234•...•...•...•...5:::6(Cryptology):.¾(Cryptography):,.¾(Cryptanalytics):.7(Plaintext)(Encrtption)(Ciphertext)(Decryption)(CryptographyAlgorithm):key.(EncryptionAlgorithm).(Receiver).(DecryptionAlgorithm).8,(EncryptionKey)(DecryptionKey).9xyxk10P,C,K,E,D)1P2C3K*4kK,dk(ek(x))=x,xPEek∈Ddk∈CPek→:PCdk→:11¾symmetriccipher)conventionalcipher)¾asymmetriccipher):public-keycipher),.,publickey).,privatekey).12¾DES,IDEA,RC6,Rijndael¾13•1949•19491975•1976——14(steganography):.a.b.c.15substitutioncipher)(permutationcipher)transpositioncipher)16••17123Caesar18:PHHWPHDIWHUWKHWRJDSDUWB1QIIXQI….2RJJYRJ….…23meetmeafterthetogaparty6,2519y=e(x)=ax+b(mod26),a,b,x,yZ/(26)gcd(a,26)=1x=dk(y)=a-1(y-b)(mod26)26*12=3112021Kerckhoff22◆Diffusion()◆Confusion()238163224ECB(electroniccodebookmode)CBC(cipherblockchaining)CFB(cipherfeedback)OFB(outputfeedback)25ECBCi=EK(Pi)⇔Pi=DK(Ci)26CBC•Ci=EK(Ci-1⊕Pi)⇔Pi=EK(Ci)⊕Ci-127CBC••–IV–Ö–IV•––ÖECB64,SSLIPSec28CFB•CFB:ÖSi,j:Ci=Pi⊕(EK(Si)j)Si+1=(Sij)|Ci:Pi=Ci⊕(EK(Si)j)Si+1=(Sij)|Ci29CFB30OFB31,:–––•–:–:3233(KP,KS):XÎY:Y=EKP(X):YÎX:X=DKS(Y)=DKS(EKP(X))3476DiffieHellman“”78RSAPKI35()3637••••38(knapsack)0-1SA=(a1,…,an)aiS=aixiX=(x1,…,xn)NPn••39——aiaj(j=1,…,i-1)aiSai,xi1xi0ai{2,3,6,13,27,52}70•{2,3,13,52}•7011010140——mai(i=1,…,n)mwai’=wai(modm)(i=1,…,n)ai’41——MHnX=(x1,…,xn)A’=(a1’,…,an’)SS=E(X)=ai’xiS’=w-1SmodmS’=aixi4243RSA1977RonRivestAdiShamirLenAdleman19780~n-1,n2000944RSAk,2kn≤2k+1:C=Memodn:M=Cdmodn=Medmodn:KP={e,n},:KS={d,n}:e,d,n,Medmodn=M,MnMeCdend45BPbABmAkmPbkEkmEPbkB.AB464748MessageencryptionMACHashfunction49HashHashHash:h=H(x),:H(x):hxh=H(x)WeakCollisionResistence(WCR)Collisionfreexy≠xH(x)=H(y)StrongCollisionResistence(SCR):y≠xH(x)=H(y)50MD5RonRivest12851251MD5padding6464k100…0k1~512512512Y0,Y1,…YL-1MDbuffer128(4)L128512128128hash52SecureHashAlgorithm1992NISTSHA(128)1993SHA1994SHA-1(160)1995SHA-1SHA-1264SHA-1160MD453SHA-1MD5padingMD5512MDbuffer160(5)160+512-160SHA-154SHA-1SHA-1big-endian:160hash512-bit,SHA-1“hash”MD5MD555MAC(MessageAuthenticationCode)MAChash(cryptographicchecksum)ABKMMAC=CK(M)MACMACMMAC56MACMC||CKCk(M)MCompareK57HMACMACMAChashMAC:HMAC58HMAC59HMACK0hashK+K+ipad(00110110)XORSi(Si||M)hashK+opad(01011010)XORS0HMAC=f[IV,S0||f(IV,Si||M)]HMAC:hashhashhashhash60hashhashhashhashhashhashhashhash61:,:“”621)ABm2)Ahashm3)As=KA[hashm]4)AÆB:m,s1)Bm’s’2)Bhashm’KAs’3)Bhashm’KAs’631)KB(m):AÆB2)CKBCKB(m)3)Cx=KB(m)BBx:KB(x)=KB[KB(m)]=m!!!64hashhashhashhash365