Zaɓi Harshe

Mai Ƙirƙirar Kalmar Sirri Mai Tsaro Wanda Ya Dogara da Masu Ƙirƙirar Lambobi Na Ƙarya Na Cryptographic

Wannan takarda tana ba da shawarar mai ƙirƙirar kalmar sirri mai tsaro ta amfani da HMAC, CMAC, da KMAC-based PRNGs, an tabbatar da su ta hanyar gwajin entropy na NIST SP 800-90B da IID.
computationalcoin.com | PDF Size: 0.5 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - Mai Ƙirƙirar Kalmar Sirri Mai Tsaro Wanda Ya Dogara da Masu Ƙirƙirar Lambobi Na Ƙarya Na Cryptographic
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » Mai Ƙirƙirar Kalmar Sirri Mai Tsaro Wanda Ya Dogara da Masu Ƙirƙirar Lambobi Na Ƙarya Na Cryptographic

Table of Contents

1. Gabatarwa

Rahotanni na ci gaba da bayyana ɓoyayyun asusu na gidan yanar gizo da kalmomin sirri suna nuna mahimmancin tsaro na bayanai da kalmomin sirri. Duk da cewa raunin gidan yanar gizo wani abu ne, amma tsaron kalmar sirri da kanta shine mafi mahimmanci. Abubuwan da aka saba yi na rashin tsaro na kalmar sirri sun haɗa da kalmomin sirri da suka dogara da maɓalli, amfani da jimloli da suka shahara, haɗa bayanan sirri, da sake amfani da kalmar sirri. Haɓakar AI da manyan nau'ikan harsuna suna ƙara ƙarfafa masu kai hari su yi tsammanin kalmomin sirri da kyau.

Wannan binciken yana ba da shawarar mai ƙirƙirar kalmar sirri mai tsaro wanda ya dogara da Masu Ƙirƙirar Lambobi Na Ƙarya masu tsaro na cryptographic (PRNGs). Yana gina PRNGs ta amfani da Keyed-Hash Message Authentication Code (HMAC), Cipher-based MAC (CMAC), ko KECCAK MAC (KMAC) don ƙirƙirar lambobi masu tsaro na bazuwar, waɗanda ake amfani da su don samar da kalmomin sirri. Bazuwar da aka ƙirƙira an tabbatar da ita bisa ma'aunin NIST SP 800-90B ta hanyar gwajin entropy da gwajin Masu zaman kansu da Rarraba iri ɗaya (IID).

2. Bita na Adabi

2.1. Mai Ƙirƙirar Lambobi Na Ƙarya Wanda Ya Dogara da Linear Congruential Generator

Ana amfani da su a cikin harsuna kamar C da Java, LCGs suna ƙirƙirar jeri ta hanyar dangantakar maimaitawa: $f_i(k) \equiv a \times f_{i-1}(k) + c \ (\text{mod} \ m)$, wanda aka shuka ta $k$. Suna rashin tsaro saboda ana iya juyar da yanayin: $f_{i-1}(k) \equiv (f_i(k) - c) \times a^{-1} \ (\text{mod} \ m)$, yana fallasa iri da dukan jerin.

2.2. Masu Ƙirƙirar Lambobi Na Ƙarya Masu Tsaro

An ƙera PRNGs na cryptographic don zama maras tsinkaya, ko da an san ɓangaren fitarwa.

2.2.1. HMAC-based PRNG

Tsaro ya dogara da kaddarorin hanyar guda ɗaya na ayyukan hash (misali, SHA2, SHA3). Don maɓalli $k$ da saƙo $M$, ana ƙididdige HMAC kamar haka: $r_{hmac}(k, M) = h((k \oplus opad) \ || \ h((k \oplus ipad) \ || \ M))$. Ana amfani da yanayin ƙidaya don ƙirƙirar tubalan da yawa don fitarwa mai tsayi.

2.2.2. CMAC-based PRNG

Tsaro ya dogara ne akan Ma'aunin Rufe Rubutu na Ci gaba (AES). Yana aiki a cikin yanayin Cipher Block Chaining (CBC). Ƙarshen block ciphertext bayan sarrafa saƙon da aka cika yana aiki azaman MAC/fitarwa: $r_{cmac}(k, Split(M))$.

