1

CSC 574 Section 001

Fall 2015Homework #2

Keywords: Message Digest, Hash Function, Public Key Cryptography, RSA. Name 1: __________________________Student ID 1: _______________________

Name 2: __________________________Student ID 2: _______________________

Instructions

You can do this homework in groups of two (at most).

The total number of points is 50.

You must answer all questions for full credit.

The due date is as posted on the web page (please return the answers by wolfware).

In general, you can make any reasonable assumptions in your answers. Do NOT make unnecessary assumptions.

Question 1: [Message digests and hash functions] [20 pts]1. Message digests are reasonably fast, but heres a much faster function to compute. Take your message and divide it into 128-bit chunks, then ( all the chunks together to get a 128-bit result. Do the standard message digest on the result. Is this a good message digest function?

2. Assume a good 128-bit message digest function. Assume there is a particular value, d, for the message digest and you would like to find a message that has a message digest of d. Given that there are many more 2000-bit messages that map to a particular 128-bit message digest than 1000-bit messages, would you theoretically have to test fewer 2000-bit messages to find one that has a message digest of d than if you were to test 1000-bit messages?

3. Message digest algorithms can be used to generate one-time pad streams of MD-sized blocks similar to OFBs one-time pad (Refer to lecture slides). This stream must eventually repeat since only 2MD-size blocks can be generated. Will the first blocks necessarily be the first block to be repeated?

4. Message digests can also be used for encryption/decryption by generating pads similar to CFBs pads (Refer to lecture slides). That is, for a pad block bi, plaintext block pi, and ciphertext block ci, b1=MD(KAB|IV), ci=pi+bi and bi=MD(KAB|ci-1). Can you modify this encryption approach so that instead of bi=MD(KAB|ci-1) we use bi=MD(KAB|pi-1)? How do you decrypt? Why wouldnt the modified scheme be as secure? (Hint: What would happen if the plaintext consisted of all zeroes?)

Question 2: [Ravest, Shamir, and Addleman - RSA] [20 pts]

1. Construct a table showing an example of the RSA cryptosystem with parameters p = 17, q = 19, and e = 5. The table should have two rows, one for the plaintext M and the other for the ciphertext C. The columns should correspond to integer values in the range [10; 15] for M. Hint: Write a small program or use a spreadsheet.

2. In a public-key system using RSA, you intercept the ciphertex C = 10, sent to a user whose public key is e = 5, n = 35. What is the plaintext M?

3. In a public-key system using RSA, the public key of a certain user is e = 31, n = 3599. What is the plaintext M? Hint: you may use the Unix program factor.

4. In a public-key system using RSA, the public key of a certain user with public key e; n leaks his private key d. Being lazy, he re-computes a new e and d using the same n. Is this safe? Why or why not?

5. Compute 7266 mod 100 using either the recursive or non-recursive successive squaring algorithm. Show your work.

Question 3: [10 pts]

Tatebayashi, Matsuzaki, and Newman (TMN) proposed the following protocol, which enables Alice and Bob to establish a shared symmetric key K with the help of a trusted server S. Both Alice and Bob know the servers public key Ks. Alice randomly generates a temporary secret KA, while Bob randomly generates the new key K to be shared with Alice. The protocol then proceeds as follows:

Alice ( Server Ks{KA}

Bob ( Server Ks{K}

Server ( Alice K(KA

Alice recovers key K as KA((K(KA)

To summarize, Alice sends her secret to the server encrypted with the servers public key, while Bob sends the newly generated key, also encrypted with the servers public key. The server XORs the two values together and sends the result to Alice. As a result, both Alice and Bob know K.

Suppose that evil Charlie eavesdropped on Bobs message to the server. How can he with the help of his equally evil buddy Don, extract the key K that Alice and Bob are using to protect their communications? Assume that Charlie and Don can engage in the TMN protocol with the server, but they do not know the servers private key.