《Chapter 2 Public-Key Cryptograph》-公开·课件设计.pptVIP

Subsequent developments August 2004: X. Wang et al.: actual random collisions in MD4 (‘no time’), MD5 in time ? 239, etc., for any IV A. Joux: cascading of iterated L-bit and perfect M-bit hash does not result in L+M-bit hash – as commonly believed A. Joux: actual random collision for SHA-0 in time ? 251 E. Biham: cryptanalysis of SHA-1 variants October 2004, Kelsey/Schneier (based on Joux): 2nd preimage weakness in any iterated hash (improving Dean) Feb 14, 2005, X. Wang et al. (based on Wang/Joux/Biham): actual random collision for SHA-0 in time ? 239 random collision possibility for SHA-1 in time ? 269 (or 266) (advantage: 269 280 ) 2 Hash Functions 3 Digital Signatures Public-key encryption Alice publishes encryption key Anyone can send encrypted message Only Alice can decrypt messages with this key Digital signature scheme Alice publishes key for verifying signatures Anyone can check a message signed by Alice Only Alice can send signed messages Properties of signatures Functions to sign and verify Sign(Key-1, message) Verify(Key, x, m) = Resists forgery(抗伪造) Cannot compute Sign(Key-1, m) from m and Key Resists existential forgery: given Key, cannot produce Sign(Key-1, m) for any random or otherwise arbitrary m true if x = Sign(Key-1, m) false otherwise 3 Digital Signatures Creating a Digital Signature 3kJfgf*￡$ Py75c%bn This is the document created by Gianni Message or File Digital Signature Message Digest Calculate a short message digest from even a long input using a one-way message digest function (hash) Signatorys private key priv Generate Hash SHA, MD5 Asymmetric Encryption RSA This is the document created by Gianni 3kJfgf*￡$ SignedDocument (Typically 128 bits) 3 Digital Signatures Verifying a Digital Signature RSA This is the document created by Gianni 3kJfgf*￡$ SignedDocument Py75c%bn Message Digest Generate Hash Giannis public key(from certificate) Asymmetric Decryption pub DigitalSig