Algorytmy kryptograficzne | Laboratorium 5
-
Uzupełnnij implementację kryptosystemu
DES.1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194from typing import List IP = ( 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 ) IP_INV = ( 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25 ) E = ( 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 ) P = ( 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 ) S_BOXES = ( # S1 ( (14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7), (0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8), (4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0), (15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13), ), # S2 ( (15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10), (3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5), (0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15), (13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9), ), # S3 ( (10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8), (13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1), (13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7), (1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12), ), # S4 ( (7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15), (13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9), (10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4), (3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14), ), # S5 ( (2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9), (14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6), (4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14), (11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3), ), # S6 ( (12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11), (10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8), (9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6), (4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13), ), # S7 ( (4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1), (13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6), (1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2), (6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12), ), # S8 ( (13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7), (1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2), (7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8), (2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11), ), ) PC1 = ( 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 ) SHIFT_SCHEDULE = (1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1) PC2 = ( 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 ) def int_to_bytes(x: int, length: int) -> bytes: return x.to_bytes(length, "big") def bytes_to_int(b: bytes) -> int: return int.from_bytes(b, "big") def generate_subkeys(key64: int) -> List[int]: pass def feistel(R: int, subkey48: int) -> int: pass def des_encrypt_block(block64: int, key64: int) -> int: pass def des_decrypt_block(block64: int, key64: int) -> int: pass if __name__ == "__main__": key = 0x133457799BBCDFF1 pt = 0x0123456789ABCDEF ct_expected = 0x85E813540F0AB405 ct = des_encrypt_block(pt, key) print(f"CT = {ct:016X} (oczekiwane {ct_expected:016X})") assert ct == ct_expected pt_back = des_decrypt_block(ct, key) assert pt_back == pt try: from Crypto.Cipher import DES import secrets for i in range(50): key_r = secrets.randbits(64) pt_r = secrets.randbits(64) key_rb = int_to_bytes(key_r, 8) pt_rb = int_to_bytes(pt_r, 8) ct_r = des_encrypt_block(pt_r, key_r) ct_r_lib = bytes_to_int(DES.new(key_rb, DES.MODE_ECB).encrypt(pt_rb)) assert ct_r == ct_r_lib pt_r_back = des_decrypt_block(ct_r_lib, key_r) pt_r_back_lib = bytes_to_int( DES.new(key_rb, DES.MODE_ECB).decrypt(int_to_bytes(ct_r, 8)) ) assert pt_r_back == pt_r == pt_r_back_lib print("Losowe testy OK.") except ImportError: print("Potrzebna biblioteka pycryptodome -> pip install pycryptodome.") -
Przeprowadź atak
meet-in-the-middlena2DES. Dla uproszczenia, obetniemy przestrzeń kluczy do $\{0,1,2,…,2^{24}-1\}$, a każdy klucz rozszerzymy do klucza 64-bitowego przez funkcje:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20def _set_odd_parity(key: bytes) -> bytes: b = bytearray(key) for i in range(8): v = b[i] & 0xFE parity = ((v.bit_count() & 1) ^ 1) b[i] = v | parity return bytes(b) def seed24_to_des64(seed: int) -> bytes: state = (seed | 1) ^ 0x9E3779B97F4A7C15 out = bytearray(8) for i in range(8): x = state x ^= (x >> 12) & 0xFFFFFFFFFFFFFFFF x ^= (x << 25) & 0xFFFFFFFFFFFFFFFF x ^= (x >> 27) & 0xFFFFFFFFFFFFFFFF state = (x * 0x2545F4914F6CDD1D) & 0xFFFFFFFFFFFFFFFF seven = (state >> 57) & 0x7F out[i] = seven << 1 return _set_odd_parity(bytes(out))Wyznacz klucze, których użyto do szyfrowania
2DESdla1 2Tekst jawny: 0x4D49544D61747461 Szyfrogram: 0xD4A27CCB8666688D