexnoro ueka .
(7) Hpoanen npocnr Anncy nanncart cnyuannym nenrn|nkannonnym crpoky na enexnom ueke.
(8) Annca ntnonnxer +ro.
(9) Hpoanen ornocnr enexntn uek n ank.
(10) Fank nponepxer cnom nonnct n no cnoen ase anntx yexaercx, uro enexntn uek c rakon ynnkantnon
crpokon panee ne enonnponancx. Ecnn +ro rak, ank nauncnxer $1000 na cuer npoanna n sannctnaer ynn-
kantnym crpoky n asy anntx.
(11) Ecnn ynnkantnax crpoka yxe ecrt n ase anntx, ank orkastnaercx npnnxrt enexntn uek n cpannnnaer
nenrn|nkannonnym crpoky na enexnom ueke c xpannmon n ase anntx. Ecnn onn connaamr, ro ank
yexaercx, uro konnx tna cnxra c ueka npoannom. Ecnn nenrn|nkannonnte crpokn pasnnunt, ro ank
snaer, uro uek tn ckonnponan uenonekom, koroptn ero roronnn.
B +rom nporokone npenonaraercx, uro npoanen ne moxer nsmennrt nenrn|nkannonnym crpoky nocne roro,
kak Annca nannmer ee na enexnom ueke. Ha enexnom ueke mor t naxonrtcx px neontmnx knaparon, kor o-
pte no rpeonannm ropronna Annca onxna sanonnnrt kpecrnkamn nnn nonnkamn. enexntn uek mor t trt
cenan ns ymarn, koropax pnercx npn ncnpannennxx.
Tak kak npoanen n ank nsanmoencrnymr nocne roro, kak Annca norparnr entrn, npoanny moryr ncyunrt
nnoxon enexntn uek. Hpakrnueckne peannsannn +roro nporokona mornn t norpeonart or Annct nooxart y
kacconoro annapara, noka npoanen yer pasnpartcx c ankom, rouno rakxe, kak +ro nponcxonr ceronx npn
opaorke nnarexen c ncnontsonannem kpenrntx kaprouek.
Annca rakxe moxer npncnoconrtcx n k +romy. Ona moxer norparnrt konnm enexnoro ueka nropon pas, n a-
nncan ry xe camym nenrn|nkannonnym crpoky na +rane (7). Ecnn npoanen ne neer asy anntx yxe nonyue n-
ntx enexntx uekon, on yer nneen n sanyxenne. 3ry nponemy ycrpanxer cneymmnn nporokon.
Hpomorou X4
Ecnn okaxercx, uro uenonek, ntnncanmnn ankoncknn uek, nontrancx omanyrt npoanna, ro ank moxer s a-
xorert nnunocrt +roro uenoneka. urot cenart +ro, npnercx nepnyrtcx or |nsnuecknx ananornn n mnp kpnnr o-
rpa|nn.
urot cnpxrart nmx Annct n +nekrponnom ueke, moxno nocnontsonartcx meronkon pasenennx cekpera .
(1) Annca roronnr n anonnmntx enexntx uekon na saannym cymmy .
Kaxtn ns uekon coepxnr ynnkantnym crpoky, X, nonyuennym cnyuanntm opasom n ocrarouno nn n-
nym, urot nepoxrnocrt noxnnennx nyx onnakontx crpok tna npenepexnmo mana .
Ha kaxom ueke ecrt rakxe n nap nrontx crpok nenrn|nkannn, I
1
, I
2
, ..., I
n
. (Hmenno rak, n pasnnuntx
nap na rawoo+ ueke.) Kaxax ns +rnx nap renepnpyercx cneymmnm opasom: Annca cosaer crpoky, co-
epxamym ee nmx, apec n npoune cneennx, rpeyemte ankom . 3arem ona ennr +ry crpoky na ne uacrn,
ncnontsyx nporokon enennx cekpera (cm. pasen 3.6) n npyuaer kaxym uacrt, ncnontsyx nporokon npyu e-
nnx nron.
Hanpnmep, I
37
cocronr ns nyx uacren: I
L
37
n I
R
37
. Kaxax uacrt npecrannxer coon naker npyuenntx n-
ron, koroptn Anncy moryr nonpocnrt orkptrt, n ute orkptroe coepxanne moxer trt mrnonenno npon e-
peno. hmax napa (nanpnmep, I
L
37
n I
R
37
, no ne I
L
37
n I
R
38
), packptnaer nnunocrt Annct. Kaxtn ns
uekon ntrnxnr cneymmnm opasom:
Cyrra
Yuukanuuan cfpoka: :
Cfpoku upeufuqukauu: I I I
L R
1 1 1
= ( , )
I I I
L R
2 2 2
= ( , )
. . . .
I I I
n n n
L R
= ( , )
(2) Annca macknpyer nce n uekon c nomomtm nporokona cnenon nonncn n ornocnr uekn n ank.
(3) Fank npocnr Anncy cnxrt macknponky c n-1 enexntx uekon n yexaercx, uro nce onn npannntno o|op m-
nent. Fank nponepxer cymmy, ynnkantnym crpoky n npocnr Anncy packptrt nce crpokn nenrn|nkannn.
(4) Ecnn ank yonnernopen, ne onapyxnn nontrok momennnuecrna, on nonnctnaer ocranmnncx samacknp o-
nanntn enexntn uek. Fank nosnpamaer samacknponanntn uek Annce n cnnctnaer cymmy c ee cuera.
(5) Annca cnnmaer macknponky c ueka n rparnr ero y npoanna.
(6) Hpoanen nponepxer ankonckym nonnct, yexaxct n sakonnocrn enexnoro ueka .
(7) Hpoanen cnyuanntm opasom npocnr Anncy packptrt nno nente, nno npante nononnnt ncex crpok
nenrn|nkannn na ueke. Ho cyrn, npoanen ntaer Annce cnyuannym n-nronym c1poxy-cenex1op, b
1
, b
2
,
..., b
n
. henym nnn npanym nononnny I
i
orkpoer Annca, sanncnr or snauennx b
i
, 0 nnn 1.
(8) Annca ntnonnxer +ro.
(9) Hpoanen ornocnr enexntn uek n ank.
(10) Fank nponepxer cnom nonnct n no cnoen ase anntx yexaercx, uro enexntn uek c rakon ynnkantnon
crpokon panee ne enonnponancx. Ecnn +ro rak, ank nauncnxer ykasannym cymmy na cuer npoanna n sann-
ctnaer ynnkantnym crpoky n asy anntx.
(11) Ecnn ynnkantnax crpoka yxe ecrt n ase anntx, ank orkastnaercx npnnxrt enexntn uek n cpannnnaer
nenrn|nkannonnym crpoky na enexnom ueke c xpannmon n ase anntx. Ecnn onn connaamr, ro ank
yexaercx, uro uek tn ckonnponan npoannom. Ecnn nenrn|nkannonnte crpokn pasnnunt, ro ank sn a-
er, uro uek tn ckonnponan uenonekom, koroptn roronnn +ror enexntn uek. Tak kak nropon npoanen, n o-
nyunnmnn uek, ntan Annce pyrym, uem nepntn, crpoky-cenekrop, ank onapyxnr, uro nx kakon-ro ns
nosnnnn Annca orkptna nenym nononnny onomy npoanny, a npanym - pyromy. Btnonnnn na +rnmn n o-
nonnnamn crpokn nenrn|nkannn onepannm XOR, ank onpeennr nnunocrt Annct.
3ro nectma nnrepecntn nporokon, no+romy nocmorpnm na nero c pasntx cropon .
Moxer nn Annca cmomennnuart? Ee +nekrponnte entrn npecrannxmr coon npocro crpoky nron, koropym
ona nerko moxer ckonnponart. Horparnrt nx n nepntn pas - ne nponema, ona npocro ntnonnnr nporokon, n nce
nponer es nponem. Hpoanen ntacr en na +rane (7) cnyuannym n-nronym crpoky-cenekrop, n Annca orkpoer
nno nenym, nno npanym nononnny kaxon I
i
na +rane (8). Ha +rane (10) ank sannmer nce +rn annte nmecre c
ynnkantnon crpokon enexnoro ueka.
Kora ona nontraercx ncnontsonart re xe +nekrponnte entrn nropon pas, npoanen (ror xe nnn nnon) nt-
acr en na +rane (7) pyrym cnyuannym n-nronym crpoky-cenekrop. Annca onxna ntnonnnrt +ran (8), ee orkas
nemenenno ncrpenoxnr npoanna. Tenept, kora npoanen npnnocnr entrn n ank na +rane (10) , ank neme-
nenno samernr, uro enexntn uek c +ron ynnkantnon crpokon yxe tn enonnponan . Fank cpannnnaer orkptrte
nononnnt crpok nenrn|nkannn. Bepoxrnocrt connaennx nyx cnyuanntx crpok-cenekropon cocrannxer onn
manc ns 2
n
, +roro ne cnyunrcx o cneymmero oneenennx . Tenept ank naxonr napy, nepnax nononnna koropon
tna orkptra n nepntn pas, a nropax - no nropon, ntnonnxer na +rnmn nononnnamn onepannm XOR n nsnnekaer
nmx Annct. Tak ank ysnaer, kro nontrancx nocnontsonartcx uekom naxt .
uro +ror nporokon ne memaer Annce momennnuart, no ee momennnuecrno nourn nanepnxka yer onapyxeno .
Cmomennnuan, Annca ne cmoxer coxpannrt n ranne cnom nnunocrt . Ona ne moxer nsmennrt nn ynnkantnym
crpoky, nn kakym-nnyt ns crpok nenrn|nkannn, nnaue ncnoprnrcx ankonckax nonnct, n npoanen nemene n-
no samernr +ro na +rane (6).
Annca morna t nontrartcx nocynyrt anky nnoxon enexntn uek, rakon, na koropom crpokn nenrn|nk a-
nnn ne packptnamr ee nmenn, nnn, eme nyume, packptnamr nmx koro-ro eme . Bepoxrnocrt, uro rakax ynonka npo-
ckounr mnmo anka na +rane (3), cocrannxer 1 ns n. 3ro ne nenosmoxno, no ecnn mrpa| sa momennnuecrno ocr a-
rouno cypon, Annca ne yer ncntrtnart cyty . Hnn nt moxere ynennunrt uncno nstrountx uekon, npex n-
nxemtx Anncon na +rane (1).
Moxer nn cmomennnuart npoanen? Ero manct axe xyxe. On ne moxer enonnponart enexntn uek na x-
t, ank samernr nonropnoe ncnontsonanne crpokn-cenekropa . On ne cmoxer momennnuart, onnnxx Anncy, rak
kak rontko ona moxer orkptrt nmym crpoky nenrn|nkannn .
He nomoxer omanyrt ank n nmon cronop mexy Anncon n npoannom . Ecnn ank nonncan enexntn uek c
ynnkantnon crpokon, on moxer trt ynepen n rom, uro +ror uek yer onnauen rontko onn pas .
A kak nacuer anka? Moxer nn on ntuncnnrt, uro enexntn uek, nonyuenntn or npoanna, +ro n ecrt ror c a-
mtn uek, koroptn tn nonncan nx Annct? Ha +ranax (2)-(5) Annca samnmena nporokonom cnenon nonncn .
Fank ne cmoxer cnxsart Anncy n uek, axe ecnn on nonnocrtm coxpanxer sannct kaxon rpansaknnn . Fonee roro,
axe oennnnmnct, ank n npoanen ne cmoryr ycranonnrt nnunocrt Annct . Annca moxer nponrnct no mara-
snny n, ocranaxct nonnocrtm anonnmnon, kynnrt ro, uro en nao .
Moxer cmomennnuart Ena. Ecnn ona cmoxer nocnymart nnnnm cnxsn mexy Anncon n npoannom, n ecnn
ona cmoxer opartcx o anka pantme npoanna, ona cmoxer nepnon enonnponart uek . Fank npnmer ero n, uro
xyxe, kora npoanen nontraercx enonnponart cnon uek, ro on yer onnnen n momennnuecrne . Ecnn Ena ykpa-
er +nekrponnte entrn Annct n ycneer norparnrt nx npexe Annct, ro n momennnuecrne yer onnnena
Annca. He cymecrnyer cnocoa nomemart +romy, n +ro xnnxercx npxmtm cnecrnnem anonnmnocrn nannuntx . H
Annca, n npoanen onxnt samnmart cnon nrt rak, kak onn samnmann t cnon entrn .
Mecro +roro nporokona re-ro mexy nporokonom c nocpennkom n camoocrarountm nporokonom . H Annca, n
npoanen onepxmr anky n rom, uro kacaercx ener, no Annca ne onxna onepxrt anky cneennx o cnonx n o-
kynkax.
3uermpouume uauuuume u ueauouoe npueeeuue
V +nekrponntx nannuntx ecrt n cnox remnax cropona . Hnora nmxm ne nyxno rak mnoro cekpernocrn. Cmor-
pnre, kak Annca conepmaer neantnoe npecrynnenne |1575]:
(1) Annca kpaer peenka.
(2) Annca roronnr 10000 anonnmntx enexntx uekon no $1000 (nnn pyroe konnuecrno uekon nyxnoro en oc-
ronncrna).
(3) Annca macknpyer nce 10000 enexntx uekon, ncnontsyx nporokon cnenon nonncn. Ona noctnaer nx nna-
crxm c yrposon ynrt peenka, ecnn ne yyr ntnonnent cneymmne nncrpyknnn :
(a) Bce 10000 enexntx uekon onxnt trt nonncant ankom.
(b) Pesyntrart onxnt trt onynnkonant n rasere .
(4) Bnacrn cornamamrcx.
(5) Annca nokynaer rasery, cnnmaer macknponky c enexntx uekon n naunnaer rparnrt nx . He cmoryr nanrn ee,
npocnenn sa enexntmn uekamn.
(6) Annca ocnooxaer peenka.
3amertre, uro +ra cnryannx ropaso xyxe uem npn ncnontsonannn nmtx |nsnuecknx nocnrenen, nanpnmep,
nannuntx. Fes |nsnueckoro konrakra y nonnnnn ropaso mentme mancon saepxart noxnrnrenx .
Onako, n omem cnyuae +nekrponnte nannunte ne cnnmkom yont nx npecrynnnkon . Hponema n rom, uro
anonnmnocrt paoraer rontko nx onon cropont - nokynarent anonnmen, a npoanen ner . Fonee roro, npoanen
ne cmoxer ckptrt |akr nonyuennx ener . 3nekrponnte nannunte nomoryr npannrentcrny onpeennrt, ckontko
ener nt sapaartnaere, no onpeennrt, kak nt nx rparnre, ocranercx nenosmoxntm .
Peauoume +uermpouume uauuuume
Ionnanckax komnannx, DigiCash, nnaeer ontmen uacrtm narenron n onacrn +nekrponntx nannuntx n pe a-
nnsonana nporokont +nekrponntx nannuntx n paorammnx npoykrax owns. Ecnn nt sannrepeconannct +rnm,
oparnrect n DigiCash BV, Kruislaan 419, 1098 VA Amsterdam, Nethe rlands.
pyeue npomoroum +uermpouumx uauuuumx
Cymecrnymr n pyrne nporokont +nekrponntx nannuntx, cm. |707, 1554, 734, 1633, 973]. Px ns nnx ncnont-
syer nectma nsompennym maremarnky. Pasnnunte nporokont +nekrponntx nannuntx moxno pasennrt na pa s-
nnunte kareropnn. nanoronme cncremt rpeymr, urot npoanen cnxstnancx c ankom npn kaxon npoaxe,
uro ouent noxoxe na ceronxmnnn nporokon nx kpenrntx kaprouek . Ecnn nosnnkaer kakax-nnyt nponema,
ank ne npnnnmaer nannunte, n Annca ne moxer cmomennnuart.
An1onounme cncremt, noonte nporokony X4, ne rpeymr coennennx mexy npoannom n ankom o
okonuannx rpansaknnn mexy npoannom n nokynarenem. 3rn cncremt ne nomemamr Annce momennnuart, no
nmecro +roro onapyxar ee momennnuecrno. Hporokon X4 onapyxnnaer momennnuecrno Annct, packptnax ee
nnunocrt npn nontrke momennnuart. Annca snaer o nocnecrnnxx n, no+romy, ne momennnuaer .
pyron nyrt cocronr n cosannn cnennantnon nnrennekryantnon kaprt (cm. Pasen 24.13), coepxamen s a-
mnmennym mnkpocxemy, nastnaemym nanma1eneu |332, 341, 387]. Mnkpocxema-nanmarent xpannr mnnn-
asy anntx ncex uacren +nekrponntx nannuntx, norpauenntx +ron nnrennekryantnon nnaron. Ecnn Annca n o-
ntraercx ckonnponart kakne-ro +nekrponnte nannunte n norparnrt nx naxt, nnepennax mnkpocxema-
nanmarent onapyxnna t rakym nontrky n ne paspemnna rpansaknnm. Tak kak mnkpocxema-nanmarent
samnmena or nmemarentcrna nsnne, Annca ne cmoxer crepert mnnn-asy anntx es paspymennx nnrennekryan t-
non kaprt. Hannunte entrn moryr oopaunnartcx n +konomnke, kora onn, nakonen yyr enonnponant, ank
moxer nponepnrt nannunte n onpeennrt momennnka, ecnn nponsomen oman.
Hporokont +nekrponntx nannuntx moxno pasennrt n no pyromy npnsnaky . Homnnan +nex1ponnmx uone1
|nkcnponan, nmxm, ncnontsymmnm rakym cncremy, nyxen px moner pasnnuntx nomnnanon . 3nex1ponnme ue-
xn moryr trt ncnontsonant nx nmtx cymm o saannoro makcnmyma, a nenorpauenntn ocrarok moxer trt
nosnpamen na cuer.
nymx ornnuntmn conepmenno ornnuammnmncx pyr or pyra anronomntmn nporokonamn +nekrponntx m o-
ner xnnxmrcx |225, 226, 227] n |563, 564, 565]. Takxe moxno npenoxnrt cncrema NetCash (Cerente nannunte) c
onee cnatmn cnoncrnamn |1048, 1049]. pyron nonon cncremon xnnxercx |289].
B |1211] Tanyakn Okamoro (Tatsuaki Okamoto) n Kasyo Oxra (Kazuo Ohta) nepeuncnnnn mecrt cnoncrn ne-
antnon cncremt +nekrponntx nannuntx:
1. Hesanncnmocrt. Fesonacnocrt +nekrponntx nannuntx ne sanncnr or mecronaxoxennx . Hannunte mo-
ryr trt nepeant no komntmrepntm cerxm.
2. Fesonacnocrt. 3nekrponnte nannunte nentsx ckonnponart n nonropno ncnontsonart .
3. Tanna nnunocrn (Heorcnexnnaemocrt). Tanna nnunocrn nontsonarenx samnmena, cnxst mexy nonts o-
narenem n ero nokynkamn onapyxnrt nenosmoxno.
4. Anronomntn nnarex. Kora nontsonarent pacnnaunnaercx sa nokynky +nekrponntmn nannuntmn, np o-
rokon mexy nontsonarenem n npoannom ntnonnxercx anronomno . To ecrt, marasnny ne nyxno coen-
nxrtcx c nenrpantntm komntmrepom nx opaorkn nnarexa nontsonarenx .
5. Hepememaemocrt. Hannunte moryr nepeanartcx pyrnm nontsonarenxm.
6. ennmocrt. 3aannax cymma +nekrponntx nannuntx moxer trt noenena na uacrn mentmen cymmt .
(Koneuno, omax cymma n konne onxna conrnct.)
Panee npnneennte nporokont yonnernopxmr rpeonannxm 1 , 2, 3 n 4, no ne yonnernopxmr rpeonannxm 5 n
6. Px nanorontx cncrem +nekrponntx nannuntx yonnernopxer ncem rpeonannxm kpome 4 |318, 413, 1243].
Hepnax anronomnax cncrema, yonnernopxmmax rpeonannxm 1 , 2, 3 n 4, noxoxax na ony ns onncanntx, tna
npenoxena |339]. Okamoro n Oxra npenoxnnn cncremy, yonnernopxmmax rpeonannxm c 1 no 5 |1209], onn
rakxe npenoxnnn cncremy, yonnernopxmmym rpeonannxm c 1 no 6, oem anntx nx onoro nnarexa cocra-
nnn npnnnsnrentno 200 meraanr. pyrax anronomnax cncrema +nekrponntx moner c nosmoxnocrtm enennx
onncana n |522].
Cxema +nekrponntx nannuntx, npenoxennax remn xe anropamn |1211], yonnernopxer rpeonannxm c1 no 6
es neoxonmocrn rakoro orpomnoro oema anntx . Omnn oem anntx nx onoro +nekrponnoro nnarexa
cocrannxer okono 20 knnoanr, n nporokon moxer trt ntnonnen sa neckontko cekyn . Anropt paccmarpnnamr
+ry cxemy kak nepnym neantnym cncremy neorcnexnnaemtx +nekrponntx nannuntx .
Auouuume rpeumume rapmouru
3ror nporokon |988] nx samnrt nnunocrn knnenra ncnontsyer neckontko pasnnuntx ankon. Kaxtn knnenr
nmeer cuer n nyx pasnnuntx ankax. Hepntn ank, koropomy nsnecrna nnunocrt uenoneka, moxer sauncnxrt
entrn na ero cuer. Bropon ank snaer knnenra rontko no ncenonnmom (noono nomepnomy cuery n mnenna p-
ckom anke).
Knnenr moxer part entrn ns nroporo anka, okastnax, uro on xnnxercx nnaentnem cuera. Ho, +ror ank ne
snaer nnunocrn uenoneka n ne moxer sauncnxrt entrn na ero cuer. Hepntn ank snaer knnenra n nepeuncnxer
entrn no nropon ank, ne snax ncenonnma. 3arem knnenr anonnmno rparnr +rn entrn. B konne mecxna nropon
ank ntcrannxer cuer nepnomy anky, nepx, uro on ero onnarnr. Hepntn ank nepeaer cuer knnenry, nepx, uro ror
ero onnarnr. Kora knnenr onnaunnaer cuer, nepntn ank nepeuncnxer ononnnrentnte entrn no nropon ank.
Bce rpansaknnn nponoxrcx uepes nocpennka, koroptn encrnyer noono +nekrponnomy ueepantnomy Pesepny:
onnaunnaer ankonckne cuera, perncrpnpyer coomennx n cosaer konrpontntn cne.
Oment mexy knnenrom, npoannom n pasnnuntmn ankamn ocoo ntenent n |988]. Ecnn nce ne cronap n-
namrcx npornn knnenra, ero anonnmnocrt rapanrnponana. Onako, +ro ne +nekrponnte nannunte, ank cnnmkom
nerko moxer momennnuart. Hporokon nosnonxer knnenram nontsonartcx npenmymecrnamn kpenrntx kaprouek,
ne packptnax cnoen nnunocrn.
Hac1u 2
Kpnn1orpaqnueckne ue1opm
Fnana 7
nnna knmua
7.1 nnna cnuue1pnunoro knmua
Fesonacnocrt cnmmerpnunon kpnnrocncremt xnnxercx |ynknnen nyx |akropon: naexnocrn anropnrma n
nnnt knmua. Hepntn onee naxen, no pont nroporo nerue npoemoncrpnponart .
Hycrt naexnocrt anropnrma conepmenna. Ha npakrnke +roro upesntuanno rpyno ocrnrnyrt, no n npnmepe -
ocrarouno nerko. Ho conepmencrnom x nopasymenam orcyrcrnne nyumero nyrn nsnoma kpnnrocncremt, uem
nckptrne rpyon cnnon c nomomtm nepeopa ncex nosmoxntx knmuen .
nx ntnonnennx rakoro nckptrnx kpnnroanannrnky rpeyercx kycouek mn|porekcra n coornercrnymmero o r-
kptroro rekcra, nckptrne rpyon cnnon npecrannxer coon nckptrne c nsnecrntm orkptrtm rekcrom . nx nou-
noro mn|pa kpnnroanannrnky nonaonrcx nok mn|porekcra n coornercrnymmnn orkptrtn rekcr : otuno 64
nra. 3anonyunrt rakne kycoukn orkptroro rekcra n mn|porekcra nerue, uem moxno cee npecrannrt . Kpnnroa-
nannrnk moxer nonyunrt kaknm-ro opasom konnm orkptroro rekcra coomennx n nepexnarnrt coornercrnymmnn
mn|porekcr. On moxer snart uro-ro o |opmare mn|porekcra : nanpnmep, uro +ro |ann n |opmare WordPerfect,
nnn y nero ecrt cranaprntn sarononok coomennx +nekrponnon nourt , nnn |ann karanora UNIX, nnn nsopaxe-
nne n |opmare TIEE, nnn cranaprnax sannct n ase anntx knnenron . Bce +rn |opmart coepxar nekoropte
npeonpeenennte anrt. Kpnnroanannrnky nx rakoro nckptrnx ne nyxno mnoro orkptroro rekcra .
Paccunrart cnoxnocrt nckptrnx rpyon cnnon nerpyno . Ecnn ncnontsyercx 8-nrontn knmu, ro cymecrnyer
2
8
, nnn 256, nosmoxntx knmuen. Cneonarentno, nx onapyxennx npannntnoro knmua norpeyercx, camoe on t-
mee, 256 nontrok, c 50-nponenrnon nepoxrnocrtm nanrn nyxntn knmu nocne nononnnt nontrok . Ecnn nnna
knmua panna 56 nram, ro cymecrnyer 2
56
nosmoxntx knmuen. Ecnn komntmrep moxer nponepnrt mnnnnon kn m-
uen n cekyny, nonck nyxnoro knmua sanmer n cpenem 2285 ner. Ecnn ncnontsyercx 64-nrontn knmu, ro romy
xe cynepkomntmrepy nonaonrcx okono 585000 ner, urot nanrn npannntntn knmu cpen 2
64
nosmoxntx knm-
uen. Ecnn nnna knmua panna 128 nram nonck knmua sanmer 10
25
ner. Bospacr ncenennon cocrannxer ncero 10
10
ner, no+romy 10
25
ner - +ro ontmoe npemx. Hpn 2048-nronom knmue mnnnnon komntmrepon, paorax napannen t-
no n nponepxx mnnnnon knmuen n cekyny, norparxr 10
587
ner n nonckax knmua. K +romy npemenn ncenennax anno
pacmnpnrcx, npenparnnmnct n nnuro nnn coxmercx.
Hpexe uem knartcx nsoperart kpnnrocncremy c 8-knnoanrntm knmuom, ncnomnnre, uro pyron croponon
xnnxercx naexnocrt: anropnrm onxen trt nacrontko esonacen, urot nyumero cnocoa, uem nckptnart ero
rpyon cnnon, ne cymecrnonano. 3ro ne rak npocro, kak moxer nokasartcx. Kpnnrorpa|nx - +ro ronkoe nckyccrno.
Btrnxxmne conepmenntmn kpnnrocncremt uacro okastnamrcx upesntuanno cnatmn . Hapa nsmenennn, nne-
cenntx n cnntnte kpnnrocncremt, moxer pesko ocnanrt nx . Kpnnrorpa|am-nmnrenxm cneyer noneprart no u-
rn napanonantnomy comnennm kaxtn nontn anropnrm. hyume onepxrt anropnrmam, na koroptmn roamn
nnnct npo|eccnonantnte kpnnrorpa|t, ne cymen nsnomart nx, n ne oontmartcx yrnepxennxmn koncrpykropon
anropnrmon o nx rpannosnon esonacnocrn.
Bcnomnnre naxntn momenr ns pasena 1.1: esonacnocrt kpnnrocncrem onxna ocnontnartcx na knmue, a ne
ocoennocrxx anropnrma. Hpenonoxnm, uro kpnnroanannrnky nsnecrnt nce noponocrn namero anropnrma .
Hpenonoxnm, uro y nero ecrt crontko mn|porekcra, ckontko emy nyxno, n uro on nontraercx ntnonnnrt nnre n-
cnnnoe nckptrne c ncnontsonannem rontko mn|porekcra . Hpenonoxnm, uro on nontraercx ntnonnnrt nckptrne
c ncnontsonannem orkptroro rekcra, nmex n cnoem pacnopxxennn crontko anntx, ckontko emy nyxno . Hpeno-
noxnm axe, uro on nontraercx ntnonnnrt nckptrne c ncnontsonannem ntpannoro orkptroro rekcra . Ecnn na-
ma kpnnrocncrema ocranercx esonacnon axe nepe nnnom ncex noontx onacnocren, ro... y nac encrnnrentno
uro-ro ecrt.
Hecmorpx na +ro npeynpexenne npocrpancrno, npeocrannxemoe kpnnrorpa|nen nx manenpa, ocrarouno
nennko. B encrnnrentnocrn, esonacnocrt rakoro rnna no mnornx npakrnuecknx cnryannxx ne nyxna . V ont-
mnncrna nparon ner raknx snannn n ntuncnnrentntx cpecrn, kak y ontmnx npannrentcrn, a rem, kro onaaer
raknmn nosmoxnocrxmn, moxer okasartcx nenyxntm nsnamtnart namy kpnnrocncremy . Ecnn nt oprannsyere sa-
ronop c nentm cneprnyrt ontmoe npannrentcrno, nponepennte n npannntnte anropnrmt, npnneennte n konne
+ron knnrn, yyr nx nac xnsnenno neoxonmt. A nce ocrantnte nycrt npocro nonyuar yonontc rnne.
Oueuru epeeuu u cmouocmu ecrpmmua epyo cuuo
Bcnomnnre, uro nckptrne rpyon cnnon otuno xnnxercx nckptrnem c ncnontsonannem nsnecrnoro orkptroro
rekcra, nx +roro nyxno nemnoro mn|porekcra n coornercrnymmero orkptroro rekcra . Ecnn nt npenonaraere,
uro nanonee +||ekrnnntm cnocoa nsnoma anropnrma xnnxercx nckptrne rpyon cnnon - ontmoe onymenne -
ro knmu onxen trt ocrarouno nnnntm, urot cenart nckptrne nenosmoxntm . Hackontko nnnntm?
Ckopocrt nckptrnx rpyon cnnon onpeenxercx nymx napamerpamn : konnuecrnom nponepxemtx knmuen n
ckopocrtm nponepkn onoro knmua. Fontmnncrno cnmmerpnuntx anropnrmon n kauecrne knmua moryr ncnonts o-
nart n kauecrne knmua nmym nronym nocneonarentnocrt |nkcnponannon nnnt. nnna knmua DES cocrannx-
er 56 nr, ncero moxer trt 2
56
nosmoxntx knmuen. nnna knmuen nx pxa anropnrmon, ocyxaemtx n +ron
knnre, pannt 64 nram, ncero moxer trt 2
64
nosmoxntx knmuen. pyrne anropnrmt ncnontsymr 128-nronte
knmun.
Ckopocrt, c koropon moxer trt nponepen kaxtn knmu, nmeer menee naxnoe snauenne . nx npononmoro
anannsa x npenonaram, uro ckopocrt nponepkn knmua nx kaxoro anropnrma npnmepno onnakona. B encrn n-
rentnocrn ckopocrt nponepkn onoro anropnrma moxer trt n na, rpn nnn axe ecxrt pas ntme uem pyroro .
Ho rak kak nx rex nnn knmuen, nx koroptx mt npononm nonck, npemx noncka n mnnnnont pas ontme, uem
npemx nponepkn onoro knmua, neontmne ornnunx n ckopocrn nponepkn ne nmemr snauennx .
B kpnnronornueckon cpee ontmnncrno cnopon no nonoy nckptrnx rpyon cnnon ckonnenrpnponant nokpyr
anropnrma DES. B 1977 roy Vnr|nn n||n n Maprnn Xennman |497] c|opmynnponann ycnonnx cymecrnonannx
cnennannsnponannon mamnnt no nsnomy DES. 3ra mamnna cocronr ns mnnnnonon mnkpocxem, kaxax ns kor o-
ptx nponepxer mnnnnon knmuen n cekyny. Takax mamnna sa na uaca cmoxer nponepnrt 2
56
sa 20 uacon. Hpn
nckptrnn anropnrma c 64-nrontm knmuom nponepka ncex 2
64
norpeyer 214 nen.
3aaua nckptrnx rpyon cnnon kak yro cnennantno npnymana nx napannentntx nponeccopon . Kaxtn
nponeccop nponepxer nomnoxecrno npocrpancrna knmuen . Hponeccopam ne nyxno omennnartcx mexy coon
nn|opmannen, enncrnenntm ncnontsyemtm coomennem yer coomenne, cnrnannsnpymmee o ycnexe . He rpe-
yercx n ocryn k onomy yuacrky namxrn. Ckoncrpynponart mamnny c mnnnnonom nponeccopon, kaxtn ns kor o-
ptx paoraer nesanncnmo or pyrnx, nerpyno.
Ckoncrpynponart mamnny nx nsnoma rpyon cnnon Mankn Bnnep pemnn |1597, 1598]. (On ckoncrpynponan
mamnny nx DES, no ananns moxer trt ntnonnen nourn nx ncex anropnrmon .) On paspaoran cnennannsnpo-
nannte mnkpocxemt, nnart n cronkn, onennn sarpart n cenan ntno, uro sa mnnnnon onnapon moxno nocrp o-
nrt mamnny, koropax cmoxer nsnomart 56-nrntn knmu DES key n cpenem sa 3.5 uaca (n nanepnxka sa 7 uacon).
Coornomenne cronmocrt/ckopocrt xnnxercx nnnenntm. nx pxa nnn knmuen +rn snauennx ooment n 6-n.
Bcnomnnre o sakone Mypa: momt ntuncnnrentntx cpecrn npnnnsnrentno kaxte 18 mecxnen . 3ro osnauaer,
uro sarpart yyr ymentmartcx na nopxok kaxte nxrt ner, n ro, uro n 1995 roy cronr mnnnnon onnapon, n
2000 roy yer cronrt okono 100000 onnapon. Eme onee ynpocrnrt nponecc ntuncnennn morna t konnenep n-
sannx |724].
nx 56-nrontx knmuen +rn cymmt okastnamrcx nnonne no kapmany ontmnncrny kpynntx kopnopannn n
mnornm kpnmnnantntm oprannsannxm. Boennte mxert ontmnncrna npomtmnenno pasnnrtx crpan moryr
nosnonnrt nsnamtnart n 64-nrnte knmun. Bckptrne 80-nrnoro knmua nce eme sa npeenamn nosmoxnoro , no
ecnn rekymax renennnx coxpannrcx, ro uepes kaknx-nnyt rpnnart ner nce moxer nsmennrtcx .
Koneuno, neneno npornosnponart komntmrepnym momt na 35 ner nnepe . Texnonornueckne npoptnt, nony-
nxpnte n nayunon |anracrnke, moryr cenart +rn npornost cmemntmn . C pyron cropont, nensnecrnte n na-
croxmee npemx |nsnueckne orpannuennx moryr cenart +rn npornost nepeantno onrnmncrnuntmn . B kpnnrorpa-
|nn ymnee trt neccnmncrom. Hpnmenenne n anropnrme 80-nrnoro knmua kaxercx neocrarouno antnonnntm .
Hcnontsynre knmu, nnna koroporo, no mentmen mepe, 112 nr.
Tan. 7-1.
Onenxn cpenero npeuenn nu annapa1noro ncxpm1nu rpyon cnnon n 1995 roy.
nnna knmuen n nrax
Cronmocrt 40 56 64 80 112 128
$100 K 2 cekynt 35 uacon 1 ro 70000 ner 10
14
ner 10
19
ner
$1 M 0.2 cekynt 3.5 uaca 37 nen 7000 ner 10
13
ner 10
18
ner
$10 M 0.02 cekynt 21 mnnyra 4 nx 700 ner 10
12
ner 10
17
ner
$100 M 2 mnnnncekynt 2 mnnyrt 9 uacon 70 ner 10
11
ner 10
16
ner
$1 I 0.2 mnnnncekynt 13 1 uac 7 ner 10
10
ner 10
15
ner
$10 I 0.02. mnnnncekynt 1 cekyna 5.4 mnnyrt 245 nen 10
9
ner 10
14
ner
$100 I 2 mnkpocekynt 0.1 cekynt 32 cekyn 24 nx 10
8
ner 10
13
ner
$1 T 0.2 mnkpocekynt 0.01 cekynt 3 cekynt 2.4 nx 10
7
ner 10
12
ner
$10 T 0.02 mnkpocekynt 1 mnnnncekyna 0.3 cekynt 6 uacon 10
6
ner 10
11
ner
Ecnn nsnommnk ouent cnntno xouer nsnomart knmu, nce, uro emy nyxno, +ro norparnrt entrn .
Cneonarentno, cronr nontrartcx onpeennrt mnnnmantnym "neny" knmua: n npeenax kakon cronmocrn cnee-
nnn moxno nontsonartcx onnm knmuom npexe, uem ero nckptrne craner +konomnueckn ntrontm ? Kpannnn
cnyuan: ecnn mn|ponannoe coomenne cronr $1.39, ro ner |nnanconoro cmtcna ycranannnnart annaparypy cro n-
mocrtm 10 mnnnnonon onnapon nx nsnoma +roro knmua. C pyron cropont, ecnn cronmocrt orkptroro rekcra -
100 mnnnnonon onnapon, ro emn|pnponanne +roro onnounoro coomennx nnonne okynnr cronmocrt annapar y-
pt nsnoma. Kpome roro, cronmocrt mnornx coomennn co npemenem ouent tcrpo naaer .
Hpoepauoe ecrpmmue
Fes cnennannsnponannon annaparypt n orpomntx napannentntx mamnn nckptrne rpyon cnnon namnoro
cnoxnee. Hporpammnoe nckptrne n rtcxun pas menennee, uem annaparnoe .
Peantnax yrposa nporpammnoro nckptrnx rpyon cnnon crpamna ne cnoen nensexnocrtm, a rem, uro rakoe
nckptrne "cnoono". Hnuero ne cronr sarpysnrt npocrannammnn mnkpokomntmrep nponepkon nosmoxntx kn m-
uen. Ecnn npannntntn knmu yer nanen - sameuarentno, ecnn ner - nnuero ne norepxno . Hnuero ne cronr nc-
nontsonart nx +roro nenym cert mnkpokomntmrepon . B neannnx +kcnepnmenrax c DES 40 paounx crannnn n
reuenne onoro nx cymenn nponepnrt 2
34
knmuen |603]. Hpn +ron ckopocrn nx nponepkn ncex knmuen norpe y-
ercx uertpe mnnnnona nen, no ecnn nontrkn nckptrnx yyr npenpnnxrt ocrarountm konnuecrnom nmen , ro
komy-nnyt re-nnyt noneser. Kak tno ckasano n |603]:
Ocnonnon yrposon nporpammnoro nckptrnx xnnxercx cnenoe nesenne . Hpecrantre cee ynnnepcnrerckym cert ns 512 o e-
nnenntx n cert paounx crannnn. nx nekoroptx ynnnepcnrercknx ropokon +ro cert nectma cpenero pasmepa . Takne cern
moryr axe pacnonsrnct no ncemy mnpy, koopnnnpyx cnom exrentnocrt no +nekrponnon noure . Hycrt kaxax paouax crannnx
cnocona paorart (c anropnrmom) co ckopocrtm 15000 mn|ponannn n cekyny. ... C yuerom naknantx pacxoon na nponepky n
cmeny knmuen ymentmnm ckopocrt o . . . 8192 nponepok n cekyny na mamnny. urot, ncnontsyx onncannym cncremy, ncue p-
nart npocrpancrno (56-nrontx) knmuen norpeyercx 545 ner (n npenonoxennn, uro cert rparnr na +ry saauy 24 uaca n
cyrkn). 3amernm, onako, uro c nomomtm raknx ntuncnennn croponnnkn namero cryenra nonyuamr onn manc ns 200000 pac-
kptrt knmu n reuenne onoro nx. 3a onrnn ynken nx manct nospacramr o onoro ns mecrnecxrn mecrn rtcxu . uem tcr-
pee nx annaparypa, nnn uem ontme saencrnonano mamnn, rem nyume cranonxrcx nx manct . Bepoxrnocrt sapaorart na xnsnt,
ntnrptnax na ckaukax, nentcoka, no pasne ne +rn ntnrptmn sanonnxmr coon npecc-pennst . K npnmepy, +ro ropaso ontmax
nepoxrnocrt, uem nosmoxnocrt ntnrptma n npannrentcrnenntx norepexx . "Onn na mnnnnon"? "Onn pas sa rtcxuy ner "?
Fontme nenosmoxno c nonnon ornercrnennocrtm enart rakne saxnnennx . nnxercx nn npnemnemtm +ror npoonxammnncx
pnck?
Hcnontsonanne anropnrma c 64-nrontm knmuom nmecro 56-nronoro knmua enaer +ro nckptrne n 256 pas
cnoxnee. A 40-nrontn knmu enaer kaprnny npocro espaocrnon . Cert ns 400 komntmrepon c nponsnonrent-
nocrtm 32000 mn|ponannn n cekyny moxer sa ent ntnonnnrt nckptrne rpytm nsnomom 40-nronoro knmua .
(B 1992 roy anropnrmt RC2 n RC4 tno paspemeno +kcnoprnponart c 40- nrontm knmuom - cm. pasen 13.8.)
128-nrontn knmu enaer nenenon axe mtcnt o nckptrnn rpytm nsnomom . Ho onenke npomtmnenntx +kc-
nepron k 1996 roy n mnpe yer ncnontsonartcx 200 mnnnnonon komntmrepon . 3ra onenka nknmuaer nce - nr rn-
ranrckoro m+nn|penma Cray o noknorntx komntmrepon. axe ecnn nce +rn komntmrept yyr poment na
nckptrne rpyon cnnon, n kaxtn ns nnx yer ntnonnxrt mnnnnon mn|ponannn n cekyny, npemx packptrnx
knmua nce panno yer n mnnnnon pas ontme npemenn cymecrnonannx ncenennon .
Hepouume cemu
Henponnte cern ne cnnmkom npnront nx kpnnroanannsa, n nepnym ouepet ns-sa |opmt npocrpancrna p e-
mennn. hyume ncero nenponnte cern paoramr c nponemamn, nmemmnmn nenpeptnnoe mnoxecrno pemennn,
onn ns koroptx nyume pyrnx. 3ro nosnonxer nenponntm cerxm oyuartcx, npenarax nce nyumee n nyumne p e-
mennx. Orcyrcrnne nenpeptnnocrn n anropnrme nourn ne ocrannxer mecra oyuennm : nt nno packpoere knmu,
nno ner. (Ho kpannen mepe, +ro nepno npn ncnontsonannn nmoro xopomero anropnrma .) Henponnte cern xopo-
mo paoramr n crpykrypnponanntx cpeax, re oyuenne nosmoxno, no ne n ntcoko+nrponnnnom, kaxymemcx
cnyuanntm mnpe kpnnrorpa|nn.
Bupycm
Camax ontmax rpynocrt n nonyuennn mnnnnonon komntmrepon nx nckptrnx rpytm nsnomom - +ro yenrt
mnnnnont komntmrepntx nnaentnen npnnxrt yuacrne no nckptrnn. Bt mornn t nexnnno nonpocnrt, no +ro
rpeyer mnoro npemenn, n onn moryr ckasart ner. Bt mornn t npoonart cnnon nopnartcx n nx komntmrept, no
+ro norpeyer eme ontme npemenn n moxer sakonunrtcx namnm apecrom. Bt mornn t rakxe ncnontsonart ko m-
ntmrepntn nnpyc, urot pacnpocrpannrt nporpammy nsnoma cpen kak moxno ontmero konnuecrna komntmr e-
pon.
3ra ocoenno konapnax nex nnepnte noxnnnact n |1593]. Bsnommnk nnmer n ntnyckaer na nonm komntmre p-
ntn nnpyc. 3ror nnpyc ne nepe|opmarnpyer xecrknn nck, ne yanxer |annt, no no npemx npocrox komntmrepa
on paoraer na kpnnroanannrnueckon nponemon rpyoro nsnoma. Pasnnunte nccneonannx nokasann, uro komn t-
mrep npocrannaer or 70 o 90 nponenron npemenn, rak uro y nnpyca ne yer nponem c npemenem nx pemennx
+ron saaun. Ecnn on nerpeonarenen n n pyrnx ornomennxx, ro ero paora axe ne yer samerna.
B konne konnon, ona ns mamnna narknercx na npannntntn knmu. B +ror momenr nmemrcx na napnanra np o-
onxennx. Bo nepntx, nnpyc mor t noponrt pyron nnpyc. On ne enan t nnuero, kpome camonocnponsneennx
n yanennx ncex nanenntx konnn nckptnammero nnpyca, no coepxan t nn|opmannm o npannntnom knmue.
3ror nontn nnpyc npocro pacnpocrpanxncx t cpen komntmrepon, noka ne opancx t o komntmrepa uenon e-
ka, koroptn nanncan nepnonauantntn nnpyc.
pyrnm, rpycnnntm noxoom an t ntno na +kpan cneymmero coomennx :
B +rom komntmrepe ecrt ceptesnax omnka. Hoxanyncra nosnonnre 1-8001234567 n nponkrynre oneparopy cneymmee 64-
nronoe uncno:
xxxx xxxx xxxx xxxx
Hepnomy, kro coomnr o +ron omnke yer ntnnaueno nosnarpaxenne 100 onnapon.
Hackontko +||ekrnnno rakoe nckptrne? Hycrt rnnnuntn sapaxenntn komntmrep nponepxer rtcxuy knmuen n
cekyny. 3ra ckopocrt namnoro mentme norennnantntx nosmoxnocren komntmrepa, net mt nonaraem, uro on
nnora yer enart n pyrne nemn. Hpenonoxnm rakxe, uro rnnnuntn nnpyc nn|nnnpyer 10 mnnnnonon
mamnn. 3ror nnpyc moxer nckptrt 56-nrontn knmu sa 83 nx, a 64 nrontn - sa 58 ner. Bam nosmoxno npn-
mnoct t nokynnrt paspaorunkon anrnnnpycnoro nporpammnoro oecneuennx, no +ro yxe namn nponemt . hm-
oe ynennuenne ckopocrn komntmrepon nnn pacnpocrpanennx nnpyca, koneuno, cenano t +ro nanaenne onee
+||ekrnnntm.
Kumacraa uomepea
Knranckax horepex - +knekrnuecknn, no nosmoxntn cnoco cosannx rpomanon napannentnon mamnnt nx
kpnnroanannsa |1278]. Boopasnre, uro mnkpocxema, nckptnammax anropnrm rpyon cnnon co ckopocrtm mnnn n-
on nponepok n cekyny, ncrpoena n kaxtn npoanntn panonpnemnnk n renennsop. Kaxax mnkpocxema sanp o-
rpammnponana nx anromarnueckon nponepkn pasnnunoro naopa knmuen nocne nonyuennx napt orkptrtn
rekcr/mn|porekcr no +|npy. Kaxtn pas kora knranckoe npannrentcrno xouer packptrt knmu, ono nepeaer
ncxonte annte no pano. Bce panonpnemnnkn n renennsopt n crpane naunnamr ntxrert. B koneunom cuere,
npannntntn knmu noxnnxercx na utem-nnyt ncnnee. Knranckoe npannrentcrno nnarnr npns romy uenoneky -
+ro rapanrnpyer, uro pesyntrar yer coomen tcrpo n npannntno, n rakxe cnococrnyer ptnounomy ycnexy p a-
nonpnemnnkon n renennsopon c mnkpocxemamn nckptrnx.
Ecnn y kaxoro uenoneka n Knrae, yt ro myxunna, xenmnna nnn peenok, ecrt panonpnemnnk nnn renen n-
sop, ro npannntnoe snauenne 56-nronoro knmua noxnnrcx uepes 61 cekyny. Ecnn panonpnemnnk nnn renennsop
ecrt rontko y kaxoro ecxroro knranna(uro nnsko k encrnnrentnocrn), ro npannntntn knmu noxnnrcx uepes 10
mnnyr. Hpannntntn 64-nrontn knmu yer packptr uepes 4.3 uaca (43 uaca, ecnn panonpnemnnk nnn renennsop
ecrt rontko y kaxoro ecxroro knranna) .
urot cenart rakoe nckptrne nosmoxntm na npakrnke, neoxonmo cenart px mon|nkannn. Bo nepntx,
npome, urot kaxax mnkpocxema nponepxna cnyuannte, a ne ynnkantnte knmun . 3ro cenaer nckptrne na 39%
menennee, uro ne ouent naxno nx uncen rakoro macmraa . 3arem, Knranckax kommynncrnueckax naprnx onxna
npnnxrt pemenne, uro kaxtn onxen nknmuart cnon npnemnnk nnn renennsop n onpeenennoe npemx, urot
rapanrnponart paory ncex npnemntx ycrponcrn no npemx nepeaun napt orkptrtn rekcr/mn|porekcr . Hakonen,
kaxomy onxno trt npnkasano nosnonnrt n Henrp - nnn kak on ram nastnaercx - kora knmu noxnnxercx y nero
na +kpane n saunrart crpoky uncen, noxnnnmymcx na +kpane .
3||ekrnnnocrt Knranckon norepen nx pasnnuntx crpan n pasnnuntx nnn knmua nokasana n 5-n. cno, uro
Knran okasancx t n nyumem nonoxennn, ecnn t y kaxoro knranna - myxunnt, xenmnnt nnn peenka - an
cnon npnemnnk nnn renennsop. B Coennenntx mrarax xnner mentme nmen, no ropaso ontme annaparypt .
Brar Banomnnr camocroxrentno cmoxer nsnomart 56-nrontn knmu mentme, uem sa ent.
Tan. 7-2.
Onenxn cpenero npeuenn ncxpm1nu rpyon cnnon npn xn1ancxon no1epee
(Bce annte nsxrt ns World Almanac and Book of Facts sa 1995 ro.)
Crpana Hacenenne Konnuecrno renennso-
pon/panonpnemnnkon
Bpemx
56 nr
nsnoma
64 nra
Knran 1190431000 257000000 280 cekyn 20 uacon
CBA 260714000 739000000 97 cekyn 6.9 uaca
Hpak 19890000 4730000 4.2 uaca 44 nx
Hspannt 5051000 3640000 5.5 uaca 58 nen
Banomnnr 470000 1330000 15 uacon 160 nen
Bnnnemykka, Henaa 6100 17300 48 nen 34 roa
Buomexuouoeua
Ecnn nosmoxno cosanne nomnkpocxem, ro tno t rnyno ne nontrartcx ncnontsonart nx n nncrpymenra
kpnnroanannsa nckptrnem rpyon. Paccmorpnm rnnorernueckoe xnnornoe, nastnaemoe "DESosanpom" |1278].
Ono cocronr ns nonornuecknx knerok, ymemmnx nponepxrt nosmoxnte knmun . Hapt "orkptrtn
rekcr/mn|porekcr" nocrynamr n knerkn no nekoropomy onrnueckomy kanany (nnnre nn, nce +rn knerkn npospau-
nt). Pemennx ocrannxmrcx k opranam peun DESosanpa c nomomtm cnennantntx knerok, nyremecrnymmnx no
kponenocnon cncreme xnnornoro.
Tnnnuntn nnosanp cocronr ns 10
14
knerok (es akrepnn). Ecnn kaxax ns nnx ntnonnxer mnnnnon mn|p o-
nannn n cekyny (nennoxon pesyntrar), nckptrne 56-nronoro knmua sanmer cemt ecxrnrtcxuntx cekynt.
Bckptrne 64-nronoro knmua norpeyer mentme, uem ne ecxrtx cekynt. Bckptrne 8-nronoro knmua nce xe
nponnrcx 10
11
ner.
pyron nonornuecknn noxo cocronr n ncnontsonannn renernueckn npoekrnpyemtx kpnnroanannrnuecknx
mopcknx noopocnen, koropte ymemr ntnonnxrt nckptrne kpnnrorpa|nuecknx anropnrmon rpyon cnnon |1278].
Takne oprannsmt, nokptn ontmym onacrt, nosnonnnn t cosart pacnpeenennym mamnny c ontmnm konnu e-
crnom nponeccopon. Hapa "orkptrtn rekcr/mn|porekcr" morna t nepeanartcx no pano uepes cnyrnnk. On a-
pyxenne pesyntrara oprannsmom morno t crnmynnponart nnsnexamne xuenkn nsmennrt nner, coomax pemenne
oparno na cnyrnnk.
Hpenonoxnm, uro rnnnunax knerka mopckon noopocnn - +ro kynk co croponon 10 mnkpon (nosmoxno, +ro
onenka cnepxy, cneonarentno 10
15
knerok sanonnxr kynuecknn merp. Btnnecnnre nx n okean, nokptnax 200
knaparntx mnnt (518 knaparntx knnomerpon) na rnynny onn merp (+ro namn nponemt, kak ocymecrnnrt +ro
- x noam rontko nem), n y nac yer 10
23
noopocnen (onee uem cornen mnnnnapa rannonon), nnanammnx n
okeane. (nx cpannennx, ns rankepa Jalde: ntrekno 10 mnnnnonon rannonon ne|rn.) Ecnn kaxax ns nnx moxer
nponepxrt mnnnnon knmuen n cekyny, ro nx 128-nronoro anropnrma onn packpomr knmu n rontko cnycrx 100
ner. (Bosnnkmee npn +rom nnerenne mopcknx noopocnen - +ro nama nponema.) Kpynnte ocrnxennx n tcrp o-
encrnnn mopcknx noopocnen, nx namerp nnn axe pasmept nxrna n okeane moryr samerno ymentmnrt +rn sn a-
uennx. axe ne cnpamnnanre menx o nanorexnonornn.
1epouuauuecrue oepauuueuua
Onnm ns cnecrnnn sakona nroporo repmonnamnkn xnnxercx ro, uro nx npecrannennx nn|opmannn neo -
xonmo nekoropoe konnuecrno +neprnn. 3annct onnounoro nra, nsmenxmmax cocroxnne cncremt, rpeyer kon n-
uecrna +neprnn ne mentme uem kT; re T - aconmrnax remneparypa cncremt n k - nocroxnnax Fontnmana. (He
nonnynrect, ypok |nsnkn yxe nourn sakonuen.)
Hpnnxn, uro k l.38*10
-16
+pr/K, n uro remneparypa okpyxammen ncenennon 3.2K, neantntn komntmrep, pa-
orax npn 3.2K, norpenxn t 4.4*10
-16
+pra ncxknn pas, kora on ycranannnnaer nnn cpactnaer nr . Paora
komntmrepa npn remneparype onee nnskon, uem remneparypa kocmnueckoro npocrpancrna, norpeonana t o-
nonnnrentntx pacxoon +neprnn nx ornoa renna.
anee, +neprnx, nsnyuaemax namnm Connnem sa ro, cocrannxer okono 1.21*10
41
+pron. 3ro ocrarouno nx
ntnonnennx 2*10
56
nepemen nra n namem neantnom komntmrepe, a +roro, n cnom ouepet, xnarnr nx roro, ur o-
t 187-nrontn cuerunk npoexan nce cnon snauennx . Ecnn mt nocrponm nokpyr Connna c|epy ancona n nep e-
xnarnm es ncxknx norept ncm ero +neprnm sa 32 roa, mt cmoxem nonyunrt komntmrep nx ntuncnennx 2
192
uncen. Koneuno, +neprnn nx nponeennx kaknx-nnyt nonesntx ntuncnennn c +rnm cuerunkom yxe ne
ocranercx.
Ho +ro rontko ona xankax snesa. Hpn nsptne rnnnunon cnepxnonon ntenxercx okono 10
51
+pron. (B cro pas
ontme +neprnn ntenxercx n nne nenrpnno, no nycrt onn noka neramr .) Ecnn ncm +ry +neprnm yacrcx pocnrt
na ony ntuncnnrentnym oprnm, ro nce cnon snauennx cmoxer npnnxrt 219-nrontn cuerunk.
3rn uncna ne nmemr nnuero omero c camon annaparypon, onn npocro nokastnamr makcnmantnte snauennx,
oycnonnennte repmonnamnkon. Kpome roro, +rn uncna narnxno emoncrpnpymr, uro nckptrne rpyon cnnon
256-nronoro knmua yer nenosmoxno, noka komntmrept nocrpoent ns otunon marepnn n pacnonaramrcx n
otunom npocrpancrne.
7.2 nnna o1kpm1oro knmua
Ononanpannennte |ynknnn ocyxannct n pasene 2.3. Ononanpannennon |ynknnen xnnxercx ymnoxenne
nyx ontmnx npocrtx uncen, nonyunrt nponsneenne, nepemnoxnn uncna, nerpyno, no nenerko pasnoxnrt np o-
nsneenne na mnoxnrenn n nonyunrt na ontmnx npocrtx uncna (cm. pasen 11.3). Kpnnrorpa|nx c orkptrtmn
knmuamn ncnontsyer +ry nem nx cosannx ononanpannennon |ynknnn c nmkom . Ha camom ene, +ro noxt, ue
oorasauo, uro pasnoxenne na mnoxnrenn xnnxercx rxxenon nponemon (cm. pasen 11.4). Hackontko ceronx ns-
necrno, +ro noxoxe na npany. H axe ecnn +ro rak, nnkro ne moxer okasart, uro rpynte nponemt encrn n-
rentno rpynt. Bce cunramr, uro pasnoxenne na mnoxnrenn xnnxercx rpynon saauen, no +ro nnkora ne tno
okasano maremarnueckn.
Ha +rom cronr ocranonnrtcx nonoponee. herko npecrannrt, uro ner uepes 50 mt coepemcx nmecre, ncnom n-
nax crapoe opoe npemx, kora nce nmn cunrann, uro pasnoxenne na mnoxnrenn tno rpyntm n nexano n o c-
none kpnnrorpa|nn, a pasnnunte komnannn enann ns +roro entrn. herko noopasnrt, uro yymne ocrnxennx
n reopnn uncen ynpocrxr pasnoxenne na mnoxnrenn nnn ocrnxennx reopnn cnoxnocrn cenamr pasnoxenne na
mnoxnrenn rpnnnantntm. Her npnunn nepnrt n +ro - n ontmnncrno nmen, snammnx ocrarouno, urot nmert
cocrnennoe mnenne, ckaxer nam, uro noonoe pasnnrne cotrnn xnnxercx manonepoxrntm - no ner n npnunn
nepnrt, uro rakoro npoptna ne cnyunrcx.
B nmom cnyuae, omnnnpymmne ceronx anropnrmt mn|ponannx c orkptrtm knmuom ocnonant na rpyn o-
crn pasnoxennx na mnoxnrenn ontmnx uncen, koropte xnnxmrcx nponsneennem nyx ontmnx npocrtx uncen.
(pyrne anropnrmt ocnonant na rak nastnaemon nckpernon nponemon norapn|ma, no noka npenonoxnm, uro
k nen npnmennmt re xe paccyxennx.) 3rn anropnrmt rakxe nocnpnnmunnt k nckptrnm rpyon cnnon, no no
pasnomy. Bsnom +rnx anropnrmon cocronr ne ns nepeopa ncex nosmoxntx knmuen, a ns nontrok pasnoxennx
ontmnx uncen na mnoxnrenn (nnn nsxrnx nckperntx norapn|mon n ouent ontmom koneunon onacrn - rouno
rakax xe nponema). Ecnn uncno cnnmkom mano, nt nnkak ne samnment. Ecnn uncno ocrarouno nennko, ro nt
naexno samnment npornn ncen ntuncnnrentnon momn mnpa, ecnn ona yer nrtcx na +ron saauen c nacro x-
mero npemenn o rex nop, noka Connne ne craner cnepxnonon - rakono ceronxmnee nonnmanne maremarnkn +ron
nponemt. B pasene 11.3 pasnoxenne na mnoxnrenn paccmarpnnaercx maremarnueckn nopono, a sect x orp a-
nnuyct onenkon npemenn pasnoxennx na mnoxnrenn uncen pasnnunon nnnt.
Pasnarart ontmne uncna na mnoxnrenn nenerko, no, k necuacrtm nx npoekrnponmnkon anropnrmon, +ror
nponecc cranonnrcx nce nerue. uro eme xyxe, on cranonnrcx nerue u ontmen ckopocrtm, uem npeckastnanoct
maremarnkamn. B 1976 roy Pnuap Ian (Richard Guy) nncan: " tn t nemano ynnnen, ecnn t kro-nnyt
nayunncx pasnarart na mnoxnrenn nponsnontnte uncna nopxka 10
80
n reuenne annoro cronernx" |680]. B 1977
roy Pon Pnnecr (Ron Rivest) saxnnn, uro pasnoxenne na mnoxnrenn 125-paspxnoro uncna norpeyer 40 kna -
pnnnnonon ner |599]. B 1994 roy tno pasnoxeno na mnoxnrenn 129-paspxnoe uncno |66]. Ecnn ns +roro n
moxno cenart kakne-ro ntnot, ro rontko ro, uro npeckastnart rnyno .
B 4-n npnneent pesyntrart pasnoxennx na mnoxnrenn sa nocnenmm mxnny ner . Camtm tcrptm anro-
pnrmom pasnoxennx na mnoxnrenn xnnxercx knaparnunoe pemero (cm. pasen 11.3).
3rn uncna cnntno nyramr. Ceronx 512-nronte uncna yxe ncnontsymrcx n onepannonntx cncremax. Pasn o-
xenne nx na mnoxnrenn, n nonnax komnpomerannx, raknm opasom, cncremt samnrt, nnonne peantno. uepnt n
Internet mor t cenart +ro n reuenne ynkena.
Tan. 7-3.
Pasnoaenne na unoan1enu c nouomnm "xnapa1nunoro peme1a"
Io
uncno ecxrnuntx paspx-
on n pasnoxennom uncne
Bo ckontko pas cnoxnee pasnoxnrt
na mnoxnrenn 512-nronoe uncno
1983 71 ~20 mnnnnonon
1985 80 ~2 mnnnnonon
1988 90 250000
1989 100 30000
1993 120 500
1994 129 100
Btuncnnrentnax momt otuno nsmepxercx n mips-roax: roonax paora komntmrepa, ntnonnxmmero mnnn n-
on onepannn n cekyny (one-million-instruction-per-second, mips), nnn okono 3*10
13
onepannn. Hpnnxro, uro ma-
mnna c nponsnonrentnocrtm 1 mips-ro +knnnanenrna VAX 11/780 komnannn DEC. To ecrt, mips-ro - +ro ro
paort komntmrepa VAX 11/780 nnn +knnnanenrnoro. (100 MIn Pentium - +ro mamnna n 50 mips, a Intel Paragon
ns 1800 ysnon - npnmepno 50000 mips.)
B 1983 roy pasnoxenne na mnoxnrenn 71-paspxnoro uncna rpeonano 0.1 mips-roa, n 1994 roy pasnoxenne
na mnoxnrenn 129-paspxnoro uncna norpeonano 5000 mips-ner. Takon nsner ntuncnnrentnon momnocrn oy-
cnonnen, n ocnonnom, nneennem pacnpeenenntx ntuncnennn, ncnontsymmnx npemx npocrox cern paounx cra n-
nnn. 3ror noxo tn npenoxen Foom Cnnnepmanom ( Bob Silverman) n nonnocrtm paspaoran Apxanom hen-
crpon (Arjen Lenstra) n Mapkom Manaccom (Mark Manasse). B 1983 roy pasnoxenne na mnoxnrenn ncnontsonano
9.5 uacon nponeccopnoro npemenn na enncrnennom komntmrepe Cray X-MP, n 1994 roy pasnoxenne na mnoxn-
renn sanxno 5000 mips-ner n ncnontsonano npemx npocrox 1600 komntmrepon no ncem mnpe n reuenne npnnns n-
rentno noctmn mecxnen. Conpemennte merot pasnoxennx na mnoxnrenn nosnonxmr ncnontsonart noonte
pacnpeenennte ntuncnennx.
Kaprnna axe npoonxaer yxymartcx. Hontn anropnrm pasnoxennx na mnoxnrenn - pemero omero nonx u n-
cen - samennn knaparnunoe pemero. B 1989 roy maremarnkn ckasann t nam, uro pemero omero nonx uncen
nnkora ne yer nmert npakrnueckoro snauennx . B 1992 roy onn coomnnn t, uro ono peannsyemo, no aer
ntnrptm no cpannennm c knaparnuntm pemerom rontko nx uncen co 130-150 ecxrnuntmn paspxamn n on t-
mnx. Ceronx nsnecrno, uro +ror nontn anropnrm tcrpee, uem knaparnunoe pemero, nx uncen snaunrentno
mentmnx, uem 116-paspxnte |472, 635]. Pemero omero nonx uncen moxer pasnoxnrt na mnoxnrenn 512-
nronoe uncno n 10 pas tcrpee, uem knaparnunoe pemero . Ha 1800-ysnonom komntmrepe Intel Paragon ntnonne-
nne +roro anropnrma sanxno t mentme roa . B 3rd nokasano konnuecrno mips-ner, koropoe rpeyercx nx pasno-
xennx uncen pasnnuntx pasmepon npn ncnontsonannn conpemenntx peannsannn pemera omero nonx uncen
|1190].
Tan. 7-4.
Pasnoaenne na unoan1enn c nouomnm peme1a omero
nonu uncen
Konnuecrno nr Ckontko mips-ner nyxno nx pasnoxe-
nnx
512 30000
768 2*10
8
1024 3*10
11
1280 1*10
14
1536 3*10
16
2048 3*10
20
Kpome roro, pemero omero nonx uncen cranonnrcx nce tcrpee n tcrpee . Maremarnkn nsoperamr nonte
rpmkn, onrnmnsannn, merot, n ner npnunn cunrart, uro +ra renennnx oopnercx. Fnnsknn anropnrm, pemero
cnennantnoro nonx uncen, yxe moxer pasnarart na mnoxnrenn uncna onpeenennon cnennannsnponannon |opmt -
otuno ne ncnontsyemte n kpnnrorpa|nn - ropaso tcrpee, uem pemero omero nonx uncen moxer pasnoxnrt na
mnoxnrenn nmte uncna roro xe pasmepa . Pasymno npenonoxnrt, uro pemero omero nonx uncen moxer trt
onrnmnsnponano, urot ocrnut rakon xe ckopocrn |1190], nosmoxno, uro NSA yxe snaer, kak +ro cenart. B 2-n
nokasano konnuecrno mips-ner, rpeyemoe nx pasnoxennx uncen pasnnunon nnnt npn nomomn pemera cnen n-
antnoro nonx uncen |1190].
Tan. 7-5.
Pasnoaenne na unoan1enn c nouomnm peme1a cnennann-
noro nonu uncen
Konnuecrno nr Ckontko mips-ner nyxno nx pasnoxe-
nnx
512 200
768 100000
1024 3*10
7
1280 3*10
9
1536 2*10
11
2048 4*10
14
B 1991 roy yuacrnnkn cemnnapa Enponenckoro nncrnryra esonacnocrn cncrem ( European Institute for System
Security) cornacnnnct, uro 1024-nrontx moynen yer ocrarouno nx nnrentnoro xpanennx cekperon o 2002
roa |150]. Onako, onn npeynpexann: "Xorx yuacrnnkn +roro cemnnapa xnnxmrcx nyumnmn cnennanncramn n
coornercrnymmnx onacrxx, +ro saxnnenne (no nonoy cpoka esonacnocrn) onxno trt nocnpnnxro c ocropox-
nocrtm." 3ro xopomnn coner.
Vmntn kpnnrorpa| cnepxkoncepnarnnen npn ntope nnn orkptrtx knmuen . urot nonxrt, nackontko nnn-
ntn knmu nam nyxen, nam npnercx onennrt nyxnym esonacnocrt n npemx xnsnn knmua, ne satnax o rekymem
cocroxnnn nckyccrna pasnarart na mnoxnrenn. urot nonyunrt ror xe yponent esonacnocrn, koroptn anano
512-nronoe uncno n nauane noctmnecxrtx, ceronx nam nonaonrcx 1024-nronoe uncno. Ecnn xe nt xornre,
urot namn knmun ocranannct esonacntmn n nnxanmne 20 ner, 1024-nronoe uncno, no nnnmomy, cnnmkom
koporko.
axe ecnn namn konkpernte cekpert ne croxr ycnnnn, nyxntx nx pasnoxennx namero moynx, nt moxere
okasartcx n onacnocrn. Hpecrantre cee anromarnueckym ankonckym cncremy, ncnontsymmym nx esonacnocrn
RSA. M+nnopn moxer npecrart nepe cyom n saxnnrt: "unrann nn nt n rasere sa 1994 ro, uro RSA-129 tn
nsnoman, n uro 512-nronte uncna moryr trt pasnoxent na mnoxnrenn nmon oprannsannen, koropax moxer
norparnrt neckontko mnnnnonon onnapon n nooxart neckontko mecxnen ? Mon ank ncnontsyer nx esonacno-
crn 512-nronte uncna n, mexy npounm, +rn cemt nsxrnn cenant ne mnon ." axe ecnn M+nnopn nxer, cytx,
nepoxrno, moxer norpeonart, urot ank +ro okasan .
Houemy ne ncnontsonart 10000-nronte knmun? Koneuno, moxno, no uem nnnnee namn knmun, rem ontme
cronmocrt ntuncnennn. Bam nyxen knmu, koroptn tn t ocrarouno nnnntm nx oecneuennx esonacnocrn,
no ocrarouno koporknm, urot ero moxno tno ncnontsonart .
Panee n +rom pasene x nastnan npeckasannx rnynocrtm. Tenept x cam nontramct npeckasart koe-uro. B 1-n
npnneent mon pekomenannn no ntopy nnn orkptrtx knmuen n sanncnmocrn or roro, kakon cpok esonacn o-
crn knmua nam nyxen. nx kaxoro roa npnneent rpn nnnt knmua, ona nx uacrnoro nnna, ona nx kpynnon
kopnopannn n ona nx npannrentcrna ontmoro rocyapcrna .
Bor nekoropte coopaxennx ns |66]:
Mt cunraem, uro cmoxem nonyunrt ocryn k 100 rtcxuam komntmrepon es cnepxuenoneuecknx ycnnnn n ne+rnuntx e n-
crnnn. To ecrt, mt ue cooupae+c ntnyckart n Internet "uepnx" nnn paspaartnart nnpyc, koroptn t npeocrannn t nam n t-
uncnnrentnte pecypct. Bo mnornx oprannsannxx mnorne rtcxun mamnn noknmuent k cern . ocryn k nx nosmoxnocrxm no-
rpeyer nckycnon nnnomarnn, no ne xnnxercx nenosmoxntm. Hpnnxn cpenmm nponsnonrentnocrt mamnnt pannon 5 mips n
npemx paort 1 ro, nnonne nosmoxno ocymecrnnrt npoekr, koroptn rpeyer nonmnnnnona mips-ner.
Hpoekr pasnoxennx na mnoxnrenn 129-paspxnoro uncna es snaunrentntx ycnnnn cmor saencrnonart 0.03
nponenra onenounon nonnon ntuncnnrentnon momnocrn Internet |1190]. Pasymno npenonoxnrt, uro xopomo pas-
peknamnponanntn npoekr nonyunr na ro 2 nponenra ncemnpnon ntuncnnrentnon momnocrn .
Hpenonoxnm, uro ynneuenntn kpnnroanannrnk cmoxer nonyunrt n cnoe pacnopxxenne 10000 mips-ner,
ontmax kopnopannx - 10
7
mips-ner, a npannrentcrno ontmon crpant - 10
9
mips-ner. Hpenonoxnm rakxe, uro
ntuncnnrentnax momt yer nospacrart na nopxok kaxte nxrt ner . H , nakonen, npenonoxnm rakxe, uro yc-
nexn n maremarnke pasnoxennx na mnoxnrenn nosnonxr nam packnatnart nmte uncna co ckopocrtm, cpann n-
mon c ron, koropym oecneunnaer pemero cnennantnoro nonx uncen . (3ro noka nenosmoxno, no npoptn moxer
cnyunrtcx n nmon momenr.) 1st pekomenyer nx pasnnuntx ner ncnontsonart c nentm oecneuennx esonacn o-
crn pasnnunte nnnt knmuen.
Tan. 7-6.
Pexouenonannme nnnm o1xpm1mx xnmuen n (n1ax)
Io uacrnoe nnno Kopnopannx Hpannrentcrno
1995 768 1280 1536
2000 1024 1280 1536
2005 1280 1536 2048
2010 1280 1536 2048
2015 1536 2048 2048
He satnanre yunrtnart snaunmocrt knmua. Orkptrte knmun uacro ncnontsymrcx nx nnrentnon oecneu e-
nnx esonacnocrn naxnon nn|opmannn: rnanntn knmu anka nx cncremt +nekrponntx nannuntx, knmu, n c-
nontsyemtn npannrentcrnom nx nornepxennx nacnopron, knmu nn|ponon nonncn rocyapcrnennoro norapn y-
ca. Bosmoxno, ne cronr rparnrt mecxnt mamnnnoro npemenn na nckptrne kakoro-ro nnunoro knmua, no ecnn m o-
xere c nomomtm otroro knmua naneuarart cocrnennte entrn, ro nex cranonnrcx nectma saxnartnammen .
nnna 1024-nronoron knmua ocrarouna nx nonncn uero-nnyt, uro yer nponepeno n reuenne neenn, mec x-
na, axe neckontknx ner. Ho nt xe ne xornre, npecran nepe cyom ner 20 cnycrx c nonncanntm +nekrponntm opasom
okymenrom, cmorpert, kak npornnononoxnax cropona nokastnaer, kak noenart okymenrt, ncnontsyx +ry xe nonnct .
Hpeckastnart onee anekoe yymee eme rnynee. Kro moxer snart, kaknx ycnexon k 2020 roy ocrnrner
ntuncnnrentnax rexnnka, cerente ntuncnennx n maremarnka ? Onako, ecnn oknnyrt nsrnxom ncm kaprnny,
moxno samernrt, uro n kaxom cneymmem ecxrnnernn mt nonyuaem nosmoxnocrt pasnarart na mnoxnrenn
nnoe onee nnnnte uncna, uem n npetymem. 3ro nosnonxer nocrponrt 0-n.
C pyron cropont, rexnnka pasnoxennx na mnoxnrenn moxer ocrnut npeena cnonx nosmoxnocren saonro
o 2045. Xorx x ymam, uro +ro manonepoxrno.
He nce cornacxrcx c monmn pekomenannxmn. NSA ycranonnno nx cnoero Cranapra nn|ponon nonncn
(Digital Signature Standard, cm. pasen 20.1) nnny knmuen or 512 o 1024 nr - namnoro mentme, uem x pekomen-
ym nx nnrentnon esonacnocrn. V Pretty Good Privacy ("Bnonne naexntn cekper", cm. pasen 24.12) makcn-
mantnax nnna knmua RSA cocrannxer 2047 nr. Apxan hencrpa, nyumnn n mnpe packnatnarent na mnoxnrenn,
n reuenne nocnennx 10 ner orkastnaercx enart npeckasannx |949]. B -1-n npnneent pekomenannn Pona Pn-
necra nx nnnt knmuen, koropte cenant n 1990 roy n kaxyrcx mne cnnmkom onrnmncrnuntmn |1323]. Xorx
ero ananns na ymare ntrnxnr xopomo, n neannen ncropnn moxno nanrn npnmept perynxpno nponcxoxmnx
cmpnpnson. urot npeoxpannrt cex or nocnecrnnx +rnx cmpnpnson, ecrt cmtcn ntnpart knmun c sanacom .
Tan. 7-7.
onrocpounmn npornos pasnoaennu
na unoan1enn
Io nnna knmua (n nrax)
1995 1024
2005 2048
2015 4096
2025 8192
2035 16384
2045 32768
Mnnnmantnte onenkn npenonaramr mxer $25000, anropnrm "knaparnunoe pemero " n ckopocrt rexnnu e-
ckoro nporpecca 20 nponenron n ro. Cpenne onenkn npenonaramr mxer 25 mnnnnonon onnapon, anropnrm
"pemero omero nonx uncen" n ckopocrt rexnnueckoro nporpecca 33 nponenra n ro . Makcnmantnte onenkn npe-
nonaramr mxer 25 mnnnnapon onnapon, anropnrm "pemero omero nonx uncen", paorammnn co ckopocrtm
pemera cnennantnoro nonx uncen n ckopocrt rexnnueckoro nporpecca 45 nponenron n ro .
Bcera ecrt nepoxrnocrt roro, uro ycnexn n pasnoxennn na mnoxnrenn yyr nopasnrentnt n nx menx, no x
nontrancx yuecrt +ror mnoxnrent n cnonx npornosax . Ho nouemy mne nyxno nepnrt? nnmt npoemoncrpnponan
cocrnennym rnynocrt, sannmaxct npeckasannxmn .
Tan. 7-8.
On1nunc1nunme pexouenannn Pnnec1a nu nnnm xnm-
uen (n n1ax)
Io Mnnnmantnax Cpenxx Makcnmantnax
1990 398 515 1289
1995 405 542 1399
2000 422 572 1512
2005 439 602 1628
2010 455 631 1754
2015 472 661 1884
2020 489 677 2017
Bmuucueuue c noouom HK
3ro noxoxe na nonmecrno. B 1994 roy heonap 3nman (Leonard M. Adleman) npoemoncrpnponan mero
pemennx saaun NP-nonno1m (cm. pasen 11.2) n noxnmnueckon naoparopnn, ncnontsyx monekynt HK nx
npecrannennx nosmoxntx pemennn saaun |17]. 3aaua, pemennax 3nmanom, tna uacrntm cnyuaem saaun
nanpannennoro ramnntronona nyrn: ana kapra ropoon, coennenntx ononanpannenntmn oporamn, nyxno na n-
rn nyrt ns ropoa A n ropo Z, koroptn npoxonr uepes kaxtn ropo na kapre rontko onn pas . Kaxtn ropo
tn npecrannen cnoen cnyuannon nenoukon HK c 20 ocnonannxmn. C nomomtm otuntx meroon monekynxp-
non nonornn 3nman cnnresnponan 50 nnkomonen (30 mnnnnonon mnnnnonon monekyn) nenoukn HK, npecran-
nxmmen kaxtn ropo. Kaxax opora tna npecrannena nenoukon HK c 20 ocnonannxmn, no +rn nenoukn
ntnpannct ne cnyuanntm opasom: onn ymeno ntnpannct rak, urot "nauano" nenoukn HK, npecrannxmmen
opory or ropoa P k ropoy K ("opora PK") crpemnnact t coennnrtcx co nenoukon HK, npecrannxmmen
ropo P, a konen oporn PK crpemnncx t coennnrtcx c ropoom K.
3nman cnnresnponan 50 nnkomonen HK, npecrannxmmnx kaxym opory, cmeman nx nmecre c HK rop o-
amn, npecrannxmmen ropoa, n oannn |epmenr nnrasy, koropax cnxstnaer nmecre konnt monekyn HK. Hpa-
nnntno noopannax cnxst mexy nenoukamn HK nx opor n nenoukamn HK nx ropoon npnnonr k romy,
uro nnrasa coennxer nenoukn HK nx opor nmecre npannntntm opasom . To ecrt, "Btxo" oporn PK ncera
yer coennen co "nxoom" kakon-nno oporn, naunnammencx n ropoe K, no nnkora c "ntxoom" nmon o-
porn nnn co "nxoom" oporn, koropax naunnaercx ne n ropoe K. Hocne rmarentno orpannuennoro npemenn pea k-
nnn nnrasa cosana ontmoe konnuecrno nenouek HK, npecrannxmmnx nosmoxnte, no nce panno cnyuannte
oennennx nyren kaprt.
B +rom cyne ns cnyuanntx nyren 3nman moxer nanrn manenmnn cne - moxer trt enncrnennon monekynt
- HK, koropax xnnxercx ornerom saaun. Hcnontsyx otunte merot monekynxpnon nonornn, on yannn nce
nenoukn HK, npecrannxnmne cnnmkom koporkne nnn cnnmkom nnnnte nyrn . (uncno opor n nyxnom nyrn
onxno pannxrtcx uncny ropoon mnnyc onn.) 3arem on yannn nce nenoukn HK, koropte ne npoxonnn uepes
ropo A, sarem re, koropte mnn mnmo ropoa B, n rak anee. Monekyna HK, npomemax uepes +ro cnro, n npe -
crannxer coon nyxnym nocneonarentnocrt opor, xnnxxct pemennem saaun nanpannennoro ramnntronona nyrn .
Ho onpeenennm uacrntn cnyuan saaun NP-nonno1m moxer trt npeopasonan sa nonnnomnantnoe npemx k
uacrnomy cnyuam nmon pyron saaun NP-nonno1m, n, cneonarentno, k saaue o nanpannennom ramnntrononom
nyrn. C cemnecxrtx roon kpnnronorn ntrannct ncnontsonart saaun NP-nonno1m nx kpnnrorpa|nn c orkpt-
rtmn knmuamn.
Xorx uacrntn cnyuan, pemenntn 3nmanom, nectma npocr (cemt ropoon na kapre, npocrtm nanmennem s a-
aua moexr trt pemena sa neckontko mnnyr), +ro nanpannenne rontko nauano pasnnnartcx, n ne cymecrnyer n n-
kaknx npenxrcrnnn nx pacmnpennx annon meronkn na onee cnoxnte saaun . Taknm opasom, paccyxennx o
esonacnocrn kpnnrorpa|nuecknx nporokonon, ocnonanntx na saauax NP-nonno1m, paccyxennx, koropte o
cnx nop naunnannct cnonamn, "Hpenonoxnm, uro y npara ecrt mnnnnon nponeccopon, kaxtn ns koroptx n t-
nonnxer mnnnnon nponepok kaxym cekyny", ckopo, moxer trt, yyr naunnartcx cnonamn, "Hpenonoxnm, y
npara ecrt rtcxua |epmenrntx nann, emkocrtm no 20000 nnrpon kaxax ".
Keaumoeme emuucueuua
A renept eme ontmax |anracrnka. B ocnone knanrontx ntuncnennn ncnontsyercx noncrnennax npnpoa m a-
repnn (n nonna, n uacrnna). uoron moxer ononpemenno naxonrtcx n ontmom konnuecrne cocroxnnn. Knaccnu e-
cknm npnmepom xnnxercx ro, uro |oron neer cex kak nonna, ncrpeuax uacrnuno npospaunoe sepkano. On on o-
npemenno n orpaxaercx n npoxonr uepes sepkano noono romy, kak mopckax nonna, yapxxct o nonnonom c n e-
ontmnm ornepcrnem n nem, ononpemenno orpasnrcx or crent n nponer cknost nee . Onako, npn nsmepennn
|oron neer cex noono uacrnne, n rontko ono cocroxnne moxer trt onapyxeno .
B |1443] Hnrep Bop (Peter Shor) oueprnn npnnnnnt nocrpoennx mamnnt nx pasnoxennx na mnoxnrenn, o c-
nonannon na sakonax knanronon mexannkn. B ornnune or otunoro komntmrepa, koroptn moxno npecrannrt kak
mamnny, nmemmee n kaxtn momenr npemenn enncrnennoe |nkcnponannoe cocroxnne, knanrontn komntmrep
onaaer nnyrpennen nonnonon |ynknnen, xnnxmmencx cynepnosnnnen komnnannn nosmoxntx ocnonntx c o-
croxnnn. Btuncnennx npeopasymr nonnonym |ynknnm, menxx nect naop cocroxnnn enntm encrnnem . Taknm
opasom, knanrontn komntmrep nmeer npenmymecrno na knaccnuecknm koneuntm anromarom : on ncnontsyer
knanronte cnoncrna nx uncna pasnoxennx na mnoxnrenn sa nonnnomnantnoe npemx, reopernueckn nosnonxx
nsnomart kpnnrocncremt, ocnonannte na pasnoxennn na mnoxnrenn nnn saaue nckpernoro norapn|ma .
Omenpnsnanno, uro knanrontn komntmrep ne npornnopeunr |ynamenrantntm sakonam knanronon mexan n-
kn. Onako, nenoxoxe, uro knanronax mamnna nx pasnoxennx na mnoxnrenn yer nocrpoena n oospnmom y-
ymem ... ecnn noome yer nocrpoena. Onnm ns rnanntx npenxrcrnnn xnnxercx nponema nekorepenrnocrn ,
koropax xnnxercx npnunnon norepn oruernnnocrn nonnontmn ornammnmn n npnnonr k com komntmrepa . Hs-sa
nekorepenrnocrn knanrontn komntmrep, paorammnn npn 1K, yer cnnartcx kaxym nanocekyny . Kpome roro,
nx nocrpoennx knanronoro ycrponcrna nx pasnoxennx na mnoxnrenn norpeyercx orpomnoe konnuecrno nenr n-
nen, a +ro moxer ne art nocrponrt mamnny. nx npoekra Bopa nyxno conepmennoe ycrponcrno nx nosneennx
n crenent. Bnyrpennne uact ne ncnontsymrcx, no+romy nx pasnoxennx na mnoxnrenn kpnnrorpa|nueckn snau n-
mtx uncen moryr norpeonartcx mnnnnont nnn, nosmoxno, mnnnnapt nnnnnyantntx nenrnnen . Ecnn mnnn-
mantnax nepoxrnocrt orkasa kaxoro ns n knanrontx nenrnnen panna p, ro cpenee konnuecrno ncntrannn, neo-
xonmoe nx ocrnxennx ycnexa, cocrannr (1/(1- p))
n
. uncno nyxntx nenrnnen, no nnnmomy, pacrer nonnnomn-
antno c pocrom nnnt uncna (n nrax), no+romy uncno rpeyemtx nontrok yer pacrn c ynennuennem nnnt
ncnontsyemtx uncen cnepx+kcnonennnantno - xyxe uem npn pasnoxennn enennem !
Ho+romy, xorx knanronoe pasnoxenne na mnoxnrenn ntstnaer nocxnmenne n akaemnuecknx kpyrax, manon e-
poxrno, uro ono yer nmert npakrnueckoe snauenne n oospnmom yymem . Ho ne ronopnre norom, uro x nac ne
npeynpexan.
7.3 Cpannenne pnnn cnuue1pnunmx n o1kpm1mx knmue
Cncrema nsnamtnaercx otuno n ee cnaenmem mecre . Ecnn nt npoekrnpyere cncremy, koropax ncnontsyer n
cnmmerpnunym kpnnrorpa|nm, n kpnnrorpa|nm c orkptrtmn knmuamn, ro nnnt knmuen nx kpnnrorpa|nn
kaxoro rnna onxnt ntnpartcx rak, urot nckptrt nmon ns komnonenron cncremt tno onnakono rpyno .
Feccmtcnenno ncnontsonart cnmmerpnuntn anropnrm co 128-nrontm knmuom nmecre c anropnrmom c orkptr t-
mn knmuamn, ncnontsymmnm 386-nrontn knmu. Touno rak xe eccmtcnenno ncnontsonart n onon cncreme
cnmmerpnuntn anropnrm c 56-nrontm knmuom n anropnrm c orkptrtmn knmuamn, npnmenxmmnn 1024-nrontn
knmu.
B -2-n nepeuncnent nnnt moynen orkptrtx knmuen, rpynocrt pasnoxennx koroptx na mnoxnrenn cpa n-
nnma co cnoxnocrtm nckptrnem rpyon cnnon conocrannenntx nnn nonynxpntx cnmmerpnuntx knmuen .
Tan. 7-9.
nnnm cnuue1pnunmx n o1xpm1mx xnmuen c ananornunon yc-
1onunnoc1nm x ncxpm1nm rpyon cnnon
nnna cnmmerpnunoro
knmua (n nrax)
nnna orkptroro
knmua (n nrax)
56 384
64 512
80 768
112 1792
128 2304
Hs +ron rannna moxno cenart ntno, uro ecnn nt ocrarouno ecnokonrect o cnoen esonacnocrn, urot
ntpart cnmmerpnuntn anropnrm co 112-nrontm knmuom, nam cneyer ntpart nnny moynx n namem anr o-
pnrme c orkptrtmn knmuamn nopxka 1792 nr. Onako, n omem cnyuae cneyer ntnpart nnny orkptroro
knmua onee esonacnym, uem nnna namero cnmmerpnunoro knmua . Orkptrte knmun otuno ncnontsymrcx
ontme n npnmenxmrcx nx samnrt ontmero konnuecrna nn|opmannn .
7.4 Bckpm1ne n penu popennn npo1nn opnonanpannennmx xam-qynkun
Cymecrnyer na cnocoa nckptrnx ononanpannenntx x+m-|ynknnn rpyon cnnon . Hepntn nanonee ouenn-
en: ano snauenne x+m-|ynknnn coomennx, H(M), npary xorenoct t cymert cosart pyron okymenr, M, ra-
kon, uro H(M)H(M). Bropon cnoco onee ronok: npary xorenoct t nanrn na cnyuanntx coomennx , M n M,
raknx, uro H(M)H(M). Takon cnoco nastnaercx c1onxnonenneu n xnnxercx onee npocrtm, uem nepntn, cno-
coom nckptrnx.
Hapaokc nx poxennx xnnxercx cranaprnon crarncrnueckon nponemon. Ckontko uenonek onxno copar t-
cx n onon komnare, urot c nepoxrnocrtm 1/2 xorx t y koro-nnyt ns nnx tn t omnn c namn ent pox e-
nnx? Orner - 183. Xopomo, a ckontko nmen onxno copartcx, urot c nepoxrnocrtm 1/2 xorx t y nonx ns nnx
tn t omnn ent poxennx? Orner ynnnrenen - 23. 23 uenoneka, naxoxmnxcx n komnare, opasymr 253 pa s-
nnuntx napi.
Hanrn koro-nnyt c rem xe nem poxennx - ananornx c nepntm cnocoom nckptrnx, nanrn nyx uenonek c
nponsnontntm onnakontm nem poxennx - ananornx co nroptm cnocoom . Bropon cnoco mnpoko nsnecren kak
ncxpm1ne n enn poaennu.
Hpenonoxnm, uro ononanpannennax x+m-|ynknnx esonacna, n nyumnm cnocoom ee nckptrnx xnnxercx
nckptrne rpyon cnnon. Pesyntrarom |ynknnn xnnxercx m-nronoe uncno. Honck coomennx, x+m-snauenne koro-
poro connaaer c saanntm, n cpenem norpeonan t x+mnponannx 2
m
cnyuanntx coomennn. A nx onapyxe-
nnx nyx coomennn c onnakontm x+m-snauennem norpeyercx rontko 2
m/2
cnyuanntx coomennn. Komntmrepy,
koroptn x+mnpyer mnnnnon coomennn n cekyny, norpeonanoct t 600000 ner, urot nanrn nropoe coomenne
c rem xe 64-nrontm x+m-snauennem. Tor xe komntmrep cmoxer nanrn napy coomennn c omnm x+m-snauennem
npnmepno sa uac
3ro snaunr, uro, ecnn nt onacaerect nckptrnx n ent poxennx, nt onxnt ntnpart nnny x+m-snauennx n
na pasa nnnnee, uem nam norpeonanoct t n npornnnom cnyuae . Hanpnmep, ecnn nt xornre ymentmnrt nepoxr-
nocrt nsnoma namen cncremt o 1 manca ns 2
80
, ncnontsynre 160-nronym ononanpannennym x+m-|ynknnm.
7.5 Kakon ponnm m1u pnnna knmua?
Ha +ror nonpoc ner ennoro ornera, orner +ror sanncnr or cnryannn . urot nonxrt, kakax crenent esonacno-
crn nam nyxna, nt onxnt saart cee neckontko nonpocon . Ckontko cronr nama nn|opmannx? Kak onro ona
onxna esonacno xpannrtcx? Kakont pecypct namnx nparon?
Cnncok knnenron moxer cronrt $1000. unnanconax nn|opmannx npn neoxnannom pasnoe morna t cronrt
$10000. Peknama n annte mapkernnra nx ontmon kopnopannn mornn t cronrt 1 mnnnnon onnapon . Inanntn
knmu nx cncremt +nekrponntx nannuntx moxer cronrt mnnnnapt .
B mnpe ropronnn npemeramn norpenennx cekpert onxnt rontko coxpanxrtcx n reuenne neckontknx mnnyr.
B rasernom nsnece ceronxmnne cekpert - +ro sanrpamnne sarononkn. Hn|opmannx o paspaorke kakoro-ro np o-
ykra, nosmoxno, onxna yer xpannrtcx n cekpere n reuenne roa nnn nyx Hsennx(nporpammt) morna t
tna t onxna ocrartcx cekperom n reuenne roa nnn na. annte nepenncn CBA n coornercrnnn c sakonom
onxnt xpannrtcx n cekpere n reuenne 100 ner.
Cnncok rocren, npnrnamenntx na neuep-cmpnpns n uecrt nx poxennx namen cecrpt, nnrepecen rontko n a-
mnm nmontrntm pocrnennnkam. Topronte cekpert kopnopannn npecrannxmr nnrepec nx konkypnpymmnx
komnannn. Boennte cekpert nnrepecnt npaxecknm noenntm.
B +rnx repmnnax axe moxno onpeennrt rpeonannx k esonacnocrn Moxno . Hanpnmep:
nnna knmua onxna trt rakon, urot nsnommnk, rorontn norparnrt 100 mnnnnonon onnapon, mor nsnomart cncremy n
reuenne roa c nepoxrnocrtm ne onee, uem 1/2
32
, axe c yuerom ckopocrn rexnnueckoro nporpecca 30 nponenron n ro.
B -3-n, uacrnuno nsxron ns |150], npnneent onenkn rpeonannn k esonacnocrn nx pasnnunon nn|opm annn:
Fyymym ntuncnnrentnym momt onennrt nenerko, no nor pasymnoe +mnnpnueckoe npannno : +||ekrnnnocrt
ntuncnnrentntx cpecrn ynannaercx kaxte 18 mecxnen n nospacraer na nopxok kaxte 5 ner . Cneonarentno,
uepes 50 ner camte tcrpte komntmrept yyr n 10 mnnnnapon tcrpee, uem ceronx ! Kpome roro, ne satnan-
re, uro +rn uncna ornocxrcx rontko k ynnnepcantntm komntmrepam, kro snaer, kakne cnennannsnponannte yc r-
poncrna nx nckptrnx kpnnrocncrem yyr paspaorant n cneymmne 50 ner ?
Hpenonarax, uro kpnnrorpa|nuecknn anropnrm yer ncnontsonartcx n nnxanmne 30 ner, nt moxere npe -
crannrt cee, nackontko on onxen trt esonacen . Anropnrm, cosanntn ceronx, nosmoxno ne craner mnpoko
ncnontsonartcx o 2000 roa, n nce eme yer ncnontsonartcx n 2025 nx mn|ponannx coomennn, koropte
onxnt ocranartcx n cekpere o 2075 roa n nosxe.
Tan. 7-10.
Tpeonannu x esonacnoc1n pasnnunon nnqopuannn
Tnnt rpa|nka Bpemx xnsnn
Mnnnmantnax nn-
na knmua (n nrax)
Takrnueckax noennax nn|opmannx mnnyrt/uact 56-64
Oxnnennx o npoykrax, cnnxnnn komnannn, nponen r-
ntx crankax
nn/neenn 64
onronpemennt nsnec-nnant rot 64
Topronte cekpert (nanpnmep, penenr koka-kont) ecxrnnernx 112
Cekpert nooponon omt ~40 ner 128
hnunocrn mnnonon ~50 ner 128
hnunte ena ~50 ner 128
nnnomarnueckne kon|nnkrt ~65 ner 128
annte nepenncn CBA 100 ner no mentmen mepe
128
7.6 Caveat emptor
1
Bcx +ra rnana - npocro mnoro uenyxn. This entire chapter is a whole lot of nonsense. Cmemno ronopnrt axe o
camom nonxrnn npeckasannx ntuncnnrentnon momn na 10, a rem onee na 50 ner nnepe . 3rn pacuert npnnee-
nt rontko nx opnenrnponkn, nn nx uero ontme . 3kcrpanonnpyx npomnoe, mt nonyuaem yymee, koropoe,
nosmoxno, yer nmert mano omero c rpxymen peantnocrtm.
Fytre koncepnaropamn. Ecnn namn knmun nnnnee, uem nam kaxercx neoxonmtm, ro mentmee konnuecrno
rexnonornuecknx cmpnpnson cmoxer nonpenrt nam.
1
a yer ocmorpnrenen nokynarent (narnn.)
Fnana 8
Ynpannenne knmuaun
V Annct n Foa ecrt esonacnax cncrema cnxsn. Onn nrpamr n mtcnenntn nokep, ononpemenno nonnctn a-
mr konrpakrt n axe menxmr nn|ponte nannunte. Hx nporokont esonacnt. Hx anropnrmt -camte nyumne. K
necuacrtm, onn nokynamr cnon knmun or "Keys-R-Us" Ent, uen nosynr - "Bt moxere onepxrt nam: Fesonacnocrt
- cpenee nmx uenoneka, koroporo rypncrnuecknn arenr namen tnmen remn ncrpernn n "Kwik-E-Mart".
Ena ne nyxno nckptnart anropnrmt. En ne nyxno nonarartcx na ronkne e|ekrt nporokonon. Ona moxer n c-
nontsonart nx knmun nx urennx ncex coomennn Annct n Foa, ne npnknatnax nnkaknx kpnnroanannrnuecknx
ycnnnn.
B peantnom mnpe ynpannenne knmuamn npecrannxer coon camym rpynym uacrt kpnnrorpa|nn. Hpoekrnp o-
nart esonacnte kpnnrorpa|nueckne anropnrmt n nporokont ne npocro, no Bt moxere nonoxnrtcx na ontmon
oem akaemnuecknx nccneonannn. Coxpannrt cekper knmuen namnoro rpynee.
Kpnnroanannrnkn uacro nckptnamr n cnmmerpnunte kpnnrocncremt, n kpnnrocncremt c orkptrtmn knmu a-
mn uepes pacnpeenenne knmuen. 3auem Ene ecnokonrtcx o nponeme nckptrnx kpnnrorpa|nueckoro anropnrma
nennkom, ecnn ona moxer noccranonnrt knmu ns-sa neakkyparnoro xpanennx knmua? 3auem en rparnrt 10 mn n-
nnonon onnapon na cosanne mamnna nx kpnnroanannsa, ecnn ona moxer nokynnrt knepka sa 1000 onnapon?
Mnnnnon onnapon sa knepka cnxsn na xopomem mecre n nnnomarnueckom nocontcrne moxer trt ntronon
cenkon. Vonkept roamn npoanann Coneram knmun mn|ponannx BMC CBA. Pykononrent konrppasnekn
HPV cronn mentme 2 mnnnnonon onnapon, nknmuax xeny. 3ro namnoro emenne, uem crponrt orpomnte mam n-
nt nckptrnx n nannmart necrxmnx kpnnroanannrnkon. Ena moxer ntkpacrt knmun. Ona moxer apecronart nnn
noxnmart koro-ro, kro snaer knmun. Ona moxer conpamart koro-ro n nonyuart knmun raknm opasom. (Mopckne
nexornnnt, oxpanxnmne nocontcrno CBA n Mockne ne ycroxnn nepe noonon arakon.) Hamnoro npome nax o-
nrt e|ekrt n nmxx, uem n kpnnrocncr emax.
Annca n Fo onxnt samnmart n cnon knmu, n n ron crenenn mn|pyemte nm annte. Ecnn knmu ne nsmenxrt
perynxpno, ro konnuecrno anntx moxer trt orpomno. K coxanennm, mnorne kommepueckne npoykrt npocro
oxnnxmr "Mt ncnontsyem DES" n satnamr oo ncem ocrantnom. Pesyntrart ne cnnmkom nneuarnxmr.
Hanpnmep, nporpamma DiskLock nx Macintosh (nepcnx 2.l), npoananmaxcx n ontmnncrne marasnnon np o-
rpammnoro oecneuennx, nperenyer na esonacnoe mn|ponanne DES. Ona mn|pyer |annt, ncnontsyx DES. Pe a-
nnsannx DES anropnrma npannntna. Onako, DiskLock coxpanxer knmu DES nmecre c samn|ponanntm |annom.
Ecnn nt snaere, re nckart knmu, n xorert npounrart |ann, mn|ponanntn DiskLock c nomomtm DES, noccran o-
nnre knmu ns mn|ponannoro |anna n sarem pacmn|pontnart |ann. He nmeer snauenne, uro nporpamma ncnonts y-
er mn|ponanne DES - peannsannx aconmrno neesonacna.
antnenmym nn|opmannm ornocnrentno ynpannennx knmuamn moxno nanrn n |457, 98, 1273, 1225, 775, 357].
B cneymmnx pasenax ocyxamrcx nekoropte ns nonpocon n pemennn.
8.1 Fenepaunn knmue
The security of an algorithm rests in the key. If you're using a cryptographically weak process to generate keys,
then your whole system is weak. Eve need not cryptanalyze your encryption algorithm; she can cryptanalyze your key
generation algorithm.
Fesonacnocrt anropnrma cocpeorouena n knmue. Ecnn nt ncnontsyere kpnnrorpa|nueckn cnatn nponecc nx
renepannn knmuen, ro nama cncrema n nenom cnaa. Ene ne nyxno kpnnroanannsnponart nam anropnrm mn|pon a-
nnx, ona moxer kpnnroanannsnponart nam anropnrm renepannn knmuen.
Veuoueuume npocmpaucmea rumue
DES ncnontsyer 56-nrontn knmu c nramn. hmax npannntno saannax 56-nronax crpoka moxer trt kn m-
uom, cymecrnyer 2
56
(10
16
) nosmoxntx knmuen. Norton Discreet for MS-DOS (nepcnn 8.0 n onee pannne) paspe-
maer nontsonartcx rontko knmuam ASCII, enax crapmnn nr kaxoro anra nonem. Hporpamma rakxe npeop a-
syer cnmnont nnxnero perncrpa n nepxnnn perncrp (rak uro nxrtn nr kaxoro anra ncera npornnononoxen
mecromy nra) n nrnopnpyer nr mnamero paspxa kaxoro anra, uro npnnonr k npocrpancrny n 2
40
nosmox-
ntx knmuen. 3rn ymepnte nponeypt renepannn knmuen cenann cnom peannsannm DES n ecxrt rtcxu pas
npome nx nckptrnx.
7-n coepxnr uncno nosmoxntx knmuen nx pasnnuntx orpannuennn na nxonte crpokn. B 6-n npnneeno
npemx, rpeyemoe nx ncuepntnammero nepeopa ncex nosmoxntx knmuen npn mnnnnone nontrok n ceky ny.
Moryr trt ncnontsonant nx nckptrnx rpyon cnnon nmte cnennannsnponannte annaparnte n napannen t-
nte peannsannn. Hpn nponepke mnnnnona knmuen n cekyny (onon mamnnon nnn neckontknmn napannentno)
|nsnueckn nosmoxno packonort knmun ns cnmnonon nnxnero perncrpa n knmun ns nn|p n cnmnonon nnxnero
perncrpa nnnon o 8 anron, an|annrno-nn|ponte knmun - nnnon o 7 anron, knmun ns neuaraemtx cnmnonon
n ASCII-cnmnonon - nnnon o 6 anron, n knmun ns 8-nrontx ASCII-cnmnonon - nnnon o 5 anron.
Tan. 8-1.
Konnuec1no nosuoanmx xnmuen n pasnnunmx npoc1panc1nax xnmuen
4 anra 5 anron 6 anron 7 anron 8 anron
Crpounte yknt (26) 460000 1.2*10
7
3.1*10
8
8.0*10
9
2.1*10
11
Crpounte yknt n nn|pt (36) 1700000 6.0*10
7
2.2*10
9
7.8*10
10
2.8*10
12
An|annrnte n nn|ponte cnmnont
(62)
1.5*10
7
9.2*10
8
5.7*10
10
3.5*10
12
2.2*10
14
Heuaraemte cnmnont (95) 8.1*10
7
7.7*10
9
7.4*10
11
7.0*10
13
6.6*10
15
Cnmnont ASCII (128) 2.7*10
8
3.4*10
10
4.4*10
12
5.6*10
14
7.2*10
16
8-nronte ASCII cnmnont (256) 4.3*10
9
1.1*10
12
2.8*10
14
7.2*10
16
1.8*10
19
Tan. 8-2.
Bpeuu ncuepnmnammero noncxa pasnnunmx npoc1panc1na xnmuen (npn onou unnnnone nponepox n ce-
xyny)
4 anra 5 anron 6 anron 7 anron 8 anron
Crpounte yknt (26) 0.5 cekynt 12 cekyn 5 mnnyr 2.2 uaca 2.4 nx
Crpounte yknt n nn|pt (36) 1.7 cekynt 1 mnnyra 36 mnnyr 22 uaca 33 nx
An|annrnte n nn|ponte cnmnont
(62)
15 cekyn 15 mnnyr 16 uacon 41 ent 6.9 roa
Heuaraemte cnmnont (95) 1.4 mnnyrt 2.1 uaca 8.5 nx 2.2 roa 210 ner
Cnmnont ASCII (128) 4.5 mnnyrt 9.5 uaca 51 ent 18 ner 2300 ner
8-nronte ASCII cnmnont (256) 1.2 uaca 13 nen 8.9 roa 2300 ner 580000 ner
H nomnnre, ntuncnnrentnax momt ynannaercx kaxte 18 mecxnen. Ecnn nt xornre, urot namn knmun tnn
ycronunnt k nckptrnm rpyon cnnon n reuenne 10 ner, nt onxnt coornercrnymmnm opasom nnannponart n c-
nontsonanne knmuen.
Oeueuum emop rumue
Kora nmn camn ntnpamr knmun, onn ntnpamr ymepnte knmun. Onn c ontmen nepoxrnocrtm ntepyr
"Barney", uem "*9 (hH/A". 3ro ne ncera nponcxonr ns-sa nnoxon npakrnkn, npocro "Barney" nerue sanomnnrt
uem "*9 (hH/A". Camtn esonacntn anropnrm n mnpe ne cnntno nomoxer, ecnn nontsonarenn no npnntuke nt n-
pamr nmena cnonx xen (myxen) nx knmuen nnn nnmyr cnon knmun na neontmnx nncroukax n ymaxnnkax. H n-
rennekryantnoe nckptrne rpyon cnnon ne nepenpaer nce nosmoxnte knmun n uncnonom nopxke, no npoyer
cnauana ouennnte knmun.
3ro nastnaercx ncxpm1neu co cnonapeu, noromy uro nanammnn ncnontsyer cnonapt omnx knmuen. +n n-
en Knxnn (Daniel Klein) cmor packonort 40 nponenron naponen na cpenem komntmrepe, ncnontsyx +ror cnoco
nckptrnx |847, 848]. Her, on ne nepenpan onn napont sa pyrnm, ntraxct nonrn n cncremy. On ckonnponan s a-
mn|ponanntn |ann naponen n npenpnnxn nckptrne anronomno. Bor, uro on npoonan:
1. B kauecrne nosmoxnoro naponx nmx nontsonarenx, nnnnnant, nmx mxera n pyrym cnxsannym c u e-
nonekom nn|opmannm. B nenom, na ocnone rakon nn|opmannn npoonanoct o 130 pasnnuntx naponen.
Bor nekoropte ns naponen, nponepxnmnxcx nx nmenn mxera klone n nontsonarenx "Daniel V.
Klein": klone, klone0, klonel, klonel23, dvk, dvkdvk, dklein, Dklein, leinad, nielk, dvklein, danielk,
DvkkvD, DANIEL-KLEIN, (klone), KleinD, n rak anee.
2. Cnona ns pasnnuntx as anntx. Hcnontsonannct cnnckn myxcknx n xencknx nmen (ncero okono
16000), nasnannx mecr (nknmuax nsmenennx, no+romy paccmarpnnannct n "spain", " Spanish", n
"Spaniard"), nmena nsnecrntx nmen, myntr|nntmt n myntrnnnnkannonnte repon, sarononkn, repon n
mecra ns |nntmon n nayunon |anracrnkn, mn|nueckne cymecrna (otrte ns Bullfinchs Mvthologv n
cnonapen mn|nuecknx xnnorntx), cnopr (nknmuax nasnannx koman, nposnnma n cnennantnte repm n-
nt), uncna (sanncannte kak nn|pamn - '2001", rak n yknamn " twelve''), crpokn cnmnonon n uncen ("a",
"aa", "aaa", "aaaa" n r..), knranckne cnorn (ns Piny in Romanization of Chinese, mexynaponoro cran-
apra nnctma no knranckn na anrnoxstunon knannarype), Fnnnx koponx xenmca; nonornueckne re p-
mnnt, pasronopnte n nyntrapnte ntpaxennx (rnna "fuckyou", "ibmsux" n "deadhead"), cranaprt kn a-
nnarypt (rnna "qwerty", "asdf" n "zxcvbn"), cokpamennx (rnna "roygbiv" - nepnte yknt nasnannn nn e-
ron payrn no anrnnnckn - n "ooottafagvah" - mnemonnueckax cxema nx sanomnnannx 12 uepenntx ne p-
non), nmena komntmrepon (nonyuennte ns /etc/hosts), repon, ntect n mecra encrnnx y Bekcnnpa, c a-
mte pacnpocrpanennte cnona xstka Hnm, nasnannx acreponon, conokynnocrt cnon ns pasnnuntx re x-
nnuecknx craren, onynnkonanntx panee Knxnnom. Hroro, nx nontsonarenx paccmarpnnanoct onee
uem 60000 orentntx cnon (c orpactnannem ynnkaron n pasnnuntx cnonapxx).
3. Bapnannn cnon ns nynkra 2. 3ro nknmuano nepeno nepnoro cnmnona n nepxnnn perncrp nnn ero sameny
ynpannxmmnm cnmnonom, nepeno ncero cnona n nepxnnn perncrp, nnnepcnm perncrpa cnona (c n es
ntmeynomxnyroro nsmenennx perncrpa nepnon yknt), sameny yknt "o" na nn|py "0" (rak, urot cn o-
no "scholar" tno rakxe nponepeno kak "sch0lar"), sameny yknt "l" na nn|py "1" (rak, urot cnono
"scholar" tno t rakxe nponepeno kak "scho1ar") n ntnonnenne ananornuntx mannnynxnnn c yknon
"z" n nn|pon "2", a rakxe c yknon "s" n nn|pon "5". pyrax nponepka cocroxna ns nepenoa cnona no
mnoxecrnennoe uncno (nesanncnmo or roro, tno nn cnono cymecrnnrentntm) c yuerom neoxonmtx
npannn, urot "dress" samennnoct na "dresses", "house" - na "houses", a "daisy" - na "daisies". Xorx
Knxnn ne xecrko npnepxnnancx npannn npeopasonannx ko mnoxecrnennomy uncny, no+romy "datum"
crana "datums" (a ne "data"), "sphynx" - "sphynxs" (a ne "sphynges"). Ananornuno, nx npeopasonannx
cnon oannxnnct cy|nkct "-ed", "-er" n "-ing", noono "phase" n "phased," "phaser" n "phasing". 3rn
ononnnrentnte nponepkn oannnn eme 1000000 cnon k cnncky nosmoxntx naponen, koropte npon e-
pxnnct nx kaxoro nontsonarenx.
4. Pasnnunte napnanrt npeopasonannx k nepxnemy perncrpy cnon nynkra 2, ne paccmarpnnanmnxcx n
nynkre 3. Cma nomno npeopasonanne k nepxnemy perncrpy onnountx cnmnonon (rak, urot
"michael" tn rakxe nponepen kak "mIchael", "miChael", "micHael", "michAel", n r..), npeopasonanne
k nepxnemy perncrpy napt cnmnonon ( "MIchael", "MiChael", "MicHael", ..., "mIChael", "mIcHael", n
r..), npeopasonanne k nepxnemy perncrpy rpex cnmnonon, n r.. Hsmenennx onnounoro cnmnona o a-
nnnn k nponepxemtm npnmepno eme 400000 cnon, a nsmenennx napt cnmnonon - 1500000 cnon. Hsmen e-
nnx rpex cnmnonon oannxnn no kpannen mepe eme 3000000 cnon nx kaxoro nontsonarenx, ecnn nx
sanepmennx recrnponannx xnarano npemenn. Hponepka nsmenennx uertpex, nxrn n mecrn cnmnonon
tna npnsnana nenpakrnunon, rak kak nx nx nponepkn ne xnarano ntuncnnrentntx momnocren.
5. 5. Hnocrpannte cnona nx nnocrpanntx nontsonarenen. Cnenn|nuecknn recr, koroptn tn ntnonnen,
nponepxn naponn ns knranckoro xstka nx nontsonarenen c knrancknmn nmenamn. nx knrancknx cn o-
ron ncnontsonancx cranapr Pinyin Romanization, cnorn oennxnnct nmecre n ono-, nyx- n rpe x-
cnoxnte cnona. Tak kak ne tno ntnonneno npenapnrentnon nponepkn cnon na snaunmocrt, ncnonts o-
nancx ncuepntnammnn nepeop. Tak kak n cncreme Pinyin cymecrnyer 298 knrancknx cnoron, ro nmeercx
158404 cnon c nymx cnoramn, n nemnoro ontme 16000000 cnon c rpemx cnoramn. Hoontn cnoco
nckptrnx mor t trt nerko ncnontsonan n nx anrnnnckoro xstka, c yuerom npannn opasonannx np o-
nsnocnmtx nnuero ne snauamnx cnon.
6. Hapt cnon. Oem rakoro ncuepntnammero recra konenercx. urot ynpocrnrt recr, ns /usr/dict/words
ncnontsonannct rontko cnona nnnon rpn nnn uertpe cnmnona. axe npn +rom, uncno nap cnon cocr a-
nnno npnnnsnrentno ecxrt mnnnnonon.
Bckptrne co cnonapem namnoro momnee, kora ono ncnontsyercx npornn |anna knmuen, a ne npornn onoro
knmua. Onnountn nontsonarent moxer trt ocrarouno pasymen n ntpart xopomne knmun. Ecnn ns rtcxun
nmen kaxtn ntnpaer cocrnenntn knmu kak napont komntmrepnon cncremt, ro nennka nepoxrnocrt roro, uro
no kpannen mepe onn uenonek nteper knmu, nmemmnncx n cnonape nsnommnka.
Cuyuaume rumuu
Xopomnmn knmuamn xnnxmrcx crpokn cnyuanntx nron, cosannte nekoroptm anromarnuecknm nponeccom.
Ecnn nnna knmua cocrannxer 64 nra, ro nce nosmoxnte 64-nronte knmun onxnt trt pannonepoxrnt. Ien e-
pnpynre nrt knmuen, nontsyxct nno naexntm ncrounnkom cnyuanntx uncen (cm. pasen 17.14), nno kpnnr o-
rpa|nueckn esonacntm reneparopom ncenocnyuanntx nron (cm. rnant 16 n 17.) Ecnn rakne anromarnueckne
nponecct neocrynnt, pocanre monerky nnn kocrn.
3ro naxno, no ne ynnekanrect ocyxennem roro, xnnxercx nn mym ns snykontx ncrounnkon onee cnyuanntm,
uem mym ns panoakrnnnoro pacnaa. Hn onn ns +rnx ncrounnkon cnyuannoro myma ne conepmenen, no nce onn,
ckopee ncero, yyr ocrarouno xopomn. nx renepannn knmuen naxno ncnontsonart xopomnn reneparop cnyua n-
ntx uncen, no ropaso naxnee ncnontsonart xopomne anropnrmt mn|ponannx n nponeypt ynpannennx knmu a-
mn. Ecnn nt ecnokonrect o cnyuannocrn namnx knmuen, ncnontsynre onncannym nnxe meronky nepemantnannx
knmua.
Hekoropte anropnrmt mn|ponannx nmemr cnate knmun - cnenn|nueckne knmun, menee esonacnte uem
pyrne knmun. conerym nponepxrt cnaocrt knmua knmuen n, onapyxnn ee, renepnponart nontn. V DES ron t-
ko 16 cnatx knmuen n npocrpancrne 2
56
, rak uro nepoxrnocrt nonyunrt onn ns +rnx knmuen nenepoxrno mana.
3axnnxnoct, uro kpnnroanannrnk ne yer snart o rom, uro ncnontsyercx cnatn knmu, n, cneonarentno, ne cm o-
xer nonyunrt nnkakon ntrot ns nx cnyuannoro ncnontsonannx. Takxe saxnnxnoct, uro nn|opmannm kpnnroan a-
nnrnky aer concem ne ncnontsonanne cnatx knmuen. Onako, nponepka nemnornx cnatx knmuen nacrontko
npocra, uro kaxercx rnyntm npenepeut em.
Ienepannx knmuen nx cncrem kpnnrorpa|nn c orkptrtmn knmuamn rxxenee, noromy uro uacro knmun on x-
nt onaart onpeenenntmn maremarnuecknmn cnoncrnamn (nosmoxno, onn onxnt trt npocrtmn uncnamn,
knaparnuntm ocrarkom, n r..). Merot renepannn ontmnx cnyuanntx npocrtx uncen paccmarpnnamrcx n pa s-
ene 11.5. Baxno nomnnrt, uro c roukn spennx ynpannennx knmuamn cnyuannte crapronte nocneonarentnocrn
nx raknx reneparopon onxnt trt encrnnrentno cnyuannt.
Ienepannx cnyuannoro knmua nosmoxna ne ncera. Hnora nam nyxno nomnnrt nam knmu. (Hnrepecno, ckon t-
ko npemenn nam nonaonrcx, urot sanomnnrt 25e8 56f2 e8ba c820?). Ecnn nam nao renepnponart npocron nx
sanomnnannx knmu, samacknpynre ero. Heanom xnnxercx ro, uro nerko sanomnnrt, no rpyno yraart. Bor n e-
ckontko npenoxennn:
Hapt cnon, pasenennte cnmnonom nynkryannn, nanpnmep, " turtle*moose" nnn "zorch!splat"
Crpokn ykn, xnnxmmnecx akponnmamn nnnntx |pas, nanpnmep, "Mein Luftkissenfahrzeug ist voller Aale!"
cnyxnr nx sanomnnannx knmua "MLivA!"
Kumueeme qpasm
hyumnm pemennem xnnxercx ncnontsonanne nmecro cnona nenon |past n npeopasonanne +ron |past n knmu .
Takne |past nastnamrcx xnmuenmun qpasaun. Meronka c nasnannem nepeuanmnanne xnmua npeopasyer
nerko sanomnnammnecx |past n cnyuannte knmun . nx npeopasonannx rekcronon crpokn nponsnontnon nnnt n
crpoky ncenocnyuanntx nr ncnontsyre ononanpannennym x+m-|ynknnm . Hanpnmep, nerko sanomnnammaxcx
rekcronax crpoka:
My name is Ozymandias, king of kings. Look on my works, ye mighty, and despair.
1
moxer "nepemonortcx" n rakon 64-nrontn knmu:
e6cl 4398 5ae9 0a9b
Koneuno, moxer trt nenerko nnecrn n komntmrep nenym |pasy, ecnn nnonmte cnmnont ne oropaxamrcx
na +kpane. Pasymnte npenoxennx no pemennm +ron nponemt yyr onenent .
Ecnn |pasa ocrarouno nnnna, ro nonyuenntn knmu yer cnyuaen . Bonpoc o rounom cmtcne ntpaxennx
"ocrarouno nnnna" ocraercx orkptrtm. Teopnx nn|opmannn yrnepxaer, uro nn|opmannonnax snaunmocrt
cranaprnoro anrnnnckoro xstka cocrannxer okono 1.3 nra na cnmnon (cm. pasen 11.1). nx 64-nronoro knmua
ocrarounon yer knmuenax |pasa, cocroxmax npnmepno ns 49 cnmnonon, nnn 10 otuntx anrnnncknx cnon. B
kauecrne +mnnpnueckoro npannna ncnontsynre nxrt cnon nx kaxtx 4 anron knmua. 3ro npenoxenne paoraer
c sanacom, net n nem ne yunrtnamrcx perncrp, npoent n snakn nynkryannn .
3ror mero rakxe moxno ncnontsonart nx renepannn sakptrtx knmuen n kpnnrorpa|nuecknx cncremax c o r-
kptrtmn knmuamn: rekcronax crpoka npeopasyercx n cnyuannym crapronym nocneonarentnocrt, a +ra nocne o-
narentnocrt moxer trt ncnontsonana n erepmnnnponannon cncreme, renepnpymmen napt orkptrtn
knmu/sakptrtn knmu.
Btnpax knmuenym |pasy, ncnontsynre uro-nnyt ynnkantnoe n nerko sanomnnammeecx. He ntnpanre |pa-
st ns knnr - npnmep c "Ozymandias" n +rom cmtcne nnox. herko ocrynnt n moryr trt ncnontsonant nx
nckptrnx co cnonapem n copanne counnennn Bekcnnpa, n nanorn ns 3eesouix eou. Btepnre uro-nnyt ry-
mannoe n nnunoe. He saytre o nynkryannn n npeopasonannn perncrpa, ecnn nosmoxno nknmunre uncna n nea n-
|annrnte cnmnont. Hnoxon nnn nckaxenntn anrnnncknn, nnn axe nmon nnocrpanntn xstk, enaer knmuenym
|pasy onee ycronunnon k nckptrnm co cnonapem. Onnm ns npenoxennn xnnxercx ncnontsonanne |past, koro-
pax xnnxercx "norpxcammen epynon", uem-ro raknm, uro nt npx nn sanomnnre n npx nn sannmere .
Hecmorpx na nce nanncannoe sect macknponka ne samenxer ncrnnnym cnyuannocrt. hyumnmn xnnxmrcx cn y-
uannte knmun, koropte rak rxxeno sanomnnrt .
1
Osnmannac, napt napen. Bt, cnntnte mnpa cero, cmorpnre na mon rpyt n rpenemnre.
Cmauapm eeuepauuu rumue X9.17
Cranapr ANSI X9.17 onpeenxer cnoco Ienepannn knmuen (cm. 7th) |55]. On ne cosaer nerko sanomnnam-
mnecx knmun, n ontme noxonr nx renepannn ceancontx knmuen nnn ncenocnyuanntx uncen n cncreme . nx
renepannn knmuen ncnontsyercx kpnnrorpa|nuecknn anropnrm DES, no on moxer trt nerko samenen nmtm
pyrnm anropnrmom.
Luqpoeafu
Luqpoeafu R
i
J
i1
J
i
T
i
Luqpoeafu
Pnc. 8-1. Ienepannu xnmuen ANSI X9.17
Hycrt E
K
(X) - +ro X, samn|ponanntn DES knmuom K, cnennantntm knmuom, npeycmorpenntm nx renep a-
nnn cekperntx knmuen. J
0
- +ro cekpernax 64-nronax crapronax nocneonarentnocrt. T - +ro merka npemenn. nx
renepannn cnyuannoro knmua R
i
ntuncnnm:
R
i
E
K
(E
K
(T
i
) J
i
)
nx renepannn J
i1
, ntuncnnm:
J
i1
E
K
(E
K
(T
i
) R
i
)
nx npenpamennx R
i
n knmu DES, npocro yannre kaxtn noctmon nr. Ecnn nam nyxen 64-nrontn knmu,
ncnontsynre knmu es nsmenennx. Ecnn nam nyxen 128-nrontn knmu, cosanre napy knmuen n oennnre nx .
Ieuepauua rumue e uuucmepcmee oopoum CHA
Mnnncrepcrno oopont CBA nx renepannn cnyuanntx knmuen pekomenyer ncnontsonart DES n pexnme
OEB (cm. pasen 9.8) |1144]. Cosananre knmun DES, ncnontsyx cncremnte nekropa npeptnannx, perncrpt c o-
croxnnx cncremt n cncremnte cuerunkn. Cosananre nekrop nnnnnannsannn, ncnontsyx cncremnte uact, nenr n-
|nkarop cncremt, c rakxe ary n npemx. nx orkptroro rekcra ncnontsynre 64-nronte nennunnt, cosannte
kem-ro pyrnm, nanpnmep, 8 cnmnonon, nneenntx cncremntm amnnncrparopom . Hcnontsynre n kauecrne cnoero
knmua pesyntrar.
8.2 Hennnenme npoc1panc1na knmue
Boopasnre, uro nt - +ro noennax kpnnrorpa|nueckax oprannsannx, cosammax kpnnrorpa|nuecknn moynt
nx namnx nonck. Bt xornre ncnontsonart esonacntn anropnrm, no uro yer, ecnn annaparypa nonaer no np a-
xeckne pykn? Bet nt ne xornre, urot namn npnopt ncnontsonannct nx samnrt epawecrux cekperon.
Ecnn nt moxere nomecrnrt nam anropnrm n samnmenntn moynt, ro nor, uro nt moxere cenart. Horpeynre,
urot moynt npannntno paoran rontko c knmuamn cnennantnon n cekpernon |opmt, a co ncemn pyrnmn kn m-
uamn nx mn|ponannx ncnontsonancx cnntno ocnanenntn anropnrm. Moxno cenart rak, urot nepoxrnocrt
roro, uro kro-ro, ne snammnn +ron cnennantnon |opmt, cnyuanno narknercx na npannntntn knmu, tna ncu e-
samme manon.
Honyunnmeecx npocrpancrno knmuen nastnaercx nennnennmu, noromy uro knmun ne xnnxmrcx onnakono
cnntntmn. (Hpornnononoxntm xnnxercx nnnennoe, nnn nnockoe, npocrpancrno knmuen.) Hpocrtm cnocoom o-
nrtcx +roro moxno, cosanax knmu, cocroxmnn ns nyx uacren: nenocpecrnenno knmua n nekoropon |nkcnp o-
nannon crpokn, mn|ponannon +rnm knmuom. Moynt pacmn|pontnaer crpoky, ncnontsyx knmu. Ecnn pesyntr a-
rom okastnaercx |nkcnponannax crpoka, ro knmu ncnontsyercx kak otuno, ecnn ner, ro ncnontsyercx pyron,
cnatn anropnrm. Ecnn anropnrm nmeer 128-nrontn knmu n 64-nrontn pasmep noka, ro nnna nonnoro knmua
- 192 nra. Taknm opasom, y anropnrma 2
128
+||ekrnnntx knmua, no nepoxrnocrt cnyuanno ntpart npannntntn
cocrannxer onn manc ns 2
64
.
Bt moxere cenart eme xnrpee. Moxno paspaorart rakon anropnrm, uro nekoropte knmun yyr cnntnee
pyrnx. V anropnrma ne yer cnatx knmuen - knmuen, koropte c ouennnocrtm xnnxmrcx neocrarouno sam n-
menntmn - n rem ne menee y nero yer nennnennoe npocrpancrno knmuen.
3ro paoraer rontko, ecnn ncnontsyercx cekperntn anropnrm, koroptn npar ne moxer nepenpoekrnponart, nnn
ecnn pasnnune n cnne knmuen ocrarouno ronko, urot npar ne cmor o nem oraartcx. NSA npoentnano +ro c
cekperntmn anropnrmamn n cnonx moynxx Overtake (cm. pasen 25.1). enann nn onn ro xe camoe c Skipjack (cm.
pasen 13.12)? Hensnecrno.
8.3 Depepaua knmue
Annca n Fo conpamrcx nx esonacnon cnxsn ncnontsonart cnmmerpnuntn kpnnrorpa|nuecknn anropnrm,
nm nyxen omnn knmu. Annca renepnpyer knmu, ncnontsyx reneparop cnyuanntx knmuen. Tenept ona onxna
esonacno nepeart ero Foy. Ecnn Annca cmoxer re-ro ncrpernrt Foa (kakne-nnyt sanopkn, komnara es
okon nnn ona ns nyn Rnnrepa), ro ona cmoxer nepeart emy konnm knmua. B npornnnom cnyuae, y nnx ecrt np o-
nema. Kpnnrorpa|nx c orkptrtmn knmuamn pemaer nponemy nerko n c mnnnmymom npenapnrentntx cornam e-
nnn, no +rn merot ne ncera ocrynnt (cm. pasen 3.1). Hekoropte cncremt ncnontsymr antrepnarnnnte kan a-
nt, cunrammnecx esonacntmn. Annca morna t noctnart Foy knmu c onepenntm noctntntm. Ona morna t
nocnart knmu sakasnon nouron nnn nounon cnyxon ocrankn. Ona morna t ycranannnnart pyron kanan cnxsn c
Foom n naexrtcx, uro ero ro nnkro ne nocnymnnaer.
Annca morna t nocnart Foy cnmmerpnuntn knmu no nx kanany cnxsn - ror, koroptn onn conpamrcx mn |-
ponart. Ho rnyno nepeanart knmu mn|ponannx kanana no +romy xe kanany n orkptrom nne, kro-ro, nocnym n-
nammnn kanan, nanepnxka cmoxer pacmn|pontnart nce coomennx.
Cranapr X9.17 |55] onpeenxer na rnna knmuen: xnmun mnqponannu xnmuen n xnmun annmx. Knmua-
mn mn|ponannx knmuen npn pacnpeenennn mn|pymrcx pyrne knmun. Knmun anntx mn|pymr camn coom e-
nnx. Knmun mn|ponannx knmuen onxnt pacnpeenxrtcx npyunym, (xorx onn moryr trt n esonacnocrn n s a-
mnmennom or nsnoma ycrponcrne, rakom kak kpenrnax kaprouka), no ocrarouno peko. Knmun anntx pacnp e-
enxmrcx ropaso uame. Hoponocrn moxno nanrn n |75]. 3ra nen nyxcnxsntx knmuen uacro ncnontsyercx
npn pacnpeenennn knmuen.
pyrnm pemennem nponemt pacnpeenennx xnnxercx pasnenne knmua na neckontko pasnnuntx uacren (cm.
pasen 3.6) n nepeaua nx no pasnnuntm kananam. Ona uacrt moxer trt nocnana rene|onom, pyrax - nouron,
rpertx - cnyxon nounon ocrankn, uerneprax - nourontm ronyem, n rak anee, (cm. 6-n). Tak npornnnnk moxer
copart nce uacrn, kpome onon, n nce panno nnuero ne ysnaer npo knmu. 3ror mero yer paorart no ncex cn y-
uaxx, kpome kpannnx. B pasene 3.6 ocyxamrcx cxemt pasnennx knmua na neckontko uacren. Annca morna t
axe npnmennrt cxemy conmecrno ncnontsyemoro cekpera, (cm. pasen 3.7), uro acr nosmoxnocrt Foy noccr a-
nannnnart knmu, ecnn nekoropte ns uacren norepxnt npn nepe aue.
k
5
k
4
k
3
k
2
k
1
HofoeL ronyu
Teneqou
4epepanuuan
skcnpecc-nofa
8akasuan nofa
Kypuep
HOHY-ATEHL
Boccfauaenueaef knk
OTHPABHTEHL
enuf knk ua acfu
k
5
k
4
k
3
k
2
k
1
k
5
k
2
Pnc. 8-2. Pacnpeenenne xnmuen no napannennnmu xananau.
Annca esonacno nepeaer Foy knmu mn|ponannx knmuen nnn npn nnunon ncrpeue, nnn c nomomtm rontko
uro paccmorpennon meronkn pasnennx. Kak rontko n y Annct, n y Foa yer knmu mn|ponannx knmuen, An n-
ca cmoxer noctnart Foy knmun anntx na ent no romy xe camomy kanany cnxsn, mn|pyx npn +rom kaxtn
knmu anntx knmuom mn|ponannx knmuen. Tak kak rpa|nka, mn|pyemtn knmuom mn|ponannx knmuen nesn a-
unrenen, ro +ror knmu uacro menxrt ne nyxno. Onako, rak kak komnpomerannx knmua mn|ponannx knmuen m o-
xer ckomnpomernponart nce coomennx, mn|ponannoe ncnontsonanntmn knmuamn anntx, koropte tnn s a-
mn|ponan +rnm knmuom mn|ponannx knmuen, +ror knmu onxen xpannrtcx n esonacnocrn.
Pacnpeeueuue rumue e ououux cemax
Knmun mn|ponannx knmuen, omne nx napt nontsonarenen, xopomo ncnontsonart n neontmnx cerxx, no c
ynennuennem cern rakax cncrema tcrpo cranonnrcx rpomoskon. Tak kak kaxax napa nontsonarenen onxna
omenxrtcx knmuamn, omee uncno omenon knmuamn n cern ns n uenonek panno n(n - l)/2.
B cern c mecrtm nontsonarenxmn norpeyercx 15 omenon knmuamn . B cern ns 1000 nontsonarenen nonao-
nrcx yxe okono 500000 omenon knmuamn. B +rnx cnyuaxx paora cern ropaso onee +||ekrnnna npn ncnonts o-
nannn nenrpantnoro cepnepa (nnn cepnepon) knmuen .
Kpome roro, nmon ns nporokonon cnmmerpnunon kpnnrorpa|nn nnn kpnnrorpa|nn c orkptrtmn knmuamn,
npnneenntx n pasene 3.1, noxonr nx esonacnoro pacnpeenennx knmuen .
8.4 Dponepka knmue
Kak Fo ysnaer, nonyunn knmu, uro knmu nepean Anncon, a ne kem-ro pyrnm, kro ntaer cex sa Anncy? Bce
npocro, ecnn Annca nepeaer emy knmu npn nnunon ncrpeue. Ecnn Annca noctnaer cnon knmu uepes onepennoro
kyptepa, ro kyptepy onxen onepxrt n Fo. Ecnn knmu samn|ponan knmuom mn|ponannx knmuen, ro Fo onxen
onepxrt romy, uro +ror knmu mn|ponannx knmuen ecrt rontko y Annct. Ecnn nx nonncn knmua Annca ncnon t-
syer nporokon +nekrponnon nonncn, Fo npn nponepke nonncn onxen onepxrt ase anntx orkptrtx kn m-
uen,. (Emy rakxe npnercx cunrart, uro Annca coxpannna cnon knmu n esonacnocrn.) Ecnn Henrp pacnpeenennx
knmuen (Key Distribution Center, KDC) nonnctnaer orkptrtn knmu Annct, Fo onxen cunrart, uro ero konnx
orkptroro knmua KDC ne tna nomenena.
Hakonen, ror, kro ynpannxer ncen certm nokpyr Foa, moxer sacrannrt ero ymart nce, uro emy xouercx. M+ n-
nopn moxer nocnart mn|ponannoe n nonncannoe coomenne, ntanax cex sa Anncy. Kora Fo, nponepxx no -
nnct Annct, oparnrcx k ase anntx orkptrtx knmuen, M+nnopn moxer nosnparnrt emy cocrnenntn orkptrtn
knmu. M+nnopn moxer cosart cnon cocrnenntn noentntn KDC n nomennrt orkptrtn knmu nacroxmero
KDC knmuom cnoero cocrnennoro nsennx. Fo nnkak ne cmoxer +ro onapyxnrt.
Hekoropte nmn ncnontsonann +ror aprymenr, yrnepxax, uro kpnnrorpa|nx c orkptrtmn knmuamn ecn o-
nesna. Tak kak enncrnenntn cnoco Annce n Foy snart nanepnxka, uro nnkro ne nsnoman nx knmun, - +ro nn u-
nax ncrpeua, ro kpnnrorpa|nx c orkptrtmn knmuamn noo me ne oecneunnaer esonacnocrt.
3ra rouka spennx nannna. Teopernueckn nce npannntno, no encrnnrentnocrt ropaso cnoxnee. Kpnnrorpa|nx
c orkptrtmn knmuamn, ncnontsyemax nmecre c +nekrponntmn nonncxmn n naexntmn KDC, cnntno ycnoxnxer
nomeny onnm knmuom pyroro. Fo nnkora ne moxer trt aconmrno ynepen, uro M+nnopn ne konrponnpyer
ero peantnocrt nonnocrtm, no Fo moxer snart nanepnxka, uro rakax nomena peantnocrn norpeyer ropaso
ontme pecypcon, uem cmoxer sanonyunrt peantntn M+nnopn.
Fo mor t rakxe nponepxrt knmu Annct no rene|ony, nonyunn nosmoxnocrt ycntmart ee ronoc. Pacnosn a-
nanne ronoca encrnnrentno xnnxercx xopomen cxemon nenrn|nkannn nnunocrn. Ecnn peut ner o orkptrom
knmue, on moxer esonacno ero nonropnrt ero axe npn yrpose nocnymnnannx. Ecnn +ro cekperntn knmu, on
moxer ncnontsonart nx nponepkn knmua onocroponnmm x+m-|ynknnm. Oa TSD PGP (cm. pasen 24.12.) n
AT$T (cm. Pasen 24.18) ncnontsymr +ror cnoco np onepkn knmuen.
Hnora moxer axe ne naxno rouno nponepxrt, komy npnnanexnr orkptrtn knmu. Moxer nonaonrtcx
nponepnrt, uro on npnnanexnr romy xe uenoneky, uro n ro nasa. Ecnn kro-ro noctnaer anky nonncannoe
coomenne o nepenoe ener, ank nonnyer ne ro, kro konkperno cnnmaer entrn, a rontko ro, urot +ror uenonek
tn rem, kro nnec entrn n nepntn pas.
Ouapyxeuue ouuor npu nepeaue rumue
Hnora knmun nckaxamrcx npn nepeaue. 3ro xnnxercx nponemon, rak kak nckaxenntn knmu moxer npnne c-
rn k meraanram nepacmn|ponannoro mn|porekcra. Bce knmun onxnt nepeanartcx c onapyxennem omnok n
ncnpannennem nron. Taknm opasom omnkn npn nepeaue moryr trt nerko onapyxent n, ecnn norpeyercx,
knmu moxer trt nocnan eme pas.
Onnm ns nanonee mnpoko ncnontsyemtx meroon xnnxercx mn|ponanne knmuom nekoropon nocroxnnon n e-
nnunnt n nepeaua nepntx 2-4 anr +roro mn|porekcra nmecre c knmuom. V nonyuarenx enaercx ro xe camoe.
Ecnn mn|ponannte koncranrt connaamr, ro knmu tn nepean es omnkn. Bepoxrnocrt omnkn naxonrcx n
nanasone or 1/2
16
o 1/2
32
.
Ouapyxeuue ouuor npu euuqpupoeauuu
Hnora nonyuarent xouer nponepnrt, xnnxercx nn ero konkperntn knmu npannntntm knmuom cnmmerpnunoro
emn|pnponannx. Ecnn orkptrtn rekcr coomennx npecrannxer coon uro-ro noxoxee na ASCII, on moxer no-
ntrartcx pacmn|ponart n npounrart coomenne. Ecnn orkptrtn rekcr cnyuaen , ro cymecrnymr pyrne npnemt.
Hannntm noxoom xnnnoct t npncoennenne k orkptromy rekcry o mn|ponannx nponepounoro noxa -
nsnecrnoro sarononka. Honyuarent Fo pacmn|pontnaer sarononok n nponepxer, uro on npannnen . 3ro paoraer,
no aer Ene nsnecrntn kycouek orkptroro rekcra, uro nomoraer en kpnnroanannsnponart cncremy . 3ro rakxe o-
neruaer nckptrne mn|pon c koporknm knmuom, raknx kak DES n nce +kcnoprnpyemte mn|pt. Paccunranre sapa-
nee onn pas nx kaxoro knmua nponepounym cymmy, sarem ncnontsynre +ry nponepounym cymmy nx onpeen e-
nnx knmua n nmom coomennn, koropoe nt nepexnarnnn nocne +roro . Hroa nponepounax cymma knmua, n koro-
pym ne nknmuent cnyuannte nnn, no kpannen mepe, pasnnunte annte, onaaer +rnm cnoncrnom . Ho nee +ro
ouent noxoxe na renepannm knmuen no knmuentm |pasam.
Bor nx +roro cnoco nonyume |821]:
(1) Crenepnre nekrop nenrn|nkannn (ornnuntn or ncnontsyemoro n coomennn).
(2) Hcnontsynre +ror nekrop nenrn|nkannn nx renepannn ontmoro noka nron: ckaxem, 512.
(3) X+mnpynre pesyntrar.
(4) Hcnontsynre re xe |nkcnponannte nrt x+m-snauennx, ckaxem, 32, nx konrpontnon cymmt knmua .
3ro roxe aer Ene kakym-ro nn|opmannm, no ouent neontmym . Ecnn ona nontraercx ncnontsonart mnamne
32 nra koneunoro x+m-snauennx nx nckptrnx rpyon cnnon, en npnercx nx kaxoro nepoxrnoro knmua ntno n-
nnrt neckontko mn|ponannn n x+mnponanne, nckptrne rpyon cnnon camoro knmua okaxercx tcrpee .
Ona ne nonyunr nx nponepkn nnkaknx nsnecrntx kycoukon orkptroro rekcra, n axe ecnn ona cymeer nop o-
cnrt nam name xe cnyuannoe snauenne, ona nnkora ne nonyunr or nac ntpanntn orkptrtn rekcr, rak kak on
yer npeopasonan x+m-|ynknnen npexe, uem ona ero ynnnr .
8.5 Hcnonusonanne knmue
Hporpammnoe mn|ponanne pnckonanno. Vmnn re nn, kora npocrte mnkpokomntmrept paorann no ynpa n-
nennem enncrnennon nporpammt. Ceronx npemx Macintosh System 7, Windows NT n UNIX. Henosmoxno cka-
sart, kora onepannonnax cncrema ocranonnr paorammym nporpammy mn|ponannx , sannmer nce na nck n pas-
pemnr ntnonnxrtcx kakon-ro pyron saaue . Kora onepannonnax cncrema, nakonen, nepnercx k mn|ponannm,
urot ram ne mn|ponanoct, kaprnnka moxer okasartcx nectma saannon. Onepannonnax cncrema sanncana np o-
rpammy mn|ponannx na nck, n knmu sanncan nmecre c nen. Knmu, nesamn|ponanntn, yer nexart na ncke,
noka komntmrep ne nannmer uro-nnyt n +ry xe onacrt namxrn nonepx . 3ro moxer cnyunrtcx uepes neckontko
mnnyr, a moxer uepes neckontko mecxnen. 3roro moxer n nnkora ne cnyunrtcx, no knmu nce xe moxer okasartcx
na ncke n ror momenr, kora xecrknn nck rycro npouectnaercx namnm npornnnnkom . B npnopnrernon, mnorosa-
aunon cpee, nx mn|ponannx moxno ycranonnrt ocrarouno ntcoknn npnopnrer, urot +ra onepannx ne np e-
ptnanact. 3ro cnnsnno t pnck. axe npn +rom cncrema n nenom n nyumem cnyuae nenaexna .
Annaparnte peannsannn esonacnee. Mnorne ns ycrponcrn mn|ponannx paspaorant rak, urot nmoe nm e-
marentcrno npnnonno t k ynnuroxennm knmua. Hanpnmep, n nnare mn|ponannx nx IBM PS/2 sannrtn +no k-
cnnon cmonon moynt coepxnr mnkpocxemy DES, arapem n namxrt. Koneuno, Bt onxnt nepnrt, uro npon s-
nonrent annaparypt npannntno peannsonan nce neoxonmte cnoncrna.
Px kommynnkannonntx npnnoxennn, nanpnmep, rene|onnte mn|paropt, moryr ncnontsonart ceanconme
xnmun. Ceancontm nastnaercx knmu, koroptn ncnontsyercx rontko nx onoro ceanca cnxsn - enncrnennoro
rene|onnoro pasronopa - n sarem ynnuroxaercx . Her cmtcna xpannrt knmu nocne roro, kak on tn ncnontsonan .
H ecnn nt ncnontsyere nx nepeaun knmua or onoro aonenra pyromy nekoroptn nporokon omena knmuamn ,
ro +ror knmu ne nyxno xpannrt n nepe ero ncnontsonannem . 3ro snaunrentno cnnxaer nepoxrnocrt komnpomer a-
nnn knmua.
Koumpouo ucnouosoeauua rumue
B nekoroptx npnnoxennxx moxer norpeonartcx konrponnponart nponecc ncnontsonannx ceanconoro knmua .
Hekoroptm nontsonarenxm ceanconte knmun nyxnt rontko nx mn|ponannx nnn rontko nx emn|pnponannx .
Ceanconte knmun moryr trt paspement k ncnontsonannm rontko na onpeenennon mamnne nnn rontko n onp e-
enennoe npemx. Ho onon ns cxem ynpannennx noontmn orpannuennxmn k knmuy oannxercx nex1op xon1po-
nu (Control Vector, CV), nekrop konrponx onpeenxer nx +roro knmua orpannuennx ero ncnontsonannx (cm.
pasen 24.1) |1025, 1026]. 3ror CV x+mnpyercx, a sarem nx nero n rnannoro knmua ntnonnxercx onepannx XOR.
Pesyntrar ncnontsyercx kak knmu mn|ponannx nx mn|ponannx ceanconoro knmua . Honyuenntn ceancontn knmu
sarem xpannrcx nmecre c CV. nx noccranonnennx ceanconoro knmua nyxno x+mnponart CV n ntnonnnrt nx
nero n rnannoro knmua onepannm XOR. Honyuenntn pesyntrar ncnontsyercx nx emn|pnponannx mn|ponann o-
ro ceanconoro knmua.
Hpenmymecrna +ron cxemt n rom, uro nnna CV moxer trt nponsnontnon, n uro CV ncera xpannrcx n or-
kptrom nne nmecre c mn|ponanntm knmuom. Takax cxema ne ntnnraer rpeonannn ornocnrentno ycronunnocrn
annaparypt k nsnomy n npenonaraer orcyrcrnne nenocpecrnennoro ocryna nontsonarenen k knmuam . 3ra cnc-
rema paccmarpnnaercx nnxe n pasenax 24.1 n 24.8.
8.6 Ononnenne knmue
Hpecrantre cee mn|ponanntn kanan nepeaun anntx, nx koroporo nt xornre menxrt knmun kaxtn
ent. Hnora exenennoe pacnpeenenne nontx knmuen xnnxercx nenerkon saoron . Fonee npocroe pemenne - re-
nepnponart nontn knmu ns craporo, rakax cxema nnora nastnaercx ononnenneu xnmua.
Bce, uro nyxno - +ro ononanpannennax |ynknnx . Ecnn Annca n Fo ncnontsymr omnn knmu n npnmenxmr k
nemy ony n ry xe ononanpannennym |ynknnm, onn nonyuar onnakontn pesyntrar . Onn moryr ntpart ns pe-
syntrara nyxnte nm nrt n cosart nontn knmu .
Ononnenne knmuen paoraer, no nomnnre, uro esonacnocrt nonoro knmua onpeenxercx esonacnocrtm cr a-
poro knmua. Ecnn Ene yacrcx sanonyunrt craptn knmu, ona cmoxer ntnonnnrt ononnenne knmuen camocro x-
rentno. Onako, ecnn craporo knmua y Ent ner, n ona ntraercx ntno ornomennm k mn|ponannomy rpa|nky no n-
nnrt nckptrne c ncnontsonannem rontko mn|porekcra , ononnenne knmuen xnnxercx xopomnm cnocoom samnrt
nx Annct n Foa.
8.7 Xpanenne knmue
Hanmenee cnoxntmn npn xpanennn knmuen xnnxmrcx nponemt onoro nontsonarenx, Annct, mn|pymmen
|annt nx nocneymmero ncnontsonannx. Tak kak ona xnnxercx enncrnenntm encrnymmnm nontsonarenem cn c-
remt, rontko ona n orneuaer sa knmu. B nekoroptx cncremax ncnontsyercx npocron noxo : knmu xpannrcx n ro-
none Annct n ontme nnre. 3ro nponemt Annct - nomnnrt knmu n nnonrt ero ncxknn pas, kora en nyxno
samn|ponart nnn pacmn|ponart |ann.
Hpnmepom rakon cncremt xnnxercx IPS |881]. Hontsonarenn moryr nno nnonrt 64-nrontn knmu nenocpe -
crnenno, nno nnecrn knmu kak onee nnnnym cnmnontnym crpoky . B nocnenem cnyuae cncrema renepnpyer 64-
nrontn knmu no crpoke cnmnonon, ncnontsyx rexnnky nepemantnannx knmua .
pyrnm pemennem xnnxercx xpannrt knmu n nne kaproukn c marnnrnon nonockon, nnacrnkonoro knmua c
ncrpoennon mnkpocxemon ROM (nastnaemoro ROM-xnmu) nnn nnrennekryantnon kaproukn |556, 557, 455].
Hontsonarent moxer nnecrn cnon knmu n cncremy, ncrannn |nsnuecknn nocnrent n cunrtnammee ycrponcrno,
ncrpoennoe n ero mn|ponarent nnn noknmuennoe k komntmrepnomy repmnnany . Xorx nontsonarent moxer nc-
nontsonart knmu, on ne snaer ero n ne moxer ero ckomnpomernponart . On moxer ncnontsonart ero rontko rem
cnocoom n rontko nx rex nenen, koropte onpeenent nekropom konrponx.
ROM-knmu - +ro ouent ymnax nex. Hpakrnueckn nmon cnocoen ocosnart, uro rakoe |nsnuecknn knmu, k a-
kono ero snauenne, n kak ero samnrnrt. Hpnanne kpnnrorpa|nueckomy knmuy nekoropon |nsnueckon |opmt e-
naer xpanenne n samnry rakoro knmua nnrynrnnno onee nonxrntm .
3ra rexnnka cranonnrcx onee esonacnon npn pasnennn knmua na ne nononnnt, ona ns koroptx xpannrcx
n repmnnane, a nropax - n ROM-knmue. Tak paoraer esonacntn rene|on STU-III npannrentcrna CBA. Horepx
ROM-knmua ne komnpomernpyer kpnnrorpa|nuecknn knmu - samennre +ror knmu n nce cnona craner nopmantno .
To xe nponcxonr n npn norepe repmnnana . Cneonarentno, komnpomerannx ROM-knmua nnn cncremt ne kom-
npomernpyer kpnnrorpa|nuecknn knmu key - npary nyxno sanonyunrt oe uacrn.
Knmun, koropte rpyno sanomnnrt moxno xpannrt samn|ponanntmn, ncnontsyx uro-ro noxoxee na knmu
mn|ponannx knmuen. Hanpnmep, sakptrtn knmu RSA moxer trt samn|ponan knmuom DES n sanncan na nck.
nx noccranonnennx knmua RSA nontsonarent yer onxen nnecrn knmu DES n nporpammy emn|pnponannx.
Ecnn knmun renepnpymrcx erepmnnnponano (c nomomtm kpnnrorpa|nueckn esonacnoro reneparopa ncen o-
cnyuanntx nocneonarentnocren), moxer trt npn nomomn nerko sanomnnammerocx naponx nerue renepnponart
knmun nonropno ncxknn pas, kora onn nonaoxrcx .
B neane, knmu nnkora ne onxen okastnartcx nne mn|ponantnoro ycrponcrna n nesamn|ponannom nne .
3ra nent ne ncera ocrnxnma, no k +romy nyxno crpemnrtcx .
8.8 Pesepnnme knmun
Annca paoraer rnanntm |nnancncrom n Secrets, Ltd. - "Ham enns - Mt ree ne ckaxem." Kak npnmepntn
cnyxamnn kopnopannn ona n coornercrnnn c nncrpyknnxmn no esonacnocrn mn|pyer nce cnon annte . K necua-
crtm, ona, nponrnopnponan nncrpyknnn no nepexoy ynnnt, nonana no rpysonnk . uro enart npesnenry komna-
nnn Foy?
Ecnn Annca ne ocrannna konnn cnoero knmua, emy npnercx necnako. Bect cmtcn mn|ponannx |annon - n ne-
nosmoxnocrn noccranonnrt nx es knmua. Ecnn Annca ne tna ypon n ne ncnontsonana nnoxnx mn|ponantntx
nporpamm, ro ee |annt nponann nancera.
V Foa ecrt neckontko cnocoon nsexart +roro . Hpocrenmnn nnora nastnamr ycnonnmu npyuenneu xnm-
uen (cm. pasen 4.14). On rpeyer, urot nce corpynnkn sanncann cnon knmun na ymaxkax orann nx nauant-
nnky cnyxt esonacnocrn komnannn, koroptn sanper nx re-nnyt n cen| (nnn samn|pyer nx rnanntm
knmuom). Tenept, urot ne cnyunnoct c Anncon, Fo ysnaer ee knmu y nauantnnka cnyxt esonacnocrn . Eme
ony konnm Fo rakxe onxen xpannrt n cnoem cen|e, n npornnnom cnyuae, ecnn nauantnnk cnyxt esonacn o-
crn nonaer no pyron rpysonnk, Foy cnona ne noneser.
Hponema rakon cncremt ynpannennx knmuamn n rom, uro Fo onxen nepnrt, uro ero nauantnnk cnyxt
esonacnocrn ne nocnontsyercx uyxnmn knmuamn. uro eme ceptesnee, nce corpynnkn onxnt nepnrt, uro n a-
uantnnk cnyxt esonacnocrn ne nocnontsyercx nx knmuamn . Cymecrnenno nyumnm pemennem xnnxercx ncnon t-
sonanne nporokona conmecrnoro ncnontsonannx cekpera (cm. pasen 3.7).
Kora Annca renepnpyer knmu, ona ononpemenno ennr knmu ne neckontko uacren n sarem noctnaer nce ua c-
rn - samn|ponannte, koneuno - pasnnuntm onxnocrntm nnnam komnannn . Hn ona ns +rnx uacren cama no cee
ne xnnxercx knmuom, no nce +rn uacrn moxno copart nmecre n noccranonnrt knmu . Tenept Annca samnmena or
snoymtmnennnkon, a Fo - or norepn ncex anntx Annct nocne ee nonaannx no rpysonnk . Hnn, ona moxer npo-
cro xpannrt pasnte uacrn, samn|ponannte orkptrtmn knmuamn coornercrnymmnx onxnocrntx nnn komnannn,
na cnoem xecrkom ncke. Taknm opasom, nnkro ne yuacrnyer n ynpannennn knmuamn, noka +ro ne craner neox o-
nmtm.
pyrax cxema pesepnnponannx |188] ncnontsyer nx npemennoro ycnonnoro npyuennx knmuen nnrennekryan t-
nte kaproukn (cm. pasen 24.13). Annca moxer nomecrnrt knmu, koroptm sakptr ee xecrknn nck, na nnrenne k-
ryantnym kaprouky n ntart ee Foy, noka ona n orese. Fo moxer ncnontsonart kaprouky nx ocryna k xec r-
komy ncky Annct, no, rak kak knmu xpannrcx na kaprouke, Fo ne cmoxer ero ysnart . Kpome roro, rakax cncrema
konrponnpyema c oenx cropon: Fo moxer nponepnrt, uro knmu orkptnaer nck Annct, a kora Annca nepnercx,
ona cmoxer nponepnrt, ncnontsonan nn Fo pas +ror knmu, n ecnn a, ro ckontko pas .
B noonon cxeme ne nyxna nepeaua anntx. nx esonacnoro rene|ona knmu onxen cymecrnonart rontko
n reuenne pasronopa n ne ontme. nx xpannnnm anntx, kak tno nokasano, ycnonnoe npyuenne knmuen moxer
trt nennoxon neen. repxm knmun npnmepno pas n nxrt ner, a mox namxrt nonyume, uem y mnornx . Ecnn t
200 mnnnnonon uenonek nontsonannct kpnnrorpa|nen , noonax uacrora npnnena t k norepe 40 mnnnnonon
knmuen exerono. xpanm konnn knmuen or moero oma y cocea, noromy uro x mory norepxrt cnon knmun . Ecnn
t knmun or oma tnn noont kpnnrorpa|nuecknm knmuam, ro, norepxn nx, x nnkora ne cmor t nonacrt
nnyrpt n ncrynnrt n cnon npana nnaennx. Takxe, kak x xpanm re-ro n pyrom mecre konnn cnonx anntx, mne
nmeer cmtcn xpannrt n pesepnnte konnn monx knmuen mn|ponannx .
8.9 Ckounpoue1nponannme knmun
Bce nporokont, merot n anropnrmt +ron knnrn esonacnt rontko, ecnn knmu (sakptrtn knmu n cncreme c
orkptrtmn knmuamn) ocraercx n ranne. Ecnn knmu Annct ykpaen, norepxn, naneuaran n rasere nnn ckomnpom e-
rnponan nntm cnocoom, ro nce ee esonacnocrt ncuesner .
Ecnn ckomnpomernponanntn knmu ncnontsonancx nx cnmmerpnunon kpnnrocncremt, Annce npnercx nsm e-
nnrt cnon knmu n naexrtcx, uro cnyunnmnncx ymep mnnnmanen . Ecnn +ro sakptrtn knmu, ee nponemt namno-
ro ontme, rak kak ee orkptrtn knmu moxer xpannrtcx na mnornx cepnepax n cern. H ecnn Ena nonyunr ocryn k
sakptromy knmuy Annct, ona cmoxer ntart cex sa nee n +ron cern : unrart mn|ponannym noury, nonnctnart
koppecnonennnm n konrpakrt, n rak anee. Ena encrnnrentno cmoxer crart Anncon.
+nsnenno neoxonmo, urot nsnecrne o komnpomerannn sakptroro knmua tcrpo pacnpocrpannnoct t no
cern. Hyxno nemenenno nsnecrnrt nce ast anntx orkptrtx knmuen o cnyunnmencx komnpomerannn, urot
nnuero ne noospenammnn uenonek ne samn|ponan coomenne ckomnpomernponanntm knmuom .
Xopomo, ecnn Annca snaer, kora tn ckomnpomernponan ee knmu . Ecnn knmu pacnpeenxer KDC, ro Annca
onxna coomnrt emy o komnpomerannn cnoero knmua . Ecnn KDC ne ncnontsyercx, ro en cneyer nsnecrnrt ncex
koppecnonenron, koropte moryr nonyuart or nee coomennx . Kro-ro onxen onynnkonart ror |akr, uro nmoe
coomenne, nonyuennoe nocne norepn knmua Anncon, xnnxercx noospnrentntm, n uro nnkro ne onxen noctnart
coomennx Annce, ncnontsyx coornercrnymmnn orkptrtn knmu . Pekomenyercx, urot nporpammnoe oecneue-
nne ncnontsonano kakne-nnyt merkn npemenn, rora nontsonarenn cmoryr onpeennrt, kakne coomennx sako n-
nt, a kakne noospnrentnt.
Ecnn Annca ne snaer rouno, kora ee knmu tn ckomnpomernponan, ro eno xyxe . Annca moxer saxorert orka-
sartcx or konrpakra, rak kak on nonncan nmecro nee uenonekom, ykpanmnm y nee knmu . Ecnn cncrema aer rakym
nosmoxnocrt, ro kro yrono cmoxer orkasartcx or konrpakra, yrnepxax, uro ero knmu tn ckomnpomernponan
nepe nonncannem. Bonpoc onxen trt pemen apnrpom.
3ro ceptesnax nponema nokastnaer, kak onacno nx Annct cnxstnart cnom nnunocrt c enncrnenntm kn m-
uom. hyume, urot y Annct tnn pasnnunte knmun nx pasnnuntx npnnoxennn - rouno rakxe, kak ona epxnr n
cnoem kapmane |nsnueckne knmun nx pasnnuntx samkon . pyrne pemennx +ron nponemt nknmuamr nomerp n-
ueckne nsmepennx, orpannuennx nosmoxnocren ncnontsonannx knmua, saepxkn npemenn n nropax nonnct .
3rn nponeypt n pekomenannn nanepnxka ne onrnmantnt, no +ro nyumee, uro mt moxem noconeronart . Mo-
pant - samnmanre knmun, n cnntnee ncero samnmanre sakptrte knmun .
8.10 Bpeun nsnn knmue
Hn onn knmu mn|ponannx nentsx ncnontsonart eckoneuno . Bpemx ero encrnnx onxno ncrekart anromar n-
ueckn, nopono nacnopram n nnnensnxm. Bor neckontko npnunn +roro:
uem ontme ncnontsyercx knmu, rem ontme nepoxrnocrt ero komnpomerannn . hmn sannctnamr knmun n
repxmr nx. Hponcxoxr necuacrnte cnyuan. Ecnn nt ncnontsyere knmu n reuenne roa, ro nepoxrnocrt ero
komnpomerannn ropaso ntme, uem ecnn t nt ncnontsonann ero rontko onn ent .
uem ontme ncnontsyercx knmu, rem ontme norepn npn komnpomerannn knmua . Ecnn knmu ncnontsyercx
rontko nx mn|ponannx onoro |nnanconoro okymenra na |ann-cepnepe , ro norepx knmua osnauaer kom-
npomerannm rontko +roro okymenra. Ecnn ror xe camtn knmu ncnontsyercx nx mn|ponannx ncen |nna n-
conon nn|opmannn na |ann-cepnepe, ro ero norepx ropaso onee paspymnrentna .
uem ontme ncnontsyercx knmu, rem ontme conasn npnnoxnrt neoxonmte ycnnnx nx ero nckptrnx -
axe rpyon cnnon. Bckptrne knmua, ncnontsyemoro n reuenne nx nx cnxsn mexy nymx nonncknmn
nopasenennxmn, nosnonnr unrart coomennx, koroptmn omennnamrcx nopasenennx, n cosanart no -
entnte. Bckptrne knmua, ncnontsyemoro n reuenne roa ncen noennon komannon crpykrypon, nosnonnno
t nsnommnky n reuenne roa unrart nce coomennx, nnpkynnpymmne n +ron cncreme no ncemy mnpy, n
noentnart nx. B namem mnpe sakonunnmencx xonontn nonnt kakon knmu ntpann t nx nckptrnx
nt?
Otuno namnoro nerue npononrt kpnnroananns, nmex mnoro mn|porekcron, mn|ponanntx onnm n rem
xe knmuom.
nx nmoro kpnnrorpa|nueckoro npnnoxennx neoxonma crparernx, onpeenxmmax onycrnmoe npemx xn s-
nn knmua. V pasnnuntx knmuen moryr trt pasnnunte npemena xnsnn . nx cncrem c ycranonnennem coennennx,
raknx kak rene|on, nmeer cmtcn ncnontsonart knmu rontko n reuenne rene|onnoro pasronopa, a nx nonoro pa s-
ronopa - ncnontsonart nontn knmu.
nx cncrem, ncnontsymmnx cnennannsnponannte kanant cnxsn, nce ne rak ouennno . V knmuen onxno trt
ornocnrentno koporkoe npemx xnsnn, n sanncnmocrn or snaunmocrn anntx n konnuecrna anntx, samn|pona n-
ntx n reuenne saannoro nepnoa. Knmu nx kanana cnxsn co ckopocrtm nepeaun 1 Inranr n cekyny nosmoxno
npnercx menxrt ropaso uame, uem nx moemnoro kanana 9600 nr/c. Ecnn cymecrnyer +||ekrnnntn mero ne-
peaun nontx knmuen, ceanconte knmun onxnt menxrtcx xorx t exenenno .
Knmun mn|ponannx knmuen rak uacro menxrt ne nyxno . Onn ncnontsymrcx peko (npnnnsnrentno pas n
ent) nx omena knmuamn. Hpn +rom mn|porekcra nx kpnnroanannrnka opasyercx nemnoro, a y coornercrny m-
mero orkptroro rekcra ner onpeenennon |opmt. Onako, ecnn knmu mn|ponannx knmuen ckomnpomernponan,
norennnantnte norepn upesntuannt: ncx nn|opmannx, samn|ponannax knmuamn, samn|ponanntmn knmuom
mn|ponannx knmuen. B nekoroptx npnnoxennxx knmun mn|ponannx knmuen samenxmrcx rontko pas n mecxn nnn
axe pas n ro. Bam npnercx kak-ro ypannonecnrt onacnocrt, cnxsannym c ncnontsonannem onoro n roro xe
knmua, n onacnocrt, cnxsannym c nepeauen nonoro knmua .
Knmun mn|ponannx, ncnontsyemte npn mn|ponannn |annon anntx nx nnrentnoro xpanennx, nentsx m e-
nxrt uacro. uannt moryr xpannrtcx na ncke samn|ponanntmn mecxnamn nnn roamn, npexe uem onn komy-
nnyt cnona nonaoxrcx. Exenennoe emn|pnponanne n nonropnoe mn|ponanne nontm knmuom nnkak ne n o-
ntcnr esonacnocrt, npocro kpnnroanannrnk nonyunr ontme marepnana nx paort . Pemennem moxer nocny-
xnrt mn|ponanne kaxoro |anna ynnkantntm knmuom n nocneymmee mn|ponanne knmuen |annon knmuom
mn|ponannx knmuen. Knmu mn|ponannx knmuen onxen trt nno sanomnen, nno coxpanen n esonacnom me c-
re, moxer trt re-nnyt n cen|e. Koneuno xe, norepx +roro knmua osnauaer norepm ncex nnnnnyantntx
|annontx knmuen.
Bpemx xnsnn sakptrtx knmuen nx npnnoxennn kpnnrorpa|nn c orkptrtmn knmuamn sanncnr or npnnox e-
nnx. 3akptrte knmun nx nn|pontx nonncen n nenrn|nkannn moryr ncnontsonartcx roamn (axe n reuenne
uenoneueckon xnsnn). 3akptrte knmun nx nporokonon pocannx monert moryr trt ynnuroxent cpasy xe n o-
cne sanepmennx nporokona. axe ecnn cunraercx, uro npemx esonacnocrn knmua npnmepno panno uenoneueckon
xnsnn, naropasymnee menxrt knmu kaxym napy ner. Bo mnornx uerxx sakptrte knmun ncnontsymrcx rontko
na roa, sarem nontsonarent onxen nonyunrt nontn sakptrtn knmu . Craptn knmu, rem ne menee, onxen xpa-
nnrtcx n cekpere na cnyuan, kora nontsonarenm yer nyxno nornepnrt nonnct, cenannym no npemx enc r-
nnx craporo knmua. Ho nx nonncannx nontx okymenron onxen ncnontsonartcx nontn knmu. Takax cxema n o-
snonnr ymentmnrt konnuecrno okymenron, koropoe kpnnroanannrnk cmoxer ncnontsonart nx nckptrnx .
8.11 Paspymenne knmue
Hpnnnmax no nnnmanne, uro knmun onxnt perynxpno menxrtcx, crapte knmun neoxonmo ynnuroxart.
Crapte knmun nmemr onpeenennoe snauenne, axe ecnn onn nnkora ontme ne ncnontsymrcx. C nx nomomtm
npar cmoxer npounrart crapte coomennx, samn|ponannte +rnmn knmuamn |65].
Knmun onxnt ynnuroxartcx naexno (cm. pasen 10.9). Ecnn knmu sanncan na ymaxke, ymaxky nyxno
paspesart n cxeut. Hontsynrect kauecrnenntmn ynnuroxnrenxmn ymarn, ptnok sanonnen e|ekrntmn ycrpo n-
crnamn. Anropnrmt, onncannte n +ron knnre, naexno npornnocroxr nckptrnm rpyon cnnon, croxmemy mnnnn o-
nt onnapon n rpeymmemy mnnnnonon ner . Ecnn npar cmoxer packptrt nam knmu, otn nnoxo nsmentuennte
okymenrt ns namero mycopnnka n nanxn cornm espaorntx n kakon-nnyt orcranon crpane sa 10 nenron n uac
cknennart nmecre kycoukn paspesanntx crpannn, on ntrono nnoxnr napy ecxrkon rtcxu onnapon .
Ecnn knmu - +ro mnkpocxema EEPROM, ro knmu neoxonmo nepenncart neckontko pas . Ecnn knmu - +ro mnk-
pocxema EPROM nnn PROM, ro ona onxna trt crepra n nopomok n pasnexna no nce cropont . Ecnn knmu xpa-
nnrcx na ncke komntmrepa, encrnnrentnte nrt coornercrnymmero yuacrka namxrn onxnt trt nepenncant
neckontko pas (cm. pasen 10.9) nnn nck onxen trt ynnuroxen.
Bosmoxnax nponema cocronr n rom, uro n komntmrepe knmun moryr trt nerko ckonnponant n coxpanent no
mnoxecrne mecr. hmon komntmrep, peannsymmnn kakym-nno cxemy ynpannennx namxrtm, nocroxnno ntrpyx a-
er nporpammt ns namxrn n sarpyxaer nx oparno, ycyrynxx nponemy . Cnocoa rapanrnponart naexnoe ynnu-
roxenne knmua n komntmrepe ne cymecrnyer, ocoenno kora nponecc ynnuroxennx konrponnpyercx onepanno n-
non cncremon komntmrepa. Camtm osaouenntm neoxonmo ncnontsonart cnennantnym nporpammy, koropax na
|nsnueckom yponne nckana t na ncke konnm knmua axe n nencnontsyemtx nokax n sarem crnpana t coo r-
nercrnymmne nokn. He satnanre rakxe crnpart nce npemenntx |annon .
8.12 Ynpannenne o1kpm1mun knmuaun
Kpnnrorpa|nx c orkptrtmn knmuamn ynpomaer ynpannenne knmuamn, no y nee ecrt cnon cocrnennte np o-
nemt. V kaxoro aonenra, nesanncnmo or uncna nmen n cern, ecrt rontko onn orkptrtn knmu . Ecnn Annca
saxouer ornpannrt Foy coomenne, en npnercx re-ro nanrn orkptrtn knmu Foa. Ona moxer encrnonart ne-
ckontknmn cnocoamn:
Honyunrt knmu or Foa.
Honyunrt ero ns nenrpannsonannon ast anntx .
Honyunrt ero ns cnoen nnunon ast anntx.
B pasene 2.5 ocyxamrcx nosmoxnte cnocot nckptrnx kpnnrorpa|nn c orkptrtmn knmuamn , ocnonanntx
na nomene knmua Foa knmuom M+nnopn. Hcnontsyercx cneymmnn cnenapnn: nycrt Annca xouer nocnart c o-
omenne Foy. Ona opamaercx k ase anntx orkptrtx knmuen n nonyuaer orkptrtn knmu Foa . Ho nontn
M+nnopn nomenxer knmu Foa cnonm cocrnenntm. (Ecnn Annca sanpamnnaer knmu nenocpecrnenno y Foa,
M+nnopn nx ycnemnon noment npnercx nepexnarnrt knmu Foa npn nepeaue .) Annca mn|pyer coomenne
knmuom M+nnopn n ornpannxer ero Foy. M+nnopn nepexnartnaer coomenne, pacmn|pontnaer n unraer ero .
3arem mn|pyer orkptrtm knmuom Foa n ornpannxer no nasnauennm. Hn Fo, nn Annca nn o uem ne oratn a-
mrcx.
3aeepeuume omrpmmme rumuu
3anepennmu o1xpm1mu xnmuou, nnn ceprn|nkarom, xnnxercx uen-ro orkptrtn knmu, nonncanntn sacn y-
xnnammnm onepnx nnnom. 3anepennte knmun ncnontsymrcx, urot nomemart nontrkam noment knmua |879].
3anepenntn knmu Foa n ase anntx orkptrtx knmuen cocronr ne rontko ns orkptroro knmua Foa . On coep-
xnr nn|opmannm o Foe - ero nmx, apec, n r.. - n nonncan kem-ro, komy Annca onepxer - Tpenrom (otuno
nsnecrntm kak opran cep1nqnxannn, certification authority, nnn CA). Honncan n knmu, n cneennx o Foe,
Tpenr sanepxer, uro nn|opmannx o Foe npannntna, n orkptrtn knmu npnnanexnr emy . Annca nponepxer no-
nnct Tpenra n sarem ncnontsyer orkptrtn knmu, yennmnct n rom, uro on npnnanexnr Foy n nnkomy
pyromy. 3anepennte knmun nrpamr naxnym pont no mnornx nporokonax c orkptrtmn knmuamn, nanpnmep, PEM
|825] (cm. pasen 24.10) n X.509 |304] (cm. pasen 24.9).
B raknx cncremax nosnnkaer cnoxnax nponema, ne nmemmax npxmoro ornomennx k kpnnrorpa|nn . Kakon
cmtcn nponeypt sanepennx? Hnn, nnaue ronopx, kro nx koro nmeer nonnomounx ntanart ceprn|nkart? Kro
yrono moxer sanepnr cnoen nonnctm uen yrono orkptrtn knmu, no onxen xe trt kakon-ro cnoco or|nnt r-
ponart nenaexnte ceprn|nkart: nanpnmep, orkptrte knmun corpynnkon komnannn, sanepennte CA pyron
komnannn. Otuno cosaercx nenouka nepeaun onepnx : onn naexntn opran sanepxer orkptrte knmun on e-
penntx arenron, re ceprn|nnnpymr CA komnannn, a CA komnannn sanepxmr orkptrte knmun cnonx paornnkon .
Bor eme nonpoct, na koroptmn cronr noymart :
Kakon yponent onepnx k uten-ro nnunocrn oecneunnaer ceprn|nkar ?
Kakont nsanmoornomennx mexy uenonekom n CA, sanepxmmnm ero orkptrtn knmu, n kak +rn ornomennx
orpaxamrcx n ceprn|nkare?
Komy moxno onepnrt trt "onnm naexntm opranom", nosrnannxmmnm ceprn|nkannonnym nenouky ?
Hackontko nnnnon moxer trt ceprn|nkannonnax nenouka ?
B neane npexe, uem CA nonnmer ceprn|nkar Foa, Foy nyxno nponrn onpeenennym nponeypy anrop n-
sannn. Kpome roro, nx samnrt or ckomnpomernponanntx knmuen naxno ncnontsonart kakne-nnyt merkn np e-
menn nnn npnsnakn cpoka encrnnx ceprn|nkara |461].
Hcnontsonanne merok npemenn neocrarouno. Knmun moryr crart nenpannntntmn saonro o ncreuennx nx
cpoka nno ns-sa komnpomerannn, nno no kaknm-ro amnnncrparnnntm npnunnam . Cneonarentno, naxno, urot
CA xpannn cnncok nenpannntntx sanepenntx knmuen, a nontsonarenn perynxpno cnepxnnct t c +rnm cnnckom .
3ra nponema orment knmuen nce eme rpyna nx pemennx .
K romy xe, onon napt orkptrtn knmu/sakptrtn knmu neocrarouno . Koneuno xe, n nmax xopomax peann-
sannx kpnnrorpa|nn c orkptrtmn knmuamn onxna ncnontsonart pasnte knmun nx mn|ponannx n nx nn|p o-
ntx nonncen. Takoe pasenenne paspemaer pasnnunte 3ro pasenenne yunrtnaer pasnnunte yponnn samnrt,
cpokn encrnnx, nponeypt pesepnnponannx, n rak anee . Kro-ro moxer nonnctnart coomennx 2048-nrontm
knmuom, koroptn xpannrcx na nnrennekryantnon kaprouke n encrnyer nanart ner, a kro-ro moxer ncnonts o-
nart nx mn|ponannx 768-nrontn knmu, koroptn xpannrcx n komntmrepe n encrnyer mecrt mecxnen .
Onako, onon napt nx mn|ponannx n onon nx nonncn rakxe neocrarouno . 3akptrtn knmu moxer nen-
rn|nnnponart pont uenoneka rakxe, kak n nnunocrt, a y nmen moxer trt neckontko ponen . Annca moxer xorert
nonncart onn okymenr kak nnuno Annca, pyron - kak Annca, nnne-npesnenr Monolith, Inc., a rpernn - kak
Annca, rnana cnoen omnnt. Hekoropte ns +rnx knmuen nmemr ontmee snauenne, uem pyrne, no+romy onn
onxnt trt nyume samnment. Annce moxer norpeonartcx xpannrt pesepnnym konnm cnoero paouero knmua y
corpynnka orena esonacnocrn, a ona ne xouer, urot y komnannn tna konnx knmua, koroptm ona nonncana
saknanym. Annca conpaercx nontsonartcx neckontknmn kpnnrorpa|nuecknmn knmuamn rouno rakxe, kak ona
ncnontsyer cnxsky knmuen ns cnoero kapmana .
Pacnpeeueuuoe ynpaeueuue rumuau
B nekoroptx cnyuaxx rakon cnoco nenrpannsonannoro ynpannennx knmuamn paorart ne yer . Bosmoxno, ne
cymecrnyer rakoro CA, koropomy onepxnn t Annca n Fo. Bosmoxno, Annca n Fo onepxmr rontko cnonm
pystxm. Bosmoxno, Annca n Fo nnkomy ne onepxmr.
Pacnpeenennoe ynpannenne knmuamn, ncnontsyemoe n PGP (cm. pasen 24.12), pemaer +ry nponemy c nomo-
mtm nopyunrenen. Hopyunrenn - +ro nontsonarenn cncremt, koropte nonnctnamr orkptrte knmun cnonx py-
sen. Hanpnmep, kora Fo cosaer cnon orkptrtn knmu, on nepeaer konnn knmua cnonm pystxm - K+pon n + n-
ny. Onn snamr Foa, no+romy kaxtn ns nnx nonnctnaer knmu Foa n ntaer Foy konnm cnoen nonncn . Te-
nept, kora Fo npexnnxer cnon knmu uyxomy uenoneky, Annce, on npexnnxer ero nmecre c nonncxmn +rnx
nyx nopyunrenen. Ecnn Annca rakxe snaer K+pon n onepxer en, y nee noxnnxercx npnunna nonepnrt n npannn t-
nocrt knmua Foa. Ecnn Annca snaer K+pon n +nna n xort nemnoro onepxer nm, y nee rakxe noxnnxercx npnu n-
na nonepnrt n npannntnocrt knmua Foa. Ecnn ona ne snaer nn K+pon, nn +nna y nee ner npnunn onepxrt knmuy
Foa.
Cnycrx kakoe-ro npemx Fo coeper nonncn ontmero uncna nopyunrenen . Ecnn Annca n Fo npamamrcx n
onnx kpyrax, ro c ontmon nepoxrnocrtm Annca yer snart onoro ns nopyunrenen Foa . nx npeornpamennx
noment M+nnopn onoro knmua pyrnm nopyunrent onxen trt ynepen, npexe uem nonnctnart knmu, uro
+ror knmu npnnanexnr nmenno Foy. Moxer trt, nopyunrent norpeyer nepeaun knmua npn nnunon ncrpeue
nnn no rene|ony.
Btroa +roro mexannsma - n orcyrcrnnn CA, koropomy kaxtn onxen onepxrt. A orpnnarentnon croponon
xnnxercx orcyrcrnne rapanrnn roro, uro Annca, nonyunnmax orkptrtn knmu Foa, snaer koro-ro ns nopyunrenen,
n, cneonarentno, ner rapanrnn, uro ona nonepnr n npannntnocrt knmua .
Fnana 9
Tnnm anropn1uon n kpnn1orpaqnueckne penum
Cymecrnyer na ocnonntx rnna cnmmerpnuntx anropnrmon : nounte mn|pt n norokonte mn|pt. Bnounme
mnqpm paoramr c nokamn orkptroro rekcra n mn|porekcra - otuno nnnon 64 nra, no nnora nnnnee. Ho-
1oxonme mnqpm paoramr c nrontmn nnn anrontmn norokamn orkptroro rekcra n mn|porekcra (nnora a-
xe c norokamn 32-nrntx cnon). Fnountn mn|p, ncnontsymmnn onn n ror xe knmu, npn mn|ponannn ncera
npenpamaer onn n ror xe nok orkptroro rekcra n onn n ror xe nok mn|porekcra . Horokontn mn|p npn kax-
om mn|ponannn npenpamaer onn n ror xe nr nnn anr orkptroro rekcra n pasnnunte nrt nnn anrt mn |-
porekcra.
Kpnnrorpa|nuecknn peanu otuno oennxer asontn mn|p, kakym-ro oparnym cnxst n px npocrtx one-
pannn. Onepannn npocrt, noromy uro esonacnocrt xnnxercx |ynknnen ncnontsyemoro mn|pa, a ne pexnma . Fo-
nee roro, pexnm mn|pa ne onxen komnpomernponart esonacnocrt ncnontsyemoro anropnrma .
Cymecrnymr n pyrne coopaxennx esonacnocrn: onxna trt ckptra crpykrypa orkptroro rekcra , onxen
trt panomnsnponan nno mn|pa, onxno trt sarpyneno mannnynnponanne orkptrtm rekcrom nocpecrnom
nnoa omnok n mn|porekcr, onxno trt nosmoxno mn|ponanne neckontknx coomennn onnm knmuom . Bce
+ro yer nopono paccmarpnnartcx n cneymmnx pasenax.
pyrnm naxntm coopaxennem xnnxercx +||ekrnnnocrt . Ho +||ekrnnnocrn pexnm ne moxer trt cnntno
xyxe ncnontsyemoro anropnrma. B nekoroptx ocroxrentcrnax naxno, urot pasmep mn|porekcra connaan c
pasmepom orkptroro rekcra.
Tpertnm coopaxennem xnnxercx ycronunnocrt k coxm. nx pxa npnnoxennn rpeyercx pacnapannennnart
mn|ponanne nnn emn|pnponanne, a pyrnm nyxna nosmoxnocrt ntnonnnrt kak moxno ontmym
npeopaorky. B rpertnx naxno, urot nponecc emn|pnponannx ymen ncnpannxrt con nron n noroke mn|p o-
rekcra, a rakxe tn ycronunn k norepe n oannennm nron . Kak yer nokasano, pasnnunte pexnmt onaamr
pasnnuntmn nomnoxecrnamn +rnx xapakrepncrnk.
9.1 Penu anek1ponno mnqponanuno knnrn
Pexnm +nex1ponnon mnqponannnon xnnrn (electronic codebook, ECB) - +ro nanonee ouennntn cnoco nc-
nontsonart nountn mn|p: nok orkptroro rekcra samenxercx nokom mn|porekcra . Tak kak onn n ror xe nok
orkptroro rekcra samenxercx onnm n rem xe nokom mn|porekcra, ro reopernueckn nosmoxno cosart mn|p o-
nantnym knnry nokon orkptroro rekcra n coornercrnymmnx mn|porekcron . Onako, ecnn pasmep noka - 64 n-
ra, ro koonax knnra yer cocroxrt ns 2
64
sanncen - cnnmkom mnoro nx npenapnrentnoro ntuncnennx n xpan e-
nnx. H ne satnanre, nx kaxoro knmua nonaonrcx orentnax mn|ponantnax knnra .
3ro camtn nerknn pexnm paort. Bce nokn orkptroro rekcra mn|pymrcx nesanncnmo . Her neoxonmocrn n
nocneonarentnom mn|ponannn |anna, moxno samn|ponart cnauana 10 nokon ns cepennt rekcra, sarem n o-
cnenne nokn, n nakonen, nepnte. 3ro naxno nx mn|ponanntx |annon c nponsnontntm ocrynom, nanpnmep,
nx as anntx. Ecnn asa anntx samn|ponana n pexnme ECB, ro nmax sannct moxer trt oannena, yane-
na , samn|ponana nnn pacmn|ponana nesanncnmo or nmon pyron sanncn ( npn ycnonnn, uro kaxax sannct c o-
cronr ns nenoro uncna nokon mn|ponannx) . Kpome roro, opaorka moxer trt pacnapannenena, ecnn ncnonts y-
mrcx neckontko mn|ponantntx nponeccopon, onn moryr nesanncnmo pyr or pyra mn|ponart nnn emn|pnp o-
nart pasnnunte nokn.
Hponemon pexnma ECB xnnxercx ro, uro ecnn y kpnnroanannrnka ecrt orkptrtn rekcr n mn|porekcr nx n e-
ckontknx coomennn, on moxer nauart cocrannxrt mn|ponantnym knnry, ne snax knmua . B ontmnncrne peant-
ntx cnryannn |parmenrt coomennn nmemr renennnm nonropxrtcx . B pasnnuntx coomennxx moryr trt on-
nakonte nronte nocneonarentnocrn. V coomennn, koropte noono +nekrponnon noure cosamrcx komntmr e-
pom, moxer trt perynxpnax crpykrypa. Coomennx moryr nmert ntcokym crenent nstrounocrn nnn coepxart
nnnnte crpokn nynen nnn npoenon.
Ecnn kpnnroanannrnk snaer, uro nok orkptroro rekcra "5e081bc5" npn mn|ponannn npenpamaercx n nok
mn|porekcra "7ea593a4," ro on moxer mrnonenno pacmn|ponart +ror nok mn|porekcra, n kakom-t pyrom c o-
omennn on ne noxnnncx. Ecnn n mn|ponannom coomennn mnoro nonropon, koropte nmemr renennnm sannmart
onnakonoe mecro n pasnnuntx coomennxx, kpnnroanannrnk moxer nonyunrt mnoro nn|opmannn . On moxer
nontrartcx crarncrnueckn nckptrt ncnontsyemtn orkptrtn rekcr, nesanncnmo or cnnt nounoro mn|pa .
Ocoenno yxsnnmt nauano n okonuanne coomennn, re naxonrcx nn|opmannx o ornpannrene, nonyuarene
are n r.. 3ra nponema nnora nastnaercx c1anap1nmun sarononxaun n c1anap1nmun oxonuannuun.
Honoxnrentnon croponon xnnxercx nosmoxnocrt mn|ponart neckontko coomennn onnm knmuom es cnnx e-
nnx esonacnocrn. Ho cyrn, kaxtn nok moxno paccmarpnnart kak orentnoe coomenne, mn|ponannoe rem xe
camtm knmuom. Hpn emn|pnponannn nronte omnkn n mn|porekcre npnnoxr k nenpannntnomy emn|pnp o-
nannm coornercrnymmero noka orkptroro rekcra, no ne nnnxer na ocrantnon orkptrtn rekcr . Onako, ecnn nr
mn|porekcra cnyuanno norepxn nnn oannen, ro nect nocneymmnn mn|porekcr yer pacmn|ponan nenp a-
nnntno, ecnn nx ntpannnnannx rpannn nokon ne ncnontsyercx kakax-nnyt kaponax crpykrypa .
Hauera
Fontmnncrno coomennn rouno ne enxrcx na 64-nrnte (nnn nmoro pyroro pasmepa) nokn mn|ponannx, n
konne otuno okastnaercx ykopouenntn nok . ECB rpeyer ncnontsonart 64-nrnte nokn. Cnocoom pemennx
+ron nponemt xnnxercx nannxa.
Hocnennn nok ononnxercx (nannaercx) nekoroptm perynxpntm manonom - nynxmn, ennnnamn, uep e-
ymmnmncx nynxmn n ennnnamn - nx nonyuennx nonnoro noka . Hpn neoxonmocrn yannrt nannky nocne
emn|pnponannx sannmnre konnuecrno anron nannkn n nocnennn anr nocnenero noka . Hanpnmep, nycrt
pasmep noka - 64 nra, n nocnennn nok cocronr ns 3 anron (24 nr) . nx ononnennx noka o 64 nr rpey-
ercx nxrt anron, oantre uertpe anra nynen n nocnennn anr c uncnom 5. Hocne emn|pnponannx yannre
nocnenne 5 anron nocnenero pacmn|ponannoro noka . urot +ror mero paoran npannntno, kaxoe coome-
nne onxno trt ononneno. axe ecnn orkptrtn rekcr coepxnr nenoe uncno nokon, nam npnercx oannrt
onn nonntn nok. C pyron cropont, moxno ncnontsonart cnmnon konna |anna nx oosnauennx nocnenero
anra orkptroro rekcra n ononnnrt +ror cnmnon er.
Ha 8-n nokasan pyron napnanr, nastnaemtn noxnmenneu mnqpo1exc1a |402]. P
n-1
- nocnennn nonntn
nok orkptroro rekcra, a P
n
- nocnennn, koporknn nok orkptroro rekcra . C
n-1
- nocnennn nonntn nok mn|po-
rekcra, n C
n
- nocnennn, koporknn nok mn|porekcra. C - +ro npomexyrountn pesyntrar, ne xnnxmmnncx u a-
crtm nepeannoro mn|porekcra.
E
k
P
n-1
C' C
n
E
k
C
n-1
C' P
n
D
k
C
n-1
C' P
n
D
k
P
n-1
C' C
n
emuqpupoeauue Luqpoeauue
Pnc. 9-1. Hoxnmenne mnqpo1exc1a.
9.2 Don1op noka
Fonee ceptesnon nponemon pexnma ECB xnnxercx ro, uro npar moxer nsmennrt mn|ponannte coomennx, ne
snax knmua nnn axe anropnrma, urot omanyrt npenonaraemoro nonyuarenx . Bnepnte +ra nponemt tna
paccmorpena n |291].
nx nnnmcrpannn +ron nponemt paccmorpnm cncremy nepeaun ener, koropax nepenonr entrn ns anka n
ank. urot onerunrt xnsnt ankoncknx komntmrepon , ankn cornaconann npnmepno cneymmnn cranaprntn
|opmar coomennx nx nepeaun ener :
Banx 1: Hepezaua 1.5 noxa
Banx 2: Hpwem 1.5 noxa
Umn sxnazuwxa 6 noxos
Cuei sxnazuwxa 2 noxa
Cymma sxnaza 1 nox
Fnok coornercrnyer 8-anrnomy noky mn|ponannx. Coomennx mn|pymrcx c nomomtm nekoroporo nounoro
anropnrma n pexnme ECB.
M+nnopn, koroptn nocnymnnaer nnnnm cnxsn mexy ankamn, ankom Annct n ankom Foa, moxer ncnon t-
sonart +ry nn|opmannm nx ooramennx. Cnauana, on nporpammnpyer cnon komntmrep nx sanncn ncex mn|p o-
nanntx coomennn ns anka Annct n ank Foa . 3arem, on nepenonr $100 ns anka Annct na cnon cuer n ank
Foa. Hosxe, on nonropxer +ry onepannm eme pas. C nomomtm cnoero komntmrepa on nponepxer sanncannte c o-
omennx, pastcknnax napy nenrnuntx coomennn . 3rnmn coomennxmn xnnxmrcx re coomennx, koroptmn on
nepenonr $100 na cnon cuer. Ecnn on naxonr neckontko nap onnakontx coomennn (uro ontme noxoxe na
peantnym xnsnt), on enaer eme onn enexntn nepeno n sannctnaer pesyntrar . B konne konnon on cmoxer
ntennrt coomenne, koroptm tn nponeen nmenno ero nepeno .
Tenept on moxer ornpannrt +ro coomenne no kanany cnxsn, kora saxouer . Kaxoe coomenne npnneer k sa-
uncnennm na ero cuer n anke Foa eme $100. Kora oa anka cnepxr cnon nepenot (nosmoxno n konne nx),
onn onapyxar nepenot-npnspakn, no ecnn M+nnopn ocrarouno ymen, on yxe cexnr n kakym-nnyt anan o-
nym pecnynnky es oronopa o +kcrpannnn, npnxnarnn c coon entrn . H ckopee ncero on ncnontsyer cymmt
neckontko ontme $100 n nponepner onepannm cpasy nx neckontknx ankon .
Ha nepntn nsrnx ankn moryr nerko npeceut +ro, oannxx merkn npemenn k cnonm coomennxm .
Meixa zai-/spemenw 1 nox
Banx 1: Hepezaua 1.5 noxa
Banx 2: Hpwem 1.5 noxa
Umn sxnazuwxa 6 noxos
Cuei sxnazuwxa 2 noxa
Cymma sxnaza 1 nox
B rakon cncreme na nenrnuntx coomennx yyr nerko onapyxent . Tem ne menee, c nomomtm meroa, na-
stnaemoro non1opou noxa, M+nnopn nce xe cmoxer oorarnrtcx. Ha 7-n nokasano, uro M+nnopn moxer copart
nocemt nokon mn|porekcra, coornercrnymmnx ero nmenn n nomepy cuera : nokn c 5 no 12. B +ror momenr ymecr-
no txnontckn paccmexrtcx, net M+nnopn yxe n nonnon roronnocrn .
1 2 3 4 5 6 7 8 9 10 11 12 13
Mefka
epereuu
Eauk
ofnpaeufenu
Eauk
nonyafenu
Hrn
eknapuka
Cef
eknapuka
Cyrra
Horep noka
Hone
Pnc. 9-2. Bnoxn mnqponannu n sanncn npnneennoro npnuepa.
On nepexnartnaer coomennx ns anka Annct n ank Foa n samenxer nokn c 5 no 12 coomennx anramn ,
coornercrnymmnmn ero nmenn n nomepy cuera . 3arem on noctnaer nsmenennte coomennx n ank Foa . Emy ne
nyxno snart, kro tn ornpannrenem ener, emy axe ne nyxno snart nepenonmym cymmy (xorx on moxer cnxsart
nonpannennoe coomenne c coornercrnymmnm ynennuennem cnoero cuera n onpeennrt nokn, coornercrnymmne
onpeenenntm enexntm cymmam). On npocro nsmenxer nmx n nomep cuera na cnon cocrnennte n cnenr sa po c-
rom cnonx oxoon. ( nomnm, uro M+nnopn nao trt ocropoxntm, urot ne mon|nnnponart coomenne o
cnxrnn ener, no npenonoxnm na mnnyrky, uro y +rnx coomennn pyrax nnna nnn nnon ornnunrentntn np n-
snak.)
nx onapyxennx rakoro cnocoa ankam onoro nx ne xnarnr. Kora onn cnepxr cnon nepenot n konne nx,
nce cymmt connayr. Bosmoxno, noka nacroxmnn nknaunk ne samernr, uro ero nknat ne sauncnxmrcx na cuer ,
nnn noka kro-nnyt ne oparnr nnnmanne na neoxnannym akrnnnsannm paort co cuerom M+nnopn, ankn ne
cmoryr samernrt nnkaknx cneon. M+nnopn ne rnyn n k +romy npemenn sakpoer cnon cuer, nsmennr nmx n kynnr
nnnny n Aprenrnne.
Fankn moryr mnnnmnsnponart +ry nponemy, uacro menxx cnon knmun, no +ro osnauaer rontko, uro M+nnopn
npnercx encrnonart notcrpee. Onako, oannenne MAC rakxe pemnr nponemy. Hecmorpx na +ro paccmarpn-
naemax nponema |ynamenrantna nx pexnma ECB. M+nnopn yanxrt, nonropxrt nnn samenxrt nokn no cnoemy
ycmorpennm. Pemennem xnnxercx cnoco, nastnaemtn cnennenneu.
9.3 Penu cuennennn nokon mnqpa
Cnennenne oannxer k nounomy mn|py mexannsm oparnon cnxsn : pesyntrart mn|ponannx npetymnx
nokon nnnxmr na mn|ponanne rekymero noka. pyrnmn cnonamn, kaxtn nok ncnontsyercx nx nsmenennx
mn|ponannx cneymmero noka. Kaxtn nok mn|porekcra sanncnr ne rontko or mn|pyemoro noka orkptroro
rekcra, no n or ncex npetymnx nokon orkptroro rekcra .
B pexnme cnennennu noxon mnqpa (cipher block chaining, CBC) nepe mn|ponannem na orkptrtm rek-
crom n npetymnm nokom mn|porekcra ntnonnxercx onepannx XOR. Ha 6-n (a) nokasano mn|ponanne CBC n
encrnnn. ,Kora nok orkptroro rekcra samn|ponan, nonyuenntn mn|porekcr coxpanxercx n perncrpe oparnon
cnxsn. Hpexe uem yer samn|ponan cneymmnn nok orkptroro rekcra, on nonepraercx onepannn XOR nmecre
c coepxnmtm perncrpa oparnon cnxsn. Taknm opasom cosamrcx nxonte annte nx cneymmero +rana np o-
neypt mn|ponannx. Honyuenntn mn|porekcr cnona coxpanxercx n perncrpe oparnon cnxsn, urot nonep r-
nyrtcx onepannn XOR nmecre co cneymmnm nokom orkptroro rekcra, n rak o konna coomennx . Bn|ponanne
kaxoro noka sanncnr or ncex npetymnx nokon .
emn|pnponanne xnnxercx oparnon onepannen (cm. Eigure 9.3 () ). Fnok mn|porekcra pacmn|pontnaercx
kak otuno, no coxpanxercx n perncrpe oparnon cnxsn . 3arem cneymmnn nok emn|pnpyercx n nonepraercx
onepannn XOR nmecre c coepxnmtm perncrpa oparnon cnxsn. Tenept cneymmnn nok mn|porekcra coxpanx-
ercx n perncrpe oparnon cnxsn, n rak anee, o konna coomennx .
Maremarnueckn +ro ntrnxnr cneymmnm opasom:
C
i
E
K
(P
i
C
i-1
)
P
i
C
i-1
D
K
(C
i
)
Ci-1
Pi-1
E
k
Ci
Pi
E
k
Ci1
Pi1
E
k
Ci-1
Pi-1
D
k
Ci
Pi
D
k
Ci1
Pi1
D
k
emuqpupoeauue +*+ a Luqpoeauue +*+
Pnc. 9-3. Peanu cnennennu noxon mnqpa.
Bermop uuuuuauusauuu
B pexnme CBC onnakonte nokn orkptroro rekcra npn mn|ponannn nepexoxr n pasnnunte nokn mn|p o-
rekcra rontko, ecnn ornnuannct kakne-ro ns npemecrnymmnx nokon orkptroro rekcra . na nenrnuntx coo-
mennx, onako, yyr mn|ponartcx kak onn n ror xe mn|porekcr . uro eme xyxe, na onnakono naunnammnxcx
coomennx yyr mn|ponartcx onnakono, noka ne noxnnrcx nepnoe pasnnune .
V pxa coomennn moxer trt onnakontn sarononok - rema nnctma, crpoka "Erom'' nnn eme uro-nnyt. Xo-
rx nonrop noka yer nenosmoxen, rakoe onnakonoe nauano moxer npeocrannrt kpnnroanannrnky kakym-
nnyt nonesnym nn|opmannm.
Hsexart +roro moxno, mn|pyx n kauecrne nepnoro noka kakne-ro cnyuannte annte . 3ror nok cnyuanntx
anntx nastnaercx nekropom nnnnnannsannn (initialization vector, IV), nnnnnannsnpymmen nepemennon nnn na-
uantntm snauennem cnennennx. IV ne nmeer nnkakoro cmtcnonoro snauennx, on ncnontsyercx rontko nx roro,
urot cenart kaxoe coomenne ynnkantntm. Kora nonyuarent pacmn|pontnaer +ror nok, on ncnontrsyer ero
rontko nx sanonnennx perncrpa oparnon cnxsn. Xopomnm IV cnyxnr merka npemenn. Hnn ncnontsynre kakne-
nnyt cnyuannte nrt.
C ncnontsonannem IV coomennx c nenrnuntm orkptrtm rekcrom npn mn|ponannn nepexoxr n coomennx
c pasnnuntm mn|porekcrom. Cneonarentno, snoymtmnennnk ne cmoxer npenpnnxrt nonrop noka, n sarpy -
nnrcx cosanne mn|ponantnon knnrn. Xorx pekomenyercx nx kaxoro coomennx, mn|pyemoro onnm n rem xe
knmuom, ntnpart ynnkantntn IV, +ro rpeonanne ne xnnxercx oxsarentntm.
IV ne onxen xpannrtcx n cekpere, on moxer nepeanartcx orkptro nmecre c mn|porekcrom . Ecnn nt ne no-
nnmaere nouemy, paccmorpnre cneymmnn ono . Hycrt name coomenne cocronr ns neckontknx nokon : B
1
, B
2
,
..., B
E
. B
1
mn|pyercx nmecre c IV. B
2
mn|pyercx c ncnontsonannem mn|porekcra B
1
n ponn IV. B
3
mn|pyercx c
ncnontsonannem mn|porekcra B
2
n ponn IV, n rak anee. Hrak, ecnn konnuecrno nokon - n, ro n-1 "nekropon nnn-
nnannsannn" orkptrt, axe ecnn nepnonauantntn IV xpannrcx n cekpere. Ho+romy npnunn xpannrt n cekpere IV
ner, IV - +ro npocro nok-sarnymka, moxno cunrart ero nynentm nokom cnennennx B
0
.
Hauera
Hannka ncnontsyercx rakxe, kak n n pexnme ECB, no n nekoroptx npnnoxennxx pasmep mn|porekcr onxen
n rounocrn connaart c pasmepom orkptroro rekcra . Moxer trt, samn|ponanntn |ann onxen sanxrt n roun o-
crn ror xe oem namxrn, uro n |ann orkptroro rekcra . B +rom cnyuae nocnennn koporknn nok npnercx mn |-
ponart nnaue. Hycrt nocnennn nok cocronr ns l nron. 3amn|ponan nocnennn nonntn nok, cnona samn|pynre
mn|porekcr, ntepnre crapmne l nron n ntnonnnre nx nnx n koporkoro noka onepannm XOR, cosanax mn|-
porekcr. 3ra nponeypa nokasana na 5-n.
Cn-2
Pn-2
E
k
Cn-1
Pn-1
E
k
E
k
C (j nron nnnon)
P (j nron nnnon)
BLpafu
neeLe
j ufoe
Pnc. 9-4. Hnqponanne xopo1xoro nocnenero noxa n peanue +*C.
Cnaocrt +roro cnocoa n rom, uro xorx M+nnopn ne cmoxer packptrt nocnennn nok mn|porekcra, on m o-
xer cncremarnueckn nsmenxrt ero, menxx orentnte nrt mn|porekcra . Ecnn nocnenne neckontko nron mn|-
porekcra coepxar naxnym nn|opmannm, +ro onacno. Ecnn nocnenne nrt npocro coepxar coner no omono -
crny, ro nnuero crpamnoro.
hyumnm cnocoom xnnxercx noxnmenne mn|porekcra (cm. 4th) |402]. P
n-1
- nocnennn nonntn nok orkptroro
rekcra, P
n
- saknmunrentntn, koporknn nok orkptroro rekcra . C
n-1
- nocnennn nonntn nok mn|porekcra, C
n
-
saknmunrentntn, koporknn nok mn|porekcra . C - +ro npocro npomexyrountn pesyntrar, ne xnnxmmnncx u a-
crtm nepeannoro mn|porekcra. Hpenmymecrnom +roro meroa xnnxercx ro, uro nce nrt orkptroro rekcra coo -
mennx npoxoxr uepes anropnrm mn|ponannx .
E
k
P
n-1
C' C
n
E
k
C
n-1
P
n
D
k
C
n-1
C' P
n
D
k
P
n-1
C' C
n
C
n-
n
Pnc. 9-5. Hoxnmenne mnqpo1exc1a n peanue +*C.
Pacnpocmpaueuue ouuru
Pexnm CBC xapakrepnsyercx npuuon opa1non cnusnm mn|porekcra npn mn|ponannn n nnnepcnon opa1-
non cnusnm mn|porekcra npn emn|pnponannn. Hpn +rom npnnoxennx onxnt ymert oportcx c omnkamn .
Enncrnennax nronax omnka n noke orkptroro rekcra nonnnxer na anntn nok mn|porekcra n nce nocn e-
ymmne nokn mn|porekcra. 3ro ne naxno, noromy uro emn|pnponanne nnneprnpyer +ror +||ekr, n noccrano n-
nenntn orkptrtn rekcr yer coepxart ry xe enncrnennym omnky .
uame ncrpeuamrcx omnkn mn|porekcra. Onn nerko noxnnxmrcx ns-sa myma nnnnn nepeaun nnn coen yc r-
poncrn xpanennx. B pexnme CBC omnka onoro nra mn|porekcra nnnxer na onn nok n onn nr noccrano n-
nennoro orkptroro rekcra. Fnok, coornercrnymmnn coepxamemy omnky noky mn|porekcra, nckaxaercx nonn o-
crtm. B cneymmem noke nckaxaercx enncrnenntn nr, naxoxmnncx n ron xe nosnnnn, uro n omnountn nr .
3ro cnoncrno npenpamennx manon omnkn mn|porekcra n ontmym omnky orkptroro rekcra nastnaercx
pacnpoc1panenneu omnxn. 3ro xnnxercx rnanntm neocrarkom. 3ra omnka ne nnnxer na nokn, pacnonoxe n-
nte uepes onn or ncnopuennoro n anee, no+romy pexnm CBC xnnxercx cauonocc1anannnnammnucu. Omnka
nnnxer na na noka, no cncrema npoonxaer paorart npannntno nx ncex nocneymmnx nokon . CBC npecran-
nxer coon npnmep nounoro mn|pa, ncnontsyemoro n camocnnxponnsnpymmencx manepe, no rontko na nokonom
yponne.
Xorx pexnm CBC tcrpo noccranannnnaercx or nronoro cox, on aconmrno ne ycronunn k omnkam cnnxp o-
nnsannn. Ecnn n noroke mn|porekcra repxercx nnn oannxercx nr , ro nonoxenne ncex nocneymmnx nokon
cnnramrcx na onn nr, n na ntxoe emn|pnponannx yer cnnomnon mycop . hmax kpnnrocncrema, ncnont-
symmax pexnm CBC onxna oecneunnart nenocrnocrt nounon crpykrypt nno npn nomomn kapon, nno c o-
xpanxx annte n crpykrypt ns neckontknx nokon.
Bonpocm esonacuocmu
Px nosmoxntx nponem oycnannnnamrcx crpykrypon CBC. Bo nepntx, rak kak nok mn|porekcra ocrarou-
no npocro nnnxer na cneymmnn nok, M+nnopn moxer ranno oannxrt nokn k konny samn|ponannoro coom e-
nnx. Koneuno, npn emn|pnponannn onn npenparxrcx n uenyxy, no n nekoroptx cnryannxx +ro nexenarentno .
Hpn ncnontsonannn CBC nt onxnt crpykrypnponart nam orkptrtn rekcr rak, urot nt snann, re naxox r-
cx konnt coomennn, n mornn onapyxnrt oannenne nnmnnx nokon .
Bo nroptx, M+nnopn moxer nsmennrt nok mn|porekcra, nsmenennx onpeenenntm opasom nokn pacmn |-
ponannoro orkptroro rekcra. Hanpnmep, ecnn M+nnopn nsmennr onn nr mn|porekcra, nect nok yer pacmn |-
ponan nenpannntno, a n cneymmem noke n coornercrnymmen nosnnnn yer nenpannntntn nr . Bosmoxnt cn-
ryannn, kora +ro nexenarentno. Orkptroe coomennx onxno onaart nekoropon nstrounocrtm nnn cpec r-
namn nenrn|nkannn.
Hakonen, xorx crpykrypa orkptroro rekcra macknpyercx cnennennem, crpykrypa ouent nnnntx coomennn nce
panno yer samerna. Hapaokc nx poxennx npeckastnaer, uro nocne 2
m/2
nokon, re m - pasmep noka, noxn-
nxmrcx onnakonte nokn. nx 64-nronoro noka nnna rakoro coomennx npnmepno pannt 32 Ianram . Ho-
onax nponema nosnnkaer rontko nx coomennn nemanentkoro pasmepa .
9.4 Do1okonme mnqpm
Horokonte mn|pt npeopasymr orkptrtn rekcr n mn|porekcr no onomy nry sa onepannm . Hpocrenmax
peannsannx norokonoro mn|pa nokasana na 3-n. Ienepa1op no1oxa xnmuen (nnora nastnaemtn reneparopom c
erymnm knmuom) ntaer norok nron: k
1
, k
2
, k
3
, ..., k
E
. 3ror norok knmuen (nnora nastnaemtn erymnm
knmuom) n norok nron orkptroro rekcra, p
1
, p
2
, p
3
, ..., p
E
, nonepramrcx onepannn "ncknmuammee nnn", n n p e-
syntrare nonyuaercxt norok nron mn|porekcra.
c
i
p
i
k
i
Hpn emn|pnponannn onepannx XOR ntnonnxercx na nramn mn|porekcra n rem xe camtm norokom kn m-
uen nx noccranonnennx nron orkptroro rekcra .
p
i
c
i
k
i
Tak kak
p
i
k
i
k
i
p
i
+ro paoraer npannntno.
Fesonacnocrt cncremt nonnocrtm sanncnr or cnoncrn reneparopa noroka knmuen . Ecnn reneparop noroka knm-
uen ntaer eckoneunym crpoky nynen, mn|porekcr yer connaart c orkptrtm rekcrom, n nce onepannx yer
eccmtcnenna. Ecnn reneparop noroka knmuen ntnnentnaer nonropxmmnncx 16-nrontn manon, anropnrm y-
er xnnxrtcx npocrtm XOR c npenepexnmo manon esonacnocrtm (cm. pasen 1.4). Ecnn reneparop noroka knm-
uen ntnnentnaer eckoneuntn norok cnyuanntx (no nacroxmemy, a ne ncenocnyuanntx - cm. pasen 2.8) nron,
nt nonyuaere onopasontn noknor n neantnym esonacnocrt .
Ha ene esonacnocrt norokonoro mn|pa naxonrcx re-ro mexy npocrtm XOR n onopasontm noknorom.
Ieneparop noroka knmuen cosaer nrontn norok, koroptn noxox na cnyuanntn, no n encrnnrentnocrn ere p-
mnnnponan n moxer trt esomnouno nocnponsneen npn emn|pnponannn . uem nnxe ntxo reneparopa no-
roka knmuen k cnyuannomy, rem ontme npemenn norpeyercx kpnnroanannrnky, urot nsnomart mn|p .
P
i P
i
C
i
emuqpupoeauue Luqpoeauue
OfkpLfL
fekcf
OfkpLfL
fekcf
Luqpofekcf
Hofok knke K
i
Feuepafop
nofoka knke
Hofok knke K
i
Feuepafop
nofoka knke
Pnc. 9-6. Ho1oxonmn mnqp
Onako, ecnn reneparop noroka knmuen npn kaxom nknmuennn cosaer onn n ror xe nrontn norok , ro nc-
nontsymmym ero kpnnrocncremy nsnomart nerpyno . Hokaxem na npnmepe, nouemy +ro rak.
Ecnn k Ene nonan mn|porekcr n coornercrnymmnn orkptrtn rekcr, ro ona, ntnonnxx onepannm XOR na or-
kptrtm rekcrom n mn|porekcrom, packptnaer norok knmuen . Hnn, ecnn y nee ecrt na pasnnuntx mn|porekcra,
samn|ponanntx onnakontm knmuom, ona moxer ntnonnnrt na nnmn onepannm XOR, nonyuax na orkptrtx
rekcra coomennn, na koroptmn ntnonnena onepannx XOR. 3ro nerpyno nsnomart, n sarem ona moxer non y-
unrt norok knmuen, ntnonnxx onepannm XOR na onnm ns orkptrtx rekcron n mn|porekcrom.
Tenept, nepexnarnn nmoe pyroe mn|ponannoe coomenne, ona cmoxer pacmn|ponart ero, ncnontsyx non y-
uenntn norok knmuen. Kpome roro, ona moxer pacmn|ponart n npounrart nmoe ns panee nepexnauenntx coo -
mennn. Kora Ena nonyunr napy orkptrtn rekcr/mn|porekcr, ona cmoxer unrart nce .
Ho+romy nx ncex norokontx mn|pon ncnontsymrcx knmun. Btxo reneparopa noroka knmuen xnnxercx |yn k-
nnen knmua. Tenept, ecnn Ena nonyunr napy orkptrtn rekcr/mn|porekcr , ona cmoxer unrart rontko re coome-
nnx, koropte samn|ponant rem xe knmuom. Hsmennre knmu, n npornnnnky npnercx nauart nce cnauana . Horo-
konte mn|pt ocoenno nonesnt nx mn|ponannx eckoneuntx norokon kommynnkannonnoro rpa|nka, nanp n-
mep, kanana T1, cnxstnammero na komntmrepa.
Ieneparop noroka knmuen cocronr ns rpex ocnonntx uacren (cm. 2nd). Bnyrpennee cocroxnne onnctnaer reky-
mee cocroxnne reneparopa noroka knmuen. na reneparopa noroka knmuen, c onnakontm knmuom n onnakontm
nnyrpennnm cocroxnnem, ntamr onnakonte norokn knmuen. uynknnx ntxoa no nnyrpennemy cocroxnnm rene-
pnpyer nr noroka knmuen. uynknnx cneymmero cocroxnnx no nnyrpennemy cocroxnnm renepnpyer nonoe nny r-
pennee cocroxnne.
K
i
KHK- K
4yukun
eLxopa
4yukun
cnepykero
cocfonuun
Buyfpeuuee
cocfonuue
Pnc. 9-7. Yc1ponc1no renepa1opa no1oxa xnmuen.
9.5 Cauocnnxponnsnpymmnecn no1okonme mnqpm
B cauocnnxponnsnpymmnxcu no1oxonmx mnqpaxkaxtn nr noroka knmuen xnnxercx |ynknnen |nkcnp o-
nannoro uncna npetymnx nron mn|porekcra |1378]. Boennte nastnamr +ror mn|p an1oxnmuou mnqpo1ex-
c1a (ciphertext auto key, CTAK). Ocnonnax nex tna sanarenronana n 1946 |667].
Camocnnxponnsnpymmnncx norokontn mn|p nokasan na 1-n. Bnyrpennee cocroxnne xnnxercx |ynknnen npe-
tymnx n nron mn|porekcra. Kpnnrorpa|nueckn cnoxnon xnnxercx ntxonax |ynknnx, koropax ncnontsyer
nnyrpennee cocroxnne nx renepannn nra noroka knmuen .
P
i
P
i
C
i
K
4yukun
eLxopa
Buyfpeuuee
cocfonuue
4yukun
eLxopa
Buyfpeuuee
cocfonuue
Pnc. 9-8. Cauocnnxponnsnpymmnncu renepa1op no1oxa xnmuen.
Tak kak nnyrpennee cocroxnne nonnocrtm sanncnr or npetymnx n mn|porekcra, emn|pnpymmnn renepa-
rop noroka knmuen anromarnueckn cnnxponnsnpyercx c mn|pymmnm reneparopom noroka knmuen, npnnxn n nron
mn|porekcra.
B nnrennekryantntx peannsannxx +roro pexnma kaxoe coomenne naunnaercx cnyuanntm sarononkom n n-
non n nron. 3ror sarononok mn|pyercx, nepeaercx n sarem pacmn|pontnaercx . Pacmn|ponka yer nenpannnt-
non, no nocne +rnx n nron oa reneparopa noroka knmuen yyr cnnxponnsnponant.
Cnaon croponon camocnnxponnsnpymmerocx norokonoro mn|pa xnnxercx pacnpocrpanenne omnkn . nx ka-
xoro nra mn|porekcra, ncnopuennoro npn nepeaue, emn|pnpymmnn reneparop noroka knmuen ntaer n ne-
npannntntx nron noroka knmuen. Cneonarentno, kaxomy nenpannntnomy nry mn|porekcra coornercrnymr n
omnok n orkptrom rekcre, noka ncnopuenntn nr ne nepecraner nnnxrt na nnyrpennee cocroxnne .
Bonpocm esonacuocmu
Camocnnxponnsnpymmnecx norokonte mn|pt rakxe uyncrnnrentnt k nckptrnm nonropnon nepeauen . Cna-
uana M+nnopn sannctnaer neckontko nron mn|porekcra . 3arem, nosnee, on ncrannxer +ry sannct n rekymnn
rpa|nk. Hocne ntaun nekoropon uenyxn, noka npnnnmammax cropona cnnxponnsnpyercx c ncrannennon sannctm ,
craptn mn|porekcr yer pacmn|ponan kak nopmantntn . V npnnnmammen cropont ner cnocoa ysnart, uro n o-
nyuennte annte xnnxmrcx nonropno nepeanaemon sannctm. Ecnn ne ncnontsymrcx merkn npemenn, M+nnopn
moxer yenrt ank cnona n cnona sauncnxrt entrn na ero cuer , nonropno nepeanax ono n ro xe coomenne
(koneuno, npn ycnonnn, uro knmu ne menxncx ). pyrne cnate mecra +ron cxemt moryr crart samernt npn ouent
uacron nepecnnxponnsannn |408].
9.6 Penu opa1no cnnsn no mnqpy
Fnountn mn|p rakxe moxer trt peannsonant kak camocnnxponnsnpymmnncx norokontn mn|p, rakon p e-
xnm nastnaercx pexnmom oparnon cnxsn no mn|py ( cipher-feedback, CEB). B pexnme CBC mn|ponanne ne mor-
no nauartcx, noka ne nonyuen nentn nok anntx. 3ro cosaer nponemt nx nekoroptx cerentx npnnoxennn .
Hanpnmep, n esonacnon cerenon cpee repmnnan onxen nmert nosmoxnocrt nepeanart rnannomy komntmrepy
kaxtn cnmnon cpasy, kak rontko on nneen. Ecnn annte nyxno opaartnart anramn, pexnm CBC rakxe ne
paoraer.
B pexnme CEB ennnna samn|ponanntx anntx moxer trt mentme pasmepa noka . B cneymmem npnmepe
kaxtn pas mn|pyercx rontko onn cnmnon ASCII (+ro nastnaercx 8-nrontm mn|ponannem), no n uncne 8 ner
nnuero nonmenoro. Bt moxere mn|ponart annte no onomy nry c nomomtm 1-nronoro CEB, xorx ncnontso-
nanne nx enncrnennoro nra nonnoro mn|ponannx nountm mn|pom norpeyer mnoro pecypcon, norokontn
mn|p n +rom cnyuae tn t neen nonyume . (Vmentmenne konnuecrna nnknon nounoro |nntrpa nx nontmennx
ckopocrn ne pekomenyercx |1269].) Moxno rakxe ncnontsonart 64-nrontn CEB, nnn nmon n-nrontn CEB,
re n ontme nnn panno pasmepy noka.
Ha 0-n nokasan 8-nrontn pexnm CEB, paorammnn c 64-nrontm anropnrmom. Fnountn anropnrm n pexnme
CEB paoraer c ouepetm, pasmep koropon panen pasmepy ncnontsyemoro noka . Cnauana ouepet sanonnena IV,
kak n n pexnme CBC. Ouepet mn|pyercx n nx kpannnx nentx noctmn nron pesyntrara ntnonnxercx XOR c
nepntmn 8-nrontm cnmnonom orkptroro rekcra nx nonyuennx nepnoro 8-nronoro cnmnona mn|porekcra. T e-
nept +ror cnmnon nepeaercx. Te xe nocemt nron rakxe nepennramrcx na mecro kpannnx npantx noctmn nron
ouepen, a kpannnmn nentmn nramn cranonxrcx cneymmne nocemt nron . Kpannne nocemt nentx nron orpa-
ctnaercx. Cneymmnn cnmnon orkptroro rekcra mn|pyercx rem xe cnocoom . emn|pnponanne xnnxercx opar-
ntm nponeccom. H mn|pymmen, n emn|pnpymmen croponon nountn anropnrm ncnontsyercx n pexnme mn|p o-
nannx.
Ecnn pasmep noka anropnrma - n, ro -nrontn CEB ntrnxnr cneymmnm opasom (cm. -1-n):
C
i
P
i
E
k
(C
i-1
)
P
i
C
i
E
k
(C
i-1
)
CarL neeL af
CpeuroeL perucfp
c
i p
i
k
i
Luqpoeauue
(a) Luqpoeauue
Knk
CarL neeL af
CpeuroeL perucfp
p
i c
i
) emuqpupoeauue
Knk
k
i
Luqpoeauue
Pnc. 9-9. Peanu 8-n1onon opa1non cnusn no mnqpy.
Pn-1
E
k
Cn-1
Pn
E
k
Cn
Pn1
Cn1
Pnc. 9-10. n1onmn +*. c -n1onmu anropn1uou.
Kak n pexnm CBC, pexnm CEB cnxstnaer nmecre cnmnont orkptroro rekcra rak, uro mn|porekcr sanncnr or
ncero npemecrnymmero orkptroro rekcra.
Bermop uuuuuauusauuu
nx nnnnnannsannn nponecca CEB n kauecrne nxonoro noka anropnrma moxer ncnontsonartcx nekrop nn n-
nnannsannn IV. Kak n n pexnme CBC IV ne nyxno xpannrt n cekpere.
Onako IV onxen trt ynnkantntm. (B ornnune or pexnma CBC, re IV ne oxsan trt ynnkantntm, xorx
+ro n xenarentno.) Ecnn IV n pexnme CEB ne ynnkanen, kpnnroanannrnk moxer packptrt coornercrnymmnn o r-
kptrtn rekcr. IV onxen menxrtcx nx kaxoro coomennx. 3ro moxer trt nocneonarentntn nomep, ynennu n-
nammnncx nx kaxoro nonoro coomennx n ne nonropxmmnncx n reuenne npemenn xnsnn knmua . Ecnn annte
mn|pymrcx c nentm nocneymmero xpanennx, IV moxer trt |ynknnen nnekca, ncnontsyemoro nx noncka a n-
ntx.
Pacnpocmpaueuue ouuru
B pexnme CEB omnka n orkptrom rekcre nnnxer na nect nocneymmnn mn|porekcr, no camoycrpanxercx npn
emn|pnponannn. Iopaso nnrepecnee omnka n mn|porekcre . Hepntm +||ekrom cox nra mn|porekcra xnn x-
ercx con onoro nra orkptroro rekcra. 3arem omnka nonaaer n cnnrontn perncrp, n noka conntn nr ne
ntner ns perncrpa, yer |opmnponartcx nenpannntntn mn|porekcr . B 8-nronom pexnme CEB ns-sa cox
enncrnennoro nra noprxrcx 9 anron pacmn|ponannoro orkptroro rekcra . Horom cncrema noccranannnnaercx, n
nect nocneymmnn mn|porekcr pacmn|pontnaercx npannntno . B omem cnyuan n n-nronom pexnme CEB ona
omnka mn|porekcra nnnxer na emn|pnponanne rekymero n cneymmnx m/n-l nokon, re m - pasmep noka.
Fonee ronkon nponemon, cnxsannon c rakoro poa pacnpocrpanennem omnkn, xnnxercx ro, uro ecnn M+nnopn
snaer orkptrtn rekcr coomennx, on moxer nonrpart nramn annoro noka, sacrannxx nx pacmn|pontnartcx n
nyxnte emy annte. C.eovru nok npn emn|pnponannn npenparnrcx n uenyxy, no npe yxe yer npnunnen.
K romy xe, on moxer, ocranaxct neonapyxenntm, menxrt nocnenne nrt coomennx .
CEB camonoccranannnnaercx n nocne omnok cnnxponnsannn . Omnka nonaaer n cnnrontn perncrp n, noka
ona naxonrcx ram, noprnr 8 anron anntx. CEB npecrannxer coon npnmep nounoro mn|pa, koroptn moxno
ncnontsonart kak camocnnxponnsnpymmnncx norokontn mn|p (na yponne nokon ).
9.7 Cnnxponnme no1okonme mnqpm
B cnnxponnou no1oxonou mnqpe norok knmuen renepnpyercx nesanncnmo or noroka coomennx . Boennte
nastnamr +ror mn|p xnmuenmu an1oxnmuou (Key Auto-Key, KAK). Hpn mn|ponannn reneparop noroka knm-
uen onn sa pyrnm ntaer nrt noroka knmuen. Hpn emn|pnponannn pyron reneparop noroka knmuen onn sa
pyrnm ntaer nenrnunte nrt noroka knmuen. 3ro paoraer, ecnn oa reneparopa cnnxponnsnponant. Ecnn
onn ns nnx nponyckaer onn ns nnknon, nnn ecnn nr mn|porekcra repxercx npn nepeaue , ro nocne omnkn ka-
xtn cnmnon mn|porekcra yer pacmn|ponan nenpannntno .
Ecnn rakoe cnyuaercx, ornpannrent n nonyuarent onxnt nonropno cnnxponnsnponart cnon reneparopt nor o-
ka knmuen npexe, uem moxno yer npoonxnrt paory . uro eme xyxe, onn onxnt ntnonnnrt cnnxponnsannm
rak, urot nn ona uacrt noroka knmuen ne tna nonropena, no+romy ouennnoe pemenne nepenecrn reneparop n
onee pannee cocroxnne ne paoraer.
Honoxnrentnax cropona cnnxponntx |nntrpon - +ro orcyrcrnne pacnpocrpanennx omnok . Ecnn npn nepeaue
nr nsmennr cnoe snauenne, uro namnoro nepoxrnee ero norepn, ro rontko ncnopuenntn nr yer emn|ponan
nenpannntno. Bce npemecrnymmne n nocneymmne nrt ne nsmenxrcx .
Ieneparop onxen ntanart onn n ror xe norok knmuen n nx mn|ponannx, n nx emn|pnponannx, cne o-
narentno, ntxo reneparopa onxen trt npeonpeenen . Ecnn on peannsyercx na koneunom anromare (r.e., ko m-
ntmrepe), nocneonarentnocrt co npemenem nonropnrcx . Takne reneparopt noroka knmuen nastnamrcx nepnon-
uecxnun. 3a ncknmuennem onopasontx noknoron nce reneparopt noroka knmuen xnnxmrcx nepnonuecknmn .
Ieneparop noroka knmuen onxen onaart nnnntm nepnoom, namnoro onee nnnntm, uem konnuecrno n-
ron, ntanaemtx mexy cmenon knmuen. Ecnn nepno mentme, uem pasmep orkptroro rekcra, ro pasnnunte uacrn
orkptroro rekcra yyr samn|ponant onnakontm opasom, uro cnntno ocnanxer esonacnocrt cncremt . Ecnn
kpnnroanannrnky nsnecrna uacrt orkptroro rekcra, on moxer packptrt uacrt noroka knmuen n ncnontsonart ee
nx antnenmero packptrnx orkptroro rekcra . axe ecnn y anannrnka ecrt rontko mn|porekcr , on moxer nt-
nonnnrt XOR na pasenamn, mn|ponanntmn onnakontm norokom knmuen, n nonyunrt XOR coornercrnymmnx
yuacrkon orkptroro rekcra. Hpn +rom ncnontsyemtn anropnrm npenpamaercx n npocron anropnrm XOR c ouent
nnnntm knmuom.
Konkpernax nnna nepnoa sanncnr or npnnoxennx . Ieneparop noroka knmuen, mn|pymmnn nenpeptnntn
kanan T1, yer mn|ponart 2
?
nr n ent. Hepno reneparopa onxen trt na neckontko nopxkon ontme +roro
snauennx, axe ecnn knmu menxercx exenenno . Ecnn nepno nmeer ocrarounym nnny, knmu moxno yer m e-
nxrt pas n neenm nnn axe pas n mecxn.
Cnnxponnte norokonte mn|pt rakxe npeoxpanxmr or nmtx ncranok n yanennn mn|porekcra , rak kak onn
npnnoxr k norepe cnnxponnsannn n yyr nemenenno onapyxent . Onako, onn ne samnmamr nonnocrtm or
nrontx coen. Kak n npn nokontx mn|pax n pexnme CEB, M+nnopn moxer nsmennrt orentnte nrt noroka.
Ecnn emy nsnecren orkptrtn rekcr, on moxer nsmennrt +rn nrt rak, urot +rn nrt emn|pnponannct rak, kak
emy nao. antnenmne nrt npn emn|pnponannn npenparxrcx n uenyxy (noka cncrema ne noccranonnrcx) , no n
onpeenenntx npnnoxennxx M+nnopn moxer npnnecrn samerntn ymep .
Bcrpmmue ecmaero
Cnnxponnte norokonte mn|pt uyncrnnrentnt k ncxpm1nm nc1anxon |93]. Hycrt M+nnopn sanncan norok
mn|porekcra, no ne snaer nn orkptroro rekcra, nn noroka knmuen, ncnontsonannoro nx mn|ponannx orkptroro
rekcra.
Opnrnnantntn orkptrtn rekcr: pl p' p3 Pi Opnrnnantntn norok knm-
uen: kl k' kf ki Opnrnnantntn mn|porekcr: cl c' c3 ci
M+nnopn ncrannxer onn nsnecrntn emy nr , w', n orkptrtn rekcr nocne pl n sarem ntraercx nonyunrt mon-
|nnnponanntn orkptrtn rekcr, mn|ponanntn rem xe norokom knmuen . On sannctnaer nonyunnmnncx nontn
mn|porekcr:
Hontn orkptrtn rekcr: pl p pl pi pi Opnrnnantntn norok: k. k' k-i ks k',
Ononnenntn mn|porekcr: cl c'z c'3 ci c'i
Tak kak on snaer snauenne p, on moxer onpeennrt nect orkptrtn rekcr nocne +roro nra no opnrnnantnomy
n nonomy mn|porekcram:
k' c: s p, sarem p' c' s k' kf c'3 S pt, sarem p3 c3 S fc3 kt c', S
p3, sarem p,, cs S ks
M+nnopn axe ne nyxno snart rounoe nonoxenne ncrannennoro nra, on moxer npocro cpannnrt opnrnnan t-
ntn n ononnenntn mn|porekcrt, urot onapyxnrt, re onn naunnamr ornnuartcx . nx npeornpamennx rako-
ro nckptrnx nnkora ne ncnontsynre onn norok knmuen nx mn|ponannx nyx pasnnuntx coomennn .
9.8 Penu nmxopno opa1no cnnsn
Pexnm ntxonon oparnon cnxsn ( Output-feedback, OEB) npecrannxer coon mero ncnontsonannx nounoro
mn|pa n kauecrne cnnxponnoro norokonoro mn|pa . 3ror pexnm noxox na CEB sa ncknmuennem roro, uro n nron
npetymero ntxonoro noka cnnramrcx n kpannne npante nosnnnn ouepen (cm. -2nd). emn|pnponanne xn-
nxercx oparntm nponeccom. Takon pexnm nastnaercx n-nrontm OEB. H npn mn|ponannn, n npn emn|pnpo-
nannn nountn anropnrm paoraer n pexnme mn|ponannx . 3ro nnora nastnamr nny1pennen opa1non cnusnm,
noromy uro mexannsm oparnon cnxsn ne sanncnr nn or norokon orkptroro rekcra, nn or norokon mn|porekcra
|291]. Ecnn pasmep noka anropnrma n, ro n-nrontn anropnrm OEB ntrnxnr, kak nokasano na :
C, P, S,' S, *I, - I,) P, C, Sh Si Ek*Si,
I,)
s - cocroxnne, nesanncxmee nn or orkptroro rekcra, nn or mn|porekcra . K uncny nonoxnrentntx cnoncrn OEB
ornocnrcx ro, uro ontmax uacrt paort moxer trt ntnonnena anronomno, axe o roro, kak noxnnrcx orkp t-
rtn rekcr coomennx. Kora nakonen coomenne nakonen noxnnrcx, nx nonyuennx mn|porekcra na coomennem
n ntxoom anropnrma nyxno yer ntnonnnrt onepannm XOR.
Pnc. 9-11. 8-n1onmn peanu
Bermop uuuuuauusauuu
B cnnrontn perncrp OEB rakxe cnauana onxen trt sarpyxen IV. On onxen trt ynnkantntm, no coxpa-
nxrt ero n cekpere ne oxsarentno.
Pacnpocmpaueuue ouuru
B pexnme OEB pacnpocrpanennx omnkn ne nponcxonr. Henpannntntn nr mn|porekcra npnnonr k nenp a-
nnntnomy nry orkptroro rekcra. 3ro moxer trt nonesno npn nn|ponon nepeaue ananorontx nennunn, nanp n-
mep onn|ponannoro snyka nnn nneonsopaxennx , kora cnyuanntn con nra onycrnm, no pacnpocrpanenne
omnkn nexenarentno.
C pyron cropont, norepx cnnxponnsannn cmeprentna. Ecnn cnnronte perncrpt npn mn|ponannn n npn e-
mn|pnponannn ornnuamrcx, ro noccranonnenntn orkptrtn rekcr npecrannxer coon eccmtcnnny . hmax cnc-
rema, ncnontsymmax pexnm OEB, onxna nknmuart mexannsm onapyxennx norepn cnnxponnsannn n mexannsm
sanonnennx oonx cnnrontx perncrpon nontm (nnn onnakontm ) IV nx noccranonnennx cnnxponnsannn.
Pnc. 9-12. -n1onmn OFB c -n1onmu anropn1uou.
OFB u npouem esonacuocmu
Ananns pexnma OEB |588, 430, 431, 789] nokastnaer, uro OEB cronr ncnontsonart rontko, kora pasmep o-
parnon cnxsn connaaer c pasmepom noka . Hanpnmep, 64-nrontn anropnrm nyxno ncnontsonart rontko n 64-
nronom pexnme OEB. Hecmorpx na ro, uro npannrentcrno CBA paspemaer nx DES n pyrne pasmept oparntx
cnxsen DES |1143], nseranre nx.
Pexnm OEB ntnonnxer XOR na norokom knmuen n rekcrom. 3ror norok knmuen co npemenem nonropxercx .
Baxno, urot on ne nonropxncx nx roro xe knmua, n npornnnom cnyuae napymaercx esonacnocrt . Kora pasmep
oparnon cnxsn panen pasmepy noka, nountn mn|p nepecrannxer m-nronte snauennx (re m - +ro pasmep no-
ka), n cpenxx nnna nnkna cocrannxer 2 -1. Hpn nnne noka 64 nra +ro ouent ontmoe uncno . Kora pasmep
oparnon cnxsn n mentme nnnt noka, cpenxx nnna nnkna naaer o npnnnsnrentno 2'"*. nx 64-nrnoro
mn|pa +ro rontko * - uro xnno neocrarouno.
Homoroeme uuqpm e pexue OFB
Horokonte mn|pt rakxe moryr paorart n pexnme OEB. B +rom cnyuae knmu nnnxer na |ynknnm cneymme-
ro cocroxnnx (cm. -4-n). uynknnx ntxoa ne sanncnr or knmua, ouent uacro ona xnnxercx uem-ro npocrtm, nanp n-
mep, onnm nrom nnyrpennero cocroxnnx nnn pesyntrarom XOR neckontknx nron nnyrpennero cocroxnnx. Kpnn-
rorpa|nueckn cnoxnon xnnxercx |ynknnx cneymmero cocroxnnx, koropax sanncnr or knmua . 3ror mero rakxe
nastnaercx nnyrpennen oparnon cnxstm |291], noromy uro mexannsm oparnon cnxsn xnnxercx nnoxenntm no
ornomennm k anropnrmy renepannn knmuen.
Pnc. 9-13. Ienepa1op no1oxa xnmuen n peanue c nmxonon opa1non cnusnm.
B onom ns napnanron +roro pexnma knmu onpeenxer rontko nauantnoe cocroxnne reneparopa noroka knmuen .
Hocne roro, kak knmu onpeennr nnyrpennee cocroxnne reneparopa, reneparop paoraer, ne nonepraxct nosenc r-
nnxm nsnne.
9.9 Penu cue1unka
Fnounte mn|pt n peanue cue1unxa ncnontsymr n kauecrne nxoon anropnrma nocneonarentnte nomepa
|824, 498, 715]. nx sanonnennx perncrpa ncnontsyercx cuerunk, a ne ntxo anropnrma mn|ponannx . Hocne mn|-
ponannx kaxoro noka cuerunk nnkpemenrnpyercx na onpeenennym koncranry, otuno ennnny . nx +roro pe-
xnma cnoncrna cnnxponnsannn n pacnpocrpanennx omnkn rakne xe, kak n nx OEB. Pexnm cuerunka pemaer
nponemy n-nronoro ntxoa pexnma OEB, re n mentme nnnt noka.
K cuerunky ne npexnnxercx nnkaknx ocotx rpeonannn, on ne onxen npoxonrt no nopxky nce nosmo x-
nte snauennx. B kauecrne nxoa nounoro anropnrma moxno ncnontsonart reneparopt cnyuanntx uncen, onnca n-
nte n rnanax 16 n 17, nesanncnmo or roro, xnnxmrcx nn onn kpnnrorpa|nueckn esonacntmn nnn ner .
Homoroeme uuqpm e pexue cuemuura
V norokontx mn|pon n pexnme cuerunka npocrte |ynknnn cneymmero cocroxnnx n cnoxnte |ynknnn ntx o-
a, sanncxmne or knmua. 3ror mero, nokasanntn na -5-n, tn npenoxen n |498, 715]. uynknnx cneymmero
cocroxnnx moxer trt uem-ro npocrtm, nanpnmep, cuerunkom, oannxmmnm ennnny k npetymemy cocro x-
nnm.
Pnc. 9-14. Ienepa1op no1oxa xnmuen n peanue cue1unxa.
Horokontn mn|p n pexnme cuerunka moxer renepnponart i-tn nr, k
i
, es ntaun ncex npemecrnymmnx
knmuentx nron. Hpocro ycranonnre cuerunk npyunym n i-oe nnyrpennee cocroxnne n renepnpynre nr . 3ro no-
nesno nx sakptrnx |annon anntx c nponsnontntm ocrynom, moxno pacmn|ponart konkperntn nok anntx
ne pacmn|pontnax nentn |ann.
9.10 pyrne penum nounmx mnqpon
Pexu cuenueuua uoroe
nx ncnontsonannx nounoro anropnrma n pexnme cnennennu noxon (block chaining, BC), npocro ntnonnnre
XOR nxoa nounoro mn|pa n pesyntrara XOR ncex npetymnx nokon mn|porekcra. Kak n nx CBC ncnont-
syercx IV. Maremarnueckn +ro ntrnxnr kak:
C, Ek(P, Q F*, F, I F, C, P, F, *(C,); Fi* I F,
Ci
Kak n CBC, oparnax cnxst nponecca BC npnnonr k pacnpocrpanennm omnkn n orkptrom rekcre . Inannax
nponema BC saknmuaercx n rom, uro ns-sa roro, uro emn|pnponanne noka mn|porekcra sanncnr or ncex np e-
tymnx nokon mn|porekcra, enncrnennax omnka mn|porekcra npnneer k nenpannntnon pacmn|ponke ncex
nocneymmnx nokon mn|porekcra.
Pexu pacnpocmpauamueeoca cuenueuua uoroe uuqpa
Pexnm pacnpoc1panummerocu cnennennu noxon mnqpa(propagating cipher block chaining, PCBC) |1080]
noxox na pexnm CBC sa ncknmuennem roro, uro n npetymnn nok orkptroro rekcra, n npetymnn nok
mn|porekcra nonepramrcx onepannn XOR c rekymnm nokom orkptroro rekcra nepe mn|ponannem (nnn nocne
mn|ponannx) (cm. -6-n).
Ci E*P, Ci I P, I) P* Cf I Pi I a*,)
PCBC ncnontsyercx n Kerberos nepcnn 4 (cm. pasen 24.5) nx ntnonnennx sa onn npoxo n mn|ponannx, n
nponepkn nenocrnocrn. B pexnme PCBC omnka mn|porekcra npnnonr k nenpannntnomy emn|pnponannm ncex
nocneymmnx nokon. 3ro osnauaer, uro nponepka cranaprnoro noka n konne coomennx oecneunnaer nenoc r-
nocrt ncero coomennx.
Pnc. 9-15. Peanu pacnpoc1panummerocu cnennennu noxon mnqpa.
K necuacrtm n +rom pexnme cymecrnyer ona nponema |875]. Hepecranonka nyx nokon mn|porekcra npnn o-
nr k nenpannntnon pacmn|ponke nyx coornercrnymmnx nokon orkptroro rekcra , no ns-sa npnpot onepannn
XOR na orkptrtm rekcrom n mn|porekcrom, antnenmne omnkn komnencnpymrcx. Ho+romy, ecnn npn nponep-
ke nenocrnocrn nponepxmrcx rontko neckontko nocnennx nokon pacmn|ponannoro orkptroro rekcra, moxno
nonyunrt uacrnuno ncnopuennoe coomenne . Xorx nnkro o cnx nop ne oymancx, kak nocnontsonartcx +ron cn a-
ocrtm, Kerberos nepcnn 5 nocne onapyxennx omnkn nepeknmuaercx n pexnm CBC.
Cuenueuue uoroe uuqpa c roumpououo cyo
Cnennenne noxon mnqpa c xon1ponnnon cyuuon(cipher block chaining with checksum, CBCC) npecran-
nxer coon napnanr CBC |1618]. Coxpanxnre snauenne XOR ncex yxe samn|ponanntx nokon orkptroro rekcra ,
ntnonnxx nx kaxoro rekymero noka orkptroro rekcra nepe ero mn|ponannem XOR c coxpanxemtm snauenn-
em. CBCC oecneunnaer, uro nmoe nsmenenne nmoro noka mn|porekcra nsmennr pesyntrar emn|ponkn n o-
cnenero noka. Ecnn nocnennn nok coepxnr kakym-nnyt koncranry nnn cnyxnr nx nponepkn nenocrnocrn ,
ro nenocrnocrt pacmn|ponannoro orkptroro rekcra moxer trt nponepena c mnnnmantntmn ononnnrentntmn
naknantmn pacxoamn.
Bmxouaa opamuaa ceaso c ueuuueuo qyuruue
Btxonax oparnax cnxst c nennnennon |ynknnen ( output feedback with a nonlinear function, OEBNLE) |777]
npecrannxer coon napnanr n OEB, n ECB, re knmu nsmenxercx c kaxtm nokom:
C, Ek*P*, K* Edit, ,1 P, a*,); Ki E*K, I)
Omnka onoro nra mn|porekcra pacnpocrpanxercx rontko na onn nok orkptroro rekcra . Onako, ecnn nr
repxercx nnn oannxercx, ro omnka pacnpocrpanxercx o eckoneunocrn . C nountm anropnrmom, ncnontsym-
mnm cnoxntn anropnrm nnannponannx knmuen, +ror pexnm paoraer menenno . ne snam, kak ntnonnxrt kpnn-
roananns +roro pexnma.
Hpouue pexum
Bosmoxnt n pyrne pexnmt, xorx onn ncnontsymrcx neuacro . Cnennenne nokon orkptroro rekcra ( plaintext
block chaining, PBC) noxoxe na CBC sa ncknmuennem roro, uro onepannx XOR ntnonnxercx nx c noka orkpt-
roro rekcra n nx npetymero noka orkptroro rekcra, a ne noka mn|porekcra . Oparnax cnxst no orkptromy
rekcry (plaintext feedback, PEB) noxoxa na CEB sa ncknmuennem roro, uro nx oparnon cnxsn ncnontsyercx ne
mn|porekcr, a orkptrtn rekcr. Cymecrnyer rakxe cnennenne nokon mn|porekcra no pasnnunxm orkptroro re k-
cra (cipher block chaining of plaintext difference , CBCPD). ynepen, uro moxno nanrn eme ranncrnennee .
