【正文】 ocedure(seeSection ). Digital signatures depend on the messages yield different ,like classical message authentication codes,digital signatures can also be used to guarantee the integrity of messages. Attacks The primary goal of cryptography is to keep the plaintext secret from eavesdroppers trying to get some information about the discussed before,adversaries may also be active and try to modify the ,cryptography is expected to guarantee the integrity of the are assumed to have plete access to the munication channel. Cryptanalysis is the science of studying attacks against cryptographic attacks may,for example,recover the plaintext(or parts of the plaintext)from the ciphertext,substitute parts of the original message,or fe digital and cryptanalysis are often subsumed by the more general term cryptology. A fundamental assumption in cryptanalysis was first stated by in the nieenth is usually referred to as Kerkhoff’s states that the adversary knows all the details of the cryptosystem,including algorithms and their to this principle,the security of a cryptosystem must be entirely based on the secret keys. Attacks on the secrecy of an encryption scheme try to recover plaintexts from ciphertexts,or even more drastically,to recover the secret following survey is restricted to passive adversary,as usual we call her Eve,does not try to modify the monitors the munication channel and the end points of the she may not only intercept the ciphertext,but(at least from time to time)she may be able to observe the encryption and decryption of has no information about the example,Eve might be the operator of a bank sees ining ciphertexts and sometimes also the corresponding 山東建筑大學(xué) 畢業(yè)設(shè)計(jì) 5 she observes the outgoing plaintexts and the generated she manages to let encrypt plaintexts or decrypt ciphertexts of her own choice. The possible attacks depend on the actual resources of the adversary Eve. They are usually classified as follows: has the ability to obtain is likely to be the case in any encryption if Eve cannot perform the more sophisticated attacks described below,one must assume that she can get access to encrypted encryption method that cannot resist a ciphertextonly attack is pletely insecure. has the ability to obtain plaintextciphertext the information from these pairs,she attempts to decrypt a ciphertext for which she does not have the first glance,it might appear that such information would not ordinarily be available to an ,it very often is may be sent in standard formats which Eve knows. has the ability to obtain ciphertexts for plaintexts of her she attempts to decrypt a ciphertext for which she does not have the again this may seem unlikely,there are many cases in which Eve can do just example,she sends some interesting information to her intended victim which she is confident he will encrypt and send type of attack assumes that Eve must first obtain whatever plaintextciphertext pairs she wants and then do her analysis, without any further means that she only needs access to the encrypting device once. is the same as the previous attack,except now Eve may do some analysis on the plaintextciphertextpairs,and subsequently get more may switch between gathering pairs and performing the analysis as often as she means that she has either lengthy access to the encrypting device or can somehow make repeated use of it. adaptivelychosenciphertext two attacks are similar to the above plaintext attacks. Eve can choose ciphertexts and gets the corresponding has access to the decryption device. Cryptographic Protocols Encryption and decryption algorithms,cryptographic hash functions or pseudorandom generators(see Section ,Chapter 8)are the basic building blocks(also called cryptographic 山東建筑大學(xué) 畢業(yè)設(shè)計(jì) 6 primitives)for solving problems involving secrecy,authentication or data many cases a single building block is not sufficient to solve the given problem:different primitives must be series of steps must be executed to acplish a given a welldefined series of steps is called a cryptographic is also mon,we add another condition:we require that two or more parties are only use the term protocol if at least two people are required to plete the task. As a counter example,take a look at digital signature typical scheme for generating a digital signature first applies a cryptographic hash function h to the message m and then,in a second step,putes the signature by applying a publickey decryption algorithm to the hash value h(m).Both steps are done by one ,we do not call it a protocol. Typical examples of protocols are protocols for user are many situations where the identity of a user Alice has to be verified. Alice wants to log in to a remote puter,for example,or to get access to an account for electronic or PIN numbers are used for this method is not always example,anyone who observes Alice’ s password or PIN when transmitted might be able to impersonate sketch a simple challengeandresponse protocol which prevents this attack(however,it is not perfect。see Section ). The protocol is based on a publickey signature scheme,and we assume that Alice has a key ),( skpkk? for this ,Alice can prove her identity to Bob in the following way. randomly chooses a“ challenge” c and sends it to Alice. signs c with her secret key, ),(: cskSigns ? ,and sends the“ response” s to Bob. accepts Alice’ s proof of identity,if Verify okcspk ?),( Only Alice can return a valid signature of the challenge c,because only she knows the secret key sk . Thus, Alice proves her identity,without showing her one can observe Alice’ s secret key,not even the verifier Bob. Suppose that an eavesdropper Eve observed the exchanged ,she wants to impersonate Alice. Since Bob selects his challenge c at random(fr