暗号技術のリテラシー / Cryptography Literacy

Transcript

1. SFC / CSO ks91@sfc.wide.ad.jp — — 2017-06-27 – p.1/40

2. ( ) SFC ( ) CSO (Chief Science Officer) CEO

   1993 M.Eng ( ) 2006 ( ) SFC 16 P2P 2011 → ( ) — — 2017-06-27 – p.2/40

3. Bitcoin (2014-06-02) http://www.slideshare.net/kenjiurushima/20140602-bitcoin1-201406031222 — — 2017-06-27 – p.3/40

4. 1. 2. 3. — — 2017-06-27 – p.4/40

5. 1. – – ECDSA ( DSA) Base58Check — — 2017-06-27

   – p.5/40

6. (1) — — 2017-06-27 – p.6/40

7. (2) H m H(m) = H(m′) m′ (m′ = m)

   H(m) m m′ H(m) = H(m′) ( m′ = m) — — 2017-06-27 – p.7/40

8. SHA-1 https://shattered.it 2017 2 Google (CWI) — — 2017-06-27 –

   p.8/40

9. ID (+ ) TX ID (+ Merkle ) ( )

   — — 2017-06-27 – p.9/40

10. SHA-256 × SHA-256 SHA-256 × RIPEMD-160 (1 ) scrypt (

    ) Ethash (Dagger-Hashimoto ) DAG : Directed Acyclic Graph ( ) — — 2017-06-27 – p.10/40

11. — — 2017-06-27 – p.11/40

12. (RSA) RSA (RSA : Rivest, Shamir, Adleman) ECDSA ( DSA

    : Digital Signature Algorithm) — — 2017-06-27 – p.12/40

13. : < , > : : < , , >

    : OK NG — — 2017-06-27 – p.13/40

14. ( ) ← CA — — 2017-06-27 – p.14/40

15. M A 60BTC — — 2017-06-27 – p.15/40

16. – : y2 = x3 + ax + b 3

    X A + B = D A + A + . . . = nA A B C D — — 2017-06-27 – p.16/40

17. (EC) DSA G(x, y), p, a, b nG G, p,

    a, b n (n ) k(0 ≤ k ≤ n) kG, n nG — — 2017-06-27 – p.17/40

18. ECDSA secp256k1 Certicom : 256 : 512 ( ) 160

    — — 2017-06-27 – p.18/40

19. ( ) ks91@cornell.edu ( ) ( ) t90123ks@sfc.keio.ac.jp ( )

    (SFC) — — 2017-06-27 – p.19/40

20. Base58Check 1. SHA-256 × RIPEMD-160 2. ( = 0) 3.

    SHA-256 × SHA-256 4. 4 2. ( ) 5. base58 base58 10 + 26×2 - 4 (l,I,O,0) = 58 l = , I = , O = , 0 = 58 — — 2017-06-27 – p.20/40

21. ( ) → (malleability) — — 2017-06-27 – p.21/40

22. 2. (malleability) ( ) — — 2017-06-27 – p.22/40

23. Script (General) Output: OP_DUP OP_HASH160 OP_PUSHDATA* <Public-key digest> OP_EQUALVERIFY OP_CHECKSIG

    Input: OP_PUSHDATA* <Signature> OP_PUSHDATA* <Public key> TX output addressed to a public-key digest and referring input — — 2017-06-27 – p.23/40

24. Script Processing Concatinates scripts: input → output Stack-based processing —

    — 2017-06-27 – p.24/40

25. (malleability) ⇒ SegWit . . . ( 2.0 ) —

    — 2017-06-27 – p.25/40

26. (1) — — 2017-06-27 – p.26/40

27. (2) — — 2017-06-27 – p.27/40

28. (3) — — 2017-06-27 – p.28/40

29. : , , 1 FinTech , 2016 https://www.boj.or.jp/announcements/release_2016/data/rel160831b5.pdf — —

    2017-06-27 – p.29/40

30. ( ) (= ) — — 2017-06-27 – p.30/40

31. 256 256 ↓ acfedf64beb9d4c1670d1d0890e3231f5effc72fc8e54c3e31035196f86ae1f0 — — 2017-06-27 – p.31/40

32. m n OK : OP_2 <A> <B> <C> OP_3 OP_CHECKMULTISIG

    : OP_DUP OP_HASH160 < > OP_EQUALVERIFY OP_EVAL : < A> < A> < C> < C> < > — — 2017-06-27 – p.32/40

33. — — 2017-06-27 – p.33/40

34. 50% 253 50% 23 OK n 2n 2 160 80

    SHA-1 (160 ) — — 2017-06-27 – p.34/40

35. — — 2017-06-27 – p.35/40

36. 3. – – — — 2017-06-27 – p.36/40

37. ( ) . . . — — 2017-06-27 – p.37/40

38. ( ) — — 2017-06-27 – p.38/40

39. ( ) A B SA SB SA ∩ SB —

    — 2017-06-27 – p.39/40

40. — — 2017-06-27 – p.40/40