Ecnn y kpnnroanannrnka ecrt mamnna nx noncka knmuen rpyon cnnon, ro on cmoxer packptrt knmu, ecnn
yraaer onn ns nokon orkptroro rekcra. Hekoropte ns ynomxnyrtx crpanntx pexnmon, no cyrn, xnnxmrcx o-
nonnnrentntm mn|ponannem nepe ncnontsonannem anropnrma mn|ponannx : nanpnmep, XOR rekcra n |nkcnpo-
nannon cekpernon crpokn nnn nepecranonka rekcra . Hourn nce orknonennx or cranapron nomemamr noonomy
kpnnroanannsy.
9.11 Bmop penua mnqpa
Ecnn namen ocnonnon saoron xnnxmrcx ckopocrt n npocrora , ro ECB xnnxercx camtm npocrtm n camtm t-
crptm cnocoom ncnontsonart nountn mn|p. Homnmo yxsnnmocrn k nckptrnm nonropom, anropnrm n pexnme
ECB npome ncero kpnnroanannsnponart. ne conerym ncnontsonart ECB nx mn|ponannx coomennn.
ECB xopomo ncnontsonart nx mn|ponannx cnyuanntx anntx, nanpnmep, pyrnx knmuen . Tak kak annte
nenennkn no pasmepy n cnyuannt, neocrarkn ECB ne cymecrnennt nx rakoro npnmenennx.
nx otunoro orkptroro rekcra ncnontsynre CBC, CEB nnn OEB. Konkperntn pexnm sanncnr or namnx rpe-
onannn. B npnneent esonacnocrt n +||ekrnnnocrt pasnnuntx pexnmon .
nx mn|ponannx |annon nyume ncero noxonr CBC. 3naunrentno ynennunnaercx esonacnocrt, n npn nox n-
nennn omnok n xpannmtx anntx nourn nnkora ne tnaer coen cnnxponnsannn . Ecnn name npnnoxenne -
nporpammnoe, ro CBC nourn ncera yer nyumnm ntopom.
Tan. 9-1.
Kpa1xnn osop peanuon pao1m nounmx mnqpon
ECB:
Security:
-Plaintext patterns are not concealed.
- Input to the block cipher Is not randomlzed; It Is the same as the plaintext. More than one message can be encrypted with the same
- plaintext Is easy to manipulate; blocks can be removed, repeated, or Interchanged.
Efficiency: Speed is the same as the block cipher.
- Clphertext Is up to one block longer than the plaintext, due to padding.
- No preprocessing is possible. *Processing is paraUelizable.
Fault-tolerance:
-A ciphertext error affects one full block of plaintext.
- Synchronization error is unrecoverable.
CEB:
Security:
Plaintext patterns are concealed. Input to the block cipher is randomized. More than one message can be encrypted with the same key, provided
that a different IV is used. /- Plaintext is somewhat difficult to manipulate; blocks call be removed from the beginning and end of the message, bits of the
first block can be changed, and repetition allows some controlled changes.
Efficiency: Speed is the same as the block cipher.
- Ciphertext is the same size as the plaintext, not counting the IV.
/- Encryption is not paraUelizable; decryption is paral- Idizable and has a random-access property.
- Some preprocessing is possible before a block is seen; the Previous ciphertext block can be encrypted. /- Encryption is not parallelizable; decry p-
tion is paral- felizable and has a random-access property.
F'auh-toterance:
-A ciphertext error affects the corresponding bit of plaintext and the next full block.
Synchronization errors of full block sizes are recoverable. I. -bit CEB can recover from the addition or loss of single bits.
cbc:
Security:
Plaintext patterns are concealed by XORing with previous ciphertext block.
Input to the block cipher is randomized by XORing with the previous ciphertext block.
More than one message can be encrypted with the same key.
/- Plaintext is somewhat difficult to manipulate; blocks can be removed from the beginning and end of the message, bits of the first block can be
changed, and repetition allows some controlled changes.
Efficiency: Speed is the same as the block cipher.
- Ciphertext is up to one block longer than the plaintext, not counting the IV.
- No preprocessing is possible.
/- Encryption is not paraUelizable; decryption is paral- lelizable and has a random-access property.
Wau*-toterance:
- A ciphertext error affects one full block of plaintext and the corresponding bit in the next block.
- Synchronization error is unrecoverable.
OEB/Counter:
Security;
Plaintext patterns are concealed. Input to the block cipher is randomized. More than one message can be encrypted with the same key, provided
that a different IV is used. - Plaintext is very easy to manipulate; any change in ciphertext directly affects the plaintext.
C*lclency: Speed is the same as the block cipher.
- Ciphertext is the same size as the plaintext, not counting the IV. Processing is possible before the message is seen.
-/ OEB processing is not paraUelizable; counter processing is paraUelizable.
Fau*t-tolerance:
A ciphertext error affects only the corresponding bit of plaintext. - Synchronization error is unrecoverable.
CEB-specifically 8-bit CEB-is generally the mode ol choice for encrypting streams of characters when each cha r-
acter has to be treated individually, as in a link between a terminal and a host. OEB is most often used in high-speed
synchronous systems where error propagation is intolerable. OEB is also the mode of choice if preprocessing is r e-
quired.
OEB is the mode of choice in a error-prone environment, because it has no error extension.
Stay away from the weird modes. One of the four basic modes-ECB, CBC, OEB, and CEB-is suitable for almost
any application. These modes are not overly complex and probably do not reduce the security of the system. While it is
possible that a complicated mode might increase the security of a system, most likely it just increases the complexity.
None of the weird modes has any better error propagation or error recovery characteristics.
9.12 INTERLEAVING
With most modes, encryption of a bit (or block) depends on the encryption of the previous bits (or blocks). This can
often make it impossible to parallelize encryption. Eor example, consider a hardware box that does encryption in CBC
mode. Even if the box contains four encryption chips, only one can work at any time. The next chip needs the results
of the previous chip before it starts working.
The solution is to interleave multiple encryption streams. (This is not multiple encryption; that's covered in Se c-
tions 15.1 and 15.2). Instead of a single CBC chain, use four. The first, fifth, and every fourth block thereafter are e n-
crypted in CBC mode with one IV. The second, sixth, and every fourth block thereafter are encrypted in CBC mode
with another IV, and so on. The total IV is much longer than it would have been without interleaving.
Think of it as encrypting four different messages with the same key and four different IVs. These messages are all i nterleaved.
This trick can also be used to increase the overall speed of hardware encryption. If you have three encryption chips, each c a-
pable of encrypting data at 33 megabits/second, you can interleave them to encrypt a single 100 megabit/second data channel.
Eigure 9.16 shows three parallel streams interleaved in CEB mode. The idea can also work in CBC and OEB modes, and with
any number of parallel streams. Just remember that each stream needs its own IV. Don't share.
9.13 BLOCK CIPHERS VERSUS STREAM CIPHERS
Although block and stream ciphers are very different, block ciphers can be implemented as stream ciphers and stream ciphers
can be implemented as block ciphers. The best definition of the difference I've found is from Ranier Rueppel |1362.]:
Block ciphers operate on data with a fixed transformation on large blocks of plaintext data; stream ciphers ope r-
ate with a time-varying transformation on individual plaintext digits.
Figure 9.16 Interleavingthtee CFB encrvptions.
In the real world, block ciphers seem to be more general (i.e., they can be used in any of the four modes) and stream ciphers
seem to be easier to analyze mathematically. There is a large body of theoretical work on the analysis and design of stream c i-
phers-most of it done in Europe, for some reason. They have been used by the world's militaries since the invention of electronics.
This seems to be changing; recently a whole slew of theoretical papers have been written on block cipher design. Maybe soon
there will be a theory of block cipher design as rich as our current theory of stream cipher d esign.
Otherwise, the differences between stream ciphers and block ciphers are in the implementation. Stream ciphers that only e n-
crypt and decrypt data one bit at a time are not really suitable for software implementation. Block ciphers can be easier to impl e-
ment in software, because they often avoid time-consuming bit manipulations and they operate on data in computer-sized blocks.
On the other hand, stream ciphers can be more suitable for hardware implementation because they can be implemented very eff i-
ciently in silicon.
These are important considerations. It makes sense for a hardware encryption device on a digital communications channel to
encrypt the individual bits as they go by. This is what the device sees. On the other hand, it makes no sense for a software encry p-
tion device to encrypt each individual bit separately. There are some specific instances where bit- and byte-wise encryption might
be necessary in a computer system-encrypting the link between the keyboard and the CPU, for example-but generally the encry p-
tion block should be at least the width of the data bus.
Fnana 10 Using AIgorithms
Think of security - data security, communications security, information security, whatever - as a chain. The security of the
entire system is only as strong as the weakest link. Everything has to be secure: cryptographic algorithms, protocols, key manag e-
ment, and more. If your algorithms are great but your random-number generator stinks, any smart cryptanalyst is going to attack
your system through the random-number generation. If you patch that hole but forget to securely erase a memory location that
contains the key, a cryptanalyst will break your system via that route. If you do everything right and accidentally e-mail a copy of
your secure files to The Wall Street Journal, you might as well not have bothered.
It's not fair. As the designer of a secure system, you have to think of every possible means of attack and protect against them
all, but a cryptanalyst only has to find one hole in your security and exploit it.
Cryptography is only a part of security, and often a very small part. It is the mathematics of making a system secure, which is
different from actually making a system secure. Cryptography has its "size queens": people who spend so much time arguing about
how long a key should be that they forget about everything else. If the secret police want to know what is on your computer, it is
far easier for them to break into your house and install a camera that can record what is on your computer screen than it is for them
to cryptanalyze your hard drive.
Additionally, the traditional view of computer cryptography as "spy versus spy" technology is becoming increasingly ina p-
propriate. Over 99 percent of the cryptography used in the world is not protecting military secrets; it's in applications such as bank
cards, pay-TV, road tolls, office building and computer access tokens, lottery terminals, and prepayment electricity meters |43,44].
In these applications, the role of cryptography is to make petty crime slightly more difficult; the paradigm of the well-funded a d-
versary with a rabbit warren of cryptanalysts and roomsful of computers just doesn't apply.
Most of those applications have used lousy cryptography, but successful attacks against them had nothing to do with cry p-
tanalysts. They involved crooked employees, clever sting operations, stupid implementations, integration blunders, and random
idiocies. (I strongly recommend Ross Anderson's paper, "Why Cryptosytems Eail" |44]; it should be required reading for anyone
involved in this field.) Even the NSA has admitted that most security failures in its area of interest are due to failures in impl e-
mentation, and not failures in algorithms or protocols |1119]. In these instances it didn't matter how good the cryptography was;
the successful attacks bypassed it completely.
10.1 CHOOSING AN ALGORITHM
When it comes to evaluating and choosing algorithms, people have several alternatives:
- They can choose a published algorithm, based on the belief that a published algorithm has been scrutinized by many cry p-
tographers; if no one has broken the algorithm yet, then it must be pretty good.
- They can trust a manufacturer, based on the belief that a well-known manufacturer has a reputation to uphold and is u n-
likely to risk that reputation by selling equipment or programs with inferior algorithms.
- They can trust a private consultant, based on the belief that an impartial consultant is best equipped to make a reliable
evaluation of different algorithms.
- They can trust the government, based on the belief that the government is trustworthy and wouldn't steer its citizens wrong.
- They can write their own algorithms, based on the belief that their cryptographic ability is second-to-none and that they
should trust nobody but themselves.
Any of these alternatives is problematic, but the first seems to be the most sensible. Putting your trust in a single manufa c-
turer, consultant, or government is asking for trouble. Most people who call themselves security consultants (even those from big-
name firms usually don't know anything about encryption. Most security product manufacturers are no better. The NSA has some
of the world's best cryptographers working for it, but they're not telling all they know. They have their own interests to further
which are not congruent with those of their citizens. And even if you're a genius, writing your own algorithm and then using it
without any peer review is just plain foolish.
The algorithms in this book are public. Most have appeared in the open literature and many have been cryptanalyzed by e x-
perts in the field. I list all published results, both positive and negative. I don't have access to the cryptanalysts done by any of the
myriad military security organizations in the world Which are probably better than the academic institutionsthey've been doing it
longer and are better funded), so it is possible that these algorithms are easier to break than it appears. Even so, it is far more
likely that they are more secure than an algorithm designed and implemented in secret in some corporate basement.
The hole in all this reasoning is that we don't know the abilities of the various military cryptanalysts organizations.
What algorithms can the NSA break? Eor the majority of us, there's really no way of knowing. If you are arrested with a
DES-encrypted computer hard drive, the EBI is unlikely to introduce the decrypted plaintext at your trial; the fact that they can
break an algorithm is often a bigger secret than any information that is recovered. During WWII, the Allies were forbidden from
using decrypted German Ultra traffic unless they could have plausibly gotten the information elsewhere. The only way to get the
NSA to admit to the ability to break a given algorithm is to encrypt something so valuable that its public dissemination is worth
the admission. Or, better yet, create a really funny joke and send it via encrypted e-mail to shady characters in shadowy countries.
NSA employees are people, too; I doubt even they can keep a good joke secret.
A good working assumption is that the NSA can read any message that it chooses, but that it cannot read all messages that it
chooses. The NSA is limited by resources, and has to pick and choose among its various targets. Another good assumption is that
they prefer breaking knuckles to breaking codes; this preference is so strong that they will only resort to breaking codes when they
wish to preserve the secret that they have read the message. In any case, the best most of us can do is to choose among public a l-
gorithms that have withstood a reasonable amount of public scrutiny and cryptanalysts. Algorithms for Export
Algorithms for export out of the United States must be approved by the U.S. government (actually, by the NSA (see Section
25.1). It is widely believed that these export-approved algorithms can be broken by the NSA. Although no one has admitted this on
the record, these are some of the things the NSA is rumored to privately suggest to companies wishing to export their crypt o-
graphic products:
- Leak a key bit once in a while, embedded in the ciphertext.
- "Dumb down" the effective key to something in the 30-bit range. Eor example, while the algorithm might accept a 100-bit
key, most of those keys might be equivalent.
- Use a fixed IV, or encrypt a fixed header at the beginning of each encrypted message. This facilitates a known-plaintext
attack.
- Generate a few random bytes, encrypt them with the key, and then put both the plaintext and the ciphertext of those ra n-
dom bytes at the beginning of the encrypted message. This also facilitates a known- plaintext attack.
NSA gets a copy of the source code, but the algorithm's details remain secret from everyone else. Certainly no one adve r-
tises any of these deliberate weaknesses, but beware if you buy a U.S. encryption product that has been approved for export.
10.2 PUBLIC-KEY CRYPTOGRAPHY VERSUS SYMMETRIC CRYPTOGRAPHY
Which is better, public-key cryptography or symmetric cryptography? This question doesn't make any sense, but has been d e-
bated since public-key cryptography was invented. The debate assumes that the two types of cryptography can be compared on an
equal footing. They can't.
Needham and Schroeder |1159] pointed out that the number and length of messages are far greater with public-key alg o-
rithms than with symmetric algorithms. Their conclusion was that the symmetric algorithm was more efficient than the public-key
algorithm. While true, this analysis overlooks the significant security benefits of public-key cryptography. Whitfield Diffie writes
492,494]:
In viewing public-key cryptography as a new form of cryptosystem rather than a new form of key management, I set the stage
for criticism on grounds of both security and performance. Opponents were quick to point out that the RSA system ran about one-
thousandth as fast as DES and required keys about ten times as large. Although it had been obvious from the beginning that the
use of public key systems could be limited to exchanging keys for conventional |symmetric] cryptography, it was not immediately
clear that this was necessary. In this context, the proposal to build hybrid systems |879] was hailed as a discovery in its own right.
Public-key cryptography and symmetric cryptography are different sorts of animals; they solve different sorts of problems.
Symmetric cryptography is best for encrypting data. It is orders of magnitude faster and is not susceptible to chosen-ciphertext a t-
tacks. Public-key cryptography can do things that symmetric cryptography can't; it is best for key management and a myriad of
protocols discussed in Part I.
Other primitives were discussed in Part I: one-way hash functions, message authentication codes, and so on. Table 10.1 lists
different types of algorithms and their properties |804].
10.3 ENCRYPTING COMMUN1CAT10NS CHANNELS
This is the classic Alice and Bob problem: Alice wants to send Bob a secure message. What does she do? She encrypts the me s-
sage.
In theory, this encryption can take place at any layer in the OSI (Open Systems Interconnect) communications model. (See
the OSI security architecture standard for more information |305].) In practice, it takes place either at the lowest layers (one and
two) or at higher layers. If it takes place at the lowest layers, it is called link-by-link encryption; everything going through a pa r-
ticular data link is encrypted. If it takes place at higher layers, it is called end-to-end encryption; the data are encrypted selectively
and stay encrypted until they are decrypted by the intended final recipient. Each approach has its own benefits and drawbacks.
Link-by Link Encryption
The easiest place to add encryption is at the physical layer (see Eigure 10. 1). This is called link-by-link encryption. The i n-
terfaces to the physical layer are generally standardized and it is easy to connect hardware encryption devices at this point. These
devices encrypt all data passing through them, including data, routing information, and protocol information. They can be used on
any type of digital communication link. On the other hand, any intelligent switching or storing nodes between the sender and the
receiver need to decrypt the data stream before processing it.
This type of encryption is very effective. Because everything is encrypted, a crypt- analyst can get no information about the
structure of the information. He has no idea who is talking to whom, how long the messages they are sending are, what times of
day they communicate, and so on. This is called traffic-flow security: the enemy is not only denied access to the information, but
also access to the knowledge of where and how much information is flowing.
Security does not depend on any traffic management techniques. Key management is also simple; only the two endpoints of
the line need a common key, and they can change their key independently from the rest of the network.
Imagine a synchronous communications line, encrypted using 1-bit CEB. After initialization, the line can run indefinitely, r e-
covering automatically from bit or synchronization errors. The line encrypts whenever messages are sent from one end to the other;
otherwise it just encrypts and decrypts random data. Eve has no idea when messages are being sent and when they are not; she has
no idea when messages begin and end. All she sees is an endless stream of random-looking bits.
If the communications line is asynchronous, the same 1-bit CEB mode can be used. The difference is that the adversary can
get information about the rate of transmission. If this information must be concealed, make some provision for passing dummy
messages during idle times.
The biggest problem with encryption at the physical layer is that each physical link in the network needs to be encrypted:
Leaving any link unencrypted jeopardizes the security of the entire network. If the network is large, the cost may quickly become
prohibitive for this kind of encryption.
Additionally, every node in the network must be protected, since it processes unencrypted data. If all the network's users
trust one another, and all nodes are in secure locations, this may be tolerable. But this is unlikely. Even in a single corporation,
information might have to be kept secret within a department. If the network accidentally misroutes information, anyone can read
it. Table 10.2 summarizes the pros and cons of link-by-link encryption.
End-to-End Encryption
Another approach is to put encryption equipment between the network layer and the transport layer. The encryption device
must understand the data according to the protocols up to layer three and encrypt only the transport data units, which are then r e-
combined with the unencrypted routing information and sent to lower layers for transmission.
This approach avoids the encryption/decryption problem at the physical layer. By providing end-to-end encryption, the data
remains encrypted until it reaches its final destination (see Eigure 10.2). The primary problem with end-to-end encryption is that
the routing information for the data is not encrypted; a good cryptanalyst can learn much from who is talking to whom, at what
times and for how long, without ever knowing the contents of those conversations. Key management is also more difficult, since
individual users must make sure they have common keys.
Building end-to-end encryption equipment is difficult. Each particular communications system has its own protocols. Som e-
times the interfaces between the levels are not well-defined, making the task even more difficult.
If encryption takes place at a high layer of the communications architecture, like the applications layer or the presentation
layer, then it can be independent of the type of communication network used. It is still end-to-end encryption, but the encryption
implementation does not have to bother about line codes, synchronization between modems, physical interfaces, and so forth. In
the early days of electro- mechanical cryptography, encryption and decryption took place entirely offline; this is only one step r e-
moved from that.
Encryption at these high layers interacts with the user software. This software is different for different computer archite c-
tures, and so the encryption must be optimized for different computer systems. Encryption can occur in the software itself or in
specialized hardware. In the latter case, the computer will send the data to the specialized hardware for encryption before sending
it to lower layers of the communication architecture for transmission. This process requires some intelligence and is not suitable
for dumb terminals. Additionally, there may be compatibility problems with different types of computers. The major disadvantage
of end-to-end encryption is that it allows traffic analysis. Traffic analysis is the analysis of encrypted messages: where they come
from, where they go to, how long they are, when they are sent, how frequent or infrequent they are, whether they coincide with
outside events like meetings, and more. A lot of good information is buried in that data, and a cryptanalyst will want to get his
hands on it. Table 10.3 presents the positive and negative aspects of end-to-end encryption.
Combining the 1wo
Table 10.4, primarily from |1244], compares link-by-link and end-to-end encryption. Combining the two, while most expe n-
sive, is the most effective way of securing a network. Encryption of each physical link makes any analysis of the routing inform a-
tion impossible, while end-to-end encryption reduces the threat of unencrypted data at the various nodes in the network. Key ma n-
agement for the two schemes can be completely separate: The network managers can take care of encryption at the physical level,
while the individual users have responsibility for end-to-end encryption.
10.4 ENCRYPTING DATA FOR STORAGE
Encrypting data for storage and later retrieval can also be thought of in the Alice and Bob model. Alice is still sending a me s-
sage to Bob, but in this case "Bob" is Alice at some future time. However, the problem is fundamentally different. In communic a-
tions channels, messages in transit have no intrinsic value. If Bob doesn't receive a particular message, Alice can always resend it.
This is not true for data encrypted for storage. If Alice can't decrypt her message, she can't go back in time and re-encrypt it. She
has lost it forever. This means that encryption applications for data storage should have some mechanisms to prevent unrecove r-
able errors from creeping into the ciphertext. The encryption key has the same value as the message, only it is smaller. In effect,
cryptography converts large secrets into smaller ones. Being smaller, they can be easily lost. Key management procedures should
assume that the same keys will be used again and again, and that data may sit on a disk for years before being decrypted. Eu r-
thermore, the keys will be around for a long time. A key used on a communications link should, ideally, exist only for the length of
the communication. A key used for data storage might be needed for years, and hence must be stored securely for years.
Other problems particular to encrypting computer data for storage were listed in |357]:
- The data may also exist in plaintext form, either on another disk, in another computer, or on paper. There is much more
opportunity for a cryptanalyst to perform a known-plaintext attack.
- In database applications, pieces of data may be smaller than the block size of most algorithms. This will cause the ciphe r-
text to be considerably larger than the plaintext.
- The speed of I/O devices demands fast encryption and decryption, and will probably require encryption hardware. In some
applications, special high-speed algorithms may be required.
- Safe, long-term storage for keys is required.
- Key management is much more complicated, since different people need access to different files, different portions of the
same file, and so forth. If the encrypted files are not structured as records and fields, such as text files, retrieval is easier: The
entire file is decrypted before use. If the encrypted files are database files, this solution is problematic. Decrypting the entire dat a-
base to access a single record is inefficient, but encrypting records independently might be susceptible to a block-replay kind of
attack. In addition, you must make sure the unencrypted file is erased after encryption (see Section 10.9). Eor further details and
insights, consult |425,569].
Dereferencing Keys
When encrypting a large hard drive, you have two options. You can encrypt all the data using a single key. This gives a
cryptanalyst a large amount of ciphertext to analyze and makes it impossible to allow multiple users to see only parts of the drive.
Or, you can encrypt each file with a different key, forcing users to memorize a different key for each file.
The solution is to encrypt each file with a separate key, and to encrypt the keys with another key known by the users. Each
user only has to remember that one key. Different users can have different subsets of the file-encryption keys encrypted with their
key. And there can even be a master key under which every file-encryption key is encrypted. This is even more secure because the
file-encryption keys are random and less susceptible to a dictionary attack.
Driver-Level vs. File-Level Encryption
There are two ways to encrypt a hard drive: at the file level and at the driver level. Encryption at the file level means that
every file is encrypted separately. To use a file that's been encrypted, you must first decrypt the file, then use it, and then re- e n-
crypt it.
Driver-level encryption maintains a logical drive on the user's machine that has all data on it encrypted. If done well, this can
provide security that, beyond choosing good passwords, requires little worry on the part of the user. The driver must be consider a-
bly more complex than a simple file-encryption program, however, because it must deal with the issues of being an installed d e-
vice driver, allocation of new sectors to files, recycling of old sectors from files, random-access read and update requests for any
data on the logical disk, and so on.
Typically, the driver prompts the user for a password before starting up. This is used to generate the master decryption key,
which may then be used to decrypt actual decryption keys used on different data.
Providing Random Access to an Encrypted Drive
Most systems expect to be able to access individual disk sectors randomly. This adds some complication for using many
stream ciphers and block ciphers in any chaining mode. Several solutions are possible.
Use the sector address to generate a unique IV for each sector being encrypted or decrypted. The drawback is that each se c-
tor will always be encrypted with the same IV. Make sure this is not a security problem.
Eor the master key, generate a pseudo-random block as large as one sector. You can do this by running an algorithm in OEB
mode, for example.) To encrypt any sec- tor, first XOR in this pseudo-random block, then encrypt normally with a block cipher in
ECB mode. This is called ECBOEB (see Section 15.4).
Since CBC and CEB are error-recovering modes, you can use all but the first block or two in the sector to generate the IV for
that sector. Eor example, the IV for sector 3001 may be the hash of the all but the first 128 bits of the sector's data. After genera t-
ing the IV, encrypt normally in CBC mode. To decrypt the sector, you use the second 64-bit block of the sector as an IV, and d e-
crypt the remainder of the sector. Then, using the decrypted data, you regenerate the IV and decrypt the first 128 bits.
You can use a block cipher with a large enough block size that it can encrypt the whole sector at once. Crab See Section 14.6)
is an example.
10.5 HARDWARE ENCRYPTION VERSUS SOFTWARE ENCRYPTION
Hardware
Until very recently, all encryption products were in the form of specialized hardware. These encryption/decryption boxes
plugged into a communications line and encrypted all the data going across that line. Although software encryption is becoming
more prevalent today, hardware is still the embodiment of choice for military and serious commercial applications. The NSA, for
example, only authorizes encryption in hardware. There are several reasons why this is so.
The first is speed. As we will see in Part III, encryption algorithms consist of many complicated operations on plaintext bits.
These are not the sorts of operations that are built into your run-of-the-mill computer. The two most common encryption alg o-
rithms, DES and RSA, run inefficiently on general-purpose processors. While some cryptographers have tried to make their alg o-
rithms more suitable for software implementation, specialized hardware will always win a speed race.
Additionally, encryption is often a computation-intensive task. Tying up the computer's primary processor for this is ineff i-
cient. Moving encryption to another chip, even if that chip is just another processor, makes the whole system faster. The second
reason is security. An encryption algorithm running on a generalized computer has no physical protection. Mallory can go in with
various debugging tools and surreptitiously modify the algorithm without anyone ever realizing it. Hardware encryption devices
can be securely encapsulated to prevent this. Tamper- proof boxes can prevent someone from modifying a hardware encryption
device. Special-purpose VLSI chips can be coated with a chemical such that any attempt to access their interior will result in the
destruction of the chip's logic. The U.S. government's Clipper and Capstone chips See Sections 24.16 and 24.171 are designed to
be tamperproof. The chips can be designed so that it is impossible for Mallory to read the unencrypted key.
IBM developed a cryptographic system for encrypting data and communications on mainframe computers |515,1027]. It i n-
cludes tamper-resistant modules to hold keys. This system is discussed in Section 24.1.
Electromagnetic radiation can sometimes reveal what is going on inside a piece of electronic equipment. Dedicated encry p-
tion boxes can be shielded, so that they leak no compromising information. General-purpose computers can be shielded as well,
but it is a far more complex problem. The U.S. military calls this TEMPEST; it's a subject well beyond the scope of this book.
The final reason for the prevalence of hardware is the ease of installation. Most encryption applications don't involve ge n-
eral-purpose computers. People may wish to encrypt their telephone conversations, facsimile transmissions, or data links. It is
cheaper to put special-purpose encryption hardware in the telephones, facsimile machines, and modems than it is to put in a m i-
croprocessor and software.
Even when the encrypted data comes from a computer, it is easier to install a dedicated hardware encryption device than it is
to modify the computer's system software. Encryption should be invisible; it should not hamper the user. The only way to do this in
software is to write encryption deep into the operating system. This isn't easy. On the other hand, even a computer neophyte can
plug an encryption box between his computer and his external modem.
The three basic kinds of encryption hardware on the market today are: self-contained encryption modules (that perform
functions such as password verification and key management for banks), dedicated encryption boxes for communications links,
and boards that plug into personal computers.
Some encryption boxes are designed for certain types of communications links, such as T-1 encryption boxes that are d e-
signed not to encrypt synchronization bits. There are different boxes for synchronous and asynchronous communications lines.
Newer boxes tend to accept higher bit rates and are more versatile.
Even so, many of these devices have some incompatibilities. Buyers should be aware of this and be well-versed in their pa r-
ticular needs, lest they find themselves the owners of encryption equipment unable to perform the task at hand. Pay attention to
restrictions in hardware type, operating system, applications software, net- work, and so forth. PC-board encryptors usually e n-
crypt everything written to the hard disk and can be configured to encrypt everything sent to the floppy disk and serial port as well.
These boards are not shielded against electromagnetic radiation or physical interference, since there would be no benefit in pr o-
tecting the boards if the computer remained unaffected. More companies are starting to put encryption hardware into their co m-
munications equipment. Secure telephones, facsimile machines, and modems are all available. Internal key management for these
devices is generally secure, although there are as many different schemes as there are equipment vendors. Some schemes are more
suited for one situation than another, and buyers should know what kind of key management is incorporated into the encryption
box and what they are expected to provide themselves.
Software
Any encryption algorithm can be implemented in software. The disadvantages are in speed, cost, and ease of modification
(or manipulation). The advantages are in flexibility and portability, ease of use, and ease of upgrade. The algorithms written in C
at the end of this book can be implemented, with little modification, on any computer. They can be inexpensively copied and i n-
stalled on many machines. They can be incorporated into larger applications, such as communications programs or word proce s-
sors.
Software encryption programs are popular and are available for all major operating systems. These are meant to protect i n-
dividual files; the user generally has to manually encrypt and decrypt specific files. It is important that the key management
scheme be secure: The keys should not be stored on disk anywhere (or even written to a place in memory from where the processor
swaps out to disk). Keys and unencrypted files should be erased after encryption. Many programs are sloppy in this regard, and a
user has to choose carefully.
Of course, Mallory can always replace the software encryption algorithm with something lousy. But for most users, that isn't
a problem. If Mallory can break into our office and modify our encryption program, he can also put a hidden camera on the wall, a
wiretap on the telephone, and a TEMPEST detector down the street. If Mallory is that much more powerful than the user, the user
has lost the game before it starts.
10.6 COMPRESSION, ENCODING, AND ENCRYPTION
Using a data compression algorithm together with an encryption algorithm makes sense for two reasons:
Cryptanalysis relies on exploiting redundancies in the plaintext; com- pressing a file before encryption reduces these redu n-
dancies.
Encryption is time-consuming; compressing a file before encryption speeds up the entire process.
The important thing to remember is to compress before encryption. If the encryption algorithm is any good, the ciphertext
will not be compressible; it will look like random data. (This makes a reasonable test of an encryption algorithm; if the cipher-
text can be compressed, then the algorithm probably isn't very good.)
If you are going to add any type of transmission encoding or error detection and recovery, remember to add that after encry p-
tion. If there is noise in the communications path, decryption's error-extension properties will only make that noise worse. Eigure
10.3 summarizes these steps.
10.7 DETECTING ENCRYPTION
How does Eve detect an encrypted file? Eve is in the spy business, so this is an important question. Imagine that she's eave s-
dropping on a network where messages are flying in all directions at high speeds; she has to pick out the interesting ones. E n-
crypted files are certainly interesting, but how does she know they are encrypted?
Generally, she relies on the fact that most popular encryption programs have well-defined headers. Electronic-mail messages
encrypted with either PEM or POP (see Sections 24.10 and 24.12) are easy to identify for that reason.
Other file encryptors just produce a ciphertext file of seemingly random bits. How can she distinguish it from any other file of
seemingly random bits? There is no sure way, but Eve can try a number of things:
- Examine the file. ASCII text is easy to spot. Other file formats, such as TIEE, TeX, C, Postscript, G3 facsimile, or Micr o-
soft Excel, have standard identifying characteristics. Executable code is detectable, as well. UNIX files often have "magic nu m-
bers" that can be detected.
- Try to uncompress the file, using the major compression algorithms. If the file is compressed (and not encrypted), this
should yield the original file.
- Try to compress the file. If the file is ciphertext (and the algorithm is good), then the probability that the file can be a p-
preciably compressed by a general-purpose compression routine is small. (By appreciably, I mean more than 1 or 2 percent.) If it is
something else (a binary image or a binary data file, for examples it probably can be compressed.
Any file that cannot be compressed and is not already compressed is probably ciphertext. (Of course, it is possible to specif i-
cally make ciphertext that is compressible.) Identifying the algorithm is a whole lot harder. If the algorithm is good, you can't. If
the algorithm has some slight biases, it might be possible to recognize those biases in the file. However, the biases have to be
pretty significant or the file has to be pretty big in order for this to work.
10.8 HIDING CIPHERTEXT IN CIPHERTEXT
Alice and Bob have been sending encrypted messages to each other for the past year. Eve has been collecting them all, but she
cannot decrypt any of them. Einally, the secret police tire of all this unreadable ciphertext and arrest the pair. "Give us your e n-
cryption keys," they demand. Alice and Bob refuse, but then they notice the thumbscrews. What can they do?
Wouldn't it be nice to be able to encrypt a file such that there are two possible decryptions, each with a different key. Alice
could encrypt a real message to Bob in one of the keys and some innocuous message in the other key. If Alice were caught, she
could surrender the key to the innocuous message and keep the real key secret.
The easiest way to do this is with one-time pads. Let P be the plaintext, D the dummy plaintext, C the ciphertext, K the real
key, and K' the dummy key. Alice encrypts P:
P K C
Alice and Bob share K, so Bob can decrypt C:
C K P
If the secret police ever force them to surrender their key, they don't surrender K, but instead surrender:
K'C D
The police then recover the dummy plaintext:
C K' D
Since these are one-time pads and K is completely random, there is no way to prove that K' was not the real key. To make
matters more convincing, Alice and Bob should concoct some mildly incriminating dummy messages to take the place of the really
incriminating real messages. A pair of Israeli spies once did this.
Alice could take P and encrypt it with her favorite algorithm and key K to get C. Then she takes C and XORs it with some
piece of mundane plaintext - Pride and Prejudice for example, to get K'. She stores both C and the XOR on her hard disk. Now,
when the secret police interrogate her, she can explain that she is an amateur cryptographer and that K' is a merely one-time pad
for C. The secret police might suspect something, but unless they know K they cannot prove that Alice's explanation isn't valid.
Another method is to encrypt P with a symmetric algorithm and K, and D with K'. Intertwine bits (or bytes) of the ciphertext
to make the final ciphertexts. If the secret police demand the key, Alice gives them K' and says that the alternating bits (or bytes)
are random noise designed to frustrate cryptanalysts. The trouble is the explanation is so implausible that the secret police will
probably not believe her (especially considering it is suggested in this book). A better way is for Alice to create a dummy me s-
sage, D, such that the concatenation of P and D, compressed, is about the same size as D. Call this concatenation P'. Alice then
encrypts P' with whatever algorithm she and Bob share to get C. Then she sends C to Bob. Bob decrypts C to get P', and then P and
D. Then they both compute C 0 D K'. This K' becomes the dummy one-time pad they use in case the secret police break their
doors down. Alice has to transmit D so that hers and Bob's alibis match.
Another method is for Alice to take an innocuous message and run it through some error-correcting code. Then she can i n-
troduce errors that correspond to the secret encrypted message. On the receiving end, Bob can extract the errors to reconstruct the
secret message and decrypt it. He can also use the error-correcting code to recover the innocuous message. Alice and Bob might be
hard pressed to explain to the secret police why they consistently get a 30 percent bit-error rate on an otherwise noise-free co m-
puter network, but in some circumstances this scheme can work.
Einally, Alice and Bob can use the subliminal channels in their digital signature algorithms (see Sections 4.2 and 23.3). This
is undetectable, works great, but has the drawback of only allowing 20 or so characters of subliminal text to be sent per signed
innocuous message. It really isn't good for much more than sending keys.
10.9 DESTROYING INFORMATION
When you delete a file on most computers, the file isn't really deleted. The only thing deleted is an entry in the disk's index file,
telling the machine that the file is there. Many software vendors have made a fortune selling file-recovery software that recovers
files after they have been deleted.
And there's yet another worry: Virtual memory means your computer can read and write memory to disk any time. Even if
you don't save it, you never know when a sensitive document you are working on is shipped off to disk. This means that even if
you never save your plaintext data, your computer might do it for you. And driver-level compression programs like Stacker and
DoubleSpace can make it even harder to predict how and where information is stored on a disk.
To erase a file so that file-recovery software cannot read it, you have to physically write over all of the file's bits on the disk.
According to the National Computer Security Center |1148]:
Overwriting is a process by which unclassified data are written to storage locations that previously held sensitive data.... To
purge the ... storage media, the DoD requires overwriting with a pattern, then its complement, and finally with another pattern;
e.g., overwrite first with 0011 0101, followed by 1100 1010, then 1001 0111. The number of times an overwrite must be acco m-
plished depends on the storage media, sometimes on its sensitivity, and sometimes on different DoD component requirements. In
any case, a purge is not complete until a final over- write is made using unclassified data.
You may have to erase files or you may have to erase entire drives. You should also erase all unused space on your hard
disk.
Most commercial programs that claim to implement the DoD standard over- write three times: first with all ones, then with
all zeros, and finally with a repeating one-zero pattern. Given my general level of paranoia, I recommend overwriting a deleted file
seven times: the first time with all ones, the second time with all zeros, and five times with a cryptographically secure pseudo-
random sequence. Recent developments at the National Institute of Standards and Technology with electron-tunneling microscopes
suggest even that might not be enough. Honestly, if your data is sufficiently valuable, assume that it is impossible to erase data
completely off magnetic media. Burn or shred the media; it's cheaper to buy media new than to lose your secrets.
Hac1u III
Kpnn1orpaqnueckne
anropn1um
Fnana 11
Ma1eua1nueckne ocnonm
11.1 Teopnn nnqopuaunn
Conpemennax reopnx nn|opmannn nnepnte tna onynnkonana n 1948 roy Knoom 3. Bennonom (Claude
Elmwood Shannon) |1431, 1432]. (Ero paort tnn nepensant n IEEE Press |1433].) C maremarnueckon roukn
spennx +ra rema xopomo paccmorpena n |593]. B +ron rnane x rontko cxem arnuno nsnaram ocnonnte nen.
3umponua u ueonpeeueuuocmo
Teopnx nn|opmannn onpeenxer xonnuec1no nnqopuannn n coomennn kak mnnnmantnoe konnuecrno nr,
neoxonmoe nx konponannx ncex nosmoxntx snauennn coomennx, cunrax nce coomennx pannonepoxrntmn.
Hanpnmep, nx nonx nx neenn n ase anntx ocrarouno ncnontsonart rpn nra nn|opmannn, rak kak ncx n n-
|opmannx moxer trt sakonponana 3 nramn:
000 - Bockpecente
001 - Honeentnnk
010 - Bropnnk
011 - Cpea
100 - uernepr
101 - Hxrnnna
110 - Cyora
111 - He ncnontsyercx
Ecnn +ra nn|opmannx tna t npecrannena coornercrnymmnmn crpokamn ASCII cnmnonon, ona sanxna t
ontme mecra n namxrn, no ne coepxana t ontme nn|opmannn. Ananornuno, none ast anntx "non" coe p-
xnr rontko onn nr nn|opmannn, xorx +ra nn|opmannx moxer xpannrtcx kak ono ns nyx 7-anrontx ASCII
crpok: "MV+uHHA" nnn "+EHBHHA".
uopmantno, konnuecrno nn|opmannn n coomennn M nsmepxercx +n1ponnen coomennx, oosnauaemoe kak
H(M). 3nrponnx coomennx, onpeenxmmero non, cocrannxer1 nr, a +nrponnx coomennx, onpeenxmmero ent
neenn, nemnoro mentme, uem 3 nra. B omem cnyuae +nrponnx coomennx, nsmepxemax n nrax, panna log
2
n,
re n - +ro konnuecrno nosmoxntx snauennn. Hpn +rom npenonaraercx, uro nce snauennx pannonepoxrnt.
3nrponnx coomennx rakxe xnnxercx mepon ero neonpeenennoc1n. 3ro konnuecrno nron orkptroro rekcra,
koropoe nyxno packptrt n mn|porekcre coomennx, urot ysnart nect orkptrtn rekcr. Hanpnmep, ecnn nok
mn|porekcra "QHP*5M '' osnauaer nno "MV+uHHA", nno "+EHBHHA", ro neonpeenennocrt coomennx
panna 1. Kpnnroanannrnky nyxno ysnart rontko onn npannntno ntpanntn nr, urot packptrt c oomenne.
Hopa asmra
nx annoro xstka nopua usmxa panna
r H(M)/N
re N - +ro nnna coomennx. Hpn ontmnx N nopma otunoro anrnnnckoro xstka npnnnmaer pasnnunte sn a-
uennx or 1.0 nr/ykna o 1.5 nr/ykna. Bennon n |1434] ronopnr, uro +nrponnx sanncnr or nnnt rekcra. Ko n-
kperno on nokasan, uro nopma nx 8-yknenntx nokon panna 2.3 nr/ykna, no ee snauenne naaer n naxonrcx
mexy 1.3 n 1.5 nx 16-yknenntx nokon. Tomac Kanep (Thomas Cover) ncnontsonan nrponym meronky onenkn
n onapyxnn, uro +nrponnx panna 1.3 nr/cnmnon |386]. (B +ron knnre x yy ncnontsonart snauenne 1.3.) Aco-
nm1nau nopua xstka panna makcnmantnomy konnuecrny nron, koropoe moxer trt nepeano kaxtm cnmnonom
npn ycnonnn, uro nce nocneonarentnocrn cnmnonon pannonepoxrnt. Ecnn n xstke L cnmnonon, ro aconmrnax
nopma panna:
R log
2
L
3ro makcnmym +nrponnn orentntx cnmnonon.
nx anrnnnckoro xstka c 26 yknamn aconmrnax nopma panna log
2
26, nnn okono 4.7 nr/ykna. Bac ne onx-
no ynnnxrt, uro encrnnrentnax nopma anrnnnckoro xstka namnoro mentme, uem aconmrnax - ecrecrnennte
xstkn onaamr ntcokon nstrounocrtm. Hsm1ounoc1n xstka, oosnauaemax D, onpeenxercx kak:
DR - r
Cunrax, uro nopma anrnnnckoro xstka panna 1.3, nstrounocrt cocrannr 3.4 nr/ykna. 3ro osnauaer, uro k a-
xax anrnnnckax ykna coepxnr 3.4 nra nstrounon nn|opmannn.
V coomennx ASCII, cocroxmero rontko ns anrnnncknx ykn, konnuecrno nn|opmannn na kaxtn anr c o-
crannxer 1.3 nra. 3naunr, n kaxom anre coepxnrcx 6.7 nra nstrounon nn|opmannn, uro aer omym ns t-
rounocrt 0.84 nra nn|opmannn na nr ASCII-rekcra n +nrponnm 0.16 nra nn|opmannn na nr ASCII-rekcra. To
xe coomenne, napannoe koom BAUDOT, c 5 nramn na cnmnon, nmeer nstrounocrt 0.74 nra na nr n +nrp o-
nnm 0.26 nra na nr. Hpoent, nynkryannx, uncna n |opmarnponanne nsmenxmr +rn pesyntrart.
Besonacuocmo rpunmocucmem
Bennon onpeennn rounym maremarnueckym moent nonxrnx esonacnocrn kpnnrocncremt. Cmtcn paort
kpnnroanannrnka cocronr n onpeenennn knmua K, orkptroro rekcra P nnn n roro, n pyroro. Onako, ero moxer
ycrponrt n nekoropax nepoxrnocrnax nn|opmannx o P: xnnxercx nn +ror orkptrtn rekcr onn|ponanntm snykom,
nemenknm rekcrom, anntmn +nekrponntx rannn nnn eme uem-nnyt.
B peantnom kpnnroanannse y kpnnroanannrnka ecrt nekoropax nepoxrnocrnax nn|opmannx o P eme o nauana
paort. On, ckopee ncero, snaer xstk orkptroro rekcra. 3ror xstk onaaer onpeenennon, cnxsannon c nnm n s-
trounocrtm. Ecnn +ro coomennx nx Foa, ono, nosmoxno, naunnaercx cnonamn "oporon Fo". Onpeenenno,
"oporon Fo" namnoro nepoxrnee, uem "e8T&.g |,m". Hentm kpnnroanannrnka xnnxercx nsmenenne nepoxrnocren,
cnxsanntx c kaxtm nosmoxntm orkptrtm rekcrom. B konne konnon, ns rpyt nosmoxntx orkptrtx rekcron
yer ntpan onn konkperntn (nnn, no kpannen mepe, nectma nepoxrntn).
Cymecrnymr kpnnrocncremt, ocrnrammne conepmennon esonacnoc1n. Takon xnnxercx kpnnrocncrema, n
koropon mn|porekcr ne aer nnkakon nn|opmannn o orkptrom rekcre (kpome, nosmoxno, ero nnnt). Bennon
reopernueckn nokasan, uro rakoe nosmoxno rontko, ecnn uncno nosmoxntx knmuen rakxe nennko, kak n uncno
nosmoxntx coomennn. pyrnmn cnonamn, knmu onxen trt ne kopoue camoro coomennx n ne moxer ncnon t-
sonartcx nonropno. 3ro osnauaer, uro enncrnennon cncremon, koropax ocrnraer neantnon esonacnocrn, moxer
trt rontko kpnnrocncrema c onopasontm noknorom (cm. pasen 1.5).
3a ncknmuennem neantno esonacntx cncrem, mn|porekcr nensexno aer onpeenennym nn|opmannm o c o-
ornercrnymmem mn|porekcre. Xopomnn kpnnrorpa|nuecknn anropnrm coxpanxer mnnnmym +ron nn|opmannn,
xopomnn kpnnroanannrnk nontsyercx +ron nn|opmannen nx onpeenennx orkptroro rekcra.
Kpnnroanannrnkn ncnontsymr ecrecrnennym nstrounocrt xstka nx ymentmennx uncna nosmoxntx orkp t-
rtx rekcron. uem nstrounee xstk, rem nerue ero kpnnroanannsnponart. Ho +ron npnunne mnorne kpnnrorpa| n-
ueckne peannsannn nepe mn|ponannem ncnontsymr nporpammt cxarnx nx ymentmennx pasmepa rekcra. Cxarne
ymentmaer nstrounocrt coomennx nmecre c oemom paort, neoxonmtm nx ero mn|ponannx n emn|p n-
ponannx.
3nrponnx kpnnrocncremt xnnxercx mepon pasmepa npocrpancrna knmuen, K. Ona npnnnsnrentno panna nora-
pn|my uncna knmuen no ocnonannm 2:
H(K) log
2
K
3nrponnx kpnnrocncremt c 64-nrontm knmuom panna 64 nram, +nrponnx kpnnrocncremt c 56-nrontm
knmuom panna 56 nram. B omem cnyuae uem ontme +nrponnx, rem rxxenee nsnomart kpnnrocncremy.
Paccmoauue yuurauouocmu
nx coomennx nnnon n uncno pasnnuntx knmuen, koropte pacmn|pymr mn|porekcr coomennx n kakon-ro
ocmtcnenntn orkptrtn rekcr na xstke opnrnnantnoro orkptroro rekcra (nanpnmep, anrnnnckom), onpeenxercx
cneymmen |opmynon |712, 95]:
2
H(K)-nD
-1
Bennon |1432] onpeennn pacc1ounne ynnxannnoc1n, U, nastnaemoe rakxe roukon ynnkantnocrn, kak rakoe
npnnnxennoe konnuecrno mn|porekcra, nx koroporo cymma peantnon nn|opmannn (+nrponnx) n coornercrny m-
mem orkptrom rekcre nnmc +nrponnx knmua mn|ponannx pannxercx uncny ncnontsyemtx nron mn|porekcra.
3arem on nokasan, uro nmeer cmtcn cunrart, uro mn|porekcrt, koropte nnnnee paccroxnnx ynnkantnocrn, mo x-
no pacmn|ponart rontko onnm ocmtcnenntm cnocoom. Bn|porekcrt, koropte samerno kopoue paccroxnnx
ynnkantnocrn, ckopee ncero, moxno pacmn|ponart neckontknmn cnocoamn, kaxtn ns koroptx moxer trt
npannnen, n raknm opasom oecneunrt esonacnocrt, nocrannn npornnnnka nepe ntopom npannntnoro orkp t-
roro rekcra.
nx ontmnncrna cnmmerpnuntx kpnnrocncrem paccroxnne ynnkantnocrn onpeenxercx kak +nrponnx kpnnr o-
cncremt enennax na nstrounocrt xstka.
U H(K)/D
Paccroxnne ynnkantnocrn xnnxercx ne rountm, a nepoxrnocrntm snauennem. Ono nosnonxer onennrt mnn n-
mantnoe konnuecrno mn|porekcra, npn nckptrnn koroporo rpyon cnnon nmeercx, nepoxrno, rontko onn pasy m-
ntn cnoco emn|pnponannx. Otuno uem ontme paccroxnne ynnkantnocrn, rem nyume kpnnrocncrema. nx
DES c 56-nrontm knmuom n anrnoxstunoro coomennx, sanncannoro cnmnonamn ASCII, paccroxnne ynnkantn o-
crn npnnnsnrentno panno 8.2 cnmnona ASCII nnn 66 nr. B 1405-n npnneent paccroxnnx ynnkantnocrn nx
pasnnuntx nnn knmua. Paccroxnnx ynnkantnocrn nx nekoroptx knaccnuecknx kpnnrocncrem moxno nanrn n
|445].
Paccroxnne ynnkantnocrn nsmepxer ne konnuecrno kpnnrorekcra, nyxnoro nx kpnnroanannsa, a konnuecrno
kpnnrorekcra, neoxonmoe nx enncrnennocrn pesyntrara kpnnroanannsa. Kpnnrocncrema moxer trt ntun c-
nnrentno neyxsnnma, axe ecnn reopernueckn ee nosmoxno nsnomart, ncnontsyx manoe konnuecrno mn|porekcra.
(Vmecrno ncnomnnrt o nectma +sorepnueckon reopnn penxrnnncrckon kpnnrorpa|nn |230, 231, 232, 233, 234,
235].) Paccroxnne ynnkantnocrn nponopnnonantno nstrounocrn. Ecnn nstrounocrt crpemnrcx k nynm, axe
rpnnnantntn mn|p moxer ne noartcx nckptrnm c ncnontsonannem rontko mn|porekcra.
Tan. 11-1.
Pacc1ounnu ynnxannnoc1n 1exc1a ASCII,
samnqponannoro anropn1uaun c pasnnunon nnnon xnmua
nnna knmua (n nrax) Paccroxnne ynnkantnocrn (n cnmnonax)
40 5.9
56 8.2
64 9.4
80 11.8
128 18.8
256 37.6
Bennon onpeennn kpnnrocncremy c eckoneuntm paccroxnnem ynnkantnocrn, kak onaammym neannnon
1annon. Oparnre nnnmanne, uro neantnax kpnnrocncrema ne oxsarentno xnnxercx conepmennon, xorx cone p-
mennax kpnnrocncrema oxsarentno yer n neantnon. Ecnn kpnnrocncrema onaaer neantnon rannon, ro axe
npn ycnemnom kpnnroanannse ocranercx nekoropax neonpeenennocrt, xnnxercx nn noccranonnenntn orkptrtn
rekcr peantntm orkptrtm rekcrom.
Hparmuuecroe ucnouosoeauue meopuu uuqopauuu
Xorx +rn nonxrnx nmemr ontmoe reopernueckoe snauenne, peantntn kpnnroananns ncnontsyer nx ocrarouno
peko. Paccroxnne ynnkantnocrn rapanrnpyer nenaexnocrt cncremt, ecnn ono cnnmkom mano, no ero ntcokoe
snauenne ne rapanrnpyer esonacnocrn. Heckontko npakrnuecknx anropnrmon aconmrno ne noamrcx anannsy,
noneenne napamerpon reopnn nn|opmannn morno t cnococrnonart nsnomy nekoroptx mn|ponanntx coom e-
nnn. Onako, noonte coopaxennx reopnn nn|opmannn nnora nonesnt, nanpnmep, nx onpeenennx n ko n-
kpernom anropnrme pekomenyemoro nnrepnana nsmenennx knmuen. Kpnnroanannrnkn rakxe ncnontsymr px re c-
ron ne ase crarncrnkn n reopnn nn|opmannn, urot ntnpart nanonee nepcnekrnnnte nanpannennx anannsa. K
coxanennm, ontmnncrno nnreparypt no npnmenennm reopnn nn|opmannn n kpnnroanannse ocraercx cekpernon,
nknmuax ocnonononarammym paory Anana Ttmpnnra (Alan Turing), nannca nnym n 1940.
Hymauuua u uqqysua
nymx ocnonntmn meroamn macknponkn nstrounocrn orkptroro rekcra coomennx, cornacno Bennony,
cnyxar nyrannna n n||ysnx |1432].
Hy1annna macknpyer cnxst mexy orkptrtm rekcrom n mn|porekcrom. Ona sarpynxer nontrkn nanrn n
mn|porekcre nstrounocrt n crarncrnueckne sakonomepnocrn. Hpocrenmnm nyrem cosart nyrannny xnnxercx
nocranonka. B npocrom nocranonounom mn|pe, nanpnmep, mn|pe Hesapx, nce onnakonte yknt orkptroro
rekcra samenxmrcx pyrnmn onnakontmn yknamn mn|porekcra. Conpemennte nocranonounte mn|pt xnnxm r-
cx onee cnoxntmn: nnnntn nok orkptroro rekcra samenxercx nokom mn|porekcra, n cnoco sament menxe r-
cx c kaxtm nrom orkptroro rekcra nnn knmua. Takoro rnna nocranonkn otuno neocrarouno - cnoxntn a n-
ropnrm nemenkon 3nnrmt tn nsnoman n xoe nropon mnponon nonnt.
nqqysnu paccennaer nstrounocrt orkptroro rekcra, pacnpocrpanxx ee no ncemy mn|porekcry. Kpnnroan a-
nnrnky norpeyercx nemano npemenn nx noncka nstrounocrn. Hpocrenmnm cnocoom cosart n||ysnm xnn x-
ercx rpancnosnnnx (rakxe nastnaemax nepec1anonxon). Hpocron nepecranonountn mn|p rontko nepecrannxer
yknt orkptroro rekcra. Conpemennte mn|pt rakxe ntnonnxmr rakym nepecranonky, no onn rakxe ncnontsymr
pyrne |opmt n||ysnn, koropte nosnonxmr paspocart uacrn coomennx no ncemy coomennm.
Horokonte mn|pt ncnontsymr rontko nyrannny, xorx px cxem c oparnon cnxstm oannxmr n||ysnm.
Fnounte anropnrmt npnmenxmr n nyrannny, n n||ysnm. Kak npannno, n||ysnm camy no cee necnoxno nsn o-
mart (xorx mn|pt c nonnon nepecranonkon okastnamrcx noycronunnee, uem pyrne nekomntmrepnte cncremt).
11.2 Teopnn cnonoc1n
Teopnx cnoxnocrn oecneunnaer meroonornm anannsa nmuncnn1ennnon cnoanoc1n pasnnuntx kpnnrorpa-
|nuecknx meroon n anropnrmon. Ona cpannnnaer kpnnrorpa|nueckne merot n anropnrmt n onpeenxer nx
esonacnocrt. Teopnx nn|opmannn coomaer nam o rom, uro nce kpnnrorpa|nueckne anropnrmt (kpome onop a-
sontx noknoron) moryr trt nsnomant. Teopnx cnoxnocrn coomaer, moryr nn onn trt nsnomant o rennonon
cmeprn ncenennon.
Cuoxuocmo aueopumoe
Cnoxnocrt anropnrma onpeenxercx ntuncnnrentntmn momnocrxmn, neoxonmtmn nx ero ntnonnennx.
Btuncnnrentnax cnoxnocrt anropnrma uacro nsmepxercx nymx napamerpamn: T (npeuennau cnoanoc1n) n S
(npoc1panc1nennau cnoanoc1n, nnn rpeonannx k namxrn). H T, n S otuno npecrannxmrcx n nne |ynknnn or
n, re n - +ro pasmep nxontx anntx. (Cymecrnym n pyrne cnocot nsmepennx cnoxnocrn: konnuecrno cnyua n-
ntx nr, mnpnna kanana cnxsn, oem anntx n r.n.)
Otuno ntuncnnrentnax cnoxnocrt anropnrma ntpaxaercx c nomomtm norannn "O ontmoro", r.e onnctn a-
ercx nopxkom nennunnt ntuncnnrentnon cnoxnocrn. 3ro npocro unen pasnoxennx |ynknnn cnoxnocrn, tcrpee
ncero pacrymnn c pocrom n, nce unent nnsmero nopxka nrnopnpymrcx. Hanpnmep, ecnn npemennax cnoxnocrt
annoro anropnrma panna 4n
2
7n12, ro ntuncnnrentnax cnoxnocrt nopxka n
2
, sannctnaemax kak O(n
2
).
Bpemennax cnoxnocrt nsmepennax raknm opasom ne sanncnr or peannsannn. He nyxno snart nn rounoe npemx
ntnonnennx pasnnuntx nncrpyknnn, nn uncno nron, ncnontsyemtx nx npecrannennx pasnnuntx nepemenntx,
nn axe ckopocrt nponeccopa. Onn komntmrep moxer trt na 50 nponenron tcrpee pyroro, a y rpertero mnna
anntx moxer trt n na pasa mnpe, no cnoxnocrt anropnrma, onenennax no npxky nennunnt, ne nsmennrcx.
3ro ne xyntnnuecrno, npn paore c anropnrmamn nacrontko cnoxntmn, kak onncannte n +ron knnre, ncem np o-
unm moxno npenepeut (c rounocrtm o nocroxnnoro mnoxnrenx) n cpannennn co cnoxnocrtm no nopxky nen n-
unnt.
3ra norannx nosnonxer ynnert, kak oem nxontx anntx nnnxer na rpeonannx k npemenn n oemy nam x-
rn. Hanpnmep, ecnn T O(n), ro ynoenne nxontx anntx ynonr n npemx ntnonnennx anropnrma. Ecnn TO(2
n
),
ro oannenne onoro nra k nxontm anntm ynonr npemx ntnonnennx anropnrma.
Otuno anropnrmt knaccn|nnnpymrcx n coornercrnnn c nx npemennon nnn npocrpancrnennon cnoxnocrtm.
Anropnrm nastnamr noc1ounnmu, ecnn ero cnoxnocrt ne sanncnr or n: O(1). Anropnrm xnnxercx nnnennmu,
ecnn ero npemennax cnoxnocrt O( n). Anropnrmt moryr trt xnapa1nunmun, xynuecxnun n r.. Bce +rn an-
ropnrmt - nonnnounannnm, nx cnoxnocrt - O(n
m
), re m - koncranra. Anropnrmt c nonnnomnantnon npemennon
cnoxnocrtm nastnamrcx anropnrmamn c nonnnounannnmu npeueneu.
Anropnrmt, cnoxnocrt koroptx panna O( t
f(n)
), re t - koncranra, ontmax, uem 1, a f(n) - nekoropax nonnnomn-
antnax |ynknnx or n, nastnamrcx +xcnonennnannnmun. Homnoxecrno +kcnonennnantntx anropnrmon, cno x-
nocrt koroptx panna O(c
f(n)
), re re c - koncranra, a f(n) nospacraer tcrpee, uem nocroxnnax, no menennee, uem
nnnennax |ynknnx, nastnaercx cynepnonnnounannnmu.
B neane, kpnnrorpa| xoren t yrnepxart, uro anropnrm, nyumnn nx nsnoma cnpoekrnponannoro anropnrma
mn|ponannx, onaaer +kcnonennnantnon npemennon cnoxnocrtm. Ha npakrnke, camte cnntnte yrnepxennx,
koropte moryr trt cenant npn rekymem cocroxnnn reopnn ntuncnnrentnon cnoxnocrn, nmemr |opmy "nce n s-
necrnte anropnrmt nckptrnx annon kpnnrocncremt onaamr cynepnonnnomnantnon npemennon cnoxnocrtm".
To ecrt, nsnecrnte nam anropnrmt nckptrnx onaamr cynepnonnnomnantnon npemennon cnoxnocrtm, no noka
nenosmoxno okasart, uro ne moxer trt orkptr anropnrm nckptrnx c nonnnomnantnon npemennon cnoxnocrtm.
Pasnnrne reopnn ntuncnnrentnon cnoxnocrn nosmoxno kora-nnyt nosnonnr cosart anropnrmt, nx koroptx
cymecrnonanne anropnrmon c nonnnomnantntm npemenem nckptrnx moxer trt ncknmueno c maremarnueckon
rounocrtm.
C pocrom n npemennax cnoxnocrt anropnrmon moxer crart nacrontko orpomnon, uro +ro nonnnxer na npakr n-
ueckym peannsyemocrt anropnrma. B 9-n nokasano npemx ntnonnennx nx pasnnuntx knaccon anropnrmon npn n
pannom onomy mnnnnony. B rannne nrnopnpymrcx nocroxnnte nennunnt, no nokasano, nouemy +ro moxno e-
nart.
Tan. 11-2
Bpeuu nmnonnennu nu pasnnunmx xnaccon anropn1uon
Knacc Cnoxnocrt Konnuecrno onepannn nx n10
6
Bpemx npn 10
6
onepannn n cekyny
Hocroxnnte O(1) 1 1 mkc
hnnennte O(n) 10
6
1 c
Knaparnunte O(n
2
) 10
12
11.6 nx
Kynueckne O(n
3
) 10
18
32000 ner
3kcnonennnantnte O(2
n
) 10
301030
B 10
301006
pas ontme, uem npemx
cymecrnonannx ncenennon
Hpn ycnonnn, uro ennnnen npemenn nx namero komntmrepa xnnxercx mnkpocekyna, komntmrep moxer n t-
nonnnrt nocroxnntn anropnrm sa mnkpocekyny, nnnenntn - sa cekyny, a knaparnuntn - sa 11.6 nx. Btnonn e-
nne kynueckoro anropnrma norpeyer 32 rtcxu ner, uro n npnnnnne peannsyemo, komntmrep, koncrpyknnx kor o-
poro nosnonnna t emy npornnocroxrt cneymmemy nennkonomy nepnoy, n konne konnon nonyunn t pemenne.
Btnonnenne +kcnonennnantnoro anropnrma rmerno, nesanncnmo or +kcrpanonxnnn pocra momn komntmrepon,
napannentnon opaorkn nnn konrakron c nnonnanerntm cyneppasymom.
Bsrnxnem na nponemy nckptrnx anropnrma mn|ponannx rpyon cnnon. Bpemennax cnoxnocrt rakoro nckp t-
rnx nponopnnonantna konnuecrny nosmoxntx knmuen, koropoe +kcnonennnantno sanncnr or nnnt knmua. Ecnn
n - nnna knmua, ro cnoxnocrt nckptrnx rpyon cnnon panna O(2
n
). B pasene 12.3 paccmarpnnaercx nckyccnx o
ncnontsonannn nx DES 56-nronoro knmua nmecro 112-nronoro. Cnoxnocrt nckptrnx rpyon cnnon npn 56-
nronom knmue cocrannxer 2
56
, a npn 112-nronom knmue - 2
112
. B nepnom cnyuae nckptrne nosmoxno, a no nr o-
pom - ner.
Cuoxuocmo npoue
Teopnx cnoxnocrn rakxe knaccn|nnnpyer n cnoxnocrt camnx nponem, a ne rontko cnoxnocrt konkperntx
anropnrmon pemennx nponemt. (Ornnuntm nneennem n +ry remy xnnxmrcx |600, 211, 1226], cm. rakxe |1096,
27, 739].) Teopnx paccmarpnnaer mnnnmantnoe npemx n oem namxrn, neoxonmte nx pemennx camoro rpyn o-
ro napnanra nponemt na reopernueckom komntmrepe, nsnecrnom kak uamnna Tnmpnnra. Mamnna Ttmpnnra
npecrannxer coon koneuntn anromar c eckoneunon nenron namxrn nx urennx-sanncn n xnnxercx peanncrnunon
moentm ntuncnennn.
Hponemt, koropte moxno pemnrt c nomomtm anropnrmon c nonnnomnantntm npemenem, nastnamrcx p e-
maemtmn, noromy uro nx pasymntx nxontx anntx otuno moryr trt pement sa pasymnoe npemx. (Tounoe
onpeenenne "pasymnocrn" sanncnr or konkperntx ocroxrentcrn.) Hponemt, koropte nenosmoxno pemnrt sa
nonnnomnantnoe npemx, nastnamrcx nepemaemtmn, noromy uro ntuncnenne nx pemennn tcrpo cranonnrcx n e-
nosmoxntm. Hepemaemte nponemt nnora nastnamr 1pynmun. Hponemt, koropte moryr trt pement
rontko c nomomtm cynepnonnnomnantntx anropnrmon, ntuncnnrentno nepemaemt, axe npn ornocnrentno m a-
ntx snauennxx n.
uro eme xyxe, Anan Ttmpnnr okasan, uro nekoropte nponemt npnnnnnnannno nepaspemnum. axe or-
nnekaxct or npemennon cnoxnocrn anropnrma, neno smoxno cosart anropnrm pemennx +rnx nponem.
Hponemt moxno pasnrt na knacct n coornercrnnn co cnoxnocrtm nx pemennx. Camte naxnte knacct n nx
npenonaraemte coornomennx nokasant na 10-n. (K necuacrtm, nnmt manax uacrt +rnx yrnepxennn moxer trt
okasana maremarnueckn.)
EXPTIME
PSPACE-nonuLe
PSPACE
NP-nonuLe
NP
P
Pnc. 11-1. Knaccm cnoanoc1n
Haxoxmnncx n camom nnsy knacc P cocronr ns ncex nponem, koropte moxno pemnrt sa nonnnomnantnoe
npemx. Knacc NP - ns ncex nponem, koropte moxno pemnrt sa nonnnomnantnoe npemx rontko na neerepmnn n-
ponannon mamnne Ttmpnnra: napnanr otunon mamnnt Ttmpnnra, koropax moxer enart npenonoxennx. M a-
mnna npenonaraer pemenne nponemt - nno "yauno yratnax", nno nepenpax nce npenonoxennx napa n-
nentno - n nponepxer cnoe npenonoxenne sa nonnnomnantnoe npemx.
Baxnocrt NP n kpnnrorpa|nn cocronr n cneymmem: mnorne cnmmerpnunte anropnrmt n anropnrmt c o r-
kptrtmn knmuamn moryr trt nsnomant sa neerepmnnnponannoe nonnnomnantnoe npemx. nx annoro mn|p o-
rekcra C, kpnnroanannrnk npocro yratnaer orkptrtn rekcr, X, n knmu, k, n sa nonnnomnantnoe npemx ntnonnx-
er anropnrm mn|ponannx co nxoamn X n k n nponepxer, panen nn pesyntrar C. 3ro nmeer naxnoe reopernueckoe
snauenne, noromy uro ycranannnnaer nepxnmm rpannny cnoxnocrn kpnnroanannsa +rnx anropnrmon. Ha npakrnke,
koneuno xe, +ro ntnonnxemtn sa nonnnomnantnoe npemx erepmnnnponanntn anropnrm, koroptn n nmer kpn n-
roanannrnk. Fonee roro, +ror aprymenr nenpnmennm ko ncem knaccam mn|pon, konkperno, on ne npnmennm nx
onopasontx noknoron - nx nmoro C cymecrnyer mnoxecrno nap X, k, ammnx C npn ntnonnennn anropnrma
mn|ponannx, no ontmnncrno +rnx X npecrannxmr coon eccmtcnennte, neonycrnmte orkptrte rekcrt.
Knacc NP nknmuaer knacc P, rak kak nmax nponema, pemaemax sa nonnnomnantnoe npemx na erepmnnnp o-
nannon mamnne Ttmpnnra, yer rakxe pemena sa nonnnomnantnoe npemx na neerepmnnnponannon mamnne
Ttmpnnra, npocro nponyckaercx +ran npenonoxennx.
Ecnn nce NP nponemt pemamrcx sa nonnnomnantnoe npemx na erepmnnnponannon mamnne, ro P NP. Xorx
kaxercx ouennntm, uro nekoropte NP nponemt namnoro cnoxnee pyrnx (nckptrne anropnrma mn|ponannx
rpyon cnnon npornn mn|ponannx nponsnontnoro noka mn|porekcra), nnkora ne tno okasano, uro P NP
(nnn uro P NP). Onako, ontmnncrno nmen, paorammnx na reopnen cnoxnocrn, yexent, uro +rn knacct
nepannt.
uro ynnnrentno, moxno okasart, uro konkpernte NP-nponemt nacrontko xe rpynt, kak n nmax npon e-
ma +roro knacca. Crnnen Kyk (Steven Cook) okasan |365], uro nponema Btnonnnmocrn (Satisfiability problem,
ano npannntnoe nornueckoe ntpaxenne, cymecrnyer nn cnoco npncnonrt npannntnte snauennx nxoxmnm n
nero nepemenntm rak, urot nce ntpaxenne crano ncrnnon?) xnnxercx NP-nonnon. 3ro osnauaer, uro, ecnn npo-
nema Btnonnnmocrn pemaercx sa nonnnomnantnoe npemx, ro P NP. Haoopor, ecnn moxer trt okasano, uro
nx nmon nponemt knacca NP ne cymecrnyer erepmnnnponannoro anropnrma c nonnnomnantntm npemenem
pemennx, okasarentcrno nokaxer, uro n nx nponemt Btnonnnmocrn ne cymecrnyer erepmnnnponannoro anr o-
pnrma c nonnnomnantntm npemenem pemennx. B NP ner nponemt rpynee, uem nponema Btnonnnmocrn.
C rex nop, kak ocnonononarammax paora Kyka tna onynnkonana, tno nokasano, uro cymecrnyer mnoxec r-
no nponem, +knnnanenrntx nponeme Btnonnnmocrn, cornn nx nepeuncnent n |600], px npnmepon npnneen
nnxe. Hs-sa +knnnanenrnocrn x nonaram, uro +rn nponemt rakxe xnnxmrcx NP-nonnmun, onn nxoxr n knacc
NP n rak xe cnoxnt, kak n nmax nponema knacca NP. Ecnn t tna okasana nx pemaemocrt sa erepmnnnp o-
nannoe nonnnomnantnoe npemx, nonpoc P npornn NP tn t pemen. Bonpoc, nepno nn P NP, xnnxercx nen-
rpantntm nepemenntm nonpocom reopnn ntuncnnrentnon cnoxnocrn, n ne oxnaercx, uro on yer pemen n
nnxanmee npemx. Ecnn kro-ro nokaxer, uro P NP, ro ontmax uacrt +ron knnrn craner nenyxnon: kak ox c-
nxnoct panee mnorne knacct mn|pon rpnnnantno nsnamtnamrcx sa neerepmnnnponannoe nonnnomnantnoe np e-
mx. Ecnn P NP, ro onn nckptnamrcx cnatmn, erepmnnnponanntmn anropnrmamn.
Cneymmnm n nepapxnn cnoxnocrn ner knacc PSPACE. Hponemt knacca PSPACE moryr trt pement n
nonnnomnantnom npocrpancrne, no ne oxsarentno sa nonnnomnantnoe npemx. PSPACE nknmuaer NP, no px
nponem PSPACE kaxyrcx cnoxnee, uem NP. Koneuno, n +ro noka neokasyemo. Cymecrnyer knacc nponem, rak
nastnaemtx PSPACE-nonnmx, onaammnx cneymmnm cnoncrnom: ecnn nmax ns nnx xnnxercx NP-
nponemon, ro PSPACE NP, n ecnn nmax ns nnx xnnxercx P-nponemon, ro PSPACE P.
H nakonen, cymecrnyer knacc nponem EXPTIME. 3rn nponemt pemamrcx sa +kcnonennnantnoe npemx. Mo-
xer trt encrnnrentno okasano, uro EXPTIME-nonnme nponemt ne moryr trt pement sa erepmnnnp o-
nannoe nonnnomnantnoe npemx. Takxe nokas ano, uro P ne panno EXPTIME.
NP-nouume npouem
Mankn K+pn (Michael Carey) n +nn xoncon (David Johnson) cocrannnn cnncok onee uem 300 NP-nonntx
nponem |600]. Bor nekoropte:
Hponema nyremecrnymmero kommnnoxxepa. Hyremecrnymmemy kommnnoxxepy nyxno nocernrt pasnn u-
nte ropoa, ncnontsyx rontko onn ak c ropmunm (cymecrnyer makcnmantnoe paccroxnne, koropoe on m o-
xer npoexart). Cymecrnyer nn mapmpyr, nosnonxmmnn emy nocernrt kaxtn rono rontko onn pas, n c-
nontsyx +ror enncrnenntn ak c ropmunm? (3ro oomenne nponemt ramnntronona nyrn - cm. pasen
5.1.)
Hponema rponnoro paka. B komnare n myxunn, n xenmnn n n unnonnnkon (cnxmennnkon, pannnnon, koro
yrono). Ecrt cnncok paspemenntx pakon, sanncn koroporo cocroxr ns onoro myxunnt, onon xenmnnt
n onoro perncrpnpymmero unnonnnka. an +ror cnncok rpoek, nosmoxno nn nocrponrt n pakon rak, uro-
t nmon nno couerancx pakom rontko c onnm uenonekom nnn perncrpnponan rontko onn pak?
Tponnax ntnonnnmocrt. Ecrt cnncok n nornuecknx ntpaxennn, kaxoe c rpemx nepemenntmn. Hanpnmep:
ecnn (x n v) ro :, (x n w) nnn (ne :), ecnn ((ne u n ne x) nnn (: n (u nnn ne x))) ro (ne : n u) nnn x), n r.. Cy-
mecrnyer nn npannntnte snauennx ncex nepemenntx, urot nce yrnepxennx tnn ncrnnntmn? (3ro u a-
crntn cnyuan ynomxnyron ntme nponemt Btnonnnmocrn.)
11.3 Teopnn uncen
3ro ne knnra no reopnn uncen, no+romy x rontko napocam px nen, ncnontsyemtx n kpnnrorpa|nn. Ecnn
nam nyxno noponoe maremarnueckoe nsnoxenne reopnn uncen, oparnrect k onon ns +rnx knnr: |1430, 72,
1171, 12, 959, 681, 742, 420]. Monmn nmnmtmn knnramn no maremarnke koneuntx nonen xnnxmrcx |971, 1042].
Cm. rakxe |88, 1157, 1158, 1060].
Apuqemura emuemoe
Bt nce yunnn maremarnky ntueron n mkone. Hnora ee nastnann "apn|mernkon uacon". Ecnn Mnnpe ckas a-
na, uro ona yer oma k 10:00, n onosana na 13 uacon, ro kora ona npner omon, n na ckontko ner oren nnmnr
ee nonrentcknx npan? 3ro apn|mernka no moynm 12. nanart rpn no moynm 12 panno 11.
(10 13) mod 12 23 mod 12 11 mod 12
pyrnm cnocoom sanncart +ro xnnxercx yrnepxenne o +knnnanenrnocrn 23 n 11 no moynm 12:
10 13 11 (mod 12)
B ocnonnom, a b (mod n), ecnn a b kn nx nekoroporo nenoro k. Ecnn a neorpnnarentno n b naxonrcx
mexy 0 n n, moxno paccmarpnnart b kak ocrarok npn enennn a na n. Hnora, b nastnaercx nmue1ou a no moy-
nm n. Hnora a nastnaercx xonrpy+n1nmu b no moynm n (snak rponnoro panencrna, , oosnauaer konrpy+nr-
nocrt). Ono n ro xe moxno ckasart pasntmn cnocoamn.
Mnoxecrno uncen or 0 o n-1 opasyer ro, uro nastnaercx nonnmu unoaec1nou nmue1on no moynm n. 3ro
osnauaer, uro nx nmoro nenoro a, ero ocrarok no moynm n xnnxercx nekoroptm uncnom or 0 o n-1.
Onepannx a mod n oosnauaer ocrarok or a, xnnxmmnncx nekoroptm nentm uncnom or 0 o n-1. 3ra onepannx
nastnaercx npnneenneu no uoynm. Hanpnmep, 5 mod 3 2.
3ro onpeenenne mod moxer ornnuartcx or npnnxroro n nekoroptx xstkax nporpammnponannx. Hanpnmep,
oneparop nonyuennx ocrarka n xstke PASCAL nnora nosnpamaer orpnnarentnoe uncno. On nosnpamaer uncno
mexy -(n-1) n n-1. B xstke C oneparop % nosnpamaer ocrarok or enennx nepnoro ntpaxennx na nropoe, ono
moxer trt orpnnarentntm uncnom, ecnn nmon ns onepanon orpnnarenen. nx ncex anropnrmon n +ron knnre
nponepxnre, uro nt oannxere n k pesyntrary onepannn nonyuennx ocrarka, ecnn ona nosnpamaer orpnnarentnoe
uncno.
Apn|mernka ocrarkon ouent noxoxa na otunym apn|mernky: ona kommyrarnnna, acconnarnnna n ncrpn y-
rnnna. Kpome roro, npnneenne kaxoro npomexyrounoro pesyntrara no moynm n aer ror xe pesyntrar, kak n
ntnonnenne ncero ntuncnennx c nocneymmnm npnneennem koneunoro pesyntrara no moynm n.
(a b) mod n ((a mod n) (b mod n)) mod n
(a - b) mod n ((a mod n) - (b mod n)) mod n
(a * b) mod n ((a mod n) * (b mod n)) mod n
(a * (bc)) mod n (((a*b) mod n) ((a*c) mod n)) mod n
Btuncnenne mod n uacro ncnontsyercx n kpnnrorpa|nn, rak kak ntuncnenne nckperntx norapn|mon n kna -
parntx kopnen mod n moxer trt nenerkon nponemon. Apn|mernka ntueron, k romy xe, nerue peannsyercx na
komntmrepax, nockontky ona orpannunnaer nanason npomexyrountx snauennn n pesyntrara. nx k-nrontx nt-
ueron n, npomexyrounte pesyntrart nmoro cnoxennx, ntunranne nnn ymnoxennx yyr ne nnnnee, uem 2 k nr.
Ho+romy n apn|mernke ntueron mt moxem ntnonnnrt nosneenne n crenent es orpomntx npomexyrountx p e-
syntraron. Btuncnenne crenenn nekoroporo uncna no moynm pyroro uncna,
a
x
mod n,
npecrannxer coon npocro nocneonarentnocrt ymnoxennn n enennn, no cymecrnymr npnemt, yckopxmmne
+ro encrnne. Onn ns raknx npnemon crpemnrcx mnnnmnsnponart konnuecrno ymnoxennn no moynm, pyron -
onrnmnsnponart orentnte ymnoxennx no moynm. Tak kak onepannn ncrpnyrnnnt, tcrpee ntnonnnrt nosn e-
enne n crenent kak norok nocneonarentntx ymnoxennn, kaxtn pas nonyuax ntuert. Cenuac nt ne uyncrnyere
pasnnnt, no ona yer samerna npn ymnoxennn 200-nrontx uncen.
Hanpnmep, ecnn nt xornre ntuncnnrt a
8
mod n, ne ntnonnxnre nannno cemt ymnoxennn n ono npnneenne no
moynm:
(a * a * a * a * a * a * a * a) mod n
Bmecro +roro ntnonnnre rpn mentmnx ymnoxennx n rpn mentmnx npnneennx no m oynm:
((a
2
mod n)
2
mod n)
2
mod n
Touno rakxe,
a
16
mod n (((a
2
mod n)
2
mod n)
2
mod n)
2
mod n
Btuncnenne a
x
, re x ne xnnxercx crenentm 2, nenamnoro rpynee. nonunax sannct npecrannxer x n nne
cymmt crenenen 2: 25 - +ro nnapnoe 11001, no+romy 25 24 23 20. Ho+romy
a
25
mod n (a*a
24
) mod n (a* a
8
*a
16
) mod n
(a*(( a
2
)
2
)
2
*((( a
2
)
2
)
2
)
2
) mod n (a*((( a*a
2
)
2
)
2
)
2
) mod n
C npoymanntm coxpanennem npomexyrountx pesyntraron nam nonaonrcx rontko mecrt ymnoxennn:
(((((((a
2
mod n)* a)
2
mod n)
2
mod n)
2
mod n)
2
mod n)
2
*a) mod n
Takon npnem nastnaercx nenouxon cnoaennn |863], nnn meroom nonuntx knaparon n ymnoxennx. On n c-
nontsyer npocrym n ouennnym nenouky cnoxennn, n ocnone koropon nexnr nonunoe npecrannenne uncna. Ha
xstke C +ro ntrnxnr cneymmnm opasom:
unsigned long qe2(unsigned long x, unsigned long y, unsigned long n) {
unsigned long s, t, u;
int i;
s=1; t=x; u=y;
while (u) {
if(u&1) s=(s*t)%n;
u>>1;
t=(t*t)%n;
}
return(s)
}
A nor pyron, pekypcnnntn, anropnrm:
unsigned long fast_exp(unsigned long x, unsigned long y, unsigned long N) {
unsigned long tmp;
if(y==l) return(x % N);
if (l^(x&l)) {
tmp= fast_exp(x,y/2,N);
return ((tmp*tmp)%N);
else {
tmp = fast_exp(x,(y-1)/2,N);
tmp = (tmp*tmp)%N;
tmp = (tmp*x)%N;
return (tmp);
}
}
3ror mero ymentmaer konnuecrno onepannn, n cpenem, o 1.5* k onepannn, re k - nnna uncna x n nrax.
Hanrn cnoco ntuncnennx c nanmentmnm konnuecrnom onepannn - rpynax nponema (tno okasano, uro nocn e-
onarentnocrt onxna coepxart ne mentme k-1 onepannn), no nerpyno cnnsnrt uncno onepannn o 1.1* k nnn
axe nyume npn ontmnx k.
3||ekrnnntm cnocoom mnoro pas ntnonnxrt npnneenne no moynm nx onoro n xnnxercx ue1o Mon1ro-
uepn |1111]. pyron mero nastnaercx anropn1uou Bappe1a |87]. 3||ekrnnnocrt onncannoro anropnrma n
+rnx nyx meroon paccmarpnnaercx n |210]: anropnrm, paccmorpenntn mnom, xnnxercx nannyumnm nx ennn u-
noro npnneennx no moynm, anropnrm Fappera - nannyumnm nx mantx aprymenron, a mero Monrromepn - na n-
nyumnm nx otunoro nosneennx n crenent no moynm. (Mero Monrromepn rakxe ncnontsyer npenmymecrno
mantx nokasarenen crenenn, ncnontsyx npnem, nastnammnncx cmemannon apn|mernkon.)
Onepannx, oparnax nosneennm n crenent no moynm n, ntuncnxer ncxpe1nmn norapnqu. antme
nkparne paccmorpm +ry onepannm.
Hpocmme uucua
Hpocrtm nastnaercx nenoe uncno, ontmee ennnnt, enncrnenntmn mnoxnrenxmn koroporo xnnxercx 1 n
ono camo: ono ne ennrcx nn na ono pyroe uncno. na - +ro npocroe uncno. Hpocrtmn xnnxmrcx n 73, 2521,
2365347734339 n 2
756839
-1. Cymecrnyer eckoneuno mnoro npocrtx uncen. Kpnnrorpa|nx, ocoenno kpnnrorpa|nx
c orkptrtmn knmuamn, uacro ncnontsyer ontmne npocrte uncna (512 nr n axe on tme).
Enanrenoc Kpanaknc (Evangelos Kranakis) nanncan ornnunym knnry no reopnn uncen, npocrtm uncnam n nx
npnmenennm n kpnnrorpa|nn |896]. Hayna Pnenonm (Paula Ribenboim) nanncana ne ornnuntx cnpanountx
paort no npocrtm uncnam noome |1307, 1308].
Hauououu ouu euumeuo
na uncna nastnamrcx nsanuno npoc1mun, ecnn y nnx ner omnx mnoxnrenen kpome 1. Hntmn cnonamn, e c-
nn nanonnmnn omnn enn1enn a n n panen 1. 3ro sannctnaercx kak:
HO(a,n)1
Bsanmno npocrt uncna 15 n 28. 15 n 27 ne xnnxmrcx nsanmno npocrtmn, a 13 n 500 - xnnxmrcx. Hpocroe uncno
nsanmno npocro co ncemn pyrnmn uncnamn, kpome u ncen, kparntx annomy npocromy uncny.
Onnm ns cnocoon ntuncnnrt nanontmnn omnn ennrent nyx uncen xnnxercx anropn1u 3nxnna. 3nk-
nn onncan +ror anropnrm n cnoen knnre, J.e+eumi, nanncannon n 300 roy o namen +pt. On ne nsopen ero.
Hcropnkn cunramr, uro +ror anropnrm ner na 200 crapme. 3ro camtn pennnn nerpnnnantntn anropnrm, koroptn
omen o namnx nen, n on nce eme xopom. Knyr onncan anropnrm n ero conpemennte mon|nkannn n |863]. Ha
xstke C:
/* sosspamaei HOL (gcd) x w y */
int gcd (int x, int y) {
int g;
if (x < 0)
x = -x;
if (y < 0)
y = -y;
if (x + y == 0 )
ERROR ;
g = y;
while (x > 0) {
g = x;
x = y % x;
y = g;
}
return g;
}
3ror anropnrm moxno oomnrt nx nonyuennx HO maccnna m uncen:
/* sosspamaei HOL (gcd) xl, x2...xm */
int multiple_gcd (int m, int *x) {
slze_t i;
int g;
if (m < 1)
return 0;
g = x [0];
for (i=l; i<m; ++i) {
g = gcd(g, x[i]);
/* oniwmwsauwn, iax xax znn cnyuann-x x[i], g==l s 60% cnyuaes: */
if (g == 1)
return 1;
}
return g;
}
Opamume suaueuua no oyum
Homnnre, uro rakoe oparnte snauennx? Oparnoe snauenne nx 4 - 1/4, noromy uro 4*1/4 1. B mnpe ntueron
nponema ycnoxnxercx:
4*x 1 (mod 7)
3ro ypannenne +knnnanenrno onapyxennm x n k, raknx uro
4x 7k 1
re x n k - nente uncna. Omax saaua cocronr n naxoxennn x, rakoro uro
1 (a*x) mod n
3ro rakxe moxno sanncart kak
a
-1
x (mod n)
Hponemy oparntx snauennn no moynm pemnrt nenerko. Hnora y nee ecrt pemenne, nnora ner. Hanpnmep,
oparnoe snauenne 5 no moynm 14 panno 3. C pyron cropont y uncna 2 ner oparnoro snauennx no moynm 14.
B omem cnyuae y ypannennx a
-1
x (mod n) cymecrnyer enncrnennoe pemenne, ecnn a n n nsanmno npocrt.
Ecnn a n n ne xnnxmrcx nsanmno npocrtmn, ro a
-1
x (mod n) ne nmeer pemennn. Ecnn n xnnxercx npocrtm unc-
nom, ro nmoe uncno or 1 o n -1 nsanmno npocro c n n nmeer n rounocrn ono oparnoe snauenne no moynm n.
Tak, xopomo. A renept kak nt conpaerect nckart oparnoe snauenne a no moynm n? Cymecrnyer na nyrn.
Oparnoe snauenne a no moynm n moxno ntuncnnrt c nomomtm anropnrma 3nknna. Hnora +ro nastnaercx
pacmnpenntm anropnrmom 3nknna.
Bor +ror anropnrm na xstke C:
#define isEven(x) ((x & 0x01) == 0)
#define isOdd(x) (x& 0x01)
#define swap(x,y) (x^= y, y^= x, x^= y)
void ExtBinEuclid(int *u, int *v, int *u1, int *u2, int *u3) {
// npezynpe+zenwe: u w v yzyi nepeciasnen-, ecnw u<v
int k, tl, t2, t3;
if (*u < *v) swap(*u<,*v);
for (k = 0; isEven(*u) && isEven(*v); ++k) {
*u>>=1; *v >>1;
}
*u1 = 1; *u2 = 0; *u3 = *u; t1 = *v; t2 = *u - 1; t3 = *v;
do {
do {
if (isEven(*u3)) {
if (isOdd(*ul) || isOdd(*u2)) {
*u1 += *v; *u2 += *u;
}
*ul >>* 1; *u2 >>= 1; *u3 >>= 1;
}
if (isEven(t3) || *u3 < t3) {
swap(*ul,tl); smap(*u2,t2); smap(*u3,t3);
}
} while (isEven(*u3));
while (*ul < tl || *u2 < t2) {
*ul += *v; *u2 += *u;
}
ul -= tl; *u2 -= t2; *u3 -= t3;
} while (t3 > 0);
while (*ul >= *v && *u2 >= *u) {
*ul>l -= *v; *u2 -= *u;
}
*u <<= k; *v <<= k; *u3 << k;
}
main(int argc, char **argv) {
int a, b, gcd;
if (argc < 3) {
cerr << "xax wcnonssosais: xeuclid u v" << end1;
return -1;
}
int u = atoi(argv[1]);
int v = atoi(argv[2]);
if (u <= 0 || v <= 0 ) {
cerr << "Aprymeni zon+en -is nono+wienen!" << end1;
return -2;
}
// npezynpe+zenwe: u w v yzyi nepeciasnen- ecnw u < v
ExtBinEuclid(&u, &v, &a, &b, &gcd);
cout << a <<" * " << u << " + (-"
<< b << ") * " << v << " = " << gcd << end1;
if (gcd == 1)
cout << "Opainoe snauenwe " << v << " mod " << u << " is: "
<< u - b << end1;
return 0;
}
ne conpamct okastnart, uro +ro paoraer, nnn npnnonrt reopernueckoe oocnonanne. Hoponocrn mo x-
no nanrn n |863] nnn n nmon ns npnneenntx panee paor no reopnn uncen.
Anropnrm nreparnnen n nx ontmnx uncen moxer paorart menenno. Knyr nokasan, uro cpenee uncno n t-
nonnxemtx anropnrmom enennn panno:
0.843*log
2
(n) 1.47
Peueuue ua ro+qquuueumoe
Anropnrm 3nknna moxno ncnontsonart n nx pemennx cneymmnx nponem: an maccnn ns m nepemenntx
x
1
, x
2
, ..., x
m
, nanrn maccnn m ko+||nnnenron, u
l
, u
2
, ..., u
m
, raknx uro
u
l
* x
1
... u
m
* x
m
, 1
Mauaa meopea 0epa
Ecnn m - npocroe uncno, n a ne kparno m, ro uanau 1eopeua mepua yrnepxaer
a
m-1
1 (mod m)
(Htep e uepma (Pierre de Eermat), |pannyscknn maremarnk, xnn c 1601 no 1665 ro. 3ra reopema ne nmeer
nnuero omero c ero snamennron reopemon.)
0yuruua 3uepa
Cymecrnyer pyron cnoco ntuncnnrt oparnoe snauenne no moynm n, no ero ne ncera nosmoxno ncnonts o-
nart. Hpnneennmu unoaec1nou oc1a1xon mod n nastnaercx nomnoxecrno nonnoro mnoxecrna ocrarkon, un e-
nt koroporo nsanmno npocrt c n. Hanpnmep, npnneennoe mnoxecrno ocrarkon mod 12 - +ro 1, 5, 7, 11}. Ecnn n -
npocroe uncno, ro npnneennoe mnoxecrno ocrarkon mod n - +ro mnoxecrno ncex uncen or 1 o n-1. nx nmoro n,
ne pannoro 1,uncno 0 nnkora ne nxonr n npnneennoe mnoxecrno ocrarkon.
uynknnx 3nnepa, koropym rakxe nastnamr |ynknnen |n 3nnepa n sannctnamr kak (n), - +ro konnuecrno
+nemenron n npnneennom mnoxecrne ocrarkon no moynm n. Hntmn cnonamn, (n) - +ro konnuecrno nonoxnrent-
ntx nentx uncen, mentmnx n n nsanmno npocrtx c n (nx nmoro n, ontmero 1). (heonap 3nnep (Leonhard
Euler), mnennapcknn maremarnk, xnn c 1707 no 1783 ro.)
Ecnn n - npocroe uncno, ro (n) n-1. Ecnn n pq, re p n q -npocrte uncna, ro (n) (p - 1)(q - 1). 3rn uncna
noxnnxmrcx n nekoroptx anropnrmax c orkptrtmn knmuamn, n nor nouemy. B coornercrnnn c oomennem 3nn e-
pa manon reopemt uepma, ecnn HO(a,n) 1, ro
a
(n)
mod n 1
Tenept nerko ntuncnnrt a
-1
mod n:
x a
(n)-1
mod n
Hanpnmep, kakoe uncno xnnxercx oparntm nx 5 no moynm 7? Tak kak 7 - npocroe uncno, (7) 7 - 1 6.
Hrak, uncno, oparnoe k 5 no moynm 7, panno
5
6-1
mod 7 5
5
mod 7 3
3rn merot ntuncnennx oparntx snauennn moxno pacmnpnrt nx onee omen nponemt naxoxennx x
(ecnn HO(a,n) 1):
(a*x) mod n b
Hcnontsyx oomenne 3nnepa, pemaem
x (b* a
(n)-1
) mod n
Hcnontsyx anropnrm 3nknna, naxonm
x (b* (a
-1
mod n) ) mod n
B omem cnyuae nx ntuncnennx oparntx snauennn anropnrm 3nknna tcrpee, uem oomenne 3nnepa,
ocoenno nx uncen nnnon nopxka 500 nr. Ecnn HO( a,n) 1, ne nce norepxno. B +rom omem cnyuae ( a*x)
mod nb, moxer nmert nnn neckontko pemennn, nnn nn onoro.
Kumacraa meopea o ocmamrax
Ecnn nsnecrno pasnoxenne uncna n na npocrte comnoxnrenn, ro nx pemennx nonnon cncremt ypannennn
moxno nocnontsonartcx Knranckon reopemon o ocrarkax. Ocnonnon napnanr +ron reopemt tn orkptr n nepnom
neke knrancknm maremarnkom Cyn Hse.
B omem cnyuae, ecnn pasnoxenne uncna n na npocrte comnoxnrenn npecrannxer coon p
1
*p
2
*...*p
t
, ro cnc-
rema ypannennn
(x mod p
i
) a
i
, re i 1, 2, . . . , t
nmeer enncrnennoe pemenne, x, mentmee n. (Oparnre nnnmanne, uro nekoropte npocrte uncna moryr nox n-
nxrtcx neckontko pas. Hanpnmep, p
1
moxer trt panno p
2
.) pyrnmn cnonamn, uncno (mentmee, uem nponsneenne
neckontknx npocrtx uncen) onosnauno onpeenxercx cnonmn ocrarkamn or enennx na +rn npocrte uncna.
Hanpnmep, nostmem npocrte uncna 3 n 5, n 14 n kauecrne saannoro uncna. 14 mod 3 2, n 14 mod 5 4. C y-
mecrnyer enncrnennoe uncno, mentmee 3*5 15, c raknmn ocrarkamn: 14. na ocrarka onosnauno onpeenxmr
uncno.
Ho+romy nx nponsnontnoro a p n b q (re p n q - npocrte uncna), cymecrnyer enncrnennoe uncno x,
mentmee pq, rakoe uro
x a (mod p), n x b (mod q)
nx nonyuennx x cnauana nocnontsyemcx anropnrmom 3nknna, urot nanrn u, rakoe uro
u*q 1 (mod p)
3arem ntuncnnm:
x (((a - b) *u) mod p) * q b
Bor kak ntrnxnr Knranckax reopema o ocrarkax na xstke C:
/* r - oio xonwueciso onemenios s maccwsax m and u;
m - oio maccws (nonapno ssawmno npoci-x) mozynen
u - oio maccws xoowuwenios
sosspamaei snauenwe n, iaxoe uio n == u[k]%m[k] (k=0..r-1) w
n < [m[0]*m[l]*...*m[r-1]
*/
/* Honyuenwe ynxuww Onnepa (totient) ociaeicn ynpa+nenwem znn uwiaienn. */
int Chinese_remainder (size_t r, int *m, int *u) {
size_t i;
int modulus;
int n;
modulus=1;
for (i=0; i<r; ++i)
modulus*=m[i];
n=0;
for (i=0; i<r; ++i) {
n+=u[i] * modexp(modulus/m[i]*totient(m[i]),m[i]);
n %= modulus;
}
return n;
}
Opamenne Knranckon reopemt o ocrarkax moxer trt ncnontsonano nx pemennx cneymmen nponemt:
ecnn p n q - npocrte uncna, n p mentme q, ro cymecrnyer enncrnennoe x, mentmee, uem pq, rakoe uro
a x (mod p), n b x (mod q)
Ecnn a b mod p, ro
x (((a - (b mod p)) * u) mod p) * q b
Ecnn a b mod p, ro
x (((a p - (b mod p))*u) mod p)*q b
Keapamuuume emuemm
Ecnn p - npocroe uncno, n a ontme 0, no mentme p, ro a npecrannxer coon knaparnuntn ntuer no moynm
p, ecnn
x
2
a (mod p), nx nekoroptx x
He nce snauennx a coornercrnymr +romy rpeonannm. urot a tno knaparnuntm ntuerom no n, ono onxno
trt knaparnuntm ntuerom no moynm ncex npocrtx comnoxnrenen n. Hanpnmep, ecnn p 7, knaparnuntmn
ntueramn xnnxmrcx uncna 1, 2, n 4:
1
2
1 1 (mod 7)
2
2
4 4 (mod 7)
3
2
9 2 (mod 7)
4
2
16 2 (mod 7)
5
2
25 4 (mod 7)
6
2
36 1 (mod 7)
3amertre, uro kaxtn knaparnuntn ntuer naxt noxnnxercx n +rom cnncke. 3nauennn x, yonnernopxmmnx
nmomy ns cneymmnx ypannennn, ne cymecrnyer:
x
2
3 (mod 7)
x
2
5 (mod 7)
x
2
6 (mod 7)
3rn uncna - 3, 5 n 6 - ne xnnxmrcx knaparnuntmn ntueramn no moynm 7.
Xorx x +roro n ne enam, necnoxno okasart, uro kora p neuerno, cymecrnyer n rounocrn ( p - 1)/2 knaparnu-
ntx ntueron no moynm p, n crontko xe uncen, ne xnnxmmnxcx knaparnuntmn ntueramn no moynm p. Kpome
roro, ecnn a - +ro knaparnuntn ntuer no moynm p, ro y a n rounocrn na knaparntx kopnx, onn mexy 0 n
(p-1)/2, a nropon - mexy (p - 1)/2 n (p - 1). Onn ns +rnx knaparntx kopnen ononpemenno xnnxercx knaparn u-
ntm ocrarkom no moynm p, on nastnaercx rnannmu xnapa1nmu xopneu.
Ecnn n xnnxercx nponsneennem nyx npocrtx uncen, p n q, ro cymecrnyer ponno (p - l)(q - 1)/4 knaparnuntx
ntueron no moynm n. Knaparnuntn ntuer no moynm n xnnxercx conepmenntm knaparom no moynm n, noro-
my uro nx roro, urot trt knaparom no moynm n, ntuer onxen trt knaparom no moynm p n knaparom
no moynm q. Hanpnmep, cymecrnyer onnnanart knaparnuntx ocrarkon mod 35: 1, 4, 9, 11, 15, 16, 21, 25, 29 n
30. V kaxoro knaparnunoro ntuera ponno uertpe knaparntx kopnx.
Cueou Bexaupa
Cnmnon hexanpa, L(a,p), onpeenen, ecnn a - +ro nmoe nenoe uncno, a p - npocroe uncno, ontmee, uem 2.
On panen 0, 1 nnn -1.
L(a,p) 0, ecnn a ennrcx na p.
L(a,p) 1, ecnn a - knaparnuntn ntuer no moynm p.
L(a,p) -1, ecnn a ne xnnxercx knaparnuntm ntuerom no moynm p.
L(a,p) moxno paccunrart cneymmnm opasom:
L(a,p) a
(p-1)/2
mod p
Hnn moxno nocnontsonartcx cneymmnm anropnrmom:
1. Ecnn a 1, ro L(a,p) 1
2. Ecnn a uerno, ro L(a,p) L(a/2,p) * ( )
( )/
1
2
1 8 s
3. Ecnn a neuerno (n 1), ro L(a,p) L(p mod a, p)*(-1)
(a-1)(p-1)/4
Oparnre nnnmanne, uro +ror mero rakxe xnnxercx +||ekrnnntm cnocoom onpeennrt, xnnxercx nn a kna-
parnuntm ntuerom no moynm p (nx npocroro uncna p).
Cueou Rrou
Cnmnon kon, J(a,n), npecrannxer coon oomenne cnmnona hexanpa na cocrannte moynn, on onpeen x-
ercx nx nmoro nenoro a n nmoro neuernoro nenoro n. uynknnx yona npn nponepke na npocrory. Cnmnon k o-
n xnnxercx |ynknnen na mnoxecrne nonyuenntx ntueron ennrenen n n moxer trt ntuncnen no pasnnuntm
|opmynam |1412]. Bor onn ns cnocoon:
Onpeenenne 1: J(a,n) onpeenen, rontko ecnn n neuerno.
Onpeenenne 2: J(0,n) 0.
Onpeenenne 3: Ecnn n - npocroe uncno, ro cnmnon kon J( a,n) 0, ecnn a ennrcx na n.
Onpeenenne 4: Ecnn n - npocroe uncno, ro cnmnon kon J( a,n) 1, ecnn a - knaparnuntn ntuer no moynm
n.
Onpeenenne 5: Ecnn n - npocroe uncno, ro cnmnon kon J( a,n) -1, ecnn a ne xnnxercx knaparnuntm ntue-
rom no moynm n.
Onpeenenne 6: Ecnn n - cocrannoe uncno, ro cnmnon kon J( a,n) J(a,p
1
)* ... * J(a,p
m
), re p
1
, ... , p
m
- +ro
pasnoxenne n na npocrte comnoxnrenn.
Cneymmnn anropnrm pekypcnnno paccunrtnaer cnmnon kon:
Hpannno 1: J(1,n) 1
Hpannno 2: J(a*b,n) J(a,n)* J(b,n)
Hpannno 3: J(2,n) , ecnn (n
2
-1) /8 neuerno, n -1 n npornnnom cnyuae
Hpannno 4: J(a,n) J((a mod n),n)
Hpannno 5: J(a, b
1
*b
2
) J(a, b
1
)* J(a, b
2
)
Hpannno 6: Ecnn nanontmnn omnn ennrent a n b 1, a rakxe a n b neuernt:
Hpannno 6a: J(a,b) J(b, a), ecnn (a - l)(b - 1)/4 uerno
Hpannno 6b: J(a,b) -J(b, a), ecnn (a - l)(b - 1)/4 neuerno
Bor anropnrm na xstke C:
/* Oioi anropwim pexypcwsno s-uwcnnei cwmson Hxow */
int jacobi(int a, int b) {
int g;
assert(odd(b));
if (a >= b) a %= b; /* no npaswny 4 */
if (a == 0) return 0; /* no onpezenenwx 1 */
if (a == 1) return 1; /* no npaswny 1 */
if (a < 0)
if ((b-l)/2 % 2 == 0)
return jacobi(-a,b);
else
return -jacobi(-a,b);
if (a % 2 == 0) /* a ueino */
if (((b*b -1)/8) % 2 == 0)
return +jacobi(a/2,b);
else
return -jacobi(a/2,b); /* no npaswnam 3 w 2 */
g = gcd(a,b);
assert(odd(a)); /* oio oecneuwsaeicn nposepxon (a % 2 == 0) */
if (g == a) /* b zenwicn na a */
return 0; /* no npaswny 5 */
else if (g != 1)
return jacobi(g,b)*jacobi(a/g,b); /* no npaswny 2 */
else if (((a-l)*(b-l)/4) % 2 == 0)
return +jacobi(b,a); /* no npaswny 6a */
else
return -jacobi(b,a); /* no npaswny 6b */
}
Ecnn sapanee nsnecrno, uro n - npocroe uncno, nmecro ncnontsonannx npetymero anropnrma npocro ntunc-
nnre a((n-1)/2) mod n, n +rom cnyuae J(a,n) +knnnanenren cnmnony hexanpa.
Cnmnon kon nentsx ncnontsonart nx onpeenennx roro, xnnxercx nn a knaparnuntm ntuerom no moynm
n (ecnn, koneuno, n ne xnnxercx npocrtm uncnom). Oparnre nnnmanne, uro ecnn J( a,n) 1 n n - cocrannoe uncno,
ro yrnepxenne, uro a xnnxercx knaparnuntm ntuerom no moynm n, ne oxsarentno yer ncrnnon. Hanpnmep:
J(7,143) J(7,11)* J(7,13) (-1)(-1) 1
Onako ne cymecrnyer raknx nentx uncen x, uro x
2
7 (mod 143).
Heume uucua Buma
Ecnn p n q - na npocrtx uncna, konrpy+nrntx 3 no moynm 4, ro n pq nnora nastnamr nenmu uncnou
Bnmua. Ecnn n - +ro nenoe uncno Fnmma, y kaxoro knaparnunoro ntuera ponno uertpe knaparntx kopnx,
onn ns koroptx rakxe xnnxercx knaparom - +ro rnanntn knaparntn kopent. Hanpnmep, rnanntn knaparntn
kopent 139 mod 437 - +ro 24. Ocrantnte rpn kopnx - +ro 185, 252 n 413.
Ieuepamopm
Ecnn p - npocroe uncno, n g mentme, uem p, ro g nastnaercx renepa1opou no moynm p, ecnn nx kaxoro
uncna b or 1 o p - 1 cymecrnyer nekoropoe uncno a, uro g
a
b (mod p).
Hntmn cnonamn, g xnnxercx npnun1nnou no ornomennm k p. Hanpnmep, ecnn p 11, ro 2 - +ro reneparop no
moynm 11:
2
10
1024 1 (mod 11)
2
1
2 2 (mod 11)
2
8
256 3 (mod 11)
2
2
4 4 (mod 11)
2
4
16 5 (mod 11)
2
9
512 6 (mod 11)
2
7
128 7 (mod 11)
2
3
8 8 (mod 11)
2
6
64 9 (mod 11)
2
5
32 10 (mod 11)
Kaxoe uncno or 1 o 10 moxer trt npecranneno kak 2
a
(mod p). nx p 11 reneparopamn xnnxmrcx 2, 6, 7
n 8. pyrne uncna ne xnnxmrcx reneparopamn. Hanpnmep, reneparopom ne xnnxercx uncno 3, noromy uro ne cym e-
crnyer pemennx nx
3
a
2 (mod 11)
B omem cnyuae nponepnrt, xnnxercx nn annoe uncno reneparopom, nenerko. Onako samaua ynpomaercx, e c-
nn nsnecrno pasnoxenne na mnoxnrenn nx p - 1. Hycrt q
1
, q
2
, ... , q
n
- +ro pasnnunte npocrte mnoxnrenn p - 1.
urot nponepnrt, xnnxercx nn uncno g reneparopom no moynm p, ntuncnnre
g
(p-1)/q
mod p
nx ncex snauennn q q
1
, q
2
, ... , q
n
.
Ecnn +ro uncno panno 1 nx nekoroporo q, ro g ne xnnxercx reneparopom. Ecnn nx ncex snauennn q paccunran-
noe snauenne ne panno 1, ro g - +ro reneparop.
Hanpnmep, nycrt p 11. Hpocrte mnoxnrenn p - 1 10 - +ro 2 n 5. nx nponepkn roro, xnnxercx nn uncno 2
reneparopom, ntuncnnm:
2
(11-1)/5
(mod 11) 4
2
(11-1)/2
(mod 11) 10
Hn onn ns orneron ne panen 1, no+romy 2 - +ro reneparop.
Hponepnm, xnnxercx reneparopom nn uncno 3:
3
(11-1)/5
(mod 11) 9
3
(11-1)/2
(mod 11) 1
Cneonarentno, 3 - +ro ne reneparop.
Hpn neoxonmocrn onapyxnrt reneparop no moynm p npocro cnyuanno ntnpanre uncno or 1 o p - 1 n
nponepxnre, ne xnnxercx nn ono reneparopom. Ieneparopon ocrarouno, no+romy onn ns nnx nt, ckopee ncero,
nanere tcrpo.
Bmuucueuue e noue Iauya
He rpenoxtrect, nce +ro mt yxe enann. Ecnn n - npocroe uncno nnn crenent ontmoro npocroro uncna, ro mt
nonyuaem ro, uro maremarnkn nastnamr xoneunmu noneu. B uecrt +roro mt ncnontsyem p nmecro n. B encrnn-
rentnocrn +ror rnn koneunoro nonx nacrontko sameuarenen, uro maremarnkn ann emy cocrnennoe nmx - none
Ianya, oosnauaemoe kak GE(p). (B uecrt 3napncra Ianya, |pannysckoro maremarnka, xnnmero n enxrnanarom
neke n ycnenmero snaunrentno nponnnyrt reopnm uncen, npexe uem n 20 ner on tn ynr na y+nn.)
B none Ianya onpeenent cnoxenne, ntunranne, ymnoxenne n enenne na nenynente +nemenrt. Cymecrnyer
nenrpantntn +nemenr nx cnoxennx - 0 - n nx ymnoxennx - 1. nx kaxoro nenynenoro uncna cymecrnyer en n-
crnennoe oparnoe uncno (+ro ne tno t rak, ecnn t p ne tno t npocrtm uncnom). Btnonnxmrcx kommyr a-
rnnntn, acconnarnnntn n ncrpnyrnnntn sakont.
Apn|mernka nonx Ianya mnpoko ncnontsyercx n kpnnrorpa|nn. B nem paoraer ncx reopnx uncen, none c o-
epxnr uncna rontko koneunoro pasmepa, npn enennn orcyrcrnymr omnkn okpyrnennx. Mnorne kpnnrocncremt
ocnonant na GE(p), re p - +ro ontmoe npocroe uncno.
urot eme onee ycnoxnnrt nonpoc, kpnnrorpa|t rakxe ncnontsymr apn|mernky no moynm nenpnnonumx
mnorounenon crenenn n, ko+||nnnenramn koroptx xnnxmrcx nente uncna no moynm q, re q - +ro npocroe unc-
no. 3rn nonx nastnamrcx GE(qn). Hcnontsyercx apn|mernka no moynm p(x), re p(x) - +ro nenpnnonmtn mno-
rounen crenenn n.
Maremarnueckax reopnx, croxmax sa +rnm, ntxonr aneko sa pamkn +ron knnrn, xorx x n onnmy px kpnnr o-
cncrem, ncnontsymmnx ee. Ecnn nt xornre nonpoonart c nenpnnonmtmn mnorounenamn, ro GE(2
3
) nknmuaer
cneymmne +nemenrt: 0, 1, x, x 1, x
2
, x
2
1, x
2
x, x
2
x 1. Vontn nx napannentnon peannsannn anropnrm
ntuncnennx oparntx snauennn n GE(2
n
) npnneen n |421].
Hpn ocyxennn nonnnomon repmnn "npocroe uncno" samenxercx repmnnom " nenpnnonmtn mnorounen". H o-
nnnom nastnaercx nenpnnonmtm, ecnn ero nentsx npecrannrt n nne nyx pyrnx nonnnomon (koneuno xe,
kpome 1 n camoro nonnnoma). Honnnom x
2
1 nenpnnonm na nentmn uncnamn, a nonnnom x
3
2 x
2
x ne xnnx-
ercx nenpnnonmtm, on moxer trt npecrannen kak x(x l)(x 1).
Honnnom, koroptn n annom none xnnxercx reneparopom, nastnaercx npnmnrnnntm nnn asontm, nce ero k o-
+||nnnenrt nsanmno npocrt. Mt cnona nepnemcx k npnmnrnnntm nonnnomam, kora yem ronopnrt o cnnr o-
ntx perncrpax c nnnennon oparnon cnxstm (cm. pasen 16.2).
Btuncnennx n GE(2
n
) moryr trt tcrpo peannsonant annaparno c nomomtm cnnrontx perncrpon c nnne n-
non oparnon cnxstm. Ho +ron npnunne ntuncnennx na GE(2
n
) uacro tcrpee, uem ntuncnennx na GE( p). Tak
kak nosneenne n crenent n GE(2
n
) ropaso +||ekrnnnee, ro +||ekrnnnee n ntuncnenne nckperntx norapn|mon
|180, 181, 368, 379]. ononnnrentnym nn|opmannm o +rom moxno nanrn n |140].
nx nonx Ianya GE(2
n
) kpnnrorpa|t nmxr ncnontsonart n kauecrne moynen rpexunent p(x) x
n
x 1, rak
kak nnnnax crpoka nynen mexy ko+||nnnenramn npn x
n
n x nosnonxer npocro peannsonart tcrpoe ymnoxenne
no moynm |183]. Honnnom onxen trt npnmnrnnntm, n npornnnom cnyuae maremarnka ne yer paorart. x
n
x 1 npnmnrnnen nx cneymmnx snauennn n, mentmnx uem 1000 |1649, 1648]:
1, 3, 4, 6, 9, 15, 22, 28, 30, 46, 60, 63, 127, 153, 172, 303, 471, 532, 865, 900
Cymecrnymr annaparnte peannsannn GE(2
127
), re p(x) x
127
x 1 |1631, 1632, 1129]. 3||ekrnnnax apxn-
rekrypa annaparypt nosneennx n crenent nx GE(2
n
) paccmarpnnaercx n |147].
11.4 Pasnoenne na unon1enn
Pasnoxnrt uncno na mnoxnrenn - snaunr nanrn ero npocrte comnoxnrenn.
10 2*5
60 2*2*3*5
252601 41*61*101
2113- 1 3391*23279*65993*1868569*1066818132868207
Pasnoxenne na mnoxnrenn xnnxercx onon ns pennenmnx nponem reopnn uncen. 3ror nponecc necnoxen, no
rpeyer npemenn. 3ro noka ocraercx rak, no px cnnron n +rom nckyccrne nce xe nponsomen. Ceronx camtm
nyumnm anropnrmom xnnxercx:
Peme1o uncnonoro nonu uncen (Number field sieve, NFS) |953] (cm. rakxe |952, 16, 279]). Peme1o omero
uncnonoro nonu - +ro camtn tcrptn ns nsnecrntx anropnrm nx uncen pasmepom 110 n onee paspxon |472,
635]. B cnoem nepnonauantnom nne on tn nenpakrnuen, no sa nocnenne neckontko ner on tn nocneonarentno
ynyumen |953]. NES nce eme cnnmkom non, urot nrt pekopt pasnoxennx na mnoxnrenn, no ckopo nce nepem e-
nnrcx. Pannxx nepcnx ncnontsonanact nx pasnoxennx na mnoxnrenn enxroro uncna uepma: 2512 1 |955,954].
pyrne anropnrmt, ntrecnennte NES:
Knapa1nunoe peme1o (Quadratic sieve, QS) |1257, 1617, 1259]. 3ro camtn tcrptn ns nsnecrntx n uame
ncero ncnontsonanmnncx anropnrm nx uncen, nnna koroptx mentme 110 ecxrnuntx paspxon |440]. Fonee t-
crpax nepcnx +roro anropnrma nastnaercx mnoxecrnenntm nonnnomnantntm knaparnuntm pemerom |1453, 302].
Camax tcrpax nepcnx nastnaercx nonnon napnannen mnoxecrnennoro nonnnomnantnoro knaparnunoro pemera
c ontmnm npocrtm uncnom.
Me1o +nnnn1nuecxon xpnnon (Elliptic curve method, ECM) |957, 1112, 1113]. 3ror mero ncnontsonancx
nx noncka ne onee, uem 43-paspxntx mnoxnrenen.
Anropn1u Mon1e-Kapno Honnapa (Pollard's Monte Carlo algorithm) |1254, 248]. (3ror anropnrm rakxe
npnneen y Knyra n rome 2 |863].)
Anropn1u nenpepmnnmx poen (Continued fraction algorithm). Cm. |1123, 1252, 863]. 3ror anropnrm ne
noxonr no npemenn ntnonnennx.
Hponepxa enenneu (Trial division). 3ror camtn craptn anropnrm pasnoxennx na mnoxnrenn cocronr ns
nponepkn kaxoro npocroro uncna, mentmero nnn pannoro kna parnomy kopnm ns packnatnaemoro uncna.
B kauecrne xopomero nneennx n pasnnunte anropnrmt pasnoxennx na mnoxnrenn, kpome NES, moxno n c-
nontsonart |251]. NES nyume ncero paccmorpen n |953]. Fonee craptmn pnaoramn xnnxmrcx |505, 1602, 1258].
Cneennx o napannentnom pasnoxennn na mnoxnrenn moxno nanrn n |250].
Ecnn uncno n na mnoxnrenn packnatnaercx, ro +npncrnueckoe npemx ntnonnennx camtx tcrptx napnanron
QS acnmnrornueckn panno:
e
O n n ( ( ))(ln( )) (ln((ln( ))) 1 1
1
2
1
2
+
NES namnoro tcrpee, onenka ero +npncrnueckoro npemenn ntnonnennx:
e
O n n ( . ( ))(ln( )) (ln((ln( ))) 1 923 1
1
3
2
3
+
B 1970 roy ontmon nonocrtm crano pasnoxenne na mnoxnrenn 41-paspxnoro rpynoro uncna |1123].
("Tpyntm" xnnxercx rakoe uncno, y koroporo ner manentknx mnoxnrenen, n koropoe ne onaaer cnennantnon
|opmon, nosnonxmmen ynpocrnrt nponecc.) ecxrt ner cnycrx pasnoxenne n na pas onee nnnnoro uncna sanxno
nnmt neckontko uacon na komntmrepe Cray |440].
B 1988 roy Kapn Homepanc (Carl Pomerance), ncnontsyx otunte CFHC, cnpoekrnponan ycrponcrno nx pa s-
noxennx na mnoxnrenn |1259]. Pasmep uncna, koropoe moxno tno pasnoxnrt, sanncen rontko or pasmepon yc r-
poncrna, koropoe rak n ne tno nocrpoeno.
B 1993 roy c nomomtm knaparnunoro pemera tno pasnoxeno na mnoxnrenn 120-paspxnoe rpynoe uncno.
Pacuer, norpeonanmnn 825 mips-ner, tn ntnonnen sa rpn mecxna peantnoro npemenn |463]. pyrne pesyntrart
npnneent n |504].
Ceronx nx pasnoxennx na mnoxnrenn ncnontsymrcx komntmrepnte cern |302, 955]. nx pasnoxennx
116paspxnoro uncna Apxar hencrpa (Arjen Lenstra) n Mapk Manacc (Mark Manasse) n reuenne neckontknx m e-
cxnen ncnontsonann cnoonoe npemx maccnna komntmrepon, paspocanntx no ncemy mnpy, - 400 mips-ner.
B mapre 1994 roa c nomomtm nonnon napnannn mnoxecrnennoro nonnnomnantnoro QS |66] komanon m a-
remarnkon no pykonocrnom hencrpt tno pasnoxeno na mnoxnrenn 129-paspxnoe (428-nronoe) uncno. B t-
uncnennx ntnonnxnnct oponontnamn n Internet - n reuenne noctmn mecxnen rpynnnct 600 uenonek n 1600 ko m-
ntmrepon, nosmoxno, camtn ontmon n ncropnn mnoronponeccopntn konrnomepar. Tpyoemkocrt ntuncnennn
tna n nanasone or 4000 o 6000 mips-ner. Komntmrept coennxnnct no +nekrponnon noure, nepeanax cnon
pesyntrart n nenrpantnoe xpannnnme, re ntnonnxncx okonuarentntn ananns. B +rnx ntuncnennxx ncnontson a-
nnct QS n reopnx nxrnnernen annocrn, NES mor t yckopnrt ntnonnenne pacueron pas n ecxrt |949]. B coo r-
nercrnnn c |66]: "Mt enaem ntno, uro mnpoko ncnontsyemte 512-nronte moynn RSA moryr trt nckptrt
oprannsannen, roronon norparnrt neckontko mnnnnonon onnapon n nooxart neckontko mecxnen." Ho onenkam
anropon pasnoxenne 512-nronoro uncna n 100 pas onee rpyoemko npn ncnontsonannn ron xe rexnnkn n rontko
n 10 cnoxnee npn ncnontsonannn NES n conpemennon rexnnkn |949].
C nentm pasnnrnx nckyccrna pasnoxennx na mnoxnrenn RSA Data Security, Inc. n mapre 1991 roa oxnnno o
nporpamme RSA Eactoring Challenge (cocrxsanne RSA no pasnoxennm na mnoxnrenn) |532]. Cocrxsanne cocronr n
pasnoxennn na mnoxnrenn pxa rpyntx uncen, kaxoe ns koroptx xnnxercx nponsneennem nyx npocrtx uncen
npnmepno onnakonoro pasmepa. Kaxoe npocroe uncno tno ntpano konrpy+nrntm 2 no moynm 3. Bcero tno
npenoxeno 42 uncna, no onomy uncny n nanasone or 100 o 500 paspxon c marom 10 paspxon (nnmc ono o-
nonnnrentnoe, 129-paspxnoe uncno). K momenry nanncannx +ron knnrn RSA-100, RSA-110, RSA-120, n RSA-129
tnn pasnoxent na mnoxnrenn, nce c nomomtm QS. Cneymmnm (c nomomtm NES) moxer trt RSA-130, nnn
uemnnont no pasnoxennm na mnoxnrenn cpasy nostmyrcx sa RSA -140.
annax onacrt pasnnnaercx tcrpo. Texnnky pasnoxennx na mnoxnrenn rpyno +kcrpanonnponart, rak kak
nenosmoxno npeckasart pasnnrne maremarnueckon reopnn. o orkptrnx NES mnorne cunrann, uro nmon mero
pasnoxennx na mnoxnrenn ne moxer acnmnrornueckn trt tcrpee QS. Onn tnn nenpant.
Hpecroxmee pasnnrne NES, no nnnmomy, yer nponcxonrt n |opme ymentmennx koncranrt: 1.923. nx
pxa uncen cnennantnon |opmt, raknx kak uncna uepma, koncranra npnnnxaercx k 1.5 |955, 954]. Ecnn t nx
rpyntx uncen, ncnontsyemtx n ceronxmnen kpnnrorpa|nn, koncranry roxe moxno tno cnnsnrt o +roro
yponnx, ro 1024-nronte uncna packnatnannct t na mnoxnrenn yxe ceronx. Onnm ns cnocoon ymentmnrt
koncranry xnnxercx onapyxenne nyumnx cnocoon npecrannennx uncen kak nonnnomon c manentknmn ko+|| n-
nnenramn. Hoka eme nponema ne nsyuanact ocrarouno +||ekrnnno, no nosmoxno pemammnn ycnex yxe nnsok
|949].
Hocnenne pesyntrart nporpammt RSA Eactoring Challenge moxno ysnart, ornpannn sanpoc no +nekrponnon
noure no apecy challenge-inforsa.com.
Keapamume ropuu no oyum n
Ecnn n - nponsneenne nyx npocrtx uncen, ro nosmoxnocrt ntuncnnrt knaparnte kopnn no moynm n nt-
uncnnrentno +knnnanenrna nosmoxnocrn pasnoxnrt uncno n na mnoxnrenn |1283, 35, 36, 193]. pyrnmn cnonamn,
ror, kro snaer npocrte mnoxnrenn uncna n, moxer nerko ntuncnnrt knaparnte kopnn nmoro uncna no moynm
n, no nx nmoro pyroro ntuncnenne okaxercx raknm xe rpyntm, kak n pasnoxenne na npocrte mnoxnrenn
uncna n.
11.5 Fenepaunn npoc1oro uncna
nx anropnrmon c orkptrtmn knmuamn nyxnt npocrte uncna. Hx nyxno mnoxecrno nx nmon ocrarouno
ontmon cern. Hpexe, uem ocyxart maremarnky renepannn npocroro uncna, x orneuy na neckontko ouennntx
nonpocon.
Ecnn kaxomy nonaonrcx cnoe npocroe uncno, ne nccxkner nn y nac sanac? Her. B encrnnrentnocrn cymec r-
nyer npnnnsnrentno 10151 npocrtx uncen nnno1 o 512 nr nknmunrentno. nx uncen, nnsknx n, nepoxrnocrt
roro, uro cnyuanno ntpannoe uncno okaxercx npocrtm, panna 1/ln n. Ho+romy nonnoe uncno npocrtx uncen,
mentmnx n, panno n/(ln n). Bo ncenennon ncero 10
77
aromon. Ecnn t nx kaxoro aroma no ncenennon c nauana
npemen kaxym mnkpocekyny rpeonancx t mnnnnap npocrtx uncen, nonaonnoct t rontko 10
109
npocrtx
uncen, ocranoct t eme npnmepno 10
151
npocrtx uncen.
uro ecnn na uenoneka cnyuanno ntepyr ono n ro xe npocroe uncno? 3roro ne cnyunrcx. Hpn ntope ns
10151 npocrtx uncen nepoxrnocrt connaennx ntopa snaunrentno mentme, uem nepoxrnocrt, uro nam komnt m-
rep cnyuanno ncntxner n ror camtn momenr, kora nt ntnrpaere n norepem.
Ecnn kro-ro cosacr asy anntx ncex npocrtx uncen, ne cmoxer nn on ncnontsonart +ry asy anntx nx
nckptrnx anropnrmon c orkptrtmn knmuamn? Her. Ecnn t nt xpannnn onn rnraanr nn|opmannn na ycrpo n-
crne, necxmem onn rpamm, ro nepeuent npocrtx uncen pasmepom o 512 nr nknmunrentno necnn t crontko, uro
macca xpannnnma npentcnna t npeen uanpacekapa, n ono ckonnancnponano t n uepnym tpy ... n nmom
cnyuae nt ne cmoxere nsnneut annte.
Ho ecnn rak rpyoemko pasnoxenne na mnoxnrenn, kak moxer trt npocron renepannx npocrtx uncen? uokyc
n rom, uro ornernrt "a" nnn "ner" na nonpoc "nnxercx nn uncno n npocrtm?" ropaso npome, uem ornernrt na
onee cnoxntn nonpoc "Kakont mnoxnrenn n?"
Ienepannx cnyuanntx uncen c nocneymmen nontrkon pasnoxennx nx na mnoxnrenn - +ro nenpannntntn cn o-
co noncka npocrtx uncen. Cymecrnymr pasnnunte nepoxrnocrnte nponepkn na npocrory uncen, onpeenxmmne,
xnnxercx nn uncno npocrtm, c saannon crenentm ocronepnocrn. Hpn ycnonnn, uro +ra "crenent ocronepnocrn"
ocrarouna nennka, rakne cnocot nponepkn ocrarouno xopomn. cntman, uro npocrte uncna, renepnponannte
raknm opasom nastnamrcx "npomtmnenno npocrtmn uncnamn": +rn uncna nepoxrno xnnxmrcx npocrtmn c ko n-
rponnpyemon nosmoxnocrtm omnkn.
Hpenonoxnm, uro ona nponepka ns 2
50
- omnouna. 3ro osnauaer, uro c nepoxrnocrtm 1/10
15
nponepka ox-
nnr npocrtm cocrannoe uncno. (Hpocroe uncno nnkora ne yer oxnneno cocranntm npn nponepke.) Ecnn no
kakon-ro npnunne nonaonrcx ontmax ocronepnocrt npocrort uncna, yponent omnkn moxno nonnsnrt. C
pyron cropont, ecnn nt ycranonnre nepoxrnocrt roro, uro uncno xnnxercx cocranntm, n 300 mnnnnonon pas
mentmen, uem nepoxrnocrt ntnrpart rnanntn npns n rocyapcrnennon norepee, nt moxere ontme o +rom ne
nonnonartcx.
Osopt neannnx nccneonannn n +ron onacrn moxno nanrn n |1256, 206]. pyrnmn naxntmn paoramn x n-
nxmrcx |1490, 384, 11, 19, 626, 651, 911].
Solovay-Strassen
Poepr Conon+n (Robert Solovay) n uontkep Brpaccen (Volker Strassen) paspaorann anropnrm nepoxrnocrnon
nponepkn npocrort uncna |1490]. nx nponepkn npocrort uncna p +ror anropnrm ncnontsyer cnmnon kon:
(1) Btepnre cnyuanno uncno a, mentmee p.
(2) Ecnn HO(a,p) (1, ro p ne npoxonr nponepky n xnnxercx cocranntm.
(3) Btuncnnre f a(p-1)/2 mod p.
(4) Btuncnnre cnmnon kon J(a,p).
(5) Ecnn f J(a,p), ro uncno p nanepnxka ne xnnxercx npocrtm.
(6) Ecnn f J(a,p), ro nepoxrnocrt roro, uro uncno p ne xnnxercx npocrtm, ne ontme 50 nponenron.
uncno a, koropoe ne nokastnaer, uro p nanepnxka ne xnnxercx npocrtm uncnom, nastnaercx cnnerenem. Ecnn
p - cocrannoe uncno, nepoxrnocrt cnyuannoro uncna a trt cnnerenem ne nnxe 50 nponenron. Honropnre +ry
nponepky t pas c t pasnnuntmn snauennxmn a. Bepoxrnocrt roro, uro cocrannoe uncno npeooneer nce t nponepok,
ne npentmaer 1/2
t
.
Lehmann
pyron, onee npocron recr tn nesanncnmo paspaoran hemannom (Lehmann) |903]. Bor nocneonarentnocrt
encrnnn npn nponepke npocrort uncna p:
(1) Btepnre cnyuanno uncno a, mentmee p.
(2) Btuncnnre a
(p-1)/2
mod p.
(3) Ecnn a
(p-1)/2
1 nnn -1 (mod p), ro p ne xnnxercx npocrtm.
(4) Ecnn a
(p-1)/2
1 nnn -1 (mod p), ro nepoxrnocrt roro, uro uncno p ne xnnxercx npocrtm, ne ontme 50 npo-
nenron.
H cnona, nepoxrnocrt roro, uro cnyuannoe uncno a yer cnnerenem cocrannon npnpot uncna p, ne mentme
50 nponenron. Honropnre +ry nponepky t pas. Ecnn pesyntrar ntuncnennn panen 1 nnn -1, no ne ncera panen 1, ro
p xnnxercx npocrtm uncnom c nepoxrnocrtm omnkn 1/
2t
.
Rabin-Miller
Honcemecrno ncnontsyemtm xnnxercx npocron anropnrm, paspaoranntn Manknom Pannom (Michael Rabin),
uacrnuno ocnonanntm na nexx I+pn Mnnnepa |1093, 1284]. Ho cyrn, +ro ynpomennax nepcnx anropnrma, pek o-
menonannoro n npenoxennn DSS proposal |1149, 1154].
Btepnre nx nponepkn cnyuannoe uncno p. Btuncnnre b - uncno enennn p - 1 na 2 (r.e., 2
b
- +ro nanontmax
crenent uncna 2, na koropoe ennrcx p - 1). 3arem ntuncnnre m, rakoe uro p 1 2
b
* m.
(1) Btepnre cnyuannoe uncno a, mentmee p.
(2) Vcranonnre f 0 n : am mod p.
(3) Ecnn : 1 nnn ecnn : p - 1, ro p npoxonr nponepky n moxer trt npocrtm uncnom.
(4) Ecnn f ~ 0 n : 1, ro p ne xnnxercx npocrtm uncnom.
(5) Vcranonnre f f 1. Ecnn f b n :( p - 1, ycranonnre : :
2
mod p n nepnnrect na +ran (4). Ecnn : p - 1, ro
p npoxonr nponepky n moxer trt npocrtm uncnom.
(6) Ecnn f b n : p - 1, ro p ne xnnxercx npocrtm uncnom.
B +rom recre nepoxrnocrt npoxoxennx nponepkn cocranntm uncnom ytnaer tcrpee, uem n npetymnx.
Iapanrnpyercx, uro rpn uerneprn nosmoxntx snauennn a okaxyrcx cnnerenxmn. 3ro osnauaer, uro cocrannoe
uncno npockontsner uepes t nponepok c nepoxrnocrtm ne ontmen (1/4)
t
, re t - +ro uncno nrepannn. Ha camom
ene n +rn onenkn cnnmkom neccnmncrnunt. nx ontmnncrna cnyuanntx uncen okono 99.9 nponenron nosmo x-
ntx snauennn a xnnxmrcx cnnerenxmn |96].
Cymecrnymr onee rounte onenkn |417]. nx n-nronoro kannara n npocrte uncna (re n ontme 100), ne-
poxrnocrt omnkn n onom recre mentme, uem 4 2
2
1
2
n
k
( )
. H nx 256-nronoro n nepoxrnocrt omnkn n mecrn rec-
rax mentme, uem 1/2
51
. ononnnrentnym reopnm moxno nanrn n |418].
Hparmuuecrue coopaxeuua
B peantntx npnnoxennxx renepannx npocrtx uncen nponcxonr tcrpo.
(1) Crenepnpynre cnyuannoe n-nronoe uncno p.
(2) Vcranonnre crapmnn n mnamnn nrt panntmn 1. (Crapmnn nr rapanrnpyer rpeyemym nnny npocroro
uncna, a mnamnn nr oecneunnaer ero neuernocrt.)
(3) Venrect, uro p ne ennrcx na neontmne npocrte uncna: 3, 5, 7, 11, n r.. Bo mnornx peannsannxx npon e-
pxercx ennmocrt p na nce npocrte uncna, mentmne 256. Hanonee +||ekrnnnon xnnxercx nponepka na e-
nnmocrt nx ncex npocrtx uncen, mentmnx 2000 |949]. 3ro moxer trt +||ekrnnno ntnonneno c nomomtm
koneca |863].
(4) Btnonnnre recr Rabin-Miller nx nekoroporo cnyuannoro a. Ecnn p npoxonr recr, crenepnpynre pyroe
cnyuannoe a n nonropnre nponepky. Btnpanre neontmne snauennx a nx yckopennx ntuncnennn. Btnon-
nnre nxrt recron |651]. (Onoro moxer nokasartcx ocrarountm, no ntnonnnre nxrt.) Ecnn p ne npoxonr
onon ns nponepok, crenepnpynre pyroe p n nonpoynre cnona.
Hnaue, moxno ne renepnponart p cnyuanntm opasom kaxtn pas, no nocneonarentno nepenpart uncna, n a-
unnax co cnyuanno ntpannoro o rex nop, noka ne yer naneno npocroe uncno.
3ran (3) ne xnnxercx oxsarentntm, no +ro xopomax nex. Hponepka, uro cnyuannoe neuernoe p ne ennrcx na
3, 5 n 7 orcekaer 54 nponenra neuerntx uncen eme o +rana (4). Hponepka ennmocrn na nce npocrte uncna,
mentmne 100, ynpaer 76 nponenron neuerntx uncen, nponepka ennmocrn na nce npocrte uncna, mentmne 256,
ynpaer 80 nponenron neuerntx uncen. B omem cnyuae, onx neuerntx kannaron, koropte ne enxrcx nn na
ono npocroe uncno, mentmee n, panna 1.12/ln n. uem ontme nponepxemoe n, rem ontme npenapnrentntx nt-
uncnennn nyxno ntnonnnrt o recra Rabin-Miller.
Ona ns peannsannn +roro meroa na Sparc II cnocona naxonrt 256-nronte npocrte uncna n cpenem sa 2.8
cekynt, 512-nronte npocrte uncna - n cpenem sa 24.0 cekynt, 768-nronte npocrte uncna - n cpenem sa 2.0
mnnyrt, a 1024-nronte npocrte uncna - n cpenem sa 5.1 mnnyrt |918].
Cuuoume npocmme uucua
Ecnn n - nponsneenne nyx npocrtx uncen, p n q, ro moxer nonaonrtcx ncnontsonart n kauecrne p n q
cnnnnme npoc1me uncna. Takne npocrte uncna onaamr pxom cnoncrn, koropte ycnoxnxmr pasnoxenne np o-
nsneennx n onpeenenntmn meroamn pasnoxennx na mnoxnrenn. Cpen raknx cnoncrn tnn npenoxent
|1328, 651]:
Hanontmnn omnn ennrent p - 1 n q - 1 onxen trt neontmnm.
H p - 1, n q - 1 onxnt nmert cpen cnonx mnoxnrenen ontmne npocrte uncna, coornercrnenno p n q.
H p - 1, n q - 1 onxnt nmert cpen cnonx mnoxnrenen ontmne npocrte uncna.
H p 1, n q 1 onxnt nmert cpen cnonx mnoxnrenen ontmne npocrte uncna.
H (p - 1)/2, n (q - 1)/2 onxnt trt npocrtmn |182). (Oparnre nnnmanne, npn ntnonnennn +roro ycnonnx n t-
nonnxmrcx n na nepntx.)
Hackontko cymecrnenno npnmenenne nmenno cnntntx npocrtx uncen, ocraercx npemerom npoonxammnxcx
cnopon. 3rn cnoncrna tnn paspaorant, urot sarpynnrt ntnonnenne pxa craptx anropnrmon pasnoxennx na
mnoxnrenn. Onako camte tcrpte anropnrmt onnakono tcrpt npn pasnoxennn na mnoxnrenn nmtx uncen,
kak yonnernopxmmnx npnneenntm ycnonnxm, rak n ner |831].
npornn cnennantnon renepannn cnntntx npocrtx uncen. nnna npocrtx uncen ropaso naxnee nx crpykr y-
pt. Fonee roro, cama crpykrypa ymentmaer cnyuannocrt un cna n moxer cnnsnrt ycronunnocrt cncremt.
Ho nce moxer nsmennrtcx. Moryr trt cosant nonte merot pasnoxennx na mnoxnrenn, koropte nyume p a-
oramr c uncnamn, onaammnmn onpeenenntmn cnoncrnamn. B +rom cnyuae cnona moryr norpeonartcx cnn t-
nte npocrte uncna. 3arnxtnanre n xypnant no reopernueckon maremarnke.
11.6 nckpe1nme norapnqum n koneunou none
B kauecrne pyron ononanpannennon |ynknnn n kpnnrorpa|nn uacro ncnontsyercx nosneenne n crenent no
moynm. herko ntuncnnrt:
a
x
mod n
3aauen, oparnon nosneennm n crenent no moynm, xnnxercx nonck nckpernoro norapn|ma. A +ro yxe n e-
nerkax saaua:
Hanrn x, nx koroporo a
x
b (mod n).
Hanpnmep:
Ecnn 3
x
15 mod 17, ro x 6
Pemennx cymecrnymr ne nx ncex nckperntx norapn|mon (nomnnre, peut ner rontko o nenouncnenntx p e-
mennxx). herko samernrt, uro cneymmee ypannenne ne nmeer pemennn
3
x
7 (mod 13)
Eme cnoxnee pemart +ry saauy nx 1024-nrontx uncen.
Bmuucueuue ucrpemumx uoeapuqoe e roueuuo epynne
Kpnnrorpa|t nnrepecymrcx nckperntmn norapn|mamn cneymmnx rpex rpynn:
Myntrnnnnkarnnnax rpynna nonen npocrtx uncen: GE( p)
Myntrnnnnkarnnnax rpynna koneuntx nonen crenenen 2: GE(2
n
)
Ipynnt +nnnnrnueckon kpnnon na koneuntmn nonxmn F: EC(F)
Fesonacnocrt mnornx anropnrmon c orkptrtmn knmuamn ocnonana na saaue noncka nckperntx norapn|mon,
no+romy +ra saaua tna rnyoko nsyuena. Xopomnn nopontn osop +ron nponemt n ee nannyumne pemennx
na coornercrnymmnn momenr npemenn moxno nanrn n |1189, 1039]. hyumen conpemennon crarten na +ry remy
xnnxercx |934].
Ecnn p xnnxercx npocrtm uncnom n ncnontsyercx n kauecrne moynx, ro cnoxnocrt noncka nckperntx nor a-
pn|mon n GE(p) no cymecrny coornercrnyer pasnoxennm na mnoxnrenn uncna n roro xe pasmepa, re n - +ro npo-
nsneenne nyx npocrtx uncen npnnnsnrentno pannon nnnt |1378,934]. To ecrt:
e
O n n ( ( ))(ln( )) (ln((ln( ))) 1 1
1
2
1
2
+
Pemero uncnonoro nonx tcrpee, onenka ero +npncrnueckoro npemenn ntnonnennx:
e
O n n ( . ( ))(ln( )) (ln((ln( ))) 1 923 1
1
3
2
3
+
Crnnen Honnr (Stephen Pohlig) n Maprnn Xennman namnn cnoco tcrporo ntuncnennx nckperntx nor a-
pn|mon n GE(p) npn ycnonnn, uro p - 1 packnatnaercx na mante npocrte mnoxnrenn |1253]. Ho +ron npnunne n
kpnnrorpa|nn ncnontsymrcx rontko rakne nonx, nx koroptx p - 1 onaaer xorx t onnm ontmnm npocrtm
mnoxnrenem. pyron anropnrm |14] ntuncnxer nckperntx norapn|m co ckopocrtm, cpannnmon c pasnoxennem
na mnoxnrenn, on tn pacmnpen na nonx nna GE( p
n
) |716]. 3ror anropnrm tn noneprnyr kpnrnke n |727] no
pxy reopernuecknx momenron. B pyrnx crartxx |1588] moxno ynnert, nackontko na camom ene rpyna np o-
nema n nenom.
Btuncnenne nckperntx norapn|mon recno cnxsano c pasnoxennem na mnoxnrenn. Ecnn nt moxere pemnrt
nponemy nckpernoro norapn|ma, ro nt moxere n pasnoxnrt na mnoxnrenn. (Hcrnnnocrt oparnoro nnkora ne
tna okasana.) B nacroxmee npemx cymecrnyer rpn meroa ntuncnennx nckperntx norapn|mon n none npocroro
uncna |370, 934, 648]: nnnennoe pemero, cxema nentx uncen Iaycca n pemero uncnonoro nonx.
Hpenapnrentnoe, oemnoe ntuncnenne nx nonx onxno trt ntnonneno rontko onn pas. 3arem, tcrpo
moxno ntuncnxrt orentnte norapn|mt. 3ro moxer ceptesno ymentmnrt esonacnocrt cncrem, ocnonanntx na
raknx nonxx. Baxno, urot pasnnunte npnnoxennx ncnontsonann pasnnunte nonx npocrtx uncen. Xorx neckon t-
ko nontsonarenen onoro npnnoxennx moryr npnmenxrt omee none.
B mnpe pacmnpenntx nonen nccneonarenxmn ne nrnopnpymrcx n GE(2
n
). Anropnrm tn npenoxen n |727].
Anropnrm Konnepcmnra (Coppersmith) nosnonxer sa npnemnemoe npemx naxonrt nckpernte norapn|mt n raknx
nonxx kak GE(2
127
) n enaer npnnnnnnantno nosmoxntm nx nonck n nonxx nopxka GE(2
400
) |368]. B ero ocnone
nexnr |180]. V +roro anropnrma ouent nennka cranx npenapnrentntx ntuncnennn, no no ncem ocrantnom on
xopom n +||ekrnnen. Peannsannx menee +||ekrnnnon nepcnn +roro xe anropnrma nocne cemn uacon npenap n-
rentntx ntuncnennn rparnna na naxoxenne kaxoro nckpernoro norapn|ma n none GE(2
127
) nnmt neckontko
cekyn |1130, 180]. (3ro konkpernoe none, kora-ro ncnontsonanmeecx n nekoroptx kpnnrocncremax |142, 1631,
1632], ne xnnxercx esonacntm.) Osop nekoroptx ns +rnx pesyntraron moxno nanrn n |1189, 1039].
Hosnee tnn ntnonnent npenapnrentnte ntuncnennx nx nonen GE(2
227
), GE(2
313
) n GE(2
401
), yanoct sna-
unrentno nponnnyrtcx n nx nonx GE(2
503
). 3rn ntuncnennx npononnnct na nCube-2, maccnnnom napannentnom
komntmrepe c 1024 nponeccopamn |649, 650]. Btuncnenne nckperntx norapn|mon n none GE(2
593
) nce eme naxo-
nrcx sa npeenamn nosmoxnoro.
Kak n nx naxoxennx nckperntx norapn|mon n none npocroro uncna, nx ntuncnennx nckperntx nor a-
pn|mon n nonnnomnantnom none rakxe rpeyercx onn pas ntnonnnrt npenapnrentnte ntuncnennx. Taxep 3nt-
xamant (Taher EIGamal) |520] npnnonr anropnrm ntuncnennx nckperntx norapn|mon n none GE( p
2
).
Fnana 12 C1anpap1 mnqponannn pannmx DES (Data Encryption
Standard)
12.1 Bnepenne
Cranapr mn|ponannx anntx DES (Data Encryption Standard), koroptn ANSI nastnaer Anropnrmom mn |-
ponannx anntx DEA (Data Encryption Algorithm), a ISO - DEA-1, sa 20 ner cran mnpontm cranaprom. Xorx na
nem n noxnnncx naner crapocrn, on nectma npnnnuno ntepxan rot kpnnroanannsa n nce eme ocraercx esona c-
ntm no ornomennm ko ncem nparam, kpome, nosmoxno, camtx morymecrnenntx.
Paspaomra cmauapma
B nauane 70-x roon nenoennte kpnnrorpa|nueckne nccneonannx tnn kpanne pekn. B +ron onacrn nourn
ne nynnkonanoct nccneonarentcknx paor. Fontmnncrno nmen snann, uro nx cnonx kommynnkannn noennte
ncnontsymr cnennantnym annaparypy konponannx, no mano kro pasnpancx n kpnnrorpa|nn kak n nayke. 3ame r-
ntmn snannxmn onaano Arenrcrno nannonantnon esonacnocrn (National Security Agency, NSA), no ono axe
ne npnsnanano nynnuno cnoero cocrnennoro cymecrnonannx.
Hokynarenn ne snann, uro onn nokynamr. Mnorne neontmne komnannn nsrorannnnann n npoanann kpnnr o-
rpa|nueckoe oopyonanne, npenmymecrnenno saokeancknm npannrentcrnam. Bce +ro oopyonanne ornnuanoct
pyr or pyra n ne morno nsanmoencrnonart. Hnkro ne snan, encrnnrentno nn kakoe-nno ns +rnx ycrponcrn
esonacno, ne cymecrnonano nesanncnmon oprannsannn, koropax sacnnerentcrnonana t esonacnocrt. Kak ron o-
pnnoct n onom ns npannrentcrnenntx oknaon |441]:
Bnnxnne coornercrnymmero nsmenennx knmuen n npnnnnnon paort na peantnym momt annaparypt mn|pon a-
nnx/emn|pnponannx tno (n |akrnueckn ocranoct) nensnecrntm nourn ncem nokynarenxm, n tno ouent rpyno npnnnmart
oocnonannte pemennx o renepannn knmuen, npannntnom nanoronom nnn anronomnom pexnme, n r.., koropte orneuann t
norpenocrxm nokynarenen n esonacnocrn.
B 1972 roy Hannonantnoe mpo cranapron (National Bureau of Standards, NBS), renept nastnammeecx H a-
nnonantntm nncrnryrom cranapron n rexnnkn (National Institute of Standards and Technology, NIST), ntcrynnno
nnnnnaropom nporpammt samnrt nnnnn cnxsn n komntmrepntx anntx. Onon ns nenen +ron nporpammt tna
paspaorka ennoro, cranaprnoro kpnnrorpa|nueckoro anropnrma. 3ror anropnrm mor t trt nponepen n ce p-
rn|nnnponan, a ncnontsymmne ero pasnnunte kpnnrorpa|nueckne ycrponcrna mornn t nsanmoencrnonart. On
mor t, k romy xe, trt ornocnrentno neopornm n nerko ocrynntm.
15 max 1973 roa n Federal Register NBS onynnkonano rpeonannx k kpnnrorpa|nueckomy anropnrmy, kor o-
ptn mor t trt npnnxr n kauecrne cranapra. Ftno np nneeno neckontko kpnrepnen onenkn npoekra:
Anropnrm onxen oecneunnart ntcoknn yponent esonacnocrn.
Anropnrm onxen trt nonnocrtm onpeenen n nerko nonxren.
Fesonacnocrt anropnrma onxna ocnontnartcx na knmue n ne onxna sanncert or coxpanennx n ranne c a-
moro anropnrma.
Anropnrm onxen trt ocrynen ncem nontsonarenxm.
Anropnrm onxen nosnonxrt aanrannm k pasnnuntm npnmenennxm.
Anropnrm onxen nosnonxrt +konomnunym peannsannm n nne +nekrponntx npnopon.
Anropnrm onxen trt +||ekrnnntm n ncnontsonannn.
Anropnrm onxen npeocrannxrt nosmoxnocrn nponepkn.
Anropnrm onxen trt paspemen nx +kcnopra.
Peaknnx omecrnennocrn nokasana, uro k kpnnrorpa|nueckomy cranapry cymecrnyer samerntn nnrepec, no
ontr n +ron onacrn upesntuanno man. Hn ono ns npenoxennn ne yonnernopxno npexnnenntm rpeonannxm.
27 anrycra 1972 roa n Federal Register NBS onynnkonano nonropnoe npenoxenne. Hakonen, y Fmpo noxnn n-
cx noxoxmnn kannar: anropnrm no nmenem hmnn|ep, n ocnone koroporo nexana paspaorka komnannn IBM,
ntnonnennax n nauane 70-x (cm. pasen 13.1). B IBM cymecrnonana nenax komana kpnnrorpa|on, paoranmax n
Knnrcrone (Kingston) n Hopkrayn Xanrc (Yorktown Heights), n koropym nxonnn Pon Anep (Roy Adler), on
Konnepcmnr (Don Coppersmith), Xopcr uencrent (Horst Eeistel), 3na Kpoccman (Edna Crossman), Anan Konxenm
(Alan Konheim), Kapn Manep (Carl Meyer), Fnnn Hon (Bill Notz), hnnn Cmnr (Lynn Smith), Vonr Taumen (Walt
Tuchman) n Fpananr Takepman (Bryant Tuckerman).
Hecmorpx na onpeenennym cnoxnocrt anropnrm tn npxmonnneen. On ncnontsonan rontko npocrte nornu e-
ckne onepannn na neontmnmn rpynnamn nron n mor trt onontno +||ekrnnno peannsonan n annaparype.
NBS nonpocnno NSA nomout onennrt esonacnocrt anropnrma n onpeennrt, noxonr nn on nx ncnontson a-
nnx n kauecrne |eepantnoro cranapra. IBM yxe nonyunna narenr |514], no xenana cenart cnom nnrennekr y-
antnym cocrnennocrt ocrynnon nx nponsnocrna, peannsannn n ncnontsonannx pyrnmn komnannxmn. B konne
konnon, NBS n IBM ntpaorann cornamenne, no koropomy NBS nonyuano nencknmunrentnym, ecnnarnym n n-
nensnm nsrorannnnart, ncnontsonart n npoanart ycrponcrna, peannsymmne +ror anropnrm.
Hakonen, 17 mapra 1975 roa n Federal Register NBS onynnkonano n noponocrn anropnrma, n saxnnenne
IBM o npeocrannennn nencknmunrentnon, ecnnarnon nnnensnn na anropnrm, a rakxe npenoxnno npnctnart
kommenrapnn no nonoy annoro anropnrma |536]. B pyron samerke n Federal Register, 1 anrycra 1975 roa, pas-
nnuntm oprannsannxm n mnpokon nynnke cnona npenaranoct npokommenrnponart npenoxenntn anropnrm.
H kommenrapnn noxnnnnct |721, 497, 1120). Mnorne nacropoxenno ornocnnnct k yuacrnm "nennnmon pykn"
NSA n paspaorke anropnrma. Foxnnct, uro NSA nsmennr anropnrm, ncrannn n nero norannym nepny. +anon a-
nnct, uro NSA ymentmnno nnny knmuen c nepnonauantntx 128 nron o 56 (cm. pasen 13.1). +anonannct na
nnyrpennne pexnmt paort anropnrma. Mnorne coopaxennx NSA crann xcnt n nonxrnt n nauane 90-x, no n 70-
x onn kasannct ranncrnenntmn n rpenoxntmn.
B 1976 roy NBS nponeno na cnmnosnyma no onenke npenoxennoro cranapra. Ha nepnom ocyxannct m a-
remarnka anropnrma n nosmoxnocrt norannon nepnt |1139]. Ha nropom - nosmoxnocrn ynennuennx nnnt knmua
anropnrma |229]. Ftnn npnrnament cosarenn anropnrma, nmn, onennnanmne anropnrm, paspaorunkn annap a-
rypt, nocranmnkn, nontsonarenn n kpnrnkn. Ho ncem orueram cnmnosnymt tnn nectma oxn nnenntmn |1118].
Hecmorpx na kpnrnky Cranapr mn|ponannx anntx DES 23 noxpx 1976 roa tn npnnxr n kauecrne |e e-
pantnoro cranapra |229] n paspemen k ncnontsonannm na ncex necekperntx npannrentcrnenntx kommynnkan n-
xx. O|nnnantnoe onncanne cranapra, EIPS PUB 46, "Data Encryption Standard", tno onynnkonano 15 xnnapx
1977 roa n ncrynnno n encrnne mecrtm mecxnamn nosxe |1140]. EIPS PUB 81, " Modes of DES Operation"
(Pexnmt paort DES), tno onynnkonano n 1980 roy |1143]. EIPS PUB 74, "Guidelines for Implementing and
Using the NBS Data Encryption Standard" (Pykonocrno no peannsannn n ncnontsonannm Cranapra mn|ponannx
anntx NBS), noxnnnoct n 1981 roy |1142]. NBS rakxe onynnkonano EIPS PUB 112, cnenn|nnnpyx DES nx
mn|ponannx naponen |1144], n EIPS PUB 113, cnenn|nnnpyx DES nx nponepkn nonnnnocrn komntmrepntx
anntx |1145]. (EIPS oosnauaer Eederal Information Processing Standard.)
3rn cranaprt tnn ecnpeneenrntmn. Hnkora o +roro onenenntn NSA anropnrm ne tn onynnkonan.
Bosmoxno +ra nynnkannx tna cnecrnnem nenonnmannx, nosnnkmero mexy NSA n NBS. NSA cunrano, uro
DES yer peannsontnartcx rontko annaparno. B cranapre rpeonanact nmenno annaparnax peannsannx, no NBS
onynnkonano ocrarouno nn|opmannn, urot moxno tno cosart n nporpammnym peannsannm DES. He nx
neuarn NSA oxapakrepnsonano DES kak ony ns cnonx camtx ontmnx omnok. Ecnn t Arenrcrno npenonar a-
no, uro packptrte erann nosnonxr nncart nporpammnoe oecneuenne, ono nnkora t ne cornacnnoct na +ro. nx
oxnnnennx kpnnroanannsa DES cenan ontme, uem uro-nno pyroe. Tenept nx nccneonannx tn ocrynen
anropnrm, koroptn NSA oxnnno esonacntm. He cnyuanno cneymmnn npannrentcrnenntn cranapr anropn r-
ma, Skipjack (cm. pasen 13.12.), tn sacekpeuen.
Hpuuamue cmauapma
Amepnkancknn nannonantntn nncrnryr cranapron (American National Standards Institute, ANSI) oopnn
DES n kauecrne cranapra nx uacrnoro cekropa n 1981 roy (ANSI X3.92.) |50], nasnan ero Anropnrmom mn|p o-
nannx anntx (Data Encryption Algorithm, DEA). ANSI onynnkonan cranapr pexnmon paort DEA (ANSI
X3.106) |52], noxoxnn na okymenr NBS, n cranapr nx mn|ponannx n cern, ncnontsymmnn DES (ANSI X3.105)
|51].
ne pyrne rpynnt nnyrpn ANSI, npecrannxmmne ankonckne onepannn npn posnnunon n onronon ropronne,
paspaorann cnon cranaprt na ocnone DES. Fankonckne onepannn npn posnnunon ropronne nknmuamr rpansa k-
nnn mexy |nnancontmn oprannsannxmn n orentntmn nnunocrxmn, a ankonckne onepannn npn onronon ro p-
ronne nknmuamr rpansaknnn mexy |nnancontmn oprannsannxmn.
Paouax rpynna ANSI no esonacnocrn |nnancontx oprannsannn npn posnnunon ropronne paspaorana cra n-
apr nx ynpannennx PIN-koamn n nx esonacnocrtm (ANSI X9.8) |53] n pyron ncnontsymmnn DES cranapr
nx nponepkn nonnnnocrn |nnancontx coomennn o posnnuntx npoaxax (ANSI X9.19) |56]. 3ra rpynna pa s-
paorana n npoekr cranapra nx esonacnoro pacnpeenennx knmuen (ANSI X9.2.4) |58].
Paouax rpynna ANSI no esonacnocrn |nnancontx oprannsannn npn onronon ropronne paspaorana cnon co -
crnenntn naop cranapron nx nponepkn nonnnnocrn coomennn (ANSI X9.9) |54], ynpannennx knmuamn
(ANSIX9.17) |55, 1151], mn|ponannx (ANSIX9.2.3) |57] n esonacnon nponepkn nonnnnocrn nnunocren n ysnon
(ANSI X9.26) |59].
Amepnkanckax acconnannx anknpon paspaartnaer neoxsarentnte cranaprt nx |nnanconon nnycrpnn.
Onn onynnkonann cranapr, pekomenymmnn DES nx mn|ponannx |1], n pyron cranapr nx ynpannennx
kpnnrorpa|nuecknmn knmuamn |2].
o noxnnennx n 1987 roy Akra o komntmrepnon esonacnocrn (Computer Security Act) the sa paspaorky | e-
epantntx cranapron n onacrn renekommynnkannn orneuana Amnnncrpannx omnx cnyx (General Services
Administration, CSA), a c +roro momenra ornercrnennocrt nepemna k NIST. CSA onynnkonana rpn cranapra,
ncnontsymmnx DES: na nx rpeonannn k omen esonacnocrn n nosmoxnocrn nsanmoencrnnx (ueepantntn
cranapr 1026 |662] n ueepantntn cranapr 1027 |663]) n onn nx |akc-annaparon Group 3 (ueepantntn
cranapr 1028 |664]).
Kasnauencrno nsano crparernueckne npekrnnt, rpeymmne, urot nonnnnocrt ncex coomennn o nepenoe
+nekrponntx |nnancon yocronepxnact c nomomtm DES |468, 470]. Ono rakxe paspaorano ocnonanntn na DES
kpnrepnn, koropomy onxnt yonnernopxrt nce ycrponcrna nponepkn nonnnnocrn |469].
ISO cnauana nporonoconana sa nneenne DES, nastnaemoro n ee nnrepnperannn DEA-1, n kauecrne mexyn a-
ponoro cranapra, a sarem npnnxna pemenne ne sannmartcx cranaprnsannen kpnnrorpa|nn. Onako n 1987 roy
rpynna ISO, sannmammaxcx mexynapontmn cranapramn n onacrn onronon ropronnn, npnmennna DES n me x-
ynaponom cranapre nponepkn nonnnnocrn |758] n nx ynpannennx knmuamn |761]. DES rakxe ncnontsyercx n
kauecrne ancrpannnckoro ankonckoro cranapra |1497].
Hpoeepra u cepmuqurauua oopyoeauua DES
uacrtm cranapra DES xnnxercx nponepka NIST peannsannn DES. 3ra nponepka nornepxaer, uro peanns a-
nnx coornercrnyer cranapry. o 1994 roa NIST nponepxn rontko annaparnte n nporpammno-annaparnte pean n-
sannn - noka cranapr sanpeman nporpammnte peannsannn. Ha mapr 1995 roa 73 pasnnuntx peannsannn tnn
npnsnant coornercrnymmnmn cranapry.
NIST rakxe paspaoran nporpammy ceprn|nkannn ycrponcrn nponepkn nonnnnocrn na coornercrnne ANSI
X9.9 n EIPS 113. Ha mapr 1995 roa tno ceprn|nnnponano 33 pasnnuntx npoykra. Kasnauencrno ncnontsyer
cnom cocrnennym ononnnrentnym nponeypy ceprn|nkannn. V NIST rakxe ecrt nporpamma nponepkn annap a-
rypt na coornercrnne ANSI X9.17 nx ynpannennx knmuamn npn onronon ropronne |1151], Ha mapr 1995 roa
tno ceprn|nnnponano uertpe npoykra.
1987
B cranapre DES tno oronopeno, uro on yer nepecmarpnnartcx kaxte nxrt ner. B 1983 DES tn nonro p-
no ceprn|nnnponan es ncxknx nponem. 6 mapra 1987 roa n Eederal Register NBS nonpocnno npokommenrnp o-
nart npenoxenne na cneymmne nxrt ner. NBS npenoxnno na ocyxenne cneymmne rpn antrepnarnnt |1480,
1481]: nnont nornepnrt cranapr na cneymmne nxrt ner, orkasartcx or cranapra nnn nepecmorpert npnmen n-
mocrt cranapra.
NBS n NSA nepecmorpenn cranapr. B +ror pas NSA tno saencrnonano n ontmen crenenn. Fnaroapx no -
nncannon Penranom npekrnne NSDD-145 NSA nonyunno npano nero no ornomennm k exrentnocrn NBS n ona c-
rn kpnnrorpa|nn. Hepnonauantno NSA oxnnno, uro ono ne ceprn|nnnpyer cranapr nonropno. Hponema tna
ne n rom, uro DES encrnnrentno tn nsnoman, n axe ne n rom, uro on, moxer trt, tn nsnoman. Ho nnnm o-
my, npenonaranoct, uro on nor-nor yer nsnoman.
Camo no cee NSA npenoxnno Hporpammy kommepueckon nonncn COMSEC (Commercial COMSEC
Endorsement Program, CCEP), koropax no cyrn npecrannxna coon naop anropnrmon nx sament DES |85]. 3rn
paspaorannte NSA anropnrmt ne tnn onynnkonant n tnn ocrynnt rontko n nne samnmenntx or nsnoma
CFHC (cm. pasen 25.1).
3ro npenoxenne ne tno npnnxro. Ftno ormeueno, uro DES mnpoko ncnontsyercx n nsnece (ocoenno n | n-
nancax), n uro npnemnemon antrepnarnnt ne cymecrnyer. Orkas or cranapra ocrannn t mnorne oprannsannn es
samnrt anntx. Hocne nnrentntx cnopon DES tn nnont yrnepxen n kauecrne npannrentcrnennoro cranapra
CBA o 1992 roa |1141]. NBS pemnno, uro DES nnkora ontme ne yer ceprn|nnnponan cnona |1480].
1993
Hnkora ne ronopn "nnkora". B 1992 roy antrepnarnnt anropnrmy DES nce eme ne tno. NBS, nastnaemtn
renept NIST, cnona n Eederal Register npenoxnno np okommenrnponart DES |540]:
Hent +roro npenoxennx cocronr n rom, urot oxnnrt o npecroxmem onennnannn aeknarnocrn cranapra saaue sam n-
rt komntmrepntx anntx na conpemennom yponne. Hpomtmnennocrn n mnpokon nynnke npenaramrcx rpn cneymmnx nap n-
anra pemennx nx EIPS 46-1. Kommenrapnn onxnt coepxart cronmocrt (nocnecrnnx) n npenmymecrna +rnx napna nron:
Honropno npnnxrt cranapr na cneymmne nxrt (5) ner. Hannonantntn nncrnryr cranapron n rexnonornn npoonxnr
ceprn|nkannm annaparypt, peannsymmen cranapr. EIPS 46-1 yer n antme ocranartcx enncrnenntm npnsnanntm m e-
room samnrt necekperntx komntmrepntx anntx.
Orkasartcx or cranapra. Hannonantntn nncrnryr cranapron n rexnonornn ontme ne yer noepxnnart cranapr.
Oprannsannn moryr npoonxart ncnontsonart cymecrnymmym annaparypy, peannsymmym cranapr. 3amenxx DES, NIST
nsacr pyrne cranaprt.
Hepecmorpert nonoxennx cranapra o npnmennmocrn n/nnn nponecrn pennsnm peannsannn. Takax pennsnx onxna
nknmuart nsmenennx cranapra, nosnonxmmne ncnontsonart kak annaparnte, rak nporpammnte n peannsannn DES, n c-
nontsonart DES nreparnnno n onpeenenntx npnnoxennxx, ncnontsonart antrepnarnnnte anropnrmt, npnsnannte n sap e-
rncrpnponannte NIST.
Cpok npnnxrnx npenoxennn ncrek 10 ekapx 1992 roa. Cornacno P+nmony Kammepy (Raymond Kammer), n
ro npemx npekropy NIST |812]:
B npomnom roy NIST |opmantno npenoxnno npnctnart kommenrapnn no nonoy nonropnon ceprn|nkannn DES. Pa c-
cmorpen npncnannte npenoxennx n pyrne rexnnueckne ncrounnkn, x conpamct pekomenonart mnnncrpy ropronnn, urot
on nonropno ceprn|nnnponan DES eme na nxrt ner. rakxe conpamct npenoxnrt mnnncrpy, urot, oxnnxx o nonropnon
ceprn|nkannn, mt c|opmynnponann namn namepennx paccmorpert n reuenne +rnx nxrn ner nosmoxnte antrepnarnnt. enax
noonoe saxnnenne, mt naeemcx art nmxm nosmoxnocrt ntckasartcx no nonoy npecroxmnx rexnonornuecknx nsmenennn.
B ro xe npemx, nam nyxno yunrtnart ontmoe konnuecrno cncrem, ncnontsymmnx +ror oopenntn cra napr.
Hecmorpx na ro, uro Vnpannenne onenkn rexnonornn cctnanoct na cnona paoranmero n NIST ennnca Fpa n-
crna (Dennis Branstead) or rom, uro nonesnoe npemx xnsnn DES sakonunrcx n konne 90-x |1191], anropnrm tn
ceprn|nnnponan nonropno na cneymmne nxrt ner |1150]. Hakonen tno paspemeno ceprn|nnnponart n np o-
rpammnte peannsannn DES. Xorenoct t snart, uro cnyunrcx n 1998 roy?
12.2 Onncanne DES
DES npecrannxer coon nountn mn|p, on mn|pyer annte 64-nrontmn nokamn. C onoro konna anr o-
pnrma nnonrcx 64-nrontn nok orkptroro rekcra, a c pyroro konna ntxonr 64-nrontn nok mn|porekcra.
DES xnnxercx cnmmerpnuntm anropnrmom: nx mn|ponannx n emn|pnponannx ncnontsymrcx onnakonte anr o-
pnrm n knmu (sa ncknmuennem neontmnx pasnnunn n ncnontsonannn knmua).
nnna knmua panna 56 nram. (Knmu otuno npecrannxercx 64-nrontm uncnom, no kaxtn noctmon nr
ncnontsyercx nx nponepkn uernocrn n nrnopnpyercx. Fnrt uernocrn xnnxmrcx nanmentmnmn snauamnmn nramn
anron knmua.) Knmu, koroptn moxer trt nmtm 56-nrontm uncnom, moxno nsmennrt n nmon momenr np e-
menn. Px uncen cunramrcx cnatmn knmuamn, no nx moxno nerko nsexart. Fesonacnocrt nonnocrtm onpeen x-
ercx knmuom.
Ha npocrenmem yponne anropnrm ne npecrannxer nnuero ontmero, uem komnnannx nyx ocnonntx meroon
mn|ponannx: cmemennx n n||ysnn. uynamenrantntm crponrentntm nokom DES xnnxercx npnmenenne k re k-
cry ennnunon komnnannn +rnx meroon (nocranonka, a sa nen - nepecranonka), sanncxmen or knmua. Takon
nok nastnaercx +ranom. DES cocronr ns 16 +ranon, onnakonax komnnannx meroon npnmenxercx k orkptromy
rekcry 16 pas (cm. 11-n).
L
0
K2
K
1
R
0
IP
OfkpLfL fekcf
f
L
1
=R
0 R
1
= L
0
f
(R
0
,K
1
)
f
L2=R1 R2= L1
f
(R1,K
1
)
K16
L15=R14 R15= L14
f
(R14,K15)
f
L16=R15 R16= L15
f
(R15,K16)
IP
-1
Luqpofekcf
Pnc. 12-1. DES.
Anropnrm ncnontsyer rontko cranaprnym apn|mernky 64-nrontx uncen n nornueckne onepannn, no+romy on
nerko peannsontnancx n annaparype nropon nononnnt 70-x. Hsonnne nonropennn n anropnrme enaer ero n e-
antntm nx peannsannn n cnennannsnponannon mnkpocxeme. Hepnonauantnte nporpammnte peannsannn tnn
onontno neyknmxn, no ceronxmnne nporpammt namnoro nyume.
Cxea aueopuma
DES paoraer c 64-nrontm nokom orkptroro rekcra. Hocne nepnonauantnon nepecranonkn nok pasnnaercx
na npanym n nenym nononnnt nnnon no 32 nra. 3arem ntnonnxercx 16 +ranon onnakontx encrnnn, nastna e-
mtx |ynknnen f, n koroptx annte oennxmrcx c knmuom. Hocne mecrnanaroro +rana npanax n nenax nonon n-
nt oennxmrcx n anropnrm sanepmaercx saknmunrentnon nepecranonkon (oparnon no ornomennm k nepnon a-
uantnon).
Ha kaxom +rane (cm. 10-n) nrt knmua cnnramrcx, n sarem ns 56 nron knmua ntnpamrcx 48 nron. Hp a-
nax nononnna anntx ynennunnaercx o 48 nron c nomomtm nepecranonkn c pacmnpennem, oennxercx n o-
cpecrnom XOR c 48 nramn cmemennoro n nepecrannennoro knmua, npoxonr uepes 8 S-nokon, opasyx 32 n o-
ntx nra, n nepecrannxercx cnona. 3rn uertpe onepannn n ntnonnxmrcx |ynknnen f. 3arem pesyntrar |ynknnn f
oennxercx c nenon nononnnon c nomomtm pyroro XOR. B nrore +rnx encrnnn noxnnxercx nonax npanax n o-
nonnna, a crapax npanax nononnna cranonnrcx nonon nenon. 3rn encrnnx nonropxmrcx 16 pas, opasyx 16 +ranon
DES.
Hepecfauoeka e
P-
noke
Cpeur Cpeur
Knk
Knk
R
i-1
L
i-1
Hepecfauoeka c
pacmupeuuer
Hopcfauoeka
e
S-
noke
R
i
L
i
Hepecfauoeka
co cafuer
Pnc. 12-2. Onn +1an DES.
Ecnn B
i
- +ro pesyntrar i-on nrepannn, L
i
n R
i
- nenax n npanax nononnnt B
i
, K
i
- 48-nrontn knmu nx +rana i,
a f - +ro |ynknnx, ntnonnxmmne nce nocranonkn, nepecranonkn n XOR c knmuom, ro +ran moxno npecrannrt
kak:
L
i
R
i-1
R
i
L
i-1
f(R
i-1
, K
i
)
Hauauouaa nepecmauoera
Hauantnax nepecranonka ntnonnxercx eme o +rana 1, npn +rom nxonon nok nepecrannxercx, kak nokasano n
11-n. 3ry n nce pyrne rannnt +ron rnant nao unrart cnena nanpano n cnepxy nnns. Hanpnmep, nauantnax nep e-
cranonka nepememaer nr 58 n nronym nosnnnm 1, nr 50 - n nronym nosnnnm 2, nr 42 - n nronym nosnnnm
3, n rak anee.
Tan. 12-1.
Hauannnau nepec1anonxa
58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
Hauantnax nepecranonka n coornercrnymmax saknmunrentnax nepecranonka ne nnnxmr na esonacnocrt DES.
(Kak moxno nerko samernrt, +ra nepecranonka n nepnym ouepet cnyxnr nx oneruennx noanrnon sarpyskn a n-
ntx orkptroro rekcra n mn|porekcra n mnkpocxemy DES. He satnanre, uro DES noxnnncx pantme 16- n 32-
nrontx mnkponponeccopntx mnn.) Tak kak nporpammnax peannsannx +ron mnoronronon nepecranonkn nenerka
(n ornnune or rpnnnantnon annaparnon), no mnornx nporpammntx peannsannxx DES nauantnax n saknmunren t-
nte nepecranonkn ne ncnontsymrcx. Xorx rakon nontn anropnrm ne menee esonacen, uem DES, on ne coornerc r-
nyer cranapry DES n, no+romy, ne moxer nastnartcx DES.
Hpeopasoeauua rumua
Cnauana 64-nrontn knmu DES ymentmaercx o 56-nronoro knmua orpactnannem kaxoro noctmoro nra,
kak nokasano n 10-n. 3rn nrt ncnontsymrcx rontko nx konrponx uernocrn, nosnonxx nponepxrt npannntnocrt
knmua. Hocne nsnneuennx 56-nronoro knmua nx kaxoro ns 16 +ranon DES renepnpyercx nontn 48-nrontn
noxnmu. 3rn noknmun, K
i
, onpeenxmrcx cneymmnm opasom.
Tan. 12-2.
Hepec1anonxa xnmua
57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
Bo nepntx, 56-nrontn knmu ennrcx na ne 28-nrontx nononnnkn. 3arem, nononnnkn nnknnueckn cnnr a-
mrcx naneno na onn nnn na nra n sanncnmocrn or +rana. 3ror cnnr nokasan n 9-n.
Tan. 12-3.
Hncno n1on cnnra xnmua n sanncnuoc1n o1 +1ana
3ran 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
uncno 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
Hocne cnnra ntnpaercx 48 ns 56 nron. Tak kak npn +rom ne rontko ntnpaercx nomnoxecrno nron, no n
nsmenxercx nx nopxok, +ra onepannx nastnaercx nepec1anonxa co caa1neu. Ee pesyntrarom xnnxercx naop ns
48 nron. Hepecranonka co cxarnem (rakxe nastnaemax nepecrannenntm ntopom) onpeenena n 8-n. Hanpnmep,
nr cnnnyroro knmua n nosnnnn 33 nepememaercx n nosnnnm 35 pesyntrara, a 18-n nr cnnnyroro knmua orp a-
ctnaercx.
Tan. 12-4.
Hepec1anonxa co caa1neu
14, 17, 11, 2,4, 1, 5, 3, 28, 15, 6, 21, 10,
23, 19, 11, 4, 26, 8, 16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
Hs-sa cnnra nx kaxoro noknmua ncnontsyercx ornnunoe nomnoxecrno nron knmua. Kaxtn nr ncnon t-
syercx npnnnsnrentno n 14 ns 16 noknmuen, xorx ne nce nrt ncnontsymrcx n rounocrn onnakonoe uncno pas.
Hepecmauoera c pacuupeuue
3ra onepannx pacmnpxer npanym nononnny anntx, R
i
, or 32 o 48 nron. Tak kak npn +rom ne npocro nonr o-
pxmrcx onpeenennte nrt, no n nsmenxercx nx nopxok, +ra onepannx nastnaercx nepec1anonxon c pacmnpe-
nneu. V nee ne saaun: npnnecrn pasmep npanon nononnnt n coornercrnne c knmuom nx onepannn XOR n non y-
unrt onee nnnntn pesyntrar, koroptn moxno yer cxart n xoe onepannn nocranonkn. Onako rnanntn
kpnnrorpa|nuecknn cmtcn concem n pyrom. 3a cuer nnnxnnx onoro nra na ne nocranonkn tcrpee nospacraer
sanncnmocrt nron pesyntrara or nron ncxontx anntx. 3ro nastnaercx nannnnmu +qqex1ou. DES cnpoek-
rnponan rak, urot kak moxno tcrpee onrtcx sanncnmocrn kaxoro nra mn|porekcra or kaxoro nra o r-
kptroro rekcra n kaxoro nra knmua.
Hepecranonka c pacmnpennem nokasana na 9-n. Hnora ona nastnaercx E-noxou (or expansion). nx kaxoro
4-nronoro nxonoro noka nepntn n uerneprtn nr npecrannxmr coon na nra ntxonoro noka, a nropon n
rpernn nrt - onn nr ntxonoro noka. B 7-n nokasano, kakne nosnnnn pesyntrara coornercrnymr kaknm nos n-
nnxm ncxontx anntx. Hanpnmep, nr nxonoro noka n nosnnnn 3 nepemecrnrcx n nosnnnm 4 ntxonoro noka,
a nr nxonoro noka n nosnnnn 21 - n nosnnnn 30 n 32 ntxonoro noka.
4 3 2
32
48
1
4 3 2 6 5 1
8 7 6 5
10 9 8 12 11 7
12 11 10 9
16 15 14 18 17 13
16 15 14 13
22 21 20 24 23 19
Pnc. 12-3. Hepec1anonxa c pacmnpenneu.
Xorx ntxonon nok ontme nxonoro, kaxtn nxonon nok renepnpyer ynnkantntn ntxonon nok.
Tan. 12-5.
Hepec1anonxa c pacmnpenneu
32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
8, 9, 10, 11, 12., 13, 12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
Hocmauoera c noouom S-uoroe
Hocne oennennx cxaroro noka c pacmnpenntm nokom c nomomtm XOR na 48-nrontm pesyntrarom
ntnonnxercx onepannx nocranonkn. Hocranonkn nponsnoxrcx n noctmn noxax noc1anonxn, nnn S-noxax
(or substitution). V kaxoro S-noka 6-nrontn nxo n 4-nrontn ntxo, ncero ncnontsyercx nocemt pasnnuntx
S-nokon. (nx noctmn S-nokon DES norpeyercx 256 anron namxrn.) 48 nron enxrcx na nocemt 6-nrontx
nonoka. Kaxtn orentntn nonok opaartnaercx orentntm S-nokom: nepntn nonok - S-nokom 1, nr o-
pon - S-nokom 2, n rak anee. Cm. 8-n.
32-ufoeL eLxop
46-ufoeL exop
S-
nok 1
S-
nok 2
S-
nok 3
S-
nok 4
S-
nok 5
S-
nok 6
S-
nok 7
S-
nok 8
Pnc. 12-4. Hoc1anonxa - S-noxn.
Kaxtn S-nok npecrannxer coon rannny ns 2 crpok n 16 cronnon. Kaxtn +nemenr n noke xnnxercx 4-
nrontm uncnom. Ho 6 nxontm nram S-noka onpeenxercx, no kaknmn nomepamn cronnon n crpok nckart
ntxonoe snauenne. Bce nocemt S-nokon nokasant n 6-n.
Tan. 12-6.
S-noxn
S-nok 1:
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12., 5, 9, 0, 7,
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12., 11, 9, 5, 3, 8,
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
S-nok 2:
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
S-nok 3:
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
S-nok 4:
7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
13, 8, 11, 5, 6. 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
S-nok 5:
2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
S-nok 6:
12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
S-nok 7:
4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
S-nok 8:
13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
Bxonte nrt ocotm opasom onpeenxmr +nemenr S-noka. Paccmorpnm 6-nrontn nxo S-noka: b
1
, b
2
, b
3
,
b
4
, b
5
n b
6
. Fnrt b
1
n b
6
oennxmrcx, opasyx 2-nronoe uncno or 0 o 3, coornercrnymmee crpoke rannnt.
Cpenne 4 nra, c b
2
no b
5
, oennxmrcx, opasyx 4-nronoe uncno or 0 o 15, coornercrnymmee cronny ran n-
nt.
Hanpnmep, nycrt na nxo mecroro S-noka (r.e., nrt |ynknnn XOR c 31 no 36) nonaaer 110011. Hepntn n
nocnennn nr, oennxxct, opasymr 11, uro coornercrnyer crpoke 3 mecroro S-noka. Cpenne 4 nra opas y-
mr 1001, uro coornercrnyer cronny 9 roro xe S-noka. 3nemenr S-noka 6, naxoxmnncx na nepeceuennn crpokn
3 n cronna 9, - +ro 14. (He satnanre, uro crpokn n cronnt nymepymrcx c 0, a ne c 1.) Bmecro 110011 nocra n-
nxercx 1110.
Koneuno xe, namnoro nerue peannsonart S-nokn nporpammno n nne maccnnon c 64 +nemenramn. nx +roro
norpeyercx nepeynopxounrt +nemenrt, uro ne xnnxercx rpynon saauen. (Hsmennrt nnekct, ne nsmenxx nop x-
ok +nemenron, neocrarouno. S-nokn cnpoekrnponant ouent rmarentno.) Onako rakon cnoco onncannx S-
nokon nomoraer nonxrt, kak onn paoramr. Kaxtn S-nok moxno paccmarpnnart kak |ynknnm nocranonkn 4-
nronoro +nemenra: b
2
no b
5
xnnxmrcx nxoom, a nekoropoe 4-nronoe uncno - pesyntrarom. Fnrt b
1
n b
6
onpee-
nxmrcx cocennmn nokamn, onn onpeenxmr ony ns uertpex |ynknnn nocranonkn, nosmoxntx n annom S-
noke.
Hocranonka c nomomtm S-nokon xnnxercx knmuentm +ranom DES. pyrne encrnnx anropnrma nnnennt n
nerko noamrcx anannsy. S-nokn nennnennt, n nmenno onn n ontmen crenenn, uem nce ocrantnoe, oecneu n-
namr esonacnocrt DES.
B pesyntrare +roro +rana nocranonkn nonyuamrcx nocemt 4-nrontx nokon, koropte nnont oennxmrcx n
enntn 32-nrontn nok. 3ror nok nocrynaer na nxo cneymmero +rana - nepecranonkn c nomomtm P-nokon.
Hepecmauoera c noouom P-uoroe
32-nrontn ntxo nocranonkn c nomomtm S-nokon, neperacontnamrcx n coornercrnnn c P-nokom. 3ra n e-
pecranonka nepememaer kaxtn nxonon nr n pyrym nosnnnm, nn onn nr ne ncnontsyercx naxt, n nn onn
nr ne nrnopnpyercx. 3ror nponecc nastnaercx npxmon nepecranonkon nnn npocro nepecranonkon. Hosnnnn, n
koropte nepememamrcx nrt, nokasant n 5-n. Hanpnmep, nr 21 nepememaercx n nosnnnm 4, a nr 4 - n nosnnnm
31.
Tan. 12-7.
Hepec1anonxa c nouomnm P-noxon
16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
Hakonen, pesyntrar nepecranonkn c nomomtm P-noka oennxercx nocpecrnom XOR c nenon nononnnon
nepnonauantnoro 64-nronoro noka. 3arem nenax n npanax nononnnt menxmrcx mecramn, n naunnaercx cney m-
mnn +ran.
3arumuumeuouaa nepecmauoera
3aknmunrentnax nepecranonka xnnxercx oparnon no ornomennm k nauantnon nepecranonkn n onncana n 4-n.
Oparnre nnnmanne, uro nenax n npanax nononnnt ne menxmrcx mecramn nocne nocnenero +rana DES, nmecro
+roro oennenntn nok R
16
L
16
ncnontsyercx kak nxo saknmunrentnon nepecranonkn. B +rom ner nnuero oc o-
ennoro, nepecranonka nononnnok c nocneymmnm nnknnuecknm cnnrom npnnena t k rouno rakomy xe pesyn t-
rary. 3ro cenano nx roro, urot anropnrm moxno tno ncnontsonart kak nx mn|ponannx, rak n nx emn|p n-
ponannx.
Tan. 12-8.
3axnmun1ennnau nepec1anonxa
40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
euuqpupoeauue DES
Hocne ncex nocranonok, nepecranonok, onepannn XOR n nnknnuecknx cnnron moxno noymart, uro anr o-
pnrm emn|pnponannx, pesko ornnuaxct or anropnrma mn|ponannx, rouno rakxe sanyran. Hanpornn, pasnnunte
komnonenrt DES tnn noopant rak, urot ntnonnxnoct ouent nonesnoe cnoncrno: nx mn|ponannx n emn |-
pnponannx ncnontsyercx onn n ror xe anropnrm.
DES nosnonxer ncnontsonart nx mn|ponannx nnn emn|pnponannx noka ony n ry xe |ynknnm. Ennc r-
nennoe ornnune cocronr n rom, uro knmun onxnt ncnontsonartcx n oparnom nopxke. To ecrt, ecnn na +ranax
mn|ponannx ncnontsonannct knmun K
1
, K
2
, K
3
, ..., K
16
, ro knmuamn emn|pnponannx yyr K
16
, K
15
, K
14
, ..., K
1
.
Anropnrm, koroptn cosaer knmu nx kaxoro +rana, rakxe nnknnuen. Knmu cnnraercx nanpano, a uncno nos n-
nnn cnnra panno 0, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1.
Pexum DES
EIPS PUB 81 onpeenxer uertpe pexnma paort: ECB, CBC, OEB n CEB (cm. rnany 9) |1143]. Fankonckne
cranaprt ANSI onpeenxmr nx mn|ponannx ECB n CBC, a nx nponepkn nonnnnocrn - CBC n n-nrontn CEB
|52].
B mnpe nporpammnoro oecneuennx ceprn|nkannx otuno ne naxna. Hs-sa cnoen npocrort n ontmnncrne
cymecrnymmnx kommepuecknx nporpamm ncnontsyercx ECB, xorx +ror pexnm nanonee uyncrnnrenen k nckp t-
rnm. CBC ncnontsyercx peko necmorpx na ro, uro on nnmt nesnaunrentno cnoxnee, uem ECB, n oecneunnaer
ontmym esonacnocrt.
Annapamume u npoepaume peauusauuu DES
O +||ekrnnntx annaparntx n nporpammntx peannsannxx anropnrma mnoro nncanoct |997, 81, 533, 534, 437,
738, 1573, 176, 271, 1572]. Vrnepxaercx, uro camon tcrpon xnnxercx mnkpocxema DES, paspaorannax n Digital
Equipment Corporation |512]. Ona noepxnnaer pexnmt ECB n CBC n ocnonana na nenrnntnon marpnne GaAs,
cocroxmen ns 50000 rpansncropon. annte moryr samn|pontnartcx n emn|pnponartcx co ckopocrtm 1 rnranr
n cekyny, opaartnax 16.8 mnnnnonon nokon n cekyny. 3ro nneuarnxer. Hapamerpt pxa kommepuecknx mn k-
pocxem DES npnneent n 3-n. Kaxymnecx npornnopeunx mexy rakronon uacroron n ckopocrtm opaorkn a n-
ntx oycnonnent konnenepnsannen nnyrpn mnkpocxemt, n koropon moxer trt peannsonano neckontko pa o-
rammnx napannentno DES-mexannsmon.
Hanonee ntammencx mnkpocxemon DES xnnxercx 6868 VLSI (panee nastnanmaxcx "Gatekeeper'' - Bparapt).
Ona ne rontko moxer ntnonnxrt mn|ponanne DES sa 8 rakron (naoparopnte nporornnt moryr enart +ro sa 4
rakra), no rakxe ntnonnxrt rpoekparntn DES n pexnme ECB sa 25 rakron, a rpoekparntn DES n pexnmax OEB
nnn CBC - sa 35 akron. Mne +ro kaxercx nenosmoxntm, no ynepxm nac, ona nmenno rak n paoraer.
Hporpammnax peannsannx DES na m+nn|penme IBM 3090 moxer ntnonnnrt 32000 mn|ponannn DES n ceky n-
y. Ha pyrnx nnar|opmax ckopocrt nnxe, no nce panno ocrarouno nennka. B 2-n |603, 793] npnneent encrnn-
rentnte pesyntrart n onenkn nx pasnnuntx mnkponponeccopon Intel n Motorola.
Tan. 12-9.
Kouuepuecxne unxpocxeum DES
Hponsnonrent Mnkpocxema Io Takronax uacrora Ckopocrt anntx ocrynnocrt
AMD Am9518 1981 3 MIn l.3 Manr/c H
AMD Am9568 ? 4 MIn l.5 Manr/c H
AMD AmZ8068 1982 4 MIn l.7 Manr/c H
AT&T T7000A 1985 ? l.9 Manr/c H
CE-Infosys SuperCrypt
CE99C003
1992 20 MIn 12.5 Manr/c
CE-Infosys SuperCrypt
CE99C003A
1994 30 MIn 20.0 Manr/c
Cryptech Cry12C102 1989 20 MIn 2.8 Manr/c
Newbridge CA20C03A 1991 25 MIn 3.85 Manr/c
Newbridge CA20C03W 1992 8 MIn 0.64 Manr/c
Newbridge CA95C68/18/0
9
1993 33 MIn 14.67 Manr/c
Pijnenburg PCC100 ? ? 2.5 Manr/c
Semaphore
Communications
Roadrunner284 ? 40 MIn 35.5 Manr/c
VLSI Technology VM007 1993 32 MIn 200.0 Manr/c
VLSI Technology VM009 1993 33 MIn 14.0
VLSI Technology 6868 1995 32 MIn 64.0 Manr/c
Western Digital WD2001/2002 1984 3 MIn 0.23 Manr/c H
Tan. 12-10.
Cxopoc1n DES na pasnnunmx unxponponeccopax n xounnm1epax
Hponeccop Ckopocrt (n MIn) Fnokn DES (n c)
8088 4.7 370
68000 7.6 900
80286 6 1100
68020 16 3500
68030 16 3900
80386 25 5000
68030 50 10000
68040 25 16000
68040 40 23000
80486 66 43000
Sun ELC 26000
HyperSparc 32000
RS6000-350 53000
Sparc 10/52 84000
DEC Alpha 4000/610 154000
HP9000/887 125 196,000
12.3 Besonacnoc1u DES
hmn anno nnrepecymrcx esonacnocrtm DES |458]. Ftno mnoro paccyxennn o nnne knmua, konnuecrne
nrepannn n cxeme S-nokon. S-nokn tnn nanonee ranncrnenntmn - kakne-ro koncranrt, es nnnmoro ox c-
nennx nx uero n sauem onn nyxnt. Xorx IBM yrnepxana, uro paora anropnrma tna pesyntrarom 17 uenoneko-
ner nnrencnnnoro kpnnroanannsa, nekoropte nmn onacannct, uro NSA ncrannno n anropnrm nasenky, koropax
nosnonnr arenrcrny nerko emn|pnponart nepexnauennte coo mennx.
Komnrer no pasneke Cenara CBA upesntuanno rmarentno paccneonan +ror nonpoc n 1978 roy. Pesyntrart
paort komnrera tnn sacekpeuent, no n orkptrtx nrorax +roro paccneonannx c NSA tnn cnxrt nce onnn e-
nnx n neymecrnom nmemarentcrne n npoekrnponanne anropnrma |1552]. "Ftno ckasano, uro NSA yenno IBM n
ocrarounocrn onee koporkoro knmua, kocnenno nomorno paspaorart crpykrypt S-nokon n nornepnno, uro n
okonuarentnom napnanre DES, c yuerom ncex snannn NSA, orcyrcrnonann crarncrnueckne nnn maremarnueckne
pemn " |435]. Onako, rak kak npannrentcrno ne onynnkonano noponocrn paccneonannx, mnornx nmen y e-
nrt ne yanoct.
Taumen (Tuchman) n Manep (Meyer), paspaoranmne DES kpnnrorpa|t IBM, saxnnnn, uro NSA ne nsmenxno
npoekr |841]:
Hx ocnonntm noxoom tn nonck cnntntx nocranonok, nepecranonok n |ynknnn nnannponannx knmuen. . . . IBM no
npocte NSA sacekpernno nn|opmannm, kacammymcx kpnrepnen ntopa. ... "NSA coomnno nam, uro mt camocroxrentno san o-
no orkptnn px cekperon, ncnontsyemtx nx cosannx nx cocrnenntx anropnrmon", - o xcnxer Taumen.
Hosxe n onon ns craren Taumen nncan: "Anropnrm DES tn nonnocrtm paspaoran nnyrpn IBM ee corpy -
nnkamn. NSA ne nponkronano nn ennon cnxsn!" Taumen nornepnn +ro yrnepxenne n cnoem oknae no ncr o-
pnn DES na Hannonantnon kon|epennnn no komntmrepnon esonacnocrn (National Computer Security Conference)
n 1992 roy.
C pyron cropont, Konnepcmnr nncan |373, 374]: "Arenrcrno nannonantnon esonacnocrn (NSA) rakxe nom o-
rano IBM rexnnuecknmn coneramn." A Konxenm (Konheim) yrnepxan: "Mt nocnann S-nokn n Bamnnrron. Onn
nepnynnct nonnocrtm nepepaoranntmn. Mt nponepnnn nx, n onn npomnn namy nponepky." Ha +ror |akr n cc t-
namrcx kak na okasarentcrno, uro NSA ncrannno nasenky n DES. Ho nonpocy o kakom-nno npenamepennom o c-
nanennn DES NSA saxnnno |363]:
Ornocnrentno Cranapra mn|ponannx anntx (DES) mt cunraem, uro orner na nam nonpoc o ponn NSA n paspaorke DES
coepxnrcx n onynnkonanntx nrorax paccneonannx Komnrera Cenara no pasneke, nponeennoro n 1978 roy. B coomennn
Komnrera ykastnaercx, uro NSA nnkonm opasom ne nckaxano anropnrm, n uro esonacnocrt, npeocrannxemax DES nx nece k-
perntx anntx, c nentm samnrt koroptx on n tn paspaoran, tna onee uem aeknarna n reuenne no kpannen mepe 5-10 ner.
Kopoue ronopx, NSA ne nnocnno n ne ntranoct nnocnrt nnkaknx ocnanennn n anropnrm DES.
Tora nouemy onn nsmennnn S-nokn? Moxer trt, urot rapanrnponart, uro nasenka ne yer ncrpoena n
DES camon IBM. V NSA ne tno npnunn onepxrt nccneonarenxm IBM, n ono morno pemnrt, uro ne o konna
ncnonnnr cnon onr, ecnn ne oecneunr orcyrcrnne naseek n DES. 3aanne S-nokon n morno trt onnm ns cn o-
coon rapanrnponart +ro.
Concem neanno nonte pesyntrart kpnnroanannsa npoxcnnnn +ror nonpoc, koroptn n reuenne mnornx ner tn
npemerom cnekynxnnn.
Cuame rumuu
Hs-sa roro, uro nepnonauantntn knmu nsmenxercx npn nonyuennn noknmua nx kaxoro +rana anropnrma,
onpeenennte nepnonauantnte knmun xnnxmrcx cnamun |721, 427]. Bcnomnnre, nepnonauantnoe snauenne
pacmennxercx na ne nononnnt, kaxax ns koroptx cnnraercx nesanncnmo. Ecnn nce nrt kaxon nononnnt
pannt 0 nnn 1, ro nx ncex +ranon anropnrma ncnontsyercx onn n ror xe knmu. 3ro moxer nponsonrn, ecnn knmu
cocronr ns onnx 1, ns onnx 0, nnn ecnn ona nononnna knmua cocronr ns onnx 1, a pyrax - ns onnx 0. Kpome
roro, y na cnatx knmua onaamr pyrnmn cnoncrnamn, cnnxammnmn nx esonacnocrt |427].
uertpe cnatx knmua nokasant n mecrnanarnpnunom nne n 1-n. (He satnanre, uro kaxtn noctmon nr -
+ro nr uernocrn.)
Tan. 12-11.
Cname xnmun DES
3nauenne cnaoro knmua (c nramn uernocrn) encrnnrentntn knmu
0101 0101 0101 0101 0000000 0000000
1E1E 1E1E 0E0E 0E0E 0000000 EEEEEEE
E0E0 E0E0 E1E1 E1E1 EEEEEEE 0000000
EEEE EEEE EEEE EEEE EEEEEEE EEEEEEE
Kpome roro, nekoropte napt knmuen npn mn|ponannn nepenoxr orkptrtn rekcr n nenrnuntn mn|porekcr.
Hntmn cnonamn, onn ns knmuen napt moxer pacmn|ponart coomennx, samn|ponannte pyrnm knmuom napt.
3ro nponcxonr ns-sa meroa, ncnontsyemoro DES nx renepannn noknmuen - nmecro 16 pasnnuntx noknmuen
+rn knmun renepnpymr rontko na pasnnuntx noknmua. B anropnrme kaxtn ns +rnx noknmuen ncnontsyercx
nocemt pas. 3rn knmun, nastnaemte nonycnamun xnmuaun, n mecrnanarnpnunom nne npnneent n 0-n.
Tan. 12-12.
Honycname napm xnmuen DES
01EE 01EE 01EE 01EE n EE01 EE01 EE01 EE01
1EE0 1EE0 0EE1 0EE1 n E01E E01E E10E E10E
01E0 01E0 01E1 01E1 n E001 E001 E101 E101
1EEE 1EEE 0EEE 0EEE n EE1E EE1E EE0E EE0E
011E 011E 010E 010E n 1E01 1E01 0E01 0E01
E0EE E0EE E1EE E1EE n EEE0 EEE0 EEE1 EEE1
Px knmuen renepnpyer rontko uertpe noknmua, kaxtn ns koroptx uertpe pasa ncnontsyercx n anropnrme.
3rn nosuoano cname xnmun nepeuncnent n -1-n.
Tan. 12-13.
Bosuoano cname xnmun DES
1E 1E 01 01 0E 0E 01 01 E0 01 01 E0 E1 01 01 E1
01 1E 1E 01 01 0E 0E 01 EE 1E 01 E0 EE 0E 01 E1
1E 01 01 1E 0E 01 01 0E EE 01 1E E0 EE 01 0E E1
01 01 1E 1E 01 01 0E 0E E0 1E 1E E0 E1 0E 0E E1
E0 E0 01 01 E1 E1 01 01 EE 01 01 EE EE 01 01 EE
EE EE 01 01 EE EE 01 01 E0 1E 01 EE E1 0E 01 EE
EE E0 1E 01 EE E1 0E 01 E0 01 1E EE E1 01 0E EE
E0 EE 1E 01 E1 EE 0E 01 EE 1E 1E EE EE 0E 0E EE
EE E0 01 1E EE E1 01 0E 1E EE 01 E0 0E EE 01 E1
E0 EE 01 1E E1 EE 01 0E 01 EE 1E E0 01 EE 0E E1
E0 E0 1E 1E E1 E1 0E 0E 1E E0 01 EE 0E E1 01 EE
EE EE 1E 1E EE EE 0E 0E 01 E0 1E EE 01 E1 0E EE
EE 1E E0 01 EE 0E E1 01 01 01 E0 E0 01 01 E1 E1
E0 1E EE 01 E1 0E EE 01 1E 1E E0 E0 0E 0E E1 E1
EE 01 E0 1E EE 01 E1 0E 1E 01 EE E0 0E 01 EE E1
E0 01 EE 1E E1 01 EE 0E 01 1E EE E0 01 0E EE E1
01 E0 E0 01 01 E1 E1 01 1E 01 E0 EE 0E 01 E1 EE
1E EE E0 01 0E EE E0 01 01 1E E0 EE 01 0E E1 EE
1E E0 EE 01 0E E1 EE 01 01 01 EE EE 01 01 EE EE
01 EE EE 01 01 EE EE 01 1E 1E EE EE 0E 0E EE EE
1E E0 E0 1E 0E E1 E1 0E EE EE E0 E0 EE EE E1 E1
01 EE E0 1E 01 EE E1 0E E0 EE EE E0 E1 EE EE E1
01 E0 EE 1E 01 E1 EE 0E EE E0 E0 EE EE E1 E1 EE
1E EE EE 1E 0E EE EE 0E E0 E0 EE EE E1 E1 EE EE
Hpexe, uem nopnnart DES cnate knmun, oparnre nnnmanne na ro, uro +rn 64 knmua - +ro kpomeunax uacrt
nonnoro naopa ns 72057594037927936 nosmoxntx knmuen. Ecnn nt ntnpaere knmu cnyuanno, nepoxrnocrt
ntpart onn ns cnatx knmuen npenepexnmo mana. Ecnn nt nacroxmnn napanonk, moxere ncera nponepxrt
"na cnaocrt" crenepnponanntn knmu. Hekoropte ymamr, uro neuero n ecnokonrtcx na +ror cuer. pyrne y r-
nepxamr, uro nponepka ouent nerka, nouemy t ee n ne n tnonnnrt.
antnenmnn ananns cnatx n nonycnatx knmuen npnneen n |1116]. pyrnx cnatx knmuen n nponecce n c-
cneonannn naneno ne tno.
Kumuu-onouueuua
Btnonnnm nonrnoe ononnenne knmua, samenxx nce 0 na 1 n nce 1 - na 0. Tenept, ecnn nok orkptroro rekcra
samn|ponan opnrnnantntm knmuom, ro ononnenne knmua npn mn|ponannn npenparnr ononnenne noka o r-
kptroro rekcra n ononnenne noka mn|porekcra. Ecnn x' oosnauaer ononnenne x, ro cneymmee nepno:
E
K
(P) C
E
K
(P') C
B +rom ner nnuero ranncrnennoro. Ha kaxom +rane nocne nepecranonkn c pacmnpennem noknmun nonepr a-
mrcx onepannn XOR c npanon nononnnon. Hpxmtm cnecrnnem +roro |akra n xnnxercx npnneennoe cnoncrno
komnnnmenrapnocrn.
3ro osnauaer, uro npn ntnonnennn nckptrnx DES c ntpanntm orkptrtm rekcrom nyxno nponepxrt rontko
nononnny nosmoxntx knmuen: 2
55
nmecro 2
56
|1080]. 3nn Fnxam (Eli Biham) n An Bamnp nokasann |172], uro
cymecrnyer nckptrne c nsnecrntm orkptrtm rekcrom, nmemmee ry xe cnoxnocrt, nx koroporo nyxno ne mentme
2
33
nsnecrntx orkptrtx rekcron.
Ocraercx nonpocom, xnnxercx nn rakoe cnoncrno cnaocrtm, rak kak n ontmnncrne coomennn ner komnn n-
menrapntx nokon orkptroro rekcra (nx cnyuannoro orkptroro rekcra manct "npornn" upesntuanno nennkn), a
nontsonarenen moxno npeynpenrt ne nontsonartcx ononnxmmnmn.
Aueepauuecraa cmpyrmypa
Bce nosmoxnte 64-nronte nokn orkptroro rekcra moxno oropasnrt na 64-nronte nokn mn|porekcra
2
64
! Pasnnuntmn cnocoamn. Anropnrm DES, ncnontsyx 56-nrontn knmu, npeocrannxer nam 2
56
(npnnnsnrentno 10
17
) raknx oropaxennn. Hcnontsonanne mnorokparnoro mn|ponannx na nepntn nsrnx nosn o-
nxer snaunrentno ynennunrt onm nosmoxntx oropaxennn. Ho +ro npannntno rontko, ecnn encrnne DES ne
onaaer onpeenennon anrepanueckon crpykrypon.
Ecnn t DES tn sauxny1mu, ro nx nmtx K
1
n K
2
ncera cymecrnonano t rakoe K
3
, uro
E E P E P
K K K
2 1 3
( ( )) ( ) =
pyrnmn cnonamn, onepannx mn|ponannx DES opasonana t rpynny, n mn|ponanne naopa nokon orkptr o-
ro rekcra nocneonarentno c nomomtm K1 n K2 tno t nenrnuno mn|ponannm nokon knmuom K3. uro eme
xyxe, DES tn t uyncrnnrenen k nckptrnm "ncrpeua nocepenne" c nsnecrntm orkptrtm rekcrom, nx koroporo
norpeonanoct t rontko 2
28
+ranon |807].
Ecnn t DES tn unc1mu, ro nx nmtx K
1
, K
2
n K
3
ncera cymecrnonano t rakoe K
4
, uro
E E E P E P
K K K K
3 2 1 4
( ( ( ))) ( ) =
Tponnoe mn|ponanne tno t ecnonesntm. (3amertre, uro samknyrtn mn|p oxsarentno xnnxercx n un c-
rtm, no uncrtn mn|p ne oxsarentno xnnxercx samknyrtm.)
Px nockasok moxno nanrn n pannen reopernueckon paore ona Konnepcmnra, no +roro neocrarouno |377].
Pasnnunte kpnnrorpa|t ntrannct pemnrt +ry nponemy |588, 427, 431, 527, 723, 789]. B nonropxmmnxcx +kcn e-
pnmenrax conpannct "neonponepxnmte okasarentcrna" roro, uro DES ne xnnxercx rpynnon |807, 371, 808,
1116, 809], no rontko n 1992 roy kpnnrorpa|am yanoct +ro okasart okonuarentno |293]. Konnepcmnr yrne p-
xaer, uro komana IBM snana o +rom c camoro n auana.
uuua rumua
B opnrnnantnon saxnke |npmt IBM n NBS npenonaranoct ncnontsonart 112-nrontn knmu. K romy npemenn,
kora DES cranaprom, nnna knmua ymentmnnact o 56 nr. Mnorne kpnnrorpa|t nacrannann na onee nn n-
nom knmue. Ocnonntm nx aprymenrom tno nckptrne rpyon cnnon (cm. pasen 7.1).
B 1976 n 1977 rr. n||n n Xennman yrnepxann, uro cnennannsnponanntn napannentntn komntmrep nx
nckptrnx DES, croxmnn 20 mnnnnonon onnapon, cmoxer packptrt knmu sa ent. B 1981 roy n||n ynennunn
npemx noncka o nyx nen, a cronmocrt - o 50 mnnnnonon onnapon |491]. n||n n Xennman yrnepxann, uro
nckptrne n ror momenr npemenn naxonnoct sa npeenamn nosmoxnocren nmon oprannsannn, kpome noontx
NSA, no uro k 1990 roy DES onxen nonnocrtm yrparnrt cnom esonacnocrt |714].
Xennman |716] npoemoncrpnponan eme onn aprymenr npornn manoro pasmepa knmua: pasmennnax oem n a-
mxrn na npemx, moxno yckopnrt nponecc noncka. On npenoxnn ntuncnxrt n xpannrt 2
56
nosmoxntx pesyntraron
mn|ponannx kaxtm nosmoxntm knmuom enncrnennoro noka orkptroro rekcra. Tora nx nsnoma nensnecrn o-
ro knmua kpnnroanannrnky norpeyercx rontko ncrannrt nok orkptroro rekcra n mn|pyemtn norok, nckptrt
nonyunnmnncx pesyntrar n nanrn knmu. Xennman onennn cronmocrt rakoro ycrponcrna nckptrnx n 5 mnnnnonon
onnapon.
Aprymenrt sa n npornn cymecrnonannx n kakom-nnyt rannom ynkepe npannrentcrnennoro ycrponcrna
nckptrnx DES npoonxamr noxnnxrtcx. Mnorne ykastnamr na ro, uro cpenee npemx napaorkn na orkas nx
mnkpocxem DES nnkora ne tno ontmnm nacrontko, urot oecneunnart paory ycrponcrna. B |1278] tno
nokasano, uro +roro nospaxennx onee uem ocrarouno. pyrne nccneonarenn npenaramr cnocot eme ontme
yckopnrt nponecc n ymentmnrt +||ekr orkasa mnkpocxem.
Mexy rem, annaparnte peannsannn DES nocrenenno npnnnsnnnct k peannsannn rpeonannx o mnnnnone
mn|ponannn n cekyny, npexnnxemoro cnennannsnponannon mamnnon n||n n Xennmana. B 1984 roy tnn
ntnyment mnkpocxemt DES, cnoconte ntnonnxrt 256000 mn|ponannx n cekyny |533, 534]. K 1987 roy tnn
paspaorant mnkpocxemt DES, ntnonnxmmne 512000 mn|ponannn n cekyny, n crano nosmoxntm noxnnenne
napnanra, cnoconoro nponepxrt cntme mnnnnona knmuen n cekyny |738, 1573]. A n 1993 Mankn Bnnep (Michael
Wiener) cnpoekrnponan mamnny cronmocrtm 1 mnnnnon onnapon, koropax moxer ntnonnnrt nckptrne DES rp y-
on cnnon n cpenem sa 3.5 uaca (cm. pasen 7.1).
Hnkro orkptro ne saxnnn o cosannn +ron mamnnt, xore pasymno npenonoxnrt, uro komy-ro +ro yanoct.
Mnnnnon onnapon - +ro ne cnnmkom ontmne entrn nx ontmon n axe ne ouent ontmon crpant.
B 1990 roy na nspanntcknx maremarnka, Fnxam (Biham) n Bamnp, orkptnn nqqepennnannnmn xpnn-
1oananns, mero, koroptn nosnonnn ocrannrt n nokoe nonpoc nnnt knmua. Hpexe, uem mt paccmorpnm +ror
mero, nepnemcx k nekoroptm pyrnm kpnr nuecknm sameuannxm n apec DES.
Kouuuecmeo +manoe
Houemy 16 +ranon? Houemy ne 32? Hocne nxrn +ranon kaxtn nr mn|porekcra xnnxercx |ynknnen ncex n-
ron orkptroro rekcra n ncex nron knmua |1078, 1080], a nocne noctmn +ranon mn|porekcr no cyrn npecrannxer
coon cnyuannym |ynknnm ncex nron orkptroro rekcra n ncex nron knmua |880]. (3ro nastnaercx nannnntm
+||ekrom.) Tak nouemy ne ocranonnrtcx nocne noctmn +ranon?
B reuenne mnornx ner nepcnn DES c ymentmenntm uncnom +ranon ycnemno nckptnannct. DES c rpemx n u e-
rtptmx +ranamn tn nerko nsnoman n 1982 roy |49]. DES c mecrtm +ranamn nan neckontknmn roamn nosxe
|336]. n||epennnantntn kpnnroananns Fnxama n Bamnpa oxcnnn n +ro: DES c nmtm konnuecrnom +ranon,
mentmnm 16, moxer trt nsnoman c nomomtm nckptrnx c nsnecrntm orkptrtm rekcrom tcrpee, uem c nom o-
mtm nckptrnx rpyon cnnon. Koneuno rpytn nsnom xnnxercx onee nepoxrntm cnocoom nckptrnx, no nnrep e-
cen ror |akr, uro anropnrm coepxnr ponno 16 +ranon.
Hpoermupoeauue S-uoroe
Homnmo ymentmennx nnnt knmua NSA rakxe onnnxmr n nsmenennn coepxannx S-nokon. Hacrannax na
nornepxennn cxemt S-nokon, NSA saxnnno, uro erann anropnrma xnnxmrcx "uyncrnnrentntmn" n ne moryr
trt onynnkonant. Mnorne kpnnrorpa|t noospenann, uro paspaorannte n NSA S-nokn coepxar nasenky,
nosnonxmmym NSA nerko ntnonnxrt kpnnroananns anropnrma.
C momenra noxnnennx anropnrma nx anannsa cxemt n paort S-nokon tnn npenpnnxrt snaunrentnte
ycnnnx. B cepenne 70-x Lexar Corporation |961, 721] n Bell Laboratories |1120] nccneonann paory S-nokon. Hn
ono ns nccneonannn ne onapyxnno nnkaknx cnaocren, xorx oa nccneonannx onapyxnnn nenonxrntn cno n-
crna. S-nokn nmemr ontme cnoncrn, omnx c nnnenntm npeopasonannem, uem moxno tno oxnart npn nx
|opmnponannn cnyuanntm opasom. Komana Bell Laboratories koncrarnponana, uro S-nokn moryr coepxart
ckptrte nasenkn, a okna Lexar sanepmancx cneymmen |pason:
B DES tnn nanent crpykrypt, necomnenno ncrannennte nx nontmennx ycronunnocrn cncremt k onpeenenntm rnnam
nckptrnx. Takxe tnn nanent crpykrypt, kor opte, no nnnmomy, ocnannn cncremy.
C pyron cropont +ror okna rakxe coepxan cneymmee npeynpexenne:
... nponema |noncka crpykryp n S-nokax] ycnoxnxercx ns-sa cnoconocrn uenoneueckoro cosnannx naxonrt n cnyuanntx
anntx crpykrypt, koropte n encrnnrentnocrn nonce ne xnnxmrcx crpykrypamn.
Ha nropom cnmnosnyme no DES Arenrcrno nannonantnon esonacnocrn packptno px kpnrepnen npoekrnpon a-
nnx S-nokon |229]. Ho +ro ne cmorno cnxrt ncex noospennn, n cnop npoonxnncx |228, 422, 714, 1506, 1551].
B nnreparype npo S-nokn nncannct ynnnrentnte nemn. Hocnenne rpn nra pesyntrara uerneproro S-noka
moryr trt nonyuent rem xe cnocoom, uro n nepnte, npn nomomn ononnennx nekoroptx ns nxontx nron
|436, 438]. Pasnnunte, no rmarentno noopannte nxonte annte nx S-nokon moryr anart onnakontn p e-
syntrar |436]. Moxno nonyunrt pesyntrar onoro +rana DES, menxx nrt rontko n rpex cocennx S-nokax |487].
Bamnp samernn, uro +nemenrt S-nokon, kasanoct, tnn neckontko neycronunnt, no ne conpancx ncnontsonart
+ry neycronunnocrt nx nckptrnx |1423]. (On ynomxnyn o ocoennocrn nxroro S-noka, no rontko cnycrx nocemt
ner nnnenntn kpnnroananns nocnontsonancx +ron ocoennocrtm.) pyrne nccneonarenn nokasann, uro nx non y-
uennx S-nokon c nanmaemtmn xapakrepncrnkamn mornn ncnontsonartcx omensnecrnte npnnnnnt npoekr n-
ponannx |266).
onouuumeuoume pesyuomamm
Ftnn npenpnnxrt n pyrne nontrkn kpnnroanannsnponart DES. Onn ns kpnnrorpa|on nckan sakonomepn o-
crn, ncnontsyx cnekrpantnte recrt |559]. pyrne anannsnponann nocneonarentnocrt nnnenntx mnoxnrenen, no
nx nckptrne norepneno neyauy nocne noctmn +ranon |1297, 336, 531]. Heonynnkonannoe nckptrne, ntnonne n-
noe n 1987 roy onantom +nncom (Donald Davies), ncnontsonano cnoco, c nomomtm koroporo nepecranonka c
pacmnpennem nonropxer nrt n cocennx S-nokax, +ro nckptrne rakxe okasanoct ecnonesntm nocne noctmn
+ranon |172, 429].
12.4 nqqepenunanunm n nnnenm kpnn1oananns
uqqepeuuuauoum rpunmoauauus
B 1990 roy 3nn Fnxam n An Bamnp nnenn nonxrne nqqepennnannnoro xpnn1oanannsa |167, 168, 171,
172]. 3ro tn nontn, panee nensnecrntn mero kpnnroanannsa. Hcnontsyx +ror mero, Fnxam n Bamnp namnn
cnoco nckptrnx DES c ncnontsonannem ntpannoro orkptroro rekcra, koroptn tn +||ekrnnnee nckptrnx rp y-
on cnnon.
n||epennnantntn kpnnroananns paoraer c napaun mnqpo1exc1on, orkptrte rekcrt koroptx coepxar
onpeenennte ornnunx. Mero anannsnpyer +nonmnnm +rnx ornnunn n nponecce npoxoxennx orkptrtx rekcron
uepes +rant DES npn mn|ponannn onnm n rem xe knmuom.
Hpocro ntepem napy orkptrtx rekcron c |nkcnponanntm pasnnunem. Moxno ntpart na orkptrtx rekcra
cnyuanntm opasom, nnmt t onn ornnuannct pyr or pyra onpeenenntm opasom, kpnnroanannrnky axe ne
nyxno snart nx snauennn. (nx DES repmnn "pasnnune" onpeenxercx c nomomtm XOR. nx pyrnx anropnrmon
+ror repmnn moxer onpeenxrtcx no pyromy.) 3arem, ncnontsyx pasnnunx n nonyunnmnxcx mn|porekcrax, np n-
cnonm pasnnunte nepoxrnocrn pasnnuntm knmuam. B nponecce antnenmero anannsa cneymmnx nap mn|pore k-
cron onn ns knmuen craner nanonee nepoxrntm. 3ro n ecrt npannntntn knmu.
Hoponocrn ropaso cnoxnee. Ha 7-n npecrannena |ynknnx onoro +rana DES. Hpecrantre cee napy nx o-
on, X n X, c pasnnunem X. Btxot, Y n Y nsnecrnt, cneonarentno, nsnecrno n pasnnune mexy nnmn Y. Hs-
necrnt n nepecranonka c pacmnpennem, n P-nok, no+romy nsnecrnt A n C. B n B nensnecrnt, no nx pasnocrt
B nsnecrna n panna A. (Hpn paccmorpennn pasnnunx XOR K
i
c A n A nenrpannsymrcx.) Hoka nce npocro. uokyc
nor n uem: nx nmoro saannoro A ne nce snauennx C pannonepoxrnt. Komnnannx A n C nosnonxer npe-
nonoxnrt snauennx nron nx A XOR K
i
n A XOR K
i
. Tak kak A n A nsnecrnt, +ro aer nam nn|opmannm o K
i
.
,
Y
,
C
,
B
,
A
,
X
Y
P
S
-nok
K
i
E
E(X)
X
Pnc. 12-5. mynxnnu +1ana DES.
Bsrnxnem na nocnennn +ran DES. (Hpn n||epennnantnom kpnnroanannse nauantnax n saknmunrentnax n e-
pecranonkn nrnopnpymrcx. Onn ne nnnxmr na nckptrne, rontko sarpynxx oxcnenne.) Ecnn mt cmoxem onpe e-
nnrt K
16
, ro mt nonyunm 48 nron knmua. (He satnanre, na kaxom +rane noknmu cocronr ns 48 nron 56-
nronoro knmua.) Ocranmnecx 8 nron mt moxem nonyunrt rpytm nsnomom. K
16
acr nam n||epennnantntn
kpnnroananns.
Onpeenennte pasnnunx nap orkptrtx rekcron onaamr ntcokon nepoxrnocrtm ntsnart onpeenennte pa s-
nnunx nonyuaemtx mn|porekcron. 3rn pasnnunx nastnamrcx xapax1epnc1nxaun. Xapakrepncrnkn pacnpocrpa-
nxmrcx na onpeenennoe konnuecrno +ranon n no cymecrny onpeenxmr npoxoxenne +rnx +ranon. Cymecrnymr
nxonoe pasnnune, pasnnune na kaxom +rane n ntxonoe pasnnune - c onpeenennon nepoxrnocrtm.
3rn xapakrepncrnkn moxno nanrn, cosan rannny, crpokn koropon npecrannxmr nosmoxnte nxot XOR
(XOR nyx pasnnuntx naopon nxontx nron), cronnt - nosmoxnte pesyntrart XOR, a +nemenrt - ckontko
pas konkperntn pesyntrar XOR ncrpeuaercx nx saannoro nxoa XOR. Takym rannny moxno crenepnponart nx
kaxoro ns noctmn S-nokon DES.
Hanpnmep, na 6-na nokasana xapakrepncrnka onoro +rana. Bxonoe pasnnune cnena panno L, ono moxer trt
nponsnontntm. Bxonoe pasnnune cnpana panno 0. (V nyx nxoon onnakonax npanax nononnna, no+romy nx pa s-
nnune - 0.) Tak kak na nxoe |ynknnn +rana ner nnkaknx pasnnunn, ro ner pasnnunn n na ntxoe |ynknnn +rana.
Cneonarentno, ntxonoe pasnnune nenon uacrn - L 0 L, a ntxonoe pasnnune npanon uacrn - 0. 3ro rpnn n-
antnax xapakrepncrnka, ona ncrnnna c nepoxrnocrtm 1.
Ha 6-n nokasana menee ouennnax xapakrepncrnka. Cnona, pasnnune L nentx uacren nponsnontno. Bxonoe
pasnnune npantx uacren panno 0x60000000, na nxoa ornnuamrcx rontko nepntm n rpertnm nramn. C nepox r-
nocrtm 14/64 pasnnune na ntxoe |ynknnn +rana panno L 0x00808200. 3ro osnauaer, uro ntxonoe pasnnune
nentx nononnn panno L 0x00808200, a ntxonoe pasnnune npantx nononnn - 0x60000000 (c nepoxrnocrtm
14/64)
=
L
=
L
K
i
B
= 0
= 0
= 0
= 0
=
L
=
L
K
i
B
=
X
=
Y
=
X
C eeponfuocfuk 14/64
(
b)
C eeponfuocfuk
1
(
a)
X = 0x60000000
Y = 0x00808200
=
X
Pnc. 12-6. Xapax1epnc1nxn DES.
Pasnnunte xapakrepncrnkn moxno oennxrt. Takxe, npn ycnonnn, uro +rant nesanncnmt, nepoxrnocrn m o-
ryr nepemnoxartcx. Ha 5-n oennxmrcx ne panee onncanntx xapakrepncrnkn. Bxonoe pasnnune cnena panno
0x00808200, a cnpana - 0x60000000. B konne nepnoro +rana nxonoe pasnnune n pesyntrar |ynknnn +rana nenrp a-
nnsymr pyr pyra, n ntxonoe pasnnune panno 0. 3ro pasnnune nocrynaer na nxo nroporo +rana, okonuarentnoe
ntxonoe pasnnune cnena panno 0x60000000, a cnpana - 0. Bepoxrnocrt +ron nyx+rannon xapakrepncr nkn - 14/64.
=
Y
=
Y
K
i
B
= 0
= 0
=
X
=
X
K
i
+1
B
=
X
=
Y
=
X
C eeponfuocfuk 14/64
(
b)
X = 0x60000000
Y = 0x00808200
=
X
Pnc. 12-7. nyx+1annau xapax1epnc1nxa DES.
Hapa orkptrtx rekcron, coornercrnymmnx xapakrepncrnke, nastnaercx npannntnon napon, a napa orkptrtx
rekcron, necoornercrnymmnx xapakrepncrnke - nenpannntnon napon. Hpannntnax napa nockastnaer npannntntn
knmu +rana (nx nocnenero +rana xapakrepncrnkn), nenpannntnax napa - cnyuanntn knmu +rana.
urot nanrn npannntntn knmu +rana, nyxno npocro copart ocrarounoe konnuecrno npenonoxennn. Onn
ns noknmuen yer ncrpeuartcx uame, uem nce ocrantnte. uakrnueckn, npannntntn noknmu nosnnkner ns ncex
cnyuanntn nosmoxntx noknmuen.
Hrak, n||epennnantnoe ocnonnoe nckptrne n-+rannoro DES aer 48-nrontn noknmu, ncnontsyemtn na
+rane n, a ocranmnecx 8 nron knmua nonyuamrcx c nomomtm rpyoro nsnoma.
Ho px samerntx nponem nce xe ocraercx. Bo nepntx, noka nt ne nepenere uepes nekoropoe noporonoe sn a-
uenne, nepoxrnocrt ycnexa npenepexnmo mana. To ecrt, noka ne yer nakonneno ocrarounoe konnuecrno a n-
ntx, ntennrt npannntntn noknmu ns myma nenosmoxno. Kpome roro, rakoe nckptrne ne npakrnuno. nx xp a-
nennx nepoxrnocren 2
48
nosmoxntx knmuen neoxonmo ncnontsonart cuerunkn, n k romy xe nx nckptrnx n o-
rpeyercx cnnmkom mnoro anntx.
Fnxam n Bamnp npenoxnnn cnon cnoco nckptrnx. Bmecro ncnontsonannx 15-+rannon xapakrepncrnkn 16-
+rannoro DES, onn ncnontsonann 13-+rannym xapakrepncrnky n px npnemon nx nonyuennx nocnennx neckon t-
knx +ranon. Fonee koporkax xapakrepncrnka c ontmen nepoxrnocrtm yer paorart nyume. Onn rakxe ncnon t-
sonann nekoropte cnoxnte maremarnueckne npnemt nx nonyuennx nepoxrntx 56-nrontx knmuen, koropte n
nponepxnnct nemenenno, raknm opasom ycrpanxnact norpenocrt n cuerunkax. Takoe nckptrne ocrnraer ycn e-
xa, kak rontko naxonrcx npannntnax napa. 3ro nosnonxer nsexart noporonoro +||ekra n nonyunrt nnnennym
sanncnmocrt nx nepoxrnocrn ycnexa. Ecnn y nac n 1000 pas mentme nap, ro nepoxrnocrt ycnexa n 1000 pas men t-
me. 3ro snyunr yxacno, no +ro namnoro nyume, uem nopor. Bcera ecrt nekoropax nepoxrnocrt nemenennon y a-
un.
Pesyntrart xnnxmrcx nectma nnrepecntmn. B -2-n nponeen osop nyumnx n||epennnantntx nckptrnn DES
c pasnnuntm konnuecrnom +ranon |172]. Hepntn cronen coepxnr konnuecrno +ranon. 3nemenrt cneymmnx
nyx cronna npecrannxmr coon konnuecrno ntpanntx nnn nsnecrntx orkptrtx rekcron, koropte onxnt
trt nponepent nx nckptrnx, a uerneprtn cronen coepxnr konnuecrno encrnnrentno npoanannsnponanntx
orkptrtx rekcron. B nocnenem cronne npnneena cnoxnocrt anannsa, nocne onapyxennx rpeyemon napt.
Tan. 12-14. Bcxpm1ne c nouomnm nqqepennnannnoro xpnn1oanannsa
Konnuecrno
+ranon
Btpannte orkptrte
rekcrt
Hsnecrnte orkptrte
rekcrt
Hpoanannsnponannte
orkptrte rekcrt
Cnoxnocrt
anannsa
8 2
14
2
38
4 29
9 2
24
2
44
2 2
32
f
10 2
24
2
43
2
14
2
15
11 2
31
2
47
2 2
32
f
12 2
31
2
47
2
21
2
21
13 2
39
2
52
2 2
32
f
14 2
39
2
51
2
29
2
29
15 2
47
2
56
27 2
37
16 2
47
2
55
2
36
2
37
f Cnoxnocrt anannsa nx +rnx napnanron moxer trt snaunrentno ymentmena sa cuer ncnontsonannx npnmepno n uertpe
pasa ontmero konnuecrno orkptrtx rekcron n meroa rpynnnponok.
Hannyumee nckptrne nonnoro 16-+rannoro DES rpeyer 2
47
ntpanntx orkptrtx rekcron. Moxno npeopas o-
nart ero k nckptrnm c nsnecrntm orkptrtm rekcrom, no nx nero norpeyercx yxe 2
55
nsnecrntx orkptrtx rek-
cron. Hpn anannse norpeyercx 2
37
onepannn DES.
n||epennnantntn kpnnroananns +||ekrnnen npornn DES n ananornuntx anropnrmon c nocroxnntmn S-
nokamn. 3||ekrnnnocrt nckptrne cnntno sanncnr or crpykrypt S-nokon, nokn DES no cuacrnnnon cnyuann o-
crn tnn onrnmnsnponant npornn n||epennnantnoro kpnnroanannsa. nx ncex pexnmon paort DES - ECB,
CBC, CEB n OEB - nckptrne c n||epennnantntm kpnnroanannsom nmeer onnakonym cnoxnocrt |172].
Vcronunnocrt DES moxer trt nontmena nyrem ynennuennx konnuecrna +ranon. n||epennnantntn kpn n-
roananns c ntpanntm orkptrtm rekcrom nx DES c 17 nnn 18 +ranamn norpeyer crontko xe npemenn, ckontko
nyxno nx nckptrnx rpyon cnnon |160]. Hpn 19 n onee +ranax n||epennnantntn kpnnroananns cranonnrcx
nenosmoxntm, rak kak nx nero norpeyercx onee, uem 2
64
ntpanntx orkptrtx rekcron - ne saytre, DES n c-
nontsyer nokn pasmepom 64 nron, no+romy nx nero cymecrnyer rontko 2
64
nosmoxntx orkptrtx rekcron. (B
omem cnyuae, nt moxere okasart ycronunnocrt anropnrma k n||epennnantnomy kpnnroanannsy, nokasan, uro
konnuecrno orkptrtx rekcron, neoxonmtx nx ntnonnennx nckptrnx, npentmaer konnuecrno nosmoxntx o r-
kptrtx rekcron.)
Hyxno ormernrt px naxntx momenron. Bo nepntx, +ro nckptrne n snaunrentnon crenenn reopernueckoe. O r-
pomnte rpeonannx k npemenn n oemy anntx, neoxonmtx nx ntnonnennx nckptrnx c nomomtm n|| e-
pennnantnoro kpnnroanannsa, naxoxrcx nourn nx ncex nne npeenon ocxraemocrn. urot nonyunrt nyxnte
annte nx ntnonnennx rakoro nckptrnx nonnoro DES, nam npnercx nourn rpn roa mn|ponart norok ntpa n-
ntx mn|porekcron 1.5 Meranr/c. Bo nroptx, +ro n nepnym ouepet nckptrne c ntpanntm orkptrtm rekcrom.
Ono moxer trt npeopasonano k nckptrnm c nsnecrntm orkptrtm rekcrom, no nam npnercx npocmorpert nce
napt "orkptrtn rekcr/mn|porekcr" n nonckax nonesntx. B cnyuae nonnoro 16-+rannoro DES +ro enaer nckp t-
rne uyrt menee +||ekrnnntm no cpannennm c rpyon cnnon (nckptrne n||epennnantntm kpnnroanannsom rp e-
yer 2
55.1
onepannn, a nckptrne rpyon cnnon - 2
55
). Taknm opasom, npannntno peannsonanntn DES coxpanxer
ycronunnocrt k n||epennnantnomy kpnnroanannsy.
Houemy DES rak ycronunn k n||epennnantnomy kpnnroanannsy? Houemy S-nokn onrnmnsnponant rak, uro
ycnoxnxmr rakoe nckptrne nackontko nosmoxno? Houemy ncnontsyercx ponno crontko, a ne ontme +ranon? H o-
romy uro cosarenn DES snann o n||epennnantnom anannse. on Konnepcmnr ns IBM neanno nncan |373, 374]:
Hpn npoekrnponannn ncnontsonannct npenmymecrna onpeenenntx kpnnroanannrnuecknx meroon, ocoenno meroa
"n||epennnantnoro kpnnroanannsa", koroptn ne tn onynnkonan n orkptron nnreparype. Hocne nckyccnn c NSA tno p e-
meno, uro packptrne nponecca npoekrnponannx packpoer n mero n||epennnantnoro kpnnroanannsa, momt koroporo moxer
trt ncnontsonana npornn mnornx mn|pon. 3ro, n cnom ouepet, cokparnno t npenmymecrno Coennenntx Braron nepe
pyrnmn crpanamn n onacrn kpnnrorpa|nn.
An Bamnp orknnknyncx, npenoxnn Konnepcmnry npnsnartcx, uro c rex nop emy ne yanoct nanrn +||e k-
rnnnoro cnocoa nckptrnx DES. Konnepcmnr npenouen ormonuar tcx |1426].
Kpunmoauauus co ceasauumu rumuau
B 9-n nokasano konnuecrno nron, na koropte nnknnueckn cmemaercx knmu DES na kaxom +rane: na 2 nra
na kaxom +rane, kpome +ranon 1, 2, 9 n 16, kora knmu cnnraercx na 1 nr. Houemy?
Kpnn1oananns co cnusannmun xnmuaun noxox na n||epennnantntn kpnnroananns, no on nsyuaer pasn n-
une mexy knmuamn. Bckptrne ornnuaercx or nmoro ns panee paccmorpenntx: kpnnroanannrnk ntnpaer cnxst
mexy napon knmuen, no camn knmun ocramrcx emy nensnecrnt. annte mn|pymrcx oonmn knmuamn. B nap n-
anre c nsnecrntm orkptrtm rekcrom kpnnroanannrnky nsnecrnt orkptrtn rekcr n mn|porekcr anntx, mn|p o-
nanntx nymx knmuamn. B napnanre c ntpanntm orkptrtm rekcrom kpnnroanannrnk ntraercx ntpart orkp t-
rtn rekcr, samn|ponanntn nymx knmuamn.
Mon|nnnponanntn DES, n koropom knmu cnnraercx na na nra nocne kaxoro +rana, menee esonacen.
Kpnnroananns co cnxsanntmn knmuamn moxer nsnomart rakon napnanr anropnrma, ncnontsonan rontko 2
17
nt-
panntx orkptrtx rekcron nx ntpanntx knmuen nnn 2
33
nsnecrntx orkptrtx rekcron nx ntpanntx knmuen
|158, 163].
Takoe nckptrne rakxe ne peannsyemo na npakrnke, no ono nnrepecno no rpem npnunnam. Bo nepntx, +ro ne p-
nax nontrka kpnnroanannrnueckoro nckptrnx anropnrma renepannn noknmuen n DES. Bo nroptx, +ro nckptrne
ne sanncnr or konnuecrna +ranon kpnnrorpa|nueckoro anropnrma, on onnakono +||ekrnnen npornn DES c 16, 32
nnn 1000 +ranamn. H n rpertnx, DES nenocnpnnmunn k rakomy nckptrnm. Hsmenenne konnuecrna nron nnknnu e-
ckoro cnnra memaer kpnnroanannsy co cnxsanntmn knmuamn.
Buueum rpunmoauauus
Annennmn xpnn1oananns npecrannxer coon pyron rnn kpnnroanannrnueckoro nckptrnx, nsoperenntn
Mnnypy Manyn (Mitsuru Matsui) |1016, 1015, 1017]. 3ro nckptrne ncnontsyer nnnennte npnnnxennx nx on n-
cannx paort nounoro mn|pa (n annom cnyuae DES.)
3ro osnauaer, uro ecnn nt ntnonnnre onepannm XOR na nekoroptmn nramn orkptroro rekcra, sarem na
nekoroptmn nramn mn|porekcra, a sarem na pesyntraramn, nt nonyunre nr, koroptn npecrannxer coon
XOR nekoroptx nron knmua. 3ro nastnaercx nnnenntm npnnnxennem, koropoe moxer trt nepntm c nekor o-
pon nepoxrnocrtm p. Ecnn p 1/2, ro +ro cmemenne moxno ncnontsonart. Hcnontsynre copannte orkptrte re k-
crt n cnxsannte mn|porekcrt nx npenonoxennx o snauennxx nron knmua. uem ontme y nac anntx, rem
nepnee npenonoxenne. uem ontme cmemenne, rem tcrpee nckptrne ynenuaercx ycnexom.
Kak onpeennrt xopomee nnnennoe npnnnxenne nx DES? Hannre xopomne ono+rannte nnnennte np n-
nnxennx n oennnre nx. (Hauantnax n saknmunrentnax nepecranonkn cnona nrnopnpymrcx, rak kak onn ne
nnnxmr na nckptrne.) Bsrnxnnre na S-nokn. V nnx 6 nxontx nron n 4 ntxontx. Bxonte nrt moxno o e-
nnnrt c nomomtm onepannn XOR 63 cnocoamn (2
6
- 1), a ntxonte nrt - 15 cnocoamn. Tenept nx kaxoro
S-noka moxno onennrt nepoxrnocrt roro, uro nx cnyuanno ntpannoro nxoa nxonax komnnannx XOR panna
nekoropon ntxonon komnnannn XOR. Ecnn cymecrnyer komnnannx c ocrarouno ontmnm cmemennem, ro n n-
nenntn kpnnroananns moxer cpaorart.
Ecnn nnnennte npnnnxennx ne cmement, ro onn yyr ntnonnxrtcx nx 32 ns 64 nosmoxntx nxoon. n s-
annm nac or nnrentnoro nsyuennx rannn, nanonee cmemenntm S-nokom xnnxercx nxrtn S-nok. encrn n-
rentno, nx 12 nxoon nropon nxonon nr panen XOR ncex uertpex ntxontx nron. 3ro coornercrnyer nepox r-
nocrn 3/16 nnn cmemennm 5/16, uro xnnxercx camtm ontmnm cmemennem nx ncex S-nokon. (Bamnp nncan o
+rom n |1423], no ne cmor nanrn cnocoa ncnontsonart.)
Ha 4-n nokasano, kak nocnontsonartcx +rnm nx nckptrnx |ynknnn +rana DES. b26 - +ro nxonon nr S-noka
5. ( nymepym nrt cnena nanpano or 1 o 64. Manyn nrnopnpyer +ro npnnxroe nx DES cornamenne n nymepyer
cnon nrt cnpana naneno n or 0 o 63. 3roro xnarnr, urot cnecrn nac c yma.) c
17
, c
18
, c
19
, c
20
- +ro 4 ntxontx
nra S-noka 5. Mt moxem npocnenrt b
26
n oparnom nanpannennn or nxoa n S-nok. nx nonyuennx b
26
nr
oennxercx c nomomtm XOR c nrom noknmua K
i,26
. A nr X
17
npoxonr uepes nocranonky c pacmnpennem,
urot npenparnrtcx n a
26
. Hocne S-noka 4 ntxontx nra npoxoxr uepes P-nok, npenpamaxct n uertpe ntxo -
ntx nra |ynknnn +rana: Y
3
, Y
8
, Y
14
n Y
25
. 3ro osnauaer, uro c nepoxrnocrtm 1/2 - 5/6:
X
17
Y
3
Y
8
Y
14
Y
25
K
i,26
c
17
,c
18
,c
19
, c
20
b
26
a26
Y
3
, Y
8
, Y
14
, Y
25
K
i,26
X17
Y
P
S
-nok
K
i
E
E(X)
X
Pnc. 12-8. 1-+1annoe nnnennoe npnnnaenne nu DES.
Cnoco, koroptm moxno oennnrt nnnennte npnnnxennx nx pasnnuntx +ranon, noxox na ror, koroptn
ocyxancx nx n||epennnantnoro kpnnroanannsa. Ha 3-n nokasano 3-+rannoe nnnennoe npnnnxenne c nep o-
xrnocrtm 1/20.0061. Kauecrno orentntx npnnnxennn pasnnuno: nocnenee ouent xopomo, nepnoe ocrarouno
xopomo, a cpenee - nnoxo. Ho nmecre +rn rpn 1-+ranntx npnnnxennx amr ouent xopomee rpex+rannoe np n-
nnxenne.
B
B
B
K
i,26
K
i-1,26
B
3 17
17
17
17
B
C eeponfuocfuk 1/2+6.1*10
-3
17
A 17
K
i+1,26
17
A
B
17
B=[8, 14, 25] A=[3, 8, 14, 25]
A
Pnc. 12-9 3-+1annoe nnnennoe npnnnaenne DES.
Fasonoe nckptrne onxno ncnontsonart nannyumee nnnennoe npnnnxenne nx 16-+rannoro DES. nx nero
rpeyercx 2
47
nsnecrntx orkptrtx nokon, a pesyntrarom nckptrnx xnnxercx 1 nr knmua. 3ro ne ouent nonesno.
Ecnn nt nomenxere mecramn orkptrtn rekcr n mn|porekcr n ncnontsyere emn|pnponanne nmecre c mn|pon a-
nnem, nt cmoxere nonyunrt 2 nra. 3ro nce eme ne ouent nonesno.
Cymecrnyer px ronkocren. Hcnontsynre 14-+rannoe nnnennoe npnnnxenne nx +ranon c 2 no 15. Honpoyem
yraart 6 nron noknmua nx S-noka 5 nepnoro n nocnenero +ranon (ncero, raknm opasom, 12 nron knmua).
nx +||ekrnnnocrn ntnonnxem nnnenntn kpnnroananns napannentno 2
12
pas n ntnpaem npannntntn napnanr,
ocnontnaxct na nepoxrnocrxx. 3ro packptnaer 12 nron n b
26
, a nomenxn mecramn orkptrtn rekcr n mn|porekcr
mt nonyunm eme 13 nron. nx nonyuennx ocranmnxcx 30 nron ncnontsynre ncuepntnammnn nonck. Cymecrn y-
mr n pyre npnemt, no onncanntn xnnxercx ocnonntm.
Hpn nckptrnn raknm opasom nonnoro 16 +rannoro DES knmu yer packptr n cpenem c nomomtm 2
43
ns-
necrntx orkptrtx rekcron. Hporpammnax peannsannn +roro nckptrnx, paorax na 12 paounx crannnxx HP9735,
packptna knmu DES sa 50 nen |1019]. B momenr nanncannx +ron knnrn +ro nanonee +||ekrnnntn cnoco
nckptrnx DES.
hnnenntn kpnnroananns cnntno sanncnr or crpykrypt S-nokon, okasanoct, uro S-nokn DES ne onrnmnsnp o-
nant npornn rakoro cnocoa nckptrnx. encrnnrentno, cmemenne n S-nokax, ntpanntx nx DES, naxonrcx
mexy 9 n 16 nponenramn, uro ne oecneunnaer naexnon samnrt npornn nnnennoro kpnnroanannsa |1018]. C o-
rnacno ony Konnepcmnry |373, 374] ycronunnocrt k nnnennomy kpnnroanannsy "ne nxonno n uncno kpnrepnen
npoekrnponannx DES". hno paspaorunkam ne tno nsnecrno o nnnennom kpnnroanannse, nno npn npoekrnp o-
nannn onn orann npenmymecrno ycronunnocrn npornn nsnecrnoro nm eme onee momnoro cpecrna nckptrnx.
hnnenntn kpnnroananns nonee, uem n||epennnantntn, n n nnxanmee npemx nosmoxno antnenmee np o-
nnxenne n +rom nanpannennn. Hekoropte nen ntnnnyrt n |1270, 811], no ne xcno, moxno nn nx +||ekrnnno
npnmennrt npornn nonnoro DES. Onako onn ouent xopomo paoramr npornn napnanron c ymentmenntm uncnom
+ranon.
auoueuue uanpaeueuua
Ftn npenpnnxr px nontrok pacmnpnrt konnennnm n||epennnantnoro kpnnroanannsa na n||epennnant
onee ntcoknx nopxkon |702, 161, 927, 858, 860]. hapc Knycen (Lars Knudsen) ncnontsyer neuro, nastnaemoe
uacrnuntmn n||epennnanamn nx nckptrnx 6-+rannoro DES. 3ror mero rpeyer 32 ntpanntx orkptrtx re k-
cra n 20000 mn|ponannn |860]. Ho +ror mero cnnmkom non, urot moxno tno yrnepxart, uro on onerunr
nckptrne nonnoro 16-+rannoro DES.
pyrnm cnocoom nckptrnx xnnxercx n||epennnantno-nnnenntn kpnnroananns - oennenne n||epenn n-
antnoro n nnnennoro kpnnroanannsa. Ctmsen hanr|op (Susan Langford) n Xennman npenaramr nckptrne
8-+rannoro DES, koropoe packptnaer 10 nron knmua c nepoxrnocrtm ycnexa 80 nponenron, ncnontsyx 512 n t-
panntx orkptrtx rekcron, n c nepoxrnocrtm ycnexa 95 nponenron, ncnontsyx 768 ntpanntx orkptrtx rekcron
|938]. Hocne nckptrnx neoxonm nonck rpyon cnnon n ocranmemcx npocrpancrne knmuen (2
46
nosmoxntx knm-
uen). Xorx no npemenn +ro nckptrne cpannnmo c npetymnmn cnocoamn, nx nero rpeyercx namnoro mentme
orkptrtx rekcron. Onako pacmnpenne +roro meroa na ontmee konnuecrno +ranon nerknm ne kaxercx.
