Diffie-Hellman algorithm: ukuqeshwa

Kuyabonakala ukuba, bambalwa abantu namhlanje, esebenzisa iinkcukacha ngaphezu imijelo yonxibelelwano engakhuselekanga, cinga ukuba algorithm Diffie-Hellman. Enyanisweni, abaninzi baqonde ntoni kwaye kufuneka. Noko ke, abasebenzisi yeenkqubo zekhompyutha, kunjalo, ukwazi ngakumbi ukuba uqonde oku buhlungu. Ngokukodwa, kwanaleyo iqhosha Diffie-Hellman kunokuba luncedo kubasebenzisi abanomdla ngemiba yokhuseleko ulwazi zokufihlakeleyoComment.

Yintoni indlela Diffie-Hellman?

Ukuba sisondela imbambano algorithm ngokwayo, kodwa ngaphandle kokuya kwi iinkcukacha zobugcisa kunye zemathematika, sinako bakuchaza njengendlela encryption khowudi yasiwa kumbhalo kolwazi zisasazwe kwaye zifunyanwe phakathi kwabasebenzisi ezimbini okanye ngaphezulu ngekhompyutha okanye ezinye iinkqubo ezibandakanya ukutshintshiselana data kunye nokusetyenziswa isiteshi yonxibelelwano engakhuselekanga.

Njengoko kucacile, xa kungekho umjelo ukhuseleko ukuvimbela okanye ukuguqula kancinane iifayile kwi inkqubo yokudlulisela nowokwamkela, kunye umhlaseli akakwazi. Noko ke, ukwabiwa iqhosha Diffie-Hellman yokufikelela ukudlulisa nokufumana idatha efana ukuba ukubhucabhucwa iyapheliswa phantse ngokupheleleyo. Kule nkcazelo yonxibelelwano abhaliswe ijelo lonxibelelwano (ngaphandle ukhuseleko yayo) uba ikhuselekile ukuba omabini amaqela sebenzisa iqhosha efanayo.

prehistory

I algorithm Diffie-Hellman Ndaziswa ehlabathini umva ngo-1976. koqobo zawo zibe Uitfrid Diffie kunye noMartin Hellman, ngubani na kuphando yakhe iindlela data encryption ekhuselekileyo kwaye zithembeke kwaye zisekelezelwe kumsebenzi Ralph Merkle, abasungula le ebizwa ngokuba yi-isixokelelwano sabasasazi onesitshixo sakhe sikawonke.

Kodwa ukuba Merkle iphuhlise isiseko kuphela theoretical, Diffie kunye Hellman thaca kuluntu indlela yokucombulula le ngxaki.

Incazelo elula

Eneneni, uvavanyo kusekelwe kwiteknoloji ufihlo incazelo ukuba ngoku bamangaliswe iingcali ezininzi kule nkalo. efihlakeleyo anthology kuquka kakhulu imbali elide. Umongo yonke le nkqubo kukuqinisekisa ukuba kukho amaqela amabini, e-mail, okanye ezinye iinkcukacha tshintshiselwano ngoncedo lweenkqubo ze computer. Ke ukuziphendulela kwenziwa ngendlela yokuba Diffie-Hellman algorithm ngokwayo ifuna ukuba iqhosha khowudi yasiwa kumbhalo elaziwa kwi amaqela amabini (ukuthumela kunye nokufumana). Xa oku ezingabalulekanga ngokupheleleyo nguwuphi na kubo oya lungenisa inani lokuqala random (le ngongoma uya kuchaza xa ucinga iifomyula iqhosha ukubala).

Iindlela zofihlo data lamathuba ngaphambili

Ukuyenza ibonakale ncono, siphawula ukuba ndlela zakudala yeekhowudi data kukuthi, umzekelo, upelo ayikho ekhohlo ukuya ekunene, njengoko kulisiko kwizishicilelo ezininzi kunye nelungelo ekhohlo. Ngokufanayo, ungakwazi ukusebenzisa ezinye endaweni oonobumba be-alfabhethi kwingxelo. Umzekelo, ilizwi utshintsha le ncwadi yesibini eya kuqala, owesine - wesithathu njalo njalo. Uxwebhu efanayo kakhulu emehlweni ukuze ibe ezingento. Noko ke, lowo wabhala ikhowudi yemvelaphi, ngokutsho umntu ukufunda, oko ukuze kufuneka zibekwe abalinganiswa abathile. Le nto ibizwa ngokuba isitshixo.

Qaphela ukuba uninzi lwezibhalo nangoku undeciphered kunye nemibhalo ngoonobumba le Sumerians amandulo kunye amaYiputa ziyaqondwa crypto-abahlalutyi kuphela ngenxa yokuba abazi ukuba ungakwazi ukumisa ukulandelelana olufunwayo zabalinganiswa.