2.2.3. KMAC-based PRNG

Ya dogara ne akan aikin hash SHA-3 (KECCAK), KMAC yana ba da fitarwa mai tsayin canzawa kuma ana ɗaukarsa ɗan takara mai ƙarfi don cryptography bayan-quantum.

2.3. Hanyoyin Tabbatar da Bazuwar

NIST SP 800-90B yana ba da hanyoyin tantance tushen entropy. Ƙididdigar entropy tana ƙididdige rashin tsinkaya (min-entropy). Gwajin IID yana duba idan bayanan suna da 'yancin kai kuma an rarraba su iri ɗaya, wata mahimmiyar zato ga yawancin gwaje-gwajen ƙididdiga. Wucewa waɗannan yana tabbatar da ingancin tushen bazuwar.

3. Mai Ƙirƙirar Kalmar Sirri Mai Tsaro da Aka Gabatar

Tsarin tsarin ya ƙunshi: 1) Mai amfani yana ba da Saƙon Da Zai Kasance Hash (TBHM) a zaɓi. 2) PRNG na cryptographic (HMAC/CMAC/KMAC-based) yana amfani da TBHM (da maɓalli) don ƙirƙirar raƙuman raƙuman raɗaɗi mai girma. 3) Wannan raƙuman raɗaɗi ana sanya shi a kan saitin haruffa da mai amfani ya ayyana (misali, lambobi da haruffa + alamomi) na tsayin da aka ƙayyade don samar da kalmar sirri ta ƙarshe. Ana nazarin tsaro ta hanyar kwatanta sararin binciken kalmar sirri da ƙarfin maɓalli na AES-128 da AES-256.

4. Gwaje-gwaje da Sakamako

4.1. Tsarin Gwaji

An aiwatar da nau'ikan PRNG guda uku (HMAC-SHA256, CMAC-AES-128, KMAC256). An ƙirƙiri jerin manyan raƙuman raɗaɗi na bazuwar don gwaji.

4.2. Sakamakon Tabbatar da Bazuwar

Sakamako Mai Muhimmanci: Duk ginshiƙan PRNG guda uku da aka gabatar (HMAC, CMAC, KMAC) sun yi nasarar wucewa duka gwajin tabbatar da entropy da gwajin IID bisa ga NIST SP 800-90B. Wannan a zahiri yana nuna cewa lambobin da aka ƙirƙira suna da isasshen bazuwar da ingancin ƙididdiga don ƙirƙirar kalmar sirri na cryptographic.

4.3. Nazarin Aiki

An kimanta ingancin lissafi. Duk da yake duk hanyoyin suna da amfani, KMAC da HMAC na iya nuna bayanan aiki daban-daban dangane da dandamali, tare da CMAC na tushen AES sau da yawa yana da sauri akan kayan aikin tare da haɓakar AES.

5. Ƙarshe da Ayyukan Gaba

Wannan takarda ta gabatar da tsarin mai ƙirƙirar kalmar sirri mai tsaro wanda aka gina akan PRNGs na cryptographic (HMAC, CMAC, KMAC). An tabbatar da bazuwar da aka ƙirƙira ta amfani da ma'aunin NIST, yana tabbatar da dacewarsa. Ayyukan gaba sun haɗa da haɗa mai ƙirƙira zuwa ƙari na burauza ko masu sarrafa kalmomin sirri, bincika amfani da shi wajen ƙirƙirar maɓallan cryptographic fiye da kalmomin sirri, da gwada juriya ga sabbin hare-haren zato na tushen AI.

6. Nazari na Asali & Sharhin Kwararru

Fahimta ta Asali: Wannan takarda ba game da ƙirƙirar sabon cipher ba ce; maganin injiniya ne mai amfani, mai bin ƙa'idodi ga matsalar ɗan adam da ta yaɗu: ƙirƙirar kalmar sirri mai rauni. Ƙimar sa ta asali tana cikin amfani da daidaitattun kayan aikin cryptographic (HMAC, CMAC, KMAC) a matsayin PRNGs da NIST ta ba da shawarar da kuma tabbatar da fitarwa da ƙarfi—mataki da sau da yawa ake watsi da shi a cikin masu ƙirƙirar kalmar sirri na "DIY". A zamanin da AI zai iya ƙirƙira tsarin bayanan sirri (kamar yadda aka gani a cikin bincike kan zato na kalmar sirri mai ƙarfin AI kamar PassGAN), canza tushen bazuwar kalmar sirri daga kwakwalwar ɗan adam zuwa ingantattun algorithms na cryptographic shine haɓakar tsaro da ba za a iya sasantawa ba.