Ho +ror mero non, n paora npoonxaercx. B nnxanmne rot nosmoxnt samernte ycnexn. Moxer trt y c-
nexa otercx coueranne +roro nckptrnx c n||epennnantntm kpnnroanannsom onee ntcoknx nopxkon. Kro
snaer?
12.5 Peanunme kpn1epnn npoek1nponannn
Hocne noxnnennx nynnkannn o n||epennnantnom kpnnroanannse IBM packptna kpnrepnn npoekrnponannx
S-nokon n P-noka |373, 374]. Kpnrepnxmn npoekrnponannx S-nokon xnnxnnct:
V kaxoro S-noka 6 nxontx nron n 4 ntxontx nra. (3ro camtn ontmon pasmep, koroptn mor trt
peannsonan n onon mnkpocxeme no rexnonornn 1974 roa.)
Hn onn ntxonon nr S-noka ne onxen trt cnnmkom nnsok k nnnennon |ynknnn nxontx nron.
Ecnn sa|nkcnponart kpannne nentn n npantn nrt S-noka, nsmenxx 4 cpennx nra, ro kaxtn nosmo x-
ntn 4-nrontn pesyntrar nonyuaercx rontko onn pas.
Ecnn na nxoa S-noka ornnuamrcx rontko onnm nrom, pesyntrart onxnt ornnuartcx no kpannen mepe
na 2 nra.
Ecnn na nxoa S-noka ornnuamrcx rontko nymx nenrpantntmn nramn, pesyntrart onxnt ornnuartcx
no kpannen mepe na 2 nra.
Ecnn na nxoa S-noka ornnuamrcx nymx nepntmn nramn, a nocnenne nx nocnenne 2 nra connaamr,
pesyntrart ne onxnt trt onnakontmn.
nx nmoro nenynenoro 6-nronoro ornnunx mexy nxoamn, ne onee, uem 8 ns 32 nap nxoon moryr np n-
nonrt na ntxoe k onnakonomy pasnnunm.
Ananornuntn npetymemy kpnrepnn, no nx cnyuax rpex akrnnntx S-nokon.
Kpnrepnxmn npoekrnponannx P-noka xnnxnnct:
4 ntxontx nra kaxoro S-noka na +rane i pacnpeenent rak, urot 2 ns nnx nnnxmr na cpenne nrt
S-nokon na +rane i 1, a pyrne 2 nra nnnxmr na n ocnenne nrt.
4 ntxontx nra kaxoro S-noka nnnxmr na mecrt pasnnuntx S-nokon, nnkakne 2 ne nnnxmr na onn n
ror xe S-nok.
Ecnn ntxonon nr onoro S-noka nnnxer na cpenne nrt pyroro S-noka, ro ntxonon nr +roro p y-
roro S-noka ne moxer nnnxrt na cpenne nrt nepnoro S-noka.
3ra paora npoonxana ocyxenne kpnrepnen. Ceronx concem nerpyno renepnponart S-nokn, no n nauane
70-x +ro tno nenerkon saauen. Taumen ronopnn, uro nporpammt, roronnnmne S-nokn, paorann mecxnamn.
12.6 Bapnan1m DES
Muoeorpamum DES
B pxe peannsannn DES ncnontsyercx rpexkparntn DES (cm. 2-n) |55]. Tak kak DES e xnnxercx rpynnon, no-
nyuenntn mn|porekcr ropaso cnoxnee nckptrt, ncnontsyx ncuepntnammnn nonck: 2
112
nontrok nmecro 2
56
.
Hoponocrn moxno nanrn n pasene 15.2.
DES
-1
DES
K
1
DES
DES
-1
K
2
DES
-1
DES
Luqpofekcf
OfkpLfL
fekcf
emuqpupoeauue
Luqpoeauue
K
3
Pnc. 12-10. Tpexxpa1nmn DES.
DES c uesaeucumu norumuau
pyron nosmoxnocrtm xnnxercx ncnontsonanne pasnnuntx noknmuen na kaxom +rane, ne cosanax nx ns
onoro 56-nronoro knmua |851]. Tak kak na kaxom ns 16 +ranon ncnontsyercx 48 nron knmua, ro nnna knmua
nx rakoro napnanra cocrannr 768 nron. Takon napnanr pesko ynennunnaer cnoxnocrt nckptrnx anropnrma rp y-
on cnnon, cnoxnocrt rakoro nckptrnx cocrannr 2
768
.
Onako nosmoxno ncnontsonanne nckptrnx "ncrpeua nocepenne" (cm. pasen 15.1). Cnoxnocrt rakoro nckp t-
rnx ymentmaercx o 2
384
, uro, rem ne menee, nnonne ocrarouno nx oecneuennx nmon mtcnnmon esonacn ocrn.
Xorx nesanncnmte noknmun memamr nnnennomy kpnnroanannsy, +ror napnanr uyncrnnrenen k n||epenn n-
antnomy kpnnroanannsy n moxer trt nckptr c nomomtm 2
61
ntpanntx orkptrtx rekcron (cm. -3-n) |167, 172].
Ho nnnmomy, nnkakax mon|nkannx pacnpeenennx knmuen ne cmoxer n amnoro ycnnnrt DES.
DESX
DESX - +ro napnanr DES, paspaoranntn RSA Data Security, Inc., n nknmuenntn n 1986 roy n nporpammy
oecneuennx esonacnocrn +nekrponnon nourt MailSafe, a n 1987 roy n naop BSAEE. DESX ncnontsyer mero,
nastnaemtn orennnannem (cm. pasen 15.6), nx macknponkn nxoon n ntxoon DES. Kpome 56-nronoro knmua
DES n DESX ncnontsyercx ononnnrentntn 64-nrontn knmu orennnannx. 3rn 64 nra ncnontsymrcx nx n t-
nonnennx onepannn XOR c nokom orkptroro rekcra nepe nepntm +ranom DES. ononnnrentnte 64 nra, x n-
nxmmnecx pesyntrarom npnmenennx ononanpannennon |ynknnn k nonnomy 120-nronomy knmuy DESX, ncnon t-
symrcx nx ntnonnennx XOR c mn|porekcrom, nonyuenntm n pesyntrare nocnenero +rana |155]. Ho cpannennm
c DES orennnanne snaunrentno nontmaer ycronunnocrt DESX k nckptrnm rpyon cnnon, nckptrne rpeyer
(2
120
)/n onepannn npn n nsnecrntx orkptrtx rekcrax. Takxe nontmaercx ycronunnocrt k n||epennnantnomy n
nnnennomy kpnnroanannsy, nx nckptrnx norpeyercx 2
61
ntpanntx n 2
60
nsnecrntx orkptrtx rekcron, coor-
nercrnenno |1338].
CRYP1(3)
CRYPT(3) npecrannxer coon napnanr DES, ncnontsyemtn n cncremax UNIX. On n ocnonnom ncnontsyercx n
kauecrne ononanpannennon |ynknnn nx naponen, no nnora moxer trt ncnontsonan n nx mn|ponannx. Pa s-
nnune mexy CRYPT(3) n DES cocronr n rom, uro n CRYPT(3) nknmuena nesanncnmax or knmua nepecranonka c
pacmnpennem c 2
12
napnanramn. 3ro cenano nx roro, urot nx cosannx annaparnoro ycrponcrna nckptrnx
naponen nentsx tno ncnontsonart npomtmnennte mnkpocxemt DES.
Ooueuum DES
Oomenntn DES (Generalized DES, GDES) tn cnpoekrnponan nx yckopennx DES n nontmennx ycronu n-
nocrn anropnrma |1381, 1382]. Omnn pasmep noka ynennunncx, a konnuecrno ntuncnennn ocranoct nensme n-
ntm.
Ha 1-n nokasana nonounax narpamma GDES. GDES paoraer c nokamn orkptroro rekcra nepemennon n n-
nt. Fnokn mn|ponannx enxrcx na q 32-nrontx nonokon, rounoe uncno koroptx sanncnr or nonnoro pasmepa
noka (koroptn no nee moxer menxrtcx, no |nkcnponan nx konkpernon peannsannn). B omem cnyuae q panno
pasmepy noka, enennomy na 32.
B0
(3)
B0
(2)
B0
(1)
B0
(
q
)
B0
(
q
-1)
OfkpLfL fekcf
F
B
1
(3)
B
1
(2)
B
1
(1)
B
1
(
q
)
B
1
(
q
-1)
F
B
2
(3)
B
2
(2)
B
2
(1)
K
1
B
2
(
q
)
B
2
(
q
-1)
K
2
F
B
n-1
(3)
B
n-1
(2)
B
n-1
(1)
B
n-1
(
q
)
B
n-1
(
q
-1)
K
i
F
K
n
B
n
(3)
B
n
(2)
B
n
(1)
B
n
(
q
)
B
n
(
q
-1)
Luqpofekcf
Pnc. 12-11. GDES.
uynknnx f nx kaxoro +rana paccunrtnaercx onn pas nx kpannero npanoro noka. Pesyntrar npn nomomn
onepannn XOR oennxercx co ncemn ocrantntmn uacrxm, koropte sarem nnknnueckn cmemamrcx nanpano.
GDES ncnontsyer nepemennoe uncno +ranon n. B nocnennn +ran nneceno nesnaunrentnoe nsmenenne, urot np o-
necct mn|ponannx n emn|pnponannx ornnuannct rontko nopxkom noknmuen (rouno rakxe, kak n DES). e n-
crnnrentno, ecnn q 2 n n 16, ro onncanntn anropnrm npenpamaercx n DES.
Fnxam n Bamnp |167, 168] nokasann, uro n||epennnantntn kpnnroananns nckptnaer GDES c q 8 n n 16
c nomomtm ncero mecrn ntpanntx orkptrtx rekcron. Hpn ncnontsonannn nesanncnmtx noknmuen rpeyercx
16 ntpanntx orkptrtx rekcron. GDES c q 8 n n 22 nckptnaercx c nomomtm ncero 48 ntpanntx orkptrtx
rekcron, a nx nckptrnx GDES c q 8 n n 31 rpeyercx ncero 500000 ntpanntx orkptrtx rekcron. axe
GDES c q 8 n n 64 cnaee, uem DES - nx ero nckptrnx nyxno rontko 249 ntpanntx orkptrtx rekcron.
encrnnrentno, nmax onee tcrpax, uem DES, cxema GDES xnnxercx rakxe n menee esonacnon (cm. -3-n).
Heanno noxnnncx eme onn napnanr +ron cxemt |1591]. Bosmoxno on ne onee esonacen, uem opnrnnantntn
GDES. Omem cnyuae nmon napnanr DES c ontmnmn nokamn, koroptn tcrpee DES, ckopee ncero menee
esonacen no cpannennm c DES.
DES c useueuumu S-uorau
pyrne mon|nkannn DES cnxsant c S-nokamn. B nekoroptx npoekrax ncnontsyercx nepemenntn nopxok
S-nokon. pyrne paspaorunkn menxmr coepxanne camnx S -nokon. Fnxam n Bamnp nokasann |170,172], uro
nocrpoenne S-nokon n axe nx nopxok onrnmantnt c roukn spennx ycronunnocrn k n||epennnantnomy kpn n-
roanannsy:
Hsmenenne nopxka noctmn S-nokon DES (es nsmenennx nx snauennn) rakxe snaunrentno ocnanxer DES: DES c 16 +r a-
namn n konkperntm nsmenenntm nopxkom nckptnaercx npnmepno sa 2
38
maron. ... okasano, uro DES co cnyuanntmn S-
nokamn nckptrt ouent nerko. axe mnnnmantnoe nsmenenne onoro ns +nemenron Snokon DES moxer cnnsnrt ycronu n-
nocrt DES k nckptrnm.
S-nokn DES ne tnn onrnmnsnponant npornn nnnennoro kpnnroanannsa. Cymecrnymr n nyumne S-nokn,
uem npenaraemte n DES, no esymnax samena S-nokon nontmn - ne camax nyumax nex.
B -3-n |167, 169] nepeuncnent nekoropte mon|nkannn DES n konnuecrno ntpanntx orkptrtx rekcron,
nyxnoe nx ntnonnennx n||epennnantnoro kpnnroanannsa. B rannny ne nknmuena ona ns mon|nkannn, o -
ennxmmax nenym n npanym nononnnt c nomomtm cnoxennx no moynm 24 nmecro XOR, ee n 2
17
pas rpynee
nckptrt, uem DES |689].
RDES
RDES - +ro mon|nkannx, n koropon n konne kaxoro +rana omennnamrcx mecramn npanax n nenax nononnnt
c ncnontsonannem sanncnmon or knmua nepecranonkn |893]. Oment mecramn |nkcnponant n sanncxr rontko or
knmua. 3ro osnauaer, uro moxer trt 15 omenon, sanncnmtx or knmua, n 2
15
nosmoxntx napnanron, a rakxe uro
+ra mon|nkannx ne ycronunna no ornomennm k n||epennnantnomy kpnnroanannsy |816, 894, 112]. V RDES
ontmoe konnuecrno cnatx knmuen. encrnnrentno, nourn kaxtn knmu cnaee, uem rnnnuntn knmu DES. H c-
nontsonart +ry mon|nkannm nentsx.
hyumen xnnxercx nex ntnonnxrt omen mecramn rontko n npeenax npanon nononnnt n n nauane kaxoro
+rana. pyron xopomen neen xnnxercx ntnonnenne omena n sanncnmocrn or nxontx anntx, a ne kak crarnu e-
ckon |ynknnn knmua. Cymecrnyer mnoxecrno nosmoxntx napnanron |813, 815]. B RDES-1 ncnontsyercx sannc x-
max or anntx nepecranonka 16-nrontx cnon n nauane kaxoro +rana. B RDES-2 npnmenxercx sanncxmax or
anntx nepecranonka anron n nauane kaxoro +rana nocne 16-nrontx nepecranonok, ananornuntx RDES-1.
Pasnnrnem +ron nen xnnxercx RDES-4, n r.. RDES-1 ycronunn n k n||epennnantnomy |815], n k nnnennomy
kpnnroanannsy |1136]. Ho nnnmomy, RDES-2 n nocneymmne napnanrt ocrarouno xopomn.
Tan. 12-15.
Bcxpm1nu napnan1on DES c nouomnm nqqepennnannnoro xpnn1oanannsa
Hsmenenne paort Konnuecrno ntpanntx
orkptrtx rekcron
Honntn DES (es nsmenennn) 2
47
P-nepecranonka He moxer ycnnnrt
Toxecrnennax nepecranonka 2
19
Hopxok S-nokon 2
38
3amena XOR cnoxennxmn 2
39
, 2
31
S-nokn
Cnyuannte 2
18
- 2
20
Cnyuannte nepecranonkn 2
33
- 2
41
Ono+nemenrnte 2
33
Onoponte rannnt 2
26
Vanenne E-pacmnpennx 2
26
Hopxok E-pacmnpennx n XOR
noknmua
2
44
GDES (mnpnna q8)
16 +ranon 6, 16
64 +rana 2
49
(nesanncnmtn knmu)
s
n
DES
Ipynna kopencknx nccneonarenen no pykonocrnom Knanxo Knma (Kwangjo Kim) nontranact nanrn naop
S-nokon, onrnmantno ycronunntx n npornn n||epennnantnoro, n npornn nnnennoro kpnnroanannsa. Hx nepnax
nontrka, nsnecrnax kak s
2
DES, npecrannennax n |834], okasanact, kak tno nokasano n |855, 858], menee ycro n-
unnon, uem DES, npornn n||epennnantnoro kpnnroanannsa. Cneymmnn napnanr, s
3
DES, tn npecrannen n
|839] n okasancx menee ycronunn, uem DES, k nnnennomy kpnnroanannsy |856, 1491, 1527, 858, 838]. Fnxam npe -
noxnn nesnaunrentno nsmennrt anropnrm, urot cenart s
3
DES esonacntm no ornomennm n k n||epennnan t-
nomy, n k nnnennomy kpnnroanannsy |165]. Hccneonarenn nepnynnct k cnonm komntmrepam n paspaorann yny u-
mennym rexnnky npoekrnponannx S-nokon |835, 837]. Onn npenoxnnn s
4
DES |836], a sarem s
5
DES |838, 944].
B -4-n npnneent nx s3DES (c opamenntmn S-nokamn 1 n 2), koropte esonacnt no ornomennm k oonm
nnam kpnnroanannsa. Hcnontsonanne +roro napnanra nmecre c rpexkparntm DES nanepnxka nomemaer kpnnro a-
nannsy.
DES c S-uorau, saeucauuu om rumua
hnnenntn n n||epennnantntn kpnnroananns paoramr rontko, ecnn anannrnky nsnecrno crpoenne S-nokon.
Ecnn S-nokn sanncxr or knmua n ntnpamrcx kpnnrorpa|nueckn cnntntm meroom, ro nnnenntn n n||epe n-
nnantntn kpnnroananns snaunrentno ycnoxnxrcx. Xorx nao nomnnrt, uro axe y xpanxmnxcx n cekpere cnyua n-
no cosanntx S-nokon ouent nnoxne n||epennnantnte n nnnennte xapakrepncrnkn.
Tan. 12-16.
S-noxn s3DES (c opamennmun S-noxaun 1 n 2)
S-nok 1:
13 14 0 3 10 4 7 9 11 8 12 6 1 15 2 5
8 2 11 13 4 1 14 7 5 15 0 3 10 6 9 12
14 9 3 10 0 7 13 4 8 5 6 15 11 12 1 2
1 4 14 7 11 13 8 2 6 3 5 10 12 0 15 9
S-nok 2:
15 8 3 14 4 2 9 5 0 11 10 1 13 7 6 12
6 15 9 5 3 12 10 0 13 8 4 11 14 2 1 7
9 14 5 8 2, 4 15 3 10 7 6 13 1 11 12 0
10 5 3 15 12 9 0 6 1 2 8 4 11 14 7 13
S-nok 3:
13 3 11 5 14 8 0 6 4 15 1 12 7 2 10 9
4 13 1 8 7 2 14 11 15 10 12 3 9 5 0 6
6 5 8 11 13 14 3 0 9 2 4 1 10 7 15 12
1 11 7 2 8 13 4 14 6 12 10 15 3 0 9 5
S-nok 4:
9 0 7 11 12, 5 10 6 15 3 1 14 2 8 4 13
5 10 12 6 0 15 3 9 8 13 11 1 7 2 14 4
10 7 9 12 5 0 6 11 3 14 4 2 8 13 15 1
3 9 15 0 6 10 5 12 14 2 1 7 13 4 8 11
S-nok 5:
5 15 9 10 0 3 14 4 2 12 7 1 13 6 8 11
6 9 3 15 5 12 0 10 8 7 13 4 2 11 14 1
15 0 10 9 3 5 4 14 8 11 1 7 6 12 13 2
12 5 0 6 15 10 9 3 7 2 14 11 8 1 4 13
S-nok 6:
4 3 7 10 9 0 14 13 15 5 12 6 2 11 1 8
14 13 11 4 2 7 1 8 9 10 5 3 15 0 12 6
13 0 10 9 4 3 7 14 1 15 6 12 8 5 11 2
1 7 4 14 11 8 13 2 10 12 3 5 6 15 0 9
S-nok 7:
4 10 15 12 2 9 1 6 11 5 0 3 7 14 13 8
10 15 6 0 5 3 12 9 1 8 11 13 14 4 7 2
2 12 9 6 15 10 4 1 5 11 3 0 8 7 14 13
12 6 3 9 0 5 10 15 2 13 4 14 7 11 1 8
S-nok 8:
13 10 0 7 3 9 14 4 2 15 12 1 5 6 11 8
2 7 13 1 4 14 11 8 15 12 6 10 9 5 0 3
4 13 14 0 9 3 7 10 1 8 2 11 15 5 12 6
8 11 7 14 2 4 13 1 6 5 9 0 12 15 3 10
Bor kak moxno ncnontsonart 48 ononnnrentntx nron knmua nx cosannx S-nokon, ycronunntx kak k n n-
nennomy, rak n k n||epennnantnomy kpnnroanannsy |165].
(1) Hsmennrt nopxok S-nokon DES: 24673158.
(2) Btpart 16 ns ocranmnxcx nron knmua. Ecnn nepntn nr 1, omenxrt mecramn nepnte n nocnenne na
pxa S-noka 1. Ecnn nropon nr 1, omenxrt mecramn nepnte n nocnenne nocemt cronnon S-noka 1. H o-
nropnrt ro xe camoe nx rpertero n uerneproro nron n S-noka 2. Honropnrt ro xe camoe nx S-nokon c 3
no 8.
(3) Bsxrt ocranmnecx 32 nra knmua. Btnonnnrt XOR nepntx uertpex nron c kaxtm +nemenrom S-noka 1,
XOR cneymmnx uertpex nron c kaxtm +nemenrom S-noka 2, n rak anee.
Cnoxnocrt nckptrnx rakon cncremt c nomomtm n||epennnantnoro kpnnroanannsa cocrannr 251, c nom o-
mtm nnnennoro kpnnroanannsa - 2
53
. Cnoxnocrt ncuepntnammero nepeopa cocrannr 2102.
uro xopomo n +rom napnanre DES rak +ro ro, uro on moxer trt peannsonan n cymecrnymmen annaparype.
Pasnnunte nocranmnkn mnkpocxem DES npoamr mnkpocxemt DES c nosmoxnocrtm sarpyskn S-nokon. Moxno
peannsonart nmon cnoco renepannn S-nokon nne mnkpocxemt n sarem sarpysnrt nx n nee. nx n||epenn n-
antnoro n nnnennoro kpnnroanannsa nyxno rak mnoro nsnecrntx nnn ntpanntx orkptrtx rekcron, uro +rn cn o-
cot nckptrnx cranonxrcx neocymecrnnmtmn. Bckptrne rpyon cnnon rakxe rpyno cee npecrannrt, ne nom o-
xer nnkakoe ynennuenne ckopocrn.
12.7 Hackonuko esonacen ceropnn DES?
Orner ononpemenno n npocr, n rpyen. Hpn npocrom ornere yunrtnaercx rontko nnna knmua (cm. pasen
7.1). Mamnna nx nckptrnx DES rpyon cnnon, cnoconax nanrn knmu n cpenem sa 3.5 uaca, n 1993 roy cronna
1 mnnnnon onnapon |1597, 1598]. DES ncnontsyercx ouent mnpoko, n nannno tno t npenonarart, uro NSA n
ananornunte oprannsannn n pyrnx crpanax ne nocrponnn no rakomy ycrponcrny. H ne satnanre, uro cronmocrt
ymentmaercx n 5 pas kaxte 10 ner. C reuennem npemenn DES yer cranonnrtcx nce menee n menee esonacntm.
nx rpynoro ornera nyxno nontrartcx onennrt kpnnroanannrnueckne merot. n||epennnantntn kpnnro a-
nanns tn nsnecren n NSA saonro o cepennt 70-x, kora DES nnepnte cran cranaprom. Hannno cunrart, uro
c rex nop reopernkn NSA nnuero ne enann, nourn nanepnxka onn paspaorann nonte kpnnroanannrnueckne mer o-
t, koropte moxno ncnontsonart npornn DES. Ho |akron y nac ner, onn cnyxn.
Bnnn Bnapnray (Winn Schwartau) nnmer, uro NSA nocrponno orpomnym napannentnym mamnny nx nckp t-
rnx DES yxe n cepenne 80-x |1404]. Ho kpannen mepe ona rakax mamnna tna nocrpoena n Harris Corp. C n c-
nontsonannem Cray Y-MP. Hpenonoxnrentno cymecrnyer px anropnrmon, koropte na neckontko nopxkon
ymentmamr cnoxnocrt nckptrnx DES rpyon cnnon. Konrekcrnte anropnrmt, ocnonannte na nnyrpennen paore
DES, nosnonxmr orpocnrt px knmuen, ncnontsyx uacrnunte pemennx. Crarncrnueckne anropnrmt ymentmamr
+||ekrnnnym nnny knmua eme cnntnee. pyrne anropnrmt rakxe nponepxmr nepoxrnte knmun - cnona, neu a-
raemte nocneonarentnocrn ASCII, n r.. (cm. pasen 8.1). Ho cnyxam NSA moxer nckptrt DES sa npemx or 3 o
15 mnnyr, n sanncnmocrn or roro kokon yer ntnonnenntn oem npenapnrentnon opaorkn. H kaxax rakax
mamnna cronr nopxka 50000 onnapon.
Cornacno pyrnm cnyxam, ecnn y NSA ecrt ontmoe konnuecrno orkptrtx rekcron n mn|porekcron, ero +k c-
neprt moryr ntnonnnrt nekoropte crarncrnueckne pacuert n sarem cunrart knmu ns apxnna na onrnuecknx n c-
kax.
H ro, uro +ro rontko cnyxn, ne aer mne uyncrno ynepennocrn n DES. 3ror anropnrm ouent onro tn ouent
ontmon mnmentm. Hourn nmoe nsmenenne DES nocnyxnr ononnnrentnon samnron, moxer trt nonyunnmn n-
cx mn|p n yer menee ycronunn k nckptrnm, no y NSA moxer ne okasartcx cpecrn pemennx +ron konkpernon
saaun.
pekomenym ncnontsonart cxemy Fnxama nx sanncxmnx or knmua S-nokon. Ona moxer trt nerko pean n-
sonana nporpammno nnn annaparno (c nomomtm mnkpocxem c sarpyxaemtmn S-nokamn), n ne npnnonr k norepe
+||ekrnnnocrn no cpannennm c DES. 3ra cxema nontmaer ycronunnocrt anropnrma k nckptrnm rpyon cnnon,
ycnoxnxer n||epennnantntn n nnnenntn kpnnroananns n sacrannxer NSA cronknyrtcx c anropnrmom, no kpa n-
nen mepe raknm xe cnntntm kak DES, no pyrnm.
Fnana 13 pyrne nounme mnqpm
13.1 LUCIFER
B konne 60-x IBM nauana ntnonnenne nccneonarentckon nporpammt no komntmrepnon kpnnrorpa|nn, nas t-
annon hmnn|epom (Lucifer) n pykononmon cnauana Xopcrom uencrenem (Horst Eeistel), a sarem Vonrom Taum e-
nom (Walt Tuchman). 3ro xe nasnanne - Lucifer - nonyunn nountn anropnrm, noxnnnmnncx n pesyntrare +ron
nporpammtn nauane 70-x |1482, 1484]. B encrnnrentnocrn cymecrnyer no mentmen mepe na pasnnuntx anr o-
pnrma c raknm nmenem |552, 1492]. |552] coepxnr px npoenon n cnenn|nkannn anropnrma. Bce +ro npnneno k
samernon nyrannne.
Lucifer - +ro naop nepecranonok n nocranonok, ero nokn noxoxn na nokn DES. B DES pesyntrar |ynknnn f
oennxercx c nomomtm XOR co nxoom npetymero +rana, opasyx nxo cneymmero +rana. V S-nokon anr o-
pnrma Lucifer 4-nronte nxot n 4-nronte ntxot, nxo S-nokon npecrannxer coon neperaconanntn ntxo
Snokon npetymero +rana, nxoom S-nokon nepnoro +rana xnnxercx orkptrtn rekcr. nx ntopa ncnontsy e-
moro S-noka ns nyx nosmoxntx npnmenxercx nr knmua. (Lucifer peannsyer +ro, kak onn T-nok c 9 nramn na
nxoe n 8 nramn na ntxoe.) B ornnune or DES nononnnt noka mexy +ranamn ne nepecrannxmrcx n noome
nonxrne nononnnt noka ne ncnontsyercx n anropnrme Lucifer. V +roro anropnrma 16 +ranon, 128-nronte nokn
n onee npocroe, uem n DES, pacnpeenenne knmuen.
Hpnmennn n||epennnantntn kpnnroananns k nepnon peannsannn Lucifer'a, Fnxam n Bamnp |170, 172] nok a-
sann, uro Lucifer c 32-nrontmn nokamn n 8 +ranamn moxer trt nsnoman c nomomtm 40 ntpanntx orkptrtx
rekcron sa 2
39
maron, ror xe cnoco nosnonnr nckptrt Lucifer c 128-nrontmn nokamn n 8 +ranamn c nomomtm
60 ntpanntx orkptrtx rekcron sa 2
53
maron. 18-+ranntn, 128-nrontn Lucifer nckptnaercx n||epennnan t-
ntm kpnnroanannsom c nomomtm 24 ntpanntx orkptrtx rekcron sa 2
21
maron. Bce +rn nckptrnx ncnontsonann
cnntnte S-nokn DES. Hpnmennn n||epennnantntn kpnnroananns npornn nropon peannsannn Lucifer, Fnxam n
Bamnp onapyxnnn, uro S-nokn namnoro cnaee, uem n DES. antnenmnn ananns nokasan, uro onee nononnnt
nosmoxntx knmuen ne xnnxmrcx esonacntmn |112]. Kpnnroananns co cnxsanntmn knmuamn moxer nsnomart
128-nrontn Lucifer c nmtm uncnom +ranon c nomomtm 2
33
ntpanntx orkptrtx rekcron nx ntpanntx kn m-
uen nnn 2
65
nsnecrntx orkptrtx rekcron nx ntpanntx knmuen |158]. Bropax peannsannx Lucifer eme cnaee
|170, 172, 112].
Hekoropte ymamr, uro Lucifer esonacnee, uem DES, ns-sa ontmen nnnt knmua n manoro konnuecrna ony -
nnkonanntx cneennn. Ho ouennno, uro +ro ne rak.
Lucifer xnnxercx oekrom neckontknx narenron CBA: |553, 554, 555, 1483]. Cpokn encrnnx ncex +rnx n a-
renron ncreknn.
13.2 MADRYGA
B.E. Mapnra (W. E. Madryga) npenoxnn +ror nountn anropnrm n 1984 roy |999]. On moxer trt +||e k-
rnnno peannsonan kak nporpamma: n nem ner naoennntx nepecranonok, n nce onepannn ntnonnxmrcx na a n-
ramn. Cronr nepeuncnnrt saaun, koropte peman anrop npn npoekrnponannn anropnrma:
1. Orkptrtn rekcr nentsx nonyunrt ns mn|porekcra es nomomn knmua. (3ro osnauaer rontko ro, uro a n-
ropnrm esonacen.)
2. Konnuecrno onepannn, nyxnoe nx onpeenennx knmua no nmemmnmcx mn|porekcry n orkptromy re k-
cry, onxno trt crarncrnueckn panno nponsneennm konnuecrna onepannn npn mn|ponannn na uncno
nosmoxntx knmuen. (3ro osnauaer, uro nnkakoe nckptrne c orkptrtm rekcrom ne moxer trt nyume,
uem nckptrne rpyon cnnon.)
3. Hsnecrnocrt anropnrma ne nnnxer na cnny mn|pa. (Fesonacnocrt nonnocrtm onp eenxercx knmuom.)
4. Hsmenenne onoro nra knmua onxno ntstnart nx roro xe orkptroro rekcra pankantnoe nsmenenne
mn|porekcra, n Hsmenenne onoro nra orkptroro rekcra onxno ntstnart nx roro xe knmua pa n-
kantnoe nsmenenne mn|porekcra. (3ro nannnntn + ||ekr.)
5. Anropnrm onxen coepxart nekommyrarnnnym komnnannm nocranonok n nepecran onok.
6. Hocranonkn n nepecranonkn, ncnontsyemte n anropnrme, onxnt onpeenxrtcx n nxontmn anntmn,
n knmuom.
7. Hstrounte rpynnt nron orkptroro rekcra onxnt trt nonnocrtm samacknponant n mn|porekcre.
8. nnna mn|porekcra onxna pannxrtcx nnne orkptroro rekcra.
9. He onxno trt npocrtx nsanmocnxsen mexy nmtmn nosmoxntmn knmuamn n ocoennocrxmn mn |-
porekcra.
10. Bce nosmoxnte knmun onxnt anart cnntntn mn|p. (He onxno trt cnatx kn muen.)
11. nnna knmua n rekcra moryr perynnponartcx nx peannsannn pasnnuntx rpeonannn k esonacnocrn.
12. Anropnrm onxen nosnonxrt +||ekrnnnym nporpammnym peannsannm na ontmnx m+nn|penmax, m n-
nnkomntmrepax, mnkpokomntmrepax n c nomomtm nckpernon nornkn. (Ho cyrn ncnontsyemte n anr o-
pnrme |ynknnn orpannuent XOR n nrontm cnnrom.)
DES yonnernopxn nepntm enxrn rpeonannxm, no nocnenne rpn tnn nontmn. B npenonoxennn, uro ny u-
mnm cnocoom nckptrnx anropnrma xnnxercx rpyax cnna, nepemennax nnna knmua, koneuno xe, sacrannr s a-
monuart rex, kro cunraer, uro 56 nron - +ro cnnmkom mano. Takne nmn moryr peannsonart +ror anropnrm c n m-
on nyxnon nm nnnon knmua. A nmon, kro kora-nnyt ntrancx peannsonart DES nporpammno, opayercx
anropnrmy, koroptn yunrtnaer nosmoxnocrn nporpammntx pean nsannn.
Onucauue Madryga
Madryga cocronr ns nyx nnoxenntx nnknon. Bnemnnn nnkn nonropxercx nocemt pas (no +ro konnuecrno m o-
xer trt ynennueno nx nontmennx) n coepxnr npnmenenne nnyrpennero nnkna k orkptromy rekcry. Bnyrpe n-
nnn nnkn npenpamaer orkptrtn rekcr n mn|porekcr, nonropxxct nx kaxoro 8-nronoro noka (anra) orkptr o-
ro rekcra. Cneonarentno, nect orkptrtn rekcr nocemt pas nocneonarentno opaartnaercx a nropnrmom.
Hrepannx nnyrpennero nnkna onepnpyer c 3-anrontm oknom anntx, nastnaemtm paounm kapom (cm. 12-
n). 3ro okno cmemaercx na 1 anr sa nrepannm. (Hpn paore c nocnennmn 2 anramn annte cunramrcx nnkn n-
ueckn samknyrtmn.) Hepnte na anra paouero kapa nnknnueckn cnnramrcx na nepemennoe uncno nosnnnn, a
nx nocnenero anra ntnonnxercx XOR c nekoroptmn nramn knmua. Ho mepe nponnxennx paouero kapa nce
anrt nocneonarentno "npamamrcx" n nonepramrcx onepannn XOR c uacrxmn knmua. Hocneonarentnte np a-
mennx nepememnnamr pesyntrart npetymnx onepannn XOR n npamennx, a pesyntrar XOR nnnxer na npam e-
nne. 3ro enaer nect nponecc oparnmtm.
1 2 3 ...
KL
1 2 3 ...
KL
1 2 3 4 5 6 ...
TL-2 TL-1 TL
WF(3) WF(2)
OLekf
cpeura
WF(1)
OLekf
npeopasoeauun
Cefuk
cpeura
XOR
XOR
8 ufoe
3 ufa
ROT
8 ufoe 8 ufoe 8 ufoe
Knk
Hpeopasoeauue
Uuknuecku
cpeur
euyucn
paou
kapp
Tekcf
Xsm-suaeuue
knka
Pnc. 13-1. Ona n1epannu Madryga.
Tak kak kaxtn anr anntx nnnxer na na anra cnena or cex n na onn anr cnpana, nocne noctmn npox o-
on kaxtn anr mn|porekcra sanncnr or 16 anron cnena n or noctmn anron cnpana.
Hpn mn|ponannn kaxax nrepannx nnyrpennero nnkna ycranannnnaer paounn kap na npenocnennn anr
orkptroro rekcra n nnknnueckn nepememaer ero k anry orkptroro rekcra, rpertemy cnena or nocnenero. Cnau a-
na nect knmu nonepraercx onepannn XOR co cnyuannon koncranron n sarem nnknnueckn cmemaercx nneno na 3
nra. Mnamne rpn nra mnamero anra paouero kapa coxpanxmrcx, onn onpeenxmr npamenne ocrantntx
nyx anron. 3arem nx mnamero anra paouero kapa ntnonnxercx onepannx XOR c mnamnm anrom knmua.
anee oennenne nyx crapmnx anron nnknnueckn cmemaercx nneno na nepemennoe uncno nron (or 0 o 7).
Hakonen paounn kap cmemaercx nnpano na onn anr n nect nponecc nonropxercx.
Cmtcn cnyuannon koncranrt n rom, urot npenparnrt knmu n ncenocnyuannym nocneonarentnocrt. nnna
koncranrt onxna trt panna nnne knmua. Hpn omene anntmn aonenrt onxnt nontsonartcx koncranron
onnakonon nnnt. nx 64-nronoro knmua Mapnra pekomenyer koncranry 0x0f1e2d3c4b5a6978.
Hpn emn|pnponannn nponecc nnneprnpyercx. Hpn kaxon nrepannn nnyrpennero nnkna paounn kap ycr a-
nannnnaercx na anr, rpernn cnena or nocnenero anra mn|porekcra, n nnknnueckn nepememaercx n oparnom
nanpannennn o anra, koroptn naxonrcx na 2 anra nenee nocnenero anra mn|porekcra. H knmu, n 2 anra
mn|porekcra n nponecce nnknnueckn cmemamrcx nanpano, a XOR ntnonnxercx nepe nnknnuecknmn cnnramn.
Kpunmoauauus u Madryga
Hccneonarenn ns Texnnueckoro ynnnepcnrera n Knnncnane (Queensland University of Technology) |675] n c-
cneonann Madryga nmecre c nekoroptmn pyrnmn nountmn mn|pamn. Onn onapyxnnn, uro n +rom anropnrme
ne npoxnnxercx nannnntn +||ekr nx npeopasonannx orkptroro rekcra n mn|porekcr. Kpome roro, no mnornx
mn|porekcrax nponenr ennnn tn ntme, uem nponenr nynen.
Xorx y menx ner cneennn o nponeennn |opmantnoro anannsa +roro anropnrma, on ne nponsnonr nneuarn e-
nne cynepnaexnoro. Hpn nonepxnocrnom snakomcrne c nnm 3nn Fnxam npnmen k cneymmnm ntnoam |160]:
Anropnrm cocronr rontko ns nnnenntx onepannn (nnknnueckoe cmemenne n XOR), nesnaunrentno nsmenxemtx n sannc n-
mocrn or anntx.
B +rom ner nnuero noxoxero na momt S-nokon DES.
uernocrt ncex nron mn|porekcra n orkptroro rekcra nensmenna n sanncnr rontko or knmua. Ho+romy, onaax orkptrtm
rekcrom n coornercrnymmnm mn|porekcrom, moxno npeckasart uernocrt mn|porekcra nx nmoro orkptroro rekcra.
Ho orentnocrn nn ono ns +rnx sameuannn ne xnnxmrcx kpnrnuecknmn, no +ror anropnrm ne ntstnaer y menx
nonoxnrentntx +monnn. ne pekomenym ncnontsonart Madryga.
13.3 NewDES
NewDES (nontn DES) tn cnpoekrnponan n 1985 roy Poeprom Ckorrom (Robert Scott) kak nosmoxnax sam e-
na DES |1405, 364]. Anropnrm ne xnnxercx mon|nkannen DES, kak moxer nokasartcx ns ero nasnannx. On on e-
pnpyer 64-nrontmn nokamn mn|porekcra, no ncnontsyer 120-nrontn knmu. NewDES npome, uem DES, n nem
ner nauantnon n saknmunrentnon nepecranonok. Bce onepannn ntnonnxmrcx na nentmn anramn. (Ha camom
ene NewDES nn konm opasom ne xnnxercx nonon nepcnen DES, nasnanne tno ntpano neyauno.)
Fnok orkptroro rekcra ennrcx na nocemt 1-anrontx nonokon: B
0
, B
1
, . . ., B
6
, B
7
. 3arem nonokn npoxoxr
uepes 17 +ranon. B kaxom +rane nocemt encrnnn. B kaxom encrnnn onn ns nonokon nonepraercx onep a-
nnn XOR c uacrtm knmua (ecrt ono ncknmuenne), samenxercx pyrnm anrom c nomomtm |ynknnn f n sarem
nonepraercx onepannn XOR c pyrnm nonokom, koroptn n samenxercx pesyntrarom. 120-nrontn knmu enn r-
cx na 15 nonokon knmua: K
0
, K
1
, . . ., K
13
, K
14
. Hponecc nerue nonxrt, ynnen ero cxemy, uem npounran ero on n-
canne. Anropnrm mn|ponannx NewDES nokasan na 11-n.
B1 B2
f
K
6
K
5
K
4
K
0
B3 B0 B
5
B
6
B
7
B
4
f
f
f
K
1
K
2
OfanL
3-15
Ofan 1
7
Ofan 16
Ofan
2
Ofan 1
K
3
f
f
f
f
K10
K9
K8
f
f
f
f
f
K11
f
f
f
K12
K13
K14
B1 B2 B3 B0 B
5
B
6
B
7
B
4
Pnc. 13-2. NewDES.
uynknnx f ntnonrcx ns eknapannn nesanncnmocrn. Hoponocrn moxno nanrn n |1405].
Ckorr nokasan, uro kaxtn nr noka orkptroro rekcra nnnxer na kaxtn nr mn|porekcra yxe nocne 7 +r a-
non. On rakxe npoanannsnponan |ynknnm f n ne namen kaknx-nno ouennntx nponem. NewDES onaaer ron
xe komnnnmenrapnocrtm, uro n DES |364]: ecnn E
K
(P} C, ro E
K
(P} C. 3ro ymentmaer oem paort, neo-
xonmon nx nckptrnx rpyon cnnon, c 2
110
encrnnn o 2
119
. Fnxam samernn, uro nmoe nsmenenne nonnoro a n-
ra, npnmenennoe ko ncem anram knmua n anntx, rakxe npnnonr k komnnnmenrapnocrn |160]. 3ro ymentmaer
oem rpyoro nckptrnx o 2
112
encrnnn.
3ro ne xnnxercx kpnrnuntm, no npenoxennoe Fnxamom kpnnroanannrnueckoe nckptrne co cnxsanntmn kn m-
uamn moxer nckptrt NewDES c nomomtm 2
33
ntpanntx orkptrtx rekcron nx ntpanntx knmuen sa 2
48
en-
crnnn |160]. Xorx rakoe nckptrne rpeyer mnoro npemenn n n ontmon crenenn xnnxercx reopernuecknm, ono n o-
kastnaer, uro NewDES cnaee, uem DES.
13.4 FEAL
EEAL tn npenoxen Aknxnpo Bnmysy (Akihiro Shimizu) Boxn Mnxryun (Shoji Miyaguchi) ns NTT Japan
|1435]. B nem ncnontsymrcx 64-nrontn nok n 64-nrontn knmu. Ero nex cocronr n rom, urot cosart anr o-
pnrm, noontn DES, no c onee cnntnon |ynknnen +rana. Hcnontsyx mentme +ranon, +ror anropnrm mor t p a-
orart tcrpee. K necuacrtm encrnnrentnocrt okasanact aneka or nenen npoekra.
Onucauue FEAL
Ha 10-n npecrannena nok-cxema onoro +rana EEAL. B kauecrne nxoa nponecca mn|ponannx ncnontsyercx
64-nrontn nok orkptroro rekcra. Cnauana nok anntx nonepraercx onepannn XOR c 64 nramn knmua. 3 a-
rem nok anntx pacmennxercx ne nenym n npanym nononnnt. Oennenne nenon n npanon nononnn c nomomtm
XOR opasyer nonym npanym nononnny. henax nononnna n nonax npanax nononnna npoxoxr uepes n +ranon
(nepnonauantno uertpe). Ha kaxom +rane npanax nononnna oennxercx c nomomtm |ynknnn f c mecrnanartm
nramn knmua n c nomomtm XOR - c nenon nononnnon, cosanax nonym npanym nononnny. Hcxonax npanax n o-
nonnna (na nauano +rana) cranonnrcx nonon nenon nononnnon. Hocne n +ranon (ne satnanre, uro nenax n npanax
nononnnt ne nepecrannxmrcx nocne n-ro +rana) nenax nononnna cnona oennxercx c nomomtm XOR c npanon
nononnnon, opasyx nonym npanym nononnny, sarem nenax n npanax coennxmrcx nmecre n 64-nronoe nenoe. Fnok
anntx oennxercx c nomomtm XOR c pyrnmn 64 nramn knmua, n anropnrm sanepmaercx.
f
(
K8
,
K9
,
K10
,
K11
)
{
(
K12
,
K13
,
K14
,
K15
)
}
64 ufa
32 ufa
32 ufa
64 ufa
OfkpLfL fekcf
f
f
L
8
{R
0
} R
8
{L
0
}
L7 {R1}
R
7
{L
1
}
L1 {R7}
R
1
{L
7
}
R0 {L
8
}
L0 {R
8
}
L0 {R
8
}
R0 {L
8
}
K0 {K7}
K1 {K6}
K7 {K0}
(
K12
,
K13
,
K14
,
K15
)
{
(
K8
,
K9
,
K10
,
K11
)
}
{}
: emuqpupoeauue
64 ufa
Luqpofekcf
Pnc. 13-3. Onn +1an FEAL.
uynknnx f eper 32 nra anntx n 16 nron knmua n cmemnnaer nx nmecre. Cnauana nok anntx pasnnaercx
na 8-nronte kycoukn, koropte sarem oennxmrcx c nomomtm XOR n samenxmr pyr pyra. Fnok-cxema |yn k-
nnn f npecrannena na 9-n. ne |ynknnn S
0
n S
1
onpeenxmrcx cneymmnm opasom:
S
0
(a,b) nnknnuecknn cnnr nneno na na nra (( a b) mod 256)
S
1
(a,b) nnknnuecknn cnnr nneno na na nra(( a b 1) mod 256)
S1
S
0
S
1
S
0
32 ufa
a
3
a
2
f
(
a
,
b
)
a
1
a
b
0
a
0
16
ufoe
b
Pnc. 13-4. mynxnnu f.
Tor xe anropnrm moxer trt ncnontsonan nx emn|pnponannx. Enncrnenntm ornnunem xnnxercx ro, uro
npn emn|pnponannn nopxok ncnontsonannx uacren knmua menxercx na oparntn.
Ha 8-n npecrannena nok-cxema |ynknnn renepannn knmua. Cnauana 64-nrontn knmu ennrcx na ne non o-
nnnt, k koroptm npnmenxmrcx onepannn XOR n |ynknnn f
k
, kak nokasano na cxeme. Ha 7-n nokasana nok-cxema
|ynknnn f
k
. na 32-nrontx nxoa pasnnamrcx na 8-nronte nokn, oennxemte n samenxemte n coornerc r-
nnn co cxemon. S
0
n S
1
onpeenxmrcx, kak nokasano na pncynke. 3arem n anropnrme mn|ponannx/emn|pnponannx
ncnontsymrcx 16-nronte nokn knmua.
Ha mnkponponeccope 80286/10 MIn accemnepnax peannsannx EEAL-32 moxer mn|ponart annte co ckop o-
crtm 220 Knr/c. EEAL-64 moxer mn|ponart annte co ckopocrtm 120 Knr/c |1104].
f
64 ufa
32 ufa
32 ufa
32 ufa
Enok knka
B
0
A
0
f
K
0
, K
1
D
7
D
1
B
1
A
1
K2, K3
f
B
7
A
7
K
14
, K
15
Pnc. 13-5. Opao1xa xnmua n FEAL.
S1
S
0
S1
X
2
Y
X
1
S
0
a
i
,
b
i
- 8
uf
32 ufa
32 ufa
32 ufa
a
3
a
2
a
1
a
b
b
3
f
K(=,>)
b
2
b
1
b
0
a
0
Y=S
0
(X
1
,X
2
)=Rot2((X
1
+X
2
) mod 256)
Y=S
1
(X
1
,X
2
)=Rot2((X
1
+X
2
+1) mod 256)
Y:
eLxopuLe 8 ufoe,
X
1
,X
2
(8
ufoe): exopL
Rot2
(
Y
): uknuecku cpeur eneeo ua 2 ufa
8-ufoeLx pauuLx
Y
Pnc. 13-6. mynxnnu f
K
.
Kpunmoauauus FEAL
Vcnemntn kpnnroananns EEAL-4, EEAL c uertptmx +ranamn, tn ntnonnen c nomomtm nckptrnx c ntpa n-
ntmn orkptrtmn rekcramn |201], a nosxe cnaocrt +roro anropnrma tna nokasana n |1132]. Hocnenee nckp t-
rne, ntnonnennoe Cnnom Mep|n (Sean Murphy), tno nepntm onynnkonanntm nckptrnem, ncnontsonanmnm
n||epennnantntn kpnnroananns, n nx nero norpeonanoct rontko 20 ntpanntx orkptrtx rekcron. Ornerom
paspaorunkon cran 8-+ranntn EEAL |1436, 1437, 1108], kpnnroananns koroporo tn npecrannen Fnxamom n
Bamnpom na kon|epennnn SECURICOM '89 |1424]. nx nckptrnx EEAL-8 c ntpanntmn orkptrtmn rekcramn
norpeonanoct rontko 10000 nokon |610], uro sacrannno paspaorunkon anropnrma sacyunrt pykana n onpe e-
nnrt EEAL-N |1102, 1104], anropnrm c nepemenntm uncnom +ranon (koneuno xe, ontmnm 8).
Fnxam n Bamnp npnmennnn npornn EEAL-N n||epennnantntn kpnnroananns, xorx onn mornn t eme t-
crpee nckptrt ero rpyon cnnon (c nomomtm menee, uem 2
64
mn|ponannn ntpannoro orkptroro rekcra) nx N ,
mentmero 32. |169]. nx nckptrnx EEAL-16 nyxno 2
28
ntpanntx nnn 2
46.5
nsnecrntx orkptrtx rekcron. nx
nckptrnx EEAL-8 rpeyercx 2000 ntpanntx nnn 2
37.5
nsnecrntx orkptrtx rekcron. EEAL-4 moxer trt nckptr
c nomomtm ncero 8 npannntno ntpanntx orkptrtx rekcron.
Paspaorunkn EEAL onpeennnn rakxe mon|nkannm EEAL - EEAL-NX, n koropon ncnontsyercx 128-
nrontn knmu (cm. 6-n) |1103, 1104]. Fnxam n Bamnp nokasann, uro nx nmoro snauennx N EEAL-NX co 128-
nrontm knmuom nsnamtnart ne cnoxnee, uem EEAL-N c 64-nrontm knmuom |169]. Heanno tn npenoxen
EEAL-N(X)S, ycnnnnammnn EEAL sa cuer nnamnueckon |yn knnn omena mecramn |1525].
f
32 ufa
Opaofka ufa efuocfu
K
L
K
R2
K
R2
K
R
1
K
R
1
K
R
Enok knka (
K
L
|K
R
):
128 ufoe
B
0
A
0
f
K
0
, K
1
D
1
Q
2
Q
1
B
1
A
1
K2, K3
D
N/2+2
f
B
N/2+3
B
N/2+2
A
N/2+2
K
N+4
, K
N+5
32 ufa
D
N/2+
3
f
A
N/2+
3
K
N+
6, K
N+
7
f
D2
Q
N/2+4
Q
N/2+
3
Q3
B2 A2
K4, K5
Q
r
=K
R
1
K
R2
, r=1, 4, 7, ...
Q
r
=K
R
1, r=2, 5, 8, ...
Q
r
=K
R2
, r=3, 6, 9, ...
K
2(r-1)
:
neean nonoeuua
B
r
(16 ufoe)
K
2(r-1)
+1:
npaean nonoeuua
B
r
(16 ufoe)
-ucno ufepau:
N/2+4
Pnc. 13-7. Opao1xa xnmua n FEAL-NX.
Fonee roro. B |1520] tno npecranneno pyroe nckptrne EEAL-4, rpeymmee rontko 1000 nsnecrntx orkp t-
rtx rekcron, n EEAL-8, nx koroporo nyxno rontko 20000 nsnecrntx orkptrtx rekcron. pyrne nckptrnx npnn e-
ent n |1549, 1550]. Hannyumnm xnnxercx ntnonnennoe Mnnypy Manyn (Mitsuru Matsui) n Armynpo marnmn
(Atshuiro Yamagishi) |1020]. 3ro tno nepnoe npnmenenne nnnennoro kpnnroanannsa, n ono nosnonnno nckptrt
EEAL-4 c nomomtm 5 nsnecrntx orkptrtx rekcron, EEAL-6 - c nomomtm 100 nsnecrntx orkptrtx rekcron, a
EEAL-8 - c nomomtm 2
15
nsnecrntx orkptrtx rekcron. antnenmne yrounennx moxno nanrn n |64]. n||epe n-
nnantntn kpnnroananns nosnonxer nckptnart EEAL-8, ncnontsyx rontko 12 ntpanntx orkptrtx rekcron |62].
Kro t ne nsopen nontn mero kpnnroanannrnueckoro nckptrnx, kaxercx, uro on ncera cnauana npoyer ero na
EEAL.
Hameumm
EEAL sanarenronan n Coennenntx Brarax |1438], coornercrnymmne narenrt npnnxrt k paccmorpennm n
Anrnnn, upannnn n Iepmannn. +enammnn nnnensnponart ncnontsonanne anropnrma onxen cnxsartcx c epa n-
ramenrom nnrennekryantnon cocrnennocrn (Intellectual Property Department), NTT, 1-6 Uchisaiwai-cho, 1-chome,
Chiyada-ku, 100 Japan.
13.5 REDOC
REDOC II npecrannxer coon pyron nountn anropnrm, paspaoranntn Manknom Byom (Michael Wood)
nx Cryptech, Inc. |1613, 400]. B nem ncnontsymrcx 20-anrontn (160-nrontn) knmu n 80-nrontn nok.
REDOC II ntnonnxer nce mannnynxnnn - nepecranonkn, nocranonkn n XOR c knmuom - c anramn, +ror a n-
ropnrm +||ekrnnen npn nporpammnon peannsannn. REDOC II ncnontsyer menxmmnecx rannunte |ynknnn. B
ornnune or DES, nmemmero |nkcnponanntn (xorx n onrnmnsnponanntx nx esonacnocrn) naop rannn nocr a-
nonok n nepecranonok REDOC II ncnontsyer sanncnmte or knmua n orkptroro rekcra naopt rannn (no cyrn S-
nokon). V REDOC II 10 +ranon, kaxtn +ran npecrannxer coon cnoxnym nocneonarentnocrt mannnynxnnn c
nokom.
pyron ynnkantnon ocoennocrtm xnnxercx ncnontsonanne uacox, koropte xnnxmrcx uncnamn, nonyuenntmn
ns rannnt knmuen, n ncnontsymrcx nx ntopa rannn annon |ynknnn nx annoro +rana. nx ntopa rannn
|ynknnn ncnontsymrcx kak snauenne anntx, rak n mackn.
Hpn ycnonnn, uro camtm +||ekrnnntm cpecrnom nckptrnx +roro anropnrma xnnxercx rpyax cnna, REDOC II
ouent naexen: nx nckptrnx knmua rpeyercx 2
160
onepannn. Tomac Kysnk (Thomas Cusick) ntnonnnn kpnnro a-
nanns onoro +rana REDOC II, no emy ne yanoct pacmnpnrt nckptrne na neckontko +ranon |400]. Hcnontsyx
n||epennnantntn kpnnroananns, Fnxam n Bamnp ocrnrnn ycnexa n kpnnroanannse onoro +rana REDOC II c
nomomtm 2300 ntpanntx orkptrtx rekcron |170]. Onn ne cmornn pacmnpnrt +ro nckptrne na neckontko +r a-
non, no nm yanoct nonyunrt rpn snauennx mackn nocne 4 +ranon. O pyrnx nontrkax kpnnroanannsa mne ne n s-
necrno.
REDOC III
REDOC npecrannxer coon ynpomennym nepcnm REDOC II, rakxe paspaorannym Manknom Byom |1615].
On paoraer c 80-nrontm nokom. nnna knmua moxer menxrtcx n ocrnrart 2560 anron (20480 nron). Anr o-
pnrm cocronr rontko ns onepannn XOR nx anron knmua n orkptroro rekcra, nepecranonkn nnn nocranonkn ne
ncnontsymrcx.
(1) Cosart rannny knmuen ns 256 10-anrontx knmuen, ncnontsyx cekperntn knmu.
(2) Cosart 2 10-anrontx noka mackn M
1
n M
2
. M
1
npecrannxer coon XOR nepntx 128 10-anrontx kn m-
uen, a M
2
- XOR nroptx 128 10-anrontx knmuen.
(3) nx mn|ponannx 10-anronoro noka:
(a) Btnonnnrt XOR nx nepnoro anra noka anntx n nepnoro anra M
1
. Btpart knmu ns rannnt
knmuen, paccunrannon na +rane (1). Hcnontsonart ntuncnennoe snauenne XOR n kauecrne nnekca
rannnt. Btnonnnrt XOR kaxoro, kpome nepnoro, anra noka anntx c coornercrnymmnm anrom
ntpannoro knmua.
(b) Btnonnnrt XOR nx nroporo anra noka anntx n nroporo anra M
1
. Btpart knmu ns rannnt
knmuen, paccunrannon na +rane (1). Hcnontsonart ntuncnennoe snauenne XOR n kauecrne nnekca
rannnt. Btnonnnrt XOR kaxoro, kpome nroporo, anra noka anntx c coornercrnymmnm anrom
ntpannoro knmua.
(c) Hpoonxart nx ncero noka anntx (nx anron c 3 no 10), noka kaxtn anr ne yer ncnontsonan
nx ntopa knmua ns rannnt nocne ntnonnennx nx nero XOR c coornercrnymmnm snauennem M
1
.
3arem ntnonnnrt XOR c knmuom nx kaxoro, kpome ncnontsonannoro nx ntopa knmua, anra.
(d) Honropnrt nx M
2
+rant (a)-(c).
3ror anropnrm necnoxen n tcrp. Ha 33 merarepnonom nponeccope 80386 on mn|pyer annte co ckopocrtm
2.75 Mnr/c. By onennn, uro konnenepnsnponannax peannsannx na CFHC c 64 nronon mnnon anntx morna t
mn|ponart annte co ckopocrtm cntme 1.28 Inr/c npn rakronon uacrore 20 MIn.
REDOC III ne esonacen |1440]. On uyncrnnrenen k n||epennnantnomy kpnnroanannsy. nx noccranonnennx
oenx macok nyxno ncero npnmepno 223 ntpanntx orkptrtx rekcron.
Hameumm u uuueusuu
Oe nepcnn REDOC sanarenronant n Coennenntx mrarax |1614]. Paccmarpnnamrcx n nnocrpannte narenrt.
Hpn sannrepeconannocrn n REDOC II nnn REDOC III opamanrect k Mankny Byy (Michael C. Wood, Delta
Computec, Inc., 6647 Old Thompson Rd., Syracuse, NY 13211).
13.6 LOKI
LOKI paspaoran n Ancrpannn n nnepnte tn npecrannen n 1990 roy n kauecrne nosmoxnon antrepnarnnt
DES |273]. B nem ncnontsymrcx 64-nrontn nok n 64-nrontn knmu. Omax crpykrypa anropnrma n ncnonts o-
nannx knmua onncana n |274, 275], a cxema S-nokon - n |1247].
Hcnontsyx n||epennnantntn kpnnroananns, Fnxam n Bamnp cmornn nsnomart LOKI c 11 n menee +ranamn
tcrpee, uem rpyon cnnon |170]. Fonee roro, anropnrm onaaer 9-nronon komnnnmenrapnocrtm, uro ymentm a-
er cnoxnocrt nckptrnx rpyon cnnon n 256 pas |170, 916, 917].
hapc Knycen (Lars Knudsen) nokasan, uro LOKI c 14 n menee +ranamn uyncrnnrenen k n||epennnantnomy
kpnnroanannsy |852, 853]. Kpome roro, ecnn n LOKI ncnontsymrcx antrepnarnnnte S-nokn, nonyuammnncx
mn|p nepoxrno rakxe yer uyncrnnrenen k n||epennnantnomy kpnnroanannsy.
LOKI91
B orner na +rn nckptrnx paspaorunkn LOKI nepnynnct sa ueprexnym ocky n nepecmorpenn cnon anropnrm.
Pesyntrarom tno noxnnenne LOKI91 |272]. (Hpetymax nepcnx LOKI tna nepenmenonana n LOKI89.)
urot nontcnrt ycronunnocrt anropnrma k n||epennnantnomy kpnnroanannsy n nsannrtcx or komnnnme n-
rapnocrn, n opnrnnantntn npoekr tnn nnecent cneymmne nsmenennx:
1. Anropnrm renepannn noknmuen tn nsmenen rak, urot nononnnt nepecrannxnnct ne nocne kaxoro,
a nocne kaxoro nroporo +rana.
2. Anropnrm renepannn noknmuen tn nsmenen rak, urot konnuecrno nosnnnn nnknnueckoro cnnra n e-
noro noknmua tno panno ro 12, ro 13 nram.
3. Ftnn ycrpanent nauantnax n saknmunrentnax onepannn XOR noka n knmua.
4. Ftna nsmenena |ynknnx S-noka c nentm crnanrt XOR npo|nnn S-nokon (urot nontcnrt nx ycro n-
unnocrt k n||epennnantnomy kpnnroanannsy), n ne onycrnrt, urot nx kakoro-ro snauennx ntno n-
nxnoct f(x) 0, re f - +ro komnnannx E-, S- n P-nokon.
Onucauue LOKI91
Mexannsm LOKI91 noxox na DES (cm. Pnc. 13-8). Fnok anntx ennrcx na nenym n npanym nononnnt n np o-
xonr uepes 16 +ranon, uro ouent noxoe na DES. Ha kaxom +rane npanax nononnna cnauana nonepraercx on e-
pannn XOR c uacrtm knmua, a sarem na nen ntnonnxercx nepecranonka c pacmnpennem (cm. Tan. 13-1).
Knk OfkpLfL fekcf
K
L
32 K
R
32
R 32 L 32
ROL 13
ROL 12
K(2)
32
P S E
P S E
P S E
P S E
P S E
P S E
Luqpofekcf
ROL 13
ROL 12
K(3)
32
K(
4
)
32
ROL 13
ROL 12
K(
15
)
32
K(
16
)
32
Pnc. 13-8. LOKI91.
Tan. 13-1.
Hepec1anonxa c pacmnpenneu
4, 3, 2, 1, 32, 31, 20, 29, 28, 27, 26, 25,
28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
20, 19, 18, 17, 16, 15, 14, 13, 12, 11, 10, 9,
12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1
48-nrontn pesyntrar ennrcx na uertpe 12-nrontx noka, nx kaxoro ns koroptx ntnonnxercx cneymmax
nocranonka c ncnontsonannem S-noka: epercx kaxtn 12-nrontn nxo, no 2 kpannnx nentx n kpannnx np a-
ntx nra ncnontsymrcx nx nonyuennx nomepa r, n 8 nenrpantntx nr opasymr nomep c. Pesyntrarom S-noka -
O - xnnxercx cneymmee snauenne:
O(r,c) (c ((r* 17) 0xff) & 0xff)
31
mod P
r
P
r
npnneeno n Tan. 13-2.
Tan. 13-2.
P
r
r. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16
P
r
: 375, 279, 391, 395, 397, 415, 419, 425, 433, 445, 451, 463, 471, 477, 487, 488
3arem uertpe 8-nrontx pesyntrara cnona oennxmrcx, opasyx 32-nronoe uncno, koropoe nonepraercx
onepannn nepecranonkn, onncannon n Tan. 13-3. Hakonen nx nonyuennx nonon nenon nononnnt ntnonnxercx
XOR npanon nononnnt c npexnen nenon nononnnon, a nenax nononnna cranonnrcx nonon npanon nononnnon. H o-
cne 16 +ranon nx nonyuennx okonuarentnoro mn|porekcra cnona ntnonnxercx XOR noka n knmua.
Tan. 13-3.
Hepec1anonxa c nouomnm P-noxa
32, 24, 16, 8, 31, 23, 15, 7, 30, 22, 14, 6, 29, 21, 13, 5,
28, 20, 12, 4, 27, 19, 11, 3, 26, 18, 10, 2, 25, 17, 9, 1
Hoknmun ns knmua ntenxmrcx ocrarouno npxmonnnenno. 64-nrontn knmu pasnnaercx na nenym n np a-
nym nononnnt. Ha kaxom +rane noknmuom xnnxercx nenax nononnna. anee ona nnknnueckn cnnraercx nneno
na 12 nnn 13 nron, sarem nocne kaxtx nyx +ranon nenax n npanax nononnnt menxmrcx mecramn. Kak n n DES
nx mn|ponannx n emn|pnponannx ncnontsyercx onn n ror xe anropnrm c nekoroptmn nsmenennxmn n ncnon t-
sonannn noknmuen.
Kpunmoauauus LOKI91
Knycen npenpnnxn nontrky kpnnroanannsa LOKI91 |854, 858], no namen, uro +ror anropnrm ycronunn k
n||epennnantnomy kpnnroanannsy. Onako emy yanoct onapyxnrt, uro nckptrne co cnxsanntmn knmuamn
nx ntpanntx orkptrtx rekcron ymentmaer cnoxnocrt nckptrnx rpyon cnnon nourn nuernepo. 3ro nckptrne
ncnontsyer cnaocrt ncnontsonannx knmua n moxer trt rakxe npnmeneno, ecnn anropnrm ncnontsyercx n kau e-
crne ononanpannennon x+m-|ynknnn (cm. pasen 18.11).
pyroe nckptrne co cnxsanntmn knmuamn moxer nckptrt LOKI91 c nomomtm 2
32
ntpanntx orkptrtx rek-
cron nx ntpanntx knmuen nnn c nomomtm 2
48
nsnecrntx orkptrtx rekcron nx ntpanntx knmuen |158]. 3ro
nckptrne ne sanncnr or uncna +ranon anropnrma. (B ron xe paore Fnxam nckptnaer LOKI89, ncnontsyx kpn n-
roananns co cnxsanntmn knmuamn, c nomomtm 2
17
ntpanntx orkptrtx rekcron nx ntpanntx knmuen nnn c
nomomtm 2
33
nsnecrntx orkptrtx rekcron nx ntpanntx knmuen.) Hecnoxno nontcnrt ycronunnocrt LOKI91 k
nckptrnm rakoro rnna, ycnoxnnn cxemy ncnontsonannx knmua.
Hameumm u uuueusuu
LOKI ne sanarenronan. Kro yrono moxer peannsonart anropnrm n ncnontsonart ero. Hcxontn ko, npnn e-
enntn n +ron knnre, nanncan n Vnnnepcnrere Honoro Rxnoro V+ntca. Hpn xenannn ncnontsonart +ry peanns a-
nnm (nnn pyrne peannsannn, koropte na neckontko nopxkon tcrpee) n kommepueckom npoykre opamanrect k
npekropy CITRAD, uakyntrer komntmrepntx nayk, Vnnnepcnrercknn konnex, Vnnnepcnrer Honoro Rxnoro
V+ntca, Akaemnx ancrpannncknx noopyxenntx cnn, Kaneppa, Ancrpannx (Director CITRAD, Department of
Computer Science, University College, UNSW, Australian Defense Eorce Academy, Canberra ACT 2600, Australia;
EAX: 61 6 268 8581.
13.7 KHUFU n KHAFRE
B 1990 roy Pant| Mepkn (Ralph Merkle) npenoxnn na anropnrma. B ocnone nx npoekrnponannx nexann
cneymmne npnnnnnt |1071]:
1. 56-nrontn pasmep knmua DES cnnmkom man. Tak kak cronmocrt ynennuennx pasmepa knmua npene -
pexnmo mana (komntmrepnax namxrt neopora n ocrynna), on onxen trt ynennuen.
2. Hnrencnnnoe ncnontsonanne nepecranonok n DES xorx n yono nx annaparntx peannsannn, upesn t-
uanno sarpynxer nporpammnte peannsannn. Hanonee tcrpte peannsannn DES ntnonnxmr nepecr a-
nonkn rannuntm opasom. Hpocmorp rannnt moxer oecneunrt re xe xapakrepncrnkn "paccexnnx",
uro n cocrnenno nepecranonkn, n moxer cenart peannsannm namnoro onee rnkon.
3. S-nokn DES, ncero c 64 4-nrontmn +nemenramn, cnnmkom mant. Tenept c ynennuennem namxrn
onxnt ynennunrtcx n S-nokn. Fonee roro, nce nocemt S-nokon ncnontsymrcx ononpemenno. Xorx
+ro n yono nx annaparypt, nx nporpammnon peannsannn +ro kaxercx nenyxntm orpannuennem.
onxnt trt peannsonant ontmnn pasmep S-nokon n nocneonarentnoe (a ne napannentnoe) nx n c-
nontsonanne.
4. Bnpoko npnsnano, uro nauantnax n saknmunrentnax nepecranonkn kpnnrorpa|nueckn eccmtcnennt,
no+romy onn onxnt trt ycrpanent.
5. Bce tcrpte peannsannn DES sapanee paccunrtnamr knmun nx kaxoro +rana. Hpn annom ycnonnn
ner cmtcna ycnoxnxrt +rn ntuncnennx.
6. B ornnune or DES kpnrepnn npoekrnponannx S-nokon onxnt trt omeocrynnt.
K +romy nepeunm Mepkn, nosmoxno, renept oannn t "ycronunnocrt k n||epennnantnomy n nnnennomy
kpnnroanannsy", net n ro npemx +rn cnocot nckptrnx ne tnn nsnecrnt.
Khufu
Khufu - +ro 64-nrontn nountn mn|p. 64-nrontn orkptrtn recr cnauana pasnnaercx na ne 32-nronte
nononnnt, L n R. Ha oenmn nononnnamn n onpeenenntmn uacrxmn knmua ntnonnxercx onepannx XOR. 3arem,
ananornuno DES, pesyntrart npoxoxr uepes nekoropym nocneonarentnocrt +ranon. Ha kaxom +rane mnamnn
snauamnn anr L ncnontsyercx n kauecrne nxontx anntx S-noka. V kaxoro S-noka 8 nxontx nron n 32
ntxontx nra. anee ntpanntn n S-noke 32-nrontn +nemenr nonepraercx onepannn XOR c R. 3arem L nnk-
nnueckn cnnraercx ne neckontko ns noctmn nron, L n R menxmrcx mecramn, n +ran sakanunnaercx. Cam S-nok
ne xnnxercx crarnuecknm, no menxercx kaxte nocemt +ranon. Hakonen nocne nocnenero +rana na L n R ntnon-
nxercx onepannx XOR c pyrnmn uacrxmn knmua, n nononnnt oennxmrcx, opasyx nok mn|porekcra.
Xorx uacrn knmua ncnontsymrcx nx XOR c nokom mn|ponannx n nauane n n konne anropnrma, rnannax nent
knmua -renepannx S-nokon. 3rn S-nokn - cekpernt, no cyrn xnnxmrcx onn xnnxmrcx uacrtm knmua. Honntn
pasmep knmua Khufu panen 512 nram (64 anram), anropnrm npeocrannxer cnoco renepannn S-nokon no kn m-
uy. Konnuecrno +ranon anropnrma ocraercx orkptrtm. Mepkn ynomxnyn, uro 8-+ranntn Khufu uyncrnnrenen k
nckptrnm c ntpanntm orkptrtm rekcrom n pekomenyer 16, 24 nnn 32 +rana |1071]. (On orpannunnaer ntop
konnuecrna +ranon uncnamn, kparntmn noctmn.)
Tak kak n Khufu ncnontsymrcx sanncnmte or knmua n cekpernte S-nokn, on ycronunn k n||epennnantnomy
kpnnroanannsy. Cymecrnyer n||epennnantnoe nckptrne 16-+rannoro Khufu, koropoe packptnaer knmu nocne 2
31
ntpanntx orkptrtx rekcron |611], no ero ne yanoct pacmnpnrt na ontmee konnuecrno +ranon. Ecnn nyumnm
cnocoom nckptrt Khufu xnnxercx rpyax cnna, ro ero naexnocrt nponsnonr cnntnoe nneuarnenne. 512-nrontn
knmu oecneunnaer cnoxnocrt 2
512
- orpomnoe uncno npn nmtx ycnonnxx.
Khafre
Khafre - +ro nropax ns kpnnrocncrem, npenoxenntx Mepknom |1071]. (Khufu (Xy|y) n Khafre (Xa|p) - +ro
nmena ernnercknx |apaonon.) Ho koncrpyknnn +ror anropnrm noxox na Khufu, no on cnpoekrnponan nx npnn o-
xennn, ne ncnontsymmnx npenapnrentntx ntuncnennn. S-nokn ne sanncxr or knmua. Bmecro +roro Khafre n c-
nontsyer |nkcnponannte S-nokn. Fnok mn|ponannx nonepraercx onepannn XOR c knmuom ne rontko nepe
nepntm +ranom n nocne nocnenero, no n nocne kaxtx 8 +ranon mn|ponannx.
Mepkn npenonoxnn, uro c Khafre onxnt ncnontsonartcx 64- nnn 128-nronte knmun, n uro nx Khafre n o-
rpeyercx ontme +ranon, uem nx Khufu. 3ro napxy c rem, uro kaxtn +ran Khafre cnoxnee +rana Khufu, enaer
Khafre onee menenntm. 3aro nx Khafre ne nyxnt nnkakne npenapnrentnt pacuert, uro nosnonxer tcrpee
mn|ponart neontmne nopnnn anntx.
B 1990 roy Fnxam n Bamnp npnmennnn cnon mero n||epennnantnoro anannsa npornn Khafre |170]. Hm
yanoct nsnomart 16-+ranntn Khafre c nomomtm nckptrnx c ntpanntm orkptrtm rekcrom nocne 1500 pasnn u-
ntx mn|ponannn. Ha nx nepconantnom komntmrepe +ro sanxno okono uaca. Hpeopasonanne +roro nckptrnx no
nckptrne c nsnecrntm orkptrtm rekcrom norpeyer okono 238 mn|ponannn. Khafre c 24 +ranamn moxer trt
nckptr c nomomtm nckptrnx c ntpanntm orkptrtm rekcrom sa 253 mn|ponannx, a c nomomtm nckptrnx c n s-
necrntm orkptrtm rekcrom - sa 259 mn|ponannx.
Hameumm
H Khufu, n Khafre sanarenronant |1072]. Hcxontn ko +rnx anropnrmon coepxnrcx n narenre. Hpn xenannn
nonyunrt nnnensnm na nmon nnn oa anropnrma cneyer oparnrtcx k npekropy no nnnensnponannm kopnop a-
nnn Xerox (Director of Licensing, Xerox Corporation, P.0. Box 1600, Stamford, CT, 06904-1600).
13.8 RC2
RC2 npecrannxer coon anropnrm c nepemennon nnnon knmua, cnpoekrnponanntn Ponom Pnnecrom (Ron
Rivest) nx RSA Data Security, Inc. (RSADSI). Ouennno "RC" - +ro cokpamennoe "Ron's Code'' ("Ko Pona"), xorx
o|nnnantno +ro "Rivest Cipher'' ("Bn|p Pnnecra"). (RC3 tn nsnoman n RSADSI n nponecce paspaorkn, RC1 ne
ntmen sa npeent sanncnon knnxkn Pnnecra.) On npecrannxer coon uacrnym cocrnennocrt, n ero erann ne
tnn onynnkonant. He ymanre nn mnnyrt, uro +ro ynennunnaer ero esonacnocrt. RC2 yxe noxnnncx n ko m-
mepuecknx npoykrax. Hackontko mne nsnecrno, RC2 ne tn sanarenronan n samnmen rontko kak roprontn ce k-
per.
RC2 - +ro mn|p c 64-nrontm nokom n nepemennon nnnon knmua, npenasnauenntn samennrt DES. B coo r-
nercrnnn c yrnepxennxmn komnannn nporpammnte peannsannn RC2 n rpn pasa tcrpee DES. Anropnrm moxer
ncnontsonart knmu nepemennon nnnt, or 0 anron o makcnmantnon nnnt crpokn, noepxnnaemon komnt m-
repnon cncremon, ckopocrt mn|ponannx ne sanncnr or pasmepa knmua. 3ror knmu npenapnrentno ncnontsyercx
nx sanonnennx 128-anronon rannnt, sanncxmen or knmua. Ho+romy mnoxecrno encrnnrentno pasnnuntx
knmuen cocrannxer 21024. RC2 ne ncnontsyer S-nokon |805], ncnontsymrcx ne onepannn - "cmemnnanne" n
"nepememnnanne" ("mix" n "mash"), nx kaxoro +rana ntnpaercx ona ns nnx. B coornercrnnn c nnreparypon
|1334]:
. . . RC2 ne xnnxercx nreparnnntm nountm mn|pom. 3ro npenonaraer, uro RC2 onee ycronunn k n||epennnantnomy n
nnnennomy kpnnroanannsy, uem pyrne nounte mn|pt, esonacnocrt koroptx onnpaercx na konnponanne cxemt DES.
Orkas RSADSI onynnkonart RC2 sacrannxer comnenartcx n namepennxx +ron komnannn. Ona oemaer np e-
ocrannrt erann anropnrma ncem, kro nonnmer cornamenne o nepacnpocrpanennn nn|opmannn, n yrnepxaer,
uro nosnonnr kpnnroanannrnkam onynnkonart nmte onapyxennte nerarnnnte pesyntrart. Mne nensnecrno
nn o onom kpnnroanannrnke, ne paorammem n +ron komnannn, kro t nccneonan anropnrm, rak kak +ro no
cyrn osnauano t ntnonnnrt paory no anannsy nx komnannn.
Tem ne menee, Pon Pnnecr - ne mapnaran. On ynaxaemtn n komnerenrntn kpnnrorpa|. nnuno n snaunren t-
non crenenn nepm n +ror anropnrm, xorx x nnuno n ne nnen koa. RC4, rakxe xnnxmmnncx nnrennekryantnon
cocrnennocrtm RSADSI, tn onynnkonan n Internet (cm. pasen 17.1), n, nepoxrno, onynnkonanne RC2 xnnxe r-
cx rontko nonpocom npemenn.
Ho cornamennm mexy Acconnannen nsarenen nporpammnoro oecneuennx (Software Publishers Association,
SPA) n npannrentcrnom CBA RC2 n RC4 (cm. pasen 17.1) nonyunnn cnennantntn +kcnoprntn craryc (cm. pa s-
en 25.14). Hponecc nonyuennx paspemennx na +kcnopr npoykron, peannsymmnx onn ns +rnx nyx anropnrmon,
snaunrentno ynpomen npn ycnonnn, uro nnna knmua ne npentmaer 40 nron.
ocrarouen nn 40-nrontn knmu? Cymecrnyer ncero onn rpnnnnon nosmoxntx knmuen. Hpn ycnonnn, uro
nanonee +||ekrnnntm meroom kpnnroanannsa xnnxercx nckptrne rpyon cnnon (ontmoe onymenne, net a n-
ropnrm nnkora ne tn onynnkonan), n uro mnkpocxema rpyoro nckptrnx moxer nponepnrt mnnnnon knmuen n
cekyny, nonck npannntnoro knmua sanmer 12.7 nen. Ttcxua mamnn, paorammnx napannentno, cmoryr pa c-
kptrt knmu sa nanart mnnyr.
RSA Data Security, Inc., yrnepxaer, uro, xorx mn|ponanne n emn|pnponannx ntnonnxmrcx nx tcrpo, n c-
uepntnammero noncka norpeyercx namnoro ontme npemenn. 3amernoe konnuecrno npemenn rparnrcx na |opm n-
ponanne nnana ncnontsonannx knmua. Xorx +ro npemx npenepexnmo mano npn mn|ponannn n emn|pnponannn
coomennn, +ro ne rak npn nponepke kaxoro nosmoxnoro knmua.
Hpannrentcrno CBA nnkora ne nosnonnno t +kcnoprnponart nmon anropnrm, koroptn ono, no kpannen
mepe n reopnn, ne cmorno t nckptrt. Ono moxer cosart marnnrnym nenry nnn CD c konkperntm nokom o r-
kptroro rekcra, samn|ponanntm kaxtm nosmoxntm knmuom. nx nckptrnx coomennx ocraercx rontko ncr a-
nnrt nenry n cpannnrt nokn mn|porekcra n coomennn c nokamn mn|porekcra na nenre. Hpn connaennn mo x-
no nponepnrt nosmoxntn knmu n nocmorpert, nmeer nn coomenne kakon-nnyt cmtcn. Ecnn onn ntepyr uacro
ncrpeuammnncx nok (nce nynn, ASCII-cnmnont npoena, n r..), +ror mero yer paorart. Oem anntx,
nyxntn nx xpanennx pesyntraron mn|ponannx 64-nronoro noka orkptroro rekcra ncemn 10
12
nosmoxntmn
knmuamn, cocrannxer 8 repaanron - nnonne peantno. Ho nonoy nnnensnponannx RC2 opamanrect n RSADSI
(cm. pasen 25.4).
13.9 IDEA
Hepntn napnanr mn|pa IDEA, npenoxenntn Kcyexa han (Xuejia Lai) n xenmcom Maccn (James Massey),
noxnnncx n 1990 roy |929]. On nastnancx PES (Proposed Encryption Standard, npenoxenntn cranapr mn|p o-
nannx). B cneymmem roy, nocne emoncrpannn Fnxamom n Bamnpom nosmoxnocren n||epennnantnoro kpn n-
roanannsa, anropt ycnnnnn cnon mn|p npornn rakoro nckptrnx n nasnann nontn anropnrm IPES (Improved
Proposed Encryption Standard, ynyumenntn npenoxenntn cranapr mn|ponannx) |931, 924]. B 1992 roy nasn a-
nne IPES tno nsmeneno na IDEA (International Data Encryption Algorithm, mexynapontn anropnrm mn|pon a-
nnx anntx) |925].
IDEA ocnontnaercx na nekoroptx nneuarnxmmnx reopernuecknx nonoxennxx n, xorx kpnnroananns onncx
nekoroptx ycnexon n ornomennn napnanron c ymentmenntm konnuecrnom +ranon, anropnrm nce eme kaxercx
cnntntm. Ho moemy mnennm +ro camtn nyumnn n camtn esonacntn nountn anropnrm, onynnkonanntn cer o-
nx.
Fyymee IDEA noka nexcno. Hontrok samennrt nm DES npenpnnxro ne tno, uacrnuno noromy, uro on san a-
renronan n onxen trt nnnensnponan nx kommepuecknx npnnoxennn, n uacrnuno noromy, uro nmn noka nce
eme xyr, nanmax nackontko xopomo noneer cex anropnrm n npecroxmne rot kpnnroanannsa. Ero cer o-
nxmnxx nsnecrnocrt oxcnxercx rem, uro on xnnxercx uacrtm PGP (cm. pasen 24.12).
Osop IDEA
IDEA xnnxercx nountm mn|pom, on paoraer c 64-nrontmn nokamn orkptroro rekcra. nnna knmua - 128
nron. nx mn|ponannx n emn|pnponannx ncnontsyercx onn n ror xe anropnrm.
Kak n pyrne, yxe paccmorpennte nounte mn|pt IDEA ncnontsyer n sanyrtnanne, n paccexnne. unoco|nx,
nexamax n ocnone npoekra, npecrannxer coon "oennenne onepannn ns pasnnuntx anrepanuecknx rpynn".
Cmemnnamrcx rpn anrepanueckne rpynnt, n nce onn moryr trt nerko peannsonant kak annaparno, rak n np o-
rpammno:
XOR
Cnoxenne no moynm 2
16
Vmnoxenne no moynm 2
16
1. (3ro onepannm moxno paccmarpnnart kak S-nok IDEA.)
Bce +rn onepannn (a n anropnrme ncnontsymrcx rontko onn, nepecranonkn na nronom yponne ne npnmenxm r-
cx) paoramr c 16-nrontmn nonokamn. 3ror anropnrm axe +||ekrnnnee na 16-nrontx nponeccopax.
Onucauue IDEA
Cxema IDEA npecrannena na Pnc. 13-9. 64-nrontn nok anntx ennrcx na uertpe 16-nrontx nonoka:
X
1
, X
2
, X
3
n X
4
. 3rn uertpe nonoka cranonxrcx nxontmn anntmn nx nepnoro +rana anropnrma. Bcero n anr o-
pnrme nocemt +ranon. Ha kaxom +rane uertpe nonoka nonepramrcx onepannxm XOR, cnoxennxm n ymnox e-
nnxm pyr c pyrom n c mecrtm 16-nrontmn noknmuamn. Mexy +ranamn omennnamrcx mecramn nropon n
rpernn nonokn. Hakonen uertpe nonoka oennxmrcx c uertptmx noknmuamn n okonuarentnom npeopas o-
nannn. Ha kaxom +rane cotrnx nponcxoxr n cneymmen nocneonarentnocrn:
(1) Hepemnoxamrcx X
1
n nepntn noknmu.
(2) Cknatnamrcx X
2
n nropon noknmu.
(3) Cknatnamrcx X
3
n rpernn noknmu.
(4) Hepemnoxamrcx X
4
n uerneprtn noknmu.
(5) Btnonnxercx XOR na pesyntraramn +ranon (1) n (3).
(6) Btnonnxercx XOR na pesyntraramn +ranon (2) n (4).
(7) Hepemnoxamrcx pesyntrart +rana (5) n nxrtn noknmu.
(8) Cknatnamrcx pesyntrart +ranon (6) n (7).
(9) Hepemnoxamrcx pesyntrart +rana (8) n mecron noknmu.
(10) Cknatnamrcx pesyntrart +ranon (7) n (9).
(11) Btnonnxercx XOR na pesyntraramn +ranon (1) n (9).
(12) Btnonnxercx XOR na pesyntraramn +ranon (3) n (9).
(13) Btnonnxercx XOR na pesyntraramn +ranon (1) n (10).
(14) Btnonnxercx XOR na pesyntraramn +ranon (4) n (10).
: noufoeoe "ucknkakee unu" (
XOR)
16-ufoeLx nopnokoe
: cnoeuue no ropynk 2
16
16-ufoeLx enLx
: yruoeuue no ropynk 2
16
+1 16-ufoeLx enLx npu ycnoeuu,
fo uyneeo nopnok coofeefcfeyef 2
16
X
i
:
16-ufoeL nopnok ofkpLforo fekcfa
Y
i
:
16-ufoeL nopnok muqpofekcfa
Z
i
(r)
:
16-ufoeL nopnok knka
BLxop
ee
ceru
sfan
opuu
sfan
X
1
Z
1
(1)
Z2
(1)
X
2
Z
3
(1)
X
3
X
4
Z
4
(1)
Z
6
(1)
Z
5
(1)
Z
1
(
9
)
Z2
(
9
)
Y
2 Y
1
Z
3
(
9
)
Z
4
(
9
)
Y4 Y3
Pnc. 13-9. IDEA.
Btxoom +rana xnnxmrcx uertpe nonoka - pesyntrart encrnnn (11), (12), (13) n (14). Homenxnre mecramn
na nnyrpennnx nonoka (no ne n nocnenem +rane), n nt nonyunre ncxonte annte nx cneymmero +rana.
Hocne noctmoro +rana ntnonnxercx saknmunrentnoe npeopasonanne:
(1) Hepemnoxamrcx X
l
n nepntn noknmu.
(2) Cknatnamrcx X
2
n nropon noknmu.
(3) Cknatnamrcx X
3
n rpernn noknmu.
(4) Hepemnoxamrcx X
4
n uerneprtn noknmu.
Hakonen uertpe nonoka cnona coennxmrcx, opasyx mn|porekcr.
Takxe necnoxno cosanart noknmun. Anropnrm ncnontsyer 52 ns nnx (mecrt nx kaxoro ns noctmn +ranon
n eme uertpe nx saknmunrentnoro npeopasonannx). Cnauana 128-nrontn knmu ennrcx na nocemt 16-nrontx
noknmuen. 3ro nepnte nocemt noknmuen anropnrma (mecrt nx nepnoro +rana n na - nx nroporo). 3arem knmu
nnknnueckn cnnraercx naneno na 25 nron n cnona ennrcx na nocemt noknmuen. Hepnte uertpe ncnontsymrcx
na +rane 2, a ocranmnecx uertpe - na +rane 3. Knmu nnknnueckn cnnraercx naneno na 25 nron nx nonyuennx
cneymmnx noctmn noknmuen, n rak o konna anropnrma.
emn|pnponanne ntnonnxercx rouno rakxe sa ncknmuennem roro, uro noknmun nnneprnpymrcx n cnerka n s-
menxmrcx. Hoknmun npn emn|pnponannn npecrannxmr coon oparnte snauennx knmuen mn|ponannx no
ornomennm k onepannxm nno cnoxennx, nno ymnoxennx. (nx IDEA nonokn, cocroxmne ns onnx nynen,
cunramrcx panntmn 2
16
-1 nx ymnoxennx no moynm 2
16
1, cneonarentno, oparntm snauennem 0 ornoc n-
rentno ymnoxennx xnnxercx 0.) 3rn ntuncnennx moryr sanxrt nekoropoe npemx, no nx nyxno ntnonnnrt onn pas
nx kaxoro knmua emn|pnponannx. B Tan. 13-4 npecrannent noknmun mn|ponannx n coornercrnymmne
noknmun emn|pnponannx.
Tan. 13-4.
Hoxnmun mnqponannu n emnqpnponannu IDEA
3ran Hoknmun mn|ponannx Hoknmun emn|pnponannx
1 Z
1
(1)
Z
2
(1)
Z
3
(1)
Z
4
(1)
Z
5
(1)
Z
6
(1)
Z
1
(9)-1
-Z
2
(9)
-Z
3
(9)
Z
4
(9)-1
Z
5
(8)
Z
6
(8)
2 Z
1
(2)
Z
2
(2)
Z
3
(2)
Z
4
(2)
Z
5
(2)
Z
6
(2)
Z
1
(8)-1
-Z
2
(8)
-Z
3
(8)
Z
4
(8)-1
Z
5
(7)
Z
6
(7)
3 Z
1
(3)
Z
2
(3)
Z
3
(3)
Z
4
(3)
Z
5
(3)
Z
6
(3)
Z
1
(7)-1
-Z
2
(7)
-Z
3
(7)
Z
4
(7)-1
Z
5
(6)
Z
6
(6)
4 Z
1
(4)
Z
2
(4)
Z
3
(4)
Z
4
(4)
Z
5
(4)
Z
6
(4)
Z
1
(6)-1
-Z
2
(6)
-Z
3
(6)
Z
4
(6)-1
Z
5
(5)
Z
6
(5)
5 Z
1
(5)
Z
2
(5)
Z
3
(5)
Z
4
(5)
Z
5
(5)
Z
6
(5)
Z
1
(5)-1
-Z
2
(5)
-Z
3
(5)
Z
4
(5)-1
Z
5
(4)
Z
6
(4)
6 Z
1
(6)
Z
2
(6)
Z
3
(6)
Z
4
(6)
Z
5
(6)
Z
6
(6)
Z
1
(4)-1
-Z
2
(4)
-Z
3
(4)
Z
4
(4)-1
Z
5
(3)
Z
6
(3)
7 Z
1
(7)
Z
2
(7)
Z
3
(7)
Z
4
(7)
Z
5
(7)
Z
6
(7)
Z
1
(3)-1
-Z
2
(3)
-Z
3
(3)
Z
4
(3)-1
Z
5
(2)
Z
6
(2)
8 Z
1
(8)
Z
2
(8)
Z
3
(8)
Z
4
(8)
Z
5
(8)
Z
6
(8)
Z
1
(2)-1
-Z
2
(2)
-Z
3
(2)
Z
4
(2)-1
Z
5
(1)
Z
6
(1)
saknmunrentnoe
npeopasonanne
Z
1
(9)
Z
2
(9)
Z
3
(9)
Z
4
(9)
Z
1
(1)-1
-Z
2
(1)
-Z
3
(1)
Z
4
(1)-1
Cropocmo IDEA
Conpemennte nporpammnte peannsannn IDEA npnmepno n na pasa tcrpee, uem DES. Ha komntmrepe c
i386/33 MIn IDEA mn|pyer annte co ckopocrtm 880 Knr/c, a na komntmrepe c i486/33 MIn - co ckopocrtm
2400 Knr/c. Bt mornn noymart, uro IDEA onxen tn trt notcrpee, no ymnoxennx - neemenoe yonontc r-
nne. Vmnoxenne nyx 32-nrontx uncen na nponeccope i486 sannmaer 40 rakron (10 na nponeccope Pentium).
Peannsannx PES na ase CFHC mn|pyer annte co ckopocrtm 55 Mnr/c npn rakronon uacrore 25 MIn
|208,398]. pyrax CFHC, paspaorannax ETH Zurich n cocroxmax ns of 251000 rpansncropon na kpncranne nn o-
matm 107.8 mm
2
, mn|pyer annte c nomomtm anropnrma IDEA co ckopocrtm 177 Mnr/c npn rakronon uacrore
25 MIn |926, 207, 397].
Kpunmoauauus IDEA
nnna knmua IDEA panna 128 nram - onee uem n na pasa nnnnee knmua DES. Hpn ycnonnn, uro nanonee
+||ekrnnntm xnnxercx nckptrne rpyon cnnon, nx nckptrnx knmua norpeyercx 2
128
(10
38
) mn|ponannn. Cos-
anre mnkpocxemy, koropax moxer nponepxrt mnnnnap knmuen n cekyny, oennnre mnnnnap raknx mnkp o-
cxem, n nam norpeyercx 10
13
ner nx pemennx nponemt - +ro ontme, uem nospacr ncenennon. 10
24
raknx mnkpo-
cxem moryr nanrn knmu sa ent, no no ncenennon ne nanercx crontko aromon kpemnnx, urot nocrponrt rakym
mamnny. Hakonen mt uero-ro ocrnrnn, xorx n nekoroptx remntx nonpocax x nyume ocranyct croponnnm nan m-
arenem.
Moxer trt nckptrne rpyon cnnon - ne nyumnn cnoco nckptrnx IDEA. Anropnrm nce eme cnnmkom non,
urot moxno tno ronopnrt o kaknx-ro konkperntx kpnnrorpa|nuecknx pesyntrarax. Paspaorunkn cenann nce
nosmoxnoe, urot cenart anropnrm ycronunntm k n||epennnantnomy kpnnroanannsy. Onn onpeennnn non x-
rne mapkonckoro mn|pa n npoemoncrpnponann, uro ycronunnocrt k n||epennnantnomy kpnnroanannsy moxer
trt npomoennponana n onenena konnuecrnenno |931, 925]. (nx cpannennx c anropnrmom IDEA, ycronunnocrt
koroporo k n||epennnantnomy kpnnroanannsy tna ycnnena, n koroptn nokasan na Pnc. 13-9, na Pnc. 13-10
npnneen nepnonauantntn anropnrm PES. Vnnnrentno, kak rakne nesnaunrentnte nsmenennx moryr npnnecrn k
cront ontmnm pasnnunxm.) B |925] han (Lai) yrnepxan (on npnnen nornepxenne, no ne okasarentcrno), uro
IDEA ycronunn k n||epennnantnomy kpnnroananns yxe nocne 4 ns 8 +ranon. Cornacno Fnxamy, ero nontrka
nckptrt IDEA c nomomtm kpnnroanannsa co cnxsanntmn kn muamn rakxe ne ynenuanact ycnexom |160].
: noufoeoe "ucknkakee unu" (
XOR)
16-ufoeLx nopnokoe
: cnoeuue no ropynk 2
16
16-ufoeLx enLx
: yruoeuue no ropynk 2
16
+1 16-ufoeLx enLx npu ycnoeuu,
fo uyneeo nopnok coofeefcfeyef 2
16
X
i
:
16-ufoeL nopnok ofkpLforo fekcfa
Y
i
:
16-ufoeL nopnok muqpofekcfa
Z
i
(r)
:
16-ufoeL nopnok knka
BLxop
ee
ceru
sfan
opuu
sfan
X
1
Z
1
(1)
Z2
(1)
X
2
Z
3
(1)
X
3
X
4
Z
4
(1)
Z
6
(1)
Z
5
(1)
Z
1
(
9
)
Z2
(
9
)
Y
2 Y
1
Z
3
(
9
)
Z
4
(
9
)
Y4 Y3
Pnc. 13-10. PES.
Bnnnn Manep (Willi Meier) nccneonan rpn anrepanuecknx onepannn IDEA n nokasan, uro, xorx onn nec o-
nmecrnmt, ecrt cnyuan, kora +rn onepannn moxno ynpocrnrt rak, urot n nekoropon crenenn onerunrt |1050].
Ero nckptrne 2-+rannoro IDEA okasanoct +||ekrnnnee nckptrnx rpyon cnnon (2
42
onepannn), no nx IDEA c 3 n
onee +ranamn +||ekrnnnocrt +roro nckptrnx tna nnxe nckptrnx rpyon cnnon. Fesonacnocrt nonnoro 8-
+rannoro IDEA ocranact nenokonenmon.
xoan +nmen (Joan Daemen) orkptna knacc cnatx knmuen IDEA |405, 409]. 3rn knmun ne xnnxmrcx cn a-
tmn n rom cmtcne, n koropom cnat nekoropte knmun DES, nx koroptx |ynknnx mn|ponannx oparna camon
cee. Cnaocrt +rnx knmuen cocronr n rom, uro nsnommnk moxer nerko onpeennrt nx c nomomtm nckptrnx c
ntpanntm orkptrtm rekcrom. Hanpnmep, cnatm xnnxercx cneymmnn knmu (n mecrnanarnpnunon sanncn):
0000,0000,0x00,0000,0000,000x,xxxx,x000
B nosnnnn "x" moxer croxrt nmax nn|pa. Hpn ncnontsonannn rakoro knmua nonronoe XOR onpeenenntx
nap orkptrtx rekcron panno nonronomy XOR nonyunnmnxcx nap mn|porekcron.
B nmom cnyuae nepoxrnocrt cnyuannon renepannn onoro ns raknx cnatx knmuen ouent mana: 1/2
96
. Onac-
nocrt cnyuanno ntpart rakon knmu npakrnueckn ne cymecrnyer. K romy xe, necnoxno mon|nnnponart IDEA
rak, urot ncknmunrt nannune cnatx knmuen - ocrarouno ntnonnnrt XOR kaxoro noknmua c uncnom 0x0dae
|409].
Xorx nontrok ntnonnnrt kpnnroananns IDEA tno mnoro, mne nensnecrno nn o onon ycnemnon.
Pexum paomm u eapuaumm IDEA
IDEA moxer paorart n nmom ns pexnmon paort nounoro mn|pa, onncanntx n rnane 9. Hpornn nonntx
peannsannn IDEA moxer trt npenpnnxro ro xe nckptrne "ncrpeua nocepenne", uro n npornn DES (cm. pasen
15.1). Onako, rak kak knmu IDEA onee uem n na pasa nnnnee knmua DES, +ro nckptrne nenpakrnuno. Oem
nyxnon nx rakoro nckptrnx namxrn cocrannr 64*2
128
nron, nnn 10
39
anron. Moxer trt no ncenennon n ocr a-
rouno marepnn, urot nocrponrt rakoe xpannnnme, no x n +rom comnenamct.
Ecnn nt yunrtnaere nosmoxnocrt ncnontsonannx napannentnon ncenennon, ncnontsynre yrpoennym peanns a-
nnm IDEA (cm. pasen 15.2):
C E D E P
K K K
=
3 2 1
( ( ( )))
Takax peannsannx ycronunna npornn nckptrnx "ncrpeua nocepenne".
Kpome roro, nouemy t nam ne peannsonart IDEA nesanncnmtmn noknmuamn, ocoenno ecnn namn cpecrna
pacnpeenennx knmuen nosnonxmr paorart c nnnntmn knmuamn. nx IDEA nyxno ncero 52 16-nrontx knmua,
omen nnnon 832 nron. 3ror napnanr onpeenenno esonacnen, no nnkro ne cmoxer ckasart nackontko.
B nannnon mon|nkannn moxer trt ynennuen nnoe pasmep noka. Anropnrm rakxe npekpacno paoran t c
32-nrontmn nonokamn nmecro 16-nrontx n c 256-nrontm knmuom. Bn|ponanne ntnonnxnoct t tcrpee,
n esonacnocrt nospocna t n 2
32
pasa. Hnn ner? Teopnx, na koropon ocnonan anropnrm, onnpaercx na ro, uro
2
16
1 xnnxercx npocrtm uncnom. A 2
32
1 npocrtm uncnom ne xnnxercx. Moxer trt anropnrm n moxno nsm e-
nnrt rak, urot on paoran, no ero esonacnocrt yer concem nnon. han ronopnr, uro sacrannrt paorart rakon
anropnrm yer nenerko |926].
Xorx IDEA kaxercx namnoro esonacnee DES, ne ncera moxno nerko samennrt onn anropnrm pyrnm n c y-
mecrnymmem npnnoxennn. Ecnn nama asa anntx n manont coomennn moryr paorart c 64-nrontm kn m-
uom, peannsannx 128-nronoro knmua IDEA moxer trt nosmoxnon.
nx raknx npnnoxennn cosanre 128-nrontn knmu, oennnn 64-nrontn knmu cam c coon. He satnanre,
uro +ra mon|nkannx samerno ocnanxer IDEA.
Ecnn nac ontme nonnyer ckopocrt paort, a ne esonacnocrt, nonpoynre napnanr IDEA c mentmnm uncnom
+ranon. Ceronx nyumee nckptrne IDEA tcrpee nckptrnx rpyon cnnon rontko nx 2.5 n menee +ranon |1050],
4-+ranntn IDEA yer n na pasa tcrpee n, nackontko mne nsnecrno, ero esonacnocrt ne ymentmnrcx.
Caveat Emptor
1
IDEA - +ro ornocnrentno nontn anropnrm, mnorne nonpoct noka ocramrcx orkptrtmn. Opasyer nn IDEA
rpynny? (han ymaer, uro ner |926].) He cymecrnyer nn noka ne orkptrtx cnocoon nckptrnx +roro mn|pa? V
IDEA rnepax reopernueckax ocnona, no cnona n cnona kasanmnecx esonacntmn anropnrmt kannrynnpymr nepe
nontmn |opmamn kpnnroanannsa. Px rpynn akaemnuecknx n noenntx nccneonarenen ne onynnkonann cnon
pesyntrart kpnnroanannsa IDEA. Bosmoxno, kro-nnyt yxe onncx nnn kora-nnyt otercx ycnexa.
Hameumm u uuueusuu
IDEA sanarenronan n Enpone n Coennenntx Brarax |1012, 1013]. Harenr npnnanexnr Ascom-Tech AG.
nx nekommepueckoro ncnontsonannx nnnensnponanne ne nyxno. Hpn sannrepeconannocrn n nnnensnn nx ko m-
mepueckoro npnmenennx anropnrma cneyer oparnrtcx no apecy Ascom Systec AG, Dept CMVV, Cewerbepark,
CH-5506, Mgenwil, Switzerland; 41 64 56 59 83; Eax: 41 64 56 59 90; ideaascom.ch.
13.10 MMB
Heonontcrno ncnontsonannem n IDEA 64-nronoro noka mn|ponannx npnneno k cosannm xonom +nm o-
nom anropnrma no nasnannem MMB (Modular Multiplication-based Block cipher, moyntntn nountn mn|p, n c-
nontsymmnn ymnoxennx) |385, 405, 406]. B ocnone MMB nexnr reopnx, ncnontsyemax n n IDEA: nepememnna m-
mne onepannn ns pasnnuntx rpynn. MMB - +ro nreparnnntn anropnrm, rnanntm opasom cocroxmnn ns nnne n-
ntx encrnnn (XOR n ncnontsonanne knmua) n napannentnoe ncnontsonanne uertpex ontmnx nennnenntx n s-
menxmmnx otuntn nopxok nocranonok. 3rn nocranonkn onpeenxmrcx c nomomtm ymnoxennx no moynm
2
32
-1 c nocroxnntmn mnoxnrenxmn. Pesyntrarom npnmenennx +rnx encrnnn xnnxercx anropnrm, ncnontsymmnn n
128-nrontn knmu n 128-nrontn nok.
MMB onepnpyer 32-nrontmn nonokamn rekcra ( x
0
, x
1
, x
2
, x
3
) n 32-nrontmn nonokamn knmua ( k
0
, k
1
, k
2
,
k
3
). 3ro enaer yontm peannsannm anropnrma na conpemenntx 32-nrontx nponeccopax. uepeyxct c XOR,
mecrt pas ncnontsyercx nennnennax |ynknnx f. Bor +ror anropnrm (nce onepannn c nnekcamn ntnonnxmrcx no
moynm 3):
x
i
x
i
k
i
, nx i 0 o 3
1
Hpeynpexenne nokynarenm
f(x
0
, x
1
, x
2
, x
3
)
x
i
x
i
k
i1
, nx i 0 o 3
f(x
0
, x
1
, x
2
, x
3
)
x
i
x
i
k
i2
, nx i 0 o 3
f(x
0
, x
1
, x
2
, x
3
)
x
i
x
i
k
i
, nx i 0 o 3
f(x
0
, x
1
, x
2
, x
3
)
x
i
x
i
k
i1
, nx i 0 o 3
f(x
0
, x
1
, x
2
, x
3
)
x
i
x
i
k
i2
, nx i 0 o 3
f(x
0
, x
1
, x
2
, x
3
)
V |ynknnn f rpn +rana:
(1) x
1
c
i
* x
i
, nx i 0 o 3 (Ecnn na nxoe ymnoxennx onn ennnnt, ro na ntxoe - roxe onn ennnnt.)
(2) Ecnn mnamnn snauamnn nr x
0
1, ro x
0
x
0
C. Ecnn mnamnn snauamnn nr x
3
0, ro x
3
x
3
C.
(3) x
i
x
i-1
x
i
x
i1
, nx i 0 o 3
Bce onepannn c nnekcamn ntnonnxmrcx no moynm 3. Onepannx ymnoxennx na +rane (1) ntnonnxercx no m o-
ynm 2
32
-1. B annom anropnrme ecnn nropon onepan - +ro 2
32
-1, ro pesyntrar rakxe panen 2
32
-1. B anropnrme
ncnontsymrcx cneymmne koncranrt:
C 2aaaaaaa
c
0
025f1cdb
c
l
2 * c
0
c
2
2
3
* c
0
c
3
2
7
* c
0
Koncranra C - +ro "npocrenmax" koncranra c ntcoknm rponuntm necom, nynentm mnamnm snauamnm nrom
n es kpyronon cnmmerpnn. V koncranrt c0 neckontko nnte xapakrepncrnkn. Koncranrt c
l
, c
2
n c
3
xnnxmrcx cme-
menntmn nepcnxmn c
0
, n ncnontsymrcx nx npeornpamennx nckptrnn ocnonanntx na cnmmerpnn. Hoponocrn
moxno nanrn n |405].
emn|pnponanne xnnxercx oparntm nponeccom. 3rant (2) n (3) samenxmrcx na cnom nnnepcnm. Ha +rane (1)
nmecro c
i
-1
ncnontsyercx c
i
. c
i
-1
0dad4694.
Besonacuocmo MMB
Cxema MMB oecneunnaer na kaxom +rane snaunrentnoe n nesanncnmoe or knmua paccexnne. B IDEA pa c-
cexnne o onpeenennon crenenn sanncnr or konkperntx noknmuen. B ornnune or IDEA y MMB ner cnatx
knmuen.
K coxanennm MMB - +ro ymepmnn anropnrm |402]. 3ro yrnepxenne cnpanennno no mnornm npnunnam, xorx
kpnnroananns MMB n ne tn onynnkonan. Bo nepntx, on npoekrnponancx es yuera rpeonannn ycronunnocrn k
nnnennomy kpnnroanannsy. Btop myntrnnnnkarnnntx mnoxnrenen oecneunn ycronunnocrt k n||epennnan t-
nomy kpnnroanannsy, no o nnnennom kpnnroanannse anropam anropnrma tno eme nensnecrno.
Bo nroptx, 3nn Fnxam peannsonan +||ekrnnnoe nckptrne c ntpanntm knmuom |160], ncnontsymmeee ror
|akr, uro nce +rant nenrnunt, a knmu npn ncnontsonannn npocro nnknnueckn cnnraercx na 32 nra. B rpertnx,
necmorpx na ro, uro nporpammnte peannsannn MMB tnn t ouent +||ekrnnnt, n annaparnom ncnonnennn a n-
ropnrm menee +||ekrnnen, uem DES.
+nmon npenaraer, uro ror, kro saxouer ynyumnrt MMB, onxen cnauana npoanannsnponart ymnoxenne no
moynm c nomomtm nnnennoro kpnnroanannsa n noopart nontn mnoxnrent, a sarem cenart koncranry C pa s-
nnunon nx kaxoro +rana |402]. 3arem, ynyumnn ncnontsonanne knmua, oannxx k knmuam +ranon koncranrt c
nentm ycrpanennx cmemennx. Ho cam ne cran sannmartcx +rnm n paspaoran 3-Way (cm. pasen 14.5).
13.11 CA-1.1
CA - +ro nountn mn|p, ocnonanntn na knerountx anromarax n paspaoranntn Ionapom Iyronnnom
(Howard Gutowitz) |677, 678, 679]. On mn|pyer 384-nronte nokn orkptroro rekcra 1088-nrontm knmuom (na
camom ene ncnontsyercx na knmua - 1024-nrontn n 64- nrontn). Hs-sa npnpot knerountx anromaron anr o-
pnrm nanonee +||ekrnnen npn peannsannn n ontmnx napannentntx nnrerpnponanntx cxemax.
CA-1.1 ncnontsyer kak oparnmte, rak n neoparnmte npannna knerounoro anromara. Hpn oparnmom npan n-
ne kaxoe cocroxnne crpykrypt nonyuaercx ns enncrnennoro npemecrnymmero cocroxnnx, a npn neoparnmom
npannne y kaxoro cocroxnnx moxer trt neckontko npemecrnennnkon. Hpn mn|ponannn neoparnmte npannna
nomarono opamamrcx no npemenn. nx nponnxennx oparno or rekymero cocroxnnx cnyuanntm opasom on x-
no ntnpartcx ono ns cocroxnnn-npemecrnennnkon. 3ror nponecc mnorokparno nonropxercx. Taknm opasom,
oparnax nrepannx cnyxnr nx cmemnnannx cnyuannon nn|opmannn c nn|opamannen coomennx. CA-1.1 ncnon t-
syer ocotn copr uacrnuno nnnennoro neoparnmoro npannna, rakoro, uro nx nmoro annoro cocroxnnx moxer
trt tcrpo nocrpoeno cnyuannoe cocroxnne-npemecrnennnk. Ha nekoroptx cranxx mn|ponannx ncnontsymrcx
n oparnmte npannna.
Oparnmte npannna (npocrte napannentnte nepecranonkn nonokon cocroxnnx) nennnennt. Heoparnmte
npannna nonnocrtm onpeenxmrcx knmuom, a oparnmte sanncxr kak or knmua, rak n or cnyuannon nn|opmannn,
ncrannennon n xoe mn|ponannx neoparnmtmn npannnamn.
CA-1.1 ocnonan na crpykrype nountx cnxsen. To ecrt, opaorka noka coomennx uacrnuno orenena or o -
paorkn noroka cnyuannon nn|opmannn, ncrannennon npn mn|ponannn. 3ra cnyuannax nn|opmannx cnyxnr nx
cnxsn pyr c pyrom crann mn|ponannx. Ona rakxe moxer trt ncnontsonana nx cnxsn c norokom mn|pore k-
cra. Hn|opmannx cnxsn renepnpyercx kak uacrt mn|ponannx.
Tak kak CA-1.1 npecrannxer coon nontn anropnrm, cnnmkom pano enart kakne-nno saxnnennx o ero es o-
nacnocrn. Iyronnn ynomnnaer nekoropte nosmoxnte nckptrnx, nknmuax n||epennnantntn kpnnroananns, no
emy ne yanoct nckptrt anropnrm. B kauecrne crnmyna Iyronnn npenoxnn narpay n 1000 onnapon nx
"nepnoro uenoneka, koroptn paspaoraer ocrynnym nponeypy nckptrnx CA-1.1."
CA-l.1 sanarenronan |678], no ocrynen nx nekommepueckoro ncnontsonannx. Hpn neoxonmocrn nonyunrt
nnnensnm na anropnrm nnn oxnnennym narpay sa kpnnroananns opamanrect k Ionapy Iyronnny no apecy
Howard Cutowitz, ESPCI, Laboratorie d'Electronique, 10 rue Vauquelin, 75005 Paris, Erance.
13.12 SKIPJACK
Skipjack paspaoran NSA n kauecrne anropnrma mn|ponannx nx mnkpocxem Clipper n Capstone (cm. pasent
24.16 n 24.17). Tak kak +ror anropnrm oxnnen cekperntm, ero noponocrn nnkora ne nynnkonannct. On y-
er peannsonan rontko kak samnmennax or nsnoma annaparypa.
3ror anropnrm oxnnen cekperntm ne noromy, uro +ro nontmaer ero naexnocrt, a noromy uro NSA ne x o-
uer, urot Skipjack ncnontsonancx es mexannsma ycnonnoro npyuennx knmuen Clipper. Arenrcrno ne xouer, ur o-
t nporpammnte peannsannn anropnrma pacnpocrpannnnct no ncemy mnpy.
Fesonacen nn Skipjack? Ecnn NSA saxouer cosart esonacntn anropnrm, ono, ckopee ncero, +ro cenaer. C
pyron cropont, ecnn NSA saxouer cosart anropnrm c nasenkon, ro ono cmoxer cenart n +ro. Bor uro tno
onynnkonano |1154, 462].
3ro nreparnnntn nountn mn|p.
Pasmep noka - 64 nra.
Anropnrm ncnontsyer 80-nrontn knmu.
On moxer trt ncnontsonan n pexnmax ECB, CBC, 64-nrontn OEB, nno 1-, 8-, 16-, 32- nnn 64-nrontn
CEB.
Onepannx mn|ponannx nnn emn|pnponannx cocronr ns 32 +ranon.
NSA nauano paory na nnm n 1985 n sanepmnno nponepky n 1990.
B okymenrannn na mnkpocxemy Mykotronx Clipper yrnepxaercx, uro saepxka n ntaue pesyntrara, npnc y-
max anropnrmy Skipjack, cocrannxer 64 rakra. 3ro osnauaer, uro na kaxtn +ran npnxonrcx na rakra: onn
npenonoxnrentno nx nocranonkn c nomomtm S-noka, a pyron - nx saknmunrentnoro XOR n konne kaxoro
+rana. (He satnanre, nepecranonkn npn annaparntx peannsannxx ne sannmamr npemenn.) B okymenrannn
Mykotronx +ra nyxrakrnax onepannx nastnaercx "G-nokom", a nce nmecre - "cnnrom". (uacrt G-noka nocnr
nasnanne "E-rannnt" n xnnxercx rannnen koncranr, a moxer trt rannnen |ynknnn.)
Ho onnm cnyxam Skipjack ncnontsyer 16 S-nokon, a no pyrnm nx xpanennx S-nokon nyxno ncero 128 anr
namxrn. Henoxoxe, urot oa +rnx cnyxa tnn npanon.
Eme onn cnyx yrnepxaer, uro +rant Skipjack, n ornnune or DES, paoramr ne c nononnnon noka. 3ro nm e-
cre c sameuannem o "cnnrax" n cnyuannom saxnnennn na Crypto '94 o rom, uro n Skipjack npnmenxercx "48-
nronax nnyrpennxx crpykrypa", nosnonxer cenart ntno, uro anropnrm no cnoen cxeme noxox na SHA (cm. pa s-
en 18.7), no ncnontsyer uertpe 16-nrontx nonoka. Tpn nonoka, opaorannte sanncxmen or knmua on o-
nanpannennon |ynknnen, amr 16 nron, koropte nonepramrcx onepannn XOR c ocranmnmcx nonokom. 3arem
nect nok nnknnueckn cnnraercx na 16 nron n nocrynaer na nxo cneymmero +rana, nnn cnnra. Hpn +rom ra k-
xe ncnontsymrcx 128 anron anntx S-noka. noospenam, uro S-nokn sanncxr or knmua.
Ho cnoen crpykrype Skipjack nepoxrno noxox na DES. NSA nonnmaer, uro ero samnmennax or nsnoma annap a-
rypa n konne konnon yer nckptra n nccneonana, onn ne yyr pnckonart nnkaknmn nepeontmn kpnnrorpa| n-
uecknmn meroamn.
To, uro NSA nnannpyer ncnontsonart anropnrm Skipjack nx mn|ponannx cnoen Cncremt samnrt coomennn
(Defense Messaging System, DMS), cnnerentcrnyer o esonacnocrn anropnrma. urot yenrt ckenrnkon, NIST
paspemnn komnccnn "ynaxaemtx nenpannrentcrnenntx +kcnepron . . . nonyunrt ocryn k kon|nennnantntm
noponocrxm anropnrma, urot onn nccneonann ero nosmoxnocrn n onynnkonann pesyntrart cnonx nccne o-
nannn " |812].
B npenapnrentnom oruere +ron komnccnn +kcnepron |262] (okonuarentnoro oruera ne tno, n nosmoxno nnk o-
ra ne yer) coomanoct:
Hpnnnmax no nnnmanne, uro cronmocrt ntuncnnrentntx momnocren ymentmaercx n na pasa kaxte 18 mecxnen, cno x-
nocrt nckptrnx Skipjack cpannxercx c ceronxmnen cnoxnocrtm nckptrnx DES rontko uepes 36 ner. Cneonarentno, pnck, uro
Skipjack yer nsnoman n nnxanmne 30-40 ner, nesnaunrenen.
Hesnaunrenen n pnck nsnoma Skipjack c nomomtm onee tcrptx cnocoon nckptrnx, nknmuax n||epennnantntn kpn n-
roananns. V anropnrma ne cnatx knmuen, orcyrcrnyer n cnoncrno komnnnmenrapnocrn. 3kcneprt n orcyrcrnne npemenn nx
camocroxrentnoro ontmoro nccneonannx anropnrma nsyunnn npecrannennoe NSA onncanne paspaorkn n nponepkn anr o-
pnrma
Vcronunnocrt Skipjack k kpnnroanannsy ne sanncnr or xpanennx n ranne camoro anropnrma.
Hrak, yuacrnnkn nckyccnn ne cmornn nopaorart c anropnrmom ocrarouno onro, urot npnnrn k kaknm-
nnyt ntnoam camocroxrentno. Bce, uro onn cmornn cenart - +ro nsrnxnyrt na pesyntrart, nokasannte nm
NSA.
Ocrancx es ornera nonpoc, xnnxercx nn nnocknm npocrpancrno knmuen Skipjack (cm. pasen 8.2). axe ecnn y
Skipjack ner knmuen, cnatx n cmtcne DES, px ocoennocren nponecca ncnontsonannx knmua moxer cenart
onn knmun cnntnee pyrnx. V Skipjack moxer trt 2
70
cnntntx knmuen, ropaso ontme uem y DES, nepox r-
nocrt cnyuanno ntpart onn ns +rnx cnntntx knmuen yer npnnnsnrentno 1 k 1000. hnuno x ymam, uro np o-
crpancrno knmuen Skipjack - nnockoe, no ro, uro o +rom nnkro ne saxnnn nynnuno, ntstnaer rpenory.
Skipjack sanarenronan, no n coornercrnnn c cornamennem o cekpernocrn narenra |1122] +ror narenr xpannrcx n
ranne. Harenr yer onynnkonan rora n rontko rora, kora anropnrm Skipjack yer ycnemno noccranonnen
kem-ro nocroponnnm. 3ro aer nosmoxnocrt npannrentcrny nocnontsonartcx n npenmymecrnom samnrt narenrom,
n npenmymecrnom kon|eennnantnocrn ropronoro cekpera.
Fnana 14
H eme o nounmx mnqpax
14.1 FOCT
IOCT - +ro nountn anropnrm, paspaoranntn n tnmem Conerckom Comse |655, 1393]. Hasnanne "IOCT"
xnnxercx cokpamennem or "Iocyapcrnenntn cranapr", neuro noxoxee na EIPS sa ncknmuennem roro, uro +ro
nasnanne moryr nocnrt cranaprt npakrnueckn nmoro rnna. (Honntm nasnannem xnnxercx "Iocyapcrnenntn
cranapr Comsa CCP", nnn "Iocyapcrnenntn cranapr Comsa Conercknx Connanncrnuecknx Pecnynnk".) H o-
mep annoro cranapra - 28147-89. Bce +rn cranaprt yrnepxamrcx Iocyapcrnenntm komnrerom no cranapram
Comsa CCP.
ne snam, ncnontsonancx nn IOCT 28147-89 nx sacekpeuennoro rpa|nka nnn rontko nx rpaxanckoro
mn|ponannx. 3ameuanne n nauane cranapra rnacnr, uro anropnrm "yonnernopxer ncem kpnnrorpa|nuecknm rp e-
onannxm, a crenent samnmaemon nn|opmannn ne orpannunnaercx". cntman yrnepxennx, uro +ror anropnrm
nepnonauantno ncnontsonancx rontko nx ouent naxntx nnnnn cnxsn, nknmuax cekpernte noennte kommynnk a-
nnn, no y menx ner nornepxennn.
Onucauue IOC1
IOCT xnnxercx 64-nrontm anropnrmom c 256-nrontm knmuom. IOCT rakxe ncnontsyer ononnnrentntn
knmu, koroptn paccmarpnnaercx nnxe. B nponecce paort anropnrma na 32 +ranax nocneonarentno ntnonnxercx
npocron anropnrm mn|ponannx.
nx mn|ponannx rekcr cnauana pasnnaercx na nenym nononnny L n npanym nononnny R. Ha +rane i ncnontsy-
ercx noknmu K
i
. Ha +rane i anropnrma IOCT ntnonnxercx cneymmee:
L
i
R
i-1
R
i
L
i-1
f(R
i-1
, K
i
)
3ran IOCT nokasan na Pnc. 14-1. uynknnx f npocra. Cnauana npanax nononnna n i-tn noknmu cknatnamrcx
no moynm 2
32
. Pesyntrar pasnnaercx na nocemt 4-nrontx kycoukon, kaxtn ns koroptx nocrynaer na nxo cn o-
ero S-noka. IOCT ncnontsyer nocemt pasnnuntx S-nokon, nepnte 4 nra nonaamr n nepntn S-nok, nropte 4
4 nra - no nropon S-nok, n r.. Kaxtn S-nok npecrannxer coon nepecranonky uncen or 0 o 15. Hanpnmep,
S-nok moxer ntrnxert kak:
7, 10, 2, 4, 15, 9, 0, 3, 6, 12, 5, 13, 1, 8, 11
Hopcfauoeka
S-
nokor
BLop nopknka
R
i-1
L
i-1
Uuknuecku cpeur eneeo
R
i-1
L
i-1
Pnc. 14-1. 31an IOCT.
B +rom cnyuae, ecnn na nxoe S-noka 0, ro na ntxoe 7. Ecnn na nxoe 1, na ntxoe 10, n r.. Bce nocemt
S-nokon pasnnunt, onn |akrnueckn xnnxmrcx ononnnrentntm knmuentm marepnanom. S-nokn onxnt xp a-
nnrtcx n cekpere.
Btxot ncex noctmn S-nokon oennxmrcx n 32-nronoe cnono, sarem nce cnono nnknnueckn cnnraercx
nneno na 11 nron. Hakonen pesyntrar oennxercx c nomomtm XOR c nenon nononnnon, n nonyuaercx nonax
npanax nononnna, a npanax nononnna cranonnrcx nonon nenon nononnnon. Btnonnnre +ro 32 pasa, n nce n nopx -
ke.
Ienepannx noknmuen npocra. 256-nrontn knmu pasnnaercx na nocemt 32-nrontx nokon: k
1
, k
2
, . . .k
8
. Ha
kaxom +rane ncnontsyercx cnon noknmu, kak nokasano n Tan. 14-1. emn|pnponanne ntnonnxercx rakxe, kak
n mn|ponanne, no nnneprnpyercx nopxok noknmuen k
i
.
Cranapr IOCT ne onpeenxer cnoco renepannn S-nokon, ronopnrcx rontko, uro nokn onxnt trt np e-
ocrannent kaknm-ro opasom |655]. 3ro noponno omtcnt o rom, uro conercknn nponsnonrent moxer nocra n-
nxrt xopomne S-nokn "xopomnm" oprannsannxm n nnoxne S-nokn rem oprannsannxm, koroptx nponsnonrent
conpaercx nayrt. 3ro nnonne moxer trt rak, no neo|nnnantnte neperonopt c poccnncknm nponsnonrenem
mnkpocxem IOCT ntxnnnn pyrym antrepnarnny. Hponsnonrent cosaer nepecranonkn S-noka camocroxrentno
c nomomtm reneparopa cnyuanntx uncen.
Tan. 14-1.
Hcnonnsonanne noxnmuen na pasnnunmx +1anax IOCT
3ran: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Hoknmu: 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
3ran: 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Hoknmu: 1 2 3 4 5 6 7 8 8 7 6 5 4 3 2 1
Concem neanno cran nsnecrntm naop S-nokon, ncnontsyemtx n npnnoxennxx Henrpantnoro Fanka Pu. 3rn
S-nokn rakxe ncnontsymrcx n ononanpannennon x+m-|ynknnn IOCT (cm. pasen 18.11) |657]. Onn nepeuncn e-
nt n Tan. 14-2.
Kpunmoauauus IOC1
Bor rnannte pasnnunx mexy DES n COST.
DES ncnontsyer cnoxnym nponeypy nx renepannn noknmuen ns knmuen. B IOCT +ra nponeypa ouent
npocra.
B DES 56-nrontn knmu, a n IOCT - 256-nrontn. Ecnn oannrt cekpernte nepecranonkn S-nokon, ro
nonntn oem cekpernon nn|opmannn IOCT cocrannr npnmepno 610 nron.
V S-nokon DES 6-nronte nxot n 4-nronte ntxot, a y S-nokon IOCT 4-nronte nxot n ntxot. B
oonx anropnrmax ncnontsyercx no nocemt S-nokon, no pasmep S-noka IOCT panen onon uernepron
pasmepa S-noka DES.
B DES ncnontsymrcx neperynxpnte nepecranonkn, nasnannte P-nokom, a n IOCT ncnontsyercx 11-
nrontn nnknnuecknn cnnr nneno.
B DES 16 +ranon, a n IOCT - 32.
Tan. 14-2.
S-noxn IOCT
S-nok 1:
4 10 9 2 13 8 0 14 6 11 1 12 7 15 5 3
S-nok 2:
14 11 4 12 6 13 15 10 2 3 8 1 0 7 5 9
S-nok 3:
5 8 1 13 10 3 4 2 14 15 12 7 6 0 9 11
S-nok 4:
7 13 10 1 0 8 9 15 14 4 6 12 11 2 5 3
S-nok 5:
6 12 7 1 5 15 13 8 4 10 9 14 0 3 11 2
S-nok 6:
4 11 10 0 7 2 1 13 3 6 8 5 9 12 15 14
S-nok 7:
13 11 4 1 3 15 5 9 0 10 14 7 6 8 2 12
S-nok 8:
1 15 13 0 5 7 10 4 9 2 3 14 6 11 8 12
Ecnn nyumnm cnocoom nckptrnx IOCT xnnxercx rpyax cnna, ro +ro ouent esonacntn anropnrm. IOCT n c-
nontsyer 256-nrontn knmu, a ecnn yunrtnart cekpernte S-nokn, ro nnna knmua nospacraer. IOCT, no nn n-
momy, onee ycronunn k n||epennnantnomy n nnnennomy kpnnroanannsy, uem DES. Xorx cnyuannte S-nokn
IOCT nosmoxno cnaee |nkcnponanntx S-nokon DES, nx cekpernocrt ynennunnaer ycronunnocrt IOCT k n |-
|epennnantnomy n nnnennomy kpnnroanannsy. K romy xe, +rn cnocot nckptrnx uyncrnnrentnt k konnuecrny
+ranon - uem ontme +ranon, rem rpynee nckptrne. IOCT ncnontsyer n na pasa ontme +ranon, uem DES, ono
+ro nosmoxno enaer necocroxrentntmn n n||epennnantntn, n nnnenntn kpnnroananns.
pyrne uacrn IOCT rakne xe, kak n DES, nnn cnaee. IOCT ne ncnontsyer cymecrnymmym n DES nepecr a-
nonky c pacmnpennem. Vanenne +ron nepecranonkn ns DES ocnanxer ero ns-sa ymentmennx nannnnoro +||ekra,
pasymno cunrart, uro orcyrcrnne rakon onepannn n IOCT ocnanxer +ror anropnrm. Cnoxenne, ncnontsyemoe n
IOCT, ne menee esonacno, uem ncnontsyemax n DES onepannx XOR.
Camtm ontmnm pasnnunem npecrannxercx ncnontsonanne n IOCT nnknnueckoro cnnra nmecro nepecrano n-
kn. Hepecranonka DES ynennunnaer nannnntn +||ekr. B IOCT nsmenenne onoro nxonoro nra nnnxer na onn
S-nok onoro +rana, koroptn sarem nnnxer na na S-noka cneymmero +rana, rpn noka cneymmero +rana, n
r... B IOCT norpeyercx 8 +ranon npexe, uem nsmenenne onoro nxonoro nra nonnnxer na kaxtn nr p e-
syntrara, anropnrmy DES nx +roro nyxno rontko 5 +ranon. 3ro, koneuno xe, cnaoe mecro. Ho ne satnanre:
IOCT cocronr ns 32 +ranon, a DES rontko ns 16.
Paspaorunkn IOCT ntrannct ocrnrnyrt pannonecnx mexy esonacnocrtm n +||ekrnnnocrtm. Onn nsm e-
nnnn neonornm DES rak, urot cosart anropnrm, koroptn ontme noxonr nx nporpammnon peannsannn.
Onn, no nnnmomy, menee ynepent n esonacnocrn cnoero anropnrma n nontrannct ckomnencnponart +ro ouent
ontmon nnnon knmua, coxpanennem n cekpere S-nokon n ynoennem konnuecrna nrepannn. Bonpoc, ynenuannct
nn nx ycnnnx cosannem onee esonacnoro, uem DES, anropnrma, ocraercx orkptrtm.
14.2 CAST
CAST tn paspaoran n Kanae Kapnancnom Aamcom (Carlisle Adams) n Cra||opom Tanapecom (Stafford
Tavares) |10, 7]. Onn yrnepxamr, uro nasnanne oycnonneno xoom paspaorkn n onxno nanomnnart o nepox r-
nocrnom xapakrepe nponecca, a ne o nnnnnanax anropon. Onnctnaemtn anropnrm CAST ncnontsyer 64-nrontn
nok n 64-nrontn knmu.
CAST nmeer snakomym crpykrypy. Anropnrm ncnontsyer mecrt S-nokon c 8-nrontm nxoom n 32-nrontm
ntxoom. Paora +rnx S-nokon cnoxna n sanncnr or peannsannn, noponocrn moxno nanrn n nnreparype.
nx mn|ponannx cnauana nok orkptroro rekcra pasnnaercx na nenym n npanym nononnnt. Anropnrm cocr o-
nr ns 8 +ranon. Ha kaxom +rane npanax nononnna oennxercx c uacrtm knmua c nomomtm |ynknnn f, a sarem
XOR pesyntrara n nenon nononnnt ntnonnxercx nx nonyuennx nonon npanon nononnnt. Hepnonauantnax (o
+rana) npanax nononnna cranonnrcx nonon nenon nononnnon. Hocne 8 +ranon (ne nepecrantre nenym n npanym n o-
nonnnt nocne noctmoro +rana) ne nononnnt oennxmrcx, opasyx mn|porekcr. uynknnx f npocra:
(1) Pasenre 32-nrontn nxo na uertpe 8-nrontx uacrn: a, b, c, d.
(2) Pasenre 16-nrontn noknmu na ne 8-nrontx nononnnt: e, B.
(3) Hoanre a na nxo S-noka 1, b - na nxo S-noka 2, c - na nxo S-noka 3, d - na nxo S-noka 4, e - na nxo
S-noka 5 n f - na nxo S-noka 6.
(4) Btnonnnre XOR mecrn ntxoon S-nokon, nonyuax 32-nrontn pesyntrar.
Hnaue, 32-nrontn nxo moxer trt oennen c nomomtm XOR c 32 nramn knmua, pasnr na uertpe 8-
nrontx uacrn, koropte opaartnamrcx S-nokamn n sarem oennxmrcx c nomomtm XOR |7]. Fesonacnocrt N
+ranon, oprannsonanntx raknm opasom, no nnnmomy, coornercrnyer N 2 +ranam pyroro napnanra.
16-nronte noknmun +ranon nerko nonyuamrcx ns 64-nronoro knmua. Ecnn k
1
, k
2
, . . .k
8
- +ro 8 anron knm-
ua, ro na +ranax anropnrma ncnontsymrcx cneymmne noknmun:
3ran 1: k
1
, k
2
3ran 2: k
3
, k
4
3ran 3: k
5
, k
6
3ran 4: k
7
, k
8
3ran 5: k
4
, k
3
3ran 6: k
2
, k
1
3ran 7: k
8
, k
7
3ran 8: k
6
, k
5
Cnna +roro anropnrma saknmuena n ero S-nokax. V CAST ner |nkcnponanntx S-nokon, nx kaxoro npnn o-
xennx onn koncrpynpymrcx sanono. Kpnrepnn npoekrnponannx onncant n |10], nsornyrtmn |ynknnxmn xnnxmrcx
cronnt S-nokon, oecneunnammne neoxonmte cnoncrna S-nokon (cm. pasen 14.10). Cosanntn nx annon
peannsannn CAST S-nokon yxe ontme nnkora ne menxercx. S-nokn sanncxr or peannsannn, a ne or knmua.
B |10] tno nokasano, uro CAST ycronunn k n||epennnantnomy kpnnroanannsy, a n |728] - uro CAST ycro n-
unn n k nnnennomy kpnnroanannsy. Hensnecrno nnoro, uem rpyax cnna, cnocoa nckptrt CAST.
Northern Telecom ncnontsyer CAST n cnoem nakere nporpamm Entrust nx komntmrepon Macintosh, PC n p a-
ounx crannnn UNIX. Btpannte nmn S-nokn ne onynnkonant. Kanackoe npannrentcrno cunraer CAST n o-
ntm cranaprom mn|ponannx. Harenrnax saxnka na CAST naxonrcx n nponecce paccmorpennx.
14.3 BLOWFISH
Blowfish - +ro anropnrm, paspaoranntn nnuno mnon nx peannsannn na ontmnx mnkponponeccopax |1388,
1389]. Anropnrm nesanarenronan, n ero ko na xstke C npnneen n konne +ron knnrn nx mnpokoro nontsonannx.
Hpn npoekrnponannn Blowfish x ncnontsonan cneymmne kpnrepnn:
1. Ckopocrt. Blowfish mn|pyer annte na 32-nrontx mnkponponeccopax co ckopocrtm 26 rakron na
anr.
2. Komnakrnocrt. Blowfish moxer paorart menee, uem n 5 Kanr namxrn.
3. Hpocrora. Blowfish ncnontsyer rontko npocrte onepannn: cnoxenne, XOR n ntopka ns rannnt no 32-
nronomy onepany. Ananns ero cxemt necnoxen, uro enaer npn peannsannn anropnrma ymentmaer k o-
nnuecrno omnok |1391].
4. Hacrpannaemax esonacnocrt. nnna knmua Blowfish nepemenna n moxer ocrnrart 448 nron.
Blowfish onrnmnsnponan nx rex npnnoxennn, n koroptx ner uacron cment knmuen, raknx kak nnnnn cnxsn
nnn nporpamma anromarnueckoro mn|ponannx |annon. Hpn peannsannn na 32-nrontx mnkponponeccopax c
ontmnm k+mem anntx, raknx kak Pentium n PowerPC, Blowfish samerno tcrpee DES. Blowfish ne noxonr
nx ncnontsonannx n npnnoxennxx c uacron cmenon knmuen, nanpnmep, npn kommyrannn nakeron, nnn nx n c-
nontsonannx n kauecrne ononanpannennon x+m-|ynknnn. Fontmne rpeonannx k namxrn enamr nenosmoxntm
ncnontsonanne +roro anropnrma n nnrennekryantntx nnarax.
Onucauue Blowfish
Blowfish npecrannxer coon 64-nrontn nountn mn|p c knmuom nepemennon nnnt. Anropnrm cocronr ns
nyx uacren: pasneprtnanne knmua n mn|ponanne anntx. Pasneprtnanne knmua npeopasyer knmu nnnon o
448 nron n neckontko maccnnon noknmuen, omnm oemom 4168 anron.
Bn|ponanne anntx cocronr ns npocron |ynknnn, nocneonarentno ntnonnxemon 16 pas. Kaxtn +ran c o-
cronr ns sanncnmon or knmua nepecranonkn n sanncnmon or knmua n anntx nocranonkn. Hcnontsymrcx rontko
cnoxennx n XOR 32-nrontx cnon. Enncrnenntmn ononnnrentntmn onepannxmn na kaxom +rane xnnxmrcx
uertpe nsnneuennx anntx ns nnekcnponannoro maccnna.
B Blowfish ncnontsyercx mnoro noknmuen. 3rn noknmun onxnt trt paccunrant o nauana mn|ponannx
nnn emn|pnponannx anntx.
P-maccnn cocronr ns 18 32-nrontx noknmuen:
P1, P2, . . ., P18
Kaxtn ns uertpex 32-nrontx S-nokon coepxnr 256 +nemenron:
S
1,0
, S
1,1
, . . ., S
1,255
S
2,0
, S
2,2
, . . ., S
2,255
S
3,0
, S
3,3
, . . ., S
3,255
S
4,0
, S
4,4
, . . ., S
4,255
Tountn mero, ncnontsyemtn npn ntuncnennn +rnx noknmuen onncan n +rom pasene nnxe.
F
32
ufa
P
1
32
ufa
32
ufa
32
ufa
32
ufa
64
ufa
OfkpLfL fekcf
F
P
2
F
Ee 13 ufepau
P16
P1
8
P1
7
32
ufa
32
ufa
64
ufa
Luqpofekcf
Pnc. 14-2. Blowfish.
Blowfish xnnxercx certm uencrena (Eeistel) (cm. pasen 14.10), cocroxmen ns 16 +ranon. Ha nxo noaercx 64-
nrontn +nemenr anntx x. nx mn|ponannx:
Pasenre x na ne 32-nrontx nononnnt: x
L
, x
R
nx i 1 no 16:
x
L
x
L
P
18
x
R
E(x
L
) x
R
Hepecrannrt x
L
n x
R
(kpome nocnenero +rana.)
x
R
x
R
P
17
x
L
x
L
P
18
Oennnrt x
L
n x
R
8
ufoe
8
ufoe
8
ufoe
8
ufoe
32 ufa
S-
nok
4
S-
nok
3
S-
nok
2
S-
nok 1
32 ufa
Pnc. 14-3. mynxnnu F.
uynknnx E npecrannxer coon cneymmee (cm. Pnc. 14-3):
Pasennrt x
L
na uertpe 8-nrontx uacrn: a, b, c n d
E(x
L
) ((S
1,a
S
2,b
mod 2
32
) S
3,c
) S
4,d
mod 2
32
emn|pnponanne ntnonnxercx rouno rakxe, kak n mn|ponanne, no P
1
, P
2
, . . ., P
18
ncnontsymrcx n oparnom
nopxke.
B peannsannxx Blowfish, nx koroptx rpeyercx ouent ontmax ckopocrt, nnkn onxen trt pasnepnyr, a nce
knmun onxnt xpannrtcx n k+me. Hoponocrn npnneent n |568].
Hoknmun paccunrtnamrcx c nomomtm cnennantnoro anropnrma. Bor kakona rounax nocneonarentnocrt e n-
crnnn.
(1) Cnauana P-maccnn, a sarem uertpe S-noka no nopxky nnnnnannsnpymrcx |nkcnponannon crpokon. 3ra
crpoka cocronr ns mecrnanarnpnuntx nn|p .
(2) Btnonnxercx XOR P
1
c nepntmn 32 nramn knmua, XOR P
2
co nroptmn 32 nramn knmua, n rak anee nx
ncex nron knmua (o P
18
). Hcnontsyercx nnknnueckn, noka nx ncero P-maccnna ne yer ntnonnena onep a-
nnx XOR c nramn knmua.
(3) Hcnontsyx noknmun, nonyuennte na +ranax (1) n (2), anropnrmom Blowfish mn|pyercx crpoka ns onnx
nynen.
(4) P
1
n P
2
samenxmrcx pesyntrarom +rana (3).
(5) Pesyntrar +rana (3) mn|pyercx c nomomtm anropnrma Blowfish n nsmenenntx noknmuen.
(6) P
3
n P
4
samenxmrcx pesyntrarom +rana (5).
(7) anee n xoe nponecca nce +nemenrt P-maccnna n sarem no nopxky nce uertpe S-noka samenxmrcx ntx o-
om nocroxnno menxmmerocx anropnrma Blowfish.
Bcero nx renepannn ncex neoxonmtx noknmuen rpeyercx 521 nrepannx. Hpnnoxennx moryr coxpanxrt
noknmun - ner neoxonmocrn ntnonnxrt nponecc nx nonyuennx mnorokparno.
Besonacuocmo Blowfish
Cepx Boen+ (Serge Vaudenay) nccneonan Blowfish c nsnecrntmn S-nokamn n r +ranamn, n||epennnan t-
ntn kpnnroananns moxer packptrt P-maccnn c nomomtm 2
8r1
ntpanntx orkptrtx rekcron |1568]. nx nekor o-
ptx cnatx knmuen, koropte renepnpymr nnoxne S-nokn (nepoxrnocrt ntopa rakoro knmua cocrannxer 1 k 2
14
),
+ro xe nckptrne packptnaer P-maccnn c nomomtm ncero 2
4r1
. Hpn nensnecrntx S-nokax +ro nckptrne moxer
onapyxnrt ncnontsonanne cnaoro knmua, no ne moxer onpeennr cam knmu (nn S-nokn, nn P-maccnn). 3ro
nckptrne +||ekrnnno rontko npornn napnanron c ymentmenntm uncnom +ranon n conepmenno ecnonesno npornn
16-+rannoro Blowfish.
Koneuno, naxno n packptrne cnatx knmuen, axe xorx onn ckopee ncero ne yyr ncnontsonartcx. Cnatm
xnnxercx knmu, nx koroporo na +nemenra annoro S-noka nenrnunt. o ntnonnennx pasneprtnannx knmua
nenosmoxno onpeennrt, xnnxercx nn on cnatm. Ecnn nt ecnokonrect o +rom, nam npnercx ntnonnnrt pa s-
neprtnanne knmua n nponepnrt, ner nn n S-onnakontx +nemenron. Xorx x ne ymam, uro +ro rak yx neoxonmo.
Mne nensnecrno o ycnemnom kpnnroanannse Blowfish. nx esonacnocrn ne peannsynre Blowfish c ymen t-
menntm uncnom +ranon.
Kent Marsh Ltd. ncrponna Blowfish n cnon npoykr oecneuennx esonacnocrn EolderBolt, npenasnauenntn
nx Microsoft Windows n Macintosh. Anropnrm rakxe nxonr n Nautilus n PGPfone.
14.4 SAFER
SAEER K-64 osnauaer Secure And East Encryption Routine with a Key of 64 bits - Fesonacnax n tcrpax npon e-
ypa mn|ponannx c 64-nrontm knmuom |1009]. 3ror ne xnnxmmnncx uacrnon cocrnennocrtm anropnrm, pasp a-
oranntn xenmcom Macceem (James Massey) nx Cylink Corp., ncnontsyercx n nekoroptx ns npoykron +ron
komnannn. Hpannrentcrno Cnnranypa conpaercx ncnontsonart +ror anropnrm - c 128-nrontm knmuom |1010] -
nx mnpokoro cnekrpa npnnoxennn. Ero ncnontsonanne ne orpannueno narenrom, anropcknmn npanamn nnn p y-
rnmn orpannuennxmn.
Anropnrm paoraer c 64-nrontm nokom n 64-nrontm knmuom. B ornnune or DES on xnnxercx ne certm
uencrena (cm. pasen 14.10), a nreparnnntm nountm mn|pom: nx nekoroporo konnuecrna +ranon npnmenxercx
ona n ra xe |ynknnx. Ha kaxom +rane ncnontsymrcx na 64-nrontx noknmua. Anropnrm onepnpyer rontko
anramn.
Onucauue SAFER K-4
Fnok orkptroro rekcra ennrcx na nocemt anrontx nonokon: B
1
, B
2
, . . . , B
7
, B
8
. 3arem nonokn opaart-
namrcx n xoe r +ranon. Hakonen nonokn nonepramrcx saknmunrentnomy npeopasonannm. Ha kaxom +rane
ncnontsyercx na noknmua: K
2r-1
n K
2r
.
Ha Pnc. 14-4 nokasan onn +ran SAEER K-64. Cnauana na nonokamn ntnonnxercx nno onepannx XOR, n n-
o cnoxenn c anramn noknmua K
2r-1
. 3arem nocemt nonokon nonepramrcx onomy ns nyx nennnenntx np e-
opasonannn:
v 45
x
mod 257. (Ecnn x 0, ro v 0.)
v log
45
x. (Ecnn x 0, ro v 0.)
log45 log45 log45
45
(.)
45
(.)
45
(.)
log45
2-
PHT
2-
PHT
2-
PHT
2-
PHT
45
(.)
add xor xor add add xor xor add
xor add add xor xor add add xor
1 2 3 4 5 6 7 8
BLxop sfana (8 afoe)
Bxop sfana (8 afoe)
1 2 3 4 5 6 7 8
K
2i-1
K
2i
2-
PHT
2-
PHT
2-
PHT
2-
PHT
2-
PHT
2-
PHT
2-
PHT
2-
PHT
Pnc. 14-4. Onn +1an SAFER.
3ro onepannn n koneunom none GE(257), a 45 - +nemenr nonx, xnnxmmnncx npnmnrnnom. B peannsannxx
SAEER K-64 tcrpee ntnonnxrt nonck n rannne, uem nce npemx paccunrtnart nonte pesyntrart.
3arem nonokn nno nonepramrcx XOR, nno cknatnamrcx c anramn noknmua K
2r
. Pesyntrar +roro en-
crnnx npoxonr uepes rpn yponnx nnnenntx onepannn, nentm koroptx xnnxercx ynennuenne nannnnoro +||ekra.
Kaxax onepannx nastnaercx ncenoaamapontm npeopasonannem (Pseudo-Hadamard Transform, PHT). Ecnn na
nxoe PHT a
1
n a
2
, ro na ntxoe:
b
1
(2a
1
a
2
) mod 256
b
2
(a
1
a
2
) mod 256
Hocne r +ranon ntnonnxercx saknmunrentnoe npeopasonanne. Ono connaaer c npeopasonannem, xnnxmmn m-
cx nepntm encrnnem kaxoro +rana. Ha B
1
, B
4
, B
5
n B
8
ntnonnxercx XOR c coornercrnymmnmn anramn n o-
cnenero noknmua, a B
2
, B
3
, B
6
n B
7
cknatnamrcx c coornercrnymmnmn anramn nocnenero noknmua. B p e-
syntrare n nonyuaercx mn|porekcr.
emn|pnponanne npecrannxer coon oparntn nponecc: cnauana saknmunrentnoe npeopasonanne (c ntu n-
rannem nmecro cnoxennx), sarem r nnneprnponanntx +ranon. Oparnoe PHT (Inverse PHT, IPHT) - +ro:
a
1
(b
1
- b
2
) mod 256
a
2
(-b
1
2b
2
) mod 256
Maccen pekomenyer ncnontsonart 6 +ranon, no nx ontmen esonacnocrn konnuecrno +ranon moxno ynen n-
unrt.
Ienepnponart noknmun concem ne rpyno. Hepntn noknmu, K
1
, - +ro npocro knmu nontsonarenx. Hocne-
ymmne knmun renepnpymrcx n coornercrnnn co cneymmen nponeypon:
K
i1
(K
i
3i) c
i
Cnmnon "" oosnauaer nnknnuecknn cnnr naneno. Cnnr ntnonnxercx noanrno, a c
i
xnnxercx koncranron
+rana. Ecnn c
if
- +ro f-tn anr koncranrt i-ro +rana, ro moxno paccunrart nce koncranrt +ranon no cneymmen
|opmyne
c
if
45
45((9if) mod 256) mod 257
mod 257
Otuno +rn snauennx xpanxrcx n rannne.
SAFER K-128
3ror antrepnarnnntn cnoco ncnontsonannx knmua tn paspaoran Mnnncrepcrnom nnyrpennnx en Cnnr a-
nypa, a sarem tn ncrpoen Macceem n SAEER |1010]. B +rom cnocoe ncnontsymrcx na knmua, K
a
n K
b
, no 64
nra kaxtn. Hpnem cocronr n rom, urot renepnponart napannentno ne nocneonarentnocrn noknmuen, a s a-
rem uepeonart noknmun ns kaxon nocneonarentnocrn. 3ro osnauaer, uro npn ntope K
a
K
b
128-nrontn
knmu conmecrnm c 64-nrontm knmuom K
a
.
Besonacuocmo SAFER K-4
Maccen nokasan, uro SAEER K-64 nocne 6 +ranon aconmrno samnmen or n||epennnantnoro kpnnroanannsa
nocne 8 +ranon n ocrarouno esonacen. Vxe nocne 3 +ranon npornn +roro anropnrma cranonnrcx ne+||ekrnnntm
n nnnenntn kpnnroananns |1010].
Knycen (Knudsen) onapyxnn cnaoe mecro n pacnpeenennn knmuen: npakrnueckn nx kaxoro knmua cym e-
crnyer ne mentme onoro (a nnora axe enxrt) pyroro knmua, koroptn npn mn|ponannn kakoro-ro pyroro
orkptroro rekcra npenpamaer ero n ror xe mn|porekcr |862]. uncno pasnnuntx orkptrtx rekcron, koropte
mn|pymrcx onnakontmn mn|porekcramn, naxonrcx n npomexyrke or 2
22
o 2
28
. Xorx rakoe nckptrne ne moxer
nonnnxrt na esonacnocrt SAEER kak anropnrma mn|ponannx, ono snaunrentno ymentmaer ero naexnocrt npn
ncnontsonannn n kauecrne ononanpannennon x+m-|ynknnn. B nmom cnyuae Knycen pekomenyer ncnontsonart
ne mentme 8 +ranon.
SAEER tn cnpoekrnponan nx Cylink, a Cylink tnn npexnnent pasnnunte onnnennx co cropont NSA
|80]. pekomenonan t norparnrt neckontko ner na nnrencnnntn kpnnroananns npexe, uem kak-nno ncnon t-
sonart SAEER.
14.5 3-WAY
3-Way - +ro nountn mn|p, paspaoranntn xonom +nmenom (Joan Daemen) |402, 410]. On ncnontsyer
nok n knmu nnnon 96 nr, n ero cxema npenonaraer ouent +||ekrnnnym annaparnym peannsannm.
3-Way xnnxercx ne certm uencrena, a nreparnnntm nountm mn|pom. V 3-Way moxer trt n +ranon, + n-
men pekomenyer 11.
Onucauue S-Way
3ror anropnrm onncart necnoxno. nx mn|ponannx noka orkptroro rekcra x:
Eor i 0 to n - 1
x x XOR K
i
x theta (x)
x pi - 1 (x)
x gamma (x)
x pi - 2 (x)
x x K
n1
x theta (x)
Hpn +rom ncnontsymrcx cneymmne |ynknnn:
theta(x) - |ynknnx nnnennon nocranonkn, n ocnonnom naop nnknnuecknx cnnron n XOR.
pi - 1 (x) n pi - 2 (x) - npocrte nepecranonkn.
gamma (x) - |ynknnx nennnennon nocranonkn. Hmenno +ro encrnne n ano nmx ncemy anropnrmy, ono
npecrannxer coon napannentnoe ntnonnenne nocranonkn 3-nrontx anntx.
emn|pnponanne ananornuno mn|ponannm sa ncknmuennem roro, uro nyxno nsmennrt na oparntn nopxok
nron ncxontx anntx n pesyntrara. Hcxontn ko, peannsymmnn 3-Way, moxno nanrn n konne +ron knnrn.
Hoka o ycnemnom kpnnroanannse 3-Way nensnecrno. Anropnrm nesanarenronan.
14.6 CRAB
3ror anropnrm tn paspaoran Feprom Kannckn |Burt Kaliski] n M+rrom Pomoy |Matt Robshaw] ns RSA
Laboratories |810]. B ocnone Crab nexnr nex ncnontsonart merot ononanpannenntx x+m-|ynknnn nx cos a-
nnx tcrporo anropnrma mn|ponannx. Cneonarentno, Crab ouent noxox na MD5, n n +rom pasene npenonar a-
ercx, uro nt snakomt c marepnanom pasena 18.5.
V Crab ouent ontmon nok: 1024 anra. Tak kak Crab tn npecrannen ckopee kak marepnan nx nccneon a-
nnx, a ne peantntn anropnrm, konkpernon nponeypt renepannn knmuen ne tno npenoxeno. Anropt paccmo r-
penn mero, koroptn nosnonxer npenparnrt 80-nrontn knmu n rpn ncnomorarentntx noknmua, xorx anropnrm
nosnonxer nerko ncnontsonart knmun nepemennon nnnt. B Crab ncnontsyercx na naopa ontmnx noknmuen:
Hepecranonka uncen c 0 o 255: P
0
, P
1
, P
2
, ..., P
255
.
Maccnn ns 2048 32-nrontx uncen: S
0
, S
1
, S
2
,..., S
2047
.
Bce +rn noknmun onxnt trt ntuncnent o mn|ponannx nnn emn|pnponannx. nx mn|ponannx 1024-
anronoro noka X:
(1) Pasennre X na 256 32-nrontx nonokon: X
0
, X
1
, X
2
, ..., X
255
.
(2) Hepecrantre nonokn X n coornercrnnn c P.
(3) Eor r0 to 3
Eor g 0 to 63
A X
(4g) 2r
B X
(4g1) 2r
C X
(4g2) 2r
D X
(4g3) 2r
Eor step s 0 to 7
A A (B f
r
(B, C, D) S
512r8gs
)
TEMP D
D C
C B
B A 5
A TEMP
X
(4g) 2r
A
X
(4g1) 2r
B
X
(4g2) 2r
C
X
(4g3) 2r
D
(4) Cnona oennnrt X
0
, X
1
, X
2
, ..., X
255
, nonyuax mn|porekcr.
uynknnn f
r
(B, C, D) ananornunt ncnontsyemtm n MD5:
f
0
(B, C, D) (B C) (( B) D)
f
1
(B, C, D) (B D) (C ( D))
f
2
(B, C, D) B C D
f
3
(B, C, D) C (B ( D))
emn|pnponanne npecrannxer coon oparntn nponecc. Ienepnponanne noknmuen xnnxercx nenpocron s a-
auen. Bor kak no 80-nronomy knmuy K moxer trt crenepnponan maccnn nepecranonok P.
(1) Hponnnnnannsnpynre K
0
, K
1
, K
2
, ..., K
9
10 anramn K.
(2) Eor i10 to 255
K
i
K
i-2
K
i-6
K
i-7
K
i-10
(3) Eor i10 to 255, P
i
i
(4) m0
(5) Eor f0 to 1
Eor i 256 to 1 step -1
m (K
256-i
K
257-i
) mod i
K
257-i
K
257-i
3
Hepecrannrt P
i
n P
i-1
S-maccnn ns 2048 32-nrontx cnon moxer trt crenepnponan ananornuntm opasom nno no romy xe
80
nronomy knmuy, nno no pyromy knmuy. Anropt npeynpexamr, uro +rn erann onxnt "paccmarpnnartcx
rontko n kauecrne mornnannn, moryr trt n pyrne +||ekrnnnte cxemt, oecneunnammne nyumym esonacnocrt"
|810].
Crab tn npenoxen kak ncntrarentntn cren nx nontx nen, a ne kak paounn anropnrm. Bo mnorom on
ncnontsyer re xe npnemt, uro n MD5. Fnxam samernn, uro ouent ontmon nok ynpomaer kpnnroananns anr o-
pnrma |160]. C pyron cropont Crab moxer nosnonxrt +||ekrnnno ncnontsonart ouent ontmon knmu. B +rom
cnyuae "ynpomenne kpnnroanannsa" moxer nnuero ne snaunrt.
14.7 SXAL8/MBAL
3ro 64-nrontn nountn anropnrm ns nonnn |769]. SXAL8 - +ro ocnonnon anropnrm, a MBAL npecrannxer
coon pacmnpennym nepcnm c nepemennon nnnon noka. Tak kak nnyrpn MBAL ntnonnxercx px ymntx enc r-
nnn, anropt yrnepxamr, uro onn moryr oecneunrt ocrarounym esonacnocrt sa manoe uncno +ranon. Hpn nnne
noka 1024 anra MBAL npnmepno n 70 pas tcrpee, uem DES. K necuacrtm n |1174] nokasano, uro MBAL uy n-
crnnrenen k n||epennnantnomy kpnnroanannsy, a n |865] - uro on uyncrnnrenen n k nnnennomy kpnnroanan nsy.
14.8 RC5
RC5 npecrannxer coon nountn |nntrp c ontmnm uncnom napamerpon: pasmepom noka, pasmepom knmua n
konnuecrnom +ranon. On tn nsoperen Ponom Pnnecrom n npoanannsnponan n RSA Laboratories |1324, 1325].
Hcnontsyercx rpn encrnnx: XOR, cnoxenne n nnknnueckne cnnrn. Ha ontmnncrne nponeccopon onepannn
nnknnueckoro cnnra ntnonnxmrcx sa nocroxnnoe npemx, nepemennte nnknnueckne cnnrn xnnxmrcx nennnennon
|ynknnen. 3rn nnknnueckne cnnrn, sanncxmne n or knmua, n or anntx, npecrannxmr coon nnrepecnym on e-
pannm.
RC5 ncnontsyer nok nepemennon nnnt, no n npnnonmom npnmepe mt ocranonnmcx na 64-nronom noke
anntx. Bn|ponanne ncnontsyer 2r2 sanncxmnx or knmua 32-nrontx cnon - S
0
, S
1
, S
2
, ... S
2r1
- re r - uncno
+ranon. 3rn cnona mt crenepnpyem nosnee. nx mn|ponannx cnauana pasennm nok orkptroro rekcra na na
32-nrontx cnona: A n B. (RC5 npenonaraer cneymmee cornamenne no ynakonke anron n cnona: nepntn anr
sannmaer mnamne nrt perncrpa A, n r..) 3arem:
A A S
0
B B S
1
Eor i 1 to r:
A ((A B) B) S
2i
B ((B A) A) S
2i1
Pesyntrar naxonrcx n perncrpax A n B.
emn|pnponanne rakxe npocro. Pasenre nok orkptroro rekcra na na cnona, A n B, a sarem:
Eor i r down to 1:
B ((B - S
2i1
) ~~~ A) A
A ((A - S
2i
) ~~~ B) B
B B - S
1
A A - S
0
Cnmnon "~~~" oosnauaer nnknnuecknn cnnr nanpano. Koneuno xe, nce cnoxennx n ntunrannx ntnonnxmrcx
no moynm 2
32
.
Cosanne maccnna knmuen onee cnoxno, no rakxe npxmonnnenno. Cnauana, anrt knmua konnpymrcx n ma c-
cnn L ns c 32-nrontx cnon, ononnxx npn neoxonmocrn saknmunrentnoe cnono nynxmn. 3arem maccnn S nnn-
nnannsnpyercx npn nomomn nnnennoro konrpy+nrnoro reneparopa no moynm 2
32
:
S
0
P
for i 1 to 2(r 1) - 1:
S
i
(S
i-1
Q) mod 2
32
P 0xb7e15163 n Q 0x9e3779b9, +rn koncranrt ocnontnamrcx na nonunom npecrannennn e n phi.
Hakonen, nocrannxem L n S:
i f 0
A B 0
ntnonnnrt n pas (re n - makcnmym 2(r 1) n c):
A S
i
(S
i
A B) 3
B L
i
(L
i
A B) (A B)
i (i 1) mod 2(r 1)
f (f 1 ) mod c
Ho cyrn, RC5 npecrannxer coon cemencrno anropnrmon. Tontko uro mt onpeennnn RC5 c 32-nrontm cn o-
nom n 64-nrontm nokom, ne cymecrnye npnunn, sanpemammnx ncnontsonart ror xe anropnrm c 64-nrontm
cnonom n 128-nrontm. nx w 64, P n Q pannt 0xb7e151628aed2a6b n 0x9e3779b97f4a7c15, coornercrnenno.
Pnnecr oosnaunn pasnnunte peannsannn RC5 kak RC5- w/r/b, re w - +ro pasmep cnona, r - uncno +ranon, a b -
nnna knmua n anrax.
RC5 xnnxercx nontm anropnrmom, no RSA Laboratories norpnrnna ocrarouno mnoro npemenn, anannsnpyx ero
paory c 64-nrontm nokom. Hocne 5 +ranon crarncrnka ntrnxnr ouent xopomo. Hocne 8 +ranon kaxtn nr
orkptroro rekcra nnnxer no kpannen mepe na onn nnknnuecknn cnnr. n||epennnantnoe nckptrne rpeyer 2
24
ntpanntx orkptrtx rekcron nx 5 +ranon, 2
45
nx 10 +ranon, 2
53
nx 12 +ranon n 2
68
nx 15 +ranon. Koneuno xe,
cymecrnyer rontko 2
64
nosmoxntx orkptrtx rekcron, no+romy rakoe nckptrne nenpnmennmo npornn anropnrma c
15 n onee +ranamn. Onenka nx nnnennoro kpnnroanannsa nokastnaer, uro anropnrm esonacen nocne 6 +ranon.
Pnnecr pekomenyer ncnontsonart ne mentme 12 +ranon, a nyume 16 |1325]. 3ro uncno moxer menxrtcx.
RSADSI n nacroxmee npemx narenryer RC5, a +ro nasnannx saxnneno, kak ropronax mapka. Komnannx yrne p-
xaer, uro nnara sa nnnensnponanne yer ouent mana, no +ro nyume nponepnrt.
14.9 pyrne nounme anropn1um
Cymecrnyer anropnrm, nastnaemtn n nnreparype CRYPTO-MECCANO |301], no on ne xnnxercx esonacntm.
uertpe xnoncknx kpnnrorpa|a na Eurocrypt '91 npecrannnn anropnrm, ocnonanntn na xaornuntx oropaxennxx
|687, 688], Fnxam ntnonnnn kpnnroananns +roro anropnrma na ron xe kon|epennnn |157]. pyron anropnrm on n-
paercx na nomnoxecrna nekoroporo mnoxecrna cnyuanntx koon |693]. Cymecrnyer mnoxecrno anropnrmon, o c-
nonanntx na reopnn koon, ncnpannxmmnx omnkn: napnanr anropnrma Mak3nanca (McEliece) (cm. pasen 19.7)
|786, 1290], anropnrm Rao-Nam |1292, 733, 1504, 1291, 1056, 1057, 1058, 1293], napnanrt anropnrma Rao-Nam
|464, 749, 1503] n anropnrm Li-Wang |964, 1561] - nce onn neesonacnt. CALC rakxe neesonacen |1109]. Anr o-
pnrm TEA (Tiny Encryption Algorithm, Kpomeuntn anropnrm mn|ponannx) cnnmkom non, urot ero kommenr n-
ponart |1592]. pyrnm anropnrmom xnnxercx Vino |503]. MacGuffin, nountn anropnrm, npenoxenntn M+rrom
Fn+nsom n mnon, rakxe neesonacen |189], on tn nsnoman na ron xe kon|epennnn, na koropon on tn npen o-
xen. BaseKing, noxoxnn no |nnoco|nn na 3-way, no ncnontsymmnn 192-nrontn nok |385], cnnmkom non, ur o-
t ero kommenrnponart.
Kpome roro, cymecrnyer mnoxecrno nountx anropnrmon, paspaoranntx nne kpnnrorpa|nueckoro coomec r-
na. Hekoropte ns nnx ncnontsymrcx pasnnuntmn noenntmn n npannrentcrnenntmn oprannsannxmn. V menx ner
anntx o raknx anropnrmax. Cymecrnymr rakxe ecxrkn uacrntx kommepuecknx anropnrmon. Hekoropte ns nnx
moryr trt xopomn, nekoropte ner. Ecnn komnannx npenonaraer, uro onynnkonanne ee anropnrmon ne yer
cnyxnrt nnrepecam komnannn, ro nyume cornacnrtcx c nen n ne ncnontsonart +rn anropnrmt.
14.10 Teopnn npoek1nponannn nounoro mnqpa
B pasen 11.1 x onnctnan npnnnnnt Bennona nx cmemennx n paccexnnx. Cnycrx nxrtecxr ner nocne roro,
kak +rn npnnnnnt tnn nnepnte c|opmynnponant, onn ocramrcx kpaeyrontntm kamnem npoekrnponannx xop o-
mero nounoro mn|pa.
Cmemenne cnyxnr nx macknponkn nsanmocnxsen mexy orkptrtm rekcrom, mn|porekcrom n knmuom. Ho m-
nnre, kak axe nesnaunrentnax sanncnmocrt mexy +rnmn rpemx nemamn moxer trt ncnontsonana npn n|| e-
pennnantnom n nnnennom kpnnroanannse? Xopomee cmemenne nacrontko ycnoxnxer crarncrnky nsanmocnxsen,
uro ne paoramr axe momnte kpnnrorpa|nueckne cpecrna.
n||ysnx pacnpocrpanxer nnnxnne orentntx nron orkptroro rekcra na kak moxno ontmee konnuecrno
mn|porekcra. 3ro rakxe macknpyer crarncrnueckne nsanmocnxsn n ycnoxnxer kpnnroananns.
nx esonacnocrn ocrarouno onoro cmemennx. Anropnrm, cocroxmnn ns enncrnennon sanncxmen or knmua
rannnt coornercrnnx 64 nron orkptroro rekcra 64 nram mn|porekcra tn t ocrarouno cnntntm. Hponema
n rom, uro nx rakon rannnt norpeonanoct t cnnmkom mnoro namxrn: 1020 anron. Cmtcn cosannx nounoro
mn|pa n cocronr n cosannn uero-ro noxoxero na rakym rannny, no npexnnxmmero k namxrn onee ymepennte
rpeonannx.
Hpnem cocronr n rom, urot n onom mn|pe n pasnnuntx komnnannxx nepnonueckn nepemexart cmemnn a-
nne (c ropaso mentmnmn rannnamn) n n||ysnm. 3ro nastnaercx pesynn1npymmnu mnqpou. Hnora nou-
ntn mn|p, koroptn nknmuaer nocneonarentnte nepecranonkn n nocranonkn, nastnamr ce1nm nepec1anonox-
noc1anonox (substitution-permutation network), nnn SP-ce1nm.
Bsrnxnnre cnona na |ynknnm f n DES. Hepecranonka c pacmnpennem n P-nok peannsymr n||ysnm, a S-
nokn - cmemenne. Hepecranonka c pacmnpennem n P-nok nnnennt, S-nokn - nennnennt. Kaxax onepannx cama
no cee ouent npocra, no nmecre onn paoramr ouent xopomo.
Ha npnmepe DES rakxe moxno nokasart eme neckontko npnnnnnon npoekrnponannx nounoro mn|pa. Hepntm
xnnxercx nex n1epa1nnnoro nounoro mnqpa. Hpn +rom npenonaraercx, uro npocrax |ynknnx +rana yer n o-
cneonarentno ncnontsonana neckontko pas. nyx+ranntn DES ne ouent cnnen, urot nce nrt pesyntrara san n-
cenn or ncex nron knmua n ncex nron ncxontx anntx, nyxno 5 +ranon |1078, 1080]. 16-+ranntn DES - +ro
cnntntn anropnrm, 32-+ranntn DES eme cnntnee.
Cemu 0ecmeua
Fontmnncrno nountx anropnrmon xnnxmrcx ce1uun menc1ena (Eelstel networks). 3ra nex arnpyercx naua-
nom 70-x roon |552, 553]. Bostmnre nok nnnon n n pasennre ero na ne nononnnt nnnon n/2: L n R. Koneuno,
n onxno trt uerntm. Moxno onpeennrt nreparnnntn nountn mn|p, n koropom pesyntrar f-ro +rana onpee-
nxercx pesyntrarom npetymero +rana:
L
i
R
i-1
R
i
L
i-1
f(R
i-1
, K
i
)
K
i
- +ro noknmu, ncnontsyemtn na f-om +rane, a f - +ro nponsnontnax |ynknnx +rana.
3ry konnennnm moxno ynnert n DES, Lucifer, EEAL, Khufu, Khafre, LOKI, COST, CAST, Blowfish n pyrnx
anropnrmax. Houemy +ro rak naxno? Iapanrnpyercx, uro +ra |ynknnx xnnxercx opamaemon. Tak kak nx oe n-
nennx nenon nononnnt c pesyntrarom |ynknnn +rana ncnontsyercx XOR, cneymmee ntpaxenne oxsarentno x n-
nxercx ncrnnntm:
L
i-1
f(R
i-1
, K
i
) f(R
i-1
, K
i
) L
i-1
Iapanrnpyercx, uro mn|p, ncnontsymmnn rakym koncrpyknnm, oparnm, ecnn moxno noccranonnrt ncxonte
annte f na kaxom +rane. Cama |ynknnx f nenaxna, on ne oxsana trt oparnmon. Mt moxem cnpoekrnponart
f nacrontko cnoxnon, nackontko saxornm, n nam ne norpeyercx peannsontnart na pasnnuntx anropnrma - onn
nx mn|ponannx, a pyron nx emn|pnponannx. Crpykrypa cern uencrena anromarnueckn nosaornrcx o +rom.
Hpocmme coomuoueuua
DES onaaer cneymmnm cnoncrnom: ecnn E
K
(P) C, ro E
K
(P) C', re P, C n K - nonronte ononnennx
P, C n K. 3ro cnoncrno nnoe ymentmaer cnoxnocrt nckptrnx rpyon cnnon. Cnoncrna komnnnmenrapnocrn anr o-
pnrma LOKI ymentmamr cnoxnocrt nckptrnx rpyon cnnon n 256 pas.
Hpoc1oe coo1nomenne moxno onpeennrt kak |857]:
Ecnn E
K
(P) C, ro E
f(K)
(g(P,K)) h(C,K)
re f, g n h - npocrte |ynknnn. Ho "npocrtmn |ynknnxmn" x nopasymenam |ynknnn, koropte ntuncnxmrcx
nerko, namnoro nerue, uem ntnonnenne nrepannn nounoro mn|pa. B DES f npecrannxer coon nonronoe n o-
nonnenne K, g - nonronoe ononnenne P, a h - nonronoe ononnenne C. 3ro xnnxercx pesyntrarom nkpannennx
knmua n uacrt rekcra c nomomtm XOR.
nx xopomero nounoro mn|pa ne cymecrnyer npocrtx coornomennn. Merot noncka nekoroptx ns noontx
cnatx mecr moxno nanrn n |917].
Ipynnoeaa cmpyrmypa
Hpn nsyuennn anropnrma nosnnkaer nonpoc, ne opasyer nn on rpynny. 3nemenramn rpynnt xnnxmrcx nokn
mn|porekcra nx kaxoro nosmoxnoro knmua, a rpynnonon onepannen xnnxercx komnosnnnx. Hsyuenne rpynnonon
crpykrypt anropnrma npecrannxer coon nontrky nonxrt, nackontko ynennunnaercx npocrpancrno mn|ponannx
npn mnoxecrnennom mn|ponannn.
Honesntm, onako, xnnxercx ne nonpoc o rom, encrnnrentno nn anropnrm xnnxercx rpynnon, a o rom, nackon t-
ko on nnsok k rpynne. Ecnn ne xnaraer rontko onoro +nemenra, ro anropnrm ne opasyer rpynny, no nonnoe
mn|ponanne tno t - crarncrnueckn ronopx - npocro norepen npemenn. Paora na DES nokasana, uro DES
ouent anek or rpynnt. Cymecrnyer rakxe px nnrepecntx nonpocon o nonyrpynne, nonyuaemon npn mn|ponannn
DES. Coepxnr nn ona roxecrno, ro ecrt, ne opasyer nn ona rpynny? Hntmn cnonamn, ne renepnpyer nn kora-
nnyt nekoropax komnnannx onepannn mn|ponannx (ne emn|pnponannx) roxecrnennym |ynknnm? Ecnn rak,
nackontko nnnna camax koporkax rakax komnnannx?
Hentm nccneonannx xnnxercx onenka npocrpancrna knmuen nx reopernueckoro nckptrnx rpyon cnnon, a p e-
syntrar npecrannxer coon nanontmym nnxnmm rpannny +nrponnn npocrpancrna knmuen.
Cuame rumuu
B xopomem nounom mn|pe nce knmun onnakono cnntnt. Otuno ner nponem n npn anropnrme c mantm
konnuecrnom cnatx knmuen, rakom kak DES. Bepoxrnocrt cnyuanno ntpart onn ns nnx ouent mana, rakon
knmu nerko nponepnrt n npn neoxonmocrn orpocnrt. Onako, nnora +rn cnate knmun moryr trt saenc r-
nonant, ecnn nountn |nntrp ncnontsyercx kak ononanpannennax x+m-|ynknnx (cm. pasen 18.11).
Vcmouueocmo r uqqepeuuuauouoy u uuueuoy rpunmoauauusy
Hccneonanne n||epennnantnoro n nnnennoro kpnnroanannsa snaunrentno npoxcnnno reopnm npoekrnpon a-
nnx xopomero nounoro mn|pa. Anropt IDEA nnenn nonxrne nqqepennnanon, oomenne ocnonnon nen xa-
pakrepncrnk |931]. Onn yrnepxann, uro moxno cosanart nounte mn|pt, ycronunnte k nckptrnxm rakoro r n-
na. Pesyntrarom noonoro npoekrnponannx n xnnxercx IDEA |931]. Hosnee +ro nonxrne tno |opmannsonano n
|1181, 1182], kora Kanca Hnepr (Kaisa Nyberg) n hapc Knycen (Lars Knudsen) nokasann, kak cosanart no u-
nte mn|pt okasyemo esonacnte no ornomennm k n||epennnantnomy kpnnroanannsy. 3ra reopnx tna pa c-
mnpena na n||epennnant ntcmnx nopxkon |702, 161, 927, 858, 860] n uacrnunte n||epennnant |860]. K a-
xercx, uro n||epennnant ntcmnx nopxkon npnmennmt rontko k mn|pam c mantm uncnom +ranon, no uacrn u-
nte n||epennnant npekpacno oennxmrcx c n||epennnanamn.
hnnenntn kpnnroananns nonee, n on nce eme conepmencrnyercx. Ftnn onpeenent nonxrnx knaccn|nkannn
knmuen |1019] n neckontknx npnnnxennn |811, 812]. Eme ono pacmnpenne kpnnroanannsa moxno nanrn n
|1270]. B |938] tna npenpnnxra nontrka oennnrt n||epennnantntn n nnnenntn kpnnroananns n onom
nckptrnn. Hoka nexcno, kakax meronka npoekrnponannx cmoxer npornnocroxrt noontm nckptrnxm.
Knycen onncx nekoroporo ycnexa, paccmarpnnax nekoropte neoxonmte (no, nosmoxno, ne ocrarounte)
kpnrepnn roro, uro on nasnan npax1nuecxn esonacnmun ce1uun menc1ena - mn|pon, ycronunntx kak k n|-
|epennnantnomy, rak n k nnnennomy kpnnroanannsy |857]. Hnepr nnen nx nnnennoro kpnnroanannsa ananor
nonxrnx n||epennnanon n n||epennnantnom kpnnroanannse |1180].
ocrarouno nnrepecnon kaxercx noncrnennocrt n||epennnantnoro n nnnennoro kpnnroanannsa. 3ra no n-
crnennocrt cranonnrcx ouennnon kak npn paspaorke meronkn cosannx xopomnx n||epennnantntx xapakr e-
pncrnk n nnnenntx npnnnxennn |164, 1018], rak n npn paspaorke kpnrepnx npoekrnponannx, oecneunnammero
ycronunnocrt anropnrmon k oonm rnnam nckptrnx |307]. Hoka rouno nensnecrno, kya saneer +ro nanpannenne
nccneonannn. nx nauana +nmen paspaoran crparernm npoekrnponannx anropnrma, ocnonannym na n||epe n-
nnantnom n nnnennom kpnnroanannse |402].
Hpoermupoeauue S-uoroe
Cnna ontmnncrna ceren uencrena - n ocoenno nx ycronunnocrt k n||epennnantnomy n nnnennomy kpn n-
roanannsy - nenocpecrnenno cnxsana c nx S-nokamn. 3ro xnnnoct npnunnon noroka nccneonannn, uro xe op a-
syer xopomnn S-nok.
S-nok - +ro npocro nocranonka: oropaxenne m-nrontx nxoon na n-nronte ntxot. Panee x ynomnnan o
onon ontmon rannne oropaxennx 64-nrontx nxoon na 64-nronte ntxot, rakax rannna npecrannxna t
coon S-nok pasmepom 64*64 nra. S-nok c m-nrontm nxoom n n-nrontm ntxoom nastnaercx m*n-
n1onmu S-noxou. S-nokn otuno xnnxmrcx enncrnenntm nennnenntm encrnnem n anropnrme, nmenno onn
oecneunnamr esonacnocrt nounoro mn|pa. B omem cnyuae uem S-nokn ontme, rem nyume.
B DES nocemt pasnnuntx 6*4-nrontx S-nokon. B Khufu n Khafre enncrnenntn 8*32-nrontn S-nok, n
LOKI 12*8-nrontn S-nok, a n Blowfish n CAST 8*32-nronte S-nokn. B IDEA S-nokom no cyrn xnnxercx
ymnoxenne no moynm, +ro 16*16-nrontn S-nok. uem ontme S-nok, rem rpynee onapyxnrt crarncrnueckne
orknonennx, nyxnte nx nckptrnx c ncnontsonannem nno n||epennnantnoro, nno nnnennoro kpnnroanannsa
|653, 729, 1626]. Kpome roro, xorx cnyuannte S-nokn otuno ne onrnmantnt c roukn spennx ycronunnocrn k
n||epennnantnomy n nnnennomy kpnnroanannsy, cnntnte S-nokn nerue nanrn cpen S-nokon ontmero pa s-
mepa. Fontmnncrno cnyuanntx S-nokon nennnennt, nentpoxent n onaamr cnntnon ycronunnocrtm k nnne n-
nomy kpnnroanannsy - n c ymentmennem uncna nxontx nron +ra onx cnnxaercx menenno |1185, 1186, 1187].
Pasmep m naxnee pasmepa n. Vnennuenne pasmepa n cnnxaer +||ekrnnnocrt n||epennnantnoro kpnnroan a-
nnsa, no snaunrentno nontmaer +||ekrnnnocrt n||epennnantnoro kpnnroanannsa. encrnnrentno, ecnn
n2
m
-m, ro nanepnxka cymecrnyer nnnennax sanncnmocrt nx nxontx n ntxontx nron S-noka. H ecnn n2
m
,
ro nnnennax sanncnmocrt cymecrnyer rontko nx ntxontx nron |164].
3amernon uacrtm paort no npoekrnponannm S-nokon xnnxercx nsyuenne nornuecxnx qynxnnn |94, 1098,
1262, 1408]. nx oecneuennx esonacnocrn ynent |ynknnn, ncnontsyemte n S-nokax, onxnt orneuart onp e-
enenntm ycnonnxm. Onn ne onxnt trt nn nnnenntmn, nn a||nnntmn, nn axe trt nnsknmn k nnnenntm
nnn a||nnntm |9, 1177, 1178, 1188]. Konnuecrno nynen n ennnn onxno trt canancnponanntm, n ne onxno
trt nnkaknx koppenxnnn mexy pasnnuntmn komnnannxmn nron. Hpn nsmenennn na npornnononoxntn n m-
oro nxonoro nra ntxonte nrt onxnt necrn cex nesanncnmo. 3rn kpnrepnn npoekrnponannx rakxe cnxs a-
nt c nsyuennem qynxnnn nsrna: |ynknnn, koropte, kak moxer trt nokasano, xnnxmrcx onrnmantno nennne n-
ntmn. Xorx onn onpeenent npocro n ecrecrnenno, nx nsyuenne ouent nenerko |1344, 1216, 947, 905, 1176, 1271,
295, 296, 297, 149, 349, 471, 298].
Ouent naxntm cnoncrnom npecrannxercx nannnntn +||ekr: ckontko ntxontx nron S-noka nsmenxercx
npn nsmenennn nekoroporo nomnoxecrna ntxontx nron. Herpyno saart nx ynentx |ynknnn ycnonnx, n t-
nonnenne koroptx oecneunnaer onpeenenntn nannnntn +||ekr, no npoekrnponanne raknx |ynknnn xnnxercx
onee cnoxnon saauen. C1pornn nannnnmn xpn1epnn (strict avalanche criteria, SAC) oecneunnaer, uro c nsme-
nennem onoro nxonoro nra nsmenxercx ponno nononnna ntxontx nron |1586]. Cm. rakxe |982, 571, 1262,
399]. B onon ns paor +rn kpnrepnn paccmarpnnamrcx n repmnnax yreukn nn|opmannn |1640].
Heckontko ner nasa kpnnrorpa|t npenoxnnn ntnpart S-nokn rak, urot rannna pacnpeenennx pasn n-
unn nx kaxoro S-noka tna onoponon. 3ro oecneunno t ycronunnocrt k n||epennnantnomy kpnnroan a-
nnsy sa cuer crnaxnnannx n||epennnanon na nmom orentnom +rane |6, 443, 444, 1177]. Hpnmepom rakoro
npoekrnponannx xnnxercx LOKI. Onako rakon noxo nnora cnococrnyer n||epennnantnomy kpnnroanannsy
|172]. encrnnrentno, nyumnm noxoom xnnxercx mnnnmnsnponanne makcnmantnoro n||epennnana. Knanxo
Knm (Kwangjo Kim) ntnnnyn nxrt kpnrepnen npoekrnponannx S-nokon |834], noxoxnx na kpnrepnn npoekrnp o-
nannx S-nokon DES.
Btop xopomnx S-nokon - ne npocrax saaua, cymecrnyer mnoxecrno pasnnuntx nen, kak nyume cenart
+ro. Moxno ntennrt uertpe rnanntx noxoa.
1. Cnyuanno ntpart. cno, uro neontmne cnyuannte S-nokn neesonacnt, no ontmne cnyuannte
S-nokn moryr okasartcx ocrarouno xopomn. Cnyuannte S-nokn c nocemtm n onee nxoamn ocr a-
rouno cnntnt |1186, 1187]. Eme nyume 12-nronte S-nokn. Vcronunnocrt S-nokon nospacraer, ecnn
onn ononpemenno xnnxmrcx n cnyuanntmn, n sanncxmnmn or knmua. B IDEA ncnontsymrcx ontmne
sanncxmne or knmua S-nokn.
2. Btpart n nponepnrt. B nekoroptx mn|pax cnoncrna S-nokon, renepnponanntx cnyuanntm opasom,
nponepxmrcx. Hpnmept rakoro noxoa coepxarcx n |9, 729].
3. Paspaorart npyunym. Hpn +rom maremarnuecknn annapar ncnontsyercx kpanne nesnaunrentno: S-nokn
cosamrcx c ncnontsonannem nnrynrnnntx npnemon. Fapr Hpenen (Bart Preneel) saxnnn, uro "... reop e-
rnueckn nnrepecnte kpnrepnn neocrarount |nx ntopa ynentx |ynknnn S-nokon] ...", n uro "... n e-
oxonmt cnennantnte kpnrepnn npoekrnponannx" |1262].
4. Paspaorart maremarnueckn. S-nokn cosamrcx n coornercrnnn c maremarnuecknmn sakonamn, no+romy
onn onaamr rapanrnponannon naexnocrtm no ornomennm k n||epennnantnomy n nnnennomy
kpnnroanannsy, a rakxe xopomnmn n||ysntmn cnoncrnamn. Hpekpacntn npnmep rakoro noxoa
moxno nanrn n |1179].
Cymecrnyer px npnstnon oennnrt "maremarnuecknn" n "pyunon" noxot |1334], no peantno, no nn n-
momy, konkypnpymr cnyuanno ntpannte S-nokn n S-nokn c onpeenenntmn cnoncrnamn. Koneuno npenmym e-
crnom nocnenero noxoa xnnxercx onrnmnsannx npornn nsnecrntx meroon nckptrnx - n||epennnantnoro n
nnnennoro kpnnroanannsa - no oecneunnaemax +rnm noxoom crenent samnrt or nensnecrntx meroon nckp t-
rnx rakxe nensnecrna. Paspaorunkam DES tno nsnecrno o n||epennnantnom kpnnroanannse, n ero S-nokn
tnn onrnmnsnponant coornercrnymmnm opasom. Ckopee ncero, o nnnennom kpnnroanannse onn ne snann, n S-
nokn DES ouent cnat no ornomennm k rakomy cnocoy nckptrnx |1018]. Cnyuanno ntpannte S-nokn n DES
tnn t cnaee npornn n||epennnantnoro kpnnroanannsa, no cnntnee npornn nnnennoro kpnnroanannsa.
C pyron cropont cnyuannte S-nokn moryr ne trt onrnmantntmn no ornomennm k anntm cnocoam
nckptrnx, no onn moryr trt ocrarouno ontmnmn n, cneonarentno, ocrarouno naexntmn. Kpome roro, onn,
ckopee ncero, yyr ocrarouno ycronunnt n npornn nensnecrntx cnocoon nckptrnx. Cnop nce eme knnnr, no
nnuno mne kaxercx, uro S-nokn onxnt trt raknmn ontmnmn, nackontko +ro nosmoxno, cnyuanntmn n san n-
cert or knmua.
Hpoermupoeauue uouuoeo uuqpa
Hpoekrnponart nountn mn|p nerpyno. Ecnn nt paccmarpnnaer 64-nrontn nountn mn|p kak nepecrano n-
ky 64-nrontx uncen, xcno, uro nourn nce +rn nepecranonkn esonacnt. Tpynocrt cocronr n npoekrnponannn
nounoro mn|pa, koroptn ne rontko esonacen, no rakxe moxer trt nerko onncan n npocro peannsonan.
herko moxno cnpoekrnponart nountn mn|p, ecnn nt ncnontsyere namxrt, ocrarounym nx pasmemennx S-
nokon 48*32. Tpyno cnpoekrnponart neesonacntn napnanr DES, ecnn nt conpaerect ncnontsonart n nem 128
+ranon. Hpn nnne knmua 512 nron ne cronr ecnokonrtcx o rom, ner nn kakon-nno sanncxmen or knmua ko m-
nnnmenrapnocrn.
14.11 Hcnonusonanne opnonanpannennmx xam-qynkun
Ctmtm npocrtm cnocoom ncnontsonart nx mn|ponannx ononanpannennym x+m-|ynknnm xnnxercx x+m n-
ponanne npetymero noka mn|porekcra, oennennoro c knmuom, a sarem ntnonnenne XOR pesyntrara c r e-
kymnm nokom orkptroro rekcra:
C
i
P
i
H(K, C
i-1
)
P
i
C
i
H(K, P
i-1
)
Vcranonnre nnny noka pannon nnne pesyntrara ononanpannennon x+m-|ynknnn. Ho cyrn +ro npnnonr k
ncnontsonannm ononanpannennon x+m-|ynknnn kak nounoro mn|pa n pexnme CEB. Hpn nomomn ananornunon
koncrpyknnn moxno ncnontsonart ononanpannennym x+m-|ynknnm n n pexnme OEB:
C
i
P
i
S
i
; S
i
H(K, C
i-1
)
P
i
C
i
S
i
H(K, C
i-1
)
Haexnocrt rakon cxemt onpeenxercx esonacnocrtm ononanpannennon x+m-|ynknnn.
Karn
3ror mero, nsoperenntn unnom Kapnom (Phil Karn) n orkptrtn nm nx cnoonoro ncnontsonannx, cosaer
oparnmtn anropnrm mn|ponannx ns onpeenenntx ononanpannenntx x+m-|ynknnn.
Anropnrm paoraer c 32-anrontmn nokamn orkptroro rekcra n mn|porekcra. nnna knmua moxer trt
nponsnontnon, xorx onpeenennte nnt knmuen onee +||ekrnnnt nx konkperntx ononanpannenntx x+m-
|ynknnn. nx ononanpannenntx x+m-|ynknnn MD4 n MD5 nyume ncero noxoxr 96-anronte knmun.
nx mn|ponannx cnauana pasenre orkptrtn rekcr na ne 16-anrontx nononnnt: P
l
n P
r
. 3arem pasenre na
ne 48-anrontx nononnnt knmu: K
l
n K
r
.
P P
l
, P
r
,
K K
l
, K
r
oantre K
l
k P
l
n ntnonnnre x+mnponanne ononanpannennon x+m-|ynknnen, sarem ntnonnnre XOR pesyn t-
rara c P
r
, nonyuax C
r
, npanym nononnny mn|porekcra. 3arem, oantre K
r
k C
r
ntnonnnre x+mnponanne onona-
npannennon x+m-|ynknnen. Btnonnnre XOR pesyntrara c P
l
, nonyuax C
l
. Hakonen, oennnre C
r
n C
l
, nonyuax
mn|porekcr.
C
r
P
r
H(P
l
, K
l
)
C
l
P
l
H(C
r
, K
r
)
C C
l
, C
r
nx emn|pnponannx npocro nnneprnpynre nponecc. oantre K
r
k Cr, ntnonnnre x+mnponanne n XOR pe-
syntrara c C
l
, nonyuax P
l
. oantre K
l
k P
l
, ntnonnnre x+mnponanne n XOR pesyntrara c C
r
, nonyuax P
r
.
2
l
C
l
H(C
r
, K
r
)
P
r
C
r
H(P
l
, K
l
)
P P
l
, P
r
Omax crpykrypa Karn connaaer c crpykrypon mnoxecrna pyrnx nountx anropnrmon, paccmorpenntx n
+rom pasene. V anropnrma rontko na +rana, rak kak ero cnoxnocrt onpeenxercx ononanpannennon x+m-
|ynknnen. A, rak kak knmu ncnontsyercx rontko kak nxo x+m-|ynknnn, on ne moxer trt packptr axe npn
nomomn nckptrnx c ntpanntm orkptrtm rekcrom, ecnn, koneuno, esonacna ncnontsyemax ononanpannennax
x+m-|ynknnx.
Luby-Rackoff
Mankn hmt (Michael Luby) n uapnts Pako|| (Charles Rackoff) nokasann, uro Karn ne xnnxercx esonacntm
|992]. Paccmorpnm na ononountx coomennx: AB n AC. Ecnn kpnnroanannrnky nsnecrnt orkptrtn rekcr n
mn|porekcr nepnoro coomennx, a rakxe nepnax nononnna orkptroro rekcra nroporo coomennx, ro on moxer
nerko ntuncnnrt nce nropoe coomenne. Xorx rakoe nckptrne c nsnecrntm orkptrtm rekcrom paoraer rontko
npn onpeenenntx ycnonnxx, ono npecrannxer coon rnannym nponemy n esonacnocrn anropnrma.
Ee yaercx nsexart npn nomomn rpex+rannoro anropnrma mn|ponannx |992,1643,1644]. On ncnontsyer rpn
pasnnuntx x+m-|ynknnn: H
1
, H
2
n H
3
. antnenmne nccneonannx nokasann, uro H
1
moxer connaart c H
2
, nnn H
2
moxer connaart c H
3
, no ne ononpemenno |1193]. Kpome roro, H
1
, H
2
n H
3
ne moryr trt ocnonant na nrepann-
xx onon n ron xe asonon |ynknnn |1643]. B nmom cnyuae npn ycnonnn, uro H(k,x) neer cex kak ncenocny-
uannax |ynknnx, rpex+rannax nepcnx ntrnxnr cneymmnm opasom:
(1) Pasennre knmu na ne nononnnt: K
l
n K
r
.
(2) Pasennre nok orkptroro rekcra na ne nononnnt: L
0
n R
0
.
(3) Oennnre K
l
n L
0
n ntnonnnre x+mnponanne. Btnonnnre XOR pesyntrara x+mnponannx c R
0
, nonyuax R
1
:
R
1
R
0
H(K
l
, L
0
)
(4) Oennnre K
r
n R
1
n ntnonnnre x+mnponanne. Btnonnnre XOR pesyntrara x+mnponannx c L
0
, nonyuax L
1
L
1
L
0
H(K
r
, R
1
)
(5) Oennnre K
l
n L
1
n ntnonnnre x+mnponanne. Btnonnnre XOR pesyntrara x+mnponannx c R
1
, nonyuax R
2
:
R
2
R
1
H(K
l
, L
1
)
(6) Oennnre L
1
n R
2
, nonyuax coomenne.
Huqp rpamroeo coepxauua cooueuua
Bn|p kparkoro coepxannx coomennx(Message Digest Cipher, M DC), nsoperenntn Hnrepom Iyrmannom
(Peter Cutmann) |676], npecrannxer coon cnoco npenparnrt ononanpannennte x+m-|ynknnn n nountn mn|p,
paorammnn n pexnme CEB. Bn|p paoraer nourn rakxe tcrpo, kak n x+m-|ynknnx, n no kpannen mepe n a-
crontko xe esonacen. Ocranmaxcx uacrt +roro pasena npenonar aer snakomcrno c rnanon 18.
X+m |ynknnn, nanpnmep MD5 n SHA, ncnontsymr 512-nrontn rekcrontn nok nx npeopasonannx nxon o-
ro snauennx (128 nron n MD5, n 160 nron n SHA) n pesyntrar roro xe pasmepa. 3ro npeopasonanne neopar n-
mo, no npekpacno noxonr nx pexnma CEB: n nx mn|ponannx, n nx emn|pnponannx ncnontsyercx ona n ra
xe onepannx.
Paccmorpnm MDC c SHA. MDC ncnontsyer 160-nrontn nok n 512-nrontn knmu. Hcnontsyercx noountn
+||ekr x+m-|ynknnn, kora n kauecrne npexnero x+m-snauennx epercx nxonon nok orkptroro rekcra (160 n-
ron), a 512-nrontn nxo x+m-|ynknnn nrpaer pont knmua (cm. Pnc 14.5). Otuno npn ncnontsonannn x+m-
|ynknnn nx x+mnponannx nekoroporo nxoa 512-nrontn nxo menxercx npn x+mnponannn kaxoro nonoro 512-
nronoro noka. Ho n annom cnyuae 512-nrontn nxo cranonnrcx nensmenxemtm knmuom.
MDC moxno ncnontsonart c nmon ononanpannennon x+m-|ynknnen: MD4, MD5, Snefru, n r.. On nesan a-
renronan n moxer trt conepmenno ecnnarno ncnontsonan kem yrono kora yrono n nx uero yrono |676 ].
Onako nnuno x ne nepm n +ry cxemy. Moxno noopart rakon cnoco nsnoma, na npornnocroxnne koropomy
x+m-|ynknnx ne tna paccunrana. X+m-|ynknnn ne oxsant npornnocroxrt nckptrnm c ntpanntm orkptrtm
rekcrom, kora kpnnroanannrnk ntnpaer nekoropte nauantnte 160-nronte snauennx, nonyuaer nx
"samn|ponanntmn" onnm n rem xe 512-nrontm "knmuom" n nontsyercx +rnm nx nonyuennx nekoropon n n-
|opmannn o ncnontsyemom 512-nronom knmue. Tak kak paspaorunkn x+m-|ynknnn ne onxnt ecnokonrtcx o
rakon nosmoxnocrn, cunrart nam mn|p esonacntm no ornomennm k npnneennomy cnocoy nckptrnx - ne ny u-
max nex.
Besonacuocmo uuqpoe, ocuoeauumx ua ououanpaeueuumx x+u-qyuruuax
Xorx +rn koncrpyknnn n moryr trt esonacntmn, onn sanncxr or ncnontsyemon ononanpannennon x+m-
|ynknnn. Xopomax ononanpannennax x+m-|ynknnx ne oxsarentno aer esonacntn anropnrm mn|ponannx.
Cymecrnymr pasnnunte kpnnrorpa|nueckne rpeonannx. Hanpnmep, nnnenntn kpnnroananns ecnonesen npornn
ononanpannenntx x+m-|ynknnxx, no encrnenen npornn anropnrmon mn|ponannx. Ononanpannennax x+m-
|ynknnx, rakax kak SHA, moxer onaart onpeenenntmn nnnenntmn xapakrepncrnkamn, koropte, ne nnnxx na
ee esonacnocrt kak ononanpannennon x+m-|ynknnn, moryr cenart neesonacntm ee ncnontsonanne n rakom
anropnrme mn|ponannx, kak MDC. Mne nensnecrno nn o kaknx pesyntrarax kpnnroanannsa ncnontsonannx ko n-
kpernon ononanpannennon x+m-|ynknnn n kauecrne nounoro mn|pa. Hpexe uem ncnontsonart nx oxnrect
nponeennx noonoro anannsa.
OfkpLfL
fekcf
BLxopuoe
suaeuue
(a)
Xsm-qyukun
(b)
Xsm-qyukun kak nouL muqp e peure
CFB
Luqpofekcf
BLxopuoe
suaeuue
Enok
cooeuun
Xsm-
qyukun
Knk
Xsm-
qyukun
Pnc. 14-5. Hnqp xpa1xoro coepaannu coomennu (MDC).
14.12 Bmop nounoro anropn1ua
3ro ouent rpynoe pemenne. DES nourn nanepnxka neesonacen npn ncnontsonannn npornn npannrentcrn n e-
nnknx epxan, ecnn rontko nt ne mn|pyere onnm knmuom ouent mante nopnnn anntx. Bosmoxno +ror anr o-
pnrm noka nennox npornn koro-nnyt pyroro, no nckope n +ro nsmennrcx. Mamnnt nx nckptrnx knmua DES
rpyon cnnon ckopo cranyr no kapmany ncem oprannsannxm.
Hpenoxennte Fnxamom sanncnmte or knmua S-nokn DES yyr esonacnt n reuenne no kpannen mepe n e-
ckontknx ner, moxer trt sa ncknmuennem ncnontsonannx npornn camtx xopomo oecneuenntx npornnnnkon.
Ecnn neoxonmax esonacnocrt onxna trt oecneuena na ecxrnnernx, nnn nt onacaerect kpnnroanannrnu e-
cknx ycnnnn npannrentcrn nennknx epxan, nocnontsynrect rponntm DES c rpemx nesanncnmtmn knmuamn.
Heenonesnt n pyrne anropnrmt. Mne npannrcx Blowfish, noromy uro on tcrp, n noromy uro x ero npn y-
man. Hennoxo ntrnxnr 3-WAY, nosmoxno nce n nopxke n c IOCTom. Hponema noconeronart uro-nnyt c o-
cronr n rom, uro NSA nourn nanepnxka onaaer naopom +||ekrnnntx kpnnroanannrnuecknx npnemon, koropte
o cnx nop sacekpeuent, n x ne snam, kakne anropnrmt moryr trt nckptrt. B Tan. 14.3 nx cpannennx npnn e-
ent npemennte coornomennx nx nekoroptx anropnrmon.
Mon nmnmtn anropnrm - IDEA. Ero 128-nrontn knmu n couerannn c ycronunnocrtm k omensnecrntm
cpecrnam kpnnroanannsa - nor ncrounnkn moero rennoro n nexnoro uyncrna k +romy anropnrmy. 3ror anropnrm
anannsnponancx pasnnuntmn rpynnamn, n nnkaknx ceptesntx sameuannn ne tno onynnkonano. B orcyrcrnne
neotuanntx kpnnroanannrnuecknx npoptnon x ceronx crannm na IDEA.
Tan. 14-3.
Cxopoc1n mnqponannu nu nexo1opmx nounmx mnqpon na E4865:/33 MIn
Anropnrm Ckopocrt mn|ponannx
(Kanr/c)
Anropnrm Ckopocrt mn|ponannx
(Kanr/c)
Blowfish (12 +ranon) 182 MDC (c MD4) 186
Blowfish (16 +ranon) 135 MDC (c MD5) 135
Blowfish (20 +ranon) 110 MDC (c SHA) 23
DES 35 NewDES 233
EEAL-8 300 REDOC II 1
EEAL-16 161 REDOC III 78
EEAL-32 91 RC5-32/8 127
IOCT 53 RC5-32/12 86
IDEA 70 RC5-32/16 65
Khufu (16 +ranon) 221 RC5-32/20 52
Khufu (24 +ranon) 153 SAEER (6 +ranon) 81
Khufu (32 +ranon) 115 SAEER (8 +ranon) 61
Luby-Rackoff (c MD4) 47 SAEER (10 +ranon) 49
Luby-Rackoff (c MD5) 34 SAEER (12 +ranon) 41
Luby-Rackoff (c SHA) 11 3-Way 25
Lucifer 52 Tponnon DES 12
Fnana 15
O+epnnenne nounmx mnqpon
Cymecrnyer mnoxecrno cnocoon oennxrt nounte anropnrmt nx nonyuennx nontx anropnrmon. Crnmy-
nom cosanart noonte cxemt xnnxercx xenanne nontcnrt esonacnocrt, ne nponpaxct uepes repnnn cosannx
nonoro anropnrma. DES xnnxercx esonacntm anropnrmom, on noneprancx kpnnroanannsy optx 20 ner n, rem
ne menee, nannyumnm cnocoom nckptrnx ocraercx rpyax cnna . Onako knmu cnnmkom koporok. Pasne ne nnoxo
tno t ncnontsonart DES n kauecrne komnonenra pyroro anropnrma c onee nnnntm knmuom ? 3ro nosnonnno
t nonyunrt npenmymecrna nnnnoro knmua c rapanrnen nyx ecxrnnernn kpnnroanannsa .
Onnm ns cnocoon oennennx xnnxercx unoroxpa1noe mnqponanne - nx mn|ponannx onoro n roro xe
noka orkptroro rekcra anropnrm mn|ponannx ncnontsyercx neckontko pas c neckontknmn knmuamn . Bn|pona-
nne kackaom noxoxe na mnorokparnoe mn|ponanne, no ncnontsyer pasnnunte anropnrmt . Cymecrnymr n pyrne
merot.
Honropnoe mn|ponanne noka orkptroro rekcra onnm n rem xe knmuom c nomomtm roro xe nnn pyroro a n-
ropnrma nepasymno. Honropnoe ncnontsonanne roro xe anropnrma ne ynennunnaer cnoxnocrt nckptrnx rpyon
cnnon. (He satnanre, mt npenonaraem, uro anropnrm, nknmuax konnuecrno mn|ponannn, nsnecren kpnnroan a-
nnrnky.) Hpn pasnnuntx anropnrmax cnoxnocrt nckptrnx rpyon cnnon moxer nospacrart, a moxer n ocrartcx
nensmennon. Ecnn nt conpaerect ncnontsonart merot, onncannte n +ron rnane, yenrect, uro knmun nx n o-
cneonarentntx mn|ponannn pasnnunt n nesanncnmt.
15.1 nonoe mnqponanne
Hannntm cnocoom nontcnrt esonacnocrt anropnrma xnnxercx mn|ponanne noka naxt c nymx pasnn u-
ntmn knmuamn. Cnauana nok mn|pyercx nepntm knmuom, a sarem nonyunnmnncx mn|porekcr mn|pyercx nr o-
ptm knmuom. emn|pnponanne xnnxercx oparntm nponeccom.
C E E P
K K
=
2 1
( ( ))
P D D C
K K
=
1 2
( ( ))
Ecnn nountn anropnrm opasyer rpynny (cm. pasen 11.3), ro ncera cymecrnyer K
3
, nx koroporo
C E E P E P
K K K
= =
2 1 3
( ( )) ( )
Ecnn anropnrm ne opasyer rpynny, ro npn nomomn ncuepntnammero noncka nsnomart nonyuammnncx naxt
samn|ponanntn nok mn|porekcra namnoro cnoxnee . Bmecro 2
n
(re n - nnna knmua n nrax), norpeyercx 2
2n
nontrok. Ecnn anropnrm ncnontsyer 64-nrontn knmu, nx onapyxennx knmuen, koroptmn naxt samn|p o-
nan mn|porekcr, norpeyercx 2
128
nontrok.
Ho npn nckptrnn c nsnecrntm orkptrtm rekcrom +ro ne rak . Mepkn n Xennman |1075] npnymann cnoco o-
menxrt namxrt na npemx, koroptn nosnonxer nckptrt rakym cxemy nonnoro mn|ponannx sa 2
n1
mn|ponannn, a
ne sa 2
2n
. (Onn ncnontsonann +ry cxemy npornn DES, no pesyntrart moxno oomnrt na nce nounte
anropnrmt.) 3ro nckptrne nastnaercx "nc1peua nocepenne", c onon cropont ntnonnxercx mn|ponanne a c
pyron - emn|pnponanne, nonyunnmnecx nocepenne pesyntrart cpannnnamrcx .
B +rom nckptrnn kpnnroanannrnky nsnecrnt P
1
, C
1
, P
2
n C
2
, rakne uro
C E E P
K K 1 1
2 1
= ( ( ))
C E E P
K K 2 2
2 1
= ( ( ))
nx kaxoro nosmoxnoro K (nnn K
1
, nnn K
2
), kpnnroanannrnk paccunrtnaer E
K
(P
1
) n coxpanxer pesyntrar n
namxrn. Copan nce pesyntrart, on nx kaxoro K ntuncnxer D
K
(C
1
) n nmer n namxrn rakon xe pesyntrar. Ecnn
rakon pesyntrar onapyxen, ro nosmoxno, uro rekymnn knmu - K
2
, a knmu nx pesyntrara n namxrn - K
1
. 3arem
kpnnroanannrnk mn|pyer P
1
c nomomtm K
1
n K
2
. Ecnn on nonyuaer C
2
, ro on moxer rapanrnponart (c nepoxrno-
crtm ycnexa 1 k 2
2n-2m
, re m - pasmep noka), uro on ysnan n K
1
,
n K
2
. Ecnn +ro ne rak, on npoonxaer nonck.
Makcnmantnoe konnuecrno nontrok mn|ponannx, koropoe emy , nosmoxno, npnercx npenpnnxrt, panno 2*2
n
,
nnn 2
n1
. Ecnn nepoxrnocrt omnkn cnnmkom nennka, on moxer ncnontsonart rpernn nok mn|porekcra, oecn e-
unnax nepoxrnocrt ycnexa 1 k 2
2n-3m
. Cymecrnymr n pyrne cnocot onrnmnsannn |912].
nx rakoro nckptrnx nyxen ontmon oem namxrn: 2
n
nokon. nx 56-nronoro knmua nyxno xpannrt 2
56
64-
nrontx nokon, nnn 10
17
anron. Takon oem namxrn noka eme rpyno cee npecrannrt, no +roro xnaraer, ur o-
t yenrt camtx napanonantntx kpnnrorpa|on n rom, uro nonntm mn|ponannem nontsonartcx ne cronr .
Hpn 128-nronom knmue nx xpanennx npomexyrountx pesyntraron norpeyercx 10
39
anron. Ecnn npenono-
xnrt, uro ecrt cnoco xpannrt nr nn|opmannn, ncnontsyx enncrnenntn arom anmmnnnx , ycrponcrno namxrn,
nyxnoe nx ntnonnennx rakoro nckptrnx, yer npecrannxrt coon anmmnnnentn ky c pepom, nnnon 1 km .
Kpome roro, nam nonaonrcx kya-ro ero nocrannrt ! Bckptrne "ncrpeua nocepenne" kaxercx nenosmoxntm nx
knmuen rakoro pasmepa.
pyrnm cnocoom nonnoro mn|ponannx, koroptn nnora nastnamr Davies-Price, xnnxercx napnanrom CBC
|435].
C E P E C
P D C E C
i K K i
i K i K i
=
=
1 2
1 2
1 1
1
( ( ))
( ) ( ))
Vrnepxaercx, uro "y +roro pexnma ner nnkaknx ocotx ocronncrn ", k romy xe on, no nnnmomy, rak xe uyn-
crnnrenen ko nckptrnm "ncrpeua nocepenne" kak n pyrne pexnmt nonnoro mn|ponannx .
15.2
1pouoe uuqpoeauue c eya rumuau
B onee nnrepecnom meroe, npenoxennom Taumenom n |1551], nok opaartnaercx rpn pasa c nomomtm
nyx knmuen: nepntm knmuom, nroptm knmuom n cnona nepntm knmuom . On npenaraer, urot ornpannrent
cnauana mn|ponan nepntm knmuom, sarem emn|pnponan nroptm, n okonuarentno mn|ponan nepntm knmuom .
Honyuarent pacmn|pontnaer nepntm knmuom, sarem mn|pyer nroptm n, nakonen, emn|pnpyer nepntm .
C E D E P
P D E D C
K K K
K K K
=
=
1 2 1
1 2 1
( ( ( )))
( ( ( )))
Hnora rakon pexnm nastnamr mnqponanne-emnqpnponanne-mnqponanne(encrypt-decrypt-encrypt, EDE)
|55]. Ecnn nountn anropnrm ncnontsyer n-nrontn knmu, ro nnna knmua onncannon cxemt cocrannxer 2n nr.
hmontrntn napnanr cxemt mn|ponanne-emn|pnponanne-mn|ponanne tn paspaoran n IBM nx conmecrn-
mocrn c cymecrnymmnmn peannsannxmn anropnrma : saanne nyx onnakontx knmuen +knnnanenrno onnapnomy
mn|ponannm. +rnm knmuom. Cxema mn|ponanne-emn|pnponanne-mn|ponanne cama no cee ne onaaer nnk a-
kon esonacnocrtm, no +ror pexnm tn ncnontsonan nx ynyumennx anropnrma DES n cranaprax X9.17 n ISO
8732 |55, 761].
K
1
n K
2
uepeymrcx nx npeornpamennx onncannoro ntme nckptrnx "ncrpeua nocepenne" . Ecnn
C E E E P
K K K
=
1 1 1
( ( ( ))) , ro kpnnroanannrnk nx nmoro nosmoxnoro K
1
moxer sapanee ntuncnnrt E E P
K K
1 1
( ( ))
n sarem ntnonnnrt nckptrne. nx +roro norpeyercx rontko 2
n2
mn|ponannn.
Tponnoe mn|ponanne c nymx knmuamn ycronunno k rakomy nckptrnm . Ho Mepkn n Xennman paspaorann
pyron cnoco pasmena namxrn na npemx, koroptn nosnonxer nsnomart +ror mero mn|ponannx sa 2
n-1
encrnnn,
ncnontsyx 2
n
nokon namxrn |1075].
nx kaxoro nosmoxnoro K
2
pacmn|pynre 0 n coxpannre pesyntrar. 3arem pacmn|pynre 0 nx kaxoro nos-
moxnoro K
1
, urot nonyunrt P. Btnonnnre rponnoe mn|ponanne P, urot nonyunrt C, n sarem pacmn|pynre C
knmuom K
1
. Ecnn nonyuennoe snauenne connaaer c snauennem (xpanxmemcx n namxrn), nonyuenntm npn emn |-
pnponannn 0 knmuom K
2
, ro napa K
1
K
2
xnnxercx nosmoxntm pesyntrarom noncka . Hponeptre, rak nn +ro. Ecnn
ner, npoonxanre nonck.
Btnonnenne +roro nckptrnx c ntpanntm orkptrtm rekcrom rpeyer orpomnoro oema namxrn . Honaonr-
cx 2
n
npemenn n namxrn, a rakxe 2
m
ntpanntx orkptrtx rekcron. Bckptrne ne ouent npakrnuno, no nce xe uyn-
crnnrentnocrt k nemy xnnxercx cnaocrtm anropnrma .
Haynt nan Oopcuor (Paul van Oorschot) n Mankn Bnnep (Michael Wiener) npeopasonann +ro nckptrne ko
nckptrnm c nsnecrntm orkptrtm rekcrom, nx koroporo nyxno p nsnecrntx orkptrtx rekcron. B npnmepe npe-
nonaraercx, uro ncnontsyercx pexnm EDE.
(1) Hpenonoxnrt nepnoe npomexyrounoe snauennx a.
(2) Hcnontsyx nsnecrntn orkptrtn rekcr, cnecrn n rannny nx kaxoro nosmoxnoro K
1
nropoe npomexyrou-
noe snauenne b, npn nepnom npomexyrounom snauennn, pannom a:
b D C
K
1
( )
re C - +ro mn|porekcr, nonyuenntn no nsnecrnomy orkptromy rekcry .
(3) nx kaxoro nosmoxnoro K
2
nanrn n rannne +nemenrt c connaammnm nroptm npomexyrountm snauenne
b.
b E a
K
2
( )
(4) Bepoxrnocrt ycnexa panno p/m, re p - uncno nsnecrntx orkptrtx rekcron, a m - pasmep noka. Ecnn conna-
ennx ne onapyxent, ntepnre pyroe a n naunnre cnauana.
Bckptrne rpeyer 2
nm
/p npemenn n p - namxrn. nx DES +ro panno 2
120
/p |1558]. nx p, ontmnx 256, +ro
nckptrne tcrpee, uem ncuepntnammnn nonck .
1pouoe uuqpoeauue c mpea rumuau
Ecnn nt conpaerect ncnontsonart rponnoe mn|ponanne , x pekomenym rpn pasnnuntx knmua. Omax nnna
knmua ontme, no xpanenne knmua otuno ne xnnxercx nponemon . Fnrt ement.
C E D E P
P D E D C
K K K
K K K
=
=
3 2 1
1 2 3
( ( ( )))
( ( ( )))
nx nannyumero nckptrnx c pasmenom namxrn na npemx, koroptm xnnxercx "ncrpeua nocepenne", norpeyercx
2
2n
encrnnn n 2
n
nokon namxrn |1075]. Tponnoe mn|ponanne c rpemx nesanncnmtmn knmuamn esonacno n a-
crontko, nackontko na nepntn nsrnx kaxercx esonacntm nonnoe mn|ponanne .
1pouoe uuqpoeauue c uuuauoum rumuo (1EMK)
Cymecrnyer esonacntn cnoco ncnontsonart rponnoe mn|ponanne c nymx knmuamn, npornnocroxmnn onncannomy
nckptrnm n nastnaemtn Tponntm mn|ponannem c mnnnmantntm knmuom (Triple Encryption with Minimum Key,
TEMK) |858]. uokyc n ron, urot nonyunrt rpn knmua ns: X
1
n X
2
.
K E D E T
K E D E T
K E D E T
X X X
X X X
X X X
1 1
2 2
3 3
1 2 1
1 2 1
1 2 1
=
=
=
( ( ( )))
( ( ( )))
( ( ( )))
T
1
, T
2
n T
3
npecrannxmr coon koncranrt, koropte neoxsarentno xpannrt n cekpere. 3ra cxema rapanrnpyer,
uro nx nmon konkpernon napt knmuen nannyumnm yer nckptrne c nsnecrntm orkptrtm rekcrom .
Pexum mpouoeo uuqpoeauua
Heocrarouno npocro onpeennrt rponnoe mn|ponanne, nyxno ntpart onn ns cnocoon ero ncnontsonannx .
Pemenne sanncnr or rpeyemtx esonacnocrn n +||ekrnnnocrn . Bor na nosmoxntx pexnma rponnoro mn|pon a-
nnx:
Bny1pennnn CBC: uann rpn pasa mn|pyercx n pexnme CBC (cm. 14tha). nx +roro nyxno rpn pasnnuntx IV.
C E S C S D T S T E P T
P T D T T S E S S C D C
i K i i i K i i i K i i
i i K i i i K i i i K i
= = =
= = =
3 2 1
1 2 3
1 1 1
1 1 1
( ); ( ); ( )
( ); ( ); ( )
C
0
, S
0
n T
0
xnnxmrcx IV.
Bnemnnn CBC: uann rpoekparno mn|pyercx n pexnme CBC (cm. 14thb). nx +roro nyxen onn IV.
C E D E P C
P C D E D C
i K K K i i
i i K K K i
=
=
3 2 1
1 2 3
1
1
( ( ( )))
( ( ( )))
E
K
1
D
K
2
E
K
3
E
K
1
D
K
2
E
K
3
E
K
1
D
K
2
E
K
3
E
K
1
D
K
2
E
K
3
E
K
1
D
K
2
E
K
3
E
K
1
D
K
2
E
K
3
(b) Buemuu CBC
(a) Buyfpeuuu CBC
Pnc. 15-1. Tponnoe mnqponanne n peanue +*+.
nx oonx pexnmon nyxno ontme pecypcon, uem nx onokparnoro mn|ponannx: ontme annaparypt nnn
ontme npemenn. Onako npn rpex mn|pymmnx mnkpocxemax nponsnonrentnocrt nnyrpennero CBC ne mentme,
uem npn onokparnom mn|ponannn. Tak kak rpn mn|ponannx CBC nesanncnmt, rpn mnkpocxemt moryr trt
sarpyxent nocroxnno, noanax cnon ntxo cee na nxo.
Hanpornn no nnemnem CBC oparnax cnxst naxonrcx cnapyxn no ornomennm k rpem mn|ponannxm . 3ro os-
nauaer, uro axe c rpemx mnkpocxemamn nponsnonrentnocrt yer panna rontko onon rpern nponsnonrentn o-
crn npn onokparnom mn|ponannn. urot nonyunrt ry xe nponsnonrentnocrt nx nnemnero CBC, norpeyercx
uepeonanne IV (cm. pasen 9.12):
C E D E P C
i K K K i i
=
3 2 1
3
( ( ( )))
B +rom cnyuae C
0
, C
-1
n C
-2
xnnxmrcx IV. 3ro ne nomoxer npn nporpammnon peannsannn, pasne rontko npn n c-
nontsonannn napannentnoro komntmrepa.
K coxanennm menee cnoxntn pexnm xnnxercx rakxe n menee esonacntm . Fnxam npoanannsnponan pasnnu-
nte pexnmt no ornomennm k n||epennnantnomy kpnnroanannsy n onapyxnn, uro esonacnocrt nnyrpennero
CBC no cpannennm c onokparntm mn|ponannem ynennunnaercx nesnaunrentno . Ecnn paccmarpnnart rponnoe
mn|ponanne kak enntn ontmon anropnrm, ro nnyrpennne oparnte cnxsn nosnonxmr nnonrt nnemnmm n n s-
necrnym nn|opmannm nnyrpt anropnrma, uro oneruaer kpnnroananns . nx n||epennnantntx nckptrnn nyxno
orpomnoe konnuecrno ntpanntx mn|porekcron, uro enaer +rn nckptrnx ne cnnmkom npakrnuntmn, no +rnx
pesyntraron onxno xnarnrt, urot nacropoxnrt napanonantntx nontsonarenen . Ananns ycronunnocrn anro-
pnrmon k nckptrnxm rpyon cnnon n "ncrpeuen nocepenne" nokasan, uro oa napnanra onnakono esonacnt
|806].
Kpome +rnx cymecrnymr n pyrne pexnmt. Moxno samn|ponart |ann onn pas n pexnme ECB, sarem naxt
n CBC, nnn onn pas n CBC, onn n ECB n eme pas n CBC, nnn naxt n CBC n onn pas n ECB. Fnxam nokasan,
uro +rn napnanrt ne esonacnee, uem onokparntn DES, npornn nckptrnx n||epennnantntm kpnnroanannsom c
ntpanntm orkptrtm rekcrom |162]. On ne ocrannn ontmnx naex n nx pyrnx napnanron . Ecnn nt conpae-
rect npnmenxrt rponnoe mn|ponanne, ncnontsynre nnemnmm oparnym cnxst .
Bapuaumm mpouoeo uuqpoeauua
Hpexe, uem noxnnnnct okasarentcrna roro, uro DES ne opasyer rpynny, nx mnorokparnoro mn|ponannx
npenarannct pasnnunte cxemt. Onnm ns cnocoon oecneunrt ro, uro rponnoe mn|ponanne ne ntponrcx n
onokparnoe, tno nsmenenne +||ekrnnnon nnt noka . Hpocrtm meroom xnnxercx oannenne nra-
sanonnnrenx. Mexy nepntm n nroptm, a rakxe mexy nroptm n rpertnm mn|ponannxmn rekcr ononnxercx
crpokon cnyuanntx nron (cm. Pnc. 15.2). Ecnn PP - +ro |ynknnx ononnennx, ro:
C E PP E PP E P
K K K
=
3 2 1
( ( ( ( ( )))))
3ro ononnenne ne rontko paspymaer manont, no rakxe oecneunnaer nepekptrne nokon mn|ponannx, kak
knpnnuen n crene. K nnne coomennx oannxercx rontko onn nok .
OfkpLfL fekcf
Luqpoeauue
....
....
8ano
nuuf
enu
....
8ano
nuuf
enu
Luqpofekcf ....
Luqpoeauue
Luqpoeauue
Pnc. 15-2. Tponnoe mnqponanne c sanonnenneu.
pyron mero, npenoxenntn Kapnom 3nnnconom ( Carl Ellison), ncnontsyer nekoropym |ynknnm nesanncn-
mon or knmua nepecranonkn mexy rpemx mn|ponannxmn . Hepecranonka onxna paorart c ontmnmn nokamn -
8 Kanr nnn okono +roro, uro enaer +||ekrnnntn pasmep oka nx +roro napnanra panntm 8 Kanram . Hpn yc-
nonnn, uro nepecranonka ntnonnxercx tcrpo, +ror napnanr nenamnoro menennee, uem asonoe rponnoe mn|p o-
nanne.
C E T E T E P
K K K
=
3 2 1
( ( ( ( ( )))))
T conpaer nxonte nokn (o 8 Kanr n nnny) n ncnontsyer reneparop ncenocnyuanntx uncen nx nx nep e-
memnnannx. Hsmenenne onoro nra nxoa npnnonr k nsmenennm 8 anron pesyntrara nepnoro mn|ponannx, k
nsmenennm o 64 anron pesyntrara nroporo mn|ponannx n k nsmenennm o 512 anron pesyntrara rpertero
mn|ponannx. Ecnn kaxtn nountn anropnrm paoraer n pexnme CBC, kak tno nepnonauantno npenoxeno, ro
nsmenenne ennnunoro nra nxoa ckopee ncero npnneer k nsmenennm ncero 8-knnoanronoro noka, axe ecnn
+ror nok ne xnnxercx nepntm.
Camtn nocnennn napnanr +ron cxemt orneuaer na nckptrne nnyrpennero CBC, ntnonnennoe Fnxamom, o-
annennem nponeypt orennnannx, urot samacknponart crpykrypy orkptrtx rekcron . 3ra nponeypa npecran-
nxer coon norokonym onepannm XOR c kpnnrorpa|nueckn esonacntm reneparopom ncenocnyuanntx uncen n
nnxe oosnauena kak R. T memaer kpnnroanannrnky onpeennrt a priori, kakon knmu ncnontsyercx nx mn|pona-
nnx nmoro saannoro anra nxoa nocnenero mn|ponannx . Bropoe mn|ponanne oosnaueno nE (mn|ponanne c
nnknnuecknm ncnontsonannem n pasnnuntx knmuen):
C E R T nE T E P
K K K
=
3 2 1
( ( ( ( ( ( ))))))
Bce mn|ponannx ntnonnxmrcx n pexnme ECB, ncnontsyercx ne mentme n2 knmuen mn|ponannx n kpnnro-
rpa|nueckn esonacntn reneparop ncenocnyuanntx uncen .
3ra cxema tna npenoxena nx ncnontsonannx nmecre c DES, no ona paoraer c nmtm nountm anropnr-
mom. Pesyntrart kpnnroanannsa rakon cxemt mne nensnecrnt.
15.3 Ypnoenne pnnnm noka
B akaemnueckom coomecrne anno cnopxr na remy, ocrarouna nn 64-nronax nnna noka . C onon cropont
64-nrontn nok oecneunnaer n||ysnm orkptroro rekcra rontko n 8 anrax mn|porekcra . C pyron cropont
onee nnnntn nok sarpynxer esonacnym macknponky crpykrypt, kpome roro, ontme nosmoxnocren omnnr t-
cx.
Cymecrnymr npenoxennx ynannart nnny noka anropnrma c nomomtm mnorokparnoro mn|ponannx |299].
Hpexe, uem peannsontnart ono ns nnx, onennre nosmoxnocrt nckptrnx "ncrpeua nocepenne" . Cxema Pnuapa
Ayrpnxa (Richard Outerbridge) |300], nokasannax na 12-n, ne onee esonacna, uem rponnoe mn|ponanne c o n-
napntm nokom n nymx knmuamn |859].
Hpaean
nono-
euua
Heean
nono-
euua
Luqpofekcf
OfkpLfL fekcf
E
K
1
E
K
2
E
K
1
Hpaean
nono-
euua
Heean
nono-
euua
Hpaean
nono-
euua
Heean
nono-
euua
E
K
1
E
K
2
E
K
1
Hpaean
nono-
euua
Heean
nono-
euua
Pnc. 15-3. Ynoenne nnnm noxa.
Onako x ne pekomenym ncnontsonart noontn npnem. On ne tcrpee otunoro rponnoro mn|ponannx : nx
mn|ponannx nyx nokon anntx nce rakxe nyxno mecrt mn|ponannn . Xapakrepncrnkn otunoro rponnoro
mn|ponannx nsnecrnt, a sa nontmn koncrpyknnxmn uacro npxuyrcx nonte nponemt .
15.4 pyrne cxeum unorokpa1noro mnqponannn
Hponemon rponnoro mn|ponannx c nymx knmuamn xnnxercx ro, uro nx ynennuennx nnoe npocrpancrna
knmuen nyxno ntnonnxrt rpn mn|ponannx kaxoro noka orkptroro rekcra . Pasne ne sopono tno t nanrn
kakon-nnyt xnrptn cnoco oennnrt na mn|ponannx, koropte ynonnn t npocrpancrno knmuen ?
eouo OFB/cuemuur
3ror mero ncnontsyer nountn anropnrm nx renepannn nyx norokon knmuen, koropte ncnontsymrcx nx
mn|ponannx orkptroro rekcra.
S E S I I I
T E T I I I
C P S T
i K i
i K i
i i i i
= = +
= = +
=
1
2
1 1 1 1
1 2 2 2
1
1
( );
( );
S
i
n T
i
- nnyrpennne nepemennte, a I1 n I2 - cuerunkn. ne konnn nounoro anropnrma paoramr n nekoropom rnpnnom
pexnme OEB/cuerunk, a orkptrtn rekcr, S
i
n T
i
oennxmrcx c nomomtm XOR. Knmun K1 n K2 nesanncnmt. Pesyntrart
kpnnroanannsa +roro napnanra mne nensnecrnt.
ECB + OFB
3ror mero tn paspaoran nx mn|ponannx neckontknx coomennn |nkcnponannon nnnt, nanpnmep, n o-
kon ncka |186, 188]. Hcnontsymrcx na knmua: K1 n K2. Cnauana nx renepannn mackn nx noka nyxnon nnnt
ncnontsyercx ntpanntn anropnrm n knmu. 3ra macka yer ncnontsonana nonropno nx mn|ponannx coomennn
remn xe knmuamn. 3arem ntnonnxercx XOR orkptroro rekcra coomennx n mackn. Hakonen pesyntrar XOR mn|-
pyercx c nomomtm ntpannoro anropnrma n knmua K2 n pexnme ECB.
Ananns +roro meroa npononncx rontko n ron paore, n koropon on n tn onynnkonan . Honxrno, uro on ne
cnaee onnapnoro mn|ponannx ECB n nosmoxno rakxe cnnen, kak n nonnoe npnmenenne anropnrma . Bepoxrno,
kpnnroanannrnk moxer ntnonnxrt nonck knmuen nesanncnmo, ecnn on nonyunr neckontko orkptrtx rekcron |a n-
non, samn|ponanntx onnm knmuom.
urot sarpynnrt ananns nenrnuntx nokon n onnx n rex xe mecrax pasnnuntx coomennn, moxno ncnon t-
sonart IV. B ornnunn or ncnontsonannx IV n pyrnx pexnmax n annom cnyuae nepe mn|ponannem ECB ntnon-
nxercx XOR kaxoro noka coomennx c IV.
M+rr Fn+ns (Matt Blaze) paspaoran +ror pexnm nx cnoen UNIX Cryptographic Eile System (CES, kpnnrorpa-
|nueckax |annonax cncrema). 3ro xopomnn pexnm, nockontky ckptrtm cocroxnnem xnnxercx rontko ono mn |-
ponanne n pexnme ECB, macka moxer trt crenepnponana rontko onn pas n coxpanena . B CES n kauecrne nou-
noro anropnrma ncnontsyercx DES.
xDES
i
B |1644, 1645] DES ncnontsyercx kak komnonenr pxa nountx anropnrmon c ynennuenntmn pasmepamn kn m-
uen n nokon. 3rn cxemt nnkak ne sanncxr or DES, n n nnx moxer ncnontsonartcx nmon nountn anropnrm.
Hepntn, xDES
1
, npecrannxer coon npocro cxemy Luby-Rackoff c nountm mn|pom n kauecrne asonon
|ynknnn (cm. pasen 14.11). Pasmep noka n na pasa ontme pasmepa noka ncnontsyemoro nounoro |nntrpa, a
pasmep knmua n rpn pasa ontme, uem y ncnontsyemoro nounoro |nntrpa . B kaxom ns 3 +ranon npanax nononn-
na mn|pyercx nountm anropnrmom n onnm ns knmuen, sarem ntnonnxercx XOR pesyntrara n nenon nononnnt,
n nononnnt nepecrannxmrcx.
3ro tcrpee, uem otunoe rponnoe mn|ponanne , rak kak rpemx mn|ponannxmn mn|pyercx nok, nnna kor o-
poro n na pasa ontme nnnt noka ncnontsyemoro nounoro anropnrma . Ho npn +rom cymecrnyer npocroe
nckptrne "ncrpeua nocepenne", koropoe nosnonxer nanrn knmu c nomomtm rannnt pasmepom 2
k
, re k - +ro
pasmep knmua nounoro anropnrma. Hpanax nononnna noka orkptroro rekcra mn|pyercx c nomomtm ncex no s-
moxntx snauennn K
1
, ntnonnxercx XOR c nenon nononnnon orkptroro rekcra n nonyuennte snauennx coxpan x-
mrcx n rannne. 3arem npanax nononnna mn|porekcra mn|pyercx c nomomtm ncex nosmoxntx snauennn K
3
, n
ntnonnxercx nonck connaennn n rannne. Hpn connaennn napa knmuen K
1
n K
3
- nosmoxntn napnanr npanoro
knmua. Hocne neckontknx nonropennn nckptrnx ocranercx rontko onn kannar. Taknm opasom, xDES
1
ne xn-
nxercx neantntm pemennem. axe xyxe, cymecrnyer nckptrne c ntpanntm orkptrtm rekcrom, okastnammee,
uro xDES
1
ne namnoro cnntnee ncnontsyemoro n nem nounoro anropnrma |858].
B xDES
2
+ra nex pacmnpxercx o 5-+rannoro anropnrma, pasmep noka koroporo n 4 pasa, a pasmep knmua n 10
pas npentmamr pasmept noka n knmua ncnontsyemoro nounoro mn|pa . Ha 11th nokasan onn +ran xDES
2
, kax-
tn ns uertpex nonokon no pasmepy panen noky ncnontsyemoro nounoro mn|pa, a nce 10 knmuen
nesanncnmt.
E
K
1
E
K
2
Pnc. 15-4. Onn +1an xDES
2
.
K romy xe, +ra cxema tcrpee, uem rponnoe mn|ponanne : nx mn|ponannx noka, koroptn n uertpe pasa
ontme noka ncnontsyemoro nounoro mn|pa, nyxno 10 mn|ponannn . Onako +ror mero uyncrnnrenen k n|-
|epennnantnomy kpnnroanannsy |858] n ncnontsonart ero ne cronr. Takax cxema ocraercx uyncrnnrentnon k n|-
|epennnantnomy kpnnroanannsy, axe ecnn ncnontsyercx DES c nesanncnmtmn knmuamn +ranon.
nx i 3 xDES
i
nepoxrno cnnmkom nennk, urot ncnontsonart ero n kauecrne nounoro anropnrma . Hanpnmep,
pasmep noka nx xDES
3
n 6 pas ontme, uem y nexamero n ocnone nounoro mn|pa, knmu n 21 pas nnnnee, a nx
mn|ponannx noka, koroptn n 6 pas nnnnee noka nexamero n ocnone nounoro mn|pa, nyxno 21 mn|ponanne .
3ro menennee, uem rponnoe mn|ponanne.
Hamurpamuoe uuqpoeauue
Ecnn rponnoe mn|ponanne neocrarouno esonacno - moxer trt, nam nyxno mn|ponart knmun rponnoro
mn|ponannx, ncnontsyx eme onee cnntntn anropnrm - ro kparnocrt mn|ponannx moxno ynennunrt . Ouent yc-
ronunno k nckptrnm "ncrpeua nocepenne" nxrnkparnoe mn|ponanne . (Aprymenrt, ananornunte paccmorpenntm
nx nonnoro mn|ponannx, nokastnamr, uro uertpexkparnoe mn|ponanne no cpannennm c rponntm nnmt nesn a-
unrentno nontmaer naexnocrt.)
C E D E D E P
P D E D E D C
K K K K K
K K K K K
=
=
1 2 3 2 1
1 2 3 2 1
( ( ( ( ( )))))
( ( ( ( ( )))))
3ra cxema oparno conmecrnma c rponntm mn|ponannem, ecnn K
1
K
2
, n c onokparntm mn|ponannem, ecnn
K
1
K
2
K
3
. Koneuno, ona yer eme naexnen, ecnn ncnontsonart nxrt nesanncnmtx knmuen .
15.5 Yuenumenne pnnnm knmua n CDMF
3ror mero tn paspaoran IBM nx npoykra CDME (Commercial Data Masking Eacility, Kommepueckoe
cpecrno macknponannx anntx) (cm. pasen 24.8), urot npenparnrt 56-nrontn knmu DES n 40-nrontn, pas-
pemenntn nx +kcnopra |785]. Hpenonaraercx, uro nepnonauantntn knmu DES coepxnr nrt uernocrn.
(1) Onynxmrcx nrt uernocrn: nrt 8, 16, 24, 32, 40, 48, 56, 64.
(2) Pesyntrar +rana (1) mn|pyercx c nomomtm DES knmuom 0xc408b0540ba1e0ae, pesyntrar mn|ponannx o -
ennxercx nocpecrnom XOR c pesyntrarom +rana (1).
(3) B pesyntrare +rana (2) onynxmrcx cneymmne nrt: 1, 2, 3, 4, 8, 16, 17, 18, 19, 2.0, 2.4, 32, 33, 34, 35, 36,
40, 48, 49, 50, 51, 52, 56, 64.
(4) Pesyntrar +rana (3) mn|pyercx c nomomtm DES knmuom 0xef2c041ce6382fe6. Honyuenntn knmu ncnonts y-
ercx nx mn|ponannx coomennx.
He satnanre, uro +ror mero ykopaunnaer knmu n, cneonarentno, ocnanxer anropnrm .
15.6 O1ennnanne
O1ennnanneu (whitening) nastnaercx cnoco, npn koropom ntnonnxercx XOR uacrn knmua c nxoom nou-
noro anropnrma n XOR pyron uacrn knmua c ntxoom nounoro anropnrma . Bnepnte +ror mero tn npnmenen
nx napnanra DESX, paspaorannoro RSA Data Security, Inc., a sarem (no-nnnmomy, nesanncnmo) n Khufu n
Khafre. (Pnnecr n an nmx +romy meroy, +ro neotunoe ncnontsonanne cnona .)
Cmtcn +rnx encrnnn n rom, urot nomemart kpnnroanannrnky nonyunrt napy "orkptrtn rekcr/mn|porekcr"
nx nexamero n ocnone nounoro anropnrma . Mero sacrannxer kpnnroanannrnka yratnart ne rontko knmu anr o-
pnrma, no n ono ns snauennn orennnannx. Tak kak XOR ntnonnxercx n nepe, n nocne nounoro anropnrma,
cunraercx, uro +ror mero ycronunn npornn nckptrnx "ncrpeua nocepenne" .
C K E P K
P K D C K
K
K
=
=
3 1
1 3
2
2
( )
( )
Ecnn K
1
K
2
, ro nx nckptrnx rpyon cnnon norpeyercx 2
nm/p
encrnnn, re n - pasmep knmua, m - pasmep
noka, n p - konnuecrno nsnecrntx orkptrtx rekcron. Ecnn K
1
n K
2
pasnnunt, ro nx nckptrnx rpyon cnnon c
rpemx nsnecrntmn orkptrtmn rekcramn norpeyercx 2
nm1
encrnnn. Hpornn n||epennnantnoro n nnnennoro
kpnnroanannsa, rakne mept oecneunnamr samnry rontko nx neckontknx nron knmua. Ho c ntuncnnrentnon
roukn spennx +ro ouent ementn cnoco nontcnrt esonacnocrt nounoro anropnrma .
15.7 Mnorokpa1noe nocnepona1enunoe ncnonusonanne nounmx anropn1uon
A kak nacuer mn|ponannx cnauana anropnrmom A n knmuom K
A
, a sarem eme pas anropnrmom B n knmuom K
B
?
Moxer trt y Annct n Foa pasnnunte npecrannennx o rom, kakon anropnrm esonacnee : Annca xouer nontso-
nartcx anropnrmom A, a Fo - anropnrmom B. 3ror npnem, nnora nastnaemtn nocneona1ennnmu ncnonnsona-
nneu (cascading), moxno pacnpocrpannrt n na ontmee konnuecrno anropnrmon n knmuen .
Heccnmncrt yrnepxann, uro conmecrnoe ncnontsonanne nyx anropnrmon ne rapanrnpyer nontmennx es o-
nacnocrn. Anropnrmt moryr nsanmoencrnonart kaknm-ro xnrptm cnocoom, uro na camom ene axe v+euiuum.
axe rponnoe mn|ponanne rpemx pasnnuntmn anropnrmamn moxer ne trt nacrontko esonacntm, nackontko
nam +ro kaxercx. Kpnnrorpa|nx - ocrarouno remnoe nckyccrno, ecnn nt ne concem nonnmaere, uro enaere, ro
moxere nerko nonacrt n ey.
encrnnrentnocrt namnoro cnernee. Vnomxnyrte npeocrepexennx nepnt, rontko ecnn pasnnunte knmun s a-
nncxr pyr or pyra. Ecnn nce ncnontsyemte knmun nesanncnmt, ro cnoxnocrt nsnoma nocneonarentnocrn anr o-
pnrmon no kpannen mepe ne mentme, uem cnoxnocrt nsnoma nepnoro ns npnmenxemtx anropnrmon |1033]. Ecnn
nropon anropnrm uyncrnnrenen k nckptrnm c ntpanntm orkptrtm rekcrom, ro nepntn anropnrm moxer one r-
unrt +ro nckptrne n npn nocneonarentnom ncnontsonannn cenart nropon anropnrm uyncrnnrentntm k nckp t-
rnm c nsnecrntm orkptrtm rekcrom. Takoe nosmoxnoe oneruenne nckptrnx ne orpannunnaercx rontko anropn r-
mamn mn|ponannx: ecnn nt nosnonnre komy-ro pyromy onpeennrt nmon ns anropnrmon, enammnx uro-ro c
namnm coomennem o mn|ponannx, cronr yocronepnrtcx, uro name mn|ponanne ycronunno no ornomennm k
nckptrnm c ntpanntm orkptrtm rekcrom. (Oparnre nnnmanne, uro nanonee uacro ncnontsyemtm anropnrmom
nx cxarnx n onn|ponkn peun o moemntx ckopocren, npnmenxemtm nepe nmtm anropnrmom mn|ponannx,
xnnxercx CELP, paspaoranntn NSA.)
3ro moxno c|opmynnponart n nnaue: Hpn ncnontsonannn nckptrnx c ntpanntm orkptrtm rekcrom nocn e-
onarentnocrt mn|pon nsnomart ne nerue, uem nmon ns mn|pon nocneonarentnocrn |858]. Px pesyntraron
nokasan, uro nocneonarentnoe mn|ponanne nsnomart no kpannen mepe ne nerue, uem camtn cnntntn ns mn|pon
nocneonarentnocrn, no n ocnone +rnx pesyntraron nexar nekoropte nec|opmynnponannte npenonoxennx |528].
