暗号技術の基礎知識 / Cryptographic Literacy

Transcript

1. CSO / SFC [email protected] — — 2017-11-22 – p.1/40

2. ( ) SFC ( ) CSO (Chief Science Officer) 1993

   M.Eng ( ) 2006 ( ) SFC 17 P2P 2011 → ( ) — — 2017-11-22 – p.2/40

3. Bitcoin (2014-06-02) http://www.slideshare.net/kenjiurushima/20140602-bitcoin1-201406031222 — — 2017-11-22 – p.3/40

4. 1. 2. 3. — — 2017-11-22 – p.4/40

5. 1. – – ECDSA ( DSA) — — 2017-11-22 –

   p.5/40

6. (1) — — 2017-11-22 – p.6/40

7. (2) H m H(m) = H(m′) m′ (m′ = m)

   H(m) m m′ H(m) = H(m′) ( m′ = m) — — 2017-11-22 – p.7/40

8. SHA-1 https://shattered.it 2017 2 Google (CWI) — — 2017-11-22 –

   p.8/40

9. ID (+ ) TX ID (+ Merkle ) ( )

   — — 2017-11-22 – p.9/40

10. Merkle ( ) Digest = SHA-256 × SHA-256 TX —

    — 2017-11-22 – p.10/40

11. SHA-256 × SHA-256 SHA-256 × RIPEMD-160 (1 ) . .

    . scrypt ( ) Ethash (Dagger-Hashimoto ) DAG : Directed Acyclic Graph ( ) — — 2017-11-22 – p.11/40

12. — — 2017-11-22 – p.12/40

13. (RSA) RSA (RSA : Rivest, Shamir, Adleman; ) ECDSA (

    DSA : Digital Signature Algorithm) — — 2017-11-22 – p.13/40

14. : < , > : : < , , >

    : OK NG — — 2017-11-22 – p.14/40

15. ( ) ← CA — — 2017-11-22 – p.15/40

16. M A 60BTC SegWit — — 2017-11-22 – p.16/40

17. – : y2 = x3 + ax + b 3

    X A + B = D A + A + . . . = nA A B C D — — 2017-11-22 – p.17/40

18. (EC) DSA G(x, y), p, a, b nG G, p,

    a, b n (n ) k(0 ≤ k ≤ n) kG, n k → PlayStation 3 nG — — 2017-11-22 – p.18/40

19. ECDSA secp256k1 Certicom : 256 : 512 ( ) 160

    — — 2017-11-22 – p.19/40

20. ( ) [email protected] ( ) ( ) [email protected] ( )

    (SFC) — — 2017-11-22 – p.20/40

21. Base58Check 1. SHA-256 × RIPEMD-160 2. ( = 0) 3.

    SHA-256 × SHA-256 4. 4 2. ( ) 5. base58 base58 10 + 26×2 - 4 (l,I,O,0) = 58 l = , I = , O = , 0 = 58 — — 2017-11-22 – p.21/40

22. ( ) → (malleability) — — 2017-11-22 – p.22/40

23. 2. (malleability) () — — 2017-11-22 – p.23/40

24. Script (General) Output: OP_DUP OP_HASH160 OP_PUSHDATA* <Public-key digest> OP_EQUALVERIFY OP_CHECKSIG

    Input: OP_PUSHDATA* <Signature> OP_PUSHDATA* <Public key> TX output addressed to a public-key digest and referring input — — 2017-11-22 – p.24/40

25. Script Processing Concatinates scripts: input → output Stack-based processing —

    — 2017-11-22 – p.25/40

26. (malleability) ⇒ SegWit ( ) ( 2.0 ) — —

    2017-11-22 – p.26/40

27. ( ) — — 2017-11-22 – p.27/40

28. : , , 1 FinTech , 2016 https://www.boj.or.jp/announcements/release_2016/data/rel160831b5.pdf — —

    2017-11-22 – p.28/40

29. ( ) (= ) — — 2017-11-22 – p.29/40

30. 256 256 ↓ acfedf64beb9d4c1670d1d0890e3231f5effc72fc8e54c3e31035196f86ae1f0 — — 2017-11-22 – p.30/40

31. m n OK : OP_2 <A> <B> <C> OP_3 OP_CHECKMULTISIG

    : OP_DUP OP_HASH160 < > OP_EQUALVERIFY OP_EVAL : < A> < A> < C> < C> < > — — 2017-11-22 – p.31/40

32. — — 2017-11-22 – p.32/40

33. 50% 253 50% 23 OK n 2n 2 160 80

    SHA-1 (160 ) — — 2017-11-22 – p.33/40

34. · — — 2017-11-22 – p.34/40

35. — — 2017-11-22 – p.35/40

36. 3. – – — — 2017-11-22 – p.36/40

37. ( ) . . . zkSNARKs (zero knowledge Succinct Non-interactive

    ARguments of Knowledge) Zcash Ethereum — — 2017-11-22 – p.37/40

38. ( ) — — 2017-11-22 – p.38/40

39. ( ) (homomorphic) : RSA ( ) A B SA

    SB SA ∩ SB RSA — — 2017-11-22 – p.39/40

40. — — 2017-11-22 – p.40/40