ୈ̎ষɹϓϩτίϧ ೥ɹ݄೔
ϓϩϑΣογϣφϧ44-5-4ྠಡձ Shuya OSAKI (@4huya)
 Keio University 



3FDPSEϓϩτίϧ ֊૚Խ͞Εͨ5-4ϓϩτίϧ 2 ɾ5-4
3FDPSEϓϩτίϧɹɹɹ
Š

҉߸ԽͷॲཧΛ୲͏
ɾ5-4
)BOETIBLFϓϩτίϧ



Š

҉߸ԽҎ֎ͷॲཧΛ୲͏ɾ̐ͭʹࡉ෼Խ͞ΕΔ )551 5-4
3FDPSEϓϩτίϧ )BOETIBLF
 ϓϩτίϧ $IBOHF
$JQIFS
4QFD
 ϓϩτίϧ "MFSU
 ϓϩτίϧ "QQMJDBUJPO
%BUB
 ϓϩτίϧ 5-4
)BOETIBLFϓϩτίϧ 5-4ϓϩτίϧ 



3FDPSEϓϩτίϧ 3 https://hpbn.co/transport-layer-security-tls/ 3FDPSEϓϩτίϧͷ໾ׂ ɾ ϝοηʔδͷసૹ
‣ Ϩίʔυ௕ʹ߹Θͤͯϑϥάϝϯτʹͨ͠Γɺෳ਺ͷόοϑΝΛ୯ҰϨίʔυʹ·ͱΊΔ
ɾ ҉߸Խ͓Αͼ׬શੑͷݕূ
‣ ωΰγΤʔγϣϯͨ͠ύϥϝʔλʹج͍ͮͨɺϨίʔυ૚ʹΑΔ҉߸Խɾ׬શੑͷݕূ
ɾ ѹॖ
‣ ඇਪ঑ɻ$*3*.&߈ܸ ηογϣϯϋΠδϟοΫ ΍ɺѹॖ͞Εͨίϯςϯπ ը૾౳ ͷ࠶ѹॖ͕ى͖Δɻ
ɾ ֦ுੑ
‣ 3FDPSEϓϩτίϧ͸σʔλసૹͱ҉߸ॲཧΛ୲͏ɻଞͷػೳ͸αϒϓϩτίϧͰ֦ு͢Δɻ 5-4
3FDPSEͷߏ଄ 



)BOETIBLFϓϩτίϧ 4 )BOETIBLFϓϩτίϧͷ໾ׂ ɾ 5-4
)BOETIBLFϓϩτίϧͷ̍ͭ
5-4
)BOETIBLF

)BOETIBLF
ɾ ڞ༗伴Λੜ੒͠ɺূ໌ॻͷަ׵Λߦ͏
‣ ڞ༗伴ͷੜ੒ɹŠɹ҉߸௨৴Λߦ͏ͨΊ
‣ ূ໌ॻͷަ׵ɹŠɹ૬खΛೝূ͢ΔͨΊ
ɾ )BOETIBLFͷҰൠతͳྲྀΕ
ᶃ
αʔόೝূΛ൐͏ϑϧϋϯυγΣΠΫ
ᶄ
ηογϣϯΛ࠶։͢Δ৔߹ͷɺҰ෦ϝοηʔδΛলུͨ͠ϋϯυγΣΠΫ
ᶅ
ΫϥΠΞϯτͱαʔόͷೝূΛ൐͏ϋϯυγΣΠΫ )BOETIBLFϓϩτίϧ NTH@UZQF MFOHUI )BOETIBLF
 σʔλ όΠτ NTH@UZQF )BOETIBLFσʔλ Y )FMMP3FRVFTU Y $MJFOU)FMMP Y 4FSWFS)FMMP YC $FSUJpDBUF YD 4FSWFS,FZ&YDIBOHF YE $FSUJpDBUF3FRVFTU YF 4FSFWFS)FMMP%POF YG $FSUJpDBUF7FSJGZ Y $MJFOU,FZ&YDIBOHF Y 'JOJTIFE 



ϑϧϋϯυγΣΠΫ 5 5-4ηογϣϯͷཱ֬ 2.2 Handshake Ϋϥ Π Ξϯ τ αʔό  $MJFOU)FMMP 4FSWFS)FMMP $FSUJpDBUF 4FSWFS)FMMP%POF $MJFOU,FZ&YDIBOHF <$IBOHF$JQIFS4QFD> 'JOJTIFE 4FSWFS,FZ&YDIBOHF        <$IBOHF$JQIFS4QFD> 'JOJTIFE   p.27ΑΓ αʔόೝূΛ൐͏ϑϧϋϯυγΣΠΫ 5$1ϋϯυγΣΠΫ
 Š
#FGPSF
Š
 ⁞
ΫϥΠΞϯτ͕৽نͷϋϯυγΣΠΫ
 ɹ
Λ։࢝ɺฏจͰಈ࡞࢓༷Λૹ৴
 