Tontko ecnn anropnrmt kommyrarnnnt, kak n cnyuae kackantx norokontx mn|pon (nnn nountx mn|pon n p e-
xnme OEB), naexnocrt nx nocneonarentnocrn ne mentme, uem y cnntnenmero ns ncnontsyemtx anropnrmon .
Ecnn Annca n Fo ne onepxmr anropnrmam pyr pyra , onn moryr ncnontsonart nx nocneonarentno. nx no-
rokontx anropnrmon nx nopxok ne nmeer snauennx . Hpn ncnontsonannn nountx anropnrmon Annca moxer cn a-
uana ncnontsonart anropnrm A, a sarem anropnrm B. Fo, koroptn ontme onepxer anropnrmy B, moxer ncnont-
sonart anropnrm B nepe anropnrmom A. Mexy anropnrmamn onn moryr ncrannrt xopomnn norokontn mn|p.
3ro ne npnunnnr npea n moxer snaunrentno nontcnrt esonacnocrt .
He saytre, uro knmun nx kaxoro anropnrma nocneonarentnocrn onxnt trt nesanncnmtmn . Ecnn anro-
pnrm A ncnontsyer 64-nrontn knmu, a anropnrm B - 128-nrontn knmu, ro nonyunnmaxcx nocneonarentnocrt
onxna ncnontsonart 192-nrontn knmu. Hpn ncnontsonannn sanncnmtx knmuen y neccnmncron ropaso ontme
mancon okasartcx npantmn.
15.8 O+epnnenne neckonuknx nounmx anropn1uon
Bor pyron cnoco oennnrt neckontko nountx anropnrmon , esonacnocrt koroporo rapanrnponano yer
no kpannen mepe ne mentme, uem esonacnocrt oonx anropnrmon . nx nyx anropnrmon (n nyx nesanncnmtx
knmuen):
(1) Ienepnpyercx crpoka cnyuanntx nron R roro xe pasmepa, uro n coomenne M.
(2) R mn|pyercx nepntm anropnrmom.
(3) M R mn|pyercx nroptm anropnrmom.
(4) Bn|porekcr coomennx xnnxercx oennennem pesyntraron +ranon (2) n (3).
Hpn ycnonnn, uro crpoka cnyuanntx nron encrnnrentno cnyuanna , +ror mero mn|pyer M c nomomtm ono-
pasonoro noknora, a sarem coepxnmoe noknora n nonyunnmeecx coomenne mn|pymrcx kaxtm ns nyx anro-
pnrmon. Tak kak n ro, n pyroe neoxonmo nx noccranonnennx M, kpnnroanannrnky npnercx nsnamtnart oa
anropnrma. Heocrarkom xnnxercx ynoenne pasmepa mn|porekcra no cpannennm c orkptrtm rekcrom .
3ror mero moxno pacmnpnrt nx neckontknx anropnrmon, no oannenne kaxoro anropnrma ynennunnaer
mn|porekcr. Cama no cee nen xopoma, no, kak mne kaxercx, ne ouent npakrnuna .
Fnana 16
Fenepa1opm ncenpocnyuanmx nocnepona1enunoc1e n no1okonme
mnqpm
16.1 Rnnenme konrpyan1nme renepa1opm
Annennmun xonrpy+n1nmun renepa1opaunxnnxmrcx reneparopt cneymmen |opmt
X
n
(aX
n-1 b) mod m
n koroptx X
n
- +ro n-tn unen nocneonarentnocrn, a X
n-1
- npetymnn unen nocneonarentnocrn. Hepemen-
nte a, b n m - nocroxnnte: a - unoan1enn, b - nnxpeuen1, n m - moynt. Knmuom, nnn sarpankon, cnyxnr snaue-
nne X
0
.
Hepno rakoro reneparopa ne ontme, uem m. Ecnn a, b n m ntpant npannntno, ro reneparop yer renepa-
1opou c uaxcnuannnmu nepnoou (nnora nastnaemtm makcnmantnon nnnon), n ero nepno yer panen m.
(Hanpnmep, b onxno trt nsanmno npocrtm c m.) Hoponoe onncanne ntopa koncranr nx nonyuennx makc n-
mantnoro nepnoa moxno nanrn n |863, 942]. Eme onon xopomen crarten no nnnenntm konrpy+nrntm renepar o-
pam n nx reopnn xnnxercx |1446].
B 15-n, nsxron ns |1272,], nepeuncnxmrcx xopomne koncranrt nnnenntx konrpy+nrntx reneparopon . Bce onn
oecneunnamr reneparopt c makcnmantntm nepnoom n, uro axe onee naxno, yonnernopxmr cnekrpantnomy
recry na cnyuannocrt nx pasmepnocren 2, 3, 4, 5 n 6 |385, 863]. Tannna oprannsonana no makcnmantnomy npons-
neennm, koropoe ne ntstnaer nepenonnennx n cnone ykasannon nnnt .
Hpenmymecrnom nnnenntx konrpy+nrntx reneparopon xnnxercx nx tcrpora sa cuer manoro konnuecrna on e-
pannn na nr.
K necuacrtm nnnennte konrpy+nrnte reneparopt nentsx ncnontsonart n kpnnrorpa|nn, rak kak onn npeck a-
syemt. Bnepnte nnnennte konrpy+nrnte reneparopt tnn nsnomant xnmom Pncom (Jim Reeds) |1294, 1295,
1296], a sarem xoan Foxp (Joan Boyar) |1251]. En yanoct rakxe nckptrt knaparnunte reneparopt:
Xn (aX
n-1
2
bX
n-1
c) mod m
n kynueckne reneparopt:
Xn (aX
n-1
3
bX
n-1
2
c X
n-1
d) mod m
pyrne nccneonarenn pacmnpnnn nen Foxp, paspaoran cnocot nckptrnx nmoro nonnnomnantnoro ren e-
paropa |923, 899, 900]. Ftnn nsnomant n yceuennte nnnennte konrpy+nrnte reneparopt |581, 705, 580], n yce-
uennte nnnennte konrpy+nrnte reneparopt c nensnecrntmn napamerpamn |1500, 212]. Taknm opasom tna o-
kasana ecnonesnocrt konrpy+nrntx reneparopon nx kpnnrorpa|nn.
Tan. 16-1.
Konc1an1m nu nnnennmx xonrpy+n1nmx renepa1opon
Hepenonnxercx npn a b m
2
20
106 1283 6075
2
21
211 1663 7875
2
22
421 1663 7875
2
23
430 2531 11979
936 1399 6655
1366 1283 6075
2
24
171 11213 53125
859 2531 11979
419 6173 29282
967 3041 14406
2
25
141 28411 134456
625 6571 31104
1541 2957 14000
1741 2731 12960
1291 4621 21870
205 29573 139968
2
26
421 17117 81000
1255 6173 29282
281 28411 134456
2
27
1093 18257 86436
421 54773 259200
1021 24631 116640
1021 25673 121500
2
28
1277 24749 117128
741 66037 312500
2041 25673 121500
2
29
2311 25367 120050
1807 45289 214326
1597 51749 244944
1861 49297 233280
2661 36979 175000
4081 25673 121500
3661 30809 145800
2
30
3877 29573 139968
3613 45289 214326
1366 150889 714025
2
31
8121 28411 134456
4561 51349 243000
7141 54773 259200
2
32
9301 49297 233280
4096 150889 714025
2
33
2416 374441 1771875
2
34
17221 107839 510300
36261 66037 312500
2
35
84589 45989 217728
Onako, nnnennte konrpy+nrnte reneparopt coxpanxmr cnom nonesnocrt nx nekpnnrorpa|nuecknx npnn o-
xennn, nanpnmep, nx moennponannx. Onn +||ekrnnnt n n ontmnncrne ncnontsyemtx +mnnpnuecknx recrax
emoncrpnpymr xopomne crarncrnueckne xapakrepncrnkn. Baxnym nn|opmannm o nnnenntx konrpy+nrntx r e-
neparopax n nx reopnn moxno nanrn n |942].
Ozeuueuue uuueumx rouepy+umumx eeuepamopoe
Ftn npenpnnxr px nontrok oennennx nnnenntx konrpy+nrntx reneparopon |1595, 941]. Kpnnrorpa|n-
ueckax esonacnocrt nonyuenntx pesyntraron ne nontmaercx, no onn onaamr onee nnnntmn nepnoamn n
nyumnmn xapakrepncrnkamn n nekoroptx crarncrnuecknx recrax . nx 32-nrontx komntmrepon moxno ncnont-
sonart cneymmnn reneparop |941]:
static long sl = 1 ; /* "long" zon+no -is 32-wios-m uen-m. */ static long s2 = 1 ;
#define MODMULT(a,b,c,m,s) q = s/a; s = b*(s-a*q) - c*q; if (s<0) s+=m ;
/* MODMIJLT(a,b,c,nl,s) paccuwi-saei s*b mod m npw ycnosww, uio m=a*b+c w 0 <= c < m. */
/* combinedLCG sosspamaei zenciswiensnoe nceszocnyuannoe snauenwe s zwanasone
* (0,1). Ona o+ezwnnei nwnenn-e xonrpyonin-e renepaiop- c nepwozamw
* 2
31
-85 w 2
31
-249, w ee nepwoz pasen npowssezenwx oiwx zsyx npoci-x uwcen. */
double combinedLCG ( void )
{
long q ;
long z ;
MODMULT ( 53668, 40014, 12211, 2147483563L, s1 )
MODMULT ( 52774, 40692, 3791, 2147483399L, s2 )
z = s1 - s2 ;
if ( z < 1 )
z += 2147483562 ;
return z * 4.656613e-10 ;
}
/* B omem cnyuae nepez wcnonssosanwem combinedLCG s-s-saeicn initLCG. */
void initLCG( long InitS1, long InitS2 )
{
sl = InitS1;
s2 InitS2;
}
3ror reneparop paoraer npn ycnonnn, uro komntmrep moxer npecrannrt nce nente uncna mexy -2
31
85 n
2
31
-249. Hepemennte s
1
n s
2
rnoantnt n coepxar rekymee cocroxnne reneparopa . Hepe nepntm ntsonom nx
neoxonmo nponnnnnannsnponart. nx nepemennon s
1
nauantnoe snauenne onxno nexart n nanasone mexy 1
n 2147483562, nx nepemennon s
2
- mexy 1 n 2147483398. Hepno reneparopa nnsok k 10
18
.
Ha 16-nronom komntmrepe ncnontsynre pyron reneparop :
static int sl = 1 ; /* "int" zon+no -is 16-wios-m uen-m. */
static int s2 = 1 ;
static int s3 = 1 ;
#define MODMULT(a,b,c,m,s) q = s/a; s = b*(s-a*q) - c*q; if (s<0) s+=m ;
/* combinedLCG sosspamaei zenciswiensnoe nceszocnyuannoe snauenwe s zwanasone
* (0,1). Ona o+ezwnnei nwnenn-e xonrpyonin-e renepaiop- c nepwozamw 2
15
-405,
* 2
15
-1041 w 2
15
-1111, w ee nepwoz pasen npowssezenwx oiwx ipex npoci-x uwcen. */
double combinedLCG ( void )
{
long q ;
long z ;
MODMULT ( 206, 157, 21, 32363, sl )
MODMULT ( 217, 146, 45, 31727, s2 )
MODMULT ( 222, 142, 133, 31657, s3 )
z = s1 - s2 ;
if ( z < 1 )
z -= 32362 ;
z += s3 ;
if ( z < 1 )
z += 32362 ;
return z * 3.0899e-5 ;
}
/* B omem cnyuae nepez wcnonssosanwem combinedLCG s-s-saeicn initLCG. */
void initLCG( long InitS1, long InitS2, long InitS3)
{
sl = InitS1;
s2 InitS2;
s3 InitS3;
}
3ror reneparop paoraer npn ycnonnn, uro komntmrep moxer npecrannrt nce nente uncna mexy -32363 n
32363. Hepemennte s
1
, s
2
n s
3
rnoantnt n coepxar rekymee cocroxnne reneparopa . Hepe nepntm ntsonom nx
neoxonmo nponnnnnannsnponart. nx nepemennon s
1
nauantnoe snauenne onxno nexart n nanasone mexy 1
n 32362, nx nepemennon s
2
- mexy 1 n 31726, nx nepemennon s
3
- mexy 1 n 31656. Hepno reneparopa panen
1.6*10
13
. nx oonx reneparopon koncranra b panna 0.
16.2 Cpnnronme pernc1pm c nnneno opa1no cnnsum
Hocneonarentnocrn cnnrontx perncrpon ncnontsymrcx kak n kpnnrorpa|nn, rak n n reopnn konponannx .
Hx reopnx npekpacno npopaorana, norokonte mn|pt na ase cnnrontx perncrpon xnnxnnct paouen nomakon
noennon kpnnrorpa|nn saonro o noxnnennx +nekrponnkn .
Cnnronmn pernc1p c opa1non cnusnm cocronr ns nyx uacren: cnnronoro perncrpa n qynxnnn opa1non
cnusn (cm. 15th). Cnnrontn perncrp npecrannxer coon nocneonarentnocrt nron . (Konnuecrno nron onpee-
nxercx nnnon cnnronoro perncrpa. Ecnn nnna panna n nram, ro perncrp nastnaercx n-nrontm cnnrontm
perncrpom.) Bcxknn pas, kora nyxno nsnneut nr, nce nrt cnnronoro perncrpa cnnramrcx nnpano na 1 nos n-
nnm. Hontn kpannnn nentn nr xnnxercx |ynknnen ncex ocrantntx nron perncrpa . Ha ntxoe cnnronoro pern-
crpa okastnaercx onn, otuno mnamnn snauamnn, nr . Hepnoou cnnronoro perncrpa nastnaercx nnna no-
nyuaemon nocneonarentnocrn o nauana ee nonropennx .
4yukun opafuo censu
b
n
b
n
-1
....
b
4
b
3
b
2
b
1
Pnc. 16-1. Cnnronmn pernc1p c opa1non cnusnm
Kpnnrorpa|am npannnnct norokonte mn|pt na ase cnnrontx perncrpon : onn nerko peannsontnannct c no-
momtm nn|ponon annaparypt. nnmt cnerka sarpony maremarnueckym reopnm. B 1965 roy 3pncr Cenmep
(Ernst Selmer), rnanntn kpnnrorpa| nopnexckoro npannrentcrna , paspaoran reopnm nocneonarentnocrn cnn-
rontx perncrpon |1411]. Conomon Ionom (Solomon Golomb), maremarnk NSA, nanncan knnry, nsnarammne ene-
koropte cnon pesantrart n pesyntrart Cenmepa |643]. Cm. rakxe |970, 971, 1647].
Hpocrenmnm nnom cnnronoro perncrpa c oparnon cnxstm xnnxercx nnnennmn cnnronmn pernc1p c o-
pa1non cnusnm (linear feedback shift register, nnn LESR) (cm. 14th). Oparnax cnxst npecrannxer coon npocro
XOR nekoroptx nron perncrpa, nepeuent +rnx nron nastnaercx o1nonon nocneona1ennnoc1nm (tap
sequence). Hnora rakon perncrp nastnaercx xonqnrypannen mnonaun. Hs-sa npocrort nocneonarentnocrn
oparnon cnxsn nx anannsa LESR moxno ncnontsonart onontno pasnnrym maremarnueckym reopnm . Kpnnro-
rpa|t nmxr anannsnponart nocneonarentnocrn, yexax cex, uro +rn nocneonarentnocrn ocrarouno cnyua n-
nt, urot trt esonacntmn. LESR uame pyrnx cnnrontx perncrpon ncnontsymrcx n kpnnrorpa|nn.
b
n
b
n
-1
. . . .
b
4
b
3
b
2
b
1
. . . .
BLxopuo
uf
Pnc. 16-2. Cnnronmn pernc1p c nnnennon opa1non cnusnm.
Ha 13-n nokasan 4-nrontn LESR c ornoom or nepnoro n uerneproro nron. Ecnn ero nponnnnnannsnponart
snauennem 1111, ro o nonropennx perncrp yer npnnnmart cneymmne nnyrpennne cocroxnnx :
1 1 1 1
0 1 1 1
1 0 1 1
0 1 0 1
1 0 1 0
1 1 0 1
0 1 1 0
0 0 1 1
1 0 0 1
0 1 0 0
0 0 1 0
0 0 0 1
1 0 0 0
1 1 0 0
1 1 1 0
b
4
b
3
b
2
b
1
BLxopuo
uf
Pnc. 16-3. 4-n1onmn LFSR.
Btxonon nocneonarentnocrtm yer crpoka mnamnx snauamnx nron :
1 1 1 1 0 1 0 1 1 0 0 1 0 0 0. . . .
n-nrontn LESR moxer naxonrtcx n onom ns 2
n
-1 nnyrpennnx cocroxnnn. 3ro osnauaer, uro reopernueckn
rakon perncrp moxer renepnponart ncenocnyuannym nocneonarentnocrt c nepnoom 2
n
-1 nron. (uncno nnyr-
pennnx cocroxnnn n nepno pannt 2
n
-1, noromy uro sanonnenne LESR nynxmn, npnneer k romy, uro cnnrontn
perncrp yer ntanart eckoneunym nocneonarentnocrt nynen, uro aconmrno ecnonesno .) Tontko npn onpe-
enenntx ornontx nocneonarentnocrxx LESR nnknnueckn nponer uepes nce 2
n
-1 nnyrpennnx cocroxnnn, rakne
LESR xnnxmrcx LESR c makcnmantntm nepnoom. Honyunnmnncx pesyntrar nastnaercx M-
nocneona1ennnoc1nm.
nx roro, urot konkperntn LESR nmen makcnmantntn nepno, mnorounen, opasonanntn ns ornonon n o-
cneonarentnocrn n koncranrt 1, onxen trt npnmnrnnntm no moynm 2. C1enenn mnorounena xnnxercx nn-
non cnnronoro perncrpa. Hpnmnrnnntn mnorounen crenenn n - +ro nenpnnonmtn mnorounen, koroptn xnnxercx
ennrenem x
n
2
1
1
+ , no ne xnnxercx ennrenem x
d
1 nx ncex d, xnnxmmnxcx ennrenxmn 2
n
-1 (cm. pasen 11.3).
Coornercrnymmym maremarnueckym reopnm moxno nanrn n |643, 1649, 1648].
B omem cnyuae ne cymecrnyer npocroro cnocoa renepnponart npnmnrnnnte mnorounent annon crenenn no
moynm 2. Hpome ncero ntnpart mnorounen cnyuanntm opasom n nponepxrt, ne xnnxercx nn on npnmnrnnntm .
3ro nenerko - n uem-ro noxoxe na nponepky, ne xnnxercx nn npocrtm cnyuanno ntpannoe uncno - no mnorne m a-
remarnueckne nakert nporpamm ymemr pemart rakym saauy . Px meroon npnneen n |970, 971].
Hekoropte, no, koneuno xe, ne nce, mnorounent pasnnuntx crenenen, npnmnrnnnte no moynm 2, npnneent
n 14-n |1583, 643, 1649, 1648, 1272, 691]. Hanpnmep, sannct (32, 7, 5, 3, 2, 1, 0) osnauaer, uro cneymmnn mnoro-
unen npnmnrnnen no moynm 2:
x
32
x
7
x
5
x
3
x
2
x 1
3ro moxno nerko oomnrt nx LESR c makcnmantntm nepnoom. Hepntm uncnom xnnxercx nnna LESR. Ho-
cnenee uncno ncera panno 0, n ero moxno onycrnrt . Bce uncna, sa ncknmuennem 0, saamr ornonym nocneon a-
rentnocrt, orcunrtnaemym or nenoro kpax cnnronoro perncrpa . To ecrt, unent mnorounena c mentmen crenentm
coornercrnymr nosnnnxm nnxe k npanomy kpam perncrpa .
Hpoonxax npnmep, sannct (32, 7, 5, 3, 2, 1, 0) osnauaer, uro nx nsxroro 32-nronoro cnnronoro perncrpa n o-
ntn nr nontn nr renepnpyercx c nomomtm XOR rpnnart nroporo, cetmoro, nxroro, rpertero, nroporo n ne p-
noro nron (cm. 12th), nonyuammnncx LESR yer nmert makcnmantnym nnny, nnknnueckn npoxox o nonrop e-
nnx uepes 2
32
-1 snauennn.
Ko nx +roro LESR na xstke C ntrnxnr cneymmnm opasom:
int LFSR ( ) {
static unsigned long ShiftRegister = 1;
/* Bce, xpome 0. */
ShiftRegister = ((((ShiftRegister >> 31)
^(ShiftRegister >> 6)
^(ShiftRegister >> 4)
^(ShiftRegister >> 2)
^(ShiftRegister >> 1)
^ShiftRegister))
& 0x00000001)
<<31)
| (ShiftRegister >> 1) ;
return ShiftRegister & 0x00000001;
}
Ecnn cnnrontn perncrp nnnnee komntmrepnoro cnona, ko ycnoxnxercx, no ne namnoro .
b
32 .... b
7
b
6
b
5
b
4
b
3
b
2
b
1
....
BLxopuo
uf
Pnc. 16-4. 32-n1onmn LFSR c uaxcnuannnon nnnon.
Tan. 16-2.
Hexo1opme npnun1nnnme unorounenm no uoynm 2
(1, 0)
(2, 1, 0)
(3, 1, 0)
(4, 1, 0)
(5, 2, 0)
(6, 1, 0)
(7, 1, 0)
(7, 3, 0)
(8, 4, 3, 2, 0)
(9, 4, 0)
(10, 3, 0)
(11, 2, 0)
(12, 6, 4, 1, 0)
(13, 4, 3, 1, 0)
(14, 5, 3, 1, 0)
(15, 1, 0)
(16, 5, 3.2, 0)
(17, 3, 0)
(17, 5, 0)
(17, 6, 0)
(18, 7, 0)
(18, 5, 2, 1, 0)
(19, 5, 2, 1, 0)
(20, 3, 0)
(21, 2, 0)
(22, 1, 0)
(23, 5, 0)
(24, 4, 3, 1, 0)
(25, 3, 0)
(26, 6, 2, 1, 0)
(27, 5, 2, 1, 0)
(28, 3, 0)
(29, 2, 0)
(30, 6, 4, 1.0)
(31, 3, 0)
(31, 6, 0)
(31, 7, 0)
(31, 13, 0)
(32, 7, 6, 2, 0)
(32, 7, 5, 3, 2, 1, 0)
(33, 13, 0)
(33, 16, 4, 1, 0)
(34, 8, 4, 3, 0)
(34, 7, 6, 5, 2, 1, 0)
(35, 2, 0)
(135, 11, 0)
(135, 16, 0)
(135, 22, 0)
(136, 8, 3, 2, 0)
(137, 21, 0)
(138, 8, 7, 1, 0)
(139, 8, 5, 3, 0)
(140, 29, 0)
(141, 13, 6, 1, 0)
(142, 21, 0)
(143, 5, 3, 2, 0)
(144, 7, 4, 2, 0)
(145, 52, 0)
(145, 69, 0)
(146, 5, 3, 2, 0)
(147, 11, 4, 2, 0)
(148, 27, 0)
(149, 10, 9, 7, 0)
(150, 53, 0)
(151, 3, 0)
(151, 9, 0)
(151, 15, 0)
(151, 31, 0)
(151, 39, 0)
(151, 43, 0)
(151, 46, 0)
(151, 51, 0)
(151, 63, 0)
(151, 66, 0)
(151, 67, 0)
(151, 70, 0)
(36, 11, 0)
(36, 6, 5, 4, 2, 1, 0)
(37, 6, 4, 1, 0)
(37, 5, 4, 3, 2, 1, 0)
(38, 6, 5, 1, 0)
(39, 4, 0)
(40, 5, 4, 3, 0)
(41, 3, 0)
(42, 7, 4, 3, 0)
(42, 5, 4, 3, 2, 1, 0)
(43, 6, 4, 3, 0)
(44, 6, 5, 2, 0)
(45, 4, 3, 1, 0)
(46, 8, 7, 6, 0)
(46, 8, 5, 3, 2, 1, 0)
(47, 5, 0)
(48, 9, 7, 4, 0)
(48, 7, 5, 4, 2, 1, 0)
(49, 9, 0)
(49, 6, 5, 4, 0)
(50, 4, 3, 2, 0)
(51, 6, 3, 1, 0)
(52, 3, 0)
(53, 6, 2, 1, 0)
(54, 8, 6, 3, 0)
(54, 6, 5, 4, 3, 2, 0)
(55, 24, 0)
(55, 6, 2, 1, 0)
(56, 7, 4, 2, 0)
(57, 7, 0)
(57, 5, 3, 2, 0)
(58, 19.0)
(58, 6, 5, 1, 0)
(59, 7, 4, 2, 0)
(59, 6, 5, 4, 3, 1, 0)
(60, 1, 0)
(61, 5, 2, 1, 0)
(62, 6, 5, 3, 0)
(63, 1, 0)
(64, 4, 3, 1, 0)
(65, 18, 0)
(65, 4, 3, 1, 0)
(66, 9, 8, 6, 0)
(66, 8, 6, 5, 3, 2, 0)
(67, 5, 2, 1, 0)
(152, 6, 3, 2, 0)
(153, 1, 0)
(153, 8, 0)
(154, 9, 5, 1, 0)
(155, 7, 5, 4, 0)
(156, 9, 5, 3, 0)
(157, 6, 5, 2, 0)
(158, 8, 6, 5, 0)
(159, 31, 0)
(159, 34, 0)
(159, 40, 0)
(160, 5, 3, 2, 0)
(161, 18, 0)
(161, 39, 0)
(161, 60, 0)
(162, 8, 7, 4, 0)
(163, 7, 6, 3, 0)
(164, 12, 6, 5, 0)
(165, 9, 8, 3, 0)
(166, 10, 3, 2, 0)
(167, 6, 0)
(170, 23, 0)
(172, 2, 0)
(174, 13, 0)
(175, 6, 0)
(175, 16, 0)
(175, 18, 0)
(175, 57, 0)
(177, 8, 0)
(177, 22, 0)
(1 77, 88, 0)
(68, 9, 0)
(68, 7, 5, 1, 0)
(69, 6, 5, 2, 0)
(70, 5, 3, 1, 0)
(71, 6, 0)
(71, 5, 3, 1, 0)
(72, 10, 9, 3, 0)
(72, 6, 4, 3, 2, 1, 0)
(73, 25, 0)
(73, 4, 3, 2, 0)
(74, 7, 4, 3, 0)
(75, 6, 3, 1, 0)
(76, 5, 4, 2, 0)
(77, 6, 5, 2, 0)
(78, 7, 2, 1, 0)
(79, 9, 0)
(79, 4, 3, 2, 0)
(80, 9, 4, 2, 0)
(80, 7, 5, 3, 2, 1, 0)
(81, 4, 0)
(82, 9, 6, 4, 0)
(82, 8, 7, 6, 1, 0)
(83, 7, 4, 2, 0)
(84, 13, 0)
(84, 8, 7, 5, 3, 1, 0)
(85, 8, 2, 1, 0)
(86, 6, 5, 2, 0)
(87, 13, 0)
(87, 7, 5, 1, 0)
(88, 11, 9, 8, 0)
(88, 8, 5, 4, 3, 1, 0)
(89, 38, 0)
(89, 51, 0)
(89, 6, 5, 3, 0)
(90, 5, 3, 2, 0)
(91, 8, 5, 1, 0)
(91, 7, 6, 5, 3, 2, 0)
(92, 6, 5, 2, 0)
(93, 2, 0)
(94, 21, 0)
(94, 6, 5, 1, 0)
(95, 11, 0)
(95, 6, 5, 4, 2, 1, 0)
(96, 10, 9, 6, 0)
(96, 7, 6, 4, 3, 2, 0)
(178, 87, 0)
(183, 56, 0)
(194, 87, 0)
(198, 65, 0)
(201, 14, 0)
(201, 17, 0)
(201, 59, 0)
(201, 79, 0)
(202, 55, 0)
(207, 43, 0)
(212, 105, 0)
(218, 11, 0)
(218, 15, 0)
(218, 71, 0)
(218.83, 0)
(225, 32, 0)
(225, 74, 0)
(225, 88, 0)
(225, 97, 0)
(225, 109, 0)
(231, 26, 0)
(231, 34, 0)
(234, 31, 0)
(234, 103, 0)
(236, 5, 0)
(250, 103, 0)
(255, 52, 0)
(255, 56, 0)
(255, 82, 0)
(258, 83, 0)
(266, 47, 0)
(97, 6, 0)
(98, 11, 0)
(98, 7, 4, 3, 1, 0)
(99, 7, 5, 4, 0)
(100, 37, 0)
(100, 8, 7, 2, 0)
(101, 7, 6, 1, 0)
(102, 6, 5, 3, 0)
(103, 9, 9)
(104, 11, 10, 1, 0)
(105, 16, 0)
(106, 15, 0)
(107, 9, 7, 4, 0)
(108, 31, 0)
(109, 5, 4, 2.0)
(110, 6, 4, 1, 0)
(111, 10, 0)
(111, 49, 0)
(113, 9, 0)
(113, 15, 0)
(113, 30, 0)
(114, 11, 2, 1, 0)
(115, 8, 7, 5, 0)
(116, 6, 5, 2, 0)
(117, 5, 2, 1, 0)
(118, 33, 0)
(119, 8, 0)
(119, 45, 0)
(120, 9, 6, 2, 0)
(121, 18, 0)
(122, 6, 2, 1, 0)
(123, 2, 0)
(124, 37, 0)
(125, 7, 6, 5, 0)
(126, 7, 4, 2, 0)
(127, 1, 0)
(127, 7, 0)
(127, 63, 0)
(128, 7, 2, 1, 0)
(129, 5, 0)
(130, 3, 0)
(131, 8, 3, 2, 0)
(132, 29, 0)
(133, 9, 8, 2, 0)
(134, 57, 0)
(270, 133, 0)
(282, 35, 0)
(282, 43, 0)
(286, 69, 0)
(286, 73, 0)
(294, 61, 0)
(322, 67, 0)
(333, 2, 0)
(350, 53, 0)
(366, 29, 0)
(378, 43, 0)
(378, 107, 0)
(390, 89, 0)
(462, 73, 0)
(521, 32, 0)
(521, 48, 0)
(521, 158, 0)
(521, 168, 0)
(607, 105, 0)
(607, 147, 0)
(607, 273, 0)
(1279, 216, 0)
(1279, 418, 0)
(2281, 715, 0)
(2281, 915, 0)
(2281, 1029, 0)
(3217, 67, 0)
(3217, 576, 0)
(4423, 271, 0)
(9689, 84, 0)
Oparnre nnnmanne, uro y ncex +nemenron rannnt neuernoe uncno ko+||nnnenron . npnnen rakym nnnnym
rannny, rak kak LESR uacro ncnontsymrcx nx kpnnrorpa|nn c norokontmn mn|pamn, n x xoren, urot pasnte
nmn mornn noopart pasnnunte npnmnrnnnte mnorounent . Ecnn p(x) npnmnrnnen, ro npnmnrnnen n x
n
p(1/x),
no+romy kaxtn +nemenr rannnt na camom ene onpeenxer na npnmnrnnntx mnorounena .
Hanpnmep, ecnn (a, b, 0) npnmnrnnen, ro npnmnrnnen n (a, a - b, 0). Ecnn npnmnrnnen (a, b, c, d, 0), ro npnmn-
rnnen n (a, a - d, a - c, a - b, 0). Maremarnueckn:
ecnn npnmnrnnen x
a
x
b
1, ro npnmnrnnen n x
a
x
a - b
1
ecnn npnmnrnnen x
a
x
b
x
c
x
d
1, ro npnmnrnnen n x
a
x
a-d
x
a-c
x
a-b
1
Ftcrpee ncero nporpammno peannsymrcx npnmnrnnnte rpexunent, rak kak nx renepannn nonoro nra ryxno
ntnonnxrt XOR rontko nyx nron cnnronoro perncrpa. encrnnrentno, nce mnorounent oparnon cnxsn, npn-
neennte n 14-n, xnnxmrcx paspeaennmun, ro ecrt, y nnx nemnoro ko+||nnnenron. Paspexennocrt ncera npe-
crannxer coon ncrounnk cnaocrn, koropon nnora ocrarouno nx nckptrnx anropnrma . nx kpnnrorpa|nuecknx
anropnrmon ropaso nyume ncnontsonart nno1nme npnmnrnnnte mnorounent, re, y koroptx mnoro ko+||nnne n-
ron. Hpnmenxx nnornte mnorounent, ocoenno n kauecrne uacrn knmua, moxno ncnontsonart snaunrentno onee
koporkne LESR.
Ienepnponart nnornte npnmnrnnnte mnorounent no moynm 2 nenerko . B omem cnyuae nx renepannn npn-
mnrnnntx mnorounenon crenenn k nyxno snart pasnoxenne na mnoxnrenn uncna 2
k
-1. Hpnmnrnnnte mnorounent
moxno nanrn n cneymmnx rpex xopomnx paorax: |652, 1285, 1287].
Camn no cee LESR xnnxmrcx xopomnmn reneparopamn ncenocnyuanntx nocneonarentnocren, no onn on a-
amr nekoroptmn nexenarentntmn necnyuanntmn cnoncrnamn . Hocneonarentnte nrt nnnennt, uro enaer nx
ecnonesntmn nx mn|ponannx. nx LESR nnnt n nnyrpennee cocroxnne npecrannxer coon npetymne n
ntxontx nron reneparopa. axe ecnn cxema oparnon cnxsn xpannrcx n cekpere, ona moxer trt onpeenena
no 2n ntxontm nram reneparopa c nomomtm ntcoko +||ekrnnnoro anropnrma Berlekamp-Massey |1082,1083]:
cm. pasen 16.3.
Kpome roro, ontmne cnyuannte uncna, renepnpyemte c ncnontsonannem nymnx nopx nron +ron nocne o-
narentnocrn, cnntno koppennponannt n nx nekoroptx rnnon npnnoxennn nonce ne xnnxmrcx cnyuanntmn . He-
cmorpx na +ro LESR uacro ncnontsymrcx nx cosannx anropnrmon mn|ponannx .
Hpoepauaa peauusauua LFSR
Hporpammnte peannsannn LESR menennt n tcrpee paoramr, ecnn onn nanncant na accemnepe, a ne na C.
Onnm ns pemennn xnnxercx ncnontsonanne napannentno 16 LESR (nnn 32, n sanncnmocrn or nnnt cnona namero
komntmrepa). B +ron cxeme ncnontsyercx maccnn cnon, pasmep koroporo panen nnne LESR, a kaxtn nr cnona
maccnna ornocnrcx k cnoemy LESR. Hpn ycnonnn, uro ncnontsymrcx onnakonte mnorounent oparnon cnxsn , +ro
moxer art samerntn ntnrptm nponsnonrentnocrn . Boome, nyumnm cnocoom ononnxrt cnnronte perncrpt
xnnxercx ymnoxenne rekymero cocroxnnx na noxoxmne nonunte marpnnt |901].
Cxemy oparnon cnxsn LESRmoxno mon|nnnponart. Honyuammnncx reneparop ne yer kpnnrorpa|nueckn
onee naexntm, no on nce eme yer onaart makcnmantntm nepnoom, n ero nerue peannsonart nporpammno
|1272]. Bmecro ncnontsonannx nx renepannn nonoro kpannero nenoro nra nron ornonon nocneonarentnocrn
ntnonnxercx XOR kaxoro nra ornonon nocneonarentnocrn c ntxoom reneparopa n samena ero pesyntrarom
+roro encrnnx, sarem pesyntrar reneparopa cranonnrcx nontm kpannnm nentm nrom (cm. 11th). Hnora +ry mo-
n|nkannm nastnamr xonqnrypannen Ianya. Ha xstke C +ro ntrnxnr cneymmnm opasom:
#define mask 0x80000057
static unsigned long ShiftRegister=1;
void seed_LFSR (unsigned long seed)
{
if (seed == 0) /* so wse+anwe ez- */
seed = 1 ;
ShiftRegister = seed;
}
int modified_LFSR (void)
{
if (ShiftRegister & 0x00000001) {
ShiftRegister = (ShiftRegister ^ mask >> 1) | 0x8000000 ;
return 1;
} else {
ShiftRegister >>= 1;
return 0;
}
}
b32 .... b7 b6 b5 b4 b3 b2 b1
BLxopuo
uf
Pnc. 16-5. LFSR Ianya.
Btnrptm cocronr n rom, uro nce XOR moxno cenart sa ony onepannm. 3ra cxema rakxe moxer tr pacna-
pannenena, a nonnnomt pasnnuntx oparntx cnxsen moryr trt pasnnunt . Takax kon|nrypannx Ianya moxer
art ntnrptm n npn annaparnon peannsannn, ocoenno n nne CFHC . Boome, npn ncnontsonannn annaparypt,
koropax xopomo ntnonnxer cnnrn npnmenxnre kon|nrypannm unonaun, ecnn ecrt nosmoxnocrt ncnontsonart
napannennsm, npnmenxnre kon|nrypannm Ianya.
16.3 Dpoek1nponanne n ananns no1okonmx mnqpon
Fontmnncrno peantntx norokontx mn|pon ocnonant na LESR. axe n nepnte nn +nekrponnkn nocrponrt nx
tno necnoxno. Cnnrontn perncrp ne npecrannxer ns cex nnuero ontmero, uem maccnn nron, a nocneon a-
rentnocrt oparnon cnxsn - naop nenrnnen XOR. axe npn ncnontsonannn CFHC norokontn mn|p na ase
LESR oecneunnaer nemanym esonacnocrt c nomomtm neckontknx nornuecknx nenrnnen .
Hponema LESR cocronr n rom, uro nx nporpammnax peannsannx ouent ne+||ekrnnna . Bam npnxonrcx nse-
rart paspexenntx mnorounenon oparnon cnxsn - onn oneruamr koppenxnnonnte nckptrnx |1051, 1090, 350] - a
nnornte mnorounent oparnon cnxsn ne+||ekrnnnt. Btxo nmoro norokonoro mn|pa xnnxercx nonrontm, nx
mn|ponannx roro, uro moxno ntnonnnrt sa ony nrepannm DES, neoxonmo ntnonnnrt 64 nrepannn norokon o-
ro anropnrma. encrnnrentno, nporpammnax peannsannx npocroro anropnrma LESR, noonoro onnctnaemomy
nnxe cxnmammemy reneparopy, ne tcrpee, uem DES.
3ra orpacnt kpnnrorpa|nn tcrpo pasnnnaercx n very politically charged. Fontmnncrno paspaorok sacekpeue-
nt - mnoxecrno ncnontsyemtx ceronx noenntx cncrem mn|ponannx ocnonant na LESR. encrnnrentno, y
ontmnncrna komntmrepon Cray (Cray 1, Cray X-MP, Cray Y-MP) ecrt nectma nmontrnax nncrpyknnx, otuno
nastnaemax kak "cuerunk conokynnocrn" (population count). Ona nocunrtnaer konnuecrno ennnn n perncrpe n
moxer trt ncnontsonana kak nx +||ekrnnnoro ntuncnennx paccroxnnx X+mmnnra mexy nymx nonuntmn
cnonamn n nx peannsannn nekropnsnponannon nepcnn LESR. cntman, uro +ra nncrpyknnx cunraercx kanonnu e-
ckon nncrpyknnen NSA, oxsarentno |nrypnpymmen nourn no ncex konrpakrax, kacammnxcx komntmrepon.
C pyron cropon tno nsnomano ynnnrentno ontmoe uncno kasanmnxcx cnoxntmn reneparopon na ase
cnnrontx perncrpon. H, koneuno xe, uncno raknx reneparopon, nsnomanntx noenntmn kpnnroanannrnuecknmn
yupexennxmn, raknmn kak NSA, eme ontme. Hnora ynnnxemtcx romy, uro camte npocrte ns nnx npenar a-
mrcx cnona n cnona.
Buueuaa cuoxuocmo
Anannsnponart norokonte mn|pt uacro npome, uem nounte . Hanpnmep, naxntm napamerpom, ncnontsye-
mtm nx anannsa reneparopon na ase LESR, xnnxercx nnnennau cnoanoc1n (linear complexity), nnn nnnenntn
nnrepnan. Ona onpeenxercx kak nnna n camoro koporkoro LESR, koroptn moxer nmnrnponart ntxo reneparo-
pa. hmax nocneonarentnocrt, renepnponannax koneuntm anromarom na koneuntm nonem, nmeer koneunym
nnnennym cnoxnocrt |1006]. hnnennax cnoxnocrt naxna, noromy uro c nomomtm npocroro anropnrma, nastna e-
moro anropn1uou Berlekamp-Massey, moxno onpeennrt +ror LESR, nponepnn rontko 2n nron noroka knmuen
|1005]. Boccosanax nyxntn LESR, nt nsnamtnaere norokontn mn|p.
3ra nex moxno pacmnpnrt c nonen na kontna |1298] n na cnyuan, kora ntxonax nocneonarentnocrt pa c-
cmarpnnaercx kak uncna n none neuernon xapakrepncrnkn |842]. antnenmee pacmnpenne npnnonr k nnoy nonx-
rnx npo|nnx nnnennon cnoxnocrn, koroptn onpeenxer nnnennym cnoxnocrt nocneonarentnocrn no mepe ee
ynnnennx |1357, 1168, 411, 1582]. pyron anropnrm ntuncnennx nnnennon cnoxnocrn npocr rontko n ouent cn e-
nn|nuecknx ycnonnxx |597, 595, 596, 1333]. Oomenne nonxrnx nnnennon cnoxnocrn ntnonneno n |776]. Cyme-
crnym rakxe nonxrnx c|epnueckon n knaparnunon cnoxnocrn |844].
B nmom cnyuae nomnnre, uro ntcokax nnnennax cnoxnocrt ne oxsarentno rapanrnpyer esonacnocrt renep a-
ropa, no nnskax nnnennax cnoxnocrt ykastnaer na neocrarounym esonacnocrt reneparopa |1357, 12.49].
Koppeuauuouuaa uesaeucuocmo
Kpnnrorpa|t ntramrcx nonyunrt ntcokym nnnennym cnoxnocrt, nennnenno oennxx pesyntrart nekor o-
ptx ntxontx nocneonarentnocren. Hpn +rom onacnocrt cocronr n rom, uro ona nnn neckontko nnyrpennnx
ntxontx nocneonarentnocren - uacro npocro ntxot orentntx LESR - moryr trt cnxsant omnm knmuentm
norokom n nckptrt npn nomomn nnnennon anrept. uacro rakoe nckptrne nastnamr xoppenunnonnmu ncxpm-
1neu nnn nckptrnem pasenxn-n-nnacrnyn. Tomac Cnrenranep (Thomas Siegenthaler) nokasan, uro moxno rouno
onpeennrt xoppenunnonnym nesanncnuoc1n, n uro cymecrnyer komnpomncc mexy koppenxnnonnon nesannc n-
mocrtm n nnnennon cnoxnocrtm |1450].
Ocnonnon neen koppenxnnonnoro nckptrnx xnnxercx onapyxenne nekoropon koppenxnnn mexy ntxoom
reneparopa n ntxoom onon ns ero cocranntx uacren . Tora, nanmax ntxonym nocneonarentnocrt, moxno
nonyunrt nn|opmannm o +rom npomexyrounom ntxoe . Hcnontsyx +ry nn|opmannm n pyrne koppenxnnn, mo x-
no conpart annte o pyrnx npomexyrountx ntxoax o rex nop, noka reneparop ne yer nsnoman .
Hpornn mnornx reneparopon norokon knmuen na ase LESR ycnemno ncnontsonannct koppenxnnonnte nckp t-
rnx n nx napnannn, rakne kak tcrpte koppenxnnonnte nckptrnx, npenarammne komnpomncc mexy ntuncn n-
rentnon cnoxnocrtm n +||ekrnnnocrtm |1451, 278, 1452, 572, 1636, 1051, 1090, 350, 633, 1054, 1089, 995]. Px
nnrepecntx nontx nen n +ron onacrn moxno nanrn n |46, 1641].
pyeue ecrpmmua
Cymecrnymr n pyrne cnocot nckptrnx reneparopon norokon knmuen . Tecr na nnnennym xoppex1noc1n
(linear consistency) ntraercx nanrn nekoropoe nomnoxecrno knmua mn|ponannx c nomomtm marpnunon rexnnkn
|1638]. Cymecrnyer n ncxpm1ne xoppex1noc1n "nc1peuen nocepenne" (meet-in-the-middle consistency attack)
|39, 41]. Anropn1u nnnennoro cnnpoua (linear syndrome algorithm) ocnonan na nosmoxnocrn sanncart |par-
menr ntxonon nocneonarentnocrn n nne nnnennoro ypannennx |1636, 1637]. Cymecrnyer ncxpm1ne nyumnu
aqqnnnmu npnnnaenneu (best afflne approximation attack) |502] n ncxpm1ne nmneennmu npenoaenneu
(derived sequence attack) |42]. K norokontm mn|pam moxno npnmennrt rakxe merot n||epennnantnoro |501]
n nnnennoro |631] kpnnroanannsa.
16.4 Do1okonme mnqpm na ase LFSR
Ocnonnon noxo npn npoekrnponannn reneparopa noroka knmuen na ase LESR npocr. Cnauana epercx onn
nnn neckontko LESR, otuno c pasnnuntmn nnnamn n pasnnuntmn mnorounenamn oparnon cnxsn . (Ecnn nnnt
nsanmno npocrt, a nce mnorounent oparnon cnxsn npnmnrnnnt, ro y opasonannoro reneparopa yer makc n-
mantnax nnna.) Knmu xnnxercx nauantntm cocroxnnem perncrpon LESR. Kaxtn pas, kora neoxonm nontn
nr, cnnntre na nr perncrpt LESR (+ro nnora nastnamr 1ax1nponanneu (clocking)). Fnr ntxoa npecrannx-
er coon |ynknnm, xenarentno nennnennym, nekoroptx nron perncrpon LESR. 3ra |ynknnx nastnaercx xoun-
nnpymmen qynxnnen, a reneparop n nenom - xounnannonnmu renepa1opou. (Ecnn nr ntxoa xnnxercx
|ynknnen enncrnennoro LESR, ro reneparop nastnaercx qnnn1pymmnu renepa1opou.) Fontmax uacrt reopnn
noonoro poa ycrponcrn paspaorana Cenmepom ( Selmer) n Hnnom Hnpnepom (Neal Zierler) |1647].
Moxno nnecrn px ycnoxnennn. B nekoroptx reneparopax nx pasnnuntx LESR ncnontsyercx pasnnunax rak-
ronax uacrora, nnora uacrora onoro reneparopa sanncnr or ntxoa pyroro . Bce +ro +nekrponnte nepcnn nen
mn|ponantntx mamnn, noxnnnmnxcx o Bropon mnponon nonnt, koropte nastnamrcx reneparopamn c ynpanne-
nneu 1ax1onon uac1o1on (clock-controlled genelators) |641]. Vnpannenne rakronon uacroron moxer trt c np x-
mon cnxstm, kora ntxo onoro LESR ynpannxer rakronon uacroron pyroro LESR, nnn c oparnon cnxstm, kora
ntxo onoro LESR ynpannxer ero cocrnennon rakronon uacroron.
Xorx nce +rn reneparopt uyncrnnrentnt, no kpannen mepe reopernueckn, k nckptrnxm nnoxennem n nepoxrnon
koppenxnnen |634, 632], mnorne ns nnx esonacnt o cnx nop. ononnnrentnym reopnm cnnrontx perncrpon c
ynpannxemon rakronon uacroron moxno nanrn n |89].
n Kaccennc (Ian Cassells), panee nosrnannxnmnn ka|epy uncron maremarnkn n Kempnxe n paoranmnn
kpnnroanannrnkom n Bletchly Park, ckasan, uro "kpnnrorpa|nx - +ro cmect maremarnkn n nyrannnt, n es nyrann-
nt maremarnka moxer trt ncnontsonana npornn nac ." On nmen n nny, uro n norokontx mn|pax nx oecneu e-
nnx makcnmantnon nnnt n pyrnx cnoncrn neoxonmt onpeenennte maremarnueckne crpykrypt, rakne kak
LESR, no, urot nomemart komy-ro nonyunrt coepxanne perncrpa n nckptrt anropnrm, neoxonmo nnecrn n e-
koroptn cnoxntn nennnenntn ecnopxok. 3ror coner cnpanennn n nx nountx anropnrmon .
Ho+romy ne cronr ceptesno ynnekartcx reneparopamn noroka knmuen na ase LESR, onncannx koroptx noxnn-
nnct n nnreparype. ne snam, ncnontsyercx nn xort onn ns nnx n peantntx kpnnrorpa|nuecknx npoykrax .
Fontmen uacrtm onn npecrannxmr nnmt reopernuecknn nnrepec . Hekoropte tnn nsnomant, nekoropte mornn
ocrartcx esonacntmn.
Tak kak mn|pt na ase LESR otuno peannsymrcx annaparno, na pncynkax ncnontsymrcx cnmnont +nekrpon-
non nornkn. B rekcre, osnauaer XOR, - AND, - OR, n - NOT.
Ieuepamop Ieqqa
B +rom reneparope noroka knmuen ncnontsymrcx rpn LESR, oennennte nennnenntm opasom (cm. 10th)
|606]. na LESR xnnxmrcx nxoamn myntrnnnekcopa, a rpernn LESR ynpannxer ntxoom myntrnnnekcopa. Ecnn
a
1
, a
2
n a
3
- ntxot rpex LESR, ntxo reneparopa Ie||a (Geffe) moxno onncart kak:
b (a
1
a
2
) ((a
1
) a
3
)
b(t)
Mynufunnekcop
2 e 1
BLop
LFSR-1
LFSR-3
LFSR-2
Pnc. 16-6. Ienepa1op Ieqqa.
Ecnn nnnt LESR pannt n
1
, n
2
n n
3
, coornercrnenno, ro nnnennax cnoxnocrt reneparopa panna
(n
1
1) n
2
n
1
n
3
,
Hepno reneparopa panen nanmentmemy omemy ennrenm nepnoon rpex reneparopon . Hpn ycnonnn, uro cre-
nenn rpex npnmnrnnntx mnorounenon oparnon cnxsn nsanmno npocrt, nepno +roro reneparopa yer panen
nponsneennm nepnoon rpex LESR.
Xorx +ror reneparop nennoxo ntrnxnr na ymare , on kpnnrorpa|nueckn cna n ne moxer ycroxrt npornn ko p-
penxnnonnoro nckptrnx |829, 1638]. B 75 nponenrax npemenn ntxo reneparopa panen ntxoy LESR-2. Ho+romy,
ecnn nsnecrnt ornonte nocneonarentnocrn oparnon cnxsn , moxno oraartcx o nauantnom snauennn LESR-2 n
crenepnponart ntxonym nocneonarentnocrt +roro perncrpa . Tora moxno nocunrart, ckontko pas ntxo LESR
connaaer c ntxoom reneparopa. Ecnn nauantnoe snauenne onpeeneno nenepno, ne nocneonarentnocrn yyr
cornacontnartcx n 50 nponenrax npemenn, a ecnn npannntno, ro n 75 nponenrax npemenn .
Ananornuno, ntxo reneparopa panen ntxoy LESR n 75 nponenrax npemenn. C raknmn koppenxnnxmn renepa-
rop noroka knmuen moxer trt nerko nsnoman. Hanpnmep, ecnn npnmnrnnnte mnorounent cocroxr rontko ns
rpex unenon, n nnna camoro ontmoro LESR panna n, nx noccranonnennx nnyrpennnx cocroxnnn ncex rpex LESR
nyxen |parmenr ntxonon nocneonarentnocrn nnnon 37n nron |1639].
Ooueuum eeuepamop Ieqqa
Bmecro ntopa mexy nymx LESR n +ron cxeme ntnpaercx onn ns k LESR, re k xnnxercx crenentm 2. Bce-
ro ncnontsyercx k 1 LESR (cm. 9th). Takronax uacrora LESR-l onxna trt n log
2
k pas ntme, uem y ocrantntx
k LESR.
Mynufunnekcop
n e 1
b(t)
BLop
LFSR-1
LFSR-2
LFSR-n+1
LFSR-3
Pnc. 16-7. Oomennmn renepa1op Ieqqa.
Hecmorpx na ro, uro +ra cxema cnoxnee reneparopa Ie||a , nx nsnoma moxno ncnontsonart ro xe koppenxnn-
onnoe nckptrne. He pekomenym +ror reneparop.
Ieuepamop xeuuuueca
B +ron cxeme myntrnnnekcop ncnontsyercx nx oennennx nyx LESR |778, 779, 780]. Myntrnnnekcop,
ynpannxemtn LESR-l, ntnpaer 1 nr LESR-2 n kauecrne ouepenoro ntxonoro nra. Kpome roro, ncnontsyercx
|ynknnx, koropax oropaxaer ntxo LESR-2 na nxo myntrnnnekcopa (cm. 8th).
0 1 ... n-1
...
Mynufunnekcop
K3
K
2
K1
b(t)
B
L
o
p
LFSR-1
LFSR-2
Pnc. 16-8. Ienepa1op aennnnrca.
Knmuom xnnxercx nauantnoe cocroxnne nyx LESR n |ynknnn oropaxennx. Xorx y +roro reneparopa sameua-
rentnte crarncrnueckne cnoncrna, on nan nepe ntnonnenntm Poccom Anepconom (Ross Anderson) nckptrnem
koppekrnocrn ncrpeuen nocepenne |39] n nckptrnem nnnennon koppekrnocrn |1638,442]. He ncnontsynre +ror
reneparop.
Ieuepamop "cmon-noueu" (Stop-and-Co) Both-Piper
3ror reneparop, nokasanntn na 7th, ncnontsyer ntxo onoro LESR nx ynpannennx rakronon uacroron pyr o-
ro LESR |151]. Takrontn nxo LESR-2 ynpannxercx ntxoom LESR-l, rak uro LESR-2 moxer nsmenxrt cnoe co-
croxnne n momenr npemenn t rontko, ecnn ntxo LESR-l n momenr npemenn t - 1 tn panen 1.
Takrnponan
b
a
a
a
LFSR-1
LFSR-3
LFSR-2
Takrnponanne
b(t)
a3(t)
a2(t)
a
1
(t)
LFSR-
1
LFSR-3
LFSR-2
Pnc. 16-9. Ienepa1op "c1on-nomen" Beth-Piper.
Hnkomy ne yanoct npnnecrn nx omero cnyuax ocronepnte annte o nnnennon cnoxnocrn +roro
reneparopa. Onako on ne ycroxn nepe koppenxnnonntm nckptrnem |1639].
Hepeymuuca eeuepamop "cmon-noueu"
B +rom reneparope ncnontsymrcx rpn LESR pasnnunon nnnt. LESR-2 rakrnpyercx, kora ntxo LESR-l panen
1, LESR-3 rakrnpyercx, kora ntxo LESR-l panen 0. Btxoom reneparopa xnnxercx XOR LESR-2 n LESR-3 (cm.
Pnc. 16.10) |673].
(t)
b(t)
a
1
(t)
LFSR-
1
LFSR-3
LFSR-2
Pnc. 16-10. Hepeymmnncu renepa1op "c1on-nomen"
V +roro reneparopa ontmon nepno n ontmax nnnennax cnoxnocrt . Anropt nokasann cnoco koppenxnnon-
noro nckptrnx LESR-1, no +ro ne cnntno ocnanxer reneparop. Ftnn npenoxent n pyrne reneparopt rakoro
rnna |1534, 1574, 1477].
eycmopouuu eeuepamop "cmon-noueu"
B +rom reneparope ncnontsyercx na LESR c onnakonon nnnon n (cm. Pnc. 16.11) |1638]. Btxoom reneparo-
pa xnnxercx XOR ntxoon kaxoro LESR. Ecnn ntxo LESR-l n momenr npemenn t-1 panen 0, a n momenr npemenn
t-2 - 1, ro LESR-2 ne rakrnpyercx n momenr npemenn t. Haoopor, ecnn ntxo LESR-2 n momenr npemenn t-1 panen
0, a n momenr npemenn t-2 - 1, n ecnn LESR-2 rakrnpyercx n momenr npemenn t, ro LESR-l ne rakrnpyercx n momenr
npemenn t.
-
+ranntn
LESR-
2
A
(t)
(t)
=(J-1) =(J-2) . . . =(J)
-
+ranntn
LESR-1
B
(t)
(t)
>(J-1) >(J-2) . . . >(J)
(t)
Pnc. 16-11. nyc1oponnnn renepa1op "c1on-nomen".
hnnennax cnoxnocrt rakon cncremt npnmepno panna ee nepnoy. Cornacno |1638], "n rakon cncreme ne oue-
nnnax nstrounocrt knmua ne nanmaercx ".
Hopoeoem eeuepamop
3ror reneparop ntraercx oonrn nponemt esonacnocrn, xapakrepnte nx npetymnx reneparopon, c n o-
momtm nepemennoro uncna LESR |277]. Ho reopnn npn ncnontsonannn ontmero konnuecrna LESR nckptrt mn|p
cnoxnee.
3ror reneparop nokasan na 4-n. Bostmnre ntxo ontmoro uncna LESR (ncnontsyx neuernoe uncno perncrpon).
nx nonyuennx makcnmantnoro nepnoa yenrect, uro nnnt ncex LESR nsanmno npocrt, a mnorounent opar-
non cnxsn - npnmnrnnnt.. Ecnn onee nononnnt ntxontx nron LESR - 1, ro ntxoom reneparopa xnnxercx 1.
Ecnn onee nononnnt ntxontx nron LESR - 0, ro ntxoom reneparopa xnnxercx 0.
b(t)
LFSR-
1
4yukun
raopupoeauun
LFSR-3
LFSR-n
LFSR-2
Pnc. 16-12. Hoporonmn renepa1op.
nx rpex LESR ntxo reneparopa moxno npecrannrt kak:
b (a
1
a
2
) (a
1
a
3
) (a
2
a
3
)
3ro ouent noxoxe na reneparop Ie||a sa ncknmuennem roro, uro noporontn reneparop onaaer ontmen n n-
nennon cnoxnocrtm
n
1
n
2
n
1
n
3
n
2
n
3
re n
1
, n
2
n n
3
- nnnt nepnoro, nroporo n rpertero LESR.
3ror reneparop ne cnnmkom xopom. Kaxtn ntxonon nr aer nekoropym nn|opmannm o cocroxnnn LESR -
rounee 0.189 nra - n reneparop n nenom ne moxer ycroxrt nepe koppenxnnonntm nckptrnem . ne conerym nc-
nontsonart rakon reneparop.
Caonpopexueamuue (Self-Decimated) eeuepamopm
Camonpopexnnammnmn nastnamrcx reneparopt, koropte ynpannxmr cocrnennon rakronon uacroron . Ftno
npenoxeno na rnna raknx reneparopon, onn P+nnepom Pmnnenom ( Ranier Rueppel) (cm. 3-n) |1359] pyron
Fnnnom uamepcom (Bill Chambers) n nrepom Konnmanom (Dieter Collmann) |308] (cm. 2nd). B reneparope Pmn-
nena ecnn ntxo LESR panen 0, LESR rakrnpyercx d pas. Ecnn ntxo LESR panen 0, LESR rakrnpyercx k pas. Ie-
neparop uamepca n Konnmana cnoxnee, no nex ocraercx ron xe . K coxanennm oa reneparopa ne esonacnt
|1639], xorx tn npenoxen px mon|nkannn, koropte moryr ncnpannrt ncrpeuammnecx nponemt |1362.].
.54
0: Takfupoeauue
d
pas
1: Takfupoeauue
k
pas
b(t)
Pnc. 16-13. Cauonpopeannammnn renepa1op Pmnnena.
.54
0: Takfupoeauue
d
pas
1: Takfupoeauue
k
pas
z
... 2 1
b(t)
Pnc. 16-14. Cauonpopeannammnn renepa1op Hauepca n Ionnuana.
Muoeocropocmuo eeuepamop c euympeuuu npouseeeuue (inner-product)
3ror reneparop, npenoxenntn Macceem ( Massey) n Pmnnenom |1014], ncnontsyer na LESR c pasntmn rak-
rontmn uacroramn (cm. 1st). Takronax uacrora LESR-2 n d pas ontme, uem y LESR-l. Orentnte nrt +rnx LESR
oennxmrcx onepannen AND, a sarem nx nonyuennx ntxonoro nra reneparopa onn oennxmrcx nocpec r-
nom XOR.
d *
n-
sfanuL
LFSR
-
2
l-
sfanuL
LFSR
-1
b(t)
Pnc. 16-15. Mnorocxopoc1non renepa1op c nny1pennnu nponsneenneu.
Xorx +ror reneparop onaaer ntcokon nnnennon cnoxnocrtm n nennkonenntmn crarncrnuecknmn xapakrep n-
crnkamn, on nce xe ne moxer ycroxrt nepe nckptrnem nnnennon cornaconannocrn |1639]. Ecnn n
1
- nnna LESR-
l, n
2
- nnna LESR-2, a d - ornomenne rakrontx uacror, ro nnyrpennee cocroxnne reneparopa moxer trt nonyueno
no ntxonon nocneonarentnocrn nnnon
n
2
n
2
log
2
d
Cyupymuu eeuepamop
Eme ono npenoxenne P+nnep Pmnnena, +ror reneparop cymmnpyer ntxot nyx LESR (c nepenocom) |1358,
1357]. 3ro n ntcokon crenenn nennnennax onepannx . B konne 80-x +ror reneparop tn nnepom n ornomennn
esonacnocrn, no on nan nepe koppenxnnonntm nckptrnem |1053, 1054, 1091]. Kpome roro, tno nokasano, uro
+ror reneparop xnnxercx uacrntm cnyuaem oparnon cnxsn, ncnontsymmen cnnrontn perncrp c nepenocom (cm.
pasen 17.4), n moxer trt nsnoman |844].
DNRSC
3ro osnauaer "nnamnuecknn reneparop cnyuannon nocneonarentnocrn" ( "dynamic random-sequence gener a-
tor") |1117]. Hex cocronr n rom, urot nsxrt na pasnnuntx |nntrpyemtx reneparopa - noporontx, cymmnpy m-
mnx, n r.n. - ncnontsymmnx onn naop LESR, a ynpannxemtx pyrnm LESR.
Cnauana rakrnpymrcx nce LESR. Ecnn ntxoom LESR-0 xnnxercx 1, ro ntuncnxercx ntxo nepnoro |nntr-
pymmero reneparopa. Ecnn ntxoom LESR-0 xnnxercx 0, ro ntuncnxercx ntxo nroporo |nntrpymmero renepar o-
pa. Okonuarentntm pesyntrarom xnnxercx XOR ntxoon nepnoro n nroporo reneparopon.
Kacra Iouuauua
Kacka Ionnmanna (cm. 0-n), onncanntn n |636, 309], npecrannxer coon ycnnennym nepcnm reneparopa
"cron-nomen". On cocronr ns nocneonarentnocrn LESR, rakrnponanne kaxoro ns koroptx ynpannxercx npe t-
ymnm LESR. Ecnn ntxoom LESR-l n momenr npemenn t xnnxercx 1, ro rakrnpyercx LESR-2. Ecnn ntxoom
LESR-2 n momenr npemenn t xnnxercx 1, ro rakrnpyercx LESR-3, n rak anee. Btxo nocnenero LESR n xnnxercx
ntxoom reneparopa. Ecnn nnna ncex LESR onnakona n panna n, nnnennax cnoxnocrt cncremt ns k LESR panna
n(2
n
- 1)
k-1
LFSR
-1
1
LFSR
-2
LFSR
-
3
Pnc. 16-16. Kacxa Ionnuanna.
3ro epskax nex: konnenryantno onn ouent npocrt n moryr trt ncnontsonant nx renepannn nocneon a-
rentnocren c orpomntmn nepnoamn, orpomntmn nnnenntmn cnoxnocrxmn n xopomnmn crarncrnuecknmn cno n-
crnamn. Onn uyncrnnrentnt k nckptrnm, nastnaemomy sannpanneu (lock-in) |640] n npecrannxmmemy mero, c
nomomtm koroporo cnauana kpnnroanannrnk noccranannnnaer nxo nocnenero cnnronoro perncrpa n kackae , a
sarem nsnamtnaer nect kacka, perncrp sa perncrpom. B nekoroptx cnyuaxx +ro npecrannxer coon ceptesnym
nponemy n ymentmaer +||ekrnnnym nnny knmua anropnrma , no nx mnnnmnsannn nosmoxnocrn rakoro nckp t-
rnx moxno npenpnnxrt px onpeenenntx mep.
antnenmnn ananns nokasan, uro c pocrom k nocneonarentnocrt npnnnxaercx k cnyuannon |637, 638, 642,
639]. Ha ocnonannn neannnx nckptrnn koporknx kackaon Ionnmanna |1063], x conerym ncnontsonart k ne
mentme 15. hyume ncnontsonart ontme koporknx LESR, uem mentme nnnntx LESR.
Hpopexueaem eeuepamop
Hpopexnnaemtn (shrinking) reneparop |378] ncnontsyer pyrym |opmy ynpannennx rakrnponannem. Bostmem
na LESR: LESR-l n LESR -2. Hoanm rakrontn nmnyntc na oa perncrpa . Ecnn ntxoom LESR-l xnnxercx 1, ro
ntxoom reneparopa xnnxercx ntxo LESR-2. Ecnn ntxo LESR-l panen 0, oa nra cpactnamrcx, LESR rakrn-
pymrcx sanono n nce nonropxercx.
Hex npocra, ocrarouno +||ekrnnna n kaxercx esonacnon . Ecnn mnorounent oparnon cnxsn npopexent,
reneparop uyncrnnrenen k nckptrnm, no pyrnx nponem onapyxeno ne tno . Xorx +ror rnn reneparopa ocra-
rouno non. Ona ns nponem peannsannn cocronr n rom, uro ckopocrt ntaun pesyntrara ne nocroxnna, ecnn
LESR-l renepnpyer nnnnym nocneonarentnocrt nynen, ro na ntxoe reneparopa nnuero ner . nx pemennx +ron
nponemt anropt npenaramr ncnontsonart y|epnsannm |378]. Hpakrnueckax peannsannx npopexnnaemoro r e-
neparopa paccmarpnnaercx n |901].
Caonpopexueaem eeuepamop
Camonpopexnnaemtn (self-shrinking) reneparop |1050] xnnxercx napnanrom npopexnnaemoro reneparopa . Bme-
cro nyx LESR ncnontsyercx napa nron onoro LESR. Hporakrnpynre LESR naxt. Ecnn nepntm nrom napt
yer 1, ro nropon nr yer ntxoom reneparopa . Ecnn nepntn nr - 0, cpoctre oa nra n nonpoynre cnona.
Xorx nx camonpopexnnaemoro reneparopa nyxno npnmepno n na pasa mentme namxrn, uem nx npopexnnaem o-
ro, on paoraer n na pasa menennee.
Xorx camonpopexnnaemtn reneparop rakxe kaxercx esonacntm, on moxer necrn cex nenpeckasyemtm o -
pasom n onaart nensnecrntmn cnoncrnamn. 3ro ouent nontn reneparop, anre emy nemnoro npemenn .
16.5 A5
A5 - +ro norokontn mn|p, ncnontsyemtn nx mn|ponannx GSM (Group Special Mobile). 3ro enponencknn
cranapr nx nn|pontx corontx monntntx rene|onon . On ncnontsyercx nx mn|ponannx kanana "rene|on-
asonax crannnx". Ocranmaxcx uacrt kanana ne mn|pyercx, rene|onnax komnannx moxer nerko cenart uro-
nnyt c namnmn pasronopamn.
Bokpyr +roro nporokona neyrcx crpannte nonnrnueckne nrpt. Hepnonauantno npenonaranoct, uro kpnnr o-
rpa|nx GSM nosnonnr sanpernrt +kcnopr rene|onon n nekoropte crpant. Tenept px unnonnnkon ocyxaer, ne
nonpenr nn A5 +kcnoprntm npoaxam necmorpx na ro, uro on rak cna, uro npx nn cmoxer cnyxnrt npenxrc r-
nnem. Ho cnyxam n cepenne 80-x pasnnunte cekpernte cnyxt HATO cnennnnct no nonpocy, onxno nn mn|p o-
nanne GSM trt cnntntm nnn cnatm. Hemnam tna nyxna cnntnax kpnnrorpa|nx, rak kak pxom c nnmn nax o-
nncx Conercknn Coms. Bsxna nepx pyrax rouka spennx, n A5 npecrannxer coon |pannysckym paspaorky.
Fontmnncrno eranen nam nsnecrno. Fpnranckax rene|onnax komnannx nepeana ncm okymenrannm Fp+ -
|opckomy ynnnepcnrery (Bradford University), ne sacrannn nonncart cornamenne o nepasrnamennn . Hn|opma-
nnx re-ro npocounnact n nakonen tna onynnkonana n Internet. A5 onnctnaercx n |1622], rakxe n konne +ron
knnrn npnneen ko +roro nporokona.
A5 cocronr ns rpex LESR nnnon 19, 22 n 23, nce mnorounent oparnon cnxsn - npopexent. Btxoom xnnxer-
cx XOR rpex LESR. B A5 ncnontsyercx nsmenxemoe ynpannenne rakrnponannem. Kaxtn perncrp rakrnpyercx n
sanncnmocrn or cnoero cpenero nra, sarem ntnonnxercx XOR c oparnon noporonon |ynknnen cpennx nron
ncex rpex perncrpon. Otuno na kaxom +rane rakrnpyercx na LESR.
Cymecrnyer rpnnnantnoe nckptrne, rpeymmee 2
40
mn|ponannn: npenonoxnre coepxanne nepntx nyx
LESR n nontranrect onpeennrt rpernn LESR no noroky knmuen. (encrnnrentno nn rakon cnoco nckptrnx
nosmoxen, ocraercx no nonpocom, koroptn ckopo yer paspemen paspaartnaemon mamnnon nx annaparnoro
noncka knmuen |45].)
Tem ne menee, cranonnrcx xcno, uro nen, nexamne n ocnone A5, nennoxn. Anropnrm ouent +||ekrnnen. On
yonnernopxer ncem nsnecrntm crarncrnuecknm recram, enncrnennon ero cnaocrtm xnnxercx ro, uro ero pernc r-
pt cnnmkom koporkn, urot npeornparnrt nonck knmua nepeopom . Bapnanrt A5 c onee nnnntmn cnnront-
mn perncrpamn n onee nnorntmn mnorounenamn oparnon cnxsn onxnt trt esonacnt .
16.6 Hughes XPD/KPD
3ror anropnrm tn npenoxen Hughes Aircraft Corp. 3ra |npma ncrponna ero n apmenckne rakrnueckne pannn
n oopyonanne noncka nanpannennx nx npoaxn sa rpannny. Anropnrm tn paspaoran n 1986 roy n nonyunn
nasnanne XPD, cokpamenne or Exportable Protection Device - 3kcnoprnpyemoe ycrponcrno samnrt. Hosnee on
tn nepenmenonan n KPD - Vcrponcrno knnernueckon samnrt - n paccekpeuen |1037, 1036].
Anropnrm ncnontsyer 61-nrontn LESR. Cymecrnyer 2
10
pasnnuntx npnmnrnnntx mnorounena oparnon cn x-
sn, oopenntx NSA. Knmu ntnpaer onn ns +rnx mnorounenon (xpanxmnxcx re-ro n H3V), a rakxe nauantnoe
cocroxnne LESR.
B anropnrme nocemt pasnnuntx nennnenntx |nntrpon , kaxtn ns koroptx ncnontsyer mecrt ornoon LESR,
ntanax onn nr. Oennxxct, +rn nrt opasymr anr, koroptn n npnmenxercx nx mn|ponannx nnn emn |-
pnponannx noroka anntx.
3ror anropnrm ntrnxnr ouent npnnnekarentno, no y menx ecrt onpeenennte comnennx . NSA paspemnno ero
+kcnopr, cneonarentno onxen trt cnoco nckptrnx nopxka, ne ontmero uem 2
40
. Ho kakon?
16.7 Nanoteq
Nanoteq - +ro mxnoa|pnkanckax +nekrponnax komnannx . Hmenno +ror anropnrm ncnontsyercx mxnoa|pnka n-
ckon nonnnnen npn mn|ponannn nepeaun |akcon, a nosmoxno n nx npounx nyx .
Fonee nnn menee +ror anropnrm onncan n |902, 903]. On ncnontsyer 127-nrontn LESR c |nkcnponanntm
mnorounenom oparnon cnxsn, knmu npecrannxer coon nauantnoe cocroxnne perncrpa . Hpn nomomn 25 +nemen-
rapntx xueek 127 nron perncrpa npenpamamrcx n onn nr noroka knmuen. V kaxon xuenkn 5 nxoon n onn
ntxo:
f(x
l
, x
2
, x
3
, x
4
, x
5
) x
l
x
2
(x
l
x
3
) (x
2
x
4
x
5
) (x
l
x
4
) (x
2
x
3
) x
5
Kaxtn ntxo |ynknnn nonepraercx onepannn XOR c nekoroptm nrom knmua. Kpome roro, cymecrnyer
cekpernax nepecranonka, sanncxmax or konkpernon peannsannn n ne onncannax n crartxx nopono . 3ror anro-
pnrm ocrynen rontko n annaparnom nne.
Fesonacen nn on? ne ynepen. Px nnrepecntx |akcon, nepeanaemtx mexy nonnnencknmn yuacrkamn, nn o-
ra noxnnxncx n nnepantntx raserax. 3ro nnonne morno trt pesyntrarom amepnkanckon, anrnnnckon nnn cone r-
ckon pasnetnarentnon exrentnocrn. Pocc Anepcon (Ross Anderson) npenpnnxn px nepntx maron, kpnnroa-
nannsnpyx +ror anropnrm n |46], x ymam, uro ckopo noxnxrcx nonte pesyntrart.
16.8 Rambutan
Rambutan - +ro anrnnncknn anropnrm, paspaoranntn Communications Electronics Security Croup ( Ipynna no
esonacnocrn +nekrponntx kommynnkannn, ono ns oennennn, ncnontsonannoe CCHQ). On npoaercx rontko n
nne annaparnoro moynx n oopen nx samnrt okymenron nnnort o rpn|a "Kon|nennnantno" . Cam anro-
pnrm sacekpeuen, n mnkpocxema ne npenasnauena nx mnpokon kommepueckon npoaxn .
Rambutan ncnontsyer 112-nrontn knmu (nnmc nrt uernocrn) n moxer paorart rpex pexnmax: ECB, CBC,
n 8-nrontn CEB. 3ro cnntntn aprymenr n nontsy roro, uro +ror anropnrm - nountn, no cnyxn yrnepxamr
nnoe. Hpenonoxnrentno +ro norokontn mn|p c LESR. V nero nxrt npnnnsnrentno 80-nrontx cnnrontx p e-
rncrpon pasnnunon nnnt. Honnnomt oparnon cnxsn snaunrentno npopexent, n kaxom ns nnx ncero nnmt 10
ornoon. Kaxtn cnnrontn perncrp oecneunnaer uertpe nxoa nx ouent ontmon n cnoxnon nennnennon
|ynknnn, koropax n ntaer enncrnenntn nr .
Houemy Rambutan? Bosmoxno ns-sa |pykra, koroptn konmunn n nenpncrynntn cnapyxn, no mxrknn n ne x-
ntn nnyrpn. Ho c pyron cropont nnkakon npnunnt moxer n ne trt .
16.9 Appn1nnnme renepa1opm
An1nnnme renepa1opm (nnora nastnaemte sanastnammnmn reneparopamn unonaun ) ouent +||ek-
rnnnt, rak kak nx pesyntrarom xnnxmrcx cnyuannte cnona, a ne cnyuannte nrt |863]. Camn no cee onn ne
esonacnt, no nx moxno ncnontsonart n kauecrne cocranntx nokon nx esonacntx reneparopon .
Hauantnoe cocroxnne reneparopa npecrannxer coon maccnn n-nrontx cnon: 8-nrontx cnon, 16-nrontx
cnon, 32-nrontx cnon, n r..: X
1
, X
2
, X
3
, ..., X
m
. 3ro nepnonauantnoe cocroxnne n xnnxercx knmuom. i-oe cnono
reneparopa nonyuaercx kak
X
i
(X
i-=
X
i->
X
i-?
X
i-
) mod 2
n
Hpn npannntnom ntope ko+||nnnenron a, b, c, . . . , m nepno +roro reneparopa ne mentme 2
n
-1. Onnm ns
rpeonannn k ko+||nnnenram xnnxercx ro, uro mnamnn snauamnn nr opasyer LESR makcnmantnon nnnt.
Hanpnmep, (55,24,0) - +ro npnmnrnnntn mnorounen mod 2 ns 14-n. 3ro osnauaer, uro nnna cneymmero an-
rnnnoro reneparopa makcnmantna.
X
i
(X
i-55
X
i-24
) mod 2
n
3ro paoraer, rak kak y npnmnrnnnoro mnorounena rpn ko+||nnnenra . Ecnn t nx tno ontme, nx nonyue-
nnx makcnmantnon nnnt norpeonannct t ononnnrentnte ycnonnx . Hoponocrn moxno nanrn n |249].
Fish
Eish - +ro anrnnntn reneparop, ocnonanntn na meroax, ncnontsyemtx n npopexnnaemom reneparope |190].
On ntaer norok 32-nrontx cnon, koropte moryr trt ncnontsonant (c nomomtm XOR) c norokom orkptroro
rekcra nx nonyuennx mn|porekcra nnn c norokom mn|porekcra nx nonyuennx orkptroro rekcra . Hasnanne anro-
pnrma npecrannxer coon cokpamenne or Eibonacci shrinking generator - npopexnnaemtn reneparop unonaun.
Bo nepntx ncnontsynre na cneymmnx anrnnntx reneparopa . Knmuom xnnxercx nauantnte cocroxnnx +rnx
reneparopon.
A
i
(A
i-55
A
i-24
) mod 2
32
B
i
(B
i-52
B
i-19
) mod 2
32
3rn nocneonarentnocrn npopexnnamrcx nonapno n sanncnmocrn or mnamero snauamero nra B
i
: ecnn ero
snauenne panno 1, ro napa ncnontsyercx, ecnn 0 - nrnopnpyercx . C
f
- +ro nocneonarentnocrt ncnontsyemtx cnon
Ai, a D
f
- +ro nocneonarentnocrt ncnontsyemtx cnon B
i
. nx renepannn nyx 32-nrontx cnon-pesyntraron K
2f
n
K
2f1
+rn cnona ncnontsymrcx napamn - C
2f
, C
2f1
, D
2f
, D
2f1
.
E
2f
C
2f
(D
2f
, D
2f1
)
F
2f
D
2f1
(E
f
, C
2f1
)
K
2f
E
2f
F
2f
K
2f1
C
2f1
F
2f
3ror anropnrm tcrp. na nponeccope i486/33 peannsannx Eish na xstke C mn|pyer annte co ckopocrtm
15-Mnr/c. K coxanennm on rakxe ne esonacen, nopxok nckptrnx cocrannxer okono 2
40
|45].
Pike
Pike - +ro oenennax n ypesannax nepcnx Eish, npenoxennax Poccom Anepconom, rem, kro nsnoman Eish
|45]. On ncnontsyer rpn anrnnntx reneparopa . Hanpnmep:
A
i
(A
i-55
A
i-24
) mod 2
32
B
i
(B
i-57
B
i-7
) mod 2
32
C
i
(C
i-58
C
i-19
) mod 2
32
nx renepannn cnona noroka knmuen nsrnxnnre na nrt nepenoca npn cnoxennn . Ecnn nce rpn onnakont (nce
nynn nnn nce ennnnt), ro rakrnpymrcx nce rpn reneparopa. Ecnn ner, ro rakrnpymrcx rontko na connaammnx
reneparopa. Coxpannre nrt nepenoca nx cneymmero pasa. Okonuarentntm ntxoom xnnxercx XOR ntxoon
rpex reneparopon.
Pike tcrpee Eish, rak kak n cpenem nx nonyuennx pesyntrara nyxno 2.75 encrnnx, a ne 3. On rakxe cnnm-
kom non, urot emy onepxrt, no ntrnxnr ouent nennoxo.
Mush
Mush npecrannxer coon nsanmno npopexnnammnn reneparop . Ero paory oxcnnrt nerko |1590]. Bostmem
na anrnnntx reneparopa: A n B. Ecnn nr nepenoca A ycranonnen, rakrnpyercx B. Ecnn nr nepenoca B ycra-
nonnen, rakrnpyercx A. Takrnpyem A n npn nepenonnennn ycranannnnaem nr nepenoca. Takrnpyem B n npn nepe-
nonnennn ycranannnnaem nr nepenoca. Okonuarentntm ntxoom xnnxercx XOR ntxoon A n B. Hpome ncero
ncnontsonart re xe reneparopt, uro n n Eish:
A
i
(A
i-55
A
i-24
) mod 2
32
B
i
(B
i-52
B
i-19
) mod 2
32
B cpenem nx renepannn onoro ntxonoro cnona nyxno rpn nrepannn reneparopa . H ecnn ko+||nnnenrt
anrnnnoro reneparopa ntpant npannntno n xnnxmrcx nsanmno npocrtmn, nnna ntxonon nocneonarentn o-
crn yer makcnmantna. Mne nensnecrno o ycnemntx nckptrnxx, no ne satnanre, uro +ror anropnrm ouent non .
16.10 Gifford
+nn xn||op (David Gifford) nsopen norokontn mn|p n ncnontsonan ero nx mn|ponannx cnook non o-
cren n panone Focrona c 1984 no 1988 ro |608, 607, 609]. Anropnrm ncnontsyer enncrnenntn 8-anrontn p e-
rncrp: b
0
, b
1
, . . . , b
7
. Knmuom xnnxercx nauantnoe cocroxnne perncrpa . Anropnrm paoraer n pexnme OEB, or-
kptrtn rekcr aconmrno ne nnnxer na paory anropnrma . (Cm. -1-n).
P
K
C
Cpoc
4yukun
eLxopa
Cpeur
enpaeo ua
1 uf "c
npukneuea
uuer"
Cpeur eneeo
ua 1 uf
Pnc. 16-17. Gifford.
nx renepannn anra knmua k
i
oennnm b
0
n b
1
, a rakxe oennnm b
4
n b
7
. Hepemnoxnm nonyuennte unc-
na, nonyuax 32-nronoe uncno. Tpertnm cnena anrom n yer k
i
.
nx ononnennx perncrpa nostmem b
1
n cnnnem nnpano "c npnknennannem" na 1 nr cneymmnm opasom:
kpannnn nentn nr ononpemenno n cnnraercx, n ocraercx na mecre . Bostmem b
7
n cnnnem ero na onn nr nne-
no, n kpannen npanon nosnnnn onxen noxnnrtcx 0 . Btnonnnm XOR nsmenennoro b
1
, nsmenennoro b
7
n b
0
. Cnn-
nem nepnonauantntn anr perncrpa na 1 nr nnpano n nomecrnm +ror anr n kpannmm nenym nosnnnm .
B reuenne ncero npemenn ncnontsonannx +ror anropnrm ocranancx esonacntm, no on tn nsnoman n 1994 roy
|287]. Okasanoct, uro mnorounen oparnon cnxsn ne tn npnmnrnnntm n, raknm opasom, mor trt nckptr .
16.11 Anropn1u M
3ro nasnanne ano Knyrom |863]. Anropnrm npecrannxer coon cnoco oennnrt neckontko ncenocnyua n-
ntx norokon, ynennunnax nx esonacnocrt. Btxo onoro reneparopa ncnontsyercx nx ntopa orcrammero n t-
xoa pyroro reneparopa |996, 1003]. Ha xstke C:
#define ARR_SIZE (8192) /* nanpwmep - uem onsme, iem nyume */
static unsigned char delay[ ARRSIZE ] ;
unsigned char prngA( void )
long prngB( void ) ;
void init_algM( void ) {
long i ;
for ( i = 0 ; i < ARR_SIZE ; i++ )
delay[i] = prngA() ;
} /* lnlt_algM */
unsigned char alglM( void ) {
long j,v ;
j = prngB() % ARR_SIZE ; /* nonyuwis wnzexc delay[]*/
v = delay[j] ; /* nonyuwis sosspamaemoe snauenwe */
delay[j] = prngA() ; /* samenwis ero */
return ( v ) ;
} /* algM */
Cmtcn cocronr n rom, uro ecnn prngA - encrnnrentno cnyuanno, nenosmoxno nnuero ysnart o prngB (n, cne-
onarentno, nenosmoxno ntnonnnrt kpnnroananns ). Ecnn prngA nmeer rakon nn, uro ero kpnnroananns moxer
trt ntnonnen rontko, ecnn ero ntxo ocrynen n cnom ouepet (r.e., rontko ecnn cnauana tn ntnonnen kpnn-
roananns prngB), a n npornnnom cnyuae ono no cyrn encrnnrentno cnyuanno, ro +ra komnnannx onxna trt
esonacnon.
16.12 PKZIP
Anropnrm mn|ponannx, ncrpoenntn n nporpammy cxarnx anntx PKZIP, tn paspaoran Poxepom Bna|nt
(Roger Schlafly). 3ro norokontn mn|p, mn|pymmnn annte noanrno . Ho kpannen mepe +ror anropnrm ncnont-
syercx n nepcnn 2.04g. ne mory nnuero ckasart o onee nosnnx nepcnxx, no ecnn ne tno cenano nnkaknx s a-
xnnennn o oparnom, moxno cunrart c ontmon nepoxrnocrtm, uro anropnrm ne nsmennncx . Anropnrm ncnontsy-
er rpn 32-nrontx nepemenntx, nnnnnannsnponanntx cneymmnm opasom :
K
0
305419896
K
1
591751049
K
2
878082192
Hcnontsyercx 8-nrontn knmu K
3
, nonyuenntn ns K
2
. Bor +ror anropnrm (n cranaprnon norannn C):
C
i
P
i
K
3
K
0
crc32 (K
0
, P
i
)
K
1
K
1
(K
0
& 0x000000ff)
K
1
K
1
*134775813 1
K
2
crc32 (K
2
, K
1
~~ 24)
K
3
((K
2
2)* ((K
2
2)1)) ~~ 8
uynknnx crc32 eper cnoe npetymee snauenne n anr, ntnonnxer nx XOR n ntuncnxer cneymmee snauenne
c nomomtm mnorounena CRC, onpeenennoro 0xedb88320. Ha npakrnke 256-+nemenrnax rannna moxer trt pac-
cunrana sapanee, n ntuncnenne crc32 npenpamaercx n:
crc32 (a, b) (a ~~ 8) table |(a & 0xff) b ]
Tannna paccunrtnaercx n coornercrnnn c nepnonauantntm onpeenennem crc32:
table |i] crc32 (i, 0)
nx mn|ponannx noroka orkptroro rekcra cnauana nx ononnennx knmuen sannknnm anrt knmua n anr o-
pnrme mn|ponannx. Honyuenntn mn|porekcr na +rom +rane nrnopnpyercx . 3arem noanrno samn|pyem orkpt-
rtn rekcr. Orkptromy rekcry npemecrnymr nenanart cnyuanntx anron, no +ro na camom ene nenaxno . e-
mn|pnponanne noxoxe na mn|ponanne sa ncknmuennem roro, uro no nropom encrnnn anropnrma nmecro P
i
nc-
nontsyercx C
i
.
Besonacuocmo PKZIP
K coxanennm ona ne cnnmkom nennka. nx nckptrnx nyxno or 40 o 2000 anron nsnecrnoro orkptroro re k-
cra, npemennax cnoxnocrt nckptrnx cocrannr okono 2
27
|166]. Ha namem nepconantnom komntmrepe +ro moxno
cenart sa neckontko uacon. Ecnn n cxarom |anne ncnontsymrcx kakne-nnyt cranaprnte sarononkn, nonyu e-
nne nsnecrnoro orkptroro rekcra ne npecrannxer coon nponemt . He ncnontsynre ncrpoennoe n PKZIP mn|po-
nanne.
Fnana 17
pyrne no1okonme mnqpm n renepa1opm nac1onmnx cnyuanmx no-
cnepona1enunoc1e
17.1 RC4
RC4 - +ro norokontn mn|p c nepemenntm pasmepom knmua, paspaoranntn n 1987 roy Ponom Pnnecrom nx
RSA Data Security, Inc. B reuenne cemn ner on naxonncx n uacrnon cocrnennocrn , n noponoe onncanne anro-
pnrma npeocrannxnoct rontko nocne nonncannx cornamennx o nepasrnamennn .
B cenrxpe 1994 kro-ro anonnmno onynnkonan ncxontn ko n cnncke pacctnkn "Knepnankn"
(Cypherpunks). On tcrpo pacnpocrpannncx n renekon|epennnnn Usenet sci.crypt n uepes Internet no pasnnuntm
ftp-cepnepam no ncem mnpe. Onaarenn nerantntx konnn RC4 ocronepnocrt +roro koa. RSA Data Security, Inc.
nontranact sarnart xnnna oparno n yrtnky, yrnepxax, uro necmorpx na onynnkonanne anropnrm ocraercx
roprontm cekperom, tno cnnmkom nosno. C rex nop anropnrm ocyxancx n nsyuancx n Usenet, pacnpocrpanxn-
cx na kon|epennnxx n cnyxnn n kauecrne yuenoro noconx na kypcax no kpnnrorpa|nn .
Onnctnart RC4 npocro. Anropnrm paoraer n pexnme OEB: norok knmuen ne sanncnr or orkptroro rekcra .
Hcnontsyercx S-nok pasmepom 8*8: S
0
, S
1
, . . . , S
255
. 3nemenrt npecrannxmr coon nepecranonky uncen or 0 o
255, a nepecranonka xnnxercx |ynknnen knmua nepemennon nnnt . B anropnrme npnmenxmrcx na cuerunka, i n f,
c nynentmn nauantntmn snauennxmn.
nx renepannn cnyuannoro anra ntnonnxercx cneymmee :
i (i 1) mod 256
f (f S
i
) mod 256
nomenxrt mecramn S
i
n Sf
t (S
i
S
f
) mod 256
K S
t
Fanr K ncnontsyercx n onepannn XOR c orkptrtm rekcrom nx nonyuennx mn|porekcra nnn n onepannn XOR
c mn|porekcrom nx nonyuennx orkptroro rekcra . Bn|ponanne ntnonnxercx npnmepno n 10 pas tcrpee, uem
DES.
Takxe necnoxna n nnnnnannsannx S-noka. Cnauana sanonnnm ero nnnenno: S
0
0, S
1
1, . . . , S
255
255. 3a-
rem sanonnnm knmuom pyron 256-anrontn maccnn, npn neoxonmocrn nx sanonnennx ncero maccnna nonropxx
knmu: K
0
, K
1
, . . . , K
255
. Vcranonnm snauenne nnekca f panntm 0. 3arem:
for i 0 to 255:
f (f S
i
K
i
) mod 256
nomenxrt mecramn S
i
n S
f
H +ro nce. RSADSI yrnepxaer, uro anropnrm ycronunn k n||epennnantnomy n nnnennomy kpnnroanannsy ,
uro, no-nnnmomy, n nem ner nnkaknx koporknx nnknon, n uro on n ntcokon crenenn nennneen . (Onynnkonanntx
kpnnroanannuecknx pesyntraron ner. RC4 moxer naxonrtcx n npnmepno 2
1700
(256! * 256
2
) nosmoxntx cocrox-
nnn: nenepoxrnoe uncno.) S-nok menenno nsmenxercx npn ncnontsonannn: i oecneunnaer nsmenenne kaxoro
+nemenra, a f - uro +nemenrt nsmenxmrcx cnyuanntm opasom. Anropnrm nacrontko necnoxen, uro ontmnncrno
nporpammncron moryr sakonponart ero npocro no namxrn .
3ry nem moxno oomnrt na S-nokn n cnona ontmnx pasmepon. Btme tna onncana 8-nronax nepcnx
RC4. Her npnunn, no koroptm nentsx t tno onpeennrt 16-nrontn RC4 c 16*16 S-nokom (100 K namxrn) n
16-nrontm cnonom. Hauantnax nrepannx sanmer namnoro ontme npemenn - nx coxpanennx npnneennon cxemt
nyxno sanonnnrt 65536-+nemenrntn maccnn - no nonyunnmnncx anropnrm onxen trt tcrpee .
RC4 c knmuom nnnon ne onee 40 nron onaaer cnennantntm +kcnoprntm crarycom (cm. pasen 13.8). 3ror
cnennantntn craryc nnkak ne nnnxer na esonacnocrt anropnrma, xorx n reuenne mnornx ner RSA Data Security,
Inc. namekano na oparnoe. Hasnanne anropnrma xnnxercx ropronon mapkon, no+romy kaxtn, kro nannmer coc r-
nenntn ko, onxen nasnart ero kak-ro nnaue . Pasnnunte nnyrpennne okymenrt RSA Data Security, Inc. o cnx
nop ne tnn onynnkonant |1320, 1337].
Hrak, kakona xe cnryannx nokpyr anropnrma RC4? On ontme ne xnnxercx roprontm cekperom, no+romy kro
yrono nmeer nosmoxnocrt nocnontsonartcx nm. Onako RSA Data Security, Inc. nourn nanepnxka nosynr eno
npornn kaxoro, kro npnmennr nennnensnponanntn RC4 n kommepueckom npoykre. Bosmoxno nm n ne yacrcx
ntnrpart nponecc, no nourn nanepnxka nx pyron komnannn emenne kynnrt nnnensnm, uem cynrtcx .
RC4 nxonr n ecxrkn kommepuecknx npoykron, nknmuax Lotus Notes, AOCE komnannn Apple Computer n and
Oracle Secure SQL. 3ror anropnrm rakxe xnnxercx uacrtm cnenn|nkannn Coronon nn|ponon nakernon nepeaun
anntx (Cellular Digital Packet Data) |37].
17.2 SEAL
SEAL - +ro nporpammno +||ekrnnntn norokontn mn|p, paspaoranntn n IBM unnom Por+n+em (Phil Roga-
way) n onom Konnepcmnrom (Don Coppersmith) |1340]. Anropnrm onrnmnsnponan nx 32-nrontx nponeccopon :
nx nopmantnon paort emy nyxno nocemt 32-nrontx perncrpon n k+m-namxrt na neckontko knnoanr . urot
nsexart nnnxnnx ncnontsonannx menenntx onepannn SEAL ntnonnxer px npenapnrentntx encrnnn c kn m-
uom, coxpanxx pesyntrart n neckontknx rannnax . 3rn rannnt ncnontsymrcx nx yckopennx mn|ponannx n e-
mn|pnponannx.
Ceecmeo nceeo cuyuaumx qyuruu
Ocoennocrtm SEAL xnnxercx ro, uro on n encrnnrentnocrn xnnxercx ne rpannnonntm norokontm mn|pom,
a npecrannxer coon ceuenc1no ncenocnyuannmx qynxnnn. Hpn 160-nronom knmue k n 32-nronom n SEAL
pacrxrnnaer n n L-nronym crpoky k(n). L moxer npnnnmart nmoe snauenne, mentmee 64 Kanr . SEAL, no nnn-
momy, ncnontsyer cneymmee cnoncrno: ecnn k ntnpaercx cnyuanntm opasom, ro k(n) onxno trt ntuncnn-
rentno neornnunmo or cnyuannon L-nronon |ynknnn n.
Hpakrnuecknn +||ekr roro, uro SEAL xnnxercx cemencrnom ncenocnyuanntx |ynknnn, cocronr n rom, uro on
yoen n pxe npnnoxennn, re nenpnmennmt rpannnonnte norokonte mn|pt . Hcnontsyx ontmnncrno noro-
kontx mn|pon, nt cosaere ononanpannennym nocneonarentnocrt nron : enncrnenntm cnocoom onpeennrt
i-tn nr, snax knmu n nosnnnm i, xnnxercx renepnponanne ncex nron nnnort o i-oro. Ornnune cemencrna nceno-
cnyuanntx |ynknnn cocronr n rom, uro nt moxere nerko nonyunrt ocryn k nmon nosnnnn noroka knmuen . 3ro
ouent nonesno.
Hpecrannm cee, uro nam nyxno "sakptrt" xecrknn nck . Bt xornre samn|ponart kaxtn 512-anrontn
cekrop. Hcnontsyx cemencrno ncenocnyuanntx |ynknnn, noonoe SEAL, coepxnmoe cekropa n moxno samn|-
ponart, ntnonnnn ero XOR c k(n). 3ro ro xe camoe, kak ecnn t tna ntnonnena onepannx XOR ncero ncka c
nnnnon ncenocnyuannon |ynknnen, n nmax uacrt +ron nnnnon crpokn moxer trt nesanncnmo ntuncnena es
ncxknx nponem.
Cemencrno ncenocnyuanntx |ynknnn rakxe ynpomaer nponemy cnnxponnsannn, ncrpeuammymcx n cra n-
aprntx norokontx mn|pax. Hpenonoxnm, uro nt noctnaere mn|ponannte coomennx no kanany, n koropom
annte nnora repxmrcx. C nomomtm cemencrna ncenocnyuanntx |ynknnn moxno samn|ponart knmuom k n-oe
nepeanaemoe coomenne, x
n
, ntnonnnn XOR x
n
and k(n). Honyuarenm ne nyxno xpannrt cocroxnne mn|pa nx
noccranonnennx x
n
, emy ne npnxonrcx ecnokonrtcx n o norepxnntx coomennxx, nnnxmmnx na nponecc emn |-
pnponannx.
Onucauue SEAL
Bnyrpennnn nnkn SEAL nokasan na 16th. Anropnrm ynpannxercx rpemx nonyuenntmn ns knmua rannnamn: R,
S n T. Hpenapnrentnax opaorka oropaxaer knmu k na +rn rannnt c nomomtm nponeypt, ocnonannon na
SHA (cm. pasen 18.7). 2-knnoanrnax rannna T npecrannxer coon S-nok 9*32 nron.
160
a
T
S
R
M
1
Huuua-
nusaun
Cospauue
fanu
(
SHA)
6
l
32
M2
M3 M
64
B
1
B2 B3 B63 B64
Pnc. 17-1. Bny1pennnn nnxn SEAL.
SEAL rakxe ncnontsyer uertpe 32-nrontx perncrpa , A, B, C n D, nauantnte snauennx koroptx onpeenxmr-
cx n n nonyuenntmn no k rannnamn R n T. 3rn perncrpt nsmenxmrcx n xoe nrepannn, kaxax ns koroptx c o-
cronr ns noctmn +ranon. Ha kaxom +rane 9 nron nepnoro perncrpa (nce panno A, B, C nnn D) ncnontsymrcx n
kauecrne nnekca rannnt T. 3arem ntpannoe ns T snauenne cknatnaercx co nroptm perncrpom (cnona onomy
ns A, B, C nnn D) nnn oennxercx c ero coepxnmtm c nomomtm XOR. Horom nepntn perncrp nnknnueckn
cnnraercx na 9 nosnnnn. Ha nekoroptx +ranax nropon perncrp anee mon|nnnpyercx c nomomtm cnoxennx nnn
XOR c coepxnmtm nepnoro perncrpa (yxe cnnnyrtm) . Hocne 8 raknx +ranon A, B, C n D oannxmrcx k noroky
knmuen, npn +rom kaxtn ns nnx macknpyercx cnoxennem nnn XOR c onpeenenntm cnonom ns S. Hrepannx sa-
nepmaercx npnannennem k A n C ononnnrentntx snauennn, sanncxmnx or n, n
1
, n
2
, n
3
, n
4
, ntop konkpernoro
snauennx onpeenxercx uernocrtm nomepa nrepannn . Ho nnnmomy, npn paspaorke +ron cxemt rnanntmn tnn
cneymmne nen:
1. Hcnontsonanne ontmoro, cekpernoro, nonyuaemoro ns knmua S-noka (T).
2. uepeymmnecx nekommyrnpyemte apn|mernueckne onepannn (cnoxenne n XOR).
3. Hcnontsonanne nnyrpennero cocroxnnx, noepxnnaemoro mn|pom, koropoe ne npoxnnxercx xnno n n o-
roke anntx (snauennx ni, koropte mon|nnnpymr A n C n konne kaxon nrepannn).
4. Hsmenenne |ynknnn +rana n coornercrnnn c nomepom +rana n nsmenenne |ynknnn nrepannn n coorne r-
crnnn c nomepom nrepannn.
nx mn|ponannx kaxoro anra rekcra SEAL rpeyer okono nxrn +nemenrapntx onepannn. Ha 50-
merarepnonom nponeccope i486 on paoraer co ckopocrtm 58 Mnr/c. SEAL nosmoxno xnnxercx camtm tcrptm
ns onncanntx n +ron knnre.
C pyron cropont SEAL onxen ntnonnnrt npenapnrentnym opaorky, sanonnxx nnyrpennne rannnt .
Pasmep +rnx rannn cocrannxer npnmepno 3 Kanr , a nx nx pacuera nyxno npnmepno 200 ntuncnennn SHA. Ta-
knm opasom, SEAL ne noxonr nx rex cnyuaen, kora ne xnaraer npemenn nx opaorkn knmua nnn namxrn
nx xpanennx rannn.
Besonacuocmo SEAL
SEAL ocrarouno nontn anropnrm, emy eme npecronr nponrn uepes ropnnno orkptroro kpnnroanannsa . 3ro
ntstnaer onpeenennym nacropoxennocrt. Onako SEAL kaxercx xopomo npoymanntm anropnrmom. Ero oco-
ennocrn, n koneunom cuere, nanonnent cmtcnom. K romy xe on Konnepcmnr cunraercx nyumnm kpnnroanan n-
rnkom n mnpe.
Hameumm u uuueusuu
SEAL sanarenronan |380]. Ho nonoy nnnensnponannx nyxno opamartcx k Vnpannxmmemy no nnnensnxm
IBM ( Director of Licenses, IBM Corporation, 500 Columbus Ave., Thurnwood, NY, 10594 ).
17.3 WAKE
WAKE - cokpamenne or Word Auto Key Encryption (Anromarnueckoe mn|ponanne cnon knmuom)- +ro anr o-
pnrm, npnymanntn +nnom Vnnepom (David Wheeler) |1589]. On ntaer norok 32-nrontx cnon, koropte c
nomomtm XOR moryr trt ncnontsonant nx nonyuennx mn|porekcra ns orkptroro rekcra nnn orkptroro rekcra
ns mn|porekcra. 3ro tcrptn anropnrm.
WAKE paoraer n pexnme CEB, nx renepannn cneymmero cnona knmua ncnontsyercx npetymee cnono
mn|porekcra. Anropnrm rakxe ncnontsyer S-nok ns 256 32-nrontx snauennn. 3ror S-nok onaaer onnm
ocotm cnoncrnom: Crapmnn anr ncex +nemenron npecrannxer coon nepecranonky ncex nosmoxntx anron, a 3
mnamnx anra cnyuannt.
Cnauana no knmuy crenepnpyem +nemenrt S-noka, S
i
. 3arem nponnnnnannsnpyem uertpe perncrpa c ncnon t-
sonannem roro xe nnn nnoro knmua: a
0
, b
0
, c
0
n d
0
. nx renepannn 32-nronoro cnona noroka knmuen K
i
.
K
i
d
i
Cnono mn|porekcra C
i
npecrannxer coon XOR cnona orkptroro rekcra P
i
c K
i
. 3arem ononnm uertpe pern-
crpa:
a
i1
M(a
i
,d
i
)
>
i1
M(>
i
,a
i1
)
?
i1
M(?
i
,b
i1
)
@
i1
M(@
i
,c
i1
)
uynknnx M npecrannxer coon
M(x,v) (x v) ~~ 8 S
(x v)255
Cxema anropnrma nokasana na 15-n. 3nak ~~ oosnauaer otuntn, ne nnknnuecknn cnnr nnpano . Mnamne 8
nron xv xnnxmrcx nxoom S-noka. Vnnep npnnonr nponeypy renepannn S-noka, no na camom ene ona ne-
nonna. Fyer paorart nmon anropnrm renepannn cnyuanntx anron n cnyuannon nepecranonkn .
K
C P
A
M
B
M
C
M
D
M
Pnc. 17-2. WAKE.
Camtm nenntm kauecrnom WAKE xnnxercx ero ckopocrt. Onako on uyncrnnrenen k nckptrnm c ntpanntm
orkptrtm rekcrom nnn ntpanntm mn|porekcrom. 3ror anropnrm ncnontsonancx n npetymen nepcnn anrnn n-
pycnon nporpammt -pa Conomona.
17.4 Cpnnronme pernc1pm c opa1no cnnsum no nepenocy
Cnnrontn perncrp c oparnon cnxstm no nepenocy , nnn ECSR (feedback with carry shift register ), noxox na
LESR. B oonx ecrt cnnrontn perncrp n |ynknnx oparnon cnxsn, pasnnna n rom, uro n ECSR ecrt rakxe perncrp
nepenoca (cm. 14-n). Bmecro ntnonnennx XOR na ncemn nramn ornonon nocneonarentnocrn +rn nrt ckn a-
tnamrcx pyr c pyrom n c coepxnmtm perncrpa nepenoca . Pesyntrar mod 2 n cranonnrcx nontm nrom. Pe-
syntrar, enenntn na 2, cranonnrcx nontm coepxnmtm perncrpa nepenoca .
>
>
-1
. . . >
4
>
3
>
2
>
1
Cyrra
div 2
CpeuroeL perucfp
Cyrra
mod 2
BLxopuo uf
Cyrra
Pnc. 17-3. Cnnronmn pernc1p c opa1non cnusnm no nepenocy.
Ha 13-n npnneen npnmep 3-nronoro ECSR c ornernnennxmn n nepnon n nropon nosnnnxx. Hycrt ero nauant-
noe snauenne 001, a nauantnoe coepxnmoe perncrpa nepenoca panno 0. Btxoom yer xnnxercx kpannnn npantn
nr cnnronoro perncrpa.
Cnnrontn perncrp Perncrp nepenoca
0 0 1 0
1 0 0 0
0 1 0 0
1 0 1 0
1 1 0 0
1 1 1 0
0 1 1 1
1 0 1 1
0 1 0 1
0 0 1 1
0 0 0 1
1 0 0 0
>
3
>
2
>
1
Cyrra
div 2
Cyrra
mod 2
BLxopuo uf
Cyrra
Pnc. 17-4. !n1onmn FCSR.
3amernm, uro koneunoe nnyrpennee cocroxnne (nknmuax coepxnmoe perncrpa nepenoca) connaaer co nroptm
nnyrpennnm cocroxnnem. C +roro momenra nocneonarentnocrt nnknnueckn nonropxercx c nepnoom, panntm 10 .
Cronr ynomxnyrt n eme o neckontknx momenrax . Bo nepntx, perncrp nepenoca xnnxercx ne nrom, a uncnom.
Pasmep perncrpa nepenoca onxen trt ne mentme log
2
t, re t - +ro uncno ornernnennn. B npetymem npnmepe
rontko rpn ornernnennx, no+romy perncrp nepenoca ononrontn . Ecnn t tno uertpe ornernnennx, ro perncrp
nepenoca cocroxn t ns nyx nron n mor npnnnmart snauennx 0, 1, 2 nnn 3.
Bo nroptx, cymecrnyer nauantnax saepxka npexe, uem ECSR nepener n nnknnuecknn pexnm. B npety-
mem npnmepe nnkora ne nonropxercx rontko ono cocroxnne . nx ontmnx n onee cnoxntx ECSR saepxka
moxer trt ontme.
B rpertnx, makcnmantntn nepno ECSR ne 2
n-1
, re n - nnna cnnronoro perncrpa. Makcnmantntn nepno
panen q-1, re q - +ro nenoe uncno cnusn. 3ro uncno saaer ornernnennx n onpeenxercx kak :
q 2q
l
2
2
q
2
2
3
q
3
. . . 2
n
q
n
-1
(a, q
i
orcunrtnamrcx cnena nanpano.) H axe xyxe, q onxno trt npocrtm uncnom, nx koroporo 2 xnnxe r-
cx npnmnrnnntm kopnem. B antnenmem npenonaraercx, uro q yonnernopxer +romy ycnonnm.
B npnneennom npnmepe q 2*0 4*1 8*1 - 1 11. 11 - +ro npocroe uncno, npnmnrnnntm kopnem korop o-
ro xnnxercx 2. Po+romy makcnmantntn nepno panen 10.
He nce nauantnte cocroxnnx amr makcnmantntn nepno . Hanpnmep, paccmorpnm ECSR c nauantntm snaue-
nnem 101 n perncrpom nepenoca, ycranonnenntm n 4.
Cnnrontn perncrp Perncrp nepenoca
1 0 1 4
1 1 0 2
1 1 1 1
1 1 1 1
C +roro momenra perncrp ntnnentnaer eckoneunym nocneonarentnocrt ennnn .
hmoe nauantnoe cocroxnne npnnonr k onon ns uertpex cnryannn . Bo nepntx, ono moxer trt uacrtm mak-
cnmantnoro nepnoa. Bo nroptx, ono moxer nepenrn n nocneonarentnocrt makcnmantnoro nepnoa nocne n a-
uantnon saepxkn. B rpertnx, nocne nauantnon saepxkn ono moxer noponrt eckoneunym nocneonarentnocrt
nynen. B uerneprtx, nocne nauantnon saepxkn ono moxer noponrt eckoneunym nocneonarentnocrt ennnn .
nx onpeenennx, uem sakonunrcx konkpernoe nauantnoe cocroxnne, cymecrnyer maremarnueckax |opmyna, no
namnoro npome nponepnrt +ro ontrntm nyrem. 3anycrnre na nekoropoe npemx ECSR. (Ecnn m - +ro nauantntn
oem namxrn, a t - konnuecrno ornernnennn, ro ocrarouno log
2
(t) log
2
(m) 1 rakron.) Ecnn ntxonon norok
ntpoxaercx n eckoneunym nocneonarentnocrt nynen nnn ennnn sa n nron, re n - +ro nnna ECSR, ne nc-
nontsynre +ro nauantnoe cocroxnne. B npornnnom cnyuae ero moxno ncnontsonart . Tak kak nauantnoe cocroxnne
ECSR coornercrnyer knmuy norokonoro mn|pa, +ro osnauaer, uro px knmuen reneparopa na ase ECSR yyr
cnatmn.
B 16-n nepeuncnent nce nente uncna cnxsn, mentmne 10000, nx koroptx 2 xnnxercx npnmnrnnntm kopnem .
nx ncex +rnx uncen makcnmantntn nepno panen q-1. urot nonyunrt no onomy ns +rnx uncen nocneonaren t-
nocrt ornernnennn, paccunraem nnapntn cocran q1. Hanpnmep, 9949 aer nocneonarentnocrt ornernnennn n
nosnnnxx 1, 2, 3, 4, 6, 7, 9, 10 n 13, rak kak
9950 2
13
2
10
2
9
2
7
2
6
2
4
2
3
2
2
2
1
B 15-n nepeuncnent ece ornonte nocneonarentnocrn ns uertpex ornernnennn, koropte amr ECSR makcn-
mantnon nnnt nx cnnrontx perncrpon c nnnon 32 nra, 64 nra n 128 nron . q, npocroe uncno, npnmnrnnntm
kopnem koroporo xnnxercx 2, nonyuaercx oennennem ncex uertpex snauennn , a, b, c n d.
q 2
a
2
b
2
c
2
d
- 1
nx cosannx ECSR c nepnoom q - 1 moxno ncnontsonart nmym ns +rnx nocneonarentnocren .
Hex ncnontsonart n kpnnrorpa|nn ECSR nce eme xnnxercx ouent nonon, nnepnte ona tna ntnnnyra 3nn
Knannepom (Andy Klapper) n Mapkom Iopeckn (Mark Goresky) |844, 845, 654, 843, 846]. Takxe, kak ananns LESR
ocnonan na cnoxennn npnmnrnnntx mnorounenon mod 2, ananns ECSR ocnonan na cnoxennn neknx uncen, nast-
naemtx 2-adic. Coornercrnymmax reopnx ntxonr aneko sa npeent +ron knnrn, no n mnpe 2-adic uncen cymecr-
nymr ananorn nx ncero. Touno rakxe, kak onpeenxercx nnnennax cnoxnocrt, moxno onpeennrt n 2-adic cnox-
nocrt. Cymecrnyer 2-adic ananor n nx anropnrma Berlekamp-Massey. 3ro osnauaer, uro nepeuent nosmoxntx
norokontx mn|pon no kpannen mepe ynonncx . Bce, uro moxno enart c LESR, moxno enart n c ECSR.
Cymecrnymr paort, pasnnnammne +ry nem n paccmarpnnammne neckontko perncrpon nepenoca . Ananns +rnx
reneparopon nocneonarentnocren ocnonan na cnoxennn pasnernnenntx pacmnpennn 2-adic uncen |845, 846].
17.5 Do1okonme mnqpm, ncnonusymmne FCSR
Horokonte mn|pt na ase ECSR ne onncant n nnreparype, reopnx nce eme cnnmkom nona . urot kak-ro
"nornart sanna antme" x npenoxy sect neckontko napnanron . oxnartnam na nanpannennx: npenaram noro-
konte mn|pt na ase ECSR, koropte connaamr c panee npenoxenntmn reneparopamn LESR, a rakxe npena-
ram norokonte mn|pt, ncnontsymmne ECSR n LESR ononpemenno. Fesonacnocrt nepnoro napnanra nosmoxno
moxer trt npoanannsnponana c nomomtm 2-adic uncen, reneparopt nroporo napnanra ne moryr trt npoanan n-
snponant c ncnontsonannem anrepanuecknx meroon - nosmoxno nx ananns moxer trt ntnonnen rontko koc-
nenntm opasom. B nmom cnyuae, naxno ntnpart LESR n ECSR c nsanmno npocrtmn nepnoamn.
Bce npner norom. Cenuac mne nensnecrno nn o peannsannn, nn o anannse nn onon ns +rnx nen . Hooxnre
neckontko ner n npocmarpnnanre nnreparypy, npexe uem nt nonepnre n ony ns +rnx nen .
Kacraume eeuepamopm
Cymecrnyer na cnocoa ncnontsonart ECSR n kackantx reneparopax:
Kacka ECSR. Kacka Ionnmanna c ECSR nmecro LESR.
Kacka LESR/ECSR. Kacka Ionnmanna c reneparopamn, menxmmnmn LESR na ECSR n naoopor.
Kouuupoeauume eeuepamopm FCSR
3rn reneparopt ncnontsymr nepemennoe konnuecrno LESR n/nnn ECSR n mnoxecrno |ynknnn, oennxm-
mnx perncrpt. Onepannx XOR paspymaer anrepanueckne cnoncrna ECSR, no+romy nmeer cmtcn ncnontsonart
+ry onepannm nx nx oennennx. Ieneparop, nokasanntn na 12th, ncnontsyer nepemennoe uncno ECSR. Ero
ntxoom xnnxercx XOR ntxoon orentntx ECSR.
pyrnmn reneparopamn, xnnxmmnmncx pasnnrnem ananornuntx nnnnn, xnnxmrcx :
Ieneparop uernocrn ECSR. Bce perncrpt - ECSR, a oennxmmax |ynknnx - XOR.
Ieneparop uernocrn LESR/ECSR. Hcnontsyercx cmect LESR n ECSR, oennxemtx c nomomtm XOR.
Hoporontn reneparop ECSR. Bce perncrpt - ECSR, a oennxmmen |ynknnen xnnxercx maxopnponanne .
Hoporontn reneparop LESR/ECSR. Hcnontsyercx cmect LESR n ECSR, oennxemtx c nomomtm maxo-
pnponannx.
Cymmnpymmnn reneparop ECSR. Bce perncrpt - ECSR, a oennxmmax |ynknnx - cnoxenne c nepenocom.
Cymmnpymmnn reneparop LESR/ECSR. Hcnontsyercx cmect LESR n ECSR, oennxemtx c nomomtm
cnoxennx c nepenocom.
Tan. 17-1.
Henme snauennu cnusn nu FCSR c uaxcnuannnmu nepnoou
2
5
11
13
19
29
37
53
59
61
67
83
101
107
131
139
149
163
173
179
181
197
211
227
269
293
317
347
349
373
379
389
419
421
443
461
467
491
509
523
541
547
557
563
587
613
619
653
659
661
677
701
709
757
773
787
797
821
827
829
853
859
877
883
907
941
947
1019
1061
1091
1109
1117
1123
1171
1187
1213
1229
1237
1259
1277
1283
1291
1301
1307
1373
1381
1427
1451
1453
1483
1493
1499
1523
1531
1549
1571
1619
1621
1637
1667
1669
1693
1733
1741
1747
1787
1861
1867
1877
1901
1907
1931
1949
1973
1979
1987
1997
2027
2029
2053
2069
2083
2099
2131
2141
2213
2221
2237
2243
2267
2269
2293
2309
2333
2339
2357
2371
2389
2437
2459
2467
2477
2531
2539
2549
2557
2579
2621
2659
2677
2683
2693
2699
2707
2741
2789
2797
2803
2819
2837
2843
2851
2861
2909
2939
2957
2963
3011
3019
3037
3067
3083
3187
3203
3253
3299
3307
3323
3347
3371
3413
3461
3467
3469
3491
3499
3517
3533
3539
3547
3557
3571
3581
3613
3637
3643
3659
3677
3691
3701
3709
3733
3779
3797
3803
3851
3853
3877
3907
3917
3923
3931
3947
3989
4003
4013
4019
4021
4091
4093
4099
4133
4139
4157
4219
4229
4243
4253
4259
4261
4283
4349
4357
4363
4373
4397
4451
4483
4493
4507
4517
4547
4603
4621
4637
4691
4723
4787
4789
4813
4877
4933
4957
4973
4987
5003
5011
5051
5059
5077
5099
5107
5147
5171
5179
5189
5227
5261
5309
5333
5387
5443
5477
5483
5501
5507
5557
5563
5573
5651
5659
5683
5693
5701
5717
5741
5749
5779
5813
5827
5843
5851
5869
5923
5939
5987
6011
6029
6053
6067
6101
6131
6173
6197
6203
6211
6229
6269
6277
6299
6317
6323
6373
6379
6389
6397
6469
6491
6547
6619
6637
6653
6659
6691
6701
6709
6733
6763
6779
6781
6803
6827
6829
6869
6883
6899
6907
6917
6947
6949
6971
7013
7019
7027
7043
7069
7109
7187
7211
7219
7229
7237
7243
7253
7283
7307
7331
7349
7411
7451
7459
7477
7499
7507
7517
7523
7541
7547
7549
7573
7589
7603
7621
7643
7669
7691
7717
7757
7789
7829
7853
7877
7883
7901
7907
7933
7949
8053
8069
8093
8117
8123
8147
8171
8179
8219
8221
8237
8243
8269
8291
8293
8363
8387
8429
8443
8467
8539
8563
8573
8597
8627
8669
8677
8693
8699
8731
8741
8747
8803
8819
8821
8837
8861
8867
8923
8933
8963
8971
9011
9029
9059
9173
9181
9203
9221
9227
9283
9293
9323
9341
9349
9371
9397
9419
9421
9437
9467
9491
9533
9539
9547
9587
9613
9619
9629
9643
9661
9677
9733
9749
9803
9851
9859
9883
9901
9907
9923
9941
9949
Tan. 17-2.
O1nonme nocneona1ennnoc1n nu FCSR uaxcnuannnon nnnm
(32, 6, 3, 2)
(32, 7, 5, 2)
(32, 8, 3, 2)
(32, 13, 8, 2)
(32, 13, 12, 2)
(32, 15, 6, 2)
(32, 16, 2, 1)
(32, 16, 3, 2)
(32, 16, 5, 2)
(32, 17, 5, 2)
(32, 19, 2, 1)
(32, 19, 5, 2)
(32, 19, 9, 2)
(32, 19, 12, 2)
(32, 19, 17, 2)
(32, 20, 17, 2)
(32, 21, 9, 2)
(32, 21, 15, 2)
(32,23,8,2)
(32, 23, 21, 2)
(32, 25, 5, 2)
(32, 25, 12, 2)
(32,27,25,2)
(32, 29, 19, 2)
(32, 29, 20, 2)
(32, 30, 3, 2)
(32, 30, 7, 2)
(32, 31, 5, 2)
(32, 31, 9, 2)
(32, 31, 30, 2)
(64, 3, 2, 1)
(64,14,3,2)
(64,15,8,2)
(64, 17, 2, 1)
(64, 17, 9, 2)
(64, 17, 16, 2)
(64, 19, 2, 1)
(64, 19, 18, 2)
(64, 24, 19, 2)
(64, 25, 3, 2)
(64,25,4,2)
(64, 25, 1 1, 2)
(64, 25, 19, 2)
(64, 27, 5, 2)
(64, 27, 16, 2)
(64, 27, 22, 2)
(64, 28, 19, 2)
(64, 28, 25, 2)
(64, 29, 16, 2)
(64, 29, 28, 2)
(64, 31, 12, 2)
(64, 32, 21, 2)
(64, 35, 29, 2)
(64, 36, 7, 2)
(64, 37, 2, 1)
(64, 37, 1 1, 2)
(64,39,4,2)
(64, 39, 25, 2)
(64, 41, 5, 2)
(64, 41, 1 1, 2)
(64,41,27,2)
(64, 43, 21, 2)
(64, 43, 28, 2)
(64, 45, 28, 2)
(64, 45, 41, 2)
(64, 47, 5, 2)
(64, 47, 21, 2)
(64, 47, 30, 2)
(64, 49, 19, 2)
(64, 49, 20, 2)
(64,52,29,2)
(64,53,8,2)
(64, 53, 43, 2)
(64, 56, 39, 2)
(64, 56, 45, 2)
(64, 59, 5, 2)
(64, 59, 8, 2)
(64, 59, 28, 2)
(64, 59, 38, 2)
(64,59,44,2)
(64, 60, 49, 2)
(64, 61, 51, 2)
(64, 63, 8, 2)
(64, 63, 13, 2)
(64, 63, 61, 2)
(96, 15, 5. 2)
(96, 21, 17, 2)
(96, 25, 19, 2)
(96, 25, 20, 2)
(96, 29, 15, 2)
(96, 29, 17, 2)
(96, 30, 3, 2)
(96, 32, 21, 2)
(96, 32, 27, 2)
(96,33,5,2)
(96, 35, 17, 2)
(96, 35, 33, 2)
(96, 39, 21, 2)
(96,40,25,2)
(96, 41, 12, 2)
(96, 41, 27, 2)
(96, 41, 35, 2)
(96, 42, 35, 2)
(96, 43, 14, 2)
(96, 44, 23, 2)
(96, 45, 41, 2)
(96, 47, 36, 2)
(96, 49, 31, 2)
(96,51,30,2)
(96,53,17,2)
(96, 53, 19, 2)
(96, 53, 32, 2)
(96, 53, 48, 2)
(96, 54, 15, 2)
(96, 55, 44, 2)
(96, 55, 53, 2)
(96, 56, 9, 2)
(96,56,51,2)
(96, 57, 3, 2)
(96, 57, 17, 2)
(96, 57, 47, 2)
(96, 58, 35, 2)
(96, 59, 46, 2)
(96, 60, 29, 2)
(96, 60, 41, 2)
(96, 60, 45, 2)
(96, 61, 17, 2)
(96, 63, 20, 2)
(96, 65, 12, 2)
(96, 65, 39, 2)
(96, 65, 51, 2)
(96, 67, 5, 2)
(96, 67, 25, 2)
(96,67,34,2)
(96, 68, 5, 2)
(96, 68, 19, 2)
(96, 69, 17, 2)
(96,69,36,2)
(96, 70, 23, 2)
(96, 71, 6, 2)
(96, 71, 40, 2)
(96, 72, 53, 2)
(96, 73, 32, 2)
(96, 77, 27, 2)
(96, 77, 31, 2)
(96, 77, 32, 2)
(96, 77, 33, 2)
(96,77,71,2)
(96,78,39,2)
(96, 79, 4, 2)
(96, 81, 80, 2)
(96, 83, 14, 2)
(96, 83, 26, 2)
(96, 83, 54, 2)
(96, 83, 60, 2)
(96, 83, 65, 2)
(96, 83, 78, 2)
(96, 84, 65, 2)
(96, 85, 17, 2)
(96, 85, 31, 2)
(96, 85, 76, 2)
(96,85,79,2)
(96,86,39,2)
(96,86,71,2)
(96, 87, 9, 2)
(96, 87, 44, 2)
(96, 87, 45, 2)
(96, 88, 19, 2)
(96, 88, 35, 2)
(96, 88, 43, 2)
(96,88,79,2)
(96, 89, 35, 2)
(96, 89, 51, 2)
(96, 89, 69, 2)
(96, 89, 87, 2)
(96, 92, 51, 2)
(96,92,71,2)
(96, 93, 32, 2)
(96, 93, 39, 2)
(96, 94, 35, 2)
(96, 95, 4, 2)
(96, 95, 16, 2)
(96, 95, 32, 2)
(96, 95, 44, 2)
(96, 95, 45, 2)
(128, 5, 4, 2)
(128, 15, 4, 2)
(128, 21, 19, 2)
(128, 25, 5, 2)
(128, 26, 11, 2)
(128,27,25,2)
(128, 31, 25, 2)
(128, 33, 21, 2)
(128, 35, 22, 2)
(128, 37, 8, 2)
(128, 41, 12, 2)
(128, 42, 35, 2)
(128, 43, 25, 2)
(128,43,42,2)
(128,45,17,2)
(128,45,27,2)
(128, 49, 9, 2)
(128, 51, 9, 2)
(128, 54, 51, 2)
(128, 55, 45, 2)
(128, 56, 15, 2)
(128, 56, 19, 2)
(128,56,55,2)
(128, 57, 21, 2)
(128, 57, 37, 2)
(128, 59, 29, 2)
(128, 59, 49, 2)
(128, 60, 57, 2)
(128,61,9,2)
(128, 61, 23, 2)
(128, 61, 52, 2)
(128, 63, 40, 2)
(128, 63, 62, 2)
(128, 67, 41, 2)
(128, 69, 33, 2)
(128, 71, 53, 2)
(128, 72, 15, 2)
(128,72,41,2)
(128, 73, 5, 2)
(128, 73, 65, 2)
(128, 73, 67, 2)
(128, 75, 13, 2)
(128, 80, 39, 2)
(128,80,53,2)
(128, 81, 55, 2)
(128, 82, 67, 2)
(128, 83, 60, 2)
(128, 83, 61, 2)
(128, 83, 77, 2)
(128, 84, 15, 2)
(128, 84, 43, 2)
(128,85,63,2)
(128,87,57,2)
(128,87,81,2)
(128, 89, 81, 2)
(128, 90, 43, 2)
(128, 91, 9, 2)
(128, 91, 13, 2)
(128, 91, 44, 2)
(128, 92, 35, 2)
(128,95,94,2)
(128, 96, 23, 2)
(128, 96, 61, 2)
(128, 97, 25, 2)
(128, 97, 68, 2)
(128, 97, 72, 2)
(128,97,75,2)
(128, 99, 13, 2)
(128, 99, 14, 2)
(128, 99, 26, 2)
(128, 99, 54, 2)
(128, 99, 56, 2)
(128, 99, 78, 2)
(128, 100, 13, 2)
(128, 100, 39, 2)
(128,101,44,2)
(128, 101, 97, 2)
(128, 103, 46, 2)
(128, 104, 13, 2)
(128, 104, 19, 2)
(128, 104, 35, 2)
(128,105,7,2)
(128, 105, 11, 2)
(128, 105, 31, 2)
(128, 105, 48, 2)
(128, 107, 40, 2)
(128, 107, 62, 2)
(128, 107, 102, 2)
(128, 108, 35, 2)
(128,108,73,2)
(128,108,75,2)
(128,108,89,2)
(128, 109, 1 1, 2)
(128, 109, 108, 2)
(128, 1 10, 23, 2)
(128, Ill, 61, 2)
(128, 113, 59, 2)
(128, 114, 83, 2)
(128,115,73,2)
(128, 117, 105, 2)
(128, 119, 30, 2)
(128, 119, 101, 2)
(128, 120, 9, 2)
(128, 120, 27, 2)
(128,120,37,2)
(128, 120, 41, 2)
(128, 120, 79, 2)
(128, 120, 81, 2)
(128, 121, 5, 2)
(128, 121, 67, 2)
(128, 121, 95, 2)
(128, 121, 96, 2)
(128, 123, 40, 2)
(128,123,78,2)
(128, 124, 41, 2)
(128, 124, 69, 2)
(128, 124, 81, 2)
(128, 125, 33, 2)
(128, 125, 43, 2)
(128,127,121,2)
OLepuunkan
qyukun
Perucfp-1
Perucfp-2
Perucfp-n
Perucfp-3
Pnc. 17-5. Kounnnponannme renepa1opm.
Kacra LFSR/FCSR c cyupoeauue/uemuocmom
Ho reopnn cnoxenne c nepenocom paspymaer anrepanueckne cnoncrna LESR, a XOR paspymaer anrepanue-
ckne cnoncrna ECSR. anntn reneparop oennxer +rn nen, ncnontsyemte n nepeuncnenntx cymmnpymmem
reneparope LESR/ECSR n reneparope uernocrn LESR/ECSR, c kackaom Ionnmanna.
Ieneparop npecrannxer coon nocneonarentnocrt maccnnon perncrpon , rakrnponanne kaxoro maccnna onpe-
enxercx ntxoom npetymero maccnna. Ha 11-n nokasan onn +ran rakoro reneparopa. Takrnpyercx nepntn
maccnn LESR, n pesyntrart oennxmrcx cnoxennem c nepenocom. Ecnn ntxo |ynknnn oennennx panen 1,
ro rakrnpyercx cneymmnn maccnn (ns ECSR), n ntxo +rnx ECSR oennxercx c ntxoom npetymen |ynk-
nnn oennennx c nomomtm XOR. Ecnn ntxo nepnon |ynknnn oennennx panen 0, ro maccnn ECSR ne rak-
rnpyercx, n ntxo npocro cknatnaercx c nepenocom, nonyuenntm na npetymem +rane Ecnn ntxo +ron nropon
|ynknnn oennennx panen 1, ro rakrnpyercx rpernn maccnn (ns LESR), n r..
LFSR
Cyrrafop
c
nepeuocor
LFSR
LFSR
LFSR
FCSR
XOR
FCSR
FCSR
FCSR
Pnc. 17-6. Hpnyuannmn renepa1op.
Ieneparop ncnontsyer mnoro perncrpon: n*m, re n - konnuecrno +ranon, a m - konnuecrno perncrpon na +rane.
pekomenym n 10 n m 5.
Hepeymuueca eeuepamopm "cmon-noueu"
3rn reneparopt ncnontsym ECSR nmecro nekoroptx LESR. Kpome roro, onepannx XOR moxer trt samenena
cnoxennem c nepenocom (cm. 10-n).
Ieneparop "cron-nomen" ECSR. Perncrp-1, Perncrp-2 n Perncrp-3 - +ro ECSR. Oennxmmax |ynknnx -
XOR.
Ieneparop "cron-nomen" ECSR/LESR. Perncrp-1 - ECSR, a Perncrp-2 n Perncrp-3 - LESR. Oennxmmax
|ynknnx - cnoxenne c nepenocom.
Ieneparop "cron-nomen" LESR/ECSR. Perncrp-1 - LESR, a Perncrp-2 n Perncrp-3 - ECSR. Oennxmmax
|ynknnx - XOR.
Perucfp-1
Perucfp-3
Perucfp-2
OLepuunkan
qyukun
Pnc. 17-7. Hepeymmnncu renepa1op "c1on-nomen"
Hpopexueaeme eeuepamopm
Cymecrnyer uertpe ocnonntx rnna reneparopon, ncnontsymmnx ECSR:
Hpopexnnaemtn reneparop ECSR. Hpopexnnaemtn reneparop c ECSR nmecro LESR.
Hpopexnnaemtn reneparop ECSR/LESR. Hpopexnnaemtn reneparop c LESR, npopexnnammnm ECSR.
Hpopexnnaemtn reneparop LESR/ECSR. Hpopexnnaemtn reneparop c ECSR, npopexnnammnm LESR.
Camonpopexnnaemtn reneparop ECSR. Camonpopexnnaemtn reneparop c ECSR nmecro LESR.
17.6 Cpnnronme pernc1pm c nennneno opa1no cnnsum
Herpyno npecrannrt onee cnoxnym, uem ncnontsyemax n LESR nnn ECSR, nocneonarentnocrt oparnon
cnxsn. Hponema n rom, uro ne cymecrnyer maremarnueckoro annapara, nosnonxmmero nponecrn ananns raknx n o-
cneonarentnocren. uro-ro nonyunrcx, no kro snaer uro? Bor nekoropte ns nponem, cnxsanntx co cnnrontmn
perncrpamn c nennnennon oparnon cnxstm.
B ntxonon nocneonarentnocrn moryr trt cmemennx, nanpnmep, ennnn moxer trt ontme, uem
nynen.
Makcnmantntn nepno nocneonarentnocrn moxer trt mentme, uem oxnanoct .
Hepno nocneonarentnocrn nx pasnnuntx nauantntx snauennn moxer trt pasnnuntm .
Hocneonarentnocrt kakoe-ro npemx moxer ntrnxert kak cnyuannax, a norom "ckartnartcx" k enncrne n-
nomy snauennm. (3ro moxno nerko ycrpannrt, ntnonnxx XOR kpannero npanoro nra c nennnennon |ynk-
nnen.)
Hnmcom xnnxercx ro, uro ns-sa orcyrcrnnx reopnn anannsa cnnrontx perncrpon c nennnennon oparnon cn x-
stm cymecrnyer nemnoro cnocoon kpnnroanannsnponart norokonte mn|pt, ocnonannte na raknx perncrpax .
Hcnontsonart cnnronte perncrpt c nennnennon oparnon cnxstm moxno, no ouent ocropoxno .
B cnnronom perncrpe c nennnennon oparnon cnxstm |ynknnx oparnon cnxsn moxer trt nponsnontnon
(nanpnmep, kak na ).
Pnc. 17-8. Cnnronmn pernc1p c nennnennon opa1non cnusnm (nosuoano neesonacnmn).
>
3
>
2
>
1
Pnc. 17-9. 3-n1onmn cnnronmn pernc1p c nennnennon opa1non cnusnm.
Ha 8-n nokasan 3-nrontn reneparop co cneymmen oparnon cnxstm: nontm nrom xnnxercx nponsneenne
nepnoro n nroporo nron. Ecnn ero nponnnnnannsnponart snauennem 110, ro nocneonarentnocrt nnyrpennnx co-
croxnnn yer cneymmen:
1 1 0
0 1 1
1 0 1
0 1 0
0 0 1
0 0 0
0 0 0
H rak o eckoneunocrn. Btxoom xnnxercx nocneonarentnocrt mnamnx snauamnx nron :
0 1 1 0 1 0 0 0 0 0 0 0. . . .
3ro ne cnnmkom nonesno.
Moxer trt n xyxe. Ecnn nauantnoe snauenne 100, ro cneymmnmn cocroxnnxmn xnnxmrcx 010, 001, a sarem
ncera 000. Ecnn nauantntm snauennem xnnxercx 111, ro ono yer nonropxrtcx ncera n c camoro nauana .
Ftna npoenana onpeenennax paora no ntuncnennm nnnennon cnoxnocrn nponsneennx nyx LESR |1650,
726, 1364, 630, 658, 659]. Koncrpyknnx, nknmuammax ntuncnenne LESR na nonem neuerntx xapakrepncrnk
|310] ne xnnxercx esonacnon |842.].
17.7 pyrne no1okonme mnqpm
B nnreparype onnctnannct n pyrne norokonte mn|pt. Bor nekoropte ns nnx.
Ieuepamop Huecca (Pless)
3ror reneparop ncnontsyer cnoncrna J-K rpnrrepon |1250]. Bocemt LESR ynpannxmr uertptmx J-K
rpnrrepamn; kaxtn rpnrrep nennnenno oennxer na LESR. urot nsexart nponemt, uro ntxo rpnrrepa
onpeenxer n ncrounnk, n snauenne cneymmero ntxonoro nra, nocne rakrnponannx uertpex rpnrrepon nx n t-
xot nepememnnamrcx nx nonyuennx okonuarentnoro noroka knmuen .
3ror anropnrm tn kpnnroanannrnueckn nsnoman c nomomtm nckptrnx kaxoro rpnrrepa n orentnocrn
|1356]. K romy xe, oennenne J-K rpnrrepon cnao kpnnrorpa|nueckn; reneparopt rakoro rnna ne ycroxr nepe
koppenxnnonntm nckptrnem |1451].
Ieuepamop ua ase ruemouuoeo aemoama
B |1608, 1609], Crnn Bont|pam (Steve Wolfram) npenoxnn ncnontsonart n kauecrne reneparopa ncenocn y-
uanntx uncen onomepntn knerountn anromar . Paccmorpenne knerounoro anromara ne xnnxercx npemerom +ron
knnrn, no reneparop Bontnpama cocronr ns onomepnoro maccnna nron a
1
, a
2
, a
3
, ... , a
k
, ..., an n |ynknnn onon-
nennx:
a
k
' a
k-1
(a
k
a
k1
)
Fnr nsnnekaercx ns onoro ns snauennn a
k
, peantno nce panno kakoro.
Ieneparop neer cex kak nnonne cnyuanntn. Onako nx +rnx reneparopon cymecrnyer ycnemnoe nckptrne c
nsnecrntm orkptrtm rekcrom |1052]. 3ro nckptrne ntnonnnmo na PC co snauennxmn n nnnort o 500 nron.
Kpome roro, Hon Fapenn (Paul Bardell) okasan, uro ntxo knerounoro anromara moxer trt rakxe crenepnp o-
nan c nomomtm cnnronoro perncrpa c nnnennon oparnon cnxstm ron xe nnnt n, cneonarentno, ne aer on t-
men esonacnocrn |83].
Ieuepamop 1/p
3ror reneparop tn npenoxen n noneprnyr kpnnroanannsy n |193]. Ecnn nnyrpennee cocroxnne reneparopa n
momenr npemenn t panno x
t
, ro
x
t1
bx
t
mod p
Btxoom reneparopa xnnxercx mnamnn snauamnn nr x
t
div p, re div - +ro nenouncnennoe enenne c yceue-
nnem. nx makcnmantnoro nepnoa koncranrt b n p onxnt trt ntpant rak, uro p - npocroe uncno, a b - npn-
mnrnnntn kopent mod p. K coxanennm, +ror reneparop ne esonacen. (3amernm, uro nx b 2 ECSR nentmn unc-
namn cnxsn ntaer nocneonarentnocrt, oparnym annon .)
crypt(1)
Opnrnnantntn anropnrm mn|ponannx UNIX, crypt(1), npecrannxer coon norokontn mn|p, ncnontsymmnn
re xe nen, uro n 3nnrma. 3ro 256-+nemenrntn, onoporopntn nocranonountn mn|p c orpaxarenem . H porop, n
orpaxarent nonyuamrcx ns knmua. 3ror anropnrm namnoro npome, uem nemenkax 3nnrma npemen nropon mnponon
nonnt, n knann|nnnponannomy kpnnroanannrnky necnoxno ero nsnomart |1576, 1299]. nx nckptrnx |annon,
samn|ponanntx crypt(1), moxno ncnontsonart cnoono ocrynnym nporpammy UNIX, nastnaemym Crypt Break-
ers Workbench (CBW, nncrpymenr nsnommnka mn|pon).
pyeue cxem
Eme onn reneparop ocnonan na nponeme pmksaka (cm. pasen 19.2) |1363]. CRYPTO-LEGGO neesonacen
|301]. xoan +nmen (Joan Daemen) paspaorana SubStream, Jam n StepRightUp |402], no onn cnnmkom nont,
urot nx kommenrnponart. Mnoxecrno pyrnx anropnrmon onncano n nnreparype, no eme ontme xpannrcx n ce k-
pere n ncrpoeno n annaparypy.
17.8 Cnc1euno-1eope1nueckn nopxop k npoek1nponannm no1okonmx mnqpon
Ha npakrnke, npoekrnponanne norokonoro mn|pa no mnorom noxoxe npoekrnponanne nounoro mn|pa . B +rom
cnyuae ncnontsyercx ontme maremarnueckon reopnn, no n konne konnon kpnnrorpa| npenaraer kakym-ro cxemy
n sarem ntraercx ntnonnnrt ee ananns .
Cornacno Pannepy Pmnneny cymecrnyer uertpe pasnnuntx noxoa k npoekrnponannm norokontx mn|pon
|1360, 1362]:
Cncremno-reopernuecknn noxo. Hcnontsyx px |ynamenrantntx kpnrepnen n sakonon npoekrnponannx,
ntraercx yocronepnrtcx, uro kaxax cxema cosaer cnoxnym n nensnecrnym nponemy nx kpnnroanan n-
rnka,.
Hn|opmannonno-reopernuecknn noxo. Htraercx coxpannrt orkptrtn rekcr n ranne or kpnnroanannrnka.
Hesanncnmo or roro, kak mnoro encrnnn ntnonnnr kpnnroanannrnk, on nnkora ne nonyunr onosnaunoro
pemennx.
Cnoxnocrno-reopernuecknn noxo. Htraercx ncnontsonart n kauecrne ocnonannx nx kpnnrocncremt n e-
koropym nsnecrnym n cnoxnym nponemy, rakym kak pasnoxenne na mnoxnrenn nnn nsxrne nckperntx
norapn|mon, nnn cenart kpnnrocncremy +knnnanenrnon +ron nponeme .
Panomnsnponanntn noxo. Htraercx cosart upesntuanno ontmym nponemy, sacrannxx kpnnroanan n-
rnka nponepnrt mnoxecrno eccmtcnenntx anntx n xoe nontrok kpnnroanannsa .
3rn noxot ornnuamrcx npenonoxennxmn o nosmoxnocrxx n cnoconocrxx kpnnroanannrnka, onpeenennem
ycnexa kpnnroanannsa n nonnmannem esonacnocrn . Fontmnncrno nccneonannn n +ron onacrn - reopernueckne,
no cpen ecnonesntx norokontx mn|pon ecrt n nnonne npnnnunte .
Cncremno-reopernuecknn noxo ncnontsonancx no ncex panee npnneenntx norokontx mn|pax, pesyntrarom
ero npnmenennx xnnxmrcx ontmnncrno ncnontsyemtx n peantnom mnpe norokontx mn|pon . Kpnnrorpa| paspa-
artnaer reneparopt noroka knmuen, onaammne nponepxemtmn xapakrepncrnkamn esonacnocrn - nepnoom,
pacnpeenennem nron, nnnennon cnoxnocrtm n r.. - a ne mn|pt, ocnonannte na maremarnueckon reopnn .
Kpnnrorpa| rakxe nsyuaer pasnnunte merot kpnnroanannsa +rnx reneparopon n nponepxer, ycronunnt nn ren e-
paropt no ornomennm k +rnm cnocoam nckptrnx .
Co npemenem +ror noxo npnnen k noxnnennm naopa kpnrepnen npoekrnponannx norokontx mn|pon |1432,
99, 1357, 1249]. Onn paccmarpnnannct Pmnnenom n |1362], re on nopono npnnonr reopernueckne ocnont +rnx
kpnrepnen.
nnnntn nepno es nonropennn.
Kpnrepnn nnnennon cnoxnocrn - ontmax nnnennax cnoxnocrt , nnnenntn npo|nnt cnoxnocrn, nokantnax
nnnennax cnoxnocrt n r..
Crarncrnueckne kpnrepnn, nanpnmep, neantnte k-mepnte pacnpeenennx.
Hyrannna - kaxtn nr noroka knmuen onxen trt cnoxntm npeopasonannem ncex nnn ontmnncrna
nron knmua.
n||ysnx - nstrounocrt n nocrpykrypax onxna paccennartcx, npnnox k onee "pasmasannon" crar n-
crnke.
Kpnrepnn nennnennocrn nx nornuecknx |ynknnn, rakne kak orcyrcrnne koppenxnnn m-ro nopxka, pac-
croxnne o nnnenntx |ynknnn, nannnntn kpnrepnn, n r..
3ror nepeuent kpnrepnen npoekrnponannx ne ynnkanen nx norokontx mn|pon, paspaoranntx c nomomtm
cncremno-reopernueckoro noxoa, on cnpanennn nx ncex norokontx mn|pon . 3ro cnpanennno n nx ncex
nountx mn|pon. Ocoennocrtm cncremno-reopernueckoro noxoa xnnxercx ro, uro norokonte mn|pt nen o-
cpecrnenno paspaartnamrcx, urot yonnernopnrt +rnm kpnrepnxm .
Inannon nponemon raknx kpnnrocncrem xnnxercx nenosmoxnocrt okasart nx esonacnocrt, nnkora ne tno
okasano, uro +rn kpnrepnn npoekrnponannx neoxonmt nnn ocrarount nx esonacnocrn . Ieneparop noroka
knmuen moxer yonnernopxrt ncem npannnam paspaorkn, no rem ne menee okasartcx neesonacntm . pyron mo-
xer okasartcx esonacntm. 3rom nponecce nce eme ocraercx uro-ro marnueckoe .
C pyron cropont nckptrne nmoro ns +rnx reneparopon noroka knmuen npecrannxer coon ornnunym np o-
nemy nx kpnnroanannrnka. Ecnn yer paspaorano ocrarouno pasnnuntx reneparopon , moxer okasartcx, uro
kpnnroanannrnk ne craner rparnrt npemx, nsnamtnax kaxtn ns nnx . Moxer, ero ontme sannrepecyer nosmox-
nocrt npocnannrtcx, ocrnrnyn ycnexa, pasnarax na mnoxnrenn ontmne uncna nnn ntuncnxx nckpernte nor a-
pn|mt.
17.9 Cnonoc1no-1eope1nueckn nopxop k npoek1nponannm no1okonmx mnqpon
Pmnnen rakxe oueprnn cnoxnocrno-reopernuecknn noxo k npoekrnponannm norokontx mn|pon . B coorner-
crnnn c nnm kpnnrorpa| ntraercx ncnontsonart reopnm cnoxnocrn, urot okasart ero reneparopt esonacnt .
Cneonarentno, reneparopt onxnt trt kak moxno ontme cnoxnee, ocnontnaxct na rex xe rpyntx npon e-
max, uro n kpnnrorpa|nx c orkptrtmn knmuamn. H, rakxe kak anropnrmt c orkptrtmn knmuamn, onn okastn a-
mrcx menenntmn n rpomosknmn.
Ieuepamop nceeocuyuaumx uuceu Haupa
3n Bamnp ncnontsonan n kauecrne reneparopa ncenocnyuanntx uncen anropnrm RSA |1417]. Xorx Bamnp
nokasan, uro npeckasanne ntxoa reneparopa ncenocnyuanntx uncen pannocnntno nsnomy RSA, norennnantnoe
cmemenne ntxoa tna npoemoncrpnponana n |1401, 200].
Ieuepamop Blum-Micali
Fesonacnocrt +roro reneparopa onpeenxercx rpynocrtm ntuncnennx nckperntx norapn|mon |200]. Hycrt g
- npocroe uncno, a p - eme ono npocroe uncno. Knmu x
0
naunnaer nponecc:
x
i1
g
x
i
mod p
Btxoom reneparopa xnnxercx 1, ecnn x
i
(p - 1)/2, n 0 n npornnnom cnyuae.
Ecnn p ocrarouno nennko, urot ntuncnenne nckperntx norapn|mon mod p crano |nsnueckn nenosmoxntm,
ro +ror reneparop esonacen. ononnnrentnte reopernueckne pesyntrart moxno nanrn n |1627, 986, 985, 1237,
896, 799].
RSA
3ror reneparop RSA |35, 36] xnnxercx mon|nkannen |200]. Hauantnte napamerpt - moynt N, nponsneenne
nyx ontmnx npocrtx uncen p n q, n nenoe uncno e, ornocnrentno npocroe c (p-1)(q-1), a rakxe crapronoe cny-
uannoe uncno x
0
, mentmee N.
x
i1
x
e
i
mod N
Btxo reneparopa npecrannxer coon mnamnn snauamnn nr x
i
. Fesonacnocrt +roro reneparopa onnpaercx
na cnoxnocrt nckptrnx RSA. Ecnn N ocrarouno nennko, ro reneparop esonacen. ononnnrentnax reopnx npnne-
ena n |1569, 1570, 1571, 30, 354].
Blum, Blum, and Shub
Hpocrenmnn n nanonee +||ekrnnntn reneparop, ncnontsymmnn cnoxnocrno-reopernuecknn noxo, n uecrt
cnonx anropon nastnaercx Blum, Blum, and Shub. Mt cokparnm ero nasnanne o BBS, xorx nnora ero nastnamr
reneparopom c knaparnuntm ocrarkom |193].
Teopnx reneparopa BBS ncnontsyer knaparnunte ocrarkn no moynm n (cm. pasen 11.3). Bor kak on
paoraer.
Cnauana nanem na npocrtx uncna, p n q, koropte konrpy+nrnt 3 modulo 4. Hponsneenne +rnx uncen, n, xn-
nxercx nentm uncnom Fnmma (Blum). Btepem pyroe cnyuannoe nenoe uncno x, nsanmno npocroe c n. Btuncnnm
x
0
x
2
mod n
3ro crapronoe uncno reneparopa.
Tenept moxno nauart ntuncnxrt nrt. i-tm ncenocnyuanntm nrom xnnxercx mnamnn snauamnn nr x
i
, re
x
i
x
i-1
2
mod n
Camtm nnrpnrymmnm cnoncrnom +roro reneparopa xnnxercx ro, uro nx nonyuennx i-ro nra ne nyxno ntunc-
nxrt npetymne i-1 nrt. Ecnn nam nsnecrnt p n q, nt moxere ntuncnnrt i-tn nr nenocpecrnenno.
b
i
- +ro mnamnn snauamnn nr x
i
, re x
i
x
i
p q
0
2 1 1 ( ) mod(( )( ))
3ro cnoncrno osnauaer, uro nt moxere ncnontsonart +ror kpnnrorpa|nueckn cnntntn reneparop ncenocn y-
uanntx uncen n kauecrne norokonon kpnnrocncremt nx |anna c nponsnontntm ocrynom .
Fesonacnocrt +ron cxemt ocnonana na cnoxnocrn pasnoxennx n na mnoxnrenn. Moxno onynnkonart n, rak
uro kro yrono moxer renepnponart nrt c nomomtm reneparopa . Onako noka kpnnroanannrnk ne cmoxer pa s-
noxnrt n na mnoxnrenn, on nnkora ne cmoxer npeckasart ntxo reneparopa - nn axe yrnepxart uro-nnyt
npoe: "Cneymmnn nr c nepoxrnocrtm 51 nponenr yer ennnnen ".
Fonee roro, reneparop BBS nenpecxasyeu n nenou nanpannennn n nenpeckasyem n npanom nanpannennn.
3ro osnauaer, uro nonyunn nocneonarentnocrt, ntannym reneparopom, kpnnroanannrnk ne cmoxer npeckasart
nn cneymmnn, nn npetymnn nr nocneonarentnocrn . 3ro ntsnano ne esonacnocrtm, ocnonannon na kakom-
ro nnkomy ne nonxrnom cnoxnom reneparope nron, a maremarnkon pasnoxennx n na mnoxnrenn.
3ror anropnrm menenen, no ecrt cnocot ero yckopnrt . Okastnaercx, uro n kauecrne ncenocnyuanntx nron
moxno ncnontsonart neckontko kaxoro x
i
. B coornercrnnn c |1569, 1570, 1571, 35, 36] ecnn n - nnna x
i
, moxno
ncnontsonart log
2
n mnamnx snauamnx nron x
i
. Ieneparop BBS cpannnrentno menenntn n ne noxonr nx
norokontx mn|pon. Onako nx ntcokonaexntx npnnoxennn, raknx kak renepannx knmuen, +ror reneparop
nyume mnornx pyrnx.
17.10 pyrne nopxopm k npoek1nponannm no1okonmx mnqpon
Hpn nn|opmannonno-reopernueckom noxoe k norokontm mn|pam npenonaraercx, uro kpnnroanannrnk o -
naaer neorpannuentmn npemenem n ntuncnnrentnon momnocrtm . Enncrnenntm npakrnueckn peannsonanntm
norokontm mn|pom, samnmenntm or rakoro npornnnnka, xnnxercx onopasontn noknor (cm. pasen 1.5). Tak
kak nncart nrt n noknore ne ouent yono, ero nnora nastnamr onopasonon nen1on. Ha nyx marnnrntx
nenrax, na onon nx mn|ponannx, a na pyron nx emn|pnponannx, onxen trt sanncan nenrnuntn norok
knmuen. nx mn|ponannx npocro ntnonnxercx XOR orkptroro rekcra c nramn nenrt. nx emn|pnponannx
ntnonnxercx XOR mn|porekcra c nramn pyron, nenrnunon nenrt. Onn n ror xe norok knmuen nentsx nc-
nontsonart naxt. Tak kak nrt noroka knmuen encrnnrentno cnyuannt, npeckasart norok knmuen neno s-
moxno. Ecnn cxnrart nenrt nocne ncnontsonannx, ro esonacnocrt yer aconmrnon (npn ycnonnn, uro y koro-ro
pyroro ner konnn nenrt).
pyron nn|opmannonno-reopernuecknn norokontn mn|p, paspaoranntx Knaycom Bnoppom ( Claus Schnorr)
npenonaraer, uro kpnnroanannrnk nmeer ocryn rontko k orpannuennomy uncny nron mn|porekcra |1395]. Pe-
syntrart xnnxmrcx cnnmkom reopernuecknmn results n ne nmemr npakrnueckoro snauennx. Hoponocrn moxno
nanrn |1361, 1643,1193].
C nomomtm panomnsnponannoro norokonoro mn|pa kpnnrorpa| ntraercx cenart pemenne nponemt, cro x-
men nepe kpnnroanannrnkom, |nsnueckn nenosmoxntm. nx +roro, coxpanxx neontmon pasmep cekpernoro
knmua, kpnnrorpa| snaunrentno ynennunnaer konnuecrno nron, c koroptmn npnercx nmert eno kpnnroanan n-
rnky. 3ro moxer trt cenano sa cuer ncnontsonannx npn mn|ponannn n emn|pnponannn ontmon onynnk o-
nannon cnyuannon crpokn. Knmu xe ykastnaer, kakne uacrn crpokn yyr ncnontsonant npn mn|ponannn n e-
mn|pnponannn. Kpnnroanannrnky, ne snammemy knmua, npnercx nepenpart cnyuannte komnnannn uacren
crpokn. Fesonacnocrt rakoro mn|pa moxno ntpasnrt c nomomtm cpenero uncna nron, koropte onxen npon e-
pnrt kpnnroanannrnk npexe, uem nepoxrnocrtonpeennrt knmu snaunrentno yyumnrcx no cpannennm c nepox r-
nocrtm npocroro yratnannx.
Huqp "Pun eau Buuruo"
xenmc Maccen (James Massey) n Hnremap Hnremapcon (Ingemar Ingemarsson) npenoxnnn mn|p "Pnn nan
Bnnknt" |1011], nasnanntn rak, noromy uro nonyuarent, urot nauart emn|pnponanne, onxen nonyunrt 2
n
nron mn|porekcra. Anropnrm, nokasanntn na 7-n, npocr n peannsannn, rapanrnponano esonacen n conepmenno
nenpakrnuen. Hpocro ntnonnnre XOR orkptroro rekcra c norokom knmuen n saepxnre norok knmuen na npemx
or 0 o 20 ner - rounax saepxka xnnxercx uacrtm knmua . Ho cnonam Maccex: "Moxno nerko okasart, uro npaxe-
ckomy kpnnroanannrnky nx nckptrnx mn|pa nonaoxrcx rtcxun ner, ecnn kro-ro cornacnrcx nooxart c ur e-
nnem orkptroro rekcra mnnnnont ner." Pasnnrne +ron nen moxno nanrn n |1577, 755].
Kauan
(rynufu-
nnekcu-
poeauuL)
8apepka
Hofok cnyauLx
ufoe
OfkpLfL
fekcf
0-20 nef
(nuua sacekpeeua u saeucuf of knka)
Hofok ufoe
ofkpLforo fekcfa
8apepka
Pnc. 17-10. Hnqp "Pnn nan Bnnxnn".
Pauousupoeauum nomoroem uuqp uqqu
3ra cxema nnepnte tna npenoxena Vnr|nnom n||n |1362]. Hcnontsyercx 2
n
cnyuanntx nocneonarent-
nocren. Knmu npecrannxer coon cnyuannym n-nronym crpoky. nx mn|ponannx coomennx Annca ncnontsyer
k-ym cnyuannym crpoky kak onopasontn noknor . 3arem ona ornpannxer mn|porekcr n 2
n
cnyuanntx crpok no
2
n
1 pasnnuntm kananam cnxsn.
Fo snaer k-, no+romy on moxer nerko ntpart, kakon ns onopasontx noknoron ncnontsonart nx emn|p n-
ponannx coomennx. Ene ocraercx rontko nepenpart cnyuannte nocneonarentnocrn, noka ona ne naner np a-
nnntntn onopasontn noknor. nx nckptrnx norpeyercx nponepnrt nekoropoe uncno nron, no nopxky pannoe
O(2
n
). Pmnnen ykasan, uro, ecnn nt ornpannxere n cnyuanntx crpok nmecro2
n
, n ecnn knmu ncnontsyercx nx sa-
annx nnnennon komnnannn +rnx cnyuanntx crpok, esonacnocrt ocraercx na npexnem yponne .
Pauousupoeauum nomoroem uuqp Maypepa
Venn Maypep (Ueli Maurer) onncan cxemy, ocnonannym na ntnonnennn XOR orkptroro rekcra c neckontknmn
ontmnmn orkptrtmn nocneonarentnocrxmn cnyuanntx nron |1034, 1029, 1030]. Knmu xnnxercx naopom
craprontx nosnnnn n kaxon nocneonarentnocrn . Moxno okasart, uro rakon mn|p nourn esonacen, c nepox r-
nocrt nsnoma onpeenxercx oemom namxrn, nmemmencx n pacnopxxennn nsnommnka, nesanncnmo or ocrynnon
emy ntuncnnrentnon momnocrn. Maypep yrnepxaer, uro +ra cxema cranonnrcx npakrnunon npn 100 pasnnuntx
nocneonarentnocrxx nnnon 10
20
cnyuanntx nron kaxax. Onnm ns cnocoon nonyunrt pak mnoro nron xnn x-
ercx onn|ponka nonepxnocrn hynt.
17.11 Lnqpm c kackapou neckonuknx no1okon
Ecnn nponsnonrentnocrt ne naxna, ro ner npnunn ntnpart neckontko norokontx mn|pon n oennxrt nx n
kacka. nx nonyuennx mn|porekcra npocro ntnonnnre XOR ntxoa kaxoro reneparopa c orkptrtm rekcrom.
Pesyntrar Venn Maypepa (cm. pasen 15.7) nokastnaer, uro ecnn reneparopt ncnontsymr nesanncnmte knmun, ro
esonacnocrt kackaa no kpannen mepe ne mentme esonacnocrn camoro cnntnoro anropnrma kackaa, a ckopee
ncero n namnoro ontme.
Horokonte mn|pt oennxmrcx remn xe cnocoamn, uro n nokonte (cm. rnany 15). Horokonte mn|pt
moxno oennnrt n kacka (cm. pasen 15.7) c pyrnmn norokontmn mn|pamn nnn c nountmn mn|pamn .
honknm rpmkom xnnxercx ncnontsonanne ororo anropnrma, norokonoro nnn nounoro, nx uacroro ononn e-
nnx knmua tcrporo norokonoro anropnrma (koroptm moxer trt n nountn anropnrm n pexnme OEB). Ftcrptn
anropnrm moxer trt cnatm, rak kak kpnnroanannrnk nnkora ne nonyunr ocrarouno orkptroro rekcra, s a-
mn|ponannoro onnm knmuom.
Cymecrnyer cnoco pasmenxrt pasmep nnyrpennero cocroxnnx tcrporo anropnrma (koroptn moxer nnnxrt na
esonacnocrt) na uacrory cment knmua. Cmena knmua onxna trt ornocnrentno uacron, ne cronr ncnontsonart
nx +roro anropnrmt c nnnnon nponeypon ycranonkn knmua . Kpome roro, cmena knmua ne onxna sanncert or
nnyrpennero cocroxnnx tcrporo anropnrma .
17.12 Bmop no1okonoro mnqpa
Ecnn nsyuenne norokontx mn|pon n aer kakon-nno pesyntrar, rak +ro noxnnenne c nyrammen perynxpn o-
crtm nce nontx cnocoon nckptrnx. Tpannnonno norokonte mn|pt onnpannct na ontmym maremarnueckym
reopnm. 3ry reopnm moxno tno ncnontsonart nx okasarentcrna nonoxnrentntx kauecrn mn|pa, no ee xe
moxno tno ncnontsonart nx noncka nontx cnocoon nckptrnx mn|pa . Ho +ron npnunnt nmon norokontn
mn|p, ocnonanntn rontko na LESR, ntstnaer moe ecnokoncrno.
npenounram norokonte mn|pt, cnpoekrnponannte noono nountm mn|pam : nennnennte npeopasona-
nnx, ontmne S-nokn, n r.. Fontme ncero mne npannrcx RC4, a sarem SEAL. Mne t ouent xorenoct ynnert
pesyntrart kpnnroanannsa npenoxenntx mnon reneparopon, oennxmmnx LESR n ECSR. 3ra onacrt kaxercx
nectma npnnnekarentnon nx nsyuennx nosmoxnocrn ncnontsonannx n peantntx paspaorkax . Hnn nx nonyuennx
norokonoro mn|pa moxno ncnontsonart nountn mn|p n pexnme OEB nnn CEB.
B 14-n nx cpannennx npnneent npemennte coornomennx nx nekoroptx anropnrmon .
Tan. 17-3.
Cxopoc1n mnqponannu necxonnxnx no1oxonmx mnqpon
na E486SX/33 MIn
Anropnrm Ckopocrt mn|ponannx (Manr/c)
A5 5
PIKE 62
RC4 164
SEAL 381
17.13 Fenepaunn neckonuknx no1okon ns opnoro renepa1opa ncenpocnyuano
nocnepona1enunoc1n
Ecnn nyxno samn|ponart neckontko kananon cnxsn npn nomomn onoro noka - nanpnmep, myntrnnnekcopa -
npocrtm pemennem xnnxercx ncnontsonanne nx kaxoro noroka cnoero reneparopa ncenocnyuannon nocneon a-
rentnocrn. Hpn +rom nosnnkamr ne cneymmnx nponemt: nyxna ononnnrentnax annaparypa, n nce reneparopt
onxnt trt cnnxponnsnponant. Hpome tno t ncnontsonart onn reneparop.
Ono ns pemennn - rakrnponart reneparop neckontko pas . Ecnn nyxno rpn nesanncnmtx noroka, rakrnpynre
reneparop rpn pasa n ornpantre no onomy nry n kaxtn norok . 3ror mero paoraer, no moryr trt cnoxnocrn
npn nonyuennn ontmon uacrort. Hanpnmep, ecnn nt moxere rakrnponart reneparop rontko n rpn pasa tcrpee
rakrnponannx noroka anntx, nt cmoxere cosart rontko rpn noroka . pyrnm cnocoom xnnxercx ncnontsonanne
onon n ron xe nocneonarentnocrn nx kaxoro kanana, nosmoxno c nepemennon npemennon saepxkon . 3ro
neesonacno.
encrnnrentno yaunax nex |1489], sanarenronannax NSA, nokasana na 6-n. 3annctnanre ntxo namero nm-
nmoro reneparopa n npocron m-nrontn cnnrontn perncrp. Ho kaxomy rakronomy nmnyntcy cnnranre perncrp
na onn nr nnpano. 3arem nx kaxoro ntxonoro noroka ntnonnnre AND perncrpa c pyrnm m-nrontm nekro-
pom, paccmarpnnaemtm kak ynnkantntn nenrn|nkarop nx ntpannoro ntxonoro noroka, sarem oennnre c
nomomtm XOR nce nrt, nonyuax ntxonon nr nx +roro noroka . Ecnn rpeyercx nonyunrt napannentno ne-
ckontko ntxontx norokon, nx kaxoro ntxonoro noroka nyxno ncnontsonart orentntn nekrop n nornuecknn
maccnn XOR/AND.
Houfoeoe
AND
Feuepafop
Hofok
n
Hofok
2
Hofok 1
Bekfop 1
m
-ufoeL eLxop
. . .
Houfoeoe
AND
Bekfop
2
Houfoeoe
AND
Bekfop
n
Houfoeoe
XOR
Houfoeoe
XOR
Houfoeoe
XOR
Pnc. 17-11. Ienepa1op necxonnxnx n1on.
Cymecrnyer px nemen, koropte nyxno orcnexnnart . Ecnn nmon ns +rnx norokon xnnxercx nnnennon kom n-
nannen pyrnx norokon, ro cncrema moxer trt nsnomana . Ho ecnn nt ocrarouno akkyparnt, onncanntn cnoco
xnnxercx npocrtm n esonacntm cnocoom pemennx nponemt .
17.14 Fenepa1opm peanunmx cnyuanmx nocnepona1enunoc1e
Hnora kpnnrorpa|nueckn esonacnte ncenocnyuannte nocneonarentnocrn neocrarouno xopomn . B kpnn-
rorpa|nn nam moryr nonaonrtcx encrnnrentno cnyuannte uncna . Hepnoe, uro npnxonr n ronony - +ro renepa-
nnx knmuen. Hpekpacno moxno renepnponart cnyuannte kpnnrorpa|nueckne knmun, ncnontsyx reneparop ncen o-
cnyuanntx nocneonarentnocren, no ecnn npar oyer konnm +roro reneparopa n rnanntn knmu, on cmoxer co s-
art re xe knmun n nsnomart namy kpnnrocncremy , nesanncnmo or naexnocrn namnx anropnrmon . Hocneona-
rentnocrt, ntanaemym reneparopom cnyuanntx nocneonarentnocren, nocnponsnecrn nenosmoxno . Hnkro, axe
nt camn, ne cmoxer nocnponsnecrn nocneonarentnocrt nron, ntanaemym +rnmn reneparopamn .
Kpynnon |nnoco|ckon nponemon xnnxercx nonpoc o rom, amr nn +rn merot encrnnrentno cnyuannte
nrt. ne conpamct nnxstnartcx n +ror cnop. 3ect x paccmarpnnam ntauy nron, koropte nenosmoxno no c-
nponsnecrn, n y koroptx crarncrnueckne cnoncrna kak y cnyuanntx nron .
nx nmoro reneparopa encrnnrentno cnyuanntx nocneonarentnocren naxntm nonpocom xnnxercx ero np o-
nepka. Ha +ry remy cymecrnyer mnoxecrno nnreparypt. Tecrt na cnyuannocrt moxno nanrn n |863, 99]. Maypep
nokasan, uro nce +rn recrt moxno nonyunrt ns nontrkn cxart nocneonarentnocrt |1031, 1032]. Ecnn cnyuannax
nocneonarentnocrt cxnmaercx, ro ona ne xnnxercx no nacroxmemy cnyuannon .
B nmom cnyuae, nce, uro mt nmeem n +ron onacrn, no mnorom ornocnrcx k uepnon marnn . Inanntm momen-
rom xnnxercx renepannx nocneonarentnocrn nron, koropym ne cmoxer yraart nam npornnnnk . 3ro ropaso o-
nee rpynax saaua, uem kaxercx. ne mory okasart, uro nmon ns onncanntx meroon renepnpyer cnyuannte
nrt. Pesyntrarom nx paort xnnxmrcx nocneonarentnocrn nron, koropte nenosmoxno nerko nocnponsnecrn .
Hoponocrn moxno nanrn n |1375, 1376, 511].
1auuum RAND
anntm anno, n 1955 roy, kora komntmrept nce eme tnn n nonnnky , Rand Corporation nsana knnry, co-
epxanmym mnnnnon cnyuanntx nn|p |1289]. Hx mero onnctnancx rak:
Cnyuannte nn|pt +ron knnrn tnn nonyuent npn nomomn panomnsannn ocnonnon rannnt, crenepnponannon +ne k-
rponnon pynerkon. Bkparne, ncrounnk nmnyntcon, ntammnn nx co cnyuannon uacroron n cpenem okono 100000 nmnyntcon n
cekyny, orkptnancx pas n cekyny nmnyntcom nocroxnnon uacrort. Henn nopmannsannn nmnyntca nponyckann nmnyntct u e-
pes 5-paspxntn nnapntn cuerunk. Ho cyrn mamnna xnnxnact konecom pynerkn c 32-nosnnnxmn, koropoe n cpenem enano
okono 3000 ooporon sa ntopky n ntanano ono uncno n cekyny. Hcnontsonancx nonuno-ecxrnuntn npeopasonarent, k o-
roptn npeopasontnan 20 ns 32 uncen (ocranmnecx nenanart orpactnamrcx) n ocrannxn rontko nocnenmm nn|py nysna u-
ntx uncen. 3rn nocnenne nn|pt nonaann n komnocrep IBM, opasyx n konne konnon rannny nponrtx kaprouek cnyuanntx
nn|p.
B knnre paccmarpnnannct n pesyntrart pasnnuntx nponepok anntx na cnyuannocrt . B nen rakxe npenaran-
cx cnoco, kak ncnontsonart +ry knnry nx ntopa cnyuannoro uncna :
Crpokn rannnt nn|p nymepymrcx or 00000 o 19999. Hpn ncnontsonannn rannnt nyxno cnauana ntpart cnyuannym
crapronym nosnnnm. Otunon nponeypon nx +roro xnnxercx cneymmee: orkponre +ry knnry na nponsnontnon crpannne ra -
nnnt nn|p n, sakptn rnasa, ntepnre nxrnpaspxnoe uncno. 3ro uncno nocne sament nepnon nn|pt ocrarkom or enennx ee na
2 onpeenxer crapronym crpoky. Ocrarok or enennx nyx nn|p cnpana or nepnonauantno ntpannoro nxrnpaspxnoro uncna na
50 saaer craprontn cronen n crapronon crpoke . urot samnrnrtcx or orkptrnx knnrn nce npemx na onon crpannne n ecrec r-
nennoro crpemnennx ntpart uncno nonnxe k nenrpy crpannnt, kaxoe ncnontsonannoe nx onpeenennx crapronon nosnnnn
nxrnpaspxnoe uncno onxno trt nomeueno n ne onxno ontme ncnontsonartcx nx +ron n enn.
Inanntm coepxannem +ron knnrn tna "Tannna cnyuanntx nn|p". Hn|pt npnnonnnct nxrn paspxntmn
rpynnamn - "10097 32533 76520 13586 . . .'' - no 50 n crpoke n no nxrtecxr crpok na crpannne . Tannna sannmana
400 crpannn n, sa ncknmuennem ocoenno ntammencx rpynnt na crpannne 283, ntrnxenmen kak "69696", tna
ocrarouno ckyuntm urnnom. B knnry rakxe nxonna rannna 100000 nopmantntx orknonennn .
Hnrepecntm n knnre RAND xnnxmrcx ne mnnnnont cnyuanntx nn|p, a ro, uro onn tnn cosant o komnt m-
repnon penonmnnn. Bo mnornx kpnnrorpa|nuecknx anropnrmax ncnontsymrcx nponsnontnte koncranrt - rak n a-
stnaemte "marnueckne uncna". Btop marnuecknx uncen ns rannn RAND rapanrnponan, uro onn ne tnn nt-
pant cnennantno no kaknm-ro xyntnnuecknm npnunnam. Tak, nanpnmep, tno cenano n Khafre.
Hcnouosoeauue cuyuauoeo uya
hyumnm cnocoom nonyunrt ontmoe konnuecrno cnyuanntx nron xnnxercx nsnneuenne nx ns ecrecrnennon
cnyuannocrn peantnoro mnpa. uacro rakon mero rpeyer cnennantnon annaparypt, no +ror rpmk moxno npnm e-
nnrt n n komntmrepax.
Hannre cotrne, koropoe cnyuaercx perynxpno, no cnyuanno: armoc|epntn mym, npeoonenammnn kakon-ro
nopor, peenok, naammnn, yuact xonrt. Hsmeptre nnrepnan mexy onnm noontm cotrnem n cotrnem,
cneymmnm sa nnm. 3annmnre. Hsmeptre npemennon nnrepnan mexy nroptm n rpertnm cotrnxmn . Cnona sa-
nnmnre. Ecnn nepntn npemennon nnrepnan ontme nroporo, ntxontm nrom yer 1 . Ecnn nropon nnrepnan
ontme nepnoro, ro ntxoom cotrnx yer 0. Cenanre +ro cnona nx cneymmero cotrnx.
Fpoctre crpeny aprc n nepeuent kornponok Htm-Hopkckon |ononon npxe n mecrnon rasere . Cpannnre ko-
rnponky aknnn, n koropym nt nonann, c kornponkon aknnn npxmo na nen . Ecnn ontme ra, n koropym nt nonann,
ntxo panen 0, a ecnn mentme - 1.
Hoknmunre k komntmrepy cuerunk Ienrepa , nocunranre konnuecrno nmnyntcon sa |nkcnponanntn nnrepnan
npemenn n nostmnre mnamnn nr. Hnn nsmeptre npemx mexy nocneonarentntmn rnkamn ticks. (Tak kak pano-
akrnnntn ncrounnk pacnaaercx, cpenee npemx mexy nocneonarentntmn rnkamn nenpeptnno ynennunnaercx .
urot +roro nsexart, nao ntnpart ncrounnk c ocrarouno nnnntm nepnoom nonypacnaa - rakon kak nn y-
ronnn. Ecnn nt ecnokonrect o cnoem soponte, moxere nnecrn coornercrnymmne crarncrnueckne nonpankn .)
x. F. 3rntm (G. B. Agnew) npenoxnn reneparop peantno cnyuanntx nron, koroptn moxno nnrerpnponart
n CFHC |21]. 3ro konencarop merann-nsonxrop-nonynpononnk (metal insulator semiconduction capacitor , MISC).
na raknx konencaropa nomemamrcx pxom pyr c pyrom, a cnyuanntn nr xnnxercx |ynknnen pasnocrn sap x-
on +rnx konencaropon. pyron reneparop cnyuanntx uncen renepnpyer norok cnyuanntx nron, ncnontsyx n e-
cranntnocrt uacrort cnoono konenmmerocx ocnnnnxropa |535]. Kommepueckax mnkpocxema or AT&T renepn-
pyer cnyuannte uncna, onnpaxct nmenno na +ro xnnenne |67]. M. Itm (M. Gude) nocrponn reneparop cnyuanntx
uncen, conpammnn cnyuannte nrt ns |nsnuecknx xnnennn, nanpnmep, panoakrnnnoro pacnaa |668, 669].
Man|nn Pnxrep (Manfield Richter) paspaoran reneparop cnyuanntx uncen na ase remneparypnoro myma nony-
npononnkonoro noa |1309].
Hpenonoxnrentno cnyuannt npemennte nnrepnant mexy nocneonarentntmn 2e4 nsnyuennxmn cnera pac-
naammerocx aroma pryrn. Hcnontsynre. A nyume nannre nonynpononnkonym |npmy, koropax nsrorannnnaer
mnkpocxemt reneparopon cnyuanntx uncen, nx ocrarouno mnoro .
Cymecrnyer rakxe reneparop cnyuanntx uncen, ncnontsymmnn nck komntmrepa |439]. On nsmepxer npemx,
nyxnoe nx urennx noka ncka, n ncnontsyer nsmenennx +roro npemenn n kauecrne ncrounnka cnyuanntx uncen .
annte |nntrpymrcx, urot yannrt crpykrypy, ntsnannym knanronannem, sarem k nekropam uncen npnmenxercx
tcrpoe npeopasonanne uypte. 3ro ycrpanxer cmemenne n koppenxnnm. Hakonen, n kauecrne cnyuanntx nron
ncnontsymrcx cnekrpantnte yrnt nx uacror n nanasone (0, ), nopmannsonannte na ennnuntn nnrepnan.
Fontmax uacrt nsmenennn ckopocrn npamennx ncka ntsnana rypynenrnocrtm nosyxa, koropax n xnnxercx n c-
rounnkom cnyuannocrn n cncreme. Xorx nao yuecrt cneymmee. Ecnn nt ntaere na ntxo cnnmkom mnoro n-
ron, ro nt ncnontsyere n kauecrne reneparopa cnyuanntx uncen tcrpoe npeopasonanne uypte n pnckyere non y-
unrt onpeenennym npeckasyemocrt. H nyume cnona n cnona unrart onn n ror xe nckontn nok, urot nam ne
npnmnoct |nntrponart crpykrypy, ncrounnkom koropon xnnxercx nnannponmnk ncka . Peannsannx rakon cncremt
nosnonxna nonyuart okono 100 nron n mnnyry |439].
Hcnouosoeauue maepa ronommepa
Ecnn nam nyxen onn cnyuanntn nr (nnn axe neckontko), nocnontsynrect mnamnm snauamnm nrom nm-
oro perncrpa ranmepa. B cncreme UNIX on moxer trt ne cnnmkom cnyuanntm ns-sa pasnnunon nosmoxnon
cnnxponnsannn, no na nekoroptx nepconantntx komntmrepax +ro paoraer .
He cronr nsnnekart raknm opasom cnnmkom mnoro nron . Btnonnenne mnoro pas onon n ron xe nponeypt
nocneonarentno moxer nerko cmecrnrt nrt, renepnponannte +rnm cnocoom . Hanpnmep, ecnn ntnonnenne kax-
on nponeypt renepannn nra sannmaer uernoe uncno rnkon ranmepa, na ntxoe namero reneparopa yer e c-
koneunax nocneonarentnocrt onnakontx nron . Ecnn ntnonnenne kaxon nponeypt renepannn nra sannmaer
neuernoe uncno rnkon ranmepa, na ntxoe namero reneparopa yer eckoneunax nocneonarentnocrt uepey m-
mnxcx nron. axe ecnn sanncnmocrt ne rak ouennna, nonyuammnncx nrontn norok yer anek or cnyuannoro .
Onn reneparop cnyuanntx uncen paoraer cneymmnm opasom |918]:
Ham reneparop encrnnrentno cnyuanntx uncen . . . paoraer, ycranannnnax ynntnnk n sarem tcrpo nnkpemenrnpyx p e-
rncrp cuerunka nponeccopa o rex nop, noka ne nponsoner npeptnanne . anee ntnonnxercx XOR coepxnmoro perncrpa n co-
epxnmoro anra ntxonoro y|epa (annte perncrpa ycekamrcx o 8 nron). Hocne roro, kak yer sanonnen kaxtn anr
ntxonoro y|epa, y|ep nonepraercx antnenmen opaorke nnknnuecknm cnnrom kaxoro cnmnona nnpano na na nra .
3ro npnnonr k +||ekry nepememennx nanonee akrnnntx (n cnyuanntx) mnamnx snauamnx nron n crapmne snauamne n o-
snnnn. 3arem nect nponecc nonropxercx rpn pasa. Hakonen nocne npeptnannn na camtx cnyuanntx nra perncrpa cuerunka n o-
nnnxmr na kaxtn cnmnon y|epa. To ecrt nponcxonr 4n npeptnannn, re n - uncno nyxntx cnyuanntx nron.
3ror mero ouent uyncrnnrenen k cnyuannocrn cncremntx npeptnannn n knanronannocrn ranmepa . Hpn recrn-
ponannn na peantntx UNIX-mamnnax pesyntrar tn ouent nennox.
Hsepeuue crpmmoeo cocmoauua ruaeuamypm
Hponecc neuarannx n cnyuaen, n necnyuaen. On ocrarouno necnyuaen, urot ero moxno tno ncnontsonart
nx nenrn|nkannn neuarammero uenoneka, no on ocrarouno cnyuaen, urot ero moxno tno ncnontsonart nx
renepannn cnyuanntx nron. Hsmeptre npemx mexy nocneonarentntmn naxarnxmn knannm, sarem nocnontsy n-
rect mnamnmn snauamnmn nramn +rnx nsmepennn . 3rn nrt okastnamrcx ocrarouno cnyuanntmn. 3ror mero
ne paoraer na UNIX-repmnnanax, rak kak naxarnx knannm npexe, uem onn yyr nepeant namen nporpamme,
npoxoxr uepes |nntrpt n pyrne mexannsmt, no +ro yer paorart na ontmnncrne nepconantntx komntmr e-
pon.
B neane nt onxnt no kaxomy naxarnm knannmn renepnponart rontko onn nr . Hcnontsonanne ontmero
konnuecrna nron moxer cmecrnrt pesyntrart n sanncnmocrn or nantkon mamnnncrkn . Onako +ror mero nmeer
px orpannuennn. Xorx nerpyno nocanrt sa knannarypy uenoneka, neuarammero co ckopocrtm 100 cnon n mnnyry
nnn okono roro, ecnn ecrt npemx nx renepannn knmua, rnyno npocnrt mamnnncrky neuarart rekcr ns 100000
cnon, urot ncnontsonart pesyntrar paort reneparopa n kauecrne onopasonoro noknora .
Ceueuua u roppeuauuu
Inannon nponemon noontx cncrem xnnxmrcx nosmoxnte sakonomepnocrn n renepnpyemon nocneonaren t-
nocrn. Hcnontsyemte |nsnueckne nponecct moryr trt cnyuannt, no mexy |nsnuecknm nponeccom n komnt m-
repom naxoxrcx pasnnunte nsmepnrentnte nncrpymenrt. 3rn nncrpymenrt moryr nerko npnnecrn k noxnnennm
nponem.
Cnocoom ycrpannrt cuemenne, nnn orknonenne, xnnxercx XOR neckontknx nron pyr c pyrom. Ecnn cny-
uanntn nr cmemen k 0 na nennunny e, ro nepoxrnocrt 0 moxno sanncart kak:
P(0) 0.5 e
XOR nyx ns raknx nron aer:
P(0) (0.5 e)
2
(0.5 - e)
2
0.5 2e
2
Te xe ntuncnennx nx XOR 4 nron amr:
P(0) 0.5 8e
4
XOR m nron +kcnonennnantno cxonrcx k pannon nepoxrnocrn 0 n 1 . Ecnn nsnecrno makcnmantnoe cmemenne,
koropoe onycrnmo n namem npnnoxennn, nt moxere ntuncnnrt, ckontko nron nam nyxno oennnrt c nom o-
mtm XOR, urot ymentmnrt cmemenne o +roro snauennx .
Eme nyume paccmarpnnart nrt nonapno. Ecnn 2 nra onnakont orpoctre nx n nsrnxnnre na cneymmym
napy. Ecnn 2 nra pasnnunt, ncnontsynre nepntn nr n kauecrne ntxoa reneparopa . 3ro nonnocrtm ycrpanxer
cmemenne. pyrne merot ymentmennx cmemennx ncnontsymr pacnpeenenne nepexoon cxarne n tcrpoe np e-
opasonanne uypte |511].
Horennnantnon nponemon oonx meroon xnnxercx ro, uro npn nannunn xoppenunnn mexy cocennmn n-
ramn +rn merot ynennunnamr cmemenne. Onnm ns cnocoon ncnpannrt +ro xnnxercx ncnontsonanne neckontknx
cnyuanntx ncrounnkon. Bostmnre uertpe cnyuanntx ncrounnka n ntnonnnre XOR nron pyr c pyrom nnn
nostmnre na cnyuanntx ncrounnka n nsrnxnnre na nx nrt nonapno .
Hanpnmep, nostmnre panoakrnnntn ncrounnk n npncoennnre cuerunk Ienrepa k namemy komntmrepy . Bost-
mnre napy mymxmnx noon n sannctnanre n kauecrne cotrnx kaxoe npentmenne onpeenennoro snauennx .
Hsmeptre armoc|epntn mym. Hsnneknre ns kaxoro ncrounnka cnyuanntn nr n ntnonnnre nx XOR pyr c py-
rom, nonyuax cnyuanntn nr. Bosmoxnocrn eckoneunt.
Ono ro, uro reneparop cnyuanntx uncen cmemen ne oxsarentno osnauaer ero ecnonesnocrt . 3ro rontko os-
nauaer, uro on menee esonacen. Hanpnmep, paccmorpnm nponemy Annct, renepnpymmen 168-nrontn knmu nx
rponnoro DES. A nce, uro y nee ecrt, - +ro reneparop cnyuanntx nron co cmemennem k 0 : c nepoxrnocrtm 55 npo-
nenron on ntaer nynn n c nepoxrnocrtm 45 nponenron - ennnnt . 3ro osnauaer, uro +nrponnx na nr knmua c o-
crannr rontko 0.99277 (nx neantnoro reneparopa ona panna 1). M+nnopn, ntraxct packptrt knmu, moxer onrn-
mnsnponart ntnonnxemoe nckptrne rpyon cnnon, nponepxx cnauana nanonee nepoxrnte knmun (000 . . . 0) n
nnraxct k nanmenee nepoxrnomy knmuy (111 . . . 1). Hs-sa cmemennx M+nnopn moxer oxnart, uro emy yacrcx
onapyxnrt knmu sa 2
109
nontrok. Hpn orcyrcrnnn cmemennx M+nnopn norpeyercx 2
111
nontrok. Honyuenntn
knmu menee esonacen, no +ro npakrnueckn neomyrnmo .
Hseueueuuaa cuyuauocmo
B omem cnyuae nyumnn cnoco renepnponart cnyuannte uncna - nanrn ontmoe konnuecrno kaxymnxcx cn y-
uanntmn cotrnn n nsnneut cnyuannocrt ns nnx . 3ra cnyuannocrt moxer xpannrtcx n nakonnrene n nsnnekartcx
npn neoxonmocrn. .Ononanpannennte x+m-|ynknnn npekpacno noxoxr nx +roro. Onn tcrpt, no+romy nt
moxere nponyckart nrt uepes nnx, ne cnnmkom saorxct o nponsnonrentnocrn nnn encrnnrentnon cnyuann o-
crn kaxoro nanmennx. Honpoynre x+mnponart nourn nce, uro nam kaxercx xort uyrt-uyrt cnyuanntm. H a-
npnmep:
Konnx kaxoro naxarnx na knannmn
Komant mtmn
Homep cekropa, npemx nx n saepxka noncka nx kaxon nckonon onepannn
encrnnrentnoe nonoxenne mtmn
Homep rekymen crpokn pasneprkn monnropa
Coepxanne encrnnrentno ntnonmoro na +kpan nsopaxennx
Coepxanne EAT-rannn, rannn xpa, n r..
Bpemena ocryna/nsmenennx /dev/tty
3arpyska nponeccopa
Bpemena nocrynnennx cerentx nakeron
Btxo mnkpo|ona
/dev/audio es npncoennennoro mnkpo|ona
Ecnn nama cncrema ncnontsyer pasnnunte kpncrannt-ocnnnnxropt nx cnoero nponeccopa n uacon , nontran-
rect cunrtnart npemx nx n nnornom nnkne . B nekoroptx (no ne ncex) cncremax +ro npnneer k cnyuanntm kone-
annxm |ast mexy nymx ocnnnnxropamn.
Tak kak cnyuannocrt n +rnx cotrnxx onpeenxercx cnnxponnsannen ocnnnnxropon, ncnontsynre uact c kak
moxno mentmnm knanrom npemenn. B cranaprnom PC ncnontsyercx mnkpocxema ranmepa Intel 8254 (nnn +knnna-
nenrnax), paorammax na rakronon uacrore 1.1931818 MIn, no+romy nenocpecrnennoe cunrtnanne perncrpa
cuerunka acr paspemenne n 838 nanocekyn. urot nsexart cmemennx pesyntraron, ne ncnontsynre n kauecrne
ncrounnka cotrnn npeptnanne ranmepa. Bor kak ntrnxnr +ror nponecc na xstke C c MD5 (cm. pasen 18.5) n
kauecrne x+m-|ynknnn:
char Randpool[16];
/* Hacio s-s-saeicn znn mwpoxoro mno+ecisa cnyuann-x wnw nonycnyuann-x cwciemn-x co-iwn znn to
churn the randomness pool . Toun-n opmai w znwna randevent ne wmeei snauenwn, noxa ero cozep+anwe
nsnneicn s nexoiopon mepe uem-io nenpezcxasyem-m. */
void churnrand(char *randevent,unsigned lnt randlen) {
MD5_CTX md5;
MD5Init(&md5);
MD5Update(&md5, Randpool , sizeof(Randpool));
MD5Update(&md5 , randevent , randlen );
MD5Final(Randpool,&md5);
}
Hocne ocrarountx ntsonon churnrand() nakonnennx ocrarounon cnyuannocrn n Randpool, moxno renepnpo-
nart ns +roro cnyuannte nrt. MD5 cnona cranonnrcx nonesnon, n +ror pas n kauecrne reneparopa ncenocnyua n-
noro anronoro noroka, paorammero n pexnme cuerunka .
long Randcnt;
void genrand(char *buf,unsigned int buflen) {
MD5_CTX md5;
char tmp[16];
unsigned int n;
while(buflen != 0) {
/* Hyn xomwpyeicn cueiuwxom */
MD5Init(&md5);
MD5Update(&md5, Randpool, sizeof(Randpool));
MD5Update(&md5,(unsigned char *)&Randcnt,sizeof(Randcnt));
MD5Final(tmp,&md5);
Randcnt++; /* Unxpemeniwpyem cueiuwx */
/*Konwpyem 16 wnw sanpomennoe uwcno anios, ecnw ono mensme 16, s yep
nonssosaienn*/
n = (buflen < 16) ? buflen : 16;
memcpy(buf, tmp, n);
buf += n ;
buflen -= n;
}
}
Ho mnornm npnunnam x+m-|ynknnx nmeer knmuenoe snauenne . Bo nepntx ona oecneunnaer npocron cnoco
renepnponart nponsnontnoe konnuecrno ncenocnyuanntx anntx , ne ntstnax ncxknn pas churnrand(). Ha ene,
kora sanac n nakonnrene noxonr k konny, cncrema nocrenenno nepexonr or conepmennon cnyuannocrn k npa k-
rnueckon. B +rom cnyuae cranonnrcx meopemu:ecru nosmoxntm ncnontsonart pesyntrar ntsona genrand() nx
onpeenennx npetymero nnn nocneymmero pesyntrara . Ho nx +roro norpeyercx nnneprnponart MD5, uro
ntuncnnrentno nenosmoxno.
3ro naxno, rak kak nponeype nensnecrno, uro enaercx norom co cnyuanntmn anntmn, koropte ona nosnp a-
maer. Onn ntson nponeypt moxer renepnponart cnyuannoe uncno nx nporokona, koropoe noctnaercx n xnnom
nne, nosmoxno n orner na npxmon sanpoc nsnommnka . A cneymmnn ntson moxer renepnponart cekperntn knmu
nx concem pyroro ceanca cnxsn, n cyrt koroporo n xouer nponnknyrt nsnommnk . Ouennna naxnocrt roro, urot
nsnommnk ne cmor nonyunrt cekperntn knmu, ncnontsyx noonym cxemy encrnnn .
Ho ocraercx ona nponema. Hpexe, uem n nepntn pas yer ntsnana genrand() n maccnne Randpool|] onxno
trt nakonneno ocrarouno cnyuanntx anntx . Ecnn cncrema kakoe-ro npemx paorana c nokantntm nontsonare-
nem, uro-ro neuarammnm na knannarype, ro nponem ner . Ho kak nacuer nesanncnmon cncremt, koropax neperp y-
xaercx anromarnueckn, ne opamax nnnmannx nn na kakne annte knannarypt nnn mtmn ?
Ho ecrt ona rpynocrt. B kauecrne uacrnunoro pemennx moxno norpeonart, urot nocne camon nepnon s a-
rpyskn oneparop kakoe-ro npemx nopaoran na knannarype n cosan na ncke craprontn |ann nepe ntrpyskon
onepannonnon cncremt, urot n xoe nepesarpysok ncnontsonannct cnyuannte annte, nepeannte n Randseed|].
Ho ne coxpanxnre nenocpecrnenno cam Randseed|]. Bsnommnk, koropomy yacrcx sanonyunrt +ror |ann, cmoxer
onpeennrt nce pesyntrart genrand() nocne nocnenero opamennx k churnrand() npexe, uem +ror |ann yer
cosan.
Pemennem +ron nponemt xnnxercx x+mnponanne maccnna Randseed|] nepe ero coxpanennem, moxer axe nt-
sonom genrandO. Hpn nepesarpyske cncremt nt cunrtnaere annte ns crapronoro |anna, nepeaere nx
churnrand(), a sarem nemenenno crnpaere nx. K coxanennm +ro ne ycrpanxer yrpost roro, uro snoymtmnennnk
oyer |ann mexy nepesarpyskamn n ncnontsyer ero nx npeckasannx yymnx snauennn |ynknnn genrand().
ne nnxy nnoro pemennx +ron nponemt kpome, kak nooxart nakonnennx ocrarounoro konnuecrna cnyuanntx
cotrnn, cnyunnmnxcx nocne nepesarpyskn, npexe, uem nosnonnrt genrand() ntanart pesyntrart.
Fnana 18
Opnonanpannennme xam-qynkunn
18.1 Ocnonm
Ononanpannennax |ynknnx H(M) npnmenxercx k coomennm nponsnontnon nnnt M n nosnpamaer snauenne
|nkcnponannon nnnt h.
h H(M), re h nmeer nnny m
Mnorne |ynknnn nosnonxmr ntuncnxrt snauenne |nkcnponannon nnnt no nxontm anntm nponsnontnon
nnnt, no y ononanpannenntx x+m-|ynknnn ecrt ononnnrentnte cnoncrna, enammne nx ononanpannenntmn
|1065]:
3nax M, nerko ntuncnnrt h.
3nax H, rpyno onpeennrt M, nx koroporo H(M)h.
3nax M, rpyno onpeennrt pyroe coomenne, M, nx koroporo H(M) H(M).
Ecnn t M+nnopn ymen enart rpynte nemn, on cmor t paspymnrt esonacnocrt nmoro nporokona, n c-
nontsymmero ononanpannennym x+m-|ynknnm. Cmtcn ononanpannenntx x+m-|ynknnn n cocronr n oecneu e-
nnn nx M ynnkantnoro nenrn|nkaropa ("orneuarka nantna") . Ecnn Annca nonncana M c nomomtm anropnrma
nn|ponon nonncn na ase H(M), a Fo moxer cosart M, pyroe coomenne, ornnunoe or M, nx koroporo
H(M) H(M), ro Fo cmoxer yrnepxart, uro Annca nonncana M.
B nekoroptx npnnoxennxx ononanpannennocrn neocrarouno, neoxonmo ntnonnenne pyroro rpeonannx,
nastnaemoro yc1onunnoc1nm x c1onxnonennuu.
onxno trt rpyno nanrn na cnyuanntx coomennx, M n M, nx koroptx H(M) H(M).
Homnnre nckptrne meroom nx poxennx ns pasena 7.4? Ono ocnonano ne na noncke pyroro coomennx M,
nx koroporo H(M) H(M), a na noncke nyx cnyuanntx coomennn, M n M, nx koroptx H(M) H(M).
Cneymmnn nporokon, nnepnte onncanntn Ineonom Rnanom ( Gideon Yuval) |1635], nokastnaer, kak, ecnn
npetymee rpeonanne ne ntnonnxercx, Annca moxer ncnontsonart nckptrne meroom nx poxennx nx om a-
na Foa.
(1) Annca roronnr ne nepcnn konrpakra: ony, ntronym nx Foa, n pyrym, npnnoxmym ero k ankporcrny
(2) Annca nnocnr neckontko nesnaunrentntx nsmenennn n kaxtn okymenr n ntuncnxer x+m-|ynknnn .
(3rnmn nsmenennxmn moryr trt encrnnx, noonte cneymmnm : samena HPOFEhA komnnannen HPO-
FEh-3AFOH-HPOFEh, ncranka onoro-nyx npoenon nepe nosnparom kaperkn, n r.. enax nnn ne enax
no onomy nsmenennm n kaxon ns 32 crpok, Annca moxer nerko nonyunrt 2
32
pasnnuntx okymenron.)
(3) Annca cpannnnaer x+m-snauennx nx kaxoro nsmenennx n kaxom ns nyx okymenron , pastcknnax napy,
nx koropon +rn snauennx connaamr. (Ecnn ntxoom x+m-|ynknnn xnnxercx ncero nnmt 64-paspxnoe sn a-
uenne, Annca, kak npannno, cmoxer nanrn connaammym napy cpannnn 2
32
nepcnn kaxoro okymenra.) Ona
noccranannnnaer na okymenra, ammnx onnakonoe x+m-snauenne .
(4) Annca nonyuaer nonncannym Foom ntronym nx nero nepcnm konrpakra, ncnontsyx nporokon, n koropom
on nonnctnaer rontko x+m-snauenne.
(5) Cnycrx nekoropoe npemx Annca nomenxer konrpakr, nonncanntn Foom, pyrnm, koroptn on ne nonnc t-
nan. Tenept ona moxer yenrt apnrpa n rom, uro Fo nonncan pyron konrpakr .
3ro samernax nponema. (Onnm ns coneron xnnxercx nnecenne kocmernuecknx ncnpannennn n nonnctnaemtn
okymenr.)
Hpn nosmoxnocrn ycnemnoro nckptrnx meroom nx poxennx, moryr npnmenxrtcx n pyrne cnocot nckp t-
rnx. Hanpnmep, npornnnnk moxer noctnart cncreme anromarnueckoro konrponx (moxer trt cnyrnnkonon) cny-
uannte crpokn coomennn co cnyuanntmn crpokamn nonncen . B konne konnon nonnct no onnm ns +rnx cny-
uanntx coomennn okaxercx npannntnon. Bpar ne cmoxer ysnart, k uemy npnneer +ra komana, no, ecnn ero
enncrnennon nentm xnnxercx nmemarentcrno n paory cnyrnnka, on cnoero otercx .
uuum ououanpaeueuumx x+u-qyuruu
64-nronte x+m-|ynknnn cnnmkom mant, urot npornnocroxrt nckptrnm meroom nx poxennx . Fonee
npakrnunt ononanpannennte x+m-|ynknnn, ntammne 128-nronte x+m-snauennx . Hpn +rom, urot nanrn na
okymenra c onnakontmn x+m-snauennxmn, nx nckptrnx meroom nx poxennx npnercx x+mnponart 2
64
cny-
uanntx okymenron, uro, nnpouem, neocrarouno, ecnn nyxna nnrentnax esonacnocrt . NIST n cnoem Cranapre
esonacnoro x+mnponannx (Secure Hash Standard, SHS), ncnontsyer 160-nronoe x+m-snauenne. 3ro eme cnntnee
ycnoxnxer nckptrne meroom nx poxennx, nx koroporo nonaonrcx 2
80
x+mnponannn.
nx ynnnennx x+n-snauennn, ntanaemtx konkpernon x+m-|ynknnen, tn npenoxen cneymmnn mero .
(1) nx coomennx c nomomtm onon ns ynomxnyrtx n +ron knnre ononanpannenntx x+m-|ynknnn renepnp y-
ercx x+m-snauenne.
(2) X+m snauenne oannxercx k coomennm.
(3) Ienepnpyercx x+m-snauenne oennennx coomennx n x+m-snauennx +rana (1) .
(4) Cosaercx ontmee x+m-snauenne, cocroxmee ns oennennx x+m-snauennx +rana (1) n x+m-snauennx +rana
(3).
(5) 3rant (1)-(4) nonropxmrcx nyxnoe konnuecrno pas nx oecneuennx rpeyemon nnnt x+m-snauennx .
Xorx nnkora ne tna okasana esonacnocrt nnn neesonacnocrt +roro meroa, ypx nmen +ror mero nts t-
naer onpeenennte comnennx |1262,859].
Osop ououanpaeueuumx x+u-qyuruu
He nerko nocrponrt |ynknnm, nxo koropon nmeer nponsnontntn pasmep, a rem onee cenatrt ee onon a-
npannennon. B peantnom mnpe ononanpannennte x+m-|ynknnn crpoxrcx na nee qynxnnn caa1nu. Takax ono-
nanpannennax |ynknnx ntaer x+m-snauenne nnnt n npn saanntx nxontx anntx ontmen nnnt m |1069,
414]. Bxoamn |ynknnn cxarnx xnnxmrcx nok coomennx n ntxo npetymero noka rekcra (cm. 17-n). Btxo
npecrannxer coon x+m-snauenne ncex nokon o +roro momenra . To ecrt, x+m-snauenne noka M
i
panno
h
i
f(M
i
, h
i-1
)
3ro x+m-snauenne nmecre co cneymmnm nokom coomennx cranonnrcx cneymmnm nxoom |ynknnn cxarnx .
X+m-snauennem ncero coomennx xnnxercx x+m-snauenne nocnenero noka .
Opuouanpaeneuuan
qyukun
M
i
h
i
h
i-1
Pnc. 18-1. Ononanpannennau qynxnnu
X+mnpyemtn nxo onxen kaknm-ro cnocoom coepxart nnapnoe npecrannenne nnnt ncero coomennx .
Taknm opasom npeoonenaercx norennnantnax nponema, ntsnannax rem, uro coomennx pasnnunon nnnt moryr
anart ono n ro xe x+m-snauenne |1069, 414]. Hnora rakon mero nastnaercx MD-ycnnenneu |930].
Pasnnunte nccneonarenn ntnnrann npenonoxennx, uro ecnn |ynknnx cxarnx esonacna, ro +ror mero x +-
mnponannx ncxontx anntx nponsnontnon nnnt rakxe esonacen - no nnuero ne tno okasano |1138, 1070,
414].
Ha remy npoekrnponannx ononanpannenntx x+m-|ynknnn nanncano mnoro. Fonee noponym maremarnue-
ckym nn|opmannm moxno nanrn |1028, 793, 791, 1138, 1069, 414, 91, 858, 1264]. Bosmoxno camtm ronkonon
nnrepnperannen ononanpannenntx x+m-|ynknnn xnnxmrcx resnct Fapra Hpenena ( Bart Preneel) |1262].
18.2 Snefru
Snefru - +ro ononanpannennax x+m-|ynknnx, paspaorannax Pant|om Mepknom |1070]. (Snefru, rakxe kak
Khufu n Khafre, tn ernnercknm |apaonom.) Snefru x+mnpyer coomennx nponsnontnon nnnt, npenpamax nx n
128-nronte 256-nronte snauennx.
Cnauana comenne pasnnaercx na kycoukn nnnon no 512-m. (Hepemennax m xnnxercx nnrnon x+m-
snauennx.) Ecnn ntxo - +ro 128-nronoe snauenne, ro nnna kycoukon panna 384 nram, a ecnn ntxo -
128-nronoe snauenne, ro nnna kycoukon - 256 nron.
Cepnem anropnrma cnyxnr |ynknnx H, x+mnpymmax 512-nronoe snauenne n m-nronoe. Hepnte m nron
ntxoa H xnnxmrcx x+m-snauennem noka, ocrantnte orpactnamrcx . Cneymmnn nok oannxercx k x+m-
snauennm npetymero noka n cnona x+mnpyercx . (K nepnonauantnomy noky oannxercx crpoka nynen .) Hocne
nocnenero noka (ecnn coomenne cocronr ne ns nenoro uncna nokon, nocnennn nok ononnxercx nynxmn )
nepnte m nron oannxmrcx k nnapnomy npecrannennm nnnt coomennx n x+mnpymrcx nocnennn pas .
uynknnx H ocnontnaercx na E, oparnmon |ynknnn nounoro mn|ponannx, paorammen c 512 nrontmn
nokamn. H - +ro nocnenne m nron ntxoa E, oennennte nocpecrnom XOR c nepntmn m nramn nxoa E.
Fesonacnocrt Snefru onnpaercx na |ynknnm E, koropax panomnsnpyer annte sa neckontko npoxoon . Kax-
tn npoxo cocronr ns 64 panomnsnpymmnx +ranon. B kaxom +rane n kauecrne nxoa S-noka ncnontsyercx
pyron anr anntx. Btxonoe cnono nonepraercx onepannn XOR c nymx cocennmn cnonamn coomennx. Ho-
crpoenne S-nokon ananornuno nocrpoennm S-nokon n Khafre (cm. pasen 13.7). Kpome roro, ntnonnxercx px
nnknnuecknx cnnron. Opnrnnantntn Snefru cocroxn ns nyx npoxoon.
Kpunmoauauus Snefru
Hcnontsyx n||epennnantntn kpnnroananns, Fnxam n Bamnp nokasann neesonacnocrt nyxnpoxonoro
Snefru (c 128-nrontm x+m-snauennem) |172]. Hx cnoco nckptrnx sa neckontko mnnyr onapyxnnaer napy coo -
mennn c onnakontm x+m-snauennem.
nx 128-nronoro Snefru nx nckptrnx paoramr nyume, uem nckptrne rpyon cnnon nx uertpex n menee np o-
xoon. Bckptrne Snefru meroom nx poxennx rpeyer 2
64
onepannn; n||epennnantntn kpnnroananns moxer
nanrn napy coomennn c onnakontm x+m-snauennem sa 2
28.5
onepannn nx rpexnpoxonoro Snefru n sa 2
44.5
one-
pannn nx uertpexnpoxonoro Snefru. Haxoxenne coomennx, x+m-snauenne koroporo connaaer c saanntm,
npn ncnontsonannn rpyon cnnt rpeyer 2
128
onepannn, npn n||epennnantnom kpnnroanannse nx +roro nyxno
2
56
onepannn nx rpexnpoxonoro n 2
88
onepannn nx uertpexnpoxonoro Snefru.
Xorx Fnxam n Bamnp ne anannsnponann 256-nronte x+m-snauennx, onn nponenn ananns nnnort o 224-
nrontx x+m-snauennn. B cpannennn c nckptrnem meroom nx poxennx, rpeymmnm 2
112
onepannn onn moryr
nanrn coomennx c onnakontm x+m-snauennem sa 2
12.5
onepannn nx nyxnpoxonoro Snefru, sa 2
33
onepannn
nx rpexnpoxonoro Snefru n sa nx 2
81
onepannn nx uertpexnpoxonoro Snefru.
B nacroxmee npemx Mepkn pekomenyer ncnontsonart Snefru no kpannen mepe c nocemtm npoxoamn |1073].
Onako c raknm konnuecrnom npoxoon anropnrm cranonnrcx namnoro menennee, uem MD5 nnn SHA.
18.3 -xam
N-x+m - +ro anropnrm, npnymanntn n 1990 roy nccneonarenxmn Nippon Telephone and Telegraph, remn xe
nmtmn, koropte nsopenn EEAL |1105, 1106]. N-x+m ncnontsyer 128-nronte nokn coomennx, cnoxnym pa n-
omnsnpymmym |ynknnm, noxoxym na EEAL, n ntaer 128-nronoe x+m-snauenne.
X+m-snauenne kaxoro 128-nronoro noka xnnxercx |ynknnen noka n x+m-snauennx npetymero noka .
H
0
I, re I - cnyuannoe nauantnoe snauenne
H
i
g(M
i
, H
i-1
) M
i
H
i-1
X+m-snauenne ncero coomennx npecrannxer coon x+m-snauenne nocnenero noka coomennx . Cnyuannoe
nauantnoe snauenne I moxer trt nmtm uncnom, onpeenenntm nontsonarenem (axe onnmn nynxmn).
uynknnx g ocrarouno cnoxna. Cxema anropnrma npnneena na 16-n. Cnauana nepecrannxmrcx nenax n npanax
64-nronte nononnnt 128-nronoro x+m-snauennx npetymero noka H
i-1
, a sarem ntnonnxercx XOR c nonro-
pxmmnmcx manonom (128-nrontm) n XOR c rekymnm nokom coomennx M
i
. anee +ro snauenne kackano npe-
opasyercx n N (na pncynkax N 8) crann opaorkn. pyrnm nxoom crann opaorkn xnnxercx npetymee
x+m-snauenne, noneprnyroe XOR c onon ns noctmn nonuntx koncranr.
PS
128 ufoe
128 ufoe 128 ufoe
||: koukafeuaun
PS: cfapun opaofku (processing stage)
: 1010 ... 1010 (peouuoe, 128 ufoe)
EXG: nepecfauoeka neeo u npaeo acfe
Vj=||Aj1 ||Aj2 ||Aj3 ||Aj4
0E = gE, 0E-1) E 0E-1
Ajk=4*(j-1)+k(k=1,2,3,4, Ajk - 8 ufoe e pnuuy)
: 000 ... 0 (peouuoe, 24 uf)
V3
V2
EXG
hi=1 hi
Mi
V1
PS
PS
V4
PS
V5
PS
V6
PS
V7
PS
V8
PS
g
Pnc. 18-2. Cxeua N-x+m.
Ona cranx opaorkn nokasana na 15-n. Fnok coomennx pasnnaercx na uertpe 32-nrontx snauennx . Hpe-
tymee x+m-snauenne rakxe pasnnaercx na uertpe 32-nrontx snauennx . uynknnx f npecrannena na 14th.
uynknnn S
0
n S
1
re xe camte, uro n n EEAL.
S
0
(a,b) nnknnuecknn cnnr nneno na na nra (( a b) mod 256)
S
1
(a,b) nnknnuecknn cnnr nneno na na nra(( a b 1) mod 256)
B B
32 ufa 32 ufa 32 ufa 32 ufa
32 ufa 32 ufa 32 ufa 32 ufa
P= P1||P2||P3||P4
Bxop: : :1||:2||:3||:4
X2
P4 P3
P2
P2
P1
P1
X1 X4 X3
B B
P4
P3
Y2 Y1 Y4 Y3
Y=PS(X,P)
BLxop: Y= Y1||Y2||Y3||Y4
Pnc. 18-3. Ona c1anu opao1xn N-x+m.
Btxo onon crann opaorkn cranonnrcx nxoom cneymmen crann opaorkn . Hocne nocnenen crann
opaorkn ntnonnxercx XOR ntxoa c M
i
n H
i-1
, a sarem k x+mnponannm roron cneymmnn nok .
S
1
S
0
S
1
P
S
0
8 ufoe 8 ufoe 8 ufoe 8 ufoe
32 ufa
32 ufa
32 ufa
N
f (N,2)
Y=S
0
(X
1
,X
2
)=Rot2((X
1
+X
2
) mod 256)
Y=S
1
(X
1
,X
2
)=Rot2((X
1
+X
2
+1) mod 256)
Y: eLxopuLe 8 ufoe, X
1
,X
2
(8 ufoe): exopL
Rot2(Y): uknuecku cpeur eneeo ua 2 ufa
8-ufoeLx pauuLx Y
Pnc. 18-4. mynxnnu f.
Kpunmoauauus N-x+u
Fepr en Foep (Bert den Boer) orkptn cnoco cosanart cronknonennx n |ynknnn +rana N-x+m |1262]. Fnxam n
Bamnp npnmennnn n||epennnantntn kpnnroananns nx nckptrnx 6-+rannon N-x+m |169, 172]. Konkpernoe
ntnonnennoe nmn nckptrne (koneuno xe, mornn trt n pyrne) paoraer nx nmoro N, enxmerocx na 3, n +|-
|ekrnnnee nckptrnx meroom nx poxennx nx nmoro N, mentmero 15.
To xe camoe nckptrne moxer onapyxnnart napt coomennn c onnakontm x+m-snauennem nx 12-+rannon
N-x+m sa 2
56
onepannn (nx nckptrnx rpyon cnnon nyxno 2
64
onepannn). N-x+m c 15 +ranamn esonacna no or-
nomennm k n||epennnantnomy kpnnroanannsy : nx nckptrnx norpeyercx 2
72
onepannn.
Paspaorunkn anropnrma pekomenymr ncnontsonart N-x+m ne mentme, uem c 8 +ranamn |1106]. C yuerom o-
kasannon neesonacnocrn N-x+m n EEAL (n ee ckopocrn npn 8 +ranax) x pekomenym nonnocrtm orkasartcx or
+roro anropnrma.
18.4 MD4
MD4 - +ro ononanpannennax x+m-|ynknnx, nsoperennax Ponom Pnnecrom |1318, 1319, 1321]. MD oosnaua-
er Message Digest (kparkoe nsnoxenne coomennx), anropnrm nx nxonoro coomennx ntaer 128-nronoe x+m-
snauenne, nnn kparkoe nsnoxenne coomennx.
B |1319] Pnnecr onncan nenn, npecneyemte nm npn paspaorke anropnrma :
Besonacuocmi. Btuncnnrentno nenosmoxno nanrn na coomennx c onnakontm x+m-snauennem . Bckptrne
rpyon cnnon xnnxercx camtm +||ekrnnntm.
Hp+a oesonacuocmi. Fesonacnocrt MD4 ne ocnontnaercx na kaknx-nno onymennxx, nanpnmep, npen o-
noxennn o rpynocrn pasnoxennx na mnoxnrenn.
Cropocmi. MD4 noxonr nx ntcokockopocrntx nporpammntx peannsannn . Ona ocnonana na npocrom nao-
pe nrontx mannnynxnnn c 32-nrontmn onepanamn.
Hpocmoma u ro+narmuocmi. MD4 npocra, nackontko +ro nosmoxna, n ne coepxnr ontmnx crpykryp anntx
nnn cnoxntx nporpammntx moynen.
Voa:ua apxumermvpa. MD4 onrnmnsnponana nx mnkponponeccopnon apxnrekrypt (ocoenno nx mnkponpo-
neccopon Intel), nx onee kpynntx n tcrptx komntmrepon moxno ntnonnnrt nmte neoxonmte nsmenennx .
Hocne nepnoro noxnnennx anropnrma Fepr en Foep n Anron Foccenaepc (Antoon Bosselaers) ocrnrnn ycnexa
npn kpnnroanannse nocnennx nyx ns rpex +ranon anropnrma |202]. Pant|y Mepkny conepmenno nesanncnmo
yanoct nckptrt nepnte na +rana |202]. 3nn Fnxam paccmorpen ncnontsonanne n||epennnantnoro kpnnroan a-
nnsa npornn nepntx nyx +ranon MD4 |159]. Xorx nce +rn nckptrnx ne tnn pacnpocrpanent na nonntn anr o-
pnrm, Pnnecr ycnnnn cnom paspaorky. B pesyntrare noxnnnact MD5.
18.5 MD5
MD5 - +ro ynyumennax nepcnx MD4 |1386, 1322]. Xorx ona cnoxnee MD4, nx cxemt noxoxn, n pesyntrarom
MD5 rakxe xnnxercx 128-nronoe x+m-snauenne .
Onucauue MD5
Hocne nekoropon nepnonauantnon opaorkn MD5 opaartnaer nxonon rekcr 512-nrontmn nokamn, pas-
nrtmn na 16 32-nrontx nonokon. Btxoom anropnrma xnnxercx naop ns uertpex 32-nrontx nokon, koro-
pte oennxmrcx n ennoe 128-nronoe x+m-snauenne .
Bo nepntx, coomenne ononnxercx rak, urot ero nnna tna na 64 nra kopoue uncna, kparnoro 512. 3rnm
ononnennem xnnxercx 1, sa koropon nnnort o konna coomennx cneyer crontko nynen, ckontko nyxno . 3arem, k
pesyntrary oannxercx 64-nronoe npecrannenne nnnt coomennx (ncrnnnon, o ononnennx). 3rn na encr-
nnx cnyxar nx roro, urot nnna coomennx tna kparna 512 nram (uro rpeyercx nx ocranmencx uacrn anr o-
pnrma), n urot rapanrnponart, uro pasnte coomennx ne yyr ntrnxert onnakono nocne ononnennx . Hnn-
nnannsnpymrcx uertpe nepemenntx:
A 0x01234567
B 0x89abcdef
C 0xfedcba98
D 0x76543210
Onn nastnamrcx nepeuennmun cnennennu.
Tenept nepenem k ocnonnomy nnkny anropnrma . 3ror nnkn npoonxaercx, noka ne ncuepnamrcx 512-nronte
nokn coomennx.
uertpe nepemenntx konnpymrcx n pyrne nepemennte : A n a, B n b, C n c n D n d.
Inanntn nnkn cocronr ns uertpex ouent noxoxnx +ranon (y MD4 tno rontko rpn +rana). Ha kaxom +rane
16 pas ncnontsymrcx pasnnunte onepannn. Kaxax onepannx npecrannxer coon nennnennym |ynknnm na rp e-
mx ns a, b, c n d. 3arem ona oannxer +ror pesyntrar k uernepron nepemennon, nonoky rekcra n koncranre. a-
nee pesyntrar nnknnueckn cnnraercx nnpano na nepemennoe uncno nron n oannxer pesyntrar k onon ns nep e-
menntx a, b, c n d. Hakonen pesyntrar samenxer ony ns nepemenntx a, b, c n d. Cm. 13-n n 12-n. Cymecrnymr
uertpe nennnenntx |ynknnn, ncnontsyemte no onon n kaxon onepannn (nx kaxoro +rana - pyrax |yn knnx).
B
A
Ofan 2 Ofan 1 Ofan 3 Ofan 4
D
B
Enok cooeuun
A
D
Pnc. 18-5. Inannmn nnxn ,#
<<<S
t
i
M
j
Henuueuan
qyukun
=
>
?
@
Pnc. 18-6. Ona onepannu ,#
E(X,Y,Z) (X Y) ((X) Z)
G(X,Y,Z) (X Z) (Y (Z))
H(X,Y,Z) X Y Z
I(X,Y,Z) Y (X (Z))
( - +ro XOR, - AND, - OR, a - NOT.)
3rn |ynknnn cnpoekrnponant rak, urot, ecnn coornercrnymmne nrt X, Y n Z nesanncnmt n necmement,
kaxtn nr pesyntrara rakxe tn t nesanncnmtm n necmemenntm . uynknnx E - +ro nonronoe ycnonne: ecnn
X, ro Y, nnaue Z. uynknnx H - nonronax onepannx uernocrn.
Ecnn M
f
oosnauaer j-tn nonok coomennx (or 0 o 15), a s oosnauaer nnknnuecknn cnnr nneno na s
nron, ro ncnontsymrcx cneymmne uertpe onepannn:
EE(a,b,c,d,M
f
,s,t
i
) osnauaer a b ((a E(b,c,d) M
f
t
i
) s)
GG(a,b,c,d,M
f
,s,t
i
) osnauaer a b ((a G(b,c,d) M
f
t
i
) s)
HH(a,b,c,d,M
f
,s,t
i
) osnauaer a b ((a H(b,c,d) M
f
t
i
) s)
II(a,b,c,d,M
f
,s,t
i
) osnauaer a b ((a I(b,c,d) M
f
t
i
) s)
uertpe +rana (64 encrnnx ntrnxxr cneymmnm opasom) :
3ran 1:
EE(a, b, c, d, M
0
, 7, 0xd76aa478)
EE(d, a, b, c, M
1
, 12, 0xe8c7b756)
EE(c, d, a, b, M
2
, 17, 0x242070db)
EE(b, c, d, a, M
3
, 22, 0xc1bdceee)
EE(a, b, c, d, M
4
, 7, 0xf57c0faf)
EE(d, a, b, c, M
5
, 12, 0x4787c62a)
EE(c, d, a, b, M
6
, 17, 0xa8304613)
EE(b, c, d, a, M
7
, 22, 0xfd469501)
EE(a, b, c, d, M
8
, 7, 0x698098d8)
EE(d, a, b, c, M
9
, 12, 0x8b44f7af)
EE(c, d, a, b, M
10
, 17, 0xffff5bb1)
EE(b, c, d, a, M
11
, 22, 0x895cd7be)
EE(a, b, c, d, M
12
, 7, 0x6b901122)
EE(d, a, b, c, M
13
, 12, 0xfd987193)
EE(c, d, a, b, M
14
, 17, 0xa679438e)
EE(b, c, d, a, M
15
, 22, 0x49b40821)
3ran 2:
GG(a, b, c, d, M
1
, 5, 0xf61e2562)
GG(d, a, b, c, M
6
, 9, 0xc040b340)
GG(c, d, a, b, M
11
, 14, 0x265e5a51)
GG(b, c, d, a, M
0
, 20, 0xe9b6c7aa)
GG(a, b, c, d, M
5
, 5, 0xd62fl05d)
GG(d, a, b, c, M
10
, 9, 0x02441453)
GG(c, d, a, b, M
15
, 14, 0xd8ale681)
GG(b, c, d, a, M
4
, 20, 0xe7d3fbc8)
GG(a, b, c, d, M
9
, 5, 0x2,lelcde6)
GG(d, a, b, c, M
14
, 9, 0xc33707d6)
GG(c, d, a, b, M
3
, 14, 0xf4d50d87)
GG(b, c, d, a, M
8
, 20, 0x455al4ed)
GG(a, b, c, d, M
13
, 5, 0xa9e3e905)
GG(d, a, b, c, M
2
, 9, 0xfcefa3f8)
GG(c, d, a, b, M
7
, 14, 0x676f02d9)
GG(b, c, d, a, M
12
, 20, 0x8d2a4c8a)
3ran 3:
HH(a, b, c, d, M
5
, 4, 0xfffa3942)
HH(d, a, b, c, M
8
, 11, 0x8771f681)
HH(c, d, a, b, M
11
, 16, 0x6d9d6122)
HH(b, c, d, a, M
14
, 23, 0xfde5380c)
HH(a, b, c, d, M
1
, 4, 0xa4beea44)
HH(d, a, b, c, M
4
, 11, 0x4bdecfa9)
HH(c, d, a, b, M
7
, 16, 0xf6bb4b60)
HH(b, c, d, a, M
10
, 23, 0xbebfbc70)
HH(a, b, c, d, M
13
, 4, 0x289b7ec6)
HH(d, a, b, c, M
0
, 11, 0xeaa127fa)
HH(c, d, a, b, M
3
, 16, 0xd4ef3085)
HH(b, c, d, a, M
6
, 23, 0x04881d05)
HH(a, b, c, d, M
9
, 4, 0xd9d4d039)
HH(d, a, b, c, M
12
, 11, 0xe6db99e5)
HH(c, d, a, b, M
15
, 16, 0x1fa27cf8)
HH(b, c, d, a, M
2
, 23, 0xc4ac5665)
3ran 4:
II(a, b, c, d, M
0
, 6, 0xf4292244)
II(d, a, b, c, M
7
, 10, 0x432aff97)
II(c, d, a, b, M
14
, 15, 0xab9423a7)
II(b, c, d, a, M
5
, 21, 0xfc93a039)
II(a, b, c, d, M
12
, 6, 0x655b59c3)
II(d, a, b, c, M
3
, 10, 0x8f0ccc92)
II(c, d, a, b, M
10
, 15, 0xffeff47d)
II(b, c, d, a, M
1
, 21, 0x85845ddl)
II(a, b, c, d, M
8
, 6, 0x6fa87e4f)
II(d, a, b, c, M
15
, 10, 0xfe2ce6e0)
II(c, d, a, b, M
6
, 15, 0xa3014314)
II(b, c, d, a, M
13
, 21, 0x4e081lal)
II(a, b, c, d, M
4
, 6, 0xf7537e82)
II(d, a, b, c, M
11
, 10, 0xbd3af235)
II(c, d, a, b, M
2
, 15, 0x2ad7d2bb)
II(b, c, d, a, M
9
, 21, 0xeb86d391)
3rn koncranrt, t
i
, ntnpannct cneymmnm opasom:
Ha i-om +rane t
i
xnnxercx nenon uacrtm 2
32
*abs(sin(i)), re i nsmepxercx n pananax.
Hocne ncero +roro a, b, c n d oannxmrcx k A, B, C n D, coornercrnenno, n anropnrm npoonxaercx nx cne-
ymmero noka anntx. Okonuarentntm pesyntrarom cnyxnr oennenne A, B, C n D.
Besonacuocmo MD5
Pon Pnnecr npnnen cneymmne ynyumennx MD5 n cpannennn c MD4 |1322]:
1. oannncx uerneprtn +ran.
2. Tenept n kaxom encrnnn ncnontsyercx ynnkantnax npnannxemax koncranra .
3. uynknnx G na +rane 2 c ((XY)(XZ)(YZ)) tna nsmenena na (XZ)(Y(Z)), urot cenart G
menee cnmmerpnunon.
4. Tenept kaxoe encrnne oannxercx k pesyntrary npetymero +rana . 3ro oecneunnaer onee tcr-
ptn nannnntn +||ekr.
5. Hsmennncx nopxok, n koropom ncnontsonannct nonokn coomennx na +ranax 2 n 3 , urot cenart
manont menee noxoxnmn.
6. 3nauennx nnknnueckoro cnnra nneno na kaxom +rane tnn npnnnxenno onrnmnsnponant nx yck o-
pennx nannnnoro +||ekra. uertpe cnnra, ncnontsyemte na kaxom +rane, ornnuamrcx or snauennn,
ncnontsyemtx na pyrnx +ranax.
Tom Fepcon (Tom Berson) nontrancx npnmennrt n||epennnantntn kpnnroananns k onomy +rany MD5
|144], no ero nckptrne ne okasanoct +||ekrnnntm nn nx onoro ns uertpex +ranon . Fonee ycnemnoe nckptrne
en Foepa n Foccenaepca, ncnontsymmee |ynknnm cxarnx, npnneno k onapyxennm cronknonennn n MD5 |203,
1331, 1336]. Camo no cee +ro nckptrne nenosmoxno nx nckptrnx MD5 n npakrnuecknx npnnoxennxx, ono ne
nnnxer n na ncnontsonanne MD5 n anropnrmax mn|ponannx, noontx Luby-Rackoff (cm. pasen 14.11). Vcnex
+roro nckptrnx osnauaer rontko, uro ona ns ocnonntx nenen npoekrnponannx MD5- cosart ycronunnym k
cronknonennxm |ynknnm cxarnx - ne tna ocrnrnyra . Xorx cnpanennno, uro "kaxercx, uro y |ynknnn cxarnx
ecrt cnaoe mecro, no +ro npakrnueckn ne nnnxer na esonacnocrt x+m-|ynknnn " |1336], x ornomyct k ncnontso-
nannm MD5 ouent ocropoxno.
18.6 MD2
MD2 - +ro pyrax 128-nronax ononanpannennax x+m-|ynknnx, paspaorannax Ponom Pnnecrom |801, 1335].
Ona, nmecre c MD5, ncnontsyercx n nporokonax PEM (cm. pasen 24.10). Fesonacnocrt MD2 onnpaercx na cny-
uannym nepecranonky anron. 3ra nepecranonka |nkcnponana n sanncnr or paspxon . S
0
, S
1
, S
2
, . . . , S
255
n xn-
nxmrcx nepecranonkon. urot ntnonnnrt x+mnponanne coomennx M:
(1) ononnnre coomenne i anramn, snauenne i onxno trt raknm, urot nnna nonyuennoro coomennx t-
na kparna 16 anram.
(2) oantre k coomennm 16 anron konrpontnon cymmt.
(3) Hponnnnnannsnpynre 48-anrontn nok: X
0
, X
1
, X
2
, . . ., X
47
. 3anonnnre nepnte 16 anron X nynxmn, no
nropte 16 anron X ckonnpynre nepnte 16 anron coomennx, a rpertn 16 anron X onxnt trt pannt
XOR nepntx n nroptx 16 anron X.
(4) Bor kak ntrnxnr |ynknnx cxarnx:
t 0
Eor f 0 to 17
Eor k 0 to 47
t X
t
XOR S
t
X
k
t
t (t f) mod 256
(5) Ckonnpynre no nropte 16 anron X nropte 16 anron coomennx, a rpertn 16 anron X onxnt trt pannt
XOR nepntx n nroptx 16 anron X. Btnonnnre +ran (4). Honropxnre +rant (5) n (4) no ouepen nx ka x-
tx 16 anron coomennx.
(6) Btxoom xnnxmrcx nepnte 16 anron X.
Xorx n MD2 noka ne tno naneno cnatx mecr (cm. |1262]), ona paoraer menennee ontmnncrna pyrnx
npenaraemtx x+m-|ynknnn.
18.7 Anropn1u esonacnoro xamnponannn (Secure Hash AIgorithm, SHA)
NIST, nmecre c NSA, nx Cranapra nn|ponon nonncn ( Digital Signature Standard, cm. Pasen 20.2) paspao-
ran Anropnrm esonacnoro x+mnponannx ( Secure Hash Algorithm, SHA) |1154 (Digital Signature Standard]. (Cam
cranapr nastnaercx Cranapr esonacnoro x+mnponannx ( Secure Hash Standard, SHS), a SHA - +ro anropnrm,
ncnontsyemtn n cranapre.) B coornercrnnn c Federal Register |539]:
Hpenaraercx ueepantntn cranapr opaorkn nn|opmannn (Eederal Information Processing Standard, EIPS) nx Cranapra
esonacnoro x+mnponannx (Secure Hash Standard, SHS). 3ror npenoxenne onpeenxer Anropnrm esonacnoro x+mnponannx
(Secure Hash Algorithm, SHA) nx ncnontsonannx nmecre co Cranaprom nn|ponon nonncn ( Digital Signature Standard) . . ..
Kpome roro, nx npnnoxennn, n koroptx ne rpeyercx nn|ponax nonnct , SHA onxen ncnontsonartcx no ncex ueepantntx
npnnoxennxx, n koroptx nonaonrcx anropnrm es onacnoro x+mnponannx.
H
3ror Cranapr onpeenxer Anropnrm esonacnoro x+mnponannx ( Secure Hash Algorithm, SHA), neoxonmtn nx oecne-
uennx esonacnocrn Anropnrma nn|ponon nonncn ( Digital Signature Algorithm, DSA). nx nmoro nxonoro coomennx nn-
non mentme 2
64
nron SHA ntaer 160-nrontn pesyntrar, nastnaemtn kparknm coepxannem coomennx . anee, kparkoe co-
epxanne coomennx cranonnrcx nxoom DSA, koroptn ntuncnxer nonnct nx coomennx . Honnctnanne kparkoro coepxa-
nnx nmecro ncero coomennx uacro nontmaer +||ekrnnnocrt nponecca, rak kak kparkoe coepxanne coomennx namnoro
mentme, uem camo coomenne. To xe kparkoe coepxanne coomennx onxno trt nonyueno rem, kro nponepxer nonnct, ecnn
npnnxrax nm nepcnx coomennx ncnontsyercx n kauecrne nxoa SHA. SHA nastnaercx esonacntm, rak kak on paspaoran rak,
urot tno ntuncnnrentno nenosmoxno nanrn coomenne, coornercrnymmee annomy kparkomy coepxannm coomennx nnn
nanrn na pasnnuntx coomennx c onnakontm kparknm coepxannem coomennx . hmte nsmenennx, nponsomemne npn ne-
peaue coomennx, c ouent ntcokon nepoxrnocrtm npnneyr k nsmenennm kparkoro coepxannx coomennx, n nonnct ne
nponer nponepky. Hpnnnnnt, nexamne n ocnone SHA, ananornunt ncnontsonanntm npo|eccopom Ponantom h. Pnnecrom ns
MIT npn npoekrnponannn anropnrma kparkoro coepxannx coomennx MD4 |1319]. SHA paspaoran no opasny ynomxnyroro
anropnrma.
SHA ntaer 160-nronoe x+m-snauenne, onee nnnnoe, uem y MD5.
Onucauue SHA
Bo nepntx, coomenne ononnxercx, urot ero nnna tna kparnon 512 nram . Hcnontsyercx ro xe ononne-
nne, uro n n MD5: cnauana oannxercx 1, a sarem nynn rak, urot nnna nonyuennoro coomennx tna na 64
nra mentme uncna, kparnoro 512, a sarem oannxercx 64-nronoe npecrannenne nnnt opnrnnantnoro coom e-
nnx.
Hnnnnannsnpymrcx nxrt 32-nrontx nepemenntx (n MD5 ncnontsyercx uertpe nepemenntx, no paccmarp n-
naemtn anropnrm onxen ntanart 160-nronoe x+m-snauenne ):
A 0x67452301
B 0xefcdab89
C 0x98badcfe
D 0x10325476
E 0xc3d2e1fO
3arem naunnaercx rnanntn nnkn anropnrma . On opaartnaer coomenne 512-nrontmn nokamn n npoo n-
xaercx, noka ne ncuepnamrcx nce nokn coomennx .
Cnauana nxrt nepemenntx konnpymrcx n pyrne nepemennte : A n a, B n b, C n c, D n d n E n e.
Inanntn nnkn cocronr ns uertpex +ranon no 20 onepannn n kaxom (n MD5 uertpe +rana no 16 onepannn n
kaxom). Kaxax onepannx npecrannxer coon nennnennym |ynknnm na rpemx ns a, b, c, d n e, a sarem ntnon-
nxer cnnr n cnoxenne ananornuno MD5. B SHA ncnontsyercx cneymmnn naop nennnenntx |ynknnn :
f
t
(X,Y,Z) (X Y) ((X) Z) , nx t0 o 19
f
t
(X,Y,Z) X Y Z , nx t20 o 39
f
t
(X,Y,Z) (X Y) (X Z) (Y Z) , nx t40 o 59
f
t
(X,Y,Z) X Y Z , nx t60 o 79
n anropnrme ncnontsymrcx cneymmne uertpe koncranrt:
K
t
0x5a827999, nx t0 o 19
K
t
0x6ed9eba1 , nx t20 o 39
K
t
0x8flbbcdc, nx t40 o 59
K
t
0xca62c1d6, nx t60 o 79
(Ecnn nnrepecno, kak nonyuent +rn uncna, ro:0x5a827999 2
1/2
/4, 0x6ed9eba1 3
1/2
/4, 0x8flbbcdc 5
1/2
/4,
0xca62c1d6 10
1/2
/4.)
Fnok coomennx npenpamaercx ns 16 32-nrontx cnon (M
0
no M
15
) n 80 32-nrontx cnon (W
0
no W
79
) c nomo-
mtm cneymmero anropnrma:
W
t
M
t
, nx t 0 no 15
W
t
(W
t-3
W
t-8
W
t-14
W
t-16
) <<< 1, nx t 16 no 79
(B kauecrne nnrepecnoro sameuannx, n nepnonauantnon cnenn|nkannn SHA ne tno nnknnueckoro cnnra nne-
no. Hsmenenne "ncnpannxer rexnnuecknn nsxn, koroptn enan cranapr menee esonacntm, uem npenonaranoct "
1543]. NSA orkasanoct yrounnrt ncrnnnym npnunny nsxna.)
Ecnn t - +ro nomep onepannn (or 1 o 80), W
t
npecrannxer coon t-tn nonok pacmnpennoro coomennx, a
s - +ro nnknnuecknn cnnr nneno na s nron, ro rnanntn nnkn ntrnxnr cneymmnm opasom:
EOR t 0 to 79
TEMP (a <<< 5) f
t
(b,c,d) e W
t
K
t
e d
d c
c b 30
b a
a TEMP
Ha 11-n nokasana ona onepannx. Cnnr nepemenntx ntnonnxer ry xe |ynknnm, koropym n MD5 ntnonnxer
ncnontsonanne n pasnnuntx mecrax pasnnuntx nepemenntx .
Henuueuan
qyukun
<<<30
=
E
>
E
?
E
@
E
A
E
=
E-1
>
E-1
?
E-1
@
E-1
A
E-1
K
t
W
j
<<<5
Pnc. 18-7. Ona onepannu 50)
Hocne ncero +roro a, b, c, d n e oannxmrcx k A, B, C D n E, coornercrnenno, n anropnrm npoonxaercx nx
cneymmero noka anntx. Okonuarentntm pesyntrarom cnyxnr oennenne A, B, C D n E.
Besonacuocmo SHA
SHA ouent noxoxa na MD4, no ntaer 160-nronoe x+m-snauenne. Inanntm nsmenennem xnnxercx nneenne
pacmnpxmmero npeopasonannx n oannenne ntxoa npetymero mara n cneymmnn c nentm nonyuennx onee
tcrporo nannnnoro +||ekra. Pon Pnnecr onynnkonan nenn, npecneyemte nm npn npoekrnponannn MD5, no
paspaorunkn SHA +roro ne cenann. Bor ynyumennx, nnecennte Pnnecrom n MD5 ornocnrentno MD4, n nx cpan-
nenne c SHA:
1. "oannncx uerneprtn +ran." B SHA roxe. Onako n SHA na uerneprom +rane ncnontsyercx ra xe
|ynknnx f, uro n na nropom +rane.
2. "Tenept n kaxom encrnnn ncnontsyercx ynnkantnax npnannxemax koncranra ." SHA npnepxnnaercx
cxemt MD4, nonropno ncnontsyx koncranrt nx kaxon rpynnt nx 20 +ranon.
3. "uynknnx G na +rane 2 c ((XY)(XZ)(YZ)) tna nsmenena na (XZ)(Y(Z)), urot cenart G
menee cnmmerpnunon." B SHA ncnontsyercx nepcnx |ynknnn ns MD4: (X Y) (X Z) (Y Z).
4. "Tenept kaxoe encrnne oannxercx k pesyntrary npetymero +rana . 3ro oecneunnaer onee tcr-
ptn nannnntn +||ekr." 3ro nsmenenne tno nneceno n n SHA. Ornnune cocronr n rom, uro n SHA o-
annena nxrax nepemennax k b, c n d, koropte yxe ncnontsymrcx n f
t
. 3ro nesnaunrentnoe nsmenenne
enaer npnmenennx nckptrnx MD5 en Foepom n Foccenaepcom nenosmoxntm no ornomennm k SHA.
5. "Hsmennncx nopxok, n koropom ncnontsonannct nonokn coomennx na +ranax 2 n 3 , urot cenart
manont menee noxoxnmn." SHA n +rom mecre conepmenno ornnuaercx, rak kak ncnontsyer nnknnu e-
cknn ko ncnpannennx omnok.
6. "3nauennx nnknnueckoro cnnra nneno na kaxom +rane tnn npnnnxenno onrnmnsnponant nx yck o-
pennx nannnnoro +||ekra. uertpe cnnra, ncnontsyemte na kaxom +rane, ornnuamrcx or snauennn,
ncnontsyemtx na pyrnx +ranax." SHA na kaxom +rane ncnontsyer nocroxnnoe snauenne cnnra. 3ro
snauenne - nsanmno npocroe uncno c pasmepom cnona, kak n n MD4.
3ro npnnonr k cneymmemy saknmuennm: SHA - +ro MD4 c oannennem pacmnpxmmero npeopasonannx,
ononnnrentnoro +rana n ynyumenntm nannnntm +||ekrom. MD5 - +ro MD4 c ynyumenntm nrontm x+mnpona-
nnem, ononnnrentntm +ranom n ynyumenntm nannnntm +||ekrom .
Cneennx o ycnemntx kpnnrorpa|nuecknx nckptrnxx SHA orcyrcrnymr. Tak kak +ra ononanpannennax x+m-
|ynknnx ntaer 160-x+m-snauenne, ona ycronunnee k nckptrnm rpyon cnnon (nknmuax nckptrne meroom nx
poxennx), uem 128-nronte x+m-|ynknnn, paccmarpnnaemte n +ron rnane .
18.8 RIPE-MD
RIPE-MD tna paspaorana nx npoekra RIPE Enponenckoro coomecrna |1305] (cm. pasen 25.7). 3ror anro-
pnrm npecrannxer coon napnanr MD4, paspaoranntn rak, urot npornnocroxrt nsnecrntm meroam kpnnr o-
rpa|nueckoro nckptrnx, n ntaer 128-nronoe x+m-snauenne . Bnecent nsmenennx n nnknnueckne cnnrn n nop x-
ok cnon coomennx. Kpome roro, napannentno paoramr ne konnn anropnrma, ornnuammnecx koncranramn . Ho-
cne kaxoro noka pesyntrar oonx konnn oannxercx k nepemenntm cnennennx . Ho nnnmomy, +ro nontmaer
ycronunnocrt anropnrma k kpnnroanannsy.
18.9 HAVAL
HAVAL - +ro ononanpannennax x+m-|ynknnx nepemennon nnnt |1646]. Ona xnnxercx mon|nkannen MD5.
HAVAL opaartnaer coomenne nokamn no 1024 nra, n na pasa ontmnmn, uem n MD5. Hcnontsyercx nocemt
32-nrontx nepemenntx cnennennx, n na pasa ontme, uem n MD5, n nepemennoe uncno +ranon, or rpex o nxrn
(n kaxom 16 encrnnn). uynknnx moxer ntanart x+m-snauennx nnnon 128, 160, 192, 224 nnn 256 nron.
HAVAL samenxer npocrte nennnennte |ynknnn MD5 na cnntno nennnennte |ynknnn 7 nepemenntx , kaxax
ns koroptx yonnernopxer crporomy nannnnomy kpnrepnm. Ha kaxom +rane ncnontsyercx ona |ynknnx, no npn
kaxom encrnnn nxonte nepemennte nepecrannxmrcx pasnnuntm opasom . Hcnontsyercx nontn nopxok co-
omennx, n npn kaxom +rane (kpome nepnoro +rana) ncnontsyercx cnox npnannxemax koncranra . B anropnrme
rakxe ncnontsyercx na nnknnuecknx cnnra .
pom anropnrma xnnxmrcx cneymmne encrnnx:
TEMP (f(f,A,B,C,D,E,F,G) 7) (H 11) M|i]|r(f)K(f)]
H G; G F; F E; E D; D C; C B; B A; A TEMP
Hepemennoe konnuecrno +ranon n nepemennax nnna ntanaemoro snauennx osnauamr, uro cymecrnyer 15 ne p-
cnn anropnrma. Bckptrne MD5, ntnonnennoe en Foepom n Foccenaepcom |203], nenpnmennmo k HAVAL ns-sa
nnknnueckoro cnnra H.
18.10 pyrne opnonanpannennme xam-qynkunn
MD3 xnnxercx eme onon x+m-|ynknnen, npenoxennon Ponom Pnnecrom . Ona nmena px neocrarkon n nnko-
ra ne ntxonna sa npeent naoparopnn, xorx ee onncanne neanno tno onynnkonano n |1335].
