ebook img

Handbook of applied cryptography PDF

811 Pages·2001·8.64 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Handbook of applied cryptography

HANDBOOK of APPLIED CRYPTOGRAPHY HANDBOOK of APPLIED CRYPTOGRAPHY Alfred J. Menezes Paul C. van Oorschot Scott A. Vanstone Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business DISCRETE_MATH-ROSEN.fh8 2/10/04 3:43 PM Page 1 CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 1997 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works This book contains information obtained from authentic and highly regarded sources. Reason- able efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www. copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organiza- tion that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com ISBN-13: 978-0-84-938523-0 (hbk) ToArchieandLidaMenezes ToCornelisHenricusvanOorschot andMariaAnnaBuysvanVugt ToMargaretandGordonVanstone ContentsinBrief TableofContents ..................................................v ListofTables .....................................................xv ListofFigures ...................................................xix Foreword ........................................................xxi Preface ........................................................xxiii 1 OverviewofCryptography ..........................................1 2 MathematicalBackground .........................................49 3 Number-TheoreticReferenceProblems ..............................87 4 Public-KeyParameters ...........................................133 5 PseudorandomBitsandSequences ................................169 6 StreamCiphers ..................................................191 7 BlockCiphers ...................................................223 8 Public-KeyEncryption ...........................................283 9 HashFunctionsandDataIntegrity .................................321 10 IdentificationandEntityAuthentication ............................385 11 DigitalSignatures ................................................425 12 KeyEstablishmentProtocols ......................................489 13 KeyManagementTechniques .....................................543 14 EfficientImplementation .........................................591 15 PatentsandStandards ............................................635 A BibliographyofPapersfromSelectedCryptographicForums .........663 References ......................................................703 Index ...........................................................755 iv TableofContents ListofTables xv ListofFigures xix ForewordbyR.L.Rivest xxi Preface xxiii 1 OverviewofCryptography 1 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Informationsecurityandcryptography . . . . . . . . . . . . . . . . . . 2 1.3 Backgroundonfunctions . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.3.1 Functions(1-1,one-way,trapdoorone-way) . . . . . . . . . . . . 6 1.3.2 Permutations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.3.3 Involutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.4 Basicterminologyandconcepts . . . . . . . . . . . . . . . . . . . . . . 11 1.5 Symmetric-keyencryption . . . . . . . . . . . . . . . . . . . . . . . . 15 1.5.1 Overviewofblockciphersandstreamciphers . . . . . . . . . . . 15 1.5.2 Substitutionciphersandtranspositionciphers . . . . . . . . . . . 17 1.5.3 Compositionofciphers . . . . . . . . . . . . . . . . . . . . . . 19 1.5.4 Streamciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 1.5.5 Thekeyspace . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 1.6 Digitalsignatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 1.7 Authenticationandidentification . . . . . . . . . . . . . . . . . . . . . 24 1.7.1 Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 1.7.2 Dataoriginauthentication . . . . . . . . . . . . . . . . . . . . . 25 1.8 Public-keycryptography . . . . . . . . . . . . . . . . . . . . . . . . . 25 1.8.1 Public-keyencryption . . . . . . . . . . . . . . . . . . . . . . . 25 1.8.2 Thenecessityofauthenticationinpublic-keysystems . . . . . . . 