Kwararar Hankali: Hankali yana da inganci kuma yana bin tsarin tsarin cryptography da aka yi amfani da shi: 1) Gano rauni (kalmomin sirri masu rauni da ɗan adam ya ƙirƙira). 2) Zaɓi kayan aikin cryptographic da suka dace, waɗanda aka tantance (NIST SP 800-108 PRNGs). 3) Gina tsarin (sanya fitarwar PRNG zuwa saitin haruffa). 4) Tabbatar da babban ɓangaren (fitarwar PRNG ta hanyar NIST SP 800-90B). Wannan hanyar tayi kama da mafi kyawun ayyuka a cikin ƙirar tsarin tsaro, kama da yadda manyan ɗakunan karatu na zamani kamar `libsodium` suka fifita ingantattun kayan aiki na asali, masu tsaro na asali.

Ƙarfi & Kurakurai:
Ƙarfi: Ƙaƙƙarfan tabbatarwar NIST shine mafi ƙarfin kayan takarda, yana ba da amincin ƙwaƙƙwaran. Amfani da KMAC yayi daidai da shirye-shiryen bayan-quantum. Zaɓin shigarwar mai amfani (TBHM) fasali ne mai wayo, yana ba da damar sake ƙirƙirar kalmar sirri mai ƙayyadaddun ƙayyadaddun idan an buƙata, ba tare da lalata tsaro ba idan PRNG yana da ƙarfi.
Kurakurai: Iyakokin takarda na farko shine iyakokin sa a matsayin hujjar ra'ayi. Ba shi da nazarin aiwatar da ainihin duniya wanda ke magance ɓangarorin gefe (hare-haren lokaci yayin taswira), sarrafa maɓalli mai tsaro don PRNG, da ƙalubalen haɗin kai tare da manufofin kalmar sirri na yanzu. Bugu da ƙari, duk da yake yana kwatanta ƙarfin kalmar sirri da AES, bai yi zurfin nazarin asarar entropy yayin aikin taswirar saitin haruffa ba, wanda cikakken bayani ne mai mahimmanci ga gajerun kalmomin sirri.

Fahimta Mai Aiki: Ga masu aikin tsaro, abin da za a ɗauka a bayyane yake: Dakatar da barin masu amfani ko ayyukan bazuwar marasa ilimi su zaɓi kalmomin sirri. Aiwatar da mai ƙirƙirar kalmar sirri na baya kamar wannan don "manta kalmar sirri" sake saita ko saitin mai amfani na farko. Za a iya keɓance zaɓin takamaiman PRNG: yi amfani da CMAC-AES don sauri akan sabobin gama gari, KMAC don damuwa na dogon lokaci na quantum. Mafi mahimmanci, duk wani amfani dole ne ya haɗa da sarrafa iri/maɓalli na PRNG tare da ƙaƙƙarfan ƙa'ida kamar kowane maɓalli na cryptographic. Ya kamata a haɗa wannan aikin cikin tsare-tsare kamar OWASP's Authentication Cheat Sheet a matsayin tsari da aka ba da shawarar don ƙirƙirar kalmar sirri mai tsaro.

7. Cikakkun Bayanai na Fasaha & Tsarin Lissafi

Tsaron ya dogara ne akan ƙirar PRNG. Don HMAC:
$r_{hmac}(k, M) = h((k \oplus opad) \ || \ h((k \oplus ipad) \ || \ M))$
inda $h$ hash ne kamar SHA-256, $ipad/opad$ ƙa'idodi ne, kuma $k$ shine maɓalli. Don ƙirƙirar kalmar sirri, ana haɗa ƙidaya $i$ cikin $M_i$ don ƙirƙirar tubalan da yawa: $M_i = i || \text{Label} || 0x00 || \text{Context} || L$. Ana canza raƙuman raɗaɗi na bazuwar zuwa maƙasudin lamba don zaɓar haruffa daga saitin $C$ na girman $N$: $\text{index} = \text{random_bits} \mod N$.