ಈ࡞࢓༷ʹैͬͯ҉߸Խʹඞཁͳ
 ɹ
ύϥϝʔλΛϨεϙϯε͢Δ
⁣
҉߸Խʹඞཁͳ৚͕݅߹ҙ͞ΕͨΒ




ηογϣϯʹඞཁͳڞ௨伴Λੜ੒͢Δ
 ⁦
҉߸௨৴ʹ੾Γସ͑."$Λૹ৴͢Δ
 Š
"GUFS
Š
 ΞϓϦέʔγϣϯσʔλͷૹड৴ 355 



ϑϧϋϯυγΣΠΫ 6 $MJFOU)FMMP ɾ৽نͷϋϯυγΣΠΫͰ࠷ॳʹૹ৴͞ΕΔϝοηʔδ
ɾΫϥΠΞϯτ͸͜ΕͰಈ࡞࢓༷Λαʔόʹ఻͑Δ 28 ୈ2ষ ϓϩτίϧ Լهʹ ClientHello ͷϝοηʔδྫΛࣔ͠·͢ɻݟ΍͍͢Α͏ʹ༨෼ͳ৘ใ͸औΓআ͍ͯ ͋Γ·͕͢ɺॏཁͳϙΠϯτ͸͢΂ؚͯ·Ε͍ͯ·͢ɻ Handshake protocol: ClientHello Version: TLS 1.2 Random Client time: May 22, 2030 02:43:46 GMT Random bytes: b76b0e61829557eb4c611adfd2d36eb232dc1332fe29802e321ee871 Session ID: (ۭ) Cipher Suites Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite: TLS_RSA_WITH_RC4_128_SHA Compression methods Method: null Extensions Extension: server_name Hostname: www.feistyduck.com Extension: renegotiation_info Extension: elliptic_curves Named curve: secp256r1 Named curve: secp384r1 Extension: signature_algorithms Algorithm: sha1/rsa Algorithm: sha256/rsa Algorithm: sha1/ecdsa Algorithm: sha256/ecdsa p.28ΑΓ w 7FSTJPO
‣ αϙʔτ͢Δ5-4ͷόʔδϣϯ
w 3BOEPN
‣ ϋϯυγΣΠΫΛҰҙʹ͢Δཚ਺
w 4FTTJPO
*%
‣ ࠷ॳͷ઀ଓͰ͸৽ن઀ଓΛۭࣔ͢
w $JQIFS
4VJUF
‣ ରԠՄೳͳ҉߸εΠʔτ
w $PNQSFTTJPO
NFUIPET
‣ ѹॖํࣜͷࢦఆɺઈରOVMM
w &YUFOTJPOT
‣ ֦ு৘ใͷεϖʔε ClientHello
 ϝοηʔδྫ 



ϑϧϋϯυγΣΠΫ 7 4FSWFS)FMMP ɾαʔό͕઀ଓͰ࢖͏ύϥϝʔλΛΫϥΠΞϯτʹฦ౴͢Δɻ
ɾߏ଄͸$MJFOU)FMMPͱಉ͡ɺ஋͸αʔό͕ΫϥΠΞϯτʹఏҊ͢Δ΋ͷ͕ೖΔɻ $FSUJpDBUF ɾαʔό͔ΒΫϥΠΞϯτ΁9ূ໌ॻνΣʔϯΛҾ͖౉͢ɻ
ɾূ໌ॻνΣʔϯʹ͸αʔόͷূ໌ॻ͔Βূ໌ॻʹॺ໊͢Δೝূہͷূ໌ॻ͕࿈ͳΔɻ 4FSWFS,FZ&YDIBOHF ɾ伴ަ׵ʹඞཁͳ෇ՃతͳσʔλΛૹΔɻ$FUJpDBUFͷิ଍ɻ 4FSWFS)FMMP%POF ɾ4FSWFS)FMMP͔ΒͷҰ࿈ͷϝοηʔδͷऴΘΓΛࣔ͢ɻ 



ϑϧϋϯυγΣΠΫ 8 $MJFOU,FZ&YDIBOHF ɾ伴ަ׵ʹඞཁͳ৘ใΛΫϥΠΞϯτ͔Βૹ৴
ɾ&Y
ϓϨϚελʔγʔΫϨοτ 34" ɺ%J⒏F)FMMNBOެ։஋ %)伴ަ׵ $IBOHF$JQIFS4QFD ɾ)BOETIBLFϝοηʔδͰ͸ͳ͘ɺ5-4
)BOETIBLFͷαϒϓϩτίϧ
ɾ)BOETIBLFϓϩτίϧͰܾఆͨ͠ಈ࡞࢓༷ΛΫϥΠΞϯτʹ௨஌ 'JOJTIFE ɾϋϯυγΣΠΫͷ׬ྃΛࣔ͠ɺ҉߸Խ͞ΕͨϝοηʔδͰ͋Δ
ɾWFSJGZ@EBUBϑΟʔϧυͰμΠδΣετΛͱΓɺվ͟ΜΛ೉͘͢͠Δ 



ΫϥΠΞϯτೝূ 9 ૬ޓೝূΛߦ͏ p.32ΑΓ ΫϥΠΞϯτೝূͷ৔߹ͷϑϧϋϯυγΣΠΫ 355 ͠ɺࣗ਎ͷ Certificate ϝοηʔδΛૹΓʢ͜ͷͱ͖ͷϑΥʔϚοτ͸αʔ ૹΔͷʹ࢖͏ Certificate ϝοηʔδͱಉ͡Ͱ͢ʣ ɺରԠ͢ΔൿີݤΛ࣋ͬ CertificateVerify ϝοηʔδΛ࢖ͬͯূ໌͠·͢ʢਤ2.3ʣ ɻ Ϋϥ Π Ξϯ τ αʔό  $MJFOU)FMMP 4FSWFS)FMMP $FSUJpDBUF 4FSWFS)FMMP%POF $MJFOU,FZ&YDIBOHF <$IBOHF$JQIFS4QFD> $FSUJpDBUF 4FSWFS,FZ&YDIBOHF      <$IBOHF$JQIFS4QFD> 'JOJTIFE   $FSUJpDBUF3FRVFTU   'JOJTIFE $FSUJpDBUF7FSJGZ    ɾαʔό͕ΫϥΠΞϯτʹೝূΛٻΊΔ
ɾ$FSUJpDBUF3FRVFTUϝοηʔδͰ
 ҎԼʹै͏ূ໌ॻΛཁٻ͢Δ
‣ αʔό͕ཧղͰ͖Δূ໌ॻͷλΠϓ
‣ αʔό͕ཧղͰ͖Δೝূہͷ໊લ
ɾΫϥΠΞϯτ͸$FSUJpDBUFϝοηʔδ ͰԠ౴͢Δ
ɾ$FSUJpDBUF7FSJGZϝοηʔδͰରԠ͢Δ ൿີ伴ͷॴ༗Λࣔ͢ 



ϑϧϋϯυγΣΠΫ 10 $FSUJpDBUF3FRVFTU ɾΫϥΠΞϯτʹରͯ͠ೝূͷཁٻΛߦ͏
ɾαʔό͕ର৅ͱ͢Δূ໌ॻͷެ։伴͓Αͼॺ໊ΞϧΰϦζϜͷ఻ୡʹ༻͍ΒΕΔ $FSUJpDBUF7FSJGZ ɾΫϥΠΞϯτূ໌ॻͷൿີ伴ͷอ༗Λࣔ͢ 



ηογϣϯϦβϯϓγϣϯ 11 ཱ֬ࡁΈͷηογϣϯͷ࠶։ ɾϑϧϋϯυγΣΠΫʹ͸Φʔόʔϔου͕൐͏
ɾ4FTTJPO
*%Λ༻͍ͯηογϣϯͷ࠶։ΛՄೳʹ͢Δ࢓૊Έ Session ID ϑΟʔϧυΛࢀরʣ ɻΫϥΠΞϯτͱαʔό͸ɺ׬શͳωΰγΤʔγ ཱ֬ͨ͠઀ଓ͕ऴྃͨ͋͠ͱ΋ɺ͜ͷSession ID ΛҰఆظؒ͸อ࣋͠·͢ɻ ΫϥΠΞϯτ͸ɺҎલͷηογϣϯΛ࠶։͠Α͏ͱ͢Δ৔߹ɺClientHell ద੾ͳ Session ID ΛؚΊͯૹ৴͠·͢ɻαʔό͸ɺ౰֘ͷηογϣϯΛ࠶։͢ ৔߹ɺಉ͡Session ID ΛServerHello ϝοηʔδʹؚΊͯૹΓฦ͠·͢ɻͦ͠ ͨ͠ϚελʔγʔΫϨοτΛ࢖ͬͯ৽͍͠҉߸ݤʢ҉߸Խʹ࢖͏ݤ΍MACݤͳ ҉߸௨৴΁ͱҠߦ͔ͯ͠ΒɺFinished ϝοηʔδΛૹΓ·͢ɻΫϥΠΞϯτ͸ ͕࠶։͞Εͨ͜ͱΛ֬ೝͨ͠Βɺαʔόͱಉ͜͡ͱΛ͠·͢ɻ݁Ռతʹϋϯυγ ͳΓɺωοτϫʔΫ্ͷ΍ΓऔΓ͕Ұԟ෮͚ͩͰࡁΈ·͢ʢਤ2.4ʣ ɻ Ϋϥ Π Ξϯ τ αʔό  $MJFOU)FMMP 4FSWFS)FMMP <$IBOHF$JQIFS4QFD> 'JOJTIFE      <$IBOHF$JQIFS4QFD> 'JOJTIFE $IBOHF$JQIFS4QFDϓϩ τ ίϧͷϝ ο ηʔ δ <
> p.33ΑΓ লུ͞Εͨ5-4ϋϯυγΣΠΫ ɾ αʔό͸ηογϣϯʹ4FTTJPO
*%Λ
 ׂΓ౰ͯΔ
ɾ 4FTTJPO
*%͸4FSWFS)FMMPͰૹ৴͢Δ
ɾ ηογϣϯΛ࠶։࣌͸ΫϥΠΞϯτ͕
 $MJFOU)FMMPʹҎલͷ4FTTJPO
*%Λૠೖ
ɾ ηογϣϯνέοτͱݺ͹ΕΔํ๏΋͋Δ 355 



伴ަ׵ 12 5-4Ͱ༻͍ΒΕΔ伴ަ׵ΞϧΰϦζϜ ɾ 5-4Ͱ͸ଟ͘ͷ伴ަ׵ΞϧΰϦζϜΛαϙʔτ͢Δ
ɾ Ͳͷ҉߸εΠʔτ͕࢖ΘΕΔ͔͸ωΰγΤʔγϣϯʹΑΓܾ·Δ
ओͳ伴ަ׵ΞϧΰϦζϜ
ɾ 34"
‣ σϑΝΫτελϯμʔυɻαʔόͷൿີ伴Λ༻͍ΔͨΊɺ1'4 1FSGFDU
'PSXBSE
4FDSFZ Ͱͳ͍ɻ
ɾ %)&@34"
‣ ΫϥΠΞϯτɾαʔόͷ྆ऀͰڞ௨ͷ伴Λੜ੒͢Δɻ34"ʹΑΔೝূΛซ༻͢Δɻ1'4͕͋Δɻ
ɾ &$%)&@34"ɾ&$%)&@&$%4"
‣ ପԁۂઢ҉߸ &$ ʹجͮ͘伴ަ׵ΞϧΰϦζϜɻ
‣ ֓೦తʹ͸%)&ͱಉ͡伴ಉҙΞϧΰϦζϜ͕ͩɺॲཧ͕ߴ଎ɻ 



34"伴ަ׵ 13 34"ͷ҉߸Խɾ෮߸ʹར༻Մೳͳੑ࣭Λ༻͍Δ 34"伴ަ׵ͷखॱ
‣ ΫϥΠΞϯτ͸ϓϦϚελʔγʔΫϨοτΛੜ੒ όΠτͷཚ਺
‣ ͦΕΛαʔόͷެ։伴Ͱॺ໊͠ɺ$MJFOU&YDIBOHFϝοηʔδͰૹ৴
‣ αʔό͸ϝοηʔδͷϓϦϚελʔγʔΫϨοτΛαʔόͷൿີ伴Ͱ෮߸͠ೖख
ɾ ൿີ伴͕ೖख͞ΕΔͱɺ߈ܸऀ΋ϓϦϚελʔγʔΫϨοτΛੜ੒Ͱ͖Δ໰୊
ɾ ཁ͸τϥϑΟοΫΛஷΊ͓͚ͯ͹5-4௨৴Ͱ΋伴ׂ͕ΕͨॠؒʹղಡͰ͖Δ
ɾ /4"͸աڈͷτϥϑΟοΫΛ5-4ͷ··อ؅͍ͯ͠Δͱ·͜ͱ͠΍͔ʹ͞͞΍͔ΕΔʜ
ɾ ͔ͩΒࠓͰ͸1'4 લํൿಗੑ ͕͋Δଞͷ伴ަ׵ΞϧΰϦζϜ͕ਪ঑͞ΕΔ
‣ 34"ͷΑ͏ʹ伴͕࿙Εͯ΋ɺηογϣϯͷ෮߸͕Ͱ͖ͳ͍͜ͱ 



%J⒏F)FMMNBO伴ަ׵ 14 ڞ༗͢Δ伴ΛܭࢉʹΑͬͯಋग़ ɾ %)伴ަ׵ͷखॱ
‣ লུʂ ͳΜͱͳ͔͘͠෼͔ΒΜʜ
‣ ҉߸ٕज़ೖ໳ͷQΛಡΜͰ͘Ε
%)伴ަ׵ͷ໰୊఺
ɾ %)ύϥϝʔλͷηΩϡϦςΟ
‣ ύϥϝʔλͷڧ͞ʹηογϣϯͷ҆શੑ͕ࠨӈ͞ΕΔ
ɾ %)ύϥϝʔλͷωΰγΤʔγϣϯ
‣ ωΰγΤʔγϣϯͷ݁ՌʹΑͬͯ͸ɺظ଴͢Δڧ౓ͷύϥϝʔλ͕࢖༻Ͱ͖ͳ͍
ɾ ෆे෼ͳύϥϝʔλͷڧ౓
‣ -PHKBN߈ܸʹΑΓύϥϝʔλʹ͋Δఔ౓ͷڧ౓͕ඞཁͰ͋Δ͜ͱ͕ࣔ͞Εͨ 



ପԁۂઢ%J⒏F)FMMNBO伴ަ׵ 15 ପԁۂઢ্ͷ཭ࢄର਺໰୊ ɾ %)伴ަ׵ͷखॱ
‣ লུʂ ͬͪ͜͸ϚδͰ෼͔ΒΜʜ
‣ ҉߸ٕज़ೖ໳ͷQΛಡΜͰ͘Ε
ɾ &$%)&ͷํ͕୹͍伴௕͔ͭߴ͍ηΩϡϦςΟ͕࣮ݱͰ͖Δ
‣ ύϥϝʔλͷڧ͞ʹηογϣϯͷ҆શੑ͕ࠨӈ͞ΕΔ 



ೝূ 16 ೝূͱ伴ަ׵͸Ұମ ɾ 5-4Ͱ͸ίετΛ࡟ݮ͢ΔͨΊɺೝূͱ伴ަ׵͸ҰମͰߦΘΕΔ
ɾ ೝূ͸ূ໌ॻΛར༻ͨ͠ެ։伴҉߸ํ͕ࣜҰൠ
ɾ 34"ʹΑΔ伴ަ׵
‣ ΫϥΠΞϯτ͕ϥϯμϜͳ஋ΛϓϦϚελʔγʔΫϨοτͯ͠ੜ੒
‣ ͦΕΛαʔόͷެ։伴Ͱॺ໊͠ૹ৴
ɾ %)&͓Αͼ&$%)&ʹΑΔ伴ަ׵
‣ αʔό͸ύϥϝʔλʹॺ໊Λߦ͏
‣ ΫϥΠΞϯτ͸ݕূ͞Εͨূ໌ॻ͔ΒରԠ͢Δެ։伴Λऔಘ
‣ ެ։伴Λ༻͍ͯॺ໊͞ΕͨύϥϝʔλΛݕূ͢Δ
‣ ύϥϝʔλ͸ηογϣϯ͝ͱʹҰҙ͕ͩɺಛఆͷঢ়گԼͰ߈ܸऀ͕ϥϯμϜͳ஋Λಉظͤͯ͞αʔόͷ
 ॺ໊Λ࠶ར༻͢Δ-PHKBN߈ܸ͕͋Δ 



҉߸Խ 17 ଟ਺ͷ҉߸ΞϧΰϦζϜΛαϙʔτ͢Δ5-4 ɾ 5-4Ͱ͸༷ʑͳΞϧΰϦζϜΛ༻͍ͯɺΞϓϦέʔγϣϯσʔλΛ҉߸ԽͰ͖Δ
‣ ݱࡏɺ࠷΋Ұൠతͳͷ͸"&4 3JKOEBFM
ɾ 5-4Ͱར༻Ͱ͖Δ҉߸Խ͸छྨʹ෼ྨͰ͖Δ
‣ ετϦʔϜ҉߸Խํࣜ
‣ ϒϩοΫ҉߸Խํࣜ
‣ "&"% ೝূ෇͖҉߸ 



ετϦʔϜ҉߸Խํࣜ 18 ҉߸Խ͸ஈ֊ͰߦΘΕΔ ɾ Ϩίʔυͷγʔέϯε൪߸ɾ3FDPSEϔομɾฏจσʔλͷ݁߹ͷ."$ΛͱΔ
‣ ."$ͷܭࢉʹ3FDPSEϔομؚ͕·Ε͍ͯΔͨΊɺσʔλ͕վ͟Μ͞Ε͍ͯͳ͍͜ͱΛࣔͤΔ
‣ ."$ͷܭࢉʹγʔέϯε൪߸ؚ͕·Ε͍ͯΔͨΊɺਖ਼͍͠ύέοτ ϦϓϨΠ߈ܸͰͳ͍ Ͱ͋Δ
ɾ ."$ͱฏจσʔλͱΛ҉߸Խ͢Δ 2.5 ҉߸Խ 41 ҉߸จ ೝূ ."$ ҉߸Խ ϔο μ γʔέϯε൪߸ ϔο μ ฏจ ฏจ ετϦʔϜ҉߸Խํࣜ p.41ΑΓ 



ϒϩοΫ҉߸Խํࣜ 19 42 ୈ2ষ ϓϩτίϧ ฏจ ೝূ ."$ ҉߸Խ ϔο μ γʔέϯε൪߸ ϔο μ ฏจ ฏจ ύσ Ο ϯ ά *7 ਤ 2.6 ϒϩοΫ҉߸Խํࣜ NOTE CBC ϞʔυɺύσΟϯάɺ͓ΑͼIV ʹ͍ͭͯ͸1.4.1 અΛࢀর͍ͯͩ͘͠͞ɻ ϒϩοΫ҉߸Խํࣜ ҉߸ԽલͷϒϩοΫ௕ ͷ੔਺ഒʹͳΔΑ͏ʹ ҉߸ԽϒϩοΫͱ
 ಉ͡௕͞ $#$ϞʔυͰ҉߸Խ ͞Ε*7ͱόΠϯυ ɾ ͜ͷաఔ͸."$UIFOFODSZQUͱݺ͹ΕΔ
‣ ."$ͷಋग़ʹύσΟϯάΛؚΊͯͳ͍ͨΊɺύσΟϯάΦϥΫϧ߈ܸͷةݥੑ
ɾ &ODSZQUUIFO."$ͱݺ͹ΕΔ5-4֦ுͷొ৔
‣ ฏจσʔλͱύσΟϯάΛ࠷ॳʹ҉߸Խ͢ΔͷͰೳಈత߈ܸ͕೉͍͠ p.42ΑΓ ❶ ❷ ❸ ҉߸จ 



ϒϩοΫ҉߸Խํࣜ 20 "&"% ೝূ෇͖҉߸ ɾ ҉߸Խͱಉ࣌ʹೝূ΋ߦ͏
ɾ ҉߸จࣗମʹೝূจؚ͕·ΕΔ
ɾ φϯεͱݺ͹ΕΔҰҙͷཚ਺Λ҉߸จͱͱ΋ʹૹΔ p.43ΑΓ Ճతͳσʔλͱͯ͠ɺγʔέϯε൪߸ͱRecord ϔομ΋҉߸ԽΞϧΰϦζϜʹ౉͢ 3. φϯεͱ҉߸จΛҰॹʹૹΔ ҉߸Խ ϔο μ γʔέϯε൪߸ ϔο μ ฏจ φϯε ҉߸จ ೝূ ਤ 2.7 AEADʢೝূ෇͖҉߸ʣ AEAD ͸MAC-then-Encrypt ʹ·ͭΘΔ໰୊ΛճආͰ͖ΔͷͰɺݱࡏͷͱ͜Ζ TLS Ͱར༻Ͱ ͖Δ࠷ྑͷ҉߸Խར༻Ϟʔυͩͱ͍͑·͢ɻݱࡏͷ TLS Ͱ͸ɺೝূํࣜͷબ୒ࢶͱͯ͠ GCM 



࠶ωΰγΤʔγϣϯ 21 ৽͍͠઀ଓͱͯ͠ϋϯυγΣΠΫΛ΍Γ௚͢ ɾ 5-4Ͱ͸ഇࢭ͞ΕΔ༧ఆɻ
ɾ ηΩϡΞ͡Όͳ͍ɺ੬ऑੑΛ๊͑Δ
ɾ ΫϥΠΞϯτ͸$MJFOU)FMMPɺαʔό͸)FMMP3FRVFTU͕࠶ωΰγΤʔγϣϯͷ߹ਤ
࠶ωΰγΤʔγϣϯͷར༻ྫ
ɾ ΫϥΠΞϯτূ໌ॻ
‣ 8FCαΠτͷτοϓ͸ೝূͳ͠ɺ͔ͦ͜Βূ໌ॻ͕ඞཁͳϖʔδʹ༠ಋ͢Δ ͜͜Ͱ࠶ωΰγΤʔγϣϯ
ɾ ৘ใͷӅṭ
‣ ஈ֊ͰΫϥΠΞϯτূ໌ॻΛ༗ޮʹ͢Δ͜ͱͰɺճ໨ͷϋϯυγΣΠΫΛӅͤΔ
ɾ ҉߸ڧ౓ͷมߋ
‣ ճ໨ͱճ໨Ͱ҉߸ڧ౓Λมߋ͢Δ ෛՙରࡦ 



"QQMJDBUJPO
%BUB
"MFSU
઀ଓΛด͡Δ 22 "QQMJDBUJPO
%BUBϓϩτίϧ ɾΞϓϦέʔγϣϯͷσʔλΛӡͿ
ɾ5-4ʹ͓͍ͯ͸୯ͳΔσʔλͷόοϑΝ "MFSUϓϩτίϧ ɾ௨৴தʹྫ֎͕ൃੜͨ࣌͠ͷ௨஌ͷػߏ
ɾ"MFSU͸ͭͷϑΟʔϧυͰදݱ͞ΕΔ
‣ "MFSU-FWFM












Š

XBSOJOH·ͨ͸GBUBM ଈ࣌ःஅ
‣ "MFSU%FTDSJQUJPO

Š

Ξϥʔτͷ಺༰Λࣔ͢ ઀ଓΛด͡Δ ɾDMPTF@OPUJGZΞϥʔτͰ஌ΒͤΔɺ͜ΕΛड͚औͬͨΒૹΓฦ͢
ɾγϟοτμ΢ϯͷϓϩτίϧΛ༻ҙ͢Δ͜ͱͰڧ੍੾அ߈ܸʹඋ͑Δ 



ٖࣅཚ਺ੜ੒ث 23 ೚ҙͷ௕͞ͷٖࣅཚ਺ͷੜ੒ ɾ 5-4Ͱ͸೚ҙͷ௕͞ͷٖࣅཚ਺Λੜ੒͢ΔͨΊʹ13' ٖࣅཚ਺ੜ੒ث Λ༻͍Δ
ɾ 13'͸Ҿ਺ͱͯ͠ɺγʔΫϨοτɾγʔυɾҰҙͳϥϕϧΛͱΔ
ɾ 5-4Ҏ߱ɺ)."$ͱTIBʹجͮ͘13'ͷར༻͕ࢦఆ͞ΕΔ P_hash(Secret, seed) = HMAC_hash(secret, A(1) + 1) + HMAC_hash(secret, A(2) + 2) + HMAC_hash(secret, A(3) + 3) + A(0) = HMAC_hash(secret, seed) A(i) = HMAC_hash(secret, A(i-1)) PRF(secret, label, seed) = P_hash(secret, label + seed) 13'͸1@IBTIͷ ϥούʔ 



ϚελʔγʔΫϨοτ

伴ੜ੒ 24 ϚελʔγʔΫϨοτ ɾ ϓϦϚελγʔΫϨοτʹ13'Λט·ͤͯ࡞Δ όΠτ
ɾ 伴ަ׵ͷํ๏ʹΑͬͯϓϦϚελʔγʔΫϨοτͷ௕͕͞มΘΔ͔Β͜ͷॲཧ͕ඞཁ master_secret = PRF(pre_master_secret, “master secret”, client_random + server_random) 伴ੜ੒ ɾ 伴ૉࡐ͸ϚελʔγʔΫϨοτͱγʔυ͔Β࡞ΒΕΔ
ɾ 伴ϒϩοΫΛ෼ׂ͠ɺ."$伴ɾ҉߸伴ɾ*7Λಋग़͢Δ
ɾ ηογϣϯ࠶։࣌͸γʔυͷΈ৽نऔಘ͢Δ key_block = PRF(master_secret, “key expansion”, server_random + client_random) 



҉߸εΠʔτ 25 ҉߸εΩʔϜ΍ύϥϝʔλͷ૯শ͕҉߸εΠʔτ ɾ ҉߸εΠʔτ͸໊લ͔Βத਎͕ͳΜͱͳ͘Θ͔Δ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 伴ަ׵ ೝূ ΞϧΰϦζϜ ௕͞ Ϟʔυ ҉߸ ."$·ͨ͸13' 



֦ு 26 ػೳΛ௥Ճ͢Δ5-4֦ு ɾ ϓϩτίϧΛमਖ਼͢Δ͜ͱͳ͘ɺ5-4ʹػೳΛ௥Ճ͢Δ࢓૊Έ
ɾ 5-4֦ு͸$MJFOU)FMMP
4FSWFS)FMMPͷޙʹ഑ஔ͞ΕΔ "-1/ ɾ5-4઀ଓ্ͰΞϓϦέʔγϣϯ૚ʹҟͳΔϓϩτίϧͷ࢖༻ΛՄೳʹ͢Δ
ɾ)551ͱ41%:ͷซ༻ͷΑ͏ͳ͜ͱ͕Մೳʹɺ"-1/ͷૹ৴͸ฏจ $5 ɾύϒϦοΫ$"ʹΑͬͯαʔόূ໌ॻΛશͯه࿥͠ɺ1,*ΛΑ͘͠Α͏ͱ͍͏ࢥ૝ ପԁۂઢͷར༻Մೳੑ ɾΫϥΠΞϯτͰར༻Մೳͳପԁۂઢ҉߸ΛϋϯυγΣΠΫதʹ΍ΓऔΓ
ɾରԠ͍ͯ͠Δ҉߸ΛϦετԽɾପԁۂઢ্ͷ఺ͷѹॖΦϓγϣϯ ѹॖΠϚΠν 



֦ு 27 )FBSUCFBU ɾ 6%1ͷΑ͏ͳϓϩτίϧʹLFFQ
BMJWFػೳͷఏڙ
ɾ ਂࠁͳ੬ऑੑ )FBSUCMFFE ͕ݟ͔ͭΓ࢖ΘΕ͍ͯͳ͍ /FYU
1SPUPDPM
/FHPUJBUJPO ɾ41%:ͷͨΊʹ࡞ΒΕ͕ͨɺࠓ͸"-1/ʹҰຊԽ
ɾൿಗԽͷͨΊʹωΰγΤʔγϣϯͯ͠Δϓϩτίϧ͕ػث͔Βݟ͑ͳ͍໰୊ ҆શͳ࠶ωΰγΤʔγϣϯ ɾҎલͷ'JOJTIFEϝοηʔδͷWFSJGZ@EBUBΛૹड
'JOJTIFE͸҉߸ܦ࿏্Ͱ҆શ 4/* ɾ઀ଓ͍ͨ͠αʔόͷ໊લΛΫϥΠΞϯτ͕ࢦఆՄೳʹ͢Δ
ɾಉҰϗετͷෳ਺αΠτͰ5-4Λ؆୯ʹѻ͑Δ 