27 1.8.3 Digitalsignaturesfromreversiblepublic-keyencryption. . . . . . 28 1.8.4 Symmetric-keyvs.public-keycryptography . . . . . . . . . . . . 31 1.9 Hashfunctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 1.10 Protocolsandmechanisms. . . . . . . . . . . . . . . . . . . . . . . . . 33 1.11 Keyestablishment,management,andcertification. . . . . . . . . . . . . 35 1.11.1 Keymanagementthroughsymmetric-keytechniques . . . . . . . 36 1.11.2 Keymanagementthroughpublic-keytechniques. . . . . . . . . . 37 1.11.3 Trustedthirdpartiesandpublic-keycertificates . . . . . . . . . . 39 1.12 Pseudorandomnumbersandsequences . . . . . . . . . . . . . . . . . . 39 1.13 Classesofattacksandsecuritymodels . . . . . . . . . . . . . . . . . . 41 1.13.1 Attacksonencryptionschemes . . . . . . . . . . . . . . . . . . 41 1.13.2 Attacksonprotocols . . . . . . . . . . . . . . . . . . . . . . . . 42 1.13.3 Modelsforevaluatingsecurity . . . . . . . . . . . . . . . . . . . 42 1.13.4 Perspectiveforcomputationalsecurity . . . . . . . . . . . . . . . 44 1.14 Notesandfurtherreferences . . . . . . . . . . . . . . . . . . . . . . . . 45 v vi TableofContents 2 MathematicalBackground 49 2.1 Probabilitytheory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 2.1.1 Basicdefinitions . . . . . . . . . . . . . . . . . . . . . . . . . . 50 2.1.2 Conditionalprobability . . . . . . . . . . . . . . . . . . . . . . 51 2.1.3 Randomvariables . . . . . . . . . . . . . . . . . . . . . . . . . 51 2.1.4 Binomialdistribution . . . . . . . . . . . . . . . . . . . . . . . 52 2.1.5 Birthdayproblems . . . . . . . . . . . . . . . . . . . . . . . . . 53 2.1.6 Randommappings . . . . . . . . . . . . . . . . . . . . . . . . . 54 2.2 Informationtheory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 2.2.1 Entropy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 2.2.2 Mutualinformation . . . . . . . . . . . . . . . . . . . . . . . . 57 2.3 Complexitytheory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 2.3.1 Basicdefinitions . . . . . . . . . . . . . . . . . . . . . . . . . . 57 2.3.2 Asymptoticnotation . . . . . . . . . . . . . . . . . . . . . . . . 58 2.3.3 Complexityclasses. . . . . . . . . . . . . . . . . . . . . . . . . 59 2.3.4 Randomizedalgorithms . . . . . . . . . . . . . . . . . . . . . . 62 2.4 Numbertheory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 2.4.1 Theintegers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 2.4.2 AlgorithmsinZ . . . . . . . . . . . . . . . . . . . . . . . . . . 66 2.4.3 Theintegersmodulon . . . . . . . . . . . . . . . . . . . . . . . 67 2.4.4 AlgorithmsinZn . . . . . . . . . . . . . . . . . . . . . . . . . 71 2.4.5 TheLegendreandJacobisymbols . . . . . . . . . . . . . . . . . 72 2.4.6 Blumintegers . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 2.5 Abstractalgebra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 2.5.1 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 2.5.2 Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 2.5.3 Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 2.5.4 Polynomialrings . . . . . . . . . . . . . . . . . . . . . . . . . . 78 2.5.5 Vectorspaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 2.6 Finitefields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 2.6.1 Basicproperties . . . . . . . . . . . . . . . . . . . . . . . . . . 80 2.6.2 TheEuclideanalgorithmforpolynomials . . . . . . . . . . . . . 81 2.6.3 Arithmeticofpolynomials . . . . . . . . . . . . . . . . . . . . . 83 2.7 Notesandfurtherreferences . . . . . . . . . . . . . . . . . . . . . . . . 85 3 Number-TheoreticReferenceProblems 87 3.1 Introductionandoverview. . . . . . . . . . . . . . . . . . . . . . . . . 87 3.2 Theintegerfactorizationproblem . . . . . . . . . . . . . . . . . . . . . 89 3.2.1 Trialdivision . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 3.2.2 Pollard’srhofactoringalgorithm . . . . . . . . . . . . . . . . . . 91 3.2.3 Pollard’sp−1factoringalgorithm . . . . . . . . . . . . . . . . 92 3.2.4 Ellipticcurvefactoring. . . . . . . . . . . . . . . . . . . . . . . 94 3.2.5 Randomsquarefactoringmethods . . . . . . . . . . . . . . . . . 94 3.2.6 Quadraticsievefactoring. . . . . . . . . . . . . . . . . . . . . . 95 3.2.7 Numberfieldsievefactoring . . . . . . . . . . . . . . . . . . . . 98 3.3 TheRSAproblem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 3.4 Thequadraticresiduosityproblem. . . . . . . . . . . . . . . . . . . . . 99 3.5 ComputingsquarerootsinZn . . . . . . . . . . . . . . . . . . . . . . . 99 3.5.1 Case(i): nprime. . . . . . . . . . . . . . . . . . . . . . . . . . 100 3.5.2 Case(ii): ncomposite . . . . . . . . . . . . . . . . . . . . . . . 101 TableofContents vii 3.6 Thediscretelogarithmproblem . . . . . . . . . . . . . . . . . . . . . . 103 3.6.1 Exhaustivesearch . . . . . . . . . . . . . . . . . . . . . . . . . 104 3.6.2 Baby-stepgiant-stepalgorithm. . . . . . . . . . . . . . . . . . . 104 3.6.3 Pollard’srhoalgorithmforlogarithms . . . . . . . . . . . . . . . 106 3.6.4 Pohlig-Hellmanalgorithm . . . . . . . . . . . . . . . . . . . . . 107 3.6.5 Index-calculusalgorithm . . . . . . . . . . . . . . . . . . . . . . 109 3.6.6 DiscretelogarithmprobleminsubgroupsofZ∗p . . . . . . . . . . 113 3.7 TheDiffie-Hellmanproblem . . . . . . . . . . . . . . . . . . . . . . . 113 3.8 Compositemoduli . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 3.9 Computingindividualbits . . . . . . . . . . . . . . . . . . . . . . . . . 114 3.9.1 ThediscretelogarithmprobleminZ∗ —individualbits . . . . . . 116 p 3.9.2 TheRSAproblem—individualbits . . . . . . . . . . . . . . . . 116 3.9.3 TheRabinproblem—individualbits . . . . . . . . . . . . . . . 117 3.10 Thesubsetsumproblem . . . . . . . . . . . . . . . . . . . . . . . . . . 117 3.10.1 TheL3-latticebasisreductionalgorithm . . . . . . . . . . . . . . 118 3.10.2 Solvingsubsetsumproblemsoflowdensity . . . . . . . . . . . . 120 3.10.3 Simultaneousdiophantineapproximation . . . . . . . . . . . . . 121 3.11 Factoringpolynomialsoverfinitefields . . . . . . . . . . . . . . . . . . 122 3.11.1 Square-freefactorization . . . . . . . . . . . . . . . . . . . . . . 123 3.11.2 Berlekamp’sQ-matrixalgorithm. . . . . . . . . . . . . . . . . . 124 3.12 Notesandfurtherreferences . . . . . . . . . . . . . . . . . . . . . . . . 125 4 Public-KeyParameters 133 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 4.1.1 Approachestogeneratinglargeprimenumbers . . . . . . . . . . 134 4.1.2 Distributionofprimenumbers . . . . . . . . . . . . . . . . . . . 134 4.2 Probabilisticprimalitytests . . . . . . . . . . . . . . . . . . . . . . . . 135 4.2.1 Fermat’stest . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 4.2.2 Solovay-Strassentest . . . . . . . . . . . . . . . . . . . . . . . 137 4.2.3 Miller-Rabintest . . . . . . . . . . . . . . . . . . . . . . . . . . 138 4.2.4 Comparison: Fermat,Solovay-Strassen,andMiller-Rabin . . . . . 140 4.3 (True)Primalitytests . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 4.3.1 TestingMersennenumbers. . . . . . . . . . . . . . . . . . . . . 142 4.3.2 Primalitytestingusingthefactorizationofn−1 . . . . . . . . . 143 4.3.3 Jacobisumtest . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 4.3.4 Testsusingellipticcurves . . . . . . . . . . . . . . . . . . . . . 145 4.4 Primenumbergeneration . . . . . . . . . . . . . . . . . . . . . . . . . 145 4.4.1 Randomsearchforprobableprimes . . . . . . . . . . . . . . . . 145 4.4.2 Strongprimes . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 4.4.3 NISTmethodforgeneratingDSAprimes . . . . . . . . . . . . . 150 4.4.4 Constructivetechniquesforprovableprimes . . . . . . . . . . . . 152 4.5 IrreduciblepolynomialsoverZp . . . . . . . . . . . . . . . . . . . . . . 154 4.5.1 Irreduciblepolynomials . . . . . . . . . . . . . . . . . . . . . . 154 4.5.2 Irreducibletrinomials . . . . . . . . . . . . . . . . . . . . . . . 157 4.5.3 Primitivepolynomials . . . . . . . . . . . . . . . . . . . . . . . 157 4.6 Generatorsandelementsofhighorder . . . . . . . . . . . . . . . . . . 160 4.6.1 SelectingaprimepandgeneratorofZ∗ . . . . . . . . . . . . . . 164 p 4.7 Notesandfurtherreferences . . . . . . . . . . . . . . . . . . . . . . . . 165

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.