Kwaye kwimeko yethu - uhlobo Diffie-Hellman uthatha ukuba isitshixo khowudi yasiwa kumbhalo iyaziwa ukuba kukho inani eliqingqiweyo abasebenzisi. Noko ke, apha kuyimfuneko ukwenza isicelo, kuba nophazamiso ngokukhutshelwa data ochaziweyo olu hlobo ukuba anyhashwe ngamaqela esithathu, ukuba eliza kusombulula endaweni okanye ukutshintshwa zabalinganiswa.

Ayisafuni nakucaciswa yona into yokuba ngoku kukho cryptosystem ngokwaneleyo enamandla ngokusekelwe ubuchule ezifana AES, kodwa musa ukunika isiqinisekiso ngokupheleleyo nokhuseleko uyamxhaxha iinkcukacha zomntu wesithathu.

Kulungile, ngoku ingqalelo kwinkqubo encryption kakhulu, isicelo layo kunye neqondo lokhuselo.

Diffie-Hellman algorithm: ukuqeshwa

I algorithm wadalwa ukuze kuqinisekiswe kuphela iimfihlo data ngexesha ukudluliselwa iqela omnye komnye, kodwa ukuze nibakhwelelisele ngokukhuselekileyo yakuba ifikile. Lwaba ukuthetha, nkqubo zothumelo kufuneka aqinisekise ukhuseleko opheleleyo yonke imijelo yonxibelelwano kunokwenzeka.

Khumbula, ngethuba leMfazwe yeHlabathi yeSibini, xa ingqondo onke amazwe encedisayo ngokungeyompumelelo zandizingela kumatshini ufihlo ebizwa ngokuba "Enigma", yi ezithwala imiyalezo encoded ukuya ikhowudi worse. Ngapha koko, oku nako ukusombulula i akukho nanye cipher, nkqu indlela esithetha ngayo, "phambili" ingcali zokufihlakeleyoComment. Kuphela emva kokuba wayo ifunyenwe isitshixo ezama imiyalezo ethunyelwe weenqanawa waseJamani.

Diffie-Hellman algorithm: isishwankathelo

Ngoko ke, lo algorithm kubandakanya ukusetyenziswa nezimaphambili ezingundoqo ezimbalwa. Masithi ityala kwecacileyo, xa amaqela amabini (umsebenzisi) zikhona kwi-intanethi. We kubhekiselwe kuzo njengoko A no-B

Basebenzisa amanani X amabini kunye Y, azikho ngasese kule ijelo lonxibelelwano, ukulawula le ndlu. yonke umongo umbuzo yangempela, ukudala kwi nesiseko sayo uhlobo olutsha ixabiso eziya kuba isitshixo. Kodwa! Le wocingo wokuqala usebenzisa elikhulu inani obalaseleyo, kwaye eyesibini - kusoloko kukho inani elipheleleyo (liyohluleka), kodwa ephantsi ukuze kunesiqalo.

Ngokuqhelekileyo, abasebenzisi bayavuma ukuba la manani zigcinwa ziyimfihlo. Noko ke, ngenxa yokuba isiteshi engakhuselekanga, amanani amabini babe amaqela eyaziwayo kunye nezinye abanomdla. Kungenxa yoko le nto abantu imiyalezo efanayo banikana key secret ukungafihli myalezo.

Le fomyula esisiseko yokubala isitshixo

Kuthathwa ukuba Diffie-Hellman libhekisela inkqubo ebizwa ngokuba yi-encryption twatsa, apho kwakukho iingxelo ze-cipher yezi zinto. Noko ke, ukuba siya kuthabatha eyona miba iphambili ekubaleni amaqela ezingundoqo umkhosi, ukuba ukukhumbula ubuncinane algebra.

Ngoko ke, umzekelo, ngamnye izikhokhelo yenza amanani random a kunye b. Bayazi kwangaphambili imilinganiselo x no y, nto leyo enokubangela ukuba 'athungwe "kwi-software efunekayo.

Xa uthumela okanye ufumana umyalezo enjalo ukufumana umrhumo A computes ixabiso ezingundoqo, ukuqala ifomula ^A = x ^a y mod, ngoxa yesibini isebenzisa indibanisela B = x ^b y mod, ilandelwe yi uthumelo isitshixo uguqulwa umsebenzisi kuqala. Eli ke linyathelo lokuqala.

Ngoku masithi ukuba umntu wesithathu ochaphazelekayo unayo zayo zombini amaxabiso ebalwe ka-A no-B Noko kunjalo, ngeke angangenelela kwinkqubeko zokutshintshelwa data, kuba Inyathelo lesibini ukwazi ukubala indlela isitshixo eqhelekileyo.

Ukususela iifomyula ngasentla, uyakwazi Nohlala eqhelekileyo ukubala iqhosha. Ukuba ukhangela umzekelo Diffie-Hellman khangela ukuba into efana nale:

1) ubala isitshixo lokuqala ubulungu esekelwe kwi x yi kwifomula ^{B mod y = x ab mod} y;

2) Okwesibini, ezisekelwe phezu lokuqala Inombolo y kunye belungiselela network protocol ukhetho B, ichaza isitshixo evela parameter ^{A ekhoyo: A b mod y = x} ba y mod.