֦ு 28 ηογϣϯνέοτ ɾ ηογϣϯσʔλΛΫϥΠΞϯτଆͰ؅ཧ͢Δ࢓૊Έ
ɾ $MJFOU)FMMPͷ4FTTJPO5JDLFU಺ʹؚ·ΕΔ
ɾ ηογϣϯσʔλ͸αʔόͷൿີ伴Ͱ҉߸Խ͞ΕΔ ॺ໊ΞϧΰϦζϜ ɾΫϥΠΞϯτ͕ରԠ͍ͯ͠Δॺ໊ΞϧΰϦζϜͱϋογϡؔ਺
ɾͳ͔ͬͨΒαʔό͕ਪଌ͢Δ 0$41εςʔϓϧ ɾαʔό͔ΒΫϥΠΞϯτʹূ໌ॻͷࣦޮ৘ใΛૹ৴͢Δ
ɾೝূہʹ໰͍߹Θͤ͢Δඞཁ͕ͳ͘ͳΔ 



ϓϩτίϧͷݶք 29 ଞͷϨΠϠʔͷηΩϡϦςΟ͸Θ͔ΒΜ ɾ 5$1ͷϝλσʔλɾԼҐϨΠϠʔ͸ฏจͷ··
‣ *1TFD࢖͏ͳΓͳΜͳΓ͢Δ
ɾ ࠷ॳͷϋϯυγΣΠΫ͸ฏจͰ݁͹ΕΔ
‣ 26*$ͳੈͷதΛ࠲ͯ͠଴ͯ
ɾ ҉߸ԽҎ߱΋࿐ग़͢Δ৘ใ͸͋Δ
‣ αϒϓϩτίϧɾ֤ϝοηʔδͷ௕͞
‣ ϝοηʔδͷ௕͞ΛӅͤͳ͍ͳΒѹॖ͢Δ 



ϓϩτίϧͷόʔδϣϯʹΑΔࠩҟ 30 44- ɾ ωοτεέʔϓ͕ؤுͬͯ࡞ͬͨ࠷ޙͷ44- 5-4 ɾ ΊͰͨ͘ඪ४Խ͞Ε·ͨ͠
ɾ ."$ʹඪ४Խ͞Εͨ)."$Λ࢖༻
ɾ ඪ४Խ͞Εͨ)."$ʹΑΓ13'Λنఆ
ɾ ϚελʔγʔΫϨοτ͕13'ʹΑͬͯੜ੒
ɾ WFSJGZ@EBUB͕13'ʹΑͬͯੜ੒
ɾ ύσΟϯάͷϑΥʔϚοτ͕มߋ͞ΕηΩϡΞʹ
Š
100%-&߈ܸʜ
ɾ ҉߸εΠʔτ͔Β'035&;"͕֎ΕΔ 



ϓϩτίϧͷόʔδϣϯʹΑΔࠩҟ 31 5-4 ɾ $#$҉߸Խར༻ϞʔυͰ໌ࣔతͳ*7Λ࢖༻ɹŠ
#&"45߈ܸ
ɾ ύσΟϯϯά߈ܸʹର͢Δ๷ޚ
ɾ 5-4֦ுΛࢀর 5-4 ɾ "&"%ɾ)."$4)"ͷαϙʔτ
ɾ .%ɾTIB͕େ෯ʹ࡟আ
‣ 5-4ͰωΰγΤʔγϣϯ͞ΕͨΒ13'ͷTIB΋TIBΛ࢖͏
‣ σδλϧॺ໊ͷ.%ɾTIBͷ૊Έ߹ΘͤΛ୯Ұͷϋογϡؔ਺ʹஔ׵
ɾ ΫϥΠΞϯτ͕ϋογϡɾॺ໊ͷΞϧΰϦζϜͷر๬Λ௨஌
TJHOBUVSF@BMHPSJUIN
ɾ 'JOJTIFEϝοηʔδͷWFSJGZ@EBUBͷ௕͞Λ໌ࣔతʹࢦఆՄೳʹ 

ࢀߟ 

ࢀߟจݙ 33 ɾ
݁৓ߒ
҉߸ٕज़ೖ໳
ൿີͷࠃͷΞϦε
ιϑτόϯΫΫϦΤΠςΟϒ

ɾ
0QFO44-ͷ੬ऑੑ $7& Ͱ5-4ϓϩτίϧͷجૅΛֶͿ
ɹ
IUUQEIBUFOBOFKQKPWJ
ɾ
ෆਖ਼ΞΫηεΛ๷ࢭ͢Δ44-5-4ʢʣ
ɹ
IUUQXXXBUNBSLJUDPKQBJUBSUJDMFTOFXT@IUNM
ɾ
44-5-4ʢ44-ʙ5-4ʣͷϋϯυγΣΠΫΛ෮श͢Δ
ɹ
IUUQTRJJUBDPNOJFJUFNTGEECEB