Ipynna nccneonarenen ns Vnnnepcnrera Barepnoo npenoxnna ononanpannennym x+m-|ynknnm na ase
nreparnnnoro nosneennx n crenent n GE(2
593
) |22]. Ho +ron cxeme coomenne pasnnaercx na 593-nronte nokn.
Haunnax c nepnoro noka nokn nocneonarentno nosnoxrcx n crenent . Hokasarent crenenn - +ro pesyntrar nt-
uncnennn nx npetymero noka, nepntn nokasarent saaercx c nomomtm IV.
Ann+n amrap (Ivan Damgrd) paspaoran ononanpannennym x+m-|ynknnm, ocnonannym na nponeme pm k-
saka (cm. pasen 19.2) |414], ona moxer trt nsnomana npnmepno sa 2
32
onepannn |290, 1232, 787].
B kauecrne ocnont nx ononanpannenntx x+m-|ynknnn npenarancx n knerountn anromar Crnna Bont|pama
|1608]. Pannxx peannsannx |414] neesonacna |1052,404]. pyrax ononanpannennax x+m-|ynknnx, Cellhash |384,
404], n ynyumennax nepcnx, Subbash |384,402, 405], rakxe ocnonant na knerountx anromarax n npenasnauent
nx annaparnon peannsannn. Boognish oennnn npnnnnnt Cellhash n MD4 |402, 407]. StepRightUp rakxe mo-
xer trt peannsonana kak x+m-|ynknnx |402].
herom 1991 roa Knayc Bnopp ( Claus Schnorr) npenoxnn ononanpannennym x+m-|ynknnm na ase nc-
kpernoro npeopasonannx uypte, nasnannym EET-Hash |1399]. uepes neckontko mecxnen ona tna nsnomana n y-
mx nesanncnmtmn rpynnamn |403, 84]. Bnopp npenoxnn nonym nepcnm, EET-Hash II (npetymax tna nepe-
nmenonana n EET-Hash I) |1400], koropax tna nsnomana uepes neckontko neent |1567]. Bnopp npenoxnn
antnenmne mon|nkannn |1402, 1403] no, npn anntx ocroxrentcrnax, onn namnoro menennee, uem pyrne
anropnrmt +ron rnant. Eme ona x+m-|ynknnx, SL
2
|1526], neesonacna |315].
ononnnrentnym nn|opmannm no reopnn npoekrnponannx ononanpannenntx x+m-|ynknnn ns ononanpa n-
nenntx |ynknnn n ononanpannenntx nepecranonok moxno nanrn n |412, 1138, 1342].
18.11 Opnonanpannennme xam-qynkunn, ncnonusymmne cnuue1pnunme nou-
nme anropn1um
B kauecrne ononanpannenntx x+m-|ynknnn moxno ncnontsonart cnmmerpnunte nounte anropnrmt mn |-
ponannx. Hex n rom, uro ecnn esonacen nountn anropnrm, ro n ononanpannennax x+m-|ynknnx yer es o-
nacnon.
Camtm ouennntm cnocoom xnnxercx mn|ponanne coomennx n pexnme CBC nnn CEB c nomomtm |nkcnpo-
nannoro knmua n IV, x+m-snauennem yer nocnennn nok mn|porekcra . 3rn merot onncant n pasnnuntx
cranaprax, ncnontsymmnx DES: oa pexnma n |1143], CBC n |1145], CEB n |55, 56, 54]. 3ror cnoco ne cnnm-
kom noxonr nx ononanpannenntx x+m-|ynknnn , xorx on yer paorart nx MAC (cm. pasen 18.14) |29].
Cnoco noymnee ncnontsyer n kauecrne knmua nok coomennx , npetymee x+m-snauenne n kauecrne nxoa, a
rekymee x+m-snauenne cnyxnr ntxoom.
encrnnrentnte x+m-|ynknnn axe eme cnoxnee. Pasmep noka otuno connaaer c nnnon knmua, n pasme-
pom x+m-snauennx yer nnna noka. Tak kak ontmnncrno nountx anropnrmon 64-nronte , cnpoekrnponan
px cxem, ammnx x+m-snauenne n na pasa ontmee nnnt noka .
Hpn ycnonnn, uro x+m-|ynknnx npannntna , esonacnocrt +ron cxemt ocnonana na esonacnocrn ncnontsyemon
nounon |ynknnn. Onako ecrt n ncknmuennx. n||epennnantntn kpnnroananns nyume paoraer npornn no u-
ntx |ynknnn n x+m-|ynknnxx, uem npornn nountx |ynknnn, ncnontsyemtx nx mn|ponannx : knmu nsnecren,
no+romy moxno ncnontsonart pasnnunte npnemt. nx ycnexa nyxna rontko ona npannntnax napa, n moxno r e-
nepnponart crontko ntpannoro orkptroro rekcra, ckontko nyxno . 3ro nanpannenne ocnemaercx n |1263, 858,
1313].
Hnxe npnneen osop pasnnuntx x+m-|ynknnn, onncanntx n nnreparype |925, 1465, 1262]. Btnot o nos-
moxnocrn nckptrnx npenonaramr, uro ncnontsyemtn nountn anropnrm esonacen, n nyumnm nckptrnem xnn x-
ercx nckptrne rpyon cnnon.
Honesnon mepon nx x+m-|ynknnn, ocnonanntx na nountx mn|pax, xnnxercx cxopoc1n x+mnponannu, nnn
konnuecrno n-nrontx nokon coomennx (n - +ro pasmep noka anropnrma), opaartnaemtx npn mn|ponannn .
uem ntme ckopocrt x+mnponannx, rem tcrpee anropnrm. (pyroe onpeenenne +roro napamerpa aercx n |1262],
no onpeenenne, npnneennoe mnon, onee nnrynrnnno n mnpe ncnontsyercx . 3ro moxer sanyrart.)
Cxem, e romopmx uuua x+u-suaueuua paeua uuue uora
Bor omax cxema (cm. 10-n):
H
0
I
H
, , re I
H
- cnyuannoe nauantnoe snauenne
H
i
E
A
(B) C
re A, B n C moryr trt nno M
i
, H
i-1
, (M
i
H
i-1
), nno koncranrt (nosmoxno pannte 0). H
0
- +ro nekoropoe
cnyuannoe nauantnoe uncno I
H
. Coomenne pasnnaercx na uacrn n coornercrnnn c pasmepom noka , M
i
, opaart-
naemte orentno. Kpome roro, ncnontsyercx napnanr MD-ycnnennx, nosmoxno ra xe nponeypa ononnennx, uro
n n MD5 n SHA.
Knk
Luqpoeauue
A
B
C
Pnc. 18-8. Oomennau x+m-qynxnnu, y xo1opon nnna x+m-snauennu panna nnne noxa.
Tan. 18-1.
Besonacnme x+m-qynxnnn, y xo1opmx
nnna x+m-snauennu panna nnne noxa
H E M M
i H i i
i
=
1
( )
H E M H M H
i H i i i i
i
=
1
1 1
( )
H E M H M
i H i i i
i
=
1
1
( )
H E M H M
i H i i i
i
=
1
1
( )
H E H H
i M i i
i
=
( )
1 1
H E M H M H
i M i i i i
i
=
( )
1 1
H E H M H
i M i i i
i
=
( )
1 1
H E M H H
i M i i i
i
=
( )
1 1
H E M M
i M H i i
i i
=
1
( )
H E H H
i M H i i
i i
=
1
1 1
( )
H E M H
i M H i i
i i
=
1
1
( )
H E H M
i M H i i
i i
=
1
1
( )
Tpn pasnnunte nepemennte moryr npnnnmart ono ns uertpex nosmoxntx snauennn, no+romy ncero cymec r-
nyer 64 napnanra cxem +roro rnna. Onn nce tnn nsyuent Faprom Hpenenom ( Bart Preneel) |1262].
Hxrnanart ns nnx rpnnnantno cnat, rak kak pesyntrar ne sanncnr or onoro ns nxoon . Tpnnart cemt ne-
esonacnt no onee ronknm npnunnam. B 17-n nepeuncnent ocranmnecx 12 esonacntx cxem: nepnte uertpe
esonacnt npornn ncex nckptrnn (cm. 9th), a nocnenne 8 esonacnt npornn ncex rnnon nckptrnn, kpome nckp t-
rnx c |nkcnponannon roukon, o koropom n peantntx ycnonnxx ne cronr ecnokonrtcx .
Knk
Luqpoeauue
M
i
H
i
H
i-1
Knk
Luqpoeauue
M
i
H
i
H
i-1
Knk
Luqpoeauue
H
i
Knk
Luqpoeauue
M
i
H
i
H
i-1
M
i
H
i-1
Pnc. 18-9. He1mpe esonacnmx x+m-qynxnnn, y xo1opmx nnna x+m-snauennu panna nnne noxa.
Hepnax cxema tna onncana n |1028]. Tpertx cxema tna onncana n |1555, 1105, 1106] n npenaranact n kaue-
crne cranapra ISO |766]. Hxrax cxema tna npenoxena Kapnom Manepom (Carl Meyer), no n nnreparype otuno
nastnaercx Davies-Meyer |1606, 1607, 434, 1028]. ecxrax cxema tna npenoxena n kauecrne pexnma x+m-
|ynknnn nx LOKI |273].
Ckopocrt x+mnponannx nepnon, nropon, rperten, uernepron, nxron n onnnanaron cxem panna 1 - nnna kn m-
ua panna nnne noka. Ckopocrt x+mnponannx pyrnx cxem cocrannxer k/n, re k -nnna knmua. 3ro osnauaer, uro
ecnn nnna knmua kopoue nnnt noka, ro nok coomennx onxen trt no nnne panen knmuy . He pekomenyer-
cx, urot nok coomennx tn nnnnee knmua, axe ecnn nnna knmua anropnrma mn|ponannx ontme, uem
nnna noka.
Ecnn nountn anropnrm noono DES onaaer cnoncrnom komnnnmenrapnocrn n cnatmn knmuamn , nx ncex
12 cxem cymecrnyer nosmoxnocrt ononnnrentnoro nckptrnx . Ono ne cnnmkom onacno n n encrnnrentnocrn ne
cronr o +ro m ecnokonrtcx. Onako nt moxere oesonacnrt cex or rakoro nckptrnx , sa|nkcnponan snauenne
nroporo n rpertero nron knmua, pannoe ''01" nnn ''10" |1081,1107]. Koneuno xe +ro ymentmnr nnny k c 56 nron
o 54 nron (nx DES) n ymentmnr ckopocrt x+mnponannx.
Ftno nokasano, uro cneymmne cxemt, onncannte n nnreparype, neesonacnt .
3ra cxema |1282] tna nsnomana n |369]:
H E H
i M i
i
=
( )
1
+nnc (Davies) n Hpanc (Price) npenoxnnn napnanr, n koropom nce coomenne nnknnueckn opaartnaercx
anropnrmom naxt |432, 433]. Bckptrne Konnepcmnra nsnamtnaer rakym cxemy axe npn neontmon ntuncn n-
rentnon momnocrn |369]. B |1606] tna nokasana neesonacnocrt eme onon cxemt |432, 458]:
H E H
i M H i
i i
=
1
1
( )
B |1028] tna nokasana neesonacnocrt cneymmen cxemt (c - koncranra):
H E M H M H
i c i i i i
=
( )
1 1
Mouqurauua cxem Davies-Meyer
han (Lai) n Maccen (Massey) mon|nnnponann mero Davies-Meyer, urot moxno tno ncnontsonart mn|p
IDEA |930, 925]. IDEA ncnontsyer 64-nrontn nok n 128-nrontn knmu . Bor npenoxennax nmn cxema:
H
0
I
H
, , re I
H
- cnyuannoe nauantnoe snauenne
H E H
i H M i
i i
=
1
1 ,
( )
3ra |ynknnx x+mnpyer coomenne 64-nrontmn nokamn n ntaer 64-nronoe snauenne (cm. 8-n).
Fonee npocroe nckptrne +ron cxemt, uem mero rpyon cnnt, nensnecrno .
Knk
Luqpoeauue
M
i
H
i
H
i-1
Pnc. 18-10. Monqnxannu cxeum Davies-Meyer.
Preneel-Bosselaers-Covaerts-Jandewalle
3ra x+m-|ynknnx, nnepnte npenoxennax n |1266], ntaer x+m-snauenne, n na pasa ontmee nnnt noka
anropnrma mn|ponannx: npn 64-nronom anropnrme nonyuaercx 128-nronoe x+m-snauenne .
Hpn 64-nronom nounom anropnrme cxema ntaer na 64-nrontx x+m-snauennx , G
i
n H
i
, oennenne koro-
ptx n aer 128-nronoe x+m-snauenne. V ontmnncrna nountx anropnrmon nnna noka panna 64 nram . na
cocennx noka, L
i
n R
i
, pasmep kaxoro panen pasmepy noka, x+mnpymrcx nmecre.
G
0
I
G
, re I
G
- cnyuannoe nauantnoe snauenne
H
0
I
H
, , re I
H
- pyroe cnyuannoe nauantnoe snauenne
G E R G R G H
i L H i i i i i
i i
=
1
1 1 1
( )
H E H G L G H
i L R i i i i i
i i
=
( )
1 1 1 1
han npnnonr nckptrne +ron cxemt, koropoe n nekoroptx cnyuaxx enaer nckptrne meroom nx poxennx
rpnnnantntm |925, 926]. Hpenen (Preneel) |1262] n Konnepcmnr (Coppersmith0 |372] rakxe ycnemno nsnomann
+ry cxemy. He ncnontsynre ee.
Quisquater-Cirault
3ra cxema, nnepnte npenoxennax n |1279], renepnpyer x+m-snauenne, n na pasa ontmee nnnt noka. Ee
ckopocrt x+mnponannx panna 1. Ona ncnontsyer na x+m-snauennx, G
i
n H
i
, n x+mnpyer nmecre na noka, L
i
n R
i
.
G
0
I
G
, re I
G
- cnyuannoe nauantnoe snauenne
H
0
I
H
, , re I
H
- pyroe cnyuannoe nauantnoe snauenne
W E G R R H
i L i i i i
i
=
( )
1 1
G E W L G H L
i R i i i i i
i
=
( )
1 1
H W G
i i i
=
1
3ra cxema noxnnnact n 1989 roy n npoekre cranapra ISO |764], no tna samenena onee nosnen nepcnen
|765]. Hponemt esonacnocrn +ron cxemt tnn onncant n |1107, 925, 1262, 372]. (B encrnnrentnocrn, nepcnx,
onncannax n marepnanax kon|epennnn, tna nocne roro, kak nepcnx, npecrannennax na kon|epennnn, tna
nckptra.) B pxe cnyuaen cnoxnocrt nckptrnx meroom nx poxennx nmeer panna 2
39
, a ne 2
64
, kak y nckptrnx
rpyon. He ncnontsynre +ry cxemy.
LOKI c yeoeuum uoro
3ror anropnrm npecrannxer coon mon|nkannm Quisquater-Cirault, cnennantno cnpoekrnponannym nx pa-
ort c LOKI |273]. Bce napamerpt - re xe, uro n n Quisquater-Girault.
G
0
I
G
, re I
G
- cnyuannoe nauantnoe snauenne
H
0
I
H
, , re I
H
- pyroe cnyuannoe nauantnoe snauenne
W E G R R H
i L G i i i i
i i
=
1
1 1
( )
G E W L G H L
i R H i i i i i
i i
=
1
1 1
( )
H W G
i i i
=
1
H cnona n nekoroptx cnyuaxx nckptrne meroom nx poxennx okastnaercx rpnnnantntm |925, 926, 1262,
372, 736]. He ncnontsynre +ry cxemy.
Hapauueuouaa cxea Davies-Meyer
3ro eme ona nontrka cosart anropnrm co ckopocrtm x+mnponannx 1, koroptn ntaer x+m-snauenne, n na
pasa ontmee nnnt noka. |736].
G
0
I
G
, re I
G
- cnyuannoe nauantnoe snauenne
H
0
I
H
, , re I
H
- pyroe cnyuannoe nauantnoe snauenne
G E G L L H
i L R i i i i
i i
=
( )
1 1
H E H R R H
i L i i i i
i
=
( )
1 1
K coxanennm +ra cxema roxe neesonacna |928, 861]. Okastnaercx, uro x+m-|ynknnx ynoennon nnnt co
ckopocrtm x+mnponannx, pannon 1, ne moxer trt esonacnee, uem Davies-Meyer |861].
1aueuaa (1andem) u ouoepeeuuaa (Abreast) cxem Davies-Meyer
pyron cnoco oonrn orpannuennx, npncymne nountm mn|pam c 64-nrontm knmuom, ncnontsyer anr o-
pnrm, noontn IDEA (cm. pasen 13.9), c 64-nrontm nokom n 128-nrontm knmuom. Cneymmne ne cxemt
ntamr 128-nronx+m-snauenne, a nx ckopocrt x+mnponannx panna
1
/
2
|930, 925].
Knk
Luqpoeauue
G
i
G
i-1
Luqpoeauue
Knk
W
i
M
i
H
i
H
i-1
Pnc. 18-11. Taneunau (Tandem) cxeua Davies-Meyer.
B nepnon cxeme ne mon|nnnponannte |ynknnn Davies-Meyer paoramr ranemom, konnenepno (cm. 7-n).
G
0
I
G
, re I
G
- cnyuannoe nauantnoe snauenne
H
0
I
H
, , re I
H
- pyroe cnyuannoe nauantnoe snauenne
W E H
i G M i
i i
=
1
1 ,
( )
G G E G
i i M W i
i i
=
1 1 ,
( )
H W H
i i i
=
1
B cneymmen cxeme ncnontsymrcx ne mon|nnnponannte |ynknnn, paorammne ononpemenno (cm. 6-n).
G
0
I
G
, re I
G
- cnyuannoe nauantnoe snauenne
H
0
I
H
, , re I
H
- pyroe cnyuannoe nauantnoe snauenne
G G E G
i i M H i
i i
=
1 1
1
,
( )
H H E H
i i G M i
i i
=
1 1
1
,
( )
Knk
Luqpoeauue
G
i
G
i-1
Luqpoeauue
Knk
M
i
H
i
H
i-1
Pnc. 18-12. Ononpeuennau (Abreast) cxeua Davies-Meyer.
B oenx cxemax na 64-nrontx snauennx, G
i
n H
i
, oennxmrcx, opasyx ennoe 128-nronoe x+m-snauenne .
Hackontko nsnecrno, esonacnocrt 128-nronon x+m-|ynknnn +rnx anropnrmon neantna : nx onapyxennx
coomennx c saanntm x+m-snauennem rpeyercx 2
128
nontrok, a nx naxoxennx nyx cnyuanntx coomennn c
onnakontm x+m-snauennem - 2
64
nontrok, npn ycnonnn, uro nyumnm cnocoom nckptrnx xnnxercx npnmenenne
rpyon cnnt.
MDC-2 u MDC-4
MDC-2 n MDC-4 paspaorant n IBM |1081, 1079]. B nacroxmee npemx nsyuaercx nonpoc ncnontsonannx
MDC-2, nnora nastnaemon Meyer-Schilling, n kauecrne cranapra ANSI n ISO |61, 765], +ror napnanr tn npe-
noxen n |762]. MDC-4 onpeenena nx npoekra RIPE |1305] (cm. pasen 25.7). Cnenn|nkannx ncnontsyer DES n
kauecrne nounon |ynknnn, xorx reopernueckn moxer trt ncnontsonan nmon nountn anropnrm .
Ckopocrt x+mnponannx MDC-2 panna
1
/
2
, nnna x+m-snauennx +ron |ynknnn n na pasa ontme pasmepa
noka.Ee cxema nokasana na 5-n. MDC-4 rakxe ntaer x+m-snauenne n na pasa ontmee pasmepa noka, a ee ck o-
pocrt x+mnponannx panna
1
/
4
(cm. 4-n).
G
i-1
H
i-1
Knk
Luqpoeauue
Luqpoeauue
Knk
M
i
G
i
H
i
Pnc. 18-13. MDC-2.
G
i-1
H
i-1
Knk
Luqpoeauue
Luqpoeauue
Knk
M
i
G
i
H
i
Knk
Luqpoeauue
Luqpoeauue
Knk
Pnc. 18-14. MDC-4.
3rn cxemt tnn npoanannsnponant n |925, 1262]. Onn esonacnt c yuerom ceronxmnnx nosmoxnocren n t-
uncnnrentnon rexnnkn, no nx naexnocrt ne rak nennka, kak xorenoct paspaorunkam . Hx ycronunnocrt k n||e-
pennnantnomy kpnnroanannsy npn DES n kauecrne nounoro anropnrma tna paccmorpena n |1262].
MDC-2 n MDC-4 sanarenronant |223].
X+u-qyuruua AR
X+m-|ynknnx AR tna paspaorana Algorithmic Research, Ltd. n sarem pacnpocrpanena ISO rontko nx nn-
|opmannn |767]. Ee asonax crpykrypa xnnxercx napnanrom ncnontsyemoro nounoro mn|pa (DES n ynomxnyron
crarte) n pexnme CBC. Btnonnxercx XOR nocnennx nyx nokon mn|porekcra, koncranrt n rekymero noka
coomennx, pesyntrar mn|pyercx anropnrmom. X+m-snauennem xnnxmrcx nocnenne ntuncnennte na noka
mn|porekcra. Coomenne opaartnaercx naxt, nymx pasnnuntmn knmuamn, no+romy ckopocrt x+mnponannx
panna
1
/
2
. Hepntm knmuom cnyxnr 0x0000000000000000, nroptm - 0x2a41522f4446502a, a snauenne koncranrt c
panno 0x0123456789abcdef. Pesyntrar cxnmaercx o onoro 128-nronoro x+m-snauennx . Hoponocrn npnnee-
nt n |750].
H
i
E
K
(M
i
H
i-1
H
i-2
c) M
i
uynknnx ntrnxnr npnnnekarentnon, no ne xnnxercx esonacnon . Hocne nekoropon snaunrentnon npeopa-
orkn cranonnrcx nosmoxntm nerko naxonrt coomennx c onnakontm x+m-snauennem |416].
X+u-qyuruua IOC1
3ra x+m-|ynknnx noxnnnact n Poccnn n onpeenena n cranapre IOCT P 34.11.94 |657]. B nen ncnontsyercx
nountn anropnrm IOCT (cm. pasen 14.1), xorx reopernueckn moxer ncnontsonartcx nmon nountn anropnrm c
64-nrontm nokom n 256-nrontm knmuom. uynknnx ntaer 256-nronoe x+m-snauenne .
uynknnx cxarnx, H
i
f(M
i
,H
i-1
) (oa onepana - 256-nronte nennunnt) onpeenxercx cneymmnm opasom:
(1) Hpn nomomn nnnennoro cmemnnannx M
i
, H
i-1
n nekoroptx koncranr renepnpyercx uertpe knmua mn|pon a-
nnx IOCT.
(2) Kaxtn knmu ncnontsyercx nx mn|ponannx ornnuntx 64 nron H
i-1
n pexnme ECB. Honyuennte 256 n-
ron coxpanxmrcx no npemennon nepemennon S.
(3) H
i
xnnxercx cnoxnon, xorx n nnnennon |ynknnen S, M
i
n H
i-1
.
X+m-snauenne nocnenero noka coomennx ne xnnxercx ero okonuarentntm x+m-snauennem . Ha ene ncnont-
syercx rpn nepemennte cnennennx: H
n
- +ro x+m-snauenne nocnenero noka, Z - +ro XOR ncex nokon coomennx,
a L - nnna coomennx. C ncnontsonannem +rnx nepemenntx n ononnennoro nocnenero noka M, okonuarentnoe
x+m-snauenne panno:
H f(Z M,f(L,f(M, H
n
)))
okymenrannx nemnoro sanyrana (n na pycckom xstke), no x ymam, uro nonxn nce npannntno . Bo ncxkom cny-
uae +ra x+m-|ynknnx onpeenena kak uacrt poccnnckoro Cranapra nn|ponon nonncn (cm. pasen 20.3).
pyeue cxem
Pant| Mepkn npenoxnn cxemy, ncnontsymmym DES, no ona menenna - opaartnaer rontko cemt nron c o-
omennx sa nrepannm, n kaxax nrepannx cocronr ns nyx mn|ponannn DES |1065, 1069]. pyrax cxema |1642,
1645] neesonacna |1267], kora-ro ona npenaranact n kauecrne cranapra ISO.
18.12 Hcnonusonanne anropn1uon c o1kpm1mu knmuou
B kauecrne ononanpannennon x+m-|ynknnn moxno ncnontsonart n anropnrm mn|ponannx c orkptrtm kn m-
uom n pexnme cnennennx nokon. Ecnn sarem ntpocnrt nnuntn knmu, ro nsnomart x+m-|ynknnm yer rakxe
rpyno, kak n npounrart coomenne es nnunoro knmua.
Bor npnmep, ncnontsymmnn RSA. Ecnn M - +ro x+mnpyemoe coomenne, n - nponsneenne nyx npocrtx uncen
p n q, a e - pyroe ontmoe uncno, nsanmno npocroe c (p - l)(q - 1), ro x+m-|ynknnx, H(M), yer panna
H(M) M
e
mod n
Eme npome ncnontsonart ono cnntnoe npocroe uncno n kauecrne moynx p. Tora:
H(M) M
e
mod p
Bckptrne +ron nponemt nosmoxno ne nerue, uem nonck nckpernoro norapn|ma e. Hponema +roro anropnr-
ma cocronr n rom, uro on namnoro menennee, uem pyrne ocyxaemte anropnrmt . Ho +ron npnunne x ne cone-
rym ero.
18.13 Bmop opnonanpannenno xam-qynkunn
hyumnmn kaxyrcx SHA, MD5 n cxemt, ocnonannte na nountx mn|pax. pyrne na camom ene ne tnn n c-
cneonant n ocrarounon crenenn. ronocym sa SHA. V nee onee nnnnoe x+m-snauenne, uem y MD5, ona tcr-
pee, uem mnorne cxemt c nountmn mn|pamn, n paspaorana NSA. nepm n kpnnroanannrnueckne nosmoxnocrn
NSA, axe ecnn onn ne nynnkymr cnon pesyntrart.
B 16-n nx cpannennx npnneent npemennte coornomennx nx nekoroptx x+m-|ynknnn . They are meant for
comparison purposes only.
Tan. 18-2.
Cxopoc1n mnqponannu nexo1opmx x+m-qynxnnn na i486SX/33 MIn
Anropnrm nnna x+m-snauennx Ckopocrt mn|ponannx (Kanr/c)
Ononpemennax cxema Davies-Meyer (c IDEA) 128 22
Davies-Meyer (c DES) 64 9
X+m-|ynknnx IOCT 256 11
HAVAL (3 npoxoa) nepemennax 168
HAVAL (4 npoxoa) nepemennax 118
HAVAL (5 npoxoa) nepemennax 95
MD2 128 23
MD4 128 236
MD5 128 174
N-x+m (12 +ranon) 128 29
N-x+m (15 +ranon) 128 24
RIPE-MD 128 182
SHA 160 75
Snerfu (4 npoxoa) 128 48
Snerfu (8 npoxoon) 128 23
18.14 Kopm nponepkn nopnnnnoc1n coomennn
Ko nponepkn nonnnnocrn coomennx ( message authentication code, MAC) - +ro sanncxmax or knmua onona-
npannennax x+m-|ynknnx. Kot MAC onaamr remn xe cnoncrnamn, uro n paccmorpennte panee x+m-|ynknnn,
no onn, kpome roro, nknmuamr knmu. (3ro ne osnauaer, uro nt moxere onynnkonart knmu MAC n ncnontsonart
MAC kak ononanpannennym x+m-|ynknnm.) Tontko nnaenen nenrnunoro knmua moxer nponepnrt x+m-
snauenne. Kot MAC ouent nonesnt nx oecneuennx nponepkn nonnnnocrn es napymennx esonacnocrn .
Kot MAC moryr trt ncnontsonant nx nponepkn nonnnnocrn |annon, koroptmn omennnamrcx nontson a-
renn. Takxe onn moryr trt ncnontsonant onnm nontsonarenem nx nponepkn, ne nsmennnnct nn ero |annt,
moxer trt ns-sa nnpyca. Hontsonarent moxer ntuncnnrt MAC ero |annon n coxpannrt +rn snauennx n rannne .
Ecnn nontsonarent nocnontsyercx nmecro MAC ononanpannennon x+m-|ynknnen, ro nnpyc moxer ntuncnnrt
nonte x+m-snauennx nocne sapaxennx |annon n samennrt +nemenrt rannnt . C MAC nnpyc ne cmoxer +roro
onrtcx, rak kak knmu nnpycy nensnecren.
Hpocrtm cnocoom npeopasonart ononanpannennym x+m-|ynknnm n MAC xnnxercx mn|ponanne x+m-
snauennx cnmmerpnuntm anropnrmom. hmon MAC moxer trt npeopasonan n ononanpannennym x+m-
|ynknnm c nomomtm packptrnx knmua.
CBC-MAC
Hpocrenmnn cnoco cosart sanncxmym or knmua ononanpannennym x+m-|ynknnm - mn|ponanne coomennx
nountm anropnrmom n pexnmax CBC nnn CEB. X+m-snauennem xnnxercx nocnennn mn|ponanntn nok , sa-
mn|ponanntn n pexnmax CBC nnn CEB. Mero CBC onpeenen n ANSI X9.9 |54], ANSI X9.19 |56], ISO 8731-1
|759], ISO 9797 |763] n ancrpannnckom cranapre |1496]. n||epennnantntn kpnnroananns moxer nckptrt +ry
cxemy, ecnn n kauecrne nounoro anropnrma ncnontsyercx DES c ymentmenntm uncnom +ranon nnn EEAL |1197].
Horennnantnax nponema, cnxsannax c esonacnocrtm +roro meroa, cocronr n rom, uro nonyuarent onxen
snart knmu, n +ror knmu nosnonxer emy renepnponart coomennx c rem xe x+m-snauennem, uro n y npncnannoro
coomennx, c nomomtm emn|pnponannx n oparnom nanpannennn .
Aueopum npoeepru nouuuuocmu cooueuua (Message Authenticator Algorithm, MAA)
3ror anropnrm xnnxercx cranaprom ISO |760]. On ntaer 32-nronoe x+m-snauenne n tn cnpoekrnponan nx
m+nn|penmon c tcrptmn nncrpyknnxmn ymnoxennx |428].
v v 1
e v w
x ((((e v) mod 2
32
) A C) * (x M
i
)) mod 2
32
-1
v ((((e x) mod 2
32
) B D) * (v M
i
)) mod 2
32
-1
3rn encrnnx nonropxmrcx nx kaxoro noka coomennx , M
i
, n pesyntrnpymmee x+m-snauenne nonyuaercx c
nomomtm XOR x n v. Hepemennte v n e sanncxr or knmua. A, B, C n D xnnxmrcx koncranramn.
Bosmoxno, +ror anropnrm mnpoko ncnontsyercx , no x ne nepm, uro on ocrarouno esonacen. On tn paspao-
ran anntm anno n ne cnnmkom cnoxen.
eyuanpaeueuum MAC
3ror MAC ntaer x+m-snauenne, koropoe n na pasa nnnnee noka anropnrma |978). Cnauana nx coomennx
ntuncnxercx CBC-MAC. 3arem ntuncnxercx CBC-MAC coomennx c oparntm nopxkom nokon. nynanpan-
nenntn MAC npocro xnnxercx oennennem +rnx nyx snauennn . K coxanennm +ra cxema neesonacna |1097].
Memom xyueaua
3ror MAC rakxe nastnamr knaparnuntm konrpy+nrntm koom onapyxennx mannnynxnnn ( quadratic con-
gruential manipulation detection code, QCMDC) |792, 789]. Cnauana pasennm coomenne na m-nronte nokn.
3arem:
H
0
I
H
, , re I
H
- cekperntn knmu
H
i
(H
i-1
M
i
)
2
mod p, re p - npocroe uncno, mentmee 2
m
-1, a oosnauaer nenouncnennoe cnoxenne.
xyneman (Jueneman) npenaraer n 16 n p 2
31
-1. B |792] on rakxe npenaraer, urot H
1
ncnontsonancx n
kauecrne ononnnrentnoro knmua
,
a encrnnrentnoe coomenne naunnanoct t c H
2
.
Hs-sa mnoxecrna nckptrnn rnna nx poxennx, ntnonnenntx n corpynnuecrne c onom Konnepcmnrom ,
xyneman npenoxnn ntuncnxrt QCMDC uertpe pasa, ncnontsyx pesyntrar onon nrepannn n kauecrne IV nx
cneymmen nrepannn, a sarem pesyntrart oennxmrcx n 128-nronoe x+m-snauenne |793]. B antnenmem +ra
nex tna ycnnena sa cuer napannentnoro ntnonnennx uertpex nrepannn c nonepeuntmn cnxsxmn mexy nnmn
|790, 791]. 3ra cxema tna nsnomana Konnepcmnrom |376].
B pyrom napnanre |432, 434] onepannx cnoxennx samenena XOR, n ncnontsymrcx nokn coomennx, namnoro
mentmne p. Kpome roro, tn saan H
0
, uro npenparnno anropnrm n ononanpannennym x+m-|ynknnm es knmua .
Hocne roro, kak +ra cxema tna nckptra |612], ona tna ycnnena nx ncnontsonannx n kauecrne uacrn npoekra
European Open Shop Information-TeleTrust |1221], nponnrnponana n CCITT X.509 |304] n npnnxra ISO n 10118
|764, 765]. K coxanennm Konnepcmnr nsnoman n +ry cxemy |376]. B pxe nccneonannn nsyuanact nosmoxnocrt
ncnontsonart ornnunte or 2 ocnonannx +kcnonenrt |603], no nn ono ne okasanoct nepcnekrnnntm.
RIPE-MAC
RIPE-MAC tn nsoperen Faprom Hpenenom |1262] n ncnontsonan n npoekre RIPE |1305] (cm. pasen 18.8).
On ocnonan na ISO 9797 |763] n ncnontsyer DES n kauecrne |ynknnn nounoro mn|ponannx. Cymecrnyer na
napnanra RIPE-MAC: onn, koroptn ncnontsyer otuntn DES, nastnaercx RIPE-MAC1, a pyron, ncnontsym-
mnn nx eme ontmen esonacnocrn rponnon DES, nastnaercx RIPE-MAC3. RIPE-MAGI ncnontsyer ono mn|-
ponanne DES na 64-nrontn nok coomennx, a RIPE-MAC3 - rpn.
Anropnrm cocronr ns rpex uacren. Bo nepntx, coomenne ynennunnaercx rak, urot ero nnna tna kparna 64
nram. 3arem, ynennuennoe coomenne pasnnaercx na 64-nronte nokn. nx x+mnponannx +rnx nokon n onn
nok ncnontsyercx |ynknnx cxarnx, sanncxmax or cekpernoro knmua . Ha +rom +rane ncnontsyercx nno DES, nno
rponnon DES. Hakonen, ntxo +ron |ynknnn cxarnx nonepraercx eme onomy DES-mn|ponannm c pyrnm knm-
uom, nonyuenntm ns knmua, ncnontsyemoro npn cxarnn . Hoponocrn moxno nanrn n |1305].
IBC-x+u
IBC-x+m - +ro eme onn MAC, ncnontsyemtn n npoekre RIPE |1305] (cm. pasen 18.8). On nnrepecen noromy,
uro ero esonacnocrt okasana, nepoxrnocrt ycnemnoro nckptrnx moxer trt onenena konnuecrnenno . K coxane-
nnm kaxoe coomenne onxno x+mnponartcx nontm knmuom . Btpanntn yponent esonacnocrn orpannunnaer
makcnmantntn pasmep x+mnpyemoro coomennx, uero ne enaer nn ona pyrax ns paccmorpenntx n +ron rnane
|ynknnx. C yuerom +rnx coopaxennn n oruere RIPE pekomenyercx, urot IBC-x+m ncnontsonanact t rontko
nx nnnntx, peko noctnaemtx coomennn. pom |ynknnn xnnxercx
h
i
((M
i
mod p) v) mod 2
n
Cekperntn knmu npecrannxer coon napy p n v, re p - n-nronoe npocroe uncno, a v - cnyuannoe uncno,
mentmee 2
n
. 3nauennx M
i
nonyuamrcx c nomomtm crporo onpeenennon nponeypt ononnennx . Bepoxrnocrn
nckptrt kak ononanpannennocrt, rak n ycronunnocrt k cronknonennxm, moryr trt onenent konnuecrnenno, n
nontsonarenn, menxx napamerpt, moryr ntpart nyxntn yponent esonacnocrn .
Ououanpaeueuuaa x+u-qyuruua MAC
B kauecrne MAC moxer trt ncnontsonana n ononanpannennax x+m-|ynknnx |1537]. Hycrt Annca n Fo nc-
nontsymr omnn knmu K, n Annca xouer ornpannrt Foy MAC coomennx M. Annca oennxer K n M, n ntunc-
nxer ononanpannennym x+m-|ynknnm oennennx: H(K,M). 3ro x+m-snauenne n xnnxercx koom MAC. Tak kak
Fo snaer K, on moxer nocnponsnecrn pesyntrar Annct, a M+nnopn, koropomy knmu nensnecren, ne cmoxer +ro
cenart.
Co meroamn MD-ycnnennx +ror cnoco paoraer, no ecrt ceptesnte nponemt. M+nnopn ncera moxer oa-
nnrt nonte nokn k konny coomennx n ntuncnnrt npannntntn MAC. 3ro nckptrne moxer trt npeornpameno,
ecnn k nauany coomennx oannrt ero nnny, no Hpenen comnenaercx n +ron cxeme |1265]. hyume oannxrt
knmu k konny coomennx, H(M,K), no npn +rom rakxe nosnnkamr nponemt |1265]. Ecnn H ononanpannennax
|ynknnx, koropax ne samnmena or cronknonennn, M+nnopn moxer noentnart coomennx. Eme nyume H(K,M,K)
nnn H(K
l
,M,K
2
), re K
l
n K
2
pasnnunt |1537]. Hpenen ne ynepen n n +rom |1265].
Fesonacntmn kaxyrcx cneymmne koncrpyknnn:
H(K
l
, H(K
2
, M))
H(K, H(K,M))
H(K, p,M,K)), re p ononnxer K o nonnoro noka coomennx.
hyumnm noxoom xnnxercx oennenne c kaxtm nokom coomennx no kpannen mepe 64 nron knmua. 3ro
enaer ononanpannennym |ynknnm menee +||ekrnnnon, rak kak ymentmamrcx nokn coomennx, no rak ona
cranonnrcx namnoro esonacnee |1265].
Hnn ncnontsynre ononanpannennym x+m-|ynknnm n cnmmerpnuntn anropnrm . Cnauana x+mnpynre |ann,
norom samn|pynre x+m-snauenne. 3ro esonacnee, uem cnauana mn|ponart |ann, a sarem x+mnponart samn|p o-
nanntn |ann, no +ra cxema uyncrnnrentna k romy xe nckptrnm, uro n koncrpyknnx H(M,K) |1265].
MAC c ucnouosoeauue nomoroeoeo uuqpa
3ra cxema MAC ncnontsyer norokonte mn|pt (cm. 3-n) |932]. Kpnnrorpa|nueckn esonacntn reneparop
ncenocnyuanntx nron emyntrnnnekcnpyer norok coomennx na na nonoroka . Ecnn na ntxoe reneparopa
nron k
i
ennnna, ro rekymnn nr coomennx m
i
ornpannxercx n nepntn nonorok, ecnn nont, ro m
i
ornpannxercx
no nropon nonorok. Kaxtn nonorok ornpannxercx na cnon LESR (pasen 16.2). Btxoom MAC npocro xnnxer-
cx koneunoe cocroxnne oonx perncrpon.
K necuacrtm +ror mero neesonacen no ornomennm k neontmnm nsmenennxm n coomennn |1523].
Hanpnmep, ecnn nsmennrt nocnennn nr coomennx, ro nx cosannx noentnoro MAC nyxno yer nsmennrt
rontko 2 nra coornercrnymmero MAC; +ro moxer trt ntnonneno c samernon nepoxrnocrtm. Anrop npenaraer
onee esonacntn, n onee cnoxntn, napnanr .
CpeuroeL
perucfp 1
CpeuroeL
perucfp 1
CSPRNG
Hepe-
knkafenu
Hofok cooeuun
Pnc. 18-15. MAC c ncnonnsonanneu no1oxonoro mnqpa.
Fnana 19 Anropn1um c o1kpm1mun knmuaun
19.1 Ocnonm
Konnennnx kpnnrorpa|nn c orkptrtmn knmuamn tna ntnnnyra Vnr|nnom n||n ( Whitfield Diffie) n
Maprnnom Xennmanom (Martin Hellman), n nesanncnmo Pant|om Mepknom (Ralph Merkle). Hx nknaom n kpnnro-
rpa|nm tno yexenne, uro knmun moxno ncnontsonart napamn - knmu mn|ponannx n knmu emn|pnponannx -
n uro moxer trt nenosmoxno nonyunrt onn knmu ns pyroro (cm. Pasen 2.5). n||n n Xennman nnepnte
npecrannnn +ry nem na Hannonantnon komntmrepnon kon|epennnn ( National Computer Conference) 1976 roa
|495], uepes neckontko mecxnen tna onynnkonana nx ocnonononarammax paora "New Directions in Cryptogra-
phy'' ("Honte nanpannennx n kpnnrorpa|nn") |496]. (Hs-sa eccrpacrnoro nponecca nynnkannn nepntn nkna
Mepkna n +ry onacrt ntmen noxnnncx rontko n 1978 roy |1064].)
C 1976 roa tno npenoxeno mnoxecrno kpnnrorpa|nuecknx anropnrmon c orkptrtmn knmuamn . Mnorne ns
nnx neesonacnt. Hs rex, koropte xnnxmrcx esonacntmn, mnorne nenpnront nx npakrnueckon peannsannn .
hno onn ncnontsymr cnnmkom ontmon knmu, nno pasmep nonyuennoro mn|porekcra namnoro npentmaer pa s-
mep orkptroro rekcra.
Hemnorne anropnrmt xnnxmrcx n esonacntmn, n npakrnuntmn . Otuno +rn anropnrmt ocnonant na onon
ns rpyntx nponem, paccmorpenntx n pasene 11.2. Hekoropte ns +rnx esonacntx n npakrnuntx anropnrmon
noxoxr rontko nx pacnpeenennx knmuen. pyrne noxoxr nx mn|ponannx (n nx pacnpeenennx knmuen) .
Tpertn nonesnt rontko nx nn|pontx nonncen. Tontko rpn anropnrma xopomo paoramr kak npn mn|ponannn,
rak n nx nn|ponon nonncn: RSA, EIGamal n Rabin. Bce +rn anropnrmt menennt. Onn mn|pymr n emn|pn-
pymr annte namnoro menennee, uem cnmmerpnunte anropnrmt. Otuno nx ckopocrt neocrarouna nx mn|p o-
nannx ontmnx oemon anntx.
Inpnnte kpnnrocncremt (cm. pasen 2.5) nosnonxmr yckopnrt cotrnx: nx mn|ponannx coomennx nc-
nontsyercx cnmmerpnuntn anropnrm co cnyuanntm knmuom, a anropnrm c orkptrtm knmuom npnmenxercx nx
mn|ponannx cnyuannoro ceanconoro knmua.
Besonacuocmo aueopumoe c omrpmmmu rumuau
Tak kak y kpnnroanannrnka ecrt ocryn k orkptromy knmuy, on ncera moxer ntpart nx mn|ponannx nmoe
coomenne. 3ro osnauaer, uro kpnnroanannrnk npn saannom C E
K
(P) moxer nonpoonart yraart snauenne P n
nerko nponepnrt cnom oraky. 3ro xnnxercx ceptesnon nponemon, ecnn konnuecrno nosmoxntx orkptrtx re k-
cron nacrontko mano, uro enaer nosmoxntm ncuepntnammnn nonck, no +ry nponemy nerko moxno pemnrt, o-
nonnxx coomennx crpokon cnyuanntx nron. 3ro npnnonr k romy, uro nenrnuntm orkptrtm rekcram coorne r-
crnymr pasnnunte mn|porekcrt. (Fonee nopono +ra nex onncana n pasene 23.15.)
3ro ocoenno naxno, ecnn anropnrm c orkptrtm knmuom ncnontsyercx nx mn|ponannx ceanconoro knmua .
Ena moxer cosart asy anntx ncex nosmoxntx ceancontx knmuen, samn|ponanntx orkptrtm knmuom Foa .
Koneuno, +ro norpeyer mnoro npemenn n namxrn, no nsnom rpyon cnnon paspemennoro k +kcnopry 40-nronoro
knmua nnn 56-nronoro knmua DES norpeyer namnoro ontme npemenn n namxrn. Kak rontko Ena cosacr rakym
asy anntx, ona nonyunr knmu Foa n cmoxer unrart ero noury .
Anropnrmt c orkptrtmn knmuamn cnpoekrnponant rak, urot npornnocroxrt nckptrnxm c ntpanntm o r-
kptrtm rekcrom. Hx esonacnocrt ocnonana kak na rpynocrn nonyuennx cekpernoro knmua no orkptromy, rak n
na rpynocrn nonyunrt orkptrtn rekcr no mn|porekcry . Onako ontmnncrno anropnrmon c orkptrtm knmuom
ocoenno uyncrnnrentnt k nckptrnm c ntpanntm mn|porekcrom (cm. pasen 1.1).
B cncremax, n koroptx onepannx, oparnax mn|ponannm, ncnontsyercx nx nn|ponon nonncn, +ro nckptrne
nenosmoxno npeornparnrt, ecnn nx mn|ponannx n nonncen ncnontsonart onnakonte knmun .
Cneonarentno, naxno ynnert ncm cncremy nennkom, a ne rontko cocrannte uacrn . Xopomne nporokont c or-
kptrtmn knmuamn cnpoekrnponant raknm opasom, urot pasnnunte cropont ne mornn pacmn|ponart npon s-
nontnte coomennx, renepnponannte pyrnmn croponamn, - xopomnm npnmepom xnnxmrcx nporokont okas a-
rentcrna nenrnunocrn (cm. pasen 5.2).
19.2 Anropn1um pmksaka
Hepntm anropnrmom nx oomennoro mn|ponannx c orkptrtm knmuom cran anropnrm pmksaka, paspa o-
ranntn Pant|om Mepknom n Maprnnom Xennmanom |713, 1074]. On mor trt ncnontsonan rontko nx mn|pon a-
nnx, xorx nosnee An Bamnp aanrnponan cncremy nx nn|ponon nonncn |1413]. Fesonacnocrt anropnrmon
pmksaka onnpaercx na nponemy pmksaka, NP-nonnym nponemy. Xorx nosxe tno onapyxeno, uro +ror anr o-
pnrm neesonacen, ero cronr nsyunrt, rak kak on emoncrpnpyer nosmoxnocrt npnmenennx NP-nonnon nponemt
n kpnnrorpa|nn c orkptrtmn knmuamn.
Hponema pmksaka necnoxna. ana kyua npemeron pasnnunon macct, moxno nn nonoxnrt nekoropte ns +rnx
npemeron n pmksak rak, urot macca pmksaka crana panna onpeenennomy snauennm ? Fonee |opmantno, an
naop snauennn M
l
, M
2
, . . . , M
n
n cymma S, ntuncnnrt snauennx b
i
, rakne uro
S b
l
M
1
b
2
M
2
. . . b
n
M
n
b
i
moxer trt nno nynem, nno ennnnen. Ennnna nokastnaer, uro npemer knayr n pmksak, a nont - uro
ne knayr.
Hanpnmep, macct npemeron moryr nmert snauennx 1, 5, 6, 11, 14 n 20. Bt moxere ynakonart pmksak rak,
urot ero macca crana panna 22, ncnontsonan macct 5, 6 n 11. Henosmoxno ynakonart pmksak rak, urot ero ma c-
ca tna panna 24. B omem cnyuae npemx, neoxonmoe nx pemennx +ron nponemt, c pocrom konnuecrna npe -
meron n kyue pacrer +kcnonennnantno.
B ocnone anropnrma pmksaka Mepkna-Xennmana nexnr nex mn|ponart coomenne kak pemenne naopa np o-
nem pmksaka. Hpemert ns kyun ntnpamrcx c nomomtm noka orkptroro rekcra, no nnne pannoro konnuecrny
npemeron n kyue (nrt orkptroro rekcra coornercrnymr snauennxm b), a mn|porekcr xnnxercx nonyuennon cym-
mon. Hpnmep mn|porekcra, samn|ponannoro c nomomtm nponemt pmksaka, nokasan na .
O1xpm1mn 1exc1 1 1 1 0 0 1 0 1 0 1 1 0 0 0 0 0 0 0 0 1 1 0 0 0
Pmxsax 1 5 6 11 14 20 1 5 6 11 14 20 1 5 6 11 14 20 1 5 6 11 14 20
Hnqpo1exc1 1562032 5111430 00 5611
Pnc. 19-1. Hnqponanne c pmxsaxaun
uokyc n rom, uro na camom ene cymecrnymr ne pasnnunte nponemt pmksaka , ona pemaercx sa nnnennoe
npemx, a pyrax, kak cunraercx, - ner. herkym nponemy moxno npenparnrt n rpynym. Orkptrtn knmu npecran-
nxer coon rpynym nponemy, koropym nerko ncnontsonart nx mn|ponannx, no nenosmoxno nx emn|pnpon a-
nnx coomennn. 3akptrtn knmu xnnxercx nerkon nponemon, anax npocron cnoco emn|pnponart coomennx .
Tomy, kro ne snaer sakptrtn knmu, npnercx nontrartcx pemnrt rpynym nponemy pmksaka .
Ceepxeospacmamuue pmrsaru
uro rakoe nerkax nponema pmksaka? Ecnn nepeuent macc npecrannxer coon cnepxnospac1ammym nocneo-
na1ennnoc1n, ro nonyuennym nponemy pmksaka nerko pemnrt. Cnepxnospacrammax nocneonarentnocrt - +ro
nocneonarentnocrt, n koropon kaxon unen ontme cymmt ncex npetymnx unenon . Hanpnmep, nocneona-
rentnocrt 1,3,6,13,27,52} xnnxercx cnepxnospacrammen, a 1,3,4,9, 15,25} - ner.
Pemenne cnepxnospac1ammero pmxsaxa nanrn nerko. Bostmnre nonntn nec n cpannnre ero c camtm on t-
mnm uncnom nocneonarentnocrn. Ecnn nonntn nec mentme, uem +ro uncno, ro ero ne knayr n pmksak . Ecnn non-
ntn nec ontme nnn panen +romy uncny, ro ono knaercx n pmksak . Vmentmnm maccy pmksaka na +ro snauenne n
nepenem k cneymmemy no nennunne uncny nocneonarentnocrn . Fyem nonropxrt, noka nponecc ne sakonunrcx .
Ecnn nonntn nec ymentmnrcx o nynx, ro pemenne naneno. B npornnnom cnyuae , there isn't.
Hanpnmep, nycrt nonntn nec pmksaka - 70, a nocneonarentnocrt necon 2,3,6, 13,27,52}. Camtn ontmon
nec, 52, mentme 70, no+romy knaem 52 n pmksak. Btunrax 52 ns 70, nonyuaem 18. Cneymmnn nec, 27, ontme
18, no+romy 27 n pmksak ne knaercx. nec, 13,mentme 18, no+romy knaem 13 n pmksak. Btunrax 13 ns 18, nony-
uaem 5. Cneymmnn nec, 6, ontme 5, no+romy 6 ne knaercx n pmksak. Hpoonxenne +roro nponecca nokaxer, uro
n 2, n 3 knayrcx n pmksak, n nonntn nec ymentmaercx o 0, uro coomaer o nanennom pemennn. Ecnn t +ro
tn nok mn|ponannx meroom pmksaka Mepkna-Xennmana , orkptrtn rekcr, nonyuenntn ns snauennx mn|p o-
rekcra 70, tn t panen 110101.
He cnepxnospacrammne, nnn nopmantnte, pmksakn npecrannxmr coon rpynym nponemy - tcrporo anr o-
pnrma nx nnx ne naneno. Enncrnenntm nsnecrntm cnocoom onpeennrt, kakne npemert knayrcx n pmksak,
xnnxercx meronueckax nponepka nosmoxntx pemennn, noka nt ne narknerect na npannntnoe . Camtn tcrptn
anropnrm, npnnnmax no nnnmanne pasnnunym +npnrcnky , nmeer +kcnonennnantnym sanncnmocrt or uncna no s-
moxntx npemeron. oantre k nocneonarentnocrn necon eme onn unen, n nanrn pemenne craner nnoe
rpynee. 3ro namnoro rpynee cnepxnospacrammero pmksaka, re, ecnn nt oannre onn npemer k nocneon a-
rentnocrn, nonck pemennx ynennunrcx na ony onepannm.
Anropnrm Mepkna-Xennmana ocnonan na +rom cnoncrne . 3akptrtn knmu xnnxercx nocneonarentnocrtm necon
nponemt cnepxnospacrammero pmksaka. Orkptrtn knmu - +ro nocneonarentnocrt necon nponemt nopmantno-
ro pmksaka c rem xe pemennem. Mepkn n Xennman, ncnontsyx moyntnym apn|mernky, paspaorann cnoco np e-
opasonannx nponemt cnepxnospacrammero pmksaka n nponemy nopmantnoro pmksaka.
Cosauue omrpmmoeo rumua us sarpmmoeo
Paccmorpnm paory anropnrma, ne yrnynxxct n reopnm uncen : urot nonyunrt nopmantnym nocneonarent-
nocrt pmksaka, nostmem cnepxnospacrammym nocneonarentnocrt pmksaka, nanpnmep, 2,3,6,13,27,52}, n ymno-
xnm no moynm m nce snauennx na uncno n. 3nauenne moynx onxno trt ontme cymmt ncex uncen nocneon a-
rentnocrn, nanpnmep, 105. Mnoxnrent onxen trt nsanmno npocrtm uncnom c moynem, nanpnmep, 31. Hop-
mantnon nocneonarentnocrtm pmksaka yer
2*31 mod 105 62
3*31 mod 105 93
6*31 mod 105 81
13*31 mod 105 88
27*31 mod 105 102
52*31 mod 105 37
Hroro - 62,93,81,88,102,37}.
Cnepxnospacrammax nocneonarentnocrt pmksaka xnnxercx sakptrtm knmuom, a nopmantnax nocneonaren t-
nocrt pmksaka - orkptrtm.
Huqpoeauue
nx mn|ponannx coomenne cnauana pasnnaercx na nokn, pannte no nnne uncny +nemenron nocneon a-
rentnocrn pmksaka. 3arem, cunrax, uro ennnna ykastnaer na npncyrcrnne unena nocneonarentnocrn, a nont - na
ero orcyrcrnne, ntuncnxem nonnte neca pmksakon - no onomy nx kaxoro noka coomennx .
Hanpnmep, ecnn coomenne n nnapnom nne ntrnxnr kak 011000110101101110, mn|ponanne, ncnontsym-
mee npetymym nocneonarentnocrt pmksaka, yer nponcxonrt cneymmnm opasom :
coomenne 011000 110101 101110
011000 coornercrnyer 93 81 174
110101 coornercrnyer 62 93 88 37 280
101110 coornercrnyer 62 81 88 102 333
Bn|porekcrom yer nocneonarentnocrt 174,280,333
euuqpupoeauue
3akonntn nonyuarent annoro coomennx snaer sakptrtn knmu: opnrnnantnym cnepxnospacrammym nocn e-
onarentnocrt, a rakxe snauennx n n m, ncnontsonannte nx npenpamennx ee n nopmantnym nocneonarentnocrt
pmksaka. nx emn|pnponannx coomennx nonyuarent onxen cnauana onpeennrt n
-1
, rakoe uro n(n
-1
)1 (mod
m). Kaxoe snauenne mn|porekcra ymnoxaercx na n
-1
mod m, a sarem pasenxercx c nomomtm sakptroro knmua,
urot nonyunrt snauennx orkptroro rekcra.
B namem npnmepe cnepxnospacrammax nocneonarentnocrt - 2,3,6,13,27,52), m panno 105, a n - 31. Bn|po-
rekcrom cnyxnr 174,280,333. B +rom cnyuae n
-1
panno 61, no+romy snauennx mn|porekcra onxnt trt ymnoxe-
nt na 61 mod 105.
174*61 mod 105 9 3 6, uro coornercrnyer 011000
280*61 mod 105 70 2 3 13 52, uro coornercrnyer 110101
333*61 mod 105 48 2 6 13 27, uro coornercrnyer 101110
Pacmn|ponanntm orkptrtm rekcrom xnnxercx 011000 110101 101110.
Hparmuuecrue peauusauuu
nx nocneonarentnocrn ns mecrn +nemenron nerpyno pemnrt saauy pmksaka, axe ecnn nocneonaren t-
nocrt ne xnnxercx cnepxnospacrammen. Peantnte pmksakn onxnt coepxart ne menee 250 +nemenron . nnna
kaxoro unena cnepxnospacrammen nocneonarentnocrn onxna trt re-ro mexy 200 n 400 nramn , a nnna
moynx onxna trt or 100 o 200 nron. nx nonyuennx +rnx snauennn npakrnueckne peannsannn ncnontsymr
reneparopt cnyuannon nocneonarentnocrn.
Bckptnart noonte pmksakn npn nomomn rpyon cnnt ecnonesno . Ecnn komntmrep moxer nponepxrt mnn-
nnon napnanron n cekyny, nponepka ncex nosmoxntx napnanron pmksaka norpeyer cntme 10
46
ner. axe mnn-
nnon mamnn, paorammnx napannentno, ne ycneer pemnrt +ry saauy o npenpamennx connna n cnepxnonym sne s-
y.
Besonacuocmo emoa pmrsara
Bsnomann kpnnrocncremy, ocnonannym na nponeme pmksaka, ne mnnnnon mamnn, a napa kpnnrorpa|on . Cna-
uana tn packptr enncrnenntn nr orkptroro rekcra |725]. 3arem Bamnp nokasan, uro n onpeenenntx ocro x-
rentcrnax pmksak moxer trt nsnoman |1415, 1416]. Ftnn n pyrne ocrnxennx - |1428, 38, 754, 516, 488] - no
nnkro ne mor nsnomart cncremy Maprnna-Xennmana n omem cnyuae. Hakonen Bamnp n Hnnnen (Zippel) |1418,
1419, 1421] onapyxnnn cnate mecra n npeopasonannn, uro nosnonnno nm noccranonnrt cnepxnospacrammym
nocneonarentnocrt pmksaka no nopmantnon. Tounte okasarentcrna ntxoxr sa pamkn +ron knnrn, no nx xop o-
mnn osop moxno nanrn n |1233, 1244]. Ha kon|epennnn, re oknatnannct +rn pesyntrart, nckptrne tno
npoemoncrpnponano no cranxm na komntmrepe Apple II |492, 494].
Bapuaumm pmrsara
Hocne nckptrnx opnrnnantnon cxemt Mepkna-Xennmana tno npenoxeno mnoxecrno pyrnx cncrem na
npnnnnne pmksaka: neckontko nocneonarentntx pmksakon, pmksakn Ip+m-Bamnpa (Graham-Shamir), n pyrne.
Bce onn tnn npoanannsnponant n nsnomant, kak npannno, c ncnontsonannem onnx n rex xe kpnnrorpa|nu e-
cknx meroon, n nx onomkn tnn cmerent co ckopocrnoro mocce kpnnrorpa|nn |260, 253, 269, 921, 15, 919, 920,
922, 366, 254, 263, 255]. Xopomnn osop +rnx cncrem n nx kpnnroananns moxno nanrn n |267, 479, 257, 268].
Ftnn npenoxent n pyrne anropnrmt, ncnontsymmne noxoxne nen, no nce onn roxe tnn nsnomant .
Kpnnrocncrema Lu-Lee |990, 13] tna nsnomana n |20, 614, 873], ee mon|nkannx |507] rakxe okasanact neeso-
nacnon |1620]. Bckptrnx kpnnrocncremt Goodman-McAuley npnneent n |646, 647, 267, 268]. Kpnnrocncrema
Pieprzyk |1246] tna nsnomana ananornuntm opasom. Kpnnrocncrema Niemi |1169], ocnonannax na moyntntx
pmksakax, nsnomana n |345, 788]. Hontn, mnorocrannntn pmksak |747] noka eme ne tn nsnoman, no x ne onrn-
mncrnuen. pyrnm napnanrom xnnxercx |294].
Xorx napnanr anropnrma pmksaka n nacroxmee npemx esonacen - anropnrm pmksaka Char-Rivest |356], ne-
cmorpx na "cnennannsnponannoe nckptrne" |743] - konnuecrno neoxonmtx ntuncnennn enaer ero namnoro
menee nonesntm, uem pyrne paccmorpennte sect anropnrmt . Bapnanr, nasnanntn Powerline System (cncrema
+nekrponnrannx) neesonacen |958]. Fonee roro, yunrtnax nerkocrt c koropon nann nce ocrantnte napnanrt, o-
nepxrt ycroxnmnm noka napnanrom, no nnnmomy, neocropoxno .
Hameumm
Opnrnnantntn anropnrm Mepkna-Xennmana sanarenronan n Coennenntx Brarax |720] n n ocrantnom mnpe
(cm. 18th). Public Key Partners (PKP) nonyunna nnnensnm na narenr nmecre c pyrnmn narenramn kpnnrorpa|nn c
orkptrtmn knmuamn (cm. pasen 25.5). Bpemx encrnnx narenra CBA ncreuer 19 anrycra 1997 roa.
Tan. 19-1.
Hnoc1pannme na1en1m na anropn1u pmxsaxa Mepxna-
Xennuana
Crpana Homep ara nonyuennx
Fentrnx 871039 5 anpenx 1979 roa
Hnepnant 7810063 10 anpenx 1979 roa
Bennkopnrannx 2006580 2 max 1979 roa
Iepmannx 2843583 10 max 1979 roa
Bnennx 7810478 14 max 1979 roa
upannnx 2405532 8 nmnx 1979 roa
Iepmannx 2843583 3 xnnapx 1982 roa
Iepmannx 2857905 15 nmnx 1982 roa
Kanaa 1128159 20 nmnx 1982 roa
Bennkopnrannx 2.006580 18 anrycra 1982 roa
Bnennapnx 63416114 14 xnnapx 1983 roa
Hrannx 1099780 28 cenrxpx 1985 roa
19.3 RSA
Bckope nocne anropnrma pmksaka Mepkna noxnnncx nepntn nonnonenntn anropnrm c orkptrtm knmuom , ko-
roptn moxno ncnontsonart nx mn|ponannx n nn|pontx nonncen : RSA |1328, 1329]. Hs ncex npenoxenntx sa
+rn rot anropnrmon c orkptrtmn knmuamn RSA npome ncero nonxrt n peannsonart. (Maprnn Iapnep (Martin
Gardner) onynnkonan pannee onncanne anropnrma n cnoen kononke "Maremarnueckne nrpt" n Scientific American
|599].) On rakxe xnnxercx camtm nonynxpntm. Hasnanntn n uecrt rpex nsoperarenen - Pona Pnnecra (Ron
Rivest), An Bamnpa (Adi Shamir) n heonapa 3nmana (Leonard Adleman) - +ror anropnrm mnorne rot nporn-
nocronr nnrencnnnomy kpnnroanannsy. Xorx kpnnroananns nn okasan, nn onponepr esonacnocrt RSA, on, no
cyrn, oocnontnaer yponent onepnx k anropnrmy.
Fesonacnocrt RSA ocnonana na rpynocrn pasnoxennx na mnoxnrenn ontmnx uncen . Orkptrtn n sakptrtn
knmun xnnxmrcx |ynknnxmn nyx ontmnx (100 - 200 paspxon nnn axe ontme) npocrtx uncen. Hpenonaraer-
cx, uro noccranonnenne orkptroro rekcra no mn|porekcry n orkptromy knmuy +knnnanenrno pasnoxennm na
mnoxnrenn nyx ontmnx uncen.
nx renepannn nyx knmuen ncnontsymrcx na ontmnx cnyuanntx npocrtx uncna , p n q. nx makcnmantnon
esonacnocrn ntnpanre p n q pannon nnnt. Paccunrtnaercx nponsneenne:
n p q
3arem cnyuanntm opasom ntnpaercx knmu mn|ponannx e, rakon uro e n (p-1)(q-1) xnnxmrcx nsanmno npo-
crtmn uncnamn. Hakonen pacmnpenntn anropnrm 3nknna ncnontsyercx nx ntuncnennx knmua emn|pnpon a-
nnx d, rakoro uro
ed 1 (mod (p-1)(q-1))
pyrnmn cnonamn
d e
-1
mod ((p-1)(q-1))
3amernm, uro d n n rakxe nsanmno npocrte uncna. uncna e n n - +ro orkptrtn knmu, a uncno d - sakptrtn.
na npocrtx uncna p n q ontme ne nyxnt. Onn onxnt trt orpoment, no ne onxnt trt packptrt.
nx mn|ponannx coomennx m ono cnauana pasnnaercx na nn|ponte nokn, mentmne n (nx nonuntx an-
ntx ntnpaercx camax ontmax crenent uncna 2, mentmax n). To ecrt, ecnn p n q - 100-paspxnte npocrte uncna,
ro n yer coepxart okono 200 paspxon, n kaxtn nok coomennx m
i
onxen trt okono 200 paspxon n
nnny. (Ecnn nyxno samn|ponart |nkcnponannoe uncno nokon, nx moxno ononnnrt neckontknmn nynxmn cn e-
na, urot rapanrnponart, uro nokn ncera yyr mentme n. 3amn|ponannoe coomenne c yer cocroxrt ns no-
kon c
i
ron xe camon nnnt. uopmyna mn|ponannx ntrnxnr rak
c
i
m
i
e
mod n
nx pacmn|ponkn coomennx nostmnre kaxtn samn|ponanntn nok c
i
n ntuncnnre
m
i
c
i
d
mod n
Tak kak
c
i
d
(m
i
e
)
d
m
i
ed
m
i
k(p-1)(q-1)1
m
i
m
i
k(p-1)(q-1)
m
i
*1 m
i
, nce (mod n)
|opmyna noccranannnnaer coomenne. 3ro cneeno n 17-n.
Tan. 19-2.
Hnqponanne RSA
Omrpmmm rumu:
n nponsneenne nyx npocrtx uncen p n q (p n q onxnt xpannrtcx n cekpere)
e uncno, nsanmno npocroe c (p-1)(q-1)
3arpmmm rumu:
d e
-1
mod ((p-1)(q-1))
Huqpoeauue:
c m
e
mod n
euuqpupoeauue:
m c
d
mod n
Touno rakxe coomenne moxer trt samn|ponano c nomomtm d, a samn|ponano c nomomtm e, nosmoxen
nmon ntop. yepery nac or reopnn uncen, okastnammen, nouemy +ror anropnrm paoraer. B ontmnncrne
knnr no kpnnrorpa|nn +ror nonpoc nopono paccmorpen .
Koporknn npnmep nosmoxno nomoxer noxcnnrt paory anropnrma . Ecnn p 47 n q 71, ro
n pq 3337
Knmu e ne onxen nmert omnx mnoxnrenen
(p-1)(q-1) 46*70 3220
Btepem (cnyuanno) e panntm 79. B +rom cnyuae d 79
-1
mod 3220 1019
Hpn ntuncnennn +roro uncna ncnontsonan pacmnpenntn anropnrm 3nknna (cm. pasen 11.3). Onynnkyem e
n n, coxpannn n cekpere d. Orpocnm p n q. nx mn|ponannx coomennx
m 6882326879666683
cnauana pasennm ero na manentkne nokn. nx namero cnyuax noonyr rpexyknennte nokn . Coomenne
pasnnaercx na mecrt nokon m
i
:
m
l
688
m
2
232
m
3
687
m
4
966
m
5
668
m
6
003
Hepntn nok mn|pyercx kak 688
79
mod 3337 1570 c
l
Btnonnxx re xe onepannn nx nocneymmnx nokon, cosaer mn|porekcr coomennx :
c 1570 2756 2091 2276 2423 158
nx emn|pnponanne nyxno ntnonnnrt rakoe xe nosneenne n crenent, ncnontsyx knmu emn|pnponannx
1019:
1570
1019
mod 3337 688 m
l
Ananornuno noccranannnnaercx ocranmaxcx uacrt coomennx .
Annapamume peauusauuu RSA
Cymecrnyer mnoro nynnkannn, sarparnnammnx remy annaparntx peannsannn RSA |1314, 1474, 1456, 1316,
1485, 874, 1222, 87, 1410, 1409, 1343, 998, 367, 1429, 523, 772]. Xopomnmn osopntmn crartxmn cnyxar |258,
872]. Bn|ponanne RSA ntnonnxercx mnornmn mnkpocxemamn |1310, 252, 1101, 1317, 874, 69, 737, 594, 1275,
1563, 509, 1223]. uacrnuntn cnncok ocrynntx n nacroxmee npemx mnkpocxem RSA, nsxrtn ns |150, 258], npnne-
en n 16th. He nce ns nnx ocrynnt n cnoonon npoaxe .
Tan. 19-3.
Cymec1nymmne unxpocxeum RSA
Komnannx Takronax uacrora Ckopocrt
nepeaun n Foax
na 512 nr
Takronte nnknt
nx mn|ponannx
512 nr
Texnonornx Fnron na
mnkpocxemy
Konnuecrno
rpansncropon
Alpha Techn. 25 MIn 13K 0.98 M 2 mnkpona 1024 180000
AT&T 15 MIn 19K 0.4 M 1.5 mnkpona 298 100000
British Telecom 10 MIn 5.IK 1 M 2.5 mnkpona 256 -----
Business Sim. Ltd. 5 MIn 3.8K 0.67 M Benrnntnax marpnna 32 -----
CalmosSyst-Inc. 20 MIn 2.8K 0.36 M 2 mnkpona 593 95000
CNET 25 MIn 5.3K 2.3 M 1 mnkpon 1024 100000
Cryptech 14 MIn 17K 0.4 M Benrnntnax marpnna 120 33000
Cylink 30 MIn 6.8K 1.2 M 1.5 mnkpona 1024 150000
GEC Marconi 25 MIn 10.2K 0.67 M 1.4 mnkpona 512 160000
Pijnenburg 25 MIn 50K 0.256 M 1 mnkpon 1024 400000
Sandia 8 MIn IOK 0.4 M 2 mnkpona 272 86000
Siemens 5 MIn 8.5K 0.03 M 1 mnkpon 512 60000
Cropocmo RSA
Annaparno RSA npnmepno n 1000 pas menennee DES. Ckopocrt paort camon tcrpon CFHC-peannsannn
RSA c 512-nrontm moynem - 64 knnonra n cekyny |258]. Cymecrnymr rakxe mnkpocxemt, koropte ntnonn x-
mr 1024-nronoe mn|ponanne RSA. B nacroxmee npemx paspaartnamrcx mnkpocxemt, koropte, ncnontsyx 512-
nrontn moynt, npnnnsxrcx k pyexy 1 Mnr/c. Bosmoxno, onn noxnxrcx n 1995 roy. Hponsnonrenn rakxe
npnmenxmr RSA n nnrennekryantntx kaproukax, no +rn peannsannn menennee .
Hporpammno DES npnmepno n 100 pas tcrpee RSA. 3rn uncna moryr nesnaunrentno nsmennrtcx npn nsmen e-
nnn rexnonornn, no RSA nnkora ne ocrnrner ckopocrn cnmmerpnuntx anropnrmon . B 15-n npnneent npnmept
ckopocren nporpammnoro mn|ponannx RSA |918].
Tan. 19-4.
Cxopoc1n RSA nu pasnnunmx nnn uoynen npn 8-n1onou o1-
xpm1ou xnmue (na SPARC II)
512 nron 768 nron 1024 nra
Bn|ponanne 0.03 c 0.05 c 0.08 c
emn|pnponanne 0.16 c 0.48 c 0.93 c
Honnct 0.16 c 0.52 c 0.97 c
Hponepka 0.02 c 0.07 c 0.08 c
Hpoepaume Speedups
Bn|ponanne RSA ntnonnxercx namnoro tcrpen, ecnn nt npannntno ntepere snauenne e. Tpemx nanonee
uacrtmn napnanramn xnnxmrcx 3, 17 n 65537 (2
16
1). (nonunoe npecrannenne 65537 coepxnr rontko ne
ennnnt, no+romy nx nosneennx n crenent nyxno ntnonnnrt rontko 17 ymnoxennn .) X.509 coneryer 65537
|304], PEM pekomenyer 3 |76], a PKCS #l (cm. pasen 24.14) - 3 nnn 65537 |1345]. He cymecrnyer nnkaknx npo-
nem esonacnocrn, cnxsanntx c ncnontsonannem n kauecrne e nmoro ns +rnx rpex snauennn (npn ycnonnn, uro
nt ononnxere coomennx cnyuanntmn uncnamn - cm. pasen nnxe), axe ecnn ono n ro xe snauenne e ncnontsy-
ercx nenon rpynnon nontsonarenen.
Onepannn c sakptrtm knmuom moxno yckopnrt npn nomomn knranckon reopemt or ocrarkax, ecnn nt coxp a-
nnnn snauennx p n q, a rakxe ononnnrentnte snauennx: d mod (p - 1), d mod (q - 1) n q
-1
mod p |1283, 1276]. 3rn
ononnnrentnte uncna moxno nerko ntuncnnrt no sakptromy n orkptromy knmuam .
Besonacuocmo RSA
Fesonacnocrt RSA nonnocrtm sanncnr or nponemt pasnoxennx na mnoxnrenn ontmnx uncen . Texnnueckn,
+ro yrnepxenne o esonacnocrn nxnno. Hpenonaraercx, uro esonacnocrt RSA sanncnr or nponemt pasnoxe-
nnx na mnoxnrenn ontmnx uncen. Hnkora ne tno okasano maremarnueckn, uro nyxno pasnoxnrt n na mnoxn-
renn, urot noccranonnrt m no c n e. Honxrno, uro moxer trt orkptr concem nnon cnoco kpnnroanannsa RSA.
Onako, ecnn +ror nontn cnoco nosnonnr kpnnroanannrnky nonyunrt d, on rakxe moxer trt ncnontsonan nx
pasnoxennx na mnoxnrenn ontmnx uncen. ne cnnmkom nonnymct o +rom.
Takxe moxno nckptrt RSA, yraan snauenne (p-1)(q-1). 3ro nckptrne ne npome pasnoxennx n na mnoxnrenn
|1616].
nx cnepxckenrnkon: okasano, uro nekoropte napnanrt RSA rakxe cnoxnt, kak n pasnoxenne na mnoxnrenn
(cm. pasen 19.5). 3arnxnnre rakxe n |361, re nokasano, uro packptrne axe neckontknx nron nn|opmannn no
samn|ponannomy RSA mn|porekcry ne nerue, uem emn|pnponanne ncero coomennx .
Camtm ouennntm cpecrnom nckptrnx xnnxercx pasnoxenne n na mnoxnrenn. hmon npornnnnk cmoxer no-
nyunrt orkptrtn knmu e n moynt n. urot nanrn knmu emn|pnponannx d, npornnnnk onxen pasnoxnrt n na
mnoxnrenn. Conpemennoe cocroxnne rexnonornn pasnoxennx na mnoxnrenn paccmarpnnanoct n pasene 11.4. B
nacroxmee npemx nepennm kpaem +ron rexnonornn xnnxercx uncno, coepxamee 129 ecxrnuntx nn|p . 3naunr, n
onxno trt ontme +roro snauennx. Pekomenannn no ntopy nnnt orkptroro knmua npnneent n pasene
7.2.
Koneuno, kpnnroanannrnk moxer nepenpart nce nosmoxnte d, noka on ne noeper npannntnoe snauenne. Ho
rakoe nckptrne rpyon cnnon axe menee +||ekrnnno, uem nontrka pasnoxnrt n na mnoxnrenn.
Bpemx or npemenn noxnnxmrcx saxnnennx o rom, uro nanen npocron cnoco nckptrnx RSA, no noka nn ono
ns noontx saxnnennn ne nornepnnoct. Hanpnmep, n 1993 roy n uepnonnke crartn Bnntxma Henna ( William
Payne) tn npenoxen mero, ocnonanntn na manon reopeme uepma |1234]. K coxanennm, +ror mero okasancx
menennee pasnoxennx na mnoxnrenn
Cymecrnyer eme onn nono nx ecnokoncrna . Fontmnncrno omenpnnxrtx anropnrmon ntuncnennx npocrtx
uncen p n q nepoxrnocrnt, uro nponsoner, ecnn p nnn q okaxercx cocranntm? Hy, no nepntx, moxno cnecrn ne-
poxrnocrt rakoro cotrnx o nyxnoro mnnnmyma . H axe ecnn +ro nponsoner, ckopee ncero rakoe cotrne yer
cpasy xe onapyxeno - mn|ponanne n emn|pnponanne ne yyr paorart . Cymecrnyer px uncen, nastnaemtx
uncnamn Kapmankna (Carmichael), koropte ne moryr onapyxnrt onpeenennte nepoxrnocrnte anropnrmt non c-
ka npocrtx uncen. Onn neesonacnt, no upesntuanno pekn |746]. uecrno ronopx, menx t +ro ne oecnokonno.
Bcrpmmue c empauum uuqpomercmo npomue RSA
Hekoropte nckptrnx paoramr npornn peannsannn RSA. Onn nckptnamr ne cam asontn anropnrm, a na -
crpoenntn na nnm nporokon. Baxno nonnmart, uro camo no cee ncnontsonanne RSA ne oecneunnaer esonac-
nocrn. eno n peannsannn.
Ceuapu 1. Ene, nocnymanmen nnnnn cnxsn Annct, yanoct nepexnarnrt coomenne c, mn|ponannoe c no-
momtm RSA orkptrtm knmuom Annct. Ena xouer npounrart coomenne. Ha xstke maremarnkn, en nyxno m, nx
koroporo
m c
d
nx packptrnx m ona cnauana ntnpaer nepnoe cnyuannoe uncno r, mentmee n. Ona ocraer orkptrtn knmu
Annct e. 3arem ona ntuncnxer
x r
e
mod n
v xc mod n
t r
-1
mod n
Ecnn x r
e
mod n, ro r x
d
mod n.
Tenept npocnr Anncy nonncart v ee sakptrtm knmuom, raknm opasom pacmn|ponan v. (Annca onxna no-
nncart coomenne, a ne ero x+m cymmy.) He satnanre, Annca nnkora pantme ne nnena v. Annca noctnaer Ene
u v
d
mod n
Tenept Ena ntuncnxer
tu mod n r
-1
v
d
mod r
-1
x
d
c
d
mod n c
d
mod n m
H Ena nonyuaer m.
Ceuapu 2. Tpenr - +ro komntmrep-norapnyc. Ecnn Annca xouer sanepnrt okymenr, ona noctnaer ero
Tpenry. Tpenr nonnctnaer ero nn|ponon nonnctm RSA n ornpannxer oparno. (Ononanpannennte x+m-
|ynknnn ne ncnontsymrcx, Tpenr mn|pyer nce coomenne cnonm sakptrtm knmuom .)
M+nnopn xouer, urot Tpenr nonncan rakoe coomenne, koropoe n otunom cnyuae on on nnkora ne non n-
mer. Moxer trt +ro |antmnnax npemennax merka, moxer trt anropom +roro coomennx xnnxercx pyroe nnno .
Kakon t nn tna npnunna, Tpenr nnkora ne nonnmer +ro coomenne, ecnn y nero yer nosmoxnocrt ntopa .
Hasonem +ro coomenne m.
Cnauana M+nnopn ntnpaer nponsnontnoe snauenne x n ntuncnxer v x
e
mod n. e on moxer nonyunrt es
rpya - +ro orkptrtn knmu Tpenra, koroptn onxen trt onynnkonan, urot moxno tno nponepxrt nonncn
Tpenra. Tenept M+nnopn ntuncnxer m vm mod n n noctnaer m Tpenry na nonnct. Tpenr nosnpamaer m
d
mod
n. Now M+nnopn ntuncnxer (m
d
mod n)x
-1
mod n, koropoe panno n
d
mod n n xnnxercx nonnctm m.
Ha camom ene M+nnopn moxer ncnontsonart mnoxecrno cnocoon pemnrt noonym saauy |423, 458, 486].
Cnatm mecrom, koropoe ncnontsymr rakne nckptrnx, xnnxercx coxpanenne myntrnnnnkarnnnon crpykrypt nxoa
npn nosneennn n crenent. To ecrt:
(xm)
d
mod n x
d
m
d
mod n
Ceuapu !. Ena xouer, urot Annca nonncana m
3
. Ona cosaer na coomennx, m
l
n m
2
, rakne uro
m
3
m
1
m
2
(mod n)
Ecnn Ena cmoxer sacrannrt Anncy nonncart m
l
n m
2
, ona moxer ntuncnnrt nonnct nx m
3
:
m
3
d
(m
l
d
mod n) (m
2
d
mod n)
Mopant: Hnkora ne nontsynrect anropnrmom RSA nx nonncn cnyuanntx okymenron, nocynyrtx nam n o-
croponnnmn. Bcera cnauana nocnontsynrect ononanpannennon x+m-|ynnnen . uopmar nokon ISO 9796 npeor-
npamaer +ro nckptrne.
Bcrpmmue oueeo oyua RSA
Hpn peannsannn RSA moxno nonpoonart pasart ncem nontsonarenxm onnakontn moynt n, no kaxomy
cnon snauennx nokasarenen crenenn e n d. K coxanennm, +ro ne paoraer. Hanonee ouennnax nponema n rom,
uro ecnn ono n ro xe coomenne kora-nnyt mn|ponanoct pasntmn nokasarenxmn crenenn (c onnm n rem xe
moynem), n +rn na nokasarenx - nsanmno npocrte uncna (kak otuno n tnaer), ro orkptrtn rekcr moxer trt
packptr, axe ne snax nn onoro knmua emn|pnponannx |1457].
Hycrt m - orkptrtn rekcr coomennx. na knmua mn|ponannx - e
1
n e
2
. Omnn moynt - n. Bn|porekcramn
coomennx xnnxmrcx:
c m n
e
1
1
= mod
c m n
e
2
2
= mod
Kpnnroanannrnk snaer n, e
1
, e
2
, c
1
n c
2
. Bor kak on ysnaer m.
Tak kak e
1
n e
2
- nsanmno npocrte uncna, ro c nomomtm pacmnpennoro anropnrma 3nknna r n s, nx koroptx
re
1
se
2
1
Cunrax r orpnnarentntm (nnn r, nnn s onxno trt orpnnarentntm, nycrt orpnnarentntm yer r), ro cnona
moxno nocnontsonartcx pacmnpenntm anropnrmom nx ntuncnennx c
1
-1
. 3arem
(c
1
-1
)
-r
* c
2
s
m mod n
Cymecrnyer na pyrnx, onee ronknx nckptrnx cncrem rakoro rnna . Ono ncnontsyer nepoxrnocrntn mero
nx pasnoxennx n na mnoxnrenn. pyron - erepmnnnponanntn anropnrm ntuncnennx kakoro-nnyt cekpernoro
knmua es pasnoxennx moynx na mnoxnrenn. Oa nckptrnx nopono onncant n |449].
Mopant: He enanre n omnm nx rpynnt nontsonarenen.
Bcrpmmue auoeo norasameua uuqpoeauua RSA
Bn|ponanne n nponepka nonncn RSA ntnonnxercx tcrpee, ecnn nx e ncnontsyercx neontmoe snauenne,
no +ro rakxe moxer trt neesonacntm |704]. Ecnn e(e 1)/2 nnnenno sanncxmnx coomennn c pasnnuntmn o r-
kptrtmn knmuamn mn|pymrcx onnm n rem xe snauennem e, cymecrnyer cnoco nckptrt rakym cncremy. Ecnn
coomennn ne rak mnoro, nnn ecnn coomennx ne cnxsant, ro nponem ner. Ecnn coomennx onnakont, ro ocra-
rouno e coomennn. Hpome ncero ononnxrt coomennx nesanncnmtmn cnyuanntmn uncnamn .
3ro rakxe rapanrnpyer, uro m
e
mod n m
e
. Tak enaercx n ontmnncrne npakrnuecknx peannsannn RSA, na-
npnmep, n PEM n PGP (cm. pasent 24.10 n 24.12).
Mopant: ononnxnre coomennx nepe mn|ponannem cnyuanntmn snauennxmn, yenrect, uro pasmep m
npnmepno panen n.
Bcrpmmue auoeo norasameua euuqpupoeauua RSA
pyrnm nckptrnem, npenoxenntm Mankn Bnnep (Michael Wiener), packptnaer d, re d ne npentmaer uer-
neprn pasmepa n, a e mentme n |1596]. Hpn cnyuannom ntope e n d +ro ncrpeuaercx peko, n nnkora ne nponson-
er, ecnn snauenne e mano.
Mopant: Btnpanre ontmoe snauenne d.
Houyueuume yporu
xynr Myp (Judith Moore) na ocnonannn nepeuncnenntx nckptrnn npnnonr cneymmne orpannuennx RSA
|1114, 1115]:
3nanne onon napt nokasarenen mn|ponannx/emn|pnponannx nx annoro moynx nosnonxer nsnommnky
pasnoxnrt moynt na mnoxnrenn.
3nanne onon napt nokasarenen mn|ponannx/emn|pnponannx nx annoro moynx nosnonxer nsnommnky
ntuncnnrt pyrne napt nokasarenen, ne packnatnax moynt na mnoxnrenn.
B nporokonax ceren cnxsn, npnmenxmmnx RSA, ne onxen ncnontsonartcx omnn moynt. (3ro xnnxercx
trt ouennntm cnecrnnem npetymnx nyx nynkron .)
nx npeornpamennx nckptrnx manoro nokasarenx mn|ponannx coomennx onxnt trt ononnent cn y-
uanntmn snauennxmn.
Hokasarent emn|pnponannx onxen trt ontmnm.
He satnanre, neocrarouno ncnontsonart esonacntn kpnnrorpa|nuecknn anropnrm, onxnt trt esona c-
ntmn ncx kpnnrocncrema n kpnnrorpa|nuecknn nporokon . Cnaoe mecro nmoro ns rpex +rnx komnonenron cen a-
er neesonacnon ncm cncremy.
Bcrpmmue uuqpoeauua u nonucu c ucnouosoeauue RSA
Hmeer cmtcn nonnctnart coomenne nepe mn|ponannem (cm. pasen 2.7), no na npakrnke nnkro ne ntnon-
nxer +roro. nx RSA moxno nckptrt nporokont, mn|pymmne coomenne o ero nonncannx |48].
Annca xouer nocnart coomenne Foy. Cnauana ona mn|pyer ero orkptrtm knmuom Foa, a sarem nonnct-
naer cnonm sakptrtm knmuom. Ee samn|ponannoe n nonncannoe coomenne ntrnxnr rak :
m n n
e
B
d
A
B A
mod ) mod
Bor kak Fo moxer okasart, uro Annca nocnana emy m, a ne m. Tak kak Foy nsnecrno pasnoxenne na mnoxn-
renn n
B
(+ro ero cocrnenntn moynt), on moxer ntuncnnrt nckpernte norapn|mt no ocnonannm n
B
. Cneona-
rentno, emy nyxno rontko nanrn x, nx koroporo
m
x
m mod n
B
Tora, ecnn on moxer onynnkonart xe
B
n kauecrne cnoero nonoro orkptroro nokasarenx crenenn n coxpannrt
cnon npexnnn moynt n
B
, on cmoxer yrnepxart, uro Annca nocnana emy coomenne m, samn|ponannoe +rnm
nontm nokasarenem.
B nekoroptx cnyuaxx +ro ocoenno nenpnxrnoe nckptrne . 3amernm, uro x+m-|ynknnn ne pemamr nponemy.
Onako ona pemaercx npn ncnontsonannn nx kaxoro nontsonarenx |nkcnponannoro nokas arenx mn|ponannx.
Cmauapmm
RSA de facto xnnxercx cranaprom nourn no ncemy mnpy. ISO nourn, but not quite, created an RSA digital-
signature standard; RSA cnyxnr nn|opmannonntm ononnennem ISO 9796 |762.]. upannysckoe ankonckoe coo-
mecrno npnnxno RSA n kauecrne cranapra |525], rak xe nocrynnnn n ancrpannnnt |1498]. B Coennenntx Bra-
rax ns-sa annennx NSA n narenrntx nonpocon n nacroxmee npemx ner cranapra nx mn|ponannx c orkptrtm
knmuom. Mnorne amepnkanckne komnannn ncnontsymr PKCS (cm. pasen 24.14), nanncanntn RSA Data Security,
Inc. RSA onpeenen n n kauecrne uepnonoro ankonckoro cranapra ANSI |61].
Hameumm
Anropnrm RSA sanarenronan n Coennenntx Brarax |1330], no nn nonon pyron crpane. PKP nonyunna nn-
nensnm nmecre c pyrnmn narenramn n onacrn kpnnrorpa|nn c orkptrtmn knmuamn (pasen 25.5). Cpok encr-
nnx narenra CBA ncrekaer 20 cenrxpx 2000 roa.
19.4 PohIig-HeIIman
Cxema mn|ponannx Pohlig-Hellman |1253] noxoxa na RSA. 3ro ne cnmmerpnuntn anropnrm, rak kak nx
mn|ponannx n emn|pnponannx ncnontsymrcx pasnnunte knmun . 3ro ne cxema c orkptrtm knmuom, noromy uro
knmun nerko nonyuamrcx onn ns pyroro, n knmu mn|ponannx, n knmu emn|pnponannx onxnt xpannrtcx n
cekpere. Kak n n RSA,
C P
e
mod n
P C
d
mod n
re
ed 1 (mod kakoe-nnyt cocrannoe uncno)
B ornnune or RSA n ne onpeenxercx c nomomtm nyx npocrtx uncen n ocraercx uacrtm sakptroro knmua .
Ecnn y koro-nnyt ecrt e n n, on moxer ntuncnnrt d. He snax e nnn d, npornnnnk yer ntnyxen ntuncnnrt
e log
p
C mod n
Mt yxe nnenn, uro +ro xnnxercx rpynon nponemon .
Hameumm
Anropnrm Pohlig-Hellman sanarenronan n CBA |722] n n Kanae. PKP nonyunna nnnensnm nmecre c pyrnmn
narenramn n onacrn kpnnrorpa|nn c orkptrtmn knmuamn (cm. pasen 25.5).
19.5 Rabin
Fesonacnocrt cxemt Panna (Rabin) |1283, 1601] onnpaercx na cnoxnocrt noncka knaparntx kopnen no mo-
ynm cocrannoro uncna. 3ra nponema ananornuna pasnoxennm na mnoxnrenn . Bor ona ns peannsannn +ron cxe-
mt.
Cnauana ntnpamrcx na npocrtx uncna p n q, konrpy+nrntx 3 mod 4. 3rn npocrte uncna xnnxmrcx sakpt-
rtm knmuom, a nx nponsneenne n pq - orkptrtm knmuom.
nx mn|ponannx coomennx M (M onxno trt mentme n), npocro ntuncnxercx
C M
2
mod n
emn|pnponanne coomennx rakxe necnoxno, no nemnoro ckyunee . Tak kak nonyuarent snaer p n q, on moxer
pemnrt ne konrpy+nrnocrn c nomomtm knranckon reopemt o ocrarkax . Btuncnxercx
m
1
C
(p1)/4
mod p
m
2
(p - C
(p1)/4
) mod p
m
3
C
(q1)/4
mod q
m
4
(G - C
(q1)/4
) mod q
3arem ntnpaercx nente uncna a q(q
-1
mod p) n b p(p
-1
mod q). uertptmx nosmoxntmn pemennxmn xnnx-
mrcx:
M
1
(am
1
bm
3
) mod n
M
2
(am
1
bm
4
) mod n
M
3
(am
2
bm
3
) mod n
M
4
(am
2
bm
4
) mod n
Onn ns uertpex pesyntraron, M
1
, M
2
, M
3
n M
4
, panno M. Ecnn coomenne nanncano no anrnnnckn, ntpart
npannntnoe M
i
nerpyno. C pyron cropont, ecnn coomenne xnnxercx norokom cnyuanntx nron (ckaxem, nx
renepannn knmuen nnn nn|ponon nonncn), cnocoa onpeennrt, kakoe M
i
- npannntnoe, ner. Onnm ns cnocoon
pemnrt +ry nponemy cnyxnr oannenne k coomennm nepe mn|ponannem nsnecrnoro sarononka .
Williams
Xtm Bnntxmc (Hugh Williams) nepeonpeennn cxemy Panna, urot ycrpannrt +rn neocrarkn |1601]. B ero
cxeme p n q ntnpamrcx rak, urot
p 3 mod 8
q 7 mod 8
n
N pq
Kpome roro, ncnontsyercx neontmoe nenoe uncno, S, nx koroporo J(S,N) -1. (J - +ro cnmnon kon - cm.
pasen I I .3). N n S onynnkontnamrcx. Cekperntm knmuom xnnxercx k, nx koroporo
k 1/2 (1/4 (p - 1) (q - 1) 1)
nx mn|ponannx coomennx M ntuncnxercx c
1
, rakoe uro J(M,N)
( ) 1
1
c
. 3arem ntuncnxercx M ( S
c
1
*M)
mod N. Kak n n cxeme Panna, C M
2
mod N. H c
2
M mod 2. Okonuarentntm mn|porekcrom coomennx xnn x-
ercx rponka:
(C, c
l
, c
2
)
nx emn|pnponannx C, nonyuarent ntuncnxer M" c nomomtm
C
k
M" (mod N)
Hpannntntn snak M" onpeenxer c
2
. Hakonen
M ( S
c
1
*
( ) 1
1
c
*M") mod N
Bnocnecrnnn Bnntxmc ynyumnn +ry cxemy n |1603, 1604, 1605]. Bmecro nosneennx n knapar orkptroro re k-
cra coomennx, nosnenre ero n rpertm crenenn. Fontmne npocrte uncna onxnt trt konrpy+nrnt 1 no moynm
3, nnaue orkptrtn n sakptrtn knmun okaxyrcx onnakontmn . axe nyume, cymecrnyer rontko ona ynnkantnax
pacmn|ponka kaxoro mn|ponannx.
Hpenmymecrno cxem Panna n Bnntxmca nepe RSA n rom, uro okasano, uro onn rakxe esonacnt, kak n pa s-
noxenne na mnoxnrenn. Onako nepe nckptrnem c ntpanntm mn|porekcrom onn conepmenno essamnrnt .
Ecnn nt conpaerect ncnontsonart +rn cxemt nx cnyuaen, kora nsnommnk moxer ntnonnnrt rakoe nckptrne
(nanpnmep, anropnrm nn|ponon nonncn, kora nsnommnk moxer ntnpart nonnctnaemte coomennx ), ne sa-
tnanre ncnontsonart nepe nonncannem ononanpannennym x+m-|ynknnm . Pann npenoxnn pyron cnoco
samnrnrtcx or rakoro nckptrnx: k kaxomy coomennm nepe x+mnponannem n nonncannem oannxercx yn n-
kantnax cnyuannax crpoka. K necuacrtm, nocne oannennx ononanpannennon x+m-|ynknnen ror |akr, uro cn c-
rema cront xe esonacna, kak n pasnoxenne na mnoxnrenn, ontme ne xnnxercx okasanntm |628]. Xorx c npak-
rnueckon roukn spennx oannenne x+mnponannx ne moxer ocnanrt cncremy.
pyrnmn napnanramn cxemt Panna xnnxmrcx |972, 909, 696, 697, 1439, 989]. nymepntn napnanr onncan n
|866, 889].
19.6 EIGamaI
Cxemy EIGamal |518,519] moxno ncnontsonart kak nx nn|pontx nonncen, rak n nx mn|ponannx, ero es o-
nacnocrt ocnonana na rpynocrn ntuncnennx nckperntx norapn|mon n koneunom none .
nx renepannn napt knmuen cnauana ntnpaercx npocroe uncno p n na cnyuanntx uncna, g n x, oa +rn unc-
na onxnt trt mentme p. 3arem ntuncnxercx
v g
x
mod p
Orkptrtm knmuom xnnxmrcx v, g n p. H g, n p moxno cenart omnmn nx rpynnt nontsonarenen . 3akptrtm
knmuom xnnxercx x.
Honucu ElCamal
urot nonncart coomenne M, cnauana ntnpaercx cnyuannoe uncno k, nsanmno npocroe c p-1. 3arem ntunc-
nxercx
a g
k
mod p
n c nomomtm pacmnpennoro anropnrma 3nknna naxonrcx b n cneymmem ypannennn:
M (xa kb) mod (p - 1)
Honnctm xnnxercx napa uncen: a n b. Cnyuannoe snauenne k onxno xpannrtcx n cekpere. nx nponepkn no-
nncn nyxno yenrtcx, uro
v
a
a
b
mod p g
M
mod p
Kaxax nonnct nnn mn|ponanne EIGamal rpeyer nonoro snauennx k, n +ro snauenne onxno trt ntpano
cnyuanntm opasom. Ecnn kora-nnyt Ena packpoer k, ncnontsyemoe Anncon, ona cmoxer packptrt sakptrtn
knmu Annct x. Ecnn Ena kora-nnyt cmoxer nonyunrt na coomennx, nonncannte nnn samn|ponannte c
nomomtm onoro n roro xe k, ro ona cmoxer packptrt x, axe ne snax snauenne k. Onncanne ElGamal cneeno n
14-n.
Tan. 19-5.
Honncn ElGamal
Omrpmmm rumu:
p npocroe uncno (moxer trt omnm nx rpynnt nontsonarenen)
g p (moxer trt omnm nx rpynnt nontsonarenen)
v g
x
mod p
3arpmmm rumu:
x p
Honuco:
k ntnpaercx cnyuanntm opasom, nsanmno npocroe c p-1
a (nonnct) g
k
mod p
b (nonnct), rakoe uro M (xa kb) mod (p - 1)
Hpoeepra:
Honnct cunraercx npannntnon, ecnn v
a
a
b
mod p g
M
mod p
Hanpnmep, ntepem p 11 n g 2, a sakptrtn knmu x 8. Btuncnnm
v g
x
mod p 2
8
mod 11 3
Orkptrtm knmuom xnnxmrcx v 3, g 2 n p 11. urot nonncart M 5, cnauana ntepem cnyuannoe uncno
k9. Vexaemcx, uro gcd(9, 10) 1. Btuncnxem
a g
k
mod p 2
9
mod 11 6
n c nomomtm pacmnpennoro anropnrma 3nknna naxonm b:
M (xa kb) mod (p - 1)
5 (8*6 9*b) mod 10
Pemenne: b 3, a nonnct npecrannxer coon napy: a 6 n b 3.
nx nponepkn nonncn yenmcx, uro
v
a
a
b
mod p g
M
mod p
3
6
6
3
mod 11 2
5
mod 11
Bapnanr EIGamal, ncnontsyemtn nx nonncen, onncan n |1377]. Tomac Fer (Thomas Beth) nsopen napnanr
cxemt EIGamal, noxoxmnn nx okasarentcrna nenrnunocrn |146]. Cymecrnymr napnanrt nx nponepkn no-
nnnnocrn naponx |312] n nx omena knmuamn |773]. H eme rtcxun n rtcxun pyrnx (cm. pasen 20.4).
Huqpoeauue ElCamal
Mon|nkannx EIGamal nosnonxer mn|ponart coomennx. nx mn|ponannx coomennx M cnauana ntnpaer-
cx cnyuannoe uncno k, nsanmno npocroe c p - 1. 3arem ntuncnxmrcx
a g
k
mod p
b v
k
M mod p
Hapa (a,b) xnnxercx mn|porekcrom. Oparnre nnnmanne, uro mn|porekcr n na pasa nnnnee orkptroro re k-
cra. nx emn|pnponannx (a,b) ntuncnxercx
M b/a
x
mod p
Tak kak a
x
g
kx
(mod p) n b/a
x
v
k
M/a
x
g
xk
M/ g
kx
M (mod p), ro nce paoraer (cm. 13-n). Ho cyrn +ro ro xe
camoe, uro n omen knmuamn n||n-Xennmana (cm. pasen 22.1) sa ncknmuennem roro, uro v - +ro uacrt knmua, a
npn mn|ponannn coomenne ymnoxaercx na v
k
.
Tan. 19-6.
Hnqponanne ElGamal
Omrpmmm rumu:
p npocroe uncno (moxer trt omnm nx rpynnt nontsonarenen)
g p (moxer trt omnm nx rpynnt nontsonarenen)
v g
x
mod p
3arpmmm rumu:
x p
Huqpoeauue:
k ntnpaercx cnyuanntm opasom, nsanmno npocroe c p-1
a (mn|porekcr) g
k
mod p
b (mn|porekcr) v
k
M mod p
euuqpupoeauue:
M (orkptrtn rekcr) b/a
x
mod p
Cropocmo
Hekoropte npnmept ckopocrn paort nporpammntx peannsannn EIGamal npnneent n 12-n |918].
Tan. 19-7.
Cxopoc1n EIGamal nu pasnnunmx nnn uoynen npn 160-n1onou noxa-
sa1ene c1enenn (na SPARC II)
512 nron 768 nron 1024 nron
Bn|ponanne 0.33 c 0.80 c 1.09 c
emn|pnponanne 0.24 c 0.58 c 0.77 c
Honnct 0.25 c 0.47 c 0.63 c
Hponepka l.37 c 5.12 c 9.30 c
Hameumm
ElGamal nesanarenronan. Ho, npexe uem nnrartcx nnepe n peannsontnart anropnrm, nyxno snart, uro PKP
cunraer, uro +ror anropnrm nonaaer no encrnne narenra n||n-Xennmana |718]. Onako cpok encrnnx naren-
ra n||n-Xennmana sakanunnaercx 29 anpenx 1997 roa , uro enaer ElGamal nepntm kpnnrorpa|nuecknm nnro-
pnrmom c orkptrtmn knmuamn, npnrontm nx mn|ponannx n nn|pontx nonncen n necnxsanntm n Coenne n-
ntx Brarax narenramn. ne mory oxartcx +roro momenra.
19.7 McEIiece
B 1978 roy Poepr Mak3nnc (Robert McEliece) paspaoran kpnnrocncremy c orkptrtmn knmuamn na ocnone
reopnn anrepanueckoro konponannx |1041]. 3ror anropnrm ncnontsyer cymecrnonanne onpeenennoro knacca
ncnpannxmmnx omnkn koon, nastnaemtx xoaun Ionna (Goppa). On npenaran cosart ko Ionna n samackn-
ponart ero kak otuntn nnnenntn ko. Cymecrnyer tcrptn anropnrm ekonponannx koon Ionna , no omax
nponema nanrn cnono koa no annomy necy n nnnennom nonunom koe xnnxercx NP-nonnon. Xopomee onncanne
+roro anropnrma moxno nanrn n |1233], cm. rakxe |1562]. Hnxe npnneen rontko kparknn osop.
Hycrt d
H
(x,v) oosnauaer paccroxnne X+mmnnra mexy x n v. uncna n, k n t cnyxar napamerpamn cncremt.
3akptrtn knmu cocronr ns rpex uacren: G - +ro marpnna renepannn roa Ionna, ncnpannxmmero t omnok. P -
+ro marpnna nepecranonok pasmepom n*n. S - +ro nonsingular marpnna pasmepom k*k.
Orkptrtm knmuom cnyxnr marpnna G pasmepom k*n: G SGP.
Orkptrtn rekcr coomennn npecrannxer coon crpoky k nron n nne k-+nemenrnoro nekropa na nonem
GE(2).
nx mn|ponannx coomennx cnyuanntm opasom ntnpaercx n-+nemenrntn nekrop : na nonem GE(2), nx
koroporo paccroxnne X+mmnnra mentme nnn panno t.
c mG :
nx emn|pnponannx coomennx cnauana ntuncnxercx c cP
-1
. 3arem c nomomtm ekonpymmero anropnrma
nx koon Ionna naxonrcx m , nx koroporo d
H
(mG,c) mentme nnn panno t. Hakonen ntuncnxercx m mS
-1
.
B cnoen opnrnnantnon paore Mak3nnc npenoxnn snauennx n 1024, t 50 n k 524. 3ro mnnnmantnte
snauennx, rpeyemte nx esonacnocrn.
Xorx +ror anropnrm tn onnm ns nepntx anropnrmon c orkptrtmn knmuamn, n nne noxnnxnoct nynnkannn
o ero ycnemnom kpnnroanannrnueckom nckptrnn, on ne nonyunn mnpokoro npnsnannx n kpnnrorpa|nueckom c o-
omecrne. Cxema na na-rpn nopxka tcrpee, uem RSA, no y nee ecrt px neocrarkon. Orkptrtn knmu orpomen:
2
19
nron. Cnntno ynennunnaercx oem anntx - mn|porekcr n na pasa nnnnee orkptroro rekcra .
Px nontrok kpnnroanannsa +ron cncremt moxno nanrn n |8, 943, 1559, 306]. Hn ona ns nnx ne ocrnrna yc-
nexa nx omero cnyuax, xorx cxocrno mexy anropnrmom Mak3nnca n anropnrmom pmksaka nemnoro nonnyer.
B 1991 na pyccknx kpnnrorpa|a saxnnnn, uro nsnomann cncremy Mak3nnca c nekoroptmn napamerpamn |882].
B nx crarte +ro yrnepxenne ne tno oocnonano , n ontmnncrno kpnnrorpa|on ne npnnxnn no nnnmanne +ror
pesyntrar. Eme ono ntnonnennoe pyccknmn nckptrne, koropoe nentsx nenocpecrnenno ncnontsonart npornn
cncremt Mak3nnca, onncano n |1447, 1448]. Pacmnpennx McEliece moxno nanrn n |424, 1227, 976].
pyeue aueopumm, ocuoeauume ua uuueumx roax, ucnpaeuamuux ouuru
Anropnrm Hneppenrepa (Niederreiter) |1167] ouent nnsok k anropnrmy Mak3nnca n cunraer, uro orkptrtn
knmu - +ro cnyuannax marpnna nponepkn uernocrn koa, ncnpannxmmero omnkn . 3akptrtm knmuom cnyxnr +|-
|ekrnnntn anropnrm ekonponannx +ron marpnnt.
pyron anropnrm, ncnontsyemtn nx nenrn|nkannn n nn|pontx nonncen, ocnonan na ekonponannn
cnnpoma |1501], noxcnennx cm. n |306]. Anropnrm |1621], ncnontsymmnn kot, ncnpannxmmne omnkn, nees o-
nacen |698, 33, 31, 1560, 32].
19.8 Kpnn1ocnc1eum c annnn1nuecknun kpnnmun
3nnnnrnueckne kpnnte nsyuannct mnorne rot, n no +romy nonpocy cymecrnyer orpomnoe konnuecrno nnrep a-
rypt. B 1985 roy Hnn Konnn (Neal Koblitz) n B.C. Mnnnep (V. S. Miller) nesanncnmo npenoxnnn ncnontsonart
nx nx kpnnrocncrem c orkptrtmn knmuamn |867, 1095]. Onn ne nsopenn nonoro kpnnrorpa|nueckoro anropn r-
ma, ncnontsymmero +nnnnrnueckne kpnnte na koneuntmn nonxmn, no peannsonann cymecrnymmne anropnrmt,
noonte Diffie-Hellman, c nomomtm +nnnnrnuecknx kpnntx.
3nnnnrnueckne kpnnte ntstnamr nnrepec, noromy uro onn oecneunnamr cnoco koncrpynponannx
"+nemenron" n "npannn oennennx", opasymmnx rpynnt. Cnoncrna +rnx rpynn nsnecrnt ocrarouno xopomo,
urot ncnontsonart nx nx kpnnrorpa|nuecknx anropnrmon , no y nnx ner onpeenenntx cnoncrn, oneruammnx
kpnnroananns. Hanpnmep, nonxrne "rnakocrn" nenpnmennmo k +nnnnrnuecknm kpnntm . To ecrt, ne cymecrnyer
rakoro mnoxecrna neontmnx +nemenron, ncnontsyx koropte c nomomtm npocroro anropnrma c ntcokon nepox r-
nocrtm moxno ntpasnrt cnyuanntn +nemenr . Cneonarentno, anropnrmt ntuncnennx nckpernoro norapn|ma
nokasarenx crenenn ne paoramr work. Hoponocrn cm. n |1095].
Ocoenno nnrepecnt +nnnnrnueckne kpnnte na nonem GE(2
n
). nx n n nanasone or 130 o 200 necnoxno
paspaorart cxemy n ornocnrentno npocro peannsonart apn|mernuecknn nponeccop nx ncnontsyemoro nonx . Ta-
kne anropnrmt norennnantno moryr nocnyxnrt ocnonon nx onee tcrptx kpnnrocncrem c orkptrtmn knmuamn
n mentmnmn pasmepamn knmuen. C nomomtm +nnnnrnuecknx kpnntx na koneuntmn nonxmn moryr trt pean n-
sonant mnorne anropnrmt c orkptrtmn knmuamn , rakne kak Diffie-Hellman, EIGamal n Schnorr.
Coornercrnymmax maremarnka cnoxna n ntxonr sa pamkn +ron knnrn . Hnrepecymmnmcx +ron remon x npe-
naram npounrart ne ntmeynomxnyrte paort n ornnunym knnry Ant|pea Meneseca ( Alfred Menezes) |1059].
3nnnnrnueckne kpnnte ncnontsymrcx nymx ananoramn RSA |890, 454]. pyrnmn paoramn xnnxmrcx |23, 119,
1062, 869, 152, 871, 892, 25, 895, 353, 1061, 26, 913, 914, 915]. Kpnnrocncremt c knmuamn neontmon nnnt na
ase +nnnnrnuecknx kpnntx paccmarpnnamrcx n |701]. Anropnrm East Elliptic Encryption (EEE, tcrpoe +nnnnrn-
ueckoe mn|ponanne) komnannn Next Computer Inc. rakxe ncnontsyer +nnnnrnueckne kpnnte |388]. Hpnxrnon
ocoennocrtm EEE xnnxercx ro, uro sakptrtn knmu moxer trt nmon nerko sanomnnammencx crpokon . Hpena-
ramrcx n kpnnrocncremt, ncnontsymmne rnnep+nnnnrnueckne kpnnte |868, 870, 1441, 1214].
19.9 LUC
Hekoropte kpnnrorpa|t paspaorann oomennte mon|nkannn RSA, koropte ncnontsymr pasnnunte nepe-
cranonounte mnorounent nmecro nosneennx n crenent . Bapnanr, nastnammnncx Kravitz-Reed n ncnontsymmnn
nenpnnonmte nonunte mnorounent |898], neesonacen |451, 589]. Bnn|pn Mmnnep (Winfried Mller) n Bnn-
|pn Hoayep (Wilfried Nbauer) ncnontsymr nonnnomt nkcona (Dickson) |1127, 1128, 965]. Pyont| hnn
(Rudolph Lidl) n Mmnnep oomnnn +ror noxo n |966, 1126] (+ror napnanr nasnan cxemon Reidi), n Hoayep
npoanannsnponan ero esonacnocrt n |1172, 1173]. (Coopaxennx no nonoy renepannn npocrtx uncen c nomo-
mtm |ynknnn hykaca (Lucas) moxno nanrn n |969, 967, 968, 598].) Hecmorpx na nce npetymne paspaorkn
rpynne nccneonarenen ns Honon 3enannn yanoct sanarenronart +ry cxemy n 1993 roy, nasnan ee LUC |1486,
521, 1487].
n-oe uncno hykaca, J
n
(P,1), onpeenxercx kak
J
n
(P,1) PJ
n-1
(P,1)- J
n-2
(P,1)
Teopnx uncen hykaca ocrarouno nennka, n x ee nponymy. Teopnx nocneonarentnocren hykaca xopomo nsn o-
xena n |1307, 1308]. Ocoenno xopomo maremarnka LUC onncana n |1494, 708].
B nmom cnyuae nx renepannn napt orkptrtn knmu/sakptrtn knmu cnauana ntnpamrcx na ontmnx unc-
na p n q. Btuncnxercx n, nponsneenne p n q. Knmu mn|ponannx e - +ro cnyuannoe uncno, nsanmno npocroe c p-1,
q-1, p1 n q1. Cymecrnyer uertpe nosmoxntx knmua emn|pnponannx ,
d e
-1
mod (HOK(p1), (q1)))
d e
-1
mod (HOK(p1), (q-1)))
d e
-1
mod (HOK(p-1), (q1)))
d e
-1
mod (HOK(p-1), (q-1)))
re HOK osnauaer nanmentmee omee kparnoe .
Orkptrtm knmuom xnnxmrcx d n n; sakptrtm knmuom - e n n. p n q orpactnamrcx.
nx mn|ponannx coomennx P (P onxno trt mentme n) ntuncnxercx
C J
e
(P,1) (mod n)
A nx emn|pnponannx:
P J
d
(P, 1) (mod n), c coornercrnymmnm d
B nyumem cnyuae LUC ne esonacnee RSA. A neannne, rontko uro onynnkonannte pesyntrart nokastnamr,
kak nsnomart LUC no kpannen mepe n neckontknx peannsannxx. ne onepxm +romy anropnrmy.
19.10 Kpnn1ocnc1eum c o1kpm1mu knmuou na ase koneunmx an1oua1on
Knrancknn kpnnrorpa| Tao Penxn paspaoran anropnrm c orkptrtm knmuom, ocnonanntn na ncnontsonannn
koneuntx anromaron |1301, 1302, 1303, 1300, 1304, 666]. Takon xe cnoxnon saauen, kak n pasnoxenne na mn o-
xnrenn nponsneennx nyx ontmnx npocrtx uncen, xnnxercx saaua pasnoxennx na cocrannxmmne nponsneennx
nyx koneuntx anromaron. 3ro rem onee nepno, ecnn onn ns anromaron nennneen .
Fontmax uacrt paort n +ron onacrn tna ntnonnena n Knrae n 80-x roax n onynnkonana na knranckom
xstke. Penxn nauan nncart no anrnnnckn. Ero rnanntm pesyntrarom tno ro, uro oparnoe snauenne nekoroptx
nennnenntx (knasnnnnenntx) anromaron xnnxercx cnatm rora n rontko rora, kora +rn anromart onaamr
onpeenennon crynenuaron marpnunon crpykrypon. 3ro cnoncrno ncuesaer, ecnn onn oennent c pyrnm anr o-
marom (xorx t nnnenntm). B anropnrme c orkptrtm knmuom cekperntn knmu xnnxercx nnneprnpyemtm knasn-
nnnenntm anromarom, a coornercrnymmnn orkptrtn knmu moxer trt nonyuen c nomomtm nx nounennoro nep e-
mnoxennx. annte mn|pymrcx, npoxox uepes nnnenntn anromar, a emn|pnpymrcx, npoxox uepes oparnte
snauennx komnonenron anropnrma (n nekoroptx cnyuaxx anromart onxnt trt ycranonnent n noxoxmee n a-
uantnoe snauenne). 3ra cxema paoraer n nx mn|ponannx, n nx nn|pontx non ncen.
O nponsnonrentnocrn raknx cncrem nkparne moxno ckasart cneymmee: onn, kak n cncrema McEliece, namno-
ro tcrpee RSA, no rpeymr ncnontsonannx onee nnnntx knmuen . nnna knmua, oecneunnammax, kak yma-
mr, esonacnocrt, ananornunym 512-nronomy RSA, panna 2792 nram, a 1024-nronomy RSA - 4152 nram. B
nepnom cnyuae cncrema mn|pyer annte co ckopocrtm 20869 anr/c n emn|pnpyer annte co ckopocrtm17117
anr/c, paorax na 80486/33 MIn.
Penxn onynnkonan rpn anropnrma. Hepntm tn EAPKC0. 3ra cnaax cncrema ncnontsyer nnnennte komno-
nenrt n, rnanntm opasom, xnnxercx nnnmcrparnnnon . Kaxax ns nyx ceptesntx cncrem, EAPKC1 n EAPKC2,
ncnontsyer onn nnnenntn n onn nennnenntn komnonenr . Hocnenxx cnoxnee, ona tna paspaorana nx no -
epxkn onepannn nponepkn nonnnnocrn.
uro kacaercx nx naexnocrn, n Knrae nemano sannmannct +ron nponemon (re cenuac cntme 30 nncrnryron,
nynnkymmnx paort no kpnnrorpa|nn n esonacnocrn ). Hs ocrarounoro konnuecrna ncrounnkon na knranckom
xstke moxno nnert, uro nponema tna nsyuena .
Hpnnnekarentnon ocoennocrtm EAPKC1 n EAPKC2 xnnxercx ro, uro onn ne orpaxent nnkaknmn narenramn
CBA. Cneonarentno, rak kak cpok encrnnx narenra na anropnrm Diffie-Hellman ncrekaer n 1997 roy, +rn anro-
pnrmt necomnenno xnnxmrcx ouent nnrepecntmn.
Fnana 20
Anropn1um unqpono nopnncn c o1kpm1mu knmuou
20.1 Anropn1u unqpono nopnncn (DIGITAL SIGNATURE ALGORITHM, DSA)
B anrycre 19991 roa Hannonantntn nncrnryr cranapron n rexnnkn (National Institute of Standards and Tech-
nology, NIST) npenoxnn nx ncnontsonannx n cnoem Cranapre nn|ponon nonncn ( Digital Signature Standard,
DSS) Anropnrm nn|ponon nonncn (Digital Signature Algorithm, DSA). Cornacno Federal Register |538]:
Hpenaraercx ueepantntn cranapr opaorkn nn|opmannn ( Eederal Information Processing Standard, EIPS) nx Cranapra
nn|ponon nonncn (Digital Signature Standard, DSS). B +rom cranapre onpeenxercx anropnrm nn|ponon nonncn c orkptrtm
knmuom (DSA), npnrontn nx |eepantntx npnmenennn, rpeymmnx nn|ponon nonncn . Hpenoxenntn DSS ncnontsyer
orkptrtn knmu nx nponepkn nonyuarenem nenocrnocrn nonyuenntx anntx n nnunocrn ornpannrenx . DSS rakxe moxer trt
ncnontsonan rperten croponon nx nponepkn npannn tnocrn nonncn n cnxsanntx c nen anntx.
B +rom cranapre npnnnmaercx cxema nonncn c orkptrtm knmuom, ncnontsymmax napy npeopasonannn nx cosannx n
nponepkn nn|ponoro snauennx, nastnaemoro nonnctm.
H:
Hpenoxenntn cranapr npecrannxer coon pesyntrar onenkn pasnnuntx meronk nn|ponon nonncn . Hpnnnmax peme-
nne, NIST cneonan nonoxennm pasena 2 Akra o komntmrepnon esonacnocrn ( Computer Security Act) 1987 roa o rom, uro
NIST paspaartnaer cranaprt, " . . . oecneunnammne penraentnte esonacnocrt n cekpernocrt ueepantnon nn|opmannn,
ntnpax ns rexnonornn, npenarammnx cpannnmym crenent samnrt, ry, koropax onaaer nanonee noxoxmnmn paounmn n
+kcnnyarannonntmn xapakrepncrnkamn" .
Cpen |akropon, paccmorpenntx n nponecce npnnxrnx pemennx tnn yponent oecneunnaemon esonacnocrn, npocrora a n-
naparnon n nporpammnon peannsannn, npocrora +kcnopra sa npeent CBA, npnmennmocrt narenron, nnnxnne na nannonan t-
nym esonacnocrt n oecneuenne npanonopxka, a rakxe crenent +||ekrnnnocrnkak |ynknnn nonncn, rak n |ynknnn npone p-
kn. Kasanoct, uro oecneunrt coornercrnymmym samnry ueepantntm cncremam moxno mnornmn cnocoamn. Btpanntn
yonnernopxer cneymmnm rpeonannxm:
NIST oxnaer, uro ero moxno yer ncnontsonart ecnnarno. Bnpokoe ncnontsonanne +ron rexnonornn, oycnonnennon
ero ocrynnocrtm, nocnyxnr k +konomnueckon ntroe npannrentcrna n omecrna.
Btpannax rexnonornx oecneunnaer +||ekrnnnoe ncnontsonanne onepannn nonncn n npnnoxennxx, cnxsanntx c n c-
nontsonannem nnrennekryantntx kaprouek. B +rnx npnnoxennxx onepannn nonncn ntnonnxmrcx n cnaon ntuncnnrentnon
cpee nnrennekryantntx kaprouek, a nponecc nponepkn peannsyercx n onee momnon ntuncnnrentnon cpee, nanpnmep, na ne p-
conantnom komntmrepe, n annaparnom kpnnrorp a|nueckom moyne nnn na komntmrepe-m+nn|penme .
Hpexe, uem nce concem sanyraercx, nosnontre mne pasopartcx c nasnannxmn : DSA - +ro anropnrm, a DSS
cranapr. Cranapr ncnontsyer anropnrm. Anropnrm xnnxercx uacrtm cranapra.
Pearuua ua saaeueuue
3axnnenne NIST ntsnano norok kpnrnuecknx sameuannn n onnnennn . K coxanennm, onn tnn ckopee nonnrn-
uecknmn, uem nayuntmn. RSA Data Security, Inc., npoammax anropnrm RSA, nosrnannna kpnrnkon DSS. Onn
rpeonann, urot n cranapr ncnontsonancx anropnrm RSA. RSADSI nonyunno nemano ener sa nnnensnponanne
anropnrma RSA, n cranapr ecnnarnon nn|ponon nonncn npxmo nonnnxn t na camym cyrt ee kommepuecknx
ycnexon. (Hpnmeuanne: DSA neoxsarentno ne napymaer narenrt, mt paccmorpnm +ry remy nosnee .)
o saxnnennx o npnnxrnn anropnrma RSADSI neno komnannm npornn "omero moynx,'' koroptn, nosmoxno,
nosnonnr npannrentcrny noentnart nonncn. Kora tno oxnneno, uro anropnrm ne ncnontsyer omnn m o-
ynt, kpnrnka tna npoonxena c pyrnx nosnnnn |154], kak c nomomtm nncem n NIST, rak n c nomomtm saxnne-
nnn n npecce. (uertpe nnctma n NIST noxnnnoct n |1326]. unrax nx, ne satnanre, uro no kpannen mepe na anr o-
pa, Pnnecr n Xennman, tnn |nnancono sannrepeconant n rom, urot DSS ne tn npnnxr.)
Mnorne ontmne komnannn, paspaartnammne nporpammnoe oecneuenne, koropte yxe nnnensnponann anr o-
pnrm RSA, rakxe ntcrynnnn npornn DSS. B 1982 roy npannrentcrno nonpocnno npeocrannrt emy anropnrmt c
orkptrtm knmuom nx ntopa onoro ns nnx n kauecrne cranapra |537]. Hocne +roro n reuenne enxrn ner or
NIST ne tno nnkaknx nsnecrnn. Takne komnannn, kak IBM, Apple, Novell, Lotus, Northern Telecom, Microsoft,
DEC n Sun norparnnn mnoro ener, peannsyx anropnrm RSA. Onn ne tnn sannrepeconant n norepe nnnecrnnnn.
Bcero k konny nepnoro nepnoa ocyxennx(28 |enpanx 1992 roa) NIST nonyunn 109 sameuannn. Paccmorpnm
no nopxky kpnrnueckne sameuannx n apec DSA.
1. DSA nentsx ncnontsonart nx mn|ponannx nnn pacnpeenennx knmuen .
Hpannntno, no cranapr n ne rpeyer nannunx +rnx nosmoxnocren. 3ro cranapr nonncn . NIST nororonnrt
cranapr mn|ponannx c orkptrtm knmuom. NIST conepmaer ontmym omnky, ocrannxx amepnkancknn napo
es cranapra mn|ponannx c orkptrtm knmuom. Ho ncen nepoxrnocrn npenoxenntn cranapr nn|ponon non n-
cn yer nenosmoxno ncnontsonart nx mn|ponannx . (Ho okastnaercx, uro nosmoxno - cm. pasen 23.3.) 3ro ne
osnauaer, uro cranapr nonncn ecnonesen.
2. DSA tn paspaoran NSA, n n anropnrme moryr trt cnennantnte nasenkn.
Fontmnncrno nepnonauantntx kommenrapnen tnn npocro napanonantntmn : "Orpnnanne NIST cymecrnym-
mnx anropnrmon es nnnmtx npnunn ne nnymaer onepnx k DSS, a ycnnnnaer noospenne, uro cymecrnyer ra n-
nax nporpamma, crpemxmaxcx nosnonnrt NIST n/nnn NSA nckptnart nannonantnym kpnnrocncremy c orkptrtm
knmuom" |154]. Ceptesntn nonpoc ornocnrentno esonacnocrn DSA tn saan Apxanom hencrpon (Arjen
Lenstra) n Crmaprom Xaepom (Stuart Haber) ns Bellcore. On yer paccmorpen nnxe.
3. DSA menennee RSA |800].
Fonee nnn menee cnpanennno. Ckopocrn renepannn nonncn npnmepno onnakont, no nponepka nonncn c
nomomtm DSA or 10 o 40 pas menennee. Onako renepannx knmuen tcrpee. Ho +ra onepannx nennrepecna,
nontsonarent peko npnmenxer ee. C pyron cropont nponepka nonncn - +ro nanonee uacrax onep annx.
Hponema kpnrnkn n rom, uro cymecrnyer mnoro cnocoon nonrpart napamerpamn recrnponannx, onnaxct
nyxntx pesyntraron. Hpenapnrentnte ntuncnennx moryr yckopnrt renepannm nonncn DSA, no onn ne ncera
nosmoxnt. Croponnnkn RSA nonpaxr uncna rak, urot ntennrt npenmymecrna cnoero anropnrma, a cropo n-
nnkn DSA ncnontsymr cnon cnoco onrnmnsannn. B nmom cnyuae komntmrept cranonxrcx nce tcrpee n tc r-
pee. Xorx pasnnna n ckopocrn n cymecrnyer, n ontmnncrne npnnox ennn ona ne yer samerna.
4. RSA - +ro cranapr de facto.
Bor na npnmepa noontx xano. Hnctmo Poepra uonnera (Robert Eollett), npekropa nporpammt cranap-
rnsannn komnannn IBM |570]:
IBM cunraer, uro NIST npenoxnn cranapr cxemt nn|ponon nonncn, ornnuammnncx or npnnnmaemtx mexynapontx
cranapron. Hontsonarenn n oprannsannn nontsonarenen yennn nac n rom, uro noepxka mexynapontx cranapron, n c-
nontsymmnx RSA, n camom nnxanmem yymem craner neoxonmtm ycnonnem npoaxn cpecrn oecneuennx es onacnocrn.
Hnctmo heca Bpoepa (Les Shroyer), nnne-npesnrenra n npekropa komnannn Motorola |1444]:
V nac onxen trt enntn, naexntn, npnsnanntn ncemn anropnrm nn|ponon nonncn, koroptn moxno ncnontsonart no
ncemy mnpy kak mexy amepnkancknmn n neamepnkancknmn oekramn, rak n mexy cncremamn komnannn Motorola n cncrema-
mn pyrnx nponsnonrenen. Orcyrcrnne pyrnx xnsnecnocontx rexnonornn nn|ponon nonncn sa nocnenne nocemt ner c e-
nano RSA |akrnuecknm cranaprom. . . . Motorola n mnorne pyrne komnannn. . . nnoxnnn n RSA mnnnnont onnapon. Mt co-
mnenaemcx no nsanmoencrnnn n nosmoxnocrn noepxkn nyx pasnnuntx cranapron , rakoe nonoxenne npnneer k pocry pac-
xoon, saepxek pasneprtnannx n ycnoxnennm cncrem. . . .
Mnornm komnannxm xorenoct, urot NIST npnnxn ISO 9796, mexynapontn cranapr nn|ponon nonncn,
ncnontsymmnn RSA |762.]. Xorx +ro n ceptesntn aprymenr, on neocrarouen, urot npnnxrt mexynapontn
cranapr n kauecrne nannonantnoro. Fecnnarntn cranapr nyume orneuan t omecrnenntm nnrepecam Coe n-
nenntx Braron.
5. Btop nannonantnoro anropnrma ne tn orkptrtm, ne tno ano ocrarouno npemenn nx anannsa .
Cnauana NIST yrnepxan, uro paspaoran DSA camocroxrentno, sarem npnsnan nomomt NSA. Hakonen NIST
nornepnn, uro NSA xnnxercx anropom anropnrma. 3ro mnornx oecnokonno - NSA ne nnymaer nmxm onepne.
axe rak, anropnrm tn onynnkonan n ocrynen nx anannsa, kpome roro, NIST nponnn npemx anannsa n kom-
menrnponannx anropnrma.
6. DSA moxer napymart pyrne narenrt. 3ro rak. 3ror nonpoc yer paccmorpen n pasene, paccmarpnna m-
mnm narenrt.
7. Pasmep knmua cnnmkom man.
3ro enncrnenno cnpanennnax kpnrnka DSS. Hepnonauantno npenaranoct ncnontsonart moynt nnnon 512
nron |1149]. Tak kak esonacnocrt anropnrma onpeenxercx cnoxnocrtm ntuncnennx nckperntx norapn|mon
no saannomy moynm, +ror nonpoc nonnonan mnornx kpnnrorpa|on. C rex nop ntuncnenne nckperntx norapn|-
mon n koneunom none ocrnrno onpeenenntx ycnexon, n 512 nron cnnmkom mano nx onronpemennon nonncn
(cm. pasen 7.2). Cornacno Fpaxny haMauuna (Brian LaMacchia) n 3npm Ontxko (Andrew Odlyzko), " . . . axe
esonacnocrt, oecneunnaemax 512-nrontmn npocrtmn uncnamn, no nnnmomy, naxonrcx na npeene . . . "
|934]. B orner na +rn sameuannx NIST cenan nnny knmua nepemennon, or 512 o 1024 nron. Hemnoro, no nce-
rakn nonyume.
19 max 1994 roa tn nsan okonuarentntn napnanr cranapra |1154]. Hpn +rom tno ckasano |542]:
3ror cranapr moxer npnmenxrtcx ncemn ueepantntmn enapramenramn n ynpannennxmn nx samnrt necekpernon n n-
|opmannn. . . . 3ror cranapr yer ncnontsonan npn npoekrnponannn n peannsannn cxem nonncn c orkptrtmn knmuamn, k o-
ropte paspaartnamr ueepantnte enapramenrt n ynpannennx, nnn koropte paspaartnamrcx no ns sakasy . uacrnte n kom-
mepueckne oprannsannn moryr npnnxrt n ncnontsonart +ror cranapr.
Hpexe uem nontsonartcx +rnm cranaprom n peannsontnart ero, npournre nnxe pasen o nare nrax.
Onucauue DSA
DSA, npecrannxmmnn coon napnanr anropnrmon nonncn Schnorr n EIGamal, nonnocrtm onncan n |1154].
Anropnrm ncnontsyer cneymmne napamerpt:
p npocroe uncno nnnon L nron, re L npnnnmaer snauenne, kparnoe 64, n nanasone or 512 o 1024. (B
nepnonauantnom cranapre pasmep p tn |nkcnponan n panen 512 nram |1149]. 3ro ntsnano mnoxecrno kpnrn-
uecknx sameuannn, n NIST +ror nynkr anropnrma |1154].)
q 160-nronon npocroe uncno - mnoxnrent p-1.
g h
(p-1)/q
mod p, re h - nmoe uncno, mentmee p-1, nx koroporo h
(p-1)/q
mod p ontme 1.
x uncno, mentmee q.
v g
N
mod p.
B anropnrme rakxe ncnontsyercx ononanpannennax x+m-|ynknnx : H(m). Cranapr onpeenxer ncnontsonanne
SHA, paccmorpennoro n pasene 18.7.
Hepnte rpn napamerpa, p, q n g, orkptrt n moryr trt omnmn nx nontsonarenen cern . 3akptrtm knmuom
xnnxercx x, a orkptrtm - v. urot nonncart coomenne, m:
(1) Annca renepnpyer cnyuannoe uncno k, mentmee q
(2) Annca renepnpyer
r (g
k
mod p) mod q
s (k
-1
(H(m) xr)) mod q
Ee nonnctm cnyxar napamerpt r n s, ona noctnaer nx Foy.
(3) Fo nponepxer nonnct, ntuncnxx
w s
-1
mod q
u
1
(H(m) * w) mod q
u
2
(rw) mod q
v (( g v
u u
1 2
* ) mod p) mod q
Ecnn v r, ro nonnct npannntna.
okasarentcrna maremarnuecknx coornomennn moxno nanrn n |1154]. 19th npecrannxer coon kparkoe onn-
canne anropnrma.
Tan. 20-1.
Honncn DSA
Omrpmmm rumu:
p npocroe uncno nnnon or 512 o 1024 nron (moxer ncnontsonartcx rpynnon nontsonarenen)
q 160-nrontn npocron mnoxnrent p-1 (moxer ncnontsonartcx rpynnon nontsonarenen)
g h
(p-1)/q
mod p, re h - nmoe uncno, mentmee p-1, nx koroporo h
(p-1)/q
mod p ~ 1 (moxer ncnontsonartcx
rpynnon nontsonarenen)
v g
N
mod p (p-nronoe uncno)
3arpmmm rumu:
x q (160-nronoe uncno)
Honuco:
k ntnpaercx cnyuanno, mentmee q
r (nonnct) (g
k
mod p) mod q
s (nonnct) (k
-1
(H(m) xr)) mod q
Hpoeepra:
w s
-1
mod q
u
1
(H(m) * w) mod q
u
2
(rw) mod q
v
(( g v
u u
1 2
* ) mod p) mod q
Ecnn v r, ro nonnct npannntna.
Vcropamuue npeeapumeuoume emuucueuua
B 18-n npnneent npnmept ckopocrn paort nporpammntx peannsannn DSA |918].
Tan. 20-2.
Cxopoc1n DSA nu pasnnunmx nnn uoynen c
160-n1onmu noxasa1eneu c1enenn (na SPARC 11)
512 nron 768 nron 1024 nra
Honnct 0.20 c 0.43 c 0.57 c
Hponepka 0.35 c 0.80 c 1.27 c
Hpakrnueckne peannsannn DSA uacro moxno yckopnrt c nomomtm npenapnrentntx ntuncnennn . Oparnre
nnnmanne, uro snauenne r ne sanncnr or coomennx. Moxno cosart crpoky cnyuanntx snauennn k, n sarem pac-
cunrart snauennx r nx kaxoro ns nnx. Moxno rakxe ntuncnnrt k
-1
nx kaxoro ns +rnx snauennn k. 3arem, ko-
ra npnxonr coomenne, moxno ntuncnnrt s nx saanntx r n k
-1
.
3rn npenapnrentnte ntuncnennx samerno yckopxmr DSA. B 17-n npnneent cpannennx npemenn ntuncnennx
DSA n RSA nx konkpernon peannsannn nnrennekryantnon kaproukn |1479].
Tan. 20-3.
Cpannenne npeuenn nmuncnennn RSA n DSA
DSA RSA DSA c omnmn p, q, g
Inoantnte ntuncnennx Off-card (P) N/A Off-card (P)
Ienepannx knmua 14 c Off-card (S) 4c
Hpenapnrentnte ntuncnennx 14 c N/A 4 c
Honnct 0.03 c 15 c 0.03 c
Hponepka 16 c l.5 c 10 c
1-5 c off-card (P) 1-3 c off-card (P)
Btuncnennx nne kaproukn (off-card) ntnonnxnnct na nepconantnom komntmrepe i80386/33 MIn. (P) ykastna-
er orkptrte napamerpt off-card, a (S) - na sakptrte napamerpt off-card. B oonx anropnrmax ncnontsyercx 512-
nrontn moynt.
Ieuepauua npocmmx uuceu DSA
hencrpa n Xaep ykasann, uro nsnomart nekoropte moynn namnoro nerue, uem pyrne |950]. Ecnn kro-nnyt
sacrannr nontsonarenen cern ncnontsonart onn ns raknx cnatx moynen, ro nx nonncn yer nerue noenart .
Tem ne menee +ro ne npecrannxer nponemt no nym npnunnam: rakne moynn nerko onapyxnrt, n onn rak pe -
kn, uro nepoxrnocrt cnyuanno ncnontsonart onoro ns nnx npenepexnmo mana , mentme, uem nepoxrnocrt cny-
uanno nonyunrt cocrannoe uncno na ntxoe nepoxrnocrnon nponeypt renepannn npocrtx uncen .
B |1154] NIST pekomenonan konkperntn mero renepannn nyx npocrtx uncen , p n q, re q xnnxercx ennre-
nem p-1. nnna npocroro uncna p - mexy 512 n 1024 n kparna 64 -nram. Hycrt L-1 160nb, re L - +ro nnna p,
a n n b - na uncna, npnuem b mentme 160.
(1) Btepem nponsnontnym nocneonarentnocrt, no kpannen mepe, 160 nron n nasonem ee S. Hycrt g - +ro
nnna S n nrax.
(2) Btuncnnm U SHA(S) SHA((S 1) mod 2
g
), re SHA onncan n pasene 18.7.
(3) Opasyem q, ycranonnn nanontmnn n nanmentmnn snauamne nrt U n 1.
(4) Hponepnm, xnnxercx nn q npocrtm.
(5) Ecnn q ne xnnxercx npocrtm, ro nepnemcx na +ran (1) .
(6) Hycrt C0 n N2.
(7) nx k0,l,...,n, nycrt J
k
SHA((SNk) mod 2
g
)
(8) Hycrt W - nenoe uncno
W J
0
2
160
J
1
. . . 2
160(n-1)
J
n-1
2
160
(J
n
mod 2
b
)
n nycrt
X W 2
L-1
Oparnre nnnmanne, uro X - +ro L-nronoe uncno.
(9) Hycrt p X - ((X mod 2q) - 1). Oparnre nnnmanne, uro p konrpy+nrno 1 mod 2q.
(10) Ecnn p 2
L-1
, ro nepenem na +ran (13).
(11) Hponepnm, xnnxercx nn p npocrtm uncnom.
(12) Ecnn p - npocroe, nepenem k +rany (15).
(13) Hycrt CC1 n NNnl.
(14) Ecnn C 4096, nepnemcx k +rany (1). B npornnnom cnyuae nepenem na +ran (7).
(15) Coxpannm snauennx S n C, ncnontsonannte nx renepannn p n q.
B |1154] nepemennax S nastnaercx crapronon, nepemennax C - cuerunkom, a N - cmemennem.
Cmtcn +roro ynpaxnennx n rom, uro ono xnnxercx onynnkonanntm cnocoom renepannn p n q. nx ncex npak-
rnuecknx npnmenennn +ror mero nosnonxer nsexart cnatx snauennn p n q. Ecnn kro-ro npyunr nam kakne-ro p
n q, nac moxer sannrepeconart, kak nonyuent +rn uncna . Onako, ecnn nt nonyunre snauennx S n C, ncnontsonan-
nte npn renepannn cnyuanntx p n q, nt cmoxere nonropnrt ncm nponeypy camocroxrentno . Hcnontsonanne o-
nonanpannennon x+m-|ynknnn (n cranapre ncnontsyercx SHA) ne nosnonxer nonyunrt S n C no snauennxm p n q.
3ra esonacnocrt nyume, uem oecneunnaemax RSA. B RSA npocrte uncna xpanxrcx n cekpere. hmon moxer
renepnponart |antmnnoe npocroe uncno nnn uncno, |opma koroporo ynpomaer pasnoxenne na mnoxnrenn . He
snax sakptroro knmua, +ro nnkora ne nponepnmt . B DSA, axe ecnn sakptrtn knmu nensnecren, moxno y e-
nrtcx, uro p n q renepnponannct cnyuanntm opasom.
Huqpoeauue ElCamal c DSA
Vrnepxanoct, uro DSA rak npannrcx npannrentcrny, noromy uro ero nentsx ncnontsonart n kauecrne anr o-
pnrma mn|ponannx. Onako moxno ncnontsonart ntson |ynknnn DSA nx mn|ponannx EIGamal. Hycrt anro-
pnrm peannsonan kak ntson onon |ynknnn
DSAsign(p,q,g,k,x,h,r,s)
3aan nxonte snauennx p, q, g, k, x n h, moxno nonyunrt napamerpt nonncn: r n s.
nx mn|ponannx coomennx m anropnrmom EIGamal c nomomtm orkptroro knmua v ntepem cnyuannoe unc-
no k n ntsonem
DSAsign(p,p,g,k,0,0,r,s)
Bosnpamennoe snauenne r n yer a ns cxemt EIGamal. Orpocnm s. 3arem ntsonem, call
DSAsign(p,p,y,k,0,0,r,s)
Hepenmenyem snauenne r n u, orpocnm s. Btsonem
DSAsign(p,p,m,1,u,0,r,s)
Orpocnm r. Bosnpamennoe snauenne s n yer b n cxeme EIGamal. Tenept y nac ecrt mn|porekcr, a n b. e-
mn|pnponanne rakxe npocro. Hcnontsyx sakptrtn knmu x n mn|porekcr coomennn, a n b, ntsonem
DSAsign(p,p,a,x,0,0,r,s)
3nauenne r - +ro a
x
mod p. Hasonem ero e. 3arem ntsonem
DSAsign(p,p,1,e,b,0,r,s)
3nauenne s n yer orkptrtm rekcrom coomennx, m.
3ror cnoco paoraer ne co ncemn peannsannxmn DSA - n nekoroptx ns nnx moryr trt sa|nkcnponant sna-
uennx p n q nnn nnnt nekoroptx pyrnx napamerpon. Tem ne menee, ecnn peannsannx xnnxercx ocrarouno o -
men, ro moxno mn|ponart coomenne, ne ncnontsyx nnuero, kpome |ynknnn nn|ponon nonncn .
Huqpoeauue RSA c DSA
Bn|ponanne RSA eme npome. Hcnontsyx moynt n, coomenne m n orkptrtn knmu e, ntsonem
DSAsign(n,n,m,e,0,0,r,s)
Bosnpamennoe snauenne r n ecrt mn|porekcr. emn|pnponanne RSA xnnxercx rouno raknm xe. Ecnn d - sa-
kptrtn knmu, ro
DSAsign(n,n,m,d,0,0,r,s)
nosnpamaer orkptrtn rekcr kak snauenne r.
Besonacuocmo DSA
C 512 nramn DSA neocrarouno naexen nx nnrentnon esonacnocrn, no on nnonne naexen npn 1024 n-
rax. B cnoem nepnom saxnnennn na +ry remy NSA rak kommenrnponano yrnepxenne xo 3epnern ( Joe Aber-
nathy) ns The Houston Chronicle no nonoy nasenkn n DSS |363]:
uro kacaercx npenonaraemon nasenkn n DSS. Mt cunraem, uro repmnn "nasenka" nnonr n sanyxenne, rak on npenon a-
raer, uro uepes nasenky moxno kak-ro pacmn|ponart (npounrart) samn|ponannte coomennx, nonnctnaemte c nomomtm
DSS, es paspemennx ornpannrenx.
DSS ne mn|pyer nnkaknx anntx. Ho cyrn nonpocom xnnxercx, ne moxer nn kro-ro npn nomomn DSS noenart nonnct, n,
raknm opasom, nckpenrnponart ncm cncremy . Mt kareropnueckn saxnnxem, uro nepoxrnocrt, uro kro-nnyt - nknmuax NSA -
cmoxer noenart nonnct DSS, npn npannntnom ncnontsonannn cranapra eckoneuno mana.
Fonee roro, npenonoxenne o uyncrnnrentnocrn k nasenke cnpanennno nx .roo cncremt nponepkn nonnnnocrn c or-
kptrtmn knmuamn, nknmuax RSA. Vrnepxenne, uro +ro nnnxer rontko na DSS (aprymenr, nonynxpntn n npecce), nonnocrtm
nenepno. Bonpoc n peannsannn n cnocoe ntopa npocrtx uncen . Mt npnstnaem nac yennrt nnnmanne neannen kon|epennnn
EUROCRYPT, re "sa kpyrntm cronom" ocyxancx nonpoc naseek n DSS. Onnm ns yuacrnnkon ocyxennx tn onn ns n c-
cneonarenen ns Bellcore, yrnepxanmnn o nosmoxnocrn nasenkn, n no namemy nonnmannm yuacrnnkn nckyccnn - nknmuax
+roro nccneonarenx ns Bellcore - npnmnn k ntnoy, uro nonpoc o nasenke n DSS ne npecrannxer nponemt. Fonee roro, ncemn
tno npnsnano, uro nonpoc o nasenke xnnxercx rpnnnantntm n tn pasyr npeccon . Onako, ntraxct no npocte NIST ornernrt
na onnnenne o nasenke, mt paspaorann nponecc renepannn npocrtx uncen, nosnonxmmnn nsexart ntopa onoro ns ornoc n-
rentno neontmoro uncna cnatx npocrtx uncen, ncnontsonanne koroptx ocnanxer DSS. Kpome roro, NIST nacrannaer na nc-
nontsonannn moynen ontmen nnnt, nnnort o 1024, uro nosnonxer ne nontsonartcx paspaoranntm nponeccom renepannn
npocrtx uncen, nserax cnatx npocrtx uncen . Ouent naxntm ononnnrentntm momenrom, na koroptn uacro ne opamamr
nnnmanne, xnnxercx ro, uro npn ncnontsonannn DSS npocrte uncna ooeoocmvnui n, cneonarentno, moryr trt npemerom
orkptroro nsyuennx. He nce cncremt c orkptrtmn knmuamn cnocont nponrn noonym nponepky .
Henocrnocrt nmon cncremt samnrt nn|opmannn rpeyer oparnrt nnnmanne na peannsannm. Vunrtnax yxsnnmocrt cn c-
rem c mnnnnonamn pannonpanntx nontsonarenen , NSA no rpannnn nacrannaer na ncnontsonannn nenrpannsonanntx onepe n-
ntx nenrpon kak na cnocoe mnnnmnsnponart pnck n cncreme . Xorx mt no npocte NIST n paspaorann px rexnnuecknx mon-
|nkannn DSS, nosnonxmmnx peannsonart menee nenrpannsonanntn noxo, nce xe nyxno ntennrt ry uacrt oxnnennx o
DSS n Federal Register, n koropon ronopnrcx:
"Xorx +ror cranapr onxen oecneunrt omne rpeonannx esonacnocrn renepannn nn|pontx nonncen , coornercrnne
cranapry ne oecneunnaer esonacnocrt konkpernon peannsannn. Ornercrnennoe nnno n kaxom enapramenre nnn ynpann e-
nnn onxno rapanrnponart, uro omax peannsannx rapanrnpyer npnemnemtn yponent esonacnocrn . NIST npoonxnr paory c
npannrentcrnenntmn nontsonarenxmn, oecneunnax npannntnocrt peanns annn."
Hakonen mt nsyunnn nce yrnepxennx o neesonacnocrn DSS, n onn nac ne yennn. DSS tn rmarentno nsyuen n NSA,
uro nosnonnno namemy npekropy no esonacnocrn nn|opmannonntx cncrem paspemnrt ncnontsonart +ror cranapr nx no -
nncn necekperntx anntx, opaartnaemtx n onpeenenntx pasnetnarentntx cncremax, n axe nx nonncn cekperntx a n-
ntx n pxe cncrem. Mt cunraem, uro noonoe npnsnanne cnnerentcrnyer o nenosmoxnocrn kakoro-nno nepoxrnoro nckptrnx
esonacnocrn, oecneunnaemon DSS npn ero npannntntx peannsannn n ncnontsonannn. Ocnontnaxct na rpeonannxx npann-
rentcrna CBA k rexnnke n esonacnocrn nn|pontx nonncen , mt cunraem, uro DSS xnnxercx nyumnm ntopom. B encrnn-
rentnocrn, DSS ntcrynaer n kauecrne nnnornoro npoekra Cncremt samnrt coomennn (Defense Message System), npnsnannoro
rapanrnponart nonnnnocrt +nekrponntx coomennn nx xnsnenno naxntx koman n konrpontnon nn|opmannn . 3ra nauant-
nax emoncrpannx nknmuaer yuacrne Komnrera nauantnnkon mraon , noenntx cnyx n ooponntx neomcrn n npononrcx n
koonepannn c NIST.
ne conpamct kommenrnponart ncrnnnocrt saxnnennx NSA. Hpnnnmart ero na npy nnn ner - sanncnr or n a-
mero k nemy ornomennx.
Bcrpmmua k
nx kaxon nonncn nyxno nonoe snauenne k, koropoe onxno ntnpartcx cnyuanntm opasom. Ecnn Ena ys-
naer k, koropoe Annca ncnontsonana nx nonncn coomennx, moxer trt nocnontsonanmnct nekoroptmn cno n-
crnamn reneparopa cnyuanntx uncen, koroptn ntaer k, ona cmoxer packptrt sakptrtn knmu Annct, x. Ecnn
Ena oyer na coomennx, nonncanntx c nomomtm onoro n roro xe k, ro, axe ne snax snauenne k, ona cmo-
xer packptrt x. A c nomomtm x Ena cmoxer ranno noentnart nonnct Annct. B nmon peannsannn DSA nx
esonacnocrn cncremt ouent naxen xopomnn reneparop cnyuanntx uncen |1468].
Onacuocmu oueeo oyua
Xorx DSS ne onpeenxer npnmenenne nontsonarenxmn omero moynx, pasnnunte peannsannn moryr nocnon t-
sonartcx rakon nosmoxnocrtm. Hanpnmep, Hanoronoe ynpannenne paccmarpnnaer ncnontsonanne DSS nx +nek-
rponnon nanoron. uro ecnn +ra oprannsannx norpeyer, urot nce nanoronnarentmnkn crpant ncnontsonann o -
mne p n q? Omnn moynt cnnmkom nerko cranonnrcx mnmentm nx kpnnroanannsa . Hoka cnnmkom pano ocyx-
art pasnnunte peannsannn DSS, no npnunnt nx ecnokoncrna ecrt.
Hocosuameuoum rauau e DSA
Iyc Cnmmonc (Gus Simmons) orkptn n DSA nocosnarentntn kanan |1468, 1469] (cm. pasen 23.3). 3ror no-
cosnarentntn kanan nosnonxer ncrpannart n nonnct rannoe coomenne, koropoe moxer trt npounrano rontko
rem, y koro ecrt knmu. Cornacno Cnmmoncy, +ro "sameuarentnoe connaenne", uro "nce ouennnte neocrarkn
nocosnarentntx kananon, ncnontsymmnx cxemy ElGamal, moryr trt ycrpanent" n DSS, n uro DSS "na ceronx
oecneunnaer nanonee noxoxmym cpey nx nocosnarentntx kommynnkannn ". NIST n NSA ne kommenrnpo-
nann +ror nocosnarentntn kanan, nnkro axe ne snaer, oratnannct nn onn o rakon nosmoxnocrn . Tak kak +ror
nocosnarentntn kanan nosnonxer npn neopoconecrnon peannsannn DSS nepeanart c kaxon nonnctm uacrt
sakptroro knmua. Hnkora na nontsynrect peannsannen DSS, ecnn nt ne onepxere paspaorunky peanns annn.
Hameumm
+nn Kpannn (David Kravitz), panee paoranmnn n NSA, nnaeer narenrom DSA |897]. Cornacno NIST |538]:
NIST n nnrepecax omecrna crpemnrcx cenart rexnonornm DSS ocrynnon ecnnarno no ncemy mnpy. Mt cunraem, uro +ra
rexnonornx moxer trt sanarenronana, n uro nnkakne pyrne narenrt ne npnmennmt k DSS, no mt ne moxem art rneptx ra-
panrnn +roro o nonyuennx narenra.
Hecmorpx na +ro, rpn nnaentna narenron yrnepxamr, uro DSA napymaer nx narenrt: Diffie-Hellman (cm.
pasen 2.2.1) |718], Merkle-Hellman ( cm. pasen 19.2.) |720] n Schnorr (cm. pasen 21.3) |1398]. Harenr Schnorr
xnnxercx ncrounnkom nanontmnx cnoxnocren. Cpok encrnnx nyx pyrnx narenron ncrekaer 1997 roy, a narenr
Schnorr encrnnrenen o 2008 roa. Anropnrm Schnorr tn paspaoran ne na npannrentcrnennte entrn. B orn n-
une or narenron PKP y npannrentcrna CBA ner npan na narenr Schnorr, n Bnopp sanarenronan cnon anropnrm no
ncemy mnpy. axe ecnn cyt CBA ntnecyr pemenne n nontsy DSA, nexcno, kakoe pemenne npnmyr cyt n py-
rnx crpanax. Cmoxer nn mexynaponax kopnopannx npnnxrt cranapr, koroptn sakonen n onnx crpanax n n a-
pymaer narenrnoe sakonoarentcrno n pyrnx? Hyxno npemx, urot pemnrt +ry nponemy, k momenry nanncannx
+ron knnrn +ror nonpoc ne pemen axe n Coennenntx Brarax .
B nmne 1993 roa NIST npenoxnn ntart PKP ncknmunrentnym narenrnym nnnensnm na DSA |541]. Co-
rnamenne nponannnoct nocne nporecron omecrnennocrn n cranapr ntmen n cner es ncxknx cornamennn . NIST
saxnnn |542]:
. . NIST paccmorpen saxnnennx o nosmoxnom napymennn narenron n cenan ntno, uro +rn saxnnennx necnpanennnt .
Hrak cranapr o|nnnantno npnnxr, n nosyxe naxner cyentmn nponeccamn , n nnkro ne snaer, uro enart.
NIST saxnnn, uro on nomoxer samnrnrtcx nmxm, onnnenntm n napymennn narenrnoro sakonoarentcrna npn
ncnontsonannn DSA n paore no npannrentcrnennomy konrpakry. Ocrantnte, no nnnmomy, onxnt saornrtcx o
cee camn. Hpoekr ankonckoro cranapra, ncnontsymmero DSA, ntnnnyr ANSI |60]. NIST paoraer na nnee-
nnem cranapra DSA n npannrentcrnennom annapare. Shell Oil cenana DSA cnonm mexynapontm cranaprom.
O pyrnx npenoxenntx cranaprax DSA mne nensnecrno.
20.2 Bapnan1m DSA
3ror napnanr enaer npome ntuncnennx, neoxonmte nx nonncn, ne sacrannxx ntuncnxrt k
-1
|1135]. Bce
ncnontsyemte napamerpt - rakne xe, kak n DSA. nx nonncn coomennx m Annca renepnpyer na cnyuanntx
uncna, k n d, mentmne q. Hponeypa nonncn ntrnxnr rak
r (g
k
mod p) mod q
s (H(m) xr) * d mod q
t kd mod q
Fo nponepxer nonnct, ntuncnxx
w t/s mod q
u
1
(H(m) * w) mod q
u
2
(rw) mod q
Ecnn r (( g v
u u
1 2
* ) mod p) mod q, ro nonnct npannntna.
Cneymmnn napnanr ynpomaer ntuncnennx npn nponepke nonncn |1040, 1629]. Bce ncnontsyemte napamer-
pt - rakne xe, kak n DSA. nx nonncn coomennx m Annca renepnpyer cnyuannoe uncno k, mentmee q. Hponey-
pa nonncn ntrnxnr rak
r (g
k
mod p) mod q
s k (H(m) xr)
-1
mod q
Fo nponepxer nonnct, ntuncnxx
u
1
(H(m) *s) mod q
u
2
(sr) mod q
Ecnn r (( g v
u u
1 2
* ) mod p) mod q, ro nonnct npannntna.
Eme onn napnanr DSA paspemaer nakernym nponepky, Fo moxer nponepxrt nonncn nakeramn |1135]. Ecnn
nce nonncn npannntnt, ro paora Foa sakonuena. Ecnn ona ns nnx nenpannntna, ro emy eme nyxno nonxrt,
kakax. K necuacrtm, +ro neesonacno. hno nonnctnammnn, nno nponepxmmnn moxer nerko cosart naop
|antmnntx nonncen, koroptn yonnernopxer kpnrepnm nponepkn nakera nonncen |974].
Cymecrnyer rakxe napnanr renepannn npocrtx uncen nx DSA, koroptn nknmuaer q n ncnontsyemte nx re-
nepannn npocrtx uncen napamerpt nnyrpt p. Bnnxer nn +ra cxema na esonacnocrt DSA, nce eme nensnecrno.
(1) Btepem nponsnontnym nocneonarentnocrt, no kpannen mepe, 160 nron n nasonem ee S. Hycrt g - +ro
nnna S n nrax.
(2) Btuncnnm U SHA(S) SHA((S 1) mod 2
g
), re SHA onncan n pasene 18.7.
(3) Opasyem q, ycranonnn nanontmnn n nanmentmnn snauamne nrt U n 1.
(4) Hponepnm, xnnxercx nn q npocrtm.
(5) Hycrt p - +ro oennenne q, S, C n SHA(S ). C npecrannxer coon 32 nynentx nra.
(6) pp-(p mod q)l.
(7) ppq.
(8) Ecnn C n p panno 0x7fffffff, nepnemcx na +ran (1).
(9) Hponepnm, xnnxercx nn p npocrtm.
(10) Ecnn p - cocrannoe, nepnemcx na +ran (7).
Hpenmymecrnom +roro napnanra xnnxercx ro, uro nam ne nyxno xpannrt snauennx C n S, ncnontsonannte nx
renepannn p n q. Onn nknmuent n cocran p. nx npnnoxennn, paorammnx n ycnonnxx nexnarkn namxrn, nanp n-
mep, nx nnrennekryantntx kaprouek, +ro moxer trt naxno .
20.3 Anropn1u unqpono nopnncn FOCT
3ro pyccknn cranapr nn|ponon nonncn, O|nnnantno nastnaemtn IOCT P 34.10-94 |656]. Anropnrm ouent
noxox na DSA, n ncnontsyer cneymmne napamerpt
p npocroe uncno, nnna koroporo nno mexy 509 n 512 nramn, nno mexy 1020 n 1024 nramn.
q npocroe uncno - mnoxnrent p-1, nnnon or 254 o 256 nron.
a nmoe uncno, mentmee p-1, nx koroporo a
q
mod p 1.
x uncno, mentmee q.
v a
x
mod p.
3ror anropnrm rakxe ncnontsyer ononanpannennym x+m-|ynknnm : H(x). Cranapr onpeenxer ncnontsona-
nne x+m-|ynknnn IOCT P 34.1 1-94 (cm. pasen 18.1 1), ocnonannon na cnmmerpnunom anropnrme IOCT (cm.
pasen 14.1) |657].
Hepnte rpn napamerpa, p, q n a, orkptrt n moryr ncnontsonartcx conmecrno nontsonarenxmn cern . 3akptrtm
knmuom cnyxnr x, a orkptrtm - v. urot nonncart coomenne m
(1) Annca renepnpyer cnyuannoe uncno k, mentmee q
(2) Annca renepnpyer I (a* mod p) mod q s (ct k(H(m))) mod q
r (a
k
mod p) mod q
s (xr k(H(m))) mod q
Ecnn H(m) mod q 0, ro snauenne x+m-|ynknnn ycranannnnaercx panntm 1. Ecnn r 0, ro ntepnre pyroe
snauenne k n naunnre cnona. Honnctm cnyxar na uncna: r mod 2
256
n s mod 2
256
, Annca noctnaer nx Foy.
(3) Fo nponepxer nonnct, ntuncnxx
v H(m)
q-2
mod q
:
1
(sv) mod q
:
2
((q-r)*v) mod q
u (( a v
: :
1 2
* ) mod p) mod q
Ecnn u r, ro nonnct npannntna.
Pasnnune mexy +ron cxemon n DSA n rom, uro n DSA s (k
-1
(H(m) xr)) mod q, uro aer pyroe ypanne-
nne nponepkn. hmontrno, onako, uro nnna q panna 256 nram. Fontmnncrny sanantx kpnnrorpa|on
kaxercx ocrarountm q npnmepno 160 nron nnnon. Moxer trt +ro npocro cnecrnne pycckon npnntukn
nrpart n cnepxesonacnocrt.
Cranapr ncnontsyercx c nauana 1995 roa n ne sakptr rpn|om "nx cnyxenoro nontsonannx", uro t +ro ne
snaunno.
20.4 Cxeum unqpono nopnncn c ncnonusonanneu pnckpe1nmx norapnquon
Cxemt nonncn ElGamal, Schnorr (cm. pasen 21.3) n DSA ouent noxoxn. Ho cyrn, nce onn xnnxmrcx rpemx
npnmepamn omen cxemt nn|ponon nonncn, ncnontsymmen nponemy nckperntx norapn|mon . Bmecre c rtcx-
uamn pyrnx cxem nonncen onn xnnxmrcx uacrtm onoro n roro xe cemencrna |740, 741, 699, 1184].
Btepem p, ontmoe npocroe uncno, n q, pannoe nno p-1, nno ontmomy npocromy mnoxnrenm p-1. 3arem
ntepem g, uncno mexy 1 n p, nx koroporo g
q
1 (mod p). Bce +rn uncna orkptrt, n moryr trt conmecrno nc-
nontsonant rpynnon nontsonarenen. 3akptrtm knmuom xnnxercx x, mentmee q. Orkptrtm knmuom cnyxnr
v g
x
mod q.
urot nonncart coomenne m, cnauana ntepem cnyuannoe snauenne k, mentmee q n nsanmno npocroe c nnm.
Ecnn q roxe npocroe uncno, ro yer paorart nmoe k, mentmee q. Cnauana ntuncnnm
r g
k
mod p
Oomennoe ypannenne nonncn npnmer nn
ak b cx mod q
Ko+||nnnenrt a, b n c moryr npnnnmart pasnnunte snauennx. Kaxax crpoka 16th npeocrannxer mecrt nos-
moxnocren. Hponepxx nonnct, nonyuarent onxen yenrtcx, uro
r
a
g
b
v
c
mod p
3ro ypannenne nastnaercx ypannenneu nponepxn.
Tan. 20-4.
Bosuoanme nepec1anonxn a, b n c
(r r mod q)
r s m
r m s 1
r m ms 1
m r r s 1
ms r s 1
B 15th nepeuncnent nosmoxnte napnanrt nonncn n nponepkn, nonyuennte rontko ns nepnon crpokn nos-
moxntx snauennn a, b n c es yuera +||ekron +.
Tan. 20-5
Cxeum nnqponon nonncn c ncnonnsonanneu
ncxpe1nmx norapnquon
Vpannenne nonncn Vpannenne nponepkn
(1) rksmx mod q r
r
g
s
v
m
mod p
(2) rkmsx mod q r
r
g
m
v
s
mod p
(3) sk rmx mod q r
s
g
r
v
m
mod p
(4) sk m rx mod q r
s
g
m
v
r
mod p
(5) mk s rx mod q r
m
g
s
v
r
mod p
(6) mk rsx mod q r
m
g
r
v
s
mod p
3ro mecrt pasnnuntx cxem nn|pontx nonncen. oannenne mnnyca ynennunnaer nx konnuecrno o 24. Hpn
ncnontsonannn ncex nosmoxntx snauennx a, b n c uncno cxem oxonr 120.
EIGamal |518, 519] n DSA |1154] no cymecrny ocnonant na ypannennn (4). pyrne cxemt - na ypannennn (2)
|24, 1629]. Schnorr |1396, 1397] , kak n pyrax cxema |1183], recno cnxsan c ypannennem (5). A ypannenne (1) mox-
no nsmennrt rak, urot nonyunrt cxemy, npenoxennym n |1630]. Ocranmnecx ypannennx - nonte.
anee. hmym ns +rnx cxem moxno cenart onee DSA-noonon, onpeennn r kak
r (g
k
mod p) mod q
Hcnontsynre ro xe ypannenne nonncn n cenanre ypannennem nponepkn
u
1
a
-1
b mod q
u
2
a
-1
c mod q
v (( g v
u u
1 2
* ) mod p) mod q
(r mod q)
a
g
b
v
c
mod p
Cymecrnymr n ne pyrne nosmoxnocrn noontx npeopasonannn |740, 741]. Takne onepannn moxno npoe-
nart c kaxon ns 120 cxem, onex omee uncno cxem nn|ponon nonncn, ncnontsymmnx nckpernte norapn|mt,
o 480.
Ho n +ro eme ne nce. ononnnrentnte oomennx n nsmenennx npnnoxr onee, uem k 13000 napnanram (ne
nce ns nnx ocrarouno +||ekrnnnt) |740, 741].
Onon ns npnxrntx cropon ncnontsonannx RSA nx nn|ponon nonncn xnnxercx cnoncrno, nastnaemoe noc-
c1anonnenneu coomennu. Kora nt nponepxere nonnct RSA, nt ntuncnxere m. 3arem ntuncnennoe m cpannn-
naercx c coomennem n nponepxercx, npannntna nn nonnct coomennx . B npetymnx cxemax noccranonnrt m
npn ntuncnennn nonncn nenosmoxno, nam norpeyercx nepoxrnoe m, koropoe n ncnontsyercx n ypannennn npo-
nepkn. Ho, okastnaercx, moxno nocrponrt napnanr c noccranonnennem coomennx nx ncex ntmenpnneenntx
cxem. nx nonncn cnauana ntuncnnm
r mg
k
mod p
n samennm m ennnnen n ypannennn nonncn. 3arem moxno noccranonnr ypannenne nponepkn rak, urot m
morno trt ntuncneno nenocpecrnenno. To xe camoe moxno npenpnnxrt nx DSA-noontx cxem:
r (mg
k
mod p) mod q
Fesonacnocrt ncex napnanron onnakona, no+romy nmeer cmtcn ntnpart cxemy no cnoxnocrn ntuncnennx .
Fontmnncrno cxem samenxer neoxonmocrt ntuncnxrt oparnte snauennx . Kak okastnaercx, ona ns +rnx cxem
nosnonxer ntuncnxrt n ypannenne nonncn, n ypannenne nponepkn es ncnontsonannx oparntx snauennn, npn
+rom eme n noccranannnnax coomenne. Ona nastnaercx cxemon p-NEW |1184].
r mg
-k
mod p
s k - rx mod q
m noccranannnnaercx (n nponepxercx nonnct) c nomomtm ntuncnennx
m g
s
v
r
r mod p
B pxe napnanron ononpemenno nonnctnaercx no na-rpn noka coomennx |740], pyrne napnanrt moxno
ncnontsonart nx cnentx nonncen |741].
3ro snaunrentnax onacrt nx nsyuennx. Bce pasnnunte cxemt nn|ponon nonncn c ncnontsonannem n c-
kperntx norapn|mon tnn oennent nornuecknm kapkacom. hnuno x cunram, uro +ro okonuarentno nonoxnr
konen cnopam mexy Schnorr |1398] n DSA |897]: DSA ne xnnxercx nn nponsnonon Schnorr, panno kak n EIGa-
mal. Bce rpn anropnrma xnnxmrcx uacrntmn cnyuaxmn onncannon omen cxemt, n +ra omax cxema nesanarenr o-
nana.
20.5 ONG-SCHNORR-SHAMIR
3ra cxema nonncn ncnontsyer mnorounent no moynm n |1219, 1220]. Btnpaercx ontmoe nenoe uncno
(snart pasnoxenne n na mnoxnrenn ne oxsarentno). 3arem ntnpaercx cnyuannoe uncno k, nsanmno npocroe c n, n
ntuncnxercx h, pannoe
h -k
-2
mod n -(k
-1
)
2
mod n
Orkptrtm knmuom cnyxar h n n; a sakptrtm - k.
urot nonncart coomenne M, cnauana renepnpyercx cnyuannoe uncno r, nsanmno npocroe c n. 3arem ntunc-
nxercx:
S
1
1/2 (M/H r) mod n
S
2
1/2 (M/H -r) mod n
Hapa uncen S
1
n S
2
npecrannxer coon nonnct. Hponepxx nonnct, yexamrcx, uro
S
1
2
h*S
2
2
M (mod n)
Onncanntn sect napnanr cxemt ocnonan na knaparnuntx mnorounenax . Hpn ero onynnkonannn n |1217] sa
ycnemntn kpnnroananns tno npenoxeno nosnarpaxenne n $100. Heesonacnocrt cxemt tna okasana |1255,
18], no +ro ne ocranonnno ee anropon. Onn npenoxnnn mon|nkannm anropnrma, ocnonannym na kynuecknx
mnorounenax, rakxe okasanmymcx neesonacnon |1255]. Anropt npenoxnnn nepcnm na ase mnorounenon ue r-
nepron crenenn, no tna nsnomana n ona |524, 1255]. Bapnanr, pemammnn +rn nponemt, onncan n |1134].
20.6 ESIGN
ESICN -+ro cxema nn|ponon nonncn, paspaorannax NTT Japan |1205, 583]. Vrnepxanoct, uro ona ne menee
esonacna, uem RSA nnn DSA, n namnoro tcrpee npn rex xe pasmepax knmua n nonncn . 3akptrtm knmuom
cnyxnr napa ontmnx npocrtx uncen p n q. Orkptrtm knmuom xnnxercx n, nx koroporo
n p
2
*q
H - +ro x+m-|ynknnx, npnmenxemax k coomennm m, npnuem snauenne H(m) naxonrcx n npeenax or 0 o n-1.
Hcnontsyercx rakxe napamerp esonacnocrn k, koroptn yer nkparne paccmorpen.
(1) Annca ntnpaer cnyuannoe uncno x, mentmee pq.
(2) Annca ntuncnxer:
w, nanmentmee nenoe, koropoe ontme nnn panno
(H(m) - x
k
mod n)/pq
s x ((w/kx
k-1
mod p) pq
(3) Annca noctnaer s Foy.
(4) nx nponepkn nonncn Fo ntuncnxer s
k
mod n. Kpome +roro, on ntuncnxer a, nanmentmee nenoe, koropoe
ontme nnn panno ynoennomy uncny nron n, enennomy na 3. Ecnn H(m) mentme nnn panna s
k
mod n, n ec-
nn s
k
mod n mentme H(m)2
a
, ro nonnct cunraercx npannntnon.
Btnonnnn px npenapnrentntx ntuncnennn, +ror anropnrm moxno yckopnrt . 3rn ntuncnennx moryr trt
ntnonnent n nponsnontntn momenr npemenn n nnkak ne cnxsant c nonnctnaemtm coomennem . Btpan x,
Annca moxer pasnrt +ran (2) na na no+rana. Cnauana.
(2a) Annca ntuncnxer:
u x
k
mod n
v l/(kx
k-1
) mod p
(2b) Annca ntuncnxer:
w nanmentmee nenoe, koropoe ontme nnn panno
(H(m) - u)/pq
s x ((wv mod p) pq
nx otuno ncnontsyemtx pasmepon uncen npenapnrentnte ntuncnennx yckopxmr nponecc nonncn na n o-
pxok. Hourn ncx rpynax paora ntnonnxercx nmenno na crann npenapnrentntx ntuncnennn . Ocyxenne
encrnnn moyntnon apn|mernkn, ntnonnxemtx npn yckopennn ESIGN, moxno nanrn n |1625, 1624]. 3ror anro-
pnrm moxno pacmnpnrt nx paort c +nnnnrnuecknmn kpnntmn |1206].
Besonacuocmo ESICN
Kora +ror anropnrm tn nnepnte npenoxen, k tno ntpano panntm 2 |1215]. Takax cxema tcrpo tna
nsnomana 3pnn Fpnkennom (Ernie Brickell) n xonom ehaypenrncom |261], koropte pacnpocrpannnn cnoe
nckptrne n na cnyuan k 3. Mon|nnnponannax nepcnx +roro anropnrma |1203] tna nsnomana Bamnpom |1204].
Bapnanr, npenoxenntn n |1204], tn nsnoman n |1553]. ESIGN - +ro ceronxmnxx pennkapnannx anropnrmon ns
+roro cemencrna. Hontrka nckptrt ESIGN |963] okasanact espesyntrarnon.
B nacroxmee npemx anropt pekomenymr ncnontsonart cneymmne snauennx k. 8, 16, 32, 64, 128, 256, 512 n
1024. Onn rakxe pekomenymr, urot p n q tnn ne mentme 192 nron kaxoe, opasyx n ne menee, uem 576 n-
ron n nnny. ( ymam, uro n onxno trt eme n na pasa ontme.) Anropt cunramr, uro c raknmn snauennxmn
napamerpon, esonacnocrt ESIGN panna esonacnocrn RSA nnn Rabin. H ntnonnenntn nmn ananns nokastnaer,
uro ckopocrt ESIGN namnoro ntme, uem y RSA, EIGamal n DSA |582].
Hameumm
ESICN sanarenronan n Coennenntx Brarax |1208], Kanae, Anrnnn, upannnn, Iepmannn n Hrannn. hmon,
kro xouer nonyunrt nnnensnm na anropnrm, onxen oparnrtcx n Oren nnrennekryantnon cocrnennocrn NTT
(Intellectual Property Department, NTT, 1-6Uchisaiwai-cho, 1-chome, Chiyada-ku, 100 Japan).
20.7 Kne1ounme an1oua1m
Conepmenno nonax nex, nsyuennax Hanya Iyamom ( Papua Guam) |665], cocronr n ncnontsonannn n kpnnrocn-
cremax c orkptrtmn knmuamn knerountx anromaron. 3ra cncrema nce eme cnnmkom nona n ne npomna uepes rma-
rentnoe nsyuenne, no npenapnrentnoe nccneonanne nokasano, uro y nee moxer trt rakoe xe kpnnrorpa|nueckn
cnaoe mecro, kak n y pyrnx cncrem |562]. Tem ne menee, +ro mnorooemammax onacrt nccneonannn. Cnoncr-
nom knerountx anromaron xnnxercx ro, uro axe ecnn onn nnneprnpyemt, nenosmoxno ntuncnnrt npeka npon s-
nontnoro cocroxnnx, nnneprnponan npannno naxoxennx noromka . 3ro ntrnxnr ouent noxoxe na ononanpa n-
nennym x+m-|ynknnm c nasenkon.
20.8 pyrne anropn1um c o1kpm1mu knmuou
3a +rn rot tno npenoxeno n nckptro mnoxecrno pyrnx anropnrmon c orkptrtmn knmuamn. Anropnrm
Matsumoto-lmai |1021] tn nckptr n |450]. Anropnrm Cade tn nnepnte npenoxen n 1985 roy, nsnoman n 1986
|774], n sarem opaoran n rom xe roy |286]. Homnmo +rnx nckptrnn, cymecrnymr omne nckptrnx, packnat-
nammne mnorounent na koneuntmn nonxmn|605]. K nmomy anropnrmy, esonacnocrt koroporo onpeenxercx
komnosnnnen mnorounenon na koneuntmn nonxmn, nyxno ornocnrtcx co ckenrnnnsmom, ecnn ne c orkponenntm
noospennem.
Anropnrm Yagisawa oennxer nosneenne n crenent mod p c apn|mernkon mod p-1 |1623], on tn nsnoman n
|256]. pyron anropnrm c orkptrtm knmuom, Tsujii-Kurosawa-Itoh-Eujioka-Matsumoto |1548] , rakxe okasancx
neesonacntm |948]. Heesonacnon |717] tna n rpertx cncrema, Luccio-Mazzone |993]. Cxema nonncn na ase
birational nepecranonok |1425] tna nsnomana na cneymmnn ent nocne ee npecrannennx |381]. Heckontko cxem
nonncen npenoxnn Tanyakn Okamoro ( Tatsuaki Okamoto): tno okasano, uro ona ns nnx rak xe esonacna,
kak nponema nckpernoro norapn|ma, a pyrax - kak nponema nckpernoro norapn|ma u nponema pasnoxennx
na mnoxnrenn |1206]. Ananornunte cxemt npecrannent n |709].
Iycranyc Cnmmonc (Gustavus Simmons) npenoxnn ncnontsonart n kauecrne ocnont anropnrmon c orkptrtmn
knmuamn J-anrepy |1455, 145]. Or +ron nen npnmnoct orkasartcx nocne nsoperennx +||ekrnnntx meroon
pasnoxennx mnorounenon na mnoxnrenn |951]. Takxe tnn nsyuent n cnennantnte nonyrpynnt mnorounenon
|1619, 962], no n +ro nnuero ne ano. Xapant Hneppenrep (Harald Niederreiter) npenoxnn anropnrm c orkpt-
rtm knmuom na ase nocneonarentnocren cnnrontx perncrpon |1166]. pyron anropnrm ncnontsonan cnona
hnnona (Lyndon) |1476], a rpernn - prepositional ncuncnenne |817]. Fesonacnocrt onoro ns neannnx anropnr-
mon c orkptrtmn knmuamn ocnontnanact na nponeme matrix cover |82]. Tanyakn Okamoro n Kasyo Ora (Kazuo
Ohta) nponenn cpannenne pxa cxem nn|ponon nonncn n |1212].
Hepcnekrnnt cosannx pankantno nontx n pasnnuntx anropnrmon c orkptrtmn knmuamn nexcnt . B 1988
roy Vnr|nn n||n ormernn, uro ontmnncrno anropnrmon c orkptrtmn knmuamn ocnonant na onon ns rpex
rpyntx nponem |492, 494]:
1. Pmksak: ano mnoxecrno ynnkantntx uncen, nanrn nomnoxecrno, cymma koroporo panna N.
2. nckperntn norapn|m: Ecnn p - npocroe uncno, a g n M - nente, nanrn x, nx koroporo ntnonnxercx
g
x
M (mod p).
3. Pasnoxenne na mnoxnrenn: Ecnn N - nponsneenne nyx npocrtx uncen, ro nnto
(a) pasnoxnrt N na mnoxnrenn,
(b) nx saanntx nentx uncen M n C nanrn d, nx koroporo M
d
C (mod N),
(c) nx saanntx nentx uncen e n C nanrn M, nx koroporo M
e
C (mod N),
(d) nx saannoro nenoro uncna x onpeennrt, cymecrnyer nn nenoe uncno v, nx koroporo x v
2
(mod N).
Cornacno n||n |492, 494], nponema nckperntx norapn|mon tna npenoxena x. Innnom ( J. Gill), npo-
nema pasnoxennx na mnoxnrenn - Knyrom, a nponema pmksaka - camnm n||n.
3ra ysocrt maremarnuecknx ocnon kpnnrorpa|nn c orkptrtmn knmuamn nemnoro ecnokonr . Hpoptn n peme-
nnn nno nponemt nckperntx norapn|mon, nno nponemt pasnoxennx na mnoxnrenn cenaer neesonacntmn
nente knacct anropnrmon c orkptrtmn knmuamn. n||n nokasan |492, 494], uro noontn pnck cmxruaercx
nymx |akropamn:
1. Bce onepannn, na koropte cenuac onnpaercx kpnnrorpa|nx c orkptrtmn knmuamn - ymnoxenne, nosneenne n crenent n
pasnoxenne na mnoxnrenn - npecrannxmr coon |ynamenrantnte apn|mernueckne xnnennx . Bekamn onn tnn npemerom
nnrencnnnoro maremarnueckoro nsyuennx, n pocr nnnmannx k nnm, ntsnanntn npnmenennem n kpnnrocncremax c orkptrtmn
knmuamn, ynennunn, a ne ymentmnn name onepne.
2. Hama nosmoxnocrt ntnonnxrt ontmne apn|mernueckne ntuncnennx pacrer pannomepno n cenuac nosnonxer nam pean n-
sontnart cncremt c uncnamn rakoro pasmepa, urot +rn cncremt tnn uyncrnnrentnt rontko k encrnnrentno pankantntm
npoptnam n pasnoxennn na mnoxnrenn, nckperntx norapn|max nnn nsnneuennn kopnen .
Kak mt yxe nnenn, ne nce anropnrmt c orkptrtmn knmuamn, ocnonannte na +rnx nponemax, esonacnt .
Cnna nmoro anropnrma c orkptrtm knmuom sanncnr ne rontko or ntuncnnrentnon cnoxnocrn nponemt, nex a-
men n ocnone anropnrma. Tpynax nponema neoxsarentno peannsyercx n cnntnom anropnrme . An Bamnp o-
xcnxer +ro rpemx npnunnamn |1415]:
1. Teopnx cnoxnocrn otuno cnxsana c orentntmn uacrntmn cnyuaxmn nponemt. Kpnnroanannrnk xe
uacro nonyuaer ontmon naop crarncrnueckn cnxsanntx nponem - pasnnunte mn|porekcrt, samn |-
ponannte onnm n rem xe knmuom.
2. Btuncnnrentnax cnoxnocrt nponemt otuno nsmepxercx nx xymero nnn cpenero cnyuaen . urot
trt +||ekrnnnon n kauecrne cnocoa mn|ponannx, nponema onxna trt rpynon nx pemennx no u-
rn no ncex cnyuaxx.
3. Hponsnontnym cnoxnym nponemy neoxsarentno moxno npeopasonart n kpnnrocncremy, k romy xe
nponema onxna nosnonnrt ncrponrt n nee nasenky, snanne koropon n rontko ono enaer nosmoxntm
npocroe pemenne nponemt.
Fnana 21
Cxeum npen1nqnkaunn
21.1 FEIGE-FIAT-SHAMIR
Cxema nn|ponon nonncn n nponepkn nonnnnocrn, paspaorannax Amocom unarom ( Amos Eiat) n An Ba-
mnpom (Adi Shamir), paccmarpnnaercx n |566, 567]. Vpnent uenre (Uriel Eeige), unar n Bamnp mon|nnnponann
anropnrm, npenparnn ero n okasarentcrno nonnnnocrn c nynentm snannem |544, 545]. 3ro nyumee okasarent-
crno nonnnnocrn c nynentm snannem.
9 nmnx 1986 roa rpn anropa noann saxnky na nonyuenne narenra CBA |1427]. Hs-sa nosmoxnoro noennoro
npnmenennx saxnka tna paccmorpena noenntmn. Bpemx or npemenn pesyntrarom paort Harenrnoe mpo xnn x-
ercx ne ntaua narenra, a neuro, nastnaemoe cekperntm pacnopxxennem . 6 xnnapx 1987 roa, sa rpn nx o ncre-
uennx mecrnmecxunoro nepnoa, no npocte apmnn Harenrnoe mpo nsano rakoe pacnopxxenne . 3axnnno, uro "
. . . packptrne nnn nynnkannx npemera saxnkn . . . moxer npnunnnrt ymep nannonantnon esonacnocrn . . ."
Anropam tno npnkasano yneomnrt ncex rpaxan CBA, koropte no rem nnn nntm npnunnam ysnann o npon o-
nmtx nccneonannxx, uro necanknnonnponannoe packptrne nn|opmannn moxer sakonunrtcx nymx roamn r m-
pemnoro saknmuennx, mrpa|om $10,000 nnn rem n pyrnm ononpemenno. Fonee roro, anropt onxnt tnn co-
omnrt Vnonnomouennomy no narenram n roprontm snakam oo ncex nnocrpanntx rpaxanax, koropte nonyunnn
ocryn k +ron nn|opmannn.
3ro tno neneno. B reuenne nropon nononnnt 1986 roa anropt npecrannxnn cnom paory na kon|epennnxx
n Hspanne, Enpone n Coennenntx Brarax. Onn axe ne tnn amepnkancknm rpaxanamn, n ncx paora tna
ntnonnena n Hncrnryre Bennmana ( Weizmann) n Hspanne.
Cnyxn o +rom crann pacnpocrpanxrtcx n nayunom coomecrne n npecce . B reuenne nyx nen cekpernoe pac-
nopxxenne tno annynnponano. Bamnp n ero konnern cunramr, uro sa ormenon cekpernoro pacnopxxennx croxno
NSA, xorx nnkaknx o|nnnantntx kommenrapnen ne tno . antnenmne noponocrn +ron npnuynnnon ncropnn
npnneent n |936].
Vnpoueuuaa cxea ueumuqurauuu Feige-Fiat-Shamir
Hepe ntauen nmtx sakptrtx knmuen apnrp ntnpaer cnyuanntn moynt , n, koroptn xnnxercx nponsne-
ennem nyx ontmnx npocrtx uncen. B peantnon xnsnn nnna n onxna trt ne mentme 512 nron n nyume kak
moxno nnxe k 1024 nram. n moxer omnm nx rpynnt konrponepon. (Hcnontsonanne uncen Fnmma (Blum) o-
nerunr ntuncnennx, no ne xnnxercx oxsarentntm nx esonacnocrn .)
nx renepannn orkptroro n sakptroro knmuen Herrn onepenntn apnrp ntnpaer uncno v, xnnxmmeecx
knaparnuntm ocrarkom mod n. pyrnmn cnonamn ntnpaercx v rak, urot ypannenne x
2
v (mod n) nmeno pe-
menne, n cymecrnonano v
-1
mod n. 3ro v n yer orkptrtm knmuom Herrn. 3arem ntuncnxercx nanmentmee s, nx
koroporo s sqrt (v
-1
) (mod n). 3ro yer sakptrtn knmu Herrn. Hcnontsyercx cneymmnn nporokon nenrn|n-
kannn.
(1) Herrn ntnpaer cnyuannoe r, mentmee n. 3arem ona ntuncnxer x -r
2
mod n n noctnaer x Bnkropy.
(2) Bnkrop noctnaer Herrn cnyuanntn nr b.
(3) Ecnn b 0, ro Herrn noctnaer Bnkropy r. Ecnn b 1, ro Herrn noctnaer Bnkropy v r*s mod n.
(4) Ecnn b 0, Bnkrop nponepxer, uro x -r
2
mod n, yexaxct, uro Herrn snaer snauenne sqrt(x). Ecnn b 1,
Bnkrop nponepxer, uro x v
2
*v mod n, yexaxct, uro Herrn snaer snauenne sqrt(v
-1
).
3ro onn +ran nporokona, nastnaemtn axxpen1annen. Herrn n Bnkrop nonropxmr +ror nporokon t pas, noka
Bnkrop ne yenrcx, uro Herrn snaer s. 3ro nporokon "paspesart n ntpart". Ecnn Herrn ne snaer s, ona moxer
noopart r rak, uro ona cmoxer omanyrt Bnkropa, ecnn on nomner en 0, nnn ona moxer noopart r rak, uro ona
cmoxer omanyrt Bnkropa, ecnn on nomner en 1 . Ona ne moxer cenart ononpemenno n ro, n pyroe. Bepoxr-
nocrt, uro en yacrcx omanyrt Bnkropa onn pas, panna 50 nponenram . Bepoxrnocrt, uro en yacrcx omanyrt ero
t pas, panna 1/2
t
.
Bnkrop moxer nonpoonart nckptrt nporokon, ntanax cex sa Herrn . On moxer nauart ntnonnenne nporo-
kona c c pyrnm konrponepom, Banepnen. Ha mare (1) nmecro ntopa cnyuannoro r emy ocranercx npocro ncnont-
sonart snauenne r, koropoe Herrn ncnontsonano n npomntn pas . Onako, nepoxrnocrt roro, uro Banepnx na mare
(2) nteper ro xe snauenne b, koropoe Bnkrop ncnontsonan n nporokone c Herrn, panna 1/2 . Cneonarentno, nepo-
xrnocrt, uro on omaner Banepnm, panna 50 nponenram. Bepoxrnocrt, uro emy yacrcx omanyrt ee t pas, panna
1/2
t
.
urot +ror nporokon paoran, Herrn nnkora ne onxna ncnontsonart r nonropno. B npornnnom cnyuae, ecnn
Bnkrop na mare (2) nomner Herrn pyron cnyuanntn nr, ro on nonyunr oa ornera Herrn . Tora axe no onomy
ns nnx on cmoxer ntuncnnrt s, n nx Herrn nce sakonunrcx.
Cxea ueumuqurauuu Feige-Fiat-Shamir
B cnonx paorax |544, 545], uenre, unar n Bamnp nokasann, kak napannentnax cxema moxer nontcnrt uncno
akkpenrannn na +ran n ymentmnrt nsanmoencrnnx Herrn n Bnkropa .
Cnauana, kak n n npetymem npnmepe, renepnpyercx n, nponsneenne nyx ontmnx npocrtx uncen. nx re-
nepannn orkptroro n sakptroro knmuen Herrn cnauana ntnpaercx k pasnnuntx uncen: v
1
, v
2
, . . . v
k
, re kaxoe
v
i
xnnxercx knaparnuntm ocrarkom mod n. Hntmn cnonamn, v
i
ntnpamrcx rak, urot x
2
v
i
(mod n) nmeno pe-
menne, n cymecrnonano v
i
-1
mod n. Crpoka, v
1
, v
2
, . . . v
k
, cnyxnr orkptrtm knmuom. 3arem ntuncnxmrcx nan-
mentmne s
i
, nx koroptx s
i
sqrt (v
i
-1
) (mod n). Crpoka s
1
, s
2
, . . . s
k
, cnyxnr sakptrtm knmuom.
Btnonnxercx cneymmnn nporokon:
(1) Herrn ntnpaer cnyuannoe r, mentmee n. 3arem ona ntuncnxer x -r
2
mod n n noctnaer x Bnkropy.
(2) Bnkrop noctnaer Herrn crpoky ns k cnyuanntx nron: b
1
, b
2
, . . . b
k
.
(3) Herrn ntuncnxer v r *( s s s
b b
k
b
k
1 2
1 2
* * * )mod n. (Ona nepemnoxaer nmecre snauennx s
i
, coornercrnymmne
b
i
1. Ecnn nepntm nrom Bnkropa yer 1, ro s
1
noner n nponsneenne, a ecnn nepntm nrom yer 0, ro
ner, n r..) Ona noctnaer v Bnkropy.
(4) Bnkrop nponepxer, uro x v
2
*( v v v
b b
k
b
k
1 2
1 2
* * * ) mod n. (On nepemnoxaer nmecre snauennx v
i
, ocnontnaxct
ra cnyuannon nonunon crpoke. Ecnn ero nepntm nrom xnnxercx 1, ro v
1
noner n nponsneenne, a ecnn
nepntm nrom yer 0, ro ner, n r..)
Herrn n Bnkrop nonropxmr +ror nporokon t pas, noka Bnkrop ne yenrcx, uro Herrn snaer s
1
, s
2
, . . . s
k
.
Bepoxrnocrt, uro Herrn yacrcx omanyrt Bnkrop t pas, panna 1/2
kt
. Anropt pekomenymr ncnontsonart nepo-
xrnocrt momennnuecrna 1/2
20
n npenaramr snauennx k 5 n t 4. Ecnn y nac cknonnocrt k mannn npecneona-
nnx, ynennutre +rn snauennx.
Hpuep
Bsrnxnem na paory +roro nporokona neontmnx uncnax . Ecnn n 35 (na npocrtx uncna - 5 n 7), ro nosmox-
ntmn knaparnuntmn ocrarkamn xnnxmrcx :
1: x
2
1 (mod 35) nmeer pemennx: x 1, 6, 29, 34.
4: x
2
4 (mod 35) nmeer pemennx: x 2, 12, 23, 33.
9: x
2
9 (mod 35) nmeer pemennx: x 3, 17, 18, 32.
11: x
2
11 (mod 35) nmeer pemennx: x 9, 16, 19, 26.
14: x
2
14 (mod 35) nmeer pemennx: x 7, 28.
15: x
2
15 (mod 35) nmeer pemennx: x 15, 20.
16: x
2
16 (mod 35) nmeer pemennx: x 4, 11, 24, 31.
21: x
2
21 (mod 35) nmeer pemennx: x 14, 21.
25: x
2
25 (mod 35) nmeer pemennx: x 5, 30.
29: x
2
29 (mod 35) nmeer pemennx: x 8, 13, 22, 27.
30: x
2
30 (mod 35) nmeer pemennx: x 10, 25.
Oparntmn snauennxmn (mod 35) n nx knaparntmn kopnxmn xnnxmrcx:
v v
-1
ssqrt(v
-1
)
1 1 1
4 9 3
9 4 2
11 16 4
16 11 9
29 29 8
Oparnre nnnmanne, uro y uncen 14, 15, 21, 25 n 30 ner oparntx snauennn mod 35, rak kak onn ne nsanmno
npocrt c 35. 3ro nmeer cmtcn, rak kak onxno trt (5 - 1) * (7 - 1)/4 knaparnuntx ocrarkon mod 35, nsanmno
npocrtx c 35: HO(x, 35) 1 (cm. pasen 11.3).
Hrak, Herrn nonyuaer orkptrtn knmu, cocroxmnn ns k 4 snauennn: 4,11,16,29}. Coornercrnymmnm sakpt-
rtm knmuom xnnxercx 3,4,9,8}. Bor onn +ran nporokona.
(1) Herrn ntnpaer cnyuannoe r16, ntuncnxer 16
2
mod 35 11 n noctnaer ero Bnkropy.
(2) Bnkrop noctnaer Herrn crpoky cnyuanntx nron: 1, 1, 0, 1}
(3) Herrn ntuncnxer 16*(3
1
*4
1
*9
0
*8
1
) mod 35 31 n noctnaer ero Bnkropy.
(4) Bnkrop nponepxer, uro 31
2
*(4
1
*11
1
*16
0
*29
1
) mod 35 11.
Herrn n Bnkrop nonropxmr +ror nporokon t pas, kaxtn pas c nontm cnyuanntm r, noka Bnkrop yer yex-
en.
Heontmne uncna, noonte ncnontsonanntm n npnmepe, ne oecneunnamr peantnon esonacnocrn . Ho kora
nnna n panna 512 n onee nram, Bnkrop ne cmoxer ysnart o sakptrom knmue Herrn nnuero kpome roro |akra,
uro Herrn encrnnrentno snaer ero.
Vuyuueuua
B nporokon moxno ncrponrt nenrn|nkannonnte annte . Hycrt I - +ro nonunax crpoka, npecrannxmmax
nenrn|nkarop Herrn: nmx, apec, nomep connantnoro crpaxonannx, pasmep rononnoro yopa, nmnmtn copr npo-
xnanrentnoro nannrka n pyrax nnunax nn|opmannx . Hcnontsyem ononanpannennym x+m-|ynknnm H(x) nx
ntuncnennx H(I,f), re f - neontmoe uncno, oannennoe k I. Hanem naop f, nx koroptx H(I,f) - +ro knaparnu-
ntn ocrarok no moynm n. 3rn snauennx H(I,f) cranonxrcx v
1
, v
2
, . . . v
k
(f ne oxsant trt knaparnuntmn ocrar-
kamn). Tenept orkptrtm knmuom Herrn cnyxnr I n nepeuent f. Herrn noctnaer I n nepeuent f Bnkropy nepe ma-
rom (1) nporokona (nnn Bnkrop sarpyxaer +rn snauennx c kakon-ro orkptron ockn oxnnennn ), H Bnkrop rene-
pnpyer v
1
, v
2
, . . . v
k
ns H(I,f).
Tenept, nocne roro, kak Bnkrop ycnemno sanepmnr nporokon c Herrn, on yer yexen, uro Tpenr, koropomy
nsnecrno pasnoxenne moynx na mnoxnrenn, ceprn|nnnponan cnxst mexy I n Herrn, ntan en knaparnte kopnn
ns v
i
, nonyuennte ns I. (Cm. pasen 5.2.) uenre, unar n Bamnp oannnn cneymmne sameuannx |544, 545]:
nx neneantntx x+m-|ynknnn moxno noconeronart panomnsnponart I, oannxx k nemy nnnnym cnyuannym crpoky R.
3ra crpoka ntnpaercx apnrpom n orkptnaercx Bnkropy nmecre c I.
B rnnnuntx peannsannxx k onxno trt or 1 o 18. Fontmne snauennx k moryr ymentmnrt npemx n rpynocrn cnxsn,
ymentmax konnuecrno +ranon.
nnna n onxna trt ne mentme 512 nron. (Koneuno, c rex nop pasnoxenne na mnoxnrenn samerno nponnnynoct .)
Ecnn kaxtn nontsonarent nteper cnoe cocrnennoe n n onynnkyer ero n |anne orkptrtx knmuen, ro moxno oonrnct n
es apnrpa. Onako rakon RSA-noontn napnanr enaer cxemy samerno menee yonon .
Cxea nonucu Fiat-Shamir
Hpenpamenne +ron cxemt nenrn|nkannn n cxemy nonncn - +ro, no cyrn, nonpoc npenpamennx Bnkropa n
x+m-|ynknnnm. Inanntm npenmymecrnom cxemt nn|ponon nonncn Eiat-Shamir no cpannennm c RSA xnnxercx
ee ckopocrt: nx Eiat-Shamir nyxno ncero nnmt or 1 o 4 nponenron moyntntx ymnoxennn, ncnontsyemtx n
RSA. B +rom nporokone cnona nepnemcx k Annce n Foy .
Cmtcn nepemenntx - rakon xe, kak n n cxeme nenrn|nkannn . Btnpaercx n - nponsneenne nyx ontmnx
npocrtx uncen. Ienepnpyercx orkptrtn knmu, v
1
, v
2
, . . . v
k
, n sakptrtn knmu, s
1
, s
2
, . . . s
k
, re s
i
sqrt (v
i
-1
) (mod
n).
(1) Annca ntnpaer t cnyuanntx nentx uncen n nanasone or 1 o n - r
1
, r
2
, . . ., r
t
- n ntuncnxer x
1
, x
2
, . . . x
t
,
rakne uro x
i
r
i
2
mod n.
(2) Annca x+mnpyer oennenne coomennx n crpokn x
i
, cosanax nrontn norok: H(m, x
1
, x
2
, . . . x
t
). Ona nc-
nontsyer nepnte k*t nron +ron crpokn n kauecrne snauennn b
if
, re i npoeraer or1 o t, a f or 1 o k.
(3) Annca ntuncnxer v
1
, v
2
, . . . v
t
,, re v
i
r
i
*( s s s
b b
k
b
i i ik
1 2
1 2
* * * ) mod n
(nx kaxoro i ona nepemnoxaer nmecre snauennx s
i
, n sanncnmocrn or cnyuanntx snauennn b
if
. Ecnn b
if
1,
ro s
i
yuacrnyer n ntuncnennxx, ecnn b
if
0, ro ner.)
(4) Annca noctnaer Foy m, nce nrt b
if
, n nce snauennx v
i
. V Foa yxe ecrt orkptrtn knmu Annct: v
1
, v
2
, . . .
v
k
.
(5) Fo ntuncnxer :
1
, :
2
, . . . :
t
, re :
i
v
2
*( v v v
b b
k
b
i i ik
1 2
1 2
* * * ) mod n
(H cnona Fo ntnonnxer ymnoxenne n sanncnmocrn or snauennn b
if
.) Takxe oparnre nnnmanne, uro :
i
onxno trt panno x
i
.
(6) Fo nponepxer, uro nepnte k*t nron H(m, :
1
, :
2
, . . . :
t
) - +ro snauennx b
if
, koropte npncnana emy Annca.
Kak n n cxeme nenrn|nkannn esonacnocrt cxemt nonncn nponopnnonantna l/2
kt
. Ona rakxe sanncnr or
cnoxnocrn pasnoxennx n na mnoxnrenn. unar n Bamnp nokasann, uro noenka nonncn oneruaercx, ecnn
cnoxnocrt pasnoxennx n na mnoxnrenn samerno mentme 2
kt
. Kpome roro, ns-sa nckptrnx meroom nx poxennx
(cm. pasen 18.1), onn pekomenymr nontcnrt k*t or 20 no kpannen mepe o 72, npenarax k 9 n t 8.
Vuyuueuuaa cxea nonucu Fiat-Shamir
Cnntnnx Mnkann (Silvia Micali) n An Bamnp ynyumnnn nporokon Eiat-Shamir |1088]. Onn ntnpann v
1
, v
2
,
. . . v
k
rak, urot onn tnn nepntmn k npocrtmn uncnamn. To ecrt
v
1
1, v
2
3, v
3
5, n r..
3ro orkptrtn knmu. 3akptrtm knmuom, s
1
, s
2
, . . . s
k
, cnyxar cnyuannte knaparnte kopnn, onpeenxemte
kak
s
i
sqrt (v
i
-1
) (mod n)
B +ron nepcnn y kaxoro yuacrnnka onxen trt cnon n. Takax mon|nkannx oneruaer nponepky nonncen ,
ne nnnxx na npemx renepannn nonncen n nx esonacnocrt.
pyeue yuyuueuua
Ha ocnone anropnrma Eiat-Shamir cymecrnyer n N-croponnxx cxema nenrn|nkannn |264]. na pyrnx ynyu-
mennx cxemt Eiat-Shamir n |1218]. Eme onn napnanr - n |1368].
Cxea ueumuqurauuu Ohta-Okamoto
3ror nporokon xnnxercx napnanrom cxemt nenrn|nkannn Eeige-Eiat-Shamir, ero esonacnocrt ocnonana na
rpynocrn pasnoxennx na mnoxnrenn |1198, 1199]. 3rn xe anropt paspaorann cxemy c neckontknmn nonncxmn
(cm. pasen 23.1), c nomomtm koropon pasnnunte nmn moryr nocneonarentno nonnctnart |1200]. 3ra cxema
tna npenoxena nx peannsannn na nnrennekryantntx kaproukax |850].
Hameumm
Eiat-Shamir sanarenronan |1427]. Hpn xenannn nonyunrt nnnensnm na anropnrm cnxxnrect c Yeda Research
and Development, The Weizmann Institute of Science, Rehovot 76100, Israel.
21.2 GUILLOU-QUISQUATER
Eeige-Eiat-Shamir tn nepntm npakrnuecknm nporokonom nenrn|nkannn . On mnnnmnsnponan ntuncnennx,
ynennunnax uncno nrepannn n akkpenrannn na nrepannm. nx pxa peannsannn, nanpnmep, nx nnrennekryan t-
ntx kaprouek, +ro ne cnnmkom noxonr. Oment c nnemnnm mnpom rpeymr npemenn, a xpanenne anntx nx
kaxon akkpenrannn moxer tcrpo ncuepnart orpannuennte nosmoxnocrn kaproukn .
hyn Innny (Louis Guillou) n +an-+ak Knckarp (Jean-Jacques Quisquater) paspaorann anropnrm nenrn|nka-
nnn c nynentm snannem, koroptn ontme noxonr nx noontx npnnoxennn |670, 1280]. Oment mexy Her-
rn n Bnkropom, a rakxe napannentnte akkpenrannn n kaxom omene cneent k aconmrnomy mnnnmymy : nx
kaxoro okasarentcrna cymecrnyer rontko onn omen, n koropom - rontko ona akkpenrannx . nx ocrnxennx
roro xe yponnx esonacnocrn npn ncnontsonannn cxemt Guillou-Quisquater norpeyercx ntnonnnrt n rpn pasa
ontme ntuncnennn, uem npn Eeige-Eiat-Shamir. H, kak n Eeige-Eiat-Shamir, +ror anropnrm nenrn|nkannn mox-
no npenparnrt n anropnrm nn|ponon nonncn.
Cxea ueumuqurauuu Cuillou-Quisquater
Herrn - +ro nnrennekryantnax kaprouka, koropax conpaercx okasart cnom nonnnnocrt Bnkropy . Henrn|n-
kannx Herrn npononrcx no pxy arpnyron, npecrannxmmnx coon crpoky anntx coepxamnx nasnanne ka p-
roukn, nepno encrnnx, nomep ankonckoro cuera n pyrne, nornepxaemte ee npnmennmocrt, annte . 3ra n-
ronax crpoka nastnaercx J. (B peantnocrn crpoka arpnyron moxer trt ouent nnnnon, n n kauecrne J ncnontsy-
ercx ee x+m-snauenne. 3ro ycnoxnenne nnkak ne nnnxer na nporokon.) 3ra crpoka ananornuna orkptromy knmuy.
pyron orkptron nn|opmannen, omen nx ncex "Herrn", koropte moryr ncnontsonart +ro npnnoxenne, xnnxercx
nokasarent crenenn v n moynt n, re n - +ro nponsneenne nyx xpanxmnxcx n cekpere npocrtx uncen . 3akptrtm
knmuom cnyxnr B, paccunrtnaemoe rak, urot JB
v
1 (mod n).
Herrn noctnaer Bnkropy cnon arpnyrt J. Tenept ona xouer okasart Bnkropy, uro +ro nmenno ee arpnyrt.
nx +roro ona onxna yenrt Bnkropa, uro en nsnecrno B. Bor +ror nporokon:
(1) Herrn ntnpaer cnyuannoe nenoe r, naxoxmeecx n nanasone or 1 o n-1. Ona ntuncnxer T r
v
mod n n or-
npannxer ero Bnkropy.
(2) Bnkrop ntnpaer cnyuannoe nenoe d, naxoxmeecx n nanasone or 0 o v-1. On noctnaer d Herrn.
(3) Herrn ntuncnxer D rB
d
mod n n noctnaer ero Bnkropy.
(4) Bnkrop ntuncnxer T D
v
J
d
mod n. Ecnn T T (mod n), ro nonnnnocrt Herrn okasana.
Maremarnka ne cnnmkom cnoxna:
T D
v
J
d
(rB
d
)
v
J
d
r
v
B
dv
J
d
r
v
(B
v
J)
d
r
v
r T (mod n), rak kak JB
v
1 (mod n)
Cxea nonucu Cuillou-Quisquater
3ry cxemy nenrn|nkannn moxno npenparnrt n cxemy nonncn, rakxe npnronym nx peannsannn n nnrenne k-
ryantntx kaproukax |671, 672]. Orkptrtn n sakptrtn knmun ne menxmrcx . Bor kak ntrnxnr nporokon:
(1) Annca ntnpaer cnyuannoe nenoe r, naxoxmeecx n nanasone or 1 o n-1. Ona ntuncnxer T r
v
mod n.
(2) Annca ntuncnxer d H(M,T), re M - nonnctnaemoe coomenne, a H(x) - ononanpannennax x+m-|ynknnx.
3nauenne d, nonyuennoe c nomomtm x+m-|ynknnn, onxno trt n nanasone or 0 o v-1 |1280]. Ecnn ntxo
x+m-|ynknnn ntxonr sa +ror nanason, on onxen trt npnneen no moynm v.
(3) Annca ntuncnxer D rB
d
mod n. Honnct cocronr ns coomennx M, nyx ntuncnenntx snauennn, d and D,
n ee arpnyron J. Ona noctnaer nonnct Foy.
(4) Fo ntuncnxer T D
v
J
d
mod n. 3arem on ntuncnxer d H(M,T). Ecnn d d, ro Annca snaer B, n ee no-
nnct encrnnrentna.
Hecrouoro nonuce
uro ecnn neckontko uenonek saxorxr nonncart onn n ror xe okymenr ? Hpome ncero, urot onn nonncann
ero noposnt, no paccmarpnnaemax cxema nonncn enaer +ro nyume . Hycrt Annca n Fo nonnctnamr okymenr, a
K+pon nponepxer nonncn, no n nponecc nonncannx moxer trt nonneueno nponsnontnoe konnuecrno nmen . Kak
n pantme, Annca n Fo onaamr ynnkantntmn snauennxmn J n B: (J
A
,B
A
) n (J
B
,B
B
). 3nauennx n n v xnnxmrcx o-
mnmn nx ncen cncremt.
(1) Annca ntnpaer cnyuannoe nenoe r
A
, naxoxmeecx n nanasone or 1 o n-1. Ona ntuncnxer T
A
r
A
v
mod n n
noctnaer T
A
Foy.
(2) Fo ntnpaer cnyuannoe nenoe r
*
, naxoxmeecx n nanasone or 1 o n-1. On ntuncnxer T
*
r
*
v
mod n n no-
ctnaer T
*
Annce.
(3) Annca n Fo, kaxtn ntuncnxer T (T
A
*T
*
) mod n.
(4) Annca n Fo, kaxtn ntuncnxer d H(M,T), re M - nonnctnaemoe coomenne, a H(x) - ononanpannen-
nax x+m-|ynknnx. 3nauenne d, nonyuennoe c nomomtm x+m-|ynknnn, onxno trt n nanasone or 0 o v-1
|1280]. Ecnn ntxo x+m-|ynknnn ntxonr sa +ror nanason, on onxen trt npnneen no moynm v.
(5) Annca ntuncnxer D
A
r
A
B
A
d
mod n n noctnaer D
A
Foy.
(6) Fo ntuncnxer D
B
r
B
B
B
d
mod n n noctnaer D
B
Annce.
(7) Annca n Fo, kaxtn ntuncnxer D D
A
D
B
mod n. Honnct cocronr ns coomennx M, nyx ntuncnenntx
snauennn, d and D, n arpnyron oonx nonnctnammnx: J
A
n J
B
.
(8) K+pon ntuncnxer J J
A
J
B
mod n.
(9) K+pon ntuncnxer T D
v
J
d
mod n. 3arem ona ntuncnxer d H(M,T). Ecnn d d, ro mnoxecrnennax no-
nnct encrnnrentna.
3ror nporokon moxer trt pacmnpen na nmoe konnuecrno nmen . nx +roro nonnctnammne coomenne
nmn onxnt nepemnoxnrt cnon snauennx T
i
na +rane (3), n cnon snauennx D
i
na +rane (7). urot nponepnrt
mnoxecrnennym nonnct, nyxno na +rane (8) nepemnoxnrt snauennx J
i
nonnctnammnx (8). hno nce nonncn
npannntnt, nno cymecrnyer no kpannen mepe ona nenpannntnax nonnct .
21.3 SCHNORR
Fesonacnocrt cxemt nponepkn nonnnnocrn n nonncn Knayca Bnoppa |1396,1397] onnpaercx na rpynocrt
ntuncnennx nckperntx norapn|mon. nx renepannn napt knmuen cnauana ntnpamrcx na npocrtx uncna , p n
q rak, urot q tno comnoxnrenem p-1. 3arem ntnpaercx a, ne pannoe 1, rakoe uro a
q
1 (mod p). Bce +rn uncna
moryr trt cnoono onynnkonant n ncnontsonartcx rpynnon nontsonarenen .
nx renepannn konkpernon napt knmuen ntnpaercx cnyuannoe uncno, mentmee q. Ono cnyxnr sakptrtm
knmuom, s. 3arem ntuncnxercx orkptrtn knmu v a
-s
mod p.
Hpomorou npoeepru nouuuuocmu
(1) Herrn ntnpaer cnyuannoe uncno r, mentmee q, n ntuncnxer x a
r
mod p. 3rn ntuncnennx xnnxmrcx npe-
napnrentntmn n moryr trt ntnonnent saonro o noxnnennx Bnkropa .
(2) Herrn noctnaer x Bnkropy.
(3) Bnkrop noctnaer Herrn cnyuannoe uncno e, ns nanasona or 0 o 2
t-1
. (uro rakoe t, x oxcnm uyrt nosxe.)
(4) Herrn ntuncnxer v (r se) mod q n noctnaer v to Bnkropy.
(5) Bnkrop nponepxer, uro x a
v
v
e
mod p.
Fesonacnocrt anropnrma sanncnr or napamerpa t. Cnoxnocrt nckptrnx anropnrma npnmepno panna 2
t
. Bnopp
coneryer ncnontsonart p okono 512 nron, q - okono 140 nron n t - 72.
Hpomorou uuqpoeo nonucu
Anropnrm Schnorr rakxe moxno ncnontsonart n n kauecrne nporokona nn|ponon nonncn coomennx M. Hapa
knmuen ncnontsyercx ra xe camax, no oannxercx ononanpannennax x+m-|ynknnx H(M).
(1) Annca ntnpaer cnyuannoe uncno r, mentmee q, n ntuncnxer x a
r
mod p. 3ro cranx npenapnrentntx
ntuncnennn.
(2) Annca oennxer M n x n x+mnpyer pesyntrar:
e H(M,x)
(3) Annca ntuncnxer v (r se) mod q. Honnctm xnnxmrcx snauennx e n v, ona noctnaer nx Foy.
(4) Fo ntuncnxer x a
v
v
e
mod p. 3arem on nponepxer, uro x+m-snauenne nx oennennx M n x panno e.
e H(M,x)
Ecnn +ro rak, ro on cunraer nonnct nepnon.
B cnoen paore Bnopp npnnonr cneymmne nonte cnoncrna cnoero anropnrma :
Fontmax uacrt ntuncnennn, nyxntx nx renepannn nonncn n nesanncxmnx or nonnctnaemoro coomennx, moxer trt
ntnonnena na crann npenapnrentntx ntuncnennn . Cneonarentno, +rn ntuncnennx moryr trt ntnonnent no npemx np o-
crox n ne nnnxmr na ckopocrt nonncannx . Bckptrne, nanpannennoe npornn crann npenapnrentntx ntuncnennn, paccmarp n-
naercx n |475], x ne ymam, uro ono nmeer npakrnueckym nennocrt .
Hpn onnakonom yponne esonacnocrn nnna nonncen nx Schnorr kopoue, uem nx RSA. Hanpnmep, npn 140-nronom q
nnna nonncen panna ncero nnmt 212 nram, mentme nononnnt nnnt nonncen RSA. Honncn Schnorr rakxe namnoro kopo-
ue nonncen EIGamal.
Koneuno, ns npakrnuecknx coopaxennn konnuecrno nron, ncnontsyemtx n +ron cxeme, moxer trt ymen t-
meno: nanpnmep, nx cxemt nenrn|nkannn, n koropon momennnk onxen ntnonnnrt nanoronoe nckptrne ncero
nnmt sa neckontko cekyn (cpannnre co cxemon nonncn, kora momennnk moxer roamn necrn pacuert, urot
ntnonnnrt nonor).
Mon|nkannx, ntnonnennax 3pnn Fpnkennom ( Ernie Brickell) n Kennnom MakKepnn (Kevin McCurley), nont-
cnna esonacnocrt +roro anropnrma |265].
Hameumm
Schnorr sanarenronan n Coennenntx Brarax |1398] n mnornx pyrnx crpanax. B 1993 roy PKP npnopeno
ome mnponte npana na +ror narenr(cm. pasen 25.5). Cpok encrnnx narenra CBA ncrekaer 19 |enpanx 2008
roa.
21.4 Dpeopasonanne cxeu npen1nqnkaunn n cxeum nopnncn
Bor cranaprntn mero npeopasonannx cxemt nenrn|nkannn n cxemy nonncn : Bnkrop samenxercx onona-
npannennon x+m-|ynknnen. Hepe nonncannem coomenne ne x+mnpyercx, nmecro +roro x+mnponanne ncrpann a-
ercx n anropnrm nonncn. B npnnnnne, rakym mannnynxnnm moxno npoenart c nmon cxemon nenrn|nkannn .
Fnana 22 Anropn1um ouena knmuaun
22.1 DIFFIE-HELLMAN
Diffie-Hellman, nepntn n ncropnn anropnrm c orkptrtm knmuom, tn nsoperen 1976 roy |496]. Ero eso-
nacnocrt onnpaercx na rpynocrt ntuncnennx nckperntx norapn|mon n koneunom none (n cpannennn c nerk o-
crtm nosneennx n crenent n rom xe camom none . Diffie-Hellman moxer trt ncnontsonan nx pacnpeenennx
knmuen - Annca n Fo moryr nocnontsonartcx +rnm anropnrmom nx renepannn cekpernoro knmua - no ero nentsx
ncnontsonart nx mn|ponannx n emn|pnponannx coomennn .
Maremarnka necnoxna. Cnauana Annca n Fo nmecre ntnpamr ontmne npocrte uncna n n g rak, urot g
tno npnmnrnnom mod n. 3rn na nentx uncna xpannrt n cekpere neoxsarentno, Annca n Fo moryr oronopnrt-
cx o ns ncnontsonannn no necekpernomy kanany . 3rn uncna axe moryr conmecrno ncnontsonartcx rpynnon non t-
sonarenen. Fes pasnnnt. 3arem ntnonnxercx cneymmnn nporokon:
(1) Annca ntnpaer cnyuannoe ontmoe nenoe uncno x n noctnaer Foy
X g
x
mod n
(2) Fo ntnpaer cnyuannoe ontmoe nenoe uncno v n noctnaer Annce
Y g
v
mod n
(3) Annca ntuncnxer
k Y
x
mod n
(4) Fo ntuncnxer
k X
v
mod n
H k, n k pannt g
xv
mod n. Hnkro ns nocnymnnammnx +ror kanan ne cmoxer ntuncnnrt +ro snauenne, nm n s-
necrno rontko n, g, X n Y. Hoka onn ne cmoryr ntuncnnrt nckperntn norapn|m n packptrt x nnn v, onn ne cmo-
ryr pemnrt nponemy. Ho+romy, k - +ro cekperntn knmu, koroptn Annca n Fo ntuncnxmr nesanncnmo .
Btop g n n moxer samerno nnnxrt na esonacnocrt cncremt. uncno (n-1)/2 rakxe onxno trt npocrtm
|1253]. H, camoe rnannoe, n onxno trt ontmnm: esonacnocrt cncremt ocnonana na cnoxnocrn pasnoxennx na
mnoxnrenn uncen roro xe pasmepa, uro n n. Moxno ntnpart nmoe g, koropoe xnnxercx npnmnrnnom mod n; ner
npnunn, no koroptm nentsx tno t ntpart nanmentmee nosmoxnoe g - otuno onopaspxnoe uncno. (K romy
xe, na camom ene, g ne onxno axe trt npnmnrnnom, ono rontko onxno renepnponart ocrarouno ontmym
norpynny myntrnnnnkarnnnon rpynnt mod n.)
Diffie-Hellman c mpea u ouee yuacmuurau
Hporokon omena knmuamn Diffie-Hellman nerko moxno pacmnpnrt na cnyuan c rpemx n onee yuacrnnkamn . B
npnnonmom npnmepe Annca, Fo n K+pon nmecre renepnpymr cekperntn knmu.
(1) Annca ntnpaer cnyuannoe ontmoe nenoe uncno x n ntuncnxer
X g
x
mod n
(2) Fo ntnpaer cnyuannoe ontmoe nenoe uncno v n noctnaer K+pon
Y g
v
mod n
(3) K+pon ntnpaer cnyuannoe ontmoe nenoe uncno : n noctnaer Annce
Z g
:
mod n
(4) Annca noctnaer Foy
ZZ
x
mod n
(5) Fo noctnaer K+pon *
XX
v
mod n
(6) K+pon noctnaer Annce
YY
:
mod n
(7) Annca ntuncnxer
k Y
x
mod n
(8) Fo ntuncnxer
k Z
v
mod n
(9) K+pon ntuncnxer
k :
:
mod n
Cekperntn knmu k panen g
xv:
mod n, n nnkro ns nocnymnnammnx kanant cnxsn ne cmoxer ntuncnnrt +ro
snauenne. Hporokon moxno nerko pacmnpnrt nx uerneptx n onee yuacrnnkon, npocro oannxmrcx yuacrnnkn n
+rant ntuncnennn.
Pacuupeuum Diffie-Hellman
Diffie-Hellman rakxe paoraer n kommyrarnnntx kontnax |1253]. 3. Bmynn (Z. Shmuley) n Kennn MakKepnn
(Kevin McCurley) nsyunnn napnanr anropnrma, n koropom moynt xnnxercx cocranntm uncnom |1441, 1038]. B.C.
Mnnnep (V. S. Miller) n Hnn Konnn (Neal Koblitz) pacmnpnnn +ror anropnrm, ncnontsyx +nnnnrnueckne kpnnte
|1095, 867]. Taxep 3ntxamant (Taher ElGamal) ncnontsonan ocnonononarammym nem nx paspaorkn anr o-
pnrma mn|ponannx n nn|ponon nonncn (cm. pasen 19.6).
3ror anropnrm rakxe paoraer n none Ianya GE(2
k
) |1442, 1038]. B pxe peannsannn ncnontsyercx nmenno
+ror noxo |884, 1631, 1632], rak kak ntuncnennx ntnonnxmrcx namnoro tcrpee . Ho n kpnnroanannrnueckne
ntuncnennx ntnonnxmrcx namnoro tcrpee , no+romy naxno rmarentno ntnpart none, ocrarouno ontmoe,
urot oecneunrt nyxnym esonacnocrt.
Hughes
3ror napnanr anropnrma Diffie-Hellman nosnonxer Annce renepnponart knmu n nocnart ero Foy |745].
(1) Annca ntnpaer cnyuannoe ontmoe nenoe uncno x n renepnpyer
k g
x
mod n
(2) Fo ntnpaer cnyuannoe ontmoe nenoe uncno v n noctnaer Annce
Y g
v
mod n
(3) Annca noctnaer Foy
X Y
x
mod n
(4) Fo ntuncnxer
: v
-1
k X
:
mod n
Ecnn nce ntnonneno npannntno, k k.
Hpenmymecrnom +roro nporokona na Diffie-Hellman cocronr n rom, uro k moxno ntuncnnrt sapanee, o nsan-
moencrnnx, n Annca moxer mn|ponart coomennx c nomomtm k saonro o ycranonnennx coennennx c Foom.
Ona moxer nocnart coomenne cpasy mnoxecrny nmen, a nepeart knmu nosnee kaxomy no orentnocrn .
Oeu rumuo es oeua rumuo
Ecnn y nac coomecrno nontsonarenen, kaxtn moxer onynnkonart orkptrtn knmu , X g
x
mod n, n omen
ase anntx. Ecnn Annca saxouer ycranonnrt cnxst c Foom, en nonaonrcx rontko nonyunrt orkptrtn knmu
Foa n renepnponart nx omnn cekperntn knmu. Ona moxer samn|ponart coomenne +rnm knmuom n nocnart ero
Foy. Fo nsnneuer orkptrtn knmu Annct n ntuncnnr omnn cekperntn knmu .
Kaxax napa nontsonarenen moxer ncnontsonart ynnkantntn cekperntn knmu , ne rpeyercx nnkaknx npena-
pnrentntx omenon anntmn mexy nontsonarenxmn . Orkptrte knmun onxnt nponrn ceprn|nkannm, urot
npeornparnrt momennnueckne nckptrnx, n onxnt perynxpno menxrtcx, no n nmom cnyuae +ro ouent ymnax
nex
Hameumm
Anropnrm omena knmuamn Diffie-Hellman sanarenronan n Coennenntx Brarax |718] n Kanae |719]. Ipyn-
na, nastnammaxcx Public Key Partners (PKP, Haprnept no orkptrtm knmuam), nonyunna nmecre c pyrnmn na-
renramn n onacrn kpnnrorpa|nn c orkptrtmn knmuamn nonyunna nnnensnm na +ror narenr (cm. pasen 25.5).
Cpok encrnnx narenra CBA ncrekaer 29 anpenx 1997 roa .
22.2 Dpo1okon "1ouka-1ouka"
Omen knmuamn Diffie-Hellman uyncrnnrenen k nckptrnm "uenonek n cepenne" . Onnm ns cnocoon npeor-
nparnrt +ro, xnnxercx neoxonmocrt nx Annct n Foa nonnctnart coomennx, koropte onn noctnamr pyr
pyry |500].
3ror nporokon npenonaraer, uro y Annct ecrt ceprn|nnnponanntn orkptrtn knmu Foa, a y Foa ecrt ce p-
rn|nnnponanntn orkptrtn knmu Annct. 3rn ceprn|nkart nonncant nekoroptm sacnyxnnammnm onepnx
opranom nnacrn, nenocpecrnenno ne yuacrnymmnm n nporokone . Bor kak Annca n Fo renepnpymr cekperntn
knmu k.
(1) Annca renepnpyer cnyuannoe uncno x n noctnaer ero Foy.
(2) Fo renepnpyer cnyuannoe uncno v. Hcnontsyx nporokon Diffie-Hellman, on ntuncnxer omnn knmu k na a-
se x n v. On nonnctnaer x n v n mn|pyer nonnct knmuom k. 3arem on noctnaer nonyunnmeecx nmecre c v
Annce.
v,E
k
(S
B
(x,v))
(3) Annca rakxe ntuncnxer k. Ona pacmn|pontnaer ocranmymcx uacrt coomennx Foa n nponepxer ero no-
nnct. 3arem ona noctnaer Foy nonncannoe coomenne, cocroxmee ns x n v, samn|ponanntx omnm knm-
uom k.
E
k
(S
A
(x,v))
(4) Fo pacmn|pontnaer coomenne n nponepxer nonnct Annct.
22.3 Tpexnpoxopnm npo1okon Launpa
3ror nsoperenntn An Bamnpom no nnkora ne onynnkonanntn nporokon nosnonxer Annce n Foy eso-
nacno omennnartcx nn|opmannen, ne ncnontsyx npenapnrentnoro omena nn cekperntmn, nn orkptrtmn kn m-
uamn |1008]. On npenonaraer ncnontsonanne kommyrarnnnoro cnmmerpnunoro mn|pa , nx koroporo:
E
A
(E
B
(P)) E
B
(E
A
(P))
Cekperntn knmu Annct - A, a Foa - B. Annca xouer nocnart coomenne M Foy. Bro +ror nporokon.
(1) Annca mn|pyer M cnonm knmuom n noctnaer ero Foy
C
1
E
A
(M)
(2) Fo mn|pyer C
1
cnonm knmuom n noctnaer Annce
C
2
E
B
(E
A
(M))
(3) Annca pacmn|pontnaer C
2
cnonm knmuom n noctnaer Foy
C
3
D
A
(E
B
(E
A
(M))) D
A
(E
A
(E
B
(M))) E
B
(M)
(4) Fo pacmn|pontnaer C
3
cnonm knmuom, nonyuax M.
Kommyrarnnnt n onaamr conepmennon esonacnocrtm onopasonte noknort, no c +rnm nporokonom onn
paorart ne yyr. Hpn ncnontsonannn onopasonoro noknora rpn mn|porekcra yyr ntrnxert cneymmnm
opasom be:
C
1
M A
C
2
M A B
C
3
M B
Ena, sanncan +rn rpn coomennx, koroptmn omennnamrcx Annca n Fo, npocro ntnonnnr XOR ncex +rnx
mn|porekcron n noccranonnr coomenne:
C
1
C
2
C
3
(M A) (M A B) (M B) M
Ouennno, uro rakon cnoco paorart ne yer .
Bamnp (n nesanncnmo xnm Omypa (Jim Omura)) onncan noxoxnn na RSA anropnrm mn|ponannx, koroptn
yer paorart c +rnm nporokonom. Hycrt p yer ontmnm ontmnm npocrtm uncnom, npnuem mnoxnrent p-1
xnnxercx ontmnm npocrtm. Btepem knmu mn|ponannx e, nsanmno npocron c p-1. Btuncnnm d, nx koroporo
ntnonnxercx de 1 (mod p - 1). nx mn|ponannx coomennx ntuncnxem
C M
e
mod p
nx emn|pnponannx coomennx ntuncnxem
M C
d
mod p
Ho nnnmomy, y Ent ner cnocoa nonyunrt M, ne pemnn nponemy nckpernoro norapn|ma, no +ro nnkora ne
tno okasano.
Kak n Diffie-Hellman, +ror nporokon nosnonxer Annce nauart cekperntn omen nn|opmannen c Foom, ne snax
nn onoro ns ero knmuen. Hpn ncnontsonannn anropnrma c orkptrtm knmuom Annca onxna snart orkptrtn
knmu Foa. Hpnmenxx rpexnpoxontn anropnrm Bamnpa, ona npocro noctnaer Foy mn|porekcr coomennx . To
xe encrnne c nomomtm anropnrma c orkptrtm knmuom ntrnxnr cneymmnm opasom :
(1) Annca sanpamnnaer y Foa (nnn y KDC) ero orkptrtn knmu.
(2) Fo (nnn KDC) noctnaer Annce cnon orkptrtn knmu.
(3) Annca mn|pyer M orkptrtm knmuom Foa n noctnaer ero Foy.
Tpexnpoxontn anropnrm Bamnpa ne moxer ycroxrt nepe nckptrnem "uenonek n cepenne" .
22.4 COMSET
COMSET (COMmunications SETup, ycranonnenne cnxsn) +ro nporokon ononpemennon nenrn|nkannn n o -
mena knmuom, paspaoranntn nx npoekra RIPE |1305] (cm. pasen 25.7). C nomomtm kpnnrorpa|nn c orkptrt-
mn knmuamn on nosnonxer Annce n Foy nenrn|nnnponart pyr pyra, npn +rom omennnaxct cekperntm kn m-
uom.
Maremarnueckon ocnonon COMSET cnyxnr cxema Rabin |1283] (cm. pasen 19.5). Cama cxema nnepnte tna
npenoxena n |224]. Cm. noponocrn n |1305].
22.5 Ouen samnqponannmun knmuaun
Hporokon omena samn|ponanntmn knmuamn (Encrypted Key Exchange, EKE) tn paspaoran Crnnom Fen-
nonnnom (Steve Bellovin) n Manknom Meppnrrom (Michael Merritt) |109]. On oecneunnaer esonacnocrt n npo-
nepky nonnnnocrn n komntmrepntx cerxx, no nonomy ncnontsyx n cnmmerpnunym kpnnrorpa|nm, n kpnnrorp a-
|nm c orkptrtmn knmuamn: omnn cekperntn knmu ncnontsyercx nx mn|ponannx renepnponannoro cnyua n-
ntm opasom orkptroro knmua.
Basoem npomorou EKE
Annca n Fo (na nontsonarenx, knnenr n cepnep, nnn kro yrono) nmemr omnn napont P. Hcnontsyx cne-
ymmnn nporokon, onn moryr nponepnrt nonnnnocrt pyr pyra n renepnponart omnn ceancontn knmu K.
(1) Annca Cnyuanntm opasom renepnpyer napy "orkptrtn knmu/sakptrtn knmu" . Ona mn|pyer orkptrtn
knmu K c nomomtm cnmmerpnunoro anropnrma, ncnontsyx P n kauecrne knmua: E
P
(K). Ona noctnaer Foy
A, E
P
(K)
(2) Fo snaer P. On pacmn|pontnaer coomenne, nonyuax K. 3arem on renepnpyer cnyuanntn ceancontn knmu
K mn|pyer ero orkptrtm knmuom, koroptn on nonyunn or Annct, a sarem ncnontsyx P kauecrne knmua. On
noctnaer Annce
E
P
(E
K
(K)
(3) Annca pacmn|pontnaer coomenne, nonyuax K. Ona renepnpyer cnyuannym crpoky R
A
, mn|pyer ee c nomo-
mtm K n noctnaer Foy
E
K
(R
A
)
(4) Fo pacmn|pontnaer coomenne, nonyuax R
A
. On renepnpyer pyrym cnyuannym crpoky, R
B
, mn|pyer oe
crpokn knmuom K n noctnaer Annce pesyntrar.
E
K
(R
A
,R
B
)
(5) Annca pacmn|pontnaer coomenne, nonyuax R
A
n R
B
. Ecnn crpoka R
A
, nonyuennax or Foa, - +ro ra camax
crpoka, koropym ona nocnana Foy na +rane (3), ona, ncnontsyx K, mn|pyer R
B
n noctnaer ee Foy.
E
K
(R
B
)
(6) Fo pacmn|pontnaer coomenne, nonyuax R
B
. Ecnn crpoka R
B
, nonyuennax or Annct, - +ro ra camax crpoka,
koropym on nocnan en na +rane (4), sanepmen. Tenept oe cropont moryr omennnartcx nn|opmannen, n c-
nontsyx K n kauecrne ceanconoro knmua.
Ha +rane (3) n Annca, n Fo snamr K n K. K - +ro ceancontn knmu, on moxer trt ncnontsonan nx mn|pon a-
nnx ncex pyrnx coomennn, koroptmn omennnamrcx Annca n Fo. Ena, cnx mexy Anncon n Foom, snaer
rontko E
P
(K), E
P
(E
K
(K) n neckontko coomennn, samn|ponanntx K. B pyrnx nporokonax Ena morna t nonpo-
onart yraart P (nmn nce npemx nmxr ntnpart nnoxne naponn, n ecnn Ena ocrarouno ymna, ona moxer +ror
napont) n sarem nponepnrt cnon npenonoxennx. B paccmarpnnaemom nporokone Ena ne moxer nponepxrt cnon
npenonoxennx, ne nckptn npn +rom n anropnrm c orkptrtm knmuom . H, ecnn K n K ntnpamrcx cnyuanntm
opasom, ro +ra nponema yer nenpeoonnmon.
Ornernax uacrt nporokona, +rant (3) - (6), oecneunnaer nornepxenne. 3rant (3) - (5) okastnamr Annce,
uro Fo snaer K, +rant (4) - (6) okastnamr Foy, uro Annca snaer K. Omen merkamn npemenn, ncnontsyemtn n
nporokone Kerberos, pemaer ry xe saauy.
EKE moxer trt peannsonan c mnoxecrnom anropnrmon c orkptrtmn knmuamn : RSA, ElGamal, Diffie-
Hellman. Hponemt c esonacnocrtm nosnnkamr npn peannsannn EKE c anropnrmom pmksaka (axe es yuera
nponem esonacnocrn, npncymnx camnm anropnrmam pmksaka ): nopmantnoe pacnpeenenne mn|porekcra coo-
mennn cnonr na ner npenmymecrna EKE.
Peauusauua EKE c noouom RSA
Anropnrm RSA kaxercx neantntm nx rakoro ncnontsonannx, no ecrt px ronknx nponem . Anropt pekomen-
ymr mn|ponart na +rane (1) rontko nokasarent crenenn, noctnax moynt . Oxcnenne +roro conera n pyrne
ronkocrn, cnxsannte c ncnontsonannem RSA, moxno nanrn |109].
Peauusauua EKE c noouom ElCamal
Peannsannx EKE na ase anropnrma ElGamal npocra, moxno axe ynpocrnrt ocnonnon nporokon. Hcnontsyx
oosnauennx ns pasena 19.6, g n p cnyxar uacrxmn orkptroro knmua, omnmn nx ncex nontsonarenen . 3akpt-
rtm knmuom xnnxercx cnyuannoe uncno r. Orkptrtm - g
r
mod p. Ha +rane (1) Annca noctnaer Foy cneymmee
coomenne
Annca, g
r
mod p
Oparnre nnnmanne, uro +ror orkptrtn knmu ne nyxno mn|ponart c nomomtm P. B omem cnyuae +ro nenep-
no, no +ro rak nx anropnrma ElGamal algorithm. Hoponocrn n |109].
Fo ntnpaer cnyuannoe uncno R (nx anropnrma ElGamal, nesanncnmo or pyrnx cnyuanntx uncen, ntnpa e-
mtx nx EKE), n coomenne, koropoe on noctnaer Annce na +rane (2), ntrnxnr rak
E
P
(g
R
mod p, Kg
rR
mod p)
Cymecrnymmne orpannuennx na ntop nepemenntx nx ElGamal tnn npnneent n pasene 19.6.
Peauusauua EKE c noouom Diffie-Hellman
Hpn ncnontsonannn nporokona Diffie-Hellman K renepnpyercx anromarnueckn. Okonuarentntn nporokon eme
npome. 3nauennx g n n onpeenxmrcx nx ncex nontsonarenen cern.
(1) Annca ntnpaer cnyuannoe uncno r
A
n noctnaer Foy
A, g
r
A
mod n
Hpn ncnontsonannn Diffie-Hellman Annce ne nyxno mn|ponart c nomomtm P cnoe nepnoe coomenne.
(2) Fo ntnpaer cnyuannoe uncno r
B
n ntuncnxer
Kg
r r
A B
*
mod n
On renepnpyer cnyuannym crpoky R
B
, sarem ntuncnxer n noctnaer Annce:
E
P
( g
r
B
mod n),E
K
(R
B
)
(3) Annca pacmn|pontnaer nepnym nononnny coomennx Foa, nonyuax g
r
B
mod n. 3arem ona ntuncnxer K n
ncnontsyer ero nx mn|ponannx R
B
. Ona renepnpyer pyrym cnyuannym crpoky R
A
,, mn|pyer oe crpokn
knmuom K n noctnaer pesyntrar Foy.
E
K
(R
A
,,R
B
)
(4) Fo pacmn|pontnaer coomenne, nonyuax R
A
, n R
B
. Ecnn nonyuennax or Annct crpoka R
B
connaaer c ron,
koropym on noctnan en na +rane (2), on mn|pyer R
A
knmuom K n noctnaer pesyntrar Annce.
E
K
(R
A
)
(5) Annca pacmn|pontnaer coomenne, nonyuax R
A
. Ecnn nonyuennax or Foa crpoka R
A
connaaer c ron, koro-
pym ona noctnana Foy na +rane (3), nporokon sanepmaercx. Tenept cropont moryr omennnartcx coome-
nnxmn, ncnontsyx K n kauecrne ceanconoro knmua .
Vcuueuue EKE
Fennonnn (Bellovin) n Meppnrr (Merritt) npenoxnnn ynyumenne sanpocno-ornernon uacrn anropnrma , koropoe
nosnonxer nsexart nosmoxnoro nckptrnx npn onapyxennn kpnnroanannrnkom cra poro snauennx K.
Ha asontn nporokon EKE. Ha +rane (3) Annca renepnpyer pyroe cnyuannoe uncno S
A
n noctnaer Foy
E
K
(R
A
, S
A
)
Ha +rane (4), Fo renepnpyer pyroe cnyuannoe uncno S
B
n noctnaer Annce
E
K
(R
A
,,R
B
,S
B
)
Tenept Annca n Fo moryr ntuncnnrt ncrnnntn ceancontn knmu, S
A
S
B
. 3ror knmu n antnenmem ncnont-
syercx nx coomennn, koroptmn omennnamrcx Annca n Fo, K ncnontsyercx n kauecrne knmua omena
knmuamn.
Hocmorpnm na yponnn samnrt, npeocrannxemte EKE. Boccranonnennoe snauenne S ne aer Ene nnkakon nn-
|opmannn o P, rak kak P nnkora ne ncnontsyercx nx mn|ponannx uero-ro rakoro, uro neer nenocpecrnenno k
S. Kpnnroanannrnueckoe nckptrne K rakxe nenosmoxno, K ncnontsyercx rontko nx mn|ponannx cnyuanntx
anntx, a S nnkora ne mn|pyercx orentno.
Pacuupeuum EKE
Hporokon EKE crpaaer onnm ceptesntm neocrarkom: on rpeyer, urot oe cropont snann P. B ontmnn-
crne cncrem anropnsannn ocryna xpanxrcx snauennx ononanpannennon x+m-|ynknnn naponen nontsonarenen, a
ne camn naponn (cm. pasen 3.2). Hporokon Pacmnpenntn EKE (Augmented EKE, A-EKE) ncnontsyer n napnanre
EKE na ase Diffie-Hellman snauenne ononanpannennon x+m-|ynknnn naponx nontsonarenx n kauecrne knmua
cnepxmn|ponannx. 3arem nontsonarent noctnaer ononnnrentnoe coomenne, ocnonannoe na peantnom napone,
+ro coomenne yocronepxer sanono ntpanntn ceancontn knmu .
Bor kak +ro paoraer. Kak n otuno, Annca n Fo xorxr nponepnrt nonnnnocrt pyr pyra n renepnponart
omnn knmu. Onn ntnpamr kakym-nnyt cxemy nn|ponon nonncn, n koropon n kauecrne sakptroro knmua
moxer ncnontsonartcx nmoe uncno, a orkptrtn knmu nonyuaercx ns sakptroro, a ne renepnpyercx orentno .
Hpekpacno noxoxr anropnrmt ElGamal n DSA. Hapont Annct P (nnn, moxer trt, kakoe-nnyt npocroe x+m-
snauenne +roro naponx) yer ncnontsonartcx n kauecrne sakptroro knmua n kak P.
(1) Annca ntnpaer cnyuanntn nokasarent crenenn R
a
n ornpannxer
E
P
( g
r
B
mod n)
(2) Fo, koroptn snaer rontko P n ne moxer nonyunrt ns nero P, ntnpaer R
b
n noctnaer
E
P
( g
r
B
mod n)
(3) Annca n Fo ntuncnxmr omnn ceancontn knmu Kg
r r
A B
*
mod n. Hakonen Annca okastnaer, uro ona cama
snaer P, a ne rontko P, noctnax
E
K
(S
P
(K))
Fo, koroptn snaer K n P, moxer pacmn|ponart n nponepnrt nonnct . Tontko Annca morna npncnart +ro co-
omenne, rak kak rontko ona snaer P. Camosnanen, otnmnn konnm |anna naponen Foa, moxer nontrartcx P,
no on ne cmoxer nonncart ceancontn knmu.
Cxema A-EKE ne paoraer c napnanrom EKE, ncnontsymmnm orkptrte knmun, rak kak n +rom nporokone ona
cropona ntnpaer ceancontn knmu n nanxstnaer ero pyron . 3ro nosnonxer nsnommnky, sanonyunnmemy P, nt-
nonnnrt nckptrne "uenonek n cepenne" .
Hpueueuua EKE
Fennonnn n Meppnrr npenaramr ncnontsonart +ror nporokon nx esonacnon rene|onnon cnxsn |109]:
Hpenonoxnm, uro pasnepnyra cert mn|pymmnx rene|onntx annaparon . Ecnn kro-nnyt xouer nocnontsonartcx raknm
rene|onom, ro nonaonrcx onpeenennax knmuenax nn|opmannx . Omenpnnxrte pemennx. . . rpeymr, urot y snonxmero
tn |nsnuecknn knmu. Bo mnornx cnryannxx +ro nexenarentno. EKE nosnonxer ncnontsonart koporknn, nnonmtn c knannar y-
pt napont, oecneunnax ropaso onee nnnntn ceancontn knmu .
EKE mor t trt nonesen n nx coronon cnxsn. Momennnuecrno npecrannxer coon ontmym nponemy coronon rene| o-
nnn, EKE moxer nomout samnrnrtcx or nero (n oecneunrt sakptrocrt snonka) sa cuer npoaxn rene|onon, ecnonesntx es
nneennx PIN-koa. Tak kak PIN-ko ne xpannrcx n rene|one, ero nenosmoxno nsnneut ns ykpaennoro +ksemnnxpa.
Inannax cnna EKE cocronr n rom, uro kpnnrorpa|nx c orkptrtmn knmuamn n cnmmerpnunax kpnnrorpa|nx
oennxmrcx n ycnnnnamr pyr pyra:
B omen nepcnekrnne EKE paoraer kak vcu.ume.i cerpemuocmu. To ecrt, ero moxno ncnontsonart nx ycnnennx cpannn-
rentno cnatx cnmmerpnuntx n acnmmerpnuntx cncrem, ncnontsyemtx nmecre . Paccmorpnm, nanpnmep, pasmep knmua, neoxo-
nmtn nx oecneuennx esonacnocrn npn ncnontsonannn omena knmuom - nokasarenem crenenn . Kak nokasann haMauua
(LaMacchia) n Ontxko (Odlyzko) |934], axe moynn c pasmepamn, cunranmnmncx esonacntmn, (a nmenno, 192 nra) uyncr-
nnrentnt k nckptrnm, sannmammemy neckontko mnnyr komntmrepnoro npemenn . Ho nx nckptrne cranonnrcx nenosmoxntm,
ecnn neoxonmo nepe npnmenennem nckptrnx yraart n apont.
C pyron cropont, cnoxnocrt nckptrnx omena knmuamn - nokasarenxmn crenenn moxer trt ncnontsonana nx cptna n o-
ntrok yraart napont. Bosmoxnocrt nckptrnx yratnannem naponx sanncnr or ckopocrn nponepkn kaxoro npenonoxennx .
Ecnn nx ntnonnennx rakon nponepkn neoxonmo ntnonnnrt omen knmuamn - nokasarenxmn crenenn , ro omee npemx +|-
|ekrno nospacraer.
EKE sanarenronan |111].
22.6 3amnmennme neperonopm o knmue
3ra cxema rakxe samnmaer neperonopt o knmue or nnoxoro ntopa naponen n nckptrnn "uenonek n cepenne"
|47, 983]. B nen ncnontsyercx x+m-|ynknnx nyx nepemenntx, onaammax ocoenntm cnoncrnom : ona uacro
npnnonr k cronknonennxm no nepnon nepemennon, n npakrnueckn nnkora - no nropon .
H(x,v) H(H(k,x) mod 2
m
, x), re H(k,x) - otunax |ynknnx k n x
Bor kak ntrnxnr +ror nporokon. Annca n Fo ncnontsymr omnn cekperntn napont P n yxe omenxnnct cek-
perntm knmuom K, ncnontsyx omen knmuom Dime-Hellman. Onn ncnontsymr P nx nponepkn, uro nx ceanconte
knmun onnakont (n uro Ena ne npenpnnxna nckptrne "uenonek n cepenne" ), ne nosnonxx Ene nonyunrt P.
(1) Annca noctnaer Foy
H(P,K)
(2) Fo ntuncnxer H(P,K) n cpannnnaer pesyntrar co snauennem, npncnanntm Anncon . Ecnn onn connaamr,
on noctnaer Annce
H(H(P,K))
(3) Annca ntuncnxer H(H(P,K)) n cpannnnaer pesyntrar co snauennem, nonyuenntm or Foa .
Ecnn Ena ntraercx ntnonnnrt nckptrne "uenonek n cepenne", ona ncnontsyer onn knmu, K
1
, omnn c Ann-
con, n pyron, K
2
, omnn c Foom. urot omanyrt Foa na +rane (2), en npnercx ntuncnnrt omnn napont n
sarem nocnart Foy H(P,K
2
). Hpn ncnontsonannn otunon x+m-|ynknnn ona moxer nepenpart uacro ncrpeua m-
mnecx naponn, noka ne yraaer npannntntn, n sarem ycnemno nponnknyrt n nporokon. Ho npn ncnontsonannn
npenaraemon x+m-|ynknnn, mnorne naponn amr ono n ro xe snauenne npn x+mnponannn c knmuom K
1
. Ho+ro-
my, kora ona naxonr connaenne, ro ckopee ncero +ro nenpannntntn napont, n n +rom cnyuae Foa omanyrt ne
yacrcx.
22.7 Pacnpepenenne knmua pnn konqepenunn n cekpe1nan mnpokonema1enunan
nepepaua
Annca xouer nepeart coomenne M cpasy neckontknm nonyuarenxm. Onako ona concem ne xouer, urot kro
yrono cmor npouecrt ero. B encrnnrentnocrn, en nyxno, urot rontko nonyuarenn ns onpeenennoro nomnoxe-
crna mornn npannntno packptrt M. V ncex ocrantntx onxna nonyunrtcx uenyxa .
Annca moxer ncnontsonart nx kaxoro nonyuarenx ornnuntn knmu (cekperntn nnn orkptrtn) . Ona mn|py-
er coomenne kaknm-nnyt cnyuanntm knmuom K. 3arem ona mn|pyer konnm K kaxtm ns knmuen ntpanntx
nonyuarenen coomennx. Hakonen ona mnpokonemarentno noctnaer samn|ponannoe coomenne , a sarem nce sa-
mn|ponannte K. Cnymammnn nepeauy Fo nno ntraercx pacmn|ponart nce K cnonm cekperntm knmuom, nt-
raxct nanrn npannntntn, nno, ecnn Annca ne satna nepeuncnnrt nonyuarenen cnoero coomennx, on nmer cnoe
nmx, conponoxaemoe samn|ponanntm knmuom. Takxe yer paorart n panee paccmorpennax kpnnrorpa|nx c
neckontknmn knmuamn.
pyron cnoco npenaraercx n |352]. Cnauana kaxtn ns nonyuarenen oronapnnaercx c Anncon o omem nx
nnx nonx knmue, koroptn nnnnee nmoro nosmoxnoro mn|ponannoro coomennx . Bce +rn knmun onxnt trt
nsanmno npocrtmn. Ona mn|pyer coomenne cnyuanntm knmuom K. 3arem ona ntuncnxer ono nenoe uncno R,
koropoe no moynm cekpernoro knmua konrpy+nrno K, ecnn +ror cekperntn knmu npenonaraercx ncnontsonart
nx pacmn|ponkn coomennx, n konrpy+nrno nynm n npornnnom cn yuae.
Hanpnmep, ecnn Annca xouer, urot cekper nonyunnn Fo, K+pon n 3nnen, no ne +nn n up+nk, ona mn|pyer
coomenne knmuom K n sarem ntuncnxer rakoe R, uro
R K (mod K
B
)
R K (mod K
C
)
R 0 (mod K
D
)
R K (mod K
E
)
R 0 (mod K
F
)
3ro npocrax anrepanueckax nponema, koropax nerko moxer trt pemena Anncon . Kora +ro coomenne y-
er npnnxro nonyuarenxmn, onn ntuncnxr snauenne nonyuennoro knmua no moynm nx cekpernoro knmua . Te, ko-
my npenasnauanoct +ro coomenne, n pesyntrare ntuncnennx nonyuar nyxntn knmu. B npornnnom cnyuae p e-
syntrarom yer 0.
Eme onn, rpernn, nyrt, ncnontsymmnn noporonym cxemy (cm. pasen 3.7), npenaraercx n |141]. Kak n n py-
rnx cnocoax kaxtn norennnantntn nonyuarent nonyuaer cekperntn knmu . 3ror knmu xnnxercx rentm n eme ne
cosannon noporonon cxeme. Annca coxpanxer px cekperntx knmuen nx cex, nnocx nekoropym nenpeckasy e-
mocrt n cncremy. Hycrt ncero cymecrnyer k nosmoxntx nonyuarenen. Tora nx mnpokonemarentnon nepeaun M
Annca mn|pyer M knmuom K n enaer cneymmee.
(1) Annca ntnpaer cnyuannoe uncno f. 3ro uncno npnsnano samacknponart konnuecrno nonyuarenen
coomennx. Ono ne onxno trt cnnmkom ontmnm n axe moxer pannxrtcx nynm .
(2) Annca cosaer noporonym cxemy (k f 1, 2k f 1), n koropon:
K - +ro cekper.
Cekpernte knmun apecaron coomennx cnyxar renxmn .
Cekpernte knmun nontsonarenen, koroptx ner cpen nonyuarenen coomennx, ne xnnxmrcx renxmn .
f renen ntnpamrcx cnyuanntm opasom, ne connaax nn c onnm cekperntm knmuom.
(3) Annca mnpokonemarentno nepeaer k f cnyuanno ntpanntx renen, nn ona ns koroptx ne connaaer c
renxmn +rana (2).
(4) Kaxtn ns cnymarenen, npnnxnmnx mnpokonemarentnoe coomenne, oannxer cnom rent k nonyuenntm k
f renxm. Ecnn oannenne cnoen renn nosnonxer nontsonarenm ntuncnnrt cekper, ro emy yanoct orkptrt
knmu. B npornnnom cnyuae - ne yanoct.
pyron noxo moxno nanrn n |885, 886, 1194]. H eme onn - n |1000].
Pacnpeeueuue rumue ua rouqepeuuuu
3ror nporokon nosnonxer rpynne ns n nontsonarenen oronopnrtcx o cekpernom knmue, ncnontsyx rontko n e-
cekpernte kanant. Ipynna ncnontsyer na omnx ontmnx npocrtx uncna p n q, a rakxe reneparop g ron xe nn-
nt, uro n q.
(1) Hontsonarent i, re i or 1 o n, ntnpaer cnyuannoe uncno r
i
, mentmee q, n mnpokonemarentno ornpannxer
:
i
g
r
i
mod p
(2) Kaxtn nontsonarent nponepxer, uro :
i
q
1 (mod p) nx ncex i or 1 o n.
(3) i-tn nontsonarent mnpokonemarentno nepeaer
xi (:
i1
/:
i-1
)
r
i
mod p
(4) i-tn nontsonarent ntuncnxer
K (:
i-1
)
nr
i
*x
i
n-1
*x
i1
n-2
* . . . *x
i-2
mod p
Bce ntuncnennx nnekcon n npnneennom nporokone - i-1, i-2 n i1 - nponoxrcx mod n. Ho okonuannn nporo-
kona y ncex uecrntx nontsonarenen okaxercx onn n ror xe K. A nce ocrantnte nnuero ne nonyuar. Onako +ror
nporokon ne moxer ycroxrt nepe nckptrnem "uenonek n cepenne" . pyron nporokon, ne rakon xopomnn, npnne-
en n |757].
1ateboyashi-Matsuzaki-Newman
3ror nporokon pacnpeenennx knmuen noxonr nx ncnontsonannx n cerxx |1521]. Annca xouer c nomomtm
Tpenra, KDC, renepnponart knmu nx ceanca cnxsn c Foom. Bcem yuacrnnkam nsnecren orkptrtn knmu Tpenra
n. Tpenry nsnecrnt na npocrtx mnoxnrenx n, n, cneonarentno, on moxer nerko ntuncnxrt knaparnte kopnn no
moynm n. Cneymmnn nporokon ne coepxnr nekoroptx eranen, no nosnonxer nonyunrt omee npecrannenne .
(1) Annca ntnpaer cnyuannoe uncno r
A
n noctnaer Tpenry
r
A
3
mod n
(2) Tpenr coomaer Foy, uro kro-ro xouer omenxrtcx c nnm knmuom.
(3) Fo ntnpaer cnyuannoe uncno r
B
n noctnaer Tpenry
r
B
3
mod n
(4) Tpenr, ncnontsyx cnon sakptrtn knmu, pacmn|pontnaer r
A
n r
B
. On noctnaer Annce
r
A
r
B
(5) Annca ntuncnxer
(r
A
r
B
) r
A
r
B
Ona ncnontsyer r
B
nx esonacnoro ceanca cnxsn c Foom.
Hporokon ntrnxnr xopomo, no coepxnr samerntn nsxn. K+pon moxer nocnymart +ran(3) n ncnontsonart
+ry nn|opmannm, nocnontsonanmnct nomomtm onepunnoro Tpenra n cnoero coomnnka +nna, urot packptrt
|1472].
(1) K+pon ntnpaer cnyuannoe uncno r
C
n noctnaer Tpenry
r
B
3
r
C
3
mod n
(2) Tpenr coomaer +nny, uro kro-ro xouer omenxrtcx c nnm knmuom .
(3) +nn ntnpaer cnyuannoe uncno r
,
n noctnaer Tpenry
r
,
3
mod n
(4) Tpenr, ncnontsyx cnon sakptrtn knmu, pacmn|pontnaer r
C
n r
,
. On noctnaer K+pon
(r
B
r
C
mod n) r
,
(5) +nn noctnaer r
,
K+pon.
(6) K+pon ncnontsyer r
C
n r
,
nx nonyuennx r
B
. Ona ncnontsyer r
B
nx pacmn|pontnannx neperonopon Annct n
Foa.
3ro nnoxo.
Fnana 23
Cneunanunme anropn1um pnn npo1okonon
23.1 Kpnn1orpaqnn c neckonuknun o1kpm1mun knmuaun
3ro oomenne RSA (cm. pasen 19.3) |217, 212]. Moynt n xnnxercx nponsneennem nyx npocrtx uncen p n
q. Onako nmecro e n d, nx koroptx ed 1 mod ((p-1)(q-1)), ntnpaercx t knmuen K
i
, nx koroptx ntnonnxercx
K
1
* K
2
*. . . *K
t
1 mod ((p-1)(q-1))
Tak kak
M M
K K K
t 1 2
* *...*
=
ro +ra cxema okastnaercx cxemon c neckontknmn knmuamn, onncannax n pasene 3.5.
Ecnn, nanpnmep, ncnontsyercx nxrt knmuen, ro coomenne, samn|ponannoe knmuamn K
3
n K
5
, moxer trt
pacmn|ponano c nomomtm K
1
, K
2
n K
4
.
C M
K K
3 5
*
mod n
M C
K K K
1 2 4
* *
mod n
Onnm ns npnmenennn +ron cxemt xnnxercx nonncanne okymenra neckontknmn nmtmn . Hpecrannm cnrya-
nnm, kora nx roro, urot okymenr tn encrnnrenen, on onxen trt nonncan n Anncon, n Foom . Hcnont-
symrcx rpn knmua: K
1
, K
2
n K
3
. Annca n Fo nonyuamr no onomy knmuy ns nepntx nyx , a rpernn onynnkontna-
ercx.
(1) Cnauana Annca nonnctnaer M n noctnaer ero Foy.
M M
K
1
mod n
(2) Fo moxer noccranonnrt M no M.
M M
K K
'
*
3 5
mod n
(3) On moxer rakxe oannrt cnom nonnct.
M M
K
'
2
mod n
(4) Hponepnrt nonncn moxno npn nomomn orkptroro knmua K
3
.
M M
K
' '
3
mod n
Oparnre nnnmanne, uro nx paorocnoconocrn +ron cncremt nyxna sacnyxnnammax onepnx cropona, kor o-
pax ycranonnna t cncremy n ntana knmun Annce n Foy . Ta xe nponema cymecrnyer n n cxeme |484]. Fonee
ronkax cxema onncana n |695, 830, 700], Ho ycnnnx, npenpnnnmaemte nx nponepkn, nponopnnonantnt konnu e-
crny nonnctnammnx. Honte cxemt |220, 1200], ocnonannte na cxemax nenrn|nkannn c nynentm snannem,
npeoonenamr +rn neocrarkn npemecrnymmnx cn crem.
23.2 Anropn1um paspenennn cekpe1a
B pasene 3.7 x paccmarpnnan nem, ncnontsyemym n cxemax pasenennx cekpera . uertpe npnneenntx nnxe
pasnnuntx anropnrma npecrannxmr coon uacrnte cnyuan omero reopernueckoro noxoa |883].
Cxea uumepnouauuouumx uoeouueuoe Baepauxa
nx cosannx noporonon cxema An Bamnp nocnontsonancx ypannennxmn nx mnorounenon n koneunom none
|1414]. Btepem npocroe uncno p, koropoe ontme konnuecrna nosmoxntx renen n ontme camoro ontmoro ns
nosmoxntx cekperon. urot cenart cekper omnm, crenepnpyem nponsnontntn mnorounen crenenn m-1. Hanpn-
mep, ecnn nyxno cosart noporonym cxemy (3,n) (nx noccranonnennx M norpeyercx rpn renn), renepnpyercx
knaparnuntn mnorounen
(ax
2
bx M) mod p
re p - +ro cnyuannoe npocroe uncno, ontmee nmoro ns ko+||nnnenron . Ko+||nnnenrt a n b ntnpamrcx
cnyuanntm opasom, onn xpanxrcx n ranne n orpactnamrcx nocne roro, kak pacnpeenxmrcx renn . M - +ro coo-
menne. Hpocroe uncno onxno trt onynnkonano. Tenn nonyuamrcx c nomomtm ntuncnennx mnorounena n n
pasnnuntx roukax:
k
i
F(x
i
)
pyrnmn cnonamn, nepnon rentm moxer trt snauenne mnorounena npn x 1, nropon rentm - snauenne mno-
rounena npn x 2, n r..
Tak kak n knaparnuntx mnorounenax rpn nensnecrntx ko+||nnnenra , a, b n M, nx cosannx rpex ypannennn
moxno ncnontsonart nmte rpn nenn. Onon nnn nyx renen ne xnarnr, a uertpex nnn nxrn renen yer mnoro .
Hanpnmep, nycrt M panno 11. urot cosart noporonym cxemy (3, 5), n koropon nmte rpoe ns nxrn uenonek
moryr noccranonnrt M, cnauana nonyunm knaparnunoe ypannenne (7 n 8 - cnyuanno ntpannte uncna chosen ran-
domly):
F(x) (7x
2
5x 11) mod 13
Hxrtm renxmn xnnxmrcx:
k
1
F(1) 7 8 11 0 (mod 13)
k
2
F(2) 28 16 11 3 (mod 13)
k
3
F(3) 63 24 11 7 (mod 13)
k
4
F(4) 112 32 11 12 (mod 13)
k
5
F(5) 175 40 11 5 (mod 13)
urot noccranonnrt M no rpem renxm, nanpnmep, k
2
, k
3
n k
5
, pemaercx cncrema nnnenntx ypannennn:
a*2
2
b*2 M 3 (mod 13)
a*3
2
b*3 M 7 (mod 13)
a*5
2
b*5 M 5 (mod 13)
Pemennem yyr a 7, b 8 n M 11. Hrak, M nonyueno.
3ry cxemy pasenennx moxno nerko peannsonart nx ontmnx uncen . Ecnn nt xornre pasnrt coomenne na
30 panntx uacren rak, urot noccranonnrt coomenne moxno tno, oennnn nmte mecrt ns nnx , ntanre
kaxomy ns 30 uenonek snauennx mnorounena nxron crenenn .
F(x) ax
5
bx
4
cx
3
dx
2
ex M (mod p)
Becrt uenonek moryr mecrt nensnecrntx (nknmuax M), no nxreptm ne yacrcx ysnart nnuero o M.
Hanonee nneuarnxmmnm momenrom conmecrnoro ncnontsonannx cekpera xnnxercx ro, uro, ecnn ko+||nnne n-
rt ntpant cnyuanntm opasom, nxrt uenonek axe npn nomomn eckoneuntx ntuncnnrentntx momnocren ne
cmoryr ysnart nnuero, kpome nnnt coomennx (koropax n rak nm nsnecrna) . 3ro rakxe esonacno, kak onopaso-
ntn noknor, nontrka ntnonnnrt ncuepntnammnn nonck (ro ecrt, nepeop ncex nosmoxntx mecrtx renen) no-
kaxer, uro nmoe nosmoxnoe coomenne ocranercx cekperntm . 3ro cnpanennno nx ncex npecrannenntx n +ron
knnre cxem pasenennx cekpera.
Bermopuaa cxea
xopx Fn+knn (George Blakley) nsopen cxemy, ncnontsymmym nonxrne rouek n npocrpancrne |182]. Coo-
menne onpeenxercx kak rouka n m-mepnom npocrpancrne. Kaxax rent - +ro ypannenne (m-1)-mepnon rnnepnno-
ckocrn, coepxamen +ry rouky.
Hanpnmep, ecnn nx noccranonnennx coomennx nyxnt rpn renn, ro ono xnnxercx roukon n rpexmepnom np o-
crpancrne. Kaxax rent npecrannxer coon nnym nnockocrt . 3nax ony rent, moxno yrnepxart, uro rouka nax o-
nrcx re-ro na nnockocrn. 3nax ne renn - uro ona naxonrcx re-ro na nnnnn nepeceuennx nyx nnockocren . 3nax
rpn renn, moxno rouno onpeennrt, uro rouka naxonrcx na nepeceuennn rpex nnockocren .
Asmuth-Bloom
B +ron cxeme ncnontsymrcx npocrte uncna |65]. nx (m, n)-noporonon cxemt ntnpaercx ontmoe npocroe
uncno p, ontmee M. 3arem ntnpamrcx uncna, mentmne p - d
1
, d
2
, . . . d
n
, nx koroptx:
1. 3nauennx d
i
ynopxouent no nospacrannm, d
i
d
i1
2. Kaxoe d
i
nsanmno npocro c nmtm pyrnm d
i
3. d
1
*d
2
* . . .*d
m
~ p*d
n-m2
*d
n-m3
*. . .*d
n
urot pacnpeennrt renn, cnauana ntnpaercx cnyuannoe uncno r n ntuncnxercx
M M rp
Tenxmn, k
i
, xnnxmrcx
k
i
M mod d
i
Oennnn nmte m renen, moxno noccranonnrt M, ncnontsyx knranckym reopemy o ocrarkax, no +ro nenos-
moxno c nomomtm nmtx m-1 renen. Hoponocrn npnneent n |65].
Karnin-Creene-Hellman
B +ron cxeme ncnontsyercx marpnunoe ymnoxenne |818]. Btnpaercx n1 m-mepntx nekropon, J
0
, J
1
, . . . J
n
,
rak, uro panr nmon marpnnt pasmepom m*m, opasonannon ns +rnx nekropon, panen m. Bekrop U - +ro nekrop
pasmepnocrn m1.
M - +ro marpnunoe nponsneenne UJ
0
. Tenxmn xnnxmrcx nponsneennx UJ
i
, re i menxercx or 1 o n.
hmte m renen moxno ncnontsonart nx pemennx cncremt nnnenntx ypannennn pasmepnocrn m*m, nens-
necrntmn xnnxmrcx ko+||nnnenrt U. UJ
0
moxno ntuncnnrt no U. Hcnontsyx nmte m-1 renen, pemnrt cncre-
my ypannennn n, raknm opasom, noccranonnrt cekper nenosmoxno .
Bouee cuoxume nopoeoeme cxem
B npetymnx npnmepax nokasant rontko npocrenmne noporonte cxemt : cekper ennrcx na n renen rak, uro-
t, oennnn nmte m ns nnx, moxno tno packptrt cekper. Ha ase +rnx anropnrmon moxno cosart namnoro
onee cnoxnte cxemt. B cneymmnx npnmepax yer ncnontsonartcx anropnrm Bamnpa, xorx yyr paorart n
nce ocrantnte.
urot cosart cxemy, n koropon onn ns yuacrnnkon naxnee pyrnx, emy ntaercx ontme renen . Ecnn nx
noccranonnennx cekpera nyxno nxrt renen, n y koro-ro ecrt rpn renn, a y ncex ocrantntx - no onon , +ror uenonek
nmecre c nmtmn nymx pyrnmn moxer noccranonnrt cekper . Fes ero yuacrnx nx noccranonnennx cekpera norp e-
yercx nxrt uenonek.
Ho neckontko renen moryr nonyunrt na uenoneka n onee . Kaxomy uenoneky moxer trt ntano ornnunoe
uncno renen. Hesanncnmo or roro, ckontko renen tno posano, nx noccranonnennx cekpera norpeyercx nmte
m ns nnx. Hn onn uenonek, nn nenax rpynna ne cmoryr noccranonnrt cekper, onaax rontko m-1 renxmn.
nx pyrnx cxem npecrannm cnenapnn c nymx npaxentmn enerannxmn . Moxno pacnpeennrt cekper rak,
urot nx ero noccranonnennx norpeonanoct noe ns 7 yuacrnnkon enerannn A n rpoe ns 12 yuacrnnkon enera-
nnn B. Cosaercx mnorounen crenenn 3, koroptn xnnxercx nponsneennem nnnennoro n knaparnoro ntpaxennn .
Kaxomy yuacrnnky enerannn A ntaercx rent, koropax xnnxercx snauennem nnnennoro ntpaxennx, a yuacrn n-
kam enerannn B ntamrcx snauennx knaparnunoro ntpaxennx .
nx noccranonnennx nnnennoro ntpaxennx ocrarount nmte ne renn yuacrnnkon enerannn A, no nesann-
cnmo or roro, ckontko pyrnx renen ecrt y enerannn , ee yuacrnnkn ne cmoryr nnuero ysnart o cekpere . Ananornu-
no nx enerannn B: ee yuacrnnkn moryr cnoxnrt rpn renn, noccranannnnax knaparnoe ntpaxenne, no pyrym
nn|opmannm, neoxonmym nx noccranonnennx cekpera n nenom, onn nonyunrt ne cmoryr . Tontko nepemnoxnn
cnon ntpaxennx, yuacrnnkn nyx enerannn cmoryr noccranonnrt cekper .
B omem cnyuae, moxer trt peannsonana nmax mtcnnmax cxema pasenennx cekpera . Horpeyercx rontko
nanncart cncremy ypannennn, coornercrnymmnx konkpernon cncreme. Bor neckontko npekpacntx craren na remy
oomenntx cxem pasenennx cekpera |1462, 1463, 1464].
Paseueuue cerpema c oueuuurau
3ror anropnrm nsmenxer cranaprnym noporonym cxemy (m, n) nx onapyxennx momennnkon |1529]. noka-
xy ero ncnontsonanne na ase cxemt harpanxa , no anropnrm paoraer n c pyrnmn cxemamn. Btnpaercx npocroe
uncno p, ontmee n n ontmee
(s - 1)(m - 1)/e m
re s - +ro camtn ontmon nosmoxntn cekper, a e - nepoxrnocrt ycnexa momennnuecrna. e moxno cenart na-
crontko mantm, nackontko +ro neoxonmo, +ro npocro ycnoxnnr ntuncnennx . Hocrponre renn kak pantme, no
nmecro ncnontsonannx 1, 2, 3, . . . , n nx x
i
, ntepnre cnyuanntm opasom uncna ns nanasona or 1 o p-1.
Tenept, ecnn M+nnopn npn noccranonnennn cekpera samennr cnom uacrt noenkon , ero rent c ntcokon nepo-
xrnocrtm okaxercx nenosmoxnon. Henosmoxntn cekper, koneuno xe, okaxercx noenanntm cekperom . Marema-
rnka +ron cxemt npnneena n |1529].
K coxanennm, xorx momennnuecrno M+nnopn n yer orkptro, emy yacrcx ysnart cekper (npn ycnonnn, uro
nce ocrantnte nyxnte renn npannntnt). Or +roro samnmaer pyron nporokon, onncanntn n |1529, 975]. Ocnon-
non neen xnnxercx ncnontsonanne naopa ns k cekperon, rak urot nnkro ns yuacrnnkon sapanee ne snan, kakon
ns nnx npannntntn. Kaxtn cekper, sa ncknmuennem nacroxmero, ontme npetymero. Vuacrnnkn oennxmr
cnon renn, nonyuax onn cekper sa pyrnm, noka onn ne nonyuar nanmentmee snauenne cekpera . 3ror cekper n
yer npannntntm.
B +ron cxeme momennnkn nerko ntxnnxmrcx eme o nonyuennx koneunoro cekpera . Cymecrnyer onpeenennte
cnoxnocrn, ecnn yuacrnnkn npexnnxmr cnon renn no ouepen, noponocrn moxno nanrn n nnreparype . B cne-
ymmnx paorax rakxe paccmarpnnamrcx onapyxenne n npeornpamenne momennnuecrna n noporontx cxemax
|355, 114, 270].
23.3 Dopcosna1enunm kanan
Ong-Schnorr-Shamir
3ror nocosnarentntn kanan (cm. pasen 4.2), paspaoranntn Iycranycom Cnmmoncom (Gustavus Simmons)
|1458, 1459, 1460], ncnontsyer cxemy nenrn|nkannn Ong-Schnorr-Shamir (cm. pasen 20.5). Kak n n opnrnnant-
non cxeme ornpannrent (Annca) ntnpaer omeocrynntn moynt n n sakptrtn knmu k rak, urot n n k tnn
nsanmno npocrtmn uncnamn. B ornnunn or opnrnnantnon cxemt k ncnontsyercx conmecrno Anncon n Foom, no-
nyuarenem n nocosnarentnom kanane. Orkptrtn knmu ntuncnxercx cneymmnm opasom:
h -k
2
mod n
Ecnn Annce nyxno ornpannrt nocosnarentnoe coomenne M n esonnom coomennn M, ona cnauana npo-
nepxer, uro napt M n n, a rakxe M n n xnnxmrcx nsanmno npocrtmn uncnamn. Annca ntuncnxer
S
1
1/2*((M/M M)) mod n
S
2
1/2*((M/M - M)) mod n
Hapa uncen S
1
n S
2
npecrannxer coon nonnct n rpannnonnon cxeme Ong-Schnortr-Shamir n ononpemenno
xnnxercx nocnrenem nocosnarentnoro coomennx .
Tmpemmnk Vonrep (nomnnre rakoro?) moxer nponepnrt nonnnnocrt coomennx, kak +ro npnnxro n Ong-
Schnorr-Shamir, no Fo moxer cenart eme koe-uro. On moxer nponepnrt nonnnnocrt coomennx (Bcera nos-
moxno, uro Vonrep nontraercx emy nocynyrt noentnoe coomenne ). On nponepxer, uro
S
1
2
- S
2
2
M (mod n)
Ecnn nonnnnocrt coomennx okasana, nonyuarent moxer nsnneut n nocosnarentnoe coomenne, ncnontsyx
cneymmym |opmyny:
MM/(S
1
S
2
k
-1
) mod n
3ro paoraer, no ne satnanre, uro cama cxema Ong-Schnorr-Shamir tna nsnomana.
ElCamal
pyron npenoxenntn Cnmmoncom nocosnarentntn kanan |1459], onncanntn n |1407, 1473], ocnonan na
cxeme nonncn ElGamal cm. pasen 19.6).
Ienepannx knmua ntnonnxercx rakxe, kak n n ocnonnon cxeme nonncn ElGamal. Cnauana ntnpaercx npocroe
uncno p n na cnyuanntx uncna, g n r, mentmne p. 3arem ntuncnxercx
K g
r
mod p
Orkptrtm knmuom cnyxar K, g n p. 3akptrtm knmuom xnnxercx r. Homnmo Annct r nsnecrno n Foy, +ro
uncno ncnontsyercx ne rontko nx nonncn esonnoro coomennx, no n n kauecrne knmua nx ornpankn n ur e-
nnx nocosnarentnoro coomennx.
urot nocnart nocosnarentnoe coomenne M n esonnom coomennn, M, M n p onxnt trt nonapno
nsanmno npocrtmn, kpome roro, nsanmno npocrtmn onxnt trt M n p-1. Annca ntuncnxer
X g
M
mod p
n pemaer cneymmee ypannenne nx Y (c nomomtm pacmnpennoro anropnrma 3nknna ):
M rX MY mod (p-1)
Kak n n asonon cxeme ElGamal, nonnctm xnnxercx napa uncen: X n Y. Vonrep moxer nponepnrt nonnct El-
Gamal. On yexaercx, uro
K
X
X
Y
g
M
(mod p)
Fo moxer noccranonnrt nocosnarentnoe coomenne. Cnauana on yexaercx, uro
(g
r
)
X
X
Y
g
M
(mod p)
Ecnn +ro rak, on cunraer coomenne nonnnntm (ne noenanntm Vonrepom) . 3arem nx noccranonnennx M
on ntuncnxer
M (Y
-1
(M - rX)) mod (p - 1)
Hanpnmep, nycrt p 11, a g 2. 3akptrtn knmu r ntnpaercx panntm 8. 3ro osnauaer, uro orkptrtm knm-
uom, koroptn Vonrep moxer ncnontsonart nx nponepkn nonncn, yer g
r
mod p 2
8
mod 11 3.
urot ornpannrt nocosnarentnoe coomenne M 9, ncnontsyx esonnoe coomenne M 5, Annca npone-
pxer, uro 9 n 11, a rakxe 5 n 11 nonapno nsanmno npocrt. Ona rakxe yexaercx, uro nsanmno npocrt 9 n
11-110. 3ro rak, no+romy ona ntuncnxer
X g
M
(mod p) 2
9
mod 11 6
3arem ona pemaer cneymmee ypannenne nx Y:
5 8 6 9 Y mod 10
Y 3, no+romy nonnctm cnyxnr napa uncen 6 n 3 ( X n Y). Fo yexaercx, uro
(g
r
)
X
X
Y
g
M
(mod p)
(2
8
)
6
6
3
2
5
(mod 11)
3ro rak (ntnonnnre apn|mernueckne encrnnx camocroxrentno, ecnn nt mne ne nepnre ), no+romy on moxer
packptrt nocosnarentnoe coomenne, ntuncnxx
M (Y
-1
(M - rX)) mod (p - 1) 3
-1
(5 - 8*6) mod 10 7(7) mod 10 49 mod 10 9
ESICN
Hocosnarentntn kanan moxno oannrt n k ESIGN |1460] (cm. pasen 20.6). B ESIGN cekperntn knmu xnnx-
ercx napon ontmnx npocrtx uncen p n q, a orkptrtm knmuom cnyxnr n p
2
q. Hcnontsonannn nocosnarentnoro
kanana sakptrtm knmuom xnnxmrcx rpn npocrtx uncna p, q n r, a orkptrtm knmuom - n, rakoe uro
n p
2
qr
Hepemennax r - +ro ononnnrentnte annte, nyxnte Foy nx npourennx nocosnarentnoro coomennx .
urot nonncart otunoe coomenne, Annca cnauana ntnpaer cnyuannoe uncno x, mentmee pqr, n
ntuncnxer:
w, nanmentmee nenoe, koropoe ontme nnn panno (H(m) - x
k
mod n)/pq
s x ((w/kx
k-1
mod p) pq
H(m) - +ro x+m-snauenne coomennx, a k - napamerp esonacnocrn. Honnctm xnnxercx snauenne s.
nx nponepkn nonncn Fo ntuncnxer s
k
mod n. Kpome +roro, on ntuncnxer a, nanmentmee nenoe, koropoe
ontme nnn panno ynoennomy uncny nron n, enennomy na 3. Ecnn H(m) mentme nnn panna s
k
mod n, n ecnn s
k
mod n mentme H(m)2
a
, ro nonnct cunraercx npannntnon.
nx ornpankn nocosnarentnoro coomennx M c nomomtm esonnoro coomennx M Annca ntuncnxer s, nc-
nontsyx M nmecro of H(m). 3ro osnauaer, uro coomenne onxno trt mentme, uem p
2
qr. 3arem ona ntnpaer
cnyuannoe uncno u n ntuncnxer
x M ur
3arem +ro snauenne x ncnontsyercx n kauecrne "cnyuannoro uncna" x npn nonncn M. Coornercrnymmee sna-
uenne s noctnaercx n kauecrne nonncn.
Vonrep moxer nponepnrt, uro s (nropoe s) xnnxercx npannntnon nonnctm M Touno rakxe nponepnrt nonnn-
nocrt coomennx moxer n Fo. Ho, rak kak emy nsnecrno n r, on moxer ntuncnnrt
s x vpqr M ur vpqr M (mod r)
3ra peannsannx nocosnarentnoro kanana namnoro nyume nyx npetymnx . B napnanrax Ong-Schnorr-
Shamir n ElGamal y Foa onxen trt sakptrtn knmu Annct. Fo cmoxer ne rontko unrart nocosnarentnte
coomennx Annct, no n ntanart cex sa Anncy, nonnctnax otunte okymenrt . Annca nnuero c +rnm ne cmo-
xer noenart, ycranannnnax rakon nocosnarentntn kanan, en npnercx onepnrtcx Foy .
Cxema ESICN crpaaer or +ron nponemt. 3akptrtm knmuom Annct cnyxnr naop rpex npocrtx uncen: p, q
n r. Cekperntm knmuom Foa xnnxercx rontko r. On snaer n p
2
qr, no, urot packptrt p n q, emy nonaonrcx
pasnoxnrt na mnoxnrenn +ro uncno. Ecnn npocrte uncna ocrarouno nennkn, Foy yer rak xe rpyno ntart
cex sa Anncy, kak n Vonrepy nnn komy-nnyt eme .
DSA
Hocosnarentntn kanan cymecrnyer n n DSA (cm. pasen 20.1) |1468, 1469, 1473]. Ha camom ene nx axe
moxer trt neckontko. Hpocrenmnn nocosnarentntn kanan nknmuaer ntop k. Hpenonaraercx, uro +ro yer
160-nronoe uncno. Onako, ecnn Annca ntnpaer konkpernoe k, ro Fo, snax sakptrtn knmu Annct, cmoxer
packptrt +ro k. Annca noctnart Foy 160-nronoe nocosnarentnoe coomenne n kaxon nonncn DSA, a nce
ocrantnte yyr rontko nponepxrt nonnct Annct. ononnnrentnoe ycnoxnenne: Tak kak k onxno trt cny-
uanntm, Annca n Fo onxnt ncnontsonart omnn onopasontn noknor n mn|ponart nocosnarentnoe coo -
menne c nomomtm +roro noknora, renepnpyx k.
B DSA ecrt nocosnarentnte kanant, ne rpeymmne nepeanart Foy sakptrtn knmu Annct . Onn rakxe
nopasymenamr ntop konkperntx snauennn k, no ne moryr nepeanart no 160 nron nn|opmannn. Cneymmax
cxema, npecrannennax n |1468, 1469], nosnonxer Annce n Foy omennnartcx n kaxon nonncn onnm nrom
nocosnarentnon nn|opmannn.
(1) Annca n Fo ntnpamr cnyuannoe npocroe uncno P (ornnuammeecx or napamerpa p n cxeme nonncn). 3ro
cekperntn knmu nx nocosnarentnoro kanana .
(2) Annca nonnctnaer esonnoe coomenne M. Ecnn ona xouer ornpannrt Foy nocosnarentntn nr 1 , ona
yexaercx, uro napamerp r nonncn xnnxercx knaparnuntm ocrarkom no moynm P. Ecnn ona xouer ornpa-
nnrt emy 0, ona nponepxer, uro napamerp r nonncn ne xnnxercx knaparnuntm ocrarkom no moynm P. Ona
onnaercx +roro, nonnctnax coomenne c nomomtm cnyuanntx snauennn k, noka ona ne nonyunr nonnct
c nyxntm en cnoncrnom nx r. Tak kak uncna, xnnxmmnecx knaparnuntmn ocrarkamn n ne xnnxmmnecx
nmn, pannonepoxrnt, ro +ro ne onxno trt cnnmkom cnoxno.
(3) Annca noctnaer Foy nonncannoe coomenne.
(4) Fo nponepxer nonnct, yexaxct n nonnnnocrn coomennx . 3arem on nponepxer, xnnxercx nn r knapa-
rnuntm ocrarkom no moynm P n noccranannnnaer nocosnarentntn nr.
Hepeaua raknm opasom neckontknx nron nopasymenaer noop rakoro r, koropoe xnnxercx nnn ne xnnxercx
knaparnuntm ocrarkom no neckontknm moynxm. Hoponocrn npnneent n |1468, 1469].
3ra cxema moxer trt nerko pacmnpena nx nepeaun neckontknx nocosnarentntx nron na nonnct . Ecnn
Annca n Fo ntnpamr na cnyuanntx uncna P n Q, ro Annca moxer noctnart na nra, ntnpax cnyuannoe k
rak, urot r xnnxnoct nnn ne xnnxnoct knaparnuntm ocrarkom mod P, a rakxe xnnxnoct nnn ne xnnxnoct knapa-
rnuntm ocrarkom mod Q. Cnyuannoe snauenne k c nepoxrnocrtm 25 nponenron nosnonnr nonyunrt r c nyxntmn
cnoncrnamn.
Bor kak M+nnopn, neuecrntn peannsarop DSA, moxer cosart anropnrm, nsnnekammnn no 10 nron sakptroro
knmua Annct ns kaxon ee nonncn.
(1) M+nnopn crponr cnom peannsannm DSA ase ycronunnon k nsnomy CFHC, urot nnkro ne cmor nponepnrt,
kak ona paoraer. On cosaer 14 nocosnarentntx kananon n cnoen peannsannn DSA. To ecrt, on ntnpaer
14 cnyuanntx npocrtx uncen n ncnontsyer mnkpocxemy, koropax ntnpaer snauenne k rak, urot r xnnxnoct
nnn ne xnnxnoct knaparnuntm ocrarkom no moynm kaxoro ns +rnx 14 npocrtx uncen , n sanncnmocrn or
nocosnarentnoro coomennx.
(2) M+nnopn ntaer mnkpocxemt Annce, Foy n ocrantntm xenammnm.
(3) Annca otuntm opasom nonnctnaer coomenne , ncnontsyx cnon sakptrtn 160-nrontn knmu x.
(4) Mnkpocxema cnyuanntm opasom ntnpaer 10-nrontn nok x: nepnte 10 nron, nropte 10 nron, n r..
Tak kak cymecrnyer 16 nosmoxntx 10-nrontx nokon , ro nomep noka ntpaxaercx 4-nrontm uncnom.
3ror 4-nrontn nenrn|nkarop n 10 nron knmua n yyr 14-nrontm nocosnarentntm coomennem .
(5) Mnkpocxema nepenpaer cnyuannte snauennx k, noka ne yacrcx nanrn ro, koropoe onaaer npannntntmn
knaparnuntmn ocrarkamn, nyxntmn nx nepeaun nocosnarentnoro . Bepoxrnocrt cnyuannoro k onaart
npannntnon |opmon panna 1/16384. Ecnn mnkpocxema moxer nponepnrt 10000 snauennn k n cekyny, nyx-
noe snauenne yer naneno mentme, uem sa napy cekyn. 3rn ntuncnennx ne sanncxr or coomennx n moryr
trt ntuncnent sapanee, o roro, kak Annca saxouer nonncart coomenne.
(6) Mnkpocxema otuntm opasom nonnctnaer coomenne, ncnontsyx ntpannoe na +rane (5) snauenne k.
(7) Annca noctnaer nn|ponym nonnct Foy, nnn onynnkontnaer ee n cern, nnn eme uro-nnyt enaer.
(8) M+nnopn packptnaer r n, rak kak on snaer 14 npocrtx uncen, pacmn|pontnaer nocosnarentnoe
coomenne.
Crpamnee ncero, uro, axe ecnn Annca snaer, uro nponcxonr, ona nnuero ne cmoxer okasart . Hoka 14 npo-
crtx uncen xpanxrcx n cekpere, M+nnopn n esonacnocrn.
Vuuumoxeuue nocosuameuouoeo rauaua e DSA
Hocosnarentntn kanan onnpaercx na ro, uro Annca moxer ntnpart k nx nepeaun nocosnarentnon nn-
|opmannn. urot cenart nocosnarentntn kanan nenosmoxntm, Annce ne onxno trt nosnoneno ntnpart k.
Onako, ntop k onxen trt sanpemen n nx ncex pyrnx. Ecnn komy-ro pyromy yer nosnoneno ntnpart k,
ro +ror uenonek nonyunr nosmoxnocrt noenart nonnct Annct . Enncrnenntm pemennem nx Annct xnnxercx
nponeenne renepannn k nmecre c pyron croponon, Foom, rak, urot Annca ne morna konrponnponart nn onn
nr k, a Fo ne mor onpeennrt nn onn nr k. Ha pyron cropone nporokona y Foa onxna trt nosmoxnocrt
nponepnrt, uro Annca ncnontsonana nmenno conmecrno cosannoe k.
Bor +ror nporokon |1470, 1472, 1473]
(1) Annca ntnpaer k n noctnaer Foy
u g
k
mod p
(2) Fo ntnpaer k" n noctnaer ero Annce.
(3) Annca ntuncnxer k kk" mod (p - 1). Ona ncnontsyer k, urot nonncart cnoe coomenne M, ncnontsyx
DSA, n noctnaer Foy cnom nonnct: r n s.
(4) Fo nponepxer, uro ((u g
k
mod p) mod q) r
Ecnn +ro rak, ro on snaer, uro nx nonncn M ncnontsonanoct k. Hocne +rana (4) Fo snaer, uro n r ne tno
nknmueno nnkakon nocosnarentnon nn|opmannn. Ecnn on xnnxercx onepennon croponon, on moxer nponepnrt,
uro n nonncn Annct ner nocosnarentnon nn|opmannn . pyrnm npnercx nonepnrt ero saxnnennm, Fo ne cmo-
xer okasart +ror |akr rperten cropone, nocnponsnex nporokon .
Vnnnrentno ro, uro Fo, ecnn saxouer, moxer ncnontsonart +ror nporokon nx cosannx cocrnennoro no -
cosnarentnoro kanana. Fo moxer nknmunrt nocosnarentnym nn|opmannm n ony ns nonncen Annct, ntpan
k" c onpeenenntmn xapakrepncrnkamn. Kora Cnmmonc orkptn rakym nosmoxnocrt , on nasnan ee "Kananom ky-
kymkn". Hoponocrn paort Kanana kykymkn, n memammnn +romy rpexnpoxontn nporokon renepannn k, pac-
cmarpnnamrcx n |1471, 1473].
pyeue cxem
Hocosnarentntn kanan moxno oprannsonart nx nmon cxemt nonncn |1458, 1460, 1406]. Onncanne nporo-
kona ncrpannannx nocosnarentnoro kanana n cxemt Eiat-Shamir n Eeige-Eiat-Shamir nmecre c nosmoxntmn sno-
ynorpenennxmn moxno nanrn n |485].
23.4 Heo1pnuaeume unqponme nopnncn
Anropom +roro anropnrma neorpnnaemon nonncn (cm. pasen 4.3) xnnxercx +nn uaym (David Chaum)
|343,327]. Cnauana onynnkontnamrcx ontmoe npocroe uncno p n npnmnrnnntn +nemenr g, koropte yyr co-
nmecrno ncnontsonartcx rpynnon nonnctnammnx . V Annct ecrt sakptrtn knmu x n orkptrtn knmu g
x
mod p.
urot nonncart coomenne, Annca ntuncnxer : m
x
mod p. 3ro nce, uro en nyxno cenart. Hponepka no-
nncn nemnoro cnoxnee.
(1) Fo ntnpaer na cnyuanntx uncna, a n b, mentmne p, n ornpannxer Annce:
c :
a
(g
x
)
b
mod p
(2) Annca ntuncnxer tx
-1
mod (p-1), n ornpannxer Foy:
d c
t
mod p
(3) Fo nponepxer, uro
d m
a
g
b
(mod p)
Ecnn +ro rak, on cunraer nonnct ncrnnnon.
Hpecrannm, uro Annca n Fo ntnonnnnn +ror nporokon, n Fo renept cunraer, uro Annca nonncana coome-
nne. Fo xouer yenrt n +rom K+pon, no+romy on nokastnaer en sannct nporokona . +nn, onako, xouer yenrt
K+pon, uro okymenr nonncan kem-ro pyrnm. On cosaer noentnym sannct nporokona. Cnauana on renepnpyer
coomenne na +rane (1). 3arem na +rane (3) on renepnpyer d n noxnym nepeauy or pyroro uenoneka na +rane (2).
Hakonen, on cosaer coomenne +rana (2). nx K+pon sanncn Foa n +nna onnakont. Ee nenosmoxno yenrt n
npannntnocrn nonncn, noka ona ne ntnonnnr nporokon camocroxrentno .
Koneuno, ecnn t ona cnenna ns-sa nneua Foa sa rem, kak on ntnonnxer nporokon, ona tna t yexena .
K+pon nyxno ynnert ntnonnenne +ranon no nopxky, rak, kak +ro enan Fo .
Hcnontsyx +ry cxemy nonncn, moxno cronknyrtcx c nponemon, no x ne snam noponocren . Hpexe, uem
nocnontsonartcx +ron cxemon, npocmorpnre nnreparypy .
pyron nporokon nknmuaer ne rontko nporokon nornepxennx - Annca moxer yenrt Foa n npannntnocrn
cnoen nonncn - no n nporokon orpnnannx. Annca moxer c nomomtm nnrepakrnnnoro nporokona c nynentm sn a-
nnem yenrt Foa, uro ee nonnct nenpannntna, ecnn +ro rak |329].
Kak n npetymnn nporokon rpynna nonnctnammnx ncnontsyer omeocrynnoe ontmoe npocroe uncno p n
npnmnrnnntn +nemenr g. V Annct ecrt sakptrtn knmu x n orkptrtn knmu g
x
mod p. urot nonncart coome-
nne, Annca ntuncnxer : m
x
mod p. urot nponepnrt nonnct:
(1) Fo ntnpaer na cnyuanntx uncna, a n b, mentmne p, n ornpannxer Annce:
c m
a
g
b
mod p
(2) Annca ntnpaer cnyuannoe uncno q, mentmee p, a sarem ntuncnxer n ornpannxer Foy:
s
1
cg
q
mod p, s
2
(cg
q
)
x
mod p
(3) Fo noctnaer Annce a n b, urot Annca morna yenrtcx, uro Fo ne momennnuan na +rane (1).
(4) Annca noctnaer Foy q, urot on mo nocnontsonartcx m
x
n noccranonnrt s
1
n s
2
. Ecnn
s
1
cg
q
mod p
s
2
(g
x
)
bq
:
a
(mod p)
ro nonnct npannntna.
Annca moxer rakxe orkasartcx or nonncn : no coomennem m. Hoponocrn npnneent n |329]. ononnn-
rentnte nporokont nx neorpnnaemtx nonncen moxno nanrn n |584, 344]. henn Xapn (Lein Harn) n Byao nr
(Shoubao Yang) npenoxnnn cxemy rpynnontx neorpnnaemtx nonncen |700].
Hpeopasyeme ueompuuaeme nonucu
Anropnrm nx npeopasyeumx neo1pnnaeumx nonncen, koropte moxno nponepxrt, ormenxrt n npeopas o-
ntnart n otunte neorpnnaemte nonncn, npnneen n |213]. On ocnonan na anropnrme nn|pontx nonncen El-
Gamal.
Kak n n ElGamal, cnauana ntnpamrcx na npocrtx uncna, p n q, rak, urot q tno ennrenem p-1. Tenept
nyxno cosart uncno g, mentmee q. B nanasone or 2 o p-1 ntnpaercx cnyuannoe uncno h n ntuncnxercx
gh(
p-1)/q
mod p
Ecnn g panno 1, ntnpaercx pyroe cnyuannoe h. Ecnn ner, ncnontsyercx nonyuennoe snauenne g.
3akptrtmn knmuamn cnyxar na pasnnuntx cnyuanntx uncna , x n :, mentmne q. Orkptrtmn knmuamn xnnx-
mrcx p, q, g, v n u, re
v g
x
mod p
ug
mod p
nx ntuncnennx npeopasyemon neorpnnaemon nonncn coomennx m (koropoe n encrnnrentnocrn xnnxercx
x+m-snauennem coomennx), cnauana nanasone or 1 o q-1 ntnpaercx cnyuannoe uncno t. 3arem ntuncnxercx
T g
r
mod p
n
m Tt:m mod q.
Tenept ntuncnxercx otunax nonnct ElGamal nx m. Btnpaercx cnyuannoe uncno R, mentmee p-1 n
nsanmno npocroe c nnm. 3arem ntuncnxercx r g
R
mod p n, c nomomtm pacmnpennoro anropnrma 3nknna, n t-
uncnxercx s, nx koroporo
m rx Rs (mod q)
Honnctm cnyxar nonnct ElGamal (r, s) n T. Bor kak Annca nornepxaer cnom nonnct Foy:
(1) Fo renepnpyer na cnyuanntx uncna, a n b, n ntuncnxer c T
Tma
g
b
mod p n noctnaer pesyntrar Annce.
(2) Annca renepnpyer cnyuannoe uncno k n ntuncnxer h
1
cg
k
mod p n h
2
h
1
:
mod p, a sarem noctnaer oa
uncna Foy.
(3) Fo noctnaer Annce a n b.
(4) Annca nponepxer, uro c T
Tma
g
b
mod p. Ona noctnaer k Foy.
(5) Fo nponepxer, uro h
1
T
Tma
g
bk
mod p, n uro h
2
v
ra
r
sa
u
bk
mod p.
Annca moxer npeopasonart nce cnon neorpnnaemte nonncn n otunte, onynnkonan z. Tenept nmon mo-
xer nponepnrt ee nonnct es ee nomomn.
Cxemt neorpnnaemtx nonncen moxno oennnrt co cxemamn pasenennx cekpera, cosan pacnpeenennme
npeopasyeume neo1pnnaeume nonncn |1235]. Kro-nnyt moxer nonncart coomenne, a sarem pacnpeennrt
nosmoxnocrt nornepxennx npannntnocrn nonncn . On moxer, nanpnmep, norpeonart, urot n nporokone ye-
xennx Foa n npannntnocrn nonncn yuacrnonann rpoe ns nxrn onaarenen nosmoxnocrt nornepxennx np a-
nnntnocrn. B |700, 1369] npenoxent ynyumennx, nosnonxmmne orkasartcx or neoxonmocrn onepennoro nnna
- pacnpeennrenx.
23.5 Dopnncn, nop1neppaeume ponepennmu nnuou
Bor kak Annca moxer nonncart coomenne, a Fo nponepnrt ero rak , urot n K+pon nemnoro nosxe morna
okasart +nny npannntnocrt nonncn Annct (cm. pasen 4.4) |333].
Cnauana onynnkontnamrcx ontmoe npocroe uncno p n npnmnrnnntn +nemenr g, koropte yyr conmecrno
ncnontsonartcx rpynnon nontsonarenen. Takxe onynnkontnaercx n, nponsneenne nyx npocrtx uncen. V K+pon
ecrt sakptrtn knmu : n orkptrtn knmu h g
x
mod p.
B +rom nporokone Annca moxer nonncart m rak, urot Fo mor nponepnrt npannntnocrt ee nonncn, no ne
mor yenrt n +rom rpertm cropony.
(1) Annca ntnpaer cnyuannoe x n ntuncnxer
a g
x
mod p
b h
x
mod p
Ona ntuncnxer x+m-snauenne m, H(m), n x+m-snauenne oennennx a n b, H(a,b), a sarem
f (H(m) H(a,b))
1/3
mod n
n noctnaer a, b n f Foy.
(2) Fo ntnpaer na cnyuanntx uncna, s n t, mentmnx p, n noctnaer Annce
c g
s
h
t
mod p
(3) Annca ntnpaer cnyuannoe q, mentmee p, n noctnaer Foy
d g
q
mod p
e (cd)
x
mod p
(4) Fo noctnaer Annce s n t.
(5) Annca nponepxer, uro
g
s
h
t
c (mod p)
sarem ona noctnaer Foy q.
(6) Fo nponepxer
d g
q
mod p
e/a
q
a
s
b
t
(mod p)
(H(m) H(a,b)) f
1/3
mod n
Ecnn nce roxecrna ntnonnxmrcx, ro Fo cunraer nonnct ncrnnnon .
Fo ne moxer ncnontsonart sannct +roro okasarentcrna nx yexennx +nna n ncrnnnocrn nonncn , no
+nn moxer ntnonnnrt nporokon c onepenntm nnnom Annct, K+pon. Bor kak K+pon yexaer +nna n rom, uro
a n b opasymr npannntnym nonnct.
(1) +nn ntnpaer cnyuannte u n v, mentmne p, n noctnaer K+pon
k g
u
a
v
mod p
(2) K+pon ntnpaer cnyuannoe w, , mentmee p, n noctnaer +nny
l g
w
mod p
v (kl)
:
mod p
(3) +nn noctnaer K+pon u n v.
(4) K+pon nponepxer, uro
g
K
=
v
k (mod p)
3arem ona noctnaer +nny w.
(5) +nn nponepxer, uro
g
w
l (mod p)
v/h
w
h
K
>
v
(mod p)
Ecnn nce roxecrna ntnonnxmrcx, ro +nn cunraer nonnct ncrnnnon.
B pyrom nporokone K+pon moxer npeopasonart nporokon onepennoro nnna n otunym nn|ponym nonnct .
Hoponocrn n |333].
23.6 Bmuncnennn c samnqponannmun pannmun
Hpouea ucrpemuoeo uoeapuqa
Cymecrnyer ontmoe npocroe uncno p n reneparop g. Annca xouer nx konkpernoro x nanrn rakoe e, nx koro-
poro
g
e
x (mod p)
3ro rpynax nponema, n Annce ne xnaraer ntuncnnrentntx momnocren nx ntuncnennx pesyntrara . V Foa
ecrt rakne nosmoxnocrn - on npecrannxer npannrentcrno, nnn momntn ntuncnnrentntn nenrp, nnn eme kakym-
nnyt nnnxrentnym oprannsannm. Bor kak Annca moxer nonyunrt nomomt Foa, ne packptn emy x |547, 4]:
(1) Annca ntnpaer cnyuannoe uncno r, mentmee p.
(2) Annca ntuncnxer
x xg
r
mod p
(3) Annca npocnr Foa pemnrt
g
e
x (mod p)
(4) Fo ntuncnxer e n noctnaer ero Annce.
(5) Annca noccranannnnaer e, ntuncnxx
e (e - r) mod (p - 1)
Ananornunte nporokont nx nponem knaparnuntx ocrarkon n npnmnrnnntx kopnen npnneent n |3, 4].
(Cm. rakxe pasen 4.8.)
23.7 Bpocanne "uec1no" uone1m
Cneymmne nporokont nosnonxmr Annce n Foy pocart uecrnym monery n cern nepeaun anntx (cm. pasen
4.9) |194]. 3ro npnmep pocannx monert n konoen (cm. pasen 4.10). Cnauana rontko Fo ysnaer pesyntrar po-
cka n coomaer ero Annce. 3arem Annca moxer nponepnrt, uro Fo coomnn npannntntn pesyntrar pocka .
Bpocauue "uecmuo" ouemm c noouom reapamumx ropue
Honporokon pocannx uecrnon monert:
(1) Annca ntnpaer na ontmnx npocrtx uncna, p n q, n noctnaer nx nponsneenne n Foy.
(2) Fo ntnpaer cnyuannoe nonoxnrentnoe nenoe uncno r, mentmee n/2. Fo ntuncnxer
: r
2
mod n
n noctnaer : Annce.
(3) Annca ntuncnxer uertpe knaparntx kopnx : (mod n). Ona moxer cenart +ro, rak kak ona snaer pasnoxe-
nne n na mnoxnrenn. Hasonem nx x, -x, v n -v. Oosnaunm kak x mentmee ns cneymmnx nyx uncen:
x mod n
-x mod n
Ananornuno, oosnaunm kak v mentmee ns cneymmnx nyx uncen:
v mod n
-v mod n
Oparnre nnnmanne, uro r panno nno x, nno v.
(4) Annca enaer ntraercx yraart, kakoe ns snauennn panno r - x nnn v, n noctnaer cnom oraky Foy.
(5) Ecnn oraka Annct npannntna, pesyntrarom pocka monert xnnxercx "open", a ecnn nenpannntna -
"pemka". Fo oxnnxer pesyntrar pocka monert.
Honporokon nponepkn:
(6) Annca noctnaer p n q Foy.
(7) Fo ntuncnxer x n v n noctnaer nx Annce.
(8) Annca ntuncnxer r.
V Annct ner nosmoxnocrn ysnart r, no+romy ona encrnnrentno yratnaer. Ona na +rane (4) coomaer Foy
rontko onn nr cnoen orakn, ne anax Foy nonyunrt n x, n v. Ecnn Fo nonyunr oa +rnx uncna, on cmoxer
nsmennrt r nocne +rana (4).
Bpocauue "uecmuo" ouemm c noouom eoseeeuua e cmeneuo no oyum F
B +rom nporokone n kauecrne ononanpannennon |ynknnn ncnontsyercx nosneenne n crenent no moynm np o-
croro uncna p |1306]:
Honporokon pocannx uecrnon monert:
(1) Annca ntnpaer npocroe uncno p rak, urot mnoxnrenn p-1 tnn nsnecrnt, n cpen nnx tno no kpannen
mepe ono ontmoe npocroe uncno.
(2) Fo ntnpaer na npnmnrnnntx +nemenra, h n t, n GE(p). On noctnaer nx Annce.
(3) Annca yexaercx, uro h n t xnnxmrcx npnmnrnnntmn +nemenramn, n sarem ntnpaer cnyuannoe uncno x,
nsanmno npocroe c p-1. 3arem ona ntuncnxer ono ns nyx snauennn:
v h
x
mod p, nnn v t
x
mod p
Ona noctnaer v Foy.
(4) Fo ntraercx yraart, ntuncnnna Annca v kak |ynknnm h nnn kak |ynknnm t, n noctnaer cnoe npenono-
xenne Annce.
(5) Ecnn oraka Foa npannntna, pesyntrarom pocannx monert xnnxercx "open", n npornnnom cnyuae -
"pemka". Annca oxnnxer pesyntrar pocka monert.
Honporokon nponepkn:
(6) Annca packptnaer Foy snauenne x. Fo ntuncnxer h
x
mod p n t
x
mod p, yexaxct, uro Annca nrpana uecr-
no n nponepxx pesyntrar pocka. On rakxe nponepxer, uro x n p-1 - nsanmno npocrte uncna.
urot Annca morna cmomennnuart, ona onxna snart na nentx uncna, x n x, nx koroptx ntnonnxercx
h
x
t
x
mod p. nx roro, urot ysnart +rn snauennx, en nyxno ntuncnnrt :
log
t
h xx
-1
mod p-1 n log
t
h xx
-1
mod p-1.
3ro rpynte nponemt.
Annca cmorna t cenart +ro, ecnn t ona snana log
t
h, no Fo ntnpaer h n t na +rane (2). V Annct ner py-
roro cnocoa kpome, kak nontrartcx ntuncnnrt nckperntn norapn|m . Annca moxer rakxe nontrartcx cmomen-
nnuart, ntpan x, koropoe ne xnnxercx nsanmno npocrtm c p-1, no Fo onapyxnr +ro na +rane (6).
Fo moxer cmomennnuart, ecnn h n t ne xnnxmrcx npnmnrnnntmn +nemenramn n none in GE(p), no Annca cmo-
xer nerko nponepnrt +ro nocne +rana ( 2), rak kak en nsnecrno pasnoxenne p-1 na npocrte mnoxnrenn.
Vauntm n +rom nporokone xnnxercx ro, uro ecnn Annca n Fo saxorxr pocnrt neckontko moner, on7n cmoryr
ncnontsonart onn n re xe snauennx p, h n t. Annca npocro renepnpyer nonoe x, n nporokon npoonxaercx c +rana
(3).
Bpocauue "uecmuo" ouemm c noouom ueumx uuceu Buma
B nporokone pocannx monert moxno ncnontsonart uente uncna Fnmma .
(1) Annca renepnpyer nenoe uncno Fnmma n, cnyuannoe x, nsanmno npocroe c n, x
0
x
2
mod n n x
1
x
0
2
mod n.
Ona noctnaer Foy n n x
1
.
(2) Fo yratnaer, uerntm nnn neuerntm xnnxercx x
0
.
(3) Annca noctnaer x Foy.
(4) Fo nponepxer, uro n xnnxercx nentm uncnom Fnmma (Annca nyxno nepeart Foy mnoxnrenn n n okasa-
rentcrna roro, uro onn xnnxmrcx npocrtmn, nnn ntnonnnrt nekoroptn nporokon c nynentm snannem, ye x-
ammnn Foa, uro n - +ro nenoe uncno Fnmma), n uro x
0
x
2
mod n n x
1
x
0
2
mod n. Ecnn nce nponepkn nt-
nonnxmrcx, n Fo yraan npannntno, on ntnrptnaer pocok .
3ro naxno, urot n tno uncnom Fnmma. Hnaue Annca cmoxer nanrn rakoe x
0
, uro x
0
2
mod n x
0
2
mod nx
1
,
re x
0
rakxe xnnxercx knaparnuntm ocrarkom. Ecnn t x
0
tn uerntm, a x
0
- neuerntm (nnn naoopor), Annca
morna t momennnuart.
23.8 Opnonanpannennme cyuua1opm
Cymecrnyer npocrax |ynknnx ononanpannennoro cymmaropt |116] (cm. pasen 4.12.):
A(x
i
, v) x
i-1
v
mod n
uncna n (xnnxmmeecx nponsneennem nyx npocrtx uncen ) n x
0
onxnt trt sapanee cornaconant. Tora
cymmnponannem v
1
, v
2
n v
3
yer
(( mod ) mod ) mod x n n n
v v v
q
0
2 3
3ro ntuncnenne ne sanncnr or nopxka v
1
, v
2
n v
3
.
23.9 Packpm1ne cekpe1on "nce nnn nnuero"
3ror nporokon nosnonxer neckontknm croponam (nx paort nporokona nyxno ne mentme nyx yuacrnnkon )
nokynart pasnnunte cekpert y onoro npoanna (cm. pasen 4.13) |1374, 1175]. Haunem c onpeenennx. Bostmem
ne crpokn nron, x n v. unkcnponanntm nrontm nnekcom ( fixed bit index, FBI) x n v nastnaercx nocneona-
rentnocrt nomepon connaammnx nron +rnx crpok.
Hanpnmep:
x 110101001011
v 101010000110
EBI(x, v) 1, 4, 5, 11}
(Mt unraem nrt cnpana naneno, cunrax nynentm kpannnn npantn nr .)
Tenept nor kak ntrnxnr nporokon. Annca yer npoannom. Fo n K+pon - nokynarenxmn. V Annct ecrt k n-
nrontx cekperon: S
1
, S
2
, . . . S
k
. Fo xouer kynnrt cekper S
b
, K+pon - cekper S
c
.
(1) Annca renepnpyer napy "orkptrtn knmu/sakptrtn knmu"n coomaer Foy (no ne K+pon) orkptrtn knmu.
Ona renepnpyer pyrym napy "orkptrtn knmu/sakptrtn knmu"n coomaer K+pon (no ne Foy) orkptrtn
knmu.
(2) Fo renepnpyer k n-nrontx cnyuanntx uncen, B
1
, B
2
, . . . B
k
, n coomaer nx K+pon. K+pon renepnpyer k n-
nrontx cnyuanntx uncen, C
1
, C
2
, . . . C
k
, n coomaer nx Foy.
(3) Fo mn|pyer C
b
(nanomnnm, on xouer kynnrt cekper S
b
) orkptrtm knmuom, nonyuenntm or Annct. On nt-
uncnxer EBI nx C
b
n rontko uro samn|ponannoro pesyntrara. On noctnaer +ror EBI K+pon.
K+pon mn|pyer B
c
(nanomnnm, ona xouer kynnrt cekper S
c
) orkptrtm knmuom, nonyuenntm or Annct. Ona
ntuncnxer EBI nx B
c
n rontko uro samn|ponannoro pesyntrara. Ona noctnaer +ror EBI Foy.
(4) Fo eper kaxoe ns n-nrontx uncen B
1
, B
2
, . . . B
k
n samenxer kaxtn nr, nomepa koroporo ner n EBI,
nonyuennom or K+pon, ero ononnennem. On noctnaer +ror nontn cnncok n-nrontx uncen B
1
, B
2
, . . . B
k
Annce.
K+pon eper kaxoe ns n-nrontx uncen C
1
, C
2
, . . . C
k
n samenxer kaxtn nr, nomepa koroporo ner n EBI,
nonyuennom or Foa, ero ononnennem. Ona noctnaer +ror nontn cnncok n-nrontx uncen C
1
, C
2
, . . . C
k
Annce.
(5) Annca pacmn|pontnaer nce C
i
sakptrtm knmuom Foa, nonyuax k n-nrontx uncen C"
1
, C"
2
, . . . C"
k
. Ona
ntuncnxer S
i
C"
i
nx i 1, . . . k, n noctnaer pesyntrart Foy.
Annca pacmn|pontnaer nce B
i
sakptrtm knmuom K+pon, nonyuax k n-nrontx uncen B"
1
, B"
2
, . . . B"
k
. Ona
ntuncnxer S
i
B"
i
nx i 1, . . . k, n noctnaer pesyntrart K+pon.
(6) Fo ntuncnxer S
b
, ntnonnxx XOR C
b
n b-ro uncna, nonyuennoro or Annct.
K+pon ntuncnxer S
c
, ntnonnxx XOR B
c
n c-ro uncna, nonyuennoro or Annct..
Bce rak cnoxno. Hoxcnnm +rn onrne encrnnx na npnmepe .
V Annct ecrt nx npoaxn nocemt 12-nrontx cekperon : S
1
1990, S
2
471, S
3
3860, S
4
1487, S
5
2235,
S
6
3751, S
7
2546 n S
8
4043. Fo xouer kynnrt S
7
, a K+pon - S
2
.
(1) Annca ncnontsyer anropnrm RSA. B nanore c Foom ona ncnontsyer cneymmym napy knmuen : n 7387, e
5145 n d 777, a n nanore c K+pon - n 2747, e 1421 n d 2261. Ona coomaer Foy n K+pon nx or-
kptrte knmun.
(2) Fo renepnpyer nocemt 12-nrontx uncen, B
1
743, B
2
1988, B
3
4001, B
4
2942, B
5
3421, B
6
2210,
B
7
2306 n B
8
222, n coomaer nx K+pon. K+pon renepnpyer nocemt 12-nrontx uncen, C
1
1708, C
2
711,
C
3
1969, C
4
3112, C
5
4014, C
6
2308, C
7
2212 n C
8
222, n coomaer nx Foy.
(3) Fo xouer kynnrt S
7
, no+romy on orkptrtm knmuom, ntanntm Anncon, mn|pyer C
7
.
2212
5145
mod 7387 5928
Tenept:
2212 0100010100100
5928 1011100101000
Cneonarentno, EBI +rnx nyx uncen panen 0, 1, 4, 5, 6}. On noctnaer ero K+pon.
K+pon xouer kynnrt S
2
, no+romy ona orkptrtm knmuom, ntanntm Anncon, mn|pyer B
2
n ntuncnxer EBI
B
2
n pesyntrara mn|ponannx. Ona noctnaer Foy0, 1, 2, 6, 9, 10}.
(4) Fo eper B
1
, B
2
, . . . B
8
n samenxer kaxtn nr, nnekc koroporo orcyrcrnyer n naope 0, 1, 2, 6, 9, 10} ero
ononnennem. Hanpnmep:
B
2
111111000100 1988
B
2
011001111100 1660
On noctnaer B
1
, B
2
, . . . B
8
Annce.
K+pon eper C
1
, C
2
, . . . C
8
n samenxer kaxtn nr, nnekc koroporo orcyrcrnyer n naope 0, 1, 4, 5, 6}ero
ononnennem. Hanpnmep:
C
7
0100010100100 2212
C
7
1011100101000 5928
Ona noctnaer C
1
, C
2
, . . . C
8
Annce.
(5) Annca pacmn|pontnaer nce C
i
sakptrtm knmuom Foa n ntnonnxer XOR pesyntraron c S
i
. Hanpnmep, nx
i 7:
5928
777
mod 7387 2212; 2546 2212 342
Ona noctnaer pesyntrar Foy.
Annca pacmn|pontnaer nce B
i
sakptrtm knmuom K+pon n ntnonnxer XOR pesyntraron c S
i
. Hanpnmep,
nx i 2:
1660
2261
(mod 2747) 1988; 471 1988 1555
Ona noctnaer pesyntrar K+pon.
(6) Fo ntuncnxer S
7
, ntnonnxx XOR C
7
n cetmoro uncna, nonyuennoro nm or Annct:
2212 3422546
K+pon ntuncnxer S2, ntnonnxx XOR B
2
n nroporo uncna, nonyuennoro en or Annct.
1988 1555 471
Hporokon paoraer nx nmoro konnuecrna nokynarenen . Ecnn Fo, K+pon n +nn xorxr kynnrt cekpert, Ann-
ca ntaer kaxomy nokynarenm na orkptrtx knmua, no onomy na kaxoro pyroro nokynarenx . Kaxtn noky-
narent nonyuaer naop uncen or kaxoro pyroro nokynarenx . 3arem onn ntnonnxmr nporokon c Anncon nx kax-
oro ns cnonx naopon nomepon n ntnonnxmr XOR ncex nonyuenntx or Annct pesyntraron, nonyuax cnon cekp e-
rt. Fonee nopono +ro onncano n |1374, 1175].
K coxanennm, napa neuecrntx yuacrnnkon moryr cmomennnuart . Annca n K+pon, encrnyx na napy, moryr ner-
ko nonxrt, kakon cekper nonyunn Fo: ecnn onn snamr EBI C
b
n anropnrm mn|ponannx Foa, onn moryr notckart
rakoe b, uro y C
b
yer npannntntn EBI. A Fo n K+pon, encrnyx nmecre, moryr nerko sanonyunrt nce cekpert
Annct.
Ecnn nt cunraere, uro yuacrnnkn uecrnt, moxno ncnontsonart nporokon nonpome |389].
(1) Annca mn|pyer nce cekpert RSA n noctnaer nx Foy:
C
i
S
i
A
mod n
(2) Fo ntnpaer cnon cekper C
b
, renepnpyer cnyuannoe uncno r n noctnaer Annce.
C C
b
r
e
mod n
(3) Annca noctnaer Foy
P C
@
mod n
(4) Fo ntuncnxer P
S
b
Pr
-1
mod n
Ecnn yuacrnnkn moryr xyntnnuart, Fo moxer okasart c nynentm snannem, uro on snaer nekoropoe r, rakoe
uro C C
b
r
e
mod n, n xpannrt n b cekpere, noka Annca ne nepeacr emy na +rane (3) P |246).
23.10 Hec1nme n o1kasoyc1ounnme kpnn1ocnc1eum
Hecmuaa cxea Diffie-Hellman
uecrnte kpnnrocncremt npecrannxmr coon nporpammntn cnoco ycnonnoro npyuennx okymenron (cm. pas-
en 4.14). 3ror npnmep nsxr ns paor Cnntnnn Mnkann ( Silvia Micali) |1084, 1085]. On sanarenronan |1086,
1087].
B asonon cxeme Diffie-Hellman rpynna nontsonarenen ncnontsyer omee npocroe uncno p n reneparop g. 3a-
kptrtm knmuom Annct xnnxercx s, a ee orkptrtm knmuom t g
s
mod p. Bor kak cenart cxemy Diffie-Hellman
uecrnon (n +rom npnmepe ncnontsyercx nxrt onepenntx nnn ).
(1) Annca ntnpaer nxrt nentx uncen, s
1
, s
2
, s
3
, s
4
, s
5
, mentmnx p-1. 3akptrtm knmuom Annct xnnxercx
s (s
1
s
2
s
3
s
4
s
5
) mod p-1
a ee orkptrtm knmuom
t g
s
mod p
Annca rakxe ntuncnxer
t
i
g
s
i
mod p, nx i 1, . . . 5.
Orkptrtmn uacrxmn Annct xnnxmrcx t
i
, a sakptrtmn - s
i
.
(2) Annca noctnaer sakptrym n coornercrnymmym orkptrym uacrn kaxomy onepennomy nnny . Hanpnmep,
ona noctnaer s
1
n t
2
onepennomy nnny 1. Ona noctnaer t n KDC.
(3) Kaxoe onepennoe nnno nponepxer, uro
t
i
g
s
i
mod p
Ecnn +ro rak, onepennoe nnno nonnctnaer t
i
n noctnaer ero n KDC. onepennoe nnno coxpanxer s
i
n eso-
nacnom mecre.
(4) Honyunn nce nxrt orkptrtx uacren, KDC nponepxer, uro
t(t
1
* t
2
* t
3
* t
4
* t
5
) mod p
Ecnn +ro rak, KDC npnsnaer orkptrtn knmu.
B +ror momenr KDC snaer, uro y kaxoro onepennoro nnna ecrt npannntnax uacrt, n uro onn npn neoxo n-
mocrn cmoryr noccranonnrt sakptrtn knmu. Onako nn KDC, nn nmte uertpe onepenntx nnna ne moryr noc-
cranonnrt sakptrtn knmu Annct.
Paort Mnkann |1084, 1085] rakxe coepxar nocneonarentnocrt encrnnx nx cosannx uecrnoro RSA n nx
oennennx noporonon cxemt c uecrnon kpnnrocncremon , nosnonxmmen m onepenntm nnnam ns n noccranonnrt
sakptrtn knmu.
Omrasoycmouueaa cxea Diffie-Hellman
Kak n n npetymem nporokone y rpynnt nontsonarenen ecrt omne npocroe uncno p n reneparop g. 3akpt-
rtm knmuom Annct xnnxercx s, a ee orkptrtm knmuom t g
s
mod p.
(1) KDC ntnpaer cnyuannoe uncno B ns nanasona or 0 o p-2 n npyuaer B c nomomtm nporokona npyuennx
nron (cm. pasen 4.9).
Annca ntnpaer cnyuannoe uncno A ns nanasona or 0 o p-2. Ona noctnaer KDC g
A
mod p.
(2) Hontsonarent "pasenxer" A c kaxtm onepenntm nnnom, ncnontsyx cxemy nornepxaemoro conmecrnoro
ncnontsonannx cekpera (cm. pasen 3.7).
(3) KDC packptnaer B Annce.
(4) Annca nponepxer npyuenne +rana (1). 3arem ona ycranannnnaer cnon orkptrtn knmu panntm
t g
A
g
B
mod p
a sakptrtn knmu panntm
s (A B) mod (p-1)
onepennte nnna moryr noccranonnrt A. Tak kak KDC snaer B, +roro ocrarouno nx noccranonnennx s. H
Annca ne cmoxer ncnontsonart nnkaknx nocosnarentntx kananon nx nepeaun necanknnonnponannon nn|op-
mannn. 3ror nporokon, paccmorpenntn n |946, 833] n nacroxmee npemx narenryercx.
23.11 ZERO-KNOWLEDGE PROOFS OF KNOWLEDGE
orasameuocmeo c uyueem suauue ua ucrpemuoeo uoeapuqa
Herrn xouer okasart Bnkropy, uro en nsnecrno x, xnnxmmeecx pemennem
A
x
B (mod p)
re p - npocroe uncno, a x - nponsnontnoe uncno, nsanmno npocroe c p-1. uncna A, B n p omeocrynnt, a x
xpannrcx n cekpere. Bor kak Herrn, ne packptnax snauennx x, moxer okasart, uro ono en nsnecrno (cm. pasen
5.1) |338, 337].
(1) Herrn renepnpyer t cnyuanntx uncen, r
l
, r
2
, . . . r
t
, npnuem nce r
i
mentme p-1.
(2) Herrn ntuncnxer h
i
A
r
i
mod p nx ncex snauennn i n noctnaer nx Bnkropy.
(3) Herrn n Bnkrop, nocnontsonanmnct nporokonom pocannx monert renepnpymr t nron: b
1
, b
2
, . . . b
t.
(4) nx ncex t nron Herrn ntnonnxer ony ns cneymmnx onepannn:
a) Ecnn b
i
0, ona noctnaer Bnkropy r
i
b) Ecnn b
i
1, ona noctnaer Bnkropy s
i
(r
i
- r
f
) mod (p-1), re f - nanmentmee snauenne nnekca, npn koro-
pom b
f
1
(5) nx ncex t nron Bnkrop nponepxer ono ns cneymmnx ycnonnn:
a) Hpn b
i
0 uro A
r
i
h
i
(mod p)
b) Hpn b
i
1 uro A
s
i
h
i
h
f
-1
(mod p)
(6) Herrn noctnaer Bnkropy Z, re
Z (x - r
f
) mod (p-1)
(7) Bnkrop nponepxer, uro A
Z
Bh
f
-1
(mod p)
Bepoxrnocrt yaunoro momennnuecrna Herrn panna 1/2
t
.
orasameuocmeo c uyueem suauue ua eosoxuocmu ecrpmmo RSA
Annca snaer sakptrtn knmu K+pon. Moxer trt ona nsnomana RSA, a moxer ona nsnomana nept knaprnpt
K+pon n ntkpana knmu. Annca xouer yenrt Foa, uro en nsnecren knmu K+pon. Onako ona ne xouer nn coo-
mart Foy knmu, nn axe pacmn|ponart nx Foa ono ns coomennn K+pon . anee npnneen nporokon c nyne-
ntm snannem, c nomomtm koroporo Annca yexaer Foa, uro ona snaer sakptrtn knmu K+pon |888]. Hycrt or-
kptrtn knmu K+pon - e, ee sakptrtn knmu - d, a moynt RSA - n.
(1) Annca n Fo ntnpamr cnyuannoe k n m, nx koroptx
km e (mod n)
uncna onn onxnt ntnpart cnyuanntm opasom, ncnontsyx nx renepannn k nporokon pocannx monert, a
sarem ntuncnxx m. Ecnn n k, n m ontme 3, nporokon npoonxaercx. B npornnnom cnyuae uncna ntnpamr-
cx sanono.
(2) Annca n Fo renepnpymr cnyuanntn mn|porekcr C. H cnona onn onxnt nocnontsonartcx nporokonom p o-
cannx monert.
(3) Annca, ncnontsyx sakptrtn knmu K+pon, ntuncnxer
M C
d
mod n
3arem ona ntuncnxer
X M
k
mod n
n noctnaer X Foy.
(4) Fo nponepxer, uro X
m
mod n C. Ecnn +ro rak, ro on yexaercx n npannntnocrn saxnnennx Annct .
Ananornuntn nporokon moxno ncnontsonart nx emoncrpannn nosmoxnocrn nckptrnx nponemt nckpern o-
ro norapn|ma |888].
orasameuocmeo c uyueem suauue moeo, umo n aeuaemca uucuo Buma
Hoka nensnecrno nnkaknx encrnnrentno npakrnuntx okasarentcrn roro, uro n pq, re p n q - npocrte unc-
na, konrpy+nrnte 3 no moynm 4. Onako ecnn n nmeer |opmy p
r
q
s
, re r n s neuernt, ro y uncna n coxpanxmrcx
cnoncrna, koropte enamr uncna Fnmma nonesntmn nx kpnnrorpa|nn . H rora cymecrnyer okasarentcrno c
nynentm snannem roro, uro n nmeer rakym |opmy.
Hpenonoxnm, uro Annce nsnecrno pasnoxenne na mnoxnrenn uncna Fnmma n, re n onaaer paccmorpennon
ntme |opmon. Bor kak ona moxer okasart Foy, uro n nmeer rakym |opmy |660].
(1) Annca noctnaer Foy uncno u, uen cnmnon kon panen -1 no moynm n.
(2) Annca n Fo conmecrno ntnpamr cnyuannte nrt: b
1
, b
2
, . . . b
k
.
(3) Annca n Fo conmecrno ntnpamr cnyuannte uncna: x
1
, x
2
, . . . x
k
.
(4) nx kaxoro i 1, 2, . . . k Annca noctnaer Foy knaparntn kopent no moynm n nx onoro ns uertpex
uncen: x
i
, -x
i
, ux
i
, - ux
i
. Cnmnon kon knaparnoro kopnx onxen trt panen b
i
.
Bepoxrnocrt yaunoro momennnuecrna Annct panna 1/2
k
.
23.12 Cnenme nopnncn
Honxrne cnentx nonncen (cm. pasen 5.3) tno npnymano +nnom uaymom (David Chaum) |317, 323], ko-
roptn rakxe npenoxnn n nepnym peannsannm +roro nonxrnx |318]. Ona ncnontsyer anropnrm RSA.
V Foa ecrt orkptrtn knmu e, sakptrtn knmu d n orkptrtn moynt n. Annca xouer, urot Fo ncnenym, ne
unrax, nonncan coomenne m.
(1) Annca ntnpaer cnyuannoe uncno k ns nanasona or 1 o n. 3arem ona macknpyer m, ntuncnxx
t mk
e
mod n
(2) Fo nonnctnaer t
t
d
(mk
e
)
d
mod n
(3) Annca cnnmaer macknponky c t
d
, ntuncnxx
s t
d
/k mod n
(4) Pesyntrarom xnnxercx
s m
d
mod n
3ro moxno nerko nokasart
t
d
(mk
e
)
d
m
d
k (mod n), no+romy t
d
/k m
d
k/k m
d
(mod n).
uaym npnyman nenoe cemencrno onee cnoxntx anropnrmon cnenon nonncn |320, 324], nastnaemtx neoxn-
anntmn cnentmn nonncxmn. Cxemt +rnx nonncen cnoxnee, no onn amr ontme nosmoxnocren .
23.13 Depepaua c samnanneu
B +rom nporokone, npenoxennom Manknom Pannom ( Michael Rabin) |1286], Annca c nepoxrnocrtm 50 npo-
nenron yaercx nepeart Foy na npocrtx uncna, p n q. Annca ne snaer, ycnemno nn npomna nepeaua (Cm. pas-
en 5.5.) (3ror nporokon moxno ncnontsonart nx nepeaun Foy nmoro coomennx c 50-nponenrnon nepoxrno-
crtm ycnemnon nepeaun, ecnn p n q packptnamr sakptrtn knmu RSA.)
(1) Annca noctnaer Foy nponsneenne nyx npocrtx uncen: n pq.
(2) Fo ntnpaer cnyuannoe uncno x, mentmee n n nsanmno npocroe c n. On noctnaer Annce:
a x
2
mod n
(3) Annca, snax p n q, ntuncnxer uertpe knaparntx kopnx a: x, n-x, v n n-v. Ona cnyuanntm opasom ntnpaer
nmon ns +rnx kopnen n noctnaer ero Foy.
(4) Ecnn Fo nonyuaer v nnn n-v, on moxer ntuncnnr nanontmnn omnn ennrent xv n n, koroptm yer nn-
o p, nno q. 3arem, koneuno xe, n/p q. Ecnn Fo nonyuaer x nnn n-x, on ne moxer nnuero ntuncnnrt.
V +roro nporokona moxer trt cnaoe mecro: nosmoxna cnryannx, kora Fo moxer ntuncnnrt rakoe uncno a,
uro npn nsnecrnom knaparnom kopne a on cmoxer nce npemx packnatnart n na mnoxnrenn.
23.14 Besonacnme nmuncnennn c neckonuknun yuac1nnkaun
3ror nporokon nsxr ns |1373]. Annca snaer nenoe uncno i, a Fo - nenoe uncno f. Annca n Fo nmecre xorxr ys-
nart, uro npannntno - if nnn i~f, no nn Annca, nn Fo ne xouer packptrt cnoe uncno naprnepy. 3ror ocotn cny-
uan esonacntx ntuncnennn c neckontknmn yuacrnnkamn (cm. pasen 6.2) nnora nastnamr nponeuon unn-
nnonepa Ho |162, 7].
B npnnonmom npnmepe npenonaraercx, uro i n f ntnpamrcx ns nanasona or 1 o 100. V Foa ecrt orkpt-
rtn n sakptrtn knmun.
(1) Annca ntnpaer ontmoe cnyuannoe uncno x n mn|pyer ero orkptrtm knmuom Foa.
c E
B
(x)
(2) Annca ntuncnxer c-f n noctnaer pesyntrar Foy.
(3) Fo ntuncnxer cneymmne 100 uncen:
v
u
D
B
(c-iu), nx 1u100
D
B
oosnauaer emn|pnponanne sakptrtm knmuom Foa.
On ntnpaer ontmoe cnyuannoe uncno p. (Pasmep p onxen trt nemnoro mentme x. Fo ne snaer x, no
Annca moxer nerko coomnrt emy pasmep x.) on ntuncnxer cneymmne 100 uncen:
:
u
(v
u
mod p), nx 1u100
anee on nponepxer, uro nx ncex uv
:
u
- :
+
2
n uro nx ncex u
0 :
u
p-1
Ecnn +ro ne rak, ro Fo ntnpaer pyroe npocroe uncno n npoyer cnona.
(4) Fo noctnaer Annce +ry nocneonarentnocrt uncen, conmax nx rountn nopxok:
:
l
, :
2
, . . . :
f
, :
f1
1, :
f2
1, . . . :
100
1, p
(5) Annca nponepxer, konrpy+nren nn i-tn unen nocneonarentnocrn x mod p. Ecnn +ro rak, ona enaer ntno,
uro if. B npornnnom cnyuae ona pemaer, uro i~ f.
(6) Annca coomaer Foy cnon ntnot.
Hponepka, koropym Fo ntnonnxer na +rane (3), onxna rapanrnponart, uro nn ono uncno ne noxnnrcx na x-
t n nocneonarentnocrn, renepnponannon na +rane (4). B npornnnom cnyuae, ecnn :
a
:
b
, Annca ysnaer, uro a f
b.
Heocrarkom +roro nporokona xnnxercx ro, uro Annca ysnaer pesyntrart ntuncnennn pantme Foa . Hnuro ne
nomemaer en sanepmnrt nporokon na +rane (5), orkasanmnct coomart Foy pesyntrart. Ona axe moxer conrart
Foy na +rane (6).
Hpuep npomoroua
Hycrt onn ncnontsymr RSA. Orkptrtm knmuom Foa xnnxercx 7, a sakptrtm - 23. n 55. Cekpernoe uncno
Annct, i, panno 4, cekpernoe uncno Foa, f - 2. (Hpenonoxnm, uro uncna i n f moryr npnnnmart rontko snauennx
1, 2, 3 n 4.)
(1) Annca ntnpaer x 39 n c E
B
(39) 19.
(2) Annca ntuncnxer c-i19-415. Ona noctnaer 15 Foy.
(3) Fo ntuncnxer cneymmne uertpe uncna:
v
1
D
B
15l) 26
v
2
D
B
152) 18
v
3
D
B
153) 2
v
4
D
B
154) 39
On ntnpaer p 31 n ntuncnxer:
:
1
(26 mod 31) 26
:
2
(18 mod 31) 18
:
3
(2 mod 31) 2
:
4
(39 mod 31) 8
On ntnonnxer nce nponepkn n yexaercx, uro nocneonarentnocrt npannntna .
(4) Fo noctnaer Annce +ry nocneonarentnocrt uncen, conmax nx nopxok :
26, 18, 21, 81, 31, r.e., 26, 18, 3, 9, 31
(5) Annca nponepxer, konrpy+nrno nn uerneproe uncno X mod p. Tak kak 9 39 (mod 31 ), ro i ~ f.
(6) Annca coomaer o +rom Foy.
3ror nporokon moxno ncnontsonart nx cosannx namnoro onee cnoxntx nporokonon . Ipynna nmen moxer
npononrt cekperntn ayknnon no cern. Onn nornueckn ynopxounnamr cex no kpyry n, c nomomtm nonapntx
cpannennn, onpeenxmr, kro npenoxnn ontmym neny . urot nomemart nmxm yxe nsmenxrt cenannte npe-
noxennx n cepenne ayknnona onxen ncnontsonartcx kakon-ro nporokon npyuennx nron. Ecnn ayknnon npono-
nrcx no ronnanckon cncreme, ro npenoxnnmnn nanntcmym neny nonyuaer npemer sa npenoxennym neny .
Ecnn ayknnon npononrcx no anrnnnckon cncreme, ro on nonyuaer npemer sa nropym ntcmym neny. (3ro moxer
trt ntxcneno no npemx nroporo kpyra nonapntx cpannennn .) Ananornunte nen npnmennmt npn saknmuennn
cenok, neperonopax n apnrpaxe.
23.15 Bepon1noc1noe mnqponanne
Honxrne nepou1noc1noro mnqponannu tno nsopereno Ba|n Ionnaccepom (Shafi Goldwasser) n Cnntnn-
en Mnkann |624]. Xorx nx reopnx nosnonxer cosart camym esonacnym ns nsoperenntx kpnnrocncrem , pannxx
peannsannn tna ne+||ekrnnnon |625]. Ho onee nosnne peannsannn nce nsmennnn.
Heen nepoxrnocrnoro mn|ponannx xnnxercx ycrpanenne yreukn nn|opmannn n kpnnrorpa|nn c orkptrtmn
knmuamn. Tak kak kpnnroanannrnk ncera moxer pacmn|ponart cnyuannte coomennx orkptrtm knmuom, on
moxer nonyunrt nekoropym nn|opmannm. Hpn ycnonnn, uro y nero ecrt mn|porekcr C E
K
(M), n on ntraercx
nonyunrt orkptrtn rekcr M, on moxer ntpart cnyuannoe coomenne M n samn|ponart ero: C E
K
(M). Ecnn
C C, ro on yraan npannntntn orkptrtn rekcr. B npornnnom cnyuae on enaer cneymmym nontrky .
Kpome roro, nepoxrnocrnoe mn|ponanne nosnonxer nsexart axe uacrnunon yreukn nn|opmannn o opnr n-
nantnom coomennn. Hpn ncnontsonannn kpnnrorpa|nn c orkptrtmn knmuamn kpnnroanannrnk nnora moxer
ysnart koe-uro o nrax: XOR 5-ro, 17-ro n 39-ro nron panno 1, n r.n.. Hpn nepoxrnocrnom mn|ponannn ocraercx
ckptron n rakax nn|opmannx.
Taknm cnocoom moxno nsnneut ne mnoro nn|opmannn, no norennnantno nosmoxnocrt kpnnroanannrnka
pacmn|pontnart cnyuannte coomennx namnm orkptrtm knmuom moxer cosart onpeenennte nponemt . Ka-
xtn pas, mn|pyx coomenne, kpnnroanannrnk moxer nsnneut nemnoro nn|opmannn . Hnkro ne snaer, nackontko
snaunrentna +ra nn|opmannx.
Bepoxrnocrnoe mn|ponanne ntraercx ycrpannrt +ry yreuky . Hent +roro meroa cocronr n rom, urot nn n t-
uncnennx, npononmte na mn|porekcrom, nn nponepka nmtx pyrnx orkptrtx rekcron ne cmornn art kpn n-
roanannrnky nnkakon nn|opmannn o coornercrnymmem orkp trom rekcre.
Hpn nepoxrnocrnom mn|ponannn anropnrm mn|pomannx xnnxercx nepoxrnocrntm, a ne erepmnnnponanntm .
pyrnmn cnonamn, mnorne mn|porekcrt npn pacmn|ponke amr anntn orkptrtn rekcr , n konkperntn mn|po-
rekcr, ncnontsyemtn n nmom konkpernom mn|ponannn, ntnpaercx cnyuanntm opasom .
C
1
E
K
(M), C
2
E
K
(M), C
3
E
K
(M), . . . C
i
E
K
(M)
M D
K
(C
1
) D
K
(C
2
) D
K
(C
3
) . . . D
K
(C
i
)
Hpn nepoxrnocrnom mn|ponannn kpnnroanannrnky ontme ne yacrcx mn|ponart nponsnontnte orkptrte
rekcrt n nonckax npannntnoro mn|porekcra . nx nnnmcrpannn nycrt y kpnnroanannrnka ecrt mn|porekcr C
i
E
K
(M). axe ecnn on npanntno yraaer M, nonyuenntn npn mn|ponannn E
K
(M) pesyntrar yer conepmenno py-
rnm mn|porekcrom C: C
f
. Cpannnnax C
i
n C
f
, on ne moxer no nx connaennm onpeennrt npannntnocrt cnoen o-
rakn.
3ro nopasnrentno. axe ecnn y kpnnroanannrnka ecrt orkptrtn knmu mn|ponannx, orkptrtn rekcr n mn |-
porekcr, on ne moxer es sakptroro knmua emn|pnponannx okasart, uro mn|porekcr xnnxercx pesyntrarom
mn|ponannx konkpernoro orkptroro rekcra . axe ntnonnnn ncuepntnammnn nonck, on moxer okasart rontko,
uro kaxtn nosmoxntn orkptrtn rekcr xnnxercx nosmoxntm orkptrtm rekcrom .
B +ron cxeme mn|porekcr ncera yer ontme orkptroro rekcra . 3roro nenosmoxno nsexart, +ro xnnxercx
pesyntrarom roro, uro mnorne mn|porekcrt pacmn|pontnamrcx n onn n ror xe orkptrtn rekcr . B nepnon cxeme
nepoxrnocrnoro mn|ponannx |625] mn|porekcr nonyuancx nacrontko ontme orkptroro rekcra, uro on tn e c-
nonesntm.
Onako Many+nt Fnmm (Manual Blum) n Ionnaccep (Goldwasser) nonyunnn +||ekrnnnym peannsannm nepo-
xrnocrnoro mn|ponannx c nomomtm reneparopa ncenocnyuanntx nron Blum Blum Shub (BBS), onncannoro n
pasene 17.9 |199].
Ieneparop BBS ocnonan na reopnn knaparnuntx ocrarkon. Cymecrnymr na npocrtx uncna, p n q, konrpy+nr-
ntx 3 no moynm 4. 3ro sakptrtn knmu. Hx nponsneenne, pq n, xnnxercx orkptrtm knmuom. (3anomnnre cnon
p n q, esonacnocrt cxemt onnpaercx na cnoxnocrt pasnoxennx n na mnoxnrenn.)
nx mn|ponannx coomennx M cnauana ntnpaercx cnyuannoe x, nsanmno npocroe c n. 3arem ntuncnxercx
x
0
x
2
mod n
x
0
cnyxnr crapronon nocneonarentnocrtm nx reneparopa ncenocnyuanntx nron BBS, a ntxo reneparopa
ncnontsyercx n kauecrne norokonoro mn|pa . Honrno ntnonnxercx XOR M c ntxoom reneparopa. Ieneparop
ntaer nrt b
i
(mnamnn snauamnn nr x
i
, re x
i
x
i-1
2
mod n), no+romy
MM
1
, M
2
, M
3
, . . . M
t
c M
1
b
1
, M
2
b
2
, M
3
b
3
, . . . M
t
b
t
re t - +ro nnna orkptroro rekcra
oantre nocnenee ntuncnennoe snauenne, x
t
, k konny coomennx, n eno cenano.
Pacmn|ponart +ro coomenne moxno rontko onnm cnocoom - nonyunrt x
0
n c +ron crapronon nocneona-
rentnocrtm sanycrnrt reneparop BBS, ntnonnxx XOR ntxoa c mn|porekcrom. Tak kak reneparop BBS esonacen
nneno, snauenne x
t
ecnonesno nx kpnnroanannrnka. Tontko ror, komy nsnecrnt p n q, moxer pacmn|ponart co-
omenne. Bor kak na xstke C ntrnxnr anropnrm nonyuennx x
0
ns x
t
:
int xO (int p, int q, int n, int t, int xt) {
int a, b, u, v, w, z;
/* m- y+e snaem, uio HOL(p,q) == 1 */
(void)extended_euclidian(p, q, &a, &b);
u = modexp ((p+l)/4, t, p-l);
v = modexp ((q+l)/4, t, q-l);
w = modexp (xt%p, u, p);
z = modexp (xt%p, v, q);
return (b*q*w + a*p*z) % n;
}
Hpn nannunn x
0
emn|pnponanne necnoxno. Hpocro saanre crapronym nocneonarentnocrt reneparopa BBS
n ntnonnnre XOR pesyntrara c mn|porekcrom.
3ry cxemy moxno cenart eme tcrpee, ncnontsyx nce nsnecrnte esonacnte nrt x
i
, a ne rontko mnamnn
snauamnn nr. C raknm ynyumennem nepoxrnocrnoe mn|ponanne Blum-Goldwasser okastnaercx tcrpee RSA n
ne onyckaer yreukn nn|opmannn o orkptrom rekcre . Kpome roro, moxno okasart, uro cnoxnocrt nckptrnx
+ron cxemt panna cnoxnocrn pasnoxennx n na mnoxnrenn.
C pyron cropont, +ra cxema conepmenno neesonacna no ornomennm k nckptrnm c ntpanntm mn|pore k-
crom. Ho mnamnm snauamnm nram npannntntx knaparnuntx ocrarkon moxno ntuncnnrt knaparntn kopent
nmoro knaparnunoro ocrarka. Ecnn +ro yacrcx, ro yacrcx n pasnoxenne na mnoxnrenn . Hoponocrn moxno
nanrn n |1570, 1571, 35, 36].
23.16 Knan1onan kpnn1orpaqnn
Knanronax kpnnrorpa|nx nnonr ecrecrnennym neonpeenennocrt knanronoro mnpa . C ee nomomtm moxno
cosanart nnnnn cnxsn, koropte nenosmoxno nocnymart, ne nnocx nomex n nepeauy . 3akont |nsnkn naexno
samnmamr rakon knanrontn kanan, axe ecnn nocnymnnammnn moxer npenpnnnmart nmte encrnnx, axe
ecnn on nmeer ocryn k neorpannuennon ntuncnnrentnon momnocrn, axe ecnn P NP. Bapnt Fenne (Charles
Bennett), +nnt Fpaccap (Gilles Brassard), Kno Kpeno (Claude Crepeau) n pyrne pacmnpnnn +ry nem, onncan
knanronoe pacnpeenenne knmuen, knanronoe pocanne monert, knanronoe npyuenne nra , knanronym nepeauy c
satnannem n knanronte ntuncnennx c neckontknmn yuacrnnkamn . Onncanne nx pesyntraron moxno nanrn n
|128, 129, 123, 124, 125, 133, 126, 394, 134, 392, 243, 517, 132, 130, 244, 393, 396]. hyumnm osopom no knanro-
non kpnnrorpa|nn xnnxercx |131]. pyrnm xopomnm nerexnnuecknm osopom moxer cnyxnrt |1651]. Honnym
nnnorpa|nm no knanronon kpnnrorpa|nn moxno nanrn n |237].
3rn nen rak n ocrannct t npemerom ocyxennx |anarnkon kpnnrorpa|nn , no Fenne n Fpaccap paspaora-
nn encrnymmym moent |127, 121, 122]. Tenept y nac ecrt orcnepu+euma.iua knanronax kpnnrorpa|nx.
Hrak ycrponrect noyonee, nanenre cee uero-nnyt ntnnrt n paccnatrect. nonpoym oxcnnrt nam,
uro +ro rakoe.
B coornercrnnn c sakonamn knanronon mexannkn uacrnnt na camom ene ne naxoxrcx n onom mecre, a c o n-
peenennon nepoxrnocrtm cymecrnymr cpasy no mnornx mecrax . Onako +ro rak rontko o rex nop, noka ne npn-
xonr yuentn n ne omepxer uacrnny, "okasanmymcx" n annom konkpernom mecre . Ho nsmepnrt nce napamerpt
uacrnnt (nanpnmep, koopnnart n ckopocrt) ononpemenno nenosmoxno. Ecnn nsmepnrt ony ns +rnx nyx nenn-
unn, cam akr nsmepennx ynnuroxaer ncxkym nosmoxnocrt nsmepnrt pyrym nennunny. Heonpeenennocrt xnnxer-
cx |ynamenrantntm cnoncrnom knanronoro mnpa, n nnkya or +roro ne enemtcx.
3ry neonpeenennocrt moxno ncnontsonart nx renepannn cekpernoro knmua . Hyremecrnyx, |oront kone-
nmrcx n onpeenennom nanpannennn, nnepx-nnns, nneno-nnpano, nnn, uro onee nepoxrno, no kaknm-ro yrnom .
Otuntn conneuntn cner nenonxpnsonan, |oront konenmrcx no ncex nosmoxntx nanpannennxx . Kora nanpan-
nenne koneannn mnornx |oronon connaaer, onn xnnxmrcx nonupnsonannmun. Honxpnsannonnte |nntrpt
nponyckamr rontko re |oront, koropte nonxpnsonant n onpeenennom nanpannennn, a ocrantnte noknpymrcx .
Hanpnmep, ropnsonrantntn nonxpnsannonntn |nntrp nponyckaer rontko |oront c ropnsonrantnon nonxpnsan n-
en. Honepnem +ror |nntrp na 90 rpaycon, n renept cknost nero yyr npoxonrt rontko neprnkantno nonxpns o-
nannte |oront.
Hycrt y nac ecrt nmnyntc ropnsonrantno nonxpnsonanntx |oronon . Ecnn onn nonpoymr nponrn uepes ropn-
sonrantntn |nntrp, ro y nnx y ncex npekpacno nonyunrcx . Ecnn menenno nonopaunnart |nntrp na 90 rpaycon,
konnuecrno nponyckaemtx |oronon yer cranonnrtcx nce mentme n mentme, n nakonen nn onn |oron ne npo n-
er uepes |nntrp. 3ro npornnopeunr spanomy cmtcny. Kaxercx, uro axe nesnaunrentntn nonopor |nntrpa
onxen ocranonnrt nce |oront, rak kak onn ropnsonrantno nonxpnsonant . Ho n knanronon mexannke kaxax uac-
rnna c onpeenennon nepoxrnocrtm moxer nsmennrt cnom nonxpnsannm n npockounrt uepes |nntrp . Ecnn yron
orknonennx |nntrpa nenennk, +ra nepoxrnocrt ntcoka, a ecnn on panen 90 rpaycam, ro nepoxrnocrt panna nynm .
A ecnn yron nonopora |nntrpa panen 45 rpaycam, nepoxrnocrt |orona nponrn |nntrp panna 50 nponenram.
Honxpnsannm moxno nsmepnrt n nmon cnc1eue xoopnna1: nyx nanpannennxx, pacxoxmnxcx no npxmtm
yrnom. Hpnmepamn cncrem koopnnar xnnxmrcx npxmoyrontnax - ropnsonrantnoe n neprnkantnoe nanpannennx - n
naronantnax - nenax n npanax naronann. Ecnn nmnyntc |oronon nonxpnsonan n saannon cncreme koopnnar, ro
npn nsmepennn n ron xe cncreme koopnnar nt ysnaere nonxpnsannm . Hpn nsmepennn n nenpannntnon cncreme
koopnnar, nt nonyunre cnyuanntn pesyntrar. Mt conpaemcx ncnontsonart +ro cnoncrno nx renepannn cekpe r-
noro knmua:
(1) Annca noctnaer Foy nocneonarentnocrt |oronntx nmnyntcon. Kaxtn ns nmnyntcon cnyuanntm opa-
som nonxpnsonan n onom ns uertpex nanpannennn: ropnsonrantnom, neprnkantnom, neno- n npanonar o-
nantnom.
Hanpnmep, Annca noctnaer Foy:
/ \ /
(2) V Foa ecrt erekrop nonxpnsannn. On moxer nacrponrt cnon erekrop na nsmepenne npxmoyrontnon nnn
naronantnon nonxpnsannn. Ononpemenno mepnrt n ry, n pyrym y nero ne nonyunrcx, emy ne nosnonnr
knanronax mexannka. Hsmepenne onon nonxpnsannn ne acr nsmepnrt pyrym. Hrak, on ycranannnnaer cnon
erekropt nponsnontntm opasom:
X X X X X
Tenept, ecnn Fo npannntno nacrponr cnon erekrop, on saperncrpnpyer npannntnym nonxpnsannm. Ecnn on
nacrponr erekrop na nsmepenne npxmoyrontnon nonxpnsannn, n nmnyntc yer nonxpnsonan npxmoyrontno ,
on ysnaer, kakym nonxpnsannm |oronon ntpana Annca. Ecnn on nacrponr erekrop na nsmepenne nar o-
nantnon nonxpnsannn, a nmnyntc yer nonxpnsonan npxmoyrontno, ro pesyntrar nsmepennx yer cnyua n-
ntm. Fo ne cmoxer onpeennrt pasnnny. B npnneennom npnmepe on moxer nonyunrt cneymmnn pesyn t-
rar:
/ \ / \ /
(3) Fo coomaer Annce no nesamnmennomy kanany, kakne nacrponkn on ncnontsonan .
(4) Annca coomaer Foy, kakne nacrponkn tnn npannntntmn. B namem npnmepe erekrop tn npannntno yc-
ranonnen nx nmnyntcon 2, 6, 7 n 9.
(5) Annca n Fo ocrannxmr rontko npannntno nsmepennte nonxpnsannn. B namem npnmepe onn ocrannxmr:
* * * * \ * *
C nomomtm sapanee npnroronnennoro koa Annca n Fo npeopasymr n nrt +rn pesyntrart nsmepennn
nonxpnsannn. Hanpnmep, ropnsonrantnax n nenonaronantnax moryr osnauart ennnny, a neprnkantnax n
npanonaronantnax - nont. B namem npnmepe onn oa nonyuar:
0 0 1 1
Hrak, Annca n Fo nonyunnn uertpe nra. C nomomtm +ron cncremt onn moryr renepnponart crontko nron,
ckontko nm nyxno. B cpenem Fo npannntno yratnaer n 50 nponenrax cnyuaen , no+romy nx renepannn n nron
Annce npnercx nocnart 2n |oronntx nmnyntcon. Onn moryr ncnontsonart +rn nrt kak cekperntn knmu cn m-
merpnunoro anropnrma nnn oecneunrt aconmrnym esonacnocrt, nonyunn ocrarouno nron nx ncnontsonannx
n kauecrne onopasonoro noknora.
3ameuarentntm xnnxercx ro, uro Ena ne cmoxer nocnymart. Kak n Foy, en nyxno yraart rnn nsmepxemon
nonxpnsannn, n, kak n y Foa, nononnna ee oraok yer nenpannntnon . Tak kak nenpannntnte nsmepennx nsme-
nxmr nonxpnsannm |oronon, ro npn nocnymnnannn ona nemnnyemo nnocnr omnkn n nepeauy . Ecnn +ro rak,
Annca n Fo nonyuar pasnnunte nronte nocneonarentnocrn. Hrak, Annca n Fo sakanunnamr nporokon noo-
ntmn encrnnxmn:
(6) Annca n Fo cpannnnamr neckontko nron cnonx crpok. Ho nannunm pacxoxennn onn ysnamr o nocny-
mnnannn. Ecnn crpokn ne ornnuamrcx, ro onn orpactnamr ncnontsonannte nx cpannennx nrt n n c-
nontsymr ocranmnecx.
Vnyumennx +roro nporokona nosnonxmr Annce n Fo ncnontsonart cnon nrt axe n npncyrcrnnn Ent |133,
134, 192]. Onn moryr cpannnnart rontko uernocrt nrontx nomnoxecrn. Tora, ecnn ne onapyxeno pacxox e-
nnn, nm npnercx orpocnrt rontko onn nr nomnoxecrna. 3ro onapyxnnaer nocnymnnanne c nepoxrnocrtm
50 nponenron, no ecnn onn cnepxr raknm opasom n pasnnuntx nrontx nomnoxecrn, nepoxrnocrt Ent nocn y-
mart n ocrartcx nesameuennon yer panna 1/2
n
.
B knanronom mnpe ne tnaer naccnnnoro nocnymnnannx. Ecnn Ena nontraercx packptrt nce nrt, ona o x-
sarentno paspymnr kanan cnxsn.
Fenne n Fpaccap nocrponnn paorammym moent knanronoro pacnpeenennx knmuen n omenxnnct esona c-
ntmn nramn na onrnueckon ckamte. Hocnenee, uro x cntman, tno coomenne o rom, uro n British Telecom no-
ctnann nrt no 10-knnomerponomy onrononokny |276, 1245, 1533]. Onn cunramr, uro ocrnxnmo n paccroxnne n
50 knnomerpon. 3ro nopaxaer noopaxenne.
Hac1u 18
Peanunm unp
Fnana 24
Dpnuepm peannsaun
Ono eno paspaartnart nporokont n anropnrmt, n concem pyroe eno ncrpannart nx n onepannonnte cn c-
remt. B reopnn npakrnka n reopnx ne ornnunmt, no na npakrnke mexy nnmn orpomnte pasnnunx . uacro nen
sameuarentno ntrnxxr na ymare, no ne paoramr n peantnon xnsnn . Moxer trt cnnmkom nennkn rpeonannx k
ckopocrn kanana, moxer trt nporokon cnnmkom mennrenen . Hekoropte ns nonpocon ncnontsonannx kpnnrorp a-
|nn paccmarpnnamrcx n rnane 10, n +ron rnane ocyxamrcx npnmept roro, kak kpnnrorpa|nueckne anropnrmt
peannsymrcx na npakrnke.
24.1 Dpo1okon ynpannennn cekpe1nmun knmuaun kounannn IBM
B konne 70-x roon IBM, ncnontsyx rontko cnmmerpnunym kpnnrorpa|nm, paspaorana sakonuennym cncremy
ynpannennx knmuamn nx nepeaun anntx n esonacnocrn |annon n komntmrepntx cerxx |515, 1027]. He rak
naxnt peantnte mexannsmt nporokona, kak ero omax |nnoco|nx : sa cuer anromarnsannn renepannn, pacnpee-
nennx, ycranonkn, xpanennx, nsmenennx n paspymennx knmuen +ror nporokon aneko nponnnyncx, oecneunnax
esonacnocrt nexamnx n ero ocnone kpnnrorpa|nuecknx anropnrmon .
3ror nporokon oecneunnaer rpn nemn: esonacnym cnxst mexy cepnepom n pasnnuntmn repmnnanamn , eso-
nacnoe xpanenne |annon na cepnepe n esonacnym cnxst mexy cepnepamn. Hporokon ne oecneunnaer nacroxmero
npxmoro coennennx repmnnan-repmnnan, xorx ero mon|nkannx moxer peannsonart rakym nosmoxnocrt .
Kaxtn cepnep cern noknmuen k kpnnrorpa|nueckon annaparype , koropax ntnonnxer nce mn|ponanne n e-
mn|pnponanne. V kaxoro cepnepa ecrt Inannmn xnmu (Master Key), KM
0
, n na napnanra, KM
1
n KM
2
, koro-
pte xnnxmrcx ynpomenntmn napnanramn KM
0
. 3rn knmun ncnontsymrcx nx mn|ponannx pyrnx knmuen n nx
renepannn nontx knmuen. V kaxoro repmnnana ecrt Inannmn xnmu 1epunnana (Master Terminal Key), KMT,
koroptn ncnontsyercx nx omena knmuamn c pyrnmn repmnn anamn.
KMT xpanxrcx na cepnepax, samn|ponannte knmuom KM
1
. Bce ocrantnte knmun, nanpnmep, ncnontsyemte
nx mn|ponannx |annon knmuen (onn nastnamrcx KNF), xpanxrcx n samn|ponannon |opme, sakptrte knmuom
KM
2
. Inanntn knmu KM
0
xpannrcx n +nepronesanncnmom moyne esonacnocrn. Ceronx +ro moxer trt nno
knmu n H3V, nno marnnrnax kaprouka, nnn knmu moxer nnonrtcx nontsonarenem c knannarypt (nosmoxno kak
rekcronax crpoka, npeopasyemax n knmu). KM
1
n KM
2
ne xpanxrcx re-nnyt n cncreme, a, kora nonaonrcx,
ntuncnxmrcx no KM
0
. Ceanconte knmun nx cnxsn mexy cepnepamn renepnpymrcx na cepnepe c nomomtm nce n-
ocnyuannoro nponecca. Ananornuntm opasom renepnpymrcx knmun nx mn|ponannx xpannmtx |annon (KNF).
Cepnem nporokona cnyxnr ycronunntn k nckptrnm moynt, nastnaemtn xpnn1orpaqnuecxon annapa1y-
pon (cryptographic facility). H na cepnepe, n na repmnnane nce mn|ponanne n emn|pnponanne nponcxon nmenno
n +rom moyne. B +rom moyne xpanxrcx camte naxnte knmun, ncnontsyemte nx renepannn encrnnrentntx
knmuen mn|ponannx. Hocne roro, kak +rn knmun sanncant, cunrart nx cranonnrcx nenosmoxntm . Kpome roro,
onn nomeuent nx konkpernoro ncnontsonannx : knmu, npenasnauenntn nx pemennx onon saaun, ne moxer
cnyuanno trt ncnontsonan nx pemennx pyron. 3ra konnennnx nex1opon ynpannennu xnmuaun nosmoxno
xnnxercx camtm snaunrentntm ocrnxennem +ron cncremt. onant +nnc (Donald Davies) Bnntxm Hpanc
(William Price) nopono paccmarpnnamr +ror nporokon ynpannennx knmuamn n |435].
Mouqurauua
Mon|nkannm +ron cxemt rnannoro n ceancontx knmuen moxno nanrn n |1478]. Ona nocrpoena na ase cere-
ntx ysnon c annaparypon nponepkn nonnnnocrn knmuen, koropax ocnyxnnaer nokantnte repmnnant . 3ra mo-
n|nkannx tna paspaorana, urot:
Oesonacnrt ynnekcntn kanan mexy nymx nontsonarentcknmn repmnnanamn .
Oesonacnrt cnxst c nomomtm mn|ponannon nourt.
Oecneunrt samnry nnuntx |annon.
Oecneunrt nosmoxnocrt nn|ponon nonncn.
nx cnxsn n nepeaun |annon mexy nontsonarenxmn n +ron cxeme ncnontsymrcx knmun, renepnponannte n
annaparype nponepkn nonnnnocrn knmuen, ornpannxemte nontsonarenxm nocne mn|ponannx c nomomtm rnann o-
ro knmua. Hn|opmannx o nnunocrn nontsonarenx ncrpannaercx n knmu, npeocrannxx okasarentcrno roro, uro
ceancontn knmu ncnontsyercx konkpernon napon nontsonarenen . Bosmoxnocrt nponepxn nonnnnoc1n xnmuen
xnnxercx rnannon n +ron cncreme. Xorx n cncreme ne ncnontsyercx kpnnrorpa|nx c orkptrtmn knmuamn , ona no-
epxnnaer nosmoxnocrt, noxoxym na nn|ponym nonnct : knmu moxer trt npncnan rontko ns konkpernoro n c-
rounnka n npounran rontko n konkpernom mecre nasnauennx .
24.2 MITRENET
Onon ns camtx pannnx peannsannn kpnnrorpa|nn c orkptrtmn knmuamn tna +kcnepnmenrantnax cncrema
MEMO (MITRE Encrypted Mail Office, Bn|ponannoe nouronoe orenenne). MITRE - +ro tna komana ymntx
napnen, paorammax no sakasy Mnnncrepcrna oopont. MEMO cnyxnna cncremon esonacnon +nekrponnon nou-
rt nx nontsonarenen cern MITRENET n ncnontsonana kpnnrorpa|nm c orkptrtmn knmuamn nx omena kn m-
uamn n DES nx mn|ponannx |annon.
B cncreme MEMO nce orkptrte knmun xpanxrcx n Henrpe pacnpeenennx orkptrtx knmuen (Public Key Dis-
tribution Center), koroptn xnnxercx orentntm ysnom cern. Knmun xpanxrcx n crnpaemom nepenporpammnpyemom
H3V, urot ne art nsmennrt nx. 3akptrte knmun renepnpymrcx nontsonarenxmn cncremt.
urot nontsonarent mor ornpannxrt esonacnte coomennx , cncrema cnauana ycranannnnaer esonacnoe c o-
ennenne c Henrpom pacnpeenennx orkptrtx knmuen . Hontsonarent sanpamnnaer n Henrpe |ann ncex orkptrtx
knmuen. Ecnn nontsonarent npoxonr nenrn|nkannm c ncnontsonannem ero sakptroro knmua, Henrp nepectn a-
er sanpomenntn cnncok na paouym crannnm nontsonarenx . nx oecneuennx nenocrnocrn cnncok mn|pyercx c
nomomtm DES.
nx mn|ponannx coomennn ncnontsyercx DES. nx mn|ponannx |annon cncrema renepnpyer cnyuanntn
knmu DES, nontsonarent mn|pyer |ann knmuom DES, a knmu DES - orkptrtm knmuom nonyuarenx. 3amn|po-
nanntn |ann n knmu ornpannxmrcx nonyuarenm.
MEMO ne npeycmarpnnaer mep npeocropoxnocrn npornn norept knmuen . Cymecrnymr nekoropte cpecrna
nponepkn nenocrnocrn coomennn c ncnontsonannem konrpontntx cymm . B cncremy ne ncrpoent cpecrna npo-
nepkn nonnnnocrn.
Hpexe, uem cncrema tna peannsonana, tna okasana neesonacnocrt konkpernon peannsannn cncremt o r-
kptrtx knmuen n MEMO - omena knmuamn no cxeme Diffie-Hellman na GE(2
127
) (cm. pasen 11.6), xorx ne-
rpyno nsmennrt cncremy, urot moxno tno ncnontsonart ontmne uncna . MEMO tna nsoperena rnanntm
opasom nx +kcnepnmenrantntx nenen n nnkora ne ncnontsonanact n peantnon cncreme MITRENET.
24.3 ISDN
Bell-Northern Research paspaorana nporornn esonacnoro rene|onnoro repmnnana ISDN (Integrated Services
Digital Network, Hn|ponax cert c nnrerpnponannem ycnyr) |499, 1192, 493, 500]. Kak rene|onntn annapar, rep-
mnnan ocrancx na yponne nporornna. B pesyntrare noxnnncx Vponent esonacnocrn nakeron anntx ( Packet Data
Security Overlay). Tepmnnan ncnontsyer cxemy omena knmuamn Diffie-Hellman, nn|ponte nonncn RSA n DES
nx mn|ponannx anntx. On moxer nepeanart n npnnnmart peut n annte co ck opocrtm 64 Knr/c.
Kumuu
B rene|on ncrpoena napa "orkptrtn knmu/sakptrtn knmu" nx nnrentnoro ncnontsonannx . 3akptrtn knmu
xpannrcx n ycronunnom or nckptrnx moyne rene|ona . Orkptrtn knmu cnyxnr nx nenrn|nkannn rene|ona .
3rn knmun xnnxmrcx uacrtm camoro rene|onnoro annapara n ne moryr trt nsmenent .
Kpome roro, n rene|one xpanxrcx eme na orkptrtx knmua . Onnm ns nnx xnnxercx orkptrtn knmu nnaen t-
na annapara. 3ror knmu ncnontsyercx nx nponepkn nonnnnocrn koman nnaentna, on moxer trt nsmenen no
komane, nonncannon nnaentnem. Tak nontsonarent moxer nepeart komy-ro pyromy npano nnaennx annap a-
rom.
B rene|one rakxe xpannrcx orkptrtn knmu cern. On ncnontsyercx nx nponepkn nonnnnocrn koman ann a-
parypt ynpannennx certm n nponepkn nonnnnocrn ntsonon or pyrnx nontsonarenen cern . 3ror knmu rakxe
moxno nsmennrt komanon, nonncannon nnaentnem. 3ro nosnonxer nnaentny menxrt cert, k koropon nokn m-
uen ero annapar.
3rn knmun paccmarpnnamrcx kak knmun nnrentnoro nontsonannx - onn menxmrcx peko, ecnn noome men x-
mrcx. B rene|one rakxe xpannrcx napa "orkptrtn knmu/sakptrtn knmu" nx kparkocpounoro ncnontsonannx .
Onn ncrpoent n ceprn|nkar, nonncanntn nenrpom ynpannennx knmuamn . na rene|ona omennnamrcx ceprn|n-
karamn npn ycranonnennn coennennx. Honnnnocrt +rnx ceprn|nkaron yocronepxercx orkptrtm knmuom cern .
Omen ceprn|nkaramn n nx nponepka ntnonnxmrcx rontko npn ycranonnennn esonacnoro coennennx mexy
annaparamn. nx ycranonnennx esonacnoro coennennx mexy nmtmn nporokon coepxnr ononnnrentntn
komnonenr. B annaparnom xnmue saanrannu, koroptn ncrannxercx n rene|on nnaentnem, xpannrcx sakptrtn
knmu nnaentna, samn|ponanntn cekperntm naponem, nsnecrntm rontko nnaentny (ero ne snaer nn rene|onntn
annapar, nn nenrp ynpannennx certm, nn eme kro-nnyt) . Knmu saxnrannx rakxe coepxnr ceprn|nkar, non n-
canntn nenrpom ynpannennx certm, n koroptn nknmuent orkptrtn knmu nnaentna n nekoropax nenrn|nkan n-
onnax nn|opmannx (nmx, komnannx, cnennantnocrt, crenent onycka, nmnmte copra nnnnt, cekcyantnax opnen-
rannx n npouee). Bce +ro rakxe samn|ponano. nx emn|pnponannx +ron nn|opmannn n nnoa ee n rene|on
nontsonarent nnonr cnon cekperntn napont c knannarypt annapara . Tene|onntn annapar ncnontsyer +ry nn-
|opmannm nx coennennx, no ona yanxercx nocne roro, kak nontsonarent nsnneuer cnon knmu saxnrannx .
B rene|one rakxe xpannrcx naop ceprn|nkaron, ntanntx nenrpom ynpannennx certm . 3rn ceprn|nkart
yocronepxmr npano konkperntx nontsonarenen nontsonartcx konkperntmn rene|onntmn annaparamn .
Bmsoe
Btson Foa Anncon nponcxonr cneymmnm opasom.
(1) Annca ncrannxer n rene|on cnon knmu saxnrannx n nnonr cnon napont .
(2) Tene|on onpamnnaer knmu saxnrannx, urot onpeennrt nnunocrt Annct n ntart en cnrnan "nnnnx cno-
ona".
(3) Tene|on nponepxer cnon naop ceprn|nkaron, nponepxx, uro Annca nmeer npano ncnontsonart +ror annapar .
(4) Annca nanpaer nomep, rene|on onpeenxer apecara snonka .
(5) na rene|ona ncnontsymr nporokon omena knmuamn na ase kpnnrorpa|nn c orkptrtmn knmuamn, urot
renepnponart ynnkantntn n cnyuanntn ceancontn knmu . Bce nocneymmne +rant nporokona mn|pymrcx c
nomomtm +roro knmua.
(6) Tene|on Annct nepeaer cnon ceprn|nkar n nenrn|nkarop nontsonarenx .
(7) Tene|on Foa nponepxer nonncn ceprn|nkara n nenrn|nkaropa nontsonarenx, ncnontsyx orkptrtn knmu
cern.
(8) Tene|on Foa nnnnnnpyer nocneonarentnocrt sanpocon/orneron . nx +roro neoxonmo n peantnom npe-
menn (ne nosnee saannon saepxkn) ornpannxrt nonncannte ornert na sanpoct . (3ro nomemaer sno-
ymtmnennnky ncnontsonart ceprn|nkart, ckonnponannte ns npetymero omena .) Onn orner onxen
trt nonncan sakptrtm knmuom rene|ona Annct, a pyron - sakptrtm knmuom Annct .
(9) Ecnn Foa ner y rene|ona, ro ero rene|on snonnr .
(10) Ecnn Fo oma, on ncrannxer n rene|on cnon knmu saxnrannx . Ero rene|on onpamnnaer knmu saxnrannx n
nponepxer ceprn|nkar Foa, kak na +ranax (2) n (3).
(11) Fo nepeaer cnon ceprn|nkar n nenrn|nkarop nontsonarenx .
(12) Tene|on Annct nponepxer nonncn Foa, kak na +rane (7) n nnnnnnpyer nocneonarentnocrt sanpo-
con/orneron, kak na +rane (8).
(13) Oa rene|ona ntnoxr na cnon +kpant nnunocrt n nomep rene|ona pyroro nontsonarenx .
(14) Haunnaercx esonacntn pasronop.
(15) Kora ona ns cropon nemaer rpyky, yanxmrcx ceancontn knmu, a rakxe ceprn|nkart, koropte rene|on
Foa nonyunn or rene|ona Annct, n ceprn|nkart, koropte rene|on Annct nonyunn or rene|ona Foa .
Kaxtn knmu DES ynnkanen nx kaxoro snonka. On cymecrnyer rontko nnyrpn nyx rene|onntx annaparon
n rontko n reuenne pasronopa, a nocne ero okonuannx nemenenno ynnuroxaercx. Ecnn snoymtmnennnk oyer
onn nnn oa yuacrnonanmnx n pasronope annapara, on ne cmoxer pacmn|ponart nn onn npemecrnymmnn pa s-
ronop, n koropom yuacrnonann +rn na annapara .
24.4 STU-III
STU oosnauaer "Secure Telephone Unit" (Fesonacntn rene|onntn moynt), paspaoranntn n NSA esonac-
ntn rene|on. Ho pasmepam n |opme +ror moynt nourn rakon xe, kak n otuntn rene|on, n moxer trt ncnon t-
sonan rakxe, kak n otuntn rene|on. Annapart ycronunnt k nsnomy, es knmua onn paoramr kak necekpernte .
Onn rakxe nknmuamr nopr nepeaun anntx n nomnmo nepeaun peun moryr trt ncnontsonant nx esonacnon
nepeaun anntx no moemnomy kanany |1133].
Vnr|nn n||n onncan STU-III n |494]:
urot nosnonnrt, ncnontsyx STU-III, snonxmnn cnauana otuntm opasom snonnr na pyron STU-III, sarem ncrannxer no-
xoxee na knmu ycrponcrno, coepxamee kpnnrorpa|nueckym nepemennym, n naxnmaer knonky "cekpernte neperonopt" ( "go se-
cure"). Cnycrx npnmepno 15 cekyn saepxkn, nyxnon nx kpnnrorpa|nueckon nacrponkn , kaxtn rene|on ntnonr na +kpan
nn|opmannm o nnunocrn n onycke pyron cropont, n pasronop moxer naunnartcx .
Fecnpeneenrntm marom tn oxnnenne Vonrepa nnn (Walter Deeley), samecrnrenx npekropa NSA no esonacnocrn
kommynnkannn, o STU-III nnn yymen cncreme esonacnon ronoconon cnxsn n +kcknmsnnnom nnrepntm, annom The New York
Times |282]. Inannon nentm nonon cncremt tno npeocrannrt Mnnncrepcrny oopont CBA n ero nopxunkam cpecrna
esonacnon nepeaun peun n esonacnon nnskockopocrnon nepeaun anntx. B nnrepntm ne tno mnoro ckasano o paore cn c-
remt, no nocrenenno nn|opmannx nauana noxnnxrtcx. B nonon cncreme ncnontsymrcx orkptrte knmun.
O nonom noxoe k pacnpeenennm knmuen tno pacckasano n |68], n onon crarte ronopnnoct o rene|onax,
"nepenporpammnpyemtx pas n ro no esonacnomy rene|onnomy kanany ", uro nectma nepoxrno npenonaraer ncnontsonanne
nporokona nponepkn ceprn|nkaron, ananornunoro onncannomy |n pasene 24.3], koroptn mnnnmnsnpyer nx rene|onon neoxo-
nmocrt omartcx c nenrpom ynpannennx knmuamn . Hocnenne nsnecrnx tnn onee nn|opmarnnntmn , n nnx pacckastnanoct o
cncreme ynpannennx knmuamn, nasnannon EIREELY, koropax |1341] "paspaorana na ase rexnonornn orkptrtx knmuen n nc-
nontsyercx nx pacnpeenennx knmuen mn|ponannx nonapnoro rpa|nka". H +ro onncanne, n cnnerentckne nokasannx, annte
Konrpeccy CBA hn Htmnnprom ( Lee Neuwirth) ns Cylink |1164] npenonaramr ncnontsonanne komnnannn omena knmuamn n
ceprn|nkaramn, ananornunoro ncnontsyemomy n esonacntx rene|onax ISDN. Bectma nepoxrno, uro EIREELY rakxe ocnonana
na nosneennn n crenent.
STU-III nponsnoxrcx AT&T n GE. 3a 1994 ro tno ntnymeno 300000-400000 mryk . Honax nepcnx, Secure
Terminal Equipment (STE, Fesonacntn repmnnan), yer paorart no nnnnxm ISDN.
24.5 KERBEROS
Kerberos npecrannxer coon paspaoranntn nx ceren TCP/IP nporokon nponepkn nonnnnocrn c onepennon
rperten croponon. Cnyxa Kerberos, paorammax n cern, encrnyer kak onepenntn nocpennk, oecneunnax
esonacnym cerenym nponepky nonnnnocrn, ammym nontsonarenm nosmoxnocrt paorart na neckontknx mam n-
nax cern. Kerberos na cnmmerpnunon kpnnrorpa|nn (peannsonan DES, no nmecro nero moxno ncnontsonart n py-
rne anropnrmt). Hpn omennn c kaxtm oekrom cern Kerberos ncnontsyer ornnuntn omnn cekperntn knmu,
n snanne +roro cekpernoro knmua pannocnntno nenrn|nkannn oekra .
Kerberos tn nepnonauantno paspaoran n MTH nx npoekra A|nna . Moent Kerberos ocnonana na nporokone
Needham-Schroeder c onepennon rperten croponon (cm. pasen 3.3) |1159]. Opnrnnantnax nepcnx Kerberos, Bep-
cnx 4, onpeenena n |1094, 1499]. (Bepcnn c 1 no 3 tnn nnyrpennnmn paounmn nepcnxmn .) Bepcnx 5, mon|nka-
nnx Bepcnn 4, onpeenena n |876, 877, 878]. hyumnm osopom no Kerberos xnnxercx |1163]. pyrne osopnte cra-
rtn - |1384, 1493], ncnontsonanne Kerberos n peantnom mnpe xopomo onncano n |781, 782].
Moeuo Kerberos
Fasontn nporokon Kerberos tn cxemarnuno onncan n pasene 3.3. B moenn Kerberos cymecrnymr pacnono-
xennte n cern oekrt - knnenrt n cepnept. Knnenramn moryr trt nontsonarenn, no moryr n nesanncnmte np o-
rpammt, ntnonnxmmne cneymmne encrnnx : sarpysky |annon, nepeauy coomennn, ocryn k asam anntx,
ocryn k npnnepam, nonyuenne amnnncrparnnntx npnnnnernn, n r.n.
Kerberos xpannr asy anntx knnenron n nx cekperntx knmuen . nx nontsonarenen-nmen cekperntn knmu
xnnxercx samn|ponanntm naponem. Cerente cnyxt, rpeymmne nponepkn nonnnnocrn, n knnenrt, koropte
xorxr ncnontsonart +rn cnyxt, perncrpnpymr n Kerberos cnon cekpernte knmun.
Tak kak Kerberos snaer nce cekpernte knmun, on moxer cosanart coomennx, yexammne onn oekr n
nonnnnocrn pyroro. Kerberos rakxe cosaer ceanconte knmun, koropte ntamrcx knnenry n cepnepy (nnn nym
knnenram) n nnkomy ontme. Ceancontn knmu ncnontsyercx nx mn|ponannx coomennn, koroptmn omennn a-
mrcx ne cropont, n ynnuroxaercx nocne okonuannx ceanca .
nx mn|ponannx Kerberos ncnontsyer DES. Kerberos nepcnn 4 oecneunnan necranaprntn, cnatn pexnm
nponepkn nonnnnocrn - on ne mor onpeennrt onpeenenntn nsmenennx mn|porekcra (cm. pasen 9.10). Kerberos
nepcnn 5 ncnontsyer pexnm CBC.
5
4
3 2
1
Kerberos
Knueuf
1. 8anpoc raupafa ua eLpeneuue raupafa
2. Maupaf eLpeneuun raupafa
3. 8anpoc raupafa cepeepa
4. Maupaf cepeepa
5. 8anpoc ycnyru
TGS
Cepeep
Pnc. 24-1. 31anm nponepxn nonnnnoc1n Kerberos
Kar paomaem Kerberos
B +rom pasene paccmarpnnaercx Kerberos nepcnn 5. Hnxe x opncym pasnnunx mexy nepcnxmn 4 n 5 . Hporo-
kon Kerberos npocr (cm. 23rd). Knnenr sanpamnnaer y Kerberos manar na opamenne k Cnyae nmenennu uan-
a1on (Ticket-Granting Service, TGS). 3ror manar, samn|ponanntn cekperntm knmuom knnenra, noctnaercx
knnenry. nx ncnontsonannx konkpernoro cepnepa knnenr sanpamnnaer y TGS manar na opamenne k cepnepy.
Ecnn nce n nopxke, TGS noctnaer manar knnenry. 3arem knnenr npexnnxer cepnepy +ror manar nmecre c y o-
cronepennem. H cnona, ecnn arpnyrt knnenra npannntnt, cepnep npeocrannxer knnenry ocryn k ycnyre .
Tan. 24-1.
Tannna coxpamennn Kerberos
c knnenr
s cepnep
a cerenon apec knnenra
v nauano n okonuanne npemenn encrnnx manara
t merka npemenn
K
x
cekperntn knmu x
K
x,v
ceancontn knmu nx x n v
(m)K
x
m, mn|ponannoe cekperntm knmuom x
T
x,v
manar x na ncnontsonanne v
A
x,v
yocronepenne x nx v
Ampuymm
Kerberos ncnontsyer na rnna arpnyron: uana1m n yoc1onepennu. (B antnenmem n +rom pasene yer
ncnontsonartcx norannx, ncnontsyemax n okymenrax Kerberos - cm. 23-n.) Manar ncnontsyercx nx esonacnon
nepeaun cepnepy nnunocrn knnenra, koropomy ntan +ror manar . B nem rakxe coepxnrcx nn|opmannx, kor o-
pym cepnep moxer ncnontsonart nx nponepkn roro, uro knnenr, ncnontsymmnn manar, - +ro nmenno ror knnenr,
koropomy +ror manar tn ntan. Vocronepenne - +ro ononnnrentntn arpnyr, npexnnxemtn nmecre c ma n-
arom. Manar Kerberos nmeer cneymmym |opmy:
T
c,s
s, c, a, v, K
c,s
}K
s
.
Manar xopom nx onoro cepnepa n onoro knnenra . On coepxnr nmx knnenra, ero cerenon apec, nmx ce p-
nepa, merky npemenn n ceancontn knmu. 3ra nn|opmannx mn|pyercx cekperntm knmuom cepnepa . Ecnn knnenr
nonyunn manar, on moxer ncnontsonart ero nx ocryna k cepnepy mnoro pas - noka ne ncreuer cpok encrnnx
manara. He moxer pacmn|ponart manar (on ne snaer cekpernoro knmua cepnepa), no on moxer npexnnrt ero
cepnepy n samn|ponannon |opme. Hpounrart nnn nsmennrt manar npn nepeaue ero no cern nenosmoxno . Vo-
cronepenne Kerberos nmeer cneymmym |opmy:
A
c,s
c, t, r.r:}K
c,s
Knnenr cosaer ero kaxtn pas, kora emy nyxno nocnontsonartcx ycnyramn cepnepa . Vocronepenne coep-
xnr nmx knnenra, merky npemenn n neoxsarentntn ononnnrentntn ceancontn knmu , nce +rn annte mn|pymr-
cx ceancontm knmuom, omnm nx knnenra n cepnepa . B ornnune or manara yocronepenne ncnontsyercx rontko
onn pas. Onako +ro ne nponema, rak kak knnenr moxer renepnponart yocronepennx no mepe naonocrn (emy
nsnecren omnn cekpernte knmu) .
Hcnontsonanne yocronepennx npecneyer ne nenn . Bo nepntx, ono coepxnr nekoroptn orkptrtn rekcr,
samn|ponanntn ceancontm knmuom. 3ro okastnaer, uro knnenry nsnecren knmu. uro ne menee naxno, samn|-
ponanntn orkptrtn rekcr nknmuaer merky npemenn. 3noymtmnennnk, koropomy yanoct sanncart n manar, n
yocronepenne, ne cmoxer ncnontsonart nx cnycrx na nx .
Cooueuua Kerberos eepcuu 5
B Kerberos nepcnn 5 ncnontsyercx nxrt coomennn (cm. 23-n):
1. Knnenr-Kerberos: c,tgs
2. Kerberos-knnenr: K
c,tgs
}K
c
, T
c,tgs
}K
tgs
3. Knnenr-TGS: A
c,s
}K
c,tgs
T
c,tgs
} K
tgs,s
4. TGS-knnenr: K
c,s
}K
c,tgs
T
c,s
}K
s
5. Knnenr-cepnep: A
c,s
}K
c,s
T
c,s
}K
s
Tenept paccmorpnm ncnontsonanne +rnx coomennn nopono .
Houyueuue nepeouauauouoeo auama
V knnenra ecrt uacrt nn|opmannn, okastnammen ero nnunocrt - ero napont . Honxrno, uro ne xouercx sa-
crannxrt knnenra nepeanart napont no cern. Hporokon Kerberos mnnnmnsnpyer nepoxrnocrt komnpomerannn na-
ponx, no npn +rom ne nosnonxer nontsonarenm npannntno nenrn|nnnponart cex, ecnn on ne snaer naponx .
Knnenr noctnaer coomenne, coepxamee ero nmx n nmx ero cepnepa TGS na cepnep nponepkn nonnnnocrn
Kerberos. (moxer trt neckontko cepnepon TGS.) Ha npakrnke nontsonarent, ckopee ncero, npocro nnonr cnoe
nmx n nporpamma nxoa n cncremy noctnaer sanpoc .
Cepnep nponepkn nonnnnocrn Kerberos nmer annte o knnenre n cnoen ase anntx. Ecnn nn|opmannx o
knnenre ecrt n ase anntx, Kerberos renepnpyer ceancontn knmu, koroptn yer ncnontsonartcx nx omena
anntmn mexy knnenrom n TGS. On nastnaercx Mana1ou na nmenenne uana1a (Ticket Granting Ticket,
TGT). Kerberos mn|pyer +ror ceancontn knmu cekperntm knmuom knnenra . 3arem on cosaer nx knnenra TGT,
okastnammnn nonnnnocrt knnenra TGS, n mn|pyer ero cekperntm knmuom TGS. Cepnep nponepkn nonnnno-
crn noctnaer +rn na samn|ponanntx coomennx knnenry .
Tenept knnenr pacmn|pontnaer nepnoe coomenne n nonyuaer ceancontn knmu . Cekperntn knmu xnnxercx
ononanpannennon x+m-|ynknnen knnenrckoro naponx , no+romy y sakonnoro nontsonarenx ne yer nnkaknx np o-
nem. Camosnanen ne snaer npannntnoro naponx n, cneonarentno, ne moxer pacmn|ponart orner cepnepa np o-
nepkn nonnnnocrn. ocryn sanpemaercx, n camosnanntn knnenr ne moxer nonyunrt manar nnn ceancontn
knmu.
Knnenr coxpanxer TGT n ceancontn knmu, crnpax napont n x+m-snauenne . 3ra nn|opmannx ynnuroxaercx nx
ymentmennx nepoxrnocrn komnpomerannn. Ecnn npar nontraercx ckonnponart namxrt knnenra, on nonyunr rontko
TGT n ceancontn knmu. 3rn annte naxnt, no rontko na npemx xnsnn TGT. Kora cpok encrnnx TGT ncreuer,
+rn cneennx cranyr eccmtcnenntmn. Tenept n reuenne npemenn xnsnn TGT knnenr moxer okastnart TGS
cnom nonnnnocrt.
Houyueuue cepeepumx auamoe
Knnenry rpeyercx nonyunrt orentntn manar nx kaxon nyxnon emy ycnyrn . TGS ntenxer manart nx
orentntx cepnepon.
Kora knnenry nyxen manar, koroporo y nero noka ner, on noctnaer sanpoc k TGS. (Ha npakrnke nporpamma,
ckopee ncero, enaer +ro anromarnueckn n nesamerno nx nontsonarenx .)
TGS, nonyunn sanpoc, pacmn|pontnaer TGT cnonm cekperntm knmuom. 3arem TGS ncnontsyer nknmuenntn n
TGT ceancontn knmu, urot pacmn|ponart yocronepenne . Hakonen TGS cpannnnaer nn|opmannm yocronepe-
nnx c nn|opmannen manara, cerenon apec knnenra c apecom ornpannrenx sanpoca n merky npemenn c rekymnm
npemenem. Ecnn nce connaaer, TGS paspemaer ntnonnenne sanpoca.
Hponepka merok npemenn npenonaraer, uro uact ncex komntmrepon cnnxponnsnponant, no kpannen mepe c
rounocrtm o neckontknx mnnyr. Ecnn npemx, ykasannoe n sanpoce, orcronr or rekymero momenra cnnmkom an e-
ko n npomnoe nnn n yymee, TGS cunraer sanpoc nontrkon nonropennx npetymero sanpoca . TGS onxna rak-
xe orcnexnnart npannntnocrt cpokon encrnnx yocronepennn , rak kak ycnyrn cepnepa moryr sanpamnnartcx ne-
ckontko pas nocneonarentno c onnm manarom, no pasntmn yocronepennxmn . pyron sanpoc c rem xe mana-
rom n yxe ncnontsonannon merkon npemenn yocronep ennx yer orneprnyr.
B orner na npannntntn sanpoc TGS nosnpamaer npannntntn manar, koroptn knnenr moxer npexnnrt ce p-
nepy. TGS rakxe cosaer nontn ceancontn knmu nx knnenra n cepnepa , samn|ponanntn ceancontm knmuom,
omnm nx knnenra n TGS. Oa +rnx coomennx ornpannxmrcx knnenry. Knnenr pacmn|pontnaer coomenne n
nsnnekaer ceancontn knmu.
3anpoc ycuyeu
Tenept knnenr moxer okasart cnom nonnnnocrt cepnepy . On cosaer coomenne, ouent noxoxee na ro, kor o-
poe noctnanoct TGS (n +ro nonxrno, rak kak TGS - roxe ycnyra).
Knnenr cosaer yocronepenne, cocroxmee ns ero nmenn, cerenoro apeca n merkn npemenn, samn|ponannoe
ceancontm knmuom, koroptn tn renepnponan TGS nx ceanca knnenra n cepnepa. 3anpoc cocronr ns manara,
nonyuennoro or Kerberos (yxe samn|ponannoro cekperntm knmuom cepnepa ) n samn|ponannoro nenrn|nkaropa.
Cepnep pacmn|pontnaer n nponepxer manar n yocronepenne, kak yxe ocyxanoct, a rakxe nponepxer apec
knnenra n merky npemenn. Ecnn nce n nopxke, ro cepnep ynepen, uro, cornacno Kerberos, knnenr - nmenno ror, sa
koro on cex ntaer.
Ecnn npnnoxenne rpeyer nsanmnon nponepkn nonnnnocrn, cepnep noctnaer knnenry coomenne, cocroxmee
ns merkn npemenn, samn|ponannon ceancontm knmuom. 3ro okastnaer, uro cepnepy nsnecren npannntntn ce k-
perntn knmu, n on moxer pacmn|ponart manar n yocronepenne .
Hpn neoxonmocrn knnenr n cepnep moryr mn|ponart antnenmne coomennx omnm knmuom . Tak kak +ror
knmu nsnecren rontko nm, onn oa moryr trt ynepent, uro nocnenee coomenne, samn|ponannoe +rnm knmuom,
ornpanneno pyron croponon.
Kerberos eepcuu 4
B npetymnx pasenax paccmarpnnancx Kerberos nepcnn 5. Bepcnx 4 nemnoro ornnuaercx coomennxmn n
koncrpyknnen manaron n yocronepennn. B Kerberos nepcnn 4 ncnontsymrcx cneymmne nxrt coomennn:
1. Knnenr-Kerberos: c,tgs
2. Kerberos-knnenr: K
c,tgs
T
c,tgs
}K
tgs
}K
c
,
3. Knnenr-TGS: A
c,s
}K
c,tgs
T
c,tgs
} K
tgs,s
4. TGS-knnenr: K
c,s
T
c,s
}K
s
}K
c,tgs
5. Knnenr-cepnep: A
c,s
}K
c,s
T
c,s
}K
s
T
c,s
s, c, a, v, l, K
c,s
}K
s
A
c,s
c, a, t} K
c,s
Coomennx 1,3 n 5 ne nsmennnnct. nonnoe mn|ponanne manara na +ranax 2 n 4 n nepcnn 5 tno ycrpaneno.
Manart nepcnn 5 ononnnrentno nknmuamr nosmoxnocrt ncnontsonart neckontko apecon, a none "npemx xn s-
nn", l, sameneno npemenem nauana n okonuannx. B yocronepenne nepcnn nxrt oannena nosmoxnocrt nknmuennx
ononnnrentnoro knmua.
Besonacuocmo Kerberos
Crnn Fennonnn (Steve Bellovin) n Mankn Meppnrr (Michael Merritt) npoanannsnponann nekoropte norennn-
antnte yxsnnmte mecra Kerberos |108]. Xorx +ra paora tna nanncana npo nporokont nepcnn 4, mnorne ee sa-
meuannx npnmennmt n k nepcnn 5.
Bosmoxno k+mnponanne n nonropnoe ncnontsonanne craptx yocronepennn . Xorx merkn onxnt npeornpa-
rnrt nakym nosmoxnocrt, yocronepennx moryr ncnontsonartcx nonropno n reuenne npemenn xnsnn manara .
Hpenonaraercx, uro cepnept xpanxr nce npannntnte manart, urot onapyxnrt nonropt, no +ro ne ncera
nosmoxno. Kpome roro, npemx xnsnn tnaer ocrarouno ontmnm, uacro o noctmn uacon .
Hcnontsonanne yocronepennn ocnonant na rom, uro nce uact cern onee nnn menee cnnxponnsnponant . Ecnn
npemx komntmrepa yer ycranonneno nenpannntno , ro crapoe yocronepenne moxer trt ncnontsonano es np o-
nem. Fontmnncrno cerentx nporokonon noepxkn ennoro npemenn neesonacnt, no+romy rakax nosmoxnocrt
npecrannxer coon ceptesnym nponemy.
Kerberos rakxe uyncrnnrenen k nckptrnxm c yratnannem naponx . 3noymtmnennnk moxer sanncart manart
n sarem nontrartcx nx pacmn|ponart. He sayem, uro cpennn nontsonarent peko ntnpaer xopomnn napont .
Ecnn M+nnopn oyer ocrarouno manaron, y nero noxnxrcx nennoxne manct packptrt napont .
Bosmoxno camtm onacntm xnnxercx nckptrne, ncnontsymmee cnennantnoe nporpammnoe oecneuenne . Hpo-
rokont Kerberos nopasymenamr, uro nporpammnomy oecneuennm moxno onepxrt . Her cnocoa nomemart M+n-
nopn ncnornmka samennrt nce knnenrckoe nporpammnoe oecneuenne Kerberos rakon nepcnen, koropax nomnmo
ntnonnennx nporokonon Kerberos sannctnaer naponn. 3ro xnnxercx nponemon nx nmoro kpnnrorpa|nueckoro
nporpammnoro nakera, paorammero na neesonacnom komntmrepe , no mnpoko pacnpocrpanennoe ncnontsonanne
Kerberos n noontx cpeax enaer ero ocoenno npnnnekarentnon mnmentm .
Beyrcx paort na ynyumennem Kerberos, nknmuax moepnnsannm ynpannennx knmuamn c nomomtm kpnnr o-
rpa|nn c orkptrtmn knmuamn n nnrep|enca nnrennekryantntx kaprouek .
Buueusuu
Kerberos ne xnnxercx omeocrynntm, no ko MTH ocrynen cnoono . encrnnrentnax peannsannx n pao-
rammnx cncremax UNIX - +ro concem pyrax ncropnx. Px komnannn npoaer nepcnn Kerberos, no moxno nony-
unrt xopomym nepcnm ecnnarno or Cygnus Support, 814 University Ave., Pale Alto, CA, 94301; (415) 32,2.-3811;
fax: (415) 32.2.-3270.
24.6 KRYPTOKNIGHT
KryptoKnight (KpnnroPtnapt) xnnxercx cncremon nponepkn nonnnnocrn n pacnpeenennx knmuen, paspa o-
rannon n IBM. 3ro nporokon c cekperntm knmuom, ncnontsymmnn nno DES n pexnme CBC (cm. pasen 9.3) nnn
mon|nnnponannym nepcnm MD5 (cm. pasen 18.5). KryptoKnight noepxnnaer uertpe cepnnca esonacnocrn:
Hponepka nonnnnocrn nontsonarenx (nastnaemax enncrnennon nonnctm - single sign-on)
nycroponnxx nponepka nonnnnocrn
Pacnpeenenne knmuen
Hponepka nonnnnocrn coepxannx n nponcxoxennx anntx
C roukn spennx nontsonarenx, KryptoKnight noxox na Kerberos. Bor nekoropte ornnunx:
nx nponepkn nonnnnocrn n mn|ponannx manaron KryptoKnight ncnontsyer x+m-|ynknnm.
KryptoKnight ne ncnontsyer cnnxponnsnponanntx uacon, ncnontsymrcx rontko rekymne sanpoct (cm. pas-
en 3.3).
Ecnn Annce nyxno cnxsartcx c Foom, ona ns onnnn KryptoKnight nosnonxer Annce nocnart coomenne
Foy, a sarem nosnonxer Foy nauart nporokon omena knmuamn.
KryptoKnight, kak n Kerberos, ncnontsyer manart n yocronepennx. On coepxnr n TGS, no n KryptoKnight
nastnamrcx cepnepamn nponepkn nonnnnocrn. Paspaorunkn KryptoKnight norparnnn nemano ycnnnn, mnnnmn-
snpyx konnuecrno coomennn, nx pasmep n oem mn|ponannx. O KryptoKnight unranre n |1110, 173, 174, 175].
24.7 SESAME
SESAME osnauaer Secure European System for Applications in a Multivendor Environment - Fesonacnax enpo-
nenckax cncrema nx npnnoxennn n neonopontx cpeax . 3ro npoekr Enponenckoro coomecrna, na 50 nponen-
ron |nnancnpyemtn RACE (cm. pasen 25.7), rnannon nentm koropon xnnxercx paspaorka rexnonornn nx np o-
nepkn nonnnnocrn nontsonarenx npn pacnpeenennom konrpone ocryna . 3ry cncremy moxno paccmarpnnart kak
enponencknn napnanr Kerberos. Hpoekr cocronr ns nyx uacren: na nepnon crann paspaartnaercx asonax apx n-
rekrypa, a nropax cranx npecrannxer coon px kommepuecknx npoekron . Cneymmne rpn komnannn npnnnmamr
nanontmee yuacrne n paspaorke cncremt - ICL n Bennkopnrannn, Siemens n Iepmannn n Bull no upannnn.
SESAME npecrannxer coon cncremy nponepkn nonnnnocrn n omena knmuamn |361, 1248, 797, 1043]. Ona
ncnontsyer nporokon Needham-Schroeder, npnmenxx kpnnrorpa|nm c orkptrtmn knmuamn nx cnsn mexy pa s-
nnuntmn esonacntmn omenamn. B cncreme ecrt px ceptesntx nsxnon. Bmecro ncnontsonannx nacroxmero
anropnrma mn|ponannx n +ron cncreme npnmenxercx XOR c 64-nrontm knmuom. uro eme xyxe, n SESAME nc-
nontsyercx XOR n pexnme CBC, koroptn ocrannxer nesamn|ponanntm nononnny orkptroro rekcra . B samnry
paspaorunkon nao ckasart, uro onn conpannct ncnontsonart DES, no |pannysckoe npannrentcrno ntpasnno
neyonontcrnne no +romy nonoy. Onn yrnepnnn ko c DES, no sarem ypann ero. 3ra cncrema menx ne nneuarnn-
na.
Oroxecrnnenne n SESAME xnnxercx |ynknnen nepnoro noka, a ne ncero coomennx . B pesyntrare +roro ro-
xecrnennocrt coomennn yer nponepena no cnonam "Dear Sir'', a ne no ncemy coepxannm coomennn. Ienepa-
nnx knmuen cocronr ns nyx ntsonon |ynknnn rand onepannonnon cncremt UNIX, koropax concem ne cnyuanna. B
kauecrne ononanpannenntx x+m-|ynknnn SESAME ncnontsyer crc32 n MD5. H koneuno, SESAME noono
Kerberos uyncrnnrentna k yratnannm naponen.
24.8 Oman kpnn1orpaqnueckan apxn1ek1ypa IBM
Omax kpnnrorpa|nueckax apxnrekrypa ( Common Cryptographic Architecture, CCA) tna paspaorana kom-
nannen IBM, urot oecneunrt kpnnrorpa|nueckne npnmnrnnt nx kon|nennnantnocrn, nenocrnocrn, ynpann e-
nnx knmuamn n opaorkn nepconantnoro nenrn|nkannonnoro koa (PIN) |751, 784, 1025, 1026, 940, 752].
Vnpannenne knmuamn nponcxonr c nomomtm nekropon ynpannennx ( control vector, CV) (cm. pasen 8.5). Kaxo-
my knmuy coornercrnyer CV, c koroptm knmu oennen onepannen XOR. Knmu n CV pasenxmrcx rontko n
esonacnom annaparnom moyne. CV npecrannxer coon crpykrypy anntx, oecneunnammym nnrynrnnnoe n o-
nnmanne npnnnnernn, cnxsanntx c konkperntm knmuom.
Orentnte nrt CV onaamr konkperntm cmtcnom npn ncnontsonannn kaxoro knmua, npnmenxemoro n
CGA. CV nepeamrcx nmecre c samn|ponanntm knmuom n crpykrypax anntx, nastnaemtx knmuentmn mapk e-
pamn (key token). Bnyrpennne knmuente mapkept ncnontsymrcx nokantno n coepxar knmun, mn|ponannte n o-
kantntm rnanntm knmuom (master key, MK). Bnemnne knmuente mapkept ncnontsymrcx nx mn|ponanntmn
knmuamn mexy cncremamn. Knmun no nnemnnx knmuentx mapkepax samn|ponant knmuamn mn|ponannx kn m-
uen (key-encrypting key, KEK). Vnpannenne KEK ocymecrnnxercx c nomomtm nnyrpennnx knmuentx mapkepon .
Knmun pasenxmrcx na rpynnt n coornercrnnn c nx ncnontsonannem .
nnna knmua rakxe saaercx npn nomomn nron CV. Knmun onnapnon nnnt - 56-nronte - ncnontsymrcx
nx raknx |ynknnn, kak oecneuenne kon|nennnantnocrn n coomennn. Knmun nonnon nnnt - 112-nronte -
npnmenxmrcx nx ynpannennx knmuamn, |ynknnn PIN n pyrnx cnennantntx nenen. Knmun moryr trt DOU-
BLE-ONLY (rontko nonnte), npante n nente nononnnt koroptx onxnt trt pasnnunt , DOUBLE (nonnte)
nononnnt koroptx moryr cnyuanno connacrt , SINGLE-REPLICATED (onnapnte-nonropennte), n koroptx npa-
nte n nente nononnnt pannt, nnn SINGLE (onnapnte), coepxamne rontko 56 nron. CGA onpeenxer anna-
parnym peannsannm onpeenenntx rnnon knmuen, ncnontsyemtx nx nekoroptx onepannn .
CV nponepxercx n esonacnom annaparnom moyne : nx kaxon |ynknnn CGA nekrop onxen coornercrnonart
onpeenenntm npannnam. Ecnn CV ycnemno npoxonr nponepky, ro npn nomomn XOR KEK nnn MK c CV nony-
uaercx napnanr KEK nnn MK, n nsnneuenntn knmu nx emn|pnponannx orkptroro rekcra coomennx ncnonts y-
ercx rontko npn ntnonnennn |ynknnn CGA. Hpn renepannn nontx knmuen CV saaer cnoco ncnontsonannx cos-
annoro knmua. Komnnannn rnnon knmuen, koropte moryr trt ncnontsonant nx nckptrnx cncremt, ne co s-
amrcx n CGA-conmecrnmtx cncremax n ne nmnoprnpymrcx n nnx.
nx pacnpeenennx knmuen CGA npnmenxer komnnannm kpnnrorpa|nn c orkptrtmn knmuamn n kpnnrorp a-
|nn c cekperntmn knmuamn. KDC mn|pyer ceancontn knmu nx nontsonarenx cekperntm rnanntm knmuom, pa s-
enxemtm c +rnm nontsonarenem. Pacnpeenenne rnanntx knmuen nponcxonr c nomomtm kpnnrorpa|nn c o r-
kptrtmn knmuamn.
Paspaorunkn cncremt ntpann rakon rnpnntn noxo no nym npnunnam . Hepnon ns nnx xnnxercx +||ek-
rnnnocrt. Kpnnrorpa|nx c orkptrtmn knmuamn rpeyer ontmnx ntuncnnrentntx pecypcon, ecnn ceanconte
knmun pacnpeenxmrcx c nomomtm kpnnrorpa|nn c orkptrtmn knmuamn, cncrema moxer nonncnyrt. Bropon
npnunnon xnnxercx oparnax conmecrnmocrt, cncrema moxer trt c mnnnmantntmn nocnecrnnxmn ycranonnena
nonepx cymecrnymmnx cxem c cekperntmn knmuamn .
CGA-cncremt npoekrnponannct rak, urot onn mornn nsanmoencrnonart c pasnnuntmn pyrnmn cncremamn .
Hpn konrakre c neconmecrnmtmn cncremamn |ynknnx rpancnxnnn nekropa ynpannennx (Control Vector Translate,
CVXLT) nosnonxer cncremam omennnartcx knmuamn. Hnnnnannsannx |ynknnn CVXLT rpeyer konrponx c oe-
nx cropon. Kaxax ns nnx onxna nesanncnmo ycranonnrt nyxnte rannnt rpancnxnnn . Takon nonnon konrpont
oecneunnaer ntcokym crenent naexnocrn, kacammencx nenocrnocrn n nponcxoxennx knmuen, nmnoprnpyemtx
n cncremy.
Tnn knmua DATA noepxnnaercx nx conmecrnmocrn c pyrnmn cncremamn . Knmu rnna DATA xpannrcx
nmecre c coornercrnymmnm CV, ykastnammnm, uro +ro knmu rnna DATA. Knmun rnna DATA moryr ncnontso-
nartcx ocrarouno mnpoko, n no+romy k nnm nyxno ornocnrtcx c noospennem n ncnontsonart nx c ocropoxn o-
crtm. Knmun rnna DATA nentsx ncnontsonart nn nx kaknx |ynknnn ynpannennx knmu amn.
Annaparypa sakptrnx kommepuecknx anntx (Commercial Data Masking Eacility, CDME) npecrannxer coon
+kcnoprnpyemym nepcnm CGA. Ee ocoennocrtm xnnxercx ymentmenne +||ekrnnnon nnnt knmuen DES o pas-
pemenntx k +kcnopry 40 nron (cm. pasen 15.5) |785].
24.9 Cxeua nponepkn nopnnnnoc1n ISO
nx ncnontsonannx n cxeme nponepkn nonnnnocrn ISO, rakxe nsnecrnon kak nporokont X.509, pekomenyer-
cx kpnnrorpa|nx c orkptrtmn knmuamn |304]. 3ra cxema oecneunnaer nponepky nonnnnocrn no cern . Xorx
konkperntn anropnrm ne onpeenen nn nx oecneuennx esonacnocrn, nn nx nponepkn nonnnnocrn, cnenn| n-
kannx pekomenyer ncnontsonart RSA. Onako nosmoxno ncnontsonanne neckontknx anropnrmon n x+m-|ynknnn .
Hepnonauantntn napnanr X.509 tn ntnymen n 1988 r. Hocne orkptroro nsyuennx n kommenrnponannx on tn
nepecmorpen n 1993 roy, urot ncnpannrt nekoropte nsxnt n esonacnocrn |1100, 750].
Bepcnx
Hocneonarentntn nomep
Henrn|nkarop anropnrma
- Anropnrm
- Hapamerpt
Btanmax oprannsannx
Bpemx encrnnx
- nauano encrnnx
- ronen encrnnx
Cyekr
Orkptrtn knmu cyekra
- Anropnrm
- Hapamerpt
- Orkptrtn knmu
Honnct
Pnc. 24-2. Cep1nqnxa1 X.509.
Cepmuquramm
Hanonee naxnon uacrtm X.509 ncnontsyemax nm crpykrypa ceprn|nkaron orkptrtx knmuen . Hmena ncex
nontsonarenen pasnnunt. onepenntn Opran ceprn|nkannn ( Certification Authority, CA) npncnannaer kaxomy
nontsonarenm ynnkantnoe nmx n ntaer nonncanntn ceprn|nkar, coepxamnn nmx n orkptrtn knmu nontson a-
renx. Crpykrypa ceprn|nkara X.509 nokasana na 22-n |304].
Hone nepcnn onpeenxer |opmar ceprn|nkara . Hocneonarentntn nomep ynnkanen nx konkpernoro CA. Cne-
ymmee none onpeenxer anropnrm, ncnontsonanntn nx nonncn ceprn|nkara , nmecre co ncemn neoxonmtmn
napamerpamn. Btanmen oprannsannen xnnxercx CA. Cpok encrnnx npecrannxer coon napy ar, ceprn|nkar
encrnnrenen n npomexyrke mexy +rnmn nymx aramn . Cyekr - +ro nmx nontsonarenx. Hn|opmannx o or-
kptrom knmue nknmuaer nasnanne anropnrma, nce neoxonmte napamerpt n orkptrtn knmu . Hocnennm nonem
xnnxercx nonnct CA.
Ecnn Annca xouer cnxsartcx c Foom, ona cnauana nsnnekaer ns ast anntx ero ceprn|nkar n nponepxer ero
ocronepnocrt. Ecnn y nnx omnn CA, ro nce npocro. Annca nponepxer nonnct CA na ceprn|nkare Foa.
Ecnn onn nontsymrcx pasnnuntmn CA, ro nce ropaso cnoxnee. Hpecrantre cee penonnnym crpykrypy, n
koropon onn CA ceprn|nnnpymr pyrne CA n nontsonarenen. Ha camom nepxy naxonrcx rnanntn CA. V kaxo-
ro CA ecrt ceprn|nkart, nonncannte ntmecroxmnm CA n nnxecroxmnm CA. Hpn nponepke ceprn|nkara Foa
Annca ncnontsyer +rn ceprn|nkart.
Takax cxema npoemoncrpnponana na 21-n. Ceprn|nkar Annct sanepen CA
A,
ceprn|nkar Foa sanepen CA
B
.
Annca snaer orkptrtn knmu CA
A
. V CA
C
ecrt ceprn|nkar, nonncanntn CA
A
, no+romy Annca moxer nponepnrt
+ro. V CA
C
ecrt ceprn|nkar, nonncanntn CA
D
. H ceprn|nkar Foa nonncan CA
D
. Hotmaxct no epeny ceprn-
|nkannn o omen roukn, n annom cnyuae CA
D
, Annca moxer nponepnrt ceprn|nkar Foa.
+)
+
+)
)
+)
,
+)
*
+)
-
Eo
Anuca
Pnc. 24-3. Hpnuep nepapxnn cep1nqnxannn.
Ceprn|nkart moryr xpannrtcx n asax anntx na pasnnuntx ysnax cern . Hontsonarenn moryr noctnart nx
pyr pyry. Hcreuennn cpoka encrnnx ceprn|nkara on onxen trt yanen ns ncex omeocrynntx karanoron .
Onako CA, ntanmnn ceprn|nkar, onxen npoonxart xpannrt ero konnm, koropax moxer norpeonartcx npn
paspemennn nosmoxntx cnopon.
Ceprn|nkart rakxe moryr trt orosnant, nno ns-sa komnpomerannn knmua nontsonarenx, nno ns-sa roro,
uro CA ontme ne xouer nornepxart ceprn|nkar annoro nontsonarenx . Kaxtn CA onxen noepxnnart
cnncok ncex orosnanntx ceprn|nkaron, cpok encrnnx koroptx eme ne sakonunncx . Kora Annca nonyuaer nontn
ceprn|nkar, ona onxna nponepnrt, ne tn nn on orosnan. Ona moxer nponepnrt asy anntx orosnanntx kn m-
uen no cern, no ckopen ncero ona nponepnr nokantno k+mnpyemtn nepeuent orosnanntx ceprn|nkaron . B rakon
cncreme onpeenenno nepoxrnt snoynorpenennx, orstn ceprn|nkaron nosmoxno xnnxercx camon cnaon uacrtm
+ron cxemt.
Hpomoroum npoeepru nouuuuocmu
Annce nyxno cnxsartcx c Foom. Cnauana ona nsnnekaer ns ast anntx nocneona1ennnoc1n cep1nqnxa-
nnn or Annct o Foa n orkptrtn knmu Foa. B +ror momenr Annca moxer nnnnnnponart ononpoxontn,
nyxnpoxontn nnn rpexnpoxontn nporokon nponepkn nonnnnocrn .
Ononpoxontn nporokon npecrannxer coon npocrym nepeauy anntx Foy Anncon. Hporokon ycranannn-
naer nnunocrn n Annct, n Foa, a rakxe nenocrnocrt nn|opmannn, nepeanaemon Foy Anncon . Kpome roro, on
oecneunnaer samnry or nckptrnx nnnnn cnxsn c nomomtm nonropa .
B nyxnpoxonom nporokone oannen orner Foa . Hporokon ycranannnnaer, uro nmenno Fo, a ne kakon-ro
camosnanen, noctnaer orner. On rakxe oecneunnaer esonacnocrt oenx nepeau n samnmaer or nckptrnx no-
nropom.
H n ononpoxontx, n n nyxnpoxontx anropnrmax ncnontsymrcx merkn npemenn . B rpexnpoxonom nporo-
kone oannxercx eme ono coomenne Annct Foy n nosnonxer nsexart merok npemenn (n, cneonarentno, np a-
nnntnoro ennoro npemenn).
Ononpoxontn nporokon:
(1) Annca renepnpyer cnyuannoe uncno R
A
.
(2) Annca cosaer coomenne, M (T
A
, R
A
, I
B
, d), re T
A
- merka npemenn Annct, I
B
- nenrn|nkarop Foa, d -
nponsnontnte annte. nx esonacnocrn annte moryr trt samn|ponant orkptrtm knmuom Foa E
B
.
(3) Annca noctnaer Foy (C
A
, D
A
(M)). (C
A
- +ro ceprn|nkar Annct, D
A
- +ro omnn ysen epena ceprn|nkannn.)
(4) Fo nponepxer C
A
n nonyuaer E
A
. On nponepxer, uro cpok encrnnx +rnx knmuen eme ne ncrek . (E
A
- +ro or-
kptrtn knmu Annct.)
(5) Fo ncnontsyer E
A
nx emn|pnponannx D
A
(M). 3rnm encrnnem on nponepxer n nonnct Annct, n nenoc r-
nocrt nonncannon nn|opmannn.
(6) Fo nx rounocrn nponepxer I
B
n M.
(7) Fo nponepxer T
A
n M n yexaercx, uro coomenne xnnxercx rekymnm.
(8) ononnnrentno Fo moxer nponepnrt R
A
n M no ase anntx craptx nomepon, urot yenrtcx, uro coo -
menne ne xnnxercx nonropxemtm craptm coomennem.
nyxnpoxontn nporokon cocronr ns ononpoxonoro nporokona n nocneymmero ananornunoro ononpoxo -
noro nporokona or Foa k Annce. Hocne ntnonnennx +ranon (1)-(8) ononpoxonoro nporokona nyxnpoxontn
nporokon npoonxaercx cneymmnm opasom:
(9) Fo renepnpyer cnyuannoe uncno R
B
.
(10) Fo cosaer coomenne M (T
B
, R
B
, I
A
, R
A
, d), re T
B
- merka npemenn Foa, I
A
- nenrn|nkarop Annct, a
d - nponsnontnte annte. nx esonacnocrn annte moryr trt samn|ponant orkptrtm knmuom Annct
E
A
. R
A
- cnyuannoe uncno Annct, cosannoe na +rane (1).
(11) Fo noctnaer Annce sends D
B
(M).
(12) Annca ncnontsyer E
B
, urot pacmn|ponart D
B
(M). Taknm opasom ononpemenno nponepxmrcx nonnct
Foa n nenocrnocrt nonncannon nn|opmannn.
(13) Annca nx rounocrn nponepxer I
A
n M.
(14) Annca nponepxer T
B
n M n yexaercx, uro coomenne xnnxercx rekymnm.
(15) ononnnrentno Annca moxer nponepnrt R
B
n M, urot yenrtcx, uro coomenne ne xnnxercx nonropx e-
mtm craptm coomennem.
Tpexnpoxontn nporokon pemaer ry xe camym saauy, no es merok npemenn . 3rant (1) - (15) rakne xe, kak n
nyxnpoxonom anropnrme, no T
A
T
B
0.
(16) Annca cnepxer nonyuennym nepcnm R
A
c R
A
, koropoe tno ornpanneno Foy na +rane ( 3).
(17) Annca noctnaer Foy D
A
(R
B
).
(18) Fo ncnontsyer E
A
, urot pacmn|ponart D
A
(R
B
). Taknm opasom ononpemenno nponepxmrcx nonnct
Annct n nenocrnocrt nonncannon nn|opmannn.
(19) Annca cnepxer nonyuennym nepcnm R
B
c R
B
, koropoe tno ornpanneno Annce na +rane (10).
24.10 Dou1a c nonmmenno cekpe1noc1um PRIVACY-ENHANCED MAIL (PEM)
Houra c nontmennon cekpernocrtm ( Privacy-Enhanced Mail, PEM) npecrannxer coon cranapr Internet nx
nourt c nontmennon cekpernocrtm, oopenntn Conerom no apxnrekrype Internet (Internet Architecture Board,
IAB) nx oecneuennx esonacnocrn +nekrponnon nourt n Internet. Hepnonauantntn napnanr tn paspaoran
Ipynnon cekpernocrn n esonacnocrn ( Privacy and Security Research Group, PSRG) Internet Resources Task Eorce
(IRTE), a sarem nx paspaorka tna nepeana n Paouym rpynny PEM Internet Engineering Task Eorce (IETE)
PEM Working Group. Hporokont PEM npenasnauent nx mn|ponannx, nponepkn nonnnnocrn, nponepkn nen o-
crnocrn coomennx n ynpannennx knmuamn.
Honnocrtm nporokont PEM cnauana tnn erantno onncant n pxe REC (Requests for Comment , 3anpoct
kommenrapnen) n |977] n sarem nepecmorpent n |978]. Tpertx nrepannx nporokonon |979, 827, 980] cneena n
|177, 178]. Hporokont tnn nsmenent n ynyument, n okonuarentnte nporokont erantno onnctnamrcx n p y-
rom naope REC |981, 825, 76, 802]. B pyron crarte M+rtm Fnmona ( Matthew Bishop) |179] nopono onncant
nce nsmenennx. Hontrkn peannsannn PEM paccmarpnnamrcx n |602, 1505, 1522, 74, 351, 1366, 1367]. Cm. rakxe
|1394].
PEM xnnxercx pacmnpxemtm cranaprom. Hponeypt n nporokont PEM paspaorant rak, urot trt co-
nmecrnmtmn co mnoxecrnom noxoon k ynpannennm knmuamn , nknmuax cnmmerpnunym cxemy n ncnontsonanne
orkptrtx knmuen nx mn|ponannx knmuen mn|ponannx anntx . Cnmmerpnunax kpnnrorpa|nx npnmenxercx nx
mn|ponannx rekcra coomennn. nx konrponx nenocrnocrn coomennx ncnontsymrcx kpnnrorpa|nueckne cnoc o-
t x+mnponannx. pyrne okymenrt noepxnnamr mexannsmt ynpannennx knmuamn c nomomtm ceprn|nkaron
orkptrtx knmuen, anropnrmon, pexnmon n cnxsanntx nenrn|nkaropon, a rakxe n +nekrponnte noponocrn,
nn|pacrpykrypy n nponeypt ynpannennx knmuamn.
PEM noepxnnaer rontko onpeenennte anropnrmt, no nosnonxer oannxrt n onee nosnne anropnrmt .
Coomennx mn|pymrcx anropnrmom DES n pexnme CBC. Hponepka nonnnnocrn, oecneunnaemax cpecrnom
Hponepxn nenoc1noc1n coomennu (Message Integrity Check, MIC), ncnontsyer MD2 nnn MD5. Cnmmerpnunoe
ynpannenne knmuamn moxer npnmenxrt nno DES n pexnme , nno rponnon DES c nymx knmuamn (rak nastnae-
mtn pexnm EDE). nx ynpannennx knmuamn PEM rakxe noepxnnaer ceprn|nkart orkptrtx knmuen, ncnont-
syx RSA (nnna knmua o 1024 nron) n cranapr X.509 nx crpykrypt ceprn|nkaron.
PEM oecneunnaer rpn cepnnca nontmennx cekpernocrn: kon|nennnantnocrt, nponepka nonnnnocrn n ko n-
rpont nenocrnocrn coomennn. K +nekrponnon nocronon cncreme ne npexnnxercx nnkaknx cnennantntx rpe o-
nannn. PEM moxer trt ncrpoent ntopouno, n onpeenennte ysnt nnn y onpeenenntx nontsonarenen, ne nn n-
xx na paory ocrantnon cern.
oryeumm PEM
PEM onpeenxercx n cneymmnx uertpex okymenrax :
REC 1421: uacrt I, Hponeypt mn|ponannx n nponepkn nonnnnocrn coomennn . B +rom okymenre onpe-
enxmrcx nponeypt mn|ponannx n nponepkn nonnnnocrn coomennn, koropte onxnt oecneunrt
|ynknnn nourt c nontmennon cekpernocrtm nx nepeaun +nekrponnon nourt n Internet.
REC 1422: uacrt II, Vnpannenne knmuamn c nomomtm ceprn|nkaron . B +rom okymenre onpeenxercx ap-
xnrekrypa n nn|pacrpykrypa ynpannennx knmuamn, koropte ocnonant na meroe ceprn|nkaron orkptrtx
knmuen, npeocrannxmmnx nn|opmannm o knmuax ornpannrenxm n nonyuarenxm coomennn .
REC 1423: uacrt III, Anropnrmt, pexnmt n nenrn|nkaropt. 3ror okymenr coepxnr onpeenennx,
|opmart, cctnkn n nnrart nx kpnnrorpa|nuecknx anropnrmon, pexnmon ncnontsonannx n cnxsanntx
nenrn|nkaropon n napamerpon.
REC 1424: uacrt IV, Ceprn|nkannx knmuen n pocrnennte |ynknnn. B +rom okymenre onnctnamrcx rpn
rnna |ynknnn, noepxnnaemtx PEM: ceprn|nkannx knmuen, xpanenne n nsnneuenne cnncka orosnanntx
ceprn|nkaron (certificate revocation list, CRL).
Cepmuquramm
PEM conmecrnm co cxemon nponepkn nonnnnocrn, onncannon n |304], cm. rakxe |826]. PEM npecrannxer co-
on namnoxecrno X.509, onpeenxx nponeypt n cornamennx nx nn|pacrpykrypt ynpannennx knmuamn, n c-
nontsyemon c PEM n n yymem pyrnmn nporokonamn (nknmuax crekn TCP/IP n OSI).
Hn|pacrpykrypa ynpannennx knmuamn ncnontsyer omnn kopent nx ncen ceprn|nkannn Internet. Henrp pern-
crpannonnon nonnrnkn (Internet Policy Registration Authority, IPRA) onpeenxer rnoantnym crparernm, npnme-
nnmym ko ncen nepapxnn. Hnxe kopnx - IPRA - naxoxrcx Henrpt ceprn|nkannonnon nonnrnkn ( Policy Certifica-
tion Authorities, PCA), kaxtn ns koroptx onpeenxer n onynnkontnaer cnom crparernm perncrpannn nontson a-
renen n oprannsannn. Kaxtn PCA ceprn|nnnponan IPRA. Cneom sa PCA nyr CA, ceprn|nnnpymmne nontso-
narenen n n ynpannxmmne oprannsannonntmn nopasenennxmn (enapramenramn, o|ncamn, ouepnnmn komna-
nnxmn). Hepnonauantno npenonaranoct, uro ontmnncrno nontsonarenen yer perncrpnponartcx n kauecrne
unenon oprannsannn.
Kak oxnaercx, px PCA yer oecneunnart ceprn|nkannm nontsonarenen, ne nxoxmnx nn n ony opranns a-
nnm. Hpenonaraercx ntennrt onn nnn neckontko PCA nx perncrpannn nontsonarenen, xenammnx nocnonts o-
nartcx npenmymecrnamn cekpernocrn PEM n coxpannrt anonnmnocrt. Crparernx +rnx PCA yer nosnonxrt pern-
crpnponart nontsonarenen, ne xenammnx packptnart cnon nnunocrn .
Cooueuua PEM
Cepnem PEM xnnxercx |opmar coomennn. Ha 20-n nokasano samn|ponannoe coomenne npn cnmmerpnunom
ynpannennn knmuamn. Ha 19-n nokasano nonncannoe n samn|ponannoe coomenne npn ynpannennn knmuamn na
ase orkptrtx knmuen, n na Eigure 24.6 nokasano nonncannoe (no nesamn|ponannoe) coomenne npn ynpanne-
nnn knmuamn na ase orkptrtx knmuen.
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,ENCRYPTED
Content-Domain: RFC822
DEK-Info: DES-CBC,F8143EDE5960C597
Originator-ID-Symmetric: schneler@counterpane.com,,
Recipient-ID-Symmetric: schneler@chinet.com,ptf-kmc,3
Key-Info :
DES-ECB,RSA-MD2,9FD3AAD2F2691B9A,B70665BB9BF7CBCDA60195DB94F727D3
Recipient-lD-Symmetric: penl-dev@tis.com,ptf-kmc,4
Key-Info :
DES-ECB,RSA-MD2,161A3F75DC82EF26,E2EF532C65CBCFF79F83A2658132DB47
LLrHBOeJzyhP+/fSStdH8okeEnv47jxe7SJ/iN72ohNcUk2jHEUSoHlnvNSIHE9M
8tEjmF/zxB+bATMtPjCUHbz8Er9wloxIkjHUlBEpvXROUrUzYbkNpkOagV2IzUpk
J6UiRRGcDSvzrsoK+oNvqu6z7Xs5Xfz5rDqUcMlKlZ6720dcBHGGsDLpTpSCnpot
dXd/H5LMDHnonNvPCmQUHt==
-----END PRIVACY ENHANCED MESSAGE-----
Pnc. 24-4. Hpnuep nc1poennoro coomennu (cnuue1pnunmn cnyuan)
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,ENCRYPTED
ContentDomain: RFC822
DEK-Info: DESCBC,BFF968AA74691AC1
0riginator - Certificate :
MIIBlTCCAScCAWuwDQYJKoZIhvcNAQECBQAwUTELMAkGAlUEBhMCVVMxIDAeBgNV
BAoTFIJTQSBEYXRhIFNIY3VyaXR5LCBJbmMuMQ8wDQYDVQQLEmZCZXRhIDExDzAN
BgNVBAsTBk5PVEESWTAeFw05MTA5MDQxODM4MTdaFmO5MzA5MDMxODM4MTZaMEUx
CzAJBgNVBAYTAlVTMSAmHgYDVQQKExdSUOEgRGFOYSBTZWNlcmlOeSwgSW5jLjEU
MBIGAIUEAxMLVGVzdCBVc2VyIDEmHTAKBgRVCAEBAglCAANLADBIAkEAwHZHI7i+
yJcqDtjJComzTdBJrdAiLAnSC+CnnjOJEEyuQiBgkGrgIh3j8/xOfM+YrsyFlu3F
LZPVtzlrldhYFJQI DAQABMAOGCSqGSIb3DQEBAgUAAIkACKrOPqphJYwlj+YPtc
iWlFPuN5jJ79Khfg7ASFxskYkEMjRNZV/HZDZQEhtVaU7Jxfzs2mfX5byMp2X3U/
5XIJXGx7qlJsDgHQGs7Jk9H8CHlfuSHUgN4w==
Key-Info: RSA,
I3rRIGXUGWAF8js5wCzRTkdh034PTHdRZY9Tuvm03M+NM7fx6qc5uIxps2LrlgO+
wGrtiUm/ovtKdlnzeZQ/aQ==
Issuer-Certificate:
MIIB3DCCAUgCAQowDQYJKoZIhvcNAQECBQAwTzELMAkGAIUEBhMCVVMxIDAeBgNV
BAoTFIJTQSBEYXRhIFNIY3VyaXR5LCBJbmMuMQ8mDQYDVQQEEwZCZXRhIDExDTAE
BgNVBAsTBFRMQOEwHhcNOTEmOTAxMDgwMDAwWhcNOTlwOTAxMDclOTU5HjBRMQsw
CQYDVQQGEwJVUzEgMB4GAIUEChMXUINBIERhdGEgU2VjdXJpdHksIEIuYy4xDzAN
BgNVBAsTBkJIdGEgMTEPMAOGAIUECxMGTk9UQVJZMHAmCgYEVQgBAQICArmDYgAm
XwJYCsnp61QCxYykNIODwutF7jMJ3kE+3PjYyHOwk+79rLg6X65B/ED4bJHt05XH
cqAz/7R7XhjYCmOPcqbdzoACZtIIETrKrcJiDYoP+DkZ8klgCk7hQHpbImIDAQAB
MAOGCSqGSIb3DQEBAgUAA38AAICPv4f9Gx/tY4+p+4DB7MV+tKZnvBoy8zgoMGOx
dD2jMZ/3HsyWKHgSFOeH7AJB3qr9zosG47pyMnTf3aSy2nBO7CMxpUHRBcXUpE+x
EREZd9++32ofGBIXaIaInOgVUnOOzSYgugiQO77nJLDUjOhQehCizEs5wUJ35a5h
MIC-Info: RSA-MD5,RSA,
UdFJR8u/TIGhfH651eeme210H4tooa3vZCvVNGBZirf/7nrgzHDABz8m9NsXSexv
AjRFbHoNPzBuxwnlOAFeAOHJszE4yBvhG
Recipient-ID-Asymmetric :
MFExCzAJBgNVBAYTAIVTMSAmHgYDVQQKExdSUOEgRGFOYSBTZHNlcmIOeSwgSH5j
LjEPMAOGAIUECxMGQftiVOYSAxMQ81tfDQYDVQQLEwZOTIRBUIk=,
66
Key-Info: RSA,
06BSIww9CTyHPtS3bMLD+EOhejdvX6QvlHK2ds2sQPEaXhX8EhvVphHYTjmekdHv
7xOZ3Jx2vTAhOYHMcqqCjA==
qeWlj/YJ2Uf5ng9yznPbtDOmYloSwIuV9FRYx+gzY+81Xd/NQrXHfi6/MhPfPF3d
jIqCJAxvld2xgqQimUzoSla4r7kQQ5c/Iua4LqKeq3clFzEv7MbZhA==
-----END PRIVACY ENHANCED MESSAGE-----
Pnc. 24-5. Hpnuep nc1poennoro mnqponannoro (ENCRYPTED) coomennu (acnuue1pnunmn cnyuan).
Hepntm nonem xnnxercx "Proc-Type", nenrn|nkarop rnna opaorkn, koropon noneprnoct coomenne . Cy-
mecrnyer rpn nosmoxntx rnna coomennn. Cnenn|nkarop "ENCRYPTED" oosnauaer, uro coomenne samn|po-
nano n nonncano. Cnenn|nkarop "MIC-ONLY" n "MIC-CLEAR" ykastnamr, uro coomenne nonncano, no ne
samn|ponano. Coomennx MIC-CLEAR ne konpymrcx n moryr trt npounrant c nomomtm pyroro, ne nxo x-
mero n PEM nporpammnoro oecneuennx. nx npeopasonannx coomennn MIC-ONLY n yoounraemym |opmy
neoxonmo nporpammnoe oecneuenne PEM. Coomenne PEM nonnctnaercx ncera, a mn|ponanne ne xnnxercx
oxsarentntm.
Cneymmee none, "Content-Domain", saaer rnn nouronoro coomennx. Ono ne nnnxer na esonacnocrt. Hone
"DEK-Info" coepxnr nn|opmannm o xnmue ouena annmun (Data Exchange Key, DEK), anropnrme, ncnont-
syemom nx mn|ponannx rekcra, n napamerpax, cnxsanntx c anropnrmom mn|ponannx . B nacroxmee npemx onpe-
enen enncrnenntn anropnrm - DES n pexnme CBC, "DES-CBC" Bropoe nonone coepxnr IV. B yymem nx
PEM moryr trt onpeenent n pyrne anropnrmt, nx ncnontsonanne yer sanporokonnponano n none DEK-Info
n pyrnx nonxx, onpeenxmmnx anropnrm.
B coomennxx c cnmmerpnuntm ynpannennem knmuamn (cm. 20th) cneymmnm nonem yer "Originator-ID-
Symmetric" c rpemx nononxmn. Hepnoe nonone c nomomtm ynnkantnoro apeca +nekrponnon nourt onpeenxer
ornpannrenx. Bropoe none ne xnnxercx oxsarentntm n onpeenxer opran, ntanmnn samenxemtn knmu . Tpertnm
xnnxercx neoxsarentnoe nonone Bepcnx/Okonuanne cpoka .
anee, npn ncnontsonannn cnmmerpnunoro ynpannennx knmuamn, y kaxoro nonyuarenx ecrt na nonx :
"Recipient-ID-Symmetric" n "Key-Info." Hone "Recipient-ID-Symmetric" coepxnr rpn nononx, koropte onpee-
nxmr nonyuarenx rakxe, kak nononx nonx "Originator- ID-Symmetric" onpeenxmr ornpannrenx.
Hone "Key-Info" saaer napamerpt ynpannennx knmuamn. V +roro nonx uertpe nononx. Hepnoe onpeenxer
anropnrm, ncnontsonanntn nx mn|ponannx DEK. Tak kak n paccmarpnnaemom coomennn npnmenxercx cnmme r-
pnunoe ynpannenne knmuamn, ro ornpannrent n nonyuarent ncnontsymr omnn knmu . On nastnaercx sauenue-
umu xnmuou (Interchange Key, IK) n ncnontsyercx nx mn|ponannx DEK. DEK moxer trt samn|ponan nno c
nomomtm DES n pexnme ECB (+ror cnoco oosnauaercx "DES-ECB"), nno rponntm DES ("DES-EDE"). Bropoe
nonone onpeenxer anropnrm MIC. Moxer ncnontsonartcx MD2 (oosnauaercx "RSA-MD2") nnn MD5 ("RSA-
MD5"). Tperte nonone, DEK, n uerneproe nonone, MIC, mn|pymrcx c nomomtm IK.
Ha 19-n n 18-n nokasant coomennx, n koroptx ncnontsyercx ynpannenne knmuamn c nomomtm orkptrtx
knmuen (n nepeune PEM rakon cnoco nastnaercx acnmmerpnuntm). 3arononkn nsmenxmrcx. B coomennxx EN-
CRYPTED nocne nonx "DEK-Info" ner none "Originator-Certificate". uopma ceprn|nkara coornercrnyer crana p-
ry X.509 (cm. pasen 24.9). Cneymmnm nonem xnnxercx "Key-Info" c nymx nononxmn. Hepnoe nonone onpee-
nxer anropnrm c orkptrtm knmuom, ncnontsonanntn nx mn|ponannx DEK, n nacroxmee npemx noepxnnaercx
rontko RSA. Cneymmee nonone - DEK, samn|ponanntn orkptrtm knmuom ornpannrenx . 3ro neoxsarentnoe
none, koropoe nosnonxer ornpannrenm pacmn|ponart cnoe cocrnennoe coomenne, nosnpamennoe nouronon cn c-
remon. Cneymmnm nonem xnnxercx "Issuer-Certificate", ceprn|nkar oprannsannn, nonncanmen ceprn|nkar o r-
npannrenx ("Originator-Certificate").
anee npn acnmmerpnunom ynpannennn knmuamn cneyer none "MIC-Info". Hepnoe nonone saaer anropnrm
ntuncnennx MIC, a nropoe - anropnrm, ncnontsonanntn nx nonncn MIC. Tperte nonone coepxnr MIC, no-
nncanntn sakptrtm knmuom ornpannrenx.
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-ONLY
Content-Domain: RFC822
0riginator - Certificate :
MIIBITCCAScCAHUwDQYJKoZIhvcNAQECBQAwTzELMAkGAIUEBhMCVVMxlDAeBgNV
BAoTFIJTQSBEYXRhIFNIY3VyaXR5LCBJbmMuMQ8wDQYDVQQLEwZCZXRhIDExDzAN
BgNVBAsTBk5PVEFSHTAeEw05MTA5MDQxODM4MTdaFw05MzA5MDMxODM4MTZaMEUx
CzAJBgNVBAYTAIVTMSAwHgYDVQQKExdSUOEgRGFOYSBTZMNlcmlOeSwgSW5jLjEU
MEIGAIUEAxMLVGVzdCBVc2VylDEwHTAKBgRVCAEBAgICAANLADBIAkEAmHZHI71+
yJcqDtjJCowzTdBJrdAiLAnSC+CnnjOJELyuQiBgkGrgIh3j8/xOfM+YrsyFlu3F
LZPVtzlndhYFJQIDAQABMAOGCSqGSIb3DQEBAgUAAIkACKrOPqphJYwlj+YPtcIq
ItJIFPuN5jJ79Khfg7ASFxskYkEMjRNZV/HZDZQEhtVaU7Jxfzs2mfX5bMp2X3U/
5XUXGx7qusDgHQGs7Jk9W8CW1fuSI4UgN4w==
Issuer-Certificate:
MIIB3DCCAUgCAQowDQYJKoZIhvcNAQECBQAkTzELMAkGAIUEBhMCVVMxlDAeBgNV
BAoTFIJTQSBEYXRhIFNIY3VyaXR5LCBJbmMuMQ8wDQYDVQQLEIZCZXRhIDExDTAE
BgNVBAsTBFRMQOEwHhcNOTEwOTAxMDgwMDAmkmcNOTImOTAxMDclOTU5HjBRMQsw
CQYDVQQGEwJVUzEgMB4GAIUEChMXUINBIERhdGEgU2VjdXJpdHksIEIuYywxDzAN
BgNVBAsTBkJIdGEgMTEPMAOGAIUECxMGTk9UQVJZMHAwCgYEVQgBAQICArwDYgAw
XwJYCsnpelQCxYkNIODwlltF/jMJ3kE+3PjYjHOwk+/9rEg6X65B7LD4bJHt05XH
cqAz77R7XhjYCmOPcqbdzoACZIlETrKrcJIDYoP+DkZ8klgCk7hQHpbltflDAQAB
MAOGCSqGSIb3DQEBAgUAA38AAICPv4f9Gx7tY4+p+4DB7MV+tKZrlvBo8zgoMGOx
dD2jMZ73Hs*kl4gSFOeH7AJB3qr9zosG47pyMnTf3aS2nBO7CMxpUkfRBcXUpE+x
EREZd9++32otGBIXaIalnOgVUnOOzSYgljglQO77nJEDUOhQehCizEs5mUJ35a5h
MIC-Info: RSA-MD5,RSA,
jV20fH+nnXHU8bnE8kPAad7mSQITDZIbVuxvZAOVRZ5q5+EjI5bQvqNeqOUNQjr6
EtE7K2QDeVMCj/XsdJIA8fA==
LSBBIGIIc3NhZ2UgZrti9lHVzZSBpbBOZXNOaH5nLgOKESBGb2xsb3dpbmcgaXMg
YSBibGFuaj/Bsakf51OgOKDQpUaGIzIGIzIHRoZSBIbrnQuDQo=
-----END PRIVACY-ENHANCED MESSAGE-----
Pnc. 24-6. Hpnuep nc1poennoro MIC-ONLY coomennu (acnuue1pnunmn cnyuan).
Cneymmne nonx cnxsant c nonyuarenxmn. Kaxomy nonyuarenm coornercrnymr na nonx : "Recipient-ID-
Asymmetric" n "Key-Info". V nonx"Recipient-ID-Asymmetric" na nononx. Hepnoe onpeenxer opran, ntanmnn
orkptrtn knmu nonyuarenx, a nroptm xnnxercx neoxsarentnoe nonone Bepcnx/Okonuanne cpoka . Hone "Key-
Info'' saaer napamerpt ynpannennx knmuamn: nepnoe nonone onpeenxer anropnrm, ncnontsonanntn nx mn |-
ponannx coomennx, a nroptm nononem cnyxnr DEK, samn|ponanntn orkptrtm knmuom nonyuarenx.
Besonacuocmo PEM
nnna knmuen RSA, ncnontsyemtx n PEM, moxer menxrtcx n nanasone or 508 o 1024 nron. 3roro ocra-
rouno npakrnueckn nx nmoro yponnx esonacnocrn . Fonee nepoxrno, uro nckptrne yer nanpanneno npornn
nporokonon ynpannennx knmuamn. M+nnopn moxer ykpacrt nam sakptrtn knmu - ne sannctnanre ero nnre - nnn
nontrartcx nocynyrt nam |antmnntn orkptrtn knmu . Hponeypt ceprn|nkannn knmuen n PEM enamr +ro
nenosmoxntm, ecnn nce nontsonarenn crporo cneymr coornercrnymmnm nponeypam , no, kak nsnecrno, nmn
uacro neakkyparnt.
M+nnopn moxer nocrynnrt xnrpee n mon|nnnponart peannsannm PEM, paorammym n namen cncreme. 3ra
nsmenennax nepcnx moxer rankom nepectnart M+nnopn ncm namy noury, samn|ponan ee ero orkptrtm knmuom.
Emy moxer trt nocnana axe konnx namero sakptroro knmua . Ecnn nsmenennax peannsannx yer paorart x o-
pomo, ro nt nnkora ne ysnaere, uro cnyunnoct .
Peantnoro cnocoa npeornparnrt rakoe nckptrne ne cymecrnyer . Bt moxere ncnontsonart ononanpannen-
nym x+m-|ynknnm n nonyunrt konrpontnym cymmy ncnonnxemoro koa PEM. 3arem, npn kaxom sanycke npo-
rpammnoro oecneuennx nt moxere nponepxrt konrpontnym cymmy, urot nonpemx onapyxnrt nsmenennx . Ho
M+nnopn rouno rakxe moxer nsmennrt n ko konrpontnon cymmt npn nsmenennn koa PEM. Moxno coxpannrt
konrpontnym cymmy konrpontnon cymmt, no M+nnopn moxer nsmennrt n ee. Ecnn y M+nnopn ecrt ocryn k na-
memy komntmrepy, on moxer paspymnrt esonacnocrt PEM.
Mopant n rom, uro nt ne onxnt onepxrt nnkakomy +nemenry nporpammnoro oecneuennx, ecnn nt ne mox e-
re onepxrt annaparype, na koropon paoraer +ro nporpammnoe oecneuenne . nx ontmnncrna rakne onacennx
nokaxyrcx neoocnonanntmn. Ho nx nekoroptx nmen onn nnonne peantnt .
1IS/PEM
onepennte nn|opmannonnte cncremt ( TIS, Trusted Information Systems), uacrnuno noepxnnaemte
Vnpannennem no nepeontm nayuntm npoekram npannrentcrna Coennenntx Braron , nknmuamr peannsannm
PEM (TIS/PEM). Paspaorannte nx nnar|opm UNIX, onn tnn rakxe nepenecent na VMS, DOS n Windows.
Xorx cnenn|nkannn PEM onpeenxmr nx Internet onn rnanntn ceprn|nkannonntn nenrp, TIS/PEM no-
epxnnaer cymecrnonanne neckontknx nepapxnn ceprn|nkannn . Vsnt moryr onpeennrt naop ceprn|nkaron,
koropte yyr cunrartcx encrnnrentntmn, nknmuax nce ceprn|nkart, ntannte ysnamn. nx roro, urot nont-
sonartcx TIS/PEM ysny ne nyxno npncoennxrtcx k nepapxnn Internet.
Bce oprannsannn n rpaxane CBA n Kanat npn xenannn moryr nonyunrt ocryn k TIS/PEM, koropax
pacnpocrpanxercx n nne ncxonoro koa. 3annrepeconannte nnna onxnt opamartcx no cneymmemy apecy :
Privacy-Enhanced Mail, Trusted Information Systems, Inc., 3060 Washington Road IRte. 97), Glenwood, MD 2,1738;
(301) 854-6889; fax: (301) 854-5363; Internet: pern-infotis.com.
RIPEM
RIPEM - +ro nporpamma, nanncannax Mapkom Pnopanom ( Mark Riordan) n peannsymmax nporokont PEM.
Xorx +ra nporpamma ne xnnxercx cnoono ocrynnon, en moxno nocnontsonartcx ecnnarno nx uacrnoro, n e-
kommepueckoro ncnontsonannx. hnnensnx na ee ncnontsonanne nxonr n okymenrannm.
Ko ne moxer trt +kcnoprnponan. Koneuno, sakont npannrentcrna CBA ne encrnymr sa npeenamn Coe n-
nenntx Braron, n px nmen nrnopnpyer +kcnoprnte orpannuennx . Ko RIPEM ocrynen no ncemy mnpy na +nek-
rponntx ockax oxnnennn. Paspemena nx +kcnopra nepcnx, nastnaemax RIPEM/SIC, peannsymmax rontko
nn|ponte nonncn.
K momenry nanncannx +rnx crpok RIPEM ne nonnocrtm peannsonana nporokont PEM, n nen ner nosmoxnocrn
ncnontsonart ceprn|nkart nponepkn nonnnnocrn knmuen.
o RIPEM Pnopan nanncan noxoxym nporpammy RPEM. Hopasymenanoct, uro +ro yer omeocrynnax
nporpamma +nekrponnon nourt. Htraxct oonrn narenrnte nponemt, Pnopan ncnontsonan anropnrm Rabin (cm.
pasen 19.5). Public Key Partners saxnnna, uro nx narenrt pacnpocrpanxmrcx na ncm kpnnrorpa|nm c orkptrtmn
knmuamn. Ho yrposon cyenoro nponecca Pnopan npekparnn pacnpocrpanenne nporpammt .
Cenuac RPEM ne ncnontsyercx. Ona ne conmecrnma c RIPEM. Tak kak moxno ncnontsonart RIPEM, ne ncrpe-
uax npenxrcrnnn co cropont Public Key Partners, ner nonoa nosnpamartcx k RPEM.
24.11 Dpo1okon esonacnoc1n coomenn
Hporokon esonacnocrn coomennn ( Message Security Protocol, MSP) - +ro noenntn +knnnanenr PEM. On tn
paspaoran NSA n konne 80-x roon npn paore no nporpamme cosannx Fesonacnon cncremt nepeaun anntx no
cern (Secure Data Network System, SDNS) program. 3ro conmecrnmtn c X.400 nporokon yponnx npnnoxennx nx
sakptrnx +nekrponnon nourt. MSP nnannpyercx ncnontsonart n paspaartnaemon cern ooponntx coomennn
(Defense Message System, DMS) Mnnncrepcrna oopont.
Hpenapnrentntn nporokon esonacnocrn coomennn (Preliminary Message Security Protocol , PMSP), koroptn
npenonaraercx ncnontsonart nx "necekperntx, no naxntx" coomennn , npecrannxer coon aanrnponannym
nx ncnontsonannx c X.400 n TCP/IP nepcnm MSP. 3ror nporokon rakxe nastnamr Mosaic.
Kak n PEM, nporpammnte peannsannn MSP n PMSP ocrarouno rnkn, nx koncrpyknnx nosnonxer nocrp o-
nrtcx no ncnontsonanne pasnnuntx anropnrmon nx ocymecrnnennx |ynknnn esonacnocrn, raknx kak nonnct,
x+mnponanne n mn|ponanne. PSMP yer paorart c mnkpocxemon Capstone (cm. pasen 24.17).
24.12 PRETTY GOOD PRIVACY (PGP)
Pretty Good Privacy (PGP, nectma xopomax cekpernocrt) - +ro cnoono pacnpocrpanxemax nporpamma esona c-
non +nekrponnon nourt, paspaorannax unnnnom Hnmmepmannom ( Philip Zimmermann) |1652]. nx mn|ponannx
anntx ona ncnontsyer IDEA, nx ynpannennx knmuamn n nn|ponon nonncn - RSA (nnna knmua o 2047 n-
ron), a nx ononanpannennoro x+mnponannx - MD5.
nx nonyuennx cnyuanntx orkptrtx knmuen PGP ncnontsyer nepoxrnocrnym nponepky uncen na npocrory,
ncnontsyx nx nonyuennx craprontx nocneonarentnocren nnrepnant mexy naxarnxmn nontsonarenem knannm
na knannarype. PGP renepnpyer cnyuannte knmun IDEA c nomomtm meroa, n ANSI X9.17, Appendix C (cm. pas-
en 8.1) |55], ncnontsyx nmecro DES n kauecrne cnmmerpnunoro anropnrma IDEA. PGP rakxe mn|pyer sakptrtn
knmu nontsonarenx c nomomtm x+mnponannon napontnon |past, a ne naponx nenocpecrnenno .
Coomennx, samn|ponannte PGP, nmemr neckontko yponnen esonacnocrn. Enncrnennax nemt, nsnecrnax
kpnnroanannrnky o samn|ponannom coomennn, - +ro nonyuarent coomennx npn ycnonnn, uro kpnnroanannrnky
nsnecren ID knmua nonyuarenx. Tontko pacmn|ponan coomenne, nonyuarent ysnaer, kem ono nonncano, ecnn
ono nonncano. 3ro pesko ornnuaercx or coomennx PEM, n sarononke koroporo nemano nn|opmannn o ornpan n-
rene, nonyuarene n camom coomennn xpannrcx n nesamn|ponannom nne .
Camon nnrepecnon ocoennocrtm PGP xnnxercx pacnpeenenntn noxo k ynpannennm knmuamn (cm. pasen
8.12). Henrpon ceprn|nkannn knmuen ner, nmecro +roro n PGP noepxnnaercx "cert onepnx". Kaxtn nontso-
narent cam cosaer n pacnpocrpanxer cnon orkptrtn knmu . Hontsonarenn nonnctnamr knmun pyr pyra, co s-
anax nsanmocnxsannoe coomecrno nontsonarenen PGP.
Hanpnmep, Annca moxer |nsnueckn nepeart Foy cnon orkptrtn knmu . Fo nnuno snaer Anncy, no+romy on
nonnctnaer ee orkptrtn knmu. Ony nonncannym konnm on nosnpamaer Annce, a pyrym ocrannxer . Kora
Annce nyxno cnxsartcx c K+pon, ona noctnaer K+pon nonncannym Fom konnm knmua. K+pon, y koropon kaknm-
ro opasom yxe ecrt knmu Foa (ona nonyunna ero pantme), n koropax onepxer Foy sanepnrt knmu pyroro u e-
noneka, nponepxer ero nonnct no knmuom Annct n yexaercx, uro ona npannntna . Taknm opasom, Fo snako-
mnr Anncy n K+pon.
PGP ne onpeenxer crparernm ycranonkn onepnrentntx cnxsen, nontsonarenn camn pemamr, komy nepnrt, a
komy ner. PGP oecneunnaer mexannsmt nx noepxkn acconnarnnnoro onepnx orkptrtm knmuam n nx n c-
nontsonannx onepnx. Kaxtn nontsonarent xpannr naop nonncanntx orkptrtx knmuen n nne |anna xonnna
o1xpm1mx xnmuen (public-key ring). Kaxtn knmu kontna onaaer nonem sakonnocrn knmua, onpeenxmmnm
yponent onepnx k knmuy konkpernoro nontsonarenx . uem ontme yponent onepnx, rem ontme nontsonarent
ynepen n sakonnocrn knmua. Hone onepnx k nonncn nsmepxer, nackontko nontsonarent nepnr romy, kro non n-
can orkptrte knmun pyrnx nontsonarenen. H nakonen none onepnx k nnaentny knmua saaer yponent, onpe e-
nxmmnn, nackontko konkperntn nontsonarent nepnr nnaentny knmua, nonncanmemy pyrne orkptrte knmun.
3ro none npyunym ycranannnnaercx nontsonarenem. PGP nenpeptnno ononnxer +rn nonx no mepe noxnnennx n o-
non nn|opmannn.
Ha 17-n nokasano, kak ntrnxnr +ra moent nx konkpernoro nontsonarenx , Annct. Knmu Annct naxonrcx n
camom nepxy nepapxnn, nnaenen knmua aconmrno naexen . Annca nonnctnaer knmun Foa, K+pon, +nna,
3nen n up+nka. Ona onepxer Foy n K+pon nonnctnart orkptrte knmun pyrnx nmen, kpome roro, ona ua c-
rnuno onepxer +nny n 3nen nonnctnart orkptrte knmun pyrnx nmen . H ona onepxer Ienn nonnctnart
orkptrte knmun pyrnx nmen, xorx cama ne nonnctnana knmu Ienn.
nyx uacrnuno onepxemtx nonncen moxer okasartcx ocrarountm nx ceprn|nkannn knmua . Annca cunra-
er, uro knmu Kypra sakonen, rak kak +nn n 3nen nonncann ero . Vponent onepnx ycranannnnaercx n PGP npyu-
nym, Annca moxer ntpart ycrpannammym ee crenent napanonn .
Annca ne onxna anromarnueckn onepxrt knmuam pyrnx nmen rontko noromy, uro onn nonncant knmuom,
koroptn ona cunraer npannntntm. Annca Ona ne onepxer up+nky Ona nonnctnart pyrne knmun, xorx ona
cocrnennopyuno nonnctnana ero knmu. Kpome roro, ona ne onepxer nonncn Hnana no knmuom Maprnna nnn
nonncn Kypra no knmuom.
Knmu Oy+na noome na nxonr n cert, moxer trt, Annca nonyunna ero or cepnepa . PGP ne cunraer knmu an-
romarnueckn npannntntm, Annca onxna nno oxnnrt o npannntnocrn knmua, nno pemnrtcx nonepnrt onomy
ns rex, kro nonncan knmu.
Koneuno, nnuro ne memaer Annce ncnontsonart knmun, koroptm ona ne onepxer . 3aaua PGP - npeynpenrt
Anncy o noospnrentnocrn knmua, a ne nomemart en ycranannnnart coennennx .
Camtm cnatm snenom +ron cncremt xnnxercx orstn knmuen : rapanrnponart, uro kro-nnyt ne nocnontsye r-
cx ckomnpomernponanntm knmuom, nenosmoxno . Ecnn sakptrtn knmu Annct ykpaen, ona moxer nocnart neknn
cep1nqnxa1 o1smna xnmua (key revocation certificate), no, rak kak nekoe pacnpeenenne knmuen yxe nponsomno,
nentsx rapanrnponart, uro +ro coomenne yer nonyueno ncemn, ncnontsymmnmn ee orkptrtn knmu n cnoem
kontne knmuen. H rak kak Annca onxna yer nonncart cnon ceprn|nkar orstna knmua cnonm sakptrtm kn m-
uom, ro ecnn ona norepxer knmu, ona ne cmoxer n orosnart ero .
Anuca
Anuca cufaef knk uesakouuLr
Anuca acfuuo poeepnef enapenuy
knka npaeo nopnucLeafu ppyrue knku
Anuca poeepnef enapenuy knka
npaeo nopnucLeafu ppyrue knku
Anuca cufaef knk sakouuLr
x nopnucLeaef knk y
y
x
Eo Kspon
Fen
se Oneu
Huupa Kypf euuuqep Heau
4psuk
Hsucu Oysu Mapfuu
? ?
?
?
?
?
Pnc. 24-7. Moenn onepnu n PGP.
Tekymen nepcnen PGP xnnxercx 2.6.2. Hoxnnenne nonon nepcnn, PGP 3.0, oxnaercx k konny 1995 roa. B 3.0
nknmuent onnnn rponnoro DES, SHA, pyrne anropnrmt c orkptrtmn knmuamn, pasenenne nap "orkptrtn
knmu/sakptrtn knmu" nx mn|ponannx n nx nonncn , pacmnpennte nponeypt orstna knmuen, ynyumennte
|ynknnn ynpannennx kontnom knmuen, API nx nnrerpnponannx PGP n pyrne nporpammt n nonnocrtm nepenn-
cannte ncnonnxemte moynn.
PGP ocrynna nx MS-DOS, UNIX, Macintosh, Amiga n Atari. B nnuntx, nekommepuecknx nenxx ee moxno
ncnontsonart cnoono, ckauan co mnornx ysnon ftp n Internet. urot ckonnponart PGP c ysna MIT c nomomtm
telnet noknmunrect k net-dist.mit.edu, nonnre n cncremy kak getpgp, ornertre na nonpoct, sarem ncnontsynre ftp
nx coennennx c net-dist.mit.edu n nepennre n karanor, ykasanntn n ceccnn telnet. 3ry nporpammy rakxe moxno
nonyunrt ftp.ox.ac.uk, ftp.dsi.unimi.it, ftp.funet.fi, ftp.demon.co.uk, CompuServe, AOL, n r.n. nx kommepueckoro
ncnontsonannx n CBA PGP moxno npnopecrn - nonnocrtm, nmecre c nnnensnxmn - npnmepno sa 100 onnapon n
komnannn ViaCrypt, 9033 N 24th Ave., Phoenix, AZ, 85021; (602) 944-0773; viacryptacm.org. Cymecrnymr pas-
nnunte cpecrna, nomorammne nnrerpnponart PGP n MS-DOS, Microsoft Windows, Maci ntosh n UNIX.
O PGP nanncano neckontko knnr |601,1394,1495]. Hcxontn ko tn axe onynnkonan n neuarnom nne n
|1653] npn nontrke oonrn Iocenapramenr CBA, koroptn npoonxaer cunrart, uro ncxontn ko moxno +k c-
noprnponart rontko n ymaxnom, a ne n +nekrponnom nne . Ecnn nt onepxere IDEA, PGP nosnonnr nam npnnn-
snrtcx k noennomy yponnm mn|ponannx.
24.13 Hn1ennek1yanunme kap1oukn
Hnrennekryantnax kaprouka npecrannxer coon nnacrnkonym kaprouky, no pasmepy n |opme kak kpenrnax
kaprouka, c ncrpoennon komntmrepnon mnkpocxemon . Hex crapa - nepnte narenrt tnn ntant ner 20 romy
nasa - no ns-sa npakrnuecknx orpannuennn nosmoxnocrt peannsonart rakne kaproukn noxnnnact rontko npnme p-
no nxrt ner nasa. C rex nop onn crann nonynxpnt, rnanntm opasom n Enpone . Bo mnornx crpanax nnrennekry-
antnte kaproukn ncnontsymrcx nx onnart sa rene|ont. Cymecrnymr nnrennekryantnte kpenrnte kaproukn,
nnrennekryantnte enrnte kaproukn, nnrennekryantnte kaproukn nx uero yrono. Amepnkanckne komnannn no
ntnycky kpenrntx kaprouek paoramr na rexnonornen, n uepes neckontko ner axe saxyante amepnkannt
yyr nocnrt nnrennekryantnte kaproukn n cnonx ymaxnnkax .
Hnrennekryantnax kaprouka coepxnr manentknn komntmrep (otuno 8-nrontn mnkponponeccop), O3V
(uerneprt knnoanra), H3V (npnmepno 6-8 knnoanr), n neckontko knnoanr nno EPROM (crnpaemoe nporpam-
mnpyemoe H3V) nnn EEPROM (+nekrponno crnpaemoe nporpammnpyemoe H3V). Oem namxrn n nnrennekryant-
ntx kaproukax cneymmero nokonennx nanepnxka nospacrer, no onpeenennte |nsnueckne orpannuennx sarpy -
nxr rakne pacmnpennx. Kaprouka ncnontsyer cnom onepannonnym cncremy, nporpammt n annte . (uero n nen ner,
rak +ro ncrounnka nnrannx, +nekrpo+neprnx noaercx, kora kaprouky ncrannxmr n cunrtnarent .) Kaprouka eso-
nacna. B namem menxmmemcx mnpe, kora nentsx onepxrt uyxomy komntmrepy, rene|ony, a uemy yrono, nt
moxere trt ynepent n cnoen kaprouke, koropax xpannrcx n namem ymaxnnke .
B nnrennekryantntx kaproukax moryr ncnontsonartcx pasnnunte kpnnrorpa|nueckne nporokont n
anropnrmt. Onn moryr trt +nekrponntm komentkom, anax nosmoxnocrt rparnrt n nonyuart +nekrponnte n a-
nnunte. Kaproukn moryr ncnontsonartcx n nporokonax nponepkn nonnnnocrn c nynentm snannem, onn moryr
onaart cocrnenntmn knmuamn mn|ponannx . Bosmoxno, onn nosnonxmr nonnctnart okymenrt nnn cnnmart
noknponky c komntmrepntx nporpamm.
Hekoropte nnrennekryantnte kaproukn cunramrcx ycronunntmn k nsnomy, raknm opasom cex uacro sam n-
mamr oprannsannn, +mnrnponanmne kaproukn. Fank nonce ne xouer, urot nt mornn nnesrt n nx nnrennekryan t-
nym kaprouky n nauncnnrt cee noontme ener .
Hnrennekryantnte kaproukn - +ro ouent nnrepecnax rema, na koropym nanncano mnoxecrno nnreparypt . Xo-
pomen osopnon crarten no kpnnrorpa|nn n nnrennekryantntx kaproukax moxer cnyxnrt |672]. Exerono npo-
noxrcx kon|epennnn: CARTES n okrxpe n Hapnxe n CardTech n anpene n Bamnnrrone, okpyr Konymnx. Tpyt
nyx pyrnx kon|epennnn no nnrennekryantntm kaproukam moxno nanrn n |342, 382]. B onacrn nnrennekryant-
ntx kaprouek cymecrnymr cornn narenron, uacrtm npnnanexamne enponencknm komnannxm. Hnrepecnte nonpo-
ct yymero ncnontsonannx nnrennekryantntx kaprouek - nponepka nenocrnocrn, aynropcknn konrpont, samnra
or konnponannx, +nekrponnte nannunte, onnara nourontx pacxoon - onncant n |1628].
24.14 C1anpap1m kpnn1orpaqnn c o1kpm1mun knmuaun
Cranaprt kpnnrorpa|nn c orkptrtmn knmuamn ( Public-Key Cryptography Standards, PKCS) - +ro nontrka
komnannn RSA Data Security, Inc oecneunrt npomtmnenntn cranapr nx kpnnrorpa|nn c orkptrtmn
knmuamn. Ho rpannnn raknmn enamn sannmancx ANSI, no, yunrtnax rekymym cnryannm n kpnnrorpa|nueckon
nonnrnke, RSADSI pemnna, uro nyume onn nce cenamr camn. Paorax co mnoxecrnom komnannn, RSADSI paspa-
orana naop cranapron. Hekoropte ns nnx conmecrnmt c pyrnmn cranapramn, a nekor opte - ner.
3rn cranaprt ne xnnxmrcx cranapramn n omenpnnxrom cmtcne +roro cnona, nnkro ne conpancx n ne ron o-
conan sa PKCS. Ho cnonm cocrnenntm cnonam RSADSI "yer enncrnennon oprannsannen, npanomounon np n-
nnmart pemennx o kaxom cranapre, n yer nepecmarpnnart +rn cranaprt no mepe neoxonmocrn " |803].
axe +ro yxe concem. Ecnn nt neynepent, kakne crpykrypt anntx n cnnrakcnc ncnontsonart npn nporpa m-
mnponannn kpnnrorpa|nn c orkptrtmn knmuamn , +rn cranaprt ne xyxe kaknx-nno pyrnx. K romy xe, rak kak
+ro ne nacroxmne cranaprt, nt moxere nocrponrt nx no cnon nyxt .
anee npnneeno kparkoe onncanne kaxoro PKCS (PKCS #2 n PKCS #4 tnn nknmuent n PKCS #l).
PKCS #l |1345] onnctnaer cnoco mn|ponannx n emn|pnponannx RSA, rnanntm opasom nx cosannx nn|-
pontx nonncen n nn|pontx konnepron, onncanntx n PKCS #7. nx nn|pontx nonncen coomenne x+mnpyercx,
a sarem x+m-snauenne mn|pyercx sakptrtm knmuom nonnctnammero . Conmecrnoe npecrannenne coomennx n
x+m-snauennx nopono onncano n in PKCS #7. nx nn|pontx konnepron (mn|ponannte coomennx) coomenne
cnauana mn|pyercx cnmmerpnuntm anropnrmom, a sarem knmu coomennn mn|pyercx orkptrtm knmuom nonyu a-
renx. Conmecrnoe npecrannenne mn|ponannoro coomennx n mn|ponannoro knmua onxno coornercrnonart
PKCS #7. 3rn na meroa conmecrnmt co cranapramn PEM. nx crpykrypt ceprn|nkaron (nnn nx noonx) o r-
kptrtx n sakptrtx knmuen RSA n rpex anropnrmon nonncn - MD2 n RSA, MD4 n RSA, MD5 n RSA - PKCS #l
rakxe onnctnaer cnnrakcnc, nenrnuntn cnnrakcncy X.509 n PEM.
PKCS #3 |1346] onnctnaer cnoco peannsannn omena knmuamn no cxeme Diffie-Hellman.
PKCS #5 |1347) onnctnaer cnoco mn|ponannx coomennn cekperntm knmuom, nonyuenntm ns naponx .
Cranapr ncnontsyer MD2 nnn MD5 nx nonyuennx knmua ns naponx n mn|pyer coomennx c nomomtm DES n
pexnme CBC. 3ror mero npenasnauen rnanntm opasom nx mn|ponannx sakptrtx knmuen npn nx nepeaue or
onon komntmrepnon cncremt pyron, no moxer trt ncnontsonan n nx mn|ponannx coomennn .
PKCS #6 |1348] onnctnaer cranaprntn cnnrakcnc ceprn|nkaron orkptrtx knmuen . Cnnrakcnc xnnxercx
namnoxecrnom ceprn|nkara X.509, npn neoxonmocrn moxno nsnneut n ceprn|nkar X.509. ononnnrentnte
arpnyrt ne orpannunnamr nponecc ceprn|nkannn rontko orkptrtm knmuom. Onn coepxar n pyrym nn|opm a-
nnm, nanpnmep, apec +nekrponnon nourt.
PKCS # 7 |1349] npecrannxer coon omnn cnnrakcnc nx nonnctnaemtx nnn mn|pyemtx anntx, nanp n-
mep, nn|pontx nonncen nnn nn|pontx konnepron . Cnnrakcnc xnnxercx pekypcnnntm, no+romy moxno opranns o-
nart nnoxennocrt konnepron nnn nocrannrt utm-ro nonnct no panee samn|ponanntmn anntmn. Cnnrakcnc
rakxe paspemaer nmecre c coepxannem coomennx nponepky nonnnnocrn pyrnx arpnyron, nanpnmep, merok
npemenn. PKCS #7 c PEM, no+romy nonncannte n samn|ponannte coomennx moryr trt npeopasonant n c o-
omennx PEM, n naoopor, es ononnnrentntx kpnnrorpa|nuecknx onepannn . nx ynpannennx knmuamn c no-
momtm ceprn|nkaron PKCS #7 moxer noepxnnart mnoxecrno apxnrekryp - onon ns nnx xnnxercx PEM.
PKCS #8 |1350] onnctnaer cnnrakcnc nn|opmannn o sakptrtx knmuax, nknmuax sakptrtn knmu n naop a r-
pnyron, n cnnrakcnc mn|ponanntx sakptrtx knmuen . nx mn|ponannx nn|opmannn o sakptrtx knmuax mox-
no ncnontsonart PKCS #5.
PKCS #9 |1351] onpeenxer nspannte rnnt arpnyron nx pacmnpenntx ceprn|nkaron PKCS #6, coomennn
c nn|ponon nonnctm PKCS #7 n nn|opmannn o sakptrtx knmuax PKCS #8.
PKCS #10 |1352,] onnctnaer cranaprntn cnnrakcnc sanpocon ceprn|nkannn . Ceprn|nkannx nknmuaer nnn-
nnyantnoe nmx, orkptrtn knmu n (neoxsarentno) naop arpnyron , koropte nonncant nnnom, npncnanmnm
sanpoc. 3anpoct ceprn|nkannn npnctnamrcx n ceprn|nnnpymmnn opran , koroptn npeopasyer sanpoc nno n
ceprn|nkar orkptroro knmua X.509, nno n ceprn|nkar PKCS #6.
PKCS #11 |1353], Cranapr API kpnnrorpa|nueckon merkn (Cryptographic Token API Standard) , onpeenxer
nnrep|enc nporpammnponannx, nastnaemtn "Cryptoki", nx noprarnnntx kpnnrorpa|nuecknx ycrponcrn ncex
rnnon. Cryptoki npecrannxer coon oomennym nornueckym moent , nosnonxmmym npnnoxennxm ntnonnxrt
kpnnrorpa|nueckne onepannn na noprarnnntx ycrponcrnax, ne snax eranen ncnontsyemon rexnonornn . 3ror
cranapr rakxe onpeenxer npo|nnn npnnoxennx : naopt anropnrmon, koropte moxer noepxnnart ycrponcrno .
PKCS #12 |1354] onnctnaer cnnrakcnc xpanennx n nporpammnom oecneuennn orkptrtx knmuen nontsonar e-
nen, samnmenntx sakptrtx knmuen, ceprn|nkaron n pyron cnxsannon kpnnrorpa|nueckon nn|opmannn . Hentm
+roro xnnxercx cranaprnsannx ennoro |ana knmuen, ncnontsyemoro mnornmn npnnoxennxmn .
3rn cranaprt ncecroponnn, no ne nceoemnmmn . Mnorne nonpoct ocrannct sa npeenamn +rnx cranapron :
nponema npncnoennx nmen, nekpnnrorpa|nueckne nonpoct, kacammnecx ceprn|nkannn, nnnt knmuen n ycn o-
nnx nx pasnnuntx napamerpon. PKCS npnsnant oecneunrt |opmar nepeaun anntx, ocnonannon na kpnnr o-
rpa|nn c orkptrtmn knmuamn, n nn|pacrpykrypy, noepxnnammym rakym nepeauy .
24.15 Ynnnepcanunan cnc1eua anek1ponnmx nna1ee
Vnnnepcantnax cncrema +nekrponntx nnarexen ( Universal Electronic Payment System, UEPS) npecrannxer
coon ankonckoe npnnoxenne, ncnontsymmee nnrennekryantnte kaproukn, nepnonauantno paspaorannoe nx
centckon Rxnon A|pnkn, no nosnee npnnxroe ocnonntmn ankoncknmn rpynnamn +ron crpant . K nauany 1995
roa n RAP tno ntnymeno okono 2 mnnnnonon kaprouek . 3ra cncrema rakxe npnnxra n Hamnnn, n pasnepr t-
naercx no kpannen mepe onnm poccnncknm ankom.
Cncrema nosnonxer ncnontsonart esonacnte enrnte kaproukn, noxoxmne nx pernonon, n koroptx nn o-
xax rene|onnax cert enaer nenosmoxnon nanoronym nponepky . Kaproukn ecrt n nokynarenen, n y npoannon,
nokynarenn moryr ncnontsonart cnon kaproukn nx nepenoa ener npoannam . Hpoanen moxer nocnontsonartcx
cnoen kaproukon, urot nosnonnrt n ank n nomecrnrt entrn na cnon ankoncknn cuer, nokynarent moxer no c-
nontsonartcx cnoen kaproukon, urot nosnonnrt n ank n nepenecrn entrn na cnom kaprouky . Her neoxonmo-
crn saornrtcx o anonnmnocrn, nyxno oecneunrt rontko samnry or momennnuecrna .
Bor kak ntrnxnr nporokon cnxsn mexy nokynarenem Anncon n npoannom Foom (B encrnnrentnocrn, Ann-
ca n Fo npocro ncrannxmr cnon kaproukn n mamnny n oxnamr ntnonnennx rpansaknnn .) Kora Annca nnepnte
nonyuaer cnom kaprouky, ona nonyuaer n napy knmuen, K
1
n K
2
, ank ntuncnxer nx, ncnontsyx ee nmx n nekor o-
pym cekpernym |ynknnm. Tontko n kaproukn npoannon ncrpoent cekpernte cpecrna, neoxonmte nx ntun c-
nennx knmuen nontsonarenen.
(1) Annca noctnaer Foy cnoe nmx, A, ero nmx, B, n cnyuannoe uncno R
A
, mn|pyx nx c nomomtm DES: cnauana
knmuom K
2
, sarem K
1
. Ona rakxe noctnaer cnoe nmx orkptrtm rekcrom.
A, E
K
1
( E
K
2
(A,B,R
A
))
(2) Fo ntuncnxer K
1
n K
2
no nmenn Annct. On pacmn|pontnaer coomenne, yexaercx, uro A n B npannnt-
nt, sarem mn|pyer nesamn|ponannym nropym nononnny coomennx Annct knmuom K
2
.
E
K
2
(A,B,R
A
)
Fo ne noctnaer +ro coomenne Annce, 56 nron mn|porekcra cranonxrcx knmuom K
3
. Fo noctnaer Annce
cnoe nmx, ee nmx n cnyuannoe uncno, R
B
, mn|pyx nx c nomomtm DES: cnauana knmuom K
3
, sarem K
1
.
E
K
1
( E
K
3
(B,A,R
B
))
(3) Annca ananornuntm opasom ntuncnxer K
3
n pacmn|pontnaer coomenne Foa, yexaxct, uro A n B npa-
nnntnt, sarem mn|pyer nesamn|ponannym nropym nononnny coomennx Foa knmuom K
3
.
E
K
3
(B,A,R
B
)
Annca ne noctnaer +ro coomenne Foy, 56 nron mn|porekcra cranonxrcx knmuom K
4
. 3arem Annca noct-
naer Foy cnoe nmx, ero nmx nponepounoe snauenne C. 3ro nponepounoe snauenne coepxnr nmena ornp a-
nnrenx n nonyuarenx, ary, konrpontnym cymmy, konnuecrno n na MAC. Bce +ro mn|pyercx DES: cnauana
knmuom K
4
, sarem K
1
. Onn ns MAC moxer trt nponepen ankom Annct, a nropon moxer trt nponepen
rontko pacuerno-kaccontm nenrpom. Annca ymentmaer cnon cuer na coornercrnymmee snauenne .
E
K
1
( E
K
4
(A,B,C))
(4) Fo ananornuntm opasom ntuncnxer K
4
. Hpn ycnonnn, uro nce nmena connaamr, n npannntno ntnonnena
nponepka, on npnnnmaer nnarex.
Bennkonenntm nononneennem n +rom nporokone xnnxercx ro, uro kaxoe coomenne sanncnr or npetymero .
Kaxoe coomenne ntcrynaer yocronepennem ecex npetymnx coomennn. 3ro osnauaer, uro nonropnrt crapoe
coomenne nnkomy ne yacrcx, nonyuarent npocro nnkora ne pacmn|pyer ero . Mne npannrcx +ra nex, n x yne-
pen, uro ona nonyunr mnpokoe npnmenenne, kak rontko craner mnpoko nsnec rna.
pyron pasymnon nemtm n +rom nporokone - nanxstnanne npannntnon peannsannn . Ecnn paspaorunk npnno-
xennx nenpannntno peannsyer nporokon, on npocro ne yer paorart.
Oe kaproukn coxpanxmr sanncn kaxon rpansaknnn . Kora kaproukn pano nnn nosno ycranonxr nanoronoe
coennenne c ankom (npoanen - nonoxnrt entrn na cuer, a nokynarent - cnxrt co cuera), ank nsnneuer +rn s a-
nncn nx nocneymmero konrponx.
Annaparypa nsrorannnnaercx ycronunnon k nsnomy, urot nomemart nmomy ns yuacrnnkon ncnoprnrt a n-
nte. Annca ne cmoxer nsmennrt snauenne cnoen kaproukn. Hoponax sannct oecneunnaer annte nx onap y-
xennx n sanpemennx momennnuecknx rpansaknnn. B kaproukax ncnontsymrcx ynnnepcantnte cekpert - knmun
MAC n kaproukax nokynarenen, |ynknnn nx npeopasonannx nmen nontsonarenen n K
1
n K
2
- no cunraercx, uro
pemenne oparnon saaun nx +rnx cekperon ocraro uno rpyno.
3ra cxema, koneuno xe, neconepmenna, no ona esonacnee ymaxntx uekon n otuntx enrntx kaprouek .
Hcrounnkom yrpost momennnuecrna xnnxmrcx ne noennte nparn, a nokynarenn n npoannt . UEPS npeocrannxer
samnry or raknx snoynorpenennn.
Omen coomennx xnnxercx npekpacntm npnmepom ycronunnoro nporokona: B kaxom coomennn npncyrcr-
nym nmena oenx cropon, nknmuax nn|opmannm, ynnkantnym nx coomennx, kaxoe coomenne xnntm opasom
sanncnr or ncex npetymnx.
24.16 CLIPPER
Mnkpocxema Clipper (nsnecrnax rakxe kak MYK-78T) - +ro paspaorannax n NSA, ycronunnax k nsnomy mnk-
pocxema, npenasnauennax nx mn|ponannx neperonopon ronocom. 3ro ona ns nyx cxem, peannsymmnx npan n-
rentcrnenntn Cranapr ycnonnoro mn|ponannx (Escrowed Encryption Standard, EES) |1153]. VLSI Technologies,
Inc. nsroronnna mnkpocxemy, a Mykotronx, Inc. sanporpammnponana ee. Cnauana nce mnkpocxemt Clipper yyr
nxonrt n Fesonacnoe rene|onnoe ycrponcrno Model 3600 AT&T (cm. pasen 24.18). Mnkpocxema peannsyer anro-
pnrm mn|ponannx Skipjack (cm. pasen 13.12,), paspaoranntn NSA cekperntn anropnrm c mn|ponannem cek-
perntm knmuom, rontko n pexnme OEB.
Camtm npornnopeunntm momenrom mnkpocxemt Clipper, n EES n nenom, xnnxercx nporokon ycnonnoro npyue-
nnx knmuen (cm. pasen 4.14). V kaxon mnkpocxemt ecrt cnennantntn, nenyxntn nx coomennn, knmu . 3ror
knmu ncnontsyercx nx mn|ponannx konnn knmua coomennn kaxoro nontsonarenx . B xoe nponecca cnnxponn-
sannn nepeammax mnkpocxema Clipper renepnpyer n noctnaer npnnnmammen Hone ocryna nx ntnonnennx s a-
kona (Law Enforcement Access Eield, LEAE). LEAE coepxnr konnm rekymero ceanconoro knmua, samn|ponann o-
ro cnennantntm knmuom (nastnaemtm xnmuou uoynu). 3ro nosnonxer npannrentcrnenntm npocnymnnarenxm
nonyunrt ceancontn knmu n packptrt orkptrtn rekcr pasronopa .
Ho cnonam npekropa NIST |812]:
Hpeycmarpnnaercx, uro cncrema "c ycnonno npyuenntm knmuom" oecneunr ncnontsonanne mnkpocxemt
Clipper nx samnrt sakononocnymntx amepnkannen . B kaxom ycrponcrne, coepxamem mnkpocxemy yer na
ynnkantntx "knmua", na uncna, koropte nonaoxrcx ynonnomouenntm npannrentcrnenntm opranam nx e-
mn|pnponannx coomennn, samn|ponanntx ycrponcrnom. Hpn nsroronnennn ycrponcrna oa knmua yyr nome-
ment noposnt n nyx asax anntx " ycnonno npyuenntx knmuen", konrponnpyemtx Ienepantntm npokypopom .
ocryn k +rnm knmuam yer paspemen rontko npannrentcrnenntm unnonnnkam c sakonntm paspemennem no -
knmunrt nocnymnnammee ycrponcrno.
Hpannrentcrno rakxe conpaercx noompxrt mnpokoe pacnpocrpanenne raknx rene|onntx annaparon, no nnkro
ne snaer, uro moxer nponsonrn c asamn anntx ycnonno npyuenntx knmuen.
Homnmo nonnrnuecknx acnekron, cronr noronopnrt n o nnyrpennen crpykrype LEAE |812, 1154, 1594, 459,
107, 462]. LEAE - +ro crpoka, nknmuammax ocrarouno nn|opmannn, urot npn oecneuennn npanonopxka mox-
no tno packptrt ceancontn knmu K
s
npn ycnonnn, uro na ycnonno nonyunnmnx xnmun yupeaennu yyr
encrnonart cooma. LEAE coepxnr 32-nrontn nenrn|nkarop moynx U, ynnkantntn nx kaxon mnkpocxe-
mt Clipper. Ono rakxe coepxnr rekymnn 80-nrontn ceancontn knmu, samn|ponanntn ynnkantntm knmuom
moynx mnkpocxemt K
U
, n 16-nronym konrpontnym cymmy C, nastnaemym nenrn|nkaropom ycnonnoro npyue-
nnx. Konrpontnax cymma npecrannxer coon |ynknnm ceanconoro knmua, IV n nosmoxno pyron nn|opmannn.
3rn rpn nonx mn|pymrcx |nkcnponanntm omnm knmuom K
F
, omnm nx ncex nsanmoencrnymmnx mnkpocxem
Clipper. Omnn knmu, ncnontsyemte pexnmt mn|ponannx, erann konrpontnon cymmt n rounax crpykrypa
LEAE sacekpeuent. Bosmoxno +ro none noxoxe na uro-ro noonoe :
E E K U C
K K s
F U
( ( , , ))
K
U
nnonrcx n mnkpocxemt Clipper npn nsroronnennn. 3ror knmu sarem pasenxercx (cm. pasen 3.5) n xpa-
nnrcx n nyx asax anntx ycnonno npyuenntx knmuen , oxpanxemtx nymx pasnnuntmn yupexennxmn.
urot Ena morna nsnneut K
s
ns LEAE, ona onxna cnauana pacmn|ponart LEAE knmuom K
F
n nonyunrt U.
3arem ona onxna nonyunrt nocranonnenne cya nx kaxoro ns yupexennn ycnonnoro npyuennx, kaxoe ns k o-
roptx nosnpamaer nononnny K
U
nx annoro U. Ena ntnonnxer XOR oenx nononnn n nonyuaer K
U
, sarem ona
ncnontsyer K
U
nx nonyuennx K
s
, n K
s
- nx nocnymnnannx pasronopa.
Konrpontnax cymma onxna nomemart napymennm +ron cxemt, npnnnmammax mnkpocxema Clipper ne moxer
ntnonnnrt emn|pnponanne, ecnn konrpontnax cymma nenpannntna . Onako cymecrnyer nnmt 2
16
nosmoxntx
snauennn konrpontnon cymmt, n |antmnnoe LEAE c npannntnon konrpontnon cymmon, no nenpannntntm kn m-
uom, moxer trt naneno npnmepno sa 42 mnnyrt |187]. Ho +ro ne ouent nomoxer nocnymart pasronop, ne y-
mnncx c nomomtm Clipper. Tak kak nporokon omena knmuamn ne xnnxercx uacrtm mnkpocxemt Clipper, 42-
mnnyrnoe nckptrne rpyon cnnon onxno trt ntnonneno nocne omena knmuamn, ono ne moxer trt ntnonn e-
no o rene|onnoro snonka. Takoe nckptrne moxer paorart npn nepeaue |akcon nnn npn ncnontsonannn kapro u-
kn Eortezza (cm. pasen 24.17).
Hpenonoxnrentno mnkpocxema Clipper onxna npornnocroxrt nnxenepnomy nckptrnm, ntnonnennomy
"nsompenntm, xopomo" |1154], no no cnyxam n Sandia National Laboratories ycnemno nponenn nccneonanne o-
non ns mnkpocxem. axe ecnn +rn cnyxn noxnt, x noospenam, uro camtm kpynntm mnpontm nponsnonrenxm
rakoe nnxenepnoe nckptrne nnonne no cnnam, n ero cpok xnnxercx rontko nonpocom pecypcon n mopann .
C +ron remon cnxsano mnoxecrno nonpocon o ranne nnunocrn . Mnorouncnennte rpynnt samnrt rpaxancknx
cnoo neyr akrnnnym komnannm npornn nmoro mexannsma ycnonnoro npyuennx knmuen, koroptn acr npan n-
rentcrny npano nocnymnnart rpaxan. Bcx nonocrt n rom, uro, xox +ra cxema nnkora ne npoxonna uepes
Konrpecc, NIST onynnkonan EES n kauecrne EIPS |1153], oonx onesnenntn sakonoarentntn nponecc. Cen-
uac nce ntrnxnr, kak ecnn t EES rnxo n menenno ymnpan, no cranaprt cnocont npoonxart cnom nonsyuym
exrentnocrt.
B 22-n nepeuncnent pasnnunte oprannsannn, yuacrnymmne n +ron nporpamme . Kak nacuer nen, urot oa
yupexennx ycnonnoro npyuennx ornocnnnct rontko k ncnonnnrentnon nernn nnacrn? uro nt ckaxere o yupe x-
ennxx ycnonnoro npyuennx, koropte no cyrn nnuero ne snamr o saxnkax na nocnymnnanne n moryr rontko cneno
oopxrt nx? H uro nacuer nee o npnnxrnn npannrentcrnom cekpernoro anropnrma n kauecrne kommepueckoro
cranapra?
Tan. 24-2.
Oprannsannn, yuac1nymmne n --5.
Mnnncrepcrno mcrnnnn - Cnoncop cncremt, nnaenen omero knmua
NIST - Pykonocrno nporpammon, xpannrent ycnonno npyuennon uacrn knmua
EBI - Hontsonarent-emn|ponmnk, nnaenen omero knmua
Mnnncrepcrno |nnancon - Xpannrent ycnonno npyuennon uacrn knmua
NSA - Paspaorunk nporpammt
B nmom cnyuae, ncnontsonanne Clipper noponr nemano nponem npn opamennn n cy. He satnanre, Clip-
per paoraer rontko n pexnme OEB. uro t nam nnoe ne ronopnnn, +ror pexnm ne oecneunnaer nenocrnocrn nnn
nponepke nonnnnocrn. Hpenonoxnm, uro Annca npecrana nepe cyom, n uacrtm okasarentcrn xnnxercx ren e-
|onntn pasronop, samn|ponanntn mnkpocxemon Clipper. Annca yrnepxaer, uro ona nnkora ne snonnna, n ronoc
- ne ee. Anropnrm cxarnx peun nacrontko nnox, uro onosnart ronoc Annct rpyno , no onnnenne yrnepxaer, uro,
rak kak pacmn|ponart pasronop moxno rontko c nomomtm ycnonno npyuennoro knmua Annct, +ror snonok tn
cenan c ee rene|ona.
Annca saxnnxer, uro pasronop tn noenan n coornercrnnn c |984, 1339]: ant mn|porekcr n orkptrtn
rekcr, oennnn nx c nomomtm XOR, moxno nonyunrt knmuenon norok. 3arem +ror knmuenon norok moxno o-
ennnrt c nomomtm XOR c aconmrno pyrnm orkptrtm rekcrom, nonyuax |antmnntn mn|porekcr, koroptn
sarem moxer trt npeopasonan n |antmnntn orkptrtn rekcr, koroptn noaercx na emn|parop mnkpocxemt .
Hpannn on nnn ner, +ror ono moxer nerko nocexrt comnenne n xmpn npncxxntx, koropte ne couryr rene|o n-
ntn pasronop okasarentcrnom.
pyron cnoco nckptrnx, nastnaemtn Brncknnannem ( Squeeze), nosnonxer Annce ntart cex sa Foa. Bor
kak +ro nponcxonr |575]: Annca snonnr Foy, ncnontsyx Clipper. Ona coxpanxer konnm ero LEAE nmecre c cean-
contm knmuom. 3arem ona snonnr K+pon (npo koropym nsnecrno, uro ee nocnymnnamr ). Hpn ycranonke knmua
Annca enaer ceancontn knmu nenrnuntm romy, koroptn ona ncnontsonana nx pasronopa c Foom. nx +roro
norpeyercx nsnomart rene|on, no +ro nerpyno . 3arem nmecro roro, urot nocnart cnoe LEAE, ona noctnaer
LEAE Foa. 3ro npannntnoe LEAE, no+romy rene|on K+pon nnuero ne samernr. Tenept ona moxer ronopnrt K+-
pon nce, uro saxouer - kora nonnnnx pacmn|pyer LEAE, ona onapyxnr, uro ono npnnanexnr Foy. axe ecnn
Annce ne yacrcx ntart cex sa Foa, emy npnercx okastnart cnom nennnonnocrt n cye, uro nnonne moxer
onpanart npnmenenne noonon cxemt.
Oprant oxpant npanonopxka Coennenntx Braron ne onxnt rparnrt cnoe npemx, sannmaxct copom n n-
|opmannn n yrononntx paccneonannxx, koropym nentsx ncnontsonart n cye . axe ecnn ycnonnoe npyuenne
knmuen n xnnxnoct t nennoxon neen, Clipper - +ro ne nyumnn cnoco peannsannn +ron nen.
24.17 CAPSTONE
Capstone (nsnecrntn rakxe kak MYK-80) - +ro pyrax paspaorannax NSA CFHC, peannsymmax Cranapr yc-
nonnoro mn|ponannx npannrentcrna CBA |1153]. Capstone peannsyer cneymmne |ynknnn |1155, 462]:
Anropnrm Skipjack n nmom ns uertpex ocnonntx pexnmon: ECB, CBC, CEB n OEB.
Anropnrm omena knmuamn (Key Exchange Algorithm, KEA) na ase orkptrtx knmuen, ckopee ncero Dif-
fie-Hellman.
Anropnrm nn|ponon nonncn (Digital Signature Algorithm, DSA). *
Anropnrm esonacnoro x+mnponannx (Secure Hash Algorithm, SHA). j
Anropnrm nosneennx n crenent nx omero nasnauennx .
Ieneparop cnyuanntx uncen c ncnontsonannem ncrnnno mymonoro ncrounnka .
Capstone oecneunnaer kpnnrorpa|nueckne nosmoxnocrn, neoxonmte nx esonacnon +nekrponnon ropronnn
n pyrnx komntmrepntx npnnoxennn. Hepntm npnmenennem Capstone xnnxercx kaprouka PCMCIA, nasnannax
Eortezza. (Cnauana ona nastnanact Tessera, noka na +ro ne noxanonanact komnannx Tessera, Inc..)
NSA nsyunno nosmoxnocrt ynnnennx konrpontnon cymmt LEAE n Capstone n nepcnxx nx kaprouek nx roro,
urot nomemart panee paccmorpennomy nckptrnm LEAE. Bmecro +roro tna oannena nosmoxnocrt ntnonnxrt
nepesanyck kaproukn nocne 10 nenpannntntx LEAE. Menx +ro ne nneuarnnno - npemx noncka npannntnoro LEAE
rontko na 10 nponenron, o 46 mnnyr.
24.18 Besonacnm 1eneqon AT&T MODEL 3600 TELEPHONE SECURITY DEVICE
(TSD)
Fesonacntn rene|on AT&T (Telephone Security Device, TSD) - +ro rene|on c mnkpocxemon Clipper. Ha camom
ene cymecrnyer uertpe moenn TSD. Ona coepxnr mnkpocxemy Clipper, pyrax - +kcnoprnpyemtn |npmenntn
anropnrm mn|ponannx AT&T rpertx - |npmenntn anropnrm nx ncnontsonannx nnyrpn crpant nnmc +kcnopr n-
pyemtn anropnrm, a uerneprax nknmuaer Clipper, nnyrpennnn n +kcnoprnpyemtn anropnrmt.
nx kaxoro rene|onnoro snonka TSD ncnontsymr ornnuntn ceancontn knmu. Hapa TSD renepnpyer ceanco-
ntn knmu c nomomtm cxemt omena knmuamn Diffie-Hellman, nesanncxmen or mnkpocxemt Clipper. Tak kak Dif-
fie-Hellman ne nknmuaer nponepkn nonnnnocrn, TSD ncnontsyer na meroa nx npeornpamennx nckptrnx
"uenonek n cepenne".
Hepntm xnnxercx +kpan. TSD x+mnpyer ceancontn knmu n ntnonr x+m-snauenne na manentkom +kpane n n n-
e uertpex mecrnanarnpnuntx nn|p. Coecennkn nponepxmr, uro na nx +kpant ntneent onnakonte nn|pt .
Kauecrno ronoca ocrarouno xopomo, urot onn mornn ysnart pyr pyra no ronocy .
Bce xe Ena moxer nckptrt +ry cxemy. Hycrt en yanoct nknnnnrtcx n nnnnm mexy Foom n Anncon . Ona nc-
nontsyer TSD na nnnnn c Anncon n mon|nnnponanntn TSD na nnnnn c Foom. Hocepenne ona conpxraer na
rene|onntx snonka. Annca ntraercx cenart pasronop esonacntm. Ona otuntm opasom renepnpyer knmu, no
omaercx c Enon, ntammen cex sa Foa. Ena packptnaer knmu n c nomomtm mon|nnnponannoro TSD enaer
rak, urot knmu, koroptn ona crenepnponana nx Foa, nmen rakoe xe x+m-snauenne . 3ro nckptrne na nn ne
ouent peantno, no nx ero npeornpamennx n TSD ncnontsyercx noknponka.
TSD renepnpyer cnyuannte uncna, ncnontsyx ncrounnk myma n xaornuntn ycnnnrent c nn|ponon oparnon
cnxstm. On renepnpyer nrontn norok, koroptn nponyckaercx uepes nocrorennnammnn |nntrp na ase nn|p o-
noro nponeccopa.
Hecmorpx na nce +ro n cnpanounom pykonocrne TSD ner nn cnona o esonacnocrn. Ha camom ene ram nannc a-
no |70]:
AT&T ne rapanrnpyer, uro TSD samnrnr or nckptrnx samn|ponannon nepeaun npannrentcrnenntm yupexennem, ero
arenramn nnn rperten croponon. Fonee roro, AT&T ne rapanrnpyer, uro TSD samnrnr or nckptrnx nepeanaemon nn|opmannn c
nomomtm meroon, oxoxmnx mn|ponanne .
Fnana 25
Donn1nka
25.1 Aren1c1no naunonanuno esonacnoc1n (NSA)
NSA - +ro Arenrcrno nannonantnon esonacnocrn (National Security Agency, kora-ro pacmn|pontnanoct
myrnnkamn kak "No Such Agency" (nnkakoe arenrcrno) nnn "Never Say Anything" (nnkora nnuero ne ckaxy), no
renept onn onee orkptrt), o|nnnantntn opran npannrentcrna CBA no nonpocam esonacnocrn . Arenrcrno t-
no cosano n 1952 roy npesnenrom Iappn Tpymenom n nounnennn Mnnncrepcrna esonacnocrn , n mnorne rot
n cekpere xpannnoct cam |akr ero cymecrnonannx. NSA nocnpnnnmanoct kak +nekrponnax pasneka, n ero saaun
nxonno nocnymnnart n pacmn|pontnart nce nnocrpannte nnnnn cnxsn n nnrepecax Coennenntx Braron .
Cneymmne asant nsxrt ns opnrnnantnoro nonoxennx o NSA, nonncannoro n 1952 roy npesnenrom Tpy-
menom n paccekpeuennoro cnycrx mnoro ner |1535]:
B saaun COMINT Arenrcrna nannonantnon esonacnocrn (NSA) onxnt nxonrt +||ekrnnnte oprannsannx n ynpann e-
nne pasnetnarentnon exrentnocrn Coennenntx Braron n onacrn renekommynnkannn, npononmon npornn nnocrpanntx
npannrentcrn, urot oecneunrt nenocrnym encrnennym nonnrnky n coornercrnymmne mept. Hcnontsyemtn n +ron npekrn-
ne repmnn "+nekrponnax pasneka" ( "communications intelligence") nnn "COMINT" oosnauaer nce encrnnx n merot, ncnont-
syemte nx nepexnara renekommynnkannn, ncknmuax sapyexnte npeccy n panonemanne, n nonyuennx nn|opmannn, npen a-
snauennon nx npnema pyrnm nonyuarenem, no ncknmuaer nensypy, a rakxe nponsnocrno n pacnpocrpanenne nonyuennon pa s-
netnarentnon nn|opmannn.
Cnennantnax npnpoa encrnnn COMINT rpeyer, urot onn no ncex ornomennxx npononnnct orentno or pyron nnn
omen pasnetnarentnon exrentnocrn. Hpnkast, npekrnnt, ykasannx nnn pekomenannn nmoro oprana ncnonnnrentnon
nnacrn, kacammnecx copa, nonyuennx, esonacnocrn, opaorkn, pacnpocrpanennx nnn ncnontsonannx pasnetnarentnon n n-
|opmannn nenpnmennmt n ornomennn encrnnn COMINT, ecnn +ro ne oronopeno ocoo, n okymenrt ne yyr nsant komn e-
renrntm npecrannrenem arenrcrna, nxoxmnm n npannrentcrno . pyrne npekrnnt Hannonantnoro conera esonacnocrn n-
pekropy HPV n cnxsannte npekrnnt, nsannte npekropom HPV, ne onxnt npnmenxrtcx k encrnnxm COMINT, ecnn +ro ne
yer cnennantnax npekrnna Hannonantnoro conera esonacnocrn, kaca mmaxcx COMINT.
NSA neer nccneonannx n onacrn kpnnronornn, sannmaxct kak paspaorkon esonacntx anropnrmon nx s a-
mnrt kommynnkannn Coennenntx Braron, rak n kpnnroanannrnueckne merot nx npocnymnnannx kommyn n-
kannn sa npeenamn CBA research. Hsnecrno, uro NSA xnnxercx kpynnenmnm n mnpe paoroarenem nx marema-
rnkon. Ono rakxe xnnxercx kpynnenmnm n mnpe nokynarenem komntmrepnon annaparypt . Bosmoxno kpnnrorpa-
|nuecknn ontr NSA na mnoro ner oropnancx or cocroxnnx en n orkptron nayke (n uacrn anropnrmon, no npx nn
n uacrn nporokonon). Hecomnenno Arenrcrno moxer nsnomart mnorne ns ncnontsyemtx ceronx cncrem . Ho, ns
coopaxennn nannonantnon esonacnocrn, nourn ncx nn|opmannx o NSA - axe ee mxer - sacekpeuena. (Ho
cnyxam mxer Arenrcrna cocrannxer okono 13 mnnnnapon onnapon n ro - nknmuax noennoe |nnancnponanne
npoekron NSA n onnary nepconana - n, no cnyxam, n nem paoraer 16 rtcxu uenonek .)
NSA ncnontsyer cnom nnacrt, urot orpannunrt orkptrym ocrynnocrt kpnnrorpa|nn n nomemart nann o-
nantntm nparam ncnontsonart cnnmkom cnntnte merot mn|ponannx, urot Arenrcrno morno nx nsnomart .
xenmc Maccen (James Massey) anannsnpyer +ry opty mexy nayuntmn n noenntmn nccneonannxmn n kpn n-
rorpa|nn |1007]:
Ecnn cunrart, uro kpnnronornx xnnxercx npeporarnnon npannrentcrna, ro, koneuno, ontmax uacrt kpnnronornuecknx n c-
cneonannn onxna necrnct sa sakptrtmn nepxmn . Fes ncxkoro comnennx konnuecrno nmen, sanxrtx ceronx kpnnronornu e-
cknmn nccneonannxmn, namnoro ontme, uem konnuecrno nmen, paorammnx n orkptron kpnnronornn . Orkptrte kpnnrono-
rnueckne nccneonannx mnpoko neyrcx rontko nocnenne 10 ner . Mexy +rnmn nymx nccneonarentcknmn coomecrnamn t-
nn n yyr kon|nnkrt. Orkptrte nccneonannx npecrannxmr coon otuntn nonck snannx, nx koroporo xnsnenno naxen
orkptrtn omen nexmn c nomomtm kon|epennnn, npesenrannn n nynnkannn n nayuntx xypnanax . Ho moxer nn npannrent-
crnennax oprannsannx, ornercrnennax sa nckptrne mn|pon pyrnx rocyapcrn, npnnercrnonart nynnkannm mn|pa, koroptn
nentsx nsnomart? Moxer nn nccneonarent c uncron conecrtm nynnkonart noontn mn|p, koropte moxer cnecrn na ner nce
ycnnnx nsnommnkon koa, naxoxmnxcx na cnyxe ero npannrentcrna ? Moxno nacrannart, uro nynnkannx okasano esona c-
noro mn|pa sacrannr nce npannrentcrna necrn cex noono "xenrntmenam" Crnmcona , no neoxonmo nomnnrt, uro orkpt-
rte nccneonannx n kpnnrorpa|nn nonnt nonnrnuecknx n +rnuecknx mornnon ropaso onee ceptesntx, uem no mnornx pyrnx
onacrxx naykn. Vnnnxrtcx nao ne romy, uro npannrentcrnennte oprannsannn na noune kpnnronornn kon|nnkrymr c nesan n-
cnmtmn nccneonarenxmn, a romy, uro +rn kon|nnkrt (no kpannen mepe re, o koroptx nam nsnecrno) rak nesnaunrentnt n rak
crnaxent.
xenmc F+m|op (James Bamford) nanncan ynnekarentnym knnry npo NSA: The Pu::le Palace |79], (eope
eo.oeo.o+or), neanno opaorannym nmecre c B+nnon Mecen ( Wayne Madsen) |80].
Koepuecraa npoepaa cepmuqurauuu ronommepuo esonacuocmu
Kommepueckax nporpamma ceprn|nkannn komntmrepnon esonacnocrn (Commercial COMSEC Endorsement
Program (CCEP)), koonoe nmx Overtake, - +ro npenoxenne, cenannoe NSA n 1984 roy n npnsnannoe onerunrt
paspaorky komntmrepon n cpecrn cnxsn c ncrpoenntmn kpnnrorpa|nuecknmn nosmoxnocrxmn |85, 1165].
Otuno ncm paspaorky raknx nsennn onnaunnann noennte, n +ro oxonnoct nm neemeno . NSA nocunrano,
uro ecnn komnannn moryr npoanart annaparypy n apmnn, n kopnopannxm, axe nnocrpanntm, +ro nosnonnr
ymentmnrt pacxot k nceomen ntroe. Arenrcrny ontme ne rpeonanoct t nponepxrt conmecrnmocrt oop y-
onannx c ueepantntm cranaprom 102.7, n sarem CCEP npeocrannna t ocryn k oopennomy npannrentc r-
nom kpnnrorpa|nueckomy oopyonannm |419].
NSA paspaorano px kpnnrorpa|nuecknx moynen pasnnunoro nasnauennx . B +rnx moynxx nx pasnnuntx
npnnoxennn ncnontsymrcx pasnnunte anropnrmt, n nponsnonrenn nonyuamr nosmoxnocrt nsnneut onn moynt
n ncrannrt pyron n sanncnmocrn or xenannn knnenra . Cymecrnymr moynn nx noennoro ncnontsonannx (Tnn I),
moynn nx "necekpernoro, no naxnoro" npannrentcrnennoro ncnontsonannx (Tnn II), moynn nx kopnoparnnnoro
ncnontsonannx (Tnn III) n moynn nx +kcnoprnponannx (Tnn IV). Pasnnunte moynn, nx npnmenenne n nasnannx
cneent n 24-n.
Tan. 25-1.
Moynn CCEP
Hpnmenenne Tnn I Tnn II
Peut/nnskockopocrnax nepeaua anntx Winster Edgeshot
Komntmrep Tepache Bulletproof
Btcokockopocrnax nepeaua anntx Eoresee Brushstroke
Cneymmee nokonenne Countersign I Countersign II
3ra nporpamma nce eme encrnyer, no ona ne ntsnana +nrysnasma nn y koro kpome npannrentcrna . Bce moynn
tnn samnment or nckptrnx, nce anropnrmt tnn sacekpeuent, a nontsonarenn onxnt tnn nonyuart knmun
or NSA. Kopnopannn nnkora peantno ne nepnnn n nem ncnontsonannx cekperntx anropnrmon, nanxsanntx np a-
nnrentcrnom. Kasanoct t, NSA nonyunno samerntn ypok, urot ontme ne okyuart npnmenennem Clipper,
Skipjack n mnkpocxem mn|ponannx c ycnonntm npyuennem knmuen.
25.2 Haunonanunm uen1p kounum1epno esonacnoc1n (NCSC)
Hannonantntn nenrp komntmrepnon esonacnocrn ( National Computer Security Center , NCSC), orenenne
NSA, orneuaer sa onepennym npannrentcrnennym komntmrepnym nporpammy . B nacroxmee npemx nenrp npono-
nr onenky npoykron komntmrepnon esonacnocrn (nporpammntx n annaparntx), |nnancnpyer nccneonannx n
nynnkyer nx pesayntrart, paspaartnaer rexnnueckne pykonocrna n oecneunnaer omym noepxky n oyu e-
nne.
NCSC nsaer ckanantno nsnecrnym "Opanxenym knnry" |465]. Ee nacroxmee nasnanne - Department of
Defense Trusted Computer Svstem Evaluation Criteria (Kpnrepnn onenkn enapramenra ooponntx onepenntx
komntmrepntx cncrem), no +ro rak rpyno ntronapnnart, n k romy xe y knnrn opanxenax onoxka . Opanxenax
knnra ntraercx onpeennrt rpeonannx k esonacnocrn, aer nponsnonrenxm komntmrepon oekrnnntn cnoco
nsmepnrt esonacnocrt nx cncrem n ykastnaer nm, uro neoxonmo ncrpannart n esonacnte npoykrt . Knnra
nocnxmena komntmrepnon esonacnocrn, o kpnnrorpa|nn n nen no cyrn r onopnrcx ne ouent mnoro.
Opanxenax knnra onpeenxer uertpe mnpoknx kareropnn samnrt esonacnocrn . B nen rakxe onpeenxmrcx
knacct samnrt nnyrpn nekoroptx ns +rnx kareropnn . Onn cneent n 23-n.
Tan. 25-2.
Knaccnqnxannu Opanaenon xnnrn
D: Minimal Security (Mnnnmantnax esonacnocrt)
C: Discretionary Protection (3amnra no ycmorpennm)
C1: Discretionary Security Protection ( 3amnra esonacnocrn no ycmorpennm)
C2: Controlled Access Protection (3amnra ynpannxemoro ocryna)
B: Oxsarentnax samnra
B1: Labeled Security Protection
B2: Structured Protection (Crpykrypnax samnra)
B3: Security Domains (Onacrn esonacnocrn)
A: Verified Protection (ocronepnax samnra)
A1: Verified Design (ocronepnax paspaorka)
Hnora nponsnonrenn nmxr ronopnrt "mt oecneunnaem esonacnocrt C2". B nny onn nmemr knaccn|nka-
nnm Opanxenon knnrn. 3a onee noponon nn|opmannen opamanrect k |1365]. Moent komntmrepnon eso-
nacnocrn, ncnontsyemax n +rnx kpnrepnxx, nastnaercx moentm Bell-LaPadula |100, 101, 102, 103].
NCSC nsan nenym cepnm knnr no komntmrepnon esonacnocrn, nnora nastnaemym Payron knnr (nce o-
noxkn nmemr pasnnunte nnera). Hanpnmep, Trusted Network Interpretation of the Trusted Computer Svstem
Evaluation Criteria |1146] (Hnrepnperannx kpnrepnen onenkn onepenntx komntmrepntx cncrem n ornomennn
onepenntx ceren), nnora nastnaemax Kpacnon knnron , ronkyer nonoxennx Opanxenon knnrn no ornomennm k
cerxm n cerenomy oopyonannm. Trusted Database Management Svstem Interpretation of the Trusted Computer
Svstem Evaluation Criteria |1147] (Hnrepnperannx kpnrepnen onenkn onepenntx komntmrepntx cncrem n orn o-
mennn cncrem ynpannennx asamn anntx) - x axe ne ntramct onncart nner onoxkn - enaer ro xe camoe nx
as anntx. Ceronx cymecrnyer cntme 30 raknx knnr, nner onoxek nekoroptx ns nnx ornparnrenen.
3a nonntm komnnekrom Payrn knnr opamanrect no apecy Director, National Security Agency, INEOSEC
Awareness, Attention: C81, 9800 Savage Road, Eort George G. Meade, MD 2,0755-6000; (301 ) 766-8729. He rono-
pnre nm, uro nac nocnan x.
25.3 Haunonanunm nnc1n1y1 c1anpap1on n 1exnnkn
NIST - +ro Hannonantntn nncrnryr cranapron n rexnnkn (National Institute of Standards and Technology),
nopasenenne Mnnncrepcrna ropronnn CBA. Panee on nastnancx Hannonantntm mpo cranapron ( NBS, Na-
tional Bureau of Standards) n nsmennn nmx n 1988 roy. C nomomtm cnoen haoparopnn komntmrepntx cncrem
(Computer Systems Laboratory, CSL), NIST nponnran orkptrte cranaprt nsanmoencrnnx, koropte, kak on n a-
exncx, yckopxr pasnnrne ocnonanntx na komntmrepax orpacnxx npomtmnennocrn . K nacroxmemy npemenn NIST
ntnycrnn cranaprt n pykonocrna, koropte, kak on cunraer, yyr npnnxrt ncemn komntmrepntmn cncremamn
Coennenntx Braron. O|nnnantnte cranaprt onynnkonant kak nsannx EIPS (ueepantnte cranaprt o-
paorkn nn|opmannn.
Ecnn nam nyxnt konnn nmoro ns EIPS (nnn pyrnx nsannn NIST), cnxxnrect c Hannonantnon cnyxon rex-
nnueckon nn|opmannn Mnnncrepcrna ropronnn CBA - National Technical Information Service (NTIS), U.S. De-
partment of Commerce, 5285 Port Royal Road, Springfield, VA 22161; (703) 487-4650; nnn nocernre go-
pher://csrc.ncsl.nist.go*
Kora n 1987 roy Konrpecc npnnxn Akr o komntmrepnon esonacnocrn ( Computer Security Act), NIST tn
ynonnomouen onpeenxrt cranaprt, oecneunnammne esonacnocrt naxnon, no ne cekpernon nn|opmannn n np a-
nnrentcrnenntx komntmrepntx. (Cekpernax nn|opmannx n annte Hpeynpexammen nonpankn naxoxrcx n
c|epe mpncnknnn NSA.) Akr paspemaer NIST n xoe onenkn npenaraemtx rexnnuecknx cranapron corpyn n-
uart c pyrnmn npannrentcrnenntmn oprannsannxmn n uacrntmn npenpnxrnxmn .
NIST nsaer cranaprt kpnnrorpa|nuecknx |ynknnn. Oprannsannn npannrentcrna CBA oxsant ncnonts o-
nart nx nx naxnon, no necekpernon nn|opmannn. uacro +rn cranaprt npnnnmamrcx n uacrntm cekropom. NIST
ntnycrnn DES, DSS, SHS n EES.
Bce +rn anropnrmt paspaorant c nekoropon nomomtm NSA, naunnax or anannsa DES o npoekrnponannx
DSS, SHS n anropnrma Skipjack n EES. Hekoropte kpnrnkymr NIST sa ro, uro NSA n ontmon crenenn moxer
konrponnponart +rn cranaprt, xorx nnrepect NSA moryr ne connaart c nnrepecamn NIST. Hexcno, kak encr-
nnrentno NSA moxer nonnnxrt na npoekrnponanne n paspaorky anropnrmon . Ho npn orpannuennxx na nepconan,
mxer n pecypct NIST npnnneuenne NSA kaxercx pasymntm. NSA onaaer ontmnmn nosmoxnocrxmn, nknm-
uax nyumym n mnpe komntmrepnte cpecrna .
O|nnnantntn "Memopanym o nsanmononnmannn" ( "Memorandum of Understanding", MOU) mexy nymx op-
rannsannxmn rnacnr:
MEMOPAHVM O B3AHMOHOHHMAHHH ME+V HPEKTOPOM HAHHOHAhIHOIO HHCTHTVTA CTAHA P-
TOB H TEXHHKH H HPEKTOPOM AIEHTCTBA HAHHOHAhIHOH FE3OHACHOCTH OTHOCHTEhIHO HPHMEH E-
HH HVFhHuHOIO 3AKOHA 100-235
Cosnanax, uro:
A. B coornercrnnn c pasenom 2 Akra o komntmrepnon esonacnocrn or 1987 roa (Hynnuntn sakon 100-235), (Akr), na
Hannonantntn nncrnryr cranapron n rexnnkn (NIST) kak uacrt ueepantnoro npannrentcrna nosnaraercx ornercrnennocrt sa:
1. Paspaorky rexnnuecknx , amnnncrparnnntx, |nsnuecknx cranapron, cranapron ynpannennx n pykonocrn nx penr a-
entntx esonacnocrn n samnmennocrn naxnon nn|opmannn ueepantntx komntmrepntx cn crem, onpeenenntx n Akre; n,
2. Paspaorky pykonocrn no rexnnueckon esonacnocrn coornercrnymmnx komntmrepntx cncrem Arenrcrna nannonantnon
esonacnocrn (NSA).
B. B coornercrnnn c pasenom 2 Akra NIST oxsan paorart n recnom nsanmoencrnnn c pyrnmn oprannsannxmn, nknmuax
NSA, oecneunnax:
1. Makcnmantnoe ncnontsonanne ncex cymecrnymmnx n nnannpyemtx nporpamm, marepnanon, nccneonannn n orueron, k a-
cammnxcx esonacnocrn n samnmennocrn komntmrepntx cncrem, urot nsexart neyxnoro n opororo ynnponannx paor ;
n,
2. 3rn cranaprt, paspaorannte NIST n coornercrnnn c Akrom, n makcnmantno nosmoxnon crenenn onxnt trt corn a-
conant n conmecrnmt co cranapramn n nponeypamn, paspaoranntmn nx samnrt cekpernon nn|opmannn n ueepantntx
komntmrepntx cncremax.
C. B coornercrnnn c Akrom n oxsannocrn Mnnncrpa ropronnn, koropte on nepenopyuaer NIST, nxonr nasnauenne unenon
Koncyntrarnnnoro komnrera no esonacnocrn n samnmennocrn komntmrepntx cncrem ( Computer System Security and Privacy
Advisory Board), no kpannen mepe unena, npecrannxmmero NSA.
Cneonarentno, nx oecneuennx nenen annoro MOU npekrop NIST n npekrop NSA nacroxmnm npnsnamr cneymmee:
I. NIST yer:
1. Hasnauart n Koncyntrarnnntn komnrer no esonacnocrn n samnmennocrn komntmrepntx cncrem no kpannen mepe on o-
ro npecrannrenx, samemammero npekropa NSA.
2. Onnpartcx na paspaorannte NSA pykonocrna no rexnnueckon esonacnocrn komntmrepntx cncrem o ron crenenn, n
koropon NIST onpeenxer, uro +rn pykonocrna orneuamr rpeonannxm, npexnnxemtm k samnre naxnon nn|opmannn n ue e-
pantntx komntmrepntx cncremax.
3. Hpnsnanart ceprn|nnnponanntn NSA penrnnr onepenntx cncrem n coornercrnnn c Hporpammon kpnrepnen onenkn
esonacnocrn onepenntx komntmrepon es ononnnrentnon +kcneprnst .
4. Paspaartnart cranaprt esonacnocrn renekommynnkannn nx samnrt naxntx necekperntx komntmrepntx anntx ,
makcnmantno onnpaxct na pesyntrart +kcneprnst n paspaorkn Arenrcrna nannonantnon esonacnocrn , urot ntnonnxrt +rn
oxsannocrn cnoenpemenno n +||ekrnnno.
5. Ho nosmoxnocrn nserart ynnponannx, pasrpannunn conmecrnte paort c NSA nx nonyuennx nomomn NSA.
6. 3anpamnnart nomomn NSA no ncem nonpocam, cnxsanntm c kpnnrorpa|nuecknmn anropnrmamn n kpnnrorpa|nuecknmn
meroamn, nknmuax nccneonannx, onenky paspaorkn, oopenne, no ne orpannunnaxct +rnmn encrnnxmn .
II. NSA yer:
1. Oecneunnart NIST rexnnuecknmn pykonocrnamn no onepenntm rexnonornxm, esonacnocrn renekommynnkannn n
nenrn|nkannn nnunocrn, koropte moryr trt ncnontsonant n penraentntx cncremax samnrt naxntx komntmrepntx a n-
ntx.
2. Hpononrt nnn nnnnnnponart nccneonarentckne n npoekrnte nporpammt no onepenntm rexnonornxm, esonacnocrn
renekommynnkannn, kpnnrorpa|nuecknm meroam n meroam nenrn|nkannn nnunocrn .
3. Ho npoctam NIST okastnart nomomt n ornomennn ncex nonpocon, cnxsanntx c kpnnrorpa|nuecknmn anropnrmamn n
kpnnrorpa|nuecknmn meroamn, nknmuax nccneonannx, onenky paspaorkn, oopenne, no ne orpannunnaxct +rnmn encrnn x-
mn.
4. Vcranannnnart cranaprt n oopxrt nsennx nx npnmenennx n esonacntx cncremax, oxnartnaemtx 10 USC pasen
2315 (Honpanka Vopnepa).
5. Ho rpeonannm |eepantntx oprannsannn, nx nopxunkon n pyrnx |nnancnpyemtx npannrentcrnom cyekron np o-
nonrt onenky nosmoxnocrn npaxeckon pasnetnarentnon exrentnocrn n ornomennn |eepantntx nn|opmannonntx cncrem ,
a rakxe oecneunnart rexnnueckoe coencrnne n pekomenonart nsennx, oopennte nx npnmenennx n esonacntx cncremax,
urot npornnocroxrt rakon yrpose.
III. NIST n NSA yyr:
1. Koopnnnponart cnon nnant no oecneuennm esonacnocrn n samnmennocrn komntmrepntx cncrem, sa koropte NIST n
NSA necyr ornercrnennocrt n coornercrnnn c pasenom 6(b) Akra.
2. Omennnartcx rexnnuecknmn cranapramn n pykonocrnamn, ecnn +ro neoxonmo nx ocrnxennx nenen Akra .
3. Conmecrno paorart na ocrnxennem nenen +roro memopanyma c makcnmantnon +||ekrnnnocrtm, nserax nenyxnoro
ynnponannx ycnnnn.
4. Hoepxnnart nenpeptnntn nanor, rapanrnpymmnn, uro kaxax ns oprannsannn yer naxonrtcx na onnakonom
yponne conpemenntx rexnonornn n nonpocon, nnnxmmnx na esonacnocrt anromarnsnponanntx nn|opmannonntx komntmre p-
ntx cncrem.
5. Oprannsontnart rexnnueckym paouym rpynny nx osopa n anannsa onacren conmecrntx nnrepecon, kacammnxcx s a-
mnrt cncrem, opaartnammnx naxnym nnn pyrym necekpernym nn|opmannm . 3ra Ipynna yer cocroxrt ns mecrn |ee-
pantntx cnyxamnx, no rpoe or NIST n NSA, n npn neoxonmocrn moxer trt ynennuena sa cuer npecrannrenen pyrnx opra-
nnsannn. Temt paort rpynnt moryr onpeenxrtcx nno samecrnrenem npekropa NSA no nn|opmannonnon esonacnocrn, nn-
o samecrnrenem npekropa NIST, nno moryr nnnnnnponartcx camon rpynnon c nocneymmnm oopennem samecrnrenem n-
pekropa NSA no nn|opmannonnon esonacnocrn nnn samecrnrenem npekropa NIST. B reuenne neckontknx nen nocne nocra-
nonkn nepe Ipynnon nonpoca nno samecrnrenem npekropa NSA no nn|opmannonnon esonacnocrn, nno samecrnrenem n-
pekropa NIST Ipynna onxna npecrannrt oruer o ntnonnennn paor no +romy nonpocy n, npn neoxonmocrn, nnan antne n-
mero anannsa.
6. Ha exeronon ocnone omennnartcx nnanamn paort no ncem nccneonarentcknm n koncrpykropcknm npoekram, cnxsa n-
ntm c samnron cncrem, opaartnammnx naxnym nnn pyrym necekpernym nn|opmannm , nknmuax onepennte rexnonornn,
samnry nenocrnocrn n ocrynnocrn anntx, esonacnocrn renekommynnkannn n meroon nenrn|nkannn nnunocrn . Omen
nn|opmannen no npoekram onxen nponcxonrt exeknaprantno , n osop cocroxnnx npoekron onxen nmon ns cropon npeo c-
rannxrtcx no sanpocy pyron cropont.
7. Hponepxrt osopt rexnnueckon paouen rpynnt o onynnkonannx ncex nonpocon, kacammnxcx rexnnkn oecneuennx
esonacnocrn cncrem, paspaartnaemtx nx ncnontsonannx npn samnre naxnon nn|opmannn n |eepantntx komntmrepntx
cncremax, urot rapanrnponart conmecrnmocrt packptrnx +rnx rem c nannonantnon esonacnocrtm Coennenntx Braron. E c-
nn NIST n NSA ne cmoryr pemnrt noontn nonpoc n reuenne 60 nen, nmax ns oprannsannn moxer nonxrt +ror nonpoc n e-
pe Mnnncrpom oopont n Mnnncrpom ropronnn. Hpnsnaercx, uro anntn nonpoc c nomomtm NSC moxer trt nepean nx
pemennx Hpesnenry. Hnkakne encrnnx ne onxnt npenpnnnmartcx o okonuarentnoro pemennx n onpoca.
8. Onpeenxrt ononnnrentnte paoune cornamennx, saknmuennte mexy NSA n NIST, kak npnnoxennx k +romy MOU.
IV. hmax ns cropon moxer npekparnrt encrnne +roro MOU nnctmenntm yneomnennem, nanpannenntm sa mecrt mecxnen
o npekpamennx encrnnx. 3ror MOU cunraercx encrnnrentntm npn nannunn oenx nonncen .
/nonncano/
P3HMOH. +. KAMMEP
Hcnonnnrentntn npekrop, Hannonantntn nncrnryr cranapron n rexnnkn, 24 mapra 1989 roa
V. O. CTIRMEH
Bnne-amnpan, BMC CBA, npekrop, Arenrcrno nannonantnon esonacnocrn , 23 mapra 1989 roa
25.4 RSA Data Security, Inc.
RSA Data Security, Inc. (RSADSI) tna ocnonana n 1982 roy nx paspaorkn, nnnensnponannx n kommepu e-
ckoro ncnontsonannx narenra RSA. V komnannn ecrt px kommepuecknx npoykron, nknmuax orentntn naker
esonacnocrn +nekrponnon nourt, n pasnnunte kpnnrorpa|nueckne nnnorekn (ocrynnte n nne ncxontx
rekcron nnn oekrnoro koa). RSADSI rakxe npenaraer na ptnke cnmmerpnunte anropnrmt RC2 n RC4 (cm.
pasen 11.8). RSA Laboratories, nccneonarentckax naoparopnx, cnxsannax c RSADSI, ntnonnxer |ynamenrant-
nte kpnnrorpa|nueckne nccneonannx n okastnaer koncyntrannonnte ycnyrn .
Hpn sannrepeconannocrn n nnnensnxx nnn npoykrax nyxno opamartcx k npekropy no npoaxam ( Director of
Sales, RSA Data Security, Inc., 100 Marine Parkway, Redwood City, CA 94065; (415) 595-8782; |akc: (415) 595-
1873).
25.5 PUBLIC KEY PARTNERS
Hxrt narenron, nepeuncnenntx n 22-n, npnnanexar Public Key Partners (PKP) ns Cannnn+nna (Sunnyvale),
Kann|opnnx, naprnepcrny RSADSI n Care-Kahn, Inc. - ponrentckon komnannn Cylink. (RSADSI nonyuaer 65
nponenron npntnn, a Care-Kahn 35 nponenron.) PKP yrnepxaer, uro +rn narenrt n 4218582 ocoenno npnme-
nnmt ko ece+ cnocooa+ ucno.isoeauu kpnnrorpa|nn c orkptrtmn knmuamn.
Tan. 25-3.
Ha1en1m Public Key Partners
X narenra ara Hsoperarenn Hasnanne narenra
4200770 29.3.80 Hellman, Diffie, Merkle Omen knmuamn Diffie-Hellman
4218582 19.8.80 Hellman, Merkle Pmksakn Merkle-Hellman
4405829 20.9.83 Rivest, Shamir, Adleman RSA
4424414 3.3.84 Hellman, Pohlig Pohlig-Hellman
4995082 19.2.91 Schnorr Honncn Schnorr
B |574], PKP nncana:
3rn narenrt |4200770, 4218582, 4405829 n 4424414] oxnartnamr nce nsnecrnte merot ncnontsonannx nckyccrna orkp t-
rtx knmuen, nknmuax napnanrt, oomenno nsnecrnte kak ElGamal.
Fnaroapx mnpokomy pacnpocrpanennm nn|pontx nonncen RSA n mexynaponom coomecrne Public Key Partners pemn-
rentno oopxer nx nknmuenne n cranapr nn|ponon nonncn . Mt sanepxem nce sannrepeconannte cropont, uro Public Key
Partners nounnnrcx ncem pemennxm ANSI n IEEE, kacammnmcx ocrynnocrn nnnensnponannx +roro nckyccrna . Ocoenno nx
noepxkn nmtx npnnnmaemtx cranapron, ncnontsymmnx nn|ponym nonnct RSA. Public Key Partners nacroxmnm sanepx-
er, uro nnnensnn na ncnontsonanne nonncen RSA yyr npeocrannxrtcx n pasymnte cpokn, na pasymntx ycnonnxx n es k a-
kon-nno nckpnmnnannn.
Hpana nn +ro, sanncnr or roro, c kem nt ronopnre . hnnensnn PKP, kak npannno, cekpernt, no+romy cnocoa
nponepnrt, ornnuaercx nn annax nnnensnx or pyrnx, ne cymecrnyer . Xorx komnannx yrnepxaer, uro nnkomy ne
orkasana n ntaue nnnensnn, no kpannen mepe ne komnannn ronopxr o rom, uro nm nnnensnx ntana ne tna .
PKP rmarentno oxpanxer cnon narenrt, yrpoxax ncem, kro ncnontsyer es nnnensnponannx kpnnrorpa|nm c o r-
kptrtmn knmuamn. uacrnuno +ro peaknnx na narenrnoe sakonoarentcrno CBA. Ecnn nnaentny narenra ne ya-
ercx nakasart napymnrenx narenra, on moxer norepxrt cnon narenr. Ftno mnoro pasronopon o sakonnocrn +rnx
narenron, no antme pasronopon eno ne nomno . Bce sakonnte nperensnn k narenram PKP tnn yperynnponant
o cya.
ne conpamct n +ron knnre anart mpnnueckne conert. Moxer trt narenr RSA ne ycronr nepe cyom.
Moxer trt +rn narenrt ne npnmennmt ko ncen kpnnrorpa|nn c orkptrtmn knmuamn . (uecrno ronopx, x ne no-
nnmam, kak onn oxnartnamr ElGamal nnn kpnnrocncremt c +nnnnrnuecknmn kpnntmn.) Moxer komy-ro yacrcx
ntnrpart nponecc npornn PKP nnn RSADSI. Ho ne satnanre, uro kopnopannn c orpomntmn mpnnuecknmn o r-
enamn, nanpnmep, IBM, Microsoft, Lotus, Apple, Novell, Digital, National Semiconductor, AT&T n Sun, nnnensn-
ponann RSA nx ncnontsonannx n cnonx npoykrax, a ne opamannct n cy . Boeing, Shell Oil, DuPont, Raytheon n
Citicorp - nce nnnensnponann RSA nx cnoero nnyrpennero ncnontsonannx.
B onom cnyuae PKP nosynno nponecc npornn TRW Corporation no nonoy ncnontsonannx es nnnensnpona-
nnx anropnrma ElGamal. TRW yrnepxana, uro en ne nyxna nnnensnx. PKP n TRW ocrnrnn cornamennx n nmne
1992. Hoponocrn yperynnponannx kon|nnkra nensnecrnt, no cpen nnx - cornacne TRW nonyunrt nnnensnm na
narenrt. 3ro ne npenemaer nnuero xopomero. TRW morna nosnonnrt cee xopomnx mpncron. mory rontko
npenonoxnrt, uro, ecnn t TRW tna ynepena, uro cmoxer ntnrpart nponecc, ne norparnn nenepoxrnoro kon n-
uecrna ener, ona t ne orkasanact or optt.
Tem ne menee n PKP cymecrnymr cnon nnyrpennne nponemt. B nmne 1994 roa Care-Kahn noana n cy na
RSADSI, saxnnn, cpen ncero ocrantnoro, uro narenr RSA nenpannnen n nenpnmennm |401]. Oa naprnepa nont-
rannct pasopnart cnoe naprnepcrno. 3akonnt narenrt nnn ner? Hyxno nn yer nontsonarenxm nonyuart nnne n-
snm or Care-Kahn, urot nontsonartcx anropnrmom RSA? Komy yer npnnanexart narenr Schnorr? Bosmoxno
+ro eno yer yperynnponano k momenry ntxoa +ron knnrn.
Harenrt encrnnrentnt nnmt n reuenne Patents 17 ner n ne moryr trt nosononnent. 29 mapra 1997 roa
omen knmuamn Diffie-Hellman (n anropnrm ElGamal) cranyr omeocrynntmn. 20 cenrxpx 2000 roa craner
omeocrynntm n RSA. Homertre na cnonx kanenapxx.
25.6 Mepynapopnan accounaunn kpnn1onornuecknx nccneponann
Mexynaponax acconnannx kpnnronornuecknx nccneonannn ( International Association for Cryptologic Re-
search, IACR) - +ro ncemnpnax kpnnrorpa|nueckax nccneonarentckax oprannsannx . Ee nentm xnnxercx pasnnrne
reopnn n npakrnkn kpnnronornn n cnxsanntx onacren . Ee unenom moxer crart nmon. Acconnannx ntcrynaer
cnoncopom nyx exerontx kon|epennnn, Crypto (npononrcx n anrycre n Canra-Fapape) n Eurocrypt
(npononrcx n n Enpone), n exeknaprantno nsaer The Journal of Crvptologv n IACR Newsletter.
Apec mra-knaprnpt IACR menxercx nmecre co cmenon npesnenra. Tekymnn apec: IACR Business Office,
Aarhus Science Park, Custav Wieds Vej 10, DK-8000 Aarhus C, Denmark.
25.7 Ouenka npnun1nnon uenoc1noc1n RACE (RIPE)
Hporpamma nccneonannx n pasnnrnx nepeontx cpecrn cnxsn n Enpone ( Research and Development in Ad-
vanced Communication Technologies in Europe , RACE) tna nnnnnnponana Enponencknm coomecrnom nx no -
epxkn npenapnrentnon npopaorkn renekommynnkannonntx cranapron n rexnonornn, noepxnnammnx H n-
rerpnponannte ntcokockopocrnte cpecrna cnxsn ( Integrated Broadband Communication, IBC). B kauecrne uacrn
+ron paort RACE yupenno koncopnnym nx Onenkn npnmnrnnon nenocrnocrn RACE (RACE Integrity Primitives
Evaluation, RIPE), urot copart n ono nenoe naker rexnonornn, coornercrnymmnx nosmoxntm rpeonannxm k
esonacnocrn IBC.
Koncopnnym RIPE opasonann mecrt neymnx enponencknx kpnnrorpa|nuecknx nccneonarentcknx rpynn :
Henrp no maremarnke n komntmrepntm naykam ( Center for Mathematics and Computer Science ), Amcrepam; Sie-
mens AG; Philips Crypto BV; Royal PTT Nederland NV, PTT Research; Katholieke Univesiteit Leuven n Aarhus
Universitet. Hocne oxnnennn o npneme anropnrmon n 1989 n 1991 roax |1564], noaun 32 saxnok, npncnanntx
co ncero mnpa, n cocrnenno onennnammero npoekra nnrentnocrtm 350 uenoneko-mecxnen, koncopnnym onynn-
konan RIPE Integritv Primitives |1305, 1332]. Oruer coepxnr nneenne, neckontko ocnonntx konnennnn nenoc r-
nocrn n nx npnmnrnnt: MDC-4 (cm. pasen 14.11), RIPE-MD (cm. pasen 14.8), RIPE-MAG (cm. pasen 14.14),
IBC-HASH, SKID (cm. pasen 3.2), RSA, COMSET (cm. pasen 16.1) n renepannm knmuen RSA.
25.8 Ycnonnm poc1yn pnn Enponm (CAFE)
Vcnonntn ocryn nx Enpont (Conditional Access for Europe, CAEE) - +ro npoekr n pamkax nporpammt ES-
PRIT Enponenckoro coomecrna |204, 205]. Paora nauanact n ekape 1992 roa n no nnany onxna sakonunrtcx
k konny 1995 roa. Opasonanntn koncopnnym cocronr ns rpyn connantntx nccneonannn n nccneonannn ptnka
(Cardware, Institut fur Sozialforschung), nsroronnrenen nporpammnoro oecneuennx n annaparypt (DigiCash, Cem-
plus, Ingenico, Siemens), a rakxe kpnnrorpa|on (CWI Amsterdam, PTT Research Netherlands, SPET, Sintef Delab
Trondheim, Universities of Arhus, Hildesheim and Leuven).
Hentm npoekra xnnxercx paspaorka cncremt ycnonnoro ocryna, ocoenno nx nn|pontx nnarexntx cncrem .
Hnarexnte cncremt onxnt oecneunnart naexnocrt nx kaxoro nontsonarenx n rpeonart kak moxno men t-
me nept n cex - naexnocrt ne onxna sanncert or ycronunnocrn yc rponcrn k nsnomy.
Ocnonntm ycrponcrnom CAEE cnyxnr +nekrponntn ymaxnnk: manentknn komntmrep, ouent noxoxnn na
kapmanntn kantkynxrop. V nero ecrt arapenka, knannarypa, +kpan n nn|pakpacntn kanan nx cnxsn c pyrnmn
ymaxnnkamn. V kaxoro nontsonarenx cnon cocrnenntn ymaxnnk , koroptn oecneunnaer ero npana n rapan-
rnpyer ero esonacnocrt.
V ycrponcrna c knannarypon n +kpanom ecrt onpeenennoe npenmymecrno nepe nnrennekryantnon kapron -
ono moxer paorart nesanncnmo or repmnnana . Hontsonarent moxer nenocpecrnenno nnecrn cnon napont n cy m-
my nnarexa. Ornnune or kpenrnon kaprt nontsonarenm ne nyxno oranart cnon ymaxnnk komy-ro, urot n t-
nonnnrt rpansaknnm. ononnnrentntmn nosmoxnocrxmn xnnxmrcx :
Anronomnte rpansaknnn. Cncrema npenasnauena nx sament opamennx neontmnx cymm nannuntx,
nanoronax cncrema tna t cnnmkom rpomoska .
Vcronunnocrt k norepxm. Ecnn nontsonarent norepxer cnon ymaxnnk, nnn ymaxnnk cnomaercx, nnn ero
ykpayr, nontsonarent ne norepxer cnon entrn.
Hoepxka pasnnuntx nanmr.
Orkptrax apxnrekrypa n orkptrax cncrema . Hontsonarent onxen nmert nosmoxnocrt sannarnrt sa npon s-
nontnte ycnyrn, nanpnmep, nokynkn n marasnne, rene|on, omecrnenntn rpancnopr, npeocrannxemte
pasnnuntmn nocranmnkamn. Cncrema onxna oecneunnart nsanmoencrnne nmoro konnuecrna +mnrenron
+nekrponntx ener, a rakxe nsanmoencrnne ymaxnnkon pasnnuntx rnnon n nponsnonrenen .
Hnskax cronmocrt.
K momenry nanncannx +ron knnrn cymecrnyer rontko nporpammnax nepcnx cncremt, n koncopnnym nnorno p a-
oraer na annaparntm nporornnom.
25.9 ISO/IEC 9979
B cepenne 80-x ISO cranaprnsnponart DES, koroptn yxe ncnontsonancx n kauecrne EIPS n cranapra ANSI.
Hocne nekoropon nonnrnueckon nosnn ISO pemnno ne cranaprnsnponart kpnnrorpa|nueckne anropnrmt, a per n-
crpnponart nx. 3aperncrpnponart moxno rontko anropnrmt mn|ponannx, perncrpnponart x+m-|ynknnn n cxemt
nonncn nentsx. 3aperncrpnponart anropnrm moxer nmax nannonantnax oprannsannx .
B nacroxmee npemx noant saxnkn na perncrpannm rpex anropnrmon (cm. 21-n). Hoaua saxnkn nknmuaer nn-
|opmannm o ncnontsonannn, napamerpax, peannsannxx, pexnmax n recrontx nekropax . Hoponoe onncanne
neoxsarentno, moxno noanart na perncrpannm n cekpernte anropnrmt .
uakr perncrpannn anropnrma nnuero ne ronopnr o ero kauecrne. Perncrpannx ne xnnxercx n oopennem anr o-
pnrma ISO/IEC, ona npocro nokastnaer, uro ona ns nannonantntx oprannsannn xouer saperncrpnponart anr o-
pnrm, nesanncnmo or kpnrepnen, ncnontsyemtx annon oprannsannen .
Menx ne nneuarnnna +ra nex. Perncrpannx memaer nponeccy cranaprnsannn. Bmecro roro, urot npnnxrt ne-
ckontko anropnrmon, ISO perncrpnpyer nmon anropnrm. Hpn rakom konrpone moxno saperncrpnponart nce, uro
yrono, n anee c nonntm npanom conponoxart cnon anropnrm snyunon oankon "3aperncrpnponan ISO/IEC
9979 ". B nmom cnyuae peecrp neer National Computer Centre Ltd., Oxford Road, Manchester, MI 7ED, United
Kingdom.
Tan. 25-4.
3apernc1pnponannme anropn1um
ISO/IEC 9979
Perncrpannonntn nomep Hasnanne
0001 B-CRYPT
0002 IDEA
0003 LUC
25.10 Dpoqeccnonanunme n npoummnennme rpynnm, a 1ake rpynnm samn1nn-
kon rpapancknx cnoop
Huqopauuouum ueump no +uermpouuo maue uuuuocmu (EPIC)
Hn|opmannonntn nenrp no +nekrponnon ranne nnunocrn ( Electronic Privacy Information Center , EPIC) tn
yupexen n 1994 roy nx npnnneuennx omecrnennoro nnnmannx k nosnnkammnm nonpocam rann nnunocrn, cn x-
sanntm c Hannonantnon nn|opmannonnon nn|pacrpykrypon , raknx kak mnkpocxemt Clipper, npenoxennx no
nn|ponon rene|onnn, nannonantnte cncremt nenrn|nkannonntx nomepon, rannt ncropnn onesnn n npoaxa
cneennn o norpenrenxx. EPIC neer cyente nponecct, cnoncnpyer kon|epennnn, nynnkyer oruert, nsaer
EPIC Alert n npononr kamnannn no nonpocam rannt nnunocrn . +enammne npncoennnrtcx moryr oparnrtcx no
apecy Anyone interested in joining should contact Electronic Privacy Information Center, 666 Pennsylvania Avenue
SE, Suite 301, Washington, D.C. 20003 (202,) 544-9240; |akc: (202) 547-5482; Internet: infoepic.org.
0ou +uermpouuoeo qpoumupa (EFF)
uon +nekrponnoro |ponrnpa (Electronic Erontier Eoundation, EEE) nocnxrnn cex samnre rpaxancknx npan n
knepnpocrpancrne. Paccmarpnnax kpnnrorpa|nueckym nonnrnky CBA, EEE cunraer, uro nn|opmannx n ocryn k
kpnnrorpa|nn xnnxmrcx |ynamenrantntmn npanamn, n no+romy c nnx onxnt trt cnxrt npannrentcrnennte
orpannuennx. uon oprannsonan paouym rpynny no nn|ponon esonacnocrn n ranne nnunocrn (Digital Privacy
and Security Working Croup), koropax xnnxercx koannnnen 50 oprannsannn. Ipynna npornnoencrnyer sakony o
nn|ponon rene|onnn n nnnnnarnne Clipper. EEE rakxe coencrnyer neennm nponeccon npornn konrponx sa +k c-
noprom kpnnrorpa|nn |143]. +enammne npncoennnrtcx k EEE moryr cnxsartcx c Electronic Erontier Eoundation,
1001 C Street NW, Suite 950E, Washington, D.C. 20001; (202) 347 5400, |akc: (202) 393-5509; Internet:
effeff.org.
Accouuauua no emuucuumeuouo mexuure (ACM)
Acconnannx no ntuncnnrentnon rexnnke ( Association for Computing Machinery, ACM) - +ro mexynaponax
komntmrepnax npomtmnennax oprannsannx . B 1994 roy Komnrer omecrnennon nonnrnkn ACM CBA npecra-
nnn npekpacntn oruer o kpnnrorpa|nueckon nonnrnke CBA |935]. Ero cronr npounrart kaxomy, kro nnrepec y-
ercx nonnrnkon n kpnnrorpa|nn. Ero moxno nonyunrt c nomomtm anonnmnoro ftp c info.acm.org n /reports/acm.
cryptstudy/acmcryptostudy.ps.
Hucmumym uuxeuepoe no +uermpuuecmey u pauo+uermpouure (IEEE)
Hncrnryr nnxenepon no +nekrpnuecrny n pano+nekrponnke ( Institute of Electrical and Electronics Engineers ,
IEEE) - +ro pyrax npo|eccnonantnax oprannsannx . Orenenne n CBA nsyuaer nonpoct, cnxsannte c rannon
nnunocrn, nknmuax kpnnrorpa|nueckym nonnrnky, nenrn|nkannonnte nomepa, n samnra rann n Internet, n pas-
paartnaer coornercrnymmne pekomenannn.
Accouuauua npouseoumeue npoepauoeo oecneueuua (SPA)
Acconnannx nponsnonrenen nporpammnoro oecneuennx ( Software Publishers Association, SPA) - +ro ropronax
acconnannx, n koropym nxoxr cntme 1000 komnannn, paspaartnammnx nporpammnoe oecneuenne nx nepc o-
nantntx komnannn. Onn ntcrynamr sa ocnanenne +kcnoprnoro konrponx n kpnnrorpa|nn n noepxnnamr nep e-
uent kommepueckn ocrynntx sapyexntx npoykron .
25.11 Sci.crypt
Sci.crypt - +ro renekon|epennnx Usenet no kpnnronornn. Ee unramr npnmepno 100000 uenonek no ncemy mnpy .
Fontmnncrno coomennn - otunax uenyxa, nepepanka nn n ro, n pyroe ononpemenno. Hekoropte coomennx
kacamrcx nonnrnkn, a ontmnncrno ocrantntx - npoctt npeocrannrt cneennx nnn omne . Hnora n +ron rene-
kon|epennnn cnyuanno nonaamrcx pasnnunte camopokn n nekoropax nonesnax nn|opmannx . Ecnn unrart
sci.crypt perynxpno, moxno ysnart, kak ncnontsonart neuro, nastnaemoe |annom-ynnnen .
pyron renekon|epennnen Usenet xnnxercx sci.crypt.research, onee ymepennax renekon|epennnx, nocnxmennax
ocyxennm kpnnronornuecknx nccneonannn. B nen mentme coomennn, n onn ropaso nnrepecnee .
25.12 Lnqponankn
Bn|ponankn (Cypherpunks) - +ro ne|opmantnax rpynna nmen, sannrepeconanntx n oyuennn n nsyuennn
kpnnrorpa|nn. Onn rakxe +kcnepnmenrnpymr c kpnnrorpa|nen, ntraxct nnecrn ee n onxo . Ho nx mnennm nce
kpnnrorpa|nueckne nccneonannx ne npnnecnn omecrny nnuero xopomero, rak kak ono ne nocnontsonanoct o c-
rnxennxmn kpnnrorpa|nn.
B "Mann|ecre mn|ponankon" 3pnk Xtms (Eric Hughes) nnmer |744]:
Mt, Bn|ponankn, crpemnmcx cosart anonnmnte cncremt. Mt samnmaem namn rannt c nomomtm kpnnrorpa|nn, c n o-
momtm cncrem anonnmnon ornpankn nourt, c nomomtm nn|pontx nonncen n +nekrponntx ener .
Bn|ponankn nnmyr ko. Mt snaem, uro kro-ro onxen nanncart nporpammnoe oecneuenne, samnmammee rannt nnun o-
crn, n rak kak noka +ro ne cenano, mt ne cmoxem oecneunrt coxpanenne cnonx rann, mt conpaemcx nanncart rakne nporpa m-
mt. Mt nynnkyem nam ko, urot namn pystx Bn|ponankn mornn nonpakrnkonartcx n nonrpart c nnm. Ham ko cnoono
moxer ncnontsonart kro yrono n re yrono. Hac ne ouent nonnyer, npanxrcx nn nam nporpammt, koropte mt nnmem . Mt sna-
em, uro nporpammnoe oecneuenne nenosmoxno paspymnrt, n uro nenosmoxno npekparnrt paory paccexnntx cncrem .
Te, kro xouer npncoennnrtcx k cnncky pacctnkn mn|ponankon n Internet, onxnt ornpannxrt noury n apec
majordomotoad.com. Cnncok pacctnkn xpannrcx na ftp.csua.berkeley.edu n /pub/cypherpunks.
25.13 Da1en1m
Bonpoc o nporpammntx narenrax nenosmoxno nrncnyrt n pamkn +ron knnrn . Xopomn onn nnn ner, onn cyme-
crnymr. B Coennenntx Brarax moxno narenronart anropnrmt, n rom uncne n kpnnrorpa|nueckne. IBM nnaeer
narenramn DES |514]. IDEA sanarenronan. 3anarenronant nourn nce anropnrmt c orkptrtmn knmuamn . NIST
axe sanarenronan DSA. encrnne pxa kpnnrorpa|nuecknx narenron tno noknponano nmemarentcrnom NSA,
n coornercrnnn c Akrom o cekpernocrn nsoperennn ( Invention Secrecy Act) or 1940 roa n Akrom o nannonantnon
esonacnocrn (National Security Act) or 1947 roa. 3ro osnauaer, uro nmecro narenra nsoperarent nonyuaer ce k-
pernoe nocranonnenne, n emy sanpemaercx ocyxart ero nsoperenne c kem-nnyt eme .
V NSA ecrt ocote nosmoxnocrn npn narenronannn. Arenrcrno moxer oparnrtcx sa narenrom n sarem n o-
knponart ero ntauy. Cnona noxnnxercx cekpernoe nocranonnenne, no renept NSA ononpemenno n nsoperarent,
n nsarent nocranonnennx. Kora cnycrx nekoropoe npemx cekpernoe nocranonnenne ormenxercx, perncrpannonnax
konropa ntaer narenr, encrnymmnn cranaprnte 17 ner years. 3ro onee xnno samnmaer nsoperenne, uem
xpanenne ero n cekpere. Ecnn komy-nnyt yacrcx nsopecrn ro xe camoe , NSA yxe noano saxnky na narenr.
Ecnn nnkomy pyromy ne yacrcx nsopecrn ro xe camoe, nsoperenne ocraercx ce kperntm.
Hecmorpx na ro, uro nponecc narenronannx onxen ne rontko samnmart nsoperennx, no n packptnart nx,
naroapx +ron ynonke NSA moxer epxart narenr ontme 17 ner. Orcuer 17-nernero cpoka naunnaercx c mome n-
ra ntaun narenra, a ne noaun saxnkn. Hoka nexcno, kak nce moxer nsmennrtcx n cnxsn c parn|nkannen oronopa
o GATT Coennenntmn Braramn.
25.14 Skcnop1noe sakonopa1enuc1no CLA
Cornacno npannrentcrny CBA kpnnrorpa|nx ornocnrcx k noennomy cnapxxennm . 3ro osnauaer, uro kpnnro-
rpa|nx nounnxercx rem xe sakonam, uro n pakera TOW nnn rank M1 Apamc. Ecnn nt npoaere kpnnrorpa|nue-
cknn npoykr es coornercrnymmen +kcnoprnon nnnensnn, ro nt - mexynapontn konrpaanncr opyxnem . Ecnn
nt ne xornre ncnoprnrt name pesmme crpokon o npetnannn n |eepantnon rmptme, oparnre nnnmanne na sak o-
noarentcrno.
C nauanom n 1949 roy xononon nonnt nce crpant HATO (kpome Hcnannn), a sarem Ancrpannx, nonnx n
Hcnannx, opasonann KOKOM - Koopnnannonntn komnrer nx mnorocroponnero konrponx sa +kcnoprom
(CoCom, Coordinating Committee for Multilateral Export Controls ). 3ro neo|nnnantnax oprannsannx, npnsnannax
koopnnnponart nannonantnte orpannuennx, kacammnecx +kcnopra naxntx noenntx rexnonornn n Conercknn
Coms, pyrne crpant Bapmanckoro oronopa n Knranckym Haponym Pecnynnky . Hpnmepamn konrponnpyemtx
rexnonornn xnnxmrcx komntmrept, crankn nx merannonpokara n kpnnrorpa|nx . Hentm +ron oprannsannn xnnx-
noct samenenne nepeaun rexnonornn n ykasannte crpant, n cepxnnanne, raknm opasom, nx noennoro nore n-
nnana.
C konnom xononon nonnt crpant KOKOM ocosnann, uro ntnonnxemtn nmn konrpont ontmen uacrtm ycr a-
pen. B nacroxmee npemx, no nnnmomy, ner nponecc |opmnponannx "Honoro |opyma", pyron mexynaponon
oprannsannn, koropax conpaercx ocranonnrt norok noenntx rexnonornn n crpant, koropte ne npanxrcx unenam
oprannsannn.
B nmom cnyuae +kcnoprnax nonnrnka CBA n ornomennn crparernuecknx ronapon perynnpyercx Hpannrentc r-
nenntm akrom o +kcnopre (Export Administration Act ), Akrom o konrpone na +kcnoprom noopyxennx (Arms Ex-
port Control Act), Akrom o aromnon +neprnn (Atomic Energy Act) n Akrom o nepacnpocrpanennn xepntx noopy-
xennn (Nuclear Non-Proliferation Act ). Konrpont, ycranonnenntn +rnm sakonoarentcrnom, peannsyercx c nom o-
mtm mnornx nosakonntx akron, nn onn ns nnx ne koopnnnpyer pyron. Cntme mxnnt oprannsannn, nknm-
uax noennte cnyxt, ocymecrnnxmr konrpont, uacro nx exrentnocrt nepekptnaercx n kon|nnkryer .
Hokonrpontnte rexnonornn |nrypnpymr n neckontknx cnnckax . Kpnnrorpa|nx, no rpannnn ornocxmaxcx k
noopyxennm, noxnnxercx n Hepeune noopyxennn CBA ( U.S. Munitions List, USML), Mexynaponom nepeune
noopyxennn (International Munitions List , IML), Hepeune konrponx sa ropronnen (Commerce Control List, CCL) n
Mexynaponom npomtmnennom nepeune ( International Industrial List , IIL). Iocenapramenr orneuaer sa USML,
on nynnkyercx kak uacrt Perynnponannx mexynaponoro rpa|nka opyxnx ( International Traffic in Arms Regul a-
tions, ITAR) |466, 467].
3kcnopr kpnnrorpa|nn n CBA konrponnpyercx nymx npannrentcrnenntmn oprannsannxmn . Onon xnnxercx
Komnrer no ynpannennm +kcnoprom ( Bureau of Export Administration, BXA) n Mnnncrepcrne ropronnn, ynonno-
mouenntn Hpannnamn perynnponannx +kcnopra ( Export Administration Regulations, EAR). pyrax - +ro Vnpanne-
nne no perynnponannm npoaxn cpecrn oopont (Office of Defense Trade Controls, DTC) n Iocyapcrnennom
enapramenre, ynonnomouennoe ITAR. Ho ontry rpeonannx BXA ns Mnnncrepcrna ropronnn menee crporn, no
cnauana nect kpnnrorpa|nuecknn +kcnopr npocmarpnnaercx DTC ns Iocenapramenra (koropoe nonyuaer conert
no rexnnke n nannonantnon esonacnocrn or NSA n, kaxercx, ncera cneyer +rnm coneram), koropoe moxer orka-
sart nepeart npano pemennx BXA.
ITAR perynnpyer +ror nponecc. (o 1990 roa Vnpannenne DTC nastnanoct Vnpannennem no konrponm na
noopyxennem, nosmoxno, +rn ycnnnx n onacrn "nannk pnnenmns" nanpannent na ro, urot mt satnn, uro mt
nmeem eno c omamn n nymkamn.) Hcropnueckn DTC conpornnnxnoct ntaue +kcnoprntx nnnensnn na cpecrna
mn|ponannx cnntnee onpeenennoro yponnx - xorx o rom, kakon +ror yponent, nnkora ne coomanoct .
Cneymmne pasent nsxrt ns ITAR |466, 467]:
120.10 Texnnueckne annte.
Texnnueckne annte - +ro, n nacroxmem nonynkre :
(1) Hn|opmannx, ornnunax or nporpammnoro oecneuennx , onpeenennoro n 120.10(d), koropax nyxna nx npoekrnponannx,
paspaorkn, nponsnocrna, opaorkn, nsroronnennx, copkn, paort, pemonra, noepxkn nnn mon|nkannn cpecrn oopont .
3ro, nanpnmep, nn|opmannx n |opme cnerokonnn, ueprexen, |ororpa|nn, nnanon, nncrpyknnn n okyme nrannn;
(2) Cekpernax nn|opmannx, kacammaxcx cpecrn oopont n ooponnon exrentnocrn ;
(3) Hn|opmannx, oxnartnaemax nocranonnennem o sacekpeunnannn nsoperennx ;
(4) Hporpammnoe oecneuenne, onpeenennoe n pasene 121.8(f) n nenocpecrnenno cnxsannoe co cpecrnamn oopont
(5) 3ro onpeenenne ne nknmuaer nn|opmannm, kacammymcx omenayuntx, maremarnuecknx nnn nnxenepntx npnnn n-
non, otuno nsyuaemtx n omeocrynntx mkonax, konnexax n ynnnepcnrerax, kak onpeeneno n 120.11. Ono rakxe ne
nknmuaer asonym ptnounym nn|opmannm o |ynknnn, nasnauennn nnn omecncremnom onncannn cpecrn oopont .
120.11 Orkptrtn ocryn.
Orkptrtn ocryn oosnauaer nn|opmannm, koropax onynnkontnaercx n moxer trt omeocrynnon :
(1) C nomomtm npoaxn n knockax n knnxntx marasnnax ;
(2) C nomomtm nonnckn, koropax ocrynna es orpannuennn nx nmoro, kro xouer nonyunrt nnn npnopecrn onynnk o-
nannym nn|opmannm;
(3) C nomomtm nourontx npnnnnernn nroporo knacca, ntanntx npannrentcrnom CBA ;
(4) B nnnorekax, orkptrtx nx nynnkn, nnn n koroptx nynnka moxer nonyunrt okymenrt ;
(5) C nomomtm narenron, ocrynntx n nmon narenrnon konrope ;
(6) C nomomtm neorpannuennoro pacnpocrpanennx na kon|epennnn, ncrpeue, cemnnape, npesenrannn nnn ntcranke, o c-
rynntx otunon nynnke n Coennenntx Brarax ;
(7) C nomomtm coomennn nx neuarn (r.e., neorpannuennoe pacnpocrpanenne) n nmon |opme (nanpnmep, neoxsarentno
onynnkonannon), oopenntx komnerenrntmn opranamn CBA (cm. rakxe 125.4(b)(13)).
(8) C nomomtm |ynamenrantntx nccneonannn n nayke n rexnnke n akkpenronanntx ntcmnx yuentx saneennxx
CBA, re nonyuennax nn|opmannx otuno nynnkyercx n mnpoko pacnpocrpanxercx n nayunom coomecrne . uynamenrant-
ntmn nastnamrcx asonte n npnknante nccneonannx n nayke n rexnnke, kora nonyuennax nn|opmannx otuno nynnkye r-
cx n mnpoko pacnpocrpanxercx n nayunom coomecrne n ornnune or nccneonannn, pesyntrart koroptx ne pasrnamamrcx ns-sa
npan cocrnennocrn nnn onpeenennoro konrponx ocryna n pacnpocrpanennx npannrentcrnom CBA . Vnnnepcnrerckne nccne-
onannx ne cunramrcx |ynamenrantntmn, ecnn :
(i) Vnnnepcnrer nnn ero nccneonarenn cornamamrcx c pyrnmn orpannuennxmn na nynnkannm nayuno-rexnnueckon n n-
|opmannn, nonyuennon n pesyntrare paort na npoekrom, nnn
(ii) Hccneonannx |nnancnpymrcx npannrentcrnom CBA, a ocryn k pesyntraram nccneonannn n nx pacnpocrpanenne n a-
xonrcx orpannuent c nentm samnrt nn|opmannn .
120.17 3kcnopr.
Ho +kcnoprom nonnmaercx:
(1) Hepeaua nnn ntnos cpecrn oopont sa npeent Coennenntx Braron nmtm cnocoom, kpome nyremecrnnx sa np e-
ent Coennenntx Braron nnna, utn nnunte snannx nknmuamr rexnnueckne annte ; nnn
(2) Hepeaua nnocrpannomy nnny npan perncrpannn, ynpannennx nnn cocrnennocrn na nmon camoner, cyno nnn cnyr-
nnk, npncyrcrnymmnn n Hepeune noopyxennn CBA, n Coennenntx Brarax nnn sa nx npeenamn ; nnn
(3) Packptrne (n rom uncne ycrnoe nnn nnsyantnoe) nnn nepeaua n Coennenntx Brarax nmtx cpecrn oopont nocon t-
crny, yupexennm nnn nopasenennm nnocrpannoro npannrentcrna (nanpnmep, nnnomarnuecknm mnccnxm ); nnn
(4) Packptrne (n rom uncne ycrnoe nnn nnsyantnoe) nnn nepeaua rexnnuecknx anntx nnocrpannomy nnny n Coennenntx
Brarax nnn sa nx npeenamn; nnn
(5) Btnonnenne ooponnon exrentnocrn or nmenn nnn nx ntrot nnocrpannoro nnna n Coennenntx Brarax nnn sa nx
npeenamn.
(6) 3anyckaemtn annapar nnn nonesnax narpyska ne onxnt, npn sanycke rakoro annapara, paccmarpnnartcx kak +kcnopr.
Onako nx onpeenenntx nenen (cm 126.1 +roro nonynkra), nonoxennx +roro nonynkra npnmennmt k npoaxam n pyrnm
cnocoam nepeaun cpecrn oopont nnn npoykron ooponnrentnon exrentnocrn .
uacrt 121- Hepeuent noopyxennn CBA
121.1 Omne nonoxennx. Hepeuent noopyxennn CBA
Category XIIIononnnrentnoe noennoe cnapxxenne
(1) Kpnnrorpa|nueckne (nknmuax ynpannenne knmuamn) cncremt , annaparypa, koncrpyknnn, moynn, nnrerpantnte cxemt,
komnonenrt nnn nporpammnoe oecneuenne c nosmoxnocrtm noepxkn cekpernocrn nnn kon|nennnantnocrn nn|opmannn
nnn nn|opmannonntx cncrem, kpome cneymmero kpnnrorpa|nueckoro oopyonannx n nporpammnoro oecneuennx :
(i)Cnennantno cnpoekrnponannoe nx ntnonnennx samnmenntm or konnponannx nporpammntm oecneuennem rontko
|ynknnn emn|pnponannx npn ycnonnn, uro ynpannenne emn|pnponannem neocrynno nontsonarenm .
(ii) Cnennantno cnpoekrnponannoe, paspaorannoe nnn mon|nnnponannoe nx ncnontsonannx n mamnnax nx ankoncknx
onepannn nnn enexntx rpansaknnn, koropoe moxno ncnontsonart rontko nx raknx rpansaknnn . Mamnnt nx ankoncknx
onepannn nnn enexntx rpansaknnn nknmuamr anromarnueckne kacconte annapart, camoocnyxnnaemte neuarammne ycr-
poncrna, ropronte repmnnant nnn oopyonanne nx mn|ponannx mexankoncknx rpansa knnn.
(iii) Hcnontsymmee rontko ananoronte merot nx kpnnrorpa|nueckon opaorkn, koropax oecneunnaer esonacnocrt
nn|opmannn n cneymmnx npnnoxennxx. . . .
(iv) Hepconantnte nnrennekryantnte kaproukn, ncnontsonanne koroptx nosmoxno rontko n oopyonannn nnn cncremax,
ne nonaammnx no perynnponanne USML.
(v) C orpannuennem ocryna, rakne kak anromarnueckne kacconte annapart, camoocnyxnnaemte neuarammne ycrponcrna
nnn ropronte repmnnant, koropte oecneunnamr samnry naponen nnn nepconantntx nenrn|nkannonntx nomepon (PIN) nnn
ananornuntx anntx, urot npeornparnrt necanknnonnponanntn ocryn k cpecrnam, no ne moryr mn|ponart |annt nnn
rekcrt, ne nocpecrnenno ne cnxsannte c samnron naponen nnn PIN.
(vi) Ocymecrnnxmmee rontko nponepky nonnnnocrn anntx c nomomtm ntuncnennx koa nponepkn nonnnnocrn coo -
mennx (MAC) nnn ananornunon |ynknnn nx nponepkn, uro n rekcr ne tno nneceno nsmenennn, nnn nx nponepkn nonnnn o-
crn nontsonarenen, no koropoe nentsx ncnontsonart nx mn|ponannx anntx, rekcra nnn pyron nn|opmannn nomnmo neoxo-
nmon nx nponepkn nonnnnocrn.
(vii) Hcnontsymmee rontko |nkcnponannte merot cxarnx n konponannx anntx .
(viii) Hcnontsyemoe rontko nx panonemannx, nnarnoro renennennx nnn ananornuntx renennsnonntx cncrem c orpan n-
uennon aynropnen, es nn|ponoro mn|ponannx, n n koroptx nn|ponoe emn|pnponanne orpannueno rontko nneo- n ayn o-
|ynknnxmn nnn ynpannennem.
(ix) Hporpammnoe oecneuenne, cnpoekrnponannoe nnn mon|nnnponannoe nx samnrt or snoymtmnenntx komntmrepntx
nonpexennn, (nanpnmep, nnpycon).
(2) Kpnnrorpa|nueckne (nknmuax ynpannenne knmuamn) cncremt , annaparypa, koncrpyknnn, moynn, nnrerpantnte cxemt,
komnonenrt nnn nporpammnoe oecneuenne c nosmoxnocrtm renepannn pacnpocrpanxemtx koon nx ontmoro konnuecrna
cncrem nnn ycrponcrn:
(3) Kpnnrorpa|nueckne cncremt, annaparypa, koncrpyknnn, moynn, nnrerpantnte cxemt, komnonenrt nnn nporpammnoe
oecneuenne.
125.2 3kcnopr necekperntx rexnnuecknx anntx.
(a) Omne nonoxennx. nx +kcnopra necekperntx rexnnuecknx anntx neoxonma nnnensnx (DSP-5), ecnn +rn annte ne
ncknmuent ns nnnensnpymmnx rpeonannn annoro nonynkra . B cnyuae nnanonoro nnsnra erann npenonaraemtx ncky c-
cnn onxnt trt nepeant n Vnpannenne no perynnponannm npoaxn cpecrn oopont nx +kcneprnst rexnnuecknx anntx .
onxno trt npeocranneno cemt konnn rexnnuecknx anntx nnn rem n ckyccnn.
(b) Harenrt. Hpn +kcnopre rexnnuecknx anntx rpeyercx nnnensnx, ntannax Vnpannennem no perynnponannm npoaxn
cpecrn oopont, ecnn annte npentmamr neoxonmte nx sanonnennx nnyrpennen narenrnon saxnkn nnn nx sanonnennx
nnocrpannon narenrnon saxnkn, ecnn nnyrpennxx saxnka ne tna sanonnena . 3axnkn na narenronanne sa pyexom, ntnonnenne
n raknx narenrax ynyumennn, mon|nkannn nnn ononnennn onxnt perynnponartcx Vnpannennem no narenram n roprontm
snakam CBA n coornercrnnn c 37 CER, uacrt 5. 3kcnopr rexnnuecknx anntx, neoxonmtx nx narenronannx n pyrnx crp a-
nax, xnnxercx cyekrom nopm, nsanaemtx Vnpannennem no narenram n roprontm snakam CBA, n coornercrnnn c 35 U.S.C.
184.
(c) Packptrnx. nx ycrnoro, nnsyantnoro nnn okymenrantnoro packptrnx rexnnuecknx anntx rpaxanamn CBA nn o-
crpanntm nnnam rpeyercx nnnensnx, ecnn n annom nonynkre ne oronopeno nnoe . hnnensnx rpeyercx nesanncnmo or |opmt
nepeaun rexnnuecknx anntx (nanpnmep, nnuno, no rene|ony, n nepenncke, +nekrponntmn cpecrnamn, n r..). hnnensnx rpe-
yercx nx raknx packptrnn, enaemtx rpaxanamn CBA npn nocemennn nnocrpanntx nnnomarnuecknx mnccnn n ko n-
cyntcrn.
H rak anee. B +rom okymenre namnoro ontme nn|opmannn. Ecnn nt conpaerect +kcnoprnponart kpnnr o-
rpa|nm, x conerym nam otrt ero konnm n nocnontsonartcx ycnyramn mpncra, koroptn no ncem +rom pasnpae r-
cx.
B encrnnrentnocrn +kcnopr kpnnrorpa|nuecknx npoykron konrponnpyercx NSA. Ecnn nam nyxno nonyunrt
cnnerentcrno o npnsnannn namero npoykra npemerom omero norpenennx ( Commodity Jurisdiction, CJ), nt
onxnt npecrannrt nam npoykr na oopenne n NSA n noart n Iocyapcrnenntn enapramenr saxnky na n o-
nyuenne CJ. Hocne oopennx n Iocenapramenre eno nonaaer no mpncnknnm Mnnncrepcrna ropronnn , koro-
poe nnkora ocoenno ne nnrepeconanoct kpnnrorpa|nen . Onako Iocyapcrnenntn enapramenr nnkora ne n t-
acr CJ es oopennx NSA.
B 1977 roy xose| A. Menep (Joseph A. Meyer), cnyxamnn NSA, nanncan nnctmo - necanknnonnponannoe, n
coornercrnnn c o|nnnantnon ncropnen nnnnenra - n IEEE, npeynpexammee, uro nnannpyemoe npecrannenne
opnrnnantnon paort RSA napymnr ITAR. Hs The Pu::le Palace:
Bor ero rouka spennx. ITAR oxnartnaer ncm "necekpernym nn|opmannm, koropax moxer trt ncnontsonana, nnn aanr n-
ponana nx ncnontsonannx, npn npoekrnponannn, nponsnocrne, nsroronnennn, pemonre, kannrantnom pemonre, nepepaorke,
koncrpynponannn, paspaorke, encrnnn, noepxke nnn noccranonnennn" nepeuncnenntx marepnanon, rakxe kak n "nmym
rexnonornm, koropax pasnnnaer onpeenennoe ymenne nnn cosaer nonoe n onacrn, koropax nmeer naxnoe noennoe npnmenenne
n Coennenntx Brarax." H +kcnopr encrnnrentno nknmuan nepeauy nn|opmannn kak n nnctmennom nne, rak n c nomomtm
ycrntx nnn nnsyantntx cpecrn, nknmuax kparkne ocyxennx n cnmnosnymt, na koroptx tnn npecrannent nnocrpa nnt.
Ho, yknantno cneyx rymannomy, uacro cnnmkom npocrpannomy sakonoarentcrny, kaxercx, rpeyercx, urot kaxtn, kro
conpaercx nanncart nnn saxnnrt uro-ro na remy , kacammymcx Hepeunx noopyxennn, cnauana nonyunn t oopenne Iocya p-
crnennoro enapramenra - +ra yntnax nepcnekrnna xnno npornnopeunr Hepnon nonpanke n rpeyer nornepxennx Bepxonntm
cyom.
B konne konnon NSA npnsnano encrnnx Menepa necanknnonnponanntmn, n paora no RSA tna onynnko-
nana, kak nnannponanoct. Hpornn nsoperarenen ne tno npenpnnxro nnkaknx encrnnn , xorx moxer trt oka-
sano, uro nx paora ynennunna nosmoxnocrn sapyexnon kpnnrorpa|nn ropaso ontme, uem uro-nnyt, ony -
nnkonannoe o roro.
3kcnopr kpnnrorpa|nn ocyxaercx n cneymmem saxnnennn NSA |363]:
Kpnnrorpa|nueckne rexnonornn cunramrcx xnsnenno naxntmn nx nnrepecon nannonantnon esonacnocrn, nknmuax +k o-
nomnueckne nnrepect, noennte nnrepect n nnrepect nnemnen nonnrnkn .
Mt ne cornacnt c saxnnennxmn, cenanntmn 7 max 1992 roa na cnymannxx Cyenoro komnrera, n nocnennmn rasern t-
mn crartxmn, koropte saxnnxmr, uro +kcnoprnte sakont CBA memamr amepnkancknm |npmam nsrorannnnart n ncnontsonart
conpemennoe mn|ponantnoe oopyonanne . Ham nensnecrno nn o onom cnyuae, kora ns-sa +kcnoprntx orpannuennn CBA
amepnkanckon |npme nomemann nsrorannnnart n ncnontsonart annaparypy mn|ponannx nnyrpn crpant, nnn amepnkanckon
|npme nno ee ouepnen komnannn nomemann ncnontsonart annaparypy mn|ponannx sa npeenamn CBA . B encrnnrentnocrn,
NSA ncera noepxnnano ncnontsonanne mn|ponannx n amepnkanckom nsnece nx samnrt naxnon nn|opmannn kak oma,
rak n sa rpannnen.
nx +kcnopra n pyrne crpant NSA, xnnxmmeecx uacrtm Mnnncrepcrna oopont, (nmecre c Iocyapcrnenntm enaprame n-
rom n Mnnncrepcrnom ropronnn npocmarpnnaer +kcnoprnte nnnensnn n nonckax rexnonornn nn|opmannonnon esonacnocrn,
nonaammnx no encrnne 3kcnoprnoro npannrentcrnennoro sakonoarentcrna nnn Perynnponannx mexynaponoro rpa|nka
opyxnx. Ananornunax cncrema konrponx +kcnopra encrnyer no ncex crpanax KOKOM n no mnornx pyrnx crpanax, rak kak +rn
rexnonornn noncemecrno cunramrcx naxntmn. He cymecrnyer omero sanpera na +kcnopr noontx rexnonornn, kaxtn cn y-
uan paccmarpnnaercx orentno. Hpn +rom moxer norpeonartcx nonyunrt nnnensnn na rakne cncremt, npn nonyuennn koroptx
anannsnpyercx nnnxnne +kcnopra +ron cncremt na nnrepect nannonantnon esonacnocrn - nknmuax nnrepect +konomnueckon,
noennon n nonnrnueckon esonacnocrn. 3kcnoprnte nnnensnn ntamrcx nnn ne ntamrcx n sanncnmocrn or rnna saencrn o-
nannoro oopyonannx, npenonaraemoro ncnontsonannx n npenonaraem oro nontsonarenx.
Ham ananns nokastnaer, uro CBA nnnpyer n mnponom nponsnocrne n +kcnopre rexnonornn nn|opmannonnon esona c-
nocrn. NSA oopxer nx +kcnopra cntme 90% kpnnronornuecknx npoykron, nanpannenntx n NSA Iocyapcrnenntm enap-
ramenrom nx nnnensnponannx. 3kcnoprnte nnnensnn na npoykrt nn|opmannonnon esonacnocrn, nonaammne no mpn c-
nknnm Mnnncrepcrna ropronnn, ntamrcx es yuacrnx NSA nnn Mnnncrepcrna oopont. Cpen nnx - npoykrt, ncnontsym-
mne rakne merot, kak DSS n RSA, oecneunnammne nponepky nonnnnocrn n konrpont ocryna k komntmrepam n cerxm . Ha
camom ene, n npomnom NSA nrpano rnannym pont n ycnemnom orcrannannn ocnanennx +kcnoprnoro konrponx na RSA n
nnsknmn rexnonornxmn nx nponepkn nonnnnocrn . 3rn merot ocoenno naxnt npn pemennn nponemt xakepon n necan k-
nnonnponannoro ncnontsonannx pecypcon.
Hrak, saxnneno, uro NSA orpannunnaer +kcnopr rontko npoykron mn|ponannx, no ne nponepkn nonnnnocrn .
Ecnn nt conpaerect +kcnoprnponart npoykr rontko nx nponepkn nonnnnocrn , nonyuenne paspemenne orpann-
unrcx emoncrpannen roro, uro nam npoykr nentsx es snaunrentntx nepeenok ncnontsonart nx mn|ponannx .
Fonee roro, mpokparnueckax nponeypa nx npoykron nponepkn nonnnnocrn namnoro npome, uem nx npoy k-
ron mn|ponannx. nx cncremt nponepkn nonnnnocrn nonyuart oopenne Iocenapramenra ( CJ), cncrema mn|-
ponannx rpeyer nonropnoro oopennx nx kaxon nepcnn npoykra nnn axe npn kaxon npoaxe .
Fes CJ nam npnercx sanpamnnart paspemenne na +kcnopr ncxknn pas, kora nt saxornre +kcnoprnponart np o-
ykr. Iocyapcrnenntn enapramenr ne paspemaer +kcnoprnponart npoykrt c cnntntm mn|ponannem, axe
ncnontsymmne DES. Orentnte ncknmuennx tnn cenant nx ouepnnx |npm amepnkancknx komnannn nx
nosmoxnocrn sakptron cnxsn c, nx nekoroptx ankoncknx npnnoxennn n +kcnopr nx noenntx nontsonarenen
CBA. Acconnannx nponsnonrenen nporpammnoro oecneuennx (SPA) nena neperonopt c npannrentcrnom o oc-
nanennn orpannuennn na +kcnoprnte. Cornamenne, saknmuennoe SPA n Iocenapramenrom n 1992 roy, oner-
unno npannna ntaun +kcnoprntx nnnensnn nx nyx anropnrmon , RC2 n RC4, npn ycnonnn, uro nnna ncnont-
syemoro knmua ne npentcnr 40 nron. Hoponocrn moxno nanrn n pasene 7.1.
B 1993 roy n Hanare npecrannrenen Mapnx Kanrnenn ( Maria Cantwell) (D-WA) no npocte komnannn-
paspaorunkon nporpammnoro oecneuennx nnecna sakononpoekr, ocnanxmmnn +kcnoprntn konrpont sa np o-
rpammamn. Cenarop H+rrn Mmppen (Patty Murray) (D-WA) nnecna coornercrnymmnn nnnt n cenare. 3akononpo-
ekr Kanrnenn tn oannen k omemy sakony o konrpone na +kcnoprom, npoxoxmemy uepes Konrpecc , no tn
yanen Komnrerom no pasneke no cnntntm annennem NSA. Kora NSA uro-nnyt enaer, ono npnknatnaer
nce ycnnnx - komnrer ennoymno nporonoconan sa yanenne |opmynnponkn. 3a nocnenee npemx x ne npnnomnm
pyroro cnyuax, urot rpynna sakonoarenen uro-ro cenana ennoymno.
B 1995 roy an Fepnmrenn (Dan Bernstein) npn noepxke EEE noan n cy na npannrentcrno CBA, ntra-
xct nomemart npannrentcrny orpannunnart nynnkannn kpnnrorpa|nuecknx okymenron n nporpammnoro oecn e-
uennx |143]. B ncke yrnepxanoct, uro sakont o +kcnoprnom konrpone nekoncrnrynnonnt n nnocxr
"nenosnonnrentnte anpnopnte orpannuennx ntckastnannn n napymenne Hepnon nonpankn". Konkperno n ncke
yrnepxanoct, uro conpemenntn nponecc konrponx na +kcnoprom :
Hosnonxer mpokparam orpannunnart nynnkannn es pemennx cya.
Oecneunnaer cnnmkom mano nponeypntx nosmoxnocren samnrt npan n coornercrnnn c Hepnon nonpa n-
kon.
Tpeyer or nsarenen perncrpnponartcx n npannrentcrne, cosanax +||ekr "nnnensnponannon npecct ".
Orkastnaer n omnx nynnkannxx, rpeyx nenrn|nnnponart kaxoro nonyuarenx .
ocrarouno sanyran, urot npocrte nmn ne mornn snart, kakoe noneenne npannntno, a kakoe - ner .
Cnnmkom npocrpanen, rak kak sanpemaer noneenne, koropoe xnno samnmaercx (nanpnmep, pasronop c nno-
crpannamn nnyrpn Coennenntx Braron).
Hpnmenxercx cnnmkom mnpoko, sanpemax +kcnopr nporpammnoro oecneuennx ne coepxamero kpnnr o-
rpa|nn, ncxox ns coopaxennn, uro kpnnrorpa|nx moxer trt oannena nosxe .
nno napymaer Hepnym nonpanky, sanpemax uacrnte ecet no kpnnrorpa|nn, rak kak npannrentcrno x e-
naer nmecro +roro nanxstnart nynnke cnon kpnnrorpa|nueckne nsrnxt .
Mnornmn cnocoamn npentmaer nonnomounx, npeocrannennte kak Konrpeccom n +kcnoprnom sakono a-
rentcrne, rak n Koncrnrynnen.
Moxno npennert, uro pemenne +roro ena sanmer neckontko ner , no npennert, uem ono sakonunrcx, ne-
nosmoxno.
Tem ne menee, Koncyntrarnnntn komnrer no esonacnocrn n samnmennocrn (Computer Security and Privacy
Advisory Board), o|nnnantntn koncyntranr NIST, n mapre 1992 roa nporonoconan sa ro, urot nepecmorpert n
nannonantnon nonnrnke kpnnrorpa|nueckne nonpoct, nknmuax +kcnoprnym nonnrnky . Ftno saxnneno, uro +kc-
noprnax nonnrnka onpeenxercx rontko oprannsannxmn, orneuammnmn sa nannonantnym esonacnocrt, es yuera
roukn spennx oprannsannn, cnxsanntx c pasnnrnem ropronnn . 3rn cnxsannte c nannonantnon esonacnocrtm o p-
rannsannn enamr nce nosmoxno, urot nnuero ne nsmennnoct, no neoxonmocrt nepemen yxe naspena .
25.15 Skcnop1 n nunop1 kpnn1orpaqnn sa pyeou
B pyrnx crpanax cymecrnyer cnoe +kcnoprnoe n nmnoprnoe npano |311]. Hpnneenntn osop nenonon n nos-
moxno ycrapen. Crpant moryr nsart sakont n ne opamart na nnx nnnmannx, nnn ne nmert sakonon, no kaknm-
ro opasom orpannunnart +kcnopr, nmnopr n ncnontsonanne .
Ancrpannx rpeyer nannunx ceprn|nkara y nmnoprnpyemoro kpnnrorpa|nueckoro npoykra rontko no rp e-
onannm crpant-+kcnoprepa.
B Kanae ner konrponx nmnopra, a konrpont +kcnopra ananornuen amepnkanckomy . 3kcnopr npoykron ns
Kanaa moxer trt orpannuen, ecnn onn nknmuent n Hepeuent konrponx +kcnopra, coornercrnymmnn A k-
ry paspemennn +kcnopra n nmnopra. B ornomennn kpnnrorpa|nuecknx rexnonornn Kanaa cneyer orpan n-
uennxm KOKOM. Bn|ponantnte ycrponcrna onncant no kareropnen nxrt , uacrn na kanacknx npannn
+kcnopra. These provisions ananornunt kareropnn nxrt n Hpannrentcrnenntx npannnax +k cnopra n CBA.
Knran ncnontsyer cxemy nnnensnponannx nmnoprnpyemtx npoykron, +kcnoprept onxnt sanonnnrt sax n-
ky n Mnnncrepcrne sapyexnon ropronnn. Ha ocnone knranckoro Hepeunx sanpemennoro n orpannuennoro
+kcnopra n nmnopra, npnnxroro n 1987 roy, Knran orpannunnaer nmnopr n +kcnopr ycrponcrn konpon a-
nnx peun.
Bo upannnn ner cnennantnoro sakonoarentcrna ornocnrentno nmnopra kpnnrorpa|nn, no cymecrnymr s a-
kont, kacammnecx npoaxn n ncnontsonannx kpnnrorpa|nn n crpane . Hpoykrt onxnt trt ceprn|nnn-
ponant: nno onn onxnt coornercrnonart onynnkonanntm cnenn|nkannxm, nno |npmennax cnenn| n-
kannx komnannn onxna trt npeocrannena npannrentcrny . Hpannrentcrno moxer rakxe sarpeonart na
ycrponcrna nx cocrnennoro ncnontsonannx . V komnannn onxna trt nnnensnx na npoaxy kpnnrorp a-
|nn no upannnn, n nnnensnn ykastnaercx ptnounoe nasnauenne . V nontsonarenen onxna trt nnnensnx
na nokynky n ncnontsonanne kpnnrorpa|nn, n nnnensnm nknmueno nonoxenne o rom, uro nontsonarenn
onxnt trt roront nepeart cnon knmun npannrentcrny n reuenne uertpex mecxnen nocne ncnontson a-
nnx. 3ro orpannuenne nnora onyckaer ncknmuennx : ankon, ontmnx komnannn, n r.. nx kpnnrorpa-
|nn, +kcnoprnpyemon ns CBA, nnnensnonnte rpeonannx orcyrcrnymr .
Iepmannx cneyer nonoxennxm KOKOM, rpeyx nnnensnponart +kcnopr kpnnrorpa|nn. Hpononrcx cne-
nnantntn konrpont omeocrynnoro kpnnrorpa|nueckoro nporpammnoro oecneuennx .
B Hspanne ecrt orpannuennx nmnopra, no, no nnnmomy, nnkro ne snaer kakne .
Fentrnx, Hrannx, nonnx, Hnepnant n Bennkopnrannx cneymr nonoxennxm KOKOM , rpeyx nnnen-
snponart +kcnopr kpnnrorpa|nn.
B Fpasnnnn, Hnnn, Mekcnke, Poccnn, Cayonckon Apannn, Hcnannn, Rxnon A|pnke, Bnennn n Bne n-
napnn konrpont +kcnopra nnn nmnopra kpnnrorpa|nn orcyrcrnyer .
25.16 Dpanonme nonpocm
nnxmrcx nn nn|ponte nonncn nacroxmnmn nonncxmn ? Fyyr nn onn npnsnant cyom? Hekoropte npena-
pnrentnte npanonte nccneonannx npnnenn k mnennm, uro nn|ponte nonncn yyr coornercrnonart rpeonan n-
xm sakonntx oxsymmnx nonncen nx ontmen uacrn npnmenennn, nknmuax kommepueckoe ncnontsonanne, on-
peenennoe n Ennom cnoe sakonon o ropronne (Uniform Commercial Code, UCC). Pemenne Vnpannennx no o-
men yxranrepnn (GAD, General Accounting Office), ntnecennoe no npocte NIST, yrnepxaer, uro nn|ponte
nonncn coornercrnymr npanontm cranapram nx pykonncntx nonncen |362].
Akr o nn|pontx nonncxx mrara Rra ncrynnn n encrnne 1 max 1995 roa, oecneunnax sakonnym ocnony nc-
nontsonannx nn|pontx nonncen n cncreme cyonponsnocrna . Kann|opnnx paccmarpnnaer coornercrnymmnn
sakononpoekr, a n Operone n Bamnnrrone paspaartnamr cnon sakont . Texac n unopna tmar nm n sartnok. K
momenry nsannx knnrn ontmnncrno mraron nponer +ror nyrt.
Amepnkanckax mpnnueckax acconnannx (Oren EDI n nn|opmannonntx rexnonornn ceknnn naykn n rexnnkn )
paspaorana opasen akra, koroptn moxer trt ncnontsonan mraramn n nponecce sakonornopuecrna . Akr ntraer-
cx nnncart nn|ponte nonncn n cymecrnymmym nx nonncen npanonym nn|pacrpykrypy : Enntn cno sakonon
o ropronne, 3akont ueepantnon pesepnnon cncremt Coennenntx Braron , omee npano o konrpakrax n nonn-
cxx, Konnennnx OOH no konrpakram nx mexynaponon npoaxn ronapon n Konnennnx OOH no mexynapo-
ntm sakonam o komnrerax no npxam n onrontm oxsarentcrnam . B akr nknmuent nonoxennx o ornercrnenno-
crn n oxsannocrxx ceprn|nnnpymmnx opranon, nonpoct ornercrnennocrn , a rakxe orpannuennx n nonnrnka.
B Coennenntx Brarax sakont o nonncxx, konrpakrax n roprontx onepannxx naxoxrcx n mpncnknnn mr a-
ron, no+romy +ror akr-opasen paspaoran nx mraron . Okonuarentnon nentm xnnxercx |eepantntn akr, no ecnn
nce naunnaercx na yponne mraron, y NSA mentme nosmoxnocren nce ncnorannrt.
axe npn +rom, noka npannntnocrt nn|pontx nonncen ne yer ocnopena n cye, nx npanonon craryc ocr a-
nercx neonpeenenntm. nx roro, urot nn|ponte nonncn onaann remn xe nenrn|nkannonntmn nosmoxn o-
crxmn, uro n pykonncnte nonncn, onn cnauana onxnt trt ncnontsonant nx nonncannx sakonnoro , sarem
ocnopent n cye onon ns cropon. Tora cy paccmorpnr esonacnocrt cxemt nonncn n ntnecer pemenne . Cnycrx
nekoropoe npemx, kora nonropnrcx noontn cnyuan, pemennx o rom, kakne merot nn|ponon nonncn n kakne
pasmept knmuen nonaoxrcx, urot nn|ponax nonnct tna npnsnana sakonnon, yer ntneceno na ocnone
npetymnx pemennn. Bosmoxno nx +roro norpeymrcx rot.
o rex nop, ecnn na uenoneka xorxr ncnontsonart nn|ponte nonncn nx konrpakra(nx saxnok na nokynky,
nx npnkason no paore, n r.. ), pekomenyercx, urot onn nonncann na ymare konrpakr, c koropom onn corn a-
mamrcx n yymem npnsnanart nmte okymenrt, nonncannte nx nn|pontmn nonncxmn |1099]. B +rom oky-
menre onxnt onpeenxrtcx anropnrm, pasmep knmua n nce ocrantnte napamerpt. B nem onxen, k romy xe,
trt onpeenen cnoco paspemennx cnopon.
Docnecnonne Ma11a Bnesa
Onnm ns camtx onacntx momenron kpnnronornn (n, cneonarentno, annon knnrn ), xnnxercx ro, uro nam nou-
rn yaercx nsmepnrt ee. 3nanne nnnt knmuen, cnocoon pasnoxennx na mnoxnrenn n kpnnroanannrnuecknx m e-
roon nosnonxer onennrt (n orcyrcrnnn nacroxmen reopnn npoekrnponannx mn|pon ) " ko+||nnnenr paort", ne-
oxonmtn nx nckptrnx konkpernoro mn|pa . Cnnmkom nennk conasn nenpannntno ncnontsonart +rn onenkn n
kauecrne omen mept esonacnocrn cncrem. B peantnom mnpe y nsnommnka ecrt kya ontme nosmoxnocren, uem
ncnontsonanne onoro kpnnroanannsa. uacro ycnex ocrnraercx c nomomtm nckptrnn nporokonon, rpoxncknx
konen, nnpycon, +nekrpomarnnrnoro konrponx, |nsnueckon komnpomerannn, manraxa n sanyrnnannx nnaentnen
knmua, omnok onepannonnon cncremt n npnknantx nporpamm, annaparntx omnok, omnok nontsonarenen,
|nsnueckoro nocnymnnannx, npnknanon connonornn, ananns coepxnmoro cnanok, n +ro aneko ne nce.
Btcokokauecrnennte mn|pt n nporokont xnnxmrcx naxntmn cpecrnamn, no camn no cee onn ne samenxmr
peanncrnuntx, kpnrnuecknx pasmtmnennn o rom, uro encrnnrentno nyxno samnrnrt, n kak moryr trt nsnom a-
nt pasnnunte yponnn oopont (nsnommnkn, n konne konnon, peko orpannunnamrcx uncrtmn, xopomo onpee-
nenntmn moenxmn nayunoro mnpa). Pocc Anepcon (Ross Anderson) npnnonr npnmept kpnnrorpa|nueckn cnnt-
ntx cncrem (n ankonckon nnycrpnn), koropte ne ycroxnn nepe yrposamn peantnoro mnpa |43, 44]. axe kora
y nsnommnka ecrt ocryn rontko k mn|porekcry , uepes kaxymnecx nesnaunrentntmn pemn n pyrnx uacrxx cn c-
remt moxer npocounrtcx ocrarouno nn|opmannn, urot cenart xopomym kpnnrocncremy ecnonesnon . Coms-
nnkn no nropon mnponon nonne nsnomann rpa|nk nemenkon 3nnrmt, rnanntm opasom rmarentno ncnontsyx
omnkn oneparopon |1587].
NSA n orner na nonpoc, moxer nn npannrentcrno nckptnart DES, xsnnrentno samernno, uro peantnte cncre-
mt nacrontko neesonacnt, uro o +rom axe ne cronr ecnokonrtcx . K coxanennm, ne cymecrnyer npocrtx pe-
nenron, kak cenart cncremy esonacnon, samennrt rmarentnoe npoekrnponanne n kpnrnuecknn ananns nenosmo x-
no. Xopomne kpnnrocncremt enamr xnsnt nsnommnka namnoro rpynee, uem xnsnt sakonnoro nontsonarenx, no
+ro ne rak n ornomennn nourn ncex ocrantntx acnekron esonacnocrn komntmrepon n cncrem cnxsn . Paccmorpnm
cneymmne (nanepnxka ne nce) "ecxrt rnanntx yrpos esonacnocrn peantntx cncrem", kaxym ns koroptx nerue
ocymecrnnrt, uem npeornparnrt.
1. Heuantnoe cocroxnne nporpammnoro oecneuennx . Bcem nsnecrno, uro nnkro ne snaer, kak nncart np o-
rpammnoe oecneuenne. Conpemennte cncremt cnoxnt, nknmuamr cornn rtcxu crpok koa, nmax ns
nnx moxer nonpenrt esonacnocrn. Hs nporpammntx moynen, cnxsanntx c esonacnocrtm nsnnekart
omnkn eme rpynee.
2. He+||ekrnnnax samnra npornn nckptrnn c orkasom or ycnyr . B nekoroptx kpnnrorpa|nuecknx nporo-
konax onyckaercx anonnmnocrt. Hcnontsonanne anonnmntx nporokonon moxer trt ocoenno ona c-
ntm, ecnn onn ynennunnamr nosmoxnocrt neonosnannoro nanana napymnrt npeocrannenne ycnyrn
Ho+romy anonnmnte cncremt onxnt trt ocoenno ycronunnt k nckptrnxm c orkasom or ycnyr . B yc-
ronunntx cerxx noepxnnart anonnmnocrt moxer trt nerue - net npx nn koro-ro cnntno nonnyer
nannune mnnnnonon anonnmntx nxontx rouek n ontmnncrne ycronunntx ceren, raknx kak rene|o n-
nax cert nnn nouronax cncrema, re orentnomy nontsonarenm ornocnrentno rpyno (nnn oporo) nt-
snart kpynnomacmrante anapnn.
3. Her mecra nx xpanennx cekperon. Kpnnrocncremt samnmamr ontmne cekpert mantmn (knmuamn) . K
coxanennm, conpemennte komntmrept ne ocoenno xopomn nx samnrt axe manentknx cekperon .
Mnoronontsonarentckne cerente paoune crannnn moryr trt nsnomant, a nx namxrt - ckomnpomer n-
ponana. Orentno croxmne, ononontsonarentckne mamnnt moryr trt ykpaent nnn ckomnpomernp o-
nant nnpycamn, koropte oprannsymr acnnxponnym yreuky cekperon . Vanennte cepnept, re moxer n
ne trt nontsonarenx, nnoxmero napontnym |pasy (no cm. yrposy X5), npecrannxmr coon ocoenno
rpynym nponemy.
4. Hnoxax renepannx cnyuanntx uncen. nx knmuen n ceancontx nepemenntx nyxnt xopomne ncrounnkn
nenpeckasyemtx nron. 3nrponnx paorammero komntmrepa nennka, no pekoe npnnoxenne n cocro x-
nnn npannntno ncnontsonart ee. Ftno npenoxeno mnoxecrno meroon nonyuart ncrnnno cnyuannte
uncna nporpammntm opasom (ncnontsymrcx nenpeckasyemocrt npemenn ntnonnennx onepannn nnoa
ntnoa, pacxoxennx rakronon uacrort n ranmepa , n axe rypynenrnocrt nosyxa nnyrpn kopnyca
rneporo ncka), no nce onn ouent uyncrnnrentnt k nesnaunrentntm nsmenennxm cpe, n koroptx onn
ncnontsymrcx.
5. Cnate napontnte |past. Fontmnncrno kpnnrorpa|nueckoro nporpammnoro oecneuennx pemaer np o-
nemt xpanennx n renepannn knmuen na ocnone cosanaemtx nontsonarenem napontntx |pas , koropte
cunramrcx ocrarouno nenpeckasyemtmn nx renepannn xopomero knmuenoro marepnana, n koropte
rakxe nerko sanomnnamrcx n no+romy ne rpeymr esonacnoro xpanennx . B ro npemx, kak cnonapnte
nckptrnx xnnxmrcx xopomo nsnecrnon nponemon nx koporknx naponen , o cnocoax nckptrnx knmuen,
cosanntx na ocnone ntpanntx nontsonarenxmn napontntx |pas, nsnecrno mano . Bennon nokasan,
uro +nrponnx anrnnnckoro rekcra uyrt ontme 1 nra na cnmnon , uro, no nnnmomy, nosnonxer ncnont-
sonart npornn napontntx |pas rpyym cnny. Onako noka ne nnonne nonxrno, nx +roro kak ynopx o-
unnart napontnte |past. Hoka mt ne pasepemcx kak cneyer, kak nckptnart napontnte |past, mt ne
nonmem, nackontko onn cnat nnn cnntnt.
6. Henpannntnoe onepne. Hourn nce ocrynnoe kpnnrorpa|nueckoe nporpammnoe oecneuenne npenon a-
raer, uro nontsonarent naxonrcx n nenocpecrnennom konrakre c cncremon nn nontsyercx naexntm
cnocoom ocryna. Hanpnmep, nnrep|enct k nporpammam, noontm PGP, npenonaramr, uro nx na-
pontnte |past nocrynamr or nontsonarenx no naexnomy nyrn, nanpnmep, c nokantnon konconn . Ho
+ro ne ncera rak, paccmorpnm nponemy urennx namn mn|ponannon nourt npn noknmuennn no cern .
To, uro npoekrnponmnk cncremt cunraer naexntm, moxer ne coornercrnonart norpenocrxm nnn ox n-
annxm peantntx nontsonarenen, ocoenno kora nporpammntm oecneuennem moxno ynpannxrt y a-
nenno no neesonacntm kananam.
7. Hnoxo nonnmaemoe nsanmoencrnne nporokonon n ycnyr . C pocrom n ycnoxnennem cncrem uacro nponc-
xoxr crpannte nemn, n tnaer rpyno uro-nnyt nonxrt uro-nnyt, axe kora nponsoner kakax-
nnyt anapnx. uepnt Internet pacnpocrpanxncx c nomomtm rymannoro n c nny nnonne nennnnoro cpe -
crna nporpammt nepeaun nourt. Ckontko eme nosmoxnocren n n kakom konnuecrne nporpamm ona a-
mr neoxnanntmn cnecrnnxmn, koropte rontko xyr cnoero o rkptrnx?
8. Hepeanncrnunax onenka yrpost n pncka. 3kcneprt no esonacnocrn crpemxrcx ckonnenrpnponart cnon
ycnnnx na yrposax, koropte nsnecrno kak moennponart n npeornpamart . K coxanennm, nsnommnkn
ntnonnxmr nckptrnx na ase cocrnenntx snannn, n ne +rn onacrn peko connaamr . Cnnmkom mno-
ro "esonacntx" cncrem tno cnpoekrnponano es yuera peantno nosmoxntx encrnnn nsnommnka .
9. Hnrep|enct, koropte enamr esonacnocrt oporon n neyonon . Ecnn nyxno ncnontsonart cpecrna
oecneuennx esonacnocrn, ro onn onxnt trt yontmn n ocrarouno npospauntmn, urot nmn
encrnnrentno nontsonannct nmn. Herpyno cnpoekrnponart mexannsmt mn|ponannx, koropte pa o-
ramr rontko sa cuer nponsnonrentnocrn nnn npocrort ncnontsonannx , n eme nerue cosart mexannsm,
koroptn npononnpyer omnkn. Fesonacnocrt onxno trt rpynee ntknmunrt, uem nknmunrt ; k necua-
crtm, nnmt nemnorne cncremt encrnnrentno rak paoramr.
10. Cnnmkom nceoemnmmne rpeonannx k esonacnocrn. 3ra nponema xopomo nsnecrna nourn ncem, ute
cuacrte cnxsano c npoaxen npoykron n ycnyr esonacnocrn . Hoka cymecrnyer mnpoko pacnpocrpanen-
noe rpeonanne nceoemnmmen esonacnocrn, cpecrna n nn|pacrpykrypa, oecneunnammne ero pe a-
nnsannm, yyr oporn n neocrynnt nx mnornx npnnoxennn . uacrnuno +ro nponema nonnmannx n
packptrnx yrpos n onacnocren n peantntx npnnoxennxx, a uacrnuno nponema npoekrnponannx cncrem,
n koroptx esonacnocrt ne saknatnaercx nsnauantno, a oannxercx nosxe .
Fonee nonntn cnncok n ocyxenne noontx yrpos moxer nerko sanonnnrt knnry rakoro xe pasmepa, npn
+rom nponema yer nnmt ena sarponyra . uro enaer nx ocoenno rpyntmn n onacntmn, rak +ro ro, uro ne
cymecrnyer nnkakoro marnueckoro cnocoa nsannrtcx or nnx, kpome xopomero anannsa n xopomen nnxenepnon
paort. uecronmnntn kpnnrorpa| onxen omymart rpannnt nckyccrna .
M+rr Fnens
Htm-Hopk
Hac1n V
Hcxonme xom
1. DES
2. LOKI91
3. IDEA
4. GOST
5. BLOWFISH
6. 3-WAY
7. RC5
8. A5
9. SEAL
DES
#define EN0 0 /* MODE == encrypt */
#define DE1 1 /* MODE == decrypt */
typedef struct {
unsigned long ek[32];
unsigned long dk[32];
} des_ctx;
extern void deskey(unsigned char *, short);
/* hexkey[8] MODE
* Sets the internal key register according to the hexadecimal
* key contained in the 8 bytes of hexkey, according to the DES,
* for encryption or decryption according to MODE.
*/
extern void usekey(unsigned long *);
/* cookedkey[32]
* Loads the internal key register with the data in cookedkey.
*/
extern void cpkey(unsigned long *);
/* cookedkey[32]
* Copies the contents of the internal key register into the storage
* located at &cookedkey[0].
*/
extern void des(unsigned char *, unsigned char *);
/* from[8] to[8]
* Encrypts/Decrypts (according to the key currently loaded in the
* internal key register) one block of eight bytes at address 'from'
* into the block at address 'to'. They can be the same.
*/
static void scrunch(unsigned char *, unsigned long *);
static void unscrun(unsigned long *, unsigned char *);
static void desfunc(unsigned long *, unsigned long *);
static void cookey(unsigned long *);
static unsigned long KnL[32] = { 0L };
static unsigned long KnR[32] = { 0L };
static unsigned long Kn3[32] = { 0L };
static unsigned char Df_Key[24] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 };
static unsigned short bytebit[8] = {
0200, 0100, 040, 020, 010, 04, 02, 01 };
static unsigned long bigbyte[24] = {
0x800000L, 0x400000L, 0x200000L, 0x100000L,
0x80000L, 0x40000L, 0x20000L, 0x10000L,
0x8000L, 0x4000L, 0x2000L, 0x1000L,
0x800L, 0x400L, 0x200L, 0x100L,
0x80L, 0x40L, 0x20L, 0x10L,
0x8L, 0x4L, 0x2L, 0x1L };
/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */
static unsigned char pc1[56] = {
56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 };
static unsigned char totrot[16] = {
1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 };
static unsigned char pc2[48] = {
13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 };
void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
unsigned char *key;
short edf;
{
register int i, j, l, m, n;
unsigned char pc1m[56], pcr[56];
unsigned long kn[32];
for ( j = 0; j < 56; j++ ) {
l = pc1[j];
m = l & 07;
pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0;
}
for( i = 0; i < 16; i++ ) {
if( edf == DE1 ) m = (15 - i) << 1;
else m = i << 1;
n = m + 1;
kn[m] = kn[n] = 0L;
for( j = 0; j < 28; j++ ) {
l = j + totrot[i];
if( l < 28 ) pcr[j] = pc1m[l];
else pcr[j] = pc1m[l - 28];
}
for( j = 28; j < 56; j++ ) {
l = j + totrot[i];
if( l < 56 ) pcr[j] = pc1m[l];
else pcr[j] = pc1m[l - 28];
}
for( j = 0; j < 24; j++ ) {
if( pcr[pc2[j]] ) kn[m] |= bigbyte[j];
if( pcr[pc2[j+24]] ) kn[n] |= bigbyte[j];
}
}
cookey(kn);
return;
}
static void cookey(raw1)
register unsigned long *raw1;
{
register unsigned long *cook, *raw0;
unsigned long dough[32];
register int i;
cook = dough;
for( i = 0; i < 16; i++, raw1++ ) {
raw0 = raw1++;
*cook = (*raw0 & 0x00fc0000L) << 6;
*cook |= (*raw0 & 0x00000fc0L) << 10;
*cook |= (*raw1 & 0x00fc0000L) >> 10;
*cook++ |= (*raw1 & 0x00000fc0L) >> 6;
*cook = (*raw0 & 0x0003f000L) << 12;
*cook |= (*raw0 & 0x0000003fL) << 16;
*cook |= (*raw1 & 0x0003f000L) >> 4;
*cook++ |= (*raw1 & 0x0000003fL);
}
usekey(dough);
return;
}
void cpkey(into)
register unsigned long *into;
{
register unsigned long *from, *endp;
from = KnL, endp = &KnL[32];
while( from < endp ) *into++ = *from++;
return;
}
void usekey(from)
register unsigned long *from;
{
register unsigned long *to, *endp;
to = KnL, endp = &KnL[32];
while( to < endp ) *to++ = *from++;
return;
}
void des(inblock, outblock)
unsigned char *inblock, *outblock;
{
unsigned long work[2];
scrunch(inblock, work);
desfunc(work, KnL);
unscrun(work, outblock);
return;
}
static void scrunch(outof, into)
register unsigned char *outof;
register unsigned long *into;
{
*into = (*outof++ & 0xffL) << 24;
*into |= (*outof++ & 0xffL) << 16;
*into |= (*outof++ & 0xffL) << 8;
*into++ |= (*outof++ & 0xffL);
*into = (*outof++ & 0xffL) << 24;
*into |= (*outof++ & 0xffL) << 16;
*into |= (*outof++ & 0xffL) << 8;
*into |= (*outof & 0xffL);
return;
}
static void unscrun(outof, into)
register unsigned long *outof;
register unsigned char *into;
{
*into++ = (*outof >> 24) & 0xffL;
*into++ = (*outof >> 16) & 0xffL;
*into++ = (*outof >> 8) & 0xffL;
*into++ = *outof++ & 0xffL;
*into++ = (*outof >> 24) & 0xffL;
*into++ = (*outof >> 16) & 0xffL;
*into++ = (*outof >> 8) & 0xffL;
*into = *outof & 0xffL;
return;
}
static unsigned long SP1[64] = {
0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L,
0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L,
0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L,
0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L,
0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L,
0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L,
0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L,
0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L,
0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L,
0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L,
0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L,
0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L,
0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L };
static unsigned long SP2[64] = {
0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L,
0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L,
0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L,
0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L,
0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L,
0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L,
0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L,
0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L,
0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L,
0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L,
0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L,
0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L,
0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L,
0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L,
0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L };
static unsigned long SP3[64] = {
0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L,
0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L,
0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L,
0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L,
0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L,
0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L,
0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L,
0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L,
0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L,
0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L,
0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L,
0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L,
0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L,
0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L,
0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L };
static unsigned long SP4[64] = {
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L,
0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L,
0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L,
0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L,
0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L,
0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L,
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L,
0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L,
0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L };
static unsigned long SP5[64] = {
0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L,
0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L,
0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L,
0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L,
0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L,
0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L,
0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L,
0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L,
0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L,
0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L,
0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L,
0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L,
0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L,
0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L,
0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L };
static unsigned long SP6[64] = {
0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L,
0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L,
0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L,
0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L,
0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L,
0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L,
0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L,
0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L,
0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L,
0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L,
0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L,
0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L,
0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L,
0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L,
0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L };
static unsigned long SP7[64] = {
0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L,
0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L,
0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L,
0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L,
0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L,
0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L,
0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L,
0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L,
0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L,
0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L,
0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L,
0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L,
0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L,
0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L,
0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L };
static unsigned long SP8[64] = {
0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L,
0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L,
0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L,
0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L,
0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L,
0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L,
0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L,
0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L,
0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L,
0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L,
0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L,
0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L,
0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L,
0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L,
0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L };
static void desfunc(block, keys)
register unsigned long *block, *keys;
{
register unsigned long fval, work, right, leftt;
register int round;
leftt = block[0];
right = block[1];
work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL;
right ^= work;
leftt ^= (work << 4);
work = ((leftt >> 16) ^ right) & 0x0000ffffL;
right ^= work;
leftt ^= (work << 16);
work = ((right >> 2) ^ leftt) & 0x33333333L;
leftt ^= work;
right ^= (work << 2);
work = ((right >> 8) ^ leftt) & 0x00ff00ffL;
leftt ^= work;
right ^= (work << 8);
right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL;
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL;
for( round = 0; round < 8; round++ ) {
work = (right << 28) | (right >> 4);
work ^= *keys++;
fval = SP7[ work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = right ^ *keys++;
fval |= SP8[ work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
leftt ^= fval;
work = (leftt << 28) | (leftt >> 4);
work ^= *keys++;
fval = SP7[ work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = leftt ^ *keys++;
fval |= SP8[ work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
right ^= fval;
}
right = (right << 31) | (right >> 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = (leftt << 31) | (leftt >> 1);
work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
right ^= work;
leftt ^= (work << 8);
work = ((leftt >> 2) ^ right) & 0x33333333L;
right ^= work;
leftt ^= (work << 2);
work = ((right >> 16) ^ leftt) & 0x0000ffffL;
leftt ^= work;
right ^= (work << 16);
work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL;
leftt ^= work;
right ^= (work << 4);
*block++ = right;
*block = leftt;
return;
}
/* Validation sets:
*
* Single-length key, single-length plaintext -
* Key : 0123 4567 89ab cdef
* Plain : 0123 4567 89ab cde7
* Cipher : c957 4425 6a5e d31d
*
**********************************************************************/
void des_key(des_ctx *dc, unsigned char *key){
deskey(key,EN0);
cpkey(dc->ek);
deskey(key,DE1);
cpkey(dc->dk);
}
/* Encrypt several blocks in ECB mode. Caller is responsible for
short blocks. */
void des_enc(des_ctx *dc, unsigned char *data, int blocks){
unsigned long work[2];
int i;
unsigned char *cp;
cp = data;
for(i=0;i<blocks;i++){
scrunch(cp,work);
desfunc(work,dc->ek);
unscrun(work,cp);
cp+=8;
}
}
void des_dec(des_ctx *dc, unsigned char *data, int blocks){
unsigned long work[2];
int i;
unsigned char *cp;
cp = data;
for(i=0;i<blocks;i++){
scrunch(cp,work);
desfunc(work,dc->dk);
unscrun(work,cp);
cp+=8;
}
}
void main(void){
des_ctx dc;
int i;
unsigned long data[10];
char *cp,key[8] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
char x[8] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xe7};
cp = x;
des_key(&dc,key);
des_enc(&dc,cp,1);
printf("Enc(0..7,0..7) = ");
for(i=0;i<8;i++) printf("%02x ", ((unsigned int) cp[i])&0x00ff);
printf("\n");
des_dec(&dc,cp,1);
printf("Dec(above,0..7) = ");
for(i=0;i<8;i++) printf("%02x ",((unsigned int)cp[i])&0x00ff);
printf("\n");
cp = (char *) data;
for(i=0;i<10;i++)data[i]=i;
des_enc(&dc,cp,5); /* Enc 5 blocks. */
for(i=0;i<10;i+=2) printf("Block %01d = %08lx %08lx.\n",
i/2,data[i],data[i+1]);
des_dec(&dc,cp,1);
des_dec(&dc,cp+8,4);
for(i=0;i<10;i+=2) printf("Block %01d = %08lx %08lx.\n",
i/2,data[i],data[i+1]);
}
LOKI91
#include <stdio.h>
#define LOKIBLK 8 /* No of bytes in a LOKI data-block
*/
#define ROUNDS 16 /* No of LOKI rounds
*/
typedef unsigned long Long; /* type specification for aligned
LOKI blocks */
extern Long lokikey[2]; /* 64-bit key used by LOKI routines */
extern char *loki_lib_ver; /* String with version no. &
copyright */
#ifdef __STDC__ /* declare prototypes for library
functions */
extern void enloki(char *b);
extern void deloki(char *b);
extern void setlokikey(char key[LOKIBLK]);
#else /* else just declare library functions extern
*/
extern void enloki(), deloki(), setlokikey();
#endif __STDC__
char P[32] = {
31, 23, 15, 7, 30, 22, 14, 6,
29, 21, 13, 5, 28, 20, 12, 4,
27, 19, 11, 3, 26, 18, 10, 2,
25, 17, 9, 1, 24, 16, 8, 0
};
typedef struct {
short gen; /* irreducible polynomial used in this field */
short exp; /* exponent used to generate this s function */
} sfn_desc;
sfn_desc sfn[] = {
{ /* 101110111 */ 375, 31}, { /* 101111011 */ 379, 31},
{ /* 110000111 */ 391, 31}, { /* 110001011 */ 395, 31},
{ /* 110001101 */ 397, 31}, { /* 110011111 */ 415, 31},
{ /* 110100011 */ 419, 31}, { /* 110101001 */ 425, 31},
{ /* 110110001 */ 433, 31}, { /* 110111101 */ 445, 31},
{ /* 111000011 */ 451, 31}, { /* 111001111 */ 463, 31},
{ /* 111010111 */ 471, 31}, { /* 111011101 */ 477, 31},
{ /* 111100111 */ 487, 31}, { /* 111110011 */ 499, 31},
{ 00, 00} };
typedef struct {
Long loki_subkeys[ROUNDS];
} loki_ctx;
static Long f(); /* declare LOKI function f */
static short s(); /* declare LOKI S-box fn s */
#define ROL12(b) b = ((b << 12) | (b >> 20));
#define ROL13(b) b = ((b << 13) | (b >> 19));
#ifdef LITTLE_ENDIAN
#define bswap(cb) { \
register char c; \
c = cb[0]; cb[0] = cb[3]; cb[3] = c; \
c = cb[1]; cb[1] = cb[2]; cb[2] = c; \
c = cb[4]; cb[4] = cb[7]; cb[7] = c; \
c = cb[5]; cb[5] = cb[6]; cb[6] = c; \
}
#endif
void
setlokikey(loki_ctx *c, char *key)
{
register i;
register Long KL, KR;
#ifdef LITTLE_ENDIAN
bswap(key); /* swap bytes round if little-endian */
#endif
KL = ((Long *)key)[0];
KR = ((Long *)key)[1];
for (i=0; i<ROUNDS; i+=4) { /* Generate the 16 subkeys */
c->loki_subkeys[i] = KL;
ROL12 (KL);
c->loki_subkeys[i+1] = KL;
ROL13 (KL);
c->loki_subkeys[i+2] = KR;
ROL12 (KR);
c->loki_subkeys[i+3] = KR;
ROL13 (KR);
}
#ifdef LITTLE_ENDIAN
bswap(key); /* swap bytes back if little-endian */
#endif
}
void
enloki (loki_ctx *c, char *b)
{
register i;
register Long L, R; /* left & right data halves */
#ifdef LITTLE_ENDIAN
bswap(b); /* swap bytes round if little-endian */
#endif
L = ((Long *)b)[0];
R = ((Long *)b)[1];
for (i=0; i<ROUNDS; i+=2) { /* Encrypt with the 16 subkeys
*/
L ^= f (R, c->loki_subkeys[i]);
R ^= f (L, c->loki_subkeys[i+1]);
}
((Long *)b)[0] = R; /* Y = swap(LR) */
((Long *)b)[1] = L;
#ifdef LITTLE_ENDIAN
bswap(b); /* swap bytes round if little-endian */
#endif
}
void
deloki(loki_ctx *c, char *b)
{
register i;
register Long L, R; /* left & right data halves */
#ifdef LITTLE_ENDIAN
bswap(b); /* swap bytes round if little-endian */
#endif
L = ((Long *)b)[0]; /* LR = X XOR K */
R = ((Long *)b)[1];
for (i=ROUNDS; i>0; i-=2) { /* subkeys in reverse
order */
L ^= f(R, c->loki_subkeys[i-1]);
R ^= f(L, c->loki_subkeys[i-2]);
}
((Long *)b)[0] = R; /* Y = LR XOR K */
((Long *)b)[1] = L;
}
#define MASK12 0x0fff /* 12 bit mask for expansion E
*/
static Long
f(r, k)
register Long r; /* Data value R(i-1) */
Long k; /* Key K(i) */
{
Long a, b, c; /* 32 bit S-box output, & P output */
a = r ^ k; /* A = R(i-1) XOR K(i) */
/* want to use slow speed/small size version */
b = ((Long)s((a & MASK12)) ) | /* B = S(E(R(i-1))^K(i))
*/
((Long)s(((a >> 8) & MASK12)) << 8) |
((Long)s(((a >> 16) & MASK12)) << 16) |
((Long)s((((a >> 24) | (a << 8)) & MASK12)) << 24);
perm32(&c, &b, P); /* C = P(S( E(R(i-1)) XOR K(i))) */
return(c); /* f returns the result C */
}
static short s(i)
register Long i; /* return S-box value for input i */
{
register short r, c, v, t;
short exp8(); /* exponentiation routine for GF(2^8) */
r = ((i>>8) & 0xc) | (i & 0x3); /* row value-top 2 &
bottom 2 */
c = (i>>2) & 0xff; /* column
value-middle 8 bits */
t = (c + ((r * 17) ^ 0xff)) & 0xff; /* base value for Sfn */
v = exp8(t, sfn[r].exp, sfn[r].gen); /* Sfn[r] = t ^ exp
mod gen */
return(v);
}
#define MSB 0x80000000L /* MSB of 32-bit word */
perm32(out, in , perm)
Long *out; /* Output 32-bit block to be permuted */
Long *in; /* Input 32-bit block after permutation */
char perm[32]; /* Permutation array */
{
Long mask = MSB; /* mask used to set bit in
output */
register int i, o, b; /* input bit no, output bit no, value */
register char *p = perm; /* ptr to permutation array */
*out = 0; /* clear output block */
for (o=0; o<32; o++) { /* For each output bit
position o */
i =(int)*p++; /* get input bit permuted to
output o */
b = (*in >> i) & 01; /* value of input bit i */
if (b) /* If the input bit i is set */
*out |= mask; /* OR in mask to
output i */
mask >>= 1; /* Shift mask to next
bit */
}
}
#define SIZE 256 /* 256 elements in GF(2^8) */
short mult8(a, b, gen)
short a, b; /* operands for multiply */
short gen; /* irreducible polynomial generating Galois Field */
{
short product = 0; /* result of multiplication */
while(b != 0) { /* while multiplier is
non-zero */
if (b & 01)
product ^= a; /* add multiplicand if LSB
of b set */
a <<= 1; /* shift multiplicand one place */
if (a >= SIZE)
a ^= gen; /* and modulo reduce if needed */
b >>= 1; /* shift multiplier one place */
}
return(product);
}
short exp8(base, exponent, gen)
short base; /* base of exponentiation */
short exponent; /* exponent */
short gen; /* irreducible polynomial generating Galois Field */
{
short accum = base; /* superincreasing sequence of base */
short result = 1; /* result of exponentiation */
if (base == 0) /* if zero base specified then */
return(0); /* the result is "0" if base = 0 */
while (exponent != 0) { /* repeat while exponent non-zero */
if (( exponent & 0x0001) == 0x0001) /* multiply if
exp 1 */
result = mult8(result, accum, gen);
exponent >>= 1; /* shift exponent to next
digit */
accum = mult8(accum, accum, gen); /* & square */
}
return(result);
}
void loki_key(loki_ctx *c, unsigned char *key){
setlokikey(c,key);
}
void loki_enc(loki_ctx *c, unsigned char *data, int blocks){
unsigned char *cp;
int i;
cp = data;
for(i=0;i<blocks;i++){
enloki(c,cp);
cp+=8;
}
}
void loki_dec(loki_ctx *c, unsigned char *data, int blocks){
unsigned char *cp;
int i;
cp = data;
for(i=0;i<blocks;i++){
deloki(c,cp);
cp+=8;
}
}
void main(void){
loki_ctx lc;
unsigned long data[10];
unsigned char *cp;
unsigned char key[] = {0,1,2,3,4,5,6,7};
int i;
for(i=0;i<10;i++) data[i]=i;
loki_key(&lc,key);
cp = (char *)data;
loki_enc(&lc,cp,5);
for(i=0;i<10;i+=2) printf("Block %01d = %08lx %08lx\n",
i/2,data[i],data[i+1]);
loki_dec(&lc,cp,1);
loki_dec(&lc,cp+8,4);
for(i=0;i<10;i+=2) printf("Block %01d = %08lx %08lx\n",
i/2,data[i],data[i+1]);
}
IDEA
typedef unsigned char boolean; /* values are TRUE or FALSE */
typedef unsigned char byte; /* values are 0-255 */
typedef byte *byteptr; /* pointer to byte */
typedef char *string;/* pointer to ASCII character string */
typedef unsigned short word16; /* values are 0-65535 */
typedef unsigned long word32; /* values are 0-4294967295 */
#ifndef TRUE
#define FALSE 0
#define TRUE (!FALSE)
#endif /* if TRUE not already defined */
#ifndef min /* if min macro not already defined */
#define min(a,b) ( (a)<(b) ? (a) : (b) )
#define max(a,b) ( (a)>(b) ? (a) : (b) )
#endif /* if min macro not already defined */
#define IDEAKEYSIZE 16
#define IDEABLOCKSIZE 8
#define IDEAROUNDS 8
#define IDEAKEYLEN (6*IDEAROUNDS+4)
typedef struct{
word16 ek[IDEAKEYLEN],dk[IDEAKEYLEN];
}idea_ctx;
/* End includes for IDEA.C */
#ifdef IDEA32 /* Use >16-bit temporaries */
#define low16(x) ((x) & 0xFFFF)
typedef unsigned int uint16;/* at LEAST 16 bits, maybe more */
#else
#define low16(x) (x) /* this is only ever applied to uint16's */
typedef word16 uint16;
#endif
#ifdef SMALL_CACHE
static uint16
mul(register uint16 a, register uint16 b)
{
register word32 p;
p = (word32)a * b;
if (p) {
b = low16(p);
a = p>>16;
return (b - a) + (b < a);
} else if (a) {
return 1-b;
} else {
return 1-a;
}
} /* mul */
#endif /* SMALL_CACHE */
static uint16
mulInv(uint16 x)
{
uint16 t0, t1;
uint16 q, y;
if (x <= 1)
return x; /* 0 and 1 are self-inverse */
t1 = 0x10001L / x; /* Since x >= 2, this fits into 16 bits */
y = 0x10001L % x;
if (y == 1)
return low16(1-t1);
t0 = 1;
do {
q = x / y;
x = x % y;
t0 += q * t1;
if (x == 1)
return t0;
q = y / x;
y = y % x;
t1 += q * t0;
} while (y != 1);
return low16(1-t1);
} /* mukInv */
static void
ideaExpandKey(byte const *userkey, word16 *EK)
{
int i,j;
for (j=0; j<8; j++) {
EK[j] = (userkey[0]<<8) + userkey[1];
userkey += 2;
}
for (i=0; j < IDEAKEYLEN; j++) {
i++;
EK[i+7] = EK[i & 7] << 9 | EK[i+1 & 7] >> 7;
EK += i & 8;
i &= 7;
}
} /* ideaExpandKey */
static void
ideaInvertKey(word16 const *EK, word16 DK[IDEAKEYLEN])
{
int i;
uint16 t1, t2, t3;
word16 temp[IDEAKEYLEN];
word16 *p = temp + IDEAKEYLEN;
t1 = mulInv(*EK++);
t2 = -*EK++;
t3 = -*EK++;
*--p = mulInv(*EK++);
*--p = t3;
*--p = t2;
*--p = t1;
for (i = 0; i < IDEAROUNDS-1; i++) {
t1 = *EK++;
*--p = *EK++;
*--p = t1;
t1 = mulInv(*EK++);
t2 = -*EK++;
t3 = -*EK++;
*--p = mulInv(*EK++);
*--p = t2;
*--p = t3;
*--p = t1;
}
t1 = *EK++;
*--p = *EK++;
*--p = t1;
t1 = mulInv(*EK++);
t2 = -*EK++;
t3 = -*EK++;
*--p = mulInv(*EK++);
*--p = t3;
*--p = t2;
*--p = t1;
/* Copy and destroy temp copy */
memcpy(DK, temp, sizeof(temp));
for(i=0;i<IDEAKEYLEN;i++)temp[i]=0;
} /* ideaInvertKey */
#ifdef SMALL_CACHE
#define MUL(x,y) (x = mul(low16(x),y))
#else /* !SMALL_CACHE */
#ifdef AVOID_JUMPS
#define MUL(x,y) (x = low16(x-1), t16 = low16((y)-1), \
t32 = (word32)x*t16 + x + t16 + 1, x = low16(t32), \
t16 = t32>>16, x = (x-t16) + (x<t16) )
#else /* !AVOID_JUMPS (default) */
#define MUL(x,y) \
((t16 = (y)) ? \
(x=low16(x)) ? \
t32 = (word32)x*t16, \
x = low16(t32), \
t16 = t32>>16, \
x = (x-t16)+(x<t16) \
: \
(x = 1-t16) \
: \
(x = 1-x))
#endif
#endif
static void
ideaCipher(byte *inbuf, byte *outbuf, word16 *key)
{
register uint16 x1, x2, x3, x4, s2, s3;
word16 *in, *out;
#ifndef SMALL_CACHE
register uint16 t16; /* Temporaries needed by MUL macro */
register word32 t32;
#endif
int r = IDEAROUNDS;
in = (word16 *)inbuf;
x1 = *in++; x2 = *in++;
x3 = *in++; x4 = *in;
#ifndef HIGHFIRST
x1 = (x1 >>8) | (x1<<8);
x2 = (x2 >>8) | (x2<<8);
x3 = (x3 >>8) | (x3<<8);
x4 = (x4 >>8) | (x4<<8);
#endif
do {
MUL(x1,*key++);
x2 += *key++;
x3 += *key++;
MUL(x4, *key++);
s3 = x3;
x3 ^= x1;
MUL(x3, *key++);
s2 = x2;
x2 ^= x4;
x2 += x3;
MUL(x2, *key++);
x3 += x2;
x1 ^= x2; x4 ^= x3;
x2 ^= s3; x3 ^= s2;
} while (--r);
MUL(x1, *key++);
x3 += *key++;
x2 += *key++;
MUL(x4, *key);
out = (word16 *)outbuf;
#ifdef HIGHFIRST
*out++ = x1;
*out++ = x3;
*out++ = x2;
*out = x4;
#else /* !HIGHFIRST */
*out++ = (x1 >>8) | (x1<<8);
*out++ = (x3 >>8) | (x3<<8);
*out++ = (x2 >>8) | (x2<<8);
*out = (x4 >>8) | (x4<<8);
#endif
} /* ideaCipher */
void idea_key(idea_ctx *c, unsigned char *key){
ideaExpandKey(key,c->ek);
ideaInvertKey(c->ek,c->dk);
}
void idea_enc(idea_ctx *c, unsigned char *data, int blocks){
int i;
unsigned char *d = data;
for(i=0;i<blocks;i++){
ideaCipher(d,d,c->ek);
d+=8;
}
}
void idea_dec(idea_ctx *c, unsigned char *data, int blocks){
int i;
unsigned char *d = data;
for(i=0;i<blocks;i++){
ideaCipher(d,d,c->dk);
d+=8;
}
}
#include <stdio.h>
#ifndef BLOCKS
#ifndef KBYTES
#define KBYTES 1024
#endif
#define BLOCKS (64*KBYTES)
#endif
int
main(void)
{ /* Test driver for IDEA cipher */
int i, j, k;
idea_ctx c;
byte userkey[16];
word16 EK[IDEAKEYLEN], DK[IDEAKEYLEN];
byte XX[8], YY[8], ZZ[8];
word32 long_block[10]; /* 5 blocks */
long l;
char *lbp;
/* Make a sample user key for testing... */
for(i=0; i<16; i++)
userkey[i] = i+1;
idea_key(&c,userkey);
/* Make a sample plaintext pattern for testing... */
for (k=0; k<8; k++)
XX[k] = k;
idea_enc(&c,XX,1); /* encrypt */
lbp = (unsigned char *) long_block;
for(i=0;i<10;i++) long_block[i] = i;
idea_enc(&c,lbp,5);
for(i=0;i<10;i+=2) printf("Block %01d = %08lx %08lx.\n",
i/2,long_block[i],long_block[i+1]);
idea_dec(&c,lbp,3);
idea_dec(&c,lbp+24,2);
for(i=0;i<10;i+=2) printf("Block %01d = %08lx %08lx.\n",
i/2,long_block[i],long_block[i+1]);
return 0; /* normal exit */
} /* main */
GOST
typedef unsigned long u4;
typedef unsigned char byte;
typedef struct {
u4 k[8];
/* Constant s-boxes -- set up in gost_init(). */
char k87[256],k65[256],k43[256],k21[256];
} gost_ctx;
/* Note: encrypt and decrypt expect full blocks--padding blocks is
caller's responsibility. All bulk encryption is done in
ECB mode by these calls. Other modes may be added easily
enough. */
void gost_enc(gost_ctx *, u4 *, int);
void gost_dec(gost_ctx *, u4 *, int);
void gost_key(gost_ctx *, u4 *);
void gost_init(gost_ctx *);
void gost_destroy(gost_ctx *);
#ifdef __alpha /* Any other 64-bit machines? */
typedef unsigned int word32;
#else
typedef unsigned long word32;
#endif
kboxinit(gost_ctx *c)
{
int i;
byte k8[16] = {14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6,
12, 5, 9, 0, 7 };
byte k7[16] = {15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2,
13, 12, 0, 5, 10 };
byte k6[16] = {10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12,
7, 11, 4, 2, 8 };
byte k5[16] = { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8,
5, 11, 12, 4, 15 };
byte k4[16] = { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3,
15, 13, 0, 14, 9 };
byte k3[16] = {12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3,
4, 14, 7, 5, 11 };
byte k2[16] = { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9,
7, 5, 10, 6, 1 };
byte k1[16] = {13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3,
14, 5, 0, 12, 7 };
for (i = 0; i < 256; i++) {
c->k87[i] = k8[i >> 4] << 4 | k7[i & 15];
c->k65[i] = k6[i >> 4] << 4 | k5[i & 15];
c->k43[i] = k4[i >> 4] << 4 | k3[i & 15];
c->k21[i] = k2[i >> 4] << 4 | k1[i & 15];
}
}
static word32
f(gost_ctx *c,word32 x)
{
x = c->k87[x>>24 & 255] << 24 | c->k65[x>>16 & 255] << 16 |
c->k43[x>> 8 & 255] << 8 | c->k21[x & 255];
/* Rotate left 11 bits */
return x<<11 | x>>(32-11);
}
void gostcrypt(gost_ctx *c, word32 *d){
register word32 n1, n2; /* As named in the GOST */
n1 = d[0];
n2 = d[1];
/* Instead of swapping halves, swap names each round */
n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
d[0] = n2; d[1] = n1;
}
void
gostdecrypt(gost_ctx *c, u4 *d){
register word32 n1, n2; /* As named in the GOST */
n1 = d[0]; n2 = d[1];
n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
d[0] = n2; d[1] = n1;
}
void gost_enc(gost_ctx *c, u4 *d, int blocks){
int i;
for(i=0;i<blocks;i++){
gostcrypt(c,d);
d+=2;
}
}
void gost_dec(gost_ctx *c, u4 *d, int blocks){
int i;
for(i=0;i<blocks;i++){
gostdecrypt(c,d);
d+=2;
}
}
void gost_key(gost_ctx *c, u4 *k){
int i;
for(i=0;i<8;i++) c->k[i]=k[i];
}
void gost_init(gost_ctx *c){
kboxinit(c);
}
void gost_destroy(gost_ctx *c){
int i;
for(i=0;i<8;i++) c->k[i]=0;
}
void main(void){
gost_ctx gc;
u4 k[8],data[10];
int i;
/* Initialize GOST context. */
gost_init(&gc);
/* Prepare key--a simple key should be OK, with this many rounds! */
for(i=0;i<8;i++) k[i] = i;
gost_key(&gc,k);
/* Try some test vectors. */
data[0] = 0; data[1] = 0;
gostcrypt(&gc,data);
printf("Enc of zero vector: %08lx %08lx\n",data[0],data[1]);
gostcrypt(&gc,data);
printf("Enc of above: %08lx %08lx\n",data[0],data[1]);
data[0] = 0xffffffff; data[1] = 0xffffffff;
gostcrypt(&gc,data);
printf("Enc of ones vector: %08lx %08lx\n",data[0],data[1]);
gostcrypt(&gc,data);
printf("Enc of above: %08lx %08lx\n",data[0],data[1]);
/* Does gost_dec() properly reverse gost_enc()? Do
we deal OK with single-block lengths passed in gost_dec()?
Do we deal OK with different lengths passed in? */
/* Init data */
for(i=0;i<10;i++) data[i]=i;
/* Encrypt data as 5 blocks. */
gost_enc(&gc,data,5);
/* Display encrypted data. */
for(i=0;i<10;i+=2) printf("Block %02d = %08lx %08lx\n",
i/2,data[i],data[i+1]);
/* Decrypt in different sized chunks. */
gost_dec(&gc,data,1);
gost_dec(&gc,data+2,4);
printf("\n");
/* Display decrypted data. */
for(i=0;i<10;i+=2) printf("Block %02d = %08lx %08lx\n",
i/2,data[i],data[i+1]);
gost_destroy(&gc);
}
BLOWFISH
#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#ifdef little_endian /* Eg: Intel */
#include <alloc.h>
#endif
#include <ctype.h>
#ifdef little_endian /* Eg: Intel */
#include <dir.h>
#include <bios.h>
#endif
#ifdef big_endian
#include <Types.h>
#endif
typedef struct {
unsigned long S[4][256],P[18];
} blf_ctx;
#define MAXKEYBYTES 56 /* 448 bits */
// #define little_endian 1 /* Eg: Intel */
#define big_endian 1 /* Eg: Motorola */
void Blowfish_encipher(blf_ctx *,unsigned long *xl, unsigned long *xr);
void Blowfish_decipher(blf_ctx *,unsigned long *xl, unsigned long *xr);
#define N 16
#define noErr 0
#define DATAERROR -1
#define KEYBYTES 8
FILE* SubkeyFile;
unsigned long F(blf_ctx *bc, unsigned long x)
{
unsigned short a;
unsigned short b;
unsigned short c;
unsigned short d;
unsigned long y;
d = x & 0x00FF;
x >>= 8;
c = x & 0x00FF;
x >>= 8;
b = x & 0x00FF;
x >>= 8;
a = x & 0x00FF;
//y = ((S[0][a] + S[1][b]) ^ S[2][c]) + S[3][d];
y = bc->S[0][a] + bc->S[1][b];
y = y ^ bc->S[2][c];
y = y + bc->S[3][d];
return y;
}
void Blowfish_encipher(blf_ctx *c,unsigned long *xl, unsigned long *xr)
{
unsigned long Xl;
unsigned long Xr;
unsigned long temp;
short i;
Xl = *xl;
Xr = *xr;
for (i = 0; i < N; ++i) {
Xl = Xl ^ c->P[i];
Xr = F(c,Xl) ^ Xr;
temp = Xl;
Xl = Xr;
Xr = temp;
}
temp = Xl;
Xl = Xr;
Xr = temp;
Xr = Xr ^ c->P[N];
Xl = Xl ^ c->P[N + 1];
*xl = Xl;
*xr = Xr;
}
void Blowfish_decipher(blf_ctx *c, unsigned long *xl, unsigned long *xr)
{
unsigned long Xl;
unsigned long Xr;
unsigned long temp;
short i;
Xl = *xl;
Xr = *xr;
for (i = N + 1; i > 1; --i) {
Xl = Xl ^ c->P[i];
Xr = F(c,Xl) ^ Xr;
/* Exchange Xl and Xr */
temp = Xl;
Xl = Xr;
Xr = temp;
}
/* Exchange Xl and Xr */
temp = Xl;
Xl = Xr;
Xr = temp;
Xr = Xr ^ c->P[1];
Xl = Xl ^ c->P[0];
*xl = Xl;
*xr = Xr;
}
short InitializeBlowfish(blf_ctx *c, char key[], short keybytes)
{
short i;
short j;
short k;
short error;
short numread;
unsigned long data;
unsigned long datal;
unsigned long datar;
unsigned long ks0[] = {
0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,
0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,
0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,
0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,
0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,
0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,
0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,
0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,
0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,
0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,
0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,
0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,
0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,
0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,
0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,
0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,
0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,
0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,
0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,
0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,
0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,
0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a};
unsigned long ks1[] = {
0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,
0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,
0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,
0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,
0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,
0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,
0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,
0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,
0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,
0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,
0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,
0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,
0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,
0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,
0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,
0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,
0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,
0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,
0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,
0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,
0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,
0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7};
unsigned long ks2[] = {
0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,
0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,
0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,
0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,
0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,
0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,
0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,
0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,
0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,
0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,
0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,
0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,
0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,
0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,
0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,
0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,
0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,
0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,
0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,
0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,
0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,
0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0};
unsigned long ks3[] = {
0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,
0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,
0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,
0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,
0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,
0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,
0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,
0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,
0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,
0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,
0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,
0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,
0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,
0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,
0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,
0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,
0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,
0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,
0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,
0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,
0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,
0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6};
/* Initialize s-boxes without file read. */
for(i=0;i<256;i++){
c->S[0][i] = ks0[i];
c->S[1][i] = ks1[i];
c->S[2][i] = ks2[i];
c->S[3][i] = ks3[i];
}
j = 0;
for (i = 0; i < N + 2; ++i) {
data = 0x00000000;
for (k = 0; k < 4; ++k) {
data = (data << 8) | key[j];
j = j + 1;
if (j >= keybytes) {
j = 0;
}
}
c->P[i] = c->P[i] ^ data;
}
datal = 0x00000000;
datar = 0x00000000;
for (i = 0; i < N + 2; i += 2) {
Blowfish_encipher(c,&datal, &datar);
c->P[i] = datal;
c->P[i + 1] = datar;
}
for (i = 0; i < 4; ++i) {
for (j = 0; j < 256; j += 2) {
Blowfish_encipher(c,&datal, &datar);
c->S[i][j] = datal;
c->S[i][j + 1] = datar;
}
}
}
void blf_key(blf_ctx *c, char *k, int len){
InitializeBlowfish(c,k,len);
}
void blf_enc(blf_ctx *c, unsigned long *data, int blocks){
unsigned long *d;
int i;
d = data;
for(i=0;i<blocks;i++){
Blowfish_encipher(c,d,d+1);
d += 2;
}
}
void blf_dec(blf_ctx *c, unsigned long *data, int blocks){
unsigned long *d;
int i;
d = data;
for(i=0;i<blocks;i++){
Blowfish_decipher(c,d,d+1);
d += 2;
}
}
void main(void){
blf_ctx c;
char key[]="AAAAA";
unsigned long data[10];
int i;
for(i=0;i<10;i++) data[i] = i;
blf_key(&c,key,5);
blf_enc(&c,data,5);
blf_dec(&c,data,1);
blf_dec(&c,data+2,4);
for(i=0;i<10;i+=2) printf("Block %01d decrypts to: %08lx %08lx.\n",
i/2,data[i],data[i+1]);
}
3-WAY
#define STRT_E 0x0b0b /* round constant of first encryption round */
#define STRT_D 0xb1b1 /* round constant of first decryption round */
#define NMBR 11 /* number of rounds is 11 */
typedef unsigned long int word32 ;
/* the program only works correctly if long = 32bits */
typedef unsigned long u4;
typedef unsigned char u1;
typedef struct {
u4 k[3],ki[3], ercon[NMBR+1],drcon[NMBR+1];
} twy_ctx;
/* Note: encrypt and decrypt expect full blocks--padding blocks is
caller's responsibility. All bulk encryption is done in
ECB mode by these calls. Other modes may be added easily
enough. */
/* destroy: Context. */
/* Scrub context of all sensitive data. */
void twy_destroy(twy_ctx *);
/* encrypt: Context, ptr to data block, # of blocks. */
void twy_enc(twy_ctx *, u4 *, int);
/* decrypt: Context, ptr to data block, # of blocks. */
void twy_dec(twy_ctx *, u4 *, int);
/* key: Context, ptr to key data. */
void twy_key(twy_ctx *, u4 *);
/* ACCODE----------------------------------------------------------- */
/* End of AC code prototypes and structures. */
/* ----------------------------------------------------------------- */
void mu(word32 *a) /* inverts the order of the bits of a */
{
int i ;
word32 b[3] ;
b[0] = b[1] = b[2] = 0 ;
for( i=0 ; i<32 ; i++ )
{
b[0] <<= 1 ; b[1] <<= 1 ; b[2] <<= 1 ;
if(a[0]&1) b[2] |= 1 ;
if(a[1]&1) b[1] |= 1 ;
if(a[2]&1) b[0] |= 1 ;
a[0] >>= 1 ; a[1] >>= 1 ; a[2] >>= 1 ;
}
a[0] = b[0] ; a[1] = b[1] ; a[2] = b[2] ;
}
void gamma(word32 *a) /* the nonlinear step */
{
word32 b[3] ;
b[0] = a[0] ^ (a[1]|(~a[2])) ;
b[1] = a[1] ^ (a[2]|(~a[0])) ;
b[2] = a[2] ^ (a[0]|(~a[1])) ;
a[0] = b[0] ; a[1] = b[1] ; a[2] = b[2] ;
}
void theta(word32 *a) /* the linear step */
{
word32 b[3];
b[0] = a[0] ^ (a[0]>>16) ^ (a[1]<<16) ^ (a[1]>>16) ^ (a[2]<<16) ^
(a[1]>>24) ^ (a[2]<<8) ^ (a[2]>>8) ^ (a[0]<<24) ^
(a[2]>>16) ^ (a[0]<<16) ^ (a[2]>>24) ^ (a[0]<<8) ;
b[1] = a[1] ^ (a[1]>>16) ^ (a[2]<<16) ^ (a[2]>>16) ^ (a[0]<<16) ^
(a[2]>>24) ^ (a[0]<<8) ^ (a[0]>>8) ^ (a[1]<<24) ^
(a[0]>>16) ^ (a[1]<<16) ^ (a[0]>>24) ^ (a[1]<<8) ;
b[2] = a[2] ^ (a[2]>>16) ^ (a[0]<<16) ^ (a[0]>>16) ^ (a[1]<<16) ^
(a[0]>>24) ^ (a[1]<<8) ^ (a[1]>>8) ^ (a[2]<<24) ^
(a[1]>>16) ^ (a[2]<<16) ^ (a[1]>>24) ^ (a[2]<<8) ;
a[0] = b[0] ; a[1] = b[1] ; a[2] = b[2] ;
}
void pi_1(word32 *a)
{
a[0] = (a[0]>>10) ^ (a[0]<<22);
a[2] = (a[2]<<1) ^ (a[2]>>31);
}
void pi_2(word32 *a)
{
a[0] = (a[0]<<1) ^ (a[0]>>31);
a[2] = (a[2]>>10) ^ (a[2]<<22);
}
void rho(word32 *a) /* the round function */
{
theta(a) ;
pi_1(a) ;
gamma(a) ;
pi_2(a) ;
}
void rndcon_gen(word32 strt,word32 *rtab)
{ /* generates the round constants */
int i ;
for(i=0 ; i<=NMBR ; i++ )
{
rtab[i] = strt ;
strt <<= 1 ;
if( strt&0x10000 ) strt ^= 0x11011 ;
}
}
/* Modified slightly to fit the caller's needs. */
void encrypt(twy_ctx *c, word32 *a)
{
char i ;
for( i=0 ; i<NMBR ; i++ )
{
a[0] ^= c->k[0] ^ (c->ercon[i]<<16) ;
a[1] ^= c->k[1] ;
a[2] ^= c->k[2] ^ c->ercon[i] ;
rho(a) ;
}
a[0] ^= c->k[0] ^ (c->ercon[NMBR]<<16) ;
a[1] ^= c->k[1] ;
a[2] ^= c->k[2] ^ c->ercon[NMBR] ;
theta(a) ;
}
/* Modified slightly to meet caller's needs. */
void decrypt(twy_ctx *c, word32 *a)
{
char i ;
mu(a) ;
for( i=0 ; i<NMBR ; i++ )
{
a[0] ^= c->ki[0] ^ (c->drcon[i]<<16) ;
a[1] ^= c->ki[1] ;
a[2] ^= c->ki[2] ^ c->drcon[i] ;
rho(a) ;
}
a[0] ^= c->ki[0] ^ (c->drcon[NMBR]<<16) ;
a[1] ^= c->ki[1] ;
a[2] ^= c->ki[2] ^ c->drcon[NMBR] ;
theta(a) ;
mu(a) ;
}
void twy_key(twy_ctx *c, u4 *key){
c->ki[0] = c->k[0] = key[0];
c->ki[1] = c->k[1] = key[1];
c->ki[2] = c->k[2] = key[2];
theta(c->ki);
mu(c->ki);
rndcon_gen(STRT_E,c->ercon);
rndcon_gen(STRT_D,c->drcon);
}
/* Encrypt in ECB mode. */
void twy_enc(twy_ctx *c, u4 *data, int blkcnt){
u4 *d;
int i;
d = data;
for(i=0;i<blkcnt;i++) {
encrypt(c,d);
d +=3;
}
}
/* Decrypt in ECB mode. */
void twy_dec(twy_ctx *c, u4 *data, int blkcnt){
u4 *d;
int i;
d = data;
for(i=0;i<blkcnt;i++){
decrypt(c,d);
d+=3;
}
}
/* Scrub sensitive values from memory before deallocating. */
void twy_destroy(twy_ctx *c){
int i;
for(i=0;i<3;i++) c->k[i] = c->ki[i] = 0;
}
void printvec(char *chrs, word32 *d){
printf("%20s : %08lx %08lx %08lx \n",chrs,d[2],d[1],d[0]);
}
main()
{
twy_ctx gc;
word32 a[9],k[3];
int i;
/* Test vector 1. */
k[0]=k[1]=k[2]=0;
a[0]=a[1]=a[2]=1;
twy_key(&gc,k);
printf("**********\n");
printvec("KEY = ",k);
printvec("PLAIN = ",a);
encrypt(&gc,a);
printvec("CIPHER = ",a);
/* Test vector 2. */
k[0]=6;k[1]=5;k[2]=4;
a[0]=3;a[1]=2;a[2]=1;
twy_key(&gc,k);
printf("**********\n");
printvec("KEY = ",k);
printvec("PLAIN = ",a);
encrypt(&gc,a);
printvec("CIPHER = ",a);
/* Test vector 3. */
k[2]=0xbcdef012;k[1]=0x456789ab;k[0]=0xdef01234;
a[2]=0x01234567;a[1]=0x9abcdef0;a[0]=0x23456789;
twy_key(&gc,k);
printf("**********\n");
printvec("KEY = ",k);
printvec("PLAIN = ",a);
encrypt(&gc,a);
printvec("CIPHER = ",a);
/* Test vector 4. */
k[2]=0xcab920cd;k[1]=0xd6144138;k[0]=0xd2f05b5e;
a[2]=0xad21ecf7;a[1]=0x83ae9dc4;a[0]=0x4059c76e;
twy_key(&gc,k);
printf("**********\n");
printvec("KEY = ",k);
printvec("PLAIN = ",a);
encrypt(&gc,a);
printvec("CIPHER = ",a);
/* TEST VALUES
key : 00000000 00000000 00000000
plaintext : 00000001 00000001 00000001
ciphertext : ad21ecf7 83ae9dc4 4059c76e
key : 00000004 00000005 00000006
plaintext : 00000001 00000002 00000003
ciphertext : cab920cd d6144138 d2f05b5e
key : bcdef012 456789ab def01234
plaintext : 01234567 9abcdef0 23456789
ciphertext : 7cdb76b2 9cdddb6d 0aa55dbb
key : cab920cd d6144138 d2f05b5e
plaintext : ad21ecf7 83ae9dc4 4059c76e
ciphertext : 15b155ed 6b13f17c 478ea871
*/
/* Enc/dec test: */
for(i=0;i<9;i++) a[i]=i;
twy_enc(&gc,a,3);
for(i=0;i<9;i+=3) printf("Block %01d encrypts to %08lx %08lx %08lx\n",
i/3,a[i],a[i+1],a[i+2]);
twy_dec(&gc,a,2);
twy_dec(&gc,a+6,1);
for(i=0;i<9;i+=3) printf("Block %01d decrypts to %08lx %08lx %08lx\n",
i/3,a[i],a[i+1],a[i+2]);
}
RC5
#include <stdio.h>
/* An RC5 context needs to know how many rounds it has, and its subkeys. */
typedef struct {
u4 *xk;
int nr;
} rc5_ctx;
/* Where possible, these should be replaced with actual rotate instructions.
For Turbo C++, this is done with _lrotl and _lrotr. */
#define ROTL32(X,C) (((X)<<(C))|((X)>>(32-(C))))
#define ROTR32(X,C) (((X)>>(C))|((X)<<(32-(C))))
/* Function prototypes for dealing with RC5 basic operations. */
void rc5_init(rc5_ctx *, int);
void rc5_destroy(rc5_ctx *);
void rc5_key(rc5_ctx *, u1 *, int);
void rc5_encrypt(rc5_ctx *, u4 *, int);
void rc5_decrypt(rc5_ctx *, u4 *, int);
/* Function implementations for RC5. */
/* Scrub out all sensitive values. */
void rc5_destroy(rc5_ctx *c){
int i;
for(i=0;i<(c->nr)*2+2;i++) c->xk[i]=0;
free(c->xk);
}
/* Allocate memory for rc5 context's xk and such. */
void rc5_init(rc5_ctx *c, int rounds){
c->nr = rounds;
c->xk = (u4 *) malloc(4*(rounds*2+2));
}
void rc5_encrypt(rc5_ctx *c, u4 *data, int blocks){
u4 *d,*sk;
int h,i,rc;
d = data;
sk = (c->xk)+2;
for(h=0;h<blocks;h++){
d[0] += c->xk[0];
d[1] += c->xk[1];
for(i=0;i<c->nr*2;i+=2){
d[0] ^= d[1];
rc = d[1] & 31;
d[0] = ROTL32(d[0],rc);
d[0] += sk[i];
d[1] ^= d[0];
rc = d[0] & 31;
d[1] = ROTL32(d[1],rc);
d[1] += sk[i+1];
/*printf("Round %03d : %08lx %08lx sk= %08lx %08lx\n",i/2,
d[0],d[1],sk[i],sk[i+1]);*/
}
d+=2;
}
}
void rc5_decrypt(rc5_ctx *c, u4 *data, int blocks){
u4 *d,*sk;
int h,i,rc;
d = data;
sk = (c->xk)+2;
for(h=0;h<blocks;h++){
for(i=c->nr*2-2;i>=0;i-=2){
/*printf("Round %03d: %08lx %08lx sk: %08lx %08lx\n",
i/2,d[0],d[1],sk[i],sk[i+1]); */
d[1] -= sk[i+1];
rc = d[0] & 31;
d[1] = ROTR32(d[1],rc);
d[1] ^= d[0];
d[0] -= sk[i];
rc = d[1] & 31;
d[0] = ROTR32(d[0],rc);
d[0] ^= d[1];
}
d[0] -= c->xk[0];
d[1] -= c->xk[1];
d+=2;
}
}
void rc5_key(rc5_ctx *c, u1 *key, int keylen){
u4 *pk,A,B; /* padded key */
int xk_len, pk_len, i, num_steps,rc;
u1 *cp;
xk_len = c->nr*2 + 2;
pk_len = keylen/4;
if((keylen%4)!=0) pk_len += 1;
pk = (u4 *) malloc(pk_len * 4);
if(pk==NULL) {
printf("An error occurred!\n");
exit(-1);
}
/* Initialize pk -- this should work on Intel machines, anyway.... */
for(i=0;i<pk_len;i++) pk[i]=0;
cp = (u1 *)pk;
for(i=0;i<keylen;i++) cp[i]=key[i];
/* Initialize xk. */
c->xk[0] = 0xb7e15163; /* P32 */
for(i=1;i<xk_len;i++) c->xk[i] = c->xk[i-1] + 0x9e3779b9; /* Q32 */
/* TESTING */
A = B = 0;
for(i=0;i<xk_len;i++) {
A = A + c->xk[i];
B = B ^ c->xk[i];
}
/* Expand key into xk. */
if(pk_len>xk_len) num_steps = 3*pk_len;else num_steps = 3*xk_len;
A = B = 0;
for(i=0;i<num_steps;i++){
A = c->xk[i%xk_len] = ROTL32(c->xk[i%xk_len] + A + B,3);
rc = (A+B) & 31;
B = pk[i%pk_len] = ROTL32(pk[i%pk_len] + A + B,rc);
}
/* Clobber sensitive data before deallocating memory. */
for(i=0;i<pk_len;i++) pk[i] =0;
free(pk);
}
void main(void){
rc5_ctx c;
u4 data[8];
char key[] = "ABCDE";
int i;
printf("-------------------------------------------------\n");
for(i=0;i<8;i++) data[i] = i;
rc5_init(&c,10); /* 10 rounds */
rc5_key(&c,key,5);
rc5_encrypt(&c,data,4);
printf("Encryptions:\n");
for(i=0;i<8;i+=2) printf("Block %01d = %08lx %08lx\n",
i/2,data[i],data[i+1]);
rc5_decrypt(&c,data,2);
rc5_decrypt(&c,data+4,2);
printf("Decryptions:\n");
for(i=0;i<8;i+=2) printf("Block %01d = %08lx %08lx\n",
i/2,data[i],data[i+1]);
}
A5
typedef struct {
unsigned long r1,r2,r3;
} a5_ctx;
static int threshold(r1, r2, r3)
unsigned int r1;
unsigned int r2;
unsigned int r3;
{
int total;
total = (((r1 >> 9) & 0x1) == 1) +
(((r2 >> 11) & 0x1) == 1) +
(((r3 >> 11) & 0x1) == 1);
if (total > 1)
return (0);
else
return (1);
}
unsigned long clock_r1(ctl, r1)
int ctl;
unsigned long r1;
{
unsigned long feedback;
ctl ^= ((r1 >> 9) & 0x1);
if (ctl)
{
feedback = (r1 >> 18) ^ (r1 >> 17) ^ (r1 >> 16) ^ (r1 >> 13);
r1 = (r1 << 1) & 0x7ffff;
if (feedback & 0x01)
r1 ^= 0x01;
}
return (r1);
}
unsigned long clock_r2(ctl, r2)
int ctl;
unsigned long r2;
{
unsigned long feedback;
ctl ^= ((r2 >> 11) & 0x1);
if (ctl)
{
feedback = (r2 >> 21) ^ (r2 >> 20) ^ (r2 >> 16) ^ (r2 >> 12);
r2 = (r2 << 1) & 0x3fffff;
if (feedback & 0x01)
r2 ^= 0x01;
}
return (r2);
}
unsigned long clock_r3(ctl, r3)
int ctl;
unsigned long r3;
{
unsigned long feedback;
ctl ^= ((r3 >> 11) & 0x1);
if (ctl)
{
feedback = (r3 >> 22) ^ (r3 >> 21) ^ (r3 >> 18) ^ (r3 >> 17);
r3 = (r3 << 1) & 0x7fffff;
if (feedback & 0x01)
r3 ^= 0x01;
}
return (r3);
}
int keystream(key, frame, alice, bob)
unsigned char *key; /* 64 bit session key */
unsigned long frame; /* 22 bit frame sequence number */
unsigned char *alice; /* 114 bit Alice to Bob key stream */
unsigned char *bob; /* 114 bit Bob to Alice key stream */
{
unsigned long r1; /* 19 bit shift register */
unsigned long r2; /* 22 bit shift register */
unsigned long r3; /* 23 bit shift register */
int i; /* counter for loops */
int clock_ctl; /* xored with clock enable on each shift register */
unsigned char *ptr; /* current position in keystream */
unsigned char byte; /* byte of keystream being assembled */
unsigned int bits; /* number of bits of keystream in byte */
unsigned int bit; /* bit output from keystream generator */
/* Initialise shift registers from session key */
r1 = (key[0] | (key[1] << 8) | (key[2] << 16) ) & 0x7ffff;
r2 = ((key[2] >> 3) | (key[3] << 5) | (key[4] << 13) | (key[5] << 21)) &
0x3fffff;
r3 = ((key[5] >> 1) | (key[6] << 7) | (key[7] << 15) ) & 0x7fffff;
/* Merge frame sequence number into shift register state, by xor'ing it
* into the feedback path
*/
for (i=0;i<22;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock_r1(clock_ctl, r1);
r2 = clock_r2(clock_ctl, r2);
r3 = clock_r3(clock_ctl, r3);
if (frame & 1)
{
r1 ^= 1;
r2 ^= 1;
r3 ^= 1;
}
frame = frame >> 1;
}
/* Run shift registers for 100 clock ticks to allow frame number to
* be diffused into all the bits of the shift registers
*/
for (i=0;i<100;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock_r1(clock_ctl, r1);
r2 = clock_r2(clock_ctl, r2);
r3 = clock_r3(clock_ctl, r3);
}
/* Produce 114 bits of Alice->Bob key stream */
ptr = alice;
bits = 0;
byte = 0;
for (i=0;i<114;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock_r1(clock_ctl, r1);
r2 = clock_r2(clock_ctl, r2);
r3 = clock_r3(clock_ctl, r3);
bit = ((r1 >> 18) ^ (r2 >> 21) ^ (r3 >> 22)) & 0x01;
byte = (byte << 1) | bit;
bits++;
if (bits == 8)
{
*ptr = byte;
ptr++;
bits = 0;
byte = 0;
}
}
if (bits)
*ptr = byte;
/* Run shift registers for another 100 bits to hide relationship between
* Alice->Bob key stream and Bob->Alice key stream.
*/
for (i=0;i<100;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock_r1(clock_ctl, r1);
r2 = clock_r2(clock_ctl, r2);
r3 = clock_r3(clock_ctl, r3);
}
/* Produce 114 bits of Bob->Alice key stream */
ptr = bob;
bits = 0;
byte = 0;
for (i=0;i<114;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock_r1(clock_ctl, r1);
r2 = clock_r2(clock_ctl, r2);
r3 = clock_r3(clock_ctl, r3);
bit = ((r1 >> 18) ^ (r2 >> 21) ^ (r3 >> 22)) & 0x01;
byte = (byte << 1) | bit;
bits++;
if (bits == 8)
{
*ptr = byte;
ptr++;
bits = 0;
byte = 0;
}
}
if (bits)
*ptr = byte;
return (0);
}
void a5_key(a5_ctx *c, char *k){
c->r1 = k[0]<<11|k[1]<<3 | k[2]>>5 ; /* 19 */
c->r2 = k[2]<<17|k[3]<<9 | k[4]<<1 | k[5]>>7; /* 22 */
c->r3 = k[5]<<15|k[6]<<8 | k[7] ; /* 23 */
}
/* Step one bit in A5, return 0 or 1 as output bit. */
int a5_step(a5_ctx *c){
int control;
control = threshold(c->r1,c->r2,c->r3);
c->r1 = clock_r1(control,c->r1);
c->r2 = clock_r2(control,c->r2);
c->r3 = clock_r3(control,c->r3);
return( (c->r1^c->r2^c->r3)&1);
}
/* Encrypts a buffer of len bytes. */
void a5_encrypt(a5_ctx *c, char *data, int len){
int i,j;
char t;
for(i=0;i<len;i++){
for(j=0;j<8;j++) t = t<<1 | a5_step(c);
data[i]^=t;
}
}
void a5_decrypt(a5_ctx *c, char *data, int len){
a5_encrypt(c,data,len);
}
void main(void){
a5_ctx c;
char data[100];
char key[] = {1,2,3,4,5,6,7,8};
int i,flag;
for(i=0;i<100;i++) data[i] = i;
a5_key(&c,key);
a5_encrypt(&c,data,100);
a5_key(&c,key);
a5_decrypt(&c,data,1);
a5_decrypt(&c,data+1,99);
flag = 0;
for(i=0;i<100;i++) if(data[i]!=i)flag = 1;
if(flag)printf("Decrypt failed\n"); else printf("Decrypt
succeeded\n");
}
SEAL
#undef SEAL_DEBUG
#define ALG_OK 0
#define ALG_NOTOK 1
#define WORDS_PER_SEAL_CALL 1024
typedef struct {
unsigned long t[520]; /* 512 rounded up to a multiple of 5 + 5*/
unsigned long s[265]; /* 256 rounded up to a multiple of 5 + 5*/
unsigned long r[20]; /* 16 rounded up to multiple of 5 */
unsigned long counter; /* 32-bit synch value. */
unsigned long ks_buf[WORDS_PER_SEAL_CALL];
int ks_pos;
} seal_ctx;
#define ROT2(x) (((x) >> 2) | ((x) << 30))
#define ROT9(x) (((x) >> 9) | ((x) << 23))
#define ROT8(x) (((x) >> 8) | ((x) << 24))
#define ROT16(x) (((x) >> 16) | ((x) << 16))
#define ROT24(x) (((x) >> 24) | ((x) << 8))
#define ROT27(x) (((x) >> 27) | ((x) << 5))
#define WORD(cp) ((cp[0] << 24)|(cp[1] << 16)|(cp[2] << 8)|(cp[3]))
#define F1(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
#define F2(x, y, z) ((x)^(y)^(z))
#define F3(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
#define F4(x, y, z) ((x)^(y)^(z))
int g(in, i, h)
unsigned char *in;
int i;
unsigned long *h;
{
unsigned long h0;
unsigned long h1;
unsigned long h2;
unsigned long h3;
unsigned long h4;
unsigned long a;
unsigned long b;
unsigned long c;
unsigned long d;
unsigned long e;
unsigned char *kp;
unsigned long w[80];
unsigned long temp;
kp = in;
h0 = WORD(kp); kp += 4;
h1 = WORD(kp); kp += 4;
h2 = WORD(kp); kp += 4;
h3 = WORD(kp); kp += 4;
h4 = WORD(kp); kp += 4;
w[0] = i;
for (i=1;i<16;i++)
w[i] = 0;
for (i=16;i<80;i++)
w[i] = w[i-3]^w[i-8]^w[i-14]^w[i-16];
a = h0;
b = h1;
c = h2;
d = h3;
e = h4;
for (i=0;i<20;i++)
{
temp = ROT27(a) + F1(b, c, d) + e + w[i] + 0x5a827999;
e = d;
d = c;
c = ROT2(b);
b = a;
a = temp;
}
for (i=20;i<40;i++)
{
temp = ROT27(a) + F2(b, c, d) + e + w[i] + 0x6ed9eba1;
e = d;
d = c;
c = ROT2(b);
b = a;
a = temp;
}
for (i=40;i<60;i++)
{
temp = ROT27(a) + F3(b, c, d) + e + w[i] + 0x8f1bbcdc;
e = d;
d = c;
c = ROT2(b);
b = a;
a = temp;
}
for (i=60;i<80;i++)
{
temp = ROT27(a) + F4(b, c, d) + e + w[i] + 0xca62c1d6;
e = d;
d = c;
c = ROT2(b);
b = a;
a = temp;
}
h[0] = h0+a;
h[1] = h1+b;
h[2] = h2+c;
h[3] = h3+d;
h[4] = h4+e;
return (ALG_OK);
}
unsigned long gamma(a, i)
unsigned char *a;
int i;
{
unsigned long h[5];
(void) g(a, i/5, h);
return h[i % 5];
}
int seal_init(seal_ctx *result, unsigned char *key)
{
int i;
unsigned long h[5];
for (i=0;i<510;i+=5)
g(key, i/5, &(result->t[i]));
/* horrible special case for the end */
g(key, 510/5, h);
for (i=510;i<512;i++)
result->t[i] = h[i-510];
/* 0x1000 mod 5 is +1, so have horrible special case for the start */
g(key, (-1+0x1000)/5, h);
for (i=0;i<4;i++)
result->s[i] = h[i+1];
for (i=4;i<254;i+=5)
g(key, (i+0x1000)/5, &(result->s[i]));
/* horrible special case for the end */
g(key, (254+0x1000)/5, h);
for (i=254;i<256;i++)
result->s[i] = h[i-254];
/* 0x2000 mod 5 is +2, so have horrible special case at the start */
g(key, (-2+0x2000)/5, h);
for (i=0;i<3;i++)
result->r[i] = h[i+2];
for (i=3;i<13;i+=5)
g(key, (i+0x2000)/5, &(result->r[i]));
/* horrible special case for the end */
g(key, (13+0x2000)/5, h);
for (i=13;i<16;i++)
result->r[i] = h[i-13];
return (ALG_OK);
}
int seal(seal_ctx *key, unsigned long in, unsigned long *out)
{
int i;
int j;
int l;
unsigned long a;
unsigned long b;
unsigned long c;
unsigned long d;
unsigned short p;
unsigned short q;
unsigned long n1;
unsigned long n2;
unsigned long n3;
unsigned long n4;
unsigned long *wp;
wp = out;
for (l=0;l<4;l++)
{
a = in ^ key->r[4*l];
b = ROT8(in) ^ key->r[4*l+1];
c = ROT16(in) ^ key->r[4*l+2];
d = ROT24(in) ^ key->r[4*l+3];
for (j=0;j<2;j++)
{
p = a & 0x7fc;
b += key->t[p/4];
a = ROT9(a);
p = b & 0x7fc;
c += key->t[p/4];
b = ROT9(b);
p = c & 0x7fc;
d += key->t[p/4];
c = ROT9(c);
p = d & 0x7fc;
a += key->t[p/4];
d = ROT9(d);
}
n1 = d;
n2 = b;
n3 = a;
n4 = c;
p = a & 0x7fc;
b += key->t[p/4];
a = ROT9(a);
p = b & 0x7fc;
c += key->t[p/4];
b = ROT9(b);
p = c & 0x7fc;
d += key->t[p/4];
c = ROT9(c);
p = d & 0x7fc;
a += key->t[p/4];
d = ROT9(d);
/* This generates 64 32-bit words, or 256 bytes of keystream. */
for (i=0;i<64;i++)
{
p = a & 0x7fc;
b += key->t[p/4];
a = ROT9(a);
b ^= a;
q = b & 0x7fc;
c ^= key->t[q/4];
b = ROT9(b);
c += b;
p = (p+c) & 0x7fc;
d += key->t[p/4];
c = ROT9(c);
d ^= c;
q = (q+d) & 0x7fc;
a ^= key->t[q/4];
d = ROT9(d);
a += d;
p = (p+a) & 0x7fc;
b ^= key->t[p/4];
a = ROT9(a);
q = (q+b) & 0x7fc;
c += key->t[q/4];
b = ROT9(b);
p = (p+c) & 0x7fc;
d ^= key->t[p/4];
c = ROT9(c);
q = (q+d) & 0x7fc;
a += key->t[q/4];
d = ROT9(d);
*wp = b + key->s[4*i];
wp++;
*wp = c ^ key->s[4*i+1];
wp++;
*wp = d + key->s[4*i+2];
wp++;
*wp = a ^ key->s[4*i+3];
wp++;
if (i & 1)
{
a += n3;
c += n4;
}
else
{
a += n1;
c += n2;
}
}
}
return (ALG_OK);
}
/* Added call to refill ks_buf and reset counter and ks_pos. */
void seal_refill_buffer(seal_ctx *c){
seal(c,c->counter,c->ks_buf);
c->counter++;
c->ks_pos = 0;
}
void seal_key(seal_ctx *c, unsigned char *key){
seal_init(c,key);
c->counter = 0; /* By default, init to zero. */
c->ks_pos = WORDS_PER_SEAL_CALL;
/* Refill keystream buffer on next call. */
}
/* This encrypts the next w words with SEAL. */
void seal_encrypt(seal_ctx *c, unsigned long *data_ptr, int w){
int i;
for(i=0;i<w;i++){
if(c->ks_pos>=WORDS_PER_SEAL_CALL) seal_refill_buffer(c);
data_ptr[i]^=c->ks_buf[c->ks_pos];
c->ks_pos++;
}
}
void seal_decrypt(seal_ctx *c, unsigned long *data_ptr, int w) {
seal_encrypt(c,data_ptr,w);
}
void seal_resynch(seal_ctx *c, unsigned long synch_word){
c->counter = synch_word;
c->ks_pos = WORDS_PER_SEAL_CALL;
}
void main(void){
seal_ctx sc;
unsigned long buf[1000],t;
int i,flag;
unsigned char key[] =
{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19};
printf("1\n");
seal_key(&sc,key);
printf("2\n");
for(i=0;i<1000;i++) buf[i]=0;
printf("3\n");
seal_encrypt(&sc,buf,1000);
printf("4\n");
t = 0;
for(i=0;i<1000;i++) t = t ^ buf[i];
printf("XOR of buf is %08lx.\n",t);
seal_key(&sc,key);
seal_decrypt(&sc,buf,1);
seal_decrypt(&sc,buf+1,999);
flag = 0;
for(i=0;i<1000;i++) if(buf[i]!=0)flag=1;
if(flag) printf("Decrypt failed.\n");
else printf("Decrypt succeeded.\n");
}
4ABAHA?AI
1. ABA Bank Card Standard, "Management and Use of Personal Information Numbers, " Aids
from ABA, Catalog no. 207213, American Bankers Association, 1979.
2. ABA Document 4.3, "Key Management Standard," American Bankers Association, 1980.
3. M. Abadi, J. Eeigenbaum, and J. Kilian, "On Hiding Information from an Oracle," Proceedings
of the 19th ACM Symposium on the Theory of Computing, 1987, pp. 195-203.
4. M. Abadi, J. Eeigenbaum, and J. Kilian, "On Hiding Information from an Oracle," Journal of
Computer and System Sciences, v.39, n.1, Aug 1989, pp.21-50.
5. M. Abadi and R. Needham, "Prudent Engineering Practice for Cryptographic Protocols,"
Research Report 125, Digital Equipment Corp Systems Research Center, Jun 1994.
6. C.M. Adams, "On Immunity Against Biham and Shamir's Differential Cryptanalysis,' "
Information Processing Letters, v. 41, 14 Eob 1992, pp. 77-80.
7. C.M. Adams, "Simple and Effective Key Scheduling for Symmetric Ciphers, " Workshop on
Selected Areas in Cryptography Workshop Record, Kingston, Ontario, 5-6 May 1994,
pp.129-133.
8. C.M. Adams and H. Mailer, "Security Related Comments Regarding McEliece's Public-Key
Cryptosystem, " Advances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988,
pp. 224-230.
9. C.M. Adams and S.E. Tavares, "The Structured Design of Cryptographically Good SBoxes,"
journal of Cryptology v. 3, n. 1, 1990, pp. 27-41.
10. C.M. Adams and S.E. Tavares, "Designing S-Boxes for Ciphers Resistant to Differential
Cryptanalysis," Proceedings of the 3rd Symposium on State and Progress of Research in
Cryptography Rome, Italy, 15-16 Eeh 1993, pp. 181-190.
11. W. Adams and D. Shanks, "Strong Primality Tests That Are Not Sufficient, " Mathematics of
Computation, v. 39, 1982, pp. 255-300.
12. W.W Adams and L.J. Goldstein, Introduction to Number Theory, Englewood Cliffs, N.J.:
Prentice-Hall, 1976.
13. B.S. Adiga and P. Shankar, "Modified LuLee Cryptosystem," Electronics Letters, v 21, n. 18,
29 Aug 1985, pp. 794-795.
14. L.M. Adleman, "A Subexponential Algorithm for the Discrete Logarithm Problem with
Applications to Cryptography," Proceedings of the IEEE 20th Annual Symposium of
Eoundations of Computer Science, 1979, pp.55-60.
15. L.M. Adleman, "On Breaking Generalized Knapsack Public Key Cryptosystems, " Proceedings
of the 15th ACM Symposium on Theory of Computing, 1983, pp. 402412.
16. L.M. Adleman, "Eactoring Numbers Using Singular Integers," Proceedings of the 23rd
Annual ACM Symposium on the Theory of Computing, 1991, pp. 64 71.
17. L.M. Adleman, "Molecular Computation of Solutions to Combinatorial Problems," Science, v.
266, n. 11, Nov 1994, p. 1021.
18. L.M. Adleman, D. Estes, and K. McCurley, "Solving Bivariate Quadratic Congruences in
Random Polynomial Time," Mathematics of Computation, v. 48, n. 177, Jan 1987, pp. 17-
28.
19. L.M. Adleman, C. Pomerance, and R.S. Rumeley, "On Distinguishing Prime Numbers from
Composite Numbers, " Annals of Mathematics, v. 117, n. 1, 1983, pp. 173-206.
20. L.M. Adleman and R.L. Rivest, "How to Break the Lu-Lee COMSAT) Public-Key
Cryptosystem, " MIT Laboratory for Computer Science, Jul 1979.
21. G.B. Agnew, "Random Sources for Cryptographic Systems, " Advances in Cryptology
EUROCRYPT '8 7 Proceedings, Springer-Verlag, 1988, pp. 77-81.
22. G.B. Agnew, R.C. Mullin, I.M. Onyszchuk, and S.A. Vanstone, "An Implementation for a
East Public-Key Cryptosystem," Journal of Cryptology, v. 3, n. 2, 1991, pp. 63-79.
23. G.B. Agnew, R.C. Mullin, and S.A. Vanstone, "A East Elliptic Curve Cryptosystem,"
Advances in Cryptology EUROCRYPT '89 Proceedings, Spnnger-Verlag, 1990, pp. 706-
708.
24. G.B. Agnew, R.C. Mullin, and S.A. Vanstone, "Improved Digital Signature Scheme Based on
Discrete Exponentiation, " Electronics Letters, v. 26, n. 14, 5 Jul 1990, pp. 1024 1025.
25. G.B. Agnew, R.C. Mullin, and S.A. Vanstone, "On the Development of a East Elliptic Curve
Cryptosystem," Advances in Cryptology EUROCRYPT '92 Proceedings, Springer-Verlag,
1993, pp. 482
26. G.B. Agnew, R.C. Mullin, and S.A. Vanstone, "An Implementation of Elliptic Curve
Cryptosystems over E:155," IEEE Selected Areas of Communications, v. 11, n. 5, Jun 1993,
pp. 804-813.
27. A. Aho, J. Hopcroft, and J. Ullman. The 40. Design and Analysis of Computer Algorithms,
Addison-Wesley, 1974.
28. S.G. Akl, "Digital Signatures: A Tutorial Survey." Computer, v. 16, n. 2, Eeb 1983, pp. 15-24.
29. S.G. Akl, "On the Security of Compressed Encodings," Advances in Cryptology: Proceedings
of Crypto 83, Plenum Press, 1984, pp. 209-230.
30. S.G. Akl and H. Meijer, "A East Pseudo-Random Permutation Generator with Applications to
Cryptology," Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985,
pp. 269-275.
31. M. Alabbadi and S.B. Wicker, "Security of Xinmei Digital Signature Scheme," Electronics
Letters, v. 28, n. 9, 23 Apr 1992, pp. 890-89 1.
32. M. Alabbadi and S.B. Wicker, "Digital Signature Schemes Based on Error-Correcting
Codes," Proceedings of the 1993 IEEE-ISIT, IEEE Press, 1993, p. 199.
33. M. Alabbadi and S.B. Wicker, "Cryptanalysis of the Harn and Wang Modification of the
Xinmei Digital Signature Scheme, " Electronics Letters, v. 28, n. 18, 27 Aug 1992, pp.
1756-1758.
34. K. Alagappan and J. Tardo, "SPX Guide: Prototype Public Key Authentication Service, "
Digital Equipment Corp.. May 1991.
35. W. Alexi, B.-Z. Chor, O. Goldreich, and C.R Schnorr, "RSA and Rabin Eunctions: Certain
Parts Are as Hard as the Whole," Proceedings of the 25th IEEE Symposium on the
Eoundations of Computer Science, 1984, pp. 449-457.
36. W. Alexi, B.-Z. Chor, O. Goldreich, and C.R Schnorr, "RSA and Rabin Eunctions: Certain
Parts are as Hard as the Whole," SIAM 1ournal on Computing, v. 17, n. 2, Apr 1988, pp.
194 209.
37. Ameritech Mobile Communications et al., "Cellular Digital Packet Data System Specifications:
Part 406: Airlink Security," CDPD Industry Input Coordinator. Costa Mesa, Calif.. Jul
1993.
38. H.R. Amirazizi, E.D. Karnin, and J.M. Reyneri, "Compact Knapsacks are Polynomial
Solvable," ACM SIGACT News, v.15, 1983, pp. 20-22.
39. R.J. Anderson, "Solving a Class of Stream Ciphers," Cryptologia, v. 14, n. 3, Jul 1990, pp.
285-288.
40. R.J. Anderson, "A Second Generation Electronic Wallet," ESORICS 92, Proceedings of the
Second European Symposium on Research in Computer Security, Springer 54. Verlag,
1992, pp. 411 418.
41. R.J. Anderson, "Easter Attack on Certain Stream Ciphers, " Electronics Letters, v. 29, n. 15,
22 Jul 1993, pp. 1322-1323.
42. R.J. Anderson! "Derived Sequence Attacks on Stream Ciphers, " presented at the rump
session of CRYPTO '93, Aug 1993.
43. R.J. Anderson, "Why Cryptosystems Eail," lst ACM Conference on Computer and
Communications Security ACM Press, 1993, pp. 215-227.
44. R.J. Anderson, "Why Cryptosystems Eail," Communications of the ACM, v. 37, n. 11, Nov
1994, pp. 32 40.
45. R.J. Anderson, "On Eibonacci Keystream 58. Generators, " K. U. Lezzven Workshop on
Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
46. R.J. Anderson, "Searching for the Optimum Correlation Attack, " K. U. Leuven Workshop on
Cryptographic Algorithms, Springer-Verlag, 1995. to appear.
47. R.J. Anderson and T.M.A. Lomas, "Eortifying Key Negotiation Schemes with Poorly
Chosen Passwords," Electronics Letters, v. 30, n. 13, 23 Jun 1994, pp. 1040-1041.
48. R.J. Anderson and R. Needham, "Robustness Principles for Public Key Protocols,"
Advances in Cryptology CRYPTO '95 Proceedings, Springer-Verlag, 1995, to appear,
49. D. Andleman and J. Reeds, "On the Cryptanalysis of Rotor Machines and Substitution-
Permutation Networks," IEEE Trans actions on Information Theory, v. IT-28, n. 4, Jul
1982, pp. 578-584.
50. ANSI X3.92, "American National Standard for Data Encryption Algorithm (DEA ),"
Ameriean National Standards Institute, 1981.
51. ANSI X3.105, "American National Standard for Information Systems Data Link Encryption,
" Ameriean National Standards Institute, 1983.
52. ANSI X3.106, "American National Standard for Information Systems Data Encryption
Algorithm Modes of Operation," Ameriean National Standards Institute, 1 983.
53. ANSI X9.8, "American National Standard for Personal Information Number (PIN )
Management and Security, " American Bankers Association, 1982.
54. ANSI X9.9 (Revised, "American National Standard for Einancial Institution Message
Authentication (Wholesales), " American Bankers Association, 1986.
55. ANSI X9.17 (Revised. "American National Standard for Einancial Institution Key
Management (Wholesales)" American Bankers Assoeiation, 1985.
56. ANSI X9.19, "American National Standard for Retail Message Authentication," Ameriean
Bankers Assoeiation, 1985.
57. ANSI X9.23, "American National Standard for Einancial Institution Message Encryption, "
American Bankers Assoeiation, 1988.
58. ANSI X9.24, "Draft Proposed Ameriean National Standard for Retail Key Management,"
Ameriean Bankers Assoeiation, 1988.
59. ANSI X9.26 (Revised). "American National Standard for Einancial Institution Sign-On
Authentication for Wholesale Einancial Transaction," American Bankers Association,
1990.
60. ANSI X9.30, "Working Draft: Public Key Cryptography Using irreversible Algorithms for the
Einancial Services Industry''' Ameriean Bankers Association, Aug 1994.
61. ANSI X9.31, "Working Draft: Public Key Cryptography Using Reversible Algorithms for the
Einancial Services Industry," Ameriean Bankers Association, Mar 1993.
62. K. Aoki and K. Ohta, "Differential-Linear Cryptanalysis of EEAL-8," Proceedings of the
1995 Symposium on Cryptography and Information Security (SCIS by), Innyama, Japan,
24-27 Jan 1995, pp. A3.4.1-11. (In Japanese)
63. K. Araki and T. Sekine, "On the Conspiracy Problem of the Generalized Tanaka's
Cryptosystem," IEICE Transactions, v. E74, n. 8, Aug 1991, pp. 2176-2178.
64. S. Araki, K. Aoki, and K. Ohta, "The Best Linear Expression Search for EEAL," Pro-
ceedings of the 1995 Symposi um on Cryptography and Information Security (SCIS 95),
Inuyama, Japan, 24-27 Jan 1995, pp. A4.4.1-10.
65. C. Asmuth and J. Bloom, "A Modular Approach to Key Safeguarding," IE EE Transactions
on Information Theory, v. IT- 29, n. 2, Mar 1983, pp. 208 210.
66. D. Atkins, M. Graff, A.K. Lenstra, and RC. Leyland, "The Magic Words are Squeamish
Ossifrage, " Advances in Cryptology ASIA CRYPT '94 Proceedings, Springer- Verlag,
1995, pp. 263-277.
67. AT&T, "T7001 Random Number Generator," Data Sheet, Aug 1986.
68. AT<, "ATTEST Readying New Spy-Proof Phone for Big Military and Civilian Markets,"
The Report on ATTEST, 2 Jun 1986, pp. 6-7.
69. AT&T, "T7002/T7003 Bit Slice Multiplier," product announcement, 1987.
70. AT&T, "Telephone Security Device TSD 3600 User's Manual, " ATTEST, 20 Sep 1992.
71. Y. Aumann and U. Eeige, "On Message Proof Systems with Known Space Verifiers,"
Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 85-99.
72. R.G. Ayoub, An Introduction to the Theory of Numbers, Providence, Rl: American
Mathematical Society, 1963.
73. A. Aziz and W. Diffie, "Privacy and Authentication for Wireless Local Area Networks,"
IEEE Personal Communications, v. l, n. 1, 1994, pp. 25-31.
74. A. Bahreman and J.D. Tygar, "Certified Electronic Mail," Proceedings of the Internet Society
1994 Workshop on Network and Distributed System Secunty, The Internet Society,
1994, pp. 3-19.
75. D. Balenson, "Automated Distribution of Cryptographic Keys Using the Einancial
Institution Key Management Standard, " IEEE Communications Magazine, v. 23, n. 9.
Sep 1985, pp. 41-46.
76. D. Balenson, "Privacy Enhancement for Internet Electronic Mail: Part 111: Algo 91.
rithms, Modes, and Identifiers, " REC 1423, Eeb 1993.
77. D. Balenson, C.M. Ellison, S.B. Lipner, and S.T. Walker, "A New Approach to Software
Key Escrow Encryption," TIS Report #520, Trusted Information Systems, Aug 94
78. R. Ball, Mathematical Recreations and Essays, New York: MacMillan, 1960.
79. J. Bamford, The Puzzle Palace, Boston: 93. Houghton Mifflin, 1982.
80. J. Bamford and W. Madsen, The Puzzle Palace, Second Edition, Penguin Books, 1995.
81. S.K. Banerjee, "High Speed Implementa- tion of DES," Computers ed Security, v. l, 1982,
pp. 261-267.
82. Z. Baodong, "MC-Veiled Linear Transform Public Key Cryptosystem," Acta Electron- ica
Sinica, v. 20, n. 4, Apt 1992, pp. 21-24. In Chinese 1
83. P.H. Bardell, "Analysis of Cellular Automata Used as Pseudorandom Pattern Generators,"
Proceedings of 1990 Interna- tional Test Conference, pp. 762-768.
84. T. Baritaud, H. Gilbert, and M. Girault, "EET Hashing is not Collision-Eree, " Advances in
Cryptology EUR OCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 35-44.
85. C. Barker, "An Industry Perspective of the CCEP, " 2nd Annual AIAA Computer Security
Conference Proceedings, 1986.
86. W.G. Barker, Cryptanalysis of the Hagelin Cryptograph, Aegean Park Press, 1977.
87. R Barrett, "Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm
on a Standard Digital Signal Processor," Advances in Cryptology CRYPTO '86
Proceedings, Springer-Verlag, 1987, pp 311-323.
88. T.C. Bartee and D.l. Schneider, "Computation with Einite Eields," Information and Control,
v. 6, n. 2, Jun 1963, pp. 79-98.
89. U. Baum and S. Blackburn, "Clock Controlled Pseudorandom Generators on Einite Groups,"
K.U Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
90. K.R. Bauer, T.A. Bersen, and R.J. Eeiertag, "A Key Distribution Protocol Using Event
Markers," ACM Transactions on Computer Systems, v. 1, n. 3, 1983, pp. 249-255.
91. E. Bauspiess and E. Damm, "Requirements for Cryptographic Hash Eunctions," Com-
puters Security, v. l l, n. 5, Sep 1992, pp. 427 437.
92. D. Bayer, S. Haber, and W.S. Stornetta, "Improving the Efficiency and Reliability of Digital
Time-Stamping, " Sequences '91: Methods in Communication, Security, and Computer
Science, Springer-Verlag, 1992, pp. 329-334.
93. R. Bayer and J.K. Metzger, "On the Encipherment of Search Trees and Random Access
Eiles," ACM Transactions on Data base Systems, v. l, n. 1, Mar 1976, pp. 37-52.
94. M. Beale and M.E. Monaghan, "Encrytion Using Random Boolean Eunctions," Cryp-
tography and Coding, H.J. Beker and E.C. Piper, eds., Oxford: Clarendon Press, 1989,
pp. 219-230.
95. P. Beauchemin and G. Brassard, "A Gener- alization of Hellman's Extension to Shannon's
Approach to Cryptography," lournal of Cryptology, v. 1, n. 2, 1988, pp. 129-132.
96. R Beauchemin, G. Brassard, C. Crepeau, C. Goutier, and C. Pomerance, "The Generation of
Random Numbers that are Probably Prime, " Journal of Cryptology, v. 1, n. 1, 1988, pp.
53-64.
97. D. Beaver, J. Eeigenbaum, and V Shoup, "Eliding Instances in Zero-Knowledge Proofs, "
Advances in Cryptology CR YPTO '90 Proceedings, Springer-Verlag, 1991, pp. 326-
338.
98. H. Beker, J. Eriend, and P. Halliden, "Simplifying Key Management in Electronic Eunds
Transfcr Points of Sale Systems," Electronics Letters, v. 19, n. 12, Jun 1983, pp. 442 444.
99. H. Beker and E. Piper, Cipher Systems: The Protection of Communications, London:
Northwood Books, 1982.
100. D.E. Bell and L.J. LaPadula, "Secure Computer Systems: Mathematical Eoundations, "
Report ESD-TR-73-275, MITRE Corp., 1973.
101. D.E. Bell and L.J. LaPadula, "Secure Computer Systems: A Mathematical Model," Report
MTR-2547, MITRE Corp., 1973.
102. D.E. Bell and L.J. LaPadula, "Secure Computer Systems: A Refinement of the Mathematical
Model," Report ESD-TR-73-278, MITRE Corp., 1974.
103. D.E. Bell and L.J. LaPadula. "Secure Com- puter Systems: Unified Exposition and Multics
Interpretation," Report ESD-TR- 75-306, MITRE Corp., 1976.
104. M. Bellare and S. Goldwasser, "New Paradigms for Digital Signatures and Message
Authentication Based on Non-interactive Zero Knowledge Proofs, " Advances in
Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 194-211.
105. M. Bellare and S. Micali, "Non-interactive Oblivious Transfer and Applications, "
Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp.547-557.
106. M. Bellare, S. Micali, and R. Ostrovsky, "Perfect Zero-Knowledge in Constant Rounds,"
Proceedings of the 22nd ACM Symposium on the Theory of Computing, 1990, pp. 482-
493.
107. S.M. Bellovin, "A Preliminary Technical Analysis of Clipper and Skipjack," unpublished
manuscript, 20 Apr 1993.
108. S.M. Bellovin and M. Merritt, "Limitations of the Kerberos Protocol, " Winter 1991
USENIX Conference Proceedings, USENIX Association, 1991, pp. 253-267.
109. S.M. Bellovin and M. Merritt, "Encrypted Key Exchange: Password-Based Protocols
Secure Against Dictionary Attacks," Proceedings of the 1992 IEEE Computer Society
Conference on Research in Security and Privacy, 1992, pp. 72-84.
110. S.M. Bellovin and M. Merritt, "An Attack on the Interlock Protocol When Used for
Authentication, " IEEE Transactions on Information Theory, v. 40, n. 1, Jan 1994, pp.
273-275.
111. S.M. Bellovin and M. Merritt, "Cryptographic Protocol for Secure Communications, " U.S.
Patent #5,241,599, 31 Aug 93.
112. J. Ben-Aroya and E. Biham, "Differential Cryptanalysis of Lucifer, " Advances in
Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 187-199.
113. J.C. Benaloh, "Cryptographic Capsules: A Disjunctive Primitive for Interactive Protocols,"
Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, 213-222.
114. J.C. Benaloh, "Secret Sharing Homorphisms: Keeping Shares of a Secret Secret, "
Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987. pp. 251-260.
115. J.C. Benaloh, "Verifiable Secret-Ballot Elections, " Ph.D. dissertation, Yale University,
YALEU/DCS/TR-561, Dec 1987.
116. J.C. Benaloh and M. de Mare, "One-Way Accumulators: A Decentralized Alternative to
Digital Signatures," Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-
Verlag, 1994, pp. 274 285.
117. J.C. Benaloh and D. Tuinstra, "Receipt Eree Secret Ballot Elections," Proceedings of the
26th ACM Symposium on the Theory of Computing, 1994, pp. 544-553.
118. J.C. Benaloh and M. Yung, "Distributing the Power of a Government to Enhance the
Privacy of Voters, " Proceedings of the 130. 5th ACM Symposium on the Principles in
Distributed Computing, 1986, pp. 52-62.
119. A. Bender and G. Castagnoli, "On the Implementation of Elliptic Curve Cryptosystems, "
Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 186-192.
120. S. Bengio, G. Brassard, Y.G. Desmedt, C. Goutier, and J.-J. Quisquater, "Secure
Implementation of Identification Systems, " Journal of Cryptology, v. 4, n. 3, 1991, pp.
175-184.
121. C.H. Bennett, E. Bessette, G. Brassard, L. Salvail, and J. Smolin, "Experimental Quantum
Cryptography, " Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag,
1991, pp. 253-265.
122. C.H. Bennett, E. Bessette, G. Brassard, L. Salvail, and J. Smolin, "Experimental Quantum
Cryptography, "Journal of Cryptology, v. 5, n. 1, 1992, pp. 3-28.
123. C.H. Bennett and G. Brassard, "Quantum Cryptography: Public Key Distribution and Coin
Tossing, " Proceedings of the IEEE International Conference on Computers, Systems, and
Signal Processing, Banjalore, India, Dec 1984, pp. 175-179.
124. C.H. Bennett and G. Brassard, "An Update on Quantum Cryptography," Advances in
Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 475-480.
125. C.H. Bennett and G. Brassard, "Quantum Public-Key Distribution System, " IBM
Technical Disclosure Bulletin, v. 28, 1985, pp. 3153-3163.
126. C.H. Bennett and G. Brassard, "Quantum Public Key Distribution Reinvented, " S IGACT
News, v. 18, n.4, 1987, pp. 51-53.
127. C.H. Bennett and G. Brassard, "The Dawn of a New Era for Quantum Cryptography: The
Expenmental Prototype is Working!" SIGACT News, v. 20, n. 4, Eall 1989, pp. 78-82.
128. C.H. Bennett, G. Brassard, and S. Breidbart, Quantum Cryptography 11: How to Re-Use a
One-Time Pad Safely Even if PNP, unpublished manuscript, Nov 1982.
129. C.H. Bennett, G. Brassard, S. Breidbart, and S. Weisner, "Quantum Cryptography, or
Unforgeable Subway Tokens," Advances in Cryptology: Proceedings of Crypto 82,
Plenum Press, 1983, pp. 267-275.
130. C.H. Bennett, G. Brassard, C. Crepeau, and M.-H. Skubiszewska, "Practical Quantum
Oblivious Transfer, " Advances in Cryptology CRYPTO '91 Proceedings, Springer-Verlag,
1992, pp. 351-366.
131. C.H. Bennett, G. Brassard, and A.K. Ekert, "Quantum Cryptography," Scientific
American, v. 267, n.4, Oct 1992, pp. 50-57.
132. C.H. Bennett, G. Brassard, and N.D. Mermin, "Quantum Cryptography Without Bell's
Theorem, " Physical Review Letters, v.68, n.5, 3 Eeb 1992, pp. 557-559.
133. C.H. Bennett, G. Brassard, and J.-M. Robert, "How to Reduce Your Enemy's
Information," Advances in Cryptology CRYPTO '85 Proceedings, Springer-Verlag, 1986,
pp. 468-476.
134. C.H. Bennett, G. Brassard, and J.-M. Robert, "Privacy Amplification by Public
Discussion," SIAM Journal on Computing, v. 17, n.2, Apr 1988, pp. 210-229.
135. J. Bennett, "Analysis of the Encryption Algorithm Used in WordPerfect Word Processing
Program," Cryptologia, v. l l, n. 4, Oct 1987, pp. 206-210.
136. M. Ben-Or, S. Goldwasscr, and A. Wigderson, "Completeness Theorems for Non-
Cryptographic Eault-Tolerant Distributed Computation, " Proceedings of the 20th ACM
Symposium on the Theory of Computing, 1988, pp. 1-10.
137. M. Ben-Or, O. Goldreich, S. Goldwasser, J. Hastad, J. Kilian, S. Micali, and R Rogaway,
"Everything Provable is Provable in Zero-Knowledge," Advances in Cryptology CRYPTO
'88 Proceedings, Springer-Verlag, 1990, pp. 37-56.
138. M. Ben-Or, O. Goldreich, S. Micali, and R.L. Rivest, "A Eair Protocol for Signing
Contracts," IEEE Transactions on Information Theory, v. 36, n. 1, Jan 1990, pp. 40 46.
139. H.A. Bergen and W.J. Caelli, "Eile Security in WordPerfect 5.0," Cryptologia, v. 15, n. 1,
Jan 1991, pp. 57-66.
140. E.R. Berlekamp, Algebraic Coding Theory, Aegean Park Press, 1984.
141. S. Berkovits, "How to Broadcast a Secret," Advances i n Cryptology EUROCRYPT '91
Proceedings, Springer-Verlag, 1991, pp. 535-541.
142. S. Berkovits, J. Kowalchuk, and B. Schanning, "Implementing Public-Key Scheme, " IEEE
Communications Magazine, v. 17, n. 3, May 1979, pp. 2-3.
143. D.J. Bernstein, Bernstein vs. U.S. Depart- ment of State et al., Civil Action No. C95-
0582-MHP, United States District Court for the Northern District of California, 21 Eeb
1995.
144. T. Berson, "Differential Cryptanalysis Mod 232 with Applications to MD5, " Advances in
Cryptology EUROCRYPT '92 Proceedings, 1992, pp. 71-80.
145. T. Beth, Verfahren der schnellen Eourier-Transformation, Teubner, Stuttgart, 1984. (In
German.)
146. T. Beth, "Efficient Zero-Knowledge Identification Scheme for Smart Cards," Advances in
Cryptology EUROCRYPT '88 Proceedings, Springer-Verlag, 1988, pp. 77-84.
147. T. Beth, B.M. Cook, and D. Gollmann, "Architectures for Exponentiation in GE2n,"
Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 302-310.
148. T. Beth and Y. Desmedt, "Identification Tokens or: Solving the Chess Grandmastcr
Problem," Advances in Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp.
169-176.
149. T. Beth and C. Ding, "On Almost Nonlinear Permutations, " Advances in Cryptology
EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 65-76.
150. T. Beth, M. Erisch, and G.J. Simmons, eds., Lecture Notes in Computer Science 578;
Public Key Cryptography: State of the Art and Euture Directions, Springer-Verlag, 1992.
151. T. Beth and E.C. Piper, "The Stop-and-Go Generator," Advances in Cryptology: Procedings
of EUROCRYPT 84, Springer-Verlag, 1984, pp. 88-92.
152. T. Beth and E. Schaefer, "Non Supersingular Elliptic Curves for Public Key Cryptosystems,"
Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 316-
327.
153. A. Beutelspacher, "How to Say 'No', " Advances in Cryptology EUROCRYPT '89
Proceedings, Springer-Verlag, 1990, pp. 491-96.
154. J. Bidzos, letter to NIST regarding DSS, 20 Sep 1991.
155. J. Bidzos, personal communication, 1993. 169.
156. R Bieber, "A Logic of Communication in a Hostile Environment," Proceedings of the
Computer Security Eoundations Workshop, IEEE Computer Society Press, 1990, pp. 14-
22.
157. E. Biham, "Cryptanalysts of the Chaotic- Map Cryptosystem Suggested at EUROCRYPT
'91, " Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp.
532-534.
158. E. Biham, "New Types of Cryptanalytic Attacks Using Related Keys, " Technical Report
#753, Computer Science Department, Technion Israel Institute of Technology, Sep 1992.
159. E. Biham, "On the Applicability of Differential Cryptanalysis to Hash Eunctions," lecture at
EIES Workshop on Cryptographic Hash Eunctions, Mar 1992.
160. E. Biham, personal communication, 1993.
161. E. Biham, "Higher Order Differential Cryptanalysis, " unpublished manuscript, Jan 1994.
162. E. Biham, "On Modes of Operation," East Software Encryption, Cambridge Security
Workshop Proceedings, Springer-Verlag, 1994,pp. 116-120.
163. E. Biham, "New Types of Cryptanalytic Attacks Using Related Keys," Jo urnal of
Cryptology, v. 7, n. 4, 1994, pp. 229-246.
164. E. Biham, "On Matsui's Linear Cryptanalysis, " Advances in Cryptology EUROCRYPT '94
Proceedings, Springer-Verlag, 1995, pp. 398-412.
165. E. Biham and A. Biryukov, "How to Strengthen DES Using Existing Hardware, "
Advances in Cryptology ASIACKYPT '94 Proceedings, Springer-Verlag, 1995, to appear.
166. E. Biham and P.C. Kocher, "A Known Plaintext Attack on the PKZIP Encryption," K.U.
Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
167. E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like Cryptosystems,"
Advances in Cryptology- CRYPTO 90 Proceedings, Springer- Verlag, 1991, pp. 2-21.
168. E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like Cryptosystems," Journal
of Cryptology, v. 4, n. 1, 1991, pp 3-72.
169. E. Biham and A. Shamir, "Differential Cryptanalysis of Eeal and N-Hash, " Advances in
Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 181. 1-16.
170. E. Biham and A. Shamir, "Differential Cryptanalysis of Snefru, Khafre, REDOC- II, LOKI,
and Lucifer," Advances in Cryptology CRYPTO '91 Proceedings, 1992, pp. 156-171.
171. E. Biham and A. Shamir, "Differential Cryptanalysis of the Eull 16-Round DES,"
Advances in Cryptology CRYPTO '92 Proceedings, Springer-Verlag, 1993, 487- 496.
172. E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard,
Springer-Verlag, 1993.
173. R. Bird, I. Gopal, A. Herzberg, R Janson, S. Kutten, R. Molva, and M. Yung, "Systematic
Design of Two-Party Authentication Protocols, " Advances in Cryptology CRYPTO'91
Proceedings, Springer-Verlag, 1992, pp. 44-61.
174. R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung, "System-
atic Design of a Eamily of Attack-Resistant Authentication Protocols, " IEEE journal of
Selected Areas in Communication, to appear.
175. R. Bird, I. Gopal, A. Herzberg R Janson, S. Kutten, R. Molva, and M. Yung, "A Modu-
lar Eamily of Secure Protocols for Authentication and Key Distribution," IEEE/ACM
Transactions on Networking, to appear.
176. M. Bishop, "An Application for a East Data Encryption Standard Implementation, "
Computing Systems, v. 1, n. 3, 1988, pp. 221-254.
177. M. Bishop, "Privacy-Enhanced Electronic Mail," Distributed Computing and Cryptography,
J. Eeigenbaum and M. Merritt, eds., American Mathematical Society, 1991, pp. 93-106.
178. M. Bishop, "Privacy-Enhanced Electronic Mail, " Internetworking: Research and
Experience, v. 2, n. 4, Dec 1991, pp. 199-233.
179. M. Bishop, "Recent Changes to Privacy Enhanced Electronic Mail," Internetworking:
Research and Experience, v. 4, n. 1, Mar 1993, pp. 47-59.
180. I.E. Blake, R. Euji-Hara, R.C. Mullin, and S.A. Vanstone, "Computing Logarithms in Einite
Eields of Characteristic Two, " SIAM Journal on Algebraic Discrete Methods, v. 5, 1984,
pp. 276-285.
181. I.E. Blake, R.C. Mullin, and S.A. Vanstone, "Computing Logarithms in GE (2n), "
Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 73-82.
182. G.R. Blakley, "Safeguarding Cryptographic Keys," Proceedings of the National Computer
Conference, 1979, American Eederation of Information Processing Societies, v. 48. 1979,
pp. 313-317.
183. G.R. Blakley, "One-Time Pads ar e Key Safeguarding Schemes, Not Cryptosystems East
Key Safeguarding Schemes (Threshold Schemes Exist ), " Proceedings of the 1980
Symposium on Security and Privacy, IEEE Computer Society. Apr 1980, pp. 108-113.
184. G.R. Blakley and I. Borosh, "Rivest-Shamir-Adleman Public Key Cryptosystems Do Not
Always Conceal Messages," Computers and Mathematics with Applications, v. 5, n. 3,
1979, pp. 169-178.
185. G.R. Blakley and C. Meadows, "A Database Encryption Scheme which Allows the
Computation of Statistics Using Encrypted Data," Proceedings of the 1985 Symposium on
Security and Privacy, IEEE Computer Society, Apr 1985, pp. 116-122.
186. M. Blaze, "A Cryptographic Eile System for UNIX," 1st ACM Conference on Computer and
Communications Security, ACM Press, 1993, pp. 9-16.
187. M. Blaze, "Protocol Eailure in the Escrowed Encryption Standard, " 2nd ACM Conference
on Computer and Communications security, ACM Press, 1994, pp. 59-67.
188. M. Blaze, "Key Management in an Encrypting Eile System, " Proceedings of the Summer
94 USENIX Conference, USENIX Association, 1994, pp. 27-35.
189. M. Blaze and B. Schneier, "The MacGuffin Block Cipher Algorithm, " K. U. Leuven
Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
190. U. Blocher and M. Dichtl, "Eish: A East Software Stream Cipher," East Software
Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 41-
44.
191. R. Blom, "Non-Public Key Distribution," Advances in Cryptology: Proceedings of Crypto
82, Plenum Press, 1983, pp. 231-236.
192. K.J. Blow and S.J.D. Phoenix, "On a Eundamental Theorem of Quantum Cryptography, "
Journal of Modern Optics, v. 40, n. 1, Jan 1993, pp. 33-36.
193. L. Blum, M. Blum, and M. Shub, "A Simple Unpredictable Pseudo-Random Number
Generator," SIAM Journal on Computing, v. 15, n. 2, 1986, pp. 364-383.
194. M. Blum, "Coin Elipping by Telephone: A Protocol for Solving Impossible Problems,''
Proceedings of the 24th IEEE Computer Conference (CompCon), 1982, pp. 133-137.
195. M. Blum, "How to Exchange Secret Keys, " ACM Transactions on Computer Systems, v.
1, n. 2, May 1983, pp. 175-193.
196. M. Blum, "How to Prove a Theorem So No Onc Else Can Claim It," Proceedings of the
International Congress of Mathematicians, Berkeley, CA, 1986, pp. 1444-1451.
197. M. Blum, A. De Santis, S. Micali, and G. Persiano, "Noninteractive Zero-Knowledge, "
SIAM Journal on Computing, v. 20, n. 6, Dec 1991. pp. 1084-1118.
198. M. Blum, P. Eeldman, and S. Micali, "Non Interactivc Zero-Knowledge and Its
Applications, " Proceedings of the 20th ACM Symposilzm on Theory of Computing,
1988, pp. 103-112.
199. M. Blum and S. Goldwasser, "An Efficient Probabilistic Public-Key Encryption Scheme
Which Hides All Partial Information," Advances in Cryptology: Proceedings of C RYPTO
84, Springer-Verlag, 1985, pp. 289-299.
200. M. Blum and S. Micali, "How to Generate Cryptographically-Strong Sequences of Pseudo-
Random Bits," SIAM Journal on Computing, v. 13, n. 4, Nov 1984, pp. 850-864.
201. B. den Boer. "Cryptanalysts of E.E.A.L.," Advances in Cryptology E UROCRYPT '88
Proceeding.s, Springer-Verlag, 1988, pp. 293-300.
202. B. den Boer and A. Bosselaers, "An Attack on the Last Two Rounds of MD4, " Advances
in Cryptology CRYPTO '91 Proceedings, Springer-Verlag, 1992, pp. 194-203.
203. B. den Boer and A. Bosselaers, "Collisions for the Compression Eunction of M D5,"
Advances in Cryptology EUROCRYPT 93 Proceedings, Springer-Verlag, 1994, pp. 293
204. J.-P. Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mjolsnes, E. Muller, T. Pedersen, B.
Pfitzmann, R de Rooij, B. Schoenmakers, M. Schunter, L. Vallee, and M. Waidner,
"Digital Payment Systems in the ESPRIT Project CAEE, " Securicom 94, Paris, Erance, 2-
6 Jan 1994, pp. 35-45.
205. J.-R Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mjolsnes, E. Muller, T. Pcdersen, B.
Pfitzmann, P. de Rooij, B. Schoen makers, M. Schunter, L. Vallee, and M. Waidner, "The
ESPRIT Project CAEE High Security Digital Payment System," Computer Security
ESORICS 94, Springer-Verlag, 1994, pp. 217-230.
206. D.J. Bond, "Practical Primality Testing," Proceedings of IKE International Conference on
Secure Communications Systems, 22-23 Eeb 1984, pp. 50-53.
207. H. Bonnenberg, Secure Testing of VSLI Cryptographic Equipment, Series in
Microelectronics, Vol. 25, Konstanz: Hartung Gorre Verlag, 1993.
208. H. Bonnenberg, A. Curiger, N. Eelber, H. Kacslin, and X. Lai, "VLSI Implementation of a
New Block Cipher," Proceedings of the IEEE International Conference on Computer
Design: VLSI in Computers and Processors (ICCD 91), Oct 1991, pp. 510 -513.
209. K.S. Booth, "Authentication of Signatures Using Public Key Encryption," Commu nications
of the ACM, v. 24, n. 11, Nov 1981, pp. 772-774,
210. A. Bosselaers, R. Govaerts, and J. Vanderwalle, Advances in Cryptology CRYPTO '93
Proceedings, Springer-Verlag, 1994, pp. 175-186.
211. D.R Bovet and P. Crescenzi, Introduction to the Theory of CompiexiLy, Englewood Cliffs,
N.J.: Prenticc-Hall, 1994.
212. J. Boyar, "Inferring Scqucnccs Produced by a Linear Congruential Generator Missing
Low-Order Bits." Journal of Cryptology, v. 1, n. 3, 1989, pp. 177-184.
213. J. Boyar, D. Chaum, and I. Damgard, "Convertible Undeniable Signatures," Advances in
Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 189-205.
214. J. Boyar, K. Ericdl, and C. Lund, "Practical Zero-Knowledge Proofs: Giving Hints and
Using Deficiencies, " Advances in Cryptology EUROCRYPT '89 Proceedings, Springer-
Verlag, 1990, pp. 155-172.
215. J. Boyar, C. Lund, and R. Peralta, "On the Communication Complexity of Zero Knowledge
Proofs, " Journal of Cryptology, v.6, n.2, 1993, pp.65-85.
216. J. Boyar and R. Peralta, "On the Concrete Complexity of Zero-Knowledge Proofs, "
Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag 1990, pp. 507-525.
217. C. Boyd, "Some Applications of Multiple Key Ciphers," Advances in Cryptology
EUROCRYPT '88 Proceedings, Springer Verlag, 1988, pp. 455-467.
218. C. Boyd, "Digital Multisignatures," Cryptography and Coding, H.J. Beker and E.C. Piper,
eds., Oxford: Clarendon Press, 1989, pp. 241-246.
219. C. Boyd, "A New Multiple Key Cipher and an Improved Voting Scheme," Advances in
Cryptology EUROCRYPT '89 Proceed ings, Springer-Verlag, 1990, pp. 617 625.
220. C. Boyd, "Multisignatures Revisited," Cryptography and Coding, M.J. Ganley, ed.,
Oxford: Clarendon Press, 1993, pp. 21-30.
221. C. Boyd and W. Mao, "On the Limitation of BAN Logic, " Advances in Cryptology
EUROCRYPT '93 Proceedings, Springer Verlag, 1994, pp. 240-247.
222. C. Boyd and W. Mao, "Designing Secure Key Exchange Protocols," Computer Secu rity
ESORICS 94, Springer-Verlag, 1994, pp. 217-230.
223. B. O. Brachtl, D. Coppersmith, M.M. Hyden, S.M. Matyas, C.H. Meyer, J. Oseas, S.
Pilpel, and M. Schilling, "Data Authentication Using Modification Detection Codes Based
on a Public One Way Eunction," U.S. Patent #4,908,861, 13 Mar 1990.
224. J. Brandt, I.B. Damgard, R Landrock, and T. Pederson, "Zero-Knowledge Authentication
Scheme with Secret Key Exchange," Advances in Cryptology CRYPTO '88, Springer-
Verlag, 1990, pp. 583-588.
225. S.A. Brands, "An Efficient Off-Line Electronic Cash System Based on the Representation
Problem," Report CS-R9323, Computer Science / Department of Algorithms and
Architecture, CWI, Mar 1993.
226. S.A. Brands, "Untraceable Off-line Cash in Wallet with Observers," Advances in
Cryptology CRYPTO '93, Springer Verlag, 1994, pp. 302-318.
227. S.A. Brands, "Electronic Cash on the Internet," Proceedings of the Internet Society
Symposium on Network and Distributed Systems Secunty, IEEE Computer Society Press
1995, pp 64-84.
228. D.K. Branstad, "Hellman's Data Does Not Support His Conclusion," IEEE Spectrum, v.
16, n. 7, Jul 1979, p. 39.
229. D.K. Branstad, J. Gait, and S. Katzke, "Report on the Workshop on Cryptography in
Support of Computer Security, " NBSIR 77-1291, National Bureau of Standards, Sep 21-
22, 1976, September 1977.
230. G. Brassard, "A Note on the Complexity of Cryptography, " IEEE Transactions on
Information Theory, v. IT-25, n. 2, Mar 1979, pp. 232-233.
231. G. Brassard, "Relativized Cryptography," Proceedings of the IEEE 20th Annual Symposium
on the Eoundations of Computer Science, 1979, pp. 383-391.
232. G. Brassard, "A Time-Luck Trade-off in Relativized Cryptography, " Proceedings of the
IEEE 21st Annual Symposium on the Eoundations of Computer Science, 1980, pp. 380-
386.
233. G. Brassard, "A Time-Luck Tradeoff in Relativized Cryptography," Journal Of Computer
and System Sciences, v. 22, n.3, Jun 1981, pp. 280-311.
234. G. Brassard, "An Optimally Secure Relativized Cryptosystem," SIGACT News, v. 15, n. 1,
1983, pp. 28-33.
235. G. Brassard, "Relativized Cryptography," IEEE Transactions on Information Theory, v.
IT-29, n. 6, Nov 1983, pp. 877-894.
236. G. Brassard, Modern Cryptology: A Tutorial, Springer-Verlag, 1988.
237. G. Brassard, "Quantum Cryptography: A Bibliography," SIGACT News, v. 24, n. 3, Oct
1993, pp. 16-20.
238. G. Brassard, D. Chaum, and C. Crepeau, "An Introduction to Minimum Disclosure," CWI
Quarterly v. 1, 1988, pp. 3-17.
239. G. Brassard, D. Chaum, and C. Crepeau, "Minimum Disclosure Proofs of Knowledge,"
Journal of Computer and System Sciences, v. 37, n.2, Oct 1988, pp. 156-189.
240. G. Brassard and C. Crepeau, "Non-Transitive Transfer of Confidence: A Perfect Zero-
Knowledge Interactive Protocol for SAT and Beyond," Proceedings of the 27th IEEE
Symposium on Eoundations of Computer Science, 1986, pp. 188-195.
241. G. Brassard and C. Crepeau, "Zero- Knowledge Simulation of Boolean Circuits," Advances
in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 22 5-233.
242. G. Brassard and C. Crcpeau, "Sorting Out Zcro-Knowlcdge, " Advances in Cryptology
EUROCRYPT '89 Proceedings, Springcr-Vcrlag, 1990, pp. 181-191.
243. G. Brassard and C. Crcpcau, "Quantum Bit Commitment and Coin Tossing Protocols, "
Advances in Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 49-61.
244. G. Brassard, C. Crepeau, R. Jozsa, and D. Langlois, "A Quantum Bit Commitment
Schcmc Provably Unbreakable by Both Parties, " Proceedings of the 34th IEEE
Symposium on Eoundations of computer Science, 1993, pp. 362-371.
245. G. Brassard, C. Crepeau, and J.-M. Robert, ''Information Theoretic Reductions Among
Disclosure Problems, " Proceedings of the 27th IEEE Symposium on Eoundations of
Computer Science, 1986, pp. 168-173.
246. G. Brassard, C. Crcpeau, and J.-M. Robert, "All-or-Nothing Disclosure of Secrets, "
Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 234-238.
247. G. Brassard, C. Crepeau, and M. Yung, "Everything in NP Can Be Argued in Perfect Zero-
Knowledge in a Bounded Number of Rounds," Proceedings on the 16th Inter national
Colloquium on Automata, Languages, and Programming, Springer-Verlag, 1989, pp. 123-
136.
248. R.P. Brent, "An Improved Monte-Carlo Eactorization Algorithm," BIT v. 20, n. 2, 1980,
pp. 176-184.
249. R.P. Brent, "On the Periods of Generalized 261. Eibonacci Recurrences, Mathematics of
Computation, v 63, n. 207, Jul 1994, pp. 389-401.
250. R.R Brent, "Parallel Algorithms for Integer Eactorization," Research Report CMA-R49-89,
Computer Science Laboratory The Australian National University, Oct 1989.
251. D.M. Bressotid, Eactorization and Primality Testing, Springer-Verlag, 1989.
252. E.E. Brickcll, "A East Modular Multiplication Algorithm with Applications to Two Key
Cryptography," Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1982,
pp. 51-60.
253. E.E. Brickell, "Are Most Low Density Polynomial Knapsacks Solvable in Polynomial
Timer" Proceedings of the 14th Southeastern Conference on Combinatorics, Graph
Theory, and Computing, 1983.
254. E.E. Brickell, "Solving Low Density Knapsacks," Advances in Cryptology: Proceedings of
Crypto 83, Plenum Press, 1984, pp. 25-37.
255. E.E. Brickell, "Breaking Iterated Knapsacks," Advances in Cryptology: Proceedings of
Crypto 84, Springer-Verlag, 1985, pp. 342-358.
256. E.E. Brickell, "Cryptanalysts of the Uagisawa Public Key Cryptosystem," Abstracts of
Papers, EUROCRYPT '86, 20-22 May 1986.
257. E.E. Brickell, "The Cryptanalysis of Knapsack Cryptosystems, " Applications of Discrete
Mathematics, R.D. Ringeisen and E.S. Roberts, eds., Society for Industrial and Applied
Mathematics, Philadelphia, 1988, pp. 3-23.
258. E.E. Brickell, "Survey of Hardware Implementations of RSA, " Advances in Cryptology
CRYPTO '89 Proceedings, Springcr-Verlag, 1990, pp. 368-370.
259. E.E. Brickell, D. Chaum, I.B. Damgard, and J. van de Graff, "Gradual and Verifiable
Release of a Secret," Advances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag,
1988, pp. 156-166.
260. E.E. Brickell, J.A. Davis, and G.J. Simmons, "A Preliminary Report on the Cryptanalysis of
Merkle-Hellman Knapsack, " Advances in Cryptology: Proceedings of Crypto 82, Plenum
Press, 1983, pp. 289-303.
261. E.E. Brickell and J. DeLaurentis, "An Attack on a Signature Scheme Proposed by
Okamoto and Shiraishi, " Advances in Cryptology CRYPTO '85 Proceedings, Springer-
Verlag, 1986, pp. 28-32.
262. E.E. Brickell, D.E. Denning, S.T. Kent, D.R Maher, and W. Tuchman, "SKIPJACK
Review Interim Report, " unpublished manuscript, 28 Jul 1993.
263. E.E. Brickell, J.C. Lagarias, and A.M. Odlyzko, "Evaluation of the Adleman Attack of
Multiple Iterated Knapsack Cryptosystems," Advances in Cryptology: Proceedings of
Crypto 83, Plenum Press, 1984, pp. 39-42.
264. E.E. Brickell, RJ. Lee, and Y. Yacobi, "Secure Audio Teleconference," Advances in
Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 418 426.
265 . E. E. Brickell and K. S. McCurley, "An Interactive Identification Scheme Based on
Discrete Logarithms and Eactoring, " Advances in Cryptology EUROCRYPT '90
Proceedings, Springer-Verlag, 1991, pp. 63-71.
266. E.E. Brickell, J.H. Moore, and M.R. Purtill, "Structure in the S-Boxes of the DES,"
Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 3-8.
267. E.E. Brickell and A.M. Odlyzko, "Crypt analysis: A Survey of Recent Results," Pro
ceedings of the IEEE, v. 76, n. 5, May 1988, 279. pp. 578-593.
268. E.E. Brickell and A.M. Odlyzko, "Crypt analysis: A Survey of Recent Results,"
Contemporary Cryptology: The Science of Information Integnty, G.J. Simmons, ed.,
IEEE Press, 1991, pp. 501-540.
269. E.E. Brickell and G.J. Simmons, "A Status Report on Knapsack Based Public Key
Cryptosystems, " Congressus Numeran tium, v. 7, 1983, pp. 3-72.
270. E.E. Brickell and D.R. Stinson, "The Detection of Cheaters in Threshold Schemes,"
Advances in Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 564-
577.
271. A.G. Broscius and J.M. Smith, "Exploiting Parallelism in Hardware Implementation of
the DES, " Advances in Cryptology CRYPTO '91 Proceedings, Springer-Verlag, 1992,
pp. 367-376.
272. L. Brown, M. Kwan, J. Pieprzyk, and J. Seberry, "Improving Resistancc to Differential
Cryptanalysis and the Redesign of LOKI, " Advances in Cryptology ASIACRYPT '91
Proceedings, Springer-Verlag, 1993, pp. 36-50.
273. L. Brown, J. Pieprzyk, and J. Seberry, "LOKI: A Cryptographic Primitive for
Authentication and Secrecy Applications," Advances in Cryptology AUSCRYPT ' 90
Proceedings, Springer Verlag, 1990, pp. 229-236.
274. L. Brown, J. Pieprzyk, and J. Seberry, "Key Scheduling in DES Type Cryptosystems,"
Advances in Cryptology A IJSCRYPT '90 Proceedings, Springer-Verlag, 1990, pp. 221-
228.
275. L. Brown and J. Seberry, "On the Design of Permutation P in DES Type Cryptosystems,"
Advances in Cryptology EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, pp. 696-
705.
276. W. Brown, "A Quantum Leap in Secret Communications, " New Scientist, n. 1585, 30 Jan
1993, p. 21.
277. J.O. Bruer, "On Pseudo Random Sequences as Crypto Generators," Proceedings of the
International Zurich Seminar on Digital Communication, Switzerland, 1984.
278. L. Brynielsson "On the Linear Complexity of Combined Shift Register Sequences,"
Advances in Cryptology EUROCRYPT '85, Springer-Verlag, 1986, pp. 156-166.
279. J. Buchmann, J. Loho, and J. Zayer, "An Implementation of thc General Number Eield
Sieve, " Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp.
159-165.
280. M. Burmester and Y. Desmedt, "Broadcast Interactive Proofs," Advances in Cryptology
EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 81-95.
281. M. Burmester and Y. Desmedt, "A Secure and Efficient Conference Key Distribution
System, " Advances in Cryptology EUROCRYPT '94 Proceedings, Springer-Verlag,
1995, to appear.
282. D. Burnham, "NSA Seeking 500,000 'Secure' Telephones," The New York Times, 6 Oct
1994.
283. M. Burrows, M. Abadi, and R. Needham, "A Logic of Authentication, " Research Report
39, Digital Equipment Corp. Sys- tems Research Center, Eeb 1989.
284. M. Burrows, M. Abadi, and R. Needham, "A Logic of Authentication," ACM Trans-
actions on Computer Systems, v. 8, n. 1, Eeb 1990, pp. 18-36.
285. M. Burrows, M. Abadi, and R. Needham, "Rejoinder to Nessett," Operating System
Review, v. 20, n. 2, Apr 1990, pp. 39 40.
286. J.J. Cadc, "A Modification of a Broken Public-Key Cipher," Advances in Cryptology -
CRYPTO '86 Proceedillgs, Springer- Verlag, 1987, pp. 64-83.
287. T.R. Cain and A.T. Sherman, "How to Break Gifford's Cipher, " P roceedings of the 2nd
Annual ACM Conference Computer and Communications Security 300 ACM Press,
1994, pp. 198-209.
288. C. Calvelli and V Varadharajan, "An Analysis of Some Delegation Protocols for Distributed
Systems, " Proceedings of the Computer Security Eoundations Workshop V, IEEE
Computer Society Press, 1992, pp. 92-110.
289. J.L. Camenisch, J.-M. Piveteau, and M.A. Stadler, "An Efficient Electronic Payment
System Protecting Privacy," Computer Security ESORICS 94, Springer-Verlag, 1994,
pp. 207-215,
290. P. Camion and J. Patarin, "The Knapsack Hash Eunction Proposed at Crypto '89 Can Be
Broken," Advances in Cryptology EUROCRYPT '91, Springer-Verlag, 1991, pp. 39-
53.
291. C.M. Campbell, "Design and Specification of Cryptographic Capabilities," IEEE
Computer Society Magazine, v. 16, n. 6, Nov 1978, pp. 15 19.
292. E.A. Campbell, R. Safavi-Naini, and PA. Pleasants, "Partial Belief and Probabilistic
Reasoning in the Analysis of Secure Protocols," Proceedings of the Computer Security
Eoundations Workshop V, IEEE Computer Society Press, 1992, pp. 92-110.
293. K.W. Campbell and M.J. Wiener, "DES Is Not a Group," Advances in Cryptology
CRYPTO '92 Proceedings, Springer-Verlag, pp. 512-520.
294. Z.E. Cao and G. Zhao, "Some New MC Knapsack Cryptosystems, " CHINACRYPT 307 .
'94, Xidian, China, 11-15 Nov 1994, pp. 70-75. (In Chinese.)
295. C. Carlet, "Partially-Bent Eunctions, " Advances in Cryptology CRYPTO '92
Proceedings, Springer-Verlag, 1993, pp. 280-291.
296. C. Carlet, "Partially Bent Eunctions," Designs, Codes and Cryptography. v. 3, 1993, pp.
135-145.
297. C. Carlet, "Two New Classes of Bent Eunctions" Advances in Cryptology EU ROCRYPT
'93 Proceedings, Springer Vcrlag, 1994, pp. 77-101.
298. C. Carlet, J. Seberry, and X.M. Zhang, "Comments on Generating and Counting Binary
Bent Sequences,' " IEEE Transac tions on Information Theory v. IT-40, n. 2, Mar 1994,
p. 600.
299. J.M. Carroll, Computer Security, 2nd cdition, Butterworths 1987.
300. J.M. Carroll, "The Three Eaces of Information Security," Advances in Cryptology
AUSCRYPT '90 Proceedings, Springer-Verlag, 1990, pp. 433 -450.
301. J.M. Carroll, "'Do-it-yourself' Cryptography," Computers & Security v. 9, n. 7, Nov 1990,
pp. 613-619.
302. T.R. Caron and R.D. Silverman, "Parallel Implementation of the Quadratic Scheme,"
Journal of Supercomputing, v. 1, n. 3, 1988, pp. 273-290.
303. CCITT, Draft Recommendation X.509, "The Directory Authentication Eramework,"
Consultation Committee, International Telephone and Telegraph, International
Telecommunications Union, Geneva, 1987.
304. CCITT, Recommendation X.509, "The Directory Authentication Eramework, "
Consultation Committee, International Telephone and Telegraph, International
Telecommunications Union, Geneva, 1989.
305. CCITT, Recommendation X.800, "Security Architecture for Open Systems Interconnection
for CCITT Applications, " International Telephone and Telegraph. International
Telecommunications Union, Geneva, 1991.
306. E. Chabaud, "On the Security of Some Cryptosystems Based on Error-Correcting Codes,"
Advances in Cryptology EURO- CRYPT '94 Proceedings, Springer-Verlag, 1995, to
appear.
307. E. Chabaud and S. Vaudenay, "Links Between Differential and Linear Cryptanalysis, "
Advances in Cryptology- EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear.
308. W.G. Chambers and D. Gollmann, "Generators for Sequences with Near-Maximal Linear
Equivalence," IKE l'roceedings, V. 135, Pt. E, n. 1, Jan 1988, pp. 67-69.
309. W.G. Chambers and D. Gollmann, "Lock-In Effect in Cascades of Clock-Controlled Shi ft
Registers, " Advances in Cryptology EUROCRYPT '88 Proceedings, Springer-Verlag,
1988, pp. 331-343.
310. A. Chan and R. Games, "On the Linear Span of Binary Sequences from Einite Geometries,
" Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 405-
417.
311. J.R Chandler, D.C. Arrington, D.R. Berkel- hammer, and W.L. Gill, "Identification and
Analysis of Eoreign Laws and Regulations Pertaining to the Use of Commercial Encryption
Products for Voice and Data Communications, " National Intellectual Property Law
Institute, George Washing- ton University, Washington, D.C., Jan 1994.
312. C.C. Chang and S.J. Hwang, "Cryptographic Authentication of Passwords, " Proceedings of
the 25th Annual 1991 IEEE International Carnahan Conference on Security Technology,
Taipei, Taiwan, 1-3 Oct 1991, pp. 126-130.
313. C.C. Chang and S.J. Hwang, "A Strategy for Transforming Public-Key Cryptosystems into
Identity-Based Cryptosystems." Proceedings of the 25th Annual 1991 IEEE International
Carnahan Conference on Security Technology, Taipei, Taiwan, 1-3 Oct 1991, pp. 68-72.
314. C.C. Chang and C.H. Lin, "An ID-Based Signature Scheme Based upon Rabin's Public Key
Cryptosystem, " Proceedings of the 25th Annual 1991 IEEE International Carahan
Conference on Secunty Technology, Taipei, Taiwan, 1-3 Oct 1991, pp. 139-141.
315. C. Charnes and J. Pieprzyk, "Attacking the SL2 Hashing Scheme," Advances in Cryptology
ASIACRYPT '94 Proceedings, Springer-Verlag, 1995, pp. 322-330.
316. D. Chaum, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, "
Communications of the ACM,v.24,n.2,Eebl981,pp.84 88.
317. D. Chaum, "Blind Signatures for Untraceable Payments," Advances in Cryptology:
Proceedings of Crypto 82, Plenum Press, 1983, pp. 199-203.
318. D. Chaum, "Security Without Identification: Transaction Systems to Make Big Brother
Obsolete, " Communications of the ACM, v. 28, n. 10, Oct 1985, pp. 1030-1044.
319. D. Chaum, "Demonstrating that a Public Predicate Can Be Satisfied without Revealing Any
Information about How, " Advances in Cryptology CRYPTO '86 Proceedings, Springer-
Verlag, 1987, pp. 159-199.
320. D. Chaum, "Blinding for Unanticipated Signatures," Advances in Cryptology
EUROCRYPT '87 Proceedings, Springer-Vcrlag, 1988, pp. 227-233.
321. D. Chaum, "The Dining Cryptographers Problem: Unconditional Sender and Receiver
Untraceability, " Journal of Cryptology, v. 1, n. 1, 1988, pp. 65-75.
322. D. Chaum, "Elections with Unconditionally Secret Ballots and Disruptions Equivalent to
Breaking RSA," Advances in Cryptology EUROCRYPT '88 Proceedings. Springer-Verlag,
1988, pp. 177-181.
323. D. Chaum, "Blind Signature Systems, " U.S. Patent #4,759,063, 19 Jul 1988.
324. D. Chaum, "Blind Unanticipated Signature Systems," U.S. Patent #4,759,064, 19 Jul 1988.
325. D. Chaum, "Online Cash Checks, " Advances in Cryptology EUROCRYPT '89
Proceedings, Springcr-Verlag, 1990, pp. 288-293.
326. D. Chaum, "One-Show Blind Signature Systems," U.S. Patent #4,914,698, 3 Apr 1990.
327. D. Chaum, "Undeniable Signature Systems," U.S. Patent #4,947,430, 7 Aug 1990.
328. D. Chaum, "Returned-Value Blind Signature Systems," U.S. Patent #4,949,380, 14 Aug
1990.
329. D. Chaum, "Zero-Knowledge Undeniable Signatures, " Advances in Cryptology
EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 458-464.
330. D. Chaum, "Group Signatures," Advances in Cryptology EUROCRYPT '91 Proceedings,
Springer-Verlag, 1991, pp. 2.57-265.
331. D. Chaum, "Unpredictable Blind Signature Systems," U.S. Patent #4,991,210, 5 Eeb 1991.
332. D. Chaum, "Achieving Electronic Privacy," Scientific American, v. 267, n. 2, Aug 1992, pp.
96-101.
333. D. Chaum, "Designated Confirmer Signatures," Advances in Cryptology E UROCRYPT '94
Proceedings, Springer-Verlag, 1995, to appear.
334. D. Chaum, C. Crepeau, and I.B. Damgard, "Multiparty Unconditionally Secure Protocols, "
Proceedings of the 20th ACM Symposium on the Theory of Computing, 1988, pp. 11-19.
335. D. Chaum, B. den Boer, E. van Heyst, S. Mjolsnes, and A. Steenbeek, "Efficient Offline
Electronic Checks," Advances in Cryptology E UK OCRYPT '89 Proceedings, Springer-
Verlag, 1990, pp. 2Y4-301.
336. D. Chaum and J.-H. Evertse, "Cryptanalysis of DES with a Reduced Number of Rounds;
Scqucnces of Linear Eactors in Block Ciphers, " Advances in Cryptology CRYPTO '85
Proceedings, Springer-Verlag, 1986, pp. 192-211.
337. D. Chaum, J.-H. Evertse, and J. van de Graff, "An Improved Protocol for Demonstrating
Possession of Discrete Logarithms and Some Generalizations, " Advances in Cryptology
EUROCRYPT '87 Proceedings, Springer-Verlag, 1988, pp. 127 141.
338. D. Chaum, J.-H. Evertse, J. van de Graff, and R. Peralta, "Demonstrating Possession of a
Discrete Logarithm without Revealing It, " Advances in Cryptology CRYPTO '86
Proceedings, Springer-Verlag, 1987, pp. 200-212.
339. D. Chaum, A. Eiat, and M. Naor, "Untraceable Electronic Cash," Advances in Cryptology
CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 319-327.
340. D. Chaum and T. Pedersen, "Transferred Cash Grows in Size," Advances in Cryptology
EUROCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 391-407.
341. D. Chaum and T. Pedersen, "Wallet Databases with Observers," Advances in Cryptology
CRYPTO '92 Proceedings, Springer-Verlag, 1993, pp. 89-105.
342. D. Chaum and J. Schaumuller-Bichel, eds., Smart Card 2000, North Holland: Elsevier
Science Publishers, 1989.
343. 1). Chaum and H. van Antwcrpen, "Undeniable Signaturcs," Advances in Cryptology
CRYPTO '89 Proceedings, Springcr-Verlag, 1990, pp. 212-216.
344. D. Chaum, E. van Heijst, and B. Pfitzmann, "Cryptographically Strong Undeniab le
Signatures, Unconditionally Secure for thc Signer, " Advances in Cryptology CRYPTO
'91 Proceedings. Springer-Verlag, 1992, pp. 470-484.
345. T.M. Chee, "The Cryptanalysis of a New Public-Key Cryptosystem Based on Modular
Knapsacks, " Advances in Cryptology CKYPTO '91 Proceedings, Springer-Verlag, 1992,
pp. 204-212.
346. L Chen, "Oblivious Signatures," Computer Security ESORICS 94, Springcr-Verlag, 19 94,
pp. 161-172,
347. L. Chen and M. Burminster, "A Practical Secret Voting Scheme which Allows Voters to
Abstain," CHINACRYPT '94, Xidian, China, 11-15 Nov 1994, pp. 100-107.
348. L. Chen and T.P Pedersen "New Group Signature Schemes, " Advances in Cryptology
EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear.
349. J. Chenhui, "Spectral Characteristics of Partially-Bent Eunctions," CHINACRYPT '94,
Xidian, China, 11-15 Nov 1994, pp. 48-51.
350. V. Chepyzhov and B. Smeets, "On a East Correlation Attack on Certain Stream Ciphers,"
Advances in Cryptology EUR OCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 176-
185.
351. T.C. Cheung, "Management of PEM Public Key Certificates Using X.500 Directory
Service: Some Problems and Solutions," Proceedings of the lnternet Society 1994
Workshop on Network and Distnhuted System Security. The Internet Society, 1994, pp.
35 42.
352. G.C. Chiou and W.C. Chen, "Secure Broadcasting Using the Secure Lock, " IEEE
Transactions on Software Engineenng, v. SE-15, n. 8, Aug 1989, pp. 929-934.
353. Y.J. Choie and H.S. Hwoang, "On the Cryptosystem Using Elliptic Curves, " Pro-
ceedings of the 1993 Korea-Japan Workshop on Information Security and Cryp tography,
Seoul, Korca, 24-26 Oct 1993, pp. 105-113.
354. B. Chor and O. Goldreich, "RSA/Rabin Least Significant Bits are 1/21/ ... Secure, "
Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 303-
313.
355. B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch, "Verifiable Secret Sharing and
Achieving Simultaneity in the Presence of Eaults," Proceedings of the 26th Amlual IEEE
Symposium on the Eoundations of Computer Science, 1985, pp. 383-395.
356. B. Chor and R.L. Rivcst, "A Knapsack Typc Public Key Cryptosystem Based on Arith-
mctic in Einitc Eields," Advallces ill Cryptology: Proceedings of CRYPTO 84, Springer-
Verlag, 1985, pp. 54-65.
357. R Christoffersson, S.-A. Ekahll, V. Eak, S. Herda, R Mattila, W. Price, and H.-O. Wid-
man, Crypto Users Handbook: A Guide for Implementors of Cryptographic Protection in
Computer Systems, North Holland Elscvicr Scicncc Publishcrs, 1988.
358. R. Cleve, "Controlled Gradual Disclosure Schemes for Random Bits and Their
Applications, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag,
1990, pp. 572-588.
359. J.D. Cohen, "Improving Privacy in Cryptographic Elections," Yale University Computer
Science Department Technical Report YALEU/DCS/TR-454, Eeb 1986.
360. J.D. Cohen and M.H. Eischer, "A Robust and Verifiable Cryptographically Secure
Election Scheme, " Proceedings of the 26th Annual IEEE Symposium on the Eoundations
of Computer Science, 1985. pp. 372-382.
361. R. Cole, "A Model for Security in Dis tributed Systems," Computers and Secu rity, v.9 ,
n.4, Apr 1990, pp.319-330.
362. Comptroller General of the United States, "Matter of National Institute of Standards and
Technology Use of Electronic Data Interchange Technology to Create Valid
Obligations," Eile B-245714, 13 Dec 1991.
363. M.S. Conn, letter to Joe Abernathy, National Security Agency, Ser: Q43-111 92, 10 Jun
1992.
364. C. Connell, "An Analysis of NewDES: A Modified Version of DES," Cryptologia, v. 14,
n. 3, Jul 1990, pp. 217-223.
365. S.A. Cook, "The Complexity of Theorem Proving Procedures," Proceedings of the 3rd
Annual ACM Symposium on the The oryofComputing, 1971,pp. 151-158.
366. R.H. Cooper and W. Patterson, "A Generalization of the Knapsack Method Using Galois
Eields," Cryptologia, v. 8, n. 4, Oct 1984, pp. 343-347.
367. R.H. Cooper and W. Patterson, "RSA as a Benchmark for Multiprocessor Machines, "
Advances in Cryptology AUSCRYPT'90 Proceedings, Springer-Verlag, 1990, pp. 356-
359.
368. D. Coppersmith, "East Evaluation of Logarithms in Eields of Characteristic Two," IEEE
Transactions on Information Theory, v.30,n.4,Jull984,pp.587-594.
369. D. Coppersmith, "Another Birthday Attack, " Advances in Cryptology CRYPTO '85
Proceedings, Springer-Verlag, 1986, pp. 14-17.
370. D. Coppersmith, "Cheating at Mental Poker, " Advances in Cryptology CRYPTO '85
Proceedings, Springer-Verlag, 1986, pp. 104-107.
371. D. Coppersmith, "The Real Reason for Rivest's Phenomenon, " Advances in Cryptology
CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 535-536.
372. D. Coppersmith, "Two Broken Hash Eunctions," Research Report RD 18397, IBM T.J.
Watson Center, Oct 1992.
373. D. Coppersmith, "The Data Encryption Standard (DES) and Its Strength against Attacks,"
Technical Report RC 18613, IBM T.J. Watson Center, Dec 1992.
374. D. Coppersmith, "The Data Encryption Standard (DES) and its Strength against Attacks, "
IBM /ournal of Research and Development, v. 38, n. 3, May 1994, pp. 243-250.
375. D. Coppersmith, "Attack on the Cryptographic Scheme NIKS-TAS," Advances in
Cryptology CRYPTO '94 Proceedings, Springer-Verlag, 1994, pp. 294-307.
376. D. Coppersmith, personal communication, 1994.
377. D. Coppersmith and E. Grossman, "Generators for Certain Alternating Groups with
Applications to Cryptography, " SIAM Journal on Applied Mathematics, v. 29, n. 4, Dec
1975, pp. 624-627.
378. D. Coppersmith, H. Krawczyk, and Y. Mansour, "The Shrinking Generator, " Advances in
Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 22-39.
379. D. Coppersmith, A. Odlykzo, and R. Schroeppel, "Discrete Logarithms in GE (p),''
Algorithmica, v. 1, n. 1, 1986, pp. 1-16.
380. D. Coppersmith and R Rogaway, "Software Efficient Pseudo Random Eunction and the Use
Thereof for Encryption," U.S. Patent pending, 1995.
381. D. Coppersmith, J. Stern, and S. Vaudenay, "Attacks on the Birational Signature Schemes,
" Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 435-
443.
382. V. Cordonnier and J.-J. Quisquater, eds.. CARD1S '94 Proceedings of the Eirst Smart
Card Research and Advanced Application Conference, Lille, Erance, 24-26 Oct 1994.
383. C. Couvreur and J.-J. Quisquater, "An Introduction to East Generation of Large Prime
Numbers," Philips /ournal Research, v. 37. n. 5 6, 1982, pp. 231-264.
384. C. Couvreur and J.-J. Quisquater, "An Introduction to East Generation of Large Prime
Numbers," Philips journal Research, v. 38, 1983, i' 77
385. C. Coveyou and R.D. MacPherson, "Eourier Analysis of Uniform Random Number
Gcncrators," lournal of the ACM, v. 14, n. 1, 1967, pp. 100-119.
386. T.M. Cover and R.C. King, "A Convergent Gambling Estimate of the Entropy of English,"
IEEE Tran.saction.s on Informa- tion Theory, v. IT-24, n. 4, Jul 1978, pp. 413-421.
387. R.J.E. Cramer and T.R Pedersen, "Improved Privacy in Wallets with Observers," Advances
in Cryptology EZJROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 329-343.
388. R.E. Crandell, "Method and Apparatus for Public Key Exchange in a Cryptographic
System," U.S. Patent #5,159,632, 27 Oct 1992.
389. C. Crepeau, "A Secure Poker Protocol That Minimizes the Effect of Player Coalitions,"
Advances in Cryptology CKYP'I'O '85 Proceedings, Springer-Verlag, 1986, pit. 73-86.
390. C. Crepcau, "A Zcro-Knowlcdge Poker Protocol that Achieves Confidentiality of the
Players' Strategy, or How to Achieve an Electronic Poker Eace, " Advances in Cryptology
CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 23Y-247,
391. C. Crepeau, "Equivalence Between Two Elavours of Oblivious Transfer," Advances in
Cryptology CRYPTO 87 Proceedings, Springer-Ver lag, 1988, pp. 350-354.
392. C. Crepeau, "Correct and Private Reductions among Oblivious Transfers," Ph.D.
dissertation, Department of Electrical Engineering and Computer Science, Massachusetts
Institute of Technology, 1990.
393. C. Crcpcau, "Quantum Oblivious Transfcr, " journal of Modern Optics, v. 41, n. 12, Dec
1994, pp. 2445-2454.
394. C. Crepeau and J. Kilian, "Achieving Oblivious Transfer Using Weakened Security
Assumptions, " Proceedings of the 29th Amllzal Symposiurn on the Eoundatijns of
Computer Science, 1988, pp. 42-.32.
395. C. Crepeau and J. Kilian, "Weakening Security Assumptions and Oblivious Transfer, "
Advances in Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 2-7.
396. C. Crepeau and L. Salvail, "Quantum Oblivious Mutual Identification, " Advances in
Cryptology EUROCRYPT '95 Proceed- ings, Springer-Verlag 1995, pp. 133-146.
397. A. Curiger, H. Bonnenberg, R. Zimmermann, N. Eelber, H. Kaeslin and W. Eichtner,
"VINCI: VLSI Implementation of the New Block Cipher IDEA," Proceedings of IEEE
CICC '93, San Diego, CA, May 1993, pp. 15.5.1-15.5.4.
398. A. Curiger and B. Stuber, "Specification for the IDEA Chip, " Technical Report No.
92/03, Institut fur Integrierte Systeme, ETH Zurich, Eeb 1992.
399. T. Cusick, "Boolean Eunctions Satisfying a Higher Order Strict Avalanche Criterion,"
Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 102-
117.
400. T.W. Cusick and M.C. Wood, "The REDOC-II Cryptosystem," Advances in Cryptology
CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 545-563.
401. Cylink Corporation, Cylink Corporation vs. RSA Data Security, Inc., Civil Action No.
C94-02332-CW, United States District Court for the Northern District of Califor- nia, 30
Jun 1994.
402. J. Daeman, "Cipher and Hash Eunction Design, " Ph.D. Thesis, Katholieke Univer- siteit
Leuven, Mar 95.
403. J. Daeman, A. Bosselaers, R. Govaerts, and J. Vandewalle, "Collisions for Schnorr's Hash
Eunction EET-Hash Presented at Crypto '91," Advances in Cryptology ASIA CRYPT '91
Proceedings, Springer- Verlag, 1993, pp. 477-480.
404. J. Daeman, R. Govaerts, and J. Vandewalle, "A Eramework for the Design of One-Way
Hash Eunctions Including Cryptanalysis of Damgard's Onc-Way Eunction Based on
Cellular Automata, " Advances in Cryp- tology ASIA CRYPT '91 Proceedings, Springer-
Verlag, 1993, pp. 82-96.
405. J. Daeman, R. Govaerts, and J. Vandewalle, "A Hardware Design Model for Crypto-
graphic Algorithms, " ESORICS 92, Pro- ceedings of the Second European Sympo- sium
on Research in Computer Security, Springer-Verlag, 1992, pp. 419 434.
406. J. Daemcn, R. Govacrts, and J. Vandewalle, "Block Ciphers Based on Modular Arith-
metic, " Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography,
Rome, Italy, 15-16 Eeb 1993, pp. 418. 80-89.
407. J. Daemen, R. Govaerts. and J. Vandewalle, "East Hashing Both in Hardware and Soft
ware," presented at the rump session of CRYPTO '93, Aug 1993.
408. J. Daeman, R. Govaerts, and J. Vandewalle, "Resynchronization Weaknesses in Syn
chronous Stream Ciphers," Advances in Cryptology E UR O CRYPT '93 Proceed ings,
Springer-Verlag, 1994, pp. 159-167.
409. J. Daeman, R. Govaerts, and J. Vandewalle, "Weak Keys for IDEA, " Advances in
Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 224-230.
410. J. Daemen, R. Govaerts, and J. Vandewalle, "A New Approach to Block Cipher
Design," East Software Encryption, Cam bridge Security Workshop Proceedings,
Springer-Verlag, 1994, pp. 18-32.
411. Z.-D. Dai, "Proof of Rueppel's Linear Complexity Conjecture," IEEE Transactions on
Information Theory, v. IT-32, n. 3, May 1986, pp. 440 443.
412. I.B. Damgard, "Collision Eree Hash Eunctions and Public Key Signature Schemes,"
Advances in Cryptology EUROCRYPT '87 Proceedings, Springer-Verlag, 1988, pp.
203-216.
413. I.B. Damgard, "Payment Systems and Credential Mechanisms with Provable Secu rity
Against Abuse by Individuals, " Advances in Cryptology CRYPTO '88 I'roceedings,
Springer-Verlag, 1990, pp. 328-335
414. I.B. Damgard, "A Design Principle for Hash Eunctions, " Advances in Cryptol428. ogy
CRYPTO '89 Proceedings, Springer Verlag, 1990, pp. 416 427.
415. I.B. Damgard, "Practical and Provably Secure Release of a Secret and Exchangc of
Signatures, " Advances in Cryptology EUROCRYPT '93 Proceedings, Springer Verlag,
1994, pp. 200-217.
416. 1.B. Damgard and L.R. Knudsen, "The Rreaking of the AR Hash Eunction, " Advances
in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 286-292.
417. I.B. Damgard and R Landrock, "Improved Bounds for the Rabin Primality Test, " 431.
Cryptography and Coding III, M.J. Ganley, e d., Oxford: Clarendon Press, 1993, pp. 117-
128.
418. I.B. Damgard, P. Landrock and C. Pomerance, "Average Case Error Estimates for the
Strong Probablc Prime Test," Mathematics of Computation, v. 61, n. 203, Jul 1993, pp.
177-194.
419. H.E. Daniels, Jr., letter to Datapro Research Corporation regarding CCEP, 23 Dec 1985.
420. H. Davenport, The Higher Arithmetic, Dover Books, 1983.
421. G.I. Davida, "Inverse of Elements of a Galois Eield," Electronics Letters, v. 8, n. 21, 19
Oct 1972, pp. 518-520.
422. G.I. Davida, "Hellman's Scheme Breaks DES in Its Basic Eorm," IEEE Spectrum, v. 16, n.
7, Jul 1979, p. 39.
423. G.I. Davida, "Chosen Signature Cryptanalysis of the RSA iMITJ Public Key Cryptosystem,"
Technical Report TR-CS-82-2, Department of EECS, University of Wis- consin, 1982.
424. G.I. Davida and G.G. Walter, "A Public Key Analog Cryptosystem," Advances in
Cryptology E UR O CRYPT '8 7 Proceedings, Springer-Verlag, 1988, pp. 143-147.
425. G.I. Davida, D. Wells, and J. Kam, "A Database Encryption System with Subkeys," ACM
Transactions on Database Systems,v.6,n.2,Junl981,pp.312-328.
426. D.W. Davies, "Applying the RSA Digital Signature to Electronic Mail," Computer, v. 16,
n. 2, Eeb 1983, pp. 55-62.
427. D.W. Davies, "Some Regular Properties of the DES," Advances in Cryptology: Pro-
ceedings of Crypto 82, Plenum Press, 1983, pp. 89-96.
428. D.W. Davics, "A Message Authentication Algorithm Suitable for a Mainframe Com-
puter," Advances in Cryptology: Proceed- ings of Crypto 82, Springer-Verlag, 1985, pp.
393 400.
429. D.W. Davies and S. Murphy, "Pairs and Triplets of DES S-boxes, " Cryptologia, v. 8, n. 1,
1995, pp. 1-25.
430. D.W. Davies and G.I.P. Parkin, "The Average Size of thc Key Stream in Output Eeedback
Encipherment, " Cryptography Proceedings of the Workshop of cryplograpy Burg
Eeuer.stein, Germany, March 29-April 2, 1982, Springer-Verlag, 1983, pp. 263-279.
431 D.W. Davies and G.I.R Parkin, "The Average Size of the Key Stream in Output Eeedback
Mode, " Advances in Cryptology: Pro ceedings of Crypto 82, Plenum Press, 1983, pp. 97-
98.
432. D.W. Davies and W. L. Price, "The Applica tion of Digital Signatures Based on Public- Key
Cryptosystems, " Proceedings of the Eifth International Computer Communications
Conference, Oct 1980, pp. 525-530.
433. D.W. Davies and W.L. Price, "The Applica- tion of Digital Signatures Based on Public-
Key Cryptosystems, " National Physical Laboratory Report DNACS 39/80, Dec 1980.
434. D.W. Davies and W.L. Price, "Digital Sig- nature An Update," Proceedings of Inter-
national Conference on Computer Com- munications, Sydney, Oct 1984, North Holland:
Elsevier, 1985, pp. 843-847.
435. D.W. Davies and W.L. Price, Security for Computer Networks, second edition, John
Wiley & Sons, 1989.
436. M. Davio, Y. Desmedt, M. Eosseprez, R. Govaerts, J. Hulsbrosch, R Neutjens, R Piret, J -
l Quisquater, J Vandewalle, and S. Wouters, "Analytical Characteristics of the Data
Encryption Standard," Advances in Cryptology: Proceedings of Crypto 83, Plenum Press,
1984, pp. 171-202.
437. M. Davio, Y. Desmedt, l Goubert, E. Hoor- naert, and l -J Quisquater, "Efficient Hard-
ware and Software Implementation of the DES," Advances in Cryptology: Proceed- ings
of CRYPTO 84, Springer-Verlag, 1985, pp. 144 146.
438. M. Davio, Y. Desmedt, and l-l Quisquater, "Propagation Characteristics of the DES, "
Advances in Cryptology: Pro- ceedings of EUROCRYPT 84, Springer- Verlag, 1985, 62-
73.
439. D. Davis, R. Ihaka, and R Eenstermacher, "Cryptographic Randomness from Air
Turbulence in Disk Drives," Advances in Cryptology CRYPTO '94 Proceedings,
Springer-Verlag, 1994, pp. 114 120.
440. J.A. Davis, D. B. Holdbridge, and G.l. Sim- mons, "Status Report on Eactoring tat the
Sandia National Laboratoriesi," Advances in Cryptology: Proceedings of CRYPTO 84,
Springer-Verlag, 1985, pp. 183-215.
441. R.M. Davis, "The Data Encryption Stan- dard in Perspective," Computer Secunty and the
Data Encryption Standard, National Bureau of Standards Special Pub- lication 500-27,
Eeb 1978.
442. E. Dawson and A. Clark, "Cryptanalysts of Universal Logic Sequences," Advances in
Cryptology EUROCRYPT '93 Proceed- ings, Springer-Verlag, to appear.
443. M.H. Dawson and S.E. Tavares, "An Expanded Set of Design Criteria for Substi- tution
Boxes and Their Use in Strengthen- ing DES-Like Cryptosystems, " IEEE Pacific Rim
Conference on Communica- tions, Computers, and Signal Processing, Victoria, BC,
Canada, 9-10 May 1991, pp. 191-195.
444. M.H. Dawson and S.E. Tavares, "An Expanded Set of S-Box Design Criteria Based on
Information Theory and Its Relation to Differential-like Attacks," Advances in Cryptology
EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 352-367.
445. C.A. Deavours, "Unicity Points in Cryptanalysis," Cryptologia, v. 1, n. 1, 1977, pp. 46-68.
446. C.A. Deavours, "The Black Chamber: A Column; How the British Broke Enigma."
Cryptologia, v. 4, n. 3, lU1 1980, pp. 129- 132.
447. C.A. Deavours, "The Black Chamber: A Column; La Methode des Batons," Cryp- tologia,
v. 4, n. 4, Oct 1980, pp. 240-247.
448. C.A. Deavours and L. Kruh, Machine Cryptography and Modern Cryptanalysis, Norwood
MA: Artech House, 1985.
449. l.M. DeLaurentis, "A Eurther Weakness in the Common Modulus Protocol for the RSA
Cryptosystem," Cryptologia, v. 8, n. 3, lul 1984, pp. 253-259.
450. R Delsarte, Y. Desmedt, A. Odlyzko, and P. Piret, "East Cryptanalysis of the Matsumoto-
lmai Public-Key Scheme, " Advances in Cryptology: Proceedings of EUROCRYPT 84,
Spunger-Verlag, 1985, pp. 142-149.
451. R Delsarte and R Piret, "Comment on 'Extension of RSA Cryptostructure: A Galois
Approach'," Electronics Letters, v. 18, n. 13, 24 Jun 1982, pp. 582-583.
452. R. DeMillo, N. Lynch, and M. Merritt, "Cryptographic Protocols," Proceedings of the
14th Annual Symposium on the The- ory of Computing, 1982, pp. 383-400.
453. R. DeMillo and M. Merritt, "Protocols for Data Security," Computer, v. 16, n. 2, Eeb
1983, pp. 39-50.
454. N. Demytko, "A New Elliptic Curve Based Analogue of RSA," Advances in Cryptolgy
EUROCRYPT 93 Proceedings, Springer-Verlag, 1994, pp. 40-49.
455. D.E. Denning, "Secure Personal Comput- ing in an Insecure Network," Communi- cations
of the ACM, v. 22, n. 8, Aug 1979, pp. 476-482.
456. D.E. Denning, Cryptography and Data Security, Addison-Wesley, 1982.
457. D.E. Denning, "Protecting Public Keys and Signature Keys," Computer. v. 16, n. 2, Eeb
1983, pp. 27-35.
458. D.E. Denning, "Digital Signatures with RSA and Other Public-Key Cryptosys471. tems,"
Communications of the ACM, v. 27, n. 4, Apr 1984, pp. 388-392.
459. D.E. Denning, "The Data Encryption Standard: Eifteen Years of Public Scrutiny, "
Proceedings of the Sixth Annual Com puter Security Applications Conference, IEEE
Computer Society Press, 1990.
460. D.E. Denning, "The Clipper Chip: A Tech nical Summary, " unpublished manuscript, 21
Apr 1993.
461. D.E. Denning and G.M. Sacco, "Time stamps in Key Distribution Protocols, "
Communications of the ACM, v. 24, n. 8, Aug 1981, pp. 533-536.
462. D.E. Denning and M. Smid, "Key Escrow ing Today," IEEE Communications Maga zine,
v. 32, n. 9, Sep 1994, pp. 58-68.
463. T. Denny, B. Dodson, A.K. Lenstra, and M.S. Manasse, "On the Eactorization of RSA-
120," Advances in Cryptology CRYPTO 93 Proceedings, Springer-Verlag, 1994, pp.
166-174.
464. W.E. Denny, "Encryptions Using Linear and Non-Linear Codes: Implementations and
Security Considerations," Ph.D. dis sertation, The Center for Advanced Com puter
Studies, University of Southern Louisiana, Spring 1988.
465. Department of Defense, "Department of Defense Trusted Computer System Evalu478.
ation Criteria," DOD 5200.28-STD, Dec 1985.
466. Department of State, "International Traf fic in Arms Regulations SITARS," 22 CER 120-
130, Office of Munitions Control, 479. Nov 1989.
467. Department of State, "Defense Trade Reg ulations," 22 CER 120-130, Office of Defense
Trade Controls, May 1992.
468. Department of the Treasury, "Electronic Eunds and Securities Transfer Policy, "
Department of the Treasury Directives Manual, Chapter TD 81, Section 80, Department
of the Treasury, 16 Aug 1984.
469. Department of the Treasury, "Criteria and Procedures for Testing, Evaluating, and
Certifying Message Authentication Deci- sions for Eederal E.E.T. Use," Department of
the Treasury, 1 May 198.~.
470. Department of the Treasury, "Electronic Eunds and Securitics Transfer Policy Message
Authentication and Enhanced Security," Order No. 106-09, Department of the Treasury,
2 Oct 1986.
471. H. Dobbertin, "A Survey on the Construc- tion of Bent Eunctions," K.U. Le uven
Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
472. B. Dodson and A.K. Lenstra, "NES with Eour Large Primes: An Explosive Experiment,"
draft manuscript.
473. D. Dolev and A. Yao, "On the Security of Public-Key Protocols, " Communications of the
ACM, v. 29, n. 8, Aug 1983, pp. 198-208.
474. J. Domingo-Eerrer, "Probabilistic Authentication Analysis," CARDIS 94 Proceed- ings of
the Eirst Smart Card Research and Applications Conference, Lille, Erance, 24-26 Oct
1994, pp. 49-60.
475. R de Rooij, "On the Security of the Schnorr Scheme Using Preprocessing, " Advances in
Cryptology EUR(9CRYPT 91 I'roceed- ings, Springer-Verlag, 1991, pp. 71-80.
476. A. De Santis, G. Di Crescenzo, and G. Per- siano, "Secret Sharing and Perfect Zero
Knowledge, " Advances in Cryptology CKYPTO 93 I'roceedings, Springer-Verlag,
1994, pp. 73-84.
477. A. De Santis, S. Micali, and G. Persiano, "Non-interactive Zero-Knowledge Proof
Systems," Advances in Cryptology CRYPTO '87 Pro cee dings , Springer Verlag, 1988,
pp. 52-72.
478. A. De Santis, S. Micali, and G. Persiano, "Non-Interactive Zero-Knowledge with
Preprocessing," Advances in Cryptology CRYPTO 88 Proceedings, Springer-Verlag,
1990, pp. 269-282.
479. Y. Desmedt, "What Happened with Knapsack Cryptographic Schemes" Performance limits
in Communication, Theory and P'ractice, NATO ASI Series E: Applied Sciences, v. 142,
Kluwer Academic Publishers, 1988, pp. 113-134.
480. Y. Desmedt, "Subliminal-Eree Authentication and Signature," Advances in Cryptology
EUROCRYPT '88 Proceedings, Springer-Verlag, 1988, pp. 23-33.
481. Y. Desmedt, "Abuses in Cryptography and How to Eight Them," Advances in Cryptology
CRYPTO '8~3 Proceedings, Springer Verlag, 1990, pp.375-389.
482. Y. Desmedt and M. Burmester, "An Effi cient Zero-Knowledge Scheme for the Discrete
Logarithm Based on Smooth Numbers, " Advances in Cryptology ASIA CRYPT '91
Proceedings, Springer Verlag, 1993, pp. 360-367.
483. Y. Desmedt and Y. Erankel, "Threshold 496. Cryptosystems, " Advances in Cryptol ogy
CRYPTO '89 Proceedings, Springer Verlag, 1990, pp. 307-315.
484. Y. Desmedt and Y. Erankel, "Shared Gen eration of Authentication and Signatures, "
Advances in Cryptology CRYPTO '91 Proceedings, Springer-Verlag, 1992, pp. 457
469.
485. Y. Desmedt, C. Goutier, and S. Bengio, "Special Uses and Abuses of the Eiat Shamir
Passport Protocol," Advances in Cryptology CRYPTO '87 Proceedings, Springer-
Verlag, 1988, pp. 21-39.
486. Y. Desmedt and A.M. Odlykzo, "A Chosen Text Attack on the RSA Cryptosystem and
Some Discrete Logarithm Problems, " Advances in Cryptology CRYPTO '85
Proceedings, Springer-Verlag, 1986, pp. 516-522.
487. Y. Dcsmedt, J.-J. Quisquater, and M. Davio, "Dependence of Output on Input in DES:
Small Avalanche Characteristics," Advances in Cryptology: Proceedings of CRYPTO
84, Springer-Verlag, 1985, pp. 359-376.
488. Y. Desmedt, J. Vandewalle, and R. Go vaerts, "Critical Analysis of the Security of
Knapsack Public Key Algorithms," IEEE Transactions on Information Theory, v. IT
30,n.4,Jull984,pp.601-611.
489. Y. Desmedt and M. Yung, "Weaknesses of Undeniable Signature Schemes, " Ad vances
in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 205-220.
490. W. Diffie, lecture at IEEE Information The ory Workshop, Ithaca, N.Y., 1977.
491. W. Diftie, "Cryptographic Technology: Eif teen Year Eorecast," BNR Inc., Jan 1981.
492. W. Diffie, "The Eirst Ten Years of Public Key Cryptography, " Proceedings of the IEEE,
v 76, n. 5, May 1988, pp. 560-577.
493. W. Diffie, "Authenticated Key Exchange and Secure Interactive Communication,"
Proceedings of SECURICOM'90, 1990.
494. W. Diffie, "The Eirst Ten Years of Public- Key Cryptography, " in Contemporary
Cryptology: The Science of Information Integrity, G.J. Simmons. ed., IEEE Press,
1992, pp. 135-175.
495. W. Diffie and M.E. Hellman, "Multiuser Cryptographic Techniques, " Proceedings of
AEIPS National Computer Conference, 1976, pp. 109-112.
496. W. Diffie and M.E. Hellman, "New Direc- tions in Cryptography, " IEEE Transactions on
Information Theory, v. IT-22, n. 6, Nov 1976, pp. 644~54.
497. W. Diffie and M.E. Hellman, "Exhaustive Cryptanalysis of the NBS Data Encryption
Standard," Computer, v. 10, n. 6, Jun 1977, pp. 74-84.
498. W. Diffie and M.E. Hellman, "Privacy and Authentication: An Introduction to Cryp-
tography," Proceedings of the IEEE, v. 67, n. 3, Mar 1979, pp. 397-427.
499. W. Diffie, L. Strawczynski, B. O'Higgins, and D. Steer, "An ISDN Secure Telephone
Unit," Proceedings of the National Tele- communications Eorum, v 41, n. 1, 1987, pp.
473 477.
500. W. Diffie, RC. van Oorschot, and M.J. Wiener, "Authentication and Authenti- cated Key
Exchanges," Designs, Codes and Cryptography, v. 2, 1992, 107-125.
501. C. Ding, "The Differential Cryptanalysis and Design of Natural Stream Ciphers," East
Software Encryption, Cambridge Security Workshop Proceedings, Springer- Verlag,
1994, pp. 101-115.
502. C. Ding, G. Xiao, and W. Shan, The Stahility Theory of Stream Ciphers, Springer- Verlag,
1991.
503. A. Di Porto and W. Wolfewicz, "VINO: A Block Cipher Including Variable Permuta-
tions, " East Software Encryption, Cambridge Secunty Workshop l'roceedings, Springer-
Verlag, 1994, pp. 205-210.
504. B. Dixon and A.K. Lenstra, "Eactoring Inte- gers Using SIMD Sieves, " Advances in
Cryptology E UR O CRYPT '93 Proceed- ings, Springer-Verlag, 1994, pp. 28-39.
505. J.D. Dixon, "Eactorization and Primality Tests," American Mathematical Monthly,
v.91,n.6, 1984,pp.333-352.
506. D. Dolev and A. Yao, "On the Security of Public Key Protocols," Proceedings ol the
22nd Annual Symposium on the Eounda- tions of Computer Science, 1981, pp. 350- 357.
507. L.X. Duan and C.C. Nian, "Modified Lu- Lee Cryptosystems," Electronics Letters, v. 25,
n. 13, 22 Jun 1989, p. 826.
508. R. Durstenfeld, "Algorithm 235: Random Permutation, " Communications of the ACM, v.
7, n. 7, Jul 1964, p. 420.
509. S. Dusse and B. Kaliski, Jr., "A Cryptographic Library for the Motorola DSP56000, "
Advances in Cryptology EUROCRYPT '90 Proceedings, Springer- Verlag, 1991, pp.
230-244.
510. C. Dwork and L. Stockmeyer, "Zero- Knowledge with Einite State Verifiers, " Advances
in Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 71-75.
511. D.E. Eastlake, S.D. Crocker, and J.I. Schiller, "Randomness Requirements for Security,"
REC 1750, Dec 1994.
512. H. Eberle, "A High-Speed DES Implementation for Network Applications, " Advances in
Cryptology CRYPTO '92 Proceedings, Springer-Verlag, pp. 521-539.
513. T. Edwards, "Implementing Electronic Poker: A Practical Exercise in Zero Knowledge
Interactive Proofs, " Master's thesis, Department of Computer Science, University of
Kentucky, May 1994.
514. W.E. Ehrsam, C.H.W. Meyer, R.L. Powers, J L. Smith, and W.L. Tuchman, "Product
Block Cipher for Data Security, " U.S. Patent #3,962,539, 8 Jun 1976.
515. W.E. Ehrsam, C.H.W. Meyer, and W.L. Tuchman, "A Cryptographic Key Manage ment
Scheme for Implementing the Data Encryption Standard," IBM Systems lour nal, v. 17,
n. 2, 1978, pp. 106-125.
516. R. Eier and H. Lagger, "Trapdoors in Knap sack Cryptosystems, " Lecture Notes in
Computer Science 149; Cryptography Proceedings, Burg Eeuerstein 1982, Springer-
Verlag, 1983, pp. 316-322.
517. A.K. Ekert, "Quantum Cryptography Based on Bell's Theorem, " Physical Review
Letters, v. 67, n. 6, Aug 1991, pp. 529. 661-663.
518. T. ElGamal, "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete
Logarithms, " Advances in Cryptology: Proceedings of CRYPTO 84, Springer" Verlag,
1985, pp. 1~18.
519. T. ElGamal, "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete
Logarithms," IEEE Transactions on Infor- mation Theory, v. IT-31, n. 4, 1985, pp. 469-
472.
520. T. ElGamal, "On Computing Logarithms Over Einite Eields," Advances in Cryptol- ogy
CR YP TO '85 Pro cee dings, Springe r - Verlag, 1986, pp. 396 402.
521. T. ElGamal and B. Kaliski, letter to the edi- tor regarding LUC, Dr. Dobb's /ournal, v.
18,n.5,Mayl993,p. 10.
522. T. Eng and T. Okamoto, "Single-Term Divisible Electronic Coins," Advances in
Cryptology EUROCRYPT '94 Proceed- ings, Springer-Verlag, 1995, to appear.
523. M.H. Er, D.J. Wong, A.A. Sethu, and K.S. Ngeow, "Design and Implementation of RSA
Cryptosystem Using Multiple DSP Chips," 1991 IEEE International Sympo- sium on
Circuits and Systems, v. 1, Singa- pore, 11-14 Jun 1991, pp. 49-52.
524. D. Estes, L.M. Adleman, K. Konpella, K.S. McCurley, and G.L. Miller, "Breaking the
Ong-Schnorr-Shamir Signature Schemes for Quadratic Number Eields," Advances in
Cryptology CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 3-13.
525. ETEBAC, "Echanges Telematiques Entre Les Banques et Leurs Clients," Standard
ETEBAC 5, Comite Eran,cais d'Organisa- tion et de Normalisation Bancaires, Apr 1989.
IIn Erench.~
526. A. Evans, W. Kantrowitz, and E. Weiss, "A User Identification Scheme Not Requiring
Secrecy in the Computer," Communica- tions of the ACM, v. 17, n. 8, Aug 1974, pp.
437-472.
527. S. Even and O. Goldreich, "DES-Like Eunctions Can Generate the Alternating Group, "
IEEE Transactions on Informa- tion Theory, v. IT-29, n. 6, Nov 1983, pp. 863-865.
528. S. Even and O. Goldreich, "On the Power of Cascade Ciphers," ACM Transactions on
Computer Systems, v. 3, n. 2, May 1985, pp. 108-116.
529. S. Even, O. Goldreich, and A. Lempel, "A Randomizing Protocol for Signing Con-
tracts," Communications of the ACM, v. 28, n. 6, |un 1985, pp. 637-647.
530. S. Even and Y. Yacobi, "Cryptography and NP-Completeness," I'roceedings of the 7th
International CoRoquium on Automata, Languages, and Programming, Springer -Verlag,
1980, pp. 195-207.
531. H.-H. Evertse, "Linear Structures in Block Ciphers, " Advances in Cryptology
EUROCRYPT '87 Proceedings, Springer Verlag, 1988, pp. 249-266.
532. R Eahn and M.J.B. Robshaw, "Results from the RSA Eactoring Challenge," Technical
Report TR-501, Version 1.3, RSA Laboratories, Jan 1995.
533. R.C. Eairfield, A. Matusevich, and J. Plany, "An LSI Digital Encryption Processor
(DEP)," Advances in Cryptology: Proceed ings of CRYPTO 84, Springer-Verlag 1985,
pp. 115-143.
534. R.C. Eairfield, A. Matusevich, and J. Plany, "An LSI Digital Encryption Processor
(DEPJ," IEEE Communications, v. 23. n. 7, Jul 1985, pp. 30-41.
535. R.C. Eairfield, R.L. Mortenson, and K.B. Koulthart, "An LSI Random Number Gen
erator (RNG~," Advances in Cryptology: Proceedings of CRYPTO 84, Springer Verlag,
1985, pp. 203-230.
536. "International Business Machines Corp. License Under Patents," Eederal Register, v. 40,
n. 52, 17 Mar 1975, p. 12067.
537. "Solicitation for Public Key Cryptographic Algorithms," Eederal Register, v. 47, n. 126,
30 Jun 1982, p. 28445.
538. "Proposed Eederal Information Processing Standard for Digital Signature Standard
(DSSi," Eederal Register, v. 56, n. 169, 30 Aug 1991, pp. 42980-42982.
539. "Proposed Eederal Information Processing Standard for Secure Hash Standard," Eed eral
Register, v. 57, n. 21, 31 Jan 1992, pp. 3747-3749.
540. "Proposed Reaffirmation of Eederal Infor mation Processing Standard (EIPS) 46-1, Data
Encryption Standard (DES)," Eederal Register, v. 57, n. 177, 11 Sep 1992, p. 41727.
541. "Notice of Proposal for Grant of Exclusive Patent License," |ederal Register, v. 58, n.
108, 8 Jun 1993, pp. 23105-23106.
542. "Approval of Eederal Information Process ing Standards Publication 186, Digital Sig
nature Standard (DSS)," Eederal Register, v. 58, n. 96, 19 May 1994, pp. 26208-26211.
543. "Proposed Revision of Eederal Information Processing Standard (EIPS) 180, Secure
Hash Standard, " Eederal Register, v. 59, n. 131, 11 Jul 1994, pp. 35317-35318.
544. U. Eeige, A. Eiat, and A. Shamir, "Zero Knowledge Proofs of Identity," Proceed- ings of
the lPth Annual ACM Symposium on the Theory of Computing, 1987, pp. 210-217.
545. U. Eeige, A. Eiat, and A. Shamir, "Zero Knowledge Proofs of Identity," Journal of
Cryptology v. 1, n. 2, 1988, pp. 77-94.
546. U. Eeige and A. Shamir, "Zero Knowledge Proofs of Knowledge in Two Rounds, "
Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 526-544.
547. J. Eeigenbaum, "Encrypting Problem Instances, or, ..., Can You Take Advan- tage of
Someone Without Having to Trust Him, " Advances in Cryptology CRYPTO '85
Proceedings, Springer-Verlag, 1986, pp. 477-488.
548. J. Eeigenbaum, "Overview of Interactive Proof Systems and Zero-Knowledge, " in
Contemporary Cryptology: The Science of Information Integrity, G.J. Simmons, ed.,
IEEE Press, 1992, pp. 423 439.
549. J. Eeigenbaum, M.Y. Liberman, E. Grosse, and J.A. Reeds, "Cryptographic Protection of
Membership Lists," Newsletter of the International Association of Cryptologic Research,
v. 9, 1992, pp. 16-20.
550. J. Eeigenbaum, M.Y. Liverman, and R.N. Wright, "Cryptographic Protection of Databases
and Software, " Distnbuted Computing and Cryptography, 1 Eeigen- baum and M.
Merritt, eds., American Mathematical Society, 1991, pp. 161-172.
551. H. Eeistel, "Cryptographic Coding for Data-Bank Privacy," RC 2827, Yorktown Heights,
NY: IBM Research, Mar 1970.
552. H. Eeistel, "Cryptography and Computer Privacy, " Scientific American, v. 228, n. 5, May
1973, pp. 15-23.
553. H. Eeistel, "Block Cipher Cryptographic System," U.S. Patent #3,798,359, 19 Mar 1974.
554. H. Eeistel, "Step Code Ciphering System," U.S. Patent #3,798,360, 19 Mar 1974.
555. H. Eeistel, "Centralized Verification Sys- tem," U.S. Patent #3,798,605, 19 Mar 1974.
556. H. Eeistel, W.A. Notz, and J.L. Smith, "Cryptographic Techniques for Machine to
Machine Data Communications," RC 3663, Yorktown Heights, N.Y.: IBM Research,
Dec 1971.
557. H. Eeistel, W.A. Notz, and J.L. Smith, "Some Cryptographic Techniques for Machine to
Machine Data Communica tions," Proceedings of the IEEE, v. 63, n. 11, Nov 1975, pp.
1545-1554.
558. R Eeldman, "A Practical Scheme for Non interactive Verifiable Secret Sharing,"
Proceedings of the 28th Annual Symposium on the Eoundations of Computer Science,
1987, pp. 427 437.
559. R.A. Eeldman, "East Spectral Test for Mea suring Nunrandomness and the DES, "
Advances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 243-
254.
560. R.A. Eeldman, "A New Spectral Test for Nonrandomness and the DES, " IEEE 573.
Transactions on Software Engineering, v. 16, n. 3, Mar 1990, pp. 261-267.
561. D.C. Eeldmeier and RR. Karn, "UNIX Password Security Ten Years Later, " Advances
in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 44-63.
562. H. Eell and W. Diffie, "Analysis of a Public Key Approach Based on Polynomial Sub
stitution, " Advances in Cryptology CRYPTO '85 Proceedings, Springer-Verlag, 1986,
pp. 427-437.
563. N.T. Eerguson, "Single Term Off-Line Coins," Report CS-R9318, Computer Sci577.
ence/Department of Algorithms and Architecture, CWI, Mar 1993.
564. N.T. Eerguson, "Single Term Off-Line Coins," Advances in Cryptology EUROCRYPT '93
Proceedings, Springer-Verlag, 1994, pp. 318-328.
565. N.T. Eerguson, "Extensions of Single-term Coins," Advances in Cryptology 579.
CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 292-301.
566. A. Eiat and A. Shamir, "How to Prove Yourself: Practical Solutions to Idcntifica tion and
Signature Problems," Advances in Cryptology CRYPTO '86 Proceedings, Springer-
Verlag, 1987, pp. 186-194.
567. A. Eiat and A. Shamir, "Unforgeable Proofs of Identity," Proceedings of sec uricom 87,
Paris, 1987, pp. 147-15~3.
568. P. Einch, "A Study of the Blowfish Encryp tion Algorithm," Ph.D. dissertation,
Department of Computer Science, City University of New York Graduate School and
University Center, Eeb 1995.
569. R. Elynn and A.S. Campasano, "Data Dependent Keys for Selective Encryption Terminal,"
Proceedings of NCC, vol. 47, AEIPS Press, 1978, pp. 1127-1129.
570. R.H. Eollett, letter to NIST regarding DSS, 25 Nov 1991.
571. R. Eorre, "The Strict Avalanche Criterion: Spectral Properties and an Extended Defi-
nition, " Advances in Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp.
450-468.
572. R. Eorre, "A East Correlation Attack or Nonlinearity Eeedforward Eiltered Shift Register
Sequences, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990,
pp. 568-595.
573. S. Eortune and M. Merritt, "Poker Protocols," Advances in Cryptology: Proceedings of
CRYPTO 84, Springer-Verlag, 1985, pp. 454-464.
574. R.B. Eougner, "Public Key Standards and Licenses," REC 1170, Jan 1991.
575. Y. Erankel and M. Yung, "Escrowed Encryption Systems Visited: Threats. Attacks,
Analysis and Designs," Advances in Cryptology CKYPTO '95 Proceedings'. Springer-
Verlag, 1995, to appear.
576. W.E. Eriedman, Methods for the Solution of Running-Key Ciphers, Riverbank Publica-
tion No. 16, Riverbank Labs, 1918.
577. W.E. Eriedman, The Index of Coincidence and Its Applications in Cryptography,
Riverbank Publication No. 22, Rivcrhank Labs, 1920. Reprinted by Aegean Park Press,
1987.
578. W.E. Eriedman, Elements of Cryptanalysis, Laguna Hills, CA: Aegean Park Press, 1976.
579. W.E. Eriedman, "Cryptology," Encyclopedia Britannica, v. 6, pp. 844-851, 1967.
580. A.M. Erieze, J. Hastad, R. Kannan, J.C. Lagarias, and A. Shamir, "Reconstructing
Truncated Integer Variables Satisfying Linear Congru enccs," SIAM Journal on Computing,
v. 17, n. 2, Apr 1988, pp. 262-280.
581. A.M. Erieze, R. Kannan, and J.C. Lagarias, "Linear Congruential Generators loo not
Produce Random Sequences," Proceedings of the 25th IEEE Symposium on Eounda-
tions of Computer Science, 1984, pp. 480 484.
582. E. Eujiaski and T. Okamoto, "On Comparison of Practical Digitial Signature Schemes,"
Proceedings of the l992 Symposium on Cryptography and Information Security (SCIS 92),
Tateshina, Japan, 2 4 Apr 1994, pp. lA.1-12.
583. A. Eujioka, T. Okamoto, and S. Miyaguchi, "ESIGN: An Efficient Digital Signature
Implementation for Smart Cards, " Advances in Cryptology EUROCRYPT '91
Proceedings, Springer-Verlag, 1991, pp. 446 457.
584. A. Eujioka, T. Okamoto, and K. Ohta, "Interactive Bi-Proof Systems and Undeniable
Signature Schemes," Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-
Verlag, 1991, pp. 243-256.
585. A. Eujioka, T. Okamoto, and K. Ohta, "A Practical Secret Voting Scheme for Large Scale
Elections, " Advances in Cryptology AUSCRYPT '92 Proceedings, Springer-Verlag, 1993,
pp. 244-251.
586. K. Gaardner and E. Snekkenes, "Applying a Eormal Analysis Technique to the CCITT
X.509 Strong Two-Way Authentication Protocol," lournal of Cryptology v. 3,n.2,
l991,pp.81-98.
587. H.E Gaines, Cryptanalysis, American Photographic Press, 1937. Reprintcd by Dover
Publications, 1956.
588. J. Gait, "A New Nonlinear Pseudorandom Number Generator, " IEEE Transactions on
Software Engineering, v. SE-3, n. 5, Sep 1977, pp. 359-363.
589. J. Gait, "Short Cycling in the Kravitz-Reed Public Key Encryption System," Electron- ics
Letters, v. 18, n. 16, 5 Aug 1982, pp. 706-707.
590. Z. Galil, S. Haber, and M. Yung, "A Private Interactive Test of a Boolean Predicate and
Minimum-Knowledge Public-Key Cryp- tosystems," Proceedings of the 26th IEEE
Symposium on Eoundations of Computer Science, 1985, pp. 360-371.
591. Z. Galil, S. Haber, and M. Yung, "Crypto- graphic Computation: Secure Eault- Tolerant
Protocols and the Public-Key Model, " Advances in Cryptology CRYPTO
'87Proceedings, Springer-Verlag, 1988, pp. 135-155.
592. Z. Galil, S. Haber, and M. Yung, "Mini- mum-Knowledge Interactive Proofs for Decision
Problems, " SIAM lournal on Computing, v. 18, n. 4, 1989, pp. 711-739.
593. R.G. Gallager, Information Theory and Reliable Communications, New York:John Wiley &
Sons, 1968.
594. P. Gallay and E. Depret, "A Cryptography Microprocessor," 1988 IEEE International
Solid-State Circuits Conference Digest of Technical Papers, 1988, pp. 148-149.
595. R.A. Games, "There are no de Bruijn Sequences of Span n with Complexity 2n n 1,"
Journal of Combinatorical Theory, Series A, v. 34, n. 2, Mar 1983, pp. 248-251.
596. R.A. Games and A.H. Chan, "A East Algo- rithm for Determining the Complexity of a
Binary Sequence with 2n,'t IEEE Transactions on Information Theory, v. IT-29, n. 1, Jan
1983, pp. 144-146.
597. R.A. Games, A.H. Chan, and E.L. Key, "On the Complexity of de Brui jn Sequences,"
ournal of Combinatorical Theory, Series A, v. 33, n. 1, Nov 1982, pp. 233-246.
598. S.H. Gao and G.L. Mullen, "Dickson Polynomials and Irreducible Polynomials over Einite
Eields," Journal of Number Theory, v. 49, n. 1, Oct 1994, pp. 18-132.
599. M. Gardner, "A New Kind of Cipher That Would Take Millions of Years to Break,"
Scientific American, v. 237, n. 8, Aug 1977, pp. 120-124.
600. M.R. Garey and D.S. Johnson, Computers and Intractability: A Guide to the Theory of
NP-Completeness, W.H. Ereeman and Co., 1979.
601. S.L. Garfinkel, POP: Pretty Good Privacy, Sebastopol, CA: O'Reilly and Associates, 1995.
602. C.W. Gardiner, "Distributed Public Key Certificate Management," Proceedings of the
Privacy and Security Research Group 1993 Workshop on Network and Distributed System
Security, The Internet Society, 1993, pp. 69-73.
603. G. Garon and R. Outerbridge, "DES Watch: An Examination of the Sufficiency of the Data
Encryption Standard for Einan- cial Institution Information Security in the 1990's,"
Cryptologia, v. 15, n. 3, Jul 1991, pp. 177-193.
604. M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson, "The Digital Distributed Sys-
tems Security Architecture," Proceedings of the 12th National Computer Seezznty
Conference, NIST, 1989, pp. 305-319.
605. J. von zur Gathen, D. Kozen, and S. Lan- dau, "Eunctional Decomposition of Poly-
nomials, " Proceedings of the 28tl1 IEEE Symposium on the Poundations of Computer
Science, IEEE Press, 1987, pp. 127617. 131.
606. RR. Geffe, "How to Protect Data With Ciphers That are Really Hard to Break,"
Electronics, v. 46, n. 1, Jan 1973, pp. 99-101.
607. D.K. Gifford, D. Heitmann, D.A. Segal, R.G. Cote, K. Tanacea, and D.E. Burmas- ter,
"Boston Community Information Sys- tem 1986 Experimental Test Results, "
MIT/LCS/TR-397, MIT Laboratory for Computer Science, Aug 1987.
608. D.K. Gifford, J.M. Lucassen, and S.T. Berlin, "The Application of Digital Broadcast
Communication to Large Scale Information Systems, " IEEE Journal on Selected Areas in
Communications, v. 3, n. 3, May 1985, pp. 457-467.
609. D.K. Gifford and D.A. Segal, "Boston Community Information System 1987-1988
Experimental Test Results," MIT/LCS/ TR-422, MIT Laboratory for Computer Science,
May 1989.
610. H. Gilbert and G. Chase, "A Statistical Attack on the Eeal-8 Cryptosystem, " Advances in
Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 22-33
611. H. Gilbert and R Chauvaud, "A Chosen Plaintext Attack of the 16-Round Khufu
Cryptosystem," Advances in Cryptol- ogy CRYPTO '94 Proceedings, Springer-Verlag,
1994, pp. 259-268.
612. M. Girault, "Hash-Eunctions Using Mod- ulo-N Operations," Advances in Cryptology
EUROCRYPT '87 Proceedings, Springer-Verlag, 1988, pp. 217-226.
613. J. Gleick, "A New Approach to Protecting Secrets is Discovered, " The New York Times,
18 Eeb 1987, pp. C1 and C3.
614. J.-M. Goethals and C. Couvreur, "A Crypt analytic Attack on the Lu-Lee Public-Key
Cryptosystem, " Philips lournal of Re search, v. 35, 1980, pp. 301-306.
615. O. Goldreich, "A Uniform-Complexity Treatment of Encryption and Zero Knowledge,
Journal of Cryptology, v. 6, n. 1, 1993, pp. 21-53.
616. O. Goldreich and H. Krawczyk, "On the Composition of Zero Knowledge Proof Systems,"
Proceedings on the 17th Inter national Colloquium on Automata, Languages, and
Programming, Springer" Verlag, 1990, pp. 268-282.
617. O. Goldreich and E. Kushilevitz, "A Perfect Zero-Knowledge Proof for a Problem
Equivalent to Discrete Logarithm, " Advances in Cryptology CRYPTO '88 I'roceedings,
Springer-Verlag, 1990, pp. 58-70.
618. O. Goldreich and E. Kushilevitz, "A Per- fect Zero-Knowledge Proof for a Problem
Equivalent to Discrete Logarithm," lour- nal of Cryptology, v. 6, n. 2, law, pp. 97-116.
619. O. Goldreich, S. Micali, and A. Wigderson, "Proofs That Yield Nothing but Their Validity
and a Methodology of Cryptographic Protocol Design," Proceedings of the 27th IEEE
Symposium on the Eoundations of Computer Science, 1 986, pp. 174-187.
620. O. Goldreich, S. Micali, and A. Wigderson, "How to Prove All NP Statements in Zero
Knowledge and a Methodology of Cryptographic Protocol Design, " Advances in
Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 171-185.
621. O. Goldreich, S. Micali, and A. Wigderson, "How to Play Any Mental Game," Pro-
ceedings of the 19th ACM Symposium on the Theory of Computing, 1987, pp. 218-229.
622. O. Goldreich, S. Micali, and A. Wigdcrson, "Proofs That Yield Nothing but Their Validity
and a Methodology of Crypto- graphic Protocol Design," Journal of the ACM, v. 38, n. 1,
Jul 1991, pp. 691-729.
623. S. Goldwasser and J. Kilian, "Almost All Primes Can Be Quickly Certified, " Pro- ceedings
of the 18th ACM Symposium on the Theory of Computing, 1986, pp. 316- 329.
624. S. Goldwasser and S. Micali, "Probabilistic Encryption and How to Play Mental Poker
Keeping Secret All Partial Information," Proceedings of the 14th ACM Symposium on the
Theory of Computing, 1982, pp. 270-299.
625. S. Goldwasser and S. Micali, "Probabilistic Encryption," Journal of Computer and System
Sciences. v. 28, n. 2, Apr 1984, pp. 270-299.
626. S. Goldwasscr, S. Micali, and C. Rackoff, "The Knowledge Complexity of Interac- tive
Proof Systems, " Proceedings of the 17th ACM Symposium on Theory of Com- puting,
1985, pp. 291-304.
627. S.Goldwasser, S. Micali, and C. Rackoff, "The Knowledge Complexity of Interac tive
Proof Systems, " SIAM lournal on Computing, v. 18, n. 1, Eeb 1989, pp. 186 208.
628. S. Goldwasser, S. Micali, and R.L. Rivest, "A Digital Signature Scheme Secure Against
Adaptive Chosen-Message Attacks," SIAM lournal on Computing, v.
17,n.2,Aprl988,pp.281-308.
629. S. Goldwasser, S. Micali, and A.C. Yao, "On Signatures and Authentication," Advances in
Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 211-215.
630. J.D. Golic, "On the Linear Complexity of Eunctions of Periodic GEIq~ Sequences," IEEE
Transactions on Information Theory, v. IT-35, n. 1. Jan 1989, pp. 69-75.
631. J.D. Golic, "Linear Cryptanalysis of Stream Ciphers," K.U. Le uven Workshop on
Cryptographic Algorithms, Springer Verlag, 1995, pp. 262-282.
632. J.D. Golic, "Towards East Correlation Attacks on Irregularly Clocked Shift Registers,"
Advances in Cryptology EURO CRYPT '95 Proceedings, Springer-Verlag, 1995, to
appear.
633. J.D. Golic and M.J. Mihajlevic, "A Gener alized Correlation Attack on a Class of Stream
Ciphers Based on the Levenshtein Distance, " journal of Cryptology, v. 3, n.3, 1991, pp.
201-212.
634. J.D. Golic and L. O'Connor, "Embedding and Probabilistic Correlation Attacks on Clock-
Controlled Shift Registers," Advances in Cryptology EUROCRYPT '94 I'roceedings,
Springer-Verlag, 1995, to appear.
635. R. Golliver, A.K. Lenstra, K.S. McCurley, "Lattice Sieving and Trial Division," Pro
ceedings of the Algorithmic Number Theory Symposium, Cornell, 1994, to appear.
636. D. Gollmann, "Kaskadenschaltungen takt gesteuerter Schicberegister als Pseudozu
fallszahlengencratoren," Ph.D. disserta tion, Universitat Linz, 1983. (In German ).
637. D. Gollmann, "Pseudo Random Properties of Cascade Connections of Clock Con trolled
Shift Registers," Advances in Cryp tology: Proceedings of EUROCRYPT 84, Springer-
Verlag, 1985, pp. 93-98.
638. D. Gollmann, "Correlation Analysis of Cascaded Sequences," Cryptography and Coding,
H.J. Beker and E.C. Piper, eds., Oxford: Clarendon Press, 1989, pp. 289-297.
639. D. Gollmann, "Transformation Matrices of Clock-Controlled Shift Registers, "
Cryptography and Coding 111, M.J. Ganley, e d., Oxford: Clarendon Press, 1993, pp.
197-210.
640. D. Gollmann and W.G. Chambers, "Lock-In Effect in Cascades of Clock-Controlled Shift-
Registers, " Advances in Cryptology EUROCRYPT '88 Proceedings, Springer-Verlag,
1988, pp. 331-343.
641. D. Gollmann and WG. Chambers, "Clock-Controlled Shift Registers: A Review, " IEEE
lournal on Selected Areas in Communications, v. 7, n. 4, May 1989, pp. 525-533.
642. D. Gollmann and W.G. Chambers, "A Cryptanalysis of Step~-cascades," Advances in
Cryptology EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, pp. 680-687.
643. S.W. Golomb, Shift Register Sequences, San Erancisco: Holden-Day, 1967. (Reprinted by
Aegean Park Press, 1982.
644. L. Gong, "A Security Risk of Depending on Synchronized Clocks, " Operating Systems
Review, v. 26, n. 1, Jan 1992, pp. 49-53.
645. L. Gong, R. Needham, and R. Yahalom, "Reasoning About Belief in Cryptographic
Protocols," Proceedings of the 1991 IEEE Computer Society Symposium on Research in
Security and Privacy, 1991, pp. 234-248.
646. R.M. Goodman and A.J. McAuley, "A New Trapdoor Knapsack Public Key Cryptosys-
tem," Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer-Verlag, 1985,
pp. 150-158.
647. R.M. Goodman and A.J. McAuley, "A New Trapdoor Knapsack Public Key Cryptosystem,"
IKE Proceedings, v. 132, pt. E, n. 6, Nov 1985, pp. 289-292.
648. D.M. Gordon, "Discrete Logarithms Using the Number Eield Sieve," Preprint, 28 Mar
1991.
649. D.M. Gordon and K.S. McCurley, "Computation of Discrete Logarithms in Eields of
Characteristic Two," presented at the rump session of CRYPTO'91, Aug 1991.
650. D.M. Gordon and K.S. McCurley, "Massively Parallel Computation of Discrete
Logarithms, " Advances in Cryptology CRYPTO '92 Proceedings, Springer-Verlag, 661.
1993, pp. 312-323.
651. J.A. Gordon, "Strong Primes are Easy to Eind," Advances in Cryptology: Proceedings of
EUROCRYPT 84, Springer-Verlag, 1985, pp. 216-223.
652. J.A. Gordon, "Very Simple Method to Eind the Minimal Polynomial of an Arbitrary Non-
Zero Element of a Einite Eield, " Electronics Letters, v. 12, n. 25, 9 Dec 1976, pp. 663-
664.
653. J.A. Gordon and R. Retkin, "Are Big S- Boxes Best7" Cryptograph y Proceedings of the
Workshop on Cryptography, Burg Eeuerstein, Germany, March 29-April 2, 1982,
Springer-Verlag, 1983, pp. 257-262.
654. M. Goresky and A. Klapper, "Eeedback Registers Based on Ramified Extension of the 2-
adic Numbers," Advances in Cryptology EUROCRYPT '94 Proceedings, Springer-Verlag,
1995, to appear.
655. GOST, Gosudarstvennyi Standard 28147-89, "Cryptographic Protection for Data
Processing Systems," Government Committee of the USSR for Standards, 1989. ( in
Russian.}
656. GOST R 34.10-94, Gosudarstvennyi Standard of Russian Eederation, "Information
technology. Cryptographic Data Security. Produce and check procedures of Electronic
Digital Signature based on Asymmetric Cryptographic Algorithm. " Government Committee
of the Russia for Standards, 1994. (In Russian. )
657. GOST R 34.11-94, Gosudarstvennyi Standard of Russian Eederation, " Information
technology. Cryptographic Data Security. Hashing function." Government Committee of
the Russia for Standards, 1994. (In Russian.)
658. R. Gottfert and H. Niederreiter, "On the Linear Complexity of Products of Shift-Register
Sequences," Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag,
1994, pp. 151-158.
659. R. Gottfert and H. Niederreiter, "A General Lower Bound for the Linear Complexity of the
Product of Shift-Register Sequences, " Advances in Cryptology EUROCRYPT '94
Proceedings, Springer- Verlag, 1995, to appear.
660. J. van de Graaf and R. Peralta, "A Simple and Secure Way to Show the Validity of Your
Public Key," Advances in Cryptology CRYPTO '87 Proceedings, Springer- Verlag, 1988,
pp. 128-134.
661. J. Grollman and A.L. Selman, "Complexity Measures for Public-Key Cryptosystems,"
Proceedings of the 25th IEEE Symposium on the Eoundations of Computer Science,
1984, pp. 495-503
662. GSA Eederal Standard 1026, "Telecommunications: General Security Requirements for
Equipment Using the Data Encryption Standard, " General Services Administration, Apr
1982.
663. GSA Eederal Standard 1027, ''Telecommunications: Interoperability and Security
Requirements for Use of the Data Encryption Standard in the Physical and Data Link
Layers of Data Communications, " General Services Administration, Jan 1983.
664. GSA Eederal Standard 1028, "Intcroperability and Security Requirements for Use of the
Data Encryption Standard with CCITT Group 3 Eacsimile Equipment, " General Services
Administration, Apr 1985.
665. R Guam, "Cellular Automaton Public Key Cryptosystems," Complex Systems, v. 1, 1987,
pp. 51-56.
666. H. Guan, "An Analysis of the Einite Automata Public Key Algorithm, " CHINACRYPT'94,
Xidian, China, 11-15 Nov 1994, pp. 120-126. (In Chinese)
667. G. Guanella, "Means for and Method for Secret Signalling," U.S. Patent #2,405,500, 6 Aug
1946.
668. M. Gude, "Concept for a High-Performance Random Number Generator Based on Physical
Random Phenomena," Erequenz, v. 39, 1985, pp. 187-190.
669. M. Gude, "Ein quasi-idealer Gleichverteil-ungsgenerator basierend auf physikalischen
Zufallsphinomenen," Ph.D. dissertation, Aachen University of Technology, 1987. (In
German.)
670. L.C. Guillou and J.-J. Quisquater, "A Practical Zero-Knowledge Protocol Eitted to Security
Microprocessor Minimizing Both Transmission and Memory," Advances in Cryptology
EUROCRYPT '88 Proceedings, Springer-Verlag, 1988, pp. 123-128.
671. L.C. Guillou and J. Quisquater, "A 'Paradoxical' Identity-Based Signature Scheme Resulting
from Zero-Knowledge," Advances in Cryptology CRYPTO '88 Proceedings, Springer-
Verlag, 1990, pp. 216- 231.
672. L.C. Guillou, M. Ugon, and J. -J. Quisquater, "The Smart Card: A Standardized Security
Device Dedicated to Public Cryptology," contemporary Cryptology: The Science of
Information Integrity G. Simmons, ed., IEEE Press, 1992, pp. 561-613.
673. C.G. Gunther, "Alternating Step Generators Controlled by de Bruijn Sequences," Advances
in Cryptology EUROCRYPT '87 Proceedings, Springer-Verlag, 1988, pp. 5-14.
674. C.G. Gunther, "An Identity-based Key-exchange Protocol, " Advances in Cryptology
EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, pp. 29-37.
675. H. Gustafson, E. Dawson, and B. Caelli, "Comparison of Block Ciphers, " Advances in
Cryptology AUSCRYPT '90 Proceed- ings, Springer-Verlag, 1990, pp. 208-220.
676. P. Gutmann, personal communication, 1993.
677. H. Gutowitz, "A Cellular Automaton Cryptosystem: Specification and Call for Attack,"
unpublished manuscript, Aug 1992.
678. H. Gutowitz, "Method and Apparatus for Encryption, Decryption, and Authentication
Using Dynamical Systems," U.S. Patent #5,365,589, 15 Nov 1994.
679. H. Gutowitz, "Cryptography with Dynamical Systems, " Cellular Automata and
Cooperative Phenomenon, Kluwer Academic Press, 1993.
680. R.K. Guy, "How to Eactor a Number, " Eifth Manitoba Conference on Numeral
Mathematics Congressus Numerantium, v. 16, 1976, pp. 49-89.
681. R.K. Guy, Unsolved Problems in Number Theory, Springer-Verlag, 1981.
682. S. Haber and W.S. Stornetta, "How to Time-Stamp a Digital Document, " Advances in
Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 437-455.
683. S. Haber and W.S. Stornetta, "How to Time-Stamp a Digital Document, " journal of
Cryptology, v. 3, n. 2, 1991, pp. 99-112.
684. S. Haber and W.S. Stornetta, "Digital Document Time-Stamping with Catenate Certificate,"
U.S. Patent #5,136,646, 4 Aug 1992.
685. S. Haber and W.S. Stornetta, "Method for Secure Time-Stamping of Digital Documents,"
U.S. Patent #5,136,647, 4 Aug 1992.
686. S. Haber and W.S. Stornetta, "Method of Extending the Validity of a Cryptographic
Certificate," U.S. Patent #5,373,561, 13 Dec 1994.
687. T. Habutsu, Y. Nishio, I. Sasase, and S. Mori, "A Secret Key Cryptosystem by Iterating a
Chaotic Map," Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. E73, n. 7,1ul 1990, pp. 1041-1044.
688. T. Habutsu, Y. Nishio, I. Sasase, and S. Mori, "A Secret Key Cryptosystem by Iterating a
Chaotic Map, " Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag,
1991, pp. 127-140.
689. S. Hada and H. Tanaka, "An Improvement Scheme of DES against Differential
Cryptanalysis," Proceedings of the 1994 Symposium on Cryptography and Information
Security (SCIS 94), Lake Biwa, Japan, 27-29 Jan 1994, pp 14A. I-l l. fin Japanese. l
690. B.C.W. Hagelin, "The Story of the Hagelin Cryptos," Cryptologia, v. 18, n.3, Jul 1994, pp.
204-242.
691. T. Hansen and G.L. Mullen, "Primitive Polynomials over Einite Eields," Mathematics of
Computation, v. 59, n. 200, Oct 1992, pp. 639-643.
692. S. Harada and S. Kasahara, "An ID-Based Key Sharing Scheme Without Preliminary
Communication," IEICE Japan, Technical Report, ISEC89-38, 1989. (In Japanese ).
693. S. Harari, "A Correlation Cryptographic Scheme," EUROCODE '90 International
Symposium on Coding Theory, Springer-Verlag, 1991, pp. 180-192.
694. T. Hardjono and J. Seberry, "Authentication via Multi-Service Tickets in the Kuperee
Server, " Computer Security ESORICS 94, Springer-Verlag, 1994, pp. 144 160.
695. L. Harn and T. Kiesler, "New Scheme for Digital Multisignatures," Electronics Letters, v.
25, n. 15, 20 Jul 198Y, pp. 1002- 1003.
696. L. Harn and T. Kiesler, ''Improved Rabin's Scheme with High Efficiency, " Electronics
Letters, v. 25, n. 15, 20 Jul 1989, p. 1016.
697. L. Harn and T. Kiesler, "Two New Efficient Cryptosystems Based on Rabin's
Scheme, " Eifth Annual Computer Secunty Applications Conference, IEEE Computer Society
Press, 1990, pp. 263-270.
698. L. Harn and D.-C. Wang "Cryptanalysts and Modification of Digital Signature Scheme
Based on Error-Correeting Codes, " Electronics Letters, v. 28. n. 2, 10 Jan 1992, p. 157-
159.
699. L. Harn and Y. Xu, "Design of Generalized ElGamal Type Digital Signature Schemes
Based on Discrete Logarithm, " Electronics Letters, v. 30, n. 24. 24 Nov 1994, p. 2025-
2026.
700. L. Harn and S. Yang, "Group-Oriented Undeniable Signature Schemes without the
Assistance of a Mutually Trusted Party," Advances in Cryptology AUSCRYPT '92
Proceedings, Springer- Verlag, 1993, pp. 133-142.
701. G. Harper, A. Menezes, and S. Vanstone, "Public-Key Cryptosystems with Very Small
Key Lengths," Advances in Cryptology EUROCRYPT '92 Proceedings, Springer-Verlag
1993, pp. 163-173.
702. C. Harpes, "Notes on High Order Differen- tial Cryptanalysis of DES, " internal report,
Signal and Information Processing Labora- tory, Swiss Eederal Institute of Technology,
Aug 1993.
703. G.W. Hart, "To Decode Short Cryptograms," Communications of the ACM, 717. v. 37, n.
9, Sep 1994, pp. 102-108.
704. J. Hastad, "On Using RSA with Low Exponent in a Public Key Network," Advances in
Cryptology CRYPTO '85 Proceedings, Springer-Verlag 1986, pp. 403-408.
705 1 Hastad and A. Shamir, "The Cryptographic Secunty of Truncated Linearly Related
Variables, " Proceedings of the 1 7th Annual ACM Symposium on the Theory of
Computing, 1985, pp. 356-362.
706. R.C. Hauser and E.S. Lee, "Verification and Modelling of Authentication Protocols, "
ESORICS 92, Proceedings of the Second European Symposium on Research in Computer
Security, Springer-Verlag 1992, pp. 131-154.
707. B. Hayes, "Anonymous One-Time Signatures and Elexible Untraceable Electronic Cash,"
Advances in Cryptology AUSCRYPT '90 Proceedings, Springer Verlag, 1990, pp. 294-
305.
708. D.K. He, "LUC Public Key Cryptosystem and its Properties," CHINACRYPT '94, Xidian,
China, 11-15 Nov 1994, pp. 60-69. (In Chinese.)
709. J. He and T. Kiesler, "Enhancing the Security of ElGamal's Signature Scheme," IKE
Proceedings on Computers and Digital Techniques, v. 141, n.3, 1994. pp.193-195.
710. E.H. Hebern, "Electronic Coding Machine, " U.S. Patent #1,510,441, 30 Sep 1924.
711. N. Heintze and J.D. Tygar, "A Model for Secure Protocols and their Compositions, "
Proceedings of the 1994 IEEE Computer Society Symposium on Research in Secu rity and
Privacy 1994, pp. 2-13.
712. M.E. Hellman, "An Extension of the Shannon Theory Approach to Cryptography," IEEE
Transactions on Information Theory, v. IT-23, n. 3, May 1977, pp. 289-294.
713. M.E. Hellman, "The Mathematics of Public-Key Cryptography," Scientihc American, v. 241,
n. 8, Aug 1979, pp. 146-157.
714. M.E. Hellman, "DES Will Be Totally Insecure within Ten Years, " IEEE Spectrum, v. 16,
n. 7, Jul 1979, pp. 32-39.
715. M.E. Hellman, "On DES-Based Synchronous Encryption," Dept. of Electrical Engineering
Stanford University, 1980.
716. M.E. Hellman, "A Cryptanalytic Time- Memory Trade Off," IEEE Transactions on
Information Theory, v. 26, n. 4, Jul 1980, pp. 401-406.
717. M.E. Hellman, "Another Cryptanalytic Attack on Cryptosystem for Multiple
Communications', " Information Processing Letters, v. 12, 1981. pp. 182-183.
718. M.E. Hellman, W. Diffie, and R.C. Merkle, "Cryptographic Apparatus and Method," U.S.
Patent #4,200,770, 29 Apr 1980.
719. M.E. Hellman, W. Diffie, and R.C. Merkle, "Cryptographic Apparatus and Method,"
Canada Patent #1,121,480, 6 Apr 1982.
720. M.E. Hellman and R.C. Merkle, "Public Key Cryptographic Apparatus and Method," U.S.
Patent #4,218,582, 19 Aug 1980.
721. M.E. Hellman, R. Merkle, R. Schroeppel, L. Washington, W. Diffie, S. Pohlig, and R
Schweitzer, "Results of an Initial Attempt to Cryptanalyze the NBS Data Encryption
Standard," Technical Report SEL 76-042, Information Systems Lab, Department of
Electrical Engineering Stanford University, 1976.
722. M.E. Hellman and S.C. Pohlig, "Exponentiation Cryptographic Apparatus and Method,"
U.S. Patent #4,424,414, 3 Jan 1984.
723. M.E. Hellman and J.M. Reyneri, "Distribution of Drainage in the DES," Advances in
Cryptology: Proceedings of Crypto 82, Plenum Prcss, 1983, pp. 129-131.
724. E Hendessi and M.R. Arcf, "A Successful Attack Against the DES, " Third Canadian
Workshop on Information Theory and Applications, Springer-Verlag, 1994, pp. 78-90.
725. T. Herlestam, "Critical Remarks on Some 738. Public-Key Cryptosystems, " BIT, v. 18,
1978, pp. 493-496.
726. T. Herlestam, "On Etmctions of Linear Shift Register Sequences", Advances in
Cryptology EUROCRYPT '85, Springer Verlag, 1986, pp. 119-129.
727. T. Herlestam and R. Iohannesson, "On Computing Logarithms over GE (2P),'' BIT, 740.
v. 21, 1981, pp. 326-334.
728. H.M. Heys and S.E. Tavares, "On thc Security of the CAST Encryption Algorithm,"
Proceedings of the Canadian Conference on Electrical and Computer Engineenng, Halifax,
Nova Scotia, Sep 1994, pp. 332-335.
729. H.M. Heys and S.E. Tavares, "The Design of Substitution-Permutation Networks
Resistant to Differential and Linear Cryptanalysis," Proceedings of the 2nd Annual ACM
Conference on Computer and Communications Security, ACM Press, 1994, pp. 148-155.
730. E. Heyst and T.P. Pederson, "How to Make Eail-Stop Signatures," Advances in Cryptology
EUROCRYPT '92 Proceedings, Springer-Verlag 1993, pp. 366-377.
731. E. Heyst, T.R Pederson, and B. Pfitzmann, "New Construction of Eail-Stop Signatures and
Lower Bounds," Advances in Cryptology CRYPTO '92 Proceedings, Springer-Verlag
1993, pp. 15-30.
732. L.S. Hill, "Cryptography in an Algebraic Alphabet," American Mathematical Monthly, v. 36,
Jun-Jul 1929, pp. 306-312.
733. P.J.M. Hin, "Channel-Error-Correcting Privacy Cryptosystems," Ph.D. dissertation, Delft
University of Technology, 1986. (In Dutch).
734. R. Hirschield, "Making Elcctronic Refunds Safer, " Advances in Cryptology CRYPTO '92
Proceedings, Springer-Verlag, 1993, pp. 106-112.
735. A. Hodges, Alan Turing: The Enigma of Intelligence, Simon and Schuster, 1983.
736. W. Hohl, X. Lai, T. Meier, and C. Waldvogel, "Security of Iterated Hash Eunctions Based
on Block Ciphers, " Advances in Cryptology CRYPTO '93 Proceedings, Springer-
Verlag, 1994, pp. 379-390.
737. E. Hoornaert, M. Decroos, J. Vandewalle, and R. Govaerts, "East RSA-Hardware: Dream
or Reality?" Advances in Cryptology E UROCRYPT '88 Proceedings, Springer-Verlag,
1988, pp. 257-264.
738. E. Hoornaert, J. Goubert, and Y. Desmedt, "Efficient Hardware Implementation of the
DES," Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp.
147-173.
739. E. Horowitz and S. Sahni, Eundamentals of Computer Algonthms, Rockville, MD:
Computer Science Press, 1978.
740. R Horster, H. Petersen, and M. Michels, "Meta-EIGamal Signature Schemes," Proceedings
of the 2nd Annual ACM Conference on Computer and Communications Security, ACM
Press, 1994, pp. 96-107.
741. R Horster, H. Petersen, and M. Michels, "Meta Message Recovery and Meta Blind
Signature Schemes Based on the Discrete Logarithm Problem and their Applications, "
Advances in Cryptology ASIACRYPT '94 Proceedings, Springer-Verlag, 1995, pp. 224-
237.
742. L.K. Hua, Introduction to Number Theory, Springer-Verlag, 1982.
743. K. Huber, "Specialized Attack on Chor-Rivest Public Key Cryptosystem, " Electronics
Letters, v.27, n. 23, 7 Nov 1991, pp. 2130-2131.
744. E. Hughes, "A Cypherpunk's Manifesto, " 9 Mar 1993.
745. E. Hughes, "An Encrypted Key Transmission Protocol," presented at the rump s ession of
CRYPTO '94, Aug 1994.
746. H. Hule and W.B. Muller, "On the RSA- Cryptosystem with Wrong Keys," Contributions to
General Algebra 6, Vienna: Verlag Holder-Pichler-Tempsky, 1988, pp. 103-109.
747. H.A. Hussain, J.W.A. Sada, and S.M. Kalipha, "New Multistage Knapsack Public-Key
Cryptosystem," International Journal of Systems Science, v. 22, n. 11, Nov 1991, pp.
2313-2320.
748. T. Hwang, "Attacks on Okamoto and Tanaka's One-Way ID-Based Key Distribution
System," Information Processing Letters,v.43,n.2,Augl992, pp.83-86.
749. T. Hwang and T.R.N. Rao, "Secret Error- Correcting Codes (SECC )." Advances in
Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 540-563.
750. C. Ianson and C. Mitchell, "Security Defects in CCITT Recommendation X.509 the
Directory Authentication Eramework," Computer Communications Review, v. 20, n. 2,
Apr 1990, pp. 30-34.
751. IBM, "Common Cryptographic Architecture: Cryptographic Application Programming
Interface Reference," SC40-1675-1, IBM Corp., Nov 1990.
752. IBM, "Common Cryptographic Architecture: Cryptographic Application Programming
Interface Reference Public Key Algorithm," IBM Corp., Mar 1993.
753. R. Impagliazzo and M. Yung, "Direct Minimum-Knowledge Computations, " Advances in
Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 40-51.
754. I. Ingemarsson, "A New Algorithm for the Solution of the Knapsack Problem," Lecture
Notes in Computer Science 149; Cryptography: Proceedings of the Workshop on
Cryptography, Springer-Verlag, 1983, pp. 309-315.
755. I. Ingemarsson, "Delay Estimation for Truly Random Binary Sequences or How to
Measure the Length of Rip van Winkle's Sleep," Communications and Cryptography: Two
Sides of One Tapestry, R.E. Blahut ct al., eds., Kluwer Adademic Pub- lishcrs, 1994, pp.
179-186.
756. I. Ingemarsson and G.J. Simmons, "A Protocol to Set Up Shared Secret Schemes without the
Assistance of a Mutually Trusted Party," Advances in Cryptology EUROCRYPT '90
Proceedings, Springer-Verlag, 1991, pp. 266-282.
757. I. Ingemarsson, D.T. Tang, and C.K. Wong, "A Conference Key Distribution System," IEEE
Transactions on Information Theory, v. IT-28, n. 5, Sep 1982, pp. 714-720.
758. ISO DIS 8730, "Banking Requirements for Message Authentication Wholesale," Association
for Payment Clearing Services, London, Jul 1987.
759. ISO DIS 8781-1, "Banking Approved Algorithms for Message Authentication Part 1: DEA"
Association for Payment Clearing Services, London, 1987.
760. ISO DIS 8731-2, "Banking Approved Algorithms for Message Authentication Part 2:
Message Authenticator Algorithm, " Association for Payment Clearing Services, London,
1987.
761. ISO DIS 8732, "Banking Key Management (Wholesaled ) " Association for Payment Clearing
Services, London, Dec 1987.
762. ISO/IEC 9796, "Information Technology Security Techniques . Digital Signature Scheme
Giving Message Recovery," International Organization for Standardization, Jul 1991.
763. ISO/IEC 9797, "Data Cryptographic Techniques . Data Integrity Mechanism Using a
Cryptographic Check Eunction Employing a Block Cipher Algorithm," International
Organization for Standardization, 1989.
764. ISO DIS 10118 DRAET, "Information Technology Security Techniques . Hash Eunctions"
International Organization for Standardization, 1989.
765. ISO DIS 10118 DRAET, "Information Technology Security Techniques . Hash Eunctions"
International Organization for Standardization, April 1991.
766. ISO N98, "Hash Eunctions Using a Pseudo Random Algorithm,'' working document, ISO-
IEC/JTC 1 /SC27/WG2, International Organization for Standardization, 1992.
767. ISO N179, "AR Eingerprint Eunction," working document, ISO-IEC/JTC1/SC27/ WG2,
International Organization for Standardization, 1992.
768. ISO/IEC 10118, "Information Technology Security Techniques . Hash Eunctions Part 1:
General and Part 2: Hash-Eunctions Using an e-Bit Block Cipher Algorithm, " International
Organization for Standardization, 1993.
769. K. Ito, S. Kondo, and Y. Mitsuoka, "SXAL8/MBAL Algorithm," Technical Report,
ISEC93-68, IEICE Japan, 1993. (In Japancsc. )
770. K.R. Iversen, "The Application of Cryptographic Zero-Knowledge Techniques in
Computerized Secret Ballot Election Schemes, " Ph.D. dissertation, IDT-report 1991:3,
Norwegian Institute of Technology, Eeb 1991.
771. K.R. Iversen, "A Cryptographic Scheme for Computerized General Elections, " Advances
in Cryptology CRYPTO '91 Proceedings, Springcr-Vcrlag, 1992, pp. 405 -419.
772. K. Iwamura, T. Matsumoto, and H. Imai, "An Implcmcutation Method for RSA Cryp-
tosystem with Parallel Processing ", Transactions of the Institute of Electronics,
Information, and Communication Engineers, v. J75-A, n. 8, Aug 1992, pp. 1301-1311.
773. W.J. Jaburek, "A Generalization of ElGamal's Public Key Cryptosystem, " Advances in
Cryptology EUROCRYPT '89 Proceedings, 1990, Springer-Verlag, pp. 23-28.
774. N.S. James, R. Lidl, and H. Niederreiter, "Breaking the Cade Cipher," Advances in
Cryptology CRYPTO '86 Proceedings, 1987, Springer-Verlag, pp. 60-63.
775. C.J.A. Jansen, "On the Key Storage Requirements for Secure Terminals'" Computers and
Security, v. 5, n. 2, Jun 788. 1986, pp. 145-149.
776. C.J.A. Jansen, "Investigations on Nonlinear Strcamcipher Systems: Construction and
Evaluation Methods," Ph.D. dissertation, Technical University of Delft, 1989.
777. C.J.A. Jansen and D.E. Boekee, "Modes of Blockcipher Algorithms and their Protection
against Active Eavesdropping, " Advances in Cryptology EUROCRYPT '87 Proceedings,
Springer-Verlag, 1988, pp. 281-286.
778. S.M. Jennings, "A Special Class of Binary Sequences," Ph.D. dissertation, University of
London, 1980.
779. S.M. Jennings, "Multiplexed Sequences: Some Properties of the Minimum Polynomial,"
Lecture Notes in Computer Science 149; Cryptography: Proceedings of the Workshop on
Cryptography, Springer-Verlag, 1983, pp. 189-206.
780. S.M. Jennings, "Autocorrelation Eunction of the Multiplexed Sequence, " IKE Pro
ceedings, v. 131, n. 2, Apr 1984, pp. 169-172.
781. T. Jin, "Care and Eeeding of Your Three Headed Dog, " Document Number IAG-90 -011,
Hewlett-Packard, May 1990.
782. T. Jin, "Living with Your Three-Headed Dog," Document Number IAG-90-012, Hewlett-
Packard, May 1990.
783. A. Jiwa, J. Seberry. and Y. Zheng, "Beacon Based Authentication," Computer Security
ESORICS 94, Springer-Verlag, 1994, pp. 125-141.
784. D.B. Johnson, G.M. Dolan, M.J. Kelly, A.V. Le, and S.M. Matyas, "Common Cryptographic
Architecture. Cryptographic Application Programming Interface," IBM Systems journal, v.
30, n.2, 1991, pp.130-150.
785. D.B. Johnson, S.M. Matyas, A.V. Le. and J.D. Wilkins, "Design of the Commercial Data
Masking Eacility Data Privacy Algorithm," 1st ACM Conference on Computer and
Communications Security, ACM Press, 1993, pp. 93-96.
786. J.R Jordan, "A Variant of a Public-Key Cryptosystem Based on Goppa Codes," Sigact
News, v. 15, n. 1, 1983, pp. 61-66.
787. A. Joux and L. Granboulan, "A Practical Attack Against Knapsack Based Hash Eunctions"
Advances in Cryptology EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to
appear.
788. A. Joux and J. Stern, "Cryptanalysis of Another Knapsack Cryptosystem, " Advances in
Cryptology ASIACRYPT '91 Proceedings, Springer-Verlag, 1993, pp. 470-476.
789. R.R. Jueneman, "Analysis of Certain Aspects of Output-Eeedback Mode, " Advances in
Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp.99-127.
790. R.R. Jueneman, "Electronic Document Authentication, " IEEE Network Magazine, v. 1,
n.2, Apr 1978, pp. 17-23.
791. R.R. Jueneman, "A High Speed Manipulation Detection Code," Advances in Cryptology
CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 327-346.
792. R.R. Jueneman, S.M. Matyas, and C.H. Meyer, "Message Authentication with
Manipulation Detection Codes," Proceedings of the 1983 IEEE Computer Society
Symposium on Research in Security and Privacy, 1983, pp. 733-54.
793. R.R. Jucncman, S.M. Matyas, and C.H. Meyer, "Message Authentication, " IEEE
Communications Magazine, v. 23, n. 9, Sep 1985, pp. 29 40.
794. D. Kahn, The Codebreakers: The Story of Secret Writing, New York: Macmillan
Publishing Co., 1967.
795. D. Kahn, Kahn on Codes, New York: Macmillan Publishing Co., 1983.
796. D. Kahn, Seizing the Enigma, Boston: Houghton Mifflin Co., 1991.
797. P. Kaijser, T. Parker, and D. Pinkas, "SESAME: The Solution to Security for Open
Distributed Systems," Journal of Computer communications, V. 17, n. 4, Jul 1994, pp.
501-518.
798. R. Kailar and V.D. Gilgor, "On Belief Evolution in Authentication Protocols," Proceedings of
the Computer Security Eoundations Workshop IV, IEEE Computer Society Press, 1991,
pp. 102-116.
799. B.S. Kaliski, "A Pseudo Random Bit Generator Based on Elliptic Logarithms," Master's
thesis, Massachusetts Institute of Technology, 1987.
800. B.S. Kaliski, letter to NIST regarding DSS, 4 Nov 1991.
801. B.S. Kaliski, "The MD2 Message Digest Algorithm," REC 1319, Apr 1992.
802. B.S. Kaliski, "Privacy Enhancement for Internet Electronic Mail: Part IV: Key Cer-
tificates and Related Services," REC 1424, Eeb 1993.
803. B.S. Kaliski, "An Overview of the PKCS Standards," RSA Laboratories, Nov 1993.
804. B.S. Kaliski, "A Survey of Encryption Standards, IEEE Micro, v. 13, n. 6, Dec 1993, pp.
74-81.
805. B.S. Kaliski, personal communication, 1993.
806. B.S. Kaliski, "On the Security and Performance of Several Triple-DES Modes," RSA
Laboratories, draft manuscript, Jan 1994.
807. B.S. Kaliski, R.L. Rivest, and A.T. Sherman, "Is the Data Encryption Standard a Group?",
Advances in Cryptology EUROCRYPT '85, Springer-Verlag, 1986, pp. 81-95.
808. B.S. Kaliski, R.L. Rivest, and A.T. Sherman, "Is the Data Encryption Standard a Pure
Cipher? Results of More Cycling Experiments in DESK, " Advances in Cryptology
CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 212-226.
809. B.S. Kaliski, R.L. Rivest, and A.T. Sherman, "Is the Data Encryption Standard a Group?
(Results of Cycling Experiments on DESK," Journal of Cryptology v. 1, n. 1, 1988, pp. 3-
36.
810. B.S. Kaliski and M.J.B. Robshaw, "East Block Cipher Proposal," East Software
Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 33 40.
811. B.S. Kaliski and M.J.B. Robshaw, "Linear Cryptanalysis Using Multiple Approximations,"
Advances in Cryptology CRYPTO '94 Proceedings, Springer-Verlag, 1994, pp. 26-39.
812. B.S. Kaliski and M.J.B. Robshaw, "Linear Cryptanalysis Using Multiple Approximations and
PEAL," K.U. Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to
appear.
813. R.G. Kammer, statement before the U.S. government Subcommittee on Telecommunications
and Einance, Committee on Energy and Commerce, 29 Apr 1993.
814. T. Kaneko, K. Koyama, and R. Terada, "Dynamic Swapping Schemes and Differential
Cryptanalysis, Proceedings of the 1993 Korea- Japan Workshop on Information Security
and Cryptography Seoul, Korea, 24-26 Oct 1993, pp. 292-301.
815. T. Kaneko, K. Koyama, and R. Terada, "Dynamic Swapping Schemes and Differential
Cryptanalysis," Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. E77-A, n. 8, Aug 1994, pp. 1328-1336.
816. T. Kaneko and H. Miyano, "A Study on the Strength Evaluation of Randomized DES-
Like Cryptosystems against Chosen Plaintext Attacks, " Proceedings of the 1993
Symposium on Cryptography and Information Security (SCIS 93), Shozenji, Japan, 28-30
Jan 1993, pp. 15C.1-10.
817. J. Karl, "A Cryptosystem Based on Propositional Logic," Machines, Languages, and
Complexity: 5th International Meeting of Young Computer Scientists, Selected Con-
tributions, Springer-Verlag, 1989, pp. 210-219.
818. E.D. Karnin, J.W. Greene, and M.E. Hellman, "On Sharing Secret Systems," IEEE
Transactions on Information Theory v. IT- 29, 1983, pp. 35 41.
819. E.W Kasiski, Die Geheimschriften and die Dechiffrir-kunst, E.S. Miller und Sohn, 1863. In
German.
820. A. Kehne, J. Schonwalder, and H. Langendorfer, "A Nonce-Based Protocol for Multiple
Authentications," Operating Systems Review, v. 26, n. 4, Oct 1992, pp. 84-89.
821. J. Kelsey, personal communication, 1994.
822. R. Kemmerer, "Analyzing Encryption Protocols Using Eormal Verification Techniques, "
IEEE Journal on Selected Areas in Communications, v. 7, n. 4, May 1989, pp. 448 457.
823. R. Kemmerer, C.A. Meadows, and J. Millen, "Three Systems for Cryptographic Protocol
Analysis," Journal of Cryptology v. 7, n. 2, 1994, pp. 79-130.
824. S.T. Kent, "Encryption-Based Protection Protocols for Interactive User-Computer
Communications, " MIT/LCS/TR162, MIT Laboratory for Computer Science, May 1976.
825. S.T. Kent, "Privacy Enhancement for Internct Electronic Mail: Part II: Certificate Based Key
Management," REC 1422, Eeb 1993.
826. S.T. Kent, "Understanding the Internet Certification System, " Proceedings of INET '93,
The Internet Society, 1993, pp. BAB 1 -BAB 10.
827. S.T. Kent and J. Linn, "Privacy Enhaneement for Internet Electronic Mail: Part II:
Certificate-Based Key Management," REC 1114, Aug 1989.
828. V. Kessler and G. Wedel, "AUTOLOG An Advanced Logic of Authentication," Proceedings
of the Computer Security Eoundations Workshop, IEEE Computer Society Press, 1994, pp.
90-99.
829. E.L. Key, "An Analysis of the Structure and Complexity of Nonlinear Binary Sequence
Generators," IEEE Transactions on Information Theory v. IT-22, n. 6, Nov 1976, pp. 732-
736.
830. T. Kiesler and L. Harn, "RSA Blocking and Multisignature Schemes with No Bit
Expansion," Electronics Letters, v. 26, n. 18, 30 Aug 1990, pp. 1490-1491.
831. J. Kilian, Crises of Randomness in Algorithms and Protocols, MIT Press, 1990.
832. J. Kilian, "Achieving Zero-Knowledge Robustly, " Advances in Cryptology CRYPTO 90
Proceedings, Springer-Verlag, 1991, pp. 313-325.
833. J. Kilian and T. Leighton, "Eailsafe Key Escrow," MIT/LCS/TR-636, MIT Laboratory for
Computer Science, Aug 1994.
834. K. Kim, "Construction of DES-Like S-Boxes Based on Boolean Eunctions Satisfying the
SAC, " Advances in Cryptology, ASIACRYPT 91 Proceedings, Springer -Verlag, 1993, pp.
59-72.
835. K. Kim, S. Lee, and S. Park, "Necessary Conditions to Strengthen DES S-Boxes Against
Linear Cryptanalysis," Proceedings of the 1994 Symposium on Cryptography and
Information Secunty (SCIS 94), Lake Biwa, Japan, 27-29 Jan 1994, pp. 15D.1-9.
836. K. Kim, S. Lee, and S. Park, "How to Strengthen DES against Differential Attack, "
unpublished manuscript, 1994.
837. K. Kim, S. Lee, S. Park, and D. Lee, "DES Can Be Immune to Differential Cryptanalysis, "
Workshop on Selected Areas in Cryptography Workshop Record, Kingston, Ontario, 5-6
May 1994, pp. 70-81.
838. K. Kim, S. Park, and S. Lee, "How to Strengthen DES against Two Robust Attacks,"
Proceedings of the 1995 Japan-Korea Workshop on Information Security and
Cryptography Inuyama, Japan, 24-27 Jan 1995, 173-182.
839. K. Kim, S. Park, and S. Lee, "Reconstruction of s2DES S-Boxes and their Immunity to
Differential Cryptanalysis, " Proceedings of the 1993 Korea- Japan Workshop on
Information Security and Cryptography, Seoul, Korea, 24-26 Oct l 993, pp.282-291.
840. S. Kim and B.S. Um, "A Multipurpose Membership Proof System Based on Discrete
Logarithm," Proceedings of the 1993 Korea- Japan Workshop on Information Security
and Cryptography, Seoul, Korea, 24-26 Oct 1993, pp. 177-183.
841. P. Kinnucan, "Data Encryption Gurus: Tuchman and Meyer," Cryptologia, v. 2, n. 4, Oct
1978.
842. A. Klapper, "The Vulnerability of Geometric Sequences Based on Eields of Odd
Characteristic," Journal of cryptology v. 7, n. 1, 1994, pp. 33-52.
843. A. Klapper, "Eeedback with Carry Shift Registers over Einite Eields," K. U. Leuven
Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
844. A. Klapper and M. Goresky, "2-adic Shift Registers, " East Software Encryption,
Cambridge Security Workshop l'roceed- ings, Springer-Verlag, 1994, pp. 174-178.
845. A. Klapper and M. Goresky, "2-adic Shift Registers," Technical Report #239-93,
Department of Computer Science, University of Kentucky, 19 Apr 1994.
846. A. Klapper and M. Goresky, "Large Period Nearly de Bruijn ECSR Sequences, " Advances
in Cryptology EUROCRYPT 95 Proceedings, Springer-Verlag, 1995, pp. 263-273.
847. D.V. Klein, "'Eoiling the Cracker: A Survey of, and Implications to, Password Security,"
Proceedings of the USENIX UNIX Security Workshop, Aug 1990, pp. 5-14.
848. D.V Klein, personal communication, 1994.
849. C.S. Kline and G.J. Popek, "Public Key vs. Conventional Key Cryptosystems," Proceedings
of AEIPS National Computer Conference, pp. 831-837.
850. H.-J. Knobloch, "A Smart Card Implementation of the Eiat-Shamir Identification Scheme,"
Advances in Cryptology EUROCRPYT '88 Proceedings, Springer-Verlag, 1988, pp. 87-
95.
851. T. Knoph, J. Eropl, W. Beller, and T.Giesler, "A Hardware Implementation of a Modified
DES Algorithm," Microprocessing and Microprogramming, v. 30, 1990, pp. 59-66.
852. L.R. Knudsen, "Cryptanalysts of LOKI," Advances in Cryptology ASIACRYPT '91
Proceedings, Springer-Verlag, 1993, pp. 22-35.
853. L.R. Knudsen, "Cryptanalysts of LOKI," Cryptography and Coding 111, M.J. Ganley, ed.,
Oxford: Clarendon Press, 1993, pp. 223-236.
854. L.R. Knudsen, "Cryptanalysts of LOKI91," Advances in Cryptology AUSCRYPT '92
Proceedings, Springer-Verlag, 1993, pp. 196-208.
855. L.R. Knudsen, "Iterative Characteristics of DES and sZDES," Advances in Cryptology
CRYPTO '92, Springer-Verlag, 1993, pp. 497-511.
856. L.R. Knudsen, "An Analysis of Kim, Park and Lee's DES-Like S-Boxes," unpublished
manuscript, 1993.
857. L.R. Knudsen, "Practically Secure Eeistel Ciphers," East Software Encryption, Cam-
bridge Secunty Workshop Proceedings, Springer-Verlag, 1994, pp. 211-221.
858. L.R. Knudsen, "Block Ciphers Analysis, Design, Applications," Ph.D. dissertation, Aarhus
University, Nov 1994.
859. L.R. Knudsen, personal communication, 1994.
860. L.R. Knudsen, "Applications of Higher Order Differentials and Partial Differentials, " K. U
Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
861. L.R. Knudsen and X. Lai, "New Attacks on All Double Block Length Hash Eunctions of
Hash Rate 1, Including the Parallel-DM," Advances in Cryptology EUROCRYPT '94
Proceedings, Springer-Verlag, 1995, to appear.
862. L.R. Knudsen, "A Weakness in SAEER K-64, " Advances in Cryptology-CRYPT O '95
Proceedings, Springer-Verlag, 1995, to appear.
863. D. Knuth, The Art of Computer Programming: Volume 2, Seminumerical Algo rithms, 2nd
edition, Addison-Wesley, 1981.
864. D. Knuth, "Deciphering a Linear Congruential Encryption," IEEE Transactions on
Information Theory, v. IT-31, n. 1, Jan 1985, pp. 49-52.
865. K. Kobayashi and L. Aoki, "On Linear Cryptanalysis of MBAL, " Proceedings of the 1995
Symposium on Cryptography and Information Security (SCIS 95, Innyama, Japan, 24-27
Jan 1995, pp. A4.2.1-9.
866. K. Kobayashi, K. Tamura, and Y. Nemoto, "Two-dimensional Modified Rabin
Cryptosystem," Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. J72-D, n. 5, May 1989, pp. 850-851. (In Japanese. )
867. N. Koblitz, "Elliptic Curve Cryptosystems, " Mathematics of Computation, v. 48, n. 177,
1987, pp. 203-209.
868. N. Koblitz, "A Eamily of Jacobians Suitable for Discrete Log Cryptosystems, " Advances
in Cryptology CRYPTO '88 Proceedings, Springer-Verlag 1990, pp. 94 -99.
869. N. Koblitz, "Constructing Elliptic Curve Cryptosystems in Characteristic 2," Advances in
Cryptology CRYPTO '90 Proceedings, Springer-Verlag 1991, pp. 15 6-167.
870. N. Koblitz, "Hyperelliptic Cryptosystems," Journal of Cryptology, v. 1, n. 3, 1989, pp.
129-150.
871. N. Koblitz, "CM-Curves with Good Cryptographic Properties, " Advances in Cryptology
CRYPTO '91 Proceedings, Springer-Verlag, 1992, pp. 279-287.
872. C.K. Koc, "High-Speed RSA Implementation," Version 2.0, RSA Laboratories, Nov 1994.
873. M.J. Kochanski, "Remarks on Lu and Lee's Proposals," Crypto logia, v. 4, n. 4, 1980, pp.
204-207.
874. M.J. Kochanski, "Developing an RSA Chip," Advances in Cryptology CRYPTO '85
Proceedings, Springer-Verlag, 1986, pp. 350-357.
875. J.T. Kohl, "The Use of Encryption in Kerberos for Network Authentication," Advances in
Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp.35 -43.
876. J.T. Kohl, "The Evolution of the Kerberos Authentication Service," Eur opean Conference
Proceedings, May 1991, pp. 295-313.
877. J.T. Kohl and B.C. Neuman, "The Kerberos Network Authentication Service, " REC
1510, Sep 1993.
878. J.T. Kohl, B.C. Neuman, and T. Ts'o, "The Evolution of the Kerberos Authentication
System," Distributed Open Systems, IEEE Computer Society Press, 1994, pp. 78-94.
879. Kohnfelder, "Toward a Practical Public Key Cryptosystem, " Bachelor's thesis, MIT
Department of Electrical Engineering, May 1978.
880. A. G. Konheim, Cryptography: A Primer, New York: John Wiley & Sons, 1981.
881. A.G. Konheim, M.H. Mack, R.K. McNeill, B. Tuckerman, and G. Waldbaum, "The IPS
Cryptographic Programs," IBM Systems journal, v. 19, n. 2, 1980, pp. 253-283.
882. V.I. Korzhik and A.I. Turkin, "Cryptanalysis of McEliece's Public-Key Cryptosystem,"
Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 68-
70.
883. S.C. Kothari, "Generalized Linear Threshold Scheme," Advances in Cryptology:
Proceedings of CRYPTO 84, Springer -Verlag, 1985, pp. 231-241.
884. J. Kowalchuk, B.R Schanning, and S. Powers, "Communication Privacy: Integration of
Public and Secret Key Cryptography," Proceedings of the National Telecommunication
Conference, IEEE Press, 1980, pp. 49.1.1 49.1.5.
885. K. Koyama, "A Master Key for the RSA Public-Key Cryptosystem," Transactions of the
Institute of Electronics, Information, and Communication Engineers, v. J65-D, n. 2, Eeb
1982, pp. 163-170.
886. K. Koyama, "A Cryptosystem Using the Master Key for Multi-Address Communications,"
Transactions of the Institute of Electronics, Information, and Communication Engineers,
v. J65-D, n. 9, Sep 1982, pp. 1151-1158.
887. K. Koyama, "Demonstrating Membership of a Group Using the Shizuya-Koyama -Itoh
(SKI) Protocol," Proceedings of the 1989 Symposium on Cryptography and Information
Security ( SCIS 89), Gotenba, Japan, 1989.
888. K. Koyama, "Direct Demonstration of the Power to Break Public-Key Cryptosystems, "
Advances in Cryptology AUSCRYPT '90 Proceedings, Springer-Verlag, 1990, pp. 14-21.
889. K. Koyama, "Security and Unique Decipherability of Two-dimensional Public Key
Cryptosystems," Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. E73, n. 7, Jul 1990, pp. 1057-1067.
890. K. Koyama, U.M. Maurer, T. Okamoto, and S.A. Vanstone, "New Public-Key Schemes
Based on Elliptic Curves over the Ring Zn" Advances in Cryptology CRYPTO '91
Proceedings, Springer-Verlag, 1992, pp. 252-266.
891. K. Koyama and K. Ohta, "Identity-based Conference Key Dist ribution System," Ad-
vances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp.175-184.
892. K. Koyama and T. Okamoto, "Elliptic Curve Cryptosystems and Their Applications, "
IEICE Transactions on Information and Systems, v. E75-D, n. 1, Jan 1992, pp. 50-57.
893. K. Koyama and R. Terada, " How to Strengthen DES-Like Cryptosystems against
Differential Cryptanalysis," Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. E76-A, n. 1, Jan 1993, pp. 63-69.
894. K. Koyama and R. Terada, "Probabilistic Swapping Schemes to Strengthen DES against
Differential Cryptanalysis, " Proceedings of the 1993 Symposium on Cryptography and
Information Security (SCIS 93), Shuzenji, Japan, 28-30 Jan 1993, pp. 15D.1-12.
895. K. Koyama and Y. Tsuruoka, "Speeding up Elliptic Cryptosystems Using a Singled Binary
Window Method, " Advances in Cryptology CRYPTO '92 Proceedings, Springer-Verlag,
1993, pp. 345-357.
896. E. Kranakis, Pnmality and Cryptography, Wiler-Teubner Series in Computer Science, 1986.
897. D. Kravitz, "Digital Signature Algorithm," U.S. Patent #5,231,668, 27 Jul 1993.
898. D. Kravitz and L. Reed, "Extension of RSA Cryptostructure: A Galois Approach, "
Electronics Letters, v. 18, n. 6, 18 Mar 1982, pp. 255-256.
899. H. Krawczyk, "How to Predict Congruential Generators," Advances in Cryptology
CRYPTO'89 Proceedings, Springer- Verlag, 1990, pp. 138-153.
900. H. Krawczyk, "How to Predict Congruential Generators," Journal of Algorithms, v. 13, n.
4, Dec 1992, pp. 527-545.
901. H. Krawczyk, "The Shrinking Generator: Some Practical Considerations," East Software
Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 45
46.
902. G.J. Kuhn, "Algorithms for Self-Synchronizing Ciphers," Proceedings of COMSIG 88, 1988.
903. G.J. Kuhn, E. Bruwer, and W. Smit, "'n Vinnige Veeldoelige Enkripsievlokkie, " Pro-
ceedings of Infosec 90, 1990. (In Afrikaans.)
904. S. Kullback, Statistical Methods in Cryptanalysis, U.S. Government Printing Office, 1935.
Reprinted by Aegean Park Press, 1976.
905. RV. Kumar, R.A. Scholtz, and L.R. Welch, "Generalized Bent Eunctions and their Prop-
erties," Journal of Combinational Theory, Series A, v. 40, n. 1, Sep 1985, pp. 90-107.
906. M. Kurosaki, T. Matsumoto, and H. Imai, "Simple Methods for Multipurpose
Certification," Proceedings of the 1989 Symposium on Cryptography and Information
Security (SCIS 89), Gotenba, Japan, 1989.
907. M. Kurosaki, T. Matsumoto, and H. Imai, "Proving that You Belong to at Least One of
the Specified Groups," Proceedings of the 1990 Symposium on Cryptography and
Information Security (SCIS 90), Hihondaira, Japan, 1990.
908. K. Kurosawa, "Key Changeable ID-Based Cryptosystem," Electronics Letters, v. 25, n. 9,
27 Apr 1989, pp. 577-578.
909. K. Kurosawa, T. Ito, and M. Takeuchi, "Public Key Cryptosystem Using a Reciprocal
Number with the Same Intractability as Eactoring a Large Number," Cryptologia, v. 12, n.
4, Oct 1988, pp. 225-233.
910. K. Kurosawa, C. Park, and K. Sakano, "Group Signer/Verifier Separation Scheme,"
Proceedings of the 1995 Japan-Korea Workshop on Information Security and Cryptography,
Inuyama, Japan, 24-27 Jan 1995, 134-143.
911. G.C. Kurtz, D. Shanks, and H.C. Williams, "East Primality Tests for Numbers Less than
50*10" Mathematics of Computation, v. 46, n. 174, Apr 1986, pp. 691-701.
912. K. Kusuda and T. Matsumoto, "Optimization of the Time-Memory Trade-Off Cryptanalysis
and Its Application to Block Ciphers, " Proceedings of the 1995 Symposium on
Cryptography and Information Security (SCIS 95 ), Inuyama, Japan, 24-27 Jan 1995, pp.
A3.2.1-11. (In Japanese. )
913. H. Kuwakado and K. Koyama, "Security of RSA-Type Cryptosystems Over Elliptic
Curves against Hastad Attack," Electronics Letters, v. 30, n. 22, 27 Oct 1994, pp. 1843-
1844.
914. H. Kuwakado and K. Koyama, "A Ncw RSA-Type Cryptosystem over Singular Elliptic
Curves, " IMA Conference on Applications of Einite Eields, Oxford University Press, to
appear.
915. H. Kuwakado and K. Koyama, "A New RSA-Type Scheme Based on Singular Cubic
Curves," Proceedings of the 1995 Japan-Korea Workshop on Information Security and
Cryptography, Inuyama, Japan, 24-27 Jan 1995, pp. 144-151.
916. M. Kwan, "An Eight Bit Weakness in the LOKI Cryptosystem, " technical report,
Australian Dcfensc Eorce Academy, Apr 1991.
917. M. Kwan and J. Pieprzyk, "A General Purpose Technique for Locating Key Scheduling
Weakness in DES-Like Cryptosystcms, " Advances in Cryptology ASIACRYPT '91
Proceedings, Springer-Verlag, 1991, pp. 237-246.
918. J.B. Lacy, D.P. Mitchell, and W.M. Schell, "CryptoLib: Cryptography in Software,"
UNIX Security Symposium Proceedings, USENIX Association, 1993, pp. 1-17.
919. J.C. Lagarias, "Knapsack Public Key Cryptosystems and Diophantine Approximations,"
Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 3-23.
920. J.C. Lagarias, "Performance Analysis of Shamir's Attack on the Basic Merkle-Hellman
Knapsack Cryptosystem, " Lec- ture Notes in Computer Science 172; Proceedings of the
11 th International Colloquium on Automata, Languages, and Programming (ICALP ),
Springer- Verlag, 1984, pp. 312-323.
921. J.C. Lagarias and A.M. Odlyzko, "Solving Low-Density Subset Sum Problems," Proceedings
of the 24th IEEE Symposium on Eoundations of Computer Science, I 983, pp. 1-10.
922. J.C. Lagarias and A.M. Odlyzko, "Solving Low-Density Subset Sum Problems," Journal of
the ACM, v. 32, n. 1, Jan 1985, pp. 229-246.
923. J.C. Lagarias and J. Reeds, "Unique Extraporation of Polynomial Recurrences, " SIAM
Journal on Computing, v. 17, n. 2, Apr 1988, pp. 342-362.
924. X. Lai, Detailed Description and a Software Implementation of the IPES Cipher,
unpublished manuscript, 8 Nov 1991.
925. X. Lai, On the Design and Secunty of Block Ciphers, ETH Series in Information
Processing, v. 1, Konstanz: Hartung-Gorre Verlag, 1992.
926. X. Lai, personal communication, 1993.
927. X. Lai, "Higher Order Derivatives and Differential Cryptanalysis," Communications and
Cryptography: Two Sides of One Tapestry, R.E. Blahut et al., eds., Kluwer Adademic
Publishers, 1994, pp. 227-233.
928. X. Lai and L. Knudsen, "Attacks on Double Block Length Hash Eunctions," East Software
Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 157-
165.
929. X. Lai and J. Massey, "A Proposal for a New Block Encryption Standard, " Advances in
Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 389 404.
930. X. Lai and J. Massey, "Hash Eunctions Based on Block Ciphers, " Advances in
Cryptology EUROCRYPT '92 Proceedings, Springer-Verlag, 1992, pp. 55-70.
931. X. Lai, J. Massey, and S. Murphy, "Markov Ciphers and Differential Cryptanalysis,"
Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 17-38.
932. X. Lai, R.A. Rueppel, and J. Woollven, "A East Cryptographic Checksum Algorithm
Based on Stream Ciphers," Advances in Cryptology AUSCRYPT '92 Proceedings,
Springer-Verlag, 1993, pp. 339-348.
933. C.S. Laih, J.Y. Lee, C.H. Chen, and L. Harn, "A New Scheme for ID-based Cryptosys
tems .md Signatures," Tournal of the Chinese Institute of Engineers, v. 15, n. 2, Sep 1992,
pp. 605-610.
934. B.A. LaMacchia and A.M. Odlyzko, "Computation of Discrete Logarithms in Prime Eields, "
Designs, Codes, and Cryptography, v. 1, 1991, pp. 46-62.
935. L. Lamport, "Password Identification with Insecure Communications," Communications of
the ACM, v. 24, n. 11, Nov 1981, pp. 770-772.
936. S. Landau, "Zero-Knowledge and the Department of Defense," Notices of the American
Mathematical Society, v. 35, n. 1, Jan 1988, pp. 5-12.
937. S. Landau, S. Kent, C. Brooks, S. Charney, D. Denning, W. Diffie, A. Lauck, D. Mikker,
P. Neumann, and D. Sobel, "Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy,"
Report of a Special Panel of the ACM U.S. Public Policy Committee (USACM),
Association for Computing Machinery, Jun 1994.
938. S.K. Langford and M.E. Hellman, "Cryptanalysis of DES," presented at 1994 RSA Data
Security conference, Redwood Shores, CA, 12-14 Jan 1994.
939. D. Lapidot and A. Shamir, "Publicly Verifiable Non-Interactive Zero-Knowledge Proofs, "
Advances in Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 353-365.
940. A.V. Le. S.M. Matyas, D.B. Johnson, and J.D. Wilkins, "A Public-Key Extension to the
Common Cryptographic Architecture, " IBM Systems Journal, v. 32, n. 3, 1993, pp. 461-
485.
941. P. L'Ecuyer, "Efficient and Portable Combined Random Number Generators, "
Communications of the ACM, v. 31, n. 6, Jun 1988, pp. 742-749, 774.
942. R L'Ecuyer, "Random Numbers for Simulation," Communications of the ACM, v. 33, n. 10,
Oct 1990, pp. 85-97.
943. P.J. Lee and E.E Brickcll, "An Observation on the Security of McEliece's Public-Key
Cryptosystem," Advances in Cryptology EUROCRYPT '88 Proceedings, Springer-Verlag,
1988, pp. 275-280.
944. S. Lee, S. Sung, and K. Kim, "An Efficient Method to Eind the Linear Expressions for
Linear Cryptanalysis," Proceedings of the 1995 Korea- Japan Workshop on Information
Security and Cryptography, Inuyama, Japan, 24-26 Jan 1995, pp. 183-190.
945. D.J. Lehmann, "On Primality Tests, " SIAM lournal on Computing, v. 11, n. 2, May 1982,
pp. 374-375.
946. T. Leighton, "Eailsafe Key Escrow Systems, " Technical Memo 483, MIT Laboratory for
Computer Science, Aug 1994.
947. A. Lcmpel and M. Cohn, "Maximal Eamilies of Bent Sequences," IEEE Transactions on
Information 'Eheory, v. IT-28, n. 6, Nov 963. 1982, pp. 865-868.
948. A. K. Lenstra. " Eactoring Multivariate Polynomials Over Einite Eields," Journal of
Computer System Science, v. 30, n. 2, 964. Apr 1985, pp. 235 -248.
949. A.K. Lenstra, personal communication, 1995.
950. A.K. Lenstra and S. Haber, letter to NIST Regarding DSS, 26 Nov 1991.
951, A.K. Lcnstra, H.W. Lenstra Jr., and L.Lovacz, "Eactoring Polynomials with Rational
Coefficients," Mathematische Annalen, v. 261, n. 4, 1982, pp. 515-534.
952. A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse, and J.M. Pollard, "The Number Eield
Sieve," Proceedings of the 22nd ACM Symposium on the Theory of Computing, 1990,
pp. 574-672.
953. A.K. Lenstra and H.W. Lenstra, Jr., eds., Lecture Notes in Mathematics 1554: The 967.
Development of the Number Eield Sieve, Springer-Verlag, 1993.
954. A.K. Lenstra, H.W. Lcnstra, Jr., M.S. Manasse, and J.M. Pollard' "The Eactorization of the
Ninth Eermat Number," Mathematics of Computation. v. 61, n. 203, 1993, pp. 319-349.
955. A.K. Lenstra and M.S. Manasse, "Eactoring by Electronic Mail," Advances in Cryptology
EUROCRYPT '89 Proceedings, Springcr-Verlag, 1990, pp. 355-371.
956. A.K. Lenstra and M.S. Manasse, "Eactoring with Two Large Primes," Advances in
Cryptology EUROCRYPT ' 90 Proceedings, Springer-Verlag, 1991, pp. 72-82.
957. H.W. Lenstra Jr. "Elliptic Curves and Number-Theoretic Algorithms, " Report 86-19,
Mathematisch Instituut, Universiteit van Amsterdam, 1986.
958. H.W. Lenstra Jr. "On the Chor-Rivest Knapsack Cryptosystem, " Journal of Cryptology, v. 3,
n. 3, 1991, pp. 149-155.
959. W.J. LeVequc, Eundamentals of Number Theory, Addison-Wesley. 1 977.
960. L.A. Levin, "One-Way Eunctions and Pseudo-Randolll Generators." Proceedi ngs of the
17th ACM Symposium on Theory of Computing, 1985, pp. 363-365.
961. Lexar Corporation, "An Evaluation of thc DES," Scp 1976.
962. D.-X. Li, "Cryptanalysts of Public-Kcy Distribution Systcms Based on Dickson Polynomials,"
Electronics Letters, v. 27, n. 3, 1991, pp. 228-229.
963. E. -X. Li, "How to Break Okamoto's Cryptosystems by Continued Eraction Algorithm,"
ASIACRYPT '91 Abstracts, 1991, pp. 285-289.
964. Y.X. Li and X.M. Wang, "A Coins Authcntication and Encryption Schemc Bascd on
Algebraic Coding Theory," Applied Algebra, Algebraic Algonthms and Error Correcting
Codes 9, Springer-Vcrlag, 1991, pp. 241-245.
965. R. Lidl, G.L. Mullen, and G. Turwald, Pitman Monographs and Surveys in Pure and
Applied Mathematics 65: Dickson Polynomials, London: Longman Scicntific and
Technical, 1993.
966. R. Lidl and W.B. Muller, "Permutation Polynomials in RSA-Cryptosystems, " Advances in
Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 293-301.
967. R. Lidl and W.B. Mullcr, "Generalizations of the Eibonacci Pseudoprimes Test," Discrete
Mathematics, v. 92, 1991, pp. 211-220.
968. R. Lidl and W.B. Muller, "Primality Testing with Lucas Eunctions," Advances in
Cryptology A USCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 539-542.
969. R. Lidl, W.B. Muller, and A. Oswald, "Some Remarks on Strong Eibonacci Pscudoprimes,"
Applicable Algebra in Engineering, Communication and Computing, v. 1, n. 1, 1990, pp.
59 65.
970. R. Lidl and H. Niederreiter, "Einite Eields," Encyclopedia of Mathematics and its
Application.s, v. 20, Addison-Wesley, 1983.
971. R. Lidl and H. Niederreiter, Introduction to Einite Eields and Their Applicatio ns. London:
Cambridge Univcrsity Press, 1986.
972. K. Lieberherr, "Unifonn Complexity and Digital Signaturcs," Theoretical Computer Science,
v. 16, n. 1, Oct 1981, pp. Y9-] 10.
973. C.H. Lim and RJ. Lee, "A Practical Electronic Cash System for Smart Cards," Proceedings
of the 1993 Korea-Japan Workshop on Informatio n Security and Cryptography Seoul,
Korea, 24-26 Oct 1993, pp. 34-47.
974. C.H. Lim and P.J. Lee, "Security of interactive RSA Batch Verification," Electronics
Letters, v. 30, n. 19, 15 Sep 1994, pp. 1592-1593.
975. H.-Y. Lin and L. Harn, "A Generalized Secret Sharing Scheme with Cheater Detection,"
Advances in Cryptology ASIACRYPT '91 Proceedings, Springer -Verlag, 1993, pp. 149-
158.
976. M.-C. Lin, T.-C. Chang, and H.-L. Eu, "Information Rate of McEliece's Public key
Cryptosystem," Electronics Letters, v. 990. 26, n. 1, 4 Jan 1990, pp. 16-18.
977. J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part I Message Encipherment
and Authentication Procedures, " REC 989, Eeb 1987.
978. J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part I Message Encipherment
and Authentication Procedures, " REC 1040, Jan 1988.
979. J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part I Message Encipher ment
and Authentication Procedures, " REC 1113, Aug 1989.
980. J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part III Algorithms, Modes, and
Identifiers," REC 1115, Aug 1989.
981. J. Linn, " Privacy Enhancement for Internet Electronic Mail: Part I Message Encipherment
and Authentication Procedures, " REC 1421, Eeb 1993.
982. S. Lloyd, "Counting Binary Eunctions with Certain Cryptographic Properties, " Journal of
Cryptology, v. 5, n. 2, 1992, pp. 107-131.
983. T.M.A. Lomas, "Collision-Ereedom, Considered Harmful, or How to Boot a Computer,"
Proceedings of the 1995 Korea-Japan Workshop on Information Security and Cryptography,
Inuyama, Japan, 24-26 Jan 1995, pp. 35-42.
984. T.M.A. Lomas and M. Roe, "Eorging a Clipper Message, " Communications of the ACM, v.
37, n. 12, 1994, p. 12.
985. D.L. Long, "The Security of Bits in the Discrete Logarithm, " Ph.D. dissertation, Princeton
University, Jan 1984.
986. D.L. Long and A. Wigderson, "How Discrete Is the Discrete Log," Proceedings of the 15th
Annual ACM Syposium on the Theory of Computing, Apr 1983.
987. D. Longlcy and S. Rigby, "An Automatic Search for Security Elaws in Key Management
Schemes," Computers and Security v. 11, n. 1, Jan 1992. pp. 75-89.
988. S.H. Low, N.E. Maxemchuk, and S. Paul, "Anonymous Credit Cards," Proceedings of the
2nd Annual ACM Conference on Computer and Communications Security, ACM Press,
1994, pp. 108-117.
989. J.H. Loxton, D.S.P Khoo, G.J. Bird, and J. Seberry, "A Cubic RSA Code Equivalent to
Eactorization," Journal of Cryptology, v. 5, n. 2, 1992, pp. 139-150.
990. S.C. Lu and L.N. Lee, "A Simple and Effective Public-Key Cryptosystem," COMSAT
Technical Review, 1979, pp. 15-24.
991. M. Luby, S. Micali and C. Rackoff, "How to Simultaneously Exchange a Secret Bit by
Elipping a Symmetrically-Biased Coin, " Proceedings of the 24nd Annual Symposium on
the Eoundations of Computer Science, 1983, pp. 11-22.
992. M. Luby and C. Rackoff, "How to Construct Pseudo-Random Permutations from
Pseudorandom Eunctions," SIAM lournal on Computing, Apr 1988, pp. 373-386.
993. E. Luccio and S. Mazzone, "A Cryptosystem for Multiple Communications, " Information
Processing Letters, v. 10, 1980, pp. 180-183.
994. V Luchangco and K. Koyama, "An Attack on an ID-Based Key Sharing System, Proceedings
of the 1993 Korea-Japan Workshop on Information Security and Cryptography, Seoul,
Korea, 24-26 Oct 1993, pp. 262-271.
995. D.J.C. MacKay, "A Eree Energy Minimization Eramework for Inferring the State of a Shift
Register Given the Noisy Output Sequence, " K. U. Leuven Workshop on Cryptographic
Algorithms, Springer-Verlag, 1995, to appear.
996. M.D. MacLaren and G. Marsaglia, "Uniform Random Number Generators," Journal of the
ACM v. 12, n. 1, Jan 1965, pp. 83-89.
997. D. MacMillan, "Single Chip Encrypts Data at 14Mb/s," Electronics, v. 54, n. 12, 16 June
1981, pp. 161-165.
998. R. Madhavan and L.E. Peppard, "A Multiprocessor GaAs RSA Cryptosystem," Proceedings
CCVLSI-89: Canadian Conference on Very Large Scale Integration, Vancouver, BC,
Canada, 22-24 Oct 1989, pp. 115-122.
999. W.E. Madryga, "A High Performance Encryption Algorithm," Computer Secu rity: A Global
Challenge, Elsevier Science Publishers, 1984, pp. 557-570.
1000. M. Mambo, A. Nishikawa, S. Tsujii, and E. Okamoto, "Efficient Secure Broadcast
Communication System," Proceedings of the 1993 Korea- Japan Workshop on Information
Security and Cryptography, Seoul, Korea, 24-26 Oct 1993, pp. 23 -33.
1001. M. Mambo, K. Usuda, and E. Okamoto, "Proxy Signatures," Proceedings of the 1995
Sympusium on Cryptography and Information Secunty (SCIS 95), Inuyama, Japan, 24-27
Jan 1995, pp. B1.1.1-17.
1002. W. Mao and C. Boyd, "Towards Eormal Analysis of Security Protocols," Proceedings of
the Computer Security Eoundations Workshop Vl, IEEE Computer Society Press, 1993, pp.
147-158.
1003. G. Marsaglia and T.A. Bray, "On-Line Random Number Generators and their Use in
Combinations, " Communications of the ACM, v. 11, n. 11, Nov 1968, p. 757-759.
1004. K.M. Martin, "Untrustworthy Participants in Perfect Secret Sharing Schemes,"
Cryptography and Coding 111, M.J. Ganley, ed., Oxford: Clarendon Press, 1993, pp.
255-264.
1005. J.L. Massey, "Shift-Register Synthesis and BCH Decoding," IEEE Transactions on
Information Theory, v. IT-15, n. 1, Jan 1969, pp. 122-127.
1006. J.L. Massey, "Cryptography and System Theory," Proceedings of the 24th Allerton
Conference on Communication, Control, and Computers, 1-3 Oct 1986, pp. 1-8.
1007. J.L. Massey, "An Introduction to Contemporary Cryptology, " Proceedings of the IEEE,
v. 76, n. 5., May 1988, pp. 533-549.
1008. J.L. Massey, "Contemporary Cryptology: An Introduction," in Contemporary Cryptology:
The Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 1-39.
1009. J.L. Massey, "SAEER K-64: A Byte-Oriented Block-Ciphering Algorithm," East Software
Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1-17.
1010. J.L. Massey, "SAEER K-64: One Year Later," K. U. Leuven Workshop on Crypto-
graphic Algorithms, Springer-Verlag, 1995, to appear.
1011. J.L. Massey and I. Ingemarsson, "The Rip Van Winkle Cipher A Simple and Provably
Computationally Secure Cipher with a Einite Key," IEEE International Symposium on
Information Theory, Brighton, UK, May 1985.
1012. J.L. Massey and X. Lai, "Device for Converting a Digital Block and the Use Thereof, "
International Patent PCT/ CH91/00117, 28 Nov 1991.
1013. J.L. Massey and X. Lai, "Device for the Conversion of a Digital Block and Usc of Same,"
U.S. Patent #5,214,703, 25 May 1993.
1014. J.L. Massey and R.A. Rueppel, "Linear Ciphers and Random Sequence Generators with
Multiple Clocks, " Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer-
Verlag, 1985, pp. 74-87.
1015. M. Matsui, "Linear Cryptanalysis Method for DES Cipher, " Advances in C ryptology
EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 386-397.
1016. M. Matsui, "Linear Cryptanalysis of DES Cipher," Proceedings of the 1993 Symposium on
Cryptography and Information Security (SCIS 93), Shuzenji, Japan, 28-30 Jan 1993, pp.
3C.1-14. (In Japanese.)
1017. M. Matsui, "Linear Cryptanalysis Method for DES Cipher " Proceedings of the 1994
Symposium on Cryptography and Information Security (SCIS 94), Lake Biwa, Japan, 27-
29 Jan 1994, pp. 4A.1-11. (In Japanese.)
1018. M. Matsui, "On Correlation Between the Order of the S-Boxes and the Strength of DES,"
Advances in Cryptology EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear.
1019. M. Matsui, "The Eirst Experimental Cryptanalysis of thc Data Encryption Standard,"
Advances in Cryptology CRYPTO ' 94 Proceedings , Springer -Verlag, 1994, pp. 1-11.
1020. M. Matsui and A. Yamagishi, "A New Method for Known Plaintext Attack of EEAL
Cipher," Advances in Cryptology EUROCRYPT '92 Proceedings, Springer-Verlag, 1993,
pp. 81 -91.
1021. T. Matsumoto and H. Imai, "A Class of Asymmetric Crypto-Systems Based on
Polynomials Over Einite Rings, " IEEE International Symposium on Information Theory,
1983, pp. 131-132.
1022. T. Matsumoto and H. Imai, "On the Key Production System: A Practical Solution to the
Key Distribution Problem,'' Advances in Cryptology CRYPTO '87 Proceedings, Springer-
Verlag, 1988, pp. 185-193.
1023. T. Matsumoto and H. Imai, "On the Security of Some Key Sharing Schemes (Part 2),"
IEICE Japan, Technical Report, ISEC90-28, 1990.
1024. S.M. Matyas, "Digital Signatures . An Overview, " Computer Networks, v. 3, n.2, Apr
1979, pp. 87-94.
1025. S.M. Matyas, "Key Handling with Control Vectors," IBM Systems journal, v. 30, n. 2,
1991, pp. 151-174.
1026. S.M. Matyas, A.V. Le. and D.G. Abraham, "A Key Management Scheme Based on
Control Vectors," IBM Systems journal, v.30, n. 2, 1991, pp. 175-191.
1027. S.M. Matyas and C.H. Meyer, "Generation, Distribution, and Installation of
Cryptographic Keys," IBM Systems Journal, v. 17, n. 2, 1978, pp. 126-137.
1028. S.M. Matyas, C.H. Meyer, and J. Oseas, "Generating Strong One-Way Eunctions with
Cryptographic Algorithm, " IBM Technical Disclosure Bulletin, v. 27, n. 10A, Mar 1985,
pp. 5658-5659.
1029. U.M. Maurer, "Provable Security in Cryptography," Ph.D. dissertation, ETH No. 9260,
Swiss Eederal Institute of Technology, Zurich, 1990.
1030. U.M. Maurer, "A Provable-Secure Strongly-Randomized Cipher," Advances in Cryptology
EUROCRYPT '90 Proceedings, Springer-Verlag, 1990, pp. 361-373.
1031. U.M. Maurer, "A Universal Statistical Test for Random Bit Generators, " Advances in
Cryptology CRYPTO '90, Proceedings, Springer-Verlag, 1991, pp. 409-420.
1032. U.M. Maurer, "A Universal Statistical Test for Random Bit Generators," Journal of
Cryptology, v. 5, n. 2, 1992, pp. 89-106.
1033. U.M. Maurer and J.L. Massey, "Cascade Ciphers: The Importance of Being Eirst," Journal
of Cryptology, v. 6, n. 1, 1993, pp. 55-61.
1034. U.M. Maurer and J.L. Massey, "Perfect Local Randomness in Pseudo-Random
Sequences, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990,
pp. 110-112.
1035. U.M. Maurer and Y. Yacobi, "Non interactive Public Key Cryptography, " Advances in
Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 498-507.
1036. G. Mayhew, "A Low Cost, High Speed Encryption System and Method," Proceedings of
the 1994 IEEE Computer Society Symposium on Research in Security and Privacy, 1994,
pp. 147-154.
1037. G. Mayhew, R. Erazee, and M. Bianco, "The Kinetic Protection Device, " Proceedings of
the 15th National Computer Security Conference, NIST, 1994, pp. 147-154.
1038. K.S. McCurley, "A Key Distribution System Equivalent to Eactoring," Journal of
Cryptology, v. 1, n. 2, 1988, pp. 95-106.
1039. K.S. McCurley, "The Discrete Logarithm Problem," Cryptography and Computational
Number Theory (Proceedings of the Symposium on Applied Mathematics ), American
Mathematics Society, 1990, pp. 49-74.
1040. K.S. McCurley, open letter from the Sandia National Laboratories on the DSA of the
NIST, 7 Nov 1991.
1041. R.J. McEliece, "A Public-Key Cryptosystem Based on Algebraic Coding Theory," Deep
Space Network Progress Report 42-44, Jet Propulsion Laboratory, California Institute of
Technology, 1978, pp. 114-116.
1042. R.J. McEliece, Einite Eields for Computer Scientists and Engineers, Boston: Kluwer
Academic Publishers, 1987.
1043. P. McMahon, "SESAME V2 Public Key and Authorization Extensions to Kerberos, "
Proceedings of the Internet Society 1Y95 Symposium on Network and Distributed
Systems Security, IEEE Computer Society Press, 1995, pp. 114-131.
1044. C.A. Meadows, "A System for the Specification and Analysis of Key Management
Protocols," Proceedings of the 1991 IEEE Computer Society Symposium on Research in
Security and Privacy, 1991, pp. 182-195.
1045. C.A. Meadows, "Applying Eormal Methods to the Analysis of a Key Management
Protocol," Journal of Computer Security. v. I, n. 1, 1992,pp.5-35.
1046. C.A. Meadows, "A Model of Computation for the NRL Protocol Analyzer, " Proceedings
of the Computer Security Eoundations Workshop VII, IEEE Computer Society Press, 1994,
pp. 84-89.
1047. C.A. Meadows, "Eormal Verification of Cryptographic Protocols: A Survey," Advances
in Cryptology ASIACRYPT '94 Proceedings, Springer-Verlag, 1995, pp. 133-150.
1048. G. Medvinsky and B.C. Neuman, "Net Cash: A Design for Practical Electronic Currency
on the Internet," Proceedings of the 1st Annual ACM Conference on Computer and
Communications Security, ACM Press, 1993, pp. 102-106.
1049. G. Medvinsky and B.C. Neuman, "Electronic Currency for the Internet," Electro nic
Markets, v 3, n. 9/10, Oct 1993, pp. 23-24.
1050. W. Meier, "On the Security of the IDEA Block Cipher," Advances in Cryptology
EUROCRYPT '93 Proceedings, Springer -Verlag, 1994, pp. 371-385.
1051. W. Meier and O. Staffelbach, "East Correlation Attacks on Stream Ciphers," Journal of
Cryptology v I n. 3, 1989, pp. 159-176.
1052. W. Meier and O. Staffelbach, "Analysis of Pseudo Random Sequences Generated by
Cellular Automata, " Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-
Verlag, 1991, pp. 186-199.
1053. W. Meier and O. Staffelbach, "Correlation Properties of Combiners with Memory in
Stream Ciphers, " Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-
Verlag, 1991, pp. 204-213.
1054. W. Meier and O. Staffelbach, "Correlation Properties of Combiners with Memory in
Stream Ciphers, " Journal of Cryptology, v. 5, n. 1, 1992, pp. 67-86.
1055. W. Meier and O. Staffelbach, "The Self -Shrinking Generator," Communications and
Cryptography: Two Sides of One Tapestry R.E. Blahut et al., eds., Kluwer Adademic
Publishers, 1994, pp. 287-295.
1056. J. Meijers, "Algebraic-Coded Cryptosystems," Master's thesis, Technical University
Eindhoven, 1990.
1057. J. Meijers and J. van Tilburg, "On the Rao -Nam Private-Key Cryptosystem Using Linear
Codes," International Symposium on Information Theory, Budapest, Hun gary, 1991.
1058. J. Meijers and J. van Tilburg, "An Improved 5T-Attack on the Rao-Nam Private-Key
Cryptosystem," International Conference on Einite Eields, Coding Theory, and Advances
in Communications and Computing, Las Vegas, NV, 1991.
1059. A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Pub lishers, 1993.
1060. A. Menezes, ed., Applications of Einite Eields, Kluwer Academic Publishers, 1993.
1061. A. Menezes and S.A. Vanstone, "Elliptic Curve Cryptosystems and Their Implementations,"
Journal of Cryptology, v. 6, n. 4, 1993, pp. 209-224.
1062. A. Menezes and S.A. Vanstone, "The Implementation of Elliptic Curve Cryptosystems, "
Advances in Cryptology AUSCRYPT '90 Proceedings, Springer-Verlag, 1990, pp. 2-13.
1063. R. Menicocci, "Short Gollmann Cascade Generators May Be Insecure," Codes and
Ciphers, Institute of Mathematics and its Applications, 1995, pp. 281-297.
1064. R.C. Merkle, "Secure Communication Over Insecure Channels," Communications of the
ACM, v. 21, n. 4, 1978, pp. 294-299.
1065. R.C. Merkle, "Secrecy, Authentication, and Public Key Systems," Ph.D. dissertation,
Stanford University, 1979.
1066. R.C. Merkle, "Method of Providing Digital Signatures," U.S. Patent #4,309,569, 5 Jan
1982
1067. R.C. Merkle, "A Digital Signature Based on a Conventional Encryption Eunction,"
Advances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 369-378.
1068. R.C. Merkle, "A Certified Digital Signature," Advances in Cryptology CRYPTO '89
Proceedings, Springer-Verlag, 1990, pp. 218-238.
1069. R.C. Merkle, "One Way Hash Eunctions and DES, " Advances in Cryptology CRYPTO
'89 Proceedings, Springer-Verlag, 1990, pp. 428 446.
1070. R.C. Merkle, "A East Software One-Way Hash Eunction," Journal of Cryptology, v. 3, n.
1, 1990, pp. 43-58.
1071. R.C. Merkle, "East Software Encryption Eunctions, " Advances in Cryptology CRYPTO
'90, Proceedings, Springer-Verlag, 1991, pp. 476-501.
1072. R.C. Merkle, "Method and Apparatus for Data Encryption," U.S. Patent #5,003,597, 26
Mar 1991.
1073. R.C. Merkle, personal communication, 1993.
1074. R.C. Merkle and M. Hellman, "Hiding information and Signatures in Trapdoor
Knapsacks," IEEE Transactions on Information Theory, v. 24, n. 5, Sep 1978, pp. 525-
530.
1075. R.C. Merkle and M. Hellman, "On the Security of Multiple Encryption," Communications
of the ACM, v. 24, n. 7, 1981, pp. 465-467.
1076. M. Merritt, "Cryptographic Protocols," Ph.D. dissertation, Georgia Institute of
Technology, GIT-ICS-83/6, Eeb 1983.
1077. M. Merritt, "Towards a Theory of Cryptographic Systems: A Critique of Crypto
Complexity," Distributed Computing and Cryptograph y, J. Eeigenbaum and M. Merritt, eds.,
American Mathematical Society, 1991, pp. 203-212.
1078. C.H. Meyer, "Ciphertext/Plaintext and Ciphertext/Key Dependencies vs. Number of
Rounds for Data Encryption Standard," AEIPS Conference Proceedings, 47, 1978, pp.
1119-1126.
1079. C.H. Meyer, "Cryptography A State of the Art . Review, " Proceedings of CompEuro '89,
VLSI and Computer Peripherals, 3rd Annual European Computer Conference, IEEE Press,
1989, pp. 150-154.
1080. C.H. Meyer and S.M. Matyas, Cryptography: A New Dimension in Computer Data
Security, New York: John Wiley & Sons, 1982.
1081. C.H. Meyer and M. Schilling, "Secure Program Load with Manipulation Detection Code, "
Proceedings of Securicom '88, 1988, pp. 111-130.
1082. C.H. Meyer and W.L. Tuchman, "Pseudo -Random Codes Can Be Cracked, " Electronic
Design, v. 23, Nov 1972.
1083. C.H. Meyer and W.L. Tuchman, "Design Considerations for Cryptography, " Proceedings
of the NCC, v. 42, Montvale, NJ: AEIPS Press, Nov 1979, pp. 594-597.
1084. S. Micali, "Eair Public-Key Cryptosystems, " Advances in Cryptology CRYPTO '92
Proceedings, Springer-Verlag, 1993, pp. 113-138.
1085. S. Micali, "Eair Cryptosystems," MIT/LCS/TR-579.b, MIT Laboratory for Computer
Science, Nov 1993.
1086. S. Micali, "Eair Cryptosystems and Methods for Use," U.S. Patent #5,276,737, 4 Jan 1994.
1087. S. Micali, "Eair Cryptosystems and Methods for Use," U.S. Patent #5,315,658, 24 May
1994.
1088. S. Micali and A. Shamir, "An Improvemcnt on the Eiat-Shamir Identification and Signature
Scheme," Advances in Cryptol lgy CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp.
244-247.
1089. M.J. Mihajlevic, "A Correlation Attack on the Binary Sequence Generators with Time-
Varying Output Eunction, " Advances in Cryptology ASIACRYPT'94 , Proceedings,
Springer-Verlag, 1995, pp. 67-79.
1090. M.J. Mihajlevic and J.D. Golic, "A East Iterative Algorithm for a Shift Register Internal
State Reconstruction Given the Noisy Output Sequence, " Advances in Cryptology
AUSCRYPT '90 Proceedings, Springer-Verlag, 1990, pp. 165-175.
1091. M.J. Mihajlevic and J.D. Golic, "Convergence of a Bayesian Iterative Error-Correction
Procedure to a Noisy Shift Register Sequence," Advances in Cryptology , EUROCRYPT
'92 Proceedings, Springer-Verlag, 1993, pp. 124-137.
1092. J.K. Millen, S.C. Clark, and S.B. Ereedman, "The Interrogator: Protocol Security
Analysis," IEEE Transactions on Software Engineering, v. SE-13, n.2, Eeb 1987, pp.274 -
288.
1093. G.L. Miller, "Riemann's Hypothesis and Tests for Primality," Journal of Computer
Systems Science, v. 13, n. 3, Dec 1976, pp. 300-317.
1094. S.R Miller, B.C. Neuman, J.I. Schiller, and J.H. Saltzer, "Section E.2.1: Kerberos
Authentication and Authorization System," MIT Project Athena, Dec 1987.
1095. V.S. Miller, "Use of Elliptic Curves in Cryptography, " Advances in Cryptology CRYPTO
'85 Proceedings, Springer-Verlag, 1986, pp. 417-426.
1096. M. Minsky, Computation: Einite and Infinite Machines, Englewood Cliffs, NJ: Prentice-
Hall, 1967.
1097. C.J. Mitchell, "Authenticating Multi-Cast Internet Electronic Mail Messages Using a
Bidirectional MAC Is Insecure, " draft manuscript, 1990.
1098. C.J. Mitchell, "Enumerating Boolean Eunctions of Cryptographic Significance," Journal
of Cryptology, v. 2, n. 3, 1990, pp. 155-170.
1099. C.J. Mitchell, E. Piper, and P. Wild, "Digital Signatures, " Contemporary Cryptology:
The Science of Information Integtit y, G.J. Simmons, ed., IEEE Press, 1991, pp. 325-378.
1100. C.J. Mitchell, M. Walker, and D. Rush, "CCITT/ISO Standards for Secure Messagc
Handling," IEEE Journal on Selected Areas in Communications, v. 7, n. 4, May 1989, pp. 517-
524.
1101. S. Miyaguchi, "East Encryption Algorithm for the RSA Cryptographic System,"
Proceedings of Compcon 82, IEEE Press, pp. 1115. 672-678.
1102. S. Miyaguchi, "The EEAL-8 Cryptosystem and Call for Attack, " Advances in Cryptology
CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 624-627.
1103. S. Miyaguchi, "Expansion of the EEAL Cipher," NTT Review, v. 2, n. 6, Nov 1990.
1104. S. Miyaguchi, "The EEAL Cipher Eamily,'' Advances in Cryptology CKYPTO '90
Proceedings, Springer-Verlag, 1991, pp. 627-638.
1105. S. Miyaguchi, K. Ohta, and M. Iwata, " 128- bit Hash Eunction IN-Hashl," Proceedings of
SECURICOM '90, 1990, pp. 127-137.
1106. S. Miyaguchi, K. Ohta, and M. Iwata, " 128- bit Hash Eunction (N-Hash)," NTT Review,
v. 2, n. 6, Nov 1990, pp. 128-132.
1107. S. Miyaguchi, K. Ohta, and M. Iwata, "Confirmation that Some Hash Eunctions Are Not
Collision Eree," Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag,
1991, pp. 326-343.
1108. S. Miyaguchi, A. Shiraishi, and A. Shimizu, "East Data Encipherment Algorithm EEAL-8,"
Review of tile Electrical Communication Laboratories, v. 36, n. 4, 1988.
1109. H. Miyano, "Differential Cryptanalysis on CALC and Its Evaluation," Proceedings of the
1992 Symposium on Cryptography and Information Security ISCIS 92, Tateshina, Japan,
2-4 Apt 1992, pp. 7B.1-8.
1110. R. Molva, G. Tsudik, E. van Hcrreweghen, and S. Zatti, "KryptoKnight Authentication
and Key Distribution System," Proceedings of European Symposium on Research in
completer Security, Toulouse, Erance, Nov 1992.
1111. P.L. Montgomery, "Modular Multiplication without Trial Division," Mathematics of
computation, v. 44, n. 170, 1985, pp. 51Y-521.
1112. RL. Montgomery, "Speeding the Pollard and Elliptic Curve Methods of Eactorization,"
Mathematics of Computation, v.48, n. 177, Jan 19R7, pp. 243-264.
1113. P.L. Montgomery and R. Silverman, "An EET Extension to the p- l Eactoring Algorithm,"
Mathematics of Computation, v. 54, n. 190, 1990, pp. 839-854.
1114. J.H. Moore, "Protocol Eailures in Cryptosystems," Proceedings of the IEEE, v. 76, n. 5,
May 1988.
1115. J.H. Moore, "Protocol Eailures in Cryptosystems," in Contemporary Cryptology: The
Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 541-558.
1116. J.H. Moore and G.J. Simmons, "Cycle Structure of the DES with Weak and Semi -Weak
Keys, " Advances in Cryptology CRYPTO '86 Proceedings, SpringerVerlag, 1987, pp. 3-
32.
1117. T. Moriyasu, M. Moriai, and M. Kasahara, "Nonlinear Pseudorandom Number Generator
with Dynamic Structure and Its Properties," Proceedings of the 1994 Symposium on
Cryptography and Information Security (SCIS 94), Biwako, Japan, 27-29 Jan 1994, pp.
8A.l-ll.
1118. R. Morris, "The Data Encryption Standard Retrospective and Prospects," IEEE
Communications Magazine, v. 16, n. 6, Nov 1978, pp. 11-14.
1119. R. Morris, remarks at the 1993 Cambridge Protocols Workshop, 1993.
1120. R. Morris, N.J.A. Sloane, and A.D. Wyner, "Assessment of the NBS Proposed Data
Encryption Standard," Cryptologia, v. 1, n. 3, Jul 1977, pp. 281-2 91.
1121. R. Morris and K. Thompson, "Password Security: A Case History," Communications of
the ACM, v. 22, n. 11, Nov 1979, pp. 594-597.
1122. S.B. Morris, "Escrow Encryption," lecture at MIT Laboratory for Computer Science, 2
Jun 1994.
1123. M.N. Morrison and J. Brillhart, "A Method of Eactoring and the Eactorization of E7,"
Mathematics of Computation, v. 29, n. 129, Jan 1975, pp. 183-205.
1124. L.E. Moser, "A Logic of Knowlcdgc and Belief for Reasoning About Computer Security,
"Proceedings of the Computer Security Eoundations Workshop 11, IEEE Computer
Society Press, 1989, pp. S7 63.
1125. Motorola Government Electronics Division, Advanced Techniques i n Network security'
Scottsdale, AZ, 1977.
1126. W.B. Muller, "Polynomial Eunctions in Modern Cryptology," contrib utions to General
Algebra 3: Proceedings of the Vienna Conference, Vienna: Verlag H older-Pichler-
Tempsky' 1985, pp. 7-32.
1127. W.B. Muller and W. Nobauer, "Some Remarks on Public-Key Cryptography, " Studia
Scientiarum Mathematicarum Hungarica, v. 16, 1981, pp. 71-76.
1128. W.B. Muller and W. Nobauer, "Cryptanalysis of the Dickson Scheme," Advances in
Cryptology EUROCRYPT '85 Proceedings, Springer-Verlag, 1986, pp. 50-61.
1129. C. Muller-Scholer, "A Microprocessor-Based Cryptoprocessor," IEEE Micro, Oct 1983,
pp. 5-15.
1130. R.C. Mullin, E. Nemeth, and N. Weidenhofer, "Will Public Kcy Cryptosystems Live Up to
Their Expectations? HEP Implementation of the Discrete Log Codebreaker," ICPP 85, pp.
193-196.
1131. Y. Murakami and S. Kasahara, "An ID-Based Key Distribution Scheme, " IEICE Japan,
Technical Report, ISEC90-26, 1990.
1132. S. Murphy, "The Cryptanalysis of EEAL-4 with 20 Chosen Plaintexts, " Journal of
Cryptology, v. 2, n. 3, 1990, pp. 145-154.
1133. E.D. Mycrs, "STU-III Multilevel Secure Computer Interface," Proceedings of the Tenth
Annual Computer Security Applications Conference, IEEE Computer Society Press, 1994,
pp. 170-179.
1134. D. Naccache, "Can O.S.S. be Repaired? Proposal for a New Practical Signature
Scheme," Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994,
pp. 233-239.
1135. D. Naccache, D. M'Raihi, D. Raphacli, and S. Vaudenay, "Can D.S.A. be Improved:
Complexity Trade-Offs with the Digital Signature Standard, " Advances in Cryptology
EUKOCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear.
1136. Y. Nakao, T. Kaneko, K. Koyama, and R. Terada, "A Study on the Security of RDES-
Cryptosystem against Linear Cryptanalysis," Proceedings of the 1995 Japan-Korea
Workshop on Information Security and Cryptography, Inuyama, Japan, 24 -27 Jan 1995,
pp. 163-172.
1137. M. Naor, "Bit Commitmcnt Using Pseudo-Randomness," Advances in Cryptology
CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 128-136.
1138. M. Naor and M. Yung, "Universal One-Way Hash Eunctions and Their Cryptographic
Application," Proceedings of the 21stAnnual ACM Symposium on the Theory of
Computing, 1989, pp. 33 43.
1139. National Bureau of Standards, "Report of the Workshop on Estimation of Significant
Advances in Computer Technology, " NBSIR 76-1189, National Bureau of Standards,
U.S. Department of Commercc, 21-22 Sep 1976, Dec 1977.
1140. National Bureau of Standards, NBS EIPS PUB 46, "Data Encryption Standard, " National
Bureau of Standards, U.S. Department of Commerce, Jan 1977.
1141. National Bureau of Standards, NBS EIPS PUB 46-1, "Data Encryption Standard," U.S.
Department of Commerce, Jan 1988.
1142. National Bureau of Standards, NBS EIPS PUB 74, "Guidelines for Implementing and
Using the NBS Data Encryption Standard, " U.S. Department of Commerce, Apr 1981.
1143. National Bureau of Standards, NBS EIPS PUB 81, "DES Modes of Operation," U.S.
Department of Commerce, Dec 1980.
1144. National Bureau of Standards, NBS EIPS PUB 112, "Password Usage," U.S. Department
of Commerce, May 1985.
1145. National Bureau of Standards, NBS EIPS PUB 113, "Computer Data Authentication," U.S.
Department of Commerce, May 1985.
1146. National Computer Security Center, "Trusted Network Interpretation of the Trusted
Computer System Evaluation Criteria," NCSC-TG-005 Version 1, Jul 1987.
1147. National Computer Security Centcr, "Trusted Datahase Management System Interpretation
of the Trusted Computer System Evaluation Criteria, " NCSC-TG-021 Version 1, Apr 1 991.
1148. National Computer Security Center, "A Guide to Understanding Data Rememberance in
Automated Information Systems," NCSC-TG-025 Version 2, Sep 1991.
1149. National Institute of Standards and Technology, NIST EIPS PUB XX, "Digital Signature
Standard," U.S. Department of Commcrce, DRAET, 19 Aug 1991.
1150. National Institute of Standards and Technology, NIST EIPS PUB 46-2, "Data Encryption
Standard," U.S. Department of Commcrcc, Dec 93.
1151. National Institute of Standards and Technology, NIST EIPS PUB 171, "Key Management
Using X9.17," U.S. Departmcnt of Commcrce, Apr 92.
1152. National Institute of Standards and Technology, NIST EIPS PUB 180, "Secure Hash
Standard, " U.S. Department of Commerce, May 93.
1153. National Institute of Standards and Technology, NIST EIPS PUB 185, "Escrowed
Encryption Standard," U.S. Department of Commerce, Eeb 94.
1154. National Institute of Standards and Technology, NIST EIPS PUB 186, "Digital Signature
Standard, " U.S. Department of Commerce, May 1994.
1155. National Institute of Standards and Technology," Clipper Chip Technology," 30 Apr 1993.
1156. National Institute of Standards and Technology," Capstone Chip Technology," 30 Apr
1993.
1157. J. Nechvatal, "Public Key Cryptography, " NIST Special Publication 800-2, National
Institute of Standards and Technology, U.S. Department of Commerce, Apr 1991.
1158. l. Nechvatal, "Public Key Cryptography," Contemporary Cryptology: The Science of
Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 177-288.
1159. R.M. Needham and M.D. Schroeder, "Using Encryption for Authentication in Large
Networks of Computers," Communications of the ACM, v. 21, n. 12, Dec 1978, pp. 993-
999.
1160. R.M. Ncedham and M.D. Schroeder, "Authentication Revisited," Operating Systems
Review, v. 21, n. 1, 1987, p. 7.
1161. D.M. Nessett, "A Critique of the Burrows, Abadi, and Needham Logic," Operating
System Review, v. 20, n. 2, Apr 1990, pp. 35-38.
1162. B.C. Ncuman and S. Stubblebine, "A Note on the Use of Timestamps as Nonces, "
Operating Systems Review, v. 27, n. 2, Apr 1993, pp. 10-14.
1163. B.C. Neuman and T. Ts'o, "Kerberos: An Authentication Service for Computer
Networks," IEEE Communications Magazine, v. 32, n. 9, Sep 1994, pp. 33-38.
1164. L. Neuwirth, "Statement of Lee Nenwirth of Cylink on HR145," submitted to congressional
committees considering HR145, Eeb 1987.
1165. D.B. Newman, Jr. and R.L. Pickholtz, "Cryptography in the Private Sector," IEEE
Communications Magazine, v. 24, n. 8, Aug 1986, pp.7-10.
1166. H. Niederreiter, "A Public-Key Cryptosystem Based on Shift Register Sequences,"
Advances in Cryptology EZJROCRYPT '85 Proceedings, Springer-Verlag, 1986, pp. 35-
39.
1167. H. Niederreiter, "Knapsack-Type Cryptosystems and Algebraic Coding Theory," Problems
of Control and Information Theory, v. 15, n. 2, 1986, pp. 159-166.
1168. H. Niederreiter, "The Linear Complexity Profile and the Jump Complexity of Keystream
Sequences, " Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag,
1991, pp. 174-188.
1169. V. Niemi, "A New Trapdoor in Knapsacks," Advances in Cryptology EUROCRYPT '90
Proceedings, Springer-Verlag, 1991, pp. 405-411.
1170. V. Niemi and A. Renvall, "How to Prevent Buying of Voters in Computer Elections,"
Advances in Cryptology ASIACRYPT '94 Proceedings, Springer-Verlag, 1995, pp. 164-
170.
1171. I. Niven and H.A. Zuckerman, An Introduction to the Theory of Numbers, New York:
John Wiley & Sons, 1972.
1172. R. Nobauer, "Cryptanalysts of the Redei Scheme," Contributions to General Algebra 3:
Proceedings of the Vienna Conference, Verlag Holder-Pichler-Tempsky, Vienna, 1985, pp.
255-264.
1173. R. Nobauer, "Cryptanalysts of a Public- Key Cryptosystem Based on Dickson-Polynomials,"
Mathematica Slovaca, v. 38, n. 4, 1988, pp. 309-323.
1174. K. Nogochi, H. Ashiya, Y. Sano, and T. Kaneko, "A Study on Differential Attack of
MBAL Cryptosystem," Proceedings of the 1994 Symposium on Cryptography and
Information Security (SCIS' 94), Lake Biwa, Japan, 27-29 Jan 1994, pp. 14B.1-7. (In
Japanese.)
1175. H. Nurmi, A. Salomaa, and L. Santean, "Secret Ballot Elections in Computer Networks,"
Computers & Security, v. 10, 1991, pp. 553-560.
1176. K. Nyberg, "Construction of Bent Eunctions and Difference Sets," Advances in Cryptology
EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 151-160.
1177. K. Nyberg, "Perfect Nonlinear S-Boxes," Advances in Cryptology EUROCRYPT '91
Proceedings. Springcr-Verlag, 1991, pp. 378-386.
1178. K. Nyberg, "On the Construction of Highly Nonlinear Permutations, " Advances in
Cryptology EUROCRYPT '92 Proceedings, Springer-Verlag 1991, pp. 92-98.
1179. K. Nyberg, "Differentially Uniform Mappings for Cryptography," Advances in Cryptology
EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 55-64.
1180. K. Nyberg, "Provable Security against Differential Cryptanalysis," presented at the rump
session of Eurocrypt '94, May 1994.
1181. K. Nyberg and L.R. Knudsen, "Provable Secu rity against Differential Cryptanalysis,"
Advances in Cryptology CRYPTO '92 Proceedings, Springer-Verlag, 1993, pp. 566-574.
1182. K. Nyberg and L.R. Knudsen, "Provable Security against Differential Cryptanalysis,"
Journal of Cryptology, v. 8, n. 1, 1995, pp. 27-37.
1183. K. Nyberg and R.A. Rueppel, "A New Signature Scheme Based on the DSA Giving
Message Recovery," 1st ACM Conference on Computer and Communications Secu rity,
ACM Press, 1993, pp. 58-61.
1184. K. Nyberg and R.A. Rueppel, "Message Recovery for Signature Schemes Based on the
Discrete Logarithm Problem," Advances in Cryptology EUROCRYPT '94 Proceedings,
Spnnger-Verlag, 1995, to appear.
1185. L. O'Connor, "Enumerating Nondegenerate Permutations," Advances in Cryptology
EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 368-377.
1186. L. O'Connor, "On the Distribution of Characteristics in Bijective Mappings, " Advances
in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 360-370.
1187. L. O'Connor, "On the Distribution of Characteristics in Composite Permutations, "
Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 403-412.
1188. L. O'Connor and A. Klapper, "Algebraic Nonlinearity and Its Application to Cryp-
tography," Journal of Cryptology, v. 7, n.3, 1994, pp. 133-151.
1189. A. Odlyzko, "Discrete Logarithms in Einite Eields and Their Cryptographic Sig nificance,"
Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer-Verlag, 1985, pp.
224-314.
1190. A. Odlyzko, "Progress in Integer Eactorization and Discrete Logarithms, " unpublished
manuscript, Eeb 1995.
1191. Office of Technology Assessment, U.S. Congress, "Defending Secrets, Sharing Data:
New Locks and Keys for Electronic Communication, " OTA-CIT-310, Washington, D.C.:
U.S. Government Printing Office, Oct 1987.
1192. B. O'Higgins, W. Diffie, L. Strawczynski, and R. de Hoog, "Encryption and ISDN a
Natural Eit," Proceedings of the 1987 International Switching Symposium. 1987, pp. 863-
869.
1193. Y. Ohnishi, "A Study on Data Security," Master's thesis, Tohuku University, Japan, 1988.
(In Japanese.)
1194. K. Ohta, "A Secure and Efficient Encrypted Broadcast Communication System Using a
Public Master Key," Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. J70-D, n. 8, Aug 1987, pp. 1616-1624.
1195. K. Ohta, "An Electrical Voting Scheme Using a Single Administrator, " IEICE Sp ring
National Convention, A-294, 1988, v. 1, p. 296. (In Japanese.)
1196. K. Ohta, "Identity-based Authentication Schemes Using the RSA Cryptosystem,"
Transactions of the Institute of Electronics, Information, and Communication Engineers, v.
J72D-II, n. 8, Aug 1989, pp. 612-620.
1197. K. Ohta and M. Matsui, "Differential Attack on Message Authentication Codes,"
Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 200-223.
1198. K. Ohta and T. Okamoto, "Practical Extension of Eiat-Shamir Scheme," Electronics
Letters, v. 24, n. 15, 1988, pp. 955-956.
1199. K. Ohta and T. Okamoto, "A Modification of the Eiat-Shamir Scheme," Advances in
Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 232-243.
1200. K. Ohta and T. Okamoto, "A Digital Multisignature Scheme Bascd on the Eiat-Shamir
Scheme, " Advances in Cryptology ASIA CRYPT '91 Rroceedillys, Springer-Verlag, 1993,
pp. 139-148.
1201. K. Ohta, T. Okamoto and K. Koyama, "Membership Authentication for Hierarchy
Multigroups Using thc Extended Eiat - Shamir Scheme, " Advances in Cryptology
EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 446-457.
1202. E. Okamoto and K. Tanaka, "Key Distribution Based on Identification Information, "
IEEE journal on Selected Areas in Com- munication, v. 7, n. 4, May 1989, pp. 481-4 90.
1203. T. Okamoto, "East Public-Key Cryptosystems Using Congruent Polynomial Equa tions, "
Electronics Letters, v. 22, n. 11, 1986, pp. 581-582.
1204. T. Okamoto, "Modification of a Public -Kcy Cryptosystem," Electronics Letters, v. 23, n.
16, 1987, pp. 814-81S.
1205. T. Okamoto, "A East Signature Scheme Based on Congruential Polynomial Operations,"
IEEE Transactions on Information Theory, v. 36, n. 1, 1990, pp. 47-53.
1206. T. Okamoto, "Provably Secure and Practical Identification Schemes and Corresponding
Signature Schemes, " Advances in Cryptology CRYPTO '92 Proceedings, Springer-
Verlag, 1993, pp. 31-53.
1207. T. Okamoto, A. Eujioka, and E. Eujisaki, "An Efficient Digital Signature Scheme Based on
Elliptic Curve over the Ring Z/p" Advances in Cryptology CRYPTO '92 Proceeding.s,
Springer-Verlag, 1993, pp. 54-65.
1208. T. Okamoto, S. Miyaguchi, A. Shiraishi, and T. Kawoaka, "Signed Document
Transmission System," U.S. Patent #4,625,076, 25 Nov 1986.
1209. T. Okamoto and K. Ohta, ``Disposablc Zero-Knowlcdge Authentication and Their
Applications to Untraceable Electronic Cash," Advances in Cryptology CRYPT O '89
Proceedings, Springer-Verlag, 1990, pp. 134-149.
1210. T. Okamoto and K. Ohta, "How to Utilize the Randomness of zero-Knowlcdgc Proofs,"
Advances in Cryptology CRYPTO '90 Proceedings, Springcr-Verlag, 1991, pp. 456 475.
1211. T. Okamoto and K. Ohta, "Universal Electronic Cash," Advances in Cryptology
CRYPTO '91 Proceedings, Springer-Verlag, 1992, pp. 324-337.
1212. T. Okamoto and K. Ohta, "Survey of Digital Signature Schemes, " Proceedings of the
Third Symposium on State and Progress of Research in Cryptography, Eon dazone Ugo
Bordoni, Rome, 1993, pp. 17-29.
1213. T. Okamoto and K. Ohta, "Designated Confirmer Signatures Using Trapdoor Eunctions,"
Proceedings of the 1994 Symposium on Cryptography and Information Security (SCIS
94), Lake Biwa, Japan, 27-29 Jan 1994, pp. 16B.l-ll.
1214. T. Okamoto and K. Sakurai, "Efficient Algorithms for the Construction of Hyper-elliptic
Cryptosystems," Advances in Cryptology CRYPTO '91 Proceedings, Springer-Verlag,
1992, pp. 267 278.
1215. T. Okamoto and A.Shiraishi, "A East Signature Scheme Based on Quadratic Inequalities,"
Proceedings of the 1985 Symposium on Security and Privacy, IEEE, Apr 1985, pp. 123-
132.
1216. J.D. Olsen, R.A. Scholtz, and L. Welch, "Bent Eunction Sequences," IEEE Transactions
on Information Theory, v. IT-28, n. 6, Nov 1982, pp. 858-864.
1217. H. Ong and C.P Schnorr, "Signatures through Approximate Representations by Quadratic
Eorms," Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984.
1218. H. Ong and C.R Schnorr, "East Signature Generation with a Eiat Shamir-Like Scheme,"
Advances in Cryptology EUKOCKYPT '9() Proceedings, Springer-Verlag, 1991, pp. 432-
440.
1219. H. Ong, C.R Schnorr, and A. Shamir, "An Efficient Signature Scheme Based on
Polynomial Equations, " Proceedings of the 16th Annual Symposium on the Theory of
Computing, 1984, pp. 208 216.
1220. H. Ong, C.P. Schnorr, and A. Shamir, "Efficient Signature Schemes Based on Polynomial
Equations," Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985,
pp. 37-46.
1221. Open Shop Information Services, OSIS Security Aspects, OS1.S European Working
Group, WGI, final report, Oct 1985.
1222. G.A. Orton, M.R Roy, PA. Scott, L.E. Peppard, and S.E. Tavares, "VLSI Implementa tion
of Public-Key Encryption Algorithms, " Advances in Cryptology CRYPTO '86 Proceedings,
Springcr-Verlag, 1987, pp. 277-301.
1223. H. Orup, E. Svendsen, and E. Anclreasen, "VICTOR An Efficient RSA Hardware
Implementation," Advances in Cryptol ogy EUROCRYPT '90 Proceedings, Springer-Verlag,
1991, pp. 245-252.
1224. D. Otway and O. Rees, "Efficient and Timely Mutual Authentication'" Operating Systems
Review, v. 21, n. 1, 1987, pp. 8-10.
1225. G. Pagels-Eick, " Implementation Issues for Master Key Distribution and Protected
Keyload Procedures, " Computers and Security: A Global Challenge, Proceedings of
IEIP/SEC '83, North Holland: Elsevier Science Publishers, 1984, pp. 381-390.
1226. C.M. Papadimitriou, Computational Complexity, Addison-Wesley, 1994.
1227. C.S. Park, "Improving Code Rate of McEliece's Public-key Cryptosystem, " Electronics
Letters, v. 25, n. 21, 12 Oct 1989, pp. 1466-1467.
1228. S. Park, Y. Kim, S. Lee, and K. Kim, "Attacks on Tanaka's Non-interactive Key Sharing
Scheme," Proceedings of the 1995 Symposium on Cryptography and Information Security
(SCIS 95), Inuyama, Japan, 24-27 Jan 1995, pp. B3.4.1-4.
1229. S.J. Park, K.H. Lee, and D.H. Won, "An Entrusted Undeniable Signature, " Proceedings
of the 1995 Iapan-Korea Workshop on Information Secunty and Cryptography, Inuyama,
Japan, 24-27 Jan 1995, pp. 120-126.
1230. S.J. Park, K.H. Lee, and D.H. Won, "A Practical Group Signature," Proceedings of the
1995 Japan-Korea Workshop on Information Security and Cryptography, Inuyama, Japan,
24-27 Jan 1995, pp. 127-133.
1231. S.K. Park and K.W. Miller, "Random Number Generators: Good Ones Are Hard to Eind,"
Communications of the ACM, v. 31, n. 10, Oct 1988, pp. 1192-1201.
1232. J. Patarin, "How to Eind and Avoid Collisions for the Knapsack Hash Eunction," Advances
in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag 1994, pp. 305-317.
1233. W. Patterson, Mathematical Cryptology for Computer Scientists and Mathematicians,
Totowa, N.J.: Rowman & Littlefield, 1987.
1234. W.H. Payne, "Public Key Cryptography Is Easy to Break," William H. Payne, unpublished
manuscript, 16 Oct 90.
1235. T.R Pederson, "Distributed Provers with Applications to Undeniable Signatures, "
Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag 1991, pp. 221-
242.
1236. S. Peleg and A. Rosenfield, "Breaking Substitution Ciphers Using a Relaxation Algorithm "
Communications of the ACM, v. 22, n. 11, Nov 1979, pp. 598-605.
1237. R. Peralta, "Simultaneous Security of Bits in the Discrete Log " Advances in Cryptology
EUROCRYPT '85, Springer-Verlag, 1986, pp. 62-72.
1238. I. Peterson, "Monte Carlo Physics: A Cautionary Lesson," Science News, v. 142, n. 25, 19
Dec 1992, p. 422.
1239. B. Pfitzmann, "Eail-Stop Signatures: Principles and Applications," Proceedings of
COMPUSEC '91, Eighth World Conference on Computer Security, Audit, and Control,
Elsevier Science Publishers, 1991, pp. 125-134.
1240. B. Pfitzmann and M. Waidner, "Eormal Aspects of Eail-Stop Signatures," Eakultat fur
Informatik, University Karlsruhe, Report 22/90, 1990.
1241. B. Pfitzmann and M. Waidner, "Eail-Stop Signatures and Their Application, " Securicom
'91,1991, pp. 145-160.
1242. B. Pfitzmann and M. Waidner, "Unconditional Concealment with Cryptographic
Ruggedness," VIS '91 Verlassliche Informationsysteme Proceedings, Darmstadt, Germany,
13-15 March 1991, pp. 3-2-320. (In German.)
1243. B. Pfitzmann and M. Waidner, "How to Break and Repair a 'Provably Secure'
Untraceable Payment System," Advances in Cryptology CRYPTO '91 Proceedings,
Springer-Verlag, 1992, pp. 338-350.
1244. C.R Pfleeger, Security in Computing, Englewood Cliffs, N.J.: Prentice-Hall, 1989.
1245. S.J.D. Phoenix and RD. Townsend, "Quantum Cryptography and Secure Optical
Communication," BT Technology Journal, v. 11, n. 2, Apr 1993, pp. 65-75.
1246. J. Pieprzyk, "On Public-Key Cryptosystems Built Using Polynomial Rings, " Advances in
Cryptology EUROCRYPT '85, Springer-Verlag 1986, pp. 73-80.
1247. J. Pieprzyk, "Error Propagation Property and Applications in Cryptography, " IKE
Proceedings-E, Computers and Digital Techniques, v. 136, n. 4, Jul 1989, pp. 262-270.
1248. D. Pinkas, T. Parker, and R Kaijser, "SESAME: An Introduction," Issue 1.2, Bull, JCL,
and SNI, Sep 1993.
1249. E. Piper, "Stream Ciphers," Elektrotechnic und Maschinenbau, v. 104, n. 12, 1987, pp.
564-668.
1250. V.S. Pless, "Encryption Schemes for Computer Confidentiality," IEEE Transactions on
Computing, v. C-26, n. 11, Nov 1977, pp. 1133-1136.
1251. J.B. Plumstead, "Inferring a Sequence Generated by a Linear Congruence," Proceedings of
the 23rd IEEE Symposium on the Eoundations of Computer Science, 1982, pp. 153-159.
1252. R. Poet, "The Design of Special Purposc Hardware to Eactor Large Integers, " Computer
Physics Communications, v. 37, 1985, pp. 337-341.
1253. S.C. Pohlig and M.E. Hellman, "An Improved Algorithm for Computing Logarithms in
GE(p) and Its Cryptographic Significance," IEEE Transactions on Information Theory, v.
24, n. 1, Jan 1978, pp. 106-111.
1254. J.M. Pollard. "A Monte Carlo Method for Eactorization," BIT v. 15, 1975, pp.331-334.
1255. J.M. Pollard and C.P. Schnorr, "An Efficient Solution of the Congruence xky m (mod n)"
IEEE Transactions on Infor- mation Theory, v. IT-33, n. 5, Sep 1987, pp. 702-709.
1256. C. Pomerance, "Recent Developments in Primality Testing," The Mathematical
Intelligencer, v. 3, n. 3, 1981, pp. 97-105.
1257. C. Pomerance, "The Quadratic Sieve Eactoring Algorithm," Advances in Cryptology:
Proceedings of EUROCRYPT 84, Springer-Verlag, 1985, 169-182.
1258. C. Pomerance, "East, Rigorous Eactorization and Discrete Logarithm Algorithms,''
Discrete Algorithms and Complexity, New York: Academic Press, 1987, pp. 119-143.
1259. C. Pomerance, I W. Smith, and R. Tuler, "A Pipe-Line Architecture for Eactoring Large
Integers with the Quadratic Sieve Algorithm," SIAM lournal on Computing, v.17, n.2,
Apr l988, pp. 387-403.
1260. G.J. Popek and C.S. Kline, "Encryption and Secure Computer Networks," ACM
Computing Surveys, v 11, n. 4, Dec 1979, pp. 331-356.
1261. E. Pratt, Secret and Urgent, Blue Ribbon Books, 1942.
1262. B. Preneel, "Analysis and Design of Cryptographic Hash Eunctions, " Ph.D. dissertation,
Katholieke Universiteit Leuven, Jan 1993.
1263. B. Preneel, "Differential Cryptanalysis of Hash Eunctions Based on Block Ciphers, "
Proceedings of the 1st ACM Conference on Computer and Communications Security,
1993, pp. 183-188.
1264. B. Preneel, "Cryptographic Hash Eunctions," European Transactions on
Telecommunications, v 5, n. 4, Jul/Aug 1994, pp. 431 -448.
1265. B. Preneel, personal communication, 1995.
1266. B. Preneel, A. Bosselaers, R. Govaerts, and J. Vandewalle, "Collision-Eree Hash Eunctions
Based on Block Cipher Algorithms," Proceedings of the 1989 Carnahan Conference on
Security Technology 1989, pp. 203-210.
1267. B. Preneel, R. Govaerts, and J. Vandewalle, "An Attack on Two Hash Eunctions by
Zheng-Matsumoto-Imai, " Advances in Cryptology ASIACRYPT '92 Proceedings,
Springer-Verlag, 1993, pp. 535-538.
1268. B. Preneel, R. Govaerts, and J. Vandewalle, "Hash Eunctions Based on Block Ciphers: A
Synthetic Approach, " Advances in Cryptology CRYPTO '93 Proceedings, Springer-
Verlag, 1994, pp.368-378.
1269. B. Preneel, M. Nuttin, V. Rijmen, and J. Buelens, "Cryptanalysts of the CEB mode of the
DES with a Reduced Number of Rounds," Advances in Cryptology CRYPTO '93
Proceedings, Springer-Verlag, 1994, pp. 212-223.
1270. B. Preneel and V. Rijmen, "On Using Maximum Likelihood to Optimize Recent
Cryptanalytic Techniques, " presented at the rump session of EUROCRYPT '94, May
1994.
1271. B. Preneel, W. Van Leekwijck, L. Van Linden, R. Govaerts, and J. Vandewalle,
"Propagation Characteristics of Boolean Eunctions, " Advances in Cryptology
EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 161-173.
1272. W.H. Press, B.R Elannery, S.A. Teukolsky, and W.T. Vetterling, Numerical Recipes in
C: The Art of Scientific Computing, Cambridge University Press, 1988.
1273. W. Price, "Key Management for Data Encipherment, " Security: Proceedings of IEIP/SEC
'83, North Holland: Elsevier SciencePublishers 1983.
1274. G.R Purdy, "A High-Security Log-in Procedure," communications of the ACM, v 17, n. 8,
Aug 1974, pp. 442-445.
1275. J.-J. Quisquater, "Announcing the Smart -Card with RSA Capability, " Proceedings of the
Conference: IC Cards and Applications, Today and Tomorrow, Amsterdam, 1989.
1276. J.-J. Quisquater and C. Couvreur, "East Decipherment Algorithm for RSA Public Key
Cryptosystem," Electronic Letters, v. 18, 1982, pp. 155-168.
1277. J.-J. Quisquater and J.-R Delescaille, "Other Cycling Tests for DES," Advances in
Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 255-256.
1278. J.-J. Quisquater and Y.G. Desmedt, "Chinese Lotto as an Exhaustive Code-Breaking
Machine," Computer. v. 24, n. 11, Nov 1991, pp. 14-22.
1279. J.-J. Quisquater and M. Girault, "2p-bit Hash Eunctions Using e-bit Symmetric Block
Cipher Algorithms, Advances in Cryptology EUROCRYPT '89 Proceedings, Springer-
Verlag, 1990, pp. 102-109.
1280. J.-J. Quisquater and L.C. Guillou, "Des Procedes d'Authentification Bases sur une
Publication de Problemes Complexes et Personnalises dont les Solutions Maintenues
Secretes Constituent autant d'Accreditations, " Proceedings of SECURICOM '89: 7th
Worldwide Congress on Computer and Communications Security and Protection, Societe
d'Edition et d'Organisation d'Expositions Professionnelles, 1989, pp. 149-158. (In Erench.)
1281. J.-J., Myriam, Muriel, and Michael Quisquater; L., Marie Annick, Gaid, Anna, Gwenole,
and Soazig Guillou; and T. Berson, "How to Explain Zero-Knowledge Protocols to Your
Children," Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag 1990, pp.
628-631.
1282. M.O. Rabin, "Digital Signatures," Eoundations of Secure Communication, New York:
Academic Press, 1978, pp. 155-168.
1283. M.O. Rabin, "Digital Signatures and Public-Key Eunctions as Intractable as Eactorization, "
MIT Laboratory for Computer Science, Technical Report, MlT/LCS/TR 212, Jan 1979.
1284. M.O. Rabin, "Probabilistic Algorithm for Testing Primality," Journal of Number Theory, v.
12, n. 1, Eeb 1980, pp. 128-138.
1285. M.O. Rabin, "Probabilistic Algorithms in Einite Eields," SIAM Journal on Computing, v.9,
n.2, May 1980, pp.273-280.
1286. M.O. Rabin, "How to Exchange Secrets by Oblivious Transfer," Technical Memo TR 81,
Aiken Computer Laboratory, Harvard University, 1981.
1287. M.O. Rabin, "Eingerprinting by Random Polynomials, " Technical Report TR15-81,
Center for Research in Computing Technology, Harvard University, 1981.
1288. T. Rabin and M. Ben-Or, "Verifiable Secret Sharing and Multiparty Protocols with
Honest Majority," Proceedings of the 21st ACM Symposium on the Theory of Computing,
1989, pp. 73-85.
1289. RAND Corporation, A Million Random Digits with 100,000 Normal Deviates, Glencoe,
IL: Eree Press Publishers, 1955.
1290. T.R.N. Rao, "Cryposystems Using Algebraic Codes," International Conference on
Computer Systems and Signal Processing, Bangalore, India, Dec 1984.
1291. T.R.N. Rao, "On Struit-Tilburg Cryptanalysis of Rao-Nam Scheme," Advances in
Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 458-460.
1292. T.R.N. Rao and K.H. Nam, "Private-Key Algebraic-Coded Cryptosystems, " Advances in
Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp.35-48.
1293. T.R.N. Rao and K.H. Nam, "Private-Key Algebraic-Code Encryptions," IEEE
Transactions on Information Theory, v. 35, n. 4, Jul 1989, pp. 829-833.
1294. J.A. Reeds, "Cracking Random Number Generator," Cryptologia, v. 1, n. 1, Jan 1977, pp.
20-26.
1295. J.A. Reeds, "Cracking a Multiplicative Congruential Encryption Algorithm, " in
Information Linkage Between Applied Mathematics and Industry, P.C.C. Wang, ed.,
Academic Press, 1979, pp. 467 472.
1296. J.A. Reeds, "Solution of Challenge Cipher," Cryptologia, v. 3, n. 2, Apr 1979, pp. 83-95.
1297. J.A. Reeds and J.L. Manferdelli, "DES Has No Per Round Linear Eactors," Advances in
Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 377-389.
1298. J.A. Reeds and N.J.A. Sloane, "Shift Register Synthesis (Modulo m)," SIAM Journal on
Computing, v. 14, n. 3, Aug 1985, pp. 505-513.
1299. J.A. Reeds and P.J. Weinberger, "Eile Security and the UNIX Crypt Command, " AT &T
Technical Journal, v. 63, n. 8, Oct 1984, pp. 1673-1683.
1300. T. Renji, "On Einite Automaton One-Key Cryptosystems," East Software Encryption,
Cambridge Security Workshop Proceed ings, Springer-Verlag, 1994, pp. 135-148.
1301. T. Renji and C. Shihua, "A Einite Automaton Public Key Cryptosystems and Digital
Signature, " Chinese Journal of Computers, v. 8, 1985, pp. 401 -409. (In Chinese.)
1302. T. Renji and C. Shihua, "Two Varieties of Einite Automaton Public Key Cryptosystems
and Digital Signature, " Journal of Computer Science and Tecnology, v. 1, 1986, pp. 9-18.
(In Chinese.)
1303. T. Renji and C. Shihua, "An Implementation of Identity-based Cryptosystems and
Signature Schemes by Einite Automaton Public Key Cryptosystems," Advances in
Cryptology CHINACRYPT '92, Bejing: Science Press, 1992, pp.87-104. (In Chinese.)
1304. T. Renji and C. Shihua, "Note on Einite Automaton Public Key Cryptosystems, "
CHINACRYPT '94, Xidian, China, 11-15 Nov 1994, pp. 76-80.
1305. Research and Development in Advanced Communication Technologies in Europe, RIPE
Integrity Primitives: Einal Report of RACE Integrity Primitives Evaluation (R1040),
RACE, June 1992.
1306. J.M. Reyneri and E.D. Karnin, "Coin Elipping by Telephone," IEEE Transactions on
Information Theory, v. IT-30, n. 5, Sep 1984, pp. 775-776.
1307. P. Ribenboim, The Book of Prime Number Records, Springer-Verlag, 1988.
1308. P. Ribenboim, The Little Book of Big Primes, Springer-Verlag, 1991.
1309. M. Richter, "Ein Rauschgenerator zur Gewinnung won quasi-idealen Zufallszahlen fur die
stochastische Simulation," Ph.D. dissertation, Aachen University of Technology, 1992.
(In German.)
1310. R.E. Rieden, J.B. Snyder, R.J. Widman, and W.J. Barnard, "A Two-Chip Implementation
of the RSA Public Encryption Algorithm," Proceedings of GOMAC (Government
Microcircuit Applications Conference), Nov 1982, pp. 24 27.
1311. H. Riesel, Prime Numbers and Computer Methods for Eactorization, Boston: Birkhauscr,
1985.
1312. K. Rihaczek, "Data Interchange and Legal Security Signature Surrogates," Computers &
Security, v. 13, n. 4, Sep 1994, pp. 287-293.
1313. V. Rilmen and B. Preneel, "Improved Characteristics for Differential Cryptanalysis of Hash
Eunctions Based on Block Ciphers," K.U. Leuven Workshop on Cryptographic
Algorithms, Springer-Verlag, 1995, to appear.
1314. R.L. Rivest, "A Description of a Single-Chip Implementation of the RSA Cipher, "
LAMBDA Magazine, v. 1, n. 3, Eall 1980, pp. 14-18.
1315. R.L. Rivest, "Statistical Analysis of the Hagelin Cryptograph," Cryptologia, v. 5, n. 1, Jan
1981, pp. 27-32.
1316. R.L. Rivest, "A Short Report on the RSA Chip, " Advances in Cryptology: Proceedings of
Crypto 82, Plenum Press, 1983, p. 327.
1317. R.L. Rivest, "RSA Chips (Past/Present/ Euture), " Advances in Cryptology: Proceedings of
EUROCRYPT 84, Springer- Verlag, 1985, pp. 159-168.
1318. R.L. Rivest, "The MD4 Message Digest Algorithm," REC 1186, Oct 1990.
1319. R.L. Rivest, "The MD4 Message Digest Algorithm," Advances in Cryptology CRYPTO
'90 Proceedings, Springer-Verlag, 1991, pp. 303-311.
1320. R.L. Rivest, "The RC4 Encryption Algorithm, " RSA Data Security, Inc., Mar 1992.
1321. R.L. Rivest, "The MD4 Message Digest Algorithm," REC 1320, Apr 1992.
1322. R.L. Rivest, "The MD5 Message Digest Algorithm," REC 1321, Apt 1992.
1323. R.L. Rivest, "Dr. Ron Rivest on the Difficulty of Eactoring," Ciphertext: The RSA
Newsletter, v. 1, n. 1, Eall 1993, pp. 6, 8.
1324. R.L. Rivest, "The RC5 Encryption Algorithm," Dr. Dobb's Journal, v. 20, n. 1, Jan 95, pp.
146-148.
1325. R.L. Rivest, "The RC5 Encryption Algorithm, " K. U. Leuven Workshop on
CryptographicAlgorithms, Springer-Verlag, 1995, to appear.
1326. R.L. Rivest, M.E. Hcllman, J.C. Anderson, and J.W. Lyons, "Responses to NIST's
Proposal," Communications of the ACM, v. 35, n. 7, Jul 1992, pp. 41-54.
1327. R.L. Rivest and A. Shamir, "How to Expose an Eavesdropper," Communications of the
ACM, v.27, n.4, Apr 1984, pp.393-395.
1328. R.L. Rivest, A. Shamir, and L.M. Adleman, "A Method for Obtaining Digital Signatures
and Publie-Key Cryptosystems," Communications of the ACM, v. 21, n. 2, Ee b 1978, pp.
120-126.
1329. R.L. Rivest, A. Shamir, and L.M. Adlcman, "On Digital Signatures and Public Key
Cryptosystems," MIT Laboratory for Computer Science, Technical Report,
MIT/LCS/TR-212, Jan 1979.
1330. R.L. Rivest, A. Shamir, and L.M. Adleman, "Cryptographic Communications System and
Method," U.S. Patent #4,405,829, 20 Sep 1983.
1331. M.J.B. Robshaw, "Implementations of the Search for Pseudo-Collisions in MD5, "
Technical Report TR-103, Version 2.0, RSA Laboratories, Nov 1993.
1332. M.J.B. Robshaw, "The Einal Report of RACE 1040: A Technical Summary," Technical
Report TR-9001, Version 1.0, RSA Laboratories, Jul 1993.
1333. M.J.B. Robshaw, "On Evaluating the Linear Complexity of a Sequence of Least Period
2n,", Designs, Codes and Cryptography, v. 4, n. 3, 1994, pp. 263-269.
1334. M.J.B. Robshaw, "Block Ciphers," Technical Report TR-601, RSA Laboratories, Jul
1994.
1335. M.J.B. Robshaw, "MD2, MD4, MD5, SHA, and Other Hash Eunctions, " Technical
Report TR-101, Version 3.0, RSA Laboratories, Jul 1994.
1336. M.J.B. Robshaw, "On Pseudo-Collisions in MD5," Technical Report TR-102, Version
1.1, RSA Laboratories, Jul 1994.
1337. M.J.B. Robshaw, "Security of RC4," Technical Report TR-401, RSA Laboratories, Jul
1994.
1338. M.J.B. Robshaw, personal communication, 1995.
1339. M. Roe, "Reverse Engineering of an EES Device," K. U. Leuven Workshop on
Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
1340. P. Rogaway and D. Coppersmith, "A Software-Oriented Encryption Algorithm, " East
Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994,
pp. 56-63.
1341. H.L. Rogers, "An Overview of the Cand-ware Program, " Proceedings of the 3rd Annual
Symposium on Physical/Electronic Security, Armed Eorces Communications and Electronics
Association, paper 31, Aug 1987.
1342. J. Rompel, "One-Way Eunctions Are Necessary and Sufficient for Secure Signatures,"
Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing, 1990, pp.
387-394.
1343. T. Rosati, "A High Speed Data Encryption Processor for Public Key Cryptography, "
Proceedings of the IEEE Custom Integrated Circuits Conference, 1989, pp. 12.3.1-12.3.5.
1344. O.S. Rothaus, ''On Bent'Eunctions,'' Journal of Combinational Theory Series A, v. 20, n. 3,
1976, pp. 300-305.
1345. RSA Laboratories, "PKCS #1: RSA Encryption Standard," version 1.5, Nov 1993.
1346. RSA Laboratories, "PKCS #3: Diffie-Hellman Key-Agreement Standard, " version 1.4, Nov
1993.
1347. RSA Laboratories, "PKCS #5: Password-Based Encryption Standard," version 1.5, Nov
1993.
1348. RSA Laboratories, "PKCS #6: Extended-Certificate Syntax Standard," version 1.5, Nov
1993.
1349. RSA Laboratories, "PKCS #7: Cryptographic Message Syntax Standard," version 1.5,
Nov 1993.
1350. RSA Laboratories, "PKCS #8: Private Key Information Syntax Standard, " version 1.2,
Nov 1993.
1351. RSA Laboratories, "PKCS #9: Selected Attribute Types," version 1.1, Nov 1993.
1352. RSA Laboratories, "PKCS #10: Certification Request Syntax Standard, " version 1.0, Nov
1993.
1353. RSA Laboratories, "PKCS #11 : Cryptographic Token Interface Standard, " version 1.0,
Apr 95.
1354. RSA Laboratories, "PKCS #12: Public Key User Information Syntax Standard," version
1.0, 1995.
1355. A.D. Rubin and P. Honeyman, "Eormal Methods for the Analysis of Authentication
Protocols," draft manuscript, 1994.
1356. E. Rubin, "Decrypting a Stream Cipher Based on J-K Elip-Elops, " IEEE Transactions on
Computing. v. C-28, n. 7, Jul l 97Y, pp. 483 487.
1357. R.A. Rueppel, Analysis and Design of Stream Ciphers, Springer-Verlag, 1986.
1358. R.A. Rueppel, "Correlation Immunity and the Summation Combiner," Advances in
Cryptology EUROCRYPT '85, Springer-Verlag, 1986, pp. 260-272.
1359. R.A. Rueppel, "When Shift Registers Clock Themselves," Advances in Cryptology
EUROCRYPT '87 Proceedings, Springer-Verlag, 1987, pp. 53-64.
1360. R.A. Rueppel, "Security Models and Notions for Stream Ciphers," Cryptography and
Coding 11, C. Mitchell, ed., Oxford: Clarendon Press, 1992, pp. 213 230.
1361. R.A. Rueppel, "On the Security of Schnorr's Pseudo-Random Sequence Generator,"
Advances in Cryptology EUROCRYPT 89 Proceedings, Springer-Verlag, 1990, pp. 423-
428.
1362. R.A. Rueppel, "Stream Ciphers," Contemporary Cryptology: The Science of Information
Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 65-134.
1363. R.A. Rueppel and J.L. Massey, "The Knapsack as a Nonlinear Eunction," IEEE
International Symposium on Information Theory, Brighton, UK, May 1985.
1364. R. A. Rueppel and O. J. Staffelbaeh, " Products of Linear Recurring Sequences with
Maximum Complexity, " IEEE Transactions on Information Theory, v. IT-33, n. 1, Jan
1987, pp. 124-131.
1365. D. Russell and G.T. Gangemi, Computer Security Basics, O'Reilly and Associates, Inc.,
1991.
1366. S. Russell and P. Craig, "Privacy Enhanced Mail Modules for ELM," Proceedings of the
Internet Society 1994 Workshop on Network and Distributed System Security, The
Internet Society, 1994, pp. 21-34.
1367. D.E.H. Sadok and J. Kelner, "Privacy Enhanced Mail Design and Implementation
Perspectives," Computer Communications Review, v. 24, n. 3, Jul 1994, pp. 38 -46.
1368. K Sakano, "Digital Signatures with User Elexible Reliability," Proceedings of the 1993
Symposium on Cryptography and Information Security (SCIS 93), Shuzenji, Japan, 28-30
Jan 1993, pp. 5C.1-8.
1369. K. Sakano, C. Park, and K. Kunsawa, ''Threshold Undeniable Signature Scheme,''
Proceedings of the 1993 Korea Japan Workshop on Information Security and
Cryptography, Seoul, Korea, 24-26 Oct 1993, pp. 184-193.
1370. K. Sako, "Electronic Voting Schemes Allowing Open Objection to the Tally,"
Transactions of the Institute of Electron ics, Information, and Communication Engineers,
v. E77-A, n. 1, 1994, pp. 24-30.
1371. K. Sako and J. Kilian, "Secure Voting Using Partially Compatible Homomorphisms,"
Advances ill Cryptology CRYPTO '94 Proceedings, Springer-Verlag, 1994, p. 411-424.
1372. K. Sako and J. Kilian, "Receipt-Eree Mix-Type Voting Scheme A Practical Solution to the
Implementation of a Voting Booth," Advances in Cryptology EUROCRYPT '95
Proceedings, Springer-Verlag, 1'995, pp. 393-403.
1373. A. Salomaa, Public-Key Cryptography, Springer-Verlag, 1990.
1374. A. Salomaa and L. Santean, "Secret Selling of Secrets with Many Buyers," ETACS
Bulletin, v. 42, 1990, pp. 178-186.
1375. M. Santha and U.V Vazirani, "Generating Quasi-Random Sequences from Slightly
Random Sources," Proceedings of the 25th Annual Symposium on the Eo undations of
Computer Science, 1984, pp. 434-440.
1376. M. Santha and U.V Vazirani, "Generating Quasi-Random Sequences from Slightly
Random Sources, " 70lzrnal of Computer and System Sciences, v.33, 1986, pp. 75-87.
1377. S. Saryazdi, "An Extension to EIGamal Public Key Cryptosystem with a New Signature
Scheme," Proceedings of the 1990 Bilkent International Conference O n New Trends in
Communication, Control, and Signal Processing, North Holland: Elsevier Science
Publishers, 1990, pp. 195-198.
1378. J.E. Savage, "Some Simple Self- Synchronizing Digital Data Scramblers." Bell System
Technical Journal, v. 46, n. 2, Eeb 1967, pp. 448 -487.
1379. B.P Sehanning, "Applying Public Key Distribution to Local Area Networks, " Computers &
Security, v. 1, n. 3, Nov 1982, pp. 268-274.
1380. B.P Schanning, S.A. Powers, and J. Kowalchuk, "MEMO: Privacy and Authentication
for the Automated Office, " Proceethngs of the 5th Conference on Local Computer
Networks, IEEE Press, 1980, pp. 21-30.
1381. L. Schaumuller-Bichl, "Zur Analyse des Data Encryption Standard und Synthese
Verwandter Chiffriersysteme," Ph.D. dissertation, Linz University, May 1981. (In German. )
1382. Sehaumuller-Bichl, "On the Design and Analysis of New Cipher Systems Related to the
DES," Technical Report, Linz University, 1983.
1383. A. Scherbius, "Ciphering Machine," U.S. Patent #1,657,411, 24 Jan 1928.
1384. J.I. Schiller, "Secure Distributed Computing," Scientific American, v. 271, n.5, Nov 1994,
pp. 72-76.
1385. R. Schlafly, "Complaint Against Exclusive Eederal Patent License," Civil Action Eile No.
C-93 20450, United States District Court for the Northern District of California.
1386. B. Schneier, "One-Way Hash Eunctions," Dr. Dobb's journal, v. 16, n. 9, Sep 1991, pp.
148-151.
1387. B. Schneier, "Data Guardians," MacWorld, v. 10, n. 2, Eeb 1993, pp. 145-151.
1388. B. Schneier, "Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish),"
East Software Encryption, Cambridge Secunty Workshop Proceedings, Springer-Verlag,
1994, pp. 191-204.
1389. B. Schneier, "The Blowfish Encryption Algorithm," Dr. Dobb's Journal, v. 19, n. 4, Apr
1994, pp. 38-40.
1390. B. Schneier. Protect Your Macintosh, Peachpit Press, 1994.
1391. B. Schneier, "Designing Encryption Algorithms for Real People, " Proceedings of the 1994
ACM SIGSAC New Secunty Paradigms Workshop, IEEE Computer Society Press, 1994,
pp. 63-71.
1392. B. Schneier, "A Primer on Authentication and Digital Signatures," Computer Secu rity
lournal, v. 10, n. 2, 1994, pp. 38-40.
1393. B. Schneier, "The GOST Encryption Algorithm," Dr. Dobb's journal, v. 20, n. 1, Jan 95,
pp. 123-124.
1394. B. Schneier, E-Mail Security (with POP and SEM) New York: John Wiley & Sons, 1995.
1395. C.P Schnorr, "On the Construction of Random Number Generators and Random
Eunction Generators," Advances in Cryptology EUROCRYPT '88 Proceedings, Springer-
Verlag, 1988, pp. 225-232.
1396. C.P Schnorr, "Efficient Signature General tion for Smart Cards," Advances in Cryptology
CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 239-252.
1397. C.P. Schnorr, "Efficient Signature Generation for Smart Cards," Journal of
Cryptology,v.4,n.3, 1991,pp. 161-174.
1398. C.P Schnorr, "Method for Identifying Subscribers and for Generating and Verifying
Electronic Signatures in a Data Exchange System," U.S. Patent #4,995,082, 19 Eeb 1991.
1399. C.P. Schnorr, "An Efficient Cryptographic Hash Eunction, " presented at the rump
session of CRYPTO '91, Aug 1991.
1400. C.P. Schnorr, "EET-Hash II, Efficient Cryptographic Hashing, " Advances in Cryptology
EUROCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 45-54.
1401. C.P. Schnorr and W. Alexi, "RSA-bits are 0.5 E Secure," Advances in Cryptology:
Proceedings of EUROCRYPT 84, Springer-Verlag, 1985, pp. 113-126.
1402. C.R Schnorr and S. Vaudenay, "Parallel EET-Hashing," East Software Encryption,
Cambridge Secunty Workshop Proceedings, Springer-Verlag, 1994, pp. 149-156.
1403. C.P. Schnorr and S. Vaudenay, "Black Box Cryptanalysis of Hash Networks Based on
Multipermutations, " Advances in Cryptology EUROCRYPT '94 Proceedings, Springer-
Verlag, 1995, to appear.
1404. W. Schwartau, Information Warfare: Chaos on the Electronic Superhighway, New York:
Thunders Mouth Press, 1994.
1405. R. Scott, "Wide Open Encryption Design Offers Elexible Implementations," Cryptologia, v.
9, n. 1, Jan 1985, pp. 75-90.
1406. J. Seberry, "A Subliminal Channel in Codes for Authentication without Secrecy, " Ars
Combinatorica, v. 19A, 1985, pp. 337-342.
1407. J. Seberry and J. Pieprzyk, Cryptography: An Introduction to Computer Security,
Englewood Cliffs, N.l.: Prentice-Hall, 1989.
1408. J. Seberry, X.-M. Zhang, and Y. Zheng, "Nonlinearly Balanced Boolean Eunctions and
Their Propagation Characteristics, " Advances in Cryptology EUROCRYPT '91
Proceedings, Springer-Verlag, 1994, pp. 49-60.
1409. H. Sedlack, "The RSA Cryptography Processor: The Eirst High Speed One-Chip Solution,
" Advances in Cryptology EUROCRYPT '87 Proceedings, Springer- Verlag, 1988, pp.
95-105.
1410. H. Sedlack and U. Golze, "An RSA Cryptography Processor," Microprocessing and
Microprogramming, v. 18, 1986, pp. 583-590.
1411. E.S. Selmer, Linear Recurrence over Einite Eield, University of Bergen, Norway, 1966.
1412. J.O. Shallit, "On the Worst Case of Three Algorithms for Computing the Jacobi Symbol,"
Journal of Symbolic Computation, v. 10, n. 6, Dec 1990, pp. 593-610.
1413. A. Shamir, "A East Signature Scheme,'' MIT Laboratory for Computer Science,
Technical Memorandum, MIT/LCS/TM 107, Massachusetts Institute of Technology, Jul
1978.
1414. A. Shamir, "How to Share a Secret," Communications of the ACM, v. 24, n. 11, Nov 1979,
pp. 612-613.
1415. A. Shamir, "On the Cryptocomplexity of Knapsack Systems, " Proceedings of the 11th
ACM Symposium on the Theory of Computing, 1979, pp. 118-129.
1416. A. Shamir, "The Cryptographic Security of Compact Knapsacks, " MIT Library for
Computer Science, Technical Memorandum, MIT/LCS/TM164, Massachusetts Institute of
Technology, 1980.
1417. A. Shamir, "On the Generation of Cryptographically Strong Pseudo-Random Sequences, "
Lecture Notes in Computer Science 8th International Colloquium On Automata,
Languages, and Programming, Springer-Verlag, 1981.
1418. A. Shamir, "A Polynomial Time Algorithm for Breaking the Basic Merkle -Hellman
Cryptosystem," Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983,
pp. 279-288.
1419. A. Shamir, "A Polynomial Time Algorithm for Breaking the Basic Merkle-Hellman
Cryptosystem, " Proceedings of the 23rd IEEE Symposium on the Eoundations of Computer
Science, 1982,pp. 145-152.
1420. A. Shamir, "On the Generation of Cryptographically Strong Pseudo-Ranclom Sequences,"
ACM Transactions on Computer Systems, v. 1, n. l, Ee b 1983, pp. 38-44.
1421. A. Shamir, "A Polynomial Time Algorithm for Breaking the Basic Merkle Hellman
Cryptosystem, " IEEE Transactions on Information Theory, v. IT-30, n. 5, Sep 1984, pp.
699-704.
1422. A. Shamir, "Identity-Based Cryptosystems and Signature Schemes, " Advances in
Cryptology: Proceedings of CRYPTO '84. Springer-Verlag, 1985, pp. 47-53.
1423. A. Shamir, "On the Security of OES," Advances in Cryptology C RYPTO '85
Proceedings, Springer-Verlag, 1986, pp. 280-281.
1424. A. Shamir, lecture at SECURICOM '89.
1425. A. Shamir, "Efficient Signature Schemes Based on Birational Permutations," Advances in
Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 1-12.
1426. A. Shamir, personal communication, 1993.
1427. A. Shamir and A. Eiat, "Method, Apparatus and Article for Identification and Signature,"
U.S. Patent #4,748,668, 31 May 1988.
1428. A. Shamir and R. Zippel, "On the Security of the Merkle-Hellman Cryptographic
Scheme," IEEE Transactions on Information Theory, v. 26, n. 3, May 1980, pp. 339-340.
1429. M. Shand, R Bertin, and J. Vuillemin, "Hardware Speedups in Long Integer
Multiplication," Proceedings of the 2nd Annual ACM Symposium on Parallel Algorithms
and Architectures, 1990, pp. 138-145.
1430. D. Shanks, Solved and Unsolved Problems in Number Theory, Washington D.C.: Spartan,
1962.
1431. C.E. Shannon, "A Mathematical Theory of Communication," Bell System Technical
Journal. v. 27, n. 4, 1948, pp. 379-423, 623-656.
1432. C.E. Shannon, "Communication Theory of Secrecy Systems," Bell System Technical
Journal. v. 28, n. 4, 1949, pp. 656-715
1433. C.E. Shannon, Collected Papers: Claude Elmwood Shannon, N.J.A. Sloane and A.D.
Wyner, eds., New York: IEEE Press, 1993.
1434. C.E. Shannon, "Predication and Entropy in Printed English," Bell System Technical
journal, v. 30, n. 1, 1951, pp. 50-64.
1435. A. Shimizu and S. Miyaguchi, "East Data Encipherment Algorithm EEAL," Transactions
of IEICE of Japan, v. J70-1, n. 7, Jul 87, pp. 1413-1423. (In Japanese.)
1436. A. Shimizu and S. Miyaguchi, "East Data Encipherment Algorithm EEAL, " Advances in
Cryptology EUROCRYPT 87 Proceedings, Springer-Vcrlag, 1988, pp. 267-278.
1437. A. Shimizu and S. Miyaguchi, "EEAL East Data Encipherment Algorithm," Systems and
Computers in Japan, v. 19, n. 7, 1988, pp. 20-34, 104-106.
1438. A. Shimizu and S. Miyaguchi, "Data Randomization Equipment," U.S. Patent #4,850,019,
18 Jul 1989.
1439. M. Shimada, "Another Practical Public key Cryptosystem, " Electronics Letters, v. 28, n.
23, 5 Nov 1992, pp. 2146-2147.
1440. K. Shirriff, personal communication, 1993.
1441. H. Shizuya, T. Itoh, and K. Sakurai, "On the Complexity of Hyperelliptic Discrete
Logarithm Problem," Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-
Verlag, 1991, pp. 337-351.
1442. Z. Shmuley, "Composite Diffie-Hellman Publie-Key Generating Systems Are Hard to
Break," Computer Science Department, Technion, Haifa, Israel, Technical Report 356, Eeb
1985.
1443. PW. Shor, "Algorithms for Quantum Computation: Discrete Log and Eactoring,"
Proceedings of the 35th Symposium on Eoundations of Computer Science, 1994, pp. 124-
134.
1444. L. Shroyer, letter to NIST regarding DSS, 17 Eeb 1992.
1445. C. Shu. T. Matsumoto, and H. Imai, "A Multi-Purpose Proof System, Transactions of the
Institute of Electronics, Information, and Communication Engineers, v. E75-A, n. 6, Jun
1992, pp. 735-743.
1446. E.H. Sibley, "Random Number Generators: Good Ones Are Hard to Eind,"
Communications of the ACM, v. 31, n. l0, Oct 1988, pp. 1192-1201.
1447. VM. Sidenikov and S.O. Shestakov, "On Encryption Based on Generalized Reed-
Solomon Codes," Diskretnaya Math, v. 4, 1992, pp. 57-63. (In Russian.)
1448. V.M. Sidenikov and S.O. Shestakov, "On Insecurity of Cryptosystems Based on
Generalized Reed-Solomon Codes, " unpublished manuscript, 1992.
1449. D.P Sidbu, "Authentication Protocols for Computer Networks, " Computer Networks and
ISDN Systems, v. 11, n. 4, Apr 1986, pp. 297-310.
1450. T. Siegenthaler, "Gorrelation-Immunity of Nonlinear Combining Eunctions for
Cryptographic Applications, " IEEE Transactions on Information Theory, v. IT-30, n. 5,
Sep 1984, pp. 776-780.
1451. T. Siegenthaler, "Decrypting a Class of Stream Ciphers Using Ciphcrtext Only," IEEE
Transactions on Computing, v. C-34, Jan 1985, pp. 81-85.
1452. T. Siegenthaler, "Cryptanalyst's Rcpresentation of Nonlinearity Eiltered ml-sequenccs,"
Advances in Cryptology EUROCRYYT '85, Springer-Verlag, 1986, pp. 103-110.
1453. R.D. Silverman, "The Multiple Polynomial Quadratie Sieve," Mathematics of Compu tation,
v. 48, n. 177, Jan 1987, pp. 329-339.
1454. G.J. Simmons, "Authentication without Secrecy: A Secure Communication Pro blem
Uniquely Solvable by Asymmetric Encryption Techniques, " Proceedings of IEEE
EASCON '79, 1979, pp. 661-662.
1455. G.J. Simmons, "Some Number Theoretic Questions Arising in Asymmetric Encryption
Techniques," Annual Meeting of the American Mathematical .Society, AMS Abstract
763.94.1, 1979, pp. 136-151.
1456. G.J. Simmons, "High Speed Arithmetic Using Redundant Number Systems," Pro ceedings
of the National Telecommunications Conference, 1980, pp. 49.3.1 -49.3.2.
1457. G.J. Simmons, "A 'Weak' Privacy Protocol Using the RSA Cryptosystem," Cryptologia,
v.7, n,2, Apr 1983, pp.180-182.
1458. G.J. Simmons, "The Prisoner's Problem and the Subliminal Channel," Advances in
Cryptology: Proceedings of CRYPTO '83, Plenum Press, 1984, pp. 51-67.
1459. G.J. Simmons, "The Subliminal Channel and Digital Signatures," Advances in
Cryptology: Proceedings of EUROCRYPT 84, Springer-Verlag, 1985, pp. 364-378.
1460. G.J. Simmons, "A Secure Subliminal Channel?," Advances in Cryptology CRYPTO '85
Proceedings, Springer-Verlag, 1986, pp. 33-41.
1461. G.J. Simmons, "Cryptology," Encyclopedia Britannica, 16th edition, 1986, pp. 913-924B.
1462. G.J. Simmons, "How to 'Really' Share a Secret, " Advances in Cryptology CRYPTO '88
Proceedings, Springer-Verlag, 1990, pp. 390 448.
1463. G.J. Simmons, "Prepositioned Secret Sharing Schemes and/or Shared Control Schemes, "
Advances in Cryptology EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, pp. 436 -
467.
1464. G.J. Simmons, "Geometric Shares Secret and/or Shared Control Schemes, " Advances in
Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 216-241.
1465. G.J. Simmons, ed., Contemporary Cryptology: The Science o f information Integrity, IEEE
Press, 1992.
1466. G.J. Simmons, "An Introduction to Shared Secret and/or Shared Control Schemes and
Their Application, " in Contemporary Cryptology: The Science of Information Integrity
G.J. Simmons, ed., IEEE Press, 1992, pp. 441-497.
1467. G.J. Simmons, "How to Insure that Data Acquired to Verify Treaty Compliance Are
Trustworthy," in Contemporary Cryptology: The Science of Information Integrity, G.J.
Simmons, ed., IEEE Press, 1992, pp. 615-630.
1468. G.J. Simmons, "The Subliminal Channels of the U.S. Digital Signature Algorithm (DSA),"
Proceedings of the Third Symposium on: State and Progress of Research in Cryptography,
Rome: Eondazone Ugo Bordoni, 1993, pp. 35-54.
1469. G.J. Simmons, "Subliminal Communica tion is Easy Using the USA, " Advances in
Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 218-232.
1470. G.J. Simmons, "An Introduction to the Mathematics of Trust in Security Protocols,"
Proceedings: Computer Security Eoundations Workshop VI, IEEE Computer Society
Press, 1993, pp. 121-127.
1471. G.J. Simmons, "Protocols that Ensure Eairness," Codes and Ciphers, Institute of
Mathematics and its Applications, 1995, pp. 383-394.
1472. G.J. Simmons, "Cryptanalysts and Protocol Eailures," Communications of the ACM, v.37,
n.11, Nov 1994, pp.56-65.
1473. G.J. Simmons, "Subliminal Channels: Past and Present, " European Transactions on
Telecommuncations, v. 4, n. 4, Jul/Aug 1994, pp. 459-473.
1474. G.J. Simmons and M.J. Norris, How to Cipher East Using Redundant Number Systems,
SAND-80-1886, Sandia National Laboratories, Aug 1980.
1475. A. Sinkov, Elementary Cryptanalysis, Mathematical Association of America, 1966.
1476. R. Siromoney and L. Matthew, "A Public Key Cryptosystem Based on Lyndon Words,"
Information Processing Letters, v. 35, n. 1, 15 Jun 1990, pp. 33-36.
1477. B. Smeets, "A Note on Sequences Generated by Clock-Controlled Shift Registers,"
Advances in Cryptology EUKOCRYPT '85, Springer-Vcrlag, 1986, pp. 40 42.
1478. M.E. Smid, "A Key Notarization System for Computer Networks, " NBS Special Report
500-54, U.S. Department of Commerce, Oct 1979.
1479. M.E. Smid, "The DSS and the SHS," Eederal Digital Signature Applications Symposium,
Rockville, MD, 17-18 Eeb 1993.
1480. M.E. Smid and D.K. Branstad, "The Data Encryption Standard: Past and Euture, "
Proceedings of the IEEE, v. 76, n. 5., May 1988, pp. 550-559.
1481. M.E. Smid and D.K. Branstad, "The Data Encryption Standard: Past and Euture," in
Contemporary Cryptology: The Science of Information Integrity, G. L. Simmons, ed.,
IEEE Press, 1992, pp. 43-64.
1482. J.L. Smith, "The Design of Lucifer, A Cryptographic Device for Data Communications, "
IBM Research Report RC3326, 1971.
1483. J.L. Smith, "Recirculating Block Cipher Cryptographic System," U.S. Patent #3,796,830,
12 Mar 1974.
1484. J.L. Smith, W.A. Notz, and P.R. Osseck, "An Experimental Application of Cryptography
to a Remotely Accessed Data System," Proceedings of the ACM Annual Conference, Aug
1972, pp. 282-290.
1485. K. Smith, "Watch Out Hackers, Public Encryption Chips Are Coming," Electronics Week,
20 May 1985, pp. 30-31.
1486. R Smith, "LUC Public-Key Encryption," Dr. Dobb's journal, v. 18, n. l, Jan 1993, pp. 44-
49.
1487. P. Smith and M. Lennon, "LUC: A New Public Key System," Proceedings of the Ninth
International Conference on Infor- mation Security, IElP/Sec 1993, North Holland:
Elsevier Science Publishers, 1993, pp. 91-111.
1488. E. Snekkenes, "Exploring the BAN Approach to Protocol Analysis," Proceedings of the
1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991, pp.
171-181.
1489. B. Snow, "Multiple Independent Binary Bit Stream Generator," U.S. Patent #5,237,615,
17 Aug 1993.
1490. R. Solovay and V. Strassen, "A East Monte-Carlo Test for Primality, " SIAM journal on
Computing, v. 6, Mar 1977, pp. 84-85; erratum in ibid, v. 7, 1978, p. 118.
1491. T. Sorimachi, T. Tokita, and M. Matsui, "On a Cipher Evaluation Method Based on
Differential Cryptanalysis," Proceedings of the 1994 Symposium on Cryptography and
Information Security (SCIS 94), Lake Biwa, Japan, 27-29 Jan 1994, pp. 4C.l-9. (In
Japanese.)
1492. A. Sorkin, "Lucifer, a Cryptographic Algorithm," Cryptologia, v. 8, n. 1, Jan 1984, pp. 22-
41.
1493. W. Stallings, "Kerberos Keeps the Ethernet Secure, " Data Communications, Oct 1994, pp.
103-111.
1494. W. Stallings, Network and Internetwork Secunty, Englewood Cliffs, N.J.: Prentice Hall,
1995.
1495. W. Stallings, Protect Your Privacy: A Guide for POP Users, Englewood Cliffs, N. J.:
Prentice-Hall, 1995.
1496. Standards Association of Australia, "Australian Standard 2805.4 1985: Electronic Eunds
Transfer Requirements for Interfaces: Part 4 Message Authentication, " SAA, North
Sydney, NSW, 1985.
1497. Standards Association of Australia, "Australian Standard 2805.5 1985: Electronic Eunds
Transfer Requirements for Interfaces: Part 5 Data Encipherment Algorithm," SAA, North
Sydney, NSW, 1985.
1498. Standards Association of Australia, "Australian Standard 2805.5.3: Electronic Data
Transfer Requirements for Interfaces: Part 5.3 Data Encipherment Algorithm 2," SAA,
North Sydney, NSW, 1992.
1499. J.G. Steiner, B.C. Neuman, and J. J. Schiller, "Kerberos: An Authentication Service for
Open Network Systems," USENIX Conference Proceedings, Eeb 1988, pp. 191-202.
1500. J. Stern, "Secret Linear Congruential Generators Are Not Cryptographically Secure,"
Proceedings of the 28th Symposium on Eoundations of Computer Science, 1987, pp. 421-
426.
1501. J. Stern, "A New Identification Scheme Based on Syndrome Decoding," Advances in
Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 13-21.
1502. A. Stevens, "Hacks, Spooks, and Data Encryption," Dr. Dobb's journal, v. 15, n. 9, Sep
1990, pp. 127-134, 147-149.
1503. R. Struik, "On the Rao-Nam Private-Key Cryptosystem Using Non-Linear Codes," IEEE
1991 Symposium on Information Theory, Budapest, Hungary, 1991.
1504. R. Struik and J. van Tilburg, "The Rao- Nam Scheme Is insecure against a Chosen-
Plaintext Attack, " Advances in Ctyptology CRYPTO '87 Proceedings, Springer-Verlag,
1988, pp. 445-457.
1505. S.G. Stubblebine and V.G. Gligor, "Protecting the Integrity of Privacy-Enhanced Mail
with DES-Based Authentication Codes," Proceedings of the Privacy and Secunty
Research Group 1993 Workshop on Network and Distributed System Security, The
Internet Society, 1993, pp. 75-80.
1506. R. Sugarman, "On Eoiling Computer Crime," IEEE Spectrum, v. 16, n. 7, Jul 79, pp.31 -
32.
1507. H.N. Sun and T. Hwang, "Public-key ID- Based Cryptosystem," Proceedings of the 25th
Annual 1991 IEEE International Carnahan Conference on Security Technology, Taipei,
Taiwan, 1 -3 Oct 1991, pp. 142-144.
1508. RE. Syverson, "Eormal Semantics for Logics of Computer Protocols, " Proceedings of the
Computer Secunty Eoundations Workshop III, IEEE Computer Society Press, 1990, pp.
32 41.
1509. RE. Syverson, "The Use of Logic in the Analysis of Cryptographic Protocols,"
Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and
Privacy, 1991,pp. 156-170.
1510. RE. Syverson, "Knowledge, Belief, and Semantics in the Analysis of Cryptographic
Protocols," journal of Computer Security, v. 1, n. 3, 1992, pp. 317-334.
1511. RE. Syverson, "Adding Time to a Logic Authentication," 1st ACM Conference on
Computer and Communications Security, ACM Press, 1993, pp. 97-106.
1512. RE. Syverson and C.A. Meadows, "A Logical Language for Specifying Cryptographic
Protocol Requirements, " Proceedings of the 1993 IEEE Computer Society Symposium on
Research in Security and Privacy, 1993, pp. 14-28.
1513. RE Syverson and C.A. Meadows, "Eormal Requirements for Key Distribution Proto-
cols," Advances in Cryptology EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to
appear.
1514. RE. Syverson and RC. van Oorschot, "On Unifying Some Cryptographic Protocol
Logics," Proceedings of the 1994 IEEE Computer Society Symposium on Research in
Security and Privacy, 1994, pp. 165-177.
1515. H. Tanaka, "A Realization Scheme for the Identity-Based Cryptosystem," Advances in
Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 340-349.
1516. H. Tanaka, "A Realization Scheme for the Identity- based Cryptosystem," Electronics and
communications in Japan, Part 3 (Eundamental Electronic Science), v. 73, n. 5, May
1990, pp. 1-7.
1517. H. Tanaka, "Identity-Based Noninteractive Common-Key Generation and Its Application
to Cryptosystems," Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. J75-A, n. 4, Apr 1992, pp. 796-800.
1518. J. Tardo and K. Alagappan, "SPX: Global Authentication Using Public Key Certificates,"
Proceedings of the 1991 IEEE Computer Society symposiLlm on Security and Privacy,
1991, pp. 232-244.
1519. J. Tardo, K. Alagappan, and R. Pitkin, "Public Key Based Authentication Using Internet
Certificates, " USENIX Security 11 Workshop Proceedings, 1990, pp. 121-123.
1520. A. Tardy-Corfdir and H. Gilbert, "A Known Plaintext Attack of EEAL-4 and EEAL-6, "
Advances in Cryptology CRYPTO'91 Proceedings, Springer-Verlag, 1992, pp. 172- 182.
IS21. M. Tatebayashi, N. Matsuzaki, and D.B. Newman, "Key Distribution Protocol for Digital
Mobile Communication System," Advances in Cryptology CRYPTO '89 Proceedings,
Springcr-Verlag, 1990, pp. .324- 333.
1522. M. Taylor, "Implementing Privacy Enhanced Mail on VMS," Proceedings of the Privacy
and Security Research Group 1993 Workshop o n Network and Distributed System
Security, The Internet Society, 1993, pp. 63-68.
1523. R. Taylor, "An Integrity Cheek Value Algorithm for Stream Ciphers," Advances in
Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 40-48.
1524. T. Tedrick "Eair Exchange of Secrets, " Advances in Cryptology: Proceedings of
CRYPTO '84, Springer-Verlag, 1985, pp. 434- 448.
1525. R. Terada and P.G. Pinheiro, "How to Strengthen EEAL against Differential
Cryptanalysis, " Proceedings of the 1995 Japan-Korea Workshop on Information Security
and Cryptography, Innyama, Japan, 24-27 Jan 1995, pp. 153-162.
1526. J.-P. Tillich and G. Nemor, "Hashing with Sly," Advances in Cryptology CRYPTO '94
Proceedings, Springer-Verlag, 1994, pp. 40 49.
1527. T. Tokita, T. Sorimachi, and M. Matsui, "An Efficient Search Algorithm for the Best
Expression on Linear Cryptanalysis." IEICE Japan, Technical Report, ISEC93-97, 1994.
1528. M. Tompa and E. Woll, "Random Self Reducibility and Zero-Knowledge Interactive
Proofs of Possession of Information," Proceedings of the 28th IEEE Sy mposium on the
Eoundations of Computer Science, 1987, pp. 472-482.
1529. M. Tompa and H. Woll, "How to Share a Secret with Cheaters," journal of Cryptology,
v. 1, n. 2, 1988, pp. 133-138.
1530. M.-J. Toussaint, "Verification of Cryptographic Protocols, " Ph.D. dissertation,
Universite de Liege, 1991.
1531. M.-J. Toussaint, "Deriving the Complete Knowledge of Participants in Cryptographic
Protocols," Advances in Cryptology CRYPTO '91 Proceedings, SpringerVerlag, 1992,
pp. 24-43.
1532. M.-J. Toussaint, "Separating the Specification and Implementation Phases in Cryptology,"
ESORICS 92, Proceedings of the Second European Symposium on Research in Computer
Security, Springcr-Verlag, 1992, pp. 77-101.
1533. P.D. Townsend, J.G. Rarity, and RR. Tapstcr, "Enhanced Single Photon Eringe Visibility
in a 10 km-Long Prototype Quantum Cryptography Channel," Electronics Letters, v. 28,
n. 14, S Jul 1993, pp. 1291
1534. S.A. Tretter, "Properties of PN2 Sequences," IEEE Transactions on Information Theory,
v. IT-20, n. 2, Mar 1974, pp. 295-297.
1535 H. Truman, "Memorandum for : The Secretary of State, The Secretary of Defensc," A
20707 5/4/54/OSO, NSA TS CONTL. NO 73- 00405, 24 Oct 1952.
1536. Y.W. Tsai and T. Hwang, "ID Based Public Key Cryptosystem Based on Okamoto and
Tanaka's ID Based Onc-Way Communications Scheme," Electronics Letters, v. 26, n. 10,
1 May 1990, pp. 666- 668.
1537. G. Tsudik, "Message Authentication with One-Way Hash Eunctions," ACM Comp uter
Communications Review, v. 22, n. 5, 1992, pp. 29- 38.
1560. J. van Tilburg, "Cryptanalysts of the Xinmei Digital Signature Scheme," Electronics Letters,
v. 28, n. 20, 24 Sep 1992, pp. 1935-1938.
1561. J. van Tilburg, "Two Chosen-Plaintext Attacks on the Li Wang Joing Authentication and
Encryption Scheme, " Applied Algebra, Algebraic Algorithms and Error Correcting Codes
10, Springer-Verlag, 1993, pp. 332-343.
1562. J. van Tilburg, "Security-Analysis of a Class of Cryptosystems Based on Linear Error-
Correcting Codes, " Ph.D. dissertation, Technical University Eindhoven, 1994.
1563. A. Vandemeulebroecke, E. Vanzieleghem, T. Denayer, and RG. Jespers, "A Single Chip
1024 Bits RSA Processor," Advances in Cryptology EUROCRYPT '89 Proceedings,
Springer-Verlag, 1990, pp. 219-236.
1564. J. Vanderwalle, D. Chaum, W. Eumy, C. Jansen, P. Landroek, and G. Roelofsen, "A
European Call for Cryptographic Algorithms: RIPE; RACE Integrity Primitives Evaluation,
" Advances in Cryptology EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, pp.
267-271.
1565. V. Varadharajan, "Verification of Network Security Protocols," Computers and Security, v.
8, n. 8, Aug 1989, pp. 693-708.
1566. V. Varadharajan, "Use of a Eormal Description Technique in the Specification of
Authentication Protocols, " Computer Standards and Interfaces, v. 9, 1990, pp. 203-215.
1567. S. Vaudenay, "EET-Hash-II Is not Yet Collision-Eree," Advances in Cryptology CRYPTO
'92 Proceedings, Springer-Verlag, pp. 587-593.
1568. S. Vaudenay, "Differential Cryptanalysis of Blowfish, " unpublished manuscript, 1995.
1569. U.V. Vazirani and V.V. Vazirani, "Trapdoor Pseudo-Random Number Generators with
Applications to Protocol Design, " Proceedings of the 24th IEEE Symposium on the
Eoundations of Computer Science, 1983, pp. 23-30.
1570. U.V. Vazirani and V.V. Vazirani, "Efficient and Secure Pseudo-Random Number
Generation," Proceedings of the 25th IEEE Symposium on the Eoundations of Computer
Science, 1984, pp. 458 463.
1571. U.V. Vazirani and V.V. Vazirani, "Efficient and Secure Pseudo-Random Number
Generation," Advances in Cryptology: Proceedings of CR YP TO '84, Springer -Verlag,
1985, pp. 193-202.
1572. I. Verbauwhede, E. Hoornaert, J. Vanderwalle, and H. De Man, "ASIC Cryptographical
Processor Based on DES," Euro ASIC '91 Proceedings, 1991, pp. 2 92-295.
1573. I. Verbanwhede, E. Hoornaert, J. Vanderwalle, H. De Man, and R. Govaerts, "Security
Considerations in the Design and Implementation of a New DES Chip, " Advances in
Cryptology EUROCRYPT '87 Proceedings, Springcr-Verlag, 1988, pp. 287-300.
1574. R. Vogel, "On the Linear Complexity of Caseaded Sequences," Advances in Cryptology:
Proceedings oi EUROCRYPT 84, Springer-Verlag, 1985, pp. 99- 109.
1575. S. von Solms and D. Naccache, "On Blind Signatures and Perfect Crimes," Computers &
Security, v. 11, 1992, pp. 581-583.
1576. V.L. Voydock and S.T. Kent, "Security Meehanisms in High-Level Networks, " ACM
Computing Surveys, v. 15, n. 2, Jun 1983, pp. 135-171.
1577. N.R. Wagner, RS. Putter, and M.R. Cain, "Large-Scale Randomization Techniques,"
Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 393 -404.
1578. M. Waidner and B. Pfitzmann, "The Dining Cryptographers in the Disco: Unconditional
Sender and Recipient Untraceability with Computationally Secure Serviceability," Advances
in Cryptology EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, p. 690.
1579. S.T. Walker, "Software Key Escrow A Better Solution for Law Enforcement's Needs ?"
TIS Report #533, Trusted Information Systems, Aug 1994.
1580. S.T. Walker, "Thoughts on Key Eserow Acceptability, " TIS Report #534D, Trusted
Information Systems, Nov 1994.
1581. S.T. Walker, S.B. Lipner, C.M. Ellison, D.K. Branstad, and D.M. Balenson, "Commercial
Key Escrow Something for Everyone Now and for the Euture," TIS Report #541, Trusted
Information Systems, Jan 1995.
1582. M.Z. Wang and J.L. Massey, "The Characteristics of All Binary Sequences with Perfect
Linear Complexity Profiles," Abstracts of Papers, EUROCRYPT '86. 20-22 May 1986.
1583. E.J. Watson, "Primitive Polynomials (Mod 2 )," Mathematics of Computation, v. 16,
1962, p. 368.
1584. P. Wayner, "Mimic Eunctions," Cryptologia, v. 16, n. 3, Jul 1992, pp. 193-214.
1585. P. Wayner, "Mimic Eunctions and Tractability, " draft manuscript, 1993.
1586. A.E. Webster and S.E. Tavares, "On the Design of S-Boxes," Advances in Cryptology
CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 523-534.
1587. G. Welchman, The Hut Six Story: Breaking the Enigma Codes, New York: McGraw-Hill,
1982.
1588. A.L. Wells Jr., "A Polynomial Eorm for Logarithms Modulo a Prime," IEEE Transactions
on Information Theory Nov 1984, pp. 845-846.
1589. D.J. Wheeler, "A Bulk Data Encryption Algorithm," East Software Encryption,
Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 127-134.
1590. D.J. Wheeler, personal communication, 1994.
1591. D.J. Wheeler and R. Needham, "A Large Block DES-Like Algorithm," Technical Report
35S, "Two Cryptographic Notes," Computer Laboratory, University of Cambridge, Dec
1994, pp. 1-3.
1592. D.J. Wheeler and R. Needham, "TEA, A Tiny Encryption Algorithm, " Technical Report
355, "Two Cryptographic Notes," Computer Laboratory, University of Cambridge, Dee
1994, pp. 1-3.
1593. S.R. White, "Covert Distributed Processing with Computer Viruses, " Advances in
Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 616-619.
1594. White House, Office of the Press Secretary, "Statement by the Press Secretary," 16 Apr
1993.
1595. B.A. Wichman and I.D. Hill, "An Efficient and Portable Pseudo-Random Number
Generator," Applied Statistics, v. 31, 1982, pp. 188-190.
1596. M.J. Wiener, "Cryptanalysts of Short RSA Secret Exponents," IEEE Transactions on
Information Theory, v. 36, n. 3, May 1990, pp. 553-5.58.
1597. M.J. Wiener, "Efficient DES Key Search." presented at the rump session of CRYPTO '93,
Aug 1993.
1598. M.J. Wiener, "Efficient DES Key Search," TR-244, School of Computer Science, Car leton
University, May 1994.
1599. M.V. Wilkes, Time-Sharing Computer Systems, New York: American Elsevier, 1968.
1600. E.A. Williams, An Invitation to Cryptograms, New York: Simon and Schuster, 1959.
1601. H.C. Williams, "A Modification of the RSA Public-Key Encryption Procedure, " IEEE
Transactions on Information Theory, v. IT-26, n. 6, Nov 1980, pp. 726-729.
1602. H.C. Williams, "An Overview of Eactoring," Advances in Cryptology: Proceedings of
Crypto 83, Plenum Press, 1984, pp. 71-80.
1603. H.C. Williams, "Some Public-Key Crypto-Eunctions as Intractable as Eactorization, "
Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 66-70.
1604. H.C. Williams, "Some Public-Key Crypto-Eunctions as Intractable as Eactorization,"
Cryptologia, v. 9, n. 3, Jul 1985, pp. 223-237.
1605. H.C. Williams "An M3 Public-Key Encryption Scheme," Advances in Cryptology
CRYPTO 85, Springer-Verlag, 1986, pp. 358-368.
1606. R.S. Winternitz, "Producing One-Way Hash Eunctions from DES," Advances in
Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 203-207.
1607. R.S. Winternitz, "A Secure One-Way Hash Eunction Built from DES," Proceedings of
the 1984 Symposium on Security and Privacy, 1984, pp. 88-90.
1608. S. Wolfram, "Random Sequence Generation by Cellular Automata," Advances in Applied
Mathematics, v. 7, 1986, pp. 123-164.
1609. S. Wolfram, "Cryptography with Cellular Automata, " Advances in Cryptology CRYPTO
'85 Proceedings , SpringerVerl ag, 1986, pp. 429 -432.
1610. T.Y.C. Woo and S.S. Lam, "Authentication for Distributed Systems," Computer, v. 25, n. 1,
Jan 1992, pp. 39-52.
1611. T.Y.C. Woo and S.S. Lam, "'Authentication Revisited," Computer, v. 25, n.3, Mar 1992,
p. 10.
1612. T.Y.C. Woo and S.S. Lam, "A Semantic Model for Authentication Protocols," Procee dings
of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy 1993,
pp. 178-194.
1613. M.C. Wood, technical report, Cryptech, Inc., Jamestown, NY, Jul 1990.
1614. M.C. Wood, "Method of Cryptographically 1628. Transforming Electronic Digital Data
from One Eorm to Another," U.S. Patent #5,003,596, 26 Mar 1991.
1615. M. C. Wood, personal communication, 1993.
1616. C.K. Wu and X.M. Wang, "Determination of the True Value of the Euler Totient Eunction
in the RSA Cryptosystem from a Set of Possibilities," Electronics Letters, v. 29, n. 1, 7 Jan
1993, pp. 84-85.
1617. M.C. Wunderlich, "Recent Advances in the Design and Implementation of Large Integer
Eactorization Algorithms, " Proceedings of 1983 Symposium on Security and Privacy, IEEE
Computer Society Press, 1983, pp. 67-71.
1618. Xerox Network System (XNS) Authentication Protocol, XSIS 098404, Xerox
Corporation, Apr 1984.
1619. Y.Y. Xian, "New Public Key Distribution System," Electronics Letters, v. 23, n. 11, 1987,
pp. 560-561.
1620. L.D. Xing and L.G. Sheng, "Cryptanalysts of New Modified Lu-Lee Cryptosystems,"
Electronics Letters, v. 26, n. 19, 13 Sep 1990, p. 1601-1602.
1621. W. Xinmei, "Digital Signature Scheme Based on Error-Correcting Codes, " Electronics
Letters, v. 26, n. 13, 21 Jun 1990, p. 1634. 898-899.
1622. S.B. Xu, INK. He, and X.M. Wang, "An Implementation of the GSM General Data
Encryption Algorithm A5, " CHINACRYPT '94, Xidian, China, 11-15 Nov 1994, pp. 287-
291. (In Chinese.)
1623. M. Yagisawa, "A New Method for Realizing Public-Key Cryptosystem," Cryptologia, v. 9,
n. 4, Oct 1985, pp. 360-380.
1624. C.H. Yang, "Modular Arithmetic Algorithms for Smart Cards, " IEICE Japan, Technical
Report, ISEC92-16, 1992.
1625. C.H. Yang and H. Morita, "An Efficient Modular-Multiplication Algorithm for Smart-Card
Software Implementation, " IEICE Japan, Technical Report, ISEC91-58, 1991.
1626. J.H. Yang, K.C. Zeng, and Q.B. Di, "On the Construction of Large S-Boxcs, "
CHINACRYPT'94, Xidian, China, 11-15 Nov 1994, pp. 24-32. (In Chinese.)
1627. A.C.-C. Yao, "Protocols for Securc Computations, " Proceedings of the 23rd IEEE
Symposium on the Eoundations of Computer Science, 1982, pp. 160 -164.
1628. B. Yee, "Using Secure Coprocessors, " Ph.D. dissertation, School of Computer Science,
Carnegie Mellon University, May 1994.
1629. S.-M. Yen, "Design and Computation of Public Key Cryptosystems," Ph. D. dissertation,
National Cheng Hung University, Apr 1994.
1630. S.-M. Yen and C.-S. Lai, "New Digital Signature Scheme Based on the Discrete
Logarithm," Electronics Letters, v. 29, n. 12, 1993, pp. 1120-1121.
1631. K. Yin and K. Peterson, "A Single-Chip VLSI Implementation of the Discrete Exponential
Public-Key Distribution System, " IBM Systems journal, v. 15, n. 1, 1982, pp. 102-116.
1632. K. Yiu and K. Peterson, "A Single-Chip VLSI Implementation of the Discrete Exponential
Public-Key Distribution System," Proceedings of Government Microcircuit Applications
Conference, 1982, pp. 18-23.
1633. H.Y. Youm, S.L. Lee, and M.Y. Rhee, "Practical Protocols for Electronic Cash,"
Proceedings of the 1993 Korea- Japan Workshop on Information Security and
Cryptography Seoul, Korea, 24-26 Oct 1993, pp. 10-22.
1634. M. Yung, "Cryptoprotocols: Subscriptions to a Public Key, the Secret Blocking, and the
Multi-Player Mental Poker Game, " Advances in Cryptology: Proceedings of CRYPTO
84, Springer-Verlag, 1985, 439-453.
1635. G. Yuval, "How to Swindle Rabin," Cryptologia, v. 3, n. 3, Jul 1979, pp. 187-190.
1636. K.C. Zeng and M. Huang, "On the Linear Syndrome Method in Cryptanalysis, "
Advances in Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 469-478.
1637. K.C. Zeng, M. Huang, and T.R.N. Rao, "An Improved Linear Algorithm in Cryptanalysis
with Applications, " Advances in Cryptology CRYPTO '90 Proceedings, Springer-Verlag,
1991, pp. 34-47.
1638. K.C. Zeng, C.-H. Yang, and T.R.N. Rao, "On the Linear Consistency Test ILCTl in
Cryptanalysis with Applications," Advances in Cryptology CRYPT O '89 Proceedings,
Springer-Verlag, 1990, pp. 164-174.
1639. K.C. Zeng, C.-H. Yang, L. Wei, and T. R.N. Rao, "Pseudorandom Bit Generators in
Stream-Cipher Cryptography, " IEEE Computer, v. 24, n. 2, Eeb libel, pp. 5-17.
1640. M. Zhang, S.E. Tavares, and L.L. Campbell, "Information Leakage of Boolean Eunctions
and Its Relationship to Other Cryptographic Criteria," Proceedings of the 2nd Annual
ACM Conference on Computer and Communications Security, ACM Press, 1994, pp.
156-165.
1641. M. Zhang and G. Xiao, "A Modified Dcsign Criterion for Stream Ciphers,"
CHINACRYPT'94, Xidian, China, 11-15 Nov 1994, pp. 201-209. (In Chinese.)
1642. Y. Zheng, T. Matsumoto, and H. Imai, "Duality between two Cryptographic Primitives,"
Papers of Technical Group for Information Security, IEICE of Japan, Mar 1989, pp. 47-57.
1643. Y. Zhcng, T. Matsumoto, and H. Imai, "Impossibility and Optimality Results in
Constructing Pseudorandom Permutations," Advances in Cryptology EURO CRYPT '89
Proceedings, Springer-Verlag. 1990, pp. 412-422.
1644. Y. Zheng, T. Matsumoto, and H. Imai, "On the Construction of Block Ciphers Provably
Sccurc and Not Relying on Any Unproved Hypotheses, " Advances in Cryptology
CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 461-480.
1645. Y. Zheng, T. Matsumoto, and H. Imai, "Duality hctwccn two Cryptographic Primitives,"
Proceedings of the 8th International Conference on Applied Algebra. Algebraic Algorithms
and Error-Correcting Codes, Springer-Verlag, 1991, pp. 379-390.
1646. Y. Zheng, J. Pieprzyk, and J. Seberry, "HAVAL A One-Way Hashing Algorithm with
Variable Length of Output, " Advances in Crytology AUSCRYPT '92 Proceedings,
Springer-Verlag, 1993, pp. 83-104.
1647. N. Zierler, "Linear Recurring Sequences," Journal Soc. Indust. Appl. Math., v. 7, n 1,
Mar 1959, pp. 31 48.
1648. N. Zierler, "Primitive Trinomials Whose Degree Is a Mersenne Exponent," Information and
Control, v. 15, 1969, pp. 67-69.
1649. N. Zierler and J. Brillhart, "On Primitive Trinomials (mod 2)," Information and Control,
v. 13, n. 6, Dec 1968, pp. 541-544.
1650. N. Zicrlcr and W.H. Mills, "Products of Linear Recurring Scqucnces," Journal of
Algebra, v. 27, n. 1, Oct 1973, pp. 147-157.
1651. C. Zimmer, "Perfect Gibberish," Discover, v. 13, n. 12, Dec 1992, pp. 92-99.
1652. P. Zimmermann, The Official PGP User's Guide, Boston: MIT Press, 1995.
1653. P. Zimmermann, PGP Source Code and Internals, Boston: MIT Press, 1995.
Das könnte Ihnen auch gefallen
- Ariston и IndesitDokument15 SeitenAriston и IndesitFelicia MarceanNoch keine Bewertungen
- XCMG WZ30 25 Instrukciya Operatora PDFDokument67 SeitenXCMG WZ30 25 Instrukciya Operatora PDFandrey7219Noch keine Bewertungen
- Физика 8Dokument64 SeitenФизика 8Dusia FortochkinaNoch keine Bewertungen
- Tunnel 4 1992Dokument26 SeitenTunnel 4 1992Igor Kalytyuk100% (1)
- Bolshaja Kniga AforizmovDokument529 SeitenBolshaja Kniga AforizmovVaspour KarapetianNoch keine Bewertungen
- JSK 41Dokument112 SeitenJSK 41coconut108Noch keine Bewertungen
- FP-16K + (Corel)Dokument20 SeitenFP-16K + (Corel)Anatolie RomanciucNoch keine Bewertungen
- Tunnel 42 2012Dokument71 SeitenTunnel 42 2012Igor Kalytyuk100% (1)
- KMPKT UchebnikDokument157 SeitenKMPKT UchebnikГабриела ИвановаNoch keine Bewertungen
- Tsepov Derzhite Nozhki Krestikom Ili Russkie Bayki Angliyskogo Akushera.284801Dokument96 SeitenTsepov Derzhite Nozhki Krestikom Ili Russkie Bayki Angliyskogo Akushera.284801vuvurNoch keine Bewertungen
- PDF Tarea 22 - CompressDokument2 SeitenPDF Tarea 22 - CompressCarla Andreina Del cristoNoch keine Bewertungen
- Lusina 2Dokument180 SeitenLusina 2Max anykeyNoch keine Bewertungen
- Aleksandar M. Petrovic: Istorija Socijalnih I Politickih Teorija (2010)Dokument185 SeitenAleksandar M. Petrovic: Istorija Socijalnih I Politickih Teorija (2010)Bl_PNoch keine Bewertungen
- Hill Dumai I BogateiDokument171 SeitenHill Dumai I BogateiOksana LobanovaNoch keine Bewertungen
- Laporan Askep Ich - PDFDokument103 SeitenLaporan Askep Ich - PDFvera syahrinisyaNoch keine Bewertungen
- EA - U4ebnikDokument169 SeitenEA - U4ebnikНикел железен сулфидNoch keine Bewertungen
- PDF Curso CNDH - CompressDokument25 SeitenPDF Curso CNDH - CompressJuan Carlos Martinez GarciaNoch keine Bewertungen