Njengoko ubona, amaxabiso yokugqibela naxa izidanga lobeko idibana. Ngenxa yoko, ukucazulula lwe data ngamacala omabini lifinyele, njengoko bathi, ukuba zifana.

Ukungakhuseleki kwi ngoncedo kwenkqubo yogqithiselo data

Njengoko unokulindela, ungenelelo iqela lesithathu yena ngaphandle. Noko ke, kule meko ke ekuqaleni ukhankanye inani-10 ^100, okanye ^10,300.

Ayisafuni nakucaciswa yona into yokuba akukho namnye namhlanje ukwenza iphasiwedi okanye ikhowudi yofikelelo umbane ukujonga inani ngokwayo akakwazi (ngaphandle ukuba iinketho sokuqala nesokugqibela kwaye sexeshana zongenelelo kwinkqubo transmission). Kwakuza kuthatha ixesha elide kangaka ukuba ubomi emhlabeni kuphela. Noko ke, nezikhewu nkqubo kukhuseleko lisekhona.

Amaninzi bahambisana onolwazi logarithm ekhethekileyo. Ukuba ulwazi ukwambula algorithm Diffie-Hellman ingaba (kodwa kuphela parameters sokuqala nesokugqibela njengoko kuchaziwe apha ngasentla). Enye into kukuba ilifa ezinjalo iiyunithi lwazi.

Usebenzisa algorithm le platform Java

Diffie-Hellman algorithm lisetyenziswa kwi Java kuphela izibheno ezifana "uhanjiselo-server '.

Ngamanye amazwi, umncedisi kusalinde koomatshini client yoQhakamshelwano. Xa kusenziwa loo uxhulumaniso, kukho ukusebenza algorithm xa ukhangela umntu onesitshixo sakhe sikawonke okanye labucala, kwaye ngoko ke umsebenzisi ukufumana zonikezo ezipheleleyo kuzo zonke imisebenzi kunye data yomncedisi ngokwayo. Ngamanye amaxesha oku kunjalo kwiinkqubo mobile, Noko ke, aba bantu bambalwa kakhulu uyazi, kokukhona ukuba inxalenye yesigqeba imisebenzi kwimo angabonakaliyo ngohlobo zeempendulo ephunyeziweyo.

Usebenzisa algorithm ngenxa iqonga C (+ / ++)

Ukuba ukhangela Diffie-Hellman kwi «C» (+ / ++), ngoko akukho kakuhle kangaka. Inyaniso kukuba maxa wambi kukho ingxaki xa inkoliso yomsebenzi ekubaleni ngokwakhe lwenkqubo ulwimi enxulumene lencopho ingongoma. Yiyo loo nto xa ucwangcisa ixabiso elipheleleyo, okanye xa uzama ngokusondeza (nokuba exponentiation), kusenokuba kukho iingxaki ngexesha yenza. Ingakumbi kumayelana umsebenzi gwenxa int.

Nangona kunjalo, kubalulekile ukunikela ingqalelo kwamanye amacandelo ephunyeziweyo leyo, njengokuba umthetho ezi iiklasi umsebenzi, lo exponentiation enye okanye ezinxulumene ilayibrari GMP attachable,.

ubuchule Modern ufihlo

Ekukholelwa ukuba Diffie-Hellman siseza ukubetha, akukho namnye unako. Enyanisweni, nguye lowo waba isiseko ukuvela kweenkqubo abanjalo wokhuseleko entsimini iinkropshini data njengoko AES128 kunye AES256.

Noko ke, njengokuba kusenziwa imiboniso, nangona ukufumaneka kwamanani kule abstract akuxhomekekanga waqonda ngumntu, uninzi zeenkqubo olu hlobo ukusetyenziswa kuphela ixabiso elinesibini yokuqala (hayi ngaphezulu), kodwa algorithm kukodwa kuthetha inani a million ngaphezulu.

endaweni yokuba UYobi

Ngokubanzi, mhlawumbi, ukuba sele icace into eyenza le nkqubo yaye yintoni amacandelo yayo algorithmic. Kuhleli kuphela ukongeza ukuba sinikezwe izinto ezinkulu ukuba ngokupheleleyo phantse mntu usebenzisa.

Kwelinye icala, nobuthathaka kwi algorithm ngokwaneleyo ngokucacileyo. Kugweba wena; enyanisweni, ubhale inkqubo ukubala logarithm obubobu, phantse nayiphi na umdali wayo ukufikelela nje kuphela lokuqala parameters ebekwe yi zomsebenzisi, kodwa isitshixo zoluntu, nto leyo iveliswe kwinkqubo encryption kubhalo.

Kwimeko elula kwanele ukwenza ufakelo okuphunyeziweyo ye Java-applet, nto leyo ke ezisetyenziswa kunxibelelwano mobile. Kakade ke, lo msebenzisi ungazi nto ngaloo nto, kodwa data zayo ziya kuba nako ukuxhaphaza nabani.