8. Tsarin Nazari & Misalin Lamari

Yanayi: Sabis na yanar gizo yana buƙatar ƙirƙirar kalmar sirri mai ƙarfi haruffa 12 don sabon asusun mai amfani.
Aiwatar da Tsarin:
1. Ayyana Sigogi: Saitin haruffa $C$ = 94 haruffan ASCII masu bugawa. Tsayi $L=12$. Zaɓin PRNG: HMAC-SHA256.
2. Ƙirƙirar Bazuwar: Tattara entropy don iri $k$. Yi amfani da TBHM = "serviceX_user123". Yi amfani da PRNG na tushen HMAC a yanayin ƙidaya don samar da $\lceil log_2(94^{12}) \rceil \approx 79$ raƙuman raɗaɗi na entropy.
3. Taswira zuwa Kalmar Sirri: Yi amfani da raƙuman raɗaɗi na 79-bit don ƙirƙirar maƙasudai 12, kowanne yana zaɓar harafi daga $C$.
4. Binciken Tabbatarwa: Entropy na kalmar sirri da aka ƙirƙira yana kusan raƙuman raɗaɗi 78.5, kwatankwacin maɓalli na simmetric na ~80-bit, yana da ƙarfi sosai fiye da kowace kalmar sirri da ɗan adam ya zaɓa.
Aikin Maras Lamba: Ana iya ɗauke wannan tsari a cikin kiran API na gefen uwar garken, gaba ɗaya yana ɓoye cryptography daga mai amfani na ƙarshe.

9. Aikace-aikace na Gaba & Hanyoyi

1. Injin Tsakiya na Mai Sarrafa Kalmar Sirri: Haɗa wannan mai ƙirƙira a matsayin injin ƙirƙirar kalmar sirri na asali a cikin masu sarrafa kalmomin sirri na buɗe tushe da na kasuwanci (misali, Bitwarden, 1Password).
2. Canjin Bayan-Quantum: Ƙirƙirar tushen KMAC magani ne da aka riga aka yi don ƙirƙirar kalmar sirri da alama masu jure wa quantum, kamar yadda aikin NIST Post-Quantum Cryptography ya ba da shawarar.
3. IoT & Tsaro na Haɗe: Nau'ikan CMAC-AES masu sauƙi na iya ƙirƙirar kalmomin sirri na na'ura na musamman da maɓallan API a cikin mahalli masu ƙuntatawa.
4. Blockchain & Web3: Ƙirƙiri m, irin ɗimbin kalmomin iri na bazuwar don walat cryptocurrency ta amfani da tushen bazuwar da za a iya tantancewa.
5. Daidaituwa: Gabatar da wannan hanyar ga ƙungiyoyin ma'auni kamar IETF ko FIDO don haɗawa cikin ka'idojin tantancewa na ƙarni na gaba.

10. Nassoshi

  1. M. Bishop, "Tsaron Kwamfuta: Fasaha da Kimiyya", Addison-Wesley, 2018.
  2. NIST, "Buga na Musamman 800-63B: Jagororin Asalin Dijital", 2017.
  3. M. L. Mazurek da sauransu, "Auna Yiwuwar Kalmar Sirri don Dukan Jami'a", IEEE S&P, 2013.
  4. B. Ur da sauransu, "Yaya Kalmar Sirrinka Ta Auna? Tasirin Ma'aunin Ƙarfi akan Ƙirƙirar Kalmar Sirri", Tsaron USENIX, 2012.
  5. NIST, "Buga na Musamman 800-108: Shawarwari don Samun Maɓalli ta Amfani da Ayyukan Ƙarya na Ƙarya", Rev. 1, 2022.
  6. NIST, "Buga na Musamman 800-90B: Shawarwari don Tushen Entropy da Ake Amfani da su don Ƙirƙirar Raƙuman Raɗaɗi na Bazuwar", 2018.
  7. J. Kelsey, B. Schneier, D. Wagner, "Aikace-aikace masu Tsaro na Maɓallai Masu Ƙarancin Ƙarfi", ISW, 1997.
  8. FIPS PUB 202, "Ma'aunin SHA-3: Ayyukan Hash na Tushen Matsayin Matsayi da Fitarwa Mai Tsawaitawa", 2015.
  9. B. Hitaj da sauransu, "PassGAN: Hanyar Koyo Mai Zurfi don Zato Kalmar Sirri", Taron Bitar NeurIPS, 2017.
  10. D. J. Bernstein da sauransu, "Tasirin Tsaro na Sabon Mai Ƙirƙirar Lambobi Na Ƙarya na Cryptographic